Secure one-time biometrie tokens for non-repudiable multi-party transactions

Abstract

Numerous applications require users to interact with a multitude of entities in order to avail a service. In such applications, the identity of the user is typically verified through physical or digital tokens, which are prone to both identity theft (lost or stolen tokens) and repudiation claims by malicious users. The use of biometrics can provide non-repudiability by ensuring that a purchaser is the bonafide user of the service. However, in applications entailing multiple stakeholders, there may be privacy issues with sharing user's biometrics data. While this concern can be addressed by storing the user's biometric data on the token itself, strong mechanisms are required to ensure that token is both secure and tamper-proof. In this paper, we propose a single use biometric token that relies on Shamir's secret sharing algorithm and blockchain technology to ensure that the encrypted biometric template contained in the token is secure, tamper-proof, and any attempt to use the issued token is irrefutably logged to prove subsequently that the user indeed availed the service. We also analyze issues related to the system security, user privacy, and usability of the proposed solution.