1. Field of the Invention
The present invention relates to a fingerprint verification method and apparatus safely storing fingerprint information and then performing verification. More specifically, the present invention relates to a fingerprint verification method and apparatus hiding minutiae and safely storing the fingerprint information in order to prevent the reuse of the fingerprint information when the important fingerprint information of the individual stored in a storing unit is leaked to the unauthorized users.
2. Description of the Related Art
Since the biometric data of the individual have finite information such as one face, two irises, etc., they cannot be freely changed unlike a password or a personal identification number (PIN) used to approach an information system. Since the fingerprint information also has 10 fingers, when the registration fingerprint information is leaked, a serious problem that the fingerprint information is changed only ten times may occur. Therefore, even though a living body, in particular, the fingerprint information stored in the storing unit is leaked, there is a need to prevent an attacker from reusing the leaked fingerprint information.
The simplest method for safely storing the finger information generally uses a cryptograph scheme. However, a method for using a cryptograph scheme has an additional problem safely and effectively managing a private key. In particular, since the a method for using a cryptograph scheme has a problem in repeatedly performing decoding operation during a comparison process for user verification and performing encryption operation when encrypting and storing the fingerprint information registered in the fingerprint verification system, it cannot be used in the fingerprint verification system that searches the users in a large capacity of database.
In order to solve the problem when using the encryption scheme for safely storing the fingerprint information, the fingerprint comparison should be performed in a transformed space in which the fingerprint information is transformed and stored by non-invertible transform. However, non-linear transform is required to perform the non-invertible transform. When the non-linear transform is performed, the geometrical information of the fingerprint information is lost, such that the general fingerprint comparing method according to the related art cannot perform the comparison in the transformed space.
As an alternative of the non-invertible transform, there is a method that adds chaff fingerprint features optionally generated when registering the fingerprint features (real fingerprint features) of the user and registers them together. Since the registration fingerprint features are stored without explicitly indicating the real and chaff fingerprint features, the attacker cannot separate and reuse only the real minutiae when the registration fingerprint features are leaked to the attacker. However, since the person in question cannot identify what the real minutiae is, there is a problem in that he and/she cannot identify the real minutiae even when he and/she attempts just verification.
In order to solve the problem, any polynomial is generally generated and the real minutiae is configured to include values obtained by substituting into the generated polynomial and the chaff minutiae is configured to include values that do not exist in the generated polynomial. When the verification is requested, the same minutiae that coincides with each other by comparing the registration fingerprint features consisting of the real and chaff fingerprint features and the verified finger features can be obtained. At this time, when requesting the verification using the registration fingerprint of the user, most of the same minutiae are more likely to become the real minutiae. The same minutiae can confirm the person in question by generating the same polynomial as one used in the registration process by using simultaneous equations.
As described above, there are two problems in a method of protecting the real minutiae by adding the chaff minutiae.
First, the strength of safely protecting the real minutiae is proportional to the number of the added chaff minutiae. In other words, as the chaff minutiae is more added, the attacker cannot identify the real minutiae. However, the maximum number of addable chaff minutiae is determined depending on the size of the fingerprint image, such that the sufficient safety cannot be secured.
Second, in order to generate the same polynomial as one used in the registration process, a larger number of minutiae than the degree of the polynomial should be input to simultaneous equations. If the number of real minutiae of the registration fingerprint is smaller than the degree of the polynomial, there occurs a serious problem in that it is impossible to recover the polynomial even though all the real minutiae coincide with each other when performing the verification. When lowering the degree of the polynomial in order to solve the problem, the attacker can attempt the direct polynomial recovery instead of separating the real and chaff fingerprint features from the registration fingerprint features, such that there occur a problem in that the safety of the fingerprint verification system cannot be secured.
Korean Patent Registration No. 0714303 discloses an automatic fingerprint alignment of a finger fuzzy vault system and solves the problem by previously aligning minutiae using a geometric hashing scheme in a process of registering fingerprints and performing the matching with the previously aligned minutiae in the verification process, since the alignment problem of the fingerprint minutiae due to the similarity calculation of the template in which the minutiae of the user to be verified, the real minutiae, and the chaff minutiae are mixed occurs in a fingerprint fuzzy vault. However, there are problems in that the Korean Patent Registration No. 0714303 limits the number of addable chaff minutiae and uses one polynomial having a fixed degree, depending on the size of the fingerprint image such that it cannot secure the safety of the fingerprint verification system.
““Fuzzy Vault for Fingerprints”, Audio- and Video-based Biometric Person Authentication, Vol. 5, pp. 310-319, 2005.7” published by U. Uludag et al. discloses a scheme that measures the fingerprint verification performance by applying the fuzzy vault to the fingerprint and fixes the number of polynomials into one and then applies the fuzzy vault to the fingerprint. However, the scheme disclosed in the article limits the number of addable chaff minutiae and uses one polynomial having a fixed degree, depending on the size of the fingerprint image, such that it cannot secure the safety of the fingerprint verification system.
““Fingerprint-based Fuzzy Vault Implementation and Performance”, IEEE Trans Information Forensics and Security, Vol 2, No 4, pp 744-757, 2007.12” published by K Nandakumar, et al. uses extracted data, that is, Helper Data for fingerprint alignment separately from a fingerprint feature extracting process in order to solve the fingerprint alignment problem of the finger fuzzy vault and discloses a scheme depending on total inspection using CRC decoding in order to recover the polynomial. However, the scheme disclosed in the article limits the number of addable chaff minutiae and uses one polynomial having a fixed degree, depending on the size of the fingerprint image, such that it cannot secure the safety of the fingerprint verification system.