WO2007058520A1 - Improvements in and relating to biometrics - Google Patents

Improvements in and relating to biometrics Download PDF

Info

Publication number
WO2007058520A1
WO2007058520A1 PCT/MY2006/000029 MY2006000029W WO2007058520A1 WO 2007058520 A1 WO2007058520 A1 WO 2007058520A1 MY 2006000029 W MY2006000029 W MY 2006000029W WO 2007058520 A1 WO2007058520 A1 WO 2007058520A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
biometric
sequence
input
secret
Prior art date
Application number
PCT/MY2006/000029
Other languages
French (fr)
Other versions
WO2007058520A8 (en
Inventor
Alwyn Goh
Chek Ling David Ngo
Original Assignee
Corentix Technologies Sdn Bhd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Corentix Technologies Sdn Bhd filed Critical Corentix Technologies Sdn Bhd
Publication of WO2007058520A1 publication Critical patent/WO2007058520A1/en
Publication of WO2007058520A8 publication Critical patent/WO2007058520A8/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands

Definitions

  • the invention relates to a method and apparatus for comparing user and reference user biometric inputs.
  • the invention relates to a method and apparatus for comparing user and reference user biometric inputs by generation of a digital bitstring.
  • the method and apparatus may be for comparing user and reference user biometric inputs by generation of a random mixture of biometric and external digital inputs, and thereafter the digital bitstring.
  • Biometric technology is becoming more and more commonly used for security applications. For example, many work places make use of iris scanning and fingerprint recognition systems for maintaining security. Users are required to register their biometric data (e.g. fingerprint) before using the system. Then, subsequently, when their biometric data is sampled (e.g. their fingerprint scanned), this sample is compared with the reference data and, if the two pieces of data match, the user is authorized to, for example, enter a work place or log onto a computer network.
  • biometric data e.g. fingerprint
  • biometric comparisons like this have several disadvantages. Firstly, they may not be sufficiently robust to deal with unavoidable differences in sample and reference conditions (e.g. variable lighting for face data), and discrimination between a legitimate user and an imposter. Secondly, they may not have good biometric data storage along with the necessary protection of that data. Thirdly, security may be an issue. That is, there may risk of impersonation by malicious parties via use of compromised biometric data. Finally, they may not be particularly versatile e.g. can only cope with limited functionality of identity establishment.
  • sample and reference conditions e.g. variable lighting for face data
  • a method for comparing user and reference biometric inputs comprising: a) receiving a digital input CC from a user; b) generating a mutually uncorrelated random analogue sequence from CC ; c) receiving an analogue biometric input ⁇ from the user; d) generating a biometric representation from ⁇ ; e) generating a digital bitstring ⁇ from the sequence; and f) comparing the bitstring ⁇ with a previously computed bitstring ⁇ ° derived from a digital input a° from a reference user and a biometric input ⁇ ° from the reference user, to determine whether the user is the same as the reference user.
  • a method for comparing user and reference biometric inputs comprising:
  • the digital bitstring ⁇ is compared with a previously computed bitstring ⁇ ° derived from a digital input a° from the reference user and a biometric input ⁇ ° from the reference user, to determine whether the user is the same as the reference user.
  • the digital input CC may be a number or parameter associated with a physical device.
  • OC may be a password or a personal identification number.
  • cc° may be a number or parameter associated with a physical device.
  • may be a password or personal identification number.
  • step b) comprises: generating a random sequence from CC ; and de- correlating and normalizing the sequence to form a mutually uncorrelated random sequence.
  • the individual elements of that sequence may be a mathematical representation similar to that of the biometric representation generated at step d).
  • the random sequence is such that digital input OC may not be derived from the random sequence.
  • the random sequence is such that one portion of the sequence may not be derived from another portion of the sequence.
  • the mutually uncorrelated random sequence is such that digital input CC may not be derived from the mutually uncorrelated random sequence.
  • the mutually uncorrelated random sequence is such that one portion of the sequence may not be derived from another portion of the sequence.
  • Analogue biometric input ⁇ may be a one-dimensional function of time. In one such embodiment, ⁇ is a handwritten signature motion. In another such embodiment, ⁇ is a voiceprint sequence. Similarly, reference biometric input ⁇ ° may be a one-dimensional function of time. In one such embodiment, ⁇ ° is a handwritten signature motion. In another such embodiment, ⁇ ° is a voiceprint sequence.
  • analogue biometric ⁇ may be a two-dimensional image array.
  • is a fingerprint scan.
  • is a face photograph.
  • is an iris scan.
  • reference biometric input ⁇ ° may be a two-dimensional image array.
  • ⁇ ° is a fingerprint scan.
  • ⁇ ° is a face scan.
  • ⁇ ° is an iris scan.
  • step d) may comprise integrating, in two dimensions, biometric input ⁇ .
  • the biometric representation may be a real or complex vector or a real or complex function.
  • Step d) may comprise matrix operations in one or more dimensions, resulting in biometric representations of real or complex-valued vectors.
  • Step d) may comprise integrations in one or more dimensions, resulting in biometric representations of real or complex-valued functions.
  • step d) comprises the steps of: generating an intermediate biometric representation from ⁇ , the intermediate biometric representation being a real or complex function; and generating the biometric representation from the intermediate biometric representation, the biometric representation being a real or complex function or a real or complex vector.
  • the step of generating an intermediate biometric representation may comprise at least one integration in one or more dimensions.
  • the step of generating the biometric representation from the intermediate biometric representation may comprise at least one matrix operation in one or more dimensions.
  • step (f) may comprise obtaining a Euclidean or other continuously variable distance between c and c° and comparing the continuously variable distance with a predetermined threshold. If the continuously variable distance is less than the predetermined threshold, the user may be deemed to be the reference user. Alternatively, if the continuously variable distance is more than the predetermined threshold, the user may be deemed to be different from the reference user.
  • step h) comprises obtaining a Hamming distance between ⁇ and ⁇ ° and comparing the Hamming distance with a predetermined threshold. If the Hamming distance is less than the predetermined threshold, the user may be deemed to be the reference user. Alternatively, if the Hamming distance is more than the predetermined threshold, the user may be deemed to be different from the reference user.
  • the parity-check may be derived from ⁇ ° using a parity-matrix computation. If such error correction is used, and a Hamming distance is used, a smaller predetermined threshold may be used to determine whether the user is the reference user. This allows a more reliable determination of whether the user is the reference user.
  • the method may further comprise the step of encrypting the digital bitstring ⁇ .
  • the method may further comprise the step of storing the encrypted digital bitstring.
  • the encryption is such that decryption requires knowledge of digital input ( X .
  • the encryption is such that the decryption requires knowledge of a second digital input a 1 .
  • the method further comprises the step of generating a secret-key x from digital input CC and bitstring ⁇ .
  • the secret-key is preferably recoverable by knowledge of a given number of secret shares. The given number may depend on the properties of secret-key x.
  • the individual secret-shares may be assigned so as to associate CC and possible values of ⁇ with x.
  • the secret-shares are such that the secret-key x may not be derived from an insufficient number of secret-shares.
  • the secret-shares are such that an individual secret-share may not be derived from an insufficient number of secret-shares.
  • the method may further comprise the step of generating a plurality of secret-shares associated with a plurality of digital inputs OC and a plurality of analogue biometric inputs ⁇ .
  • the method may further comprise the step of generating a plurality of recovery parameters for recovering secret-key x.
  • each secret share may be obtained by one of the plurality of recovery parameters.
  • the method may further comprise the step of generating a set of recovery parameters from the set of secret-shares, such that each secret-share is associated with a respective recovery parameter.
  • each recovery parameter is such that its respective secret-share cannot be derived from it.
  • the recovery parameters are such that input CC or possible values of bitstring ⁇ cannot be derived from the corresponding recovery parameter.
  • the method may further comprise the step of encrypting the plurality of recovery parameters.
  • the method may further comprise the step of storing the encrypted recovery parameters.
  • the encryption is such that decryption requires knowledge of digital input OC .
  • the encryption is such that the decryption requires knowledge of a second digital input OC* .
  • the method may further comprise the step of generating a public-key x' from secret-key x.
  • x and x' may form an asymmetric key-pair.
  • x' is such that the secret-key x may not be derived from the public-key x'.
  • the method may further comprise the step of generating a cryptographic parameter s from the public-key x'. That step of generating may comprise generating a cryptographic parameter s from the public-key x' and at least one further digital input. Preferably s is such that the secret- key x may not be derived from s.
  • apparatus for comparing user and reference biometric inputs comprising:
  • a second receiver for receiving a biometric input ⁇ from the user;
  • a processor for generating: i) a mutually uncorrelated random sequence from CC , ii) a biometric representation from ⁇ , iii) a digital bitstring ⁇ from the sequence and the representation; and (d) at least one comparator for comparing i) the bitstring ⁇ with a previously computed bitstring ⁇ ° derived from a digital input cc° from a reference user and a biometric input ⁇ ° from the reference user, to determine whether the user is the same as the reference user.
  • the processor may be for generating a correlation mixture sequence c from the sequence and the representation, and generating the digital bitstring ⁇ from the mixture.
  • the at least one comparator may be for comparing a correlation mixture sequence c with a previously computed mixture c° derived from the digital input ⁇ °from the reference user and the biometric input ⁇ ° from the reference user.
  • the previously computed bitstring ⁇ ° may be derived from mixture c 0 which, in turn, may be derived from the digital input a° .
  • apparatus for comparing user and reference biometric inputs comprising:
  • bitstring ⁇ with a previously computed bitstring ⁇ ° derived from mixture c°, which is in turn derived from a digital input ⁇ x° from a reference user and a biometric input ⁇ ° from the reference user, to determine whether the user is the same as the reference user.
  • Figure 1 is a block diagram of a first exemplary embodiment
  • Figure 2 is a first arrangement of block 200 in Figure 1
  • Figure 3 is a second arrangement of block 200 in Figure 1
  • Figure 4a shows user and imposter distributions of analogue biometric representation b' and digital representation X for a face image
  • Figure 4b shows user and imposter distributions of analogue biometric representation b' and digital representation X for a fingerprint scan
  • Figure 4c shows FA and FR characteristics of analogue representation b' and digital representation X for the face image plot of Figure 4a
  • Figure 4d shows FA and FR characteristics of analogue representation b' and digital representation X for the fingerprint scan plot of Figure 4b;
  • Figure 4e shows user and imposter distributions for a face image plot using linear discriminant analysis with a bitstring transformation output
  • Figure 4f shows FA and FR characteristics for a face image plot using linear discriminant analysis with a bitstring transformation output
  • Figure 4g shows FA and FR characteristics for a face image plot using linear discriminant analysis with a random-mix transformation output
  • Figure 4h shows user and imposter distributions for a face image plot using linear discriminant analysis with a random-mix transformation output
  • Figure 4i shows FA and FR characteristics for a fingerprint scan using the Fourier-Mellin vectorisation method with a bitstring transformation output
  • Figure 4j shows FA and FR characteristics for a fingerprint scan using the Fourier-Mellin vectorisation method with a random-mix transformation output
  • Figure 4k shows user and imposter distributions for a fingerprint scan using the Fourier- Mellin vectorisation method with a bitstring transformation output
  • Figure 41 shows user and imposter distributions for a fingerprint scan using the Fourier-
  • Figure 5 is a first arrangement of block 300 in Figure 1 ;
  • Figure 6 is a second arrangement of block 300 in Figure 1 ;
  • Figure 7 is a block diagram of a second exemplary embodiment;
  • Figure 8 is a block diagram of a third exemplary embodiment
  • Figure 9 is a first arrangement of block 500 in Figure 9;
  • Figure 10 is a second arrangement of block 500 in Figure 9;
  • Figure 11 is a block diagram of a fourth exemplary embodiment
  • Figure 12 is a block diagram of a fifth exemplary embodiment
  • Figure 13 is a block diagram of a sixth exemplary embodiment.
  • V*-/ j is used, this refers to a sequence or string of symbols x, each symbol in the sequence having an order denoted by i.
  • Block 100 receives input ⁇ . a is used throughout the description to represent a secret digital input from the user.
  • This secret input may be a number or a parameter uniquely associated with a physical device e.g. details on the magnetic strip of a swipe card. Alternatively, this secret input may be a password or a personal identification number (PIN) associated with the user and known only to the user.
  • Block 200 receives input ⁇ . ⁇ is used throughout the description to represent an analogue biometric input from the user.
  • This biometric input may be a fingerprint, a handwritten signature action, a voiceprint pattern, a face image, an iris scan or some other biometric data associated with the user.
  • Secret digital input CC is received by block 100 which comprises separate blocks 101 and 102.
  • Analogue biometric input ⁇ is received by block 200.
  • the output of block 200 is b' as will be described below, ⁇ / ⁇ and b' are both input into block 300, the output of which is ⁇ (cc, ⁇ ) as will be described below.
  • ⁇ , ⁇ represents a sequence of elements a t , each item in the sequence having an order i.
  • the sequence is a function of a , the secret digital input.
  • Each sequence element a t is either a finite-dimension vector in R m or C m space i.e.
  • ⁇ fl a zero knowledge sequence with a as an input parameter, such that the value of a cannot be determined from one or more a t and the value of a t cannot be determined from one or more ⁇ y for j ⁇ i.
  • the preferred method of generating ⁇ a ( ⁇ is for each a t to be generated sequentially from a cryptographic random number generator (RNG), (for example the ANSI X9.17 RNG) parameterized by a .
  • RNG cryptographic random number generator
  • random sequence ⁇ «, ⁇ is de-correlated and normalized to produce ⁇ «/ ⁇ .
  • ⁇ a t ' ⁇ is either a finite-dimension vector in R m or C m space i.e. a real or complex vector, or a well behaved function in U space i.e. a real or complex function.
  • ⁇ / ⁇ is a ZK sequence with a as an input parameter, such that the value of a cannot be determined from one or more ⁇ ,' , and furthermore the value of «/ cannot be determined from one or more a ? for j ⁇ i.
  • block 100 generates a normalized de-correlated, random sequence ⁇ fl, 1 ⁇ from secret digital input a .
  • the ZK relationship between input (X and output ⁇ fl,' ⁇ which means that the secret input cannot be deduced from the output, protects the source of a e.g. the physical device associated with the user.
  • block 200 the purpose of block 200 is to generate a function of analogue biometric input ⁇ that allows ⁇ to be compared with a reference biometric input ⁇ ° , and hence to establish whether ⁇ is from the correct user or an imposter passing himself off as the user.
  • the function is called an analogue biometric representation and is represented by b'.
  • Biometric input ⁇ is received by block 200.
  • block 200 comprises a first block 201 and a second block 202.
  • Block 200 outputs b' which must be a real or complex vector in R m or C m space or a function in L space.
  • b is generated, b being a function in U space and, at block 202, b' is generated from b, b' being a vector in R m or C m space or a function in U space.
  • b (from block 201) is a function in L space and b' (from block 202) is a vector in R m or C m space or a function in U space.
  • b( ⁇ ) and b'( ⁇ ) allow specification of distance thresholds (in L , R m or C m space, as the case may be) to differentiate between two ⁇ inputs from the same user and two ⁇ inputs, one from a genuine user and another from an imposter.
  • b in U space is generated via an integral-based transformation.
  • An example of this would be an integration of biometric input ⁇ , in the form of either a linear data array ⁇ (x), into an L function b(p), or a planar data array ⁇ (x,y), into an L function b(p,q), with transform domain coordinates of b analogous to the spatial or temporal coordinates of ⁇ .
  • KP jjdx.dy.e ⁇ Kpx+qy) . ⁇ (x,y) for two-dimensional inputs, with the integration limits
  • M being dependent on the choice of coordinates i.e. linear for one-dimensional inputs and Cartesian, polar or logarithmic-polar for two-dimensional coordinates.
  • b' is generated from b. This may be, for example, via a) a matrix-based m transformation, or b) an integral-based transformation. Both a) and b) result in a vector in R or C m space.
  • the choice of moment functions ⁇ ,, ⁇ j ) may be determined from the integration domain.
  • block 200 comprises only a single block 203.
  • Block 200 outputs b' which must be a real or complex vector in R m or C m space, or a well- behaved real or complex function in L space.
  • b' is generated directly from ⁇ at block 203. b ⁇ ) allows specification of distance thresholds (in R m , C" or
  • U space as the case may be) to differentiate between two ⁇ inputs from the same user and two ⁇ inputs, one from a genuine user and another from an imposter.
  • b' is generated either a) via a matrix-based transformation or b) via an integral-based transformation.
  • case b) Two examples of case b) would be a transformation of linear data array ⁇ (x) into an L function b'(p), or a transformation of planar data array ⁇ (x,y) into an L function b'(p,q) with transform domain coordinates of b analogous to the spatial or temporal coordinates of ⁇ .
  • V (p, q) J ⁇ dx.dy.e ⁇ ' ⁇ px+9y) . ⁇ (x, y) for two-dimensional inputs, with the integration limits
  • M being dependent on the choice of coordinates i.e. linear for case a) and Cartesian, polar or logarithmic-polar for case b).
  • Figures 4a and 4b show user and imposter distributions of analogue representation ⁇ ' and digital representation % .
  • ⁇ % will be explained below with reference to Figures 5 and 6.
  • the distributions shown in Figure 4a are resulting from a biometric input of a face image and the distributions shown in Figure 4b are resulting from a biometric input of a fingerprint scan.
  • the user distribution shows V ( ⁇ user ) where ⁇ user is a biometric input provided by the original user
  • the imposter distribution shows b ⁇ ⁇ mp ⁇ where ⁇ mp is from another user different from the original user (i.e. an imposter).
  • Figures 4c and 4d show the FA and FR operational characteristics of analogue representation b' and digital representation % .
  • the plot of Figure 4c is for the face image plot in Figure 4a and the plot of Figure 4d is for the fingerprint scan plot in Figure 4b.
  • Figures 4c and 4d will be discussed in more detail below.
  • This allows for simultaneous minimization of the FA and FR regions to near-zero crossover levels, as can be seen in Figures 4c and 4d.
  • secret digital input (X as well as biometric input ⁇ are used to generate function c (of both a and ⁇ ) (in block 300) which is a ZK mixture of inputs ⁇ and ⁇ , and furthermore capable of providing a positive difference between the minimum imposter distance
  • ⁇ cJT mm c(a, ⁇ imp ) - (where a ⁇ a° and ⁇ imp is from a user different from the original user (i.e. an imposter)), and the maximum user distance (where ⁇ " ser is from the original user) as can be seen in Figures 4e, 4h, 4k and 41.
  • This allows for simultaneous minimization of the FA and FR regions to near-zero crossover levels, as can be seen in Figures 4f, 4g, 4i and 4j.
  • ⁇ mp is from a user different from the original user (i.e. an imposter)), and the maximum user distance (where ⁇ mer is from the original user) as can be seen in Figures 4a and 4b.
  • This also allows for simultaneous minimization of the FA and FR regions to near-zero crossover levels, as can be seen in Figures 4c and 4d.
  • both continuous-valued representation c(a, ⁇ ) (sometimes called mixture sequence or correlation vector) and/or digital representation ⁇ ct, ⁇ ) (sometimes called correlation bitstring or correlation word) enable a more effective determination as to whether a user is genuine or an imposter.
  • the dependence of c and ⁇ on a is also advantageous in the sense that a bitstring associated with the reference user can be revoked simply by revoking the associated physical device, or refreshed simply by selecting a new physical device.
  • block 300 generates a ZK continuous-valued sequence of mixtures from the de-correlated random sequence ⁇ #,' ⁇ of block 100, and biometric representation b' of block 200.
  • block 300 comprises block 301 only.
  • the mixture sequence is represented as c(a, ⁇ ) when it is known as a correlation vector.
  • ⁇ , ⁇ and ⁇ a ⁇ ⁇ are real-valued vectors or functions.
  • C 1 ⁇ _ l a ⁇ ⁇ b' ⁇ for vectors
  • ⁇ fit, ⁇ and ⁇ a 1 , ⁇ are complex-valued vectors or functions.
  • ⁇ ) c(a°, /?°)
  • ⁇ c a verification threshold between c and c°, such that if c and c° differ by less than Ac bits, then a ⁇ a° and ⁇ and ⁇ ° are considered to be from the same user, but if c and c° differ by more than ⁇ c bits, then a ⁇ a° and ⁇ and ⁇ ° are considered to be from different users.
  • the thresholding effect of A ⁇ on c(a, ⁇ ) - c(a°, is substantially more consistent that the equivalent effect of real-valued distance threshold ⁇ b on b ⁇ ) — .
  • ⁇ c££ min c(a, ⁇ imp ) - c(a°, (the left hand edge of the right hand distribution), and maximum user distance (the right hand edge of the left hand distribution) in comparison to the negative difference between ⁇ a ⁇ d ⁇ m Z. > as described previously.
  • This clear separation of the user and imposter distributions of c( ⁇ , ⁇ ) differs from the overlap in the user and imposter distributions of b'( ⁇ ) .
  • block 400 generates a bitstring from the mixture sequence ⁇ c,. ⁇ of block 300, which is itself generated from the de-correlated random sequence ⁇ a, 1 ⁇ of block 100, and the biometric representation b' of block 200.
  • block 400 comprises block 401 only.
  • the bitstring is represented by ydi ⁇ t ⁇ ) '• i — 1—tnj , a sequence of bits ⁇ , (cc, ⁇ ) each having bit-index i, each bit being a function of secret digital input a and analogue biometric input ⁇ .
  • the bitstring is represented as ⁇ (a, ⁇ ) when it is known as a correlation word.
  • the first condition means, for example, that the physical device used is identical to that associated with the reference user.
  • the second condition means that the user providing the biometric data is the reference user. (Note that, since a is digital, there needs to be an exact match between oc and cc° whereas, for ⁇ which is analogue, there needs to be only a sufficiently similar match between ⁇ and ⁇ ° .)
  • ⁇ (a, ⁇ ) is required to differ in approximately — bit-positions if the digital
  • the input a is in any way different from the reference digital input a° and/or the biometric input ⁇ is substantially different from reference biometric input ⁇ ° .
  • the first condition means, for example, that the physical device used is different from that associated with the reference user.
  • the second condition means that the user providing the biometric data is not the reference user.
  • bitstring ⁇ (a, ⁇ ) is progressively assembled from the individual bits ⁇ t according to the following cases, when i) mixture sequence c(cc, ⁇ ) is real-valued, with each mixture C 1 possibly contributing one bit to ⁇ (a, ⁇ ) , ii) mixture sequence c(a, ⁇ ) is real-valued, with each mixture C 1 possibly contributing up to 2 V (where v is some small integer) bits to ⁇ (cc, ⁇ ) , iii) mixture sequence c(a, ⁇ ) is complex-valued, with each mixture C 1 possibly contributing up to two bits to % ⁇ pc, ⁇ ) , or iv) mixture sequence c(a, ⁇ ) is complex-valued, with each mixture c. possibly contributing up to 2 V (where v is some small integer) bits to ⁇ (cc, ⁇ ) .
  • each correlation C 1 (a t ',6') is evaluated sequentially, with the m' (out of m)
  • Each bit X 1 is a random outcome of the corresponding correlation C 1 , such that there is equal probability of outcomes 0 and 1. Furthermore, each X 1 is also statistically independent of all X j for j ⁇ i, such that outcome X 1 is unaffected by all other outcomes ⁇ ⁇ for j ⁇ i.
  • Table 1 * denotes a null output to be disregarded for the purposes of comparison.
  • the uniform partitions result in an equal probability for the occurrence of correlation value argf ⁇ ) in each partition, the distribution of which will be in accordance with a uniform probability distribution for a random population of user biometric and external digital inputs.
  • Bitstring characterization Zy ( c t) from tne partition outcome of c f is chosen such that the characterization from adjacent partitions differs by a single bit, as would be the case for assignment of Zy bitstring values in accordance with a Grey coding scheme.
  • the thresholding effect of A ⁇ on ⁇ ) — ⁇ (a°, is substantially more consistent that the equivalent effect of real-valued distance threshold Ab on b'( ⁇ ) — .
  • there is a positive difference between the minimum imposter distance ⁇ min ⁇ a, ⁇ mp ) - ⁇ (a°, /?°)
  • a ⁇ TM (the right hand edge of the left hand distribution) in comparison to the negative difference between ⁇ b'TM ⁇ and ⁇ bTM ⁇ , as described previously. This clear separation of the user and imposter distributions of ⁇ (a, ⁇ ) differs from the overlap in the user and imposter distributions of b'( ⁇ ) .
  • ⁇ (a, ⁇ ) shows a near-zero crossover error point, in comparison to the irreducible crossover error point of b'( ⁇ ) .
  • FA and FR errors can be independently minimized, without a decrease of one resulting in an increase of the other.
  • block 400 comprises block 401 as previously described as well as new blocks 402 and 403.
  • a parity- check is generated in block 402 and used in block 403 to provide a first level of correction to the correlation word.
  • correlation word ⁇ (a, ⁇ ) it is possible to increase the stability of correlation word ⁇ (a, ⁇ ) by computing a parity check X ⁇ Z°) m b
  • ock 4 °2, from reference correlation word ⁇ ° ⁇ (cc°, ⁇ °) i.e. the correlation word derived from reference digital input a° and reference biometric input ⁇ ° .
  • ⁇ * ( ⁇ °) allows for correction of bit-errors, up to a specified maximum number, in correlation word ⁇ (a, ⁇ ) in order to recover ⁇ ° or at least a closer approximation to ⁇ ° .
  • Various coding schemes e.g. Hamming, Reed-Solomon, Bose-Chaudhuri-Hocquenghem, Goppa or Golay
  • Goppa or Golay Various coding schemes (e.g. Hamming, Reed-Solomon, Bose-Chaudhuri-Hocquenghem, Goppa or Golay) could be used for this purpose, as will be well appreciated by those skilled in the art.
  • threshold ⁇ is specified, thereby allowing for code (s,s ⁇ As) q to be specified and that ⁇ y should be a ZK representation of ⁇ ° , such that
  • parity-check ⁇ ' which is stored and may also be used in block 403. Note that it is possible to specify some linear algebraic code such that the small number of bit- errors in ⁇ (cc°, ⁇ ⁇ ser ) , from correct digital input a° and biometric input ⁇ mer from the correct user, are consistently corrected but the large number of bit-errors in ⁇ (cc, ⁇ mp ) , from incorrect digital input a ⁇ ⁇ °and biometric input ⁇ mp from an imposter, is beyond the specified threshold ⁇ .
  • a symptom vector ⁇ " from correlation word ⁇ , ⁇ ) from block 401 , and parity-check ⁇ f , generated in block 402 and derived from ⁇ ° .
  • Occurrence of symbolic errors in ⁇ is indicated by non-zero symptom vector ⁇ " ⁇ 0 , constituting a linear equation system, which can be solved to recover ⁇ ° or a closer approximation to ⁇ °. That is, block 403 can be used to correct bit-errors, up to a specified maximum, in correlation word ⁇ .
  • ⁇ (a, ⁇ ) car ⁇ be compared with ⁇ ° (for differences within or without Hamming distance threshold A ⁇ ) to establish whether the user is the original user or is, in fact, an imposter. If ⁇ differs from ⁇ ° by more than A ⁇ , the user is deemed to be an imposter whereas if % differs from ⁇ ° by less than A ⁇ , the user is deemed to be a genuine user.
  • FIG. 7 is a block diagram showing the various stages according to a second embodiment of the invention.
  • the block diagram includes block 100, which receives secret digital input a and outputs random sequence ⁇ #,' ⁇ , block 200, which receives analogue biometric input ⁇ and outputs biometric representation b' (and may have the structure shown in either Figure 2 or Figure 3), block 300, which outputs a sequence ⁇ of correlation mixtures between the digital and biometric inputs, and block 400 (which, in this case, must have the structure shown in Figure 6), which receives ⁇ c t ⁇ and outputs digital representation ⁇ and parity-check ⁇ y .
  • Block 500 allows reference correlation word ⁇ ° to be encrypted and stored.
  • a is the secret input which was used to generate the correlation word ⁇ (ct, ⁇ )
  • cc' is a further secret input, and of the same type of data as cc i.e. a number or parameter associated with a physical device, or a password or PIN associated with a particular user.
  • the requirements for encrypted storage and conditional recovery of ⁇ are that the decryption of ⁇ aa , to recover ⁇ requires knowledge of CC and a 1 , the value ⁇ aa , is a ZK representation of ⁇ , such that ⁇ cannot be deduced from ⁇ aa , without knowledge of CC and a? , and recovery from storage of ⁇ aa ⁇ requires knowledge of OC and a' .
  • HMAC hashed message authentication code
  • FIG 8 is a block diagram showing the various stages according to a third embodiment of the invention.
  • the block diagram includes block 100, which receives secret input cc and outputs random sequence ⁇ «/ ⁇ , block 200, which receives biometric input ⁇ and outputs biometric representation b' (and may have the structure shown in either Figure 2 or Figure 3), block 300, which outputs a sequence ⁇ of correlation mixtures between the digital and biometric inputs, and block 400 (which, in this case, must have the structure shown in Figure 6), which receives ⁇ and outputs correlation word ⁇ and parity-check ⁇ y .
  • Block 600 generates a secret keystring x ⁇ oc, ⁇ ) and secret recovery parameters Z a from
  • the generation of secret keystring x is a refinement over the generation of correlation word ⁇ .
  • x is required to differ in approximately — bit-positions if a and a° are in
  • x is a ZK representation of its inputs a and ⁇ such that the value of a cannot be deduced from x and any value of ⁇ e ⁇ ⁇ j cannot be deduced from x.
  • Z a is a ZK representation of
  • Each Z 1 ⁇ is a ZK representation
  • Z ⁇ and (Z 1 ⁇ j are ZK representations of x, such that x cannot be deduced from one or more
  • block 600 comprises block 601 only.
  • Each Z' ⁇ corresponds to a particular correlation word value within relatively small set yC ⁇ ⁇ , the small size of which results from the representation stability of outputs from block 400. It is possible to specify the small set ⁇ ⁇ j for a user with reference inputs a° and ⁇ ° such that correct digital input ⁇ ° and biometric input ⁇ user from the reference user consistently result in ⁇ [a°, ⁇ t ⁇ ser )e ⁇ ⁇ ⁇ and incorrect digital input a ⁇ a° and biometric input ⁇ mp from an imposter consistently result in ⁇ ⁇ cx, ⁇ ' mp J ⁇ ⁇ .
  • Z y ⁇ ⁇ 14 Z x a and the set [Z 1 ⁇ ⁇ are ZK representations of Z a and the set Z a or any of ⁇ ⁇ ⁇ cannot be determined from one or more of Z x a and ⁇ Z 1 ⁇ ⁇ .
  • the preferred way to generate x, Z a , the set of (Z 8 J, Z ⁇ and the set of ⁇ ⁇ ⁇ is to use interpolation of modular polynomials of linear or higher degree, as specified below.
  • each Z 1 ⁇ 3 (h(x p ), c( ⁇ ⁇ J) in the set, thereby enabling
  • the outputs of block 601 are recovery parameters Z ⁇ and (Z' ⁇ j which may be stored, and secret-key x which may be discarded, since it can be recovered, in any case, from the recovery parameters.
  • block 600 could be arranged to generate secret-key x from two secret digital inputs a and a 1 , but no biometric input ⁇ . This is useful where it is difficult or impossible to obtain biometric input ⁇ .
  • additional requirements relating to a" analogous to those relating to a such as: that x(a,a f ) is required to be entirely stable in all bit positions if input a 1 is identical to reference secret input a 01 , whereas x differs
  • block 600 could be arranged to generate secret-key x from secret digital input (X , and two biometric inputs ⁇ and /?' . This is useful where it is difficult or impossible to obtain the first biometric input ⁇ .
  • ⁇ ' analogous to those relating to ⁇ , such as: that x( ⁇ , ⁇ ') is required to be entirely stable in all bit positions if correlation word is in set ⁇ % ⁇ ), all elements of which are similar to reference correlation word ⁇ °' in a large majority of bit positions, whereas x
  • each Z' ⁇ in the set is a ZK representation of the corresponding ⁇ p , in the set, such that ⁇ ⁇ ,
  • the set of j are ZK representations of the set of ⁇ ⁇ , ⁇ , such that any of ⁇ ⁇ , ⁇ cannot be deduced from one or more of ⁇ Z'p j .
  • block 600 comprises block 601 as previously described, together with new block 602.
  • Block 602 allows secret-key x to be recovered using the recovery parameters. In fact, x can only be recovered with an appropriate number of secret- shares, as will now be described.
  • x is recovered from a modular polynomial of order ⁇ .
  • the number of secret-shares required to recover x depends on the polynomial order ⁇ .
  • two key-shares are required, selected from the following key factors: secret digital input a , and one of the following: one correct correlation word from set ) , or
  • secondary digital input ⁇ 1 or one correct correlation word from secondary set
  • three key-shares are required selected from the following key factors: secret digital input a , and one correct correlation word from set J , and one of the following: secondary digital input ex' , or one correct correlation word from secondary set
  • FIG. 11 is a block diagram showing the various stages according to a fourth embodiment of the invention.
  • the block diagram includes block 100, block 200 (which may have the structure shown in either Figure 2 or Figure 3), block 300, block 400 (which must have the structure shown in Figure 6) and block
  • a is the secret input which was used to generate the correlation word ⁇ (a, ⁇ )
  • of is a further secret input, and of the same type of data as a i.e. a number or parameter associated with a physical device, or a password or PIN associated with a particular user.
  • the requirements for encrypted storage and conditional recovery of ⁇ are that the decryption of ⁇ aa ⁇ to recover ⁇ requires knowledge of a and a' , the value of ⁇ aa ⁇ is a ZK representation of ⁇ , such that ⁇ cannot be deduced from ⁇ aa , without knowledge of a and oC , and recovery from storage of ⁇ aa , requires knowledge of a and a' .
  • the preferred way for ⁇ to be generated is to compute cipher and access-control keys
  • FIG. 12 is a block diagram showing the various stages according to a fifth embodiment of the invention.
  • the block diagram includes block 100, block 200 (which may have the structure shown in either Figure 2 or Figure 3), block 300, block 400 (which must have the structure shown in Figure 6) and block 600 for generating secret-key x and recovery parameters Z' a and (Z 1 ⁇ J, allowing recovery of x.
  • Block 800 allows an asymmetric key-pair to be generated comprising private-key x(a, ⁇ ) , also known as the secret-key as derived in block 600, and public-key x'(x) derived from x in block 800.
  • x' is a ZK representation of x, such that the value of x cannot be
  • reference input x° x( ⁇ °, ⁇ °) i.e. the secret-key derived from reference digital input cc° and reference biometric input ⁇ ° .
  • the preferred way to constitute an asymmetric key-pair is to have public-key x ⁇ x) computed directly from private-key x by means of a ZK transformation.
  • FIG. 13 is a block diagram showing the various stages according to a sixth embodiment of the invention.
  • the block diagram includes block 100, block 200 (which may have the structure shown in either Figure 2 or Figure 3), block 300, block 400 (which must have the structure shown in Figure 6) and block 600 for generating secret-key x and recovery parameters Z a and JZ' ⁇ j allowing recovery of x.
  • Block 900 allows a cryptographic parameter s'(x, s) to be computed from secret or private-key x(a, ⁇ ) and additional external input s, which may be generated randomly or obtained from another source (not shown).
  • s' is a ZK representation of inputs x and s, such that the value of x or
  • the preferred way to generate s' is to calculate s'(x, s) as required by the cryptographic protocol of interest, which also specifies the nature of secondary input s.
  • the biometric input may be a face image (see Figures 4a and 4c). This involves taking a photograph of the face of a reference user, and analyzing the photograph for later comparison. There are a number of steps which can be taken at the outset to improve the use of the face scan as a biometric input.
  • the face is detected from a raw camera image.
  • This requires a set of training data of positive examples (faces of various poses, sizes and illuminations) and negative examples (non-face objects), which allows the face detector to distinguish between the face and the surrounding background.
  • the face image is normalized into a face bitmap of uniform size and consistent quality.
  • This stage includes five stages: 1) equalization of illumination i.e. normalization of bright or dim images to a consistent level; 2) noise suppression i.e. elimination of excessive noise from the image. This helps with the identification of facial features such as eyes and nostrils; 3) contrast enhancement on blurry images. This is particularly useful for low-resolution cameras and also helps with later feature identification; 4) detection of two or three reference points on the face e.g. both eyes and the nose or a nostril. Iris detection has been found to be fairly reliable for eye detection and this gives two reference points which can be used to correct variations in pose; 5) geometric framing for additional correction of the face image for variations in pose.
  • the normalized image is vectorized using statistical analysis or integral transforms. That is, from the two dimensional array ⁇ , a biometric representation in vector form is produced. To do this, it has been found that eigenanalytic methods are more effective and efficient but they are quite dependent on the training data set used for the initial set up. Hence, for the training data set, it is important to have data which is broadly similar to the type of data which will be seen in real use (e.g. with face images of the same racial origin and using a similar camera type).
  • the biometric input may be a fingerprint scan (see Figures 4b and 4d). As before, there are a number of steps which can be taken at the outset to improve the use of the fingerprint scan as a biometric input.
  • the orientation field of a fingerprint image representing the direction of ridges in the fingerprint image is calculated.
  • the fingerprint image is divided into a number of non- overlapping blocks, and an orientation representative of the ridges in the block is assigned to the block based on an analysis of grey scale gradients in the block.
  • the block orientation can be determined from the pixel gradient orientations based on averaging or majority-based decision making.
  • segmentation is performed.
  • One of the problems resulting after the first step is that there is still background noise and also there is a need to distinguish between the fingerprint region and the region outside the fingerprint itself. It is important to localize the portions of fingerprint image depicting the finger foreground against the non-finger image background.
  • the simplest approach is to segment the foreground by global or adaptive thresholding. To do this, it is possible to use histogram equalization to expand the pixel value distribution of an image so as to increase the perceptional information. After that, the image is divided into small blocks (typically 32x32 pixels) and a Fourier transform performed over each block. In order to enhance a specific block by its dominant frequencies, the Fourier transform of the block is multiplied by its magnitude a number of times.
  • the central (core) point of the fingerprint image is located. This is particularly important if two fingerprint images are to be compared. However, automated core point detection can only find the most likely centre of the image whether or not a meaningful core point exists or not. Also, even with the core point, the alignment of two images for comparison still may need to be corrected as we are not taking into account scaling, rotation and clipping factors.

Abstract

A method for comparing user and reference biometric inputs by receiving a digital input α from a user; generating a mutually uncorrelated random analogue sequence from α; receiving an analogue biometric input β from the user; generating a biometric representation from β; generating a correlation mixture sequence c from the random sequence and the biometric representation; comparing the correlation sequence c with a previously computed correlation sequence c° derived from a digital input α° from a reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user. A corresponding apparatus is also disclosed.

Description

Improvements in and relating to Biometrics
Technical Field
The invention relates to a method and apparatus for comparing user and reference user biometric inputs. In an exemplary form, the invention relates to a method and apparatus for comparing user and reference user biometric inputs by generation of a digital bitstring. In another exemplary form the method and apparatus may be for comparing user and reference user biometric inputs by generation of a random mixture of biometric and external digital inputs, and thereafter the digital bitstring.
Background
Biometric technology is becoming more and more commonly used for security applications. For example, many work places make use of iris scanning and fingerprint recognition systems for maintaining security. Users are required to register their biometric data (e.g. fingerprint) before using the system. Then, subsequently, when their biometric data is sampled (e.g. their fingerprint scanned), this sample is compared with the reference data and, if the two pieces of data match, the user is authorized to, for example, enter a work place or log onto a computer network.
However, simple biometric comparisons like this have several disadvantages. Firstly, they may not be sufficiently robust to deal with unavoidable differences in sample and reference conditions (e.g. variable lighting for face data), and discrimination between a legitimate user and an imposter. Secondly, they may not have good biometric data storage along with the necessary protection of that data. Thirdly, security may be an issue. That is, there may risk of impersonation by malicious parties via use of compromised biometric data. Finally, they may not be particularly versatile e.g. can only cope with limited functionality of identity establishment.
Thus, some improvement in methods and apparatus for comparing user and reference user biometric inputs needs to be made.
Summary
According to a first exemplary aspect, there is provided a method for comparing user and reference biometric inputs, the method comprising: a) receiving a digital input CC from a user; b) generating a mutually uncorrelated random analogue sequence from CC ; c) receiving an analogue biometric input β from the user; d) generating a biometric representation from β ; e) generating a digital bitstring χ from the sequence; and f) comparing the bitstring χ with a previously computed bitstring χ° derived from a digital input a° from a reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user.
The comparison of digital quantities χ and χ° , rather than analogue quantities β and β° provides a more effective determination of whether the user is the same as the reference user.
According to a second exemplary aspect there is provided a method for comparing user and reference biometric inputs, the method comprising:
(a) receiving a digital input CC from a user;
(b) generating a mutually uncorrelated random analogue sequence from CC ;
(c) receiving an analogue biometric input β from the user; (d) generating a biometric representation from β ;
(e) generating a random mixture c from the sequence and the representation; and
(f) comparing the mixture c with a previously computed mixture c°, which is derived from a digital input a° from a reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user.
In the second exemplary aspect it is preferred that:
(g) a digital bitstring χ is generated from the correlation mixture sequence; and
(h) the digital bitstring χ is compared with a previously computed bitstring χ° derived from a digital input a° from the reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user.
For both aspects, the digital input CC may be a number or parameter associated with a physical device. Alternatively, OC may be a password or a personal identification number. Similarly, cc° may be a number or parameter associated with a physical device. Alternatively, a° may be a password or personal identification number.
In one embodiment, step b) comprises: generating a random sequence from CC ; and de- correlating and normalizing the sequence to form a mutually uncorrelated random sequence. The individual elements of that sequence may be a mathematical representation similar to that of the biometric representation generated at step d).
Preferably, the random sequence is such that digital input OC may not be derived from the random sequence. Also preferably, the random sequence is such that one portion of the sequence may not be derived from another portion of the sequence. Similarly, preferably, the mutually uncorrelated random sequence is such that digital input CC may not be derived from the mutually uncorrelated random sequence. Similarly, preferably, the mutually uncorrelated random sequence is such that one portion of the sequence may not be derived from another portion of the sequence.
Analogue biometric input β may be a one-dimensional function of time. In one such embodiment, β is a handwritten signature motion. In another such embodiment, β is a voiceprint sequence. Similarly, reference biometric input β° may be a one-dimensional function of time. In one such embodiment, β° is a handwritten signature motion. In another such embodiment, β° is a voiceprint sequence.
Alternatively, analogue biometric β may be a two-dimensional image array. In one such embodiment, β is a fingerprint scan. In another such embodiment, β is a face photograph. In another such embodiment, β is an iris scan. Similarly, reference biometric input β° may be a two-dimensional image array. In one such embodiment, β° is a fingerprint scan. In another such embodiment, β° is a face scan. In another such embodiment, β° is an iris scan.
In the case where biometric input β is a two dimensional array, step d) may comprise integrating, in two dimensions, biometric input β .
The biometric representation may be a real or complex vector or a real or complex function.
Step d) may comprise matrix operations in one or more dimensions, resulting in biometric representations of real or complex-valued vectors. Step d) may comprise integrations in one or more dimensions, resulting in biometric representations of real or complex-valued functions.
In one embodiment, step d) comprises the steps of: generating an intermediate biometric representation from β , the intermediate biometric representation being a real or complex function; and generating the biometric representation from the intermediate biometric representation, the biometric representation being a real or complex function or a real or complex vector. In that embodiment, the step of generating an intermediate biometric representation may comprise at least one integration in one or more dimensions. In that embodiment, the step of generating the biometric representation from the intermediate biometric representation may comprise at least one matrix operation in one or more dimensions.
In the second aspect, step (f) may comprise obtaining a Euclidean or other continuously variable distance between c and c° and comparing the continuously variable distance with a predetermined threshold. If the continuously variable distance is less than the predetermined threshold, the user may be deemed to be the reference user. Alternatively, if the continuously variable distance is more than the predetermined threshold, the user may be deemed to be different from the reference user.
Preferably, step h) comprises obtaining a Hamming distance between χ and χ° and comparing the Hamming distance with a predetermined threshold. If the Hamming distance is less than the predetermined threshold, the user may be deemed to be the reference user. Alternatively, if the Hamming distance is more than the predetermined threshold, the user may be deemed to be different from the reference user.
After step (g) and before step (h) there may be included:
(i) correcting bit errors in χ using a previously computed parity-check derived from χ° .
The parity-check may be derived from χ° using a parity-matrix computation. If such error correction is used, and a Hamming distance is used, a smaller predetermined threshold may be used to determine whether the user is the reference user. This allows a more reliable determination of whether the user is the reference user.
The method may further comprise the step of encrypting the digital bitstring χ . The method may further comprise the step of storing the encrypted digital bitstring.
Preferably, the encryption is such that decryption requires knowledge of digital input (X . In one embodiment, the encryption is such that the decryption requires knowledge of a second digital input a1.
In one embodiment, the method further comprises the step of generating a secret-key x from digital input CC and bitstring χ . The secret-key is preferably recoverable by knowledge of a given number of secret shares. The given number may depend on the properties of secret-key x. The individual secret-shares may be assigned so as to associate CC and possible values of χ with x. Preferably, the secret-shares are such that the secret-key x may not be derived from an insufficient number of secret-shares. Also preferably, the secret-shares are such that an individual secret-share may not be derived from an insufficient number of secret-shares.
In that embodiment, the method may further comprise the step of generating a plurality of secret-shares associated with a plurality of digital inputs OC and a plurality of analogue biometric inputs β .
In that embodiment, the method may further comprise the step of generating a plurality of recovery parameters for recovering secret-key x. In that embodiment, in the case where the method includes generating a plurality of secret-shares, each secret share may be obtained by one of the plurality of recovery parameters.
In that embodiment, the method may further comprise the step of generating a set of recovery parameters from the set of secret-shares, such that each secret-share is associated with a respective recovery parameter. Preferably, each recovery parameter is such that its respective secret-share cannot be derived from it. Also preferably, the recovery parameters are such that input CC or possible values of bitstring χ cannot be derived from the corresponding recovery parameter.
The method may further comprise the step of encrypting the plurality of recovery parameters. The method may further comprise the step of storing the encrypted recovery parameters. Preferably, the encryption is such that decryption requires knowledge of digital input OC . In one embodiment, the encryption is such that the decryption requires knowledge of a second digital input OC* .
The method may further comprise the step of generating a public-key x' from secret-key x. x and x' may form an asymmetric key-pair. Preferably x' is such that the secret-key x may not be derived from the public-key x'.
The method may further comprise the step of generating a cryptographic parameter s from the public-key x'. That step of generating may comprise generating a cryptographic parameter s from the public-key x' and at least one further digital input. Preferably s is such that the secret- key x may not be derived from s. According to a third exemplary aspect, there is provided apparatus for comparing user and reference biometric inputs, the apparatus comprising:
(a) a first receiver for receiving a digital input CC from a user;
(b) a second receiver for receiving a biometric input β from the user; (c) a processor for generating: i) a mutually uncorrelated random sequence from CC , ii) a biometric representation from β , iii) a digital bitstring χ from the sequence and the representation; and (d) at least one comparator for comparing i) the bitstring χ with a previously computed bitstring χ° derived from a digital input cc° from a reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user.
For the first and third aspects, the processor may be for generating a correlation mixture sequence c from the sequence and the representation, and generating the digital bitstring χ from the mixture. The at least one comparator may be for comparing a correlation mixture sequence c with a previously computed mixture c° derived from the digital input α°from the reference user and the biometric input β° from the reference user. The previously computed bitstring χ° may be derived from mixture c0 which, in turn, may be derived from the digital input a° .
According to a fourth exemplary aspect, there is provided apparatus for comparing user and reference biometric inputs, the apparatus comprising:
(a) a first receiver for receiving a digital input CC from a user;
(b) a second receiver for receiving a biometric input β from the user;
(c) a processor for generating:
(i) a mutually uncorrelated random sequence from OC , (ii) a biometric representation from β ,
(iii) a correlation mixture sequence c from the sequence and the representation, and
(iv) a digital bitstring χ from the mixture; and
(d) at least one comparator for comparing: (i) mixture c with a previously computed mixture c° derived from a digital input a° from a reference user and a biometric input β° from the reference user, and
(ii) bitstring χ with a previously computed bitstring χ° derived from mixture c°, which is in turn derived from a digital input <x° from a reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user.
Brief Description of the Drawings
Exemplary embodiments of the invention will now be described with reference to the accompanying drawings, in which:
Figure 1 is a block diagram of a first exemplary embodiment; Figure 2 is a first arrangement of block 200 in Figure 1 ; Figure 3 is a second arrangement of block 200 in Figure 1; Figure 4a shows user and imposter distributions of analogue biometric representation b' and digital representation X for a face image;
Figure 4b shows user and imposter distributions of analogue biometric representation b' and digital representation X for a fingerprint scan; Figure 4c shows FA and FR characteristics of analogue representation b' and digital representation X for the face image plot of Figure 4a; Figure 4d shows FA and FR characteristics of analogue representation b' and digital representation X for the fingerprint scan plot of Figure 4b;
Figure 4e shows user and imposter distributions for a face image plot using linear discriminant analysis with a bitstring transformation output; Figure 4f shows FA and FR characteristics for a face image plot using linear discriminant analysis with a bitstring transformation output;
Figure 4g shows FA and FR characteristics for a face image plot using linear discriminant analysis with a random-mix transformation output;
Figure 4h shows user and imposter distributions for a face image plot using linear discriminant analysis with a random-mix transformation output;
Figure 4i shows FA and FR characteristics for a fingerprint scan using the Fourier-Mellin vectorisation method with a bitstring transformation output;
Figure 4j shows FA and FR characteristics for a fingerprint scan using the Fourier-Mellin vectorisation method with a random-mix transformation output; Figure 4k shows user and imposter distributions for a fingerprint scan using the Fourier- Mellin vectorisation method with a bitstring transformation output; Figure 41 shows user and imposter distributions for a fingerprint scan using the Fourier-
Mellin vectorisation method with a random-mix transformation output;
Figure 5 is a first arrangement of block 300 in Figure 1 ;
Figure 6 is a second arrangement of block 300 in Figure 1 ; Figure 7 is a block diagram of a second exemplary embodiment;
Figure 8 is a block diagram of a third exemplary embodiment;
Figure 9 is a first arrangement of block 500 in Figure 9;
Figure 10 is a second arrangement of block 500 in Figure 9;
Figure 11 is a block diagram of a fourth exemplary embodiment; Figure 12 is a block diagram of a fifth exemplary embodiment; and
Figure 13 is a block diagram of a sixth exemplary embodiment.
Detailed Description of Exemplary Embodiments
A number of exemplary embodiments of the invention will now be described. In the description, certain parameters are represented by certain symbols and these are used consistently throughout all the exemplary embodiments. For simplicity, a list of symbols and their associated parameters is included at the end of this description. Throughout the description, where the
terminology, V*-/ j is used, this refers to a sequence or string of symbols x, each symbol in the sequence having an order denoted by i.
A first exemplary embodiment of the invention is illustrated in Figure 1, which is a block diagram showing the various stages. Block 100 receives input α . a is used throughout the description to represent a secret digital input from the user. This secret input may be a number or a parameter uniquely associated with a physical device e.g. details on the magnetic strip of a swipe card. Alternatively, this secret input may be a password or a personal identification number (PIN) associated with the user and known only to the user. Block 200 receives input β . β is used throughout the description to represent an analogue biometric input from the user.
This biometric input may be a fingerprint, a handwritten signature action, a voiceprint pattern, a face image, an iris scan or some other biometric data associated with the user.
Secret digital input CC is received by block 100 which comprises separate blocks 101 and 102.
The output of block 100 is sequence {fit, 1: i =
Figure imgf000009_0001
as will be described below. Analogue biometric input β is received by block 200. The output of block 200 is b' as will be described below, {α/} and b' are both input into block 300, the output of which is χ(cc, β) as will be described below. Referring to block 100, random sequence : i = l....m} is generated at block 101 from digital input a . {σ,} represents a sequence of elements at , each item in the sequence having an order i. The sequence is a function of a , the secret digital input. Each sequence element at is either a finite-dimension vector in R m or Cm space i.e. a real or complex vector, or a well-behaved function in Z-2 space i.e. a real or complex function. \fl; } is a zero knowledge (ZK) sequence with a as an input parameter, such that the value of a cannot be determined from one or more at and the value of at cannot be determined from one or more αy for j ≠ i.
The preferred method of generating \a( } is for each at to be generated sequentially from a cryptographic random number generator (RNG), (for example the ANSI X9.17 RNG) parameterized by a .
At block 102, random sequence {«,} is de-correlated and normalized to produce {«/}. For de- correlation, this means that each at' should be de-correlated from all a j' with j ≠ i, such that
(at ' , a j , '\ = 0 for a pre-specified correlation relationship. For normalization, this means that
(α/,α/) = l .
The preferred method of generating {α,} is using the Gram-Schmidt algorithm comprising the following steps: initial assignment of at ' = α, ; de-correlation of each α/ with respect to preceding vectors or functions such that Ia1 ' , cij η = 0 for j = 1 ,2, ... , i-1 ; and normalization of at ' such that (a, ',aή = l .
Just like {a{}, {at '} is either a finite-dimension vector in Rm or Cm space i.e. a real or complex vector, or a well behaved function in U space i.e. a real or complex function. Just like {at} , {α/} is a ZK sequence with a as an input parameter, such that the value of a cannot be determined from one or more α,' , and furthermore the value of «/ cannot be determined from one or more a ? for j ≠ i.
So, block 100 generates a normalized de-correlated, random sequence {fl,1} from secret digital input a . The ZK relationship between input (X and output \fl,'} , which means that the secret input cannot be deduced from the output, protects the source of a e.g. the physical device associated with the user. Also, the sequence ψt '/cannot be built up simply by knowing one or more elements of the sequence.
Referring to block 200, the purpose of block 200 is to generate a function of analogue biometric input β that allows β to be compared with a reference biometric input β° , and hence to establish whether β is from the correct user or an imposter passing himself off as the user. The function is called an analogue biometric representation and is represented by b'.
Biometric input β is received by block 200. In a first arrangement (shown in Figure 2), block 200 comprises a first block 201 and a second block 202. Block 200 outputs b' which must be a real or complex vector in Rm or Cm space or a function in L space. At block 201, b is generated, b being a function in U space and, at block 202, b' is generated from b, b' being a vector in Rm or Cm space or a function in U space.
In Figure 2, b (from block 201) is a function in L space and b' (from block 202) is a vector in Rm or Cm space or a function in U space. b( β) and b'( β) allow specification of distance thresholds (in L , Rm or Cm space, as the case may be) to differentiate between two β inputs from the same user and two β inputs, one from a genuine user and another from an imposter.
At block 201, b (in U space) is generated via an integral-based transformation. An example of this would be an integration of biometric input β , in the form of either a linear data array β (x), into an L function b(p), or a planar data array β (x,y), into an L function b(p,q), with transform domain coordinates of b analogous to the spatial or temporal coordinates of β . The
transformation integral may be of form b\p) = J dx.e -pipc) for one-dimensional inputs, or
M
KP) = jjdx.dy.e~Kpx+qy) .β(x,y) for two-dimensional inputs, with the integration limits
M being dependent on the choice of coordinates i.e. linear for one-dimensional inputs and Cartesian, polar or logarithmic-polar for two-dimensional coordinates. Then, at block 202, b' is generated from b. This may be, for example, via a) a matrix-based m transformation, or b) an integral-based transformation. Both a) and b) result in a vector in R or Cm space.
An example of case a) would be a transformation of linear U function b(p) with p the transform coordinate of block 201 , by means of eigenanalytic projection matrices ψ, computed from statistical variations in b arising from differences between individual users. These statistical variations are of the form <Jιμ = bt (pμ ) — bave (pμ ) with subscripts i=1...M denoting specific users, or an average within a population of M users and M denoting transform domain sample point p μ . Covariance cr,M allows subsequent generation of eigenvectors and projection matrices ψt with i=1...m«M. This in turn allows computation of eigen projection vector b'=
Figure imgf000012_0001
b\ = ψ,(p(jpμ) -bave(pμy) obtained from the action of the corresponding eigen projection matrix ψt on the biometric representation b{pμ) .
An example of case b) would be a transformation of planar L function b(p,q) with (p,q) the planar transform domain of block 201 , by means of kernel operator ψy (p, q) = O1 (p)φj (q) constituted from the appropriate orthonormal moment functions. The choice of moment functions ψ,,φj ) may be determined from the integration domain. The (ij)-th moment component may be of form b\} = \ \dpdq.ψv (p,q).b(p,q) , with further specification of
M' (#,, φj ) in terms of i-th and j-th Hermite polynomials for initial integration of b(p,q) in Cartesian coordinates or i-th Hermite and j-th Legendre polynomials for initial integration of b(p,q) in logarithmic-polar coordinates.
In a second arrangement (shown in Figure 3), block 200 comprises only a single block 203. Block 200 outputs b' which must be a real or complex vector in Rm or Cm space, or a well- behaved real or complex function in L space. In the arrangement of Figure 3, b' is generated directly from β at block 203. b\β) allows specification of distance thresholds (in Rm , C" or
U space, as the case may be) to differentiate between two β inputs from the same user and two β inputs, one from a genuine user and another from an imposter. In the Figure 3 arrangement, b' is generated either a) via a matrix-based transformation or b) via an integral-based transformation.
An example of case a) would be a transformation of external input β = ψμ ) (with μ the index denoting temporal or spatial location within the data vector), by means of eigenanalytic projection matrices ψt computed from statistical variations in β arising from differences between individual users. These statistical variations are of the form cr = β — βme μ with subscripts i=1...M denoting specific users, or an average within a population of M users. Covariance <J allows subsequent generation of eigenvectors and projection matrices ψt with i=1...m«M. This in turn allows computation of biometric representation
V = : i = 1....M} , with m«M, such that b' is of truncated dimensionality, and the i-th component b\ = ψ, {β - βme^ obtained from the action of the corresponding eigen
projection matrix ψt on the biometric input β .
Two examples of case b) would be a transformation of linear data array β(x) into an L function b'(p), or a transformation of planar data array β(x,y) into an L function b'(p,q) with transform domain coordinates of b analogous to the spatial or temporal coordinates of β . The transformation integral may be of form b\p) = \dx.e~ipx .β(x) for one-dimensional inputs or
M
V (p, q) = J \dx.dy.e~'^px+9y) .β(x, y) for two-dimensional inputs, with the integration limits
M being dependent on the choice of coordinates i.e. linear for case a) and Cartesian, polar or logarithmic-polar for case b).
In the arrangement of Figure 2, in block 201 external biometric input b is transformed into U function b, which is then transformed into Rm or Cm vector b' in block 202. Alternatively, in the arrangement of Figure 3, in block 203 b is transformed directly into Rm , C" or U representation b'. Either way, generating b'( /?) allows comparison against previously computed b'( β° ) from reference biometric input β° . It is then possible to specify a distance threshold Ab such that correct inputs consistently result in \b'(β) - b'( β° )| < Ab , and incorrect inputs consistently result in \b'(β) - b'{β° )| > Ab . Figures 4a and 4b show user and imposter distributions of analogue representation β' and digital representation % . { % will be explained below with reference to Figures 5 and 6.) The distributions shown in Figure 4a are resulting from a biometric input of a face image and the distributions shown in Figure 4b are resulting from a biometric input of a fingerprint scan. (Details on techniques for face imaging and fingerprint scanning will be discussed below.) In each case, the user distribution shows V (βuser ) where βuser is a biometric input provided by the original user, and the imposter distribution shows b\βιmp } where β mp is from another user different from the original user (i.e. an imposter). The two distributions overlap each other such that there is a negative difference between the minimum imposter distance Δb%£ = min V {βimp ) - b' (/?°)| i.e. the left hand edge of the right hand distribution, and the
maximum user distance Δb™ = maφ1user) - V (/?°)| i.e. the right hand edge of the left hand distribution. This overlap means that there are two areas where errors may occur: the False Accept (FA) area in which an imposter is misidentified as a genuine user, and the False Reject (FR) area in which a genuine user is misidentified as an imposter. (These two areas are identified most clearly on Figure 4b.)
Figures 4c and 4d show the FA and FR operational characteristics of analogue representation b' and digital representation % . The plot of Figure 4c is for the face image plot in Figure 4a and the plot of Figure 4d is for the fingerprint scan plot in Figure 4b. The operational characteristics of b' show that FA and FR cannot both be minimized beyond the crossover error point at which FA = FR, such that a decrease in one will result in an increase in the other. This is consistent with the overlap of the user and imposter distributions of b'. Figures 4c and 4d will be discussed in more detail below.
Thus, this overlap of user and imposter distributions of biometric representation b\β) imposes significant limitations on the effectiveness of biometric verification.
Secret digital input CC as well as biometric input β may be used to generate a function X (of both a and β ) (in block 300) which is capable of providing a positive difference between the minimum imposter distance Δχ'™ζ = mm^χ(a, βmp) - χ(cxo, (where a ≠ a° and
Figure imgf000014_0001
β'mp is from a user different from the original user (i.e. an imposter)), and the maximum user distance Aχζ£ (where βmer is from the original user)
Figure imgf000014_0002
and this can be seen in Figures 4a and 4b. This allows for simultaneous minimization of the FA and FR regions to near-zero crossover levels, as can be seen in Figures 4c and 4d.
Alternatively, secret digital input (X as well as biometric input β are used to generate function c (of both a and β ) (in block 300) which is a ZK mixture of inputs α and β, and furthermore capable of providing a positive difference between the minimum imposter distance
ΔcJT = mm c(a, βimp) - (where a ≠ a° and βimp is from a user different
Figure imgf000015_0001
from the original user (i.e. an imposter)), and the maximum user distance (where β"ser is from the original user) as can be
Figure imgf000015_0002
seen in Figures 4e, 4h, 4k and 41. This allows for simultaneous minimization of the FA and FR regions to near-zero crossover levels, as can be seen in Figures 4f, 4g, 4i and 4j.
Mixture c is subsequently used to generate function v (of c, and consequently of both ex and β ) (in block 400) which is similarly capable of providing a positive difference between the minimum imposter distance Δχζζ = min χ(a, β'mp) - χ(a°, β°)\ (where a ≠ a° and
βmp is from a user different from the original user (i.e. an imposter)), and the maximum user distance (where βmer is from the original user)
Figure imgf000015_0003
as can be seen in Figures 4a and 4b. This also allows for simultaneous minimization of the FA and FR regions to near-zero crossover levels, as can be seen in Figures 4c and 4d.
Thus, both continuous-valued representation c(a, β) (sometimes called mixture sequence or correlation vector) and/or digital representation χ{ct, β) (sometimes called correlation bitstring or correlation word) enable a more effective determination as to whether a user is genuine or an imposter. The dependence of c and χ on a is also advantageous in the sense that a bitstring associated with the reference user can be revoked simply by revoking the associated physical device, or refreshed simply by selecting a new physical device.
Referring to Figure 1 , block 300 generates a ZK continuous-valued sequence of mixtures from the de-correlated random sequence {#,'} of block 100, and biometric representation b' of block 200. In a first arrangement, shown in Figure 5, block 300 comprises block 301 only. The mixture sequence is represented by {<?,- (cc, β) \ i = l...m'} , a sequence of real or complex- valued mixtures C1 (a, β) each having bit-index i, each mixture being a function of secret digital input a and analogue biometric input β . Alternatively, the mixture sequence is represented as c(a, β) when it is known as a correlation vector.
In block 300, correlation vector c(a, β) is progressively assembled from the individual mixtures C1 according to the following cases. Firstly, when the {α,} and {#,'} sequences are real-valued, this results in real-valued C1 = (at ',6') correlations, each of which contributes one real-valued mixture to c(a, β) . Secondly, when the {fir, } and
Figure imgf000016_0001
'} sequences are complex- valued, this results in complex-valued C1 = {«, ',£') correlations each of which contributes one complex-valued mixture to c(a, β) ,
In the first case, {α, } and \a\ } are real-valued vectors or functions. The specification of a ι - ψψ - JU
Figure imgf000016_0002
and
Figure imgf000016_0003
:μ = l...mf for functions, is determined by the specification of biometric representation b
Figure imgf000016_0004
so that all C1 =(at',b') are correlations of equivalent quantities. C1 = χ_l a\μ b'μ for vectors
M and C1 ~ jdp.a\ (p)b' (p) for functions.
In the second case, {fit, } and {a1, } are complex-valued vectors or functions. The specification
of at or vectors, and
Figure imgf000016_0005
for functions is determined by
Figure imgf000016_0006
the specification of biometric representation b :μ = l...— > for vectors, and
Figure imgf000016_0007
b are correlations of equivalent quantities. C1 = ^ o\μ V*μ for vectors and c, = Jφ.α'; (p)b'*(p) for functions. Once correlation vector c(a, β) is generated from user inputs a and β, this can be compared with a reference correlation vector c° = c{a°, β°) from reference inputs a° and β° . It is then possible to specify a distance threshold Δc , based on Euclidean or other continuous-valued measure, such that correct inputs consistently result in β) - c(a°,
Figure imgf000017_0002
< Ac , and incorrect inputs consistently result in
Figure imgf000017_0001
β) — c(a°, /?°)| > Δc . This enables us to set Δc as a verification threshold between c and c°, such that if c and c° differ by less than Ac bits, then a ~ a° and β and β° are considered to be from the same user, but if c and c° differ by more than Δc bits, then a ≠ a° and β and β° are considered to be from different users.
Referring to Figures 4e, 4h, 4k and 41 once again, these graphs show user and imposter distributions of c(a,β) . The user distribution shows c(«°,/ff!"er ) where a° is the original secret digital input and βmer is a biometric input provided by the original user, and the imposter distribution shows c(a,β'mp) where a ≠ a° and β'mp is from an imposter different from the original user. Characterization of users via correlation vector c{cc, β) is a substantial improvement over characterization of users via analogue biometric representation b\β) . The thresholding effect of Aχ on c(a, β) - c(a°,
Figure imgf000017_0003
is substantially more consistent that the equivalent effect of real-valued distance threshold Δb on b
Figure imgf000017_0004
\β) — . For example, there is a positive difference between the minimum imposter distance Δc££ = min c(a,βimp ) - c(a°, (the left hand edge of the right hand distribution), and
Figure imgf000017_0005
maximum user distance (the right hand edge of the
Figure imgf000017_0006
left hand distribution) in comparison to the negative difference between Δά^ aπd ^mZ. > as described previously. This clear separation of the user and imposter distributions of c(α, β) differs from the overlap in the user and imposter distributions of b'(β) .
Referring to Figures 4f, 4g, 4i and 4j again, the operational characteristics of c(a,β) shows a near-zero crossover error point, in comparison to the irreducible crossover error point of b' (β) . This means that FA and FR errors can be independently minimized, without a decrease of one resulting in an increase of the other. Referring again to Figure 1 , block 400 generates a bitstring from the mixture sequence {c,. } of block 300, which is itself generated from the de-correlated random sequence {a,1} of block 100, and the biometric representation b' of block 200. In a first arrangement, shown in Figure 5, block 400 comprises block 401 only. The bitstring is represented by ydiβtβ) '• i — 1—tnj , a sequence of bits χ, (cc, β) each having bit-index i, each bit being a function of secret digital input a and analogue biometric input β. Alternatively, the bitstring is represented as χ(a, β) when it is known as a correlation word.
χ(cc,β) is required to be stable in a large majority of bit positions i = 1...m' < m if digital input cc is identical to reference digital input cc° , and biometric input β is sufficiently similar to reference biometric input β° . The first condition means, for example, that the physical device used is identical to that associated with the reference user. The second condition means that the user providing the biometric data is the reference user. (Note that, since a is digital, there needs to be an exact match between oc and cc° whereas, for β which is analogue, there needs to be only a sufficiently similar match between β and β° .)
On the other hand, χ(a, β) is required to differ in approximately — bit-positions if the digital
input a is in any way different from the reference digital input a° and/or the biometric input β is substantially different from reference biometric input β° . The first condition means, for example, that the physical device used is different from that associated with the reference user. The second condition means that the user providing the biometric data is not the reference user.
In block 401 , bitstring χ(a, β) is progressively assembled from the individual bits χt according to the following cases, when i) mixture sequence c(cc, β) is real-valued, with each mixture C1 possibly contributing one bit to χ(a,β) , ii) mixture sequence c(a, β) is real-valued, with each mixture C1 possibly contributing up to 2V (where v is some small integer) bits to χ(cc, β) , iii) mixture sequence c(a, β) is complex-valued, with each mixture C1 possibly contributing up to two bits to %{pc, β) , or iv) mixture sequence c(a, β) is complex-valued, with each mixture c. possibly contributing up to 2V (where v is some small integer) bits to χ(cc, β) .
In all cases, each correlation C1 = (at ',6') is evaluated sequentially, with the m' (out of m)
strongest correlations contributing to correlation word X = \χt '. i = \ ....Trø'j . Each bit X1 is a random outcome of the corresponding correlation C1 , such that there is equal probability of outcomes 0 and 1. Furthermore, each X1 is also statistically independent of all Xj for j ≠ i, such that outcome X1 is unaffected by all other outcomes χ} for j ≠ i.
In the first case, characterization of χt (C1 ) in terms of definite (0 and 1 ) and indefinite (*) outcomes is based on the value of correlation C1 , as shown in Table 1 :
Value of C1 in interval Value of ^1 (C1 )
C1 ≤ μ - σ C1 ≥ μ + σ μ — σ < ct < μ + σ
Table 1 * denotes a null output to be disregarded for the purposes of comparison.
Mean μ and tolerance (7 are parameters chosen such that χt = 0 and χt = 1 outcomes occur with equal probability, there are at least m' out of m definite χt outcomes, and
Xi (cc, β) = χi (a°, βuser) with a = a° and βuser approximately similar to β° .
In the second case, characterization of \χtj (ct ) : j = 0...2V — Ij in terms of definite bitstring
outcomes is based on a partition of the correlation value C1 into 2V partitions. The partitions are chosen so that there is an equal probability for the occurrence of correlation value C1 in each partition, the distribution of which will be in accordance with a normal probability distribution for a random population of user biometric and external digital inputs. Bitstring characterization Zy (cz) from the partition outcome of C1 is chosen such that the characterization from adjacent partitions differs by a single bit, as would be the case for assignment of Zy bitstring values in accordance with a Grey coding scheme. Tolerance <7
can also be inserted between adjacent partitions in correlation value C1 , such that bitstring characterization χtJ {a, β) = χi} {a°,βuser) with a = a° and βuser approximately similar to β° results in v-1 or v stable bits for each correlation value ct (a°,βuser) , and at least m' out of m definite Zy outcomes for the entire correlation sequence c(a°,βuser) .
In the third case, characterization of doubie-bit Z10Zn (ct ) in terms of definite (0 and 1) and indefinite (*) outcomes is based on the value of correlation phase arg(c() , as shown in Table 2:
Value of arg(c;) in interval VaIUe Of
Figure imgf000020_0001
n 00 σ,---σ
π π
7 σ, — ? vσ
01
- + σ,π-σ \
(π-σ,π + σ) *1
3π 11 π + σ, σ
r3π 3π ^ 1* σ, — +σ k Δ 9 9 Δ j
3π 10
+ σ,2π~σ
(2π-σ,σ) *0
Table 2
' denotes a null output to be disregarded for the purposes of comparison. Tolerance (7 is chosen such that there are at least m' out of m definite bit outcomes in all Zy > and χi(μ, β) = χχ. a°,βuser) with a = a° and βuser approximately similar to β° .
In the fourth case, characterization of \Zy (c{ ) : j = 0...2V - 1 j in terms of definite bitstring outcomes is based on a uniform partition of the correlation phase arg(c,.) into 2V partitions. The uniform partitions result in an equal probability for the occurrence of correlation value argfø) in each partition, the distribution of which will be in accordance with a uniform probability distribution for a random population of user biometric and external digital inputs. Bitstring characterization Zy (ct) from tne partition outcome of cf is chosen such that the characterization from adjacent partitions differs by a single bit, as would be the case for assignment of Zy bitstring values in accordance with a Grey coding scheme. Tolerance (T can also be inserted between adjacent partitions in correlation value C1 , such that bitstring characterization Zy (a > β) = Zij (.a°> βmer) with a - a° and βmer approximately similar to β° results in 2V — 1 or 2V stable bits for each correlation value Cι(aσmer) , and at least m' out of m definite Zy outcomes for the entire correlation sequence c{a°, βuser) .
The correlation sequence for each of the cases: i) (c;. : i = 1....JnJ of real-valued correlations for the first case, resulting in possible assignment for a single bit for each correlation;
ii) Λ ct - l r of real-valued correlations forthe second case, resulting in
Figure imgf000021_0001
assignment of 2V — 1 or 2V bits for each correlation;
iii) / S ci . • l- - — 1 i of complex-valued correlations for the third case, resulting in
Figure imgf000021_0002
assignment of 1 or 2 bits for each correlation; and
iv) / ^ Cj .. 1- -- 11..,. m \ ? of complex-valued correlations for the fourth case, resulting in
assignment of 2V - 1 or 2V bits for each correlation; results in m' or more (out of m) definite bit outcomes. The preferred method of generating (c. : z = 1....nt j is to choose the subset of \Ct } corresponding to the strongest m' characterizations, which can be defined as those correlations with: i) largest absolute differences |e(. - μ from mean JU , as specified in Table 1 for the first case; ii) most significant distribution of absolute differences away from the partition boundaries used for bit assignment, for the second case; iii) most significant distribution of phase differences argfø) way from the phase value partition
boundaries < 0,—,π, — > used for bit assignment, as specified in Table 2 for the third L L λ J case; and iv) most significant distribution of phase differences arg(c,) way from the phase value partition boundaries used for bit assignment, for the fourth case.
Once correlation word χ(a, β) is generated from user inputs a and β , this can be compared with a reference correlation word χ° = χ(a°,β°)ftom reference inputs a° and β° . It is then possible to specify a Hamming distance threshold Aχ such that correct inputs consistently result in
Figure imgf000022_0001
< Aχ , and incorrect inputs consistently result in
Figure imgf000022_0002
- χ(a°,
Figure imgf000022_0003
> Aχ . This enables us to set Aχ as a verification threshold between χ and χ° , such that if χ and χ° differ by less than Aχ bits, then a = oc° and β and β° are considered to be from the same user, but if χ and χ° differ by more than Aχ bits, then a ≠ a° and β and β° are considered to be from different users.
Referring to Figures 4a and 4b once again, these graphs show user and imposter distributions of χ(a,β) . The user distribution shows χ(ac ', βmeι r ) where a° is the original secret digital input and βmer is a biometric input provided by the original user, and the imposter distribution shows χ(a, β'mp) where a ≠ a° and βmp is from an imposter different from the original user. Characterization of users via correlation word χ(a, β) is a substantial improvement over characterization of users via analogue biometric representation b\β) . The thresholding effect of Aχ on
Figure imgf000022_0004
β) — χ(a°, is substantially more consistent that the equivalent effect of real-valued distance threshold Ab on b'(β) —
Figure imgf000022_0005
. For instance, there is a positive difference between the minimum imposter distance Δχζζ = min χ{a, βmp) - χ(a°, /?°)|
(the left hand edge of the right hand distribution), and maximum user distance
Aχ™ = (the right hand edge of the left hand distribution) in
Figure imgf000023_0001
comparison to the negative difference between Δb'™ζ and Δb™^ , as described previously. This clear separation of the user and imposter distributions of χ(a, β) differs from the overlap in the user and imposter distributions of b'(β) .
Referring to Figures 4c and 4d once again, the operational characteristics of χ(a,β) shows a near-zero crossover error point, in comparison to the irreducible crossover error point of b'(β) . This means that FA and FR errors can be independently minimized, without a decrease of one resulting in an increase of the other. Δχ™^ can be further reduced by suitable choice of tolerance parameter σ and bitstring length m', so that definite quantization χt G {θ,l} for i=1...m' < m is made subject to stability under minor variations in biometric input β .
In a second arrangement of block 400, which is shown in Figure 6, block 400 comprises block 401 as previously described as well as new blocks 402 and 403. In this arrangement, a parity- check is generated in block 402 and used in block 403 to provide a first level of correction to the correlation word.
It is possible to increase the stability of correlation word χ (a, β) by computing a parity check X\Z°) m b|ock 4°2, from reference correlation word χ° = χ(cc°, β°) i.e. the correlation word derived from reference digital input a° and reference biometric input β° . χ* (χ°) allows for correction of bit-errors, up to a specified maximum number, in correlation word χ(a, β) in order to recover χ° or at least a closer approximation to χ° .
The preferred way to generate χ\χ°) in block 402 is to use a linear algebraic error-correcting code of characterization (s,s',As)q where s is the symbolic length of codeword (%°,χ')t s' is the symbolic length of information word χ°, As = 2σ + 1 is the minimum symbolic distance of the (s, s',Δs)q code, q is the degree of the finite field used to construct the (s,s',As)qcoάe, and σ is the specified maximum error correcting threshold, such that bit errors in excess of this threshold are not corrected. The (s, s\As) code is used to construct F, the generator matrix, with which to compute parity-check χ'= F(χ°) in block 402. Various coding schemes (e.g. Hamming, Reed-Solomon, Bose-Chaudhuri-Hocquenghem, Goppa or Golay) could be used for this purpose, as will be well appreciated by those skilled in the art.
The requirements of this correction step are that threshold σ is specified, thereby allowing for code (s,s\As)q to be specified and that χy should be a ZK representation of χ° , such that
#o cannot be derived from χ' .
The output of block 402 is parity-check χ' which is stored and may also be used in block 403. Note that it is possible to specify some linear algebraic code such that the small number of bit- errors in χ(cc°,βυser) , from correct digital input a° and biometric input βmer from the correct user, are consistently corrected but the large number of bit-errors in χ(cc,βmp) , from incorrect digital input a ≠ α°and biometric input βmp from an imposter, is beyond the specified threshold σ.
It is possible to generate a symptom vector χ" from correlation word χ{μ, β) from block 401 , and parity-check χf , generated in block 402 and derived from χ° . Occurrence of symbolic errors in χ is indicated by non-zero symptom vector χ" ≠ 0 , constituting a linear equation system, which can be solved to recover χ° or a closer approximation to χ°. That is, block 403 can be used to correct bit-errors, up to a specified maximum, in correlation word χ .
Similarly to generation of parity-check χ' in block 402, the preferred way to generate symptom vector χy ' is to use a linear algebraic error-correcting code of characterization (s,s',As)g where s is the symbolic length of codeword {χ°, χ') , s' is the symbolic length of information word j° , /U = 2σ + 1 is the minimum symbolic distance of the (s, s' , As)g code, q is the degree of the finite field used to construct the {s,s\ Ay)9 code, and σ is the specified maximum error correcting threshold, such that bit errors in excess of this threshold are not corrected. The (s,s',Δs)q code is used to construct F", the parity-check matrix, with which to compute symptom vector χ"= F\χ,χy) in block 403.
Inclusion of blocks 402 and 403 (Figure 6) results in a greater separation of the user and imposter distributions of Figures 4a and 4b when compared with the arrangement of Figure 5, having block 301 only. This allows specification of smaller Hamming thresholds Aχ when compared with the arrangement of Figure 5, which enables a more rigorous verification of inputs a and β .
Referring once again to Figure 1 , it will be explained how the system is initially set up and subsequently used. Initially, reference inputs cc° and β° are taken from a user and these are used to generate χ° = χ(a°, β°) and, optionally, parity-check χ\χ°) . Effectively, this provides the correlation word user distribution of Figures 4a and 4b to use as a comparison during later use. Then, during use, input samples ex and β are taken from a user (each time a user wishes to gain access to a secure building, for example) and used to generate χ(cc, β) , individual bits of which may be corrected using previously stored χ' (χ°) . Then, χ(a,β) car\ be compared with χ° (for differences within or without Hamming distance threshold Aχ ) to establish whether the user is the original user or is, in fact, an imposter. If χ differs from χ° by more than Aχ , the user is deemed to be an imposter whereas if % differs from χ° by less than Aχ , the user is deemed to be a genuine user.
A second embodiment of the invention is illustrated in Figure 7, which is a block diagram showing the various stages according to a second embodiment of the invention. Just like the first embodiment, shown in Figure 1, the block diagram includes block 100, which receives secret digital input a and outputs random sequence {#,'}, block 200, which receives analogue biometric input β and outputs biometric representation b' (and may have the structure shown in either Figure 2 or Figure 3), block 300, which outputs a sequence
Figure imgf000025_0001
} of correlation mixtures between the digital and biometric inputs, and block 400 (which, in this case, must have the structure shown in Figure 6), which receives \ct } and outputs digital representation χ and parity-check χy . The arrangement shown in Figure 7, however, further includes block 500 which will be described further below.
Block 500 allows reference correlation word χ° to be encrypted and stored. Block 500 generates an encrypted version of correlation word denoted φaa<(0) , with ψaa, an encryption of specified parameter set θ (with θ = {χ, χr) in this case), given particular secret inputs a and ά1 . a is the secret input which was used to generate the correlation word χ(ct, β) , and cc' is a further secret input, and of the same type of data as cc i.e. a number or parameter associated with a physical device, or a password or PIN associated with a particular user.
The requirements for encrypted storage and conditional recovery of θ are that the decryption of φaa, to recover θ requires knowledge of CC and a1 , the value φaa, is a ZK representation of θ , such that θ cannot be deduced from φaa, without knowledge of CC and a? , and recovery from storage of φaa< requires knowledge of OC and a' .
The preferred way for φ to be generated is to compute cipher and access-control keys (k,k') = ha,(ά) from secret inputs (a,a') by means of a hashed message authentication code (HMAC). This computation must satisfy the following requirements: 1) that k is required for encryption φ = Ek(θ) and decryption θ = Dk(φ) , with transformations E and D a specified cipher algorithm and 2) that k' is required for recovery of φ (θ) from storage.
A third embodiment of the invention is illustrated in Figure 8, which is a block diagram showing the various stages according to a third embodiment of the invention. Just like the second embodiment, shown in Figure 7, the block diagram includes block 100, which receives secret input cc and outputs random sequence {«/}, block 200, which receives biometric input β and outputs biometric representation b' (and may have the structure shown in either Figure 2 or Figure 3), block 300, which outputs a sequence
Figure imgf000026_0001
} of correlation mixtures between the digital and biometric inputs, and block 400 (which, in this case, must have the structure shown in Figure 6), which receives
Figure imgf000026_0002
} and outputs correlation word χ and parity-check χy . The arrangement shown in Figure 8, however, includes block 600 (instead of block 500) which will be described further below.
Block 600 generates a secret keystring x{oc, χ) and secret recovery parameters Z a from
secret input a , and Sp β (Zβ)) from a small set of correlation words
Figure imgf000026_0003
) which are similar in a large majority of bit positions to reference correlation word χ° = χ(cc°, β°) , from block 400. Keystring X
Figure imgf000026_0004
required to be entirely stable in all bit positions if input cc is identical to reference digital input oc° , and correlation word χ e \χβ j is similar to χ° in a large majority of bit positions. That is, keystring x(pc, χ) is entirely stable if a = GC° , and biometric input β and reference biometric input β° are sufficiently similar, and hence associated with the same user, such that % and % are similar in a large majority of bit positions. Compare this with the requirements for correlation word,
X = \χt '. i = 1....7W1} which is required to be stable only in a large majority of bit positions (rather than all the bit positions) if a = a° and β and β° are sufficiently similar to be associated with the same user.
Thus, the generation of secret keystring x is a refinement over the generation of correlation word χ .
On the other hand, x is required to differ in approximately — bit-positions if a and a° are in
any way different, or χipc, β) and χ° - χ{cc°, β°) differ in more than a small minority of bit positions, which in turn denotes that the user providing β is not the same as the reference user providing β° .
x is a ZK representation of its inputs a and χ such that the value of a cannot be deduced from x and any value of χ e \χβ j cannot be deduced from x. Z a is a ZK representation of
a , such that the value of (X cannot be deduced from Z'α . Each Z1^ is a ZK representation
of the corresponding χβ , such that the value of χβ cannot be deduced from Z1^5 . The set of
Z\ and (Z1^ j are ZK representations of x, such that x cannot be deduced from one or more
of Zy a and [Z'β f. The set of Zx a and
Figure imgf000027_0001
j , such
that a and any of yCβ ) cannot be deduced from one or more of Z'α and (Z'^).
In a first arrangement, shown in Figure 9, block 600 comprises block 601 only. Each Z'^ corresponds to a particular correlation word value within relatively small set yCβ }, the small size of which results from the representation stability of outputs from block 400. It is possible to specify the small set \χβ j for a user with reference inputs a° and β° such that correct digital input α° and biometric input βuser from the reference user consistently result in χ[a°, βtιser )e \χβ } and incorrect digital input a ≠ a° and biometric input βmp from an imposter consistently result in χ
Figure imgf000028_0001
\cx, β'mp Jø }. That is, correct inputs cause the correlation word to fall within a predetermined set, whereas incorrect inputs cause the correlation word to fall outside that set. The set [χβ \ corresponds to the user distribution shown on the left hand side of Figures 4a and 4b. Correct inputs from the reference user result in correlation words consistently within the user distribution for that particular user, whereas incorrect inputs from other users (imposters) result in correlation words in the imposter distribution for that particular user, with the user and imposter distributions cleanly separated as in Figures 4a and 4b. The requirement for set
Figure imgf000028_0002
} to be small is equivalent to the requirement that χ(cc, β) be stable in most bit positions for correct inputs from the reference user as set out above.
The main requirements are as follows: 1) that secret key x(oc, χ) is associated with correct digital input a and correlation word χ falling within set
Figure imgf000028_0003
j; 2) that key x(a, χ) is
associated with key-share Za and set of key-shares (Zg); 3) that key-share Za is
associated with correct digital input a and key x(pc, χ) ; 4) that each key-share Zβ in its set
Figure imgf000028_0004
\%β /and key x(a,χ) ;
5) that recovery-parameter Z\ is associated with key-share Za ; 6) that key-share Za is a ZK representation of (X , such that a cannot be determined from Za 7) that each Z β is a ZK
representation of the corresponding χβ , such that a cannot be determined from Za ; 8) that x
can be recovered from Za and one Zβ from its set (^j; 9) that each recovery-parameter
Zy β in its set
Figure imgf000028_0005
10) that
Za can be recovered from correct a and Z a ; 11) that each Zβ can be recovered from the
correct corresponding χβ and the corresponding -2^3; 12) that Z\ is a ZK representation of
Za , such that the value of Za cannot be determined from Z} a ; 13) that each Z} β jn its set
is a ZK representation of the corresponding Zβ in its set , such that the value of Zβ cannot
be determined from Zy β \ 14) that Zx a and the set [Z1 β\ are ZK representations of Za and the set
Figure imgf000029_0001
Za or any of ψ β } cannot be determined from one or more of Zx a and {Z1 β\.
The preferred way to generate x, Za , the set of (Z8J, Z\ and the set of ψ β\ is to use interpolation of modular polynomials of linear or higher degree, as specified below. The secret- key x, secret-shares Za and Za and recovery parameters Z a and (Z1^ j are derived from random encoding polynomial σ(_?) = *∑crμsμ vaoάq as follows: x = σ(0) = σ0 from lowest
order polynomial parameter, Za — (cc,σ(ccj) and each Zβ
Figure imgf000029_0002
in the set,
from the (s, C(Sj) coordinates on polynomial (J , Z'α = σ(a) , thereby enabling recovery
of Za with knowledge of a , each Z1^3 = (h(xp ), c(χβ J) in the set, thereby enabling
recovery of corresponding Zβ with knowledge of the corresponding χβ .
The outputs of block 601 are recovery parameters Z\ and (Z'^j which may be stored, and secret-key x which may be discarded, since it can be recovered, in any case, from the recovery parameters.
In an alternative arrangement, block 600 could be arranged to generate secret-key x from two secret digital inputs a and a1 , but no biometric input β . This is useful where it is difficult or impossible to obtain biometric input β . For this arrangement, there are additional requirements relating to a" analogous to those relating to a , such as: that x(a,af) is required to be entirely stable in all bit positions if input a1 is identical to reference secret input a01 , whereas x differs
in approximately — bit positions if a' differs at all from αo? ; that x is a ZK representation of
a' such that the value of α' cannot be deduced from x; and that Z\ is a ZK representation
of a' , such that the value of a1 cannot be deduced from Zy a .
In another alternative arrangement, block 600 could be arranged to generate secret-key x from secret digital input (X , and two biometric inputs β and /?' . This is useful where it is difficult or impossible to obtain the first biometric input β . For this arrangement, there are also additional requirements relating to β' analogous to those relating to α, such as: that x(μ,β') is required to be entirely stable in all bit positions if correlation word is in set \%β), all elements of which are similar to reference correlation word χ°' in a large majority of bit positions, whereas x
differs in approximately — bit positions if correlation word is not in the set \χβ) i.e. χ <£ \χβ),
that is if χ differs from χ°' in more than a small minority of bit positions; that x is a ZK representation of χ°x , such that the value of χ°' cannot be deduced from x, and that each Z'β, in the set is a ZK representation of the corresponding χp, in the set, such that χβ,
cannot be deduced from Z'β, , that the set of
Figure imgf000030_0001
j are ZK representations of the set of \χβ, } , such that any of \χβ, } cannot be deduced from one or more of \Z'p j .
In a second arrangement, shown in Figure 10, block 600 comprises block 601 as previously described, together with new block 602. Block 602 allows secret-key x to be recovered using the recovery parameters. In fact, x can only be recovered with an appropriate number of secret- shares, as will now be described.
As described above, x is recovered from a modular polynomial of order μ . The number of secret-shares required to recover x depends on the polynomial order μ . Thus, for a linear polynomial with μ = 1 , two key-shares are required, selected from the following key factors: secret digital input a , and one of the following: one correct correlation word from set
Figure imgf000030_0002
) , or
secondary digital input ά1 , or one correct correlation word from secondary set
Figure imgf000030_0003
Or, for a quadratic polynomial with μ = 2 , three key-shares are required selected from the following key factors: secret digital input a , and one correct correlation word from set
Figure imgf000030_0004
J , and one of the following: secondary digital input ex' , or one correct correlation word from secondary set
Recovery parameters -Z'α and
Figure imgf000030_0005
allow the required key-shares to be obtained, with the following secret-shares obtained when the following conditions are met: 1) Za from Z\ when digital input a is correct; 2) one Zβ in
set \Zβj, from corresponding Z β in set ]Z'βj, when correlation word χ is in set of correct correlation words
Figure imgf000031_0001
3) Za, from Z'a, when secondary digital input a' is correct; and 4)
one Zβ, jn set [Zp J 1 from corresponding Z'β, in set (Z1^1 J1 when correlation word χ is in
set of correct correlation words
Figure imgf000031_0002
A fourth embodiment of the invention is illustrated in Figure 11 , which is a block diagram showing the various stages according to a fourth embodiment of the invention. The block diagram includes block 100, block 200 (which may have the structure shown in either Figure 2 or Figure 3), block 300, block 400 (which must have the structure shown in Figure 6) and block
600 for generating secret-key x and recovery parameters Z a and (Z'^ J and, where
applicable Z a, and
Figure imgf000031_0003
J , allowing recovery of x. The arrangement shown in Figure 11 , however, further includes block 700 which will be described further below.
In a similar way to block 500, block 700 generates an encrypted version of the recovery parameters, which is denoted ψaa<(β) with φaa< an encryption of specified parameter set θ (with θ = \χ\Zy a , [Z' p }) in this case), given particular secret inputs a and «' . a is the secret input which was used to generate the correlation word χ(a, β) , and of is a further secret input, and of the same type of data as a i.e. a number or parameter associated with a physical device, or a password or PIN associated with a particular user.
The requirements for encrypted storage and conditional recovery of θ are that the decryption of φaa< to recover θ requires knowledge of a and a' , the value of φaa< is a ZK representation of θ , such that θ cannot be deduced from φaa, without knowledge of a and oC , and recovery from storage of φaa, requires knowledge of a and a' .
The preferred way for φ to be generated is to compute cipher and access-control keys
(k,k') = ha,(cc) from secret inputs (cc,a') by means of a hashed message authentication code (HMAC). This computation must satisfy the following requirements: 1) that k is required for encryption φ = Ek (θ) and decryption θ = Dk (φ) , with transformations E and D a specified cipher algorithm; and 2) that k' is required for recovery of φ (θ) from storage. A fifth embodiment of the invention is illustrated in Figure 12, which is a block diagram showing the various stages according to a fifth embodiment of the invention. The block diagram includes block 100, block 200 (which may have the structure shown in either Figure 2 or Figure 3), block 300, block 400 (which must have the structure shown in Figure 6) and block 600 for generating secret-key x and recovery parameters Z' a and (Z1^ J, allowing recovery of x. The arrangement shown in Figure 12, however, further includes block 800 which will be described further below.
Block 800 allows an asymmetric key-pair to be generated comprising private-key x(a, β) , also known as the secret-key as derived in block 600, and public-key x'(x) derived from x in block 800.
The requirements are that x' is a ZK representation of x, such that the value of x cannot be
deduced from x', and x'= \x\} for i=1...n, differs in approximately — bit positions if input x
differs in any respect from reference input x° = x(μ°, β°) i.e. the secret-key derived from reference digital input cc° and reference biometric input β° . The preferred way to constitute an asymmetric key-pair is to have public-key x\x) computed directly from private-key x by means of a ZK transformation.
A sixth embodiment of the invention is illustrated in Figure 13, which is a block diagram showing the various stages according to a sixth embodiment of the invention. The block diagram includes block 100, block 200 (which may have the structure shown in either Figure 2 or Figure 3), block 300, block 400 (which must have the structure shown in Figure 6) and block 600 for generating secret-key x and recovery parameters Z a and JZ'^ j allowing recovery of x. The arrangement shown in Figure 13, however, further includes block 900 which will be described further below.
Block 900 allows a cryptographic parameter s'(x, s) to be computed from secret or private-key x(a, β) and additional external input s, which may be generated randomly or obtained from another source (not shown).
The requirements are that s' is a ZK representation of inputs x and s, such that the value of x or
s cannot be deduced from s', and
Figure imgf000032_0001
i=1...n, differs in approximately — bit-positions if input x differs in any respect from reference input x° = x(a°, β°) i.e. the secret-key derived from reference digital input cc° and reference biometric input β° . The preferred way to generate s' is to calculate s'(x, s) as required by the cryptographic protocol of interest, which also specifies the nature of secondary input s.
Several embodiments of the invention have been described, all of which make use of a biometric input β . As already mentioned, there are a number of possible biometric inputs and details of two will now be described.
As a first example, the biometric input may be a face image (see Figures 4a and 4c). This involves taking a photograph of the face of a reference user, and analyzing the photograph for later comparison. There are a number of steps which can be taken at the outset to improve the use of the face scan as a biometric input.
Firstly, the face is detected from a raw camera image. This requires a set of training data of positive examples (faces of various poses, sizes and illuminations) and negative examples (non-face objects), which allows the face detector to distinguish between the face and the surrounding background.
Secondly, the face image is normalized into a face bitmap of uniform size and consistent quality. This stage includes five stages: 1) equalization of illumination i.e. normalization of bright or dim images to a consistent level; 2) noise suppression i.e. elimination of excessive noise from the image. This helps with the identification of facial features such as eyes and nostrils; 3) contrast enhancement on blurry images. This is particularly useful for low-resolution cameras and also helps with later feature identification; 4) detection of two or three reference points on the face e.g. both eyes and the nose or a nostril. Iris detection has been found to be fairly reliable for eye detection and this gives two reference points which can be used to correct variations in pose; 5) geometric framing for additional correction of the face image for variations in pose.
Thirdly, the normalized image is vectorized using statistical analysis or integral transforms. That is, from the two dimensional array β, a biometric representation in vector form is produced. To do this, it has been found that eigenanalytic methods are more effective and efficient but they are quite dependent on the training data set used for the initial set up. Hence, for the training data set, it is important to have data which is broadly similar to the type of data which will be seen in real use (e.g. with face images of the same racial origin and using a similar camera type). As a second example, the biometric input may be a fingerprint scan (see Figures 4b and 4d). As before, there are a number of steps which can be taken at the outset to improve the use of the fingerprint scan as a biometric input.
Firstly, the orientation field of a fingerprint image representing the direction of ridges in the fingerprint image is calculated. The fingerprint image is divided into a number of non- overlapping blocks, and an orientation representative of the ridges in the block is assigned to the block based on an analysis of grey scale gradients in the block. The block orientation can be determined from the pixel gradient orientations based on averaging or majority-based decision making.
Secondly, segmentation is performed. One of the problems resulting after the first step is that there is still background noise and also there is a need to distinguish between the fingerprint region and the region outside the fingerprint itself. It is important to localize the portions of fingerprint image depicting the finger foreground against the non-finger image background. The simplest approach is to segment the foreground by global or adaptive thresholding. To do this, it is possible to use histogram equalization to expand the pixel value distribution of an image so as to increase the perceptional information. After that, the image is divided into small blocks (typically 32x32 pixels) and a Fourier transform performed over each block. In order to enhance a specific block by its dominant frequencies, the Fourier transform of the block is multiplied by its magnitude a number of times.
Thirdly, the central (core) point of the fingerprint image is located. This is particularly important if two fingerprint images are to be compared. However, automated core point detection can only find the most likely centre of the image whether or not a meaningful core point exists or not. Also, even with the core point, the alignment of two images for comparison still may need to be corrected as we are not taking into account scaling, rotation and clipping factors.
Finally, we extract a block around the core point to be used for comparison. Those portions of the block which are outside the fingerprint region will be aligned a zero vector.
Only two examples of biometric input have been described, but it will be readily appreciated by the skilled person that further examples are, of course, possible.
List of major terms used: a secret digital input β biometric analogue input (X0 reference digital input β° reference biometric input
Lx J random sequence derived from a
{#,'} de-correlated and normalized version of
Figure imgf000035_0001
b' analogue biometric representation χ{μ, β) digital representation/digital bitstring/correlation word χy parity check φ x m\ encrypted correlation word (may also include recovery parameters) θ set of system parameters to be encrypted into φ
7 , J7 ( secret shares £a and Y'β] J71 I secret recovery parameters
x(a, β) secret-key or private-key x'(x) public-key s'(x, s) cryptographic parameter
S additional external input

Claims

Claims
1. A method for comparing user and reference biometric inputs, the method comprising: 5 (a) receiving a digital input CC from a user;
(b) generating a mutually uncorrelated random analogue sequence from CC ;
(c) receiving an analogue biometric input β from the user;
(d) generating a biometric representation from β ;
(e) generating a digital bitstring χ from the sequence; and
10 (f) comparing the bitstring χ with a previously computed bitstring χ° derived from a digital input a° from a reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user.
5 2. A method for comparing user and reference biometric inputs, the method comprising: a) receiving a digital input CC from a user; b) generating a mutually uncorrelated random analogue sequence from CC ; c) receiving an analogue biometric input β from the user; d) generating a biometric representation from β ; 0 e) generating a correlation mixture sequence c from the random sequence and the biometric representation; and f) comparing the correlation c with a previously computed correlation c° derived from a digital input a° from a reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user. 5
3. A method as claimed in claim 2, wherein there is further included: g) generating a digital bitstring χ from the correlation mixture sequence; and h) comparing the bitstring χ with a previously computed bitstring χ° derived from the digital input a° from the reference user and the biometric input β° from the reference user, 0 to determine whether the user is the same as the reference user.
4. A method as claimed in claim 3, wherein after step (g) and before step (h) there is included correcting bit errors in χ using a previously computed parity-check derived from χ° .
5. A method as claimed in claim 1 , wherein after step (e) and before step (f) there is included correcting bit errors in χ using a previously computed parity-check derived from %° .
6. A method as claimed in claim 4 or claim 5, wherein the parity-check is derived from χ° using a parity-matrix computation.
7. A method according to any one of claims 1 to 6, wherein step (b) comprises: generating a random sequence from CC ; and de-correlating and normalizing the sequence to form a mutually uncorrelated random sequence.
8. A method according to any one of claims 1 to 7, wherein step (d) comprises matrix operations in at least one dimension, resulting in biometric representations of real-valued vectors or complex-valued vectors.
9. A method as claimed in any one of claims 1 to 7, wherein step (d) comprises integrations in at least one dimension, resulting in biometric representations of real-valued functions or complex-valued functions.
10. A method as claimed in any one of claims 1 to 7, wherein step (d) comprises: generating an intermediate biometric representation from β , the intermediate biometric representation being a real function or a complex function; and generating the biometric representation from the intermediate biometric representation, the biometric representation being selected from the group consisting of: a real function, a complex function, a real vector, and a complex vector.
11. A method as claimed in claim 10, wherein the generating of the intermediate biometric representation comprises at least one integration in at least one dimension, and the generating of the biometric representation from the intermediate biometric representation comprises at least one matrix operation in at least one dimension.
12. A method as claimed in any one of claims 1 to 11 , wherein the analogue biometric input β is selected from the group consisting of: a two-dimensional image array, a one-dimensional function of time, a handwritten signature motion, a voiceprint sequence, a fingerprint scan, a face photograph, and an iris scan.
13. A method as claimed in claim 12, wherein when the analog biometric input β is a two dimensional array, step (d) comprises integrating, in two dimensions, biometric input β .
14. A method as claimed in any one of claims 1 to 13, wherein reference biometric input β° is selected from the group consisting of: a one-dimensional function of time, a handwritten signature motion, a voiceprint sequence, a two-dimensional image array, a fingerprint scan, a face scan, and an iris scan.
15. A method as claimed in any one of claims 1 to 14, wherein the digital input CC is selected from the group consisting if: a number associated with a physical device, a parameter associated with the physical device, a password, and a personal identification number.
16. A method as claimed in any one of claims 1 to 15, wherein the digital input <x° is selected from the group consisting if: a number associated with a physical device, a parameter associated with the physical device, a password, and a personal identification number.
17. A method as claimed in any one of claims 1 to 16, wherein the random sequence is such that digital input CC may not be derived from the random sequence.
18. A method as claimed in any one of claims 1 to 17, wherein the random sequence is such that one portion of the sequence may not be derived from another portion of the sequence.
19. A method as claimed in any one of claims 1 to 18, wherein the mutually uncorrelated random sequence is such that digital input CC may not be derived from the mutually uncorrelated random sequence.
20. A method as claimed in any one of claims 1 to 19, wherein the mutually uncorrelated random sequence is such that one portion of the sequence may not be derived from another portion of the sequence.
21. A method as claimed in any one of claims 1 to 20, wherein the biometric representation is selected from the group consisting of: a real vector, a complex vector, a real function, and a complex function.
22. A method as claimed in claim 2 or any one of claims 3 to 21 when dependent on claim 2, wherein step (f) comprises obtaining a Euclidean or other continuous-valued distance between c and c° and comparing the continuous-valued distance with a predetermined threshold.
23. A method as claimed in claim 3 or any one of claims 4 to 22 when dependent on claim 3, wherein step (h) comprises obtaining a Hamming distance between χ and χ° and comparing the Hamming distance with a predetermined threshold.
24. A method as claimed in claim 1 or any one of claims 4 to 22 when dependent on claim
1 , wherein step (f) comprises obtaining a Hamming distance between χ and χ° and comparing the Hamming distance with a predetermined threshold.
25. A method as claimed in claim 1 or any one of claims 3 to 24 further comprising encrypting the digital bitstring χ .
26. A method as claimed in claim 25 further comprising storing the encrypted digital bitstring.
27. A method as claimed in claim 25 or claim 26 wherein the encryption is such that decryption requires knowledge of at least one selected from the group consisting of: digital input
OC , and a second digital input oC .
28. A method as claimed in claim 1 or any one of claims 3 to 27 further comprising generating a secret-key x from digital input CC and bitstring χ .
29. A method as claimed in claim 28 further comprising generating a plurality of recovery parameters for recovering secret-key x.
30. A method as claimed in claim 29 further comprising encrypting the plurality of recovery parameters and storing the encrypted recovery parameters.
31. A method as claimed in claim 29 or claim 30, wherein the secret-key is recoverable by knowledge of a given number of secret shares, the given number depending on the properties of secret-key x.
32. A method as claimed in claim 31 , wherein the secret shares are assigned so as to associate CC and possible values of χ with x.
33. A method as claimed in claim 31 or claim 32, wherein the secret shares are such that the secret-key x cannot be derived from an insufficient number of secret-shares.
34. A method as claimed in any one of claims 31 to 33, wherein the secret-shares are such that an individual secret-share may not be derived from an insufficient number of secret-shares.
35. A method as claimed in any one of claims 31 to 34, wherein each secret share is obtained by one of the plurality of recovery parameters.
36. A method as claimed in any one of claims 31 to 35, wherein the secret-shares are associated with a plurality of digital inputs OC and a plurality of analogue biometric inputs β .
37. A method as claimed in any one of claims 31 to 36, wherein the recovery parameters are generated from the secret shares such that each secret-share is associated with a respective recovery parameter.
38. A method as claimed in claim 37, wherein each recovery parameter is such that its respective secret share cannot be derived from it.
39. A method as claimed in any one of claims 29 to 38, wherein the recovery parameters are such that input CC or possible values of bitstring χ cannot be derived from the corresponding recovery parameter.
40. A method as claimed in any one of claims 28 to 39 further comprising generating a public key x' from the secret-key x.
41. A method as claimed in claim 40 further comprising generating a cryptographic parameter s from the public key x'.
42. A method as claimed in claim 41 , wherein the generating the cryptographic parameter s is from the public-key x' and at least one further digital input.
43. A method as claimed in any one of claims 40 to 42, wherein the public-key x' and secret-key x form an asymmetric key-pair.
44. A method as claimed in any one of claims 40 to 43, wherein the public key x' is such that the secret-key x cannot be derived from the public key x'.
45. A method as claimed in claim 1 or any one of claims 4 to 44 when dependent on claim 1, wherein a correlation mixture sequence c is generated from the sequence and the representation, and the digital bitstring % is generated from the mixture.
46. A method as claimed in claim 45, wherein the correlation mixture sequence c is compared with a previously computed mixture c° derived from the digital input a° from the reference user and the biometric input β° from the reference user.
47. A method as claimed in claim 46, wherein the previously computed bitstring χ° is derived from mixture c° which, in turn, is derived from the digital input a° .
48. Apparatus for comparing user and reference biometric inputs, the apparatus comprising:
(a) a first receiver for receiving a digital input CC from a user; (b) a second receiver for receiving a biometric input β from the user;
(c) a processor for generating:
(i) a mutually uncorrelated random sequence from OC , (ii) a biometric representation from β ,
(iii) a digital bitstring χ from the sequence and the representation; and (d) at least one comparator for comparing the bitstring χ with a previously computed bitstring χ° derived from a digital input a° from a reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user.
49. Apparatus as claimed in claim 48, wherein the processor is for generating a correlation mixture sequence c from the sequence and the representation, and generating the digital bitstring χ from the mixture.
50. Apparatus as claimed in claim 49, wherein the at least one comparator is for comparing the correlation mixture sequence c with a previously computed mixture c° derived from the digital input a° from the reference user and the biometric input β° from the reference user.
51. Apparatus as claimed in claim 50, wherein the previously computed bitstring χ° is derived from mixture c° which, in turn, is derived from the digital input a° .
52. Apparatus for comparing user and reference biometric inputs, the apparatus comprising:
(a) a first receiver for receiving a digital input CC from a user;
(b) a second receiver for receiving a biometric input β from the user; (c) a processor for generating:
(i) a mutually uncorrelated random sequence from CC , (ii) a biometric representation from β ,
(iii) a correlation mixture sequence c from the sequence and the representation, and (iv) a digital bitstring χ from the mixture; and
(d) at least one comparator for comparing:
(i) mixture c with a previously computed mixture c° derived from a digital input a° from a reference user and a biometric input β° from the reference user, and (ii) bitstring χ with a previously computed bitstring χ° derived from mixture c°, which is in turn derived from a digital input cc° from a reference user and a biometric input β° from the reference user, to determine whether the user is the same as the reference user.
PCT/MY2006/000029 2005-11-18 2006-11-17 Improvements in and relating to biometrics WO2007058520A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI20055403 2005-11-18
MYPI20055403 2005-11-18

Publications (2)

Publication Number Publication Date
WO2007058520A1 true WO2007058520A1 (en) 2007-05-24
WO2007058520A8 WO2007058520A8 (en) 2007-10-04

Family

ID=38048867

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2006/000029 WO2007058520A1 (en) 2005-11-18 2006-11-17 Improvements in and relating to biometrics

Country Status (1)

Country Link
WO (1) WO2007058520A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6310966B1 (en) * 1997-05-09 2001-10-30 Gte Service Corporation Biometric certificates
US20020144128A1 (en) * 2000-12-14 2002-10-03 Mahfuzur Rahman Architecture for secure remote access and transmission using a generalized password scheme with biometric features
EP1441276A2 (en) * 2003-01-21 2004-07-28 Samsung Electronics Co., Ltd. User authentication method and apparatus
US6845453B2 (en) * 1998-02-13 2005-01-18 Tecsec, Inc. Multiple factor-based user identification and authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6310966B1 (en) * 1997-05-09 2001-10-30 Gte Service Corporation Biometric certificates
US6845453B2 (en) * 1998-02-13 2005-01-18 Tecsec, Inc. Multiple factor-based user identification and authentication
US20020144128A1 (en) * 2000-12-14 2002-10-03 Mahfuzur Rahman Architecture for secure remote access and transmission using a generalized password scheme with biometric features
EP1441276A2 (en) * 2003-01-21 2004-07-28 Samsung Electronics Co., Ltd. User authentication method and apparatus

Also Published As

Publication number Publication date
WO2007058520A8 (en) 2007-10-04

Similar Documents

Publication Publication Date Title
Lee et al. Biometric key binding: Fuzzy vault based on iris images
Patel et al. Cancelable biometrics: A review
Rua et al. Biometric template protection using universal background models: An application to online signature
Tulyakov et al. Symmetric hash functions for fingerprint minutiae
US10169638B2 (en) Transformed representation for fingerprint data with high recognition accuracy
Chen et al. Biometric based cryptographic key generation from faces
Rathgeb et al. Secure iris recognition based on local intensity variations
Dwivedi et al. A privacy-preserving cancelable iris template generation scheme using decimal encoding and look-up table mapping
US8312291B2 (en) Method and system for biometric authentication and encryption
Maiorana Biometric cryptosystem using function based on-line signature recognition
Kaur et al. Biometric template protection using cancelable biometrics and visual cryptography techniques
EP3848790B1 (en) Registration and verification of biometric modalities using encryption techniques in a deep neural network
Dabbah et al. Secure authentication for face recognition
Kaur et al. Cancelable features using log-Gabor filters for biometric authentication
Chikkerur et al. Generating registration-free cancelable fingerprint templates
Takahashi et al. Cancelable biometrics with provable security and its application to fingerprint verification
Asaker et al. A novel cancellable Iris template generation based on salting approach
US10733415B1 (en) Transformed representation for fingerprint data with high recognition accuracy
Lacharme et al. PIN-based cancelable biometrics
Maček et al. An approach to robust biometric key generation system design
Nithyanandam et al. A new iris normalization process for recognition system with cryptographic techniques
Bousnina et al. Hybrid multimodal biometric template protection
Jassim et al. Improving performance and security of biometrics using efficient and stable random projection techniques
Schonberg et al. EyeCerts
Zhou et al. A security analysis of biometric template protection schemes

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06824236

Country of ref document: EP

Kind code of ref document: A1