PalmHashing: A novel approach for dual-factor authentication

Many systems require a reliable personal authentication infrastructure to recognise the identity of a claimant before granting access to him/her. Conventional secure measures include the possession of an identity card or special knowledge like password and personal identification numbers (PINs). These methods are insecure as they can be lost, forgotten and potentially be shared among a group of co-workers for a long time without change. The fact that biometric authentication is convenient and non-refutable makes it a popular approach for a personal identification system. Nevertheless, biometric methods suffer from some inherent limitations and security threats. A more practical approach is to combine two-factor or more authenticators to achieve a higher level of security. This paper proposes a novel dual-factor authenticator based on the iterated inner product between tokenised pseudorandom numbers and user-specific palmprint features. This process generates a set of user-specific compact code called PalmHash, which is highly tolerant of data offset. There is no deterministic way to get the user-specific code without having both PalmHash and the user palmprint feature. This offers strong protection against biometric fabrication. Furthermore, the proposed PalmHashing technique is able to produce zero equal error rate (EER) and yields clean separation of the genuine and imposter populations. Hence, the false acceptance rate (FAR) can be eliminated without suffering from the increased occurrence of the false rejection rate (FRR).