This paper 1 presents an approach to designing secure modular authentication framework based on iris biometrics and its’ implementation into mobile banking scenario. The system consists of multiple clients and an authentication server. Client, a smartphone with accompanying application, is used to capture biometrics, manage auxiliary data and create and store encrypted cancelable templates. Bank’s authentication server manages encryption keys and provides the template verification service. Proposed system keeps biometric templates encrypted or at least cancelable during all stages of storage, transmission and verification. As templates are stored on clients in encrypted form and decryption keys reside on bank's authentication server, original plaintext templates are unavailable to an adversary if the phone gets lost or stolen. The system employs public key cryptography and pseudorandom number generator on small-sized templates, thus not suffering from severe computational costs like systems that employ homomorphic encryption. System is also general, as it does do not depend on specific cryptographic algorithms. Having in mind that modern smartphones have iris scanners or at least highquality front cameras, and that no severe computational drawbacks exist, one may conclude that the proposed authentication framework is highly applicable in mobile banking authentication.
Ključne reči: mobile banking; authentication; biometrics; iris; cryptography