The threat of invasion of privacy and of the illegal appropriation of information both increase with the expansion of the biometrics service environment to open systems. However, while certificates or smart cards can easily be cancelled and reissued if found to be missing, there is no way to recover the unique biometric information of an individual following a security breach. For this reason, confidence among service bodies must be guaranteed. In this paper, we suggest nine bio-authentication models that differ according to template storage location, and define the threats and resolutions of these threats for each model. The suggested models can enhance web-based biometric security by providing security from the stage of transmission, and give stable performance by supplying standards-based encryptions. By designing and realizing Biometric Handshake protocols and Biometric Transfer protocols through the extension of TLS (Transport Layer Security), and applying them to each model, these models can be applied to elements of the national infrastructure, such as electronic passports and immigration control systems.