Politecnico di Torino - Corso Duca degli Abruzzi, 24 - 10129 Torino, ITALY

+39 011 090 6100 info@tech-share.it

Toothpic: Secure Password-less Authentication

CTENEXTInformatica Tsd EnIPA21Optical sensor fingerprintPossession factorSingle clickuser authentication

Introduction

ToothPic Authenticate is an innovative authentication system based on the identification of the smartphone/tablet camera sensor.

Technical features

The proposed technique uses the fingerprint of the optical sensor of a user’s device, e.g. a smartphone, as a physical uncloneable authentication function. In the registration phase, the user enrolls into the system by providing a high quality estimate of the device fingerprint obtained by a certain number of photos acquired in controlled conditions. Instead of directly sending the fingerprint, the client sends a compressed version to the server, that extracts a uniformly random bit string from the compressed fingerprint and stores it in a secure hash together with a secure sketch. In the authentication phase, the user reproduces a noisy version of the device fingerprint by acquiring a fresh set of photos and compressing the resulting fingerprint according to the stored side information. The server then combines this fingerprint received by the user with the secure sketch stored in its database to verify the user’s identity.

Possible Applications

  • Multi-factor user authentication;
  • Universal 2nd factor authenticator;
  • Digital signature;
  • Document encryption;
  • Encrypted communication;
  • Device-related cryptographic keys.

Advantages

  • Unique and non-reproducible characteristic;
  • No additional device required;
  • Extremely secure and robust to client-side and server-side attacks;
  • Single-click friendly user experience.