WO2007113888A1 - Method for generating and verifying security information obtained by means of biometric readings - Google Patents

Method for generating and verifying security information obtained by means of biometric readings Download PDF

Info

Publication number
WO2007113888A1
WO2007113888A1 PCT/IT2007/000235 IT2007000235W WO2007113888A1 WO 2007113888 A1 WO2007113888 A1 WO 2007113888A1 IT 2007000235 W IT2007000235 W IT 2007000235W WO 2007113888 A1 WO2007113888 A1 WO 2007113888A1
Authority
WO
WIPO (PCT)
Prior art keywords
detection information
information
biometric
type
extraction
Prior art date
Application number
PCT/IT2007/000235
Other languages
French (fr)
Inventor
Stelvio Cimato
Marco Gamassi
Vincenzo Piuri
Daniele Sana
Roberto Sassi
Fabio Scotti
Original Assignee
Universita' Degli Studi Di Milano
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Universita' Degli Studi Di Milano filed Critical Universita' Degli Studi Di Milano
Publication of WO2007113888A1 publication Critical patent/WO2007113888A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/40Indexing scheme relating to groups G07C9/20 - G07C9/29
    • G07C2209/41Indexing scheme relating to groups G07C9/20 - G07C9/29 with means for the generation of identity documents

Definitions

  • the present invention refers to a method for generating and verifying security information to be associated with an entity, such as typically a person: In particular, the methods of the invention make use of biometric traits.
  • the researchers have ideated systems which are not well suited for the requirements of the applications of the real world. In fact, such systems are based on low fault tolerance thresholds or on infrastructures which are not available or universally accepted.
  • biometric factors such as for example finger prints, voice and face are permanently associated with the user and can therefore get around the need to have an identification mark therewith or remember passwords and access keys .
  • biometric factors such as for example finger prints, voice and face are permanently associated with the user and can therefore get around the need to have an identification mark therewith or remember passwords and access keys .
  • the high typical variability of biometric traits renders them unsuitable for direct use in data protection.
  • the cryptographic keys must be definite and only one bit of difference (in the key or in the message) eliminates the possibility to access to the protected data.
  • the biometric key is generated directly from the biometric trait by using a fault-tolerant binary representation.
  • Hao et al. [6] proposed a generation procedure of the biometric key, based on the coding of the iris extracted from an algorithm and on the combined use of Hadamard and Reed- Solomon codes.
  • Juels and Sudan have also proposed a "fuzzy vault" scheme in [7] .
  • Another conventional recording and verification typology is that "multimodal" which is based on the reading of several biometric traits (typically, iris, finger print, voice, two- or three-dimensional face characteristic, auricle, DNA sequences, manual signature) , to obtain corresponding biometric characteristics, each of which is recorded on the document of the individual, unencrypted or after a encrypting with a corresponding external key.
  • biometric traits typically, iris, finger print, voice, two- or three-dimensional face characteristic, auricle, DNA sequences, manual signature
  • the verification occurs by comparing the characteristic of the first biometric trait recorded on the document with the respective characteristic, result of a subsequent biometric reading carried out in the identification step. Moreover, the comparison is also carried out for the characteristic related to the second biometric trait. Typically, the recognition of the individual occurs if one verifies the related matching for each of the considered biometric characteristics.
  • Object of the present invention is that of proposing a method for the generation of security information alternative to the known methods. Summary of the Invention The object of the present invention is achieved by a method for generating security information associated with an entity (for example, a person) as described in claim 1. Preferred embodiments of said method are described in claims 2 - 23. Object of the present invention is also a method of verification of the entity identification, as defined by claim 24 and by particular embodiments thereof defined by claims 25 - 33.
  • the present invention relates to a processing device for the generation of security data as described by claim 34 and a computer program capable of executing a processing for the generation of the security information defined by claim 35.
  • Object of the present invention is also a processing apparatus for the verification of a label of an entity to be recognised, as described by claim 36, and a computer program capable of executing a processing for the verification of the identity of said entity as defined by claim 37.
  • Figure 1 schematically shows, by means of functional blocks, a recording method and a module for generating a security label associated with a user, according to a first particular embodiment of the present invention
  • Figure 2 schematically shows, by means of functional blocks, an embodiment of a method and module for verifying the identity of a subject, suitable for the recognition of users with the exemplary method of figure
  • Figure 3 schematically shows, by means of functional blocks, a first alternative version of the recording method and module of figure 1, made according to a "parallel" approach;
  • Figure 4 schematically shows, by means of functional blocks, a first alternative version of the method and module of figure 2, suitable for recognising users recorded with the method of figure 3 ;
  • Figure 5 schematically shows, by means of functional blocks, a second alternative version of the recording method and module of figure 1, made according to a "hierarchical" approach;
  • Figure 6 schematically shows, by means of functional blocks, a second alternative version of the method and verification module of figure 2, suitable for recognising users recorded with the method of figure 5;
  • Recording Method and Module Figure 1 shows, by means of a block diagram, steps of a recording or "enrolment” method of an entity (for example, an animal, and preferably, a human being) , such as a person, hereinafter called user.
  • entity for example, an animal, and preferably, a human being
  • the functional blocks shown in figure 1 can correspond to software and/or hardware modules implemented in a suitable device or module indicated with the same reference 100.
  • a suitable device is, for example, a computer (for example a microcontroller or a personal computer) equipped with a processing unit and adequate mass and work memory, as well as with a (software) program for the execution of the method itself.
  • the enrolment method permits generating an ID label which is assigned to the appropriate user.
  • This ID label after having been generated, can be stored in various medium types and is destined to be provided during every verification step.
  • At least a first biometric reading information Il (Inputl_l step) and at least a second biometric reading information 12 (Input2_l step) are acquired (or, equivalentIy, detected) , hereinafter called first and second biometric reading.
  • biometric readings are separate from each other.
  • the biometric readings employable in the method in accordance with the invention regard the acquisition of one of the following physiological and behavioural traits of the user: iris, finger print, voice, two- or three-dimensional face characteristic, auricle, DNA sequences, manual signature, retina, hand geometry, pattern of the hand blood vessels.
  • biometric readings can be acquired by means of conventional technologies, known in the sector, such as for example: photography or scanning.
  • first biometric reading Il and the second biometric reading 12 are separate from each other, in the sense that they have separate biometric information content, but they can also refer to different portions of a same physiological- behavioural trait, such as for example different portions of the same iris, same finger print or same signature.
  • the first and second biometric reading Il and 12 undergo processing steps (for example, the steps indicated in the figure with the symbols: Fl, PPl; F2, PP2, ECE) so to obtain a first value cSl and a second value S4 having the biometric content of said first and second reading respectively associated.
  • a function RFl of cryptographic type with at least two operands is applied to the first cSl and second S4 value, obtaining a combination value S5 from which the already mentioned ID security label to be assigned to the user is generated (step indicated with the symbol IFl) .
  • the first biometric reading Il undergoes a processing FEl for extracting at least one first selected biometric characteristic ⁇ ⁇ El and a subsequent processing step FPl to return a binary string Sl corresponding to the extracted biometric characteristics.
  • the functional block Fl comprising the processing FEl and the processing block FPl, overall carries out the processing known with the term "feature extraction" and the conversion of the features obtained in a string of bits, and can be of convention type.
  • the feature extraction block FEl carries out the conventional minutia extraction.
  • the block Fl can provide, for example, the application of the conventional IrisCode ® technique, suggested by Daugmann.
  • - techniques based on the extraction of overall characteristics for detection information of imprint type; - techniques based on direction and orientation fields of the characteristics for detection information of imprint type; techniques based on the coordinates of the characteristics called minutia for detection information of imprint type;
  • - techniques based on the extraction of three- dimensional characteristics for detection information of facial type techniques based on the extraction of three- dimensional characteristics for detection information of body type, also including the characteristics extracted with radiographic and magnetic resonance apparatuses; - techniques based on the extraction of characteristics from DNA samples; techniques based on the extraction of characteristics for detection information of writing or signature type; - techniques based on the extraction of characteristics for detection information of walking or postural type; techniques based on the extraction of two- dimensional characteristics of the image of the hands; - techniques based on the extraction of three- dimensional characteristics of the image of the hands; techniques based on the extraction of characteristics for detection information of retinal type; - techniques based on the extraction of characteristics for detection information of keystroking type; techniques based on the extraction of characteristics for detection information of thermographic facial type; techniques based on the extraction of characteristics for detection information of thermographic type of the hands or fingers.
  • each of the two feature extraction and processing blocks Fi can be subdivided into a first block FEi which carries out the step of feature extraction, and a second processing block, FPi.
  • the first block FEi given the input Ii, produces a list of features Ei which is subsequently processed to obtain a string of bits, Si.
  • each string of bits Si (both the string Sl, and that S2) is mapped in a code word cSi, according to a processing carried out by a respective post-processing block, PPi, shown in figure 1.
  • the code word cS2 is processed by a error correction encoding block ECE (for example a Reed-Solomon code, possibly shortened) , known in the sector.
  • ECE error correction encoding block
  • t i.e., a correction threshold
  • the parameters which characterise the error correction code and thus the correction threshold t are created considering the best decoding block available.
  • list decoding algorithms can be employed such as, for example, as indicated in the article of Ron M. Roth, and Gitit Ruckenstein, "Efficient Decoding of Reed- Solomon Codes Beyond Half the Minimum Distance", IEEE TRANSACTIONS ON INFORMATION THEORY, 46, 246-257, 2000.
  • Reed-Solomon technique one of the following techniques can also be employed, for example: linear code, BCH (Bose Ray-
  • the post processing block PP2 which precedes the block ECE, has the function of mapping the information content of the string S2 in a code word adapted for the treatment carried out by the error correction encoding ECE block.
  • the string Sl was processed by the post processing block PPl by returning the code word cSl so that it too forms a code word in the space of the code words of the particular preselected ECE.
  • the function RFl acts on one or more operands (or variables a, b) according to a predetermined algorithm and to return an output.
  • the function RFl is of cryptographic type.
  • the function of one or more operands of cryptographic type it is intended a function so that, based only on the knowledge of the algorithm and the output, it is possible to obtain at most only part of the corresponding operands or, in some cases, none of such operands.
  • the cryptographic type function RFl does not permit obtaining all of the operands which have led to a certain output, based only on the knowledge of the output and the defining algorithm.
  • the function of cryptographic type RFl is also of reversible type, i.e. it permits obtaining part of the operands based on the knowledge of the algorithm, the output and the other operands.
  • a further function example RFl is the polynomial interpolation on finished fields, given a set of known points .
  • a further function of cryptographic type NIFl is applied to the bit string S2, resulting from the feature extraction block F2. In particular, such further function of cryptographic type is non invertible and hence is a function which, based on the knowledge of the output and defining algorithm, does not permit going back to the operand .
  • NIFl is a hash function (for example the hash function SHA-I) .
  • the function IFl is an invertible function, i.e. a function which permits obtaining the operands based on the knowledge of the defining algorithm and the output.
  • the invertible function IFl can for example be the successive connection of the two bit strings S3 and S5.
  • the digital value corresponding to the ID label can be stored in one of the following mediums of known type: smart card, floppy disc, semiconductor memory, EPROM
  • ID label can be stored in a medium incorporated in an identity document assigned to the user and composes a security label based on which one can recognise the person in possession of the identity document as the user actually recorded (or not as the recorded user) according to the above-described methodology.
  • a verification method 200 of the user identity will now be described with reference to figure 2.
  • the functional blocks of figure 2 represent both processing steps of the verification method and software and/or hardware modules capable of executing the corresponding processing.
  • the verification method 200 can be executed by a verification apparatus equipped with devices for carrying out at least separate biometric readings (i.e. the same reading type of the enrolment method 100) and a processing unit with appropriate storage. Moreover, both the recording device which implements the method 100 and the verification apparatus which implements the method 200 is equipped with respective interfaces for its use by an operator. In particular, the apparatus which implements the verification method 200 has an operator interface (for example a display) to signal the occurred recognition or the lack of recognition of the user.
  • a verification apparatus equipped with devices for carrying out at least separate biometric readings (i.e. the same reading type of the enrolment method 100) and a processing unit with appropriate storage. Moreover, both the recording device which implements the method 100 and the verification apparatus which implements the method 200 is equipped with respective interfaces for its use by an operator. In particular, the apparatus which implements the verification method 200 has an operator interface (for example a display) to signal the occurred recognition or the lack of recognition of the user.
  • an operator interface for example a display
  • biometric verification readings refers to the same biometric trait (i.e. physiological) used for the biometric reading II
  • biometric verification reading J2 refers to the same physiological trait used for the biometric reading 12.
  • the bit string S6 is mapped in the code word cS6 by means of the post processing block PP3, for example, identical to the block PPl of figure 1,
  • two different biometric readings of the same subject produce two keys whose Hamming (HD) distance is less than r ; on the other hand, HD>r when the readings belong to different subjects.
  • HD Hamming
  • S 7 and S 4 will differ by a limited number of words. Such differences of S7 with respect to SA can be seen, when the subject is the same recorded user, as "errors" of the value S4.
  • the value S7 is processed from an error correction decoding block ECD, operating in accordance with the encoding block ECE of figure 1, which acts in a manner to correct the aforesaid errors, generating the correct reconstructed value cS7.
  • ECD error correction decoding block
  • the correct reconstructed version cS7 can be considered identical to the string S4.
  • the string thus obtained, cS7, is processed by a processing block PP2 "1 , which, by applying an inverse processing with respect to that of the block PP2, generates the reconstructed value S8.
  • the decoded value S8 is identical to the value S2 if the subject is not an impostor, and consequently only if the number of bits in S6 which have a different value from Sl is less than the correction capacity of the preselected code.
  • the method in accordance with the invention foresees that no biometric feature is included in the ID label if not in cryptographic form and resistant to any reconstruction attempt by means of processing carried out only on the ID label itself.
  • the verification module which implements the method 200 does not provide a value S2 as obtained in the recording procedure of figure 1, making a direct comparison between the values S2 and S8 impossible .
  • the exemplary verification method 200 provides the application to the reconstructed value S8 of the same non-invertible function NIFl which has acted in the recording processing on the value S2.
  • the application of the function NIFl to S8 returns the value S9, which is a reconstructed version of the value S3.
  • enabling "enable” information is generated which activates a second "Match” comparison.
  • the enabling "enable” information assumes a state such to disable the second "Match” comparison. In this second case, it may be concluded that the subject does not correspond to the user recorded with the ID label .
  • Match comparison carries out a biometric comparison, for example of classic type, between the value SlO, i.e. the features collected in the verification step related to the second reading J2, and the reconstructed value S8.
  • This second comparison can give a positive outcome
  • the recording method 100 and the verification method 200 can be implemented in basic processing modules which are compatible in basic modules for creating different levels of security, complexity and for using a greater number of biometric traits.
  • Figures 3 and 4 refer to the parallel composition and respectively show a parallel recording module 300 and a parallel verification module 400, different from those described with reference to figures 1 and 2.
  • the parallel composition offers a simple method for utilising different biometric traits for creating the ID label.
  • the multi-modality level implemented is greater than that occurring by the standard approach, given that more than two biometric data points are treated.
  • the first biometric input group (I, , I ⁇ , ... , I N ), is composed using a composition function (Compositionl) .
  • a second composition function (Composition2) is equally used for the second group - ⁇ he out P uts of the two composition functions act as input for a recording module 100' , analogous to that of figure 1 described above.
  • the system is N+M-modal.
  • the blocks Fl and F2 of the recording module 100' do not carry out any operation in this module. In fact, the operations of feature extractions and processing are incorporated in the Compositionl and Composition2 blocks.
  • the composition functions Compositionl and Composition2 can be implemented in different ways.
  • the parallel verification module (figure 4) comprises a base verification module 200', whose inputs are fed by the same composition functions (COmPOsItIOn 1 and Composition 2 ) which operate on biometric verification readings Jl, J2, ..., J N+M -
  • the processing blocks Coding 1 and Coding 2 can carry out operations related to the digital representation of the entering values (analogous, for example, to those of the block PP3) or they can also not be provided, considering that the feature extraction procedures are carried out inside the Composition 1 and Composition 2 blocks.
  • the base modules can also be composed in hierarchical structures, as shown in figures 5 and 6.
  • FIG. 5 shows an example of a recording module 500 of two-level hierarchy type.
  • the biometric input data I 2 and I 3 are used to create a first ID 1 label by means of a base recording module 100, identical or analogous to that already described.
  • the ID 1 label is used in place of a biometric trait in a second base recording module 100b (analogous to that 100) together with a third biometric input data I 3 , leading to the creation of a second label ID 2 .
  • the hierarchical composition permits different security levels.
  • the block F2 contained inside the base recording module 100b does not carry out any operation, in this particular case.
  • Figure 6 shows the structure of the hierarchical verification module 600.
  • the biometric data J2 and J3 can usually be requested to verify the first ID 1 label.
  • a third biometric sample Jl should also be requested to verify the second ID 2 label as well (of course when the verification of ID 1 was successful) .
  • the module 600 comprises two base verification modules 200a and 200b.
  • the inputs ID 1 , J2 and J3 are verified by the first base verification module 200a in an analogous manner to that described for the module 200.
  • the output of the first base verification module 200a is possibly used to enable the functioning of the second base verification module 200b.
  • This output can also be used as first security level authentication signal.
  • the identity of the user can be verified in the second module 200b using also the first label IDl, second label ID2 and third biometric data Jl as input.
  • the output of the second verification module 200b (it too with architecture analogous to the module 200) is the second security level authentication signal.
  • the values SIl, S12, S13, S14, S15, and S16 present in the second verification module 200b are the result of processing analogous to that which produced the already described values S3, S5, S6, S7, S8 and S9, respectively.
  • For the Coding 3 block considerations analogous to those made for the Coding 1 and Coding 2 blocks are valid. It is to be observed how it is possible to construct more complex systems by using each composition method (parallel and hierarchical) recursively or by combining the methods in an iterative manner.
  • the recording and verification method in accordance with the invention has all of the advantages associated with multimodal techniques, since the authentication can function by using at least two biometric traits, for example iris and finger prints. Nonetheless, the technique in accordance with the invention is advantageous with respect to traditional multimodal techniques.
  • a combination value such as the value S5
  • a function of cryptographic type which acts on at least two operands which contain the information content of the separate biometric readings, permits obtaining an ID label from which it is not possible to reconstruct the separate biometric characteristics in the absence of the user himself .
  • the use of this function which "combines" in a cryptographic manner the operands obtained beginning from the read biometric characteristics, permits avoiding the use of external encrypting keys whose management is burdensome.
  • the ID label does not contain any classical encrypting, of any biometric trait of the possessor, thus no Public Key Infrastructure is required.
  • the described method also brings the following advantages with regard to other techniques of conventional type.
  • the subject is also identified/verified by a classic biometric matching system (such as that employable in the Match step and this is not possible by means of the use of the fuzzy commitment scheme, since such methodology of the prior art usually returns only a binary response, and not a biometric trait nor a set of biometric features.
  • ID label obtained by means of at least one function of cryptographic type is present on the document, where the biometric trait (s) or biometric features are not present, as already said.
  • the described recording (also called enrolment) and verification method can be public since that does not harm the security of its practical implementation.
  • the selected code imposes a further constraint on the Fl and F2 methods used for which the condition n ⁇ (l-2r )n ⁇ must be valid.
  • the same code is applied to Sl, so to obtain cSl.
  • K-It 1 98 random words are placed after the new code word derived from S2.
  • the ID is constructed by putting S3 and S5 together.
  • S 7 and S 4 will differ by a number of only ⁇ 1 n i wor ds.
  • the constraint on the used methods Fl and F2 would be n 2 ⁇ n ⁇ -r ⁇ ⁇ ⁇ in this case. ******

Abstract

A method (100) is described for generating security information associated with an entity to be recorded, comprising: carrying out biometric readings on said entity to be recorded to acquire a first (I1) and a second (I2) detection information, separate from each other; - processing (Fl, PPl; F2, PP2, ECE) the information, obtaining a first (cSl) and a second (S4) value having respectively associated the biometric content of said information; applying a function of cryptographic type with at least two operands (RFl) to the first and second value (cSl, S4), obtaining a combination value (S5) from which (IFl) a security label (ID) of said entity to be recorded is generated.

Description

METHOD FOR GENERATING AND VERIFYING SECURITY INFORMATION OBTAINED BY MEANS OF BIOMETRIC READINGS
DESCRIPTION
Field of the Invention The present invention refers to a method for generating and verifying security information to be associated with an entity, such as typically a person: In particular, the methods of the invention make use of biometric traits. Prior Art
Recently, there has been much effort undertaken in the research world to develop a practical identification and verification system of individuals by employing biometric traits. Different commercial systems have been proposed by companies such as Bioscrypt Inc. (formerly Mytec Technologies Inc) . It is difficult to evaluate the security guaranties of such commercial system since they usually employ proprietary procedures which generally are not publicly disclosed.
Additionally, the researchers have ideated systems which are not well suited for the requirements of the applications of the real world. In fact, such systems are based on low fault tolerance thresholds or on infrastructures which are not available or universally accepted. In reality, biometric factors, such as for example finger prints, voice and face are permanently associated with the user and can therefore get around the need to have an identification mark therewith or remember passwords and access keys . Unfortunately, the high typical variability of biometric traits renders them unsuitable for direct use in data protection. In fact, the cryptographic keys must be definite and only one bit of difference (in the key or in the message) eliminates the possibility to access to the protected data. To avoid these problems, the process of generating the cryptographic keys from the biometric data generally depends on a fault-tolerant binary representation of the biometric characteristics. This leads to the strengthening of the cryptographic keys . Below, the most common approaches are summarised by making reference to publications whose data is indicated in the Prior Art References section, listed at the end of this specification related to the convention techniques. A first technique is that of Biometric Hardening, according to which the biometric template is combined with a specific pseudo-random information of the user, as occurs in the case of the "salting" in the generation of pseudo-random numbers. The authors Goh and Ngo [1] have developed techniques for obtaining cryptographic keys from the face. C. Soutar et al. [2] have proposed an approach where the biometric image is combined with a random key specific to the user for generating a bioscriptTM.
According to the Biometric keying technique, the biometric key is generated directly from the biometric trait by using a fault-tolerant binary representation.
Davida et al. [3, 4] have proposed the use of Hamming codes for obtaining the keys from specific user information in order to overcome the errors due to the acquisition and representation of the characteristics.
The authors Juels and Wattenberg [5] have presented a manner for constraining biometric data with a cryptographic key, defining a new primitive system called "fuzzy commitment" . Given a set C of code words, a code word c is randomly chosen and the offset δ=cθx is calculated, where x represents the biometric template in binary form and θ indicates the binary XOR between two operands. The commitment is composed by the public pair {δ,h(c)}, where h is a one-way hash function. To execute the decommit, by using another sufficiently similar template of the biometric trait, the system calculates c'=δθx' and authenticates the user if h(c')=h(c). The method is based on the use of hash functions so to protect the data of the user. The use of hash functions in this context was first proposed by Davida et al . [3, 4] .
Moving in the same direction, Hao et al. [6] proposed a generation procedure of the biometric key, based on the coding of the iris extracted from an algorithm and on the combined use of Hadamard and Reed- Solomon codes. Juels and Sudan have also proposed a "fuzzy vault" scheme in [7] .
The techniques of Juels and Wattenberg [5] and Hao et al . [6] have the following limits.
The identification schemes based on the primitive of fuzzy commitment cannot be used with the most common biometric algorithms for the extraction of characteristics. This is due to the fact that often two different biometric readings related to the same individual have a high number of differences. When the percentage difference is excessive, it is rather hard to compensate it with the application of an error-correction code. Moreover, according the approach of Juels and Wattenberg [5] , the "matching" step present in all biometric systems was substituted with the bit comparison h(δθx' ) =h(c) . In this sense, the matching step is not properly biometric, since it simply compares bits and does not intelligently carry out a comparison between biometric characteristics, as occurs during the matching step in all biometric systems.
Another conventional recording and verification typology is that "multimodal" which is based on the reading of several biometric traits (typically, iris, finger print, voice, two- or three-dimensional face characteristic, auricle, DNA sequences, manual signature) , to obtain corresponding biometric characteristics, each of which is recorded on the document of the individual, unencrypted or after a encrypting with a corresponding external key.
The verification occurs by comparing the characteristic of the first biometric trait recorded on the document with the respective characteristic, result of a subsequent biometric reading carried out in the identification step. Moreover, the comparison is also carried out for the characteristic related to the second biometric trait. Typically, the recognition of the individual occurs if one verifies the related matching for each of the considered biometric characteristics.
This approach is not satisfactory. In fact, when the two separate biometric characteristics are stored unencrypted on the document, they are easily recoverable by unauthorised people, making the method not sufficiently secure. Or, when the two separate biometric characteristics are subjected to a related encrypting with external keys, the method results overly difficult due to the need to store such keys (for example in a data base) and subsequently recover them in a verification step .
Bibliographical References of the Prior Art
[1] Goh and D. C. L. Ngo, "Computation of cryptographic keys from face biometrics," in Communications and Multimedia Security (IFIP 2003) , ser. Lecture Notes in Computer Science, A. Lioy and D. Mazzocchi, Eds., vol. 2828, International Federation for Information Processing. Springer-Verlag, 2003, pp. 1-13. [Online]. Available: http: //www. springerlink.com/openurl .asp? genre=article&id=LQ2GA2D9P8472QKHl [2] C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B. Vijaya Kumar, "Biometric Encryption," in ICSA Guide to Cryptography, R. K. Nichols, Ed. McGrow-Hill, 1998, ch. 22, pp. 649-675, also available at http : //www.bioscrypt . com/assets/Biometric_Encryption .pdf . [3] G. I. Davida, Y. Frankel, and B. J. Matt, "On enabling secure applications through off-line biometric," in Proceedings of the IEEE International Symposium on Security and Privacy, 1998. IEEE Press, 1998, pp. 148- 157. [4] G. I. Davida, Y. Frankel, B. J. Matt, and R. Peralta, "On the relation of error correction and cryptography to an off line biometrics based identification scheme," in WCC99, Workshop on Coding and Cryptography, 1999.
[5] A. Juels and M. Wattenberg, "A fuzzy commitment scheme," in CCS '99: Proceedings of the 6th ACM conference on Computer and communications security. New York, NY, USA: ACM Press, 1999, pp. 28-36. [6] F. Hao, R. Anderson, and J. Daugman, "Combining cryptography with biometrics effectively," University of Cambridge, Computer Laboratory, United Kingdom, Tech. Rep. UCAM-CL-TR-640, July 2005.
[7] A. Juels and M. Sudan, "A fuzzy vault scheme," in Proceedings of the IEEE International Symposium on Information Theory, 2002, A. Lapidoth and E. Teletar, Eds. IEEE Press, 2002, p. 408, the full version of the paper is located at http: //www. rsasecurity.com/rsalabs/staff/bios/ajuels/publ ications/fuzzy-vault/fuzzy_vault .pdf .
Object of the Invention
Object of the present invention is that of proposing a method for the generation of security information alternative to the known methods. Summary of the Invention The object of the present invention is achieved by a method for generating security information associated with an entity (for example, a person) as described in claim 1. Preferred embodiments of said method are described in claims 2 - 23. Object of the present invention is also a method of verification of the entity identification, as defined by claim 24 and by particular embodiments thereof defined by claims 25 - 33.
According to other aspects, the present invention relates to a processing device for the generation of security data as described by claim 34 and a computer program capable of executing a processing for the generation of the security information defined by claim 35.
Object of the present invention is also a processing apparatus for the verification of a label of an entity to be recognised, as described by claim 36, and a computer program capable of executing a processing for the verification of the identity of said entity as defined by claim 37.
Brief Description of the Figures
The advantages and additional aspects of the invention will become clearer from the following description of its preferred embodiments, given as exemplifying and non-limiting, with reference to the attached drawings, wherein:
Figure 1 schematically shows, by means of functional blocks, a recording method and a module for generating a security label associated with a user, according to a first particular embodiment of the present invention,
Figure 2 schematically shows, by means of functional blocks, an embodiment of a method and module for verifying the identity of a subject, suitable for the recognition of users with the exemplary method of figure
1;
Figure 3 schematically shows, by means of functional blocks, a first alternative version of the recording method and module of figure 1, made according to a "parallel" approach;
Figure 4 schematically shows, by means of functional blocks, a first alternative version of the method and module of figure 2, suitable for recognising users recorded with the method of figure 3 ;
Figure 5 schematically shows, by means of functional blocks, a second alternative version of the recording method and module of figure 1, made according to a "hierarchical" approach;
Figure 6 schematically shows, by means of functional blocks, a second alternative version of the method and verification module of figure 2, suitable for recognising users recorded with the method of figure 5;
Detailed Description of Preferred Embodiments 1. Recording Method and Module Figure 1 shows, by means of a block diagram, steps of a recording or "enrolment" method of an entity (for example, an animal, and preferably, a human being) , such as a person, hereinafter called user. It should be observed that the functional blocks shown in figure 1 can correspond to software and/or hardware modules implemented in a suitable device or module indicated with the same reference 100. Such device is, for example, a computer (for example a microcontroller or a personal computer) equipped with a processing unit and adequate mass and work memory, as well as with a (software) program for the execution of the method itself.
The enrolment method, generically indicated with the number 100 in figure 1, permits generating an ID label which is assigned to the appropriate user. This ID label, after having been generated, can be stored in various medium types and is destined to be provided during every verification step.
According to the described example, at least a first biometric reading information Il (Inputl_l step) and at least a second biometric reading information 12 (Input2_l step) are acquired (or, equivalentIy, detected) , hereinafter called first and second biometric reading. Such biometric readings are separate from each other. For example, the biometric readings employable in the method in accordance with the invention regard the acquisition of one of the following physiological and behavioural traits of the user: iris, finger print, voice, two- or three-dimensional face characteristic, auricle, DNA sequences, manual signature, retina, hand geometry, pattern of the hand blood vessels. Such biometric readings can be acquired by means of conventional technologies, known in the sector, such as for example: photography or scanning. It is to be noted that the first biometric reading Il and the second biometric reading 12 are separate from each other, in the sense that they have separate biometric information content, but they can also refer to different portions of a same physiological- behavioural trait, such as for example different portions of the same iris, same finger print or same signature. The first and second biometric reading Il and 12 undergo processing steps (for example, the steps indicated in the figure with the symbols: Fl, PPl; F2, PP2, ECE) so to obtain a first value cSl and a second value S4 having the biometric content of said first and second reading respectively associated. Subsequently, a function RFl of cryptographic type with at least two operands is applied to the first cSl and second S4 value, obtaining a combination value S5 from which the already mentioned ID security label to be assigned to the user is generated (step indicated with the symbol IFl) .
In greater detail, the first biometric reading Il undergoes a processing FEl for extracting at least one first selected biometric characteristic ~~ El and a subsequent processing step FPl to return a binary string Sl corresponding to the extracted biometric characteristics. The functional block Fl, comprising the processing FEl and the processing block FPl, overall carries out the processing known with the term "feature extraction" and the conversion of the features obtained in a string of bits, and can be of convention type. For example, when the first reading Il is a finger print, the feature extraction block FEl carries out the conventional minutia extraction. According to another example, when the first reading Il is a reading of the user's iris, the block Fl can provide, for example, the application of the conventional IrisCode® technique, suggested by Daugmann.
Such technique is described in the following published documents, included here as reference: • (J. G. Daugman, "High confidence visual recognition of persons by a test of statistical independence, " IEEE Trans. Pattern Anal. Machine Intell., vol. 15, pp. 1148--1161, Nov. 1993;
• Daugman J (2003) "The importance of being random: Statistical principles of iris recognition. "
Pattern Recognition, vol. 36, no. 2, pp 279-291;
• US Patent Number 5,291,560.
Alternatively to the technique suggested by Daugmann, at least one of the following feature extraction techniques can be employed, listed here as exemplifying :
IrisCode® technique suggested Daugmann for detection information of iris type; technique suggested by Boles for detection information of iris type; technique suggested by Wildes for detection information of iris type; techniques based on wavelets for detection information of iris type; - techniques based on neural networks for detection information of iris type; techniques based on Independent Component Analysis for detection information of iris type; techniques based on the extraction of local , characteristics for detection information of iris type; techniques based on the extraction of characteristics suggested by SmartSensor LTD for detection information of iris type; techniques based on the extraction of characteristics suggested by Daniel Schonberg for detection information of iris type;
- technique based on the extraction of EyeCerts characteristics for detection information of iris type; techniques based on the extraction of local characteristics for detection information of imprint type;
- techniques based on the extraction of overall characteristics for detection information of imprint type; - techniques based on direction and orientation fields of the characteristics for detection information of imprint type; techniques based on the coordinates of the characteristics called minutia for detection information of imprint type;
- Filterbank-Based technique suggested by Jain et. al. for detection information of imprint type; techniques based on the extraction of characteristics for detection information of vocal type; - techniques based on the extraction of two- dimensional characteristics for detection information of facial type;
- techniques based on the extraction of three- dimensional characteristics for detection information of facial type; techniques based on the extraction of three- dimensional characteristics for detection information of body type, also including the characteristics extracted with radiographic and magnetic resonance apparatuses; - techniques based on the extraction of characteristics from DNA samples; techniques based on the extraction of characteristics for detection information of writing or signature type; - techniques based on the extraction of characteristics for detection information of walking or postural type; techniques based on the extraction of two- dimensional characteristics of the image of the hands; - techniques based on the extraction of three- dimensional characteristics of the image of the hands; techniques based on the extraction of characteristics for detection information of retinal type; - techniques based on the extraction of characteristics for detection information of keystroking type; techniques based on the extraction of characteristics for detection information of thermographic facial type; techniques based on the extraction of characteristics for detection information of thermographic type of the hands or fingers.
Moreover, it is possible to also employ techniques for the extraction of characteristics obtained from the combination and union of the characteristics extracted with the previously listed techniques.
Analogous considerations are valid for the block F2 which operates on the second biometric reading 12. Each of the blocks Fl and F2 (generically indicated with Fi) has a relative algorithm which returns an output which can be coded in a n. bit long string. For the block
Fl, it is possible to calculate an error rate r (the bit frequency in the pattern which could be modified without influences on the biometric identification of the subject) . The two algorithms Fl and F2 respectively produce the bit strings Sl=Fl(Il) and S2=F2(I2).
In summary, each of the two feature extraction and processing blocks Fi can be subdivided into a first block FEi which carries out the step of feature extraction, and a second processing block, FPi. The first block FEi, given the input Ii, produces a list of features Ei which is subsequently processed to obtain a string of bits, Si.
According to the particular considered embodiment , each string of bits Si (both the string Sl, and that S2) is mapped in a code word cSi, according to a processing carried out by a respective post-processing block, PPi, shown in figure 1.
Moreover, the code word cS2 is processed by a error correction encoding block ECE (for example a Reed-Solomon code, possibly shortened) , known in the sector. This ensures that a maximum number t (i.e., a correction threshold) of symbols can be corrupted without influencing the decoding process during the verification step.
Advantageously, the parameters which characterise the error correction code and thus the correction threshold t, are created considering the best decoding block available. For example, in the case of a Reed-Solomon code, list decoding algorithms can be employed such as, for example, as indicated in the article of Ron M. Roth, and Gitit Ruckenstein, "Efficient Decoding of Reed- Solomon Codes Beyond Half the Minimum Distance", IEEE TRANSACTIONS ON INFORMATION THEORY, 46, 246-257, 2000. Alternatively to the above-mentioned Reed-Solomon technique, one of the following techniques can also be employed, for example: linear code, BCH (Bose Ray-
Chaudhuri Hocquenghem) , Goppa, Golay, Reed-Muller, cyclic or nearly-cyclic code.
It is to be noted that the post processing block PP2, which precedes the block ECE, has the function of mapping the information content of the string S2 in a code word adapted for the treatment carried out by the error correction encoding ECE block. Moreover, the string Sl was processed by the post processing block PPl by returning the code word cSl so that it too forms a code word in the space of the code words of the particular preselected ECE.
Subsequently, the word cSl is combined with S4 by means of a function y= RFl (a, b) . The function RFl acts on one or more operands (or variables a, b) according to a predetermined algorithm and to return an output. Moreover, the function RFl is of cryptographic type. For the purpose of the present description, by the function of one or more operands of cryptographic type, it is intended a function so that, based only on the knowledge of the algorithm and the output, it is possible to obtain at most only part of the corresponding operands or, in some cases, none of such operands. In other words, the cryptographic type function RFl does not permit obtaining all of the operands which have led to a certain output, based only on the knowledge of the output and the defining algorithm. Advantageously, the function of cryptographic type RFl is also of reversible type, i.e. it permits obtaining part of the operands based on the knowledge of the algorithm, the output and the other operands. In other words, RFl is such that there exists a function RFl"1 such that b= RFl" x(a, y) . One possible choice for RFl is Θ, the function XOR, for which RFl"1 = RFl. Hence, the function RFl returns a combination value S5 = RFl (cSl, S4) . Moreover, preferably, the function RFl possesses the property so that by receiving an operand a' in input close enough to a (according to an established metric) both b'=RFl"1(a', y) where b' is in turn close enough to b (according to an established metric) . A further function example RFl is the polynomial interpolation on finished fields, given a set of known points . A further function of cryptographic type NIFl is applied to the bit string S2, resulting from the feature extraction block F2. In particular, such further function of cryptographic type is non invertible and hence is a function which, based on the knowledge of the output and defining algorithm, does not permit going back to the operand .
According to the example, the non invertible function NIFl is a single operand S2 and returns a cryptographic value S3= NIFl (S2). For example, such function NIFl is a hash function (for example the hash function SHA-I) .
Subsequently, the ID label is formed by applying an IFl function to the combination value S5 and to the cryptographic value S3 so that ID = IFl (S3, S5) . According to the example, the function IFl is an invertible function, i.e. a function which permits obtaining the operands based on the knowledge of the defining algorithm and the output. The invertible function IFl can for example be the successive connection of the two bit strings S3 and S5. The digital value corresponding to the ID label can be stored in one of the following mediums of known type: smart card, floppy disc, semiconductor memory, EPROM
(Electrically Programmable Read Only Memory) memory, radiofrequency identifier RFID, compact disc with read only memory (CD_ROM) , archive consultable through the Internet, PDA (Personal Digital Assistant) device, magnetic band, credit card, bar code, SIM (Subscriber Identification Module) card, USB (Universal Serial Bus) medium. For example, such ID label can be stored in a medium incorporated in an identity document assigned to the user and composes a security label based on which one can recognise the person in possession of the identity document as the user actually recorded (or not as the recorded user) according to the above-described methodology. 2. Verification Method and Module
A verification method 200 of the user identity will now be described with reference to figure 2. Analogous to that said for the recording method which led to the construction of the ID label, the functional blocks of figure 2 represent both processing steps of the verification method and software and/or hardware modules capable of executing the corresponding processing.
The verification method 200 can be executed by a verification apparatus equipped with devices for carrying out at least separate biometric readings (i.e. the same reading type of the enrolment method 100) and a processing unit with appropriate storage. Moreover, both the recording device which implements the method 100 and the verification apparatus which implements the method 200 is equipped with respective interfaces for its use by an operator. In particular, the apparatus which implements the verification method 200 has an operator interface (for example a display) to signal the occurred recognition or the lack of recognition of the user.
When a subject must prove his identity, he provides the ID received in the enrolment step, which is acquired by the apparatus corresponding to the method 200. Moreover, further biometric information is acquired by means of adequate reading operations of further biometric information (hereinafter called biometric verification readings) with Jl and J2. The biometric verification reading Jl refers to the same biometric trait (i.e. physiological) used for the biometric reading II, while the biometric verification reading J2 refers to the same physiological trait used for the biometric reading 12.
Such biometric verification readings Jl and J2 are processed by feature extraction blocks Fl and F2, for example, identical to those described with reference to figure 1, which return bit strings S6 and SlO: S6= Fl(Jl) and SlO= F2 (J2) .
The ID provided by the subject is factored so to return the combination value S5 and the cryptographic value S3 by means of the function IFl"1, which is the inverse function of the already defined invertible function IFl: (S3, S5) = IFr1UD). The bit string S6 is mapped in the code word cS6 by means of the post processing block PP3, for example, identical to the block PPl of figure 1,
The previously defined function RFl"1 is applied to the bits word cS6 and to the combination value S5, so to obtain a reconstructed value S7 corresponding to a
"corrupted" version of S4 : S7= RFl'1 (cS6,S5). In general, notwithstanding the reversibility of the function RFl, the value S7 is not identical to S4 since the value cS6 obtained from the verification reading Jl is not identical to cSl.
In fact, also when the subject whose identity must be verified is the same user recorded with ID label, due to overall conditions with which the readings of the same physiological traits Il and Jl occur (for example, different position of the finger from which the imprint is obtained) , it is improbable if not impossible to obtain exactly the same biometric information content .
In particular, according to the definition of Fl, two different biometric readings of the same subject produce two keys whose Hamming (HD) distance is less than r ; on the other hand, HD>r when the readings belong to different subjects. In the first case, if the subject who presents himself for the verification is the same of the enrolment step, S7 and S4 will differ by a limited number of words. Such differences of S7 with respect to SA can be seen, when the subject is the same recorded user, as "errors" of the value S4.
The value S7 is processed from an error correction decoding block ECD, operating in accordance with the encoding block ECE of figure 1, which acts in a manner to correct the aforesaid errors, generating the correct reconstructed value cS7. In such a manner, if the subject to be verified is the same recorded user, and in the limits of the ECD block performances, the correct reconstructed version cS7 can be considered identical to the string S4.
The string thus obtained, cS7, is processed by a processing block PP2"1, which, by applying an inverse processing with respect to that of the block PP2, generates the reconstructed value S8. The decoded value S8 is identical to the value S2 if the subject is not an impostor, and consequently only if the number of bits in S6 which have a different value from Sl is less than the correction capacity of the preselected code.
Advantageously, for security reasons, the method in accordance with the invention foresees that no biometric feature is included in the ID label if not in cryptographic form and resistant to any reconstruction attempt by means of processing carried out only on the ID label itself. Thus, the verification module which implements the method 200 does not provide a value S2 as obtained in the recording procedure of figure 1, making a direct comparison between the values S2 and S8 impossible .
The exemplary verification method 200 provides the application to the reconstructed value S8 of the same non-invertible function NIFl which has acted in the recording processing on the value S2. The application of the function NIFl to S8 returns the value S9, which is a reconstructed version of the value S3.
Subsequently, a first comparison is carried out (Compare == ?) between the reconstructed value S9 and the value S3. In the case of equality between the two values S9 and S3, one may consider satisfied the equality between the values S8 and S2, of which S9 and S3 are the hash. In fact, if S9= NIF1(S8)=S3, then S 8=S2.
Advantageously, if the aforesaid comparison has a positive outcome (which involves a first recognition of the subject) , enabling "enable" information is generated which activates a second "Match" comparison. When the aforesaid comparison has a negative outcome (which involves a lack of recognition of the subject) , the enabling "enable" information assumes a state such to disable the second "Match" comparison. In this second case, it may be concluded that the subject does not correspond to the user recorded with the ID label .
Returning to the positive outcome case, the second
Match comparison carries out a biometric comparison, for example of classic type, between the value SlO, i.e. the features collected in the verification step related to the second reading J2, and the reconstructed value S8.
This second comparison can give a positive outcome
(Yes, the subject is recognised as the recorded user) or a negative outcome (No, the subject is not recognised as the recorded user) , which can be signalled to the operator.
3. Particular embodiments of the invention other than those of figures 1 and 2. It has been observed that the recording method 100 and the verification method 200 can be implemented in basic processing modules which are compatible in basic modules for creating different levels of security, complexity and for using a greater number of biometric traits.
For example, the basic recording 100 and verification 200 modules can be combined "in parallel" or "hierarchically". In the following figures, functional or value blocks will be indicated with the same references if they are identical to the blocks and values described with reference to figures 1 and 2.
Figures 3 and 4 refer to the parallel composition and respectively show a parallel recording module 300 and a parallel verification module 400, different from those described with reference to figures 1 and 2.
The parallel composition offers a simple method for utilising different biometric traits for creating the ID label. In this manner, the multi-modality level implemented is greater than that occurring by the standard approach, given that more than two biometric data points are treated.
It is assumed to have N+M biometric traits. The first biometric input group (I, , I~, ... , IN ), is composed using a composition function (Compositionl) . A second composition function (Composition2) is equally used for the second group
Figure imgf000029_0001
- τhe outPuts of the two composition functions act as input for a recording module 100' , analogous to that of figure 1 described above. In this configuration, the system is N+M-modal. The blocks Fl and F2 of the recording module 100' do not carry out any operation in this module. In fact, the operations of feature extractions and processing are incorporated in the Compositionl and Composition2 blocks. The composition functions Compositionl and Composition2 can be implemented in different ways. For example, they could be implemented by simply applying a corresponding feature extraction and processing block (as known in the sector) to each input and finally linking the obtained bit strings. On the other hand, the error rate r of the bit string obtained by means of Ql=Compositionl (II, 12,..., IN) is calculated by taking into account that every biometric method contributes in a different manner to the overall error rate.
The parallel verification module (figure 4) comprises a base verification module 200', whose inputs are fed by the same composition functions (COmPOsItIOn1 and Composition2) which operate on biometric verification readings Jl, J2, ..., JN+M- The processing blocks Coding 1 and Coding 2 can carry out operations related to the digital representation of the entering values (analogous, for example, to those of the block PP3) or they can also not be provided, considering that the feature extraction procedures are carried out inside the Composition 1 and Composition 2 blocks.
The base modules can also be composed in hierarchical structures, as shown in figures 5 and 6.
Figure 5 shows an example of a recording module 500 of two-level hierarchy type. The biometric input data I2 and I3 are used to create a first ID1 label by means of a base recording module 100, identical or analogous to that already described. Below, the ID1 label is used in place of a biometric trait in a second base recording module 100b (analogous to that 100) together with a third biometric input data I3, leading to the creation of a second label ID2. The hierarchical composition permits different security levels. The block F2 contained inside the base recording module 100b does not carry out any operation, in this particular case.
Figure 6 shows the structure of the hierarchical verification module 600. In the verification procedure and in low security applications, only the biometric data J2 and J3 can usually be requested to verify the first ID1 label. Additionally, in high security applications, a third biometric sample Jl should also be requested to verify the second ID2 label as well (of course when the verification of ID1 was successful) .
The module 600 comprises two base verification modules 200a and 200b. The inputs ID1, J2 and J3 are verified by the first base verification module 200a in an analogous manner to that described for the module 200. After which the output of the first base verification module 200a is possibly used to enable the functioning of the second base verification module 200b. This output can also be used as first security level authentication signal. Moreover the identity of the user can be verified in the second module 200b using also the first label IDl, second label ID2 and third biometric data Jl as input. The output of the second verification module 200b (it too with architecture analogous to the module 200) is the second security level authentication signal. The values SIl, S12, S13, S14, S15, and S16 present in the second verification module 200b are the result of processing analogous to that which produced the already described values S3, S5, S6, S7, S8 and S9, respectively. For the Coding 3 block, considerations analogous to those made for the Coding 1 and Coding 2 blocks are valid. It is to be observed how it is possible to construct more complex systems by using each composition method (parallel and hierarchical) recursively or by combining the methods in an iterative manner.
4. Some Advantages of the Invention Teachings
The recording and verification method in accordance with the invention has all of the advantages associated with multimodal techniques, since the authentication can function by using at least two biometric traits, for example iris and finger prints. Nonetheless, the technique in accordance with the invention is advantageous with respect to traditional multimodal techniques. In fact, the construction of a combination value (such as the value S5) , obtained by applying a function of cryptographic type which acts on at least two operands which contain the information content of the separate biometric readings, permits obtaining an ID label from which it is not possible to reconstruct the separate biometric characteristics in the absence of the user himself . Moreover, the use of this function which "combines" in a cryptographic manner the operands obtained beginning from the read biometric characteristics, permits avoiding the use of external encrypting keys whose management is burdensome. In other words, advantageously, the ID label does not contain any classical encrypting, of any biometric trait of the possessor, thus no Public Key Infrastructure is required.
It should also be observed that the verification/identification procedure does not require any biometric database, hence no network infrastructure is required.
The described method also brings the following advantages with regard to other techniques of conventional type. The subject is also identified/verified by a classic biometric matching system (such as that employable in the Match step and this is not possible by means of the use of the fuzzy commitment scheme, since such methodology of the prior art usually returns only a binary response, and not a biometric trait nor a set of biometric features.
The privacy of the user is assured, since only the
ID label obtained by means of at least one function of cryptographic type is present on the document, where the biometric trait (s) or biometric features are not present, as already said.
Moreover, the described recording (also called enrolment) and verification method can be public since that does not harm the security of its practical implementation.
5. Numeric example of recording procedure in accordance with the embodiment of figure 1
As a general example, we consider an iris scan Il and a reading of a finger print 12. Moreover we assume that Fl is the IrisCode® technique suggested by Daugman for which ^=2048 and rχwθ.32, and that F2 is a minutia extraction procedure for which n2=640 and r is unknown. The method Fl is appropriately chosen such that N=n >n . Finally we assume using as error correction code ECE a Reed-Solomon code (N,K) , where
Figure imgf000034_0001
. This ensures that up to
Figure imgf000035_0001
symbols could be corrupted without influencing the decoding process during the verification step.
The selected code imposes a further constraint on the Fl and F2 methods used for which the condition n <(l-2r )n ≤κ must be valid.
We calculate N=ni=2048 and κ=[2048 (1-2x0.32)1=738. The condition n <κ is satisfied, thus the two biometric methods can be jointly used. The blocks PPl and PP2 must map the strings Sl and S2 in appropriate words belonging to the ECE code . The preselected code ECE assumes code words which are long
Figure imgf000035_0002
bits. Therefore, the 640-bit string S2 is mapped such that every 0 is substituted with the m=12 bit word "000" (hexadecimal) and every 1 with «FFF" (hexadecimal) . The same code is applied to Sl, so to obtain cSl.
Finally, null patterns κ-n2 =738-640 = 98 "000" precede the new code word derived from S2. It is important to emphasize that the mapping proposed is only one of the possibilities, and the choice of a different mapping does not invalidate the proposed method.
According to another example, every bit of S2 is substituted with the m=12 bit word composed of 11 random bits and by the considered bit. In still another case, K-It1 =98 random words are placed after the new code word derived from S2.
The value cS2 is then coded by using a Reed-Solomon code shortened with (N=2048,κ=738) so to obtain S4. It is to be noted that the coded message S4 is now nχm bits long. Finally, S5 = XOR(cSl,S4) is calculated.
Finally, the hashing of S2 is completed by means of the function SHA-I, obtaining S3 = NIFl (S2). The ID is constructed by putting S3 and S5 together. During the verification step, if the user is the same as the enrolment step, S7 and S4 will differ by a number of only <^1 ni words.
According to a further example, a Reed-Solomon (N=2048,κ=946) code could be used for the cS2 coding, while for the decoding a list algorithm could be used which is capable of listing the code words around that given, provided that the corrupted symbols are less than t = -Vni !1Λi The constraint on the used methods Fl and F2 would be n2<n^-rλ} <κ in this case. ******

Claims

1. Method for generating security information associated with an entity to be recorded, comprising: carrying out at least one biometric recording reading on said entity to be recorded in order to acquire a first (II) and a second (12) detection information, separate from each other; processing (Fl, PPl; F2, PP2, ECE) the first and second information, obtaining a first (cSl) and second (S4) value having the biometric content of said first and second detection information respectively associated; applying, to the first and second value (cSl, S4) , a function of cryptographic type and at least two operands
(RFl) , obtaining a combination value (S5) from which (IFl) a security label (ID) of said entity to be recorded is generated.
2. Method according to claim 1 , wherein said cryptographic function (RFl) is a reversible function and has as operands at least the first and second value.
3. Method according to claim 1, wherein said label (ID) is digital data which can be stored in a medium associated with the entity to be recorded.
4. Method according to claim 2 , wherein said reversible cryptographic function is an XOR of the first (cSl) and second (S4) value, or a polynomial interpolation on finite fields, given a set of known points.
5. Method according to at least one of the preceding claims, wherein said entity to be recorded is a human being.
6. Method according to at least one of the preceding claims, including a step of choosing the first and the separate second biometric information inside the following group: iris, finger print, voice, two- dimensional or three-dimensional face characteristic of the entity to be recorded, auricle, DNA sequences, manual signature, retina, hand geometry, pattern of the hand blood vessels .
7. Method according to claim 3, further comprising the step of storing the label on one of the following mediums: smart card, floppy disc, semiconductor memory, EPROM (Electrically Programmable Read Only Memory) memory, radiofrequency identifier RFID, read-only memory compact disc (CD_R0M) , archive which can be consulted by means of the Internet network, PDA (Personal Digital Assistant) device, magnetic band, credit card, bar code, SIM (Subscriber Identification Module) card, USB (Universal Serial Bus) medium.
8. Method according to claim 1, wherein processing (Fl) includes : extracting (FEl) , from said first detection information (II) , at least a first selected biometric characteristic (El) ; processing (FPl) said at least one biometric characteristic (El) to obtain a corresponding first digital string (Sl) .
9. Method according to claim 8 , comprising a further processing (PPl) of the first digital string (Sl) such to return said first value (cSl) suitable for the application of said function of cryptographic type (RFl) .
10. Method according to claim 1, wherein processing (F2) includes : extracting (FE2) from said second detection information (II) at least one second selected biometric characteristic (E2) ; processing (FP2) said at least one second biometric characteristic (E2) to obtain a corresponding second digital string (S2) .
11. Method according to claim 8 or 10, wherein processing the first information or the second information includes the extraction of minutia for detection information of digital imprint type.
12. Method according to claim 8 or 10, wherein processing the first information or the second information includes the application of at least one of the following characteristic extraction techniques: - IrisCode® technique suggested by Daugmann for detection information of iris type;
- technique suggested by Boles for detection information of iris type; - technique suggested by Wildes for detection information of iris type;
- techniques based on wavelets for detection information of iris type; techniques based on neural networks for detection information of iris type;
- techniques based on Independent Component Analysis for detection information of iris type; techniques based on the extraction of local characteristics for detection information of iris type; - techniques based on the extraction of characteristics suggested by SmartSensor LTD for detection information of iris type;
- techniques based on the extraction of characteristics suggested by Daniel Schonberg for information of iris type; technique based on the extraction of EyeCerts characteristics for detection information of iris type; techniques based on the extraction of local characteristics for detection information of imprint type; techniques based on the extraction of overall characteristics for detection information of imprint type;
- techniques based on direction and orientation fields of the characteristics for detection information of imprint type; techniques based on the coordinates of the characteristics called minutia for detection information of imprint type; - Filterbank-Based technique suggested by Jain et. al. for detection information of imprint type;
- techniques based on the extraction of characteristics for detection information of vocal type;
- techniques based on the extraction of two-dimensional characteristics for detection information of facial type;
- techniques based on the extraction of three-dimensional characteristics for detection information of facial type;
- techniques based on the extraction of three-dimensional characteristics for detection information of body type, also including the characteristics extracted with radiographic and magnetic resonance apparatuses;
- techniques based on the extraction of characteristics from DNA samples;
- techniques based on the extraction of characteristics for detection information of writing or signature type; - techniques based on the extraction of characteristics for detection information of walking or postural type;
- techniques based on the extraction of two-dimensional characteristics of the image of the hands; - techniques based on the extraction of three-dimensional characteristics of the image of the hands;
- techniques based on the extraction of characteristics for detection information of retinal type;
- techniques based on the extraction of characteristics for detection information of keystroking type;
- techniques based on the extraction of characteristics for detection information of thermographic facial type;
- techniques based on the extraction of characteristics for detection information of thermographic type of the hands or fingers
- techniques based on the extraction of characteristics obtained from the combination and union of the characteristics extracted by means of the above-mentioned techniques .
13. Method according to claim 10, comprising a further processing (PP2) of the second digital string (S2) such to return a digital value (cS2) suitable for the application of said function of cryptographic type (RFl) .
14. Method according to claim 13, moreover comprising: coding (ECE) said digital value (cS2) according to an error correction encoding and returning said second value (S4) .
15. Method according to claim 14, wherein the error correction code is one of the following: Reed-Solomon, linear code, BCH, Goppa, Golay, Reed-Muller, cyclic or nearly cyclic code.
16. Method according to claim 14, comprising: applying a non invertible function (NIFl) to the second digital string (S2) to obtain a third value (S3) dependent on said second detection information.
17. Method according to claim 16, wherein said non invertible function is a function of hash type.
18. Method according to claim 16, including the step of applying an invertible function (IFl) to the combination value (S5) and third value (S3) , obtaining said security label.
19. Method according to claim 18, wherein said invertible function executes the composition of the combination value (S5) and the third value (S3) .
20. Method according to at least one of the preceding claims, wherein said at least one biometric reading comprises the acquisition of the first or second detection information by means of a step of photographing and/or scanning a separate biometric trait of said entity to be recorded.
21. Method according to claim 1, further comprising carrying out an additional biometric reading on said entity to be recorded to acquire a third (13) detection information which is separate from said first and second information.
22. Method according to claim 21, comprising: carrying out a respective biometric reading on said entity to be recorded in order to acquire a fourth detection information (14) ; executing a composition processing of the third (13) and fourth (14) detection information to obtain said first or second detection information.
23. Method according to claim 21, comprising: processing the third detection information and said label (IDl) by means of a further function of cryptographic type with at least two operands for generating a further security label (ID2) of said entity to be recorded.
24. Method for verifying an identity of an entity, comprising: applying the generation method of the label defined by at least one of the preceding claims; carrying out a verification acquisition of said security label (ID) ; carrying out at least one biometric verification reading of an entity to be recognised, so to acquire a first (Jl) and a second (J2) biometric verification information, the recording and verification readings being carried out on the same physiological traits of the respective entities; processing (IFl"1) the label (ID) to obtain the combination value (S5) and the third value (S3) ; applying, to the combination value (S5) and to an extraction value (cS6) obtained from the first verification information (Jl) , a first inverse function
(RFl"1) of said function of cryptographic type (RFl) to obtain a first reconstructed version (S7) of the second value (S4) ; processing (EDC, PP2"1, NIFl) the first reconstructed version (S7) to obtain a second reconstructed version (S9) of the third value (S3) ; comparing the second reconstructed version (S9) with the third value (S3) obtained from the processing of said label (ID) .
25. Method according to claim 24, further comprising: generating, following said comparison, comparison
(enable) information indicative of a first recognition and corresponding to an equality between the second reconstructed version (S9) and the third value (S3) or indicative of a lack of recognition corresponding to an inequality between the second reconstructed version (S9) and the third value (S3) .
26. Method according to claim 25, further comprising: beginning from said first reconstructed version (S7) , obtaining a third reconstructed version (S8) of said second digital string (S2) , extracting (FE2) from said second verification information (J2) at least one selected second biometric characteristic (EJ2) of verification; processing (FP2) the second biometric characteristic of verification (EJ2) to obtain a corresponding second digital string of verification (SlO) .
27. Method according to claims 25 and 26, comprising: enabling by means of said comparison (enable) information and in the case of first recognition, a further comparison between the third reconstructed version (S8) and the second digital string of verification (SlO) , said further comparison providing a final recognition information (Yes/No) indicative of the coincidence between said two entities.
28. Method according to claim 24, wherein processing (IFl"1) the label comprises applying to the label a second inverse function (IFl"1) of said invertible function (IFl) .
29. Method according to claim 28, wherein said second inverse function (IFl"1) decomposes the combination value (S5) and the third value (S3) .
30. Method according to claim 24, wherein said further comprising: extracting (FEl) from said first verification information (Jl) at least one selected first biometric characteristic of verification (EJl) ; processing (FPl) the first biometric characteristic of verification (EJl) to obtain a corresponding first digital verification string (S6) ; processing (PP3) the first digital verification string (S6) and returning the represented extraction value (cS6) in a way suitable for the application of said first inverse function (RFl"1) .
31. Method according to at least one of the preceding claims, wherein processing the first reconstructed version (S7) includes: decoding (EDC) the first reconstructed version (S7) according to said error correction code and returning a reconstructed corrected version (cS7) , processing (PP2"1) said corrected reconstructed version (cS7) to obtain said third reconstructed version (S8) , applying said non invertible function (NIFl) to said third reconstructed version (S8) , so to obtain the second reconstructed version (S9) .
32. Method according to at least one of the preceding claims, wherein at least one between first (Jl) and second (J2) biometric verification information is obtained from a composition of a plurality of further biometric information (Jl, J2) obtained following biometric readings carried out on said entity to be recognised.
33. Method according to at least one of the preceding claims, further comprising: acquiring said further security label (ID2) ; carrying out a further biometric verification reading on said entity to be recognised to acquire a third verification information (J3) ; employing said final information (Yes/No) to enable or not enable a further verification operation based on said further security label (ID2) and said third verification information (J3) .
34. Processing device such to acquire a first (II) and a second (12) detection information separate from each other, the device being configured so to carry out processing of the generation method of a label as described in at least one of the claims 1 - 23 and to provide said security label.
35. Computer program comprising program codes capable of executing the steps of the method defined by at least one of the claims 1 - 23.
36. Processing apparatus such to acquire a first (Jl) and a second (J2) verification information separate from each other and a label of an entity to be recognised, the apparatus being configured so to carry out verification processing defined by the method as described in at least one of the claims 24 - 33.
37. Computer program comprising program codes capable of executing the verification processing of the method defined by at least one of the claims 24 - 33.
PCT/IT2007/000235 2006-03-31 2007-03-29 Method for generating and verifying security information obtained by means of biometric readings WO2007113888A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT000641A ITMI20060641A1 (en) 2006-03-31 2006-03-31 METHOD OF GENERATION AND VERIFICATION OF A SAFETY INFORMATION OBTAINED BY BIOMETRIC READINGS
ITMI2006A000641 2006-03-31

Publications (1)

Publication Number Publication Date
WO2007113888A1 true WO2007113888A1 (en) 2007-10-11

Family

ID=38326300

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2007/000235 WO2007113888A1 (en) 2006-03-31 2007-03-29 Method for generating and verifying security information obtained by means of biometric readings

Country Status (2)

Country Link
IT (1) ITMI20060641A1 (en)
WO (1) WO2007113888A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9094211B2 (en) 2011-08-26 2015-07-28 Life Technologies Corporation Systems and methods for identifying an individual
FR3017732A1 (en) * 2014-02-17 2015-08-21 Morpho METHOD FOR IDENTIFYING AND / OR AUTHENTICATING AN INDIVIDUAL FROM ITS VENOUS NETWORK
WO2018178087A1 (en) * 2017-03-30 2018-10-04 Bundesrepublik Deutschland, Vertreten Durch Das Bundesministerium Des Innern, Vertreten Durch Das Bundesamt Für Sicherheit In Der Informationstechnik Biometry-supported object binding
KR20190058834A (en) * 2017-11-22 2019-05-30 서울대학교산학협력단 Electronic signature apparatus and method using an error recovery scheme based on a parity check matrix
WO2022042969A1 (en) * 2020-08-24 2022-03-03 Nchain Licensing Ag Bio-extracted seed
CN115830748A (en) * 2022-11-24 2023-03-21 远峰科技股份有限公司 Intelligent cabin digital key positioning calibration method and device
CN116781397A (en) * 2023-07-24 2023-09-19 深圳建安润星安全技术有限公司 Internet information security method and platform based on biological recognition

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6202151B1 (en) * 1997-05-09 2001-03-13 Gte Service Corporation System and method for authenticating electronic transactions using biometric certificates
US20020070844A1 (en) * 1999-12-14 2002-06-13 Davida George I. Perfectly secure authorization and passive identification with an error tolerant biometric system
GB2402791A (en) * 2003-06-09 2004-12-15 Seiko Epson Corp User identification using two or more sources of biometric data in combination with a user entered code
FR2871910A1 (en) * 2004-06-22 2005-12-23 Sagem BIOMETRIC DATA ENCODING METHOD, IDENTITY CONTROL METHOD, AND DEVICES FOR IMPLEMENTING THE METHODS

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6202151B1 (en) * 1997-05-09 2001-03-13 Gte Service Corporation System and method for authenticating electronic transactions using biometric certificates
US20020070844A1 (en) * 1999-12-14 2002-06-13 Davida George I. Perfectly secure authorization and passive identification with an error tolerant biometric system
GB2402791A (en) * 2003-06-09 2004-12-15 Seiko Epson Corp User identification using two or more sources of biometric data in combination with a user entered code
FR2871910A1 (en) * 2004-06-22 2005-12-23 Sagem BIOMETRIC DATA ENCODING METHOD, IDENTITY CONTROL METHOD, AND DEVICES FOR IMPLEMENTING THE METHODS

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
FENG HAO ET AL: "COMBINING CRYPTOGRAPHYWITH BIOMETRICS EFFECTIVELY", TECHNICAL REPORT - UNIVERSITY OF CAMBRIDGE. COMPUTER LABORATORY, XX, XX, vol. 28, no. 640, July 2005 (2005-07-01), pages 1 - 17, XP009072846 *
KEVENAAR T A M ET AL: "Face Recognition with Renewable and Privacy Preserving Binary Templates", AUTOMATIC IDENTIFICATION ADVANCED TECHNOLOGIES, 2005. FOURTH IEEE WORKSHOP ON BUFFALO, NY, USA 17-18 OCT. 2005, PISCATAWAY, NJ, USA,IEEE, 17 October 2005 (2005-10-17), pages 21 - 26, XP010856491, ISBN: 0-7695-2475-3 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11636190B2 (en) 2011-08-26 2023-04-25 Life Technologies Corporation Systems and methods for identifying an individual
US9520999B2 (en) 2011-08-26 2016-12-13 Life Technologies Corporation Systems and methods for identifying an individual
US10733277B2 (en) 2011-08-26 2020-08-04 Life Technologies Corporation Systems and methods for identifying an individual
US9094211B2 (en) 2011-08-26 2015-07-28 Life Technologies Corporation Systems and methods for identifying an individual
FR3017732A1 (en) * 2014-02-17 2015-08-21 Morpho METHOD FOR IDENTIFYING AND / OR AUTHENTICATING AN INDIVIDUAL FROM ITS VENOUS NETWORK
WO2018178087A1 (en) * 2017-03-30 2018-10-04 Bundesrepublik Deutschland, Vertreten Durch Das Bundesministerium Des Innern, Vertreten Durch Das Bundesamt Für Sicherheit In Der Informationstechnik Biometry-supported object binding
KR20190058834A (en) * 2017-11-22 2019-05-30 서울대학교산학협력단 Electronic signature apparatus and method using an error recovery scheme based on a parity check matrix
KR102001407B1 (en) 2017-11-22 2019-07-18 서울대학교산학협력단 Electronic signature apparatus and method using an error recovery scheme based on a parity check matrix
WO2022042969A1 (en) * 2020-08-24 2022-03-03 Nchain Licensing Ag Bio-extracted seed
CN115830748A (en) * 2022-11-24 2023-03-21 远峰科技股份有限公司 Intelligent cabin digital key positioning calibration method and device
CN115830748B (en) * 2022-11-24 2023-11-24 远峰科技股份有限公司 Intelligent cabin digital key positioning calibration method and device
CN116781397A (en) * 2023-07-24 2023-09-19 深圳建安润星安全技术有限公司 Internet information security method and platform based on biological recognition
CN116781397B (en) * 2023-07-24 2024-03-15 深圳建安润星安全技术有限公司 Internet information security method and platform based on biological recognition

Also Published As

Publication number Publication date
ITMI20060641A1 (en) 2007-10-01

Similar Documents

Publication Publication Date Title
Uludag et al. Biometric cryptosystems: issues and challenges
Sutcu et al. Protecting biometric templates with sketch: Theory and practice
Lee et al. Biometric key binding: Fuzzy vault based on iris images
Chen et al. Biometric based cryptographic key generation from faces
Uludag et al. Securing fingerprint template: Fuzzy vault with helper data
Hoang et al. Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme
Cimato et al. Privacy-aware biometrics: Design and implementation of a multimodal verification system
Eskander et al. A bio-cryptographic system based on offline signature images
Kholmatov et al. Biometric cryptosystem using online signatures
WO2007113888A1 (en) Method for generating and verifying security information obtained by means of biometric readings
Rathgeb et al. An iris-based interval-mapping scheme for biometric key generation
Suresh et al. Two-factor-based RSA key generation from fingerprint biometrics and password for secure communication
Rathgeb et al. Context-based texture analysis for secure revocable iris-biometric key generation
Cimato et al. A multi-biometric verification system for the privacy protection of iris templates
Meenakshi et al. Security analysis of password hardened multimodal biometric fuzzy vault
Ziauddin et al. Robust iris verification for key management
Fouad et al. A fuzzy vault implementation for securing revocable iris templates
Cimato et al. Privacy in biometrics
Patel et al. Hybrid feature level approach for multi-biometric cryptosystem
Sutcu et al. Secure sketches for protecting biometric templates
Soltane et al. A review regarding the biometrics cryptography challenging design and strategies
JP4843146B2 (en) Secret information storage method, secret information restoration method, data encryption / decryption device, and data decryption device
Fatima Securing the biometric template: a survey
Tian et al. Fingerprint-based identity authentication and digital media protection in network environment
Cimato et al. Biometrics and privacy

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07736739

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07736739

Country of ref document: EP

Kind code of ref document: A1