Recently, due to the rapid growth of the Internet with the development of computers, the need for personal authentication system at the private level which is easy to use while providing reliable security level has increased. Thus, developers came to develop algorithms and systems by focusing on the private demand of personal authentication, and many biometric authentication systems are currently commercialized and used. However, unlike other authentication methods, these biometric authentication systems have the disadvantage that they cannot be changed (keys or passwords are easy to change). Confidential authentication should be possible to change. In addition to the personal information leakage problem caused by biometric information leak, the biometric authentication technique such as fingerprint recognition cannot be changed. When their fingerprint information was leaked, all information recognized by computers can be copied and used. All the secrets entered by their fingerprint information come to nothing. Fingerprint information is no longer available, and it is highly likely to be abused. Therefore, their authentication information should be possible to change.
This study tries to propose the authentication system that can be changed by using number-based password and fingerprint biometric authentication.
3.1. Limitation of Fingerprint Recognition
In , 7 billion people of total world population are set as set P and 900,000 kinds of fingerprint reader results that can have 450,000 pixels and minutiae as hash(P).
An indicator of the limitations of fingerprint.
This operation can be regarded as a hash function because the result of operations is less than the total number of the population. The quotient of set Pdivided by hash(P) is approximately 7777; therefore, 7777 people of the world's population may have the same fingerprint reader results. So, if including the entire world population, the existing fingerprint recognition system is vulnerable to security.
Therefore, the user authentication technique using bio-based biometric key has less risk of misuse because information itself has a close relationship with the owner along with the advantages of the existing auxiliary device. It is easy to use and hardly costs for maintenance and supplements the weakness of keys or identification tags because there is no risk of losing because it is always carried by the owner. However, in addition to the problem that it has the security vulnerabilities of hash function as they are, the bio-based user authentication technique has a security vulnerability such that a user authentication key cannot be changed.
The system applying fingerprint-based number password user authentication system presented in this paper has the following security strength.
If using a four-digit password, it has 900,000 × 104, that is, 9 billion number of cases and if using a six-digit password, 900,000 × 106, that is, 900 billion number of cases so if the entire world population of 7 billion people becomes users, sufficient security stability can be provided.
By having the advantages of both biometric-based user authentication technique and password-based user authentication technique, fingerprint recognition-based number password user authentication system can achieve both security and flexibility.
3.2. Number-Fingerprint Authentication System
By attaching the number panel on fingerprint recognition device, the user authentication system that uses number password and user fingerprint as authentication keys recognizes even the fingerprint of the user when a user is entering a password, see .
Schema of number-fingerprint authentication system.
By authenticating by mapping the user's fingerprint and number password in the user authentication system, we try to provide both flexibility of number password and security of biometric authentication.