This paper proposes to integrate biometric-based key generation into an obfuscated interpretation algorithm to protect
authentication application software from illegitimate use or reverse-engineering. This is especially necessary for
mCommerce because application programmes on mobile devices, such as Smartphones and Tablet-PCs are typically
open for misuse by hackers. Therefore, the scheme proposed in this paper ensures that a correct interpretation / execution
of the obfuscated program code of the authentication application requires a valid biometric generated key of the actual
person to be authenticated, in real-time. Without this key, the real semantics of the program cannot be understood by an
attacker even if he/she gains access to this application code. Furthermore, the security provided by this scheme can be a
vital aspect in protecting any application running on mobile devices that are increasingly used to perform
business/financial or other security related applications, but are easily lost or stolen. The scheme starts by creating a
personalised copy of any application based on the biometric key generated during an enrolment process with the
authenticator as well as a nuance created at the time of communication between the client and the authenticator. The
obfuscated code is then shipped to the client’s mobile devise and integrated with real-time biometric extracted data of the
client to form the unlocking key during execution. The novelty of this scheme is achieved by the close binding of this
application program to the biometric key of the client, thus making this application unusable for others. Trials and
experimental results on biometric key generation, based on client's faces, and an implemented scheme prototype, based
on the Android emulator, prove the concept and novelty of this proposed scheme.
|