Fingerprint-based identification is gaining more and more popularity, e.g. corresponding fingerprint scanners are cheaper available. Fingerprint-based identification enables users to identify and authenticate themselves to local or remote entities such as login to a local computer or public institutes, electronic portals of governments or the like.
The process of the fingerprint scanning and matching involves a fingerprint scanner, i.e. a device that copies an image of fingerprints. The fingerprint scanner is connected via a network, for example the internet, to a remote database server, for example hosted by a governmental agency. When a user puts one of his fingers on the fingerprint scanner, the fingerprint scanner receives a fingerprint candidate and transmits it via the network to the database server. The database server then uses a fingerprint matching algorithm in order to match the candidate fingerprint to a fingerprint target stored in the database. If a correct target is found, then the database server transmits a response to the fingerprint scanner including the corresponding access policy associated with the correct fingerprint.
Fingerprint scanners are usually installed in trusted environments such as airports, embassies, governmental agencies or the like. The reason is that users are generally reluctant to trust in fingerprint scanners if these scanners are deployed in uncontrolled environments like local shops, supermarkets, etc. Users cannot check if the fingerprint scanners have been tampered with or not. Since those fingerprint scanners temporarily store and transmit personal sensitive material, i.e. fingerprints, there are considerable incentives for attackers to compromise such scanners.
In the non-patent literature of Mauro Barni, Tiziano Bianchi, Dario Catalano, Mario Di Raimondo, Ruggero Donida Labati, Pierluigi Failla, Dario Fiore, Riccardo Lazzeretti, Vincenzo Piuri, Fabio Scotti, Alessandro Piva, Privacy-preserving fingercode authentication, Proceedings of the 12th ACM workshop on Multimedia and security, Sep. 9-10, 2010, Roma, Italy and in the non-patent literature of Yan Huang, Lior Malka, David Evans, Jonathan Katz: Efficient Privay-Presering Biometric Identification, Proceedings of NDSS 2011 a prevention of database servers from learning any information about fingerprints is described while executing a fingerprint matching algorithm. Assuming that the fingerprint scanner is honest or trusted, privacy preserving fingerprint matching algorithms are proposed.
However, the methods described therein rely on trusted fingerprint scanners. It is therefore a disadvantage, that such fingerprint scanners can only be used in a controlled, i.e. secure environment. A further disadvantage is that rogue fingerprint scanners may try to impersonate users and therefore provide an increased risk for stealing personal data.