| 摘要 |
A passport authentication protocol provides for encryption of sensitive data such as biometric data and transfer of the encryption key from the passport to the authentication authority to permit comparison to a reference value A cryptographic linkage is created by digitally signing identity data and biometric data of an individual. An elliptic curve cryptosystem is proposed whereby a message is divided into a primary part (M1) comprising confidential and sensitive information (biometric data), and a secondary part (M2) comprising publicly available information M1 is encrypted using a session encryption key, combined with M2 and then hashed using a secure hash function and transferred through an RFID tag along with a signature component which includes a certificate of the public key to another device (reader). A device verifies and validates the public key and computes the session encryption key to decrypt the biometric data in M1 and hence authenticate the bearer of the passport from recovered biometric sensor data. |
