1. Technical Field
The invention relates generally to biometrics, and more particularly, to a method, system, and program product for transforming a biometric image using surface folding.
2. Background Art
Ensuring the privacy of personally-identifiable information is a growing concern in today's society. Traditional authentication techniques primarily utilize tokens or depend on some secret knowledge possessed by a user for verifying his or her identity. While such techniques have been popular, they suffer from a number of limitations. Neither token- nor knowledge-based techniques can differentiate between an authorized user and a person having access to an authorized user's token or password. In addition, knowledge-based techniques may require a user to manage multiple identities (user names, passwords, etc.), limiting the usefulness of such techniques.
Biometric authentication and identification techniques based on a user's physical characteristics (e.g., fingerprints, facial characteristics, retinal pattern, etc.) overcome the limitations of token- and knowledge-based techniques. As a result, biometric-based techniques are rapidly replacing token- and knowledge-based techniques. However, biometric-based authentication and identification techniques suffer from their own deficiencies.
First, biometric data are secure, but not secret. That is, while biometric data may be unique and inextricably linked to an individual, some biometrics, such as a voice, facial characteristics, signature, or fingerprint, may be intercepted in transmission or mined from a database and subsequently misused by someone other than the individual.
Second, biometric data cannot be revoked or cancelled. Unlike a token or password, which may be revoked, reset, replaced, etc. in the event that it is lost or otherwise compromised, biometric data are fixed. As a result, once compromised, biometric data cannot reliably be used to authenticate or identify the individual.
Third, biometric data may be used to track or otherwise observe an individual without his or her consent. For example, if the same biometric, such as a fingerprint, is used by more than one agency, application, or location, it may be possible to track an individual's movements, transactions, etc. by sharing biometric data between agencies, applications, or locations.
In an attempt to overcome these deficiencies, U.S. Pat. No. 6,836,554 to Bolle et al. describes a method for distorting a biometric, permitting use of the distorted biometric rather than the original, undistorted biometric. In the event that the distorted biometric is compromised, it can be revoked and a new distorted biometric produced using a distortion algorithm different than was used to produce the first distorted biometric. However, the distorted fingerprint approach taught by Bolle et al. comprises scrambled blocks of the undistorted fingerprint. As a consequence, a slight change in the position of a point of interest in the undistorted biometric may result in the point of interest being located in different blocks in the distorted fingerprint. This makes it difficult or impossible for an authentication device to identify an individual based on a distorted biometric stored in an authentication database. In addition, it may be possible to reconstruct the undistorted biometric from a fingerprint distorted according to the Bolle et al. block permutation method, thereby jeopardizing the security of the original biometric.
To this extent, a need exists for a biometric-based authentication system and method that does not suffer from the deficiencies of known systems and methods.