1. Field of the Invention
The present invention generally relates to a biometric technique, and more particularly, to a biometric method and a biometric apparatus integrated with a cryptography technique.
2. Description of Related Art
Thanks to the development of information technology, many routines and procedures in our daily life have been gradually digitalized. People record their daily experiences and creative ideas into personal computers, digital media, and mobile devices and use various encryption and authentication methods for protecting such important data. Conventional encryption and authentication methods, such as personal password, cannot provide sufficient security in data protection. Not only a user has to memorize different passwords and which may result in mistakes, but the passwords may be misappropriated or cracked. Individually specific “biological identities” (for example, human faces, fingerprints, signatures, and irises) can be adopted for providing effective data protection since they cannot be duplicated or stolen.
FIG. 1 is a flowchart of a conventional biometric method. A particular biometric feature is usually registered or recorded in advance (step S110) to be used in subsequent comparison. After that, a biometric apparatus requests a user to input a biometric data (step S120) and compares the biometric data with the registered biometric feature (step S130) to determine whether the two match with each other (step S140). If the registered biometric feature matches with the biometric data input by the user, the biometric apparatus outputs a result indicating that the authentication is successful (step S150); otherwise, if the registered biometric feature does not match with the biometric data input by the user, the biometric apparatus outputs a result indicating that the authentication failed (step S160). Generally speaking, the implementations of foregoing step S110 and step S120 are similar. For example, step S120 can be divided into various sub-steps, such as data collection (step S121), signal processing (step S122), biometric feature extraction (step S123), and biometric data input (step S124).
Regarding the comparison between the registered biometric feature and the biometric data in foregoing step S130, a threshold is usually used in biometric authentication. Values within the threshold are accepted, while values over the threshold are rejected. Unlike cryptography techniques, such authentication comparison does not require 100% accuracy, namely, a certain error between the compared two data is tolerable. For example, assuming that a registered biometric feature is 35 and the threshold is 5, then the registered biometric feature and a biometric data are considered to match with each other if the biometric data is between 30 and 40, and the registered biometric feature and a biometric data are considered not to match with each other if the biometric data is smaller than 30 or greater than 40. As to a cryptography technique, assuming that a registered password is 35, the registered password and an input password are considered not to match with each other if the input password is 37, and the registered password and an input password are considered to match with each other if the input password is 35. Biometrics and cryptography are compared side-by-side in following table 1.
TABLE 1Comparison between biometrics and cryptographyCryptographyBiometricsAuthenticationDigitalAnalogmethodAuthenticationWithout error toleranceWith error toleranceruleData processingData is disorderedData is processed but notdisorderedAdoption ofData can be encrypted andData cannot be encryptedcryptographysignedor signedtechnique
However, a conventional biometric method can only compare data locally and cannot be integrated with any cryptography technique. This is because the biometric data which allows a certain error will be completely disordered and accordingly cannot be compared anymore once it is encrypted. Besides, when a biometric data is pre-recorded into a biometric apparatus as a registered biometric feature and is compared with a biometric data, following problems may be incurred.
(1) The registered biometric feature stored in the biometric apparatus may be cracked and stolen.
(2) Since a certain error is acceptable between the registered biometric feature and a biometric data, the biometric data cannot be protected through any data security method such as a hash function or an encryption operation. Thereby, the biometric data may be intercepted when the comparison is carried out remotely.