Biometric encryption is commonly related to the generation/extraction of a secret value, commonly referred to as biometric key, from user biometric data (e.g., fingerprint, iris or retina eye scan, voice, face image). Such biometric key can subsequently be used for cryptographic applications such as user authentication and message authentication and encryption, either directly, as an encryption key, or as an input to more complex key generation algorithms.
A traditional user biometric authentication typically comprises two phases: an enrollment phase and an authentication phase. During the enrollment phase, a biometric reference template is created from a training set of biometric samples obtained from the user. Different enrollments generally give rise to different biometric reference templates. During the authentication phase, a live biometric sample of the same user is compared with the biometric reference template by using a measure of statistical closeness (similarity) between the live biometric sample and the stored biometric reference template. If the live biometric sample and the stored reference template are deemed sufficiently similar, then the authentication phase is considered successful.
In many current traditional biometric systems, the user biometric reference templates are stored in a database, out of users' control, and are often transmitted over unsecured network connections. This situation is probably due to the fact that biometric reference templates were considered to be non-invertible, meaning that it was thought that no information about the original biometric sample can be learned from a derived or transformed biometric reference template. However, recently A. Adler in “Images can be generated from quantized biometric match score data,” Proceedings of Canadian Conference on Electrical and Computer Engineering, pp. 1163-1166, 2004, has demonstrated that biometric reference templates may be inverted, showing that good images of original biometric samples can be obtained from biometric reference templates if some additional data such as the match scores are also available.
In the case of biometric encryption systems, the traditional biometric reference template is not stored at all. Instead, some auxiliary data derived from the user's biometric sample is stored, and this data should not be vulnerable the same way as the traditional reference templates are (i.e., should be non-invertible and should not reveal any essential information about the original biometric reference template). In the enrollment phase, the auxiliary data and an encryption key are derived from a training set of biometric samples obtained from the user and, in the case of randomization, from additional random data. The auxiliary data is stored. During the authentication phase, the encryption key can be reconstructed from a live user biometric sample and the corresponding auxiliary data. If the encryption key is the same as the one obtained during the enrollment phase, then the authentication is deemed successful.
Several biometric encryption algorithms that provide some form of protection of the biometric reference templates have been proposed in scientific and patent literature.
For example, U.S. Pat. No. 6,219,794 discloses a method for secure key management using a biometric, and in particular a secure method for consistently reproducing a digital key using a biometric, such as a fingerprint. The digital key is linked to the biometric only through a secure block of data, known as the protected filter. The key cannot be released from the protected filter other than via the interaction with the correct biometric image. Once generated, the digital key may then be used in a system as an encryption/decryption key or as a personal identification number (PIN).
A biometric encryption method based on iris biometric data is proposed by G. I. Davida, Y. Frankel, and B. J. Matt in “On enabling secure applications through off-line biometric identification,” Proceedings IEEE Symposium on Security and Privacy, pp. 148-157, 1998, and by G. I. Davida, Y. Frankel, B. J. Matt, and R. Peralta in “On the relation of error correction and cryptography to an off-line biometric based identification scheme,” Proceedings Workshop Coding and Cryptography, pp. 129-138, 1999. The method uses the technique of linear error-correcting codes applied to biometric reference templates, whereas the required error tolerance between the live biometric samples and biometric reference templates is provided by the error-correction capability of the codes used.
An alternative method to that proposed by Davida et al. is disclosed in WO00/51244, where a new type of cryptographic primitive, referred to as a fuzzy commitment scheme, is achieved by combining techniques from the areas of error-correcting codes and cryptography. Like a conventional cryptographic commitment scheme, a fuzzy commitment scheme is both concealing and binding: it is infeasible for an attacker to learn the committed value, and also for the committer to decommit a value in more than one way. The scheme is fuzzy in the sense that it accepts a witness that is close to the original encrypting witness in a suitable metric, but not necessarily identical. This characteristic of a fuzzy commitment scheme makes it particularly useful for applications such as biometric authentication systems, in which data is subject to random noise. Because the scheme is tolerant of errors, it is capable of protecting biometric data just as conventional cryptographic techniques, like hash functions, are used to protect alphanumeric passwords.
A fuzzy commitment scheme includes mapping an input pattern derived from biometric data to a first codeword selected from the plurality of codewords associated with an error-correcting code, calculating an offset between the input pattern and the first codeword, and hashing the first codeword. The offset is stored as auxiliary data, and a biometric key is derived from hash of the first codeword. The hash of the first codeword together with the offset form a fuzzy commitment. If an input pattern is derived from a live biometric sample, which is close, but not identical to the original biometric data used to generate the offset, then the input pattern is first translated by using the same offset and, then, the first codeword is reconstructed by applying a decoding function of the code to the translated input pattern.
A method of using biometric information for secret generation is disclosed in WO02078249, where a secret is generated from individual's biometric information, such as voice, handwriting, and fingerprint. In particular, a feature vector is extracted from the captured biometric data, the feature vector is then transformed into a codeword, and the codeword is used to construct the secret. A one-way hash of the secret is stored. Only if a user generates a new secret that has the same hash value as that stored will the user be confirmed. To keep pace with the gradual change of the measured biometric features, the secret can be updated adaptively. The secret may be an encryption key.