Abstract
Real-time online communication technology has become increasingly important in modern business applications. It allows people to easily connect with business partners over the Internet through the camera lens on digital devices. However, despite the fact that users can identify and confirm the identity of the person in front of the camera, they cannot verify the authenticity of messages between communication partners. It is because the tunnel for the video is not the same as the tunnel that delivers the messages. To protect confidential messages, it is essential to establish a secure communication channel between users. This paper proposes a biometrics-based RSA cryptosystem to secure real-time communication in business. The idea put forward is to generate a cryptographic public key based on a user’s biometric information without using Public Key Infrastructure (PKI) and establish a secured channel in a public network. In such a way, the key must be verified with the user’s biometrics online. Since the key is derived from the user’s biometrics, it is strongly user-dependent and works well to convince others of the authenticity of the owner. Additionally, the derived biometric key is self-certified with the user’s biometrics, which means the cost of certificate storage, delivery and revocation can be significantly reduced.
Highlights
In the day-to-day workings of developed economies, this decade has already witnessed an extraordinary evolution in the technology of E-Commerce
The main objective of this paper is to provide the concept of taking advantage of biometric information for authenticating and generating key agreement without using Public Key Infrastructure (PKI) to protect real-time online communication
This paper proposed a novel biometrics-based scheme for authenticated key agreement in real-time communication
Summary
In the day-to-day workings of developed economies, this decade has already witnessed an extraordinary evolution in the technology of E-Commerce. It is extremely intuitive and reasonable to use the technique of biometric recognition [26,27] to deal with authentication problems in the field of information security, especially for real-time video communication where both the communication partners are online. This approach can reduce complexity, such as that associated with a key revocation mechanism and interoperability among different certification authorities in a PKI. In this paper, without using PKI to provide the certificate to prove the correlation between a user’s identity and his/her public key, schemes for the RSA cryptosystem and fuzzy extractors are used to authenticate and generate key agreement.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have