[go: up one dir, main page]

CN1965528A - Biometric template protection and feature handling - Google Patents

Biometric template protection and feature handling Download PDF

Info

Publication number
CN1965528A
CN1965528A CN 200580018848 CN200580018848A CN1965528A CN 1965528 A CN1965528 A CN 1965528A CN 200580018848 CN200580018848 CN 200580018848 CN 200580018848 A CN200580018848 A CN 200580018848A CN 1965528 A CN1965528 A CN 1965528A
Authority
CN
China
Prior art keywords
quantized
characteristic component
reliably
biometric data
component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200580018848
Other languages
Chinese (zh)
Inventor
A·H·M·阿克曼斯
G·J·施利詹
P·T·图伊尔斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Publication of CN1965528A publication Critical patent/CN1965528A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

The present invention relates to a method and a system of verifying the identity of an individual by employing biometric data associated with the individual while providing privacy of said biometric data. A basic idea of the present invention is to represent a biometric data set XFP with a feature vector. A number of sets XFP1, XFP2,..., XFPm of biometric data and hence a corresponding number of feature vectors is derived, and quantized feature vectors X1, X2,..., Xm are created. Then, noise robustness of quantized feature components is tested. A set of reliable quantized feature components is formed, from which a subset of reliable quantized feature components is randomly selected. A first set W1 of helper data is created from the subset of selected reliable quantized components. The helper data W1 is subsequently used in a verification phase to verify the identity of the individual.

Description

Biometric template protection and characteristic processing
Technical field
The present invention relates to a kind of biometric data that is associated with the individual by use and verify the system and method for personal identification, the secret of described biometric data is provided simultaneously.
Background technology
Evaluation to physical object can be used in many application, for example enter secure buildings or access digital data (for example being stored in the data in computer or the movable storage medium) conditionally conditionally, perhaps for identifying purpose (for example for specific behavior to individual's charge of having discerned).
The a kind of of traditional recognition method who more and more is counted as for example password and PIN with the biometric use of discerning and/or be accredited as purpose better substitutes.Need constantly increase with the system quantity that the form of passwords/pin-codes is discerned, the result, the quantity of the passwords/pin-codes that the user of this system must remember is also in continuous increase.Further the result is, owing to be difficult to remember passwords/pin-codes, the user need write down them, and this makes them be easy to have things stolen.In the prior art, proposed the method that addresses this problem, this method relates to uses token (token).Yet token is also lost easily and/or is stolen.A kind of preferred solution for this problem is to use biometric identification, wherein uses the feature that has uniqueness concerning the user that identification to the user is provided, fingerprint for example, iris, ear, face etc.Obviously, the user can not lose or forget his/her biometric characteristic, writes without any necessity yet or remembers them.
Biometric characteristic and reference data compare.If mate, then the user is identified, and can be authorized to visit.For user's reference data is in previous (at so-called registration phase) database or smart card that obtain and that be stored in safety for example safely.When the execution user identified, the user claimed to have specific identity, and the biometric template that provides compares with the biometric template that the identity with statement of being stored interrelates, so that the consistency between the template of template that checking provides and storage.When carrying out User Recognition, the obtainable template of the biometric template that provides and all storages compares, so that the consistency between the template of template that checking provides and storage.Under any circumstance, the template that provides all will compare with the template of one or more storage.
When no matter when secret the leakage takes place in system, for example when the hacker is known secret in the safety system, the secret that just needs replacement (unconsciously) to reveal.Usually in traditional encryption system, this finishes for relevant user by abolishing the secret cryptographic key of revealing with the new key of distribution.Under the situation that password or PIN are revealed, just select a new password or PIN to replace it.In biometric system, because corresponding body part obviously cannot be replaced, it is complicated more that situation becomes.From this aspect, most biometrics are static.Therefore, exploitation is derived secret method from (normally containing noise) biometric measurement very important, if necessary, may upgrade the secret of this derivation.Should be noted that biometric data is the good expression to personal identification, can regard as with the behavior of theft personal identification of equal value on electronics with identifying without obtaining the biometric data that is associated with the individual.After the appropriate biometric data of having obtained the identification individual, the hacker can palm off the individual that he obtains its identity.And biometric data can include sensitivity and the private information that closes healthy condition.Therefore, must safeguard the individual's who uses biometrics evaluation/recognition system integrality.
Because biometric data provides relevant individual's sensitive information, so there is the privacy problem of the management and the use that relate to biometric data.For example, in existing biometric system, the user must be inevitably trusting biometric system fully aspect her integrality of biometric template.In registration process-promptly initial procedure-the user when registration body obtains user's biometric template provides her template, this registration body to store template after may be encrypted in system to the register device of registration body.In proof procedure, the user provides her template to system once more, and the template of storage is retrieved (with decrypted if necessary), and the coupling between template of storing and the template that provides is provided then.Significantly, the user can not control the incident on the template that occurs in her, can't verify also whether her template is taken seriously and can not revealed from system.Therefore, her template secret aspect, she has to trust each registration body and each validator.Though this type systematic is in use, for example on some airport,, the user makes to the required confidence level of system can not use this system on a large scale.
Encryption technology can be faced, and it can be used for encrypting or hash (hash) biometric template, and finishes checking (perhaps coupling) on ciphered data, makes real template never easily be obtained.But encryption function is designed wittingly, the big variation during the little variation in the feasible input can cause exporting.Because biometric special essence, and when the template of template that obtains to be provided and storage because the measure error that noise pollution caused, the template that provides and the template of storage can be not in full accord, so matching algorithm should allow to exist little difference between two templates.This makes based on the checking existing problems of encrypted template.
" Capacity and Examples of Template-Protecting BiometricAuthentication System " that the Pim Tuyls of Philips Research and Jasper Goseling deliver discloses a kind of biometrics identification systems, do not need to store original biometric template in this system.Therefore, use the maintaining secrecy of personal identification of this system to be protected.This system is based on the application to helper data scheme (HDS).For in conjunction with biometrics evaluation and encryption technology, in registration phase, derive auxiliary data.Identifying and registration phase that auxiliary data guarantees only to derive unique character string from individual's biometrics.Because auxiliary data is stored in the database, so think that it is disclosed.In order to prevent personation, from biometrics, derive the reference data that statistics is independent of auxiliary data and is used for validation phase.For the secret of conservative reference data, reference data is with the form storage of hash.By this way, personation becomes infeasible on calculating.
The problem that disclosed helper data scheme still exists is, produces the reference data that has sufficient length and have low false rejection rate (FRR) simultaneously and remains in query.A failure that is not enough low FRR causes identifying the individual will take place with unacceptable two-forty, even the individual in fact is authorized to.FRR is promoting that biometric system is unusual important parameters aspect being accepted.Another important parameters is false acceptance rate (FAR), and its value also should be low.FAR is meant not to be that two different biometric templates that derive from identical individual are counted as measuring of the mutual probability that mates.Because low FRR can produce high FAR, vice versa, therefore should obtain trading off between these two parameters.Be the copy (copy) of reference data hash about another problem of above-mentioned helper data scheme but must be public use, if this means that then scheme is unsafe if hash function is reversible or hash function can not be resisted attack.
Summary of the invention
One object of the present invention is to provide a kind of system that is used for biometric identification/evaluation, and this system can provide maintaining secrecy to personal identification in the low false rejection rate (FRR) and low false acceptance rate (FAR) of realizing biometric system.
This purpose is verified the method for personal identification and is used a kind of biometric data that is associated with the individual according to claim 23 to verify that the system of personal identification realizes by using a kind of biometric data that is associated with the individual according to claim 1, wherein, this method and this system provide maintaining secrecy of described biometric data.
According to a first aspect of the invention, provide a kind of method, this method may further comprise the steps: derive a plurality of sets of biometric data that are associated with the individual, each sets of biometric data comprises a plurality of characteristic components; Quantize the characteristic component of each sets of biometric data of derivation, generate the sets of biometric data that has quantized of respective numbers thus, this data set comprises a plurality of characteristic components that quantized; Determine the reliable characteristic component that has quantized by analyzing the noise robustness criterion, this criterion means that the difference of the characteristic component value on the same position of each sets of biometric data that has quantized should be in the preset range of thinking the reliable component; And, from least one subclass of the described characteristic component that has quantized reliably, generating the first auxiliary data collection, this auxiliary data collection is used in the checking of personal identification; Wherein the processing of individual biometric data the individual trust safely, carry out in the environment that prevents to distort.
According to a second aspect of the invention, a kind of system is provided, this system comprises: device, be used to derive a plurality of sets of biometric data that are associated with the individual, each sets of biometric data comprises a plurality of characteristic components, and be used to quantize the characteristic component of each sets of biometric data of being derived, generate the sets of biometric data that has quantized of respective numbers thus, this data set comprises a plurality of characteristic components that quantized; Device, be used for determining the reliable characteristic component that has quantized by analyzing the noise robustness criterion, this criterion means that the difference of the characteristic component value on the same position of each sets of biometric data that has quantized should be in the preset range of thinking the reliable component, and, be used for generating the first auxiliary data collection from least one subclass of the described characteristic component that has quantized reliably, this auxiliary data collection is used in the checking of personal identification; Wherein said system be arranged in case the processing of individual biometric data the individual trust safely, carry out in the environment that prevents to distort.
Basic thought of the present invention is, the individual that authorized of refusal mistakenly not, when promptly reaching gratifying low FRR, provides maintaining secrecy of individual biometric template.At first, derive m the sets of biometric data X that is associated with the individual at registration phase FPThese sets of biometric data derive from the physical features such as individuals such as individual's fingerprint, iris, face, sound.Each sets of biometric data X FPRepresent that with a characteristic vector this vector comprises k characteristic component.For specific individual, carry out m time of individual physical features and measure, obtain the sets of biometric data X of respective numbers FP1, X FP2..., X FPmAnd the characteristic vector of respective numbers.Quantized feature components produces the feature vector, X that has quantized thus 1, X 2..., X m(also comprising k component).
Then, choose reliable component by the noise robustness of testing the characteristic component that has quantized.If for m different measuring of unique individual's biometric data, the difference that has the characteristic component value that has quantized on the same position in the characteristic vector that each has quantized is in preset range, the characteristic component that has quantized so is defined as reliably.Therefore, if it is sufficiently approaching between mutually to have the value of the characteristic component that has quantized of relevant position in the characteristic vector that has quantized, the characteristic component that has quantized so (and characteristic component of those measurements that are associated) is thought reliably.Each component that has quantized has the resolution of n bit.
In the system, the value of m is big more, and the level of security of expression is high more, and the characteristic component of promptly a large amount of measurements must similarly just can be counted as reliably to sufficiently high degree, and the quantity i of everyone characteristic component that has quantized reliably is different.The characteristic component that i has quantized reliably forms a set, therefrom characteristic component subclass that has quantized reliably of picked at random at least.This subclass comprises j component reliably.The first secondary data set W1 is produced by the subclass of the component that has quantized reliably that this is chosen, and comprises j component.Then, the first auxiliary data collection W1 is got up by centralized stores.The maximum quantity that can be used for producing the characteristic component that has quantized reliably of auxiliary data W1 obtains when j=i.Next auxiliary data W1 is used in the Qualify Phase of checking personal identification.
Notice individual biometric data, the processing of perhaps relevant security sensitive data with biometric data, must the individual trust safely, finish under the environment that prevents to distort, could make that so individual biometric data is not revealed.In addition, as previously mentioned, under the situation that will identify the individual, identity data is provided for system together with the biometric template that is provided, so that the biometric template that interrelates with identity data that system finds storage.The individual with situation about being identified under, spendable all templates of biometric template that provides and storage compare to find coupling, therefore, do not need to provide identity data.
The present invention is useful, and this is attributable to a lot of reasons.At first, to the security sensitive information processing the individual trusted safely, carry out in the environment that prevents to distort.Use in conjunction with helper data scheme, this processing can set up wherein biometric template only in security context with the effective biometric system of electronic form, this security context has the form appearance that prevents to distort user's set of biometric sensor usually with use, as has equipped the smart card of transducer.In addition, under security context, the electronics copy of biometric template can not be forever effective, but only when the individual when transducer provides her template, the electronics copy is just effectively.The second, FRR can adjust by changing quantization resolution n.Resolution n is low more, and FRR is low more.The low resolution of the characteristic component that has quantized has following effect, that is, should be reliably although still consider the characteristic component that obtains,, in measuring, characteristic component allows to exist relatively large noise.Must make compromise when determining quantization resolution.When wanting to obtain low FRR, should understand clearly that too low resolution will cause following influence, promptly when quantizing to belong to different individuals' sets of biometric data,, but still be quantized into identical value though set is different.This causes FAR to become higher.The 3rd, by the quantity k selection of the component in the characteristic vector is bigger, can produce sufficiently long auxiliary data W1.
According to embodiments of the invention, for each characteristic component is determined mean value.The mean value of each component is determined by the mean value that calculates the measured features component that has same position in each characteristic vector.Everyone each measured characteristic component of (perhaps most people) at least of registering from system calculates the mean value of each characteristic component.In addition, in system, register everyone, the mean value of each component will be identical.Deduct corresponding fixed mean value from each characteristic component of individual, the result who subtracts each other is quantified as the resolution of n bit.
According to another embodiment of the invention, the first auxiliary data collection W1 is set to comprise j component, wherein each component of concentrating in first auxiliary data is composed a value, and this value equals each position of the characteristic component that has quantized reliably in the sets of biometric data X that has quantized.Advantageously, generated auxiliary data collection W1, disposed this auxiliary data collection W1 and make, do not revealed about the information of biometric data by the research auxiliary data.
According to still another embodiment of the invention, generation comprises the data set X ' of the selected characteristic component that has quantized reliably, and generation secret value S, secret value coding is had code word C with data set X ' equal length with generation, and this data set X ' comprises the selected characteristic component that has quantized reliably.In addition, the second auxiliary data collection W2 is by producing in conjunction with code word and the data set that comprises the selected characteristic component that has quantized reliably, and this combination is finished by using associative function such as XOR function.Should be understood that other suitable associative function is replacedly used.If X ' for example comprises j component, wherein each component value then can use with 7 associative functions as the modular arithmetic form in 0 to 6 scope.Then, generate the second auxiliary data collection W2, as W2=X '+Cmod 7 (calculating) for each component.Preferably, (a, b), this function is reversible for each b to use function K.For example, K (a, b)=d=a+b is such function because for b arbitrarily, exist inverse function K (d, b)=d-b=a.
Secret value S is hidden into F (S) with cipher mode, and with W2 by centralized stores.Secret value preferably uses one-way hash function to hide in the mode of encrypting, but any other suitable encryption function also can use, as long as secret value is hidden in one way, make that its plain text copy of hiding from cipher mode of copy generation is infeasible calculating.For example, can use a kind of one-way hash function, hidden door hash function that has key, asymmetrical encryption function or even symmetrical encryption function.It all have advantage, are that secret value is generally produced by individual's biometric data because in the prior art.Need this secret value at Qualify Phase, but individual biometric data can not revealed from secret data.
According to a further embodiment of the invention, derive the biometric data checking collection Y that is associated with the individual FPEach set comprises k characteristic component, and these characteristic components are quantized into the biometric data that has quantized the checking collection Y that comprises k characteristic component that has quantized.By allowing the first auxiliary data collection W1 indicate reliable component, component is concentrated from the biometric data checking that has quantized and is selected reliably.Thereby, produce the characteristic component that has quantized the reliably checking collection Y ' that chooses.
According to further embodiment of the present invention,, produce the second code word Z by the second auxiliary data collection W2 and the selected characteristic component checking collection Y ' that has quantized are reliably carried out XOR.Then, to second code word Z decoding, generate the secret S that rebuilds thus rThe secret value S that rebuilds rF comes enciphering hiding by the application encipher hash function, relatively the secret value F (S of the reconstruction of enciphering hiding r) detect consistency with the secret value F (S) of enciphering hiding, if wherein consistency exists, then Ge Ren identity is verified.As mentioned above, when handling the second auxiliary data collection W2, can use other associative function different with the XOR function.If use with 7 computings as mould and produce the second auxiliary data collection W2, then the second code word Z will calculate according to Z=W2-Y ' mod 7.
System has some random elements in process of production, and the system that makes is unique to the response of specific input, and this can learn from prior art, and often be called as physics can not cloning function (PUF).From the viewpoint of signal processing, biometric data can be regarded the PUF as the people as.In whole the application, word " individual physical features " (perhaps similar speech) can be alternatively replaces with word " physics can not cloning function ", and wherein the data that derive from physical features just in time also can be the data from the PUF derivation.
In yet another embodiment of the present invention, for the feature vector, X that has quantized 1, X 2..., X m, select the characteristic component that has quantized reliably by utilizing signal to noise ratio (S/N) information.The feature vector, X that is quantizing 1, X 2... X mI select component reliably in the component with sufficiently high signal to noise ratio.Like this, select relevant-promptly reliable-during component, can take into account noise (perhaps class internal variance), the subclass j that generates the selected reliable component of the first auxiliary data collection W1 is picked at random from whole reliable component collection i no longer.
As previously mentioned, can come to determine mean value by the mean value that calculates the measured features component (all registrations all users are measured) that in each characteristic vector, has same position for each characteristic component.Deduct corresponding fixed mean value from each characteristic component of individual, the result who subtracts each other is quantized into the resolution of n bit.
The biometric template of having found some people can be considered to more reliable than other people's biometric template.When the feature vector, X of considering to be used for having quantized 1, X 2..., X mDuring the S/N information of (with therefore being used for biometric template indirectly), performance will improve.
Being calculated as follows of signal to noise ratio.Use X P, qRepresent q characteristic vector that has quantized, this characteristic vector derives from p people's biometric template at registration phase.This characteristic vector comprises k the real-valued component that has quantized, and wherein each component that has quantized has the resolution of n bit.(X P, q) tRepresent vectorial X P, qT component.At registration phase, f people's registration, everyone uses m template to measure registration.At first calculate the averaged feature vector μ that is used for everyone p, as follows:
μ → p = 1 m Σ q = 1 m X → p , q ·
Then, calculate the averaged feature vector μ that is used for a guy of institute:
μ → = 1 f Σ p = 1 f μ → p ·
Signal to noise ratio vector ξ is a vector (comprising k component), its t component, and note is made (ξ) t, press following formula and derive:
( ξ → ) 1 = ( σ → ) 1 ( ν → ) 1 ·
The signal variance of each component is represented with vectorial σ, is calculated as follows:
( σ → ) 1 = 1 f Σ p = 1 f ( ( μ → p ) 1 - ( μ → ) 1 ) 2 .
V is the vector of the noise variance of each component of expression, derives according to following formula:
( ν → ) 1 = 1 fm Σ p = 1 f Σ q = 1 m ( ( X → p , q ) 1 - ( μ → ) 1 ) 2 .
In the reliable component scheme, everyone has the reliable component of some, and the quantity of this reliable component is different for everyone.Preferably, select fixed qty i to think reliable component for everyone, the reliable quantized components generation of the first auxiliary data collection W1 (comprising j component) from choosing, as mentioned above.Hereinbefore, select this subclass i of the reliable characteristic component that has quantized randomly.But in this specific embodiment, the selection of reliable component is by selecting j to have the highest corresponding snr value (ξ) tReliable component finish.
In according to another embodiment of the invention, by code word C piecemeal is improved performance.As previously mentioned, generation comprises the data set X ' of selected j characteristic component that has quantized reliably, and generation secret value S, and this secret value S is encoded and has the code word C of the length identical with data set X ' with generation, and this data set comprises the selected characteristic component that has quantized reliably.
The secret S that is associated with biometrics uses error correcting code (ECC) to encode at registration phase.Auxiliary data W2 is by producing data set X ' and code word C application associative function (for example XOR function).Error correcting code can be expressed as that (T)-ECC, wherein N represents word length for N, K, and K is a message length, and T is an error correcting capability.For the ECC of specific word length N, exist compromise between K and the T.For example, when considering that length is 512 BCH code, it is possible only K and T being got particular value.For example, two possible BCH code be (N, K, T)=(511,49,93) and (N, K, T)=(511,40,95).Must select error correcting capability T, make to reach optimum false acceptance rate (FAR) and false rejection rate (FRR).Correct more wrong (for example, 95 replacements 93) and will cause shorter message length (40 replace 49 bits), also cause lower FRR and high slightly FAR, that is, the length of the secret S that will encode can reach 40 bits.When more mistake is repaired, in the measurement of single biometric template (being same individual's template), can allow more noise.On the other hand, because more noise is repaired, the measurement of the template different with enrollment has bigger chance as correct and be accepted.Ideally, may reach minimum FAR and FRR, general objectives is the accurate number of errors that causes the FRR=FAR state.In this, reached error rate (EER) such as so-called.Therefore, the optimal value of bit value (T) obtains when FRR=FAR.
For example supposing that in 511 bits 85 are repaired reaches EER since optimal in the case coding be (N=511, K=76, T=85)-BCH code, so this scheme is necessary for the message length (under the situation of using BCH code) of 76 bits.But if the mistake among the selected reliable quantized feature components checking collection Y ' especially noted earlier is uniformly distributed among the set Y ' more or less, this can be modified.If T mistake is repaired to reach EER among the second code word Z that rebuilds, it is favourable then code word C (and ensuing X ' and Y ') being divided into B piece, and wherein T/B mistake must be repaired in each piece.
More the encoding and decoding of short code are more effective on computing time.Each all comprises two code sets of N/2 bit, and (that is, encoding and decoding B=2) are generally more efficient than the encoding and decoding of a code that comprises N bit.In addition, code word C being divided into subset of code words allows better coding parameter to be finely tuned.For example, there is not the just in time BCH code of 511 bits of 80 mistakes of correction.But the performance of this expectation can reach basically by using code division, so that use two 255 bit BCH code, each 255 bit BCH code is corrected 42 mistakes.Usually, when being two littler isometric code words,, must correct the bit of Duoing than 0.5 times described amount of bits as than the quantity of using single code word to correct to a codeword division.Codeword division is particularly useful in the low-power device as smart card.
The more feature and advantage of the present invention will be when research claims and following explanation and become apparent.Those skilled in the art can find that different characteristic of the present invention can be combined and obtain the embodiment all inequality with following described each embodiment.And, one of skill in the art will appreciate that and also can use other scheme different with above-mentioned helper data scheme.
Description of drawings
Describe the preferred embodiment of the invention below with reference to the accompanying drawings in detail, wherein:
Fig. 1 shows the prior art systems of using the biometric data that is associated with the individual to verify personal identification (i.e. Ge Ren evaluation/identification); And
Fig. 2 shows according to embodiments of the invention, uses the biometric data that is associated with the individual to verify the system of personal identification.
Embodiment
Fig. 1 shows the prior art systems of using the biometric data that is associated with the individual to verify personal identification (i.e. Ge Ren evaluation/identification).This system comprises the user's set 101 of arranging to have transducer 102, and this transducer is used for deriving the first biometric template X from the structure of individual's specific physical feature 103 (being iris in the case).When checking, user's set adopts helper data scheme (HDS), and log-on data S and auxiliary data W are derived by first biometric template.User's set must be safe, prevent to distort, and therefore by users to trust, making to provide maintaining secrecy to individual biometric data.Auxiliary data W generally calculates on user's set 101, makes that (X, W), wherein G is the δ contracting function to S=G.Therefore, owing to W calculates from template X and log-on data S, so G () allows contrary W=G -1(X, calculating S).Further by J.P.Linnartz and P.Tuyls, AVBPA 2003 at " New Shielding functions to prevent misuseand enhance privacy of biometric templates " for this specified scheme, describe among the LNCS 2688.
In system, registration body 104 comes the initial registration individual by the hash log-on data F (S) and the auxiliary data W that receive from user's set 101 are stored in central storage means 105, and next this log-on data is used by validator 106.Log-on data S is secret (to avoid identity to reveal attack by analyzing S), and as previously mentioned, derives from the first biometric template X on user's set 101.When checking, the second biometric template Y offers validator 106 by individual 103 by transducer 107, and this template is generally the copy of the noise pollution of the first biometric template X.Validator 106 produces secret verification msg (S ') based on the second sets of biometric data Y and the auxiliary data W that receives from central memory 105.The individual is identified or discerned to validator 106 by hash log-on data F (S) that fetches from central memory 105 and the Hash verification data F (S ') that produces at encrypting module 108.By (Y W) calculates verification msg S ', so that noise robustness to be provided according to S '=G on validator.Then, use hash function to generate the data F (S ') of encrypted blinded.Even showing in Fig. 1, realizes encrypting module 108 as separation module, but it generally is included in the transducer 107, usually as safety, prevent to distort in the validator 106 of environment, carry out this encrypting module and stop validator to obtain verification msg S '.δ contracting function characteristics are that its allow to select the desired value of auxiliary data W, if make the second sets of biometric data Y enough near the first sets of biometric data X, and F (s ')=F (S) so.Therefore, if matching module 109 thinks that F (S ') equals F (S), then is proved to be successful.
Under actual conditions, registration body can combine with validator, but they also can separate.For example, use if biometric system is applied to bank, all bigger departments all allow to register new individual and enter system in the bank so, and distributed like this registration body has just produced.If after registration, the individual wants to recall fund as identifying from this department with her biometric data, and then the role of validator will play the part of in this department.On the other hand, if the user pays the bill in convenience store as identifying with its biometric data, the role of validator also will play the part of in convenience store, but to serve as registration body be very impossible in convenience store.Based on this understanding, we will use registration body and validator as unrestriced abstract roles.
See that as top the individual has the access right to the device with biometric sensor and computing capability.In practice, this device can comprise the fingerprint sensor that is integrated in the smart card, perhaps is used for the camera of iris or recognition of face in mobile phone or PDA.Suppose that the individual has obtained this device (for example, bank, national structure, government) from the mechanism that trusts, and therefore she trusts this device.
Fig. 2 shows according to embodiments of the invention, uses the biometric data that is associated with the individual to verify the system of personal identification.Beginning is at registration phase, with individual 203 m that are associated a sets of biometric data X FPSensor unit 202 by user's set or registration body 201 obtains.User's set generally comprises microprocessor (do not have show) or is used for carrying out some programmable devices by the described function of disparate modules of Fig. 2.This microprocessor is carried out suitable software and is finished these functions, and this software is stored in the memory, as RAM or ROM, perhaps is stored in the storage medium, as CD or floppy disk.Each sets of biometric data X FPRepresent that with a characteristic vector this characteristic vector comprises k characteristic component.For specific individual, individual physical features is carried out m time measure, obtain the sets of biometric data X of respective numbers FP1, X FP2..., X FPm, and the characteristic vector that obtains respective numbers thus.Suppose m=3, k=5, derive following schematically vector (in practice, m, particularly k will be sizable):
X FP1=[1.1,2.1,0.5,1.7,1.2];
X FP2=[1.1,2.2,0.6,1.6,1.2];
X FP3=[1.2,2.2,0.6,1.8,1.1].
Quantized components generates the feature vector, X that has quantized thus then 1, X 2..., X m(also comprising k component).Each characteristic component is determined mean value.The mean value of each component is based on the characteristic component that belongs in a guy's of institute of this system registry measurement, and the mean value of the characteristic component by calculating the measurement that has same position in each characteristic vector is determined.Therefore in this embodiment, based on all registration individuals' measurement, average value vector is:
X AV=[1.1,2.2,0.6,1.6,1.2]
Deduct the corresponding mean value of determining from each characteristic component of individual, the result who subtracts each other is quantized into the resolution of n bit.Then, if use the resolution (n=1) of 1 bit, if subtract each other the result be one greater than 0 value, the characteristic component that has quantized that obtains so is by assignment 1.Correspondingly, be equal to or less than 0 value if subtract each other the result, the characteristic component that has quantized that obtains so is assigned 0.Should be noted that and to use higher quantified precision, as what person of skill in the art will appreciate that.Therefore, the average value vector X that provides above of use AV, the result of quantification will be:
X 1=[0,0,0,1,0];
X 2=[0,0,0,0,0];
X 3=[1,0,0,1,0].
Then, choose reliable component by the noise robustness of in robustness test module 204, testing the characteristic component that has quantized.If, measurement for m time of the unique individual different biometric data, the difference of the characteristic component value that has quantized on the same position in each characteristic vector that has quantized is in predetermined scope, and the characteristic component that has quantized so is defined as reliably.Therefore, if mutually enough approaching of the characteristic component value that has quantized on the relevant position in the characteristic vector that has quantized, then the characteristic component of Liang Huaing (and characteristic component of the measurement that is associated thus) is thought reliably.For the quantified precision of 1 bit, the characteristic component that has quantized on the same position in the characteristic vector that each has quantized must be all identical to think reliably.Other reliability measurement can be used as to substitute and uses.For the quantified precision of 1 bit, if for example the component (5 select 4) of the specific quantity of selecting in the whole components on the same position characteristic vector has identical value, then can be defined as be reliable to one-component.In above-mentioned example, three bits (i=3) are thought reliably.
Quantity i characteristic component that has quantized reliably formed a set, the therefrom subclass of at least one characteristic component that has quantized reliably of picked at random.This subclass comprises j reliable quantized components.Replacedly, choose j component, as described above with highest signal to noise ratio.In this example, suppose j=2, be chosen at the component on position 2 and 5.The first auxiliary data collection W1 is produced by the index of the reliable quantized components of choosing, promptly the first auxiliary data collection W1 is configured to comprise j component, wherein each component of concentrating in first auxiliary data is composed a value, and this value equals each position of the characteristic component that has reliably quantized in the sets of biometric data X that has quantized.Therefore, auxiliary data W1 comprises reliably the vector of the location index of quantized components, and this component is a picked at random:
W1=[2,5]
And be stored in the central memory 205.Can obtain the maximum number of the reliable characteristic component that has quantized when j=i, this characteristic component can be used for producing auxiliary data W1.Afterwards, by using the first auxiliary data collection W1 from any one feature vector, X that has quantized 1, X 2..., X mThe reliable component of middle selection, the vectorial X ' of selected reliable component produces in module 206, and therefore the vectorial X ' of this reliable component comprises j the selected component that has quantized reliably:
X′=[0,0]
Unique secret value S is associated with everyone biometric data.This secret value can for example produce by random number generator (RNG), perhaps in fact produces by Pseudo-random number generator (PRNG) 207.In order to provide noise robustness at Qualify Phase, secret value S is encoded into the code word C that length is j by cell encoder 208, makes that this code word can be on 216 and X ' XOR mutually.The result of this XOR is the second auxiliary data collection W2, this auxiliary data collection also with centralized stores of hashed value F (S) of the secret value S that produces at encrypting module 209.Code word C is defined as the code word of error correction coding.By implementing encoding operation, the secret S of Xuan Zeing is mapped to code word C at random.Can use the suitable error correcting code of any kind, for example Hamming code or BCH code (RS code).In an embodiment of the present invention, as described previously, code word C can be divided into B subclass.Thus, X ' also must be divided into an equal number B subclass.If code word C is divided into B the subclass that comprises different bit numbers, X ' also will be divided into B subclass with same number of bits so, makes that the data set of (for example C and X ') XOR comprises identical bit number mutually.
At Qualify Phase, the individual provides biometric data checking collection Y to the validator 210 that comprises sensor unit 211 FP, this checking collection Y FPWill with biometric data X FPBe quantized identical mode in registration process and quantize, promptly pass through from Y FPIn deduct definite mean value in each component of comprising, wherein produce the vectorial Y of the biometric data that has quantized that comprises k component.The biometric data that has quantized that Qualify Phase provides generally not can with the data X that has quantized that provides at registration phase 1, X 2... X mIdentical, even use identical physical characteristic, Ge Ren iris for example.This is because when the Measuring Object characteristic, always has random noise in measurement, so, analog feature is converted into the result of the quantizing process of numerical data, be different for the different measuring of same physical.For example, suppose that the checking collection is:
Y FP=[1.2,2.2,0.5,1.8,1.1].
Deduct X AVAfter, the verification vectors that has quantized becomes thus,
Y=[1,0,0,1,0].
From central memory 205, extract the first auxiliary data collection W1, and this first auxiliary data collection W1 is used in and selects in the module 212 with from choose reliable component among the characteristic vector Y that has quantized, wherein produce the vectorial Y ' of another reliable component of choosing, this vector comprises j component.This can realize that it is counted as reliably by this fact of index that auxiliary data W1 comprises component in registration phase.Therefore, use these index to indicate authentic data in the verification vectors Y that has quantized, wherein auxiliary data indication components number is 2 and 5.As a result of:
Y′=[0,0].
From central memory, take out the second auxiliary data collection W2, and in 217 with Y ' XOR.This produces the second code word Z.Usually, if when using fingerprint identical when registering or PUF in checking, then Y ' will be very similar with X '.Therefore, the second code word Z will equal the first code word C, and owing to there are some error in class internal variance (difference between the measuring several times of identical fingerprints or PUF) and noise, that is, the second code word Z can regard the copy that contains noise of the first code word C as.Code word Z passes through to use suitable error correction decode, the secret S that this obtains rebuilding in decoder module 213 rIn encrypting module 214, produce the secret S that rebuilds rHash copy F (S r), the hash copy F (S) with the secret value S of centralized stores in matching module 215 relatively detects consistency.If they are equal to, being proved to be successful of personal identification then, thereby biometric system can work, for example give the individual access right to secure buildings.Because the second auxiliary data collection W2 (it is based on code word C) produces Z with Y ' XOR, therefore, if code word C is divided into B subclass, then Y ' also must be divided into an equal number B subclass.
Attention can produce different secret value for identical biometric template, next handles according to previously described mode.For example, the individual can register oneself in different company/mechanisms.When generating different helper data vectors, the vector of the reliable component of choosing of respective number will be produced.Therefore, the different secret value of encryption will with the different vectorial XOR of the reliable component of selecting.Thereby for the secret value of the given number that is produced, with the different auxiliary datas that produce respective number to (W1, W2).This scheme is for example suitable especially when the individual uses identical physical features (perhaps PUF) in two different validators.Though use identical biometric template, but two independently secret value can be associated with identical biometrics, make a validator not need and the relevant any information of secret value of use in other validators (relevant with identical biometrics).This has also stoped individual cross-matched, and for example, wherein, it can stop validator by their database of comparison, and the data that are associated with particular organisms statistics collection that are exposed to thus in the database also also are prevented from other database.Replacedly, also can produce identical secret value, next handle according to above-described mode for the different biometric template biometric template of different relating to persons (promptly with).When generating different helper data vectors, the vector of the reliable component of choosing of respective numbers will be produced.Therefore, everyone will carry out XOR with the different vectors of the reliable component of choosing at the secret value of encryption.If this replaceable scheme may be more suitable for two or more people when using identical secret value, for example in bank, share account's situation at man and wife.Bank can use relevant they account's of single secret key encryption information, and this key is derived by two people's of man and wife biometric data.Therefore, the auxiliary data that is associated with wife's biometric data can be chosen according to certain mode, and the secret that obtains is equal to the secret that is associated with husband's biometric data.
Although the present invention describes with reference to wherein special specific embodiment, a lot of different changes, change or the like all are conspicuous to those skilled in the art.Therefore described embodiment does not limit the invention scope of justice to limit to claims.

Claims (45)

1, a kind of this method provides maintaining secrecy of described biometric data by using the method for the biometric data checking personal identification that is associated with the individual, and this method comprises the steps:
Derive a plurality of (m) sets of biometric data (X that is associated with the individual FP), each sets of biometric data comprises a plurality of (k) characteristic component;
Quantize the characteristic component of each sets of biometric data of derivation, generate the sets of biometric data that has quantized (X) of respective numbers (m) thus, this data set comprises the characteristic component that a plurality of (k) have quantized;
Determine the reliable characteristic component that has quantized by analyzing the noise robustness criterion, this criterion means that the difference of the characteristic component value on the same position of each sets of biometric data that has quantized should be in the preset range of thinking the reliable component; And, from least one subclass (j) of the described characteristic component that has quantized reliably, generating the first auxiliary data collection (W1), this auxiliary data collection is used in the checking of personal identification; Wherein
The processing of individual's biometric data the individual trust safely, carry out in the environment that prevents to distort.
2, method according to claim 1 further comprises the steps:
By calculating the mean value that has the characteristic component of same position in each sets of biometric data (X), for each characteristic component is determined mean value, this biometric data is associated with a plurality of individuals; And
Before carrying out quantification, from corresponding characteristic component, deduct the mean value of fixed characteristic component.
3, method according to claim 1 and 2, the step of wherein determining the characteristic component that quantized reliably further is included as the sets of biometric data (X) that has quantized and derives signal to noise ratio information and determine that the characteristic component which has quantized reliably should be included in the described subclass (j), so that generate the first auxiliary data collection (W1).
4, method according to claim 3 is wherein chosen to have and is thought the characteristic component that has quantized reliably of sufficiently high signal to noise ratio, it being included in the described subclass (j), thereby generates the first auxiliary data collection (W1).
5, according to claim 3 or 4 described methods, wherein signal to noise ratio information is based on the statistical computation of the sets of biometric data (X) that has quantized.
6, method according to claim 5, wherein said statistical computation are based on the signal in the characteristic component that has quantized and the variance of noise.
7, according to aforementioned any described method of claim, wherein the first auxiliary data collection (W1) is set to comprise a plurality of (j) component, wherein be each component assignment that first auxiliary data is concentrated, the position of each characteristic component that has quantized reliably in the sets of biometric data that this value equals to have quantized (X).
8, according to aforementioned any described method of claim, further comprise the steps:
Generation comprises the data set (X ') of the selected characteristic component that has quantized reliably;
Produce the secret value (S) and the secret value of encoding with generated codeword (C), this code word has and data set (X ') equal lengths that comprises the selected characteristic component that has quantized reliably;
By generating the second auxiliary data collection (W2) in conjunction with code word (C) and the data set (X ') that comprises the selected characteristic component that has quantized reliably; And
Hide secret value (S) with cipher mode.
9, method according to claim 8, wherein secret value (S) is used the error correcting code coding.
10, method according to claim 9, wherein secret value (S) is used the BCH code coding.
11, according to aforementioned any described method of claim, the sets of biometric data (X) of wherein using the Gray code coding to quantize.
12, according to Claim 8 any described method-11, the data set (X ') that wherein comprises the selected characteristic component that has quantized reliably uses the Gray code coding.
13,, further comprise the steps: to derive the biometric data checking collection (Y that is associated with the individual according to aforementioned any described method of claim FP), this biometric data checking collection (Y FP) comprise a plurality of (k) characteristic component; And quantizing the biometric data checking collection (Y) of checking characteristic component for having quantized, this biometric data checking collection (Y) comprises the characteristic component that a plurality of (k) have quantized.
14, method according to claim 13, further comprise the steps: in the biometric data checking collection (Y) that has quantized, to select reliable component, this reliable component is indicated by the first auxiliary data collection (W1), wherein generates the checking collection (Y ') of the selected characteristic component that has quantized reliably.
15, method according to claim 14 further comprises the steps: the checking collection (Y ') of first code word (C), the data set (X ') that comprises the selected characteristic component that has quantized reliably and the selected characteristic component that has quantized reliably is divided at least two data subclass respectively.
16, according to claim 14 or 15 described methods, further comprise the steps:
Checking collection (Y ') by in conjunction with the second auxiliary data collection (W2) and the selected characteristic component that has quantized reliably generates second code word (Z); And
Second code word of decoding (Z) generates the secret value (S that rebuilds thus r).
17, method according to claim 16 further comprises the steps:
Hide the secret value (S that rebuilds in the mode of encrypting r);
Secret value (F (the S that compares the reconstruction of hiding in the mode of encrypting r)) detect consistency with the secret value of hiding in the mode of encrypting (F (S)), if wherein there is consistency, then personal identification is verified.
18, according to Claim 8 any described method-17, wherein said combination is finished by carrying out XOR.
19, according to Claim 8 any described method further comprises the steps:-18
From described at least one subclass (j) of the described characteristic component that has quantized reliably, generate other auxiliary data collection, this data set is used for personal verification, and generate the other corresponding data collection comprise the selected characteristic component that has quantized reliably, and
Generate other secret value, this secret value utilization comprises that the other data set of the selected characteristic component that has quantized reliably handles.
20, method according to claim 19, wherein different auxiliary data collection are stored in the different storage devices.
21, according to Claim 8 any described method-18 further is included as the step that different individuals generate same secret value (S).
22,, further comprise the first auxiliary data collection (W1), the second auxiliary data collection (W2) and the step that is stored in central memory (205) with the secret value (F (S)) that the mode of encrypting is hidden according to aforementioned any described method of claim.
23, a kind of this system provides maintaining secrecy of described biometric data by using the biometric data that is associated with the individual to verify the system of personal identification, and this system comprises:
Device (202,211) is used to derive a plurality of (m) sets of biometric data (X that is associated with the individual FP), each sets of biometric data comprises a plurality of (k) characteristic component, and be used to quantize the characteristic component of each sets of biometric data of being derived, generate the sets of biometric data that has quantized (X) of respective numbers (m) thus, this data set comprises the characteristic component that a plurality of (k) have quantized;
Device (204), be used for determining the reliable characteristic component that has quantized that this criterion means that the difference of the characteristic component value on the same position of each sets of biometric data that has quantized should be in the preset range of thinking the reliable component by analyzing the noise robustness criterion; And, being used for generating the first auxiliary data collection (W1) from least one subclass (j) of the described characteristic component that has quantized reliably, this auxiliary data collection is used in the checking of personal identification; Wherein
Described system be arranged in case the processing of individual biometric data the individual trust safely, carry out in the environment that prevents to distort.
24, method according to claim 23, wherein let-off gear(stand) (202,211) further be arranged the mean value in each sets of biometric data (X), have the characteristic component of same position by calculating, for each characteristic component is determined mean value, this biometric data is associated with a plurality of individuals; And the mean value that before carrying out quantification, from corresponding characteristic component, deducts fixed characteristic component.
25, according to claim 23 or 24 described systems, the device (204) that wherein is used for definite characteristic component that has quantized reliably further is arranged to sets of biometric data (X) the derivation signal to noise ratio information that has quantized and determines that the characteristic component which has quantized reliably should be included in described subclass (j), so that generate the first auxiliary data collection (W1).
26, system according to claim 25, the device (204) that wherein is used for determining the characteristic component that quantized reliably further is arranged to think the characteristic component that has quantized reliably of sufficiently high signal to noise ratio to choose to have, it being included in the described subclass (j), thereby generate the first auxiliary data collection (W1).
27, according to claim 25 or 26 described systems, wherein signal to noise ratio information is based on the statistical computation of the sets of biometric data (X) that has quantized.
28, system according to claim 27, wherein said statistical computation is based on the signal in the characteristic component that has quantized and the variance of noise.
29, according to any described system among the claim 23-28, determine that wherein device (204) is arranged so that the first auxiliary data collection (W1) to be set, make it comprise a plurality of (j) component, wherein be each component assignment that first auxiliary data is concentrated, the position of each characteristic component that has quantized reliably in the sets of biometric data that this value equals to have quantized (X).
30, according to any described system among the claim 23-29, further comprise:
Device (206) is used to generate the data set (X ') that comprises the selected characteristic component that has quantized reliably;
Device (207) is used to produce secret value (S);
Device (208), the secret value that is used to encode are with generated codeword (C), and this code word has and data set (X ') equal lengths that comprises the selected characteristic component that has quantized reliably;
Device (216) is used for by in conjunction with code word (C) with comprise data set (X ') the generation second auxiliary data collection (W2) of the selected characteristic component that has quantized reliably; And
Device (209) is used for hiding secret value (S) with cipher mode.
31, system according to claim 30, the device (208) of secret value (S) that wherein be used to encode is arranged to and uses error correcting code to finish coding.
32, system according to claim 31, the device (208) of secret value (S) that wherein be used to encode is arranged to and uses BCH code to finish coding.
33, according to any described system among the claim 23-32, the device (206) that wherein is used to generate the data set (X ') that comprises the selected characteristic component that has quantized reliably further is arranged to the sets of biometric data (X) of using the Gray code coding to quantize.
34, according to any described system among the claim 23-33, the device (206) that wherein is used to generate the data set (X ') that comprises the selected characteristic component that has quantized reliably further is arranged to the data set (X ') that uses the Gray code coding to comprise the selected characteristic component that has quantized reliably.
35, according to any described system among the claim 23-34, further comprise device (211), be used to derive the biometric data checking collection (Y that is associated with the individual FP), this biometric data checking collection (Y FP) comprise a plurality of (k) characteristic component; And quantizing the biometric data checking collection (Y) of checking characteristic component for having quantized, this biometric data checking collection (Y) comprises the characteristic component that a plurality of (k) have quantized.
36, system according to claim 35, further comprise device (212), be used for selecting reliable component at the biometric data checking collection (Y) that has quantized, this reliable component is indicated by the first auxiliary data collection (W1), wherein generates the checking collection (Y ') of the selected characteristic component that has quantized reliably.
37, system according to claim 36, further comprise device (208,206,212), be used for the checking collection (Y ') of first code word (C), the data set (X ') that comprises the selected characteristic component that has quantized reliably and the selected characteristic component that has quantized reliably is divided at least two data subclass respectively.
38, according to claim 36 or 37 described systems, further comprise:
Device (217) is used for generating second code word (Z) by the checking collection (Y ') in conjunction with the second auxiliary data collection (W2) and the selected characteristic component that has quantized reliably; And
Device (213), second code word (Z) that is used to decode generates the secret value (S that rebuilds thus r).
39, according to the system of claim 38, further comprise:
Device (214) is used for hiding the secret value (S that rebuilds in the mode of encrypting r);
Device (215) is used for the secret value (F (S of comparison with the hiding reconstruction of the mode of encrypting r)) with the secret value of hiding in the mode of encrypting (F (S)) to detect consistency, if wherein there is consistency, then personal identification is verified.
40, according to any described system among the claim 29-39, the device (216,217) that wherein is used for combination comprises the XOR function.
41, according to any described system among the claim 29-40, wherein:
Determine that device (204) is arranged to the other auxiliary data collection of generation from described at least one subclass (j) of the described characteristic component that has quantized reliably, this data set is used in the personal verification;
The device (206) that is used to generate the data set (X ') that comprises the selected characteristic component that has quantized reliably is arranged to and generates the other corresponding data collection that comprises the selected characteristic component that has quantized reliably; And
The device (207) that is used to generate secret value (S) is arranged to generate other secret value, and this secret value utilization comprises that the other data set of the selected characteristic component that has quantized reliably handles.
42, according to the described system of claim 41, wherein different auxiliary data collection are stored in the different storage devices.
43, according to any described system among the claim 29-42, the device (207) that wherein is used to generate secret value (S) is arranged to different individuals and generates same secret value (S).
44,, further be arranged to the first auxiliary data collection (W1), the second auxiliary data collection (W2) and the secret value (F (S)) hidden in the mode of encrypting are stored in central memory (205) according to any described system among the claim 23-43.
But 45, a kind of computer program that comprises executive module, be used for when each assembly when the device with computing capability moves, make described device enforcement of rights require any described each step among the 1-22 with computing capability.
CN 200580018848 2004-06-09 2005-06-02 Biometric template protection and feature handling Pending CN1965528A (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP04102609.7 2004-06-09
EP04102609 2004-06-09
EP04104386.0 2004-09-10
EP04106480.9 2004-12-10

Publications (1)

Publication Number Publication Date
CN1965528A true CN1965528A (en) 2007-05-16

Family

ID=38083510

Family Applications (3)

Application Number Title Priority Date Filing Date
CN 200580018981 Pending CN1965279A (en) 2004-06-09 2005-06-01 Architectures for privacy protection of biometric templates
CN 200580018848 Pending CN1965528A (en) 2004-06-09 2005-06-02 Biometric template protection and feature handling
CNB2005800189421A Active CN100442305C (en) 2004-06-09 2005-06-02 Biometric template similarity based on feature locations

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN 200580018981 Pending CN1965279A (en) 2004-06-09 2005-06-01 Architectures for privacy protection of biometric templates

Family Applications After (1)

Application Number Title Priority Date Filing Date
CNB2005800189421A Active CN100442305C (en) 2004-06-09 2005-06-02 Biometric template similarity based on feature locations

Country Status (1)

Country Link
CN (3) CN1965279A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104933407A (en) * 2015-05-28 2015-09-23 成都佳发安泰科技股份有限公司 Fingerprint recognition method based on SIFT

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2329423B1 (en) * 2008-09-26 2018-07-18 Koninklijke Philips N.V. Authenticating a device and a user
JP5270514B2 (en) * 2009-10-23 2013-08-21 株式会社日立製作所 Biometric authentication method and computer system
US9967101B2 (en) * 2014-12-04 2018-05-08 Fujitsu Limited Privacy preserving set-based biometric authentication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104933407A (en) * 2015-05-28 2015-09-23 成都佳发安泰科技股份有限公司 Fingerprint recognition method based on SIFT

Also Published As

Publication number Publication date
CN1965279A (en) 2007-05-16
CN100442305C (en) 2008-12-10
CN1977276A (en) 2007-06-06

Similar Documents

Publication Publication Date Title
US6038315A (en) Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy
US20070180261A1 (en) Biometric template protection and feature handling
CN101253726B (en) Computer implemented method for storing data in computer readable media
Davida et al. On enabling secure applications through off-line biometric identification
US9268990B2 (en) Apparatus and method for producing an identification device
US7131009B2 (en) Multiple factor-based user identification and authentication
CN1792060B (en) Methd and system for authenticating physical object
CN101676923B (en) Biometric processing using random projection transforms
US20030101348A1 (en) Method and system for determining confidence in a digital transaction
CN101903891B (en) Defining classification thresholds in template protection systems
Tran et al. A multi-filter fingerprint matching framework for cancelable template design
CN102004872A (en) Fingerprint encryption-based identity authentication system and implementation method thereof
CN116010917A (en) Privacy-protected image processing method, identity registration method and identity authentication method
US7237115B1 (en) Authenticating concealed private data while maintaining concealment
Yang et al. A Delaunay triangle group based fuzzy vault with cancellability
Xu et al. Cancelable voiceprint templates based on knowledge signatures
Tarek et al. Unimodal‐Bio‐GAN: Keyless biometric salting scheme based on generative adversarial network
CN1965528A (en) Biometric template protection and feature handling
CN117763578A (en) Data tamper-proof system and method for financial audit
Liu et al. Palmprint based multidimensional fuzzy vault scheme
Choquehuanca-Chuctaya et al. The Security of Biometric Data in Devices with Cancellable Biometrics Technology: A Systematic Review of the Literature
Bauspieß et al. BRAKE: Biometric Resilient Authenticated Key Exchange
Ziauddin et al. Robust iris verification for key management
Arakala et al. Protection of minutiae‐based templates using biocryptographic constructs in the set difference metric
Hidano et al. On biometric encryption using fingerprint and it's security evaluation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20070516