Integration of biometrics and PIN Pad on Smart Card

• Main Author: Yang, Chunlei
• Published: University of Newcastle upon Tyne 2011
• Subjects: 381.142
• Online Access: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.556028

Secure payment is the basis of electronic commerce (e-commerce). A large amount of electronic payments are made via POS (point of sale) terminals using smart cards and legitimate users are usually authenticated by PIN. The security design of POS terminals and authentication methods are increasingly becoming concerns of ebusiness. The major aims and objectives of this industrially oriented research are to investigate a new solution at system level to improve the security of current POS payment systems. The contributions of this thesis include several aspects: 1) An indepth literature survey has been undertaken. The security threats of current POS terminals and available countermeasures have been systematically investigated. The main existing problems have been identified. 2) An innovative scheme, the so-called Supercard, which integrates PIN pad, biometrics and the smartcard, has been proposed. Approaches based on this scheme can meet security challenges posed by attacks such as visual and channel PIN attacks, display attacks, and fake-machine attacks. The scheme also has advantages to prevent the cryptographic key being disclosed by channel or side channel attacks. 3) The Supercard scheme has been examined specifically to improve fingerprint biometrics security. The Capture & Match on Card scheme and corresponding authentication protocol has been designed with the advantage of preventing biometric channel attacks. Biohash is adopted to protect the biometric template. 4) Keystroke dynamics, as a behaviour biometric to strengthen PIN authentication, has been investigated under the specific conditions of a highly limited number of keystrokes. 5) The multimodal signals of PIN, fingerprint and keystroke dynamics have been studied through fuzzy-logic-based information fusion.