An emerging approach to the problem of reducing the identity theft is represented by the adoption of biometric authentication systems. Such systems however present however several challenges, related to privacy, reliability, security of the biometric data. Inter-operability is also required among the devices used for the authentication. Moreover, very often biometric authentication in itself is not sufficient as a conclusive proof of identity and has to be complemented with multiple other proofs of identity like passwords, SSN, or other user identifiers. Multi-factor authentication mechanisms are thus required to enforce strong authentication based on the biometric and identifiers of other nature.In this paper we provide a two-phase authentication mechanism for federated identity management systems. The first phase consists of a two-factor biometric authentication based on zero knowledge proofs. We employ techniques from vector-space model to generate cryptographic biometric keys. These keys are kept secret, thus preserving the confidentiality of the biometric data, and at the same time exploit the advantages of a biometric authentication. The second authentication combines several authentication factors in conjunction with the biometric to provide a strong authentication. A key advantage of our approach is that any unanticipated combination of factors can be used. Such authentication system leverages the information of the user that are available from the federated identity management system.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Rachna Dhamija , J. D. Tygar, The battle against phishing: Dynamic Security Skins, Proceedings of the 2005 symposium on Usable privacy and security, p.77-88, July 06-08, 2005, Pittsburgh, Pennsylvania  [doi>10.1145/1073001.1073009]
	2	A. Bhargav-Spantzel, A. Squicciarini, and E. Bertino. Establishing and protecting digital identity in federation systems. Journal of Computer Security, 13(3): 269--300, 2006.
	3	Gerrit Bleumer, Biometric yet Privacy Protecting Person Authentication, Proceedings of the Second International Workshop on Information Hiding, p.99-110, April 14-17, 1998
	4	Jan Camenisch , Anna Lysyanskaya, An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.93-118, May 06-10, 2001
	5	David Chaum , Torben P. Pedersen, Wallet Databases with Observers, Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, p.89-105, August 16-20, 1992
	6	David Chaum , Hans Van Antwerpen, Undeniable Signatures, Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology, p.212-216, August 20-24, 1989
	7	C. R. Costanzo. Biometric cryptography: Key generation using feature and parametric aggregation. Online Technical Report, 2004.
	8	I. Damgård and E. Fujisaki. An integer commitment scheme based on groups with hidden order. In Advances in Cryptology -- ASIACRYPT 2002, volume 2501. Springer, 2002.
	9	G. Davida, Y. Frankel, and B. Matt. The relation of error correction and cryptography to an offine biometric based identication scheme, 1999.
	10	Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Eurocrypt 2004, 2006.
	11	Identity-Management. Liberty alliance project. http://www.projectliberty.org.
	12	Russell Impagliazzo , Sara Miner More, Anonymous credentials with biometrically-enforced non-transferability, Proceedings of the 2003 ACM workshop on Privacy in the electronic society, October 30, 2003, Washington, DC  [doi>10.1145/1005140.1005150]
	13	Internet2. Shibboleth. http://shibboleth.internet2.edu.
	14	A. Jain, S. Prabhakar, L. Hong, and S. Pankanti. Filterbank-based fingerprint matching, 2000.
	15	Ari Juels , Martin Wattenberg, A fuzzy commitment scheme, Proceedings of the 6th ACM conference on Computer and communications security, p.28-36, November 01-04, 1999, Kent Ridge Digital Labs, Singapore  [doi>10.1145/319709.319714]
	16	A. Juels and M. Wattenberg. A fuzzy vault scheme. In Proceedings of IEEE International Symposium on Information Theory, 2002., 2002.
	17	C. Mills. Biometrics: Back to security basics, rsa security, 2002.
	18	F. Monrose, M. Reiter, Q. Li, and S. Wetzel. Using voice to generate cryptographic keys. 2001.
	19	Torben P. Pedersen, Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing, Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, p.129-140, August 11-15, 1991
	20	G. Salton , A. Wong , C. S. Yang, A vector space model for automatic indexing, Communications of the ACM, v.18 n.11, p.613-620, Nov. 1975  [doi>10.1145/361219.361220]
	21	Hee-soo Kim , Ikkyu Choi , Minkoo Kim, Refining term weights of documents using term dependencies, Proceedings of the 27th annual international ACM SIGIR conference on Research and development in information retrieval, July 25-29, 2004, Sheffield, United Kingdom  [doi>10.1145/1008992.1009116]
	22	U. Uludag, S. Pankanti, S. Prabhakar, and A. Jain. Biometric cryptosystems: Issues and challenges, 2004.
	23	I. M. R. VeriSign. Web Services Federation Language (WS-Federation). version 1.0. July 8 2003. http://www-128.ibm.com/developerworks/library/specification/ws-fed/.
	24	Z. W. Wang , S. K. M. Wong , Y. Y. Yao, An analysis of vector space models based on computational geometry, Proceedings of the 15th annual international ACM SIGIR conference on Research and development in information retrieval, p.152-160, June 21-24, 1992, Copenhagen, Denmark  [doi>10.1145/133160.133190]
	25	Harry Wu , Gerard Salton, A comparison of search term weighting: term relevance vs. inverse document frequency, Proceedings of the 4th annual international ACM SIGIR conference on Information storage and retrieval: theoretical issues in information retrieval, p.30-39, May 31-June 02, 1981, Oakland, California
	26	W. Zhang, Y.-J. Chang, and T. Chen. Optimal thresholding for key generation based on biometrics. In ICIP, pages 3451--3454, 2004.