Biometric multifactor authentication (BMFA) based intelligent financial management systems
The main objective of the work is to manage data security, accountability, transparency, and flexibility in Intelligent Financial Management Systems. The system’s objective is achieved with the help of the BMFA approach, which uses multiple factors to verify the user’s identity. During this process, user iris recognition is utilized as the biometric feature that increases the financial management system’s security and reduces hacker involvement. Intelligent financial management systems can use BMFA to provide secure access to financial data and transactions for authorized users while preventing unauthorized access and fraud. For example, a user might be required to provide an iris recognition scan to access their financial accounts. In this work, BMFA is selected for intelligent financial management systems because it provides high security and accuracy for user authentication. BMFA uses biometric data such as iris scans, which are unique to each individual and cannot be easily replicated or stolen. The biometric-based authentication process significantly reduces the risk of identity theft and fraud. Additionally, BMFA adds an extra layer of security to traditional two-factor authentication (2FA) methods, which usually require a combination of something the user knows (such as a password) and something they have (such as a security token or smart card). By adding biometric data as a third factor, the likelihood of unauthorized access is further reduced. Furthermore, BMFA-based intelligent financial management systems are convenient for users, as they eliminate the need to remember complex passwords or carry additional security tokens. Users can use their biometric data to verify their identity, which is often quicker and more convenient than traditional authentication methods. Then, the overall working process of the blockchain-smart contract with BMFA-based created secured intelligent financial management system is illustrated in Fig. 1.
Figure 1 illustrates the working process of a BMFA based intelligent financial management system. The system consists of several steps: User enrolment, authentication request, first-factor authentication, second-factor authentication, third-factor authentication, authentication approval, and authentication denial. These steps play a crucial role in IoT-based collected people’s information. The collected details are stored using the blockchain-related smart contract. The IoT and blockchain processes ensure authorization and authentication while managing the financial systems in different applications. Intelligent financial management systems can benefit greatly from IoT device-based data collection. IoT devices, such as sensors and smart devices, can collect real-time data on various financial metrics, such as cash flow, inventory levels, and sales transactions. This data can be analyzed using machine learning algorithms to provide insights and recommendations for improving financial performance. For example, IoT devices can monitor inventory levels in real time, allowing financial managers to make more accurate predictions about future inventory needs and optimize their supply chain accordingly. One major advancement made possible by Blockchain is smart contracts, which are self-executing agreements whose terms are put into code. Smart contracts remove the need for intermediaries and minimize human mistakes by automatically enforcing and executing the agreed-upon terms if predetermined circumstances are satisfied.
Similarly, IoT devices can be used to track sales transactions, providing insights into customer behavior and identifying areas for improvement in the sales process. Data security is important when using IoT devices for data collection in financial management systems. Financial data is sensitive and must be protected from unauthorized access or manipulation. IoT devices should be designed with security in mind, and data should be encrypted and stored securely to prevent data breaches. Therefore, this paper uses the blockchain-based smart contract to ensure data security, flexibility, scalability, and accountability. Initially, the business’s financial metrics, such as inventory levels, revenue, and cash flows, are tracked. The financial information is collected by installing the IoT sensors in the appropriate location. Temperature sensors are used to gather and monitor inventory levels, and point-of-sale sensors are used to track sales transactions. The sensor-based collected information is transmitted to the cloud-based platform to analyze the financial impacts.
One example of a framework for securing access to and verifying financial data is illustrated in Fig. 1. This framework incorporates Internet of Things (IoT), blockchain, and biometric authentication technologies. In the beginning of the process, Internet of Things sensors are installed in financial institutions or other surroundings that are related to them. These sensors continuously collect real-time financial data. The information is then processed and organized by a financial data collection system, which receives this data when it has been transmitted subsequently. The data collected is saved and maintained through a blockchain equipped with smart contracts. These contracts offer tamper-resistant logging and automated access control, which helps to ensure that the data is both accurate and traceable. Before being sent to a cloud database that has the appropriate authorization and access protocols, the data is validated and authorized by the financial institution, which serves as a trusted node in the process. The user is required to provide a biometric input (such as a fingerprint or iris scan) for the request to be processed through a biometric and user verification system. This occurs whenever the user requests financial data. The processing of this input involves extracting feature templates, which are then compared to previously stored templates to verify the individual’s identification. Following the completion of the verification process, the cloud database will then provide the user access to the financial data. By ensuring that only authorized users can retrieve sensitive financial information, this safe method enhances the level of privacy, traceability, and system integrity available.
The next important step is to provide security to the IoT sensor-based collected financial information. A blockchain-based smart contract manages data security to protect sensitive financial information during this process. The collected financial information, like inventory levels and sales transactions, must be transmitted to the third-party cloud server in an encrypted format. The encryption process minimizes unauthorized access and manipulations. The encrypted data is stored on a blockchain-based platform, which provides a secure and decentralized storage solution. The blockchain ensures that the data cannot be tampered with or deleted and provides a transparent and auditable record of all transactions. Smart contracts manage access to the data stored on the blockchain. These contracts specify the conditions under which the data can be accessed, such as who can access it and what actions they can perform on financial data. If authorized users need to access the data, they interact with the smart contract to request access. The smart contract verifies their identity and permissions and then provides access to the data if the conditions are met. Once authorized users can access the data, it can be analyzed using machine learning algorithms to generate insights and recommendations for improving financial performance. Then, the overall structure of blockchain-based smart contracts is illustrated in Fig. 2.
Blockchain-based financial data storage is a distributed ledger technology that stores financial data securely and decentralized. The first step is encrypting financial data using the RSA cryptographic algorithm. Encryption involves converting the original data into an unintelligible form that someone with the decryption key can only read. Encryption is a secret key known only to the authorized parties who can access the data. The encryption process ensures the confidentiality of the data and protects it from unauthorized access. The RSA algorithm encrypts sensitive financial data using the public key, and data is accessed with the help of the decrypt key. The encryption algorithm uses a combination of modular arithmetic and prime number properties. Then, the RSA-based data encryption process is shown in Fig. 3.
Initially, an RSA key has to be generated to perform the encryption process. The key generation phase generates the public key and private key . The and are selected from the two large prime numbers ; here, p and q are not equal. The product of two prime numbers is computed to identify the value modulus for the keys . Then the totient of n is computed as and integer has been chosen. Here e is coprime to the and the e value related modular multiplicative inverse value d is computed as . The computed value is treated as the private key . Hence, the public key is and the private key ( is
After generating the , the IoT sensor-based collected financial data should be encrypted to manage data security. The collected plain texts are converted into the numerical value denoted as Then, cypher text is estimated with the help of the public key . The computation process is defined using Eq. (1)
The ciphertext is the encrypted financial data that can be transmitted over an insecure network. The data that has been encrypted is kept in a database or on a cloud server offered by a third party. Prior to allowing access to the data, the identity of the user who has requested access is validated by means of the proper authentication methods following the user’s request. Once the user verification is performed, the decryption process is as follows.
The decryption process obtains the original financial data from the encrypted file. The encryption process uses the private key which is done by using Eq. (2)
The generated private key used to convert the into the numerical value . After decrypting the financial data, the value is converted to plaintext financial data. Decryption is only possible with the private key, ensuring the financial data’s confidentiality and integrity. After encrypting the data, data fragmentation is performed in the blockchain process to manage the data security in financial management systems. In the fragmentation process, data has to be fragmented into smaller pieces to improve the security and resilience of the storage system. Fragmentation involves breaking the encrypted data into smaller chunks, which can be distributed across the network of nodes. Fragmentation ensures that even if one or more nodes in the network are compromised, the attacker will only be able to access a portion of the data, which is of limited value. The fragmentation is denoted as ; here, F is represented as the fragmented data. The fragmented data is distributed across a network of nodes using a peer-to-peer (P2P) protocol such as IPFS (InterPlanetary File System). Each node in the network stores a copy of the fragmented data, which ensures high availability and fault tolerance. P2P networks do not rely on a central server or authority, which makes them resistant to single points of failure and cyber-attacks. The data distribution is represented as
During the distribution process, data security and integrity are achieved with the help of the consensus mechanism defined as The Proof-of-Work (PoW) technique is utilized in this process as the consensus algorithm for the purpose of distributing the data in the third-party environment. A consensus technique known as Proof-of-Work (PoW) is used in numerous blockchain networks to confirm transactions and add new blocks. It does this by making the process of adding new blocks to the blockchain computationally expensive and time-consuming. This discourages fraudulent actions and attacks, such as double spending. In Proof-of-Work, users in the network, known as miners, compete with one another to solve a complex mathematical puzzle known as the “hash puzzle.” The miner who is the first to solve the puzzle will broadcast their solution to the network, and other nodes on the network will then verify that the solution is correct. Following the verification of the solution, the miner is rewarded with a fixed quantity of tokens or cryptocurrency on the blockchain. To solve the hash puzzle, it is necessary to repeatedly hash the data included in the block using a cryptographic hashing technique, such as SHA-256. This process continues until a hash is formed that satisfies a predetermined level of difficulty. It is necessary to make frequent adjustments to the difficulty of the puzzle to maintain consistent block times and prevent the blockchain from becoming either too slow or too fast. Among the most significant benefits of Proof-of-Work (PoW) is the fact that it is a tried-and-true and trustworthy approach to reaching consensus in decentralized networks. On the other hand, it has been criticized for its excessive energy usage as well as the fact that much of the mining power is concentrated in a small number of huge mining pools. The information undergoes a verification process before being posted to the blockchain. This is done to confirm that the information is accurate and has not been altered in any way. The transaction is checked against a set of rules and criteria during the verification process. These rules and criteria include the legitimacy of the transaction, the authenticity of the sender, and the availability of sufficient funds. If the transaction meets the criteria, it is considered valid and can be added to the blockchain. Then, the verification process is represented as the Once the data is verified, it is added to the blockchain as a new block. Each block contains a cryptographic hash of the previous block, ensuring the blockchain’s immutability. The hash function generates a unique digital fingerprint of the previous block, which is added to the new block. This creates a chain of blocks, where each block is linked to the previous block, forming a tamper-proof and transparent ledger. Then, the financial data storage process is denoted as the ; V is represented as the verified financial data, and H is the hash of the previous block. Finally, authorized users can access the financial data stored on the blockchain using cryptographic keys. Cryptographic keys are digital codes used to encrypt and decrypt data. To access the data, the user must possess the correct cryptographic key, which permits them to access it. Biometric multifactor authentication algorithms can further strengthen the data’s security and ensure that only authorized users can access the data.
BMFA is a security process that combines multiple authentication factors to verify a user’s identity. It involves using biometric data (iris information) and other authentication factors, such as passwords or security tokens. BMFA provides a higher level of security than traditional authentication methods, such as passwords or PINs, which can be easily hacked or stolen. Biometric data, being unique to each individual, adds an extra layer of security that is difficult to replicate. This work uses the iris biometric feature to ensure data security. The iris biometric is the coloured ring around the eye pupil and is unique to each individual. Iris recognition technology uses a high-resolution camera to capture an image of the iris and then compare it to a pre-enrolled image to verify the user’s identity. Initially, the user enrols in the system by providing their personal information, such as name, contact details, and other relevant information, as well as their iris biometric data, which are securely stored in the system’s database. The stored information is utilized during the user verification process. Users who want to access their financial information or conduct a financial transaction initiate an authentication request by logging in to the system. Once the system receives the authentication request, three-factor authorization is performed to verify the user’s identity. The first-factor authentication involves verifying the user’s identity using a password or PIN. The system prompts the user to provide this information. The second-factor authentication involves verifying the user’s identity using smart contracts. Smart contracts are self-executing digital contracts that operate on a blockchain network. They are designed to automate the process of executing a contract without intermediaries. The parties involved in the contract define the terms of the agreement and write them into a smart contract code. The smart contract is deployed on a blockchain network, and each party receives a copy of the contract. If certain conditions specified in the contract are met, the smart contract executes the predefined actions automatically. The contract is enforced through blockchain technology, which ensures that the contract’s terms are transparent, immutable, and tamper-proof. The parties involved can interact with the smart contract through a user interface, a web application, or a mobile app. Once the contract is executed, the transaction is recorded on the blockchain network and is visible to all parties involved. If any party fails to fulfil their obligations as specified in the contract, the smart contract can automatically execute penalties or other consequences specified in the contract. The key benefit of using smart contracts is that they eliminate the need for intermediaries and can streamline the execution of contracts, reducing costs and increasing efficiency. They can also provide high transparency and audibility, as all transactions and changes to the contract are recorded on the blockchain network. Additionally, smart contracts can automate complex processes and create new business models that were not possible before the advent of blockchain technology.
Third-factor authentication involves verifying the user’s identity using iris biometric data. Iris biometric verification is a process of identifying or verifying an individual based on the unique pattern of the iris, which is the coloured part of the eye surrounding the pupil. The process involves capturing an image of the iris, and unique features are extracted to compare with the template features stored in the database. The biometric feature-matching process improves the overall authentication in the cloud environment. The first step in iris biometric verification is to capture an image of the iris using the iris scanner. The scanner uses near-infrared light to illuminate the iris and capture its image. The collected iris images are processed using the mean filter that removes the noisy pixel value using the mean value of the neighbouring pixels. In addition, this process removes the eyelids, eyelashes, and reflection-related details from the iris images. The iris region is then localized in the image. This involves identifying the circular shape of the iris and its boundaries. After that, images are normalized to a fixed size and orientation. Then, iris images are continuously examined to derive unique patterns such as position, number of shapes, crypts, furrows, and ridges. Other features that may be extracted include the iris texture, colour, and pupil dilation.
The Daugman algorithm is a commonly used method for feature extraction in iris biometric verification. The feature extraction process consists of several steps, such as circular Hough transform, normalization, Gabor filtering, and feature encoding. The process of the iris biometric feature extraction process is illustrated in Fig. 4.
A circular Hough transform is applied to the iris image to detect the circular boundary of the iris. This involves scanning the image with circles of various radii and identifying the circle that best fits the iris boundary. Let be the iris image with an R radius. Then, the image circular Hough transform is defined using Eq. (3)
In Eq. (3), (a and b) are denoted as the circular center boundary, R is the radius, and is the Dirac delta function. After identifying the iris image, circular boundary normalization is performed. The iris region is then normalized to a fixed size and orientation. This involves mapping the iris pixels onto a polar coordinate system using the detected iris center and radius. The resulting polar representation of the iris is then unwrapped into a rectangular block. The polar representation of the iris can be expressed as in which r and are computed using Eq. (4)
The unwrapped rectangular representation of the iris can be expressed as . Here u and v are estimated using Eq. (5)
The Eqs. (4 and 5) are used to obtain the polar and unwrapped rectangular representations, respectively. After that, Gabor filtering is used to extract the iris features responsible for user verification. During the process of extracting iris features, Gabor filters are applied to the normalized iris image. Specifically, Gabor filters are a sort of linear filter that are designed to capture the information regarding the texture and frequency of the iris. A variety of angles and frequencies are used to orient the filters, capturing the different patterns present on the iris. Equation (6) defines the Gabor filtering process, which is applied to the computed information.
In Eq. (6), and , is denoted as the wavelength of the sinusoidal function in the filter. This parameter controls the frequency of the filter response, with larger values resulting in lower-frequency responses. is the filter’s orientation, which determines the angle of the sinusoidal function in the filter. This parameter controls the orientation sensitivity of the filter, with different values detecting different orientations. represented as the phase offset of the sinusoidal function in the filter. This parameter determines the phase of the filter response, which can affect the contrast of the filter output. is the standard deviation of the Gaussian envelope in the filter. This parameter controls the size of the filter’s receptive field, with larger values resulting in a broader spatial frequency response. γ is the spatial aspect ratio of the filter. This parameter controls the ellipticity of the receptive field, with smaller values resulting in a more circular shape and larger values resulting in a more elongated shape. The features such as color, texture, pupil boundary, and eyelash are extracted according to the various parameters, and feature encoding is performed. The filtered images are then encoded using a quantization method. The quantization method converts the filtered image values into a binary code based on a threshold value. This binary code represents the iris features in a compact and standardized format. Then, the quantization process is defined using Eq. (7)
In Eq. (7), T is denoted as the threshold value. The Daugman algorithm provides an efficient and accurate method for feature extraction in iris biometric verification. These patterns are then converted into a digital template that can be used for comparison. The template matching is done with the help of a template matching algorithm. Template matching is a popular approach for matching iris biometrics. This process involves comparing a stored iris template, a mathematical representation of the iris, with a captured iris image. The iris image is first acquired and then pre-processed to remove noise and distortions. The relevant features are extracted from the iris image, such as texture gradients and wavelet coefficients, and used to create a template that captures the unique characteristics of the iris. The stored iris template is then compared with the captured iris image template using a matching algorithm, which calculates a matching score. The iris is considered a match if the score exceeds a certain threshold. This highly accurate and reliable process makes it useful in various applications, including security systems and access control. The digital template is then stored in a secure database. This database is typically encrypted and protected by a strong password or other security measures to prevent unauthorized access. When a user attempts to authenticate their identity using iris biometric verification, their iris image is captured and compared to the stored template. The user is granted access or denied if the two iris patterns match. If all three authentication factors match the enrolled user’s data, the system approves the authentication request, and grants users access to their financial information or transaction. If any factors do not match, the system denies the authentication request and blocks users’ access to their financial information or transactions. Thus, the blockchain and BMFA techniques effectively help protect financial data from intermediate access. The Proof-of-Work (PoW) consensus mechanism is utilized by the system in order to establish the legitimacy of transactions and add them to the blockchain. Additionally, RSA encryption is utilized to safeguard financial data while it is being transmitted and stored. This ensures that the data is kept private and secure throughout the entire process. In general, this system offers a high level of security and transparency for the administration of financial resources, hence lowering the likelihood of fraudulent activity, hacking, and data breaches. Additionally, it abolishes the requirement for middlemen in financial transactions, which results in a reduction in expenses and an improvement in efficiency.
