Secure mobile banking biometric authentication

Abstract

This paper presents an approach to securing mobile banking biometric authentication. The proposed system is based on secure client-server conventional XOR biometrics, which stores, transmits and verifies templates in encrypted form. Encryption keys are stored on bank's authentication servers, thus protecting the user twofold: if the phone gets stolen, both encryption keys and original templates are unavailable to an adversary. Once the user is authenticated, the communication between the client (the smartphone) and the server (bank) is encrypted. Having in mind that modern smartphones have iris scanners which operate by calculating Hamming distance and that variety of smartphones have fingerprint readers, which can, according to literature, be converted to XOR biometrics, one may conclude that the system is highly applicable and that it does not suffer from severe computational costs and drawbacks originating from cryptographic operations.