Description:FIELD OF INVENTION
[0001] Embodiments of the present disclosure relate to the field of biometric authentication, and more particularly, a system and a method for a multi-finger based biometric authentication.
BACKGROUND
[0002] Authentication is a crucial process of ensuring secure access to systems, applications, and sensitive information. Authentication technology provides access control for systems by checking to see if a user’s credentials match the credentials in a database of authorized users or in a data authentication server.
[0003] Traditionally, authentication models have relied on single-factor authentication, typically using a password or a single biometric characteristic such as a fingerprint. The single-factor authentication systems are commonly used but have various vulnerabilities. Passwords can be easily forgotten, guessed, or stolen, leading to unauthorized access. In recent years, authentication is strengthened by asking for additional authentication factors. These factors may consist of a unique code that is provided to a user over a mobile device, such as a one-time password (OTP) and the like, when a sign-on is attempted or a biometric signature, like a facial scan or fingerprint. This is known as a two-factor authentication.
[0004] However, even with advancements in the two-factor authentication, relying on the single biometric characteristic such as a fingerprint does not provide sufficient protection, especially in applications that demand a higher level of security such as military and defense systems. While fingerprints are widely used due to their uniqueness, they are not entirely foolproof, and their limitations can compromise the overall security of the system.
[0005] Hence, there is a need for an improved system and method for a multi-finger based biometric authentication which addresses the aforementioned issue(s).
OBJECTIVE OF THE INVENTION
[0006] An objective of the invention is to provide an authentication system based on a multi-finger based biometric authentication.
[0007] Another objective of the invention is to increase the complexity of biometric authentication, to improve the level of security.
[0008] Yet, another objective of the invention is to lower the probability of successful authentication, adding an extra layer of protection against unauthorized access.
BRIEF DESCRIPTION
[0009] In accordance with an embodiment of the present disclosure, a system for a multi-finger based biometric authentication is provided. The system includes a processing subsystem hosted on a server. The processing subsystem is configured to execute on a network to control bidirectional communications among a plurality of modules. The processing subsystem includes a registration module. The registration module is configured to receive personal information, and a trusted contact information from a user for creating a user profile. The trusted contact information comprises name, phone number, and email address of a trusted contact. The processing subsystem includes a fingerprint acquisition module operatively coupled to the registration module. The fingerprint acquisition module is configured to acquire a fingerprint template of the user using a fingerprint acquisition device. The fingerprint template includes a plurality of fingerprints of the user. The fingerprint template is used for identity verification of the user. The fingerprint acquisition module is also configured to receive an identification label corresponding to each of the fingerprints of the user. The identification label is at least one of an alphabetic characters, numeric, and special characters assigned by the user for identification. The processing subsystem includes a first level authentication module operatively coupled to the registration module. The first level authentication module is configured to receive one or more user credentials wherein the one or more credentials includes an identification and a password combination for verifying authorized access of the user in response to successful registration of the user. The first level authentication module is also configured to transmit a one-time password to a user device operated by the user upon successful verification of the user. The one-time password includes a code. The code is a combination of a plurality of identification label that indicates the identification label of a subset of the plurality of fingerprints pertaining to a sequence order. The processing subsystem includes a second level authentication module operatively coupled to the first level authentication module. The second level authentication module is configured to receive the subset of the plurality of fingerprints in the sequence order from the user. The processing subsystem includes a verification module operatively coupled to the second level authentication module. The verification module is configured to verify the authenticity of the subset of the plurality of fingerprints received by comparing the fingerprint templates received from the user with the fingerprint template stored in a template database using a matching technique, while additionally ensuring the sequence of order of the fingers provided in the code matches the sequence order of the received fingerprints templates. The processing subsystem includes a feedback module operatively coupled to the verification module. The feedback module is configured to provide access to the user in response to successful matching of the verification. The feedback module is also configured to send a message to the user. The message is a success message indicating that the user is authorized to access for successful verification. The message is a failure message indicating that the user is not authorized to access in case of unsuccessful verification. Further, the feedback module is configured to allow the user to reset the password upon successful verification by the trusted contact and a vendor, using a secure link sent to the trusted contact information in case of authentication failure.
[0010] In accordance with another embodiment of the present disclosure, a method for a multi-finger biometric authentication is provided. The method includes receiving, by a registration module, personal information, and a trusted contact information from a user for creating a user profile. The trusted contact information comprises name, phone number, and email address of a trusted contact. The method includes, acquiring, by a fingerprint acquisition module, a fingerprint template of the user using a fingerprint acquisition device. The fingerprint template includes a plurality of fingerprints of the user. The fingerprint template is used for identity verification of the user. The method includes, receiving, by the fingerprint acquisition module, an identification label corresponding to each of the fingerprints of the user. The identification label is at least one of an alphabetic character, numeric, and special characters assigned by the user for identification. The method includes receiving, by a first level authentication module, one or more user credentials wherein the one or more credentials includes an identification and a password combination for verifying authorized access of the user in response to successful registration of the user. The method includes transmitting, by the first level authentication module, a one-time password to a user device operated by the user upon successful verification of the user. The one-time password includes a code. The code is a combination of a plurality of identification label that indicates the identification label of a subset of the plurality of fingerprints pertaining to a sequence order. The method includes receiving, by a second level authentication module, the subset of the plurality of fingerprints in the sequence order from the user. The method includes verifying, by a verification module, verify the authenticity of the subset of the plurality of fingerprints received by comparing the fingerprint templates received from the user with the fingerprint template stored in a template database using a matching technique, and while additionally ensuring the sequence of order of the fingers provided in the code matches the sequence order of the received fingerprints templates. The method includes providing, by a feedback module, access to the user upon successful matching of the verification. The method includes sending, by the feedback module, a message to the user. The message is a success message indicating that the user is authorized to access for successful verification. The message is a failure message indicating that the user is not authorized to access in case of unsuccessful verification. The method includes allowing, by the feedback module, the user to reset the password upon successful verification by the trusted contact and a vendor, using a secure link sent to the trusted contact information in case of authentication failure.
[0011] To further clarify the advantages and features of the present disclosure, a more particular description of the disclosure will follow by reference to specific embodiments thereof, which are illustrated in the appended figures. It is to be appreciated that these figures depict only typical embodiments of the disclosure and are therefore not to be considered limiting in scope. The disclosure will be described and explained with additional specificity and detail with the appended figures.
BRIEF DESCRIPTION OF THE DRAWINGS
[0012] The disclosure will be described and explained with additional specificity and detail with the accompanying figures in which:
[0013] FIG. 1 is a block diagram representation of a system for a multi-finger based biometric authentication in accordance with an embodiment of the present disclosure;
[0014] FIG. 2 is schematic representation of an exemplary embodiment of a system for a multi-finger based biometric authentication in accordance with an embodiment of the present disclosure;
[0015] FIG. 3 is a block diagram of a computer or a server in accordance with an embodiment of the present disclosure;
[0016] FIG. 4(a) illustrates a flow chart representing the steps involved in a method for a multi-finger based biometric authentication in accordance with an embodiment of the present disclosure; and
[0017] FIG. 4(b) illustrates continued steps of the method of FIG. 4(a) in accordance with an embodiment of the present disclosure.
[0018] Further, those skilled in the art will appreciate that elements in the figures are illustrated for simplicity and may not have necessarily been drawn to scale. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the figures with details that will be readily apparent to those skilled in the art having the benefit of the description herein.
DETAILED DESCRIPTION
[0019] For the purpose of promoting an understanding of the principles of the disclosure, reference will now be made to the embodiment illustrated in the figures and specific language will be used to describe them. It will nevertheless be understood that no limitation of the scope of the disclosure is thereby intended. Such alterations and further modifications in the illustrated system, and such further applications of the principles of the disclosure as would normally occur to those skilled in the art are to be construed as being within the scope of the present disclosure.
[0020] The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such a process or method. Similarly, one or more devices or subsystems or elements or structures or components preceded by "comprises... a" does not, without more constraints, preclude the existence of other devices, sub-systems, elements, structures, components, additional devices, additional sub-systems, additional elements, additional structures or additional components. Appearances of the phrase "in an embodiment", "in another embodiment" and similar language throughout this specification may, but not necessarily do, all refer to the same embodiment.
[0021] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which this disclosure belongs. The system, methods, and examples provided herein are only illustrative and not intended to be limiting.
[0022] In the following specification and the claims, reference will be made to a number of terms, which shall be defined to have the following meanings. The singular forms “a”, “an”, and “the” include plural references unless the context clearly dictates otherwise.
[0023] Embodiments of the present disclosure relate to a system for a multi-finger based biometric authentication. The system includes a processing subsystem hosted on a server. The processing subsystem is configured to execute on a network to control bidirectional communications among a plurality of modules. The processing subsystem includes a registration module. The registration module is configured to receive personal information, and a trusted contact information from a user for creating a user profile. The trusted contact information includes name, phone number, and email address of a trusted contact. The processing subsystem includes a fingerprint acquisition module operatively coupled to the registration module. The fingerprint acquisition module is configured to acquire a fingerprint template of the user using a fingerprint acquisition device. The fingerprint template includes a plurality of fingerprints of the user. The fingerprint template is used for identity verification of the user. The fingerprint acquisition module is also configured to receive an identification label corresponding to each of the fingerprints of the user. The identification label is at least one of an alphabetic character, numeric, and special characters assigned by the user for identification. The processing subsystem includes a first level authentication module operatively coupled to the registration module. The first level authentication module is configured to receive one or more user credentials wherein the one or more credentials includes an identification and password combination for verifying authorized access of the user in response to successful registration of the user. The first level authentication module is also configured to transmit a one-time password to a user device operated by the user upon successful verification of the user. The one-time password includes a code. The code is a combination of a plurality of identification label that indicates the identification label of a subset of the plurality of fingerprints pertaining to a sequence order. The processing subsystem includes a second level authentication module operatively coupled to the first level authentication module. The second level authentication module is configured to receive the subset of the plurality of fingerprints in the sequence order from the user. The processing subsystem includes a verification module operatively coupled to the second level authentication module. The verification module is configured to verify the authenticity of the subset of the plurality of fingerprints received by comparing the fingerprint templates received from the user with the fingerprint template stored in a template database using a matching technique, while additionally ensuring the sequence of order of the fingers provided in the code matches the sequence order of the received fingerprints templates. The processing subsystem includes a feedback module operatively coupled to the verification module. The feedback module is configured to provide access to the user in response to successful matching of the verification. The feedback module is also configured to send a message to the user. The message is a success message indicating that the user is authorized to access for successful verification. The message is a failure message indicating that the user is not authorized to access in case of unsuccessful verification. Further, the feedback module is configured to allow the user a password reset process upon successful verification by the trusted contact and a vendor, using a secure link sent to the trusted contact information in case of authentication failure.
[0024] FIG. 1 is a block diagram of a system (100) for a multi-finger based biometric authentication in accordance with an embodiment of the present disclosure. The system (100) includes a processing subsystem (105) hosted on a server (108). In one embodiment, the server (108) may include a cloud-based server. In another embodiment, parts of the server (108) may be a local server coupled to a user device (112). The processing subsystem (105) is configured to execute on a network (115) to control bidirectional communications among a plurality of modules. In one example, the network (115) may be a private or public local area network (LAN) or Wide Area Network (WAN), such as the Internet. In another embodiment, the network (115) may include both wired and wireless communications according to one or more standards and/or via one or more transport mediums. In one example, the network (115) may include wireless communications according to one of the 802.11 or Bluetooth specification sets, or another standard or proprietary wireless communication protocol. In yet another embodiment, the network (115) may also include communications over a terrestrial cellular network, including, a global system for mobile communications (GSM), code division multiple access (CDMA), and/or enhanced data for global evolution (EDGE) network.
[0025] The processing subsystem (105) includes a registration module (120). The registration module (120) is configured to receive personal information, and a trusted contact information from a user for creating a user profile. The trusted contact information comprises name, phone number, and email address of a trusted contact. The trusted contact information is considered trusted because it acts as a means of verification and communication in certain events, such as account recovery, password reset, authentication failure and the like. The personal information refers to the data provided by the user during the registration process for creating a corresponding user profile. Examples of the personal information includes, but are not limited to, the name of the user, phone number, email address, username, password, and any other relevant identifying information. In one embodiment, the username and password are generated by the system (100), in response to the successful creation of the user profile.
[0026] The processing subsystem (105) includes a fingerprint acquisition module (122) configured to acquire a fingerprint template of the user using a fingerprint acquisition device (118). Typically, the fingerprint template includes a plurality of fingerprints of the user that are registered. In a specific embodiment, the plurality of fingerprints is all ten fingers of the user. The fingerprint template is used for identity verification of the user. Examples of the fingerprint acquisition device (118) includes, but is not limited to, a fingerprint scanner device and a biometric scanner device. In such an embodiment, the user is required to place their fingers on the scanner, one by one or simultaneously, depending on the capabilities of the fingerprint acquisition device (118). The fingerprint acquisition device (118) captures the unique patterns and characteristics of each fingerprint of the user. The fingerprint acquisition module (122) is also configured to receive an identification label corresponding to each of the fingerprints of the user. The identification label is at least one of an alphabetic character, numeric, and special characters assigned by the user for identification for the individual fingerprints within the fingerprint template. In general, alphabetic characters includes both uppercase and lowercase of A-Z, numeric characters (0-9), and special characters (such as ?, !, $, %, and so on.).
[0027] The personal information, fingerprint template and the identification label are stored in a template database (110). The template database (110) is secured using an Advanced Encryption Standard (AES) based encryption technique to enhance the security of the database and prevent the leak of sensitive information. AES is a widely used encryption algorithm that provides a high level of security for data. It utilizes symmetric key encryption, same key to encrypt and decrypt protected data. Instead of a single round of encryption, data is put through several rounds of substitution, transposition, and mixing to make it harder to compromise. This encryption technique ensures that the data stored in the template database is protected and can only be accessed by authorized entities with the proper decryption key.
[0028] The processing subsystem (105) includes a first level authentication module (124) that is configured to receive one or more user credentials. The one or more credentials includes an identification and password combination for verifying authorized access of the user in response to successful registration of the user. The one or more credentials typically include the username and the password, which the user provides on the registration module (120). It is a common form of authentication where the user is required to provide a unique identification, such as a username or user ID, along with a corresponding password.
[0029] The first level authentication module (124) is also configured to transmit a one-time password (OTP) to a user device (112) operated by the user upon successful verification of the user. The user device (112) corresponds to the user's registered mobile number. The one-time password includes a code. The one-time password is valid for a predetermined time period. The code is a combination of a plurality of identification label that indicates the identification label of a subset of the plurality of fingerprints pertaining to a specific sequence order. Typically, the sequence is formed by a combination of fingerprints. For example, a ring finger may be measured twice, followed by a pinky, then a thumb, or any combination of fingers, of either hand. In one embodiment, if the code is a combination of three fingers, then the probability of matching fingerprints becomes 1/1000.
[0030] The processing subsystem (105) includes a second level authentication module (126) that is configured to receive the subset of the plurality of fingerprints in the sequence order from the user.
[0031] The processing subsystem (105) includes a verification module (128) is configured to verify the authenticity of the subset of the plurality of fingerprints received by comparing the fingerprint templates received from the user with the fingerprint template stored in the template database (110) using a matching technique, while additionally ensuring the sequence of order of the fingers provided in the code matches the sequence order of the received fingerprints templates. In an embodiment, an unauthorized individual would need to correctly guess the specific combination of three fingers which significantly increases the complexity and reduces the likelihood of successful authentication by chance.
[0032] It must be noted that sequence order of the fingerprints sent to the user is unique each time the user attempts for authorization.
[0033] Further, in one embodiment, the verification module (128) is configured to verify the authenticity of the user either in real-time or in near real-time, for instance when the user is waiting, or at a slower rate, for instance when access are periodically audited.
[0034] The processing subsystem (105) includes a feedback module (130) configured to provide access to the user in response to successful matching of the verification. The feedback module (130) is also configured to send a message to the user. The message is a success message indicating that the user is authorized to access for successful verification. The message is a failure message indicating that the user is not authorized to access in case of unsuccessful verification. In an embodiment, the feedback module (130) provides guidance to the user in case of authentication failure. Further, the feedback module (130) is configured to allow the user a password reset process upon successful verification by the trusted contact and a vendor. Upon registering the trusted contact information to the system, the vendor verifies authenticity of the trusted contact information using an identification document such as Aadhaar, PAN, and the like. When the password reset process is requested, the system sends OTPs to both the user's and trusted contact's registered mobile numbers. The user and trusted contact must verify their identities using the received OTPs before proceeding with the password reset. Once both verifications are successful, the user receives a secure link via user registered mobile number or email address to reset their password securely.
[0035] Further, the server (108) includes a storage module configured to store user profiles, fingerprint templates, identification labels, user credentials, and authentication logs. A Secure Sockets Layer/Transport Layer Security is used to establish a secure and encrypted connection between the user device (112) and the server (108).
[0036] It is to be noted that the system may comprise, but is not limited to, a mobile phone, desktop computer, portable digital assistant (PDA), smart phone, tablet, ultra-book, netbook, laptop, multi-processor system, microprocessor-based or programmable consumer electronic system, or any other communication device that a user may use. In some embodiments, the system may comprise a display module (not shown) to display information (for example, in the form of user interfaces). In further embodiments, the system may comprise one or more of touch screens, accelerometers, gyroscopes, cameras, microphones, global positioning system (GPS) devices, and so forth.
[0037] In one embodiment, the various functional components of the system may reside on a single computer, or they may be distributed across several computers in various arrangements. The various components of the system may, furthermore, access one or more databases, and each of the various components of the system may be in communication with one another. Further, while the components of FIG. 1 are discussed in the singular sense, it will be appreciated that in other embodiments multiple instances of the components may be employed.
[0038] FIG. 2 is schematic representation of an exemplary embodiment of a system for a multi-finger based biometric authentication in accordance with an embodiment of the present disclosure.
[0039] In an example, consider a user ‘X’ who wants to store a very confidential document with a high-level security system. The user ‘X’ wants the document to be protected using the multi-finger based biometric authentication. For this purpose, the user ‘X’ register in the application and subsequently provides his/her personal information such as name, phone number, and create a user profile. The system (100) generates a username and password for the user ‘X’. During registration, the user ‘X’ places their fingers on a fingerprint acquisition device (118) (for example a fingerprint scanner) and the unique patterns of their fingerprints are captured as a fingerprint template. Further, the user ‘X’ assigns unique identification labels to each fingerprint corresponding to the fingerprint template. In an example, for the left-hand fingerprints, user 'X' assigns the identification labels '1' to the thumb, '2' to the index finger, '3' to the middle finger, '4' to the ring finger, and '5' to the little finger. Likewise, for the right-hand fingerprints, user 'X' assigns 'a' to the thumb, 'b' to the index finger, 'c' to the middle finger, 'd' to the ring finger, and 'e' to the little finger. All this information, along with the user profile, fingerprint templates, and identification labels, are stored in a template database (110). Later, when the user ‘X’ wants to log in to the application, user ‘X’ is required to provide his/her username and password. Upon successful verification of the credentials, the system (100) sends an OTP to the registered mobile number pertaining to user ‘X’. Let's say the OTP contains the code '3a1'. According to the code, user 'X' is required to place his/her left hand middle finger ('3') on the fingerprint scanner, followed by the right hand thumb ('a'), and finally the left hand thumb finger ('1'). It must be noted that the code ‘3a1’ and the order in which the user ‘X’ scans his/her fingers must coincide. Subsequently, the system (100) compares the captured fingerprints (also referred to as temporary fingerprint template) with the stored fingerprint templates in the template database (110) to check if the sequence order of the captured fingerprints matches the code in the OTP. If the verification is successful, user 'X' is granted access to their account, and a success message is displayed. In the case of unsuccessful verification, a failure message is displayed to user ‘X’ indicating that access is denied.
[0040] FIG. 3 is a block diagram of a computer or a server in accordance with an embodiment of the present disclosure. The server (200) includes processor(s) (230), and memory (210) operatively coupled to the bus (220). The processor(s) (230), as used herein, means any type of computational circuit, such as, but not limited to, a microprocessor, a microcontroller, a complex instruction set computing microprocessor, a reduced instruction set computing microprocessor, a very long instruction word microprocessor, an explicitly parallel instruction computing microprocessor, a digital signal processor, or any other type of processing circuit, or a combination thereof.
[0041] The memory (210) includes several subsystems stored in the form of executable program which instructs the processor (230) to perform the method steps illustrated in FIG. 1. The memory (210) includes a processing subsystem (105) of FIG.1. The processing subsystem (105) further has following modules: registration module (120), fingerprint acquisition module (122), first level authentication module (124), second level authentication module (126), verification module (128) and feedback module (130).
[0042] In accordance with an embodiment of the present disclosure, a system (100) for a multi-finger based biometric authentication is provided. The system (100) includes a processing subsystem (105) hosted on a server. The processing subsystem (105) is configured to execute on a network to control bidirectional communications among a plurality of modules. The processing subsystem (105) includes a registration module (120). The registration module (120) is configured to receive personal information, and a trusted contact information from a user for creating a user profile. The trusted contact information comprises name, phone number, and email address of a trusted contact. The processing subsystem (105) includes a fingerprint acquisition module (122) operatively coupled to the registration module (120). The fingerprint acquisition module (122) is configured to acquire a fingerprint template of the user using a fingerprint acquisition device (118). The fingerprint template includes a plurality of fingerprints of the user. The fingerprint template is used for identity verification of the user. The fingerprint acquisition module (122) is also configured to receive an identification label corresponding to each of the fingerprints of the user. The identification label is at least one of an alphabetic character, numeric, and special characters assigned by the user for identification. The processing subsystem (105) includes a first level authentication module (124) operatively coupled to the registration module (120). The first level authentication module (124) is configured to receive one or more user credentials comprises an identification and password combination for verifying authorized access of the user in response to successful registration of the user. The first level authentication module (124) is also configured to transmit a one-time password to a user device (112) operated by the user upon successful verification of the user. The one-time password includes a code. The code is a combination of a plurality of identification label that indicates the identification label of a subset of the plurality of fingerprints pertaining to a sequence order. The processing subsystem (105) includes a second level authentication module (126) operatively coupled to the first level authentication module (124). The second level authentication module (126) is configured to receive the subset of the plurality of fingerprints in the sequence order from the user. The processing subsystem (105) includes a verification module (128) operatively coupled to the second level authentication module (126). The verification module (128) is configured to verify the authenticity of the subset of the plurality of fingerprints received by comparing the fingerprint templates received from the user with the fingerprint template stored in a template database (110) using a matching technique, while additionally ensuring the sequence of order of the fingers provided in the code matches the sequence order of the received fingerprints templates. The processing subsystem (105) includes a feedback module (130) operatively coupled to the verification module (128). The feedback module (130) is configured to provide access to the user in response to successful matching of the verification. The feedback module (130) is also configured to send a message to the user. The message is a success message indicating that the user is authorized to access for successful verification. The message is a failure message indicating that the user is not authorized to access in case of unsuccessful verification. Further, the feedback module (130) is configured to allow the user a password reset process upon successful verification by the trusted contact and a vendor, using a secure link sent to the trusted contact information in case of authentication failure.
[0043] The bus (220) as used herein refers to internal memory channels or computer network that is used to connect computer components and transfer data between them. The bus (220) includes a serial bus or a parallel bus, wherein the serial bus transmits data in bit-serial format and the parallel bus transmits data across multiple wires. The bus (220) as used herein may include but not limited to, a system bus, an internal bus, an external bus, an expansion bus, a frontside bus, a backside bus and the like.
[0044] FIG. 4(a) illustrates a flow chart representing the steps involved in a method for a multi-finger based biometric authentication in accordance with an embodiment of the present disclosure. FIG. 4(b) illustrates continued steps of the method of FIG. 4(a) in accordance with an embodiment of the present disclosure. The method (300) includes receiving, by a registration module, personal information, and a trusted contact information from a user for creating a user profile. The trusted contact information comprises name, phone number, and email address of a trusted contact in step 310. The personal information is utilized to create a user profile, which may include details such as the user's name, phone number, email address, and other relevant identifying information.
[0045] The method (300) includes, acquiring, by a fingerprint acquisition module, a fingerprint template of the user using a fingerprint acquisition device. The fingerprint template includes a plurality of fingerprints of the user. The fingerprint template is used for identity verification of the user in step 320.
[0046] The method (300) includes, receiving, by the fingerprint acquisition module, an identification label corresponding to each of the fingerprints of the user. The identification label is at least one of an alphabetic character, numeric, and special characters assigned by the user for identification in step 330.
[0047] The method (300) includes receiving, by a first level authentication module, one or more user credentials comprises an identification and password combination for verifying authorized access of the user in response to successful registration of the user in step 340.
[0048] The method (300) includes transmitting, by the first level authentication module, a one-time password to a user device operated by the user upon successful verification of the user. The one-time password includes a code. The code is a combination of a plurality of identification label that indicates the identification label of a subset of the plurality of fingerprints pertaining to a sequence order in step 350.
[0049] The method (300) includes receiving, by a second level authentication module, the subset of the plurality of fingerprints in the sequence order from the user in step 360.
[0050] The method (300) includes verifying, by a verification module, verify the authenticity of the subset of the plurality of fingerprints received by comparing the fingerprint templates received from the user with the fingerprint template stored in a template database using a matching technique, and while additionally ensuring the sequence of order of the fingers provided in the code matches the sequence order of the received fingerprints templates in step 370.
[0051] It will be appreciated to those skilled in the art that other body parts may be substituted, provided each such body parts are uniquely identified. Further, it should additionally be understood that the present disclosure contemplates considering any biometric parameter that is capable of being measured. The method (300) includes providing, by a feedback module, access to the user upon successful matching of the verification in step 380.
[0052] The method (300) includes sending, by the feedback module, a message to the user. The message is a success message indicating that the user is authorized to access for successful verification. The message is a failure message indicating that the user is not authorized to access in case of unsuccessful verification in step 390.
[0053] The method (300) includes allowing, by the feedback module, the user to reset the password upon successful verification by the trusted contact and a vendor, using a secure link sent to the trusted contact information in case of authentication failure in step (400). Upon registering the trusted contact information to the system, the vendor verifies authenticity of the trusted contact information using an identification document such as Aadhaar, PAN, and the like. When the password reset process is requested, the system sends OTPs to both the user's and trusted contact's registered mobile numbers. The user and trusted contact must verify their identities using the received OTPs before proceeding with the password reset. Once both verifications are successful, the user receives a secure link via their registered mobile number or email address to reset their password securely.
[0054] Various embodiments of the system and method for a multi-finger based biometric authentication as described above utilizing multiple fingers for authentication, the system enhances security compared to single-finger authentication. The multi-finger approach provides a higher level of uniqueness and reduces the unauthorized access. Further, the system increases the complexity of the biometric authentication process by combining personal information with fingerprint templates and their respective identification labels, the system introduces an additional layer of complexity, thereby improving overall security. The system lowers the probability of successful authentication for unauthorized individuals by requiring the correct sequence order of specific fingers, the system significantly reduces accidental authentication.
[0055] Further, it must be noted that the system and method disclosed herein is specifically applicable to higher requirements of security such as, but not limited to, smart phones, access control, e-commerce, time and attendance systems, Automatic Teller Machine (ATM) and criminal identification systems.
[0056] The techniques described in this disclosure may be implemented, at least in part, in hardware, software, firmware, or any combination thereof. For example, various aspects of the described techniques may be implemented within one or more processors, including one or more microprocessors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or any other equivalent integrated or discrete logic circuitry, as well as any combinations of such components. The term “processor” or “processing subsystem” may generally refer to any of the foregoing logic circuitry, alone or in combination with other logic circuitry, or any other equivalent circuitry. A control unit including hardware may also perform one or more of the techniques of this disclosure.
[0057] Such hardware, software, and firmware may be implemented within the same device or within separate devices to support the various techniques described in this disclosure. In addition, any of the described units, modules, or components may be implemented together or separately as discrete but interoperable logic devices. Depiction of different features as modules or units is intended to highlight different functional aspects and does not necessarily imply that such modules or units must be realized by separate hardware, firmware, or software components. Rather, functionality associated with one or more modules or units may be performed by separate hardware, firmware, or software components, or integrated within common or separate hardware, firmware, or software components.
[0058] It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the disclosure and are not intended to be restrictive thereof.
[0059] While specific language has been used to describe the disclosure, any limitations arising on account of the same are not intended. As would be apparent to a person skilled in the art, various working modifications may be made to the method in order to implement the inventive concept as taught herein.
[0060] The figures and the foregoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, the order of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts need to be necessarily performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples.

, Claims:1. A system (100) for a multi-finger based biometric authentication comprising:
a processing subsystem (105) hosted on a server (108), wherein the processing subsystem (105) is configured to execute on a network to control bidirectional communications among a plurality of modules comprising:
a registration module (120) configured to receive personal information, and a trusted contact information from a user for creating a user profile, wherein the trusted contact information comprises name, phone number, and email address of a trusted contact;
a fingerprint acquisition module (122) operatively coupled to the registration module (120), wherein the fingerprint acquisition module (122) is configured to:
acquire a fingerprint template of the user using a fingerprint acquisition device (118), wherein the fingerprint template comprises a plurality of fingerprints of the user, wherein the fingerprint template is used for identity verification of the user; and
receive an identification label corresponding to each of the fingerprints of the user, wherein the identification label is at least one of an alphabetic character, numeric, and special characters assigned by the user for identification;
a first level authentication module (124) operatively coupled to the registration module (120), wherein the first level authentication module (124) is configured to:
receive one or more user credentials comprises an identification and password combination for verifying authorized access of the user in response to successful registration of the user; and
characterized in that,
transmit a one-time password to a user device (112) operated by the user upon successful verification of the user, wherein the one-time password comprises a code, wherein the code is a combination of a plurality of identification label that indicates the identification label of a subset of the plurality of fingerprints pertaining to a sequence order;
a second level authentication module (126) operatively coupled to the first level authentication module (124), wherein the second level authentication module (126) is configured to receive the subset of the plurality of fingerprints in the sequence order from the user;
a verification module (128) operatively coupled to the second level authentication module (126), wherein the verification module (128) is configured to verify the authenticity of the subset of the plurality of fingerprints received by comparing the fingerprint templates received from the user with the fingerprint template stored in a template database (110) using a matching technique, while additionally ensuring the sequence of order of the fingers provided in the code matches the sequence order of the received fingerprints templates; and
a feedback module (130) operatively coupled to the verification module (128), wherein the feedback module (130) is configured to:
provide access to the user in response to successful matching of the verification;
send a message to the user, wherein the message is a success message indicating that the user is authorized to access for successful verification, wherein the message is a failure message indicating that the user is not authorized to access in case of unsuccessful verification; and
allow the user a password reset process upon successful verification by the trusted contact and a vendor, using a secure link sent to the trusted contact information in case of authentication failure.

2. The system (100) as claimed in claim 1, wherein the personal information comprises name of the user, phone number, email address, username, and password.

3. The system (100) as claimed in claim 1, wherein the fingerprint acquisition device (118) is a fingerprint scanner.

4. The system (100) as claimed in claim 1, wherein personal information, fingerprint template and the identification label are stored in the template database (110).

5. The system (100) as claimed in claim 1, wherein the template database (110) is a repository, wherein the template database (110) is secured using an Advanced Encryption Standard based encryption technique to enhance the security of the database and prevent the leak of sensitive information.

6. The system (100) as claimed in claim 1, wherein the one-time password is valid for a predetermined time period.

7. The system (100) as claimed in claim 1, wherein the feedback module (130) is configured to provide guidance to the user in case of authentication failure.

8. The system (100) as claimed in claim 1, comprises the server (108) comprises a storage module configured to store user profiles, fingerprint templates, identification labels, user credentials, and authentication logs.

9. The system (100) as claimed in claim 1, wherein Secure Sockets Layer/Transport Layer Security is used to establish a secure and encrypted connection between the user device (112) and the server (108).

10. A method (300) for a multi-finger based biometric authentication comprising:
receiving, by a registration module, personal information, and a trusted contact information from a user for creating a user profile, wherein the trusted contact information comprises name, phone number and email address of a trusted contact ; (310)
acquiring, by a fingerprint acquisition module, a fingerprint template of the user using a fingerprint acquisition device, wherein the fingerprint template comprises a plurality of fingerprints of the user, wherein the fingerprint template is used for identity verification of the user; (320)
receiving, by the fingerprint acquisition module, an identification label corresponding to each of the fingerprints of the user, wherein the identification label is at least one of an alphabetic character, numeric, and special characters assigned by the user for identification; (330)
receiving, by a first level authentication module, one or more user credentials wherein the one or more user credentials comprises an identification and password combination for verifying authorized access of the user in response to successful registration of the user; (340)
characterized in that,
transmit, by the first level authentication module, a one-time password to a user device operated by the user upon successful verification of the user, wherein the one-time password comprises a code, wherein the code is a combination of a plurality of identification label that indicates the identification label of a subset of the plurality of fingerprints pertaining to a sequence order; (350)
receiving, by a second level authentication module the subset of the plurality of fingerprints in the sequence order from the user; (360)
verifying, by a verification module, verify the authenticity of the subset of the plurality of fingerprints received by comparing the fingerprint templates received from the user with the fingerprint template stored in a template database using a matching technique, and while additionally ensuring the sequence of order of the fingers provided in the code matches the sequence order of the received fingerprints templates; (370)
providing, by a feedback module, access to the user upon successful matching of the verification; (380)
sending, by the feedback module, a message to the user, wherein the message is a success message indicating that the user is authorized to access for successful verification, wherein the message is a failure message indicating that the user is not authorized to access in case of unsuccessful verification; (390) and
allowing, by the feedback module, the user the password reset process upon successful verification by the trusted contact and a vendor, using a secure link sent to the trusted contact information in case of authentication failure. (400)
Dated this 17th day of July 2023

Signature

Jinsu Abraham
Patent Agent (IN/PA-3267)
Agent for the Applicant