Biometric verification traditionally means the authentication or identification of individuals, whether human or animal, from biometric data concerning characteristics of one or more biological attributes of these individuals, such as the minutiae of fingerprints, the general shape of the fingers, the veins of a hand or finger, voice characteristics, iris characteristics, etc.
Such biometric verification conventionally uses a database in which biometric data are stored. These data concern individuals having previously undergone an enrollment (signup) phase so that they can be issued a certain right after biometric verification (driver's license, ticket for mass transit, remuneration, authorization to access a room, etc.).
A very simple example of biometric verification is illustrated in FIG. 1, which shows a database 1 storing a set of biometric data b1, b2, . . . , bN for enrolled individuals.
These biometric data b1, b2, . . . , bN are, for example, images representing some biological attribute for each of the different individuals (for example images of fingerprints, irises, etc.), characteristics relative to a biological attribute (for example a type, position, and orientation of minutiae in the case of fingerprints), or some other data.
Advantageously, a digital representation of biometric data can be used in order to simplify manipulation and allow these data to be used in a cryptographic algorithm.
As a non-limiting example, biometric data b1, b2, . . . , bN stored in the database 1 may each consist of a digital vector, for example a binary vector. Numerous ways of obtaining a digital vector from biometric information are known.
In the example in FIG. 1, the biometric verification occurs in the following manner for a given individual. A biometric data item b′ is obtained, for example in digital vector form, for the individual considered. This data item b′ is compared (reference 2) to all or part of the data b1, b2, . . . , bN stored in the database 1.
In case of a match or sufficient proximity thereto, one can infer that the individual concerned corresponds to an enrolled individual (identification) or to the enrolled individual he or she is claiming to be (authentication). This result is labeled R in FIG. 1.
Such a biometric verification is therefore based on an inclusive model, which tends to retain an enrolled individual as soon as his or her biological attribute reveals characteristics sufficiently close to those of the individual who is being verified.
Such a model is likely to pose certain problems.
In particular, it may require storing a large amount of information to be effective. As an example, for fingerprint minutiae it may be necessary to store the minutiae type (ridge ending or bifurcation), position, and orientation.
Such information could make it possible to find an individual by reconstructing his fingerprint, particularly if a dishonest person succeeds in accessing the contents of the database 1. This conflicts with the protection of individual privacy and freedom.
In addition, the number of operations performed during the biometric verification can be high, which is costly in terms of computational power and processing time. For a fingerprint, the comparison 2 between b′ and some or all of the data b1, b2, . . . , bN stored in the database 1 may require a comparison of the type, position, and orientation of each minutia of each fingerprint tested.
In the case of authentication, the biometric database 1 must be connected to an identity database (for example in alphanumeric form), to enable deciding whether or not an individual is the enrolled individual he or she is claiming to be. A one-to-one relationship between the biometric data and identity data stored in these databases could allow a dishonest person to find the correspondence between these two types of data too easily. Such a person could make use of this correspondence to steal the identity of enrolled individuals.
To overcome this problem, the use of a “weak link” between a biometric database 1 and an identity database has been proposed. Such a weak link does not allow establishing a one-to-one correspondence between biometric data and identity data, but still authorizes an authentication with an acceptable level of success. It is relatively complex to set up this weak link technique, however.