Biometric Electronic Signature Security

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 782)


This paper describes the application of biometric-based cryptographic techniques to create secure electronic signatures on contract agreements of any kind or format. The described techniques couple password and biometric authentication factors to form a Biometric Authenticated Key Exchange (BAKE) protocol. The protocol provides mutual authentication and multi-factor user authentication, and defeats phishing and man-in-the-middle attacks. The operation of BAKE establishes a secure channel of communications between two parties. This channel provides confidentiality for the user’s authentication credentials and the contract agreement the user intends to sign. By including an indication of the user’s intention to conduct an electronic transaction and the user’s acceptance of the terms of the included contract agreement, the described application complies with the Uniform Electronic Transaction Act (UETA) and Electronic Signatures in Global and National Commerce (ESIGN) Act requirements. The biometric electronic signature described in this paper is suitable for use in Cloud environments and in blockchain and Distributed Ledger Technology smart contract applications.


Authentication Biometrics Cryptography E-signature Security 


  1. 1.
    Griffin, P.H.: Adaptive weak secrets for authenticated key exchange. In: Advances in Human Factors in Cybersecurity, pp. 16–25. Springer, Switzerland (2017)Google Scholar
  2. 2.
    International Organization for Standardization/International Electrotechnical Commission: ISO/IEC 11770-4 Information technology – Security techniques – Key Management – Part 4: Mechanism based on weak secrets (2017)Google Scholar
  3. 3.
    Griffin, P.H.: Biometric knowledge extraction for multi-factor authentication and key exchange. Procedia Comput. Sci. 61, 66–71 (2015). Complex Adaptive Systems Proceedings, Elsevier B.VGoogle Scholar
  4. 4.
    International Telecommunications Union - Telecommunications Standardization Sector (ITU-T): ITU-T Recommendation X.1035: Password-authenticated key exchange (PAK) protocol (2007)Google Scholar
  5. 5.
    Hao, F., Shahandashti, S.F.: The SPEKE protocol revisited. In: Chen, L., Mitchell, C. (eds.) Security Standardisation Research: First International Conference, SSR 2014, pp. 26–38, London, UK, 16–17 December 2014. Accessed 24 Dec 2017
  6. 6.
    Griffin, P.H.: Biometric-based cybersecurity techniques. In: Advances in Human Factors in Cybersecurity, pp. 43–53. Springer, Switzerland (2016)Google Scholar
  7. 7.
    Griffin, P.H.: Secure authentication on the internet of things. In: IEEE SoutheastCon, April 2017Google Scholar
  8. 8.
    Griffin, P.H.: Security for ambient assisted living: multi-factor authentication in the Internet of Things. In: IEEE Globecom, December 2015Google Scholar
  9. 9.
    Blythe, S.E.: Digital signature law of the United Nations, European Union, United Kingdom and United States: Promotion of growth in E-commerce with enhanced security. Richmond J. Law Technol. 11(2), 6 (2005). Accessed 12 Feb 2018
  10. 10.
    Griffin, P.H.: Biometric electronic signatures. Inf. Syst. Secur. Assoc. (ISSA) J. 15(11) (2017)Google Scholar
  11. 11.
    Stern, J.E.: The electronic signatures in global and national commerce act. Berkley Technol. Law J. 391–414 (2001)Google Scholar
  12. 12.
    Griffin, P.H.: Transport layer secured password-authenticated key exchange. Inf. Syst. Secur. Assoc. (ISSA) J. 13(6) (2015)Google Scholar
  13. 13.
    Wright, B.: Eggs in baskets: distributing risks of electronic signatures. John Marshall J. Comput. Inf. Law 15(189) (1996)Google Scholar
  14. 14.
    Accredited Standards Committee (ASC) X9 Financial Services: X9.84 Biometric Information Management and SecurityGoogle Scholar
  15. 15.
    Larmouth, J.L.: ASN.1 Complete. Morgan Kaufmann, London (2000)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Griffin Information SecurityRaleighUSA

Personalised recommendations