Pattern Recognition 37 (2004) 2245 – 2255
`
`www.elsevier.com/locate/patcog
`
`Biohashing: two factor authentication featuring fingerprint data and
`tokenised random number
`Andrew Teoh Beng Jina,∗
`
`, David Ngo Chek Linga, Alwyn Gohb
`aFaculty of Information Science and Technology (FIST), Multimedia University, Jalan Ayer Keroh Lama, Bukit Beruang, Melaka 75450,
`Malaysia
`bDistinctive Biometrics Sdn. Bhd. B-S-06, Kelana Jaya 47301, Petaling Jaya, Selangar, Malaysia
`
`Received 1 August 2003; received in revised form 3 March 2004; accepted 27 April 2004
`
`Abstract
`
`Human authentication is the security task whose job is to limit access to physical locations or computer network only to those
`with authorisation. This is done by equipped authorised users with passwords, tokens or using their biometrics. Unfortunately,
`the first two suffer a lack of security as they are easy being forgotten and stolen; even biometrics also suffers from some
`inherent limitation and specific security threats. A more practical approach is to combine two or more factor authenticator
`to reap benefits in security or convenient or both. This paper proposed a novel two factor authenticator based on iterated
`inner products between tokenised pseudo-random number and the user specific fingerprint feature, which generated from
`the integrated wavelet and Fourier–Mellin transform, and hence produce a set of user specific compact code that coined as
`BioHashing. BioHashing highly tolerant of data capture offsets, with same user fingerprint data resulting in highly correlated
`bitstrings. Moreover, there is no deterministic way to get the user specific code without having both token with random data
`and user fingerprint feature. This would protect us for instance against biometric fabrication by changing the user specific
`credential, is as simple as changing the token containing the random data. The BioHashing has significant functional advantages
`over solely biometrics i.e. zero equal error rate point and clean separation of the genuine and imposter populations, thereby
`allowing elimination of false accept rates without suffering from increased occurrence of false reject rates.
`䉷 2004 Pattern Recognition Society. Published by Elsevier Ltd. All rights reserved.
`
`Keywords: BioHashing; Two factor authentication; Biometrics; Fingerprint; Token
`
`1. Introduction
`
`Today’s human authentication factors have been placed in
`three categories, namely What you know, e.g password, se-
`cret, personal identification number (PIN); What you have,
`such as token, smart card etc. and What you are, biomet-
`rics for example. However, the first two factors can be
`
`∗
`Corresponding author. Tel.: +60-6-252-3404; fax: +60-6-231-
`8840.
`Jin),
`(A.T.B.
`bjteoh@mmu.edu.my
`addresses:
`E-mail
`david.ngo@mmu.edu.my (D.N.C. Ling), alwyn_goh@yahoo.co.uk
`(A. Goh).
`
`easily fooled. For instance, password and PINs can be shared
`among users of a system or resource. Moreover, password
`and PINs can be illicitly acquired by direct observation. The
`main advantage of biometrics is that it bases recognition on
`an intrinsic aspect of a human being and the usage of biomet-
`rics requires the person to be authenticated to be physically
`present at the point of the authentication. These character-
`istics overcome the problems whereas password and token
`are unable to differentiate between the legitimate user and
`an attacker. In addition biometric authentication informa-
`tion cannot be transferred or shared; it is a powerful weapon
`against repudiation. However, it also suffers from some in-
`herent biometrics-specific threats [1]. The main concern
`
`0031-3203/$30.00 䉷 2004 Pattern Recognition Society. Published by Elsevier Ltd. All rights reserved.
`doi:10.1016/j.patcog.2004.04.011
`
`IPR2018-00067
`Unified EX1012 Page 1
`
`

`

`2246
`
`A.T.B. Jin et al. / Pattern Recognition 37 (2004) 2245 – 2255
`
`of the public for the biometric usage is the privacy risks
`in biometric system. If an attacker can intercept a person’s
`biometric data, then the attacker might use it to masquerade
`as the person, or perhaps simple to monitor that person’s
`private activities. These concerns are aggravated by the fact
`that a biometrics cannot be changed. When a biometrics is
`compromised, however, a new one cannot be issued.
`Besides that, the nature of biometrics system offers bi-
`nary (yes/no) decisions scheme, which is well defined in the
`classical framework of statistical decision theory, thereby
`provided four possible outcomes are normally called as false
`accept rate (FAR), correct accept rate (CAR), false reject
`rate (FRR) and correct reject rate (CRR) [2]. By manipulat-
`ing the decision criteria, the relative probabilities of these
`four outcomes can be adjusted in a way that reflected their
`associated cost and benefits. In practice, that is almost im-
`possible to get both zero FAR and FRR errors due to the
`fact that the classes are difficult to completely separate in
`the measurement space. According to Bolle et al. [3], the
`biometrics industry emphasis heavily on security issues re-
`lating to FAR with relaxed the FRR requirement. However,
`the overall performance of a biometric system cannot be as-
`sessed based only on this metric. High FRR, i.e. rejection of
`valid users, which is resulted by low FAR, is often largely
`neglected in the evaluation of biometric systems. However,
`this will give an impact on all major aspects of a biometric
`system as pointed in Ref. [4]. Denial of access in biomet-
`ric systems greatly impacts on the usability of the system
`by failing to identify genuine user, and hence on the public
`acceptance of biometrics in the emerging technology. Both
`aspects may represent significant obstacles to the wide de-
`ployment of biometric systems.
`Multimodal biometrics fusion i.e. systems employing
`more than one biometric technology to establish the iden-
`tity of an individual, is able to improve the overall per-
`formance of the biometric system by checking multiple
`evidences of the same identity [5]. Multimodal biomet-
`rics can reduce the probability of denial of access without
`sacrificing the FAR performance by increasing the discrim-
`ination between the genuine and imposter classes [6,7].
`Despite of that, multimodal biometrics is not a solution
`for the privacy invasion problem,
`though the difficulty
`of attack activities may increase to certain degree. More-
`over, use of multiple biometric measurement devices will
`certainly impose significant additional costs, more com-
`plex user-machine interfaces and additional management
`complexity [4].
`The most practical way of addressing the privacy inva-
`sion problem is to combine two or more factor authentica-
`tors. A common multi-factor authenticator is an ATM card,
`which combines a token with a secret (PIN). Combination
`of password or secret with a biometrics is not so favorable,
`since one of the liabilities of biometrics is to get rid of the
`task of memorising the password. As a user has difficulty
`remembering the secret, a token may be combined with a
`biometrics. A token is a physical device that can be thought
`
`of as a portable storage for authenticator, such as ATM card,
`smart card, or an active device that yields time-changing or
`challenged-based passwords. The token can store human-
`chosen passwords, but an advantage is to use these devices
`to store longer codewords or pseudo-random sequence that
`a human cannot remember, and thus they are much less eas-
`ily attacked. Presently, there are quite a number of litera-
`ture reported the integration of biometrics into the smartcard
`[8–10]. However, the only effort being applied in this line
`is to store the user’s template inside a smart card, protected
`with Administrators Keys, and extracted from the card by
`the terminal to perform verification. Some are allowed to
`verify themselves in the card, whenever the verification is
`positive, the card allows the access to the biometrically pro-
`tected information and/or operations [11]. Obviously, these
`configurations are neither a remedy for the afore-mentioned
`invasion of privacy problem nor reduce the probability of
`denial of access with no expense of an increase in the FAR.
`Most recently, Ho and Armington [12] reported a dual-factor
`authentication system that designed to counteract imposter
`by pre-recorded speech and the text-to-speech voice cloning
`technology, as well as to regulate the inconsistency of audio
`characteristics among different handsets. The token device
`generates and prompts an one time password (OTP) to the
`user. The spoken OTP is then forwarded simultaneously to
`both a speaker verification module, which verifies the user’s
`voice, and a speech recognition module, which converts the
`spoken OTP to text and validates it. Despite of that, no at-
`tempt for the FAR–FRR interdependent problem is reported.
`In this paper, a novel two factor authentication approach
`which combined user specified tokenised random data with
`fingerprint feature to generate a unique compact code per
`person is highlighted. The discretisation is carried out by
`iterated inner product between the pseudo-random number
`and the wavelet Fourier–Mellin transform (FMT) fingerprint
`feature, and finally deciding each bit on the sign based on
`the predefined threshold. Direct mixing of pseudo-random
`number and biometric data—BioHashing is an extremely
`convenient mechanism with which to incorporate physical
`tokens, such as smart card, USB token etc. thereby result-
`ing in two factors (token+biometrics) credentials via to-
`kenised randomisation. Hence, it protects against biometric
`fabrication without adversarial knowledge of the randomi-
`sation or equivalently possession of the corresponding to-
`ken. Tokenised discretisation also enables straightforward
`revocation via token replacement, and furthermore, biohash-
`ing has significant functional advantages over solely bio-
`metrics i.e. zero equal error rate (EER) point and elimi-
`nate the occurrence of FAR without overly imperil the FRR
`performance.
`The outline of the paper is as follow: Section 2 presents
`the integrated framework of wavelet transform and the FMT
`for representing the invariant fingerprint feature as well as
`BioHashing procedure. Section 3 presents the experimen-
`tal results and the discussion, and followed by concluding
`remarks in Section 4.
`
`IPR2018-00067
`Unified EX1012 Page 2
`
`

`

`A.T.B. Jin et al. / Pattern Recognition 37 (2004) 2245 – 2255
`
`2247
`
`(a)
`
`(b)
`
`Fig. 1. 2D wavelet decomposition of a fingerprint image: (a) 1-level wavelet decomposition and (b) 3-level wavelet decomposition.
`
`2. BioHashing overview
`
`BioHashing methodology can be decomposed into two
`components: (a) an invariant and discriminative integral
`transform feature of the fingerprint data, with a moder-
`ate degree of offset
`tolerance. This would involve the
`use of integrated wavelet and Fourier–Mellin transform
`framework (WFMT) that reported in Ref. [13]. In this
`framework, wavelet transform preserves the local edges
`and noise reduction in the low-frequency domain (high
`energy compacted) after the image decomposition, and
`hence makes the fingerprint images less sensitive to shape
`distortion. In addition to that, the reduced dimension of the
`images also helps to improve the computation efficiency.
`FMT produces a translation, rotation in plane and scale
`invariant feature. The linearity property of FMT enables
`multiple WFMT features to be used to form a reference
`invariant feature and hence reduce the variability of the
`input fingerprint images; (b) a discretisation of the data
`(cid:1)
`i.e. s = (cid:1)
`via an inner-product of tokenised random number and
`dx(cid:3).a(x(cid:3))b∗(x − x(cid:3)) for inte-
`user data,
`dx
`gral transform functions a, b ∈ L2 with enhance offset
`tolerance. The subsequent sections will detail these two
`components.
`
`2.1. Invariant WFMT feature
`
`Wavelet theory provides a multiresolution representation
`for interpreting the image information with the multilevel
`decomposition [14]. Fig. 1(a) shows the decomposition pro-
`cess by applying the 2D wavelet transform on a finger-
`print image in level 1. Similarly, two levels of the wavelet
`decomposition as shown in Fig. 1(b) by applying wavelet
`transform on the low-frequency band sequentially. In Fig. 1,
`the subband L1 corresponds to the low-frequency compo-
`nents in both vertical and horizontal directions of the orig-
`inal images, making it the low-frequency subband of the
`original image. The subband D1horizont al corresponds to
`the high-frequency component in the horizontal direction
`
`(horizontal edges). A similar interpretation is made on the
`subbands D1vert ical (vertical edges) and D1Diagonal (both
`directions).
`For fingerprint images, the ridge structure can be viewed
`as an oriented texture pattern, which often runs parallel in
`omni direction. According to wavelet theory, the wavelet
`transform conserves the energy of signals and redistributes
`this energy into more compact form. It is commonly found
`that most of the energy content will be concentrated in low-
`frequency subband, Lj if compare to high-frequency sub-
`bands, Dj . Obviously Dj s are not suitable to represent the
`ridge structure because of their low energy content and its
`high pass feature that tends to enhance the edges detail,
`including noise and the shape distortion whereas the sub-
`band Lj is the smoothed version of original image and thus
`helps to reduce the influence of noise on one hand, and on
`the other hand, it also preserves the local edges well which
`helps to capture the features that insensitive to the small
`distortion.
`However, how well is the Lj can preserve the energy is
`depend to the chosen wavelet bases. In general, the orthog-
`onal/biorthogonal and high-order wavelet bases are able to
`preserve the energy efficiently in subband Lj which is only
`quarter size of the original image [13]. In turn, the computa-
`tional complexity will be reduced dramatically by working
`on a lower resolution image.
`In the fingerprint authentication, the varying position,
`scale and the orientation angle of the fingerprint image dur-
`ing the capturing time may severely reduce performance.
`These alignment problems can be solved by transform-
`ing a fingerprint image into an invariant feature. Various
`translation, rotation and scale invariant methods such as
`integral transforms, moment invariants and neural network
`approaches have been proposed [15]. These techniques pro-
`vide good invariance theories but suffer from the presence
`of noise, computation complexity or accuracy problem [16].
`Among the various invariant techniques, integral transform-
`based invariants—FMT is adopted as it
`is a relatively
`simple generalisation of transform domain and performs
`well under noise. In addition, mapping to and from the
`
`IPR2018-00067
`Unified EX1012 Page 3
`
`

`

`2248
`
`A.T.B. Jin et al. / Pattern Recognition 37 (2004) 2245 – 2255
`
`Wavelet
`Transform
`
`FFT
`
`InputImage
`
`High Pass
`Filtering
`
`Log-Polar
`Transform
`
`FFT
`
`Row
`Concatenation
`
`Feature
`Vector
`
`WFMT Features
`
`Fig. 2. Block diagram of generating the WFMT features, ♄.
`
`invariant domain to the spatial domain is well defined and it
`is in general not computationally heavy. FMT is translation
`invariant and represents rotation and scaling as translations
`along the corresponding axes in parameter space.
`Consider an image f2(x, y) that is a rotated, scaled and
`translated replica of f1(x, y),
`f2(x, y) = f1(♶(x cos ♡ + y sin ♡) − x0,
`♶(−x sin ♡ + y cos ♡) − y0),
`where ♡ is the rotation angle, ♶ the uniform scale factor, and
`x0 and y0 are translational offsets. The Fourier transform of
`f1(x, y) and f2(x, y) are related by
`−j
`s (u,v)♶−2(F1(♶−1(u cos ♡ + v sin ♡),
`F2(u, v) = e
`♶−1(−u sin ♡ + v cos ♡))),
`(2)
`where
`s (u, v) is the spectra phase of the image f2(x, y).
`This phase depends on the translation, scaling and rotation,
`but the spectral magnitude
`
`(1)
`
`(3)
`
`|F2(u, v)| =♶ −2|F1(♶−1(u cos ♡ + v sin ♡),
`♶−1(−u sin ♡ + v cos ♡)))|
`is translation invariant.
`Rotation and scaling can be decoupled by defining the
`spectral magnitudes of f1 and f2 in the polar coordinates
`(♫, r) as follows:
`f2p(♫, r) = ♶−2f1p(♫ − ♡, r/♶).
`Hence, an image rotation shifts the function f1p(♫, r) along
`the angular axis. A scaling is reduced to a scaling of the
`radial coordinate and to a magnification of the intensity
`by a constant factor ♶2. Scaling can be further reduced
`to a translation by using a logarithmic scale for the radial
`
`(4)
`
`coordinate, thus
`
`f2pl (♫, ♮) = ♶−2f1pl (♫ − ♡, r − ♪),
`(5)
`where ♮=log(r) and ♪=log(♶). In this polar-logarithmic rep-
`resentation, both rotation and scaling are reduced to transla-
`tion. By Fourier transforming the polar-logarithm represen-
`tations (5),
`
`where
`
`F2pl (♩, ♱) = ♶−2e
`(cid:2) ∞
`−∞
`
`F1pl (♩, ♱) =
`
`−j2♳(♩♪+♱♮)F1pl (♩, ♱),
`
`(cid:2)
`
`0
`
`2♳
`
`f1pl (♫, ♮)ej (♩♮+♱♫) d♫ d♮,
`
`(6)
`
`(7)
`
`the rotation and scaling now appear as phase shifts. This
`technique decouples images rotation, scaling and transla-
`tion, and is therefore very efficient numerically. However,
`the result stated for the continuous case does not carry over
`exactly to the discrete case in the actual implementation.
`Some artifacts may be introduced due to the sampling and
`truncation if the implementation is not done with care; this
`is due to the difficulty of numerical instability of coordi-
`nates near to the origin. Here care has to be taken in se-
`lecting the starting point of the logarithm resampling, since
`limr→0 log r = −∞. Therefore, a high-pass filter is apply
`on the logarithm spectra [17],
`H (x, y) = (1.0 − cos(♳x) cos(♳y))
`(2.0 − cos(♳x) cos(♳y))
`with −0.5 (cid:1) x, y (cid:1) 0.5.
`And hence, the block diagram of WFMT feature repre-
`sentation, ♄ is shown in Fig. 2.
`
`(8)
`(9)
`
`IPR2018-00067
`Unified EX1012 Page 4
`
`

`

`A.T.B. Jin et al. / Pattern Recognition 37 (2004) 2245 – 2255
`
`2249
`
`Transformation
`
`WFMT Feature
`
`Inner
`Product
`
`Inner
`Product
`
`Inner
`Product
`
`Inner
`Product
`
`Tokenized
`Random Number
`
`thresholding
`
`BioHash
`
`1
`
`0
`
`0
`
`1
`
`Fig. 3. BioHashing progression.
`
`In this framework, FMT is based on Fourier transform
`theory, which has a linear property as below:
`If fi ∈ R2, a and b ∈ C (i.e. complex domain), then
`
`
` l(cid:6)
` = l(cid:6)
`
`Fpl
`
`ai fi
`
`Fpl{ai fi}
`
`(10)
`
`i=1
`i=1
`This implies that multiple l♄ can be used to form a refer-
`ence ♄ and just only one representation per user needs to
`be stored. The representation for each user, ♄U i can be for-
`mulated as follows:
`l(cid:6)
`♄U i = 1
`j=1
`
`♄i
`j ,
`
`l
`
`(11)
`
`where ♄j
`is the invariance feature of the jth view image
`i
`of the ith person. Producing a ♄U from different training
`images, could relax various variability’s that occur during
`the acquisition process, such as sharp distortion and noise.
`
`2.2. Biometrics discretisation
`At this stage, the invariant fingerprint feature, ♄ ∈ RM
`with M, the log-polar spatial frequency dimension, is re-
`ducing down to a set of single bit, b ∈ {0, 1}m, with m
`the length of the bit string via a tokenised pseudo ran-
`dom pattern, r ∈ Rm, which distributed according to uni-
`form distribution U[−1 1]. In practice, random number se-
`quence, r could be generated from a physical device, i.e.
`USB token or smartcard. For a specific application, r is
`calculated based on a seed that stores in USB token or
`smart card microprocessor through a random number gen-
`erator. The seed is the same as those users recorded during
`the enrollment, and is different among different user and
`different application. A lot of pseudo random bit/number
`
`algorithms are publicly available, to name a few, such as ad
`hoc scheme—ANSI X9.17 generator, FIPS 186 generator
`and highly secure scheme: cryptographically secure pseu-
`dorandom bit generator (CSPBG)—RSA pseudorandom bit
`generator, Micali–Schnorr pseudorandom bit generator or
`Blum–Blum–Shub pseudorandom bit generator [18].
`BioHashing is describable in terms of successive simpli-
`fications on the following:
`(a) Raw intensity image representation: I ∈ RN , with N the
`image pixelisation dimension.
`(b) Wavelet Fourier–Mellin representation in a vector for-
`mat: ♄ ∈ RM , with M, the log-polar spatial frequency
`dimension.
`(c) Discretization, b ∈ {0, 1}m
`
`The transition between (a) and (b) is vital in so far as good
`feature location and extraction can reduce substantially the
`offset between two fingerprint images of the same person,
`and thus yield a set of highly offset-tolerant user specific
`code, b as will be vindicated through the experimental results
`in Section 3.
`The BioHashing progression can be illustrated as in
`Fig. 3.
`Achieving (c) requires an offset-tolerant transformation
`by projected ♄ onto each random pattern, and the choice
`of a threshold, ♸ to assign a single bit for each projection,
`specifically let ♄ ∈ RM
`
`(1) Use token to generate a set of pseudo random number,
`{ri ∈ RM|i = 1, . . . , m}.
`(2) Apply the Gram–Schmidt process to transform the ba-
`sis {ri ∈ RM|i = 1, . . . , m} into an orthonormal set of
`matrices {r⊥i ∈ RM|i = 1, . . . , m}.
`(3) Compute {< ♄|r⊥i > ∈ R| i = 1, . . . , m} where (cid:15)·|·(cid:17)
`indicates inner product operation.
`
`IPR2018-00067
`Unified EX1012 Page 5
`
`

`

`2250
`
`(cid:10)
`
`bi
`
`A.T.B. Jin et al. / Pattern Recognition 37 (2004) 2245 – 2255
`∈
`2m from
`(4) Compute m bits BioHash,
`if (cid:15)♄|r⊥i(cid:17) (cid:1) ♸
`bi =
`0
`if (cid:15)♄|r⊥i(cid:17) > ♸ m (cid:1) M, where ♸ is a preset
`1
`threshold.
`
`Repetition of this procedure to obtain multiple bits render
`the issue of inter-bit correlations, which is addressed via
`orthonormal set ♷ = {r⊥k , k = 1, 2, . . . , m}. Each bit bi is
`hence rendered independent of all others, so that legitimate
`(and unavoidable) variations in ♄ that invert bi would not
`necessarily have the same effect on bi + 1.
`The primary concern from the security viewpoint cen-
`tres on protection of information during the representational
`transformations, and in particular whether (or how) these
`transformations can be inverted to recover the input informa-
`tion, i.e. biometric fabrication. The above-listed parameters
`are said to be zero knowledge representations of their inputs
`if the transformations are non-invertible, as in the case of
`m(cid:3) 2m(cid:3) → 2m for token
`cryptographic hash h(r, k) : 2m × ∀
`serialisation r and secret knowledge (arbitrary-length pass-
`word) k. Note the non-recovery of key-factors (cid:15)r, k(cid:17) from
`h(r, k), which motivates an equivalent level of protection for
`biometric ♄. This is accomplished via token-specification
`of BioHash representation, i.e. H (r, ♄) : 2m × RM → 2m.
`Note that H (r, ♄) cannot be computed with both r and ♄,
`so that adversarial deduction is no more than probable than
`−m. Besides that, it is highly un-
`random guessing of order 2
`likely for r to have same or close number set if it was gener-
`ated from two different seeds, especially in CSPBG which
`protected by the target collision resistance of Hash function.
`
`3. Experiments and discussion
`
`In this paper, the proposed methodology is evaluated on
`images taken from FVC 2002 (Set A), which is available in
`DVD included in Ref. [19]. FVC2002 (Set A) provided four
`different fingerprint databases: DB1, DB2, DB3 and DB4,
`three of these databases are acquired by various sensors,
`low cost and high quality, optical and capacitive whereas
`the fourth contains synthetically generated images. In this
`paper, we had selected DB1 as the experiment benchmark
`to vindicate the propose methodology. DB1 contain eight
`impressions of 100 different fingers, hence 800 images in
`total. However, the comparison only can be done if both
`fingerprint images contain their respective core points, but
`two out of eight impressions for each finger in FVC2002
`have no core point due to the exaggerate displacement. In
`our experiments, these two impressions were excluded as
`WFMT approach requires to detect the core point in priori
`and hence, there are only six impressions per finger yielding
`600 (6× 100) fingerprint images in total for each database.
`Every finger image will be performed core point detection
`via the method proposed in Ref. [20] and a 128 × 128
`square region centred in the reference point of the fingerprint
`
`images can be cropped. Even though some false core points
`were detected, they were not deviating too much from the
`actual core point location. It is commonly known that the
`slight translation is invariant under FMT and thus we still
`included those false detected core point images as our ex-
`perimenting subjects.
`Recall the focus of this paper on the effect of post-integral
`transformation discretisation; hence the experiments of in-
`variant property of WFMT were omitted though the results
`could be obtained in Ref. [13]. In order to generate WFMT
`feature, two levels decomposition are performed on a fin-
`gerprint image due to the consideration that too coarse res-
`olution is inappropriate, as down sampling process would
`eliminate the orientation characteristics of ridge structures.
`However, L1 subband (M = 64× 64) with Spline Biorthog-
`onal filter order 5.5 gives the best performance whereas the
`usage of L2 seems to decrease the performance [13].
`For the FAR test and imposter population distribution as
`well, the first impression of each finger is matched against
`the first impression of all other fingers and the same match-
`ing process was repeated for subsequent impressions, lead-
`ing to 29,700 (4950 × 6) imposter attempts. For the FRR
`test and genuine population distribution creation, each im-
`pression of each finger is matched against all other impres-
`sions of the same finger, leading to 1500 (15 attempts of
`each finger ×10).
`The experimental settings are as follows:
`• wfm: denoting wavelet Fourier–Mellin transformation
`configuration.
`• wfmm: denoting multiple representation of wavelet
`Fourier–Mellin transformation configuration described
`in Eq. (10), where l = 4, an optimum configuration [13].
`• wfmd-m: denoting 2m discretisation on wfm with the
`threshold value, ♸ = 0 where m is the bit length.
`• wfmmd-m: denoting 2m discretisation on wfmm with ♸=0
`where m is the bit length.
`The experimental data is acquired for m= 20, 40, 60 and
`80 in all cases while for the similarity matching, a simple
`Euclidean distance metric is adopted for wfm as well as
`wfmm whereas Hamming distance is used in wfmd-m and
`wfmmd-m.
`
`3.1. Genuine and imposter population distribution
`histograms
`
`Fig. 4 illustrated the genuine and imposter population
`distribution for wfm and wfmm, respectively. The genuine
`distribution shows the results when different images of the
`same fingerprint are compared; but when images from dif-
`ferent fingerprints are compared, the imposter distribution
`is the outcome. The results show the smaller overlapping
`in between genuine and imposter populations for wfmm
`compared to wfm. It implies that wfmm minimise the dis-
`tance between images from the same class, and hence make
`
`IPR2018-00067
`Unified EX1012 Page 6
`
`

`

`A.T.B. Jin et al. / Pattern Recognition 37 (2004) 2245 – 2255
`
`2251
`
`Fig. 4. Euclidean distance histograms for wfm and wfmm: (a) wfm and (b) wfmm.
`
`Fig. 5. Genuine and imposter population distribution for wfmd-m and wfmmd-m: (a) wfmm-20, (b) wfmmd-20, (c) wfmd-40, (d) wfmmd-40,
`(e) wfmd-60, (f) wfmmd-60 (g) wfmd-80 and (h) wfmmd-80.
`
`it more favor in the classification task. However, a clean
`separation in between genuine and imposter populations is
`substantial for the FRR–FAR interdependent problem, i.e.
`denial of access issue in the conventional biometrics context.
`
`Clean separation and centralization of the genuine popula-
`tions of wfmd-80 and wfmmd-m with m = 40, 60 and 80 in
`Fig. 5 at Hamming distances of near 0—indicate that dis-
`agreeing bits is very tightly packed around 1% whereas for
`
`IPR2018-00067
`Unified EX1012 Page 7
`
`

`

`2252
`
`A.T.B. Jin et al. / Pattern Recognition 37 (2004) 2245 – 2255
`
`wfm
`
`wfmm
`
`wfmd-20
`
`wfmd-40
`
`wfmd-60
`
`wfmd-100
`
`wfmmd-20
`
`wfmmd-40
`
`wfmm-60
`
`wfmmd-80
`
`0
`
`5
`
`10
`
`15
`
`25
`20
`FRR(%)
`
`30
`
`35
`
`40
`
`45
`
`Fig. 5. (continued).
`
`50
`45
`40
`35
`30
`25
`20
`15
`10
`
`05
`
`FAR(%)
`
`imposter populations: about 1
`m—50% bits may differ; both
`2
`of which vindications of the proposed approach. This indi-
`cates wfmd-m as well as wfmmd-m outweighs both wfm and
`wfmm by minimising the intra-class distance and maximis-
`ing the inter-class distance, hence the attractiveness of the
`wfmd-m and wfmmd-m genuine population with its steeper
`peak-to-plateau drop-offs compared to the corresponding
`wfm and wfmm profiles is apparent. These sharp drop-offs
`are clearly seen in wfmd-80 and wfmmd-m with m= 40–80,
`and thus allow for specification of zero FAR without jeop-
`ardizing the FRR performance, which will further clarify in
`next section.
`
`3.2. FAR, FRR and EER characteristics
`Establishment of FRR (FAR = 0%) and the EER crite-
`ria, at which point (FAR+FRR)/2 for a particular configura-
`tion requires analysis of FAR–FRR receiver operating curve
`(ROC), which can be developed by varying a range of nor-
`malised threshold values in between 0 and 1, as illustrated
`in Fig. 6.
`Note that EER near to zero of wfmd-m and EER = 0%
`of wfmmd-m compared to both wfm and wfmm in Table 1
`
`Fig. 6. Receiver operating curve for wfm, wfmm, wfmd-m and
`wfmmd-m.
`
`the robustness of wfmd-m and wfmmd-m in the
`reveals
`verification task, this also can be seen from the consistent
`locations of wfmd-m and wfmmd-m inside the correspond-
`ing wfm and wfmm profile that shown in Fig. 6. This con-
`firms the previous observation in Section 3.1 in term of
`the criteria for FRR when FAR = 0%, thereby the proposed
`
`IPR2018-00067
`Unified EX1012 Page 8
`
`

`

`A.T.B. Jin et al. / Pattern Recognition 37 (2004) 2245 – 2255
`
`2253
`
`Table 1
`Performance evaluation in terms of EER and FRR when FAR = 0%
`FAR (%)
`FRR (%)
`EER (%)
`
`FRR (%) (FAR = 0%)
`
`Threshold range when EER = 0%
`([tmax − tmin]
`
`wfm
`wfmm
`wfmd-20
`wfmd-40
`wfmd-60
`wfmd-80
`wfmmd-20
`wfmmd-40
`wfmmd-60
`wfmmd-80
`
`5.93
`1.00
`3.91
`1.55
`0.14
`0.00
`0.88
`0.00
`0.00
`0.00
`
`5.38
`1.02
`4.12
`2.56
`0.00
`0.00
`0.34
`0.00
`0.00
`0.00
`
`5.66
`1.01
`4.02
`2.06
`0.07
`0.00
`0.61
`0.00
`0.00
`0.00
`
`47.16
`23.08
`15.86
`2.56
`0.04
`0.00
`0.94
`0.00
`0.00
`0.00
`
`—
`—
`—
`—
`—
`[0.18 − 0.05] 0.13
`—
`[0.32 − 0.08] 0.24
`[0.38 − 0.05] 0.33
`[0.41 − 0.03] 0.39
`
`methodology is efficient to overcome the FAR–FRR interde-
`pendency problem whereas using wfm or wfmm alone yield
`intolerable high FRR—47.16% and 23.08%, respectively.
`On the other hand, it can be observed that wfmmd-m is
`outperformed wfmd-m as wfmmd-m obtained EER = 0% at
`m=40 whereas m=80 for wfmd-m for similar performance.
`Since the verification rates are very high for wfmd-80
`and wfmmd-m, m = 40, 60 and 80, another performance
`indicator is through the observation of range of normalised
`threshold values, t ∈ [0 1] when EER = 0%: the bigger
`range of threshold value yield the better performance, as a
`large range of operating points, t with zero errors can be
`obtained. Table 1 shows the range of t that result in a zero
`error, for wfmd-m and wfmmd-m. It can be observed that
`the range is getting wider when m grows, which implies
`system performance is boost for wfmd-80 and wfmmd-m
`where m = 40, 60 and 80. In general, we can postulate that
`BioHash, b performance can be improved with the better
`biometric feature extractor, i.e. multiple WFMT or with the
`larger m where m < M.
`In the practicability viewpoint, the fingerprint recognition
`system have been used under a huge database, and thus the
`size of fingerprint feature should be compact enough for en-
`rollment and recognition, hence wfmd-80 or wfmmd-60 seem
`like the good compromise between the requirement of ac-
`curacy and computation speed. In addition, probability of b
`recovery for wfmd-80 and wfmmd-60 in security concern are
`60
`80
`not less than 1
`and 1
`, respectively of random guessing.
`2
`2
`
`3.3. BioHashing one-way transformation validation
`
`As mentioned in Section 2, the crucial concern of pre-
`venting biometric fabrication in the verification task is to
`ensure that BioHashing is a one-way and non-invertible
`transformation, in other words, thre is no deterministic way
`to get the user specific code without having both token
`with random data and user fingerprint. In order to validate
`
`Fig. 7. Genuine and imposter population distribution histogram for
`case 2.
`
`this, an experiment is conducted to simulate the situations
`below:
`Let rA the random pattern that generated by the genuine
`user with his/her token and inner-producted with ♄EA (en-
`rolled invariant fingerprint representation A) and ♄T A (test
`invariant fingerprint representation A), with length of bit-
`string, m = 60.
`Then, the following three cases can be derived:
`Case 1: (cid:15)rA, ♄EA(cid:17)(cid:2)(cid:15)rA, ♄T A(cid:17).
`This is the case when A holds his/her rA and combine
`with his/her own ♄EA and ♄T A during the enrollment and
`verification session, respectively. This has been vindicated
`and discussed in Sections 3.1 and 3.2.
`Case 2: (cid:15)rA, ♄EA(cid:17)(cid:2)(cid:15)ro, ♄T A(cid:17).
`This case presumes A lost his/her token credential, i.e.
`r