Search for: All records

Biometrics have been used increasingly heavily for identity authentication in many critical public services, such as border passes or security check points. However, traditional biometrics-based identity management systems collect and store personal biometrical data in a centralized server or database, and an individual has no control over how her biometrics will be used for what purpose. Such kind of systems can result in serious security and privacy issues for sensitive personal data. In this paper, we design a novel approach to leveraging biometrics and blockchain/smart contract to enable secure and privacy preserving identity management. The basic idea is to use blockchain to store an authority's attestation and the transformed value of an individual's biometrics. The stored data on the blockchain is then controlled by smart contracts which define various access control policies, e.g., access parties, access times, etc. The owner of the biometrical data can flexibly change the access control policies through a white list, a timer and other methods to any identity verifiers. We used the well-known Ethereum platform to implement the proposed approach and tested the effectiveness as well as the flexibility of various access control policies.