A multibiometric cryptosystem for user authentication in client-server networks

A biometric authentication scheme enables a client to log into a network system in which the safeguarding of critical data or/and controlling access are signified. A biometric-based network system verifies users who are the owners of legal biometric information. To secure such a network, we should protect all information belonging to legal individuals and preserve the privacy of tracking actions. In our previous work, we proposed a scheme with a non-repudiation property in which all individuals' information is preserved, but there were some deficiencies in the scheme related to privacy. In this paper, we extend the previous work such that the network system enables the handling of secure computation for confident authentication, as well as the protection of critical information and the preservation of legal individuals' privacy. Through various practical scenarios, we consider different attacks from the client, server, and network sides as intrusions into the privacy. We mathematically and practically prove that our scheme is safe enough to resist against different network attacks and to protect legitimate individuals' information and privacy. Finally, we demonstrate our computation and memory efficiency compared to related studies.