Biometric Encryption™
`Colin Soutar, Danny Roberge‡, Alex Stoianov, Rene Gilroy, and B.V.K. Vijaya Kumar†
`Bioscrypt Inc. (formerly Mytec Technologies Inc.),
`5450 Explorer Drive, Suite 500
`Mississauga, ONT
`L4W 5M1
`www.bioscrypt.com
`
`‡currently with Forensic Technologies Inc.
`†Department of Electrical and Computer Engineering, Carnegie Mellon University
`
`The content of this article appears as chapter 22 in ICSA Guide to Cryptography, edited by Randall K.
`Nichols, McGraw-Hill (1999)
`
`Introduction
`1
`1.1 Biometrics
`A biometric is defined as a unique, measurable, biological characteristic or trait for automatically
`recognizing or verifying the identity of a human being. Statistically analyzing these biological
`characteristics has become known as the science of biometrics. These days, biometric technologies are
`typically used to analyze human characteristics for security purposes. Five of the most common physical
`biometric patterns analyzed for security purposes are the fingerprint, hand, eye, face, and voice.
`
`The use of biometric characteristics as a means of identification is not a new concept. By 1926, law
`enforcement officials in several U.S. cities had begun submitting fingerprint cards to the FBI in an effort to
`create a database of fingerprints from known criminals. Human experts in the law enforcement field were
`subsequently able to manually match fingerprint samples collected at a crime scene against the prints in this
`criminal database. Years of research in developing accurate and distinctive fingerprint classification
`schemes made these manual matching processes feasible by drastically reducing the required database search
`space. Various fingerprint classification schemes are discussed in Lee and Gaensslen. In the early 1960’s
`the FBI invested a large amount of time and effort into the development of automated fingerprint
`Apple 1026
`Apple v. USR
`IPR2018-00810
`
`1
`
`

`

`identification systems. This automation of biometric identification for law enforcement purposes coincided
`with the development of automated systems for non-forensic applications, such as high-security access
`control. Fingerprint identification systems have been deployed in access control systems since the late
`1960’s. During the 1970’s a biometric product based on measuring the geometry of the hand was
`introduced in a number of access control applications. Interest in biometric identification eventually moved
`from measuring characteristics of the hand to include characteristics of the eye. In the mid-1980’s the first
`system that analyzed the unique patterns of the retina was introduced while, concurrently, work was being
`performed to analyze iris patterns.
`
`In the 1990’s, research continues on developing identification systems based on a wide variety of biometric
`patterns, such as the traditional biometrics mentioned above (i.e. fingerprint, hand geometry, iris, and retina),
`along with the development of voice, signature, palm print, and face recognition systems. A few new,
`innovative approaches are also being examined for biometric analysis, such as ear shape, DNA, keystroke
`(typing rhythm), and body odor.
`
`Biometric identification consists of two stages: enrollment and verification. During the enrollment stage, a
`sample of the designated biometric is acquired. Some unique characteristics or features of this sample are
`then extracted to form a biometric template for subsequent comparison purposes. During the verification
`stage, an updated biometric sample is acquired. As in enrollment, features of this biometric sample are
`extracted. These features are then compared with the previously generated biometric template.
`
`It is convenient to distinguish between the two main objectives of biometric systems: identification and
`authentication. Biometric identification is the process of matching an individual to one of a large set of
`system users, whereas biometric authentication simply verifies that the individual is who he or she claims to
`be. Law enforcement applications typically require the process of biometric identification. For example, a
`typical law enforcement application would seek to determine the identity of an individual who has left a
`latent fingerprint at the scene of a crime. The law enforcement official would enter the collected fingerprint
`and match its template against all the stored templates in the criminal record fingerprint database. This
`process may also be termed a one-to-many search. Alternatively, in the process of biometric authentication
`the user submits an identity claim to the system. Thus, only one biometric template is retrieved from the
`database of users and compared with the verification sample. Authentication is typically used in
`circumstances where access is being controlled, whether physical access to a room or building, or access to
`
`2
`
`

`

`an electronic system such as the logon to a computer system. Biometric authentication thus processes a one-
`to-one match rather than a one-to-many search. For both the identification and the authentication systems, a
`threshold will generally be used to determine the match between templates. The setting of this threshold
`determines the discrimination sensitivity of the system.
`
`Many systems have been developed for implementing biometric identification and authentication. Even for
`a single biometric, such as the fingerprint, there are many different methods used to create the biometric
`template. For example, law enforcement has traditionally used a method of extracting and comparing
`minutiae points from the fingerprint. Minutiae points are locations where a fingerprint ridge ends or splits in
`two. Other fingerprint characteristics are sweat pore location, ridge density, and distance between ridges.
`In other systems, the entire fingerprint image may be processed to implement a pattern recognition process,
`such as correlation.
`
`1.2 Merger of biometrics with cryptography
`With the proliferation of information exchange across the Internet, and the storage of sensitive data on open
`networks, cryptography is becoming an increasingly important feature of computer security. Many
`cryptographic algorithms are available for securing information, and several have been discussed previously
`in this book. In general, data will be secured using a symmetric cipher system, while public-key systems
`will be used for digital signatures and for secure key exchange between users. However, regardless of
`whether a user deploys a symmetric or a public-key system, the security is dependent on the secrecy of the
`secret or private key, respectively. Because of the large size of a cryptographically-strong key, it would
`clearly not be feasible to require the user to remember and enter the key each time it is required. Instead, the
`user is typically required to choose an easily remembered passcode that is used to encrypt the cryptographic
`key. This encrypted key can then be stored on a computer’s hard drive. To retrieve the cryptographic key,
`the user is prompted to enter the passcode, which will then be used to decrypt the key.
`
`There are two main problems with the method of passcode security. First, the security of the cryptographic
`key, and hence the cipher system, is now only as good as the passcode. Due to practical problems of
`remembering various passcodes, some users tend to choose simple words, phrases, or easily remembered
`personal data, while others resort to writing the passcode down on an accessible document to avoid data loss.
`Obviously these methods pose potential security risks. The second problem concerns the lack of direct
`connection between the passcode and the user. Because a passcode is not tied to a user, the system running
`
`3
`
`

`

`the cryptographic algorithm is unable to differentiate between the legitimate user and an attacker who
`fraudulently acquires the passcode of a legitimate user.
`
`As an alternative to passcode protection, biometric authentication offers a new mechanism for key security
`by using a biometric to secure the cryptographic key. Instead of entering a passcode to access the
`cryptographic key, the use of this key is guarded by biometric authentication. When a user wishes to access
`a secured key, he or she will be prompted to allow for the capture of a biometric sample. If this verification
`sample matches the enrollment template, then the key is released and can be used to encrypt or decrypt the
`desired data. Thus, biometric authentication can replace the use of passcodes to secure a key. This offers
`both convenience, as the user no longer has to remember a passcode, and secure identity confirmation, since
`only the valid user can release the key.
`
`There are various methods that can be deployed to secure a key with a biometric. One method involves
`remote template matching and key storage. The biometric image is captured and the corresponding template
`is sent to a secure location for template comparison. If the user is verified, then the key is released from the
`secure location. This provides a convenient mechanism for the user, as they no longer need to remember a
`passcode. This method would work well in a physical access application where the templates and keys may
`be stored in a secure location physically separated from the image capture device. In this scenario, the
`communication line must also be secured to avoid eavesdropper attacks. However, for personal computer
`use, the keys would likely be stored in the clear on a user’s hard drive, which is not secure.
`
`A second method involves hiding the cryptographic key within the enrollment template itself via a trusted
`(secret) bit-replacement algorithm. Upon successful authentication by the user, this trusted algorithm would
`simply extract the key bits from the appropriate locations and release the key into the system.
`Unfortunately, this implies that the cryptographic key will be retrieved from the same location in a template
`each time a different user is authenticated by the system. Thus, if an attacker could determine the bit
`locations that specify the key, then the attacker could reconstruct the embedded key from any of the other
`users’ templates. If an attacker had access to the enrollment program then he could determine the locations
`of the key by, for example, enrolling several people in the system using identical keys for each enrollment.
`The attacker then needs only to locate those bit locations with common information across the templates.
`
`4
`
`

`

`A third method is to use data derived directly from a biometric image. Bodo proposed such a method in a
`German patent. This patent proposed that data derived from the biometric (in essence, the biometric
`template) are used directly as a cryptographic key. However, there are two main problems with this method.
`First, as a result of changes in the biometric image due to environmental and physiological factors, the
`biometric template is generally not consistent enough to use as a cryptographic key. Secondly, if the
`cryptographic key is ever compromised, then the use of that particular biometric is irrevocably lost. In a
`system where periodic updating of the cryptographic key is required, this is catastrophic.
`
`An innovative technique for securing a key using a biometric has been developed by Mytec Technologies
`Inc., based in Toronto Canada. The solution developed by Mytec does not use an independent, two-stage
`process to first authenticate the user and then release the key. Instead, the key is linked with the biometric at
`a more fundamental level during enrollment, and is later retrieved using the biometric during verification.
`Furthermore, the key is completely independent of the biometric data, which means that, firstly, the use of
`the biometric is not forfeited if the key is ever compromised, and secondly, the key can be easily modified or
`updated at a later date. The process developed by Mytec Technologies is called Biometric Encryption™.
`During enrollment, the Biometric Encryption process combines the biometric image with a digital key to
`create a secure block of data, known as a Bioscrypt™. The digital key can be used as a cryptographic key.
`The Bioscrypt is secure in that neither the fingerprint nor the key can be independently obtained from it.
`During verification, the Biometric Encryption algorithm retrieves the cryptographic key by combining the
`biometric image with the Bioscrypt. Thus, Biometric Encryption does not simply provide a yes/no response
`in user authentication to facilitate release of a key, but instead retrieves a key that can only be recreated by
`combining the biometric image with the Bioscrypt.
`
`Note that Biometric Encryption refers to a process of secure key management. Biometric Encryption does
`not directly provide a mechanism for the encryption/decryption of data, but rather provides a replacement to
`typical passcode key-protection protocols. Specifically, Biometric Encryption provides a secure method for
`key management to complement existing cipher systems.
`
`Although the process of Biometric Encryption can be applied to any biometric image, the initial
`implementation was achieved using fingerprint images. The majority of this chapter therefore deals only
`with fingerprint images. The application of the Biometric Encryption algorithm to other biometrics is
`briefly discussed in the section entitled Biometric Encryption using other biometric templates.
`
`5
`
`

`

`2 Biometric Encryption Algorithm
`2.1
`Image Processing
`In contrast to feature-based biometric systems, the Biometric Encryption algorithm processes the entire
`fingerprint image. The mechanism of correlation is used as the basis for the algorithm. A general overview
`of correlation, as it relates to Biometric Encryption, is given in the following section. More detailed
`discussions of correlation and its applications are given in the references by Goodman, Steward and
`VanderLugt.
`
`2.2 Correlation
`A two-dimensional input image array is denoted by f(x) and its corresponding Fourier transform (FT) mate
`by F(u). Here x denotes the space domain and u denotes the spatial frequency domain. The capitalization
`of F denotes an array in the Fourier transform domain. Note that although the arrays defined here are two-
`dimensional, only a single parameter, i.e. x, is used as the array variable to simplify description of the
`process. A filter function, H(u), is derived from an image, f0(x), where the subscript 0 denotes an image
`obtained during an enrollment session. The correlation function, c(x), between a subsequent version of the
`
`f
`
`1
`
`∞ ∞
`
`input, f1(x), obtained during verification and f0(x) is formally defined as
`
`c
`
`( )
`x
`
`=
`
`−
`denotes the complex conjugate. In a practical correlation system, the system output is computed as the
`{
`}u
`( )
`( )
`( )
`−
`∗
`1
`=
`inverse Fourier transform (FT-1) of the product of F1(u) and F0*(u), i.e.
`, where
`FT
`x
`u
`c
`F
`F
`0
`1
`F0*(u) is typically represented by the filter function, H(u), that is derived from f0(x). For correlation-based
`biometric systems, the biometric template used for identification/authentication is the filter function, H(u).
`
`( )
`v
`
`f
`
`∗
`0
`
`(
`
`x
`
`+
`
`)
`dvv
`
`, where *
`
`Normally in the correlation process the filter function H(u) is designed to produce a distinctive correlation
`peak (which approximates a delta function) at the output of the system. Such a correlation peak can easily
`be identified in a correlator system, and its position can be used to track an object of interest, see Hahn and
`Bauchert. Furthermore, a scalar value can be derived from the correlation plane (Kumar and Hassebrook),
`and used as a measure of the similarity between f1(x) and f0(x). The process of correlation provides an
`effective mechanism for determining the similarity of objects, and has been successfully used for fingerprint
`authentication (Stoianov et al). In the next section, it will be demonstrated that the process of correlation
`can also be used as the basis for the Biometric Encryption algorithm.
`
`6
`
`

`

`System requirements
`2.3
`The objective of the Biometric Encryption algorithm is to provide a mechanism for the linking and
`subsequent retrieval of a digital key using a biometric such as a fingerprint. This digital key can then be
`used as a cryptographic key. The important system requirements that apply to a key retrieval system using a
`fingerprint are distortion tolerance, discrimination and security.
`
`• Distortion tolerance is the ability of the system to accommodate the day-to-day distortions of the
`fingerprint image. These distortions are due to behavioral changes (positioning, rotation, and
`deformation), as well as environmental (ambient temperature and humidity) and physiological (moisture
`content) conditions. A key retrieval system must be able to consistently produce the correct key for the
`different expected versions of a legitimate user’s fingerprint.
`
`• Discrimination is the ability of a system to distinguish between all of the system users’ fingerprints. An
`attacker should produce an incorrect key when the attacker’s fingerprint is combined with a legitimate
`user’s filter.
`
`• Security of the system means that neither the digital key, nor the legitimate user’s fingerprint, can be
`independently extracted from any stored information.
`
`To satisfy these three constraints simultaneously, the process of correlation was used as a mechanism for
`linking and retrieving the digital key. As discussed above, correlation is normally used to provide a single
`scalar value which indicates the degree of similarity between one input image, f1(x), and another, f0(x), that is
`represented by the filter function, H(u). The process of Biometric Encryption, on the other hand, needs to
`extract more information than a simple yes/no response from the system. In fact, Biometric Encryption is
`designed typically to output 128 bits of information to be used as a cryptographic key. Thus, it is not
`immediately evident how the process of correlation can be applied to this procedure. However, it is known
`that the process of correlation can be used to design filter functions that are tolerant to distortions in the input
`images; see Kumar, or Roberge et al. This distortion tolerance property of the correlation filter is critical to
`the implementation of Biometric Encryption. Instead of designing a filter function, H(u), which produces a
`simple output pattern, c(x), which approximates a delta function, the process of Biometric Encryption
`
`7
`
`

`

`produces a more sophisticated output pattern. This output pattern is linked during enrollment with a
`particular digital key, and subsequently regenerated during verification to retrieve the same digital key.
`
`2.4 Design of the filter function
`The filter function will be optimized for the following two requirements: that it consistently produces the
`same output pattern for a legitimate user, and that it is tolerant to distortions present in the input images. To
`provide a degree of distortion tolerance, the filter function is calculated during an enrollment session using a
`set of T training images, where T ≥ 1. Denote the T images of the fingerprint by {f0
`T(x)},
`1(x), f0
`2(x), …, f0
`where the subscript 0 denotes a training image. The filter function that will be constructed using these
`images is denoted by H(u). Note that we may refer to complex-valued functions such as H(u) independently
`( )uHie φ
`by their magnitude and phase components, denoted by |H(u)| and
`, respectively. The output pattern
`t(x) is given by
`t(x) is given by c0
`t(x) and the Fourier transform of c0
`produced in response to f0
`( )
`( )
`( )u
`≡
`⋅
`t(u) is the Fourier transform of the training image, f0
`t(x). The desired output
`, where F0
`u
`u
`pattern from the system is denoted by r(x). Note that the filter will be defined for an arbitrary form of r(x),
`rather than a delta function, as is normally the case in correlator systems (Mahalanobis et al). The output
`pattern c(x) will be used both to link with the digital key during enrollment, and to retrieve the digital key
`during verification.
`
`H
`
`t0
`
`F
`
`t0
`
`C
`
`t(x) ≈ r(x), i.e. the output pattern should be as close as possible to the desired
`≤≤
`For
`, we require that c0
`Tt1
`t(x), in the training set. An error term, Esimilarity, can be defined, such
`output function r(x), for each image, f0
`that:
`
`Eq. 22-1
`
`t
`
`( )
`x
`
`−
`
`( )
`x
`
`r
`
`c
`
`0
`
`2
`
`dx
`
`T
`
`T1
`
`E
`
`similarity
`
`=
`
`For
`
`ts,
`
`∈
`
`{
`1,
`
`}
`,T,
`
`
`
`
`
` tand
`
`≠
`
`s
`
`Eq. 22-2
`
`(cid:2)(cid:3)(cid:4)
`
`If
`then
`
`f
`
`0
`t
`0
`
`c
`
`0
`s
`
`f
`
`0
`
`(cid:304)
`
`input
`
`=
`1t
`Esimilarity is thus defined as a measure of the similarity of the output correlation patterns such that Esimilarity=0
`implies that the output correlation patterns are identical for all of the training set images. Thus, we seek to
`minimize Esimilarity. Also, we wish to minimize the error due to distortion in the input images, i.e.:
`( )
`( )
`( )
`t
`s
`st,
`ε
`=
`+
`x
`x
`x
`input
`( )
`( )
`( )
`st,
`ε
`=
`+
`x
`x
`x
`c
`output
`( )xst,
`
`Assuming that the distortion terms,
`
`the error term due to either the additive distortion or to changes in
`
`0f
`
` is given by:
`
`8
`
`, are uncorrelated, then it can be shown that the variance of
`( )xt
`
`

`

`E
`
`noise
`
`=
`
`( )
`u
`
`2
`
`( )
`duu
`
`P
`
`H
`
`Eq. 22-3
`
`where
`
`Eq. 22-4
`
`{FT
`
`ε
`input
`
`2
`
`st,
`
`( )
`}x
`
`− =
`
`1T
`
`T
`
`( )
`u
`
`P
`
`=
`
`2
`−
`T(T
`
`1)
`
`+=
`1ts
`1t
`i.e. P(u) represents the power spectrum of the change between the fingerprints in the training set. In general
`P(u) is readily approximated by a function which characterizes the type of object for which the filter is
`designed. For fingerprint images, each element of P(u) can be uniformly set to a value of 1; see Soutar et al,
`Biometric Encryption™ using image processing.
`
`Thus, the term Esimilarity characterizes the similarity of system output in response to each of the training set
`images, and the term Enoise characterizes the effect of image-to-image variation. Esimilarity determines how
`selective (or discriminating) the filter function is, and Enoise determines how tolerant it is to the expected
`distortions in the fingerprint images.
`
`We wish to derive a filter that minimizes the total error, Etotal.
`2
`
`+
`
`α−
`
`α=
`
`≤α≤
`
`E
`E
`1
`E
`0
`,
`1
`Eq. 22-5
`total
`noise
`similarity
`By allowing α to vary between 0 and 1, we can optimize the performance of the filter to produce a
`compromise between discrimination capability and distortion tolerance, following the optimal trade-off
`procedure developed by Réfrégier. Substituting the filter constraints defined above into equation 22-5 and
`minimizing Etotal with respect to H(u), yields the following expression for H(u); see Soutar et al, Biometric
`Encryption™ using image processing:
`
`Eq. 22-6
`
`Eq. 22-7
`
`9
`
`( )
`u
`
`R
`
`(cid:8)(cid:8) (cid:9)
`
`( )
`u
`
`F
`
`t
`
`0*
`
`T
`
`=
`1t
`
`T1
`(cid:11)(cid:11) (cid:12)
`
`2
`( ) (cid:2)
`u
`
`(cid:3)(cid:4)
`
`t
`
`F
`0
`
`T
`
`=
`1t
`
`T1
`
`( )
`u
`
`P
`
`+
`
`α−
`
`2
`
`1
`
`(cid:2)(cid:6)(cid:7)
`
`( )
`u
`
`H
`
`=
`
`α−
`
`2
`
`1
`
`α
`(cid:2)(cid:5)
`where * denotes complex conjugate. It is convenient to define the following terms:
`T
`
`t
`
`( )
`u
`
`F
`0
`
`=
`1t
`
`T1
`
`( )
`u
`
`=
`
`A
`0
`
`

`

`Eq. 22-8
`
`2
`
`t
`
`( )
`u
`
`F
`0
`
`T
`
`=
`1t
`
`T1
`
`( )
`u
`
`=
`
`D
`0
`
`Thus,
`
`Eq. 22-9
`
`( )
`u
`
`H
`
`=
`
`( )
`0*
`(u)
`u
`R
`A
`( )
`2
`α−
`+
`α
`1
`(u)
`u
`P
`D
`0
`where the constant scalar (1-α2)1/2 has been ignored. Note that the phase component of H(u) is determined
`by A0(u) and R(u), as both P(u) and D0(u) are real positive functions. P(u) and D0(u) are both normalized
`according to their respective mean values. The term R(u) is the Fourier transform of r(x), and all other
`terms are related to the training set of fingerprint images. Although equation 22-9 defines a filter, H(u), that
`is optimized for any function R(u), the form of R(u) should be chosen to obtain maximum security of H(u).
`This concept will be further developed in the next section. Note that the term α in H(u) provides a trade-off
`between the discrimination capability and distortion tolerance of the filter. For α=0, the filter will produce
`t(x) that is very close to r(x) for each corresponding member of the training set, however, it will be
`output c0
`very sensitive to distortions presented in non-training images, i.e. the filter is very discriminating, but
`distortion intolerant. Conversely, for α=1, the system will be extremely tolerant to distortions in the input,
`but may struggle to discriminate between different users of the system. α can therefore be used to produce a
`tighter or more forgiving system, depending on the system requirements. For the normalized versions of
`P(u) and D0(u), the optimal value of α for fingerprint images was determined to be approximately 0.3
`(Soutar et al, Biometric Encryption™ using image processing).
`
`Security of the filter function
`2.5
`Equation 22-9 defines a filter function that provides a trade-off between discrimination capability and
`distortion tolerance. However, the third requirement of the system is that the filter function stored as part of
`the Bioscrypt must be immune to attack, i.e. neither the biometric image, f(x), nor the output function, r(x),
`should be independently recoverable from the Bioscrypt. Normally, in a correlation system, the filter
`function, H(u) as defined above, would be stored as the Bioscrypt. However, to maximize security, it is
`appropriate that a modified version of H(u) is stored. This modified H(u) is termed the stored filter function,
`Hstored(u). Specifically, the security of Hstored(u) is found to be maximized if only the phase component,
`( )u
`e Hiφ
`
`, of H(u) is stored and R(u) is a random, uniformly-distributed phase function. Hstored(u) thus
`( )u0
`Aiφ−
`
`comprises the product of
`
`e
`
` and a random phase-only function. It will be seen in the section entitled
`
`10
`
`

`

`( )u0
`Aiφ−
`, with a random, uniformly
`e
`Secure filter design, that the product of an arbitrary phase function,
`distributed phase function, R(u), has perfect secrecy, see Stinson for a definition of perfect secrecy.
`( )u0
`Aiφ−
`
`Therefore neither
`
`e
`
` nor R(u) can be retrieved from Hstored(u).
`
`Thus, storing only the phase of H(u) satisfies the security requirement for Biometric Encryption. However,
`it is obvious from equation 22-9 that the optimized filter function, H(u), contains magnitude as well as phase
`information. The ideal form for the stored filter function for security thus differs from the ideal form of the
`filter function that was optimized for discrimination and distortion tolerance. To simply ignore the
`magnitude information disregards the optimization procedure.
`
`A solution to this problem is that the magnitude information that is required for the optimal filter function,
`H(u), is not part of the stored filter function, Hstored(u), but is instead regenerated during each verification
`procedure. To accomplish this, the concept of a transitory filter is introduced.
`
`2.6 Transitory filter
`In this section, the mechanism for calculating an optimal H(u), for consistency, and storing a modified
`version, Hstored(u), for security, is described.
`
`R
`
`0*
`(u)
`A
`( )
`α−
`1
`(u)
`u
`P
`D
`0
`H(u) was optimized to produce a consistent c0(x) (and as close to r(x) as is possible) when a member of the
`t(x) at
`t(x) is presented to the system. Consider the output function, c0
`t(x), produced with f0
`training image f0
`the input:
`
`Eq. 22-11
`
`11
`
`Consider generating an array, R(u), whose elements have unity magnitude. Thus, R(u) is a phase-only
`function whose phase values, j, are random and uniformly distributed such that 0 ≤ j < π2 , i.e.:
`( )
`( )
`φ
`π
`u
`i
`)1,0[
`2
`Ui
`=
`=
`Eq. 22-10
`u
`R
`e
`e
`where U[0, 1) represents an array of elements in which each element, m, is randomly and uniformly
`( )u
`e Riφ
`distributed such that 0 ≤ m < 1. In the discussion that follows
` is used to represent the random
`T(x)}, H(u)
`1(x), f0
`2(x), …, f0
`phase-only function defined above. Thus, using the set of training images, {f0
`can be calculated using equation 22-9, i.e.:
`( )
`u
`
`H
`
`=
`
`α
`
`( )u
`
`φ
`Rie
`
`+
`
`2
`
`

`

`Eq. 22-12
`
`t(x) at the input (i.e.
`
`(cid:3)(cid:4)
`
`( )(cid:2)
`u
`
`φ
`i
`
`R
`
`e
`
`( )
`u
`+
`
`α
`
`φ−
`i
`
`A
`0
`
`( )
`u
`
`α−
`
`2
`
`A
`e
`0
`( )
`u
`1
`(u)
`P
`D
`0
`t(x), produced with a non-training image, f1
`
`t
`
`F
`0
`
`(cid:2)(cid:6)(cid:7)
`
`t
`
`( )
`x
`
`=
`
`1-
`
`FT
`
`c
`
`0
`
`(cid:2)(cid:5)
`Similarly, consider the output function, c1
`during verification):
`
`( )
`u
`
`φ−
`i
`
`( )
`u
`
`A
`0
`
`α−
`
`2
`
`(u)
`
`D
`(cid:2)(cid:5)
`0
`t(x), will be used to
`where the subscript 1 represents an image used in verification. The output pattern, c1
`t(x) as possible,
`t(x) is as close to c0
`retrieve the digital key during verification. Clearly, it is desired that c1
`t(x) → c0
`t(x) if the testing image, f1
`t(x), is identical to the training
`for the legitimate user. Of course, c1
`t(x). It is known, however, that effects due to behavioral, environmental and physiological changes
`image, f0
`t(x). On the other hand, for either enrollment or
`t(x) will not be identical to f0
`will determine that f1
`verification, it is found in Roberge et al that as the number of fingerprints, T, in the set increases, the average
`of the FT’s of the images, A0(u), converges to a fixed function (at approximately T = 6). Thus, because the
`set of enrollment images are captured in the same way as the subsequent verification images, at T = 6, A1(u)
`≅ A0(u) and D1(u) ≅ D0(u). Therefore, in equations 22-12 and 22-13, we use A0(u) to represent F0
`t(u), and
`t(u), i.e. we use the average of the fingerprint transforms to represent the individual
`A1(u) to represent F1
`fingerprints. To ensure that we never have to store any magnitude information in the stored filter function
`(recall that for optimal security, we wish to store only phase terms), we also approximate |A0(u)| by |A1(u)|
`and D0(u) by D1(u) in equation 22-13. These approximations can be substituted into equations 22-12 and
`22-13 to yield:
`
`Eq. 22-13
`
`(cid:3)(cid:4)
`
`( ) (cid:2)
`u
`
`φ
`
`i
`
`R
`
`e
`
`e
`1
`
`( )
`u
`+
`
`A
`0
`( )
`u
`
`α
`
`P
`
`( )
`u
`
`t
`
`F
`1
`
`(cid:2)(cid:6)(cid:7)
`
`( )
`x
`
`t
`
`c
`1
`
`=
`
`FT
`
`1-
`
`Eq. 22-14
`
`(cid:3)(cid:4)
`
`( ) (cid:2)
`u
`
`φ
`
`i
`
`R
`
`e
`
`( )
`u
`
`φ−
`i
`
`A
`0
`
`2
`
`α
`
`( )
`u
`
`A
`0
`
`(cid:2)(cid:6)(cid:7)
`
`( )
`x
`
`=
`
`1-
`
`FT
`
`c
`
`0
`
`Eq. 22-15
`
`Eq. 22-16
`
`Eq. 22-17
`
`( )
`u
`e
`+
`1
`
`A
`0
`( )
`u
`
`P
`
`α−
`
`D
`
`0
`
`(u)
`
`(cid:3)(cid:4)
`
`( ) (cid:2)
`u
`
`φ
`
`i
`
`R
`
`e
`
`( )
`u
`
`φ−
`i
`
`A
`0
`
`e
`
`(u)
`}(u)
`
`A
`0
`+
`1
`( )
`u
`
`( )
`u
`
`P
`
`•
`
`H
`
`0
`
`( )
`u
`α−
`
`2
`
`D
`
`0
`
`•
`
`H
`
`stored
`
`( )
`u
`
`α
`( )
`u
`
`(cid:2)(cid:5)
`
`A
`0
`
`(cid:2)(cid:6)(cid:7)
`
`(cid:2)(cid:5)
`
`=
`
`FT
`
`1-
`
`=
`
`FT
`
`−
`1
`
`{
`
`A
`0
`
`(cid:3)(cid:4)
`
`( ) (cid:2)
`u
`
`φ
`
`i
`
`R
`
`e
`
`e
`1
`
`( )
`u
`A
`1
`( )
`+
`u
`
`α
`
`P
`
`( )
`u
`
`A
`1
`
`(cid:2)(cid:6)(cid:7)
`
`(cid:2)(cid:5)
`
`( )
`x
`
`c
`1
`
`=
`
`FT
`
`1-
`
`and
`
`12
`
`φ−
`i
`
`( )
`u
`
`A
`0
`
`α−
`
`2
`
`D
`1
`
`(u)
`
`

`

`Eq. 22-18
`
`Eq. 22-19
`
`(cid:3)(cid:4)
`
`( )(cid:2)
`u
`
`φ
`
`i
`
`R
`
`e
`
`φ−
`i
`
`A
`0
`
`( )
`u
`
`e
`
`2
`
`( )
`u
`A
`1
`α−
`1
`
`( )
`+
`u
`( )
`u
`
`H
`
`•
`
`H
`
`( )
`u
`
`α
`( )
`u
`
`•
`
`A
`1
`
`(cid:2)(cid:6)(cid:7)
`
`(cid:2)(cid:5)
`
`=
`
`FT
`
`1-
`
`=
`
`FT
`
`−
`
`1
`
`P
`
`(u)
`D
`1
`}(u)
`{
`A
`1
`1
`stored
`Thus, as stated in the previous section, only the product of the phase of the complex conjugate of the training
`( )u0Aie
`( )u
`φ−
`e Riφ
`( )
`u
`
`set images,
`
`, is stored as the stored filter function, i.e.,
`( )u
`
`φ
`Ri
`
`0A
`
`, and the phase-only function,
`φ−=
`( )
`i
`Eq. 22-20
`u
`H
`e
`e
`stored
`The magnitude terms of the optimal filter are calculated on-the-fly during either enrollment or verification.
`Therefore, the transitory filter is defined as the product of the stored phase-only term, Hstored(u), and the
`( )u1H
`( )u0H
` and
`, for enrollment and verification, respectively. Thus, only phase
`magnitude terms,
`information is stored (security is obtained) and the magnitude information that is required for the verification
`procedure is derived from the fingerprint images acquired during the verification session (consistency is
`preserved).
`
`In the next section, the security aspects of Hstored(u) will be further examined. In the section entitled
`Enrollment / Verification, it will be demonstrated how the digital key is linked with c0(x) during enrollment,
`and retrieved from c1(x) during verification.
`
`Secure filter design
`2.7
`Previously it was stated that the stored filter function, Hstored(u), is required to be secure against attack in that
`neither the user’s fingerprint, nor r(x), can be independently obtained from it. The concept of the product of
`two phase-only arrays, which is denoted here as the phase-phase product, was used to provide security for
`Hstored(u). In this section the security of the phase-phase product is illustrated by using the analogy of the
`classic cryptographic one-time pad and the concept of perfect secrecy.
`
`The Vernam one-time pad, first described in 1917 by Gilbert Vernam, is a well-known realization of a
`{ }n1,0=
`=
`=
`1n ≥ ,
`, where
`cryptosystem with perfect secrecy. The one-time pad