The use of biometrics for identification and/or authentication of an individual is in many cases considered to be a better alternative to traditional identification means such as passwords and pin-codes. The number of systems that require identification in the form of passwords/pin-codes is steadily increasing and, consequently, so is the number of passwords/pin-codes that a user of the systems must memorize. In biometric identification, features that are unique to a user such as fingerprints, irises, ears, faces, etc. are used to provide identification of the user. Clearly, the user does not lose or forget his/her biometric features, neither is there any need to write them down or memorize them.
On the other hand, biometrics may also be used as public identifiers in public-key cryptography, including digital signatures. That is, it should be possible for an individual in such a scheme to provide a set of data, e.g. an electronic document, with a signature such that a third party subsequently can verify the validity of the signature based on the signer's biometric data. In traditional public-key signature schemes, a (randomly generated) public key is usually associated to the identity of a signer by means of a certificate, issued by a trusted certification authority. When trying to use biometric information as the signer's identity, a problem arises because traditional signature schemes verify correctly only under a single public key, rather than under a whole range of public keys that are sufficiently “close” to the one used to sign the message. Due to the very nature of biometrics and the measurement errors involved in acquiring a biometric template of an individual, two biometric templates of a given individual will never be completely identical, which makes identification problematic. Therefore, a matching algorithm should allow for small differences between the two templates.
Identity Based Signature (IBS) schemes are previously known and use identities as public keys, for example an arbitrary bit string in the form of an email address. Conventional signature schemes, on the other hand, typically use extensive bit strings as public keys and rely on digital certificates to associate an individual with a public key. “A biometric identity based signature scheme” by Burnett, Duffy and Dowling discloses a signature scheme where biometric data of an individual is used to create and verify a digital signature. However, in this disclosure, biometric data is extracted and processed by means of employing the concept of fuzzy extractors.