It is impractical to use biometric data for online authentication because there is no secure way to authenticate yourself without revealing your biometric data to third parties. Biometric security is rapidly growing because it solves many of the security issues that are prevalent in traditional identification methods, such as passwords. However, if we provide our biometrics to a company for authentication, it is hard to avoid the company using the biometrics for other purposes ,such as logging in to other accounts of yours. For example, we set our fingerprint as the password to PayPal and application “A”. “A” may use the fingerprints that are stored in their database to hack your PayPal Account. The main issue we target is avoiding companies’ unauthorized use of customers’ biometrics.
Our idea is to allow users to authenticate themselves on off-chain platforms (such as facebook) using public key cryptography, with their biometric data as inputs.
The way we accomplish this is by using blockchain to store an individual’s attestation and the hash value of their biometrics, and by integrating smart contract functionality to allow third parties to use the blockchain for authenticating the user. In this project, we propose a novel approach to combine the three authentication methods together: (1) something a person knows (e.g., passphrase); (2) something a person has (e.g., a photo ID); (3) something a person is (e.g., biometrics). To enable highly secure but privacy-preserving authentication, we decided to use blockchain and smart contract technology.