Biometric Electronic Signature Security

This paper describes the application of biometric-based cryptographic techniques to create secure electronic signatures on contract agreements of any kind or format. The described techniques couple password and biometric authentication factors to form a Biometric Authenticated Key Exchange (BAKE) protocol. The protocol provides mutual authentication and multi-factor user authentication, and defeats phishing and man-in-the-middle attacks. The operation of BAKE establishes a secure channel of communications between two parties. This channel provides confidentiality for the user's authentication credentials and the contract agreement the user intends to sign. By including an indication of the user's intention to conduct an electronic transaction and the user's acceptance of the terms of the included contract agreement, the described application complies with the Uniform Electronic Transaction Act (UETA) and Electronic Signatures in Global and National Commerce (ESIGN) Act requirements. The biometric electronic signature described in this paper is suitable for use in Cloud environments and in blockchain and Distributed Ledger Technology smart contract applications.