CHAPTER 1

INTRODUCTION

In the world of computer security, biometrics refers to authentication techniques that rely on
measurable physiological and individual characteristics that can be automatically verified. In
other words, we all have unique personal attributes that can be used for distinctive identification
purposes, including a fingerprint, the pattern of a retina, and voice characteristics. Strong or twofactor authenticationidentifying oneself by two of the three methods of something you know
(for example, a password), have (for example, a swipe card), or is (for example, a fingerprint)is
becoming more of a genuine standard in secure computing environments. Some personal
computers today can include a fingerprint scanner where you place your index finger to provide
authentication. The computer analyzes your fingerprint to determine who you are and, based on
your identity followed by a pass code or pass phrase, allows you different levels of access.
Access levels can include the ability to open sensitive files, to use credit card information to
make electronic purchases, and so on.

1.1 Biometrics Authentication Techniques

A biometric authentication is essentially a pattern-recognition that makes a personal
identification by determining the authenticity of a specific physiological or behavioral
characteristic possessed by the user. An important issue is designing a practical approach to
determine how an individual is identified. An authentication can be divided into two modules:
a.) Enrollment module
b.) Identification or Verification module

1.2 How Biometric Technologies Work

The enrollment module is responsible for enrolling individuals into the biometric system. During
the enrollment phase, the biometric characteristic of an individual is first scanned by a biometric
reader to produce a raw digital representation of the characteristic. In order to 9

facilitate matching, the raw digital representation is usually further processed by feature extractor
to generate a compact but expensive representation, called a template.
Depending on the application, the template may be stored in the central database. Depending on
the application, biometrics can be used in one of two modes: verification or identification.
Verificationalso called authenticationis used to verify a persons identitythat is, to
authenticate that individuals are who they say they are. Identification is used to establish a
persons identitythat is, to determine who a person is. Although biometric technologies
measure different characteristics in substantially different ways, all biometric systems start with
an enrollment stage followed by a matching stage that can use either verification or
identification.

1.3 Leading Biometric Technologies

A growing number of biometric technologies have been proposed over the past several years, but
only in the past 5 years have the leading ones become more widely deployed.
Some technologies are better suited to specific applications than others, and some are more
acceptable to users. We describe seven leading biometric technologies:
Facial Recognition
Fingerprint Recognition
Hand Geometry
Iris Recognition
Signature Recognition
Speaker Recognition
1.4 Fingerprint Recognition
Fingerprint recognition is one of the best known and most widely used biometric technologies.
Automated systems have been commercially available since the early 1970s, and at the time of
our study, we found there were more than 75 fingerprint recognition technology companies.
Until recently, fingerprint recognition was used primarily in law enforcement applications.
Fingerprint recognition technology extracts features from impressions made by the distinct
ridges on the fingertips. The fingerprints can be either flat or rolled. A flat print captures only an
impression of the central area between the fingertip and the first knuckle; a rolled print captures
ridges on both sides of the finger.

An image of the fingerprint is captured by a scanner, enhanced, and converted into a template.
Scanner technologies can be optical, silicon, or ultrasound technologies. Ultrasound, while
potentially the most accurate, has not been demonstrated in widespread use. In 2002, we found
that optical scanners were the most commonly used. During enhancement, noise caused by
such things as dirt, cuts, scars, and creases or dry, wet or worn fingerprints is reduced, and the
definition of the ridges is enhanced. Approximately 80 percent of vendors base their algorithms
on the extraction of minutiae points relating to breaks in the ridges of the fingertips. Other
algorithms are based on extracting ridge patterns.

1.5 Fingerprints as a Biometric

Among all biometric traits, fingerprints have one of the highest levels of reliability and have
been extensively used by forensic experts in criminal investigations. A fingerprint refers to the
flow of ridge patterns in the tip of the finger. The ridge flow exhibits anomalies in local regions
of the fingertip (Figure), and it is the position and orientation of these anomalies that are used to
represent and match fingerprints.

Although not scientifically established, fingerprints are believed to be unique across individuals,
and across fingers of the same individual. Even identical twins having similar DNA, are believed
to have different fingerprints. Traditionally, fingerprint patterns have been extracted by creating
an inked impression of the fingertip on paper.
The electronic era has ushered in a range of compact sensors that provide digital images of these
patterns. These sensors can be easily incorporated into existing computer peripherals like the
mouse or the keyboard (figure), thereby making this mode of identification a very attractive
proposition. This has led to the increased use of automatic fingerprint-based authentication
systems in both civilian and law enforcement applications.
1.6 Minutiae
Minutiae, in fingerprinting terms, are the points of interest in a fingerprint, such as bifurcations
(a ridge splitting into two) and ridge endings. Examples are:
a.) ridge endings - a ridge that ends abruptly
b.) ridge bifurcation - a single ridge that divides into two ridges
c.) short ridges, island or independent ridge - a ridge that commences, travels a short distance
and then ends

d.) ridge enclosures - a single ridge that bifurcates and reunites shortly afterward to continue as a
single ridge
e.) spur - a bifurcation with a short ridge branching off a longer ridge
f.) crossover or bridge - a short ridge that runs between two parallel ridges

Minutiae also refer to any small or otherwise incidental details.

But the focus when matching is only on the 2 main minutiae; ridge ending and ridge bifurcation.
1.7 Minutiae extraction
After enhancement (and segmentation), the minutiae have to be extracted. For this purpose,
the image is first binarized by a thresholding operation. This converts each gray-scale pixel
value to a binary value (black or white). A dynamic threshold has to be applied, which means
that the threshold is adjusted to the local characteristics of the image, thus compensating for
differences in image intensity.
Next, the binarized image is thinned. This is a morphological operation that reduces the
width of each ridge to a single pixel, thus creating a skeleton of the image. We use a very
efficient thinning algorithm that codes each 3 by 3 pixel neighborhood in a 9-bit integer. This
number is used as index into a lookup table that contains the binary value after the current
thinning step. Two different lookup tables that both take care of a different thinning direction
are used iteratively, until the image has converged to its final skeleton. Our thinning algorithm

is inspired by the thinning algorithm that is supplied with Matlab, but it replaces 3 lookup table
operations, 3 binary ands and 1 binary not with only 1 lookup table operation. The next phase
is the actual minutiae detection in the skeleton image. For this task, again a lookup table
operation is used for efficiency. In this table, endpoints are defined as black pixels that have only
one black pixel in their 3 by 3 neighborhood, while bifurcations have three black pixels that are
pairwise unconnected in their 3 by 3 neighborhood
1.8 Traditional Minutiae Extraction
Traditional minutiae extraction from a gray-scale fingerprint image uses a number of sequential
processing steps [Jai97b]. Although most algorithms use more or less the same
approach, many possible implementations exist. This section describes our implementation
of this method. First, the ridge-valley structures are enhanced using Gabor filters, as described
in Section 5.2.1. Next, Section 5.2.2 describes the binarization and thinning of the
image, and the actual minutiae extraction. Finally, in Section 5.2.3, postprocessing is applied
to remove false minutiae.

(a) High quality

(b) Poor quality

ridge-valley structures, thereby enabling more accurate minutiae extraction. Examples of a highquality and a poor-quality fingerprint image . To illustrate the need for enhancement algorithms,
Figure 5.3(a) shows a medium-quality fingerprint image and shows an example of a fingerprint
image that has been binarized using a local threshold without any enhancement. It is clear that
this image contains too much noise for reliable minutiae extraction. Various fingerprint
enhancement methods exist. The simplest enhancement method applies a low-pass filter to the
image, thus suppressing the high-frequency noise. An example of a thresholded fingerprint image
that is enhanced by a low-pass filter.

The second class of methods makes use of FFT-based techniques. The fingerprint image is
subdivided into overlapping blocks of 32 by 32 pixels that are processed separately. The FFT is
taken, and the result is processed non-linearly in order to enhance the ridge valley structures.
Each element in the block is for instance multiplied by its absolute value, possibly raised to a
specific power between 1 and 2. This enhances the spatial frequencies that are strongly present in
the block and attenuates the other components. Next, the block is transformed back to the spatial
domain by means of an inverse FFT. An example of the results of this method . The third class of
method makes use of oriented filters that are controlled by the estimated ridge orientation
[She94, Hon98]. To each pixel, a filter is applied that enhances those structures that agree with
the local ridge orientation. For the sake of computational efficiency, the entire image is prefiltered by a number of bandpass filters with fixed orientations, distributed along the entire
orientation range from 0 to . These filters all enhance a different part of the ridge-valley
structures. Next, the pre-filtered images are combined as a locally weighted sum. The weights are
set according to the local ridge orientations, such that the pre-filtered image that enhances a
specific part of the image best, receives the largest weight in that area. There are a few critical
points in this algorithm. The first is the number of filters and their exact shape.
We use Gabor filters for this task, which provide an optimal balance between locality and
frequency selectivity [Jai97c]. Apart from the orientation, the spatial frequency and the
smoothness have to be selected for Gabor filterS. The spatial frequency of the ridge-valley
structures varies considerably within a single fingerprint and between fingerprints. One
possibility to handle this is to use filters with several spatial frequencies for each orientation, and
to weigh these according to a spatial frequency estimate. However, to reduce computational
complexity, we tune the spatial frequency of the Gabor filters to the average ridge-frequency of
the entire fingerprint database. Consequently, the peaks in the frequency responses of the filters
have to be chosen relatively wide. Otherwise, the filter may for instance construct two small
ridges, where one broad ridge is in fact present in the fingerprint. Furthermore, the minutiae are
the discontinuities in the image, where the local gray-value structure differs from a single plain
sine wave.
.

LITERATURE REVIEW

Core-Based Structure Matching Algorithm Of Fingerprint Verification

Weiwei Zhang et al proposed Fingerprint matching algorithm is a key issue of the fingerprint
recognition, and there already exist many fingerprint matching algorithms, According to the
dependence of the core point, fingerprint matching algorithms are divided into two groups, corebased match algorithms and noncore-based match algorithms. Most of the noncore-based
matching algorithm is time consuming, therefore, they are not suitable for online application;
meanwhile, the core-based matching algorithm is efficient than the noncore-based matching
algorithm, but it highly depends on the core detection precision. In this paper, we present a new
core-based structure matching algorithm which considers both efficient and precision. Firstly we
used core detection algorithm to get the core position, then we define some local structure of the
core area. Used these local structure, we can find some correspondent points of the two
fingerprint image. Secondly, we use the correspondent points in the first stage to match the
global feature of the fingerprint. Experimental results show that the performance of the proposed
algorithm is good. Fingerprint-based identification has been used for a very long time owning to
their uniqueness and immutability, today, fingerprints are the most widely used biometrics
features in automatic verification and identification systems. Most Automatic Fingerprint
Identification Systems (AFIS) are based on local ridge feature, such as ridge endings and ridge
bifurcation [1]. The key issue of the fingerprint recognition is the minutiae matching algorithm.
Although there already exist a lot of matching algorithms, most of them are not suitable for the
on line application because of following difficulties: 1. The alignment of two minutiae feature
vector. After the feature extraction of the fingerprint, we get a minutia feature vector. Before
match two feature vectors, we need to align the two feature vectors. According to usage of the
core of the fingerprint, the alignment methods can be divided into two groups: core-based
alignment and none core-based alignment method. 2. Due to the noise of the fingerprint image,
the preprocessing algorithm can not remove all of the noise from the feature vector. Therefore,
the match algorithm should robust to the noise. 3. The geometric distortion of the fingerprint
image may greatly affect the match algorithm, and there still is no effective method to deal with
this nonlinear distortion. Moreover, the on-line system require the match speed as fast as possible
and the template size as small as possible, eg. Just the x y coordinates and orient of the minutiae
in some on line system. Due to various type of image quality, our algorithm can not localize the

core point in pixel level; therefore, we can not directly use the core point as the reference point
for the match algorithm. But for most of the case, the core point detection is very precise, and if
we use this reference information, we can greatly reduce the search space, therefore, improve the
efficient of the match algorithm. In this paper, we develop a core based matching algorithm,
which use the core point to select some minutiae points, and use those minutiae points to
construct a lot of local structure. Correspondence point pair can be got by matching those local
structures. Use those correspondent points pair, the global minutiae matching can be carried out.
Dual Layer Structure Check (DLSC) FingerprintVerification Scheme Designed For
Biometric Mobile Template Protection
Kai Xi and Jiankun Hu et al proposed Recently biometric fingerprint mobile template protection
has attracted research attentions. One major challenge is finding reliable biometric features that
are robust against distortion and registration error. It is also desirable that raw fingerprints are not
easily recovered once the template has been compromised. In this paper, we propose a new Dual
Layer Structure Check (DLSC) fingerprint verification algorithm based on composite features
which are reliable, distortion tolerant and registration free. The algorithm shows a great promise
for incorporation into existing template protection schemes such as Fingerprint Fuzzy Vault. In
addition, the simplicity nature of our scheme makes it easy to be implemented on mobile devices
at either software or hardware level. Our experimental results on public domain database FVC
2002 show that the scheme can achieve a low FRR with low FAR. Sensitive information should
only be accessed by legal users. With the overall level of fraud steadily rising, access security
becomes more and more vital. It is highly desirable to have reliable information security
mechanisms to protect sensitive data and personal resources. Traditionally, knowledge based
(PIN/password) and token based (key/smartcard) system have been used to verify persons
identity. Users will be granted access when they input correct PIN/password or present genuine
key/smartcard. However, these two kinds of systems show crucial weaknesses. Knowledge such
as PIN/password can be guessed or broken down via brute force while key and smartcard can be
lost, stolen or even replicated. As an alternative to password/PIN authentication technology,
biometric security technology identifies people by their physical personal traits and therefore
inherently requires that the person to be identified is physically present at the point of
identification. The physical personal traits can be fingerprint, hand geometry, palm print, face,
iris, ear, signature, speech, keystroke dynamics and etc. Biometric techniques can solve many

problems in password/ PIN systems: they can confirm that a person is actually present without
asking him/her to memorize anything. Among various biometric features, fingerprint technology
has been most successful in real life applications and is the primary technology used in criminal
investigation. The wide usage of fingerprint as forensic application can trace back to 18th
century. Currently most fingerprint systems are designed for personal use beyond criminal
domain such as e-commerce. RNCOS [2] provides an extensive research and professional
analysis on the growing biometric security market. It predicts biometrics technology is being
increasingly preferred around the world for access control or personal identification. Further,
the global biometrics market is expected to reach a peak of $4.6 billion in 2008, up from $719
million in 2003. For fingerprint, WinterGreen Research Inc. [4] analyses current equipment
market and predicts that markets at $142.4 million in 2004 are anticipated to continue growing
through 2010 when they reach $12.6 billion. Although fingerprint authentication technology is
mature, protecting fingerprint biometric template stored in mobile devices e.g. smartcard is still
an emerging research issue and attracts attentions. This is because biometric trait can not be
replaced easily if compromised (unlike password and key).
2.3 Fingerprint Minutiae Matching Based on the Local And Global Structures
Xudong Jiang et al proposed
This paper proposes a new fingerprint minutia matching technique, which matches the
fingerprint niinuriae by using both the local and global structures of minutiae. The local structure
of a minutia describes a rotation and translation invariant feature of the minutia in its
neighborhood. It is used to find the correspondence of two minutiae sets and increase the
reliability of the global matching. The global structure of minutiae reliably determines the
uniqueness of fingerprint. Therefore, the local and global structures of minutiae together provide
a solid basis for reliable and robust minutiae matching. The proposed minutiae matching scheme
is suitable for an on line processing due to its high processing speed. Experimental results show
the peiformance of the proposed technique. Although there exist some image-based [1,2] and
graph-based [3,4] fingerprint matching, most fingerprint verification systems required to provide
a high processing speed, small template size and high degree of security are so far based on
minutiae matching. This is because it is widely believed that the minutiae of the fingerprint are

most discriminating and reliable features [5,6]. As in most automatic fingerprint verification /
identification systems, we adopt two most prominent kinds of minutiae: ridge ending and ridge
bifurcation, which are used by the Federal Bureau of Investigation [7] and can be easily
extracted by a computer using techniques such as that proposed in [11,12,15]. The feature vector
of minutia generally consists of the minutia type, the coordinates and the tangential angle of
the minutia. The automatic fingerprint verification / identification is then achieved with a kind of
point pattem matching instead of the fingerprint image matching. Several point pattem matching
algorithms have been proposed in the literature [8-lo]. Some comments on these algorithms are
given in [11,12]. The point pattern matching is generally intractable because the correspondences
between the two point sets of template and input fingerprint are unknown. The minutia
correspondences are difficult to obtain due to several factors such as the rotation, translation and
deformation of the fingerprints, the location and direction errors of the detected minutiae as well
as the presence of spurious minutiae and the absence of genuine minutiae. A. K. Jain et. a1
proposed an alignment-based matching algorithm in [11,12], in which the ridges associated with
the minutiae were used to align the input minutiae with the template minutiae and an adaptive
elastic matching algorithm was proposed to match the aligned minutiae. The authors reported
good performance. However, this approach results in a large template size because the associated
ridges for each minutia must be saved. If only short ridges are saved, the algorithm may
results in an inaccurate alignment, or much worse, a false alignment. Another quite different
approach proposed by A. K. Hrechak and J. A. Mchugh [13], used the locastructure of the
minutia to describe the characteristics of the minutiae. This approach owns some advantages
in processing speed and robustness to rotated and partial prints. Some improvements of this
approach were proposed in [14]. However, the local structure is less distinct feature because it is
determined only by a small subset of the minutiae. Prints from different fingers may have quite a
few similar local structures and prints from the same finger may only have few similar structures
due to the presence of spurious minutiae and the absence of genuine minutiae. Therefore,
fingerprint matching based only on the local structure is less reliable. In this paper, we present a
new fingerprint minutiae matching technique based on both the local structures of the minutiae
and the global structure of the fingerprints. While comparing two fingerprints, a human expert
used to manually examine the local positional relations between minutiae (the local structure of
the minutiae) and to confirm the verification finally using the fingerprint unique global position

structure consisted of the whole minutiae set. Our approach attempts to automate this human
expert behavior. The local structure of a minutia is rotation and translation invariant because it
consists of the direction and location relative to some other minutiae. Moreover, the local
structure can tolerate reasonable deformation because it is formed from only a small area of the
fingerprint. So the local structures can be directly used for matching and the best matched local
structures provides the correspondences for aligning the global structure of the minutiae. The
aligned global structure together with the result of the local structure matching finally determines
whether the two fingerprints are generated from the same finger.
2.4 Robust Fingerprint Authentication Using Local Structural Similarity
Nalini I S. Ratha et al proposed Fingerprint matching is challenging as the matcher has to
minimize two competing error rates: the False Accept Rate and the False Reject Rate. We
propose a novel, efficient, accurate and distortion-tolerant fingerprint authentication technique
based on graph representation. Using the fingerprint minutiae features, a labeled, and weighted
graph of minutiae is constructed for both the query fingerprint and the reference fingerprint. In
the first phase, we obtain a minimum set of matched node pairs by matching their neighborhood
structures. In the second phase, we include more pairs in the match by comparing distances with
respect to matched pairs obtained in first phase. An optional third phase, extending the
neighborhood around each feature, is entered if we cannot arrive at a decision based on the
analysis in first two phases. The proposed algorithm has been tested with excellent results on a
large private live scan database obtained with optical scanners. The fingerprint-based
authentication problem can be informally defined as a system that answers the question Am
I who I say I am?. That is, given an enrolled template from the database and the query template
what is the probability that the two templates are from the same finger? In contrast to this, we
have the identifzcation problem, which can be defined as a system that answers the question Is
the subject enrolled in the database? Equivalently, given a database of templates and the query
template, does the query template closely resemble any of the database templates? The
identification problem can be seen as N repeat authentications, where N is the number of
candidates in the Database. is a hard problem as fingerprint images can undergo variable
amounts of elastic distortion, and feature extraction may introduce noise like missingtspurious
minutiae.Matching of fingerprint images have attracted attention of researchers for last three
decades. The matching techniques for fingerprint authentication can be classified into three

categories: (i) image-based; (ii) feature-based; and (iii) combination of the two. The image-based
techniques include both optical as well as computer-based image correlation techniques.
Recently, several transform based techniques have also been explored. The feature based
techniques extract significant landmarks from a fingerprint image and these feature sets are
matched to arrive at a decision. The proposed algorithm pairs minutiae similar to how a human
would go about matching two prints. 0 To begin with, we examine the two feature sets to find
a minimal set of reliable minutiae that can be paired. This is called as the strict matching phase.
0 We then relax the criterion of pairing and examine if the pairings can be extended with respect
to reliable matches. This is called as the extension phase. 0 We compute separate costs for both
the phases, and combine the costs to arrive at a decision.
An Algorithm for Distorted Fingerprint MatchingBased on Local Triangle Feature Set
Xinjian Chen et al proposed Coping with nonlinear distortions in fingerprint matching is a
challenging task. This paper proposes a novel method, a fuzzy feature match (FFM) based on a
local triangle feature set to match the deformed fingerprints. The fingerprint is represented by the
fuzzy feature set: the local triangle feature set.The similarity between the fuzzy feature set is
used to characterize the similarity between fingerprints. A fuzzy similarity measure for
two triangles is introduced and extended to construct a similarity vector including the trianglelevel similarities for all triangles in two fingerprints. Accordingly, a similarity vector pair is
defined to illustrate the similarities between two fingerprints. The FFM method maps the
similarity vector pair to a normalized value which quantifies the overall image to image
similarity. The proposed algorithm has been evaluated with NIST 24 and FVC2004 fingerprint
databases. Experimental results confirm that the proposed FFM based on the local triangle
feature set is a reliable and effective algorithm for fingerprint matching with nonlinear
distortions. Fingerprint recognition has been applied to identify criminals in law enforcement,
and currently it is being increasingly used for personal identification in a civilians daily life,
such as an ID card, fingerprints hard disk, and so on. Various fingerprint recognition techniques,
including fingerprint acquisition, enhancement, matching, and classification are developed and
advanced rapidly. However, there are still difficult and challenging tasks in this field. One of the
main difficulties in matching two fingerprint impressions of the same finger is to deal with the
nonlinear distortions, which are caused by the acquisition process. When capturing, the three-

dimensional (3-D) elastic surface of a finger is pressed onto a flat sensor surface, and this 3-D
two-dimensional (2-D) mapping introduces nonlinear distortions, especially if the force is not
orthogonally applied to the sensor [1]. The distortion is associated with several reasons [2],
including the sensor orientation with the finger, the applied pressure, the disposition of the
subject, the motion of the finger prior to its placement on the sensor, the skin moisture, and the
elasticity of the skin, etc. It is a realistic situation for noncooperative users who deliberately
apply excessive force to create intentional elastic deformations. In Fingerprint Verification
Competition 2004 (FVC2004) [3], individuals were requested to exaggerate the skin distortion
during the certain fingerprint capturing process. Fig. 1 shows a pair of fingerprints of large
distortion from FVC2004 DB1 (102_3.tif and 102_5.tif). While the corresponding minutiae in
the rectangle region are approximately overlapped, the maximal distance between corresponding
minutiae in the ellipse region is more than 100 pixels. In order to improve the whole
fingerprint recognition system, these nonlinear distortions must be well accounted for. Different
from the above mentioned methods, we developed a novel way, fuzzy feature match (FFM)
based on a local triangle feature set to match the deformed fingerprints. The fingerprint
was represented by the fuzzy feature set: local triangle feature set. The similarity between the
fuzzy feature set was used to characterize the similarity between fingerprints. A fuzzy similarity
measure for two triangles was first introduced. The result was then extended to construct a
similarity vector which includes the triangle-level similarities for all triangles in two fingerprints.
Accordingly, a similarity vector pair was defined to illustrate the similarities between two
fingerprints. Finally, the FFM measure mapped a similarity vector pair to a normalized
quantity within the real interval [0, 1], which quantifies the overall image to image similarity.
The proposed algorithm was evaluated with NIST 24 and FVC2004 fingerprint databases.
Experimental results indicate that our algorithm works well with the nonlinear distortions. For
deformed fingerprints, the algorithm gives considerably higher matching scores compared to
conventional matching methods. The equal error rate (EER) of the proposed algorithm on NIST
24 is about 3.11%. In the fingerprint\ database, DB1 and DB3 of FVC2004, EER are 4.06%
and 1.35%, respectively, although there is a large distortion between some fingerprints from the
same finger.

Alignment-free cancelable fingerprint template design: A densely infinite-to-one mapping

(DITOM) approach
Song Wang et al proposed Registration-based cancelable template schemes rely on accurate
fingerprint image alignment, which is very difficult to achieve. In this paper, by exploiting pairminutiae vectors, we develop a lightweight, alignment-free scheme for generating cancelable
fingerprint templates. The proposed mathematical model is based on a densely infinite-to-one
mapping (DITOM) aiming to achieve the non-invertible property. The transformation designed
describes the intersection of a collection of hyperplanes and effectively realizes infinite-to-one
mapping. The proposed scheme has the properties of non-invertibility, revocability and multiple
template independence. Evaluation of the proposed scheme over FVC2002 DB1, DB2 and DB3
shows that the new method exhibits satisfactory performance compared to existing methods. Due
to the distinctiveness and permanence of biometric\ identifiers, e.g., fingerprints, face, iris,
biometric recognition provides good security, high efficiency and user convenience [1], thus
overcoming weaknesses in traditional token- and knowledge- based recognition methods. In
biometrics-based authentication systems, users need not worry about losing keys or forgetting
different (or sometimes complex) passwords. Among various types of biometric identifiers,
fingerprints have a good balance of all desirable properties, such as high individuality,
permanence and good recognition accuracy. Apart from a long history of use in forensic and
criminal investigations, fingerprint based biometric systems have been widely used in civilian,
commercial and financial applications. There is no doubt that new, powerful fingerprint systems
will continue to be developed. Fingerprint recognition consists of two phases: (a) user
enrollment, during which a users fingerprint image is scanned, processed and stored as a
template in a central database or on a smartcard, and (b) fingerprint verification, in which
individuals are authenticated at the point of access by comparing a query finger with the template
via a matching function. Despite the advantages of fingerprint biometrics, vulnerabilities [2] and
challenges do exist in fingerprint recognition, and therefore security and privacy concerns arise.
Once a fingerprint image/template is stolen, it is lost forever. Unlike a compromised token or
password, compromised fingerprint data cannot be replaced or reissued. A fingerprint template, if
compromised, may leak fingerprint features that can be used to reconstruct a fingerprint image.
For example, Cappeli et al. [3] reconstructed a fingerprint image based on a standard template.
Another advantage of cancelable

fingerprint templates is that multiple application-specific templates can be built by changing

parameters in the chosen transformation, thus preserving users privacy across different
applications. In this paper we develop a transformation mechanism aiming to achieve densely
infinite-to-one mapping (DITOM). The mapping can be a line, a plane or more generally, a
hyperplane (i.e., a linear surface of higher dimension), being mapped to a point in a complex
space. The linear surface as such contains infinitely many densely distributed points. Such an
infinite-to-one mapping falls nicely in the framework of linear affine algebraic varieties in
the well-established discipline of algebraic geometry [14]. Taking a more algebraic approach, we
design the transformation which describes the intersection of a collection of hyperplanes and
effectively realizes the infinite-to-one mapping. We then prove that the transformation designed
is theoretically non-invertible in that it admits an infinite number of points in the solution space.
By exploiting pair-minutiae vectors and hinging upon the DITOM based non-invertible
transformation, we propose a lightweight, registration-free cancelable fingerprint template
scheme. The transformed template takes the form of a finite-length, complex- valued vector and
can be revoked and replaced when compromised. Fingerprint matching is performed in the
transformed domain to enhance security. We conducted comprehensive testing to evaluate the
proposed scheme using three databases (DB1, DB2 and DB3) of FVC2002 [15].
Pair-polar coordinate-based cancelable fingerprint templates
Tohari Ahmad et al proposed Fingerprint-based authentication has been widely implemented,
however, security and privacy of fingerprint templates still remain an issue. Some schemes have
been proposed to protect fingerprint templates, such as the design of cancelable fingerprint
templates. Yet, most of the existing schemes rely on accurate fingerprint image registration,
which is very hard to achieve, especially considering the need to avoid storing any information
related to the raw fingerprint features. In this paper, a pair-polar coordinate-based template
design method is developed which does not need registration. The proposed scheme explores the
relative relationship of minutiae in a rotation- and shift-free pair-polar framework. A many-toone mapping is applied to ensure the non-invertible recovery of raw templates. A random
translation parameter is introduced to further distort the minutia distribution. Under various
scenarios, the proposed scheme is evaluated using the public databases, FVC2002DB1,
FVC2002DB2 and FVC2002DB3. The experiment results show that the new method satisfies the
template protection requirements and the performance degradation caused by the transformation

is very low. Biometry has become a potential authentication tool which can address the inherent
weakness of the traditional knowledgebased (e.g. password) and possession-based (e.g. key or
token) recognition systems in terms of authenticating genuine users. This is because biometric
features are relatively unique and permanent. Furthermore, by using biometric data, users do not
have to worry about forgetting the password or losing the token. There are two steps involved in
biometric authentication, namely: 1. Enrollment: the biometric characteristic and/or its related
information is extracted and stored in the database as a template. 2. Verification: the biometrics
in query are compared with the existing template to measure the degree of similarity. Unlike
knowledge- or possession-based recognition systems, the biometric feature extracted tends to be
unstable due to the associated environment and device. This instability can make it hard to
distinguish between intrauser variation and interuser similarity. Another security concern of
biometrics is that once biometric data are compromised, the effect will be forever. Indeed, many
research findings have proven that biometric information stored in a database may leak biometric
features which can be used to reconstruct a biometric image. For example, Ross et al. [1] show
that a minutiae template can provide three levels of fingerprint information: orientation field,
class or type and friction ridge structure. Protecting biometric templates using conventional
cryptography such as RSA and DES is problematic. This is because, if biometric authentication
is conducted after decryption, then raw biometric features will be revealed. On the other hand,
conducting authentication in a transformed domain (i.e. cipher text) is very hard because a small
change in the biometric data may result in a totally different transformed template due to the
inherent uncertainty of retrieved biometric features. It is infeasible to solve the conflict that
exists between the uncertainty of biometrics and the demand for the exactness of cryptography if
an encryption scheme is used. A cancelable template is a potential solution in addressing the
above issues. It aims to project the raw feature template into another domain using a noninvertible parameterized transformation. In case the transformed template is compromised, it
cannot be used to recover the raw template. Issuing a different set of parameters can produce
another template. However, most cancelable template design schemes require accurate
registration, which is difficult to achieve. In this paper, we propose a cancelable fingerprint
template design scheme that is rotation- and shift-free, i.e. registration-free, and also noninvertible. The proposed scheme explores the relative relationship of minutiae points in a pair-

polar framework. The experiment results show that the proposed scheme performs better than the
existing methods and that the performance degradation caused by the transformation is very low.

Biometric Cryptosystems: Issues and Challenges

Umut Uludag et al In traditional cryptosystems, user authentication is based on possession of
secret keys, which falls apart if the keys are not kept secret (i.e., shared with nonlegitimate
users). Further, keys can be forgotten, lost, or stolen and, thus, cannot provide nonrepudiation.
Current authentication systems based on physiological and behavioral characteristics of persons
(known as biometrics), such as fingerprints, inherently provide solutions to many of these
problems and may replace the authentication component of the traditional cryptosystems. In this
paper, we present various methods that monolithically bind a cryptographic key with the
biometric template of a user stored in the database in such a way that the key cannot be revealed
without a successful biometric authentication. We assess the performance of one of these
biometric key binding/generation algorithms using the fingerprint biometric. We illustrate the
challenges involved in biometric key generation primarily due to drastic acquisition variations in
the representation of a biometric identifier and the imperfect nature of biometric feature
extraction and matching algorithms.

Digital rights management (DRM) systems are being

deployed to address this problem. The user authentication, which is an essential part of a DRM
system, determines whether a user is authorized to access the content. In a generic cryptographic
system the user authentication is possession based. That is, possession of the decrypting key is a
sufficient evidence to establish user authenticity. Because cryptographic keys are long and
random, they are difficult to memorize. As a result, the cryptographic keys are storedsomewhere
(for example, on a computer or a smart card) and released based on some alternative
authentication (e.g., password) mechanism, that is, upon assuring that they are being released to
the authorized users only. Most passwords are so simple that they can be easily guessed
(especially based on social engineering methods) or broken by simple dictionary attacks [5]. It is
not surprising that the most commonly used password is the word password! Thus, the
multimedia protected by the cryptographic algorithm is only as secure as the passwords (weakest
link) used for user authentication that release the correct decrypting key(s). Simple passwords are
easy to crack and, thus, compromise security; complex passwords are difficult to remember and,

thus, are expensive to maintain.1 Users also have the tendency to write down complex passwords
in easily accessible locations. Further, most
people use the same password across different applications and, thus, if a single password is
compromised, it may open many doors. Finally, passwords are unable to provide nonrepudiation;
that is, when a password is shared with a friend, there is no way to know who the actual user is.
This may eliminate the feasibility of countermeasures such as holding conniving legitimate users
accountable in a court of law.
Many of these limitations of the traditional passwords can be ameliorated by incorporation of
better methods of user authentication. Biometric authentication refers to verifying individuals
based on their physiological and behavioral characteristics such as face, fingerprint, hand
geometry, iris, keystroke, signature, voice, etc. It is inherently more reliable than password-based
authentication, as biometric characteristics cannot be lost or forgotten (cf. passwords being lost
or forgotten); they are extremely difficult to copy, share, and distribute (cf. passwords being
announced in hacker websites) and require the person being authenticated to be presentat the
time and point of authentication (cf. conniving users mdenying having shared the password). It is
difficult to forge biometrics (it requires more time, money, experience, and access privileges) and
it is unlikely for a user to repudiate having accessed the digital content using biometrics. Finally,
one users biometrics is no easier to break than anothers; that is, all users have a relatively equal
security level, hence, there are not many users who have easy to guess biometrics, that can be
used to mount an attack against them. Thus, biometrics-based authentication is a potential
candidate to replace password-based authentication, either by providing the complete
authentication mechanism or by securing the traditional cryptographic keys that contain the
multimedia file in a DRM system. In this paper, we attempt to present
an analysis of implications of the existing biometric technologies
to the containment process
A FUZZY COMMITMENT SCHEME
Alawi A. Al-saggaf el al proposed This paper attempt has been made to explain a fuzzy
commitment scheme. In the conventional Commitment schemes, both committed string m and
valid opening key are required to enable the sender to prove the commitment. However there
could be many instances where the transmission involves noise or minor errors

arising purely because of the factors over which neither the sender nor the receiver have any
control. The fuzzy commitment scheme presented in this paper is to accept the opening key that
is close to the original one in suitable distance metric, but not necessarily identical. The concept
itself is illustrated with the help of simple situation. heart of most the constructions of modern
Cryptography protocols. Protocols are essentially a set of rules associated with a process or a
scheme defining the process. Commitment schemes are the processes in which the interests of
the parties involved in a process are safeguarded and the process itself is made as fair as possible.
Moreover in the conventional Commitment schemes, opening key are required to enable the
sender to prove the commitment. However there could be many instances where the transmission
involves noise or minor errors arising purely because of the factors over which neither the sender
nor the receiver have any control. Our aim in this paper to describe commitment schemes, which
use algorithms to counter possible uncertainness. Uncertainty leads to introduction of fuzzy
sets and fuzzy logic[2] in to the protocol itself. Crisp Commitment Schemes
In a conventional commitment scheme, one party, whom we denote the sender namely Alice, aim
to entrust a concealed message m to the second party namely Bob. Intuitively a commitment
scheme can be seen as the digital equivalent of a sealed envelope. If Alice wants to commit to
some message m she just puts it into the sealed envelope, so that whenever Alice wants to reveal
the message to Bob, she opens the envelope. Clearly, such a mechanism can be useful
only if it meets some basic requirements. First of all the digital envelope should hide
the message from: Bob should be able to learn m from the commitment (this is often
referred in the literature as the hiding property). Second, the digital envelope should be binding,
meaning with this that Alice can not change her mind about m, and by checking the opening of
the commitment one can verify that the obtained value is actually the one Alice had in mind
originally (this is often referred to as the binding property).
A Fuzzy Vault Scheme
Ari Juels el a proposed a simple and novel cryptographic construction that we refer to as a fuzzy
vault. A player Alice may place a secret value in a fuzzy vault and \lock" it using a set A of
elements from some public universe U. If Bob tries to \unlock" the vault using a set B of similar
length, he obtains _ only if B is close to A, i.e., only if A and B overlap substantially. In constrast

to previous constructions of this avor, ours possesses the useful feature of order invariance,
meaning that the ordering of A and B is immaterial to the functioning of the vault. As
we show, our scheme enjoys provable security against a computationally unbounded attacker.
Alice is a movie lover. She is looking to _nd someone who shares her taste in movies, but does
not want to reveal information about her preferences indiscriminately to other people. One
approach she might take is to compile a set A of her favorite movies and publish it in a concealed
form. For instance, Alice might post to a Web newsgroup a ciphertext CA representing an
encryption of her telephone number telA under the set (here, key) A. In this case, if another
person, say Bob, comes along with a set B of his own favorites that is identical to A, then he can
decrypt CA and obtain Alice's phone number. If Bob tries to decrypt CA with a set di_erent than
Alice's, he will fail to obtain her telephone number. A drawback to this approach is its exactitude,
or lack of error-tolerance. If Bob's interests are very similar to Alice's, e.g., if he likes two or
three _lms that Alice doesn't, then he will not learn telA. It seems very likely in this case,
though, that Alice would still like Bob to obtain her telephone number, as their tastes are quite
similar. In this paper, we introduce the notion of a fuzzy vault. This is a cryptographic
construction whereby Alice can lock her telephone number telA using the set A,
yielding a vault denoted by VA. If Bob tries to unlock the vault VA using his own set B, he will
succeed provided that B overlaps largely with A. On the other hand, anyone who tries to unlock
VA with a set of favorite movies di_ering substantially from Alice's will fail, helping to ensure
that Alice's set of favorites remains private. Thus, a fuzzy vault may be thought of as a form of
error-tolerant encryption operation where keys consist of sets. Our fuzzy vault proposal has
two important features that distinguish it over similar, prior work. First, the sets A and B may be
arbitrarily ordered, i.e., true sets rather than sequences. Second, in contrast to previous work, we
are able to prove information-theoretic security bounds over some natural non-uniform
distributions on the set A. Error-tolerant cryptographic algorithms are useful in many
circumstances in which security depends on human factors, and thus exactitude represents a
drawback.We over just a few examples here, all of which might benefit from use of our fuzzy
vault scheme: 1. Privacy-protected matching: As an extension of our movie lover's example
above, we might consider a business scenario. looking for routers with a set B of similar
speci_cations, then it will be able to open the vault. Anyone who tries to unlock the vault with a
dissimilar set will not learn _. (We address this idea in detail later in the paper, and decribe

an important security enhancement using on-line throttling mechanisms.) 2. Personal entropy

systems this is a system that enables users to recover passwords by answering a series of
questions. In recognition of the unreliability of human memory, the system permits users to
answer some of these questions incorrectly. A serious vulnerability in this system is exposed in
[4], who show more broadly that the underlying hardness assumption is weak. Our fuzzy vault
scheme offers an alternative implementation that is provably secure in an information-theoretic
sense and that may involve use of sets, and not just _xed-order answers.
3. Biometrics: Alice authenticates to her server using fingerprint information.
Her system administrator wishes to store her _fingerprint on the server or,
more precisely, a set A of features characterizing her fingerprint. (Such sets
are known as biometric templates.) If an attacker breaks into the server,
however, Alice does not want her template A compromised.
Fuzzy Extractors: How to Generate Strong Keys from Biometricsand Other Noisy Data
Yevgeniy Dodi et al proposed formal definitions and efficient secure techniques for turning
biometric information into keys usable for any cryptographic application, and reliably and
securely authenticating biometric data. Our techniques apply not just to biometric information,
but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible
precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor extracts
nearly uniform randomness R from its biometric input; the extraction is error-tolerant in the
sense that R will be the same even if the input changes, as long as it remains reasonably close to
the original. Thus, R can be used as a key in any cryptographic application. A secure sketch
produces public information about its biometric input w that does not reveal w, and yet allows
exact recovery of w given another value that is close to w. Thus, it can be used to reliably
reproduce error-prone biometric inputs without incurring the security risk inherent in storing
them. In addition to formally introducing our new primitives, we provide nearly optimal
constructions of both primitives for various measures of closenessof input data, such as
Hamming distance, edit distance, and set difference. Cryptography traditionally relies on
uniformly distributed random strings for its secrets. Reality, however, makes it difficult to create,
store, and reliably retrieve such strings. Strings that are neither uniformly random nor reliably
reproducible seem to be more plentiful. For example, a random persons fingerprint or iris scan is
clearly not a uniform random string, nor does it get reproduced precisely each time it is

measured. Similarly, a long pass-phrase (or answers to 15 questions [12] or a list of favorite
movies [16]) is not uniformly random and is difficult to remember for a human user. This work is
about using such nonuniform and unreliable secrets in cryptographic applications. Our approach
is rigorous and general, and our results have both theoretical and practical value. A fuzzy
extractor addresses both error tolerance and nonuniformity. It reliably extracts a uniformly
random string R from its biometric input w in an error-tolerant way. If the input changes but
remains close, the extracted R remains the same. To assist in recovering R from w_, a fuzzy
extractor outputs a public string P (much like a secure sketch outputs v to assist in recovering w).
However, R remains uniformly random even given P. Our approach is general: our primitives
can be naturally combined with any cryptographic system. Indeed, R extracted from w by a fuzzy
extractor can be used as a key in any cryptographic application, but, unlike traditional keys, need
not be stored (because it can be recovered from any w_ that is close to w). We define our
primitives to be information-theoretically secure, thus allowing them to be used in combination
with any cryptographic system without additional assumptions (however, the cryptographic
application itself will typically have computational, rather than information-theoretic, security).
Multi-Bits Biometric String Generation based on the Likelihood Ratio
C. Chen, R.N.J. Veldhuis et al proposed Preserving the privacy of biometric information stored
in biometric systems is becoming a key issue. An important element in privacy protecting
biometric systems is the quantizer which transforms a normal biometric template into a binary
string. In this paper, we present a user-specific quantization method based on a likelihood ratio
approach (LQ). The bits generated from every feature are concatenated to form a fixed length
binary string that can be hashed to protect its privacy. Experiments are carried out on both
fingerprint data (FVC2000) and face data (FRGC). Results show that our proposed quantization
method achieves a reasonably good performance in terms of FAR/FRR (when FAR is 104, the
corresponding FRR are 16.7% and 5.77% for FVC2000 and FRGC, respectively). Use of
biometrics has brought considerable benefits in the area of access control and ICT security.
Recently, however, protection of biometric template is becoming more important [1], because a
biometric template may reveal personal information. Additionally, unprotected storage and
transfer of biometric information allows direct steal-and-use impersonation. Once the biometric
template is compromised, it can not be re-issued. Biometric template protection aims to protect
biometric reference information stored in biometric systems from abuse. In the past years,

several techniques were developed to protect biometric information. In [2], [3] the authors
discuss an approach known as cancelable biometrics. Before storing the image of a face or a
fingerprint in a biometric system, it is distorted using a parametrized oneway geometric
distortion function. The fuzzy vault method as introduced in [4] is a general cryptographic
construction allowing to store a secret in a vault that can be locked using an unordered set of
features. An initial attempt to use the fuzzy vault scheme in the setting of fingerprints is given in
[5]. A third group of techniques, containing fuzzy commitments [6], fuzzy extractors [7] and
helper data systems, derive a key from a biometric measurement and store an irreversibly hashed
version of the key in the biometric system. It is the purpose of all these methods to protect the
privacy of biometric information without reducing the performance of the biometric system in
terms of F alse Acceptance Rate (FAR) and False Rejection Rate (FRR). In this paper we will
concentrate on the third group of methods. In order to extract a key, these methods assume that a
biometric template can be represented as a fixed length binary string. In effect, these methods
define the similarity of two binary templates in terms of Hamming distance [9]. A binary
template is usually obtained by quantizing the original biometric template using a quantizer. In
order to work properly, many quantizers produce and use side-information that must be stored in
the biometric system. Since this side-information is user dependent, it may leak information
about the original template. Side-information with low privacy leakage is therefore a design
objective.

Binary Biometric Representation through Pairwise Adaptive Phase Quantization

Chun Chen et al proposed Extracting binary strings from real-valued biometric templates is a
fundamental step in template compression and protection systems, such as fuzzy commitment,
fuzzy extractor, secure sketch, and helper data systems. Quantization and coding is the
straightforward way to extract binary representations from arbitrary real-valued biometric
modalities. In this paper, we propose a pairwise adaptive phase quantization (APQ) method,
together with a long-short (LS) pairing strategy, which aims to maximize the overall detection
rate. Experimental results on the FVC2000 fingerprint and the FRGC face database show
reasonably good verification performances Extracting binary biometric strings is a fundamental
step in template compression and protection [1]. It is well known that biometric information is

unique, yet inevitably noisy, leading to intraclass variations. Therefore, the binary strings are
desired not only to be discriminative, but also have to low intraclass variations. Such
requirements translate to both low false acceptance rate (FAR) and low false rejection rate
(FRR). Additionally, from the template protection perspective, we know that general biometric
information is always public, thus any person has some knowledge of the distribution of
biometric features. Furthermore, the biometric bits in the binary string should be independent
and identically distributed (i.i.d.), in order to maximize the attackers efforts in guessing the
target template. Several biometric template protection concepts have been published. Cancelable
biometrics [2, 3] distort the image of a face or a fingerprint by using a one-way geometric
distortion function. The fuzzy vault method is a cryptographic construction allowing to store a
secret in a vault that can be locked using a possibly unordered set of features, for example,
fingerprint minutiae. A third group of techniques, containing fuzzy commitment , fuzzy
extractor , secure sketch, and helper data system , derive a binary string from a biometric
measurement and store an irreversibly hashed version of the string with or without binding a
crypto key. In this paper, we adopt the third group of techniques. The straightforward way to
extract binary strings is quantization and coding of the real-valued features. So far, many works
have adopted the bit extraction framework shown in Figure 1, involving two tasks: (1) designing
a one-dimensional quantizer and (2) determining the number of quantization bits for every
feature. The final binary string is then the concatenation of the output bits from all the individual
features.
IRIS TEMPLATE PROTECTION USING A DIGITAL MODULATION PARADIGM
Emanuele Maiorana et al proposed template protection is an issue of paramount importance in
the design of biometric recognition systems. In this paper we present a biometric cryptosystem
applied to iris biometrics, where template security is guaranteed by means of a frame- work
inspired by the digital modulation paradigm. Specifically, the properties of modulation
constellations and turbo codes with soft-decoding are exploited to design a system with high
performance in terms of both verification rates and security, even while dealing with a biometrics
characterized by a high intra-class variability such as the iris. The effectiveness of the proposed
approach is evaluated by performing tests on the Interval subset of the CASIA-IrisV4 database.
In the design of a biometric recognition system, special attention needs to be paid towards the
potential security and privacy issues which may arise from the use of the biometric data. In fact

biometrics, being limited in number, can be hardly replaced if stolen or copied. Biometric data
can also reveal significant information regarding people personality and
health, or they can be employed to perform an unauthorized tracking of the enrolled subjects
across multiple databases, thus affecting the users privacy [1]. Many efforts have been therefore
devoted to the design of template protection schemes able to properly address the
aforementioned concerns . According to the classification in , such schemes can be classified into
biometric cryptosystems and feature transformation approaches. The former can be further
divided into key binding methods, which combine biometric templates with binary keys, or key
generation approaches, where cryptographic keys are directly created from biometric data.
Feature transformation methods can be classified into salting approaches, whose security relies
on the secure storage of an invertible function key, and non-invertible transform methods which
apply one-way transformations to the considered biometrics. An ideal template protection
scheme should make impossible recovering the original template from the stored one. Moreover,
it should be able to generate multiple versions of the same biometrics without leaving the
possibility of linking one to the others. Also, it should be able to guarantee a recognition
accuracy comparable to an unprotected system
User adaptive fuzzy commitment for signature template protection and renewability
Emanuele Maiorana et al proposed Biometrics is rapidly becoming the principal technology
for automatic people authentication. The main advantage in using biometrics over traditional
recognition approaches relies in the difficulty of losing, stealing, or copying individual
behavioral or physical traits. The major weakness of biometrics-based systems relies in their
security: in order to avoid data stealing or corruption, storing raw biometric data is not advised.
The same problem occurs when biometric templates are employed, since they can be used to
recover the original biometric data. We employ cryptographic techniques to protect dynamic
signature features, making it impossible to derive the original biometrics from the stored
templates, while maintaining good recognition performances. Together with protection, we also
guarantee template cancellability and renewability. Moreover, the proposed authentication
scheme is tailored to the signature variability of each user, thus obtaining a user adaptive system
with enhanced performances with respect to a nonadaptive one. Experimental results show the
effectiveness of our approach when compared to both traditional nonsecure classifiers and other,

already proposed protection schemes The most rapidly emerging technology for human
authentication physiological or behavioral people characteristics for automatic human
recognition. Biometric authentication relies on who a person is or what a person does, in contrast
with traditional approaches, which are based on what a person knows _password_ or has _ID
card_.1,2 Biometric authentication is based on strictly personal traits, which are much
more difficult to be forgotten, lost, stolen, copied, or forged than traditional data. Loosely
speaking, biometric systems are essentially pattern recognition applications, performing
authentication using biometric attributes derived from physiological or behavioral characteristics
that persons possess. Biometric authentication systems consist of two stages: the enrollment
subsystem and the authentication subsystem. In the enrollment stage, biometric data are captured
from a subject and checked for their quality. Then relevant information is extracted and
eventually stored in a database. As for the authentication subsystem, two modalities
can be implemented: Verification: the subject who claims an identity presents
some form of identifier _such as user ID, ATM card_ and a biometric characteristic. The system
extracts some features from the acquired data and compares the features in the database
corresponding to the provided ID and the acquired ones. Identification: the system acquires the
biometric sample from the subject, extracts some features from the raw measurements, and
searches the entire database\ for matches using the extracted biometric features. biometrics
represents an alternative to traditional authentication approaches, able to guarantee improved
security and comfort for users. However, the use of biometric data involves various risks not
affecting other methods employed for automatic people recognition: if a biometric characteristic
is somehow stolen or copied, it cannot simply be replaced. Moreover, biometric data can
contain relevant information regarding personality and health that can be used in an unauthorized
manner for malicious or undesired intents.3,4 Therefore, when designing a biometrics-based
system, the issue of security has to be carefully considered. As Ratha et al. described, the
potential attacks on a biometric system can be perpetrated at the sensor, where fake biometrics
can be presented, or at the feature extractor, which could be forced to produce preselected
features.5 Moreover, the template matcher can be attacked to produce an artificially high or low
match score and the database can be corrupted in order to steal or substitute the stored templates.
Finally, the channels interconnecting the different parts of a biometric system can be
intercepted and controlled by unauthorized people.

A Dissection of Fingerprint Fuzzy Vault Schemes

Vedrana Krivokua et al proposed The fuzzy vault construction is one of the most widely
adopted approaches for the protection of fingerprint data. The popularity of this scheme stems
from its ability to deal with unordered sets of fingerprint features, as well as its tolerance to
missing or spurious feature elements across multiple acquisitions of the same fingerprint. While
a considerable number of fingerprint-based fuzzy vault implementations have been reported in
the literature, a review of these schemes does not yet exist, to the best of the authors knowledge.
This paper, therefore, dissects existing fingerprint fuzzy vault schemes and provides a
comprehensive discussion of what fingerprint features have been used, and how the locking and
unlocking processes have been adapted to suit the nature of the fingerprint features employed.
With the escalating interest in biometric recognition technologies, considerable growth in
databases containing sensitive biometric information of millions of citizens is inevitable. This
raises serious concerns about the security of the biometric data stored in these databases and
consequently our privacy, particularly because a compromised biometric is forever rendered
useless as a reliable identifier. In light of this issue, effective means of securing the biometric
data during storage in a database are urgently required. The main challenge in the advancement
of such protection schemes lies in the intra-class variability exhibited by biometric measurements
acquired during different presentations to a recognition system. This hinders the direct use of
traditional, well-established cryptographic techniques, which are sensitive to small changes in
the input data. For this reason, in the past decade there has been increasing focus on developing
protection schemes specifically suited to the nature of biometric data, and an excellent review of
these techniques is presented in. While none of the methods proposed thus far has been embraced
as the standard biometric protection mechanism in practice, several techniques have become the
focus of much attention in the academic arena. One of the most widely adopted approaches for
securing biometric data is the fuzzy vault scheme, which was first proposed in [9] in 2002. The
attraction of using the fuzzy vault construction for securing biometric data lies in its ability to
deal with unordered sets of features, which are common in biometric measurements, as well as
its tolerance to erasures in the feature vector obtained during different acquisitions of the
biometric trait. Since 2002, fuzzy vault implementations for a number of biometric modalities
have been reported in the literature, with a predominant focus on fingerprints due to their

maturity as a biometric identifier. To the best of the authors knowledge, there does not yet exist
a review of these fingerprint based fuzzy vaults; so, this paper presents a discussion of the
methods employed in constructing the fingerprint fuzzy vault implementations documented in
the literature.
Secure Smartcard Based Fingerprint Authentication
T. Charles Clancy et al In this paper, the fundamental insecurities hampering a scalable, widespread deployment of biometric authentication are examined, and a cryptosystem capable of
using Finger print data as its key is presented. For our application, we focus on situations where
a private key stored on a smartcard is used for authentication in a networked environment, and
we assume an attacker can launch o-line attacks against a stolen card. Juels and Sudan's fuzzy
vault is used as a starting point for building and analyzing a secure authentication scheme using
fingerprints and smartcards called a fingerprint vault. Fingerprint minutiae coordinates mi are
encoded as elements F and the secret key is encoded in a polynomial f(x) over F[x]. The
polynomial is evaluated at the minutiae locations, and the pairs (mi; f(mi)) are stored along with
random (ci; di) cha points such that di 6= f(ci). Given a matching ngerprint, a valid user can
seperate out enough true points from the cha points to reconstruct f(x), and hence the original
secret key. The parameters of the vault are selected such that the at- tacker's vault unlocking
complexity is maximized, subject to zero unlocking complexity with a matching ngerprint and
a reasonable amount of error. For a feature location mea- surement variance of 9 pixels, the
optimal vault is 269 times more difficult to unlock for an attacker compared to a user
posessing a matching ngerprint, along with approximately a 30% chance of unlocking failure
In our increasingly electronic environment, everything is becoming a network, from the
computer terminals we sit at, to the supermarket checkout, and even the locks on our doors. In
these abstract networks, all forms of authorization and access control require networks to have a
secure method of authenticating users. Smartcards offer a new paradigm for authentication. Now,
users' private keys are stored on smartcards. These users can prove their identity by using the
card to provide a correcently signed message to an authentication server. Relying on the security
of public-key authentication, the new task is to protect the private key on the smartcard itself. We
believe that biometric authentication, in particular fingerprints, is a practical method of providing
this protection. There are two main approaches for using biometric information. The first is
fingerprint matching, where the smartcard stores a template of the user's fingerprint and requires

the user to present a matching template before it will sign messages on the user's behalf.

Fuzzy Vault for Fingerprints

Umut Uludag et al proposed Biometrics-based user authentication has several advantages over
traditional password-based systems for standalone authentication applications, such as secure
cellular phone access. This is also true for new authentication architectures known as cryptobiometric systems, where cryptography and biometrics are merged to achieve high security and
user convenience at the same time. In this paper, we explore the realization of a previously
proposed cryptographic construct, called fuzzy vault, with the fingerprint minutiae data. This
construct aims to secure critical data (e.g., secret encryption key) with the fingerprint
data in a way that only the authorized user can access the secret by providing the valid
fingerprint. The results show that 128-bit AES keys can be secured with fingerprint minutiae data
using the proposed system. In traditional cryptography one or more keys are used to convert the
plain text (data to be encrypted) to cipher text (encrypted data): the encrypting key(s) maps the
plain text to essentially a sequence of random bits, that can only be mapped back to the
plain text using the appropriate decrypting key(s). Without the knowledge of the
correct decrypting keys, the conversion of cipher text to the plain text is infeasible considering
time and cost limitations [1]. Hence, the cipher text is secured: even if an attacker obtains the
cipher text, she cannot extract useful information from it. Here, the plain text can be any data that
needs to be stored or transmitted securely: financial transactions, email communication, secret
cryptographic keys, etc. Current cryptographic algorithms (e.g., Advanced Encryption Standard
(AES) [2], Data Encryption Standard (DES) [1], RSA [1]) have a very high proven security but
they suffer from the key management problem: all these algorithms fully depend on the
assumption that the keys will be kept in absolute secrecy. If the secret key is compromised, the
security provided by them immediately falls apart. Another limitation of the these
algorithms is that they require the keys to be very long and random for higher security,
e.g., 128 bits for AES [2], which makes it impossible for users to memorize the
keys. As a result, the cryptographic keys are stored securely (e.g., in a computer or on
a smart card) and released based on some alternative authentication mechanism. If
this authentication succeeds, keys can be used in encryption/decryption procedures.
The most popular authentication mechanism used for key release is based on passwords,

which are again cryptographic key-like strings but simple enough for users to users to remember.
Hence, the plain text protected by a cryptographic algorithm is only as secure as the password
(weakest link) that releases the correct decrypting keys. Simple passwords compromise security,
but complex passwords are difficult to remember and expensive to maintain. Further, passwords
are unable to provide nonrepudiation: a subject may deny releasing the key using password
authentication, claiming that her password was stolen. Many of these limitations of passwordbased key release can be eliminated by incorporating biometric authentication. Biometric
authentication [3] refers to verifying individuals based on their physiological and behavioral
traits. It is inherently more reliable than password-based authentication as biometric
characteristics cannot be lost or forgotten. Further, biometric characteristics are difficult to copy,
share, and distribute, and require the person being authenticated to be present at the time and
point of authentication. Thus, biometrics-based authentication is a potential candidate to replace
password-based authentication, either for providing complete authentication mechanism or for
securing the traditional cryptographic keys. A biometric system and a cryptographic system can
be merged in one of the following two modes: (i) In biometrics-based key release, the biometric
matching is decoupled from the cryptographic part. Biometric matching operates on the
traditional biometric templates: if they match, cryptographic key is released from its secure
location, e.g., a smart card or a server. Here, biometrics effectively acts as awrapper mechanism
in cryptographic domain. (ii) In biometrics-based key generation, biometrics and cryptography
are merged together at a much deeper level. Biometric matching can effectively take place within
cryptographic domain, hence there is no separate matching operation that can be attacked;
positive biometric matching extracts the secret key from the conglomerate (key/biometric
template) data. An example of the biometric-based key generation, called fuzzy vault, was
proposed by Juels and Sudan [4]. This cryptographic construct, as explained in later sections, has
the characteristics that make it suitable for applications that combine biometric authentication
and cryptography: the advantages of cryptography (e.g., proven security) and fingerprint-based
authentication (e.g., user convenience, non-repudiation) can be utilized in such systems.
AUTOMATIC SECURE FINGERPRINT VERIFICATION SYSTEM BASED ON FUZZY
VAULT SCHEME
Shenglin Yang et al proposed In this paper, we construct an automatic secure fingerprint

verification system based on the fuzzy vault scheme to address a major security hole currently
existing in most biometric authentication systems. The construction of the fuzzy vault during the
enrollment phase is automated by aligning the most reliable reference points between different
templates, based on which the converted features are used to form the lock set. The size of the
fuzzy vault, the degree of the underlying polynomial, as well as the number of templates needed
for reaching the reliable reference point are investigated. This results in a high unlocking
complexity for attackers with an acceptable unlocking accuracy for the legal users. An
authentication system based on biometric information offers greater security and convenience
than the traditional methods of personal verification. Along with the rapid growth of this
emerging technology, the system performance, such as accuracy and speed, is continuously
improved. The biometric verification is based on the comparison of the features extracted from
an input and a template fingerprint images. The storage of the reference template is a key factor
in the total system security. Thus it is essential to protect the template from possible attacks.
One approach is to encrypt the template using a secret key before storing it. When the input
signal comes, the matcher decrypts the template and then performs the comparison. However,
this defeats the purpose of most biometric devices: one tries to be independent of pin codes or
secrets entered by the user. Some dedicated attacks still can extract the secure key, and in turn,
the template by tracking the revealed information from the physical implementation. An example
is Side Channel Attacks (SCA) [1]. A clean solution to this problem is to store a noninvertible
transformed version, for instance a hash, of the template on the embedded device, and the
comparison is performed in the transformed space. One main property of a cryptographic
random hash function is that the output hash value will not give any information about even part
of the input . Therefore, the similarity in the input will not reflect in the output hash value.
However, for fingerprint biometrics, the exactness for different captures is not available, and the
match algorithms are normally based on the similarity. To address this problem, we adopt the
idea of the fuzzy vault scheme to conduct the biometric authentication. This paper is organized
as following: section 2 briefly reviews some related work about secure authentication
methods. Section 3 presents the basic idea and the implementation of the fuzzy vault scheme.
Section 4 discusses the strategies for the feature extraction as well as the alignment of the input
fingerprint images to make the system automatic and adaptive. analysis. Finally section 6 draws
a conclusion.

.
Fingerprint-based Fuzzy Vault: Implementation and Performance
Karthik Nandakumar et al proposed Reliable information security mechanisms are required to
combat the rising magnitude of identity theft in our society. While cryptography is a powerful
tool to achieve information security, one of the main challenges in cryptosystems is to maintain
the secrecy of the cryptographic keys. Though biometric authentication can be used to ensure
that only the legitimate user has access to the secret keys, a biometric system itself is vulnerable
to a number of threats. A critical issue in biometric systems is protecting the template of a user
which is typically stored in a database or a smart card. The fuzzy vault construct is a biometric
cryptosystem that secures both the secret key and the biometric template by binding them within
a cryptographic framework. We present a fully automatic implementation of the fuzzy vault
scheme based on fingerprint minutiae. Since the fuzzy vault stores only a transformed version of
the template, aligning the query fingerprint with the template is a challenging task. We extract
high curvature points derived from the fingerprint orientation field and use them as helper data to
align the template and query minutiae. The helper data itself does not leak any information about
the minutiae template, yet contains sufficient information to align the template and query
fingerprints accurately. Further, we apply a minutiae matcher during decoding to account for
non-linear distortion and this leads to significant improvement in the genuine accept rate. We
demonstrate the performance of the vault implementation on two different fingerprint databases.
We also show that performance improvement can be achieved by using multiple fingerprint
impressions during enrollment and verification. Cryptographic techniques are being widely used
for ensuring the secrecy and authenticity of information Although several cryptosystems have
proven security guarantees (e.g., AES and RSA), the security relies on the assumption that the
cryptographic keys are known only to the legitimate user. Maintaining the secrecy of keys is one
of the main challenges in practical cryptosystems. The keys are usually stored in a secure
location (e.g., tamper-resistant hardware) and password-based authentication is commonlyused
for controlling access to cryptographic keys [2]. However, passwords can be easily lost, stolen,
forgotten or guessed using social engineering [3] and dictionary attacks. Limitations of
password-based

authentication can be alleviated by using stronger authentication schemes such as biometrics.

Biometric systems establish the identity of a person based on her anatomical or behavioral traits
such as face, fingerprint, iris, voice, etc. Biometric authentication is more reliable than passwordbased authentication because biometric traits cannot be lost or forgotten and it is difficult to share
or forge these traits. Hence, biometric systems offer a natural and reliable solution to the problem
of user authentication in cryptosystems. Biometric cryptosystems can operate in one of the
following three modes, (i) key release, (ii) key binding and (iii) key generation. In the key
release mode, biometric authentication is completely decoupled from the key release mechanism.
The biometric template and the key are stored as separate entities and the key is released only if
the biometric matching is successful. In the key binding mode, the key and the template are
monolithically bound within a cryptographic framework (see Figure 1). It is computationally
infeasible to decode the key or the template without any knowledge of the users biometric data.
A cryptobiometric matching algorithm is used to perform authentication and key release in a
single step. In the key generation mode, the key is derived directly from the biometric data and is
not stored in the database. Though it is easy to implement a biometric cryptosystem in the key
release mode, such a system is not appropriate for high security applications because it has two
major vulnerabilities. Firstly, the biometric template is not secure. Template security is a critical
issue in biometric systems because stolen templates cannot be revoked. Secondly, since
authentication and key release are decoupled, it is possible to override the biometric matcher
using a Trojan horse program [5]. Biometric cryptosystems that work in the key
binding/generation modes are more secure but difficult to implement due to large intra-class
variations in biometric data, i.e., samples of the same biometric trait of a user obtained over a
period of time can differ substantially. For example, factors such as translation, rotation, nonlinear distortion, skin conditions and noise lead to intra-class variations in fingerprints Securing
Fingerprint Template: Fuzzy Vault with Minutiae Descriptors
Abhishek Nagar et al proposed Fuzzy vault has been shown to be an effective technique for
securing fingerprint minutiae templates. Its security depends on the difficulty in identifying the
set of genuine minutiae points among a mixture of genuine and chaff points and reconstructing
the secure polynomial using the evaluations (ordinate values) available for each point in the
vault. We show that the security of fuzzy vault can be improved by encrypting these

polynomial evaluations using a fuzzy commitment scheme. This encryption makes it difficult for
an adversary to decode the vault even if the correct set of minutiae is selected. We use minutiae
descriptors, which capture orientation and ridge frequency information in a minutias
neighborhood, for securing the polynomial evaluations. This modification leads to a significant
increase in both the security (number of tries an adversary has to make in order to guess the
secure key) and matching accuracy of the vault. We validate our results on FVC2002 DB2 and
show that false accept rate (FAR) is reduced from 0.7% to 0.01% at a genuine accept rate (GAR)
of 95%. At the same time, vault security as measured in terms of min-entropy, is increased from
31 bits to 47 bits in case a perfect code is used. The issue of biometric template security is
gaining importance due to concerns about the potential misuse of stolen templates. There are two
major concerns regarding a stolen biometric template: (i) spoofing
privacy intrusion. If an adversary is able to access the stored templates, he can create a spoof
biometric (e.g. gummy finger) from the template [2] and present it to the system. Due to limited
liveness detection capability This research was supported by Army Research Office grant
of current biometric systems, spoofing is a major security vulnerability. Further, an adversary can
cross-link the stolen templates with other biometric databases, allowing

him to track the activities of a person covertly. Template protection approaches can be
categorized into two classes: (i) Transformation based approaches the template is stored in a
transformed form so that the original biometric template cannot be easily recovered. But, finding
a suitable non-invertible transformation that allows accurate matching in the transformed
domain is a challenge. Though a number of transforms have been proposed [1, 9, 10, 12], there is
a need for better transformation functions that provide high security without comprising on the
matching accuracy. (ii)Biometric cryptosystems [3, 5, 8, 11] - helper data extracted from the
biometric template, with or without the use of an external key, is stored in the database instead
of template. The helper data should not reveal any information about the template or the key, but
the key should be recoverable when another instance of the biometric trait that closely matches
the template is presented. We focus here on improving the security and performance of fuzzy
vault [6], which is a popular biometric cryptosystem. Fuzzy vault can effectively utilize the
natural representation of fingerprint minutiae i.e. an unordered set [8]. In addition to minutiae
position and orientation, we utilize additional attributes extracted from a minutias neighborhood
to improve the vault. In particular, we show that minutiae descriptors [4], which contain local
ridge orientation and ridge frequency information, have sufficient saliency to reduce the FAR of
a fingerprint fuzzy vault. Moreover, we also show that encrypting the polynomial evaluations
in the vault using the minutiae descriptors increases the vault security.
A Fingerprint Orientation Model Based on 2D Fourier Expansion (FOMFE) and
Its Application to Singular-Point Detection and Fingerprint Indexing
Yi Wang et al roposed a fingerprint orientation model based on 2D Fourier expansions (FOMFE)
in the phase plane. The FOMFE does not require prior knowledge of singular points (SPs). It is
able to describe the overall ridge topology seamlessly, including the SP regions, even for noisy
fingerprints. Our statistical experiments on a public database show that the proposed FOMFE
can significantly improve the accuracy of fingerprint feature extraction and thus that of
fingerprint matching. Moreover, the FOMFE has a low-computational cost and can work very
efficiently on large fingerprint databases. The FOMFE provides a comprehensive description
for orientation features, which has enabled its beneficial use in feature-related applications such
as fingerprint indexing. Unlike most indexing schemes using raw orientation data, we exploit
FOMFE model coefficients to generate the feature vector. Our indexing experiments show

remarkable results using different fingerprint databases. AS recent as 2005, it is reported that
identity thieves have cost business and individual losses of at least US $56.6 billion in the United
States [1]. PIN and passwordbased security mechanisms have been recognized as a source of
vulnerabilities, as they fail to authenticate genuine users. As an alternative, biometric-based
security mechanisms can provide a promising solution to address the problem [2]. Among many
biometric security systems, fingerprint-based systems are the most popular. Therefore, they are
the focus of this paper. Fingerprint-based security systems can be generally classified into two
categories: 1) fingerprint verification systems (FVSs) and 2) fingerprint identification systems
(FISs). FVSs usually output a decision about whether a query fingerprint matches the holding
template on a one-toone basis, whereas FISs suggest whether or not the query can find a match in
the database, which is instead a one-tomany matching process. Although commercial FVS
products have been available on the market, the performance of current FISs on large databases
is not yet satisfactory [3], [4]. Both FVSs and FISs rely on accurate recognition of fingerprint
features. The fingerprint microfeatures are carried by local ridge details, such as ridge endings
and bifurcations (minutiae). Fingerprint minutiae are often used to conduct the matching task
since they are generally stable and highly distinctive [4]. At the global level, ridge flows
assemble in specific formation, which results in different ridge topology patterns. These
important structures can be described by orientation field (OF). The OF and the embedded
singular points (SPs), where the ridge flows are wrapped around, are the basic features
required by fingerprint classification and indexing. Dirt, moisture, and creases, as well as other
factitious noise on fingertips can largely affect the performance of fingerprint recognition. In
fact, an accurate recognition with quality poor fingerprints is still one of the fundamental
technical barriers today [2]. The OF can be extracted directly from the gradients of image gray
intensity changes [11], [21]. However, gradientbased methods are very sensitive to noise.
Therefore, postprocessing techniques, such as averaging, are deploye to reduce the effect of
noise. However, such averaging processes tend to smooth out high curvature, especially in
singular point regions. Initially, the mathematical modeling of fingerprint OFwas studied in an
attempt to refine the noisy estimates and to resolve ambiguities in extracting ridge orientations.
Several OF models have been proposed in the literature. Sherlock et al. [5] described OF using
the square root of a rationalpolynomial function based on SP, which takes the core as zero

and delta as pole in a complex plane. In this work, the authors admit that the zero-pole model is
more suitable to describe the ideal topology pattern rather than real cases. Recently in [6],
Zhou and Gu developed a rational complex model, which generalizes the zero-pole model. In the
rational complex model, the rational function is approximated by a set of polynomials. The
authors further observed that thepower-series polynomials (PSP) work well for smooth ridge
flows but have difficulty near a SP where high curvature and discontinuity are present [7].
Therefore, the authors introduced a Point-Charge model to refine the local descriptions near a SP.
The local Point-Charge model and the global PSP model are then combined via a patching
approach to form a combination model in [7]. The partition of each effective region in the
combination model relies on a trial and error means. There appears to be no solid rules for the
seamless integration of different models in the combination approach.
A pitfall in fingerprint bio-cryptographic key generation
Peng Zhang et al proposed The core of bio-cryptography lies in the stability of cryptographic
keys generated from uncertain biometrics. It is essential to minimize every possible uncertainty
during the biometric feature extraction process. In fingerprint feature extraction, it is perceived
that pixel-level image rotation transformation is a lossless transformation process. In this paper,
an investigation has been conducted on analyzing the underlying mechanisms of fingerprint
image rotation processing and potential effect on the major features, mainly minutiae and
singular point, of the rotation transformed fingerprint. Qualitative and quantitative analyses have
been provided based on intensive experiments. It is observed that the information integrity of the
original fingerprint image can be significantly compromised by image rotation transformation
process, which can cause noticeable singular point change and produce a non-negligible number
of fake minutiae. It is found that the quantization and interpolation process can change the
fingerprint features significantly without affecting the visual image. Experiments show that up to
7% biocryptographic key bits can be affected due to this rotation transformation. With the
development of information technology, it is more likely and easier to attain and exchange
information remotely. A fingerprint is the pattern of interleaving ridges and furrows on the
surface of a fingertip, where ridges refer to a raised portion of the epidermis and furrows refer to
valleys. between ridges. Ridges in a fingerprint are highly structured, and its whole configuration
is determined in a fetal period and remains unchanged in ones lifetime (Moenssens, 1971).In

general, Fingerprint-based systemcan be categorized into two types: fingerprint identification

system (FISs) and fingerprint verification system (FVSs) (Huet al., 2010). Normally, FIS is
applied to check whether the query fingerprint image can find a match in the database while a
FVS is used to determine whether a query image can match a specific template. In the
identification and verification process, current matching algorithms are almost exclusively based
on critical fingerprint features such as minutiae and singular points (SPs) (Wang et al., 2007).
Therefore, howto extract accurateminutiae and singular point from the template and query image
is becoming a crucial problem. Also in bio-cryptography, extracting accurate fingerprint features
is a major challenge due t the uncertainty introduced at each impression (Hu, 2008). In most
fingerprint verification systems, the query fingerprint images may be rotated, translated or scaled
with respect to the template images. Therefore, registration algorithms areneeded to address this
problem (Wang et al., 2007). Registration algorithms based on singular points tend to use
singular point as the reference point to establish a relative rotation and transformation
relationship between two fingerprint images.After that, the query fingerprint image is
transformed and the transformed image is used to extract features which arecompared with the
template.

An alignment-free fingerprint cryptosystem based on fuzzy vault scheme

Peng Li et al proposed Fuzzy vault is a practical and promising scheme, which can protect
biometric templates and perform secure key management simultaneously. Alignment of the
template biometric sample and the query one in the encrypted domain remains a challenging
task. While implementing fuzzy fingerprint vault, the accuracy of alignment in encrypted domain
cannot be ensured and the information leakage may be caused because of the alignment. In this
paper, an alignment-free fingerprint cryptosystem based on fuzzy vault scheme is developed
fusing the local features, known minutia descriptor and minutia local structure, which are
invariant to the transformation in fingerprint capturing. Three fusion strategies are employed to
integrate the two local features. Huffman coding technology is used to compress the storage
volume of the minutia descriptor vault. The proposed fingerprint cryptosystem can avoid the
alignment procedure and improve the performance and security of the fuzzy vault scheme at the
same time. Experiments on FVC2002-DB2a and FVC2002-DB1a are conducted to show the

promising performance of the proposed fingerprint cryptosystem. Security level of proposed

cryptosystem will not decrease and even rise in some circumstances. The best trade-off results
obtained is GAR 92% FAR 0, under the 53-bit security. Despite the larger template
storage expense, the proposed alignment-free fingerprint cryptosystem outperforms the minutiaebased fingerprint cryptosystems with alignment in the terms of accuracy and security. Key
management is an important issue in personal information security circumstances. Although
modern cryptographic technologies (e.g., DES, AES and so on) can protect peoples privacy in
very high security level (generally more than 128-bit), the key is too long to be memorized and
hence usually stored in a smartcard or in the personal computer. And then the key is encrypted or
protected by a short password (e.g., the owners birthday), which makes the security of peoples
personal information relies heavily on the password. If it is lost or guessed by others, the
personal information is subject to the risk of losing. In the other hand, traditional biometric
systems expose some problems, for example, template security issue due to raw data storage and
irrevocability issue because of the inherence property of biometric traits (e.g., fingerprint, iris,
face). Therefore, the technology combining biometrics and cryptography, called biometric
cryptosystem biometric encryption, has attracted remarkable attention, because
it may provide potential solutions for the above problems Another known technology, called
cancelable biometrics concentrates the same issues and provides also promising solutions. A
good survey for this field Biometric cryptosystems can operate in one of the following
three modes: (1) key release; (2) key binding; and (3) key generation the feature used for
computing alignment parameters (e.g., high curvature points) may leak some information about
the vault. The smart attackers can easily exclude some chaff points near the high curvature points
from the vault by comparing their orientation So the security level may decrease because there
are less chaff points in the vault and it will cost the smart attacker less time to compute the
correct polynomial coefficients.
Fuzzy Extractors for Minutiae-Based Fingerprint Authentication
Arathi Arakala_ et al proposed an authentication scheme using fingerprint biometrics, protected
by a construct called a Fuzzy Extractor. We look at a new way of quantizing and digitally
representing the minutiae measurements so that a construct called PinSketch can be applied to
the minutiae. This is converted to a Fuzzy Extractor by tying some random information to the

minutiae measurements. We run a matching algorithm at chosen quantization parameters and

show that the authentication accuracy is within acceptable limits. We demonstrate that our
authentication system succeeds in protecting the users identity.
An alignment-free fingerprintbio-cryptosystembasedonmodified Voronoi neighbor
structures
WenchengYang et al proposed Biocryptography is an emerging security technology which
combines cryptography with biometrics. A good bio cryptosystem is required to protect the
privacy of there levant biometric data as well as

achieving high recognition accuracy

.Fingerprints have been widely used in bio-cryptosystem design. However, fingerprint

uncertaintycausedbydistortionandrotationduringtheimagecapturingprocess

makes

toachieveahighrecognitionrateinmostbio-cryptographicsystems.Moreover,most

it

difficult

existing

bio-

cryptosystems rely on the accurate detection of singular points for fingerprint image prealignment, which is very hard to achieve, and the image rotation transformation during the
alignment process can cause significant singular point deviation and minutiae changes.
advantageoflocalVoronoineighborstructures(VNSs),e.g.localstructuralstabilityanddistortion
insensitivity ,we propose an alignment-free bio-cryptosystem based on fixed-length bit-string
representations extracted from modified VNSs, which are rotation-and translation-invariant and
distortion robust.

SYSTEM ANALYSIS
EXISTING SYSTEM
In our FPSR Existing work , we give the details about how to use sparse representation to
compress fingerprint images. The part includes construction of the dictionary, compression of a
given fingerprint, quantization and coding and analysis of the algorithm complexity.
In the preceding paragraphs, it is mentioned that the size of the dictionary may be too
large when it contains as much information as possible. Therefore, to obtain a dictionary with a
modest size, the preprocessing is indispensable. Influenced by transformation, rotation and noise,
the fingerprints of the same finger may look very different. What we first think is that each
fingerprint image is pre-aligned, independently of the others. The most common pre-alignment
technique is to translate and rotate the fingerprint according to the position of the core point.
Unfortunately, reliable detection of the core is very difficult in fingerprint images with poor
quality. Even if the core is correctly detected, the size of the dictionary may be overlarge because
the size of a whole fingerprint image is too large. Compared with general natural images, the
fingerprint images have simpler structure. They are only composed of ridges and valleys. In the
local regions, they look the same. Therefore, to solve these two problems, the whole image is
sliced into square and non-overlapping small patches. For these small patches, there are no
problems about transformation and rotation. The size of the dictionary is not too large because
the small blocks are relatively smaller. Minutiae points are extracted during the enrollment
process and then for each authentication. In a fingerprint, they correspond to either a ridge
ending or a bifurcation. As we will, there is a duality between the two types of minutiae: if the
pixel brightness is inverted, ridge endings become bifurcations and vice versa. The position of
the minutia point is at the tip of the ridge or the valley. The orientation is given by the orientation
of the arrow formed by the ridge or the valley according to first, the local orientation field need
to be computed. This will allow to enhance the print using oriented Gabor filter, and then better
detect minutiae point using template matching procedure.
Local maxima extraction

Due to the duality of ridge ending and bifurcation, the enhanced image has to be filtered
using two filters. This can be done by inverting the image, or the filter, or rotating the filter of
180 . I chose the first solution even if it is not the faster one. Then, the local maxima of the two
filtered images need to be extracted and merged together (a threshold can be adjusted here). The
local maximum is extracted using a small window of 2121: if the center of this window is the
maximum of all the values inside that window, then it is a local maximum.
Accurate minutiae extraction from fingerprint images is heavily dependent on the quality
of the fingerprint images. In order to improve the performance of the system, much effort has
been made on the image enhancement algorithms. If the preprocessing is adaptive to the
fingerprint image characteristics in the image enhancement step, the performance gets to be more
robust. In this paper, we propose an adaptive preprocessing method, which extracts five features
from the fingerprint images, analyzes image quality with clustering method, and enhances the
images according to their characteristics.

Experimental results indicate that the proposed

method improves the performance of the fingerprint identification significantly.

The preprocessing is performed after distinguishing the fingerprint image quality
according to its characteristics. It is an adaptive filtering according to oily/dry/neutral images
instead of uniform filtering. In the first stage, several features are extracted for image quality
analysis and they go into the clustering module. Then, the adaptive preprocessing is applied to
produce good quality images. Fingerprint identification is the technology that distinguishes
between the user oneself and others using the unique information in fingerprint. Fingerprints are
the oldest biometric signs of identity. The inside surfaces of the hands from fingertips to wrist
contain minute ridges of skin, with furrows between each ridge. The ridges have pores along
their entire length that exude perspiration [2]
To identity fraud in our society reaching unprecedented proportions and with an
increasing emphasis on the emerging automatic personal identification applications, biometricsbased verification, especially fingerprint-based identification, is receiving a lot of attention.
There are two major shortcomings of the traditional approaches to fingerprint representation. For
a considerable fraction of population, the representations based on explicit detection of complete
ridge structures in the fingerprint are difficult to extract automatically. The widely used minutiaebased representation does not utilize a significant component of the rich discriminatory

information available in the fingerprints. Local ridge structures cannot be completely

characterized by minutiae. Further, minutiae-based matching has difficulty in quickly matching
two fingerprint images containing different number of unregistered minutiae points.
The proposed filter-based algorithm uses a bank of Gabor filters to capture both local and
global details in a fingerprint as a compact fixed length FingerCode. The fingerprint matching is
based on the Euclidean distance between the two corresponding FingerCodes and hence is
extremely fast. We are able to achieve a verification accuracy which is only marginally inferior
to the best results of minutiae-based algorithms. Our system performs better than a state-of-theart minutiae-based system when the performance requirement of the application system does not
demand a very low false acceptance rate. Finally, we show that the matching performance can be
improved by combining the decisions of the matchers based on complementary (minutiae-based
and filter-based) fingerprint information.
A biometric system can be operated in two modes: 1) verification mode and 2)
identification mode. A biometric system operating in the verification mode either accepts or
rejects a users claimed identity while a biometric system operating in the identification mode
establishes the identity of the user without a claimed identity information. In this work, we have
focused only on a biometric system operating in the verification mode. Among all the biometrics,
fingerprint- based identification is one of the most mature and proven technique.[5]
Fingerprint Verification System using Minutiae Extraction Technique
Most fingerprint recognition techniques are based on minutiae matching and have been
well studied. However, this technology still suffers from problems associated with the handling
of poor quality impressions. One problem besetting fingerprint matching is distortion. Distortion
changes both geometric position and orientation, and leads to difficulties in establishing a match
among multiple impressions acquired from the same finger tip. Marking all the minutiae
accurately as well as rejecting false minutiae is another issue still under research. Our work has
combined many methods to build a minutia extractor and a minutia matcher. The combination of
multiple methods comes from a wide investigation into research papers. Also some novel
changes like segmentation using Morphological operations, improved thinning, false minutiae
removal methods, minutia marking with special considering the triple branch counting, minutia

unification by decomposing a branch into three terminations, and matching in the unified x-y
coordinate system after a two-step transformation are used in the work.
The fingerprint recognition problem can be grouped into three sub-domains: fingerprint
enrollment, verification and fingerprint identification. In addition, different from the manual
approach for fingerprint recognition by experts, the fingerprint recognition here is referred as
AFRS (Automatic Fingerprint Recognition System), which is program-based. Verification is
typically used for positive recognition, where the aim is to prevent multiple people from using
the same identity. Fingerprint verification is to verify the authenticity of one person by his
fingerprint. There is one-to-one comparison in this case. In the identification mode, the system
recognizes an individual by searching the templates of all the users in the database for a match.
Therefore, the system conducts a one to many comparison to establish an individuals identity.
Most of the finger-scan technologies are based on Minutiae. Minutia-based techniques represent
the fingerprint by its local features, like terminations and bifurcations. This approach has been
intensively studied, also is the backbone of the current available fingerprint recognition products.
This work also concentrates on same approach.

DRAWBACKS:
Cannot dealing with high-dimensional signals.
Lack of pursuit algorithm to calculate the sparse coefficients.
it updates the dictionary atom-by-atom during each iteratio.high in memory and time
need to provide result.
It requires large storage because the computed non-zero co-efficients reside in different

locations.
Sparse identification and notation is not good .
Less security.
That only support to analyse finger print comparision using ridges and valleys except
Low accuracy,slow performance.

PROPOSED SYSTEM:

Efficient fingerprint identification plays an important role for identifying and convicting
criminals in law enforcement agencies. The fingerprint images are usually of poor quality with
unclear ridge structure and various overlapping patterns. Although significant advances have
been achieved on developing automated fingerprint identification system, it is still challenging to
achieve reliable feature extraction and identification for Efficient fingerprints due to the poor
image quality.
Prior to feature extraction, fingerprint enhancement is necessary to suppress various noises, and
improve the clarity of ridge structures in Efficient fingerprints. Motivated by the recent success
of sparse representation in image denoising, this paper proposes a Efficient fingerprint
enhancement algorithm by combining the total variation model and multiscale patch-based
sparse representation. First, the total variation model is applied to decompose the Efficient
fingerprint into cartoon and texture components.
The cartoon component with most of the nonfingerprint patterns is removed as the structured
noise, whereas the texture component consisting of the weak Efficient fingerprint is enhanced in
the next stage. Second, we propose a multiscale patch-based sparse representation method for the
enhancement of the texture component.
Dictionaries are constructed with a set of Rabin fingerprint-level-2(RFL-2) elementary
functions to capture the characteristics of fingerprint ridge structure, and multiscale patch-based
sparse representation is iteratively applied to reconstruct high-quality fingerprint image.
The proposed algorithm Rabin fingerprint-level-2 elementary cannot only remove the
overlapping structured noises and sparse representation , but also restore and enhance the
corrupted ridge structures.
In addition, we present an automatic method to segment the foreground of Efficient image with
the sparse coefficients and orientation coherenceusing RFL-2. Experimental results and
comparisons on sparse representation Efficient fingerprint database are presented to show the
effectiveness of the proposed algorithm and SP-representation over existing algorithms.

Advantages:

Handle large and dynamic datasets.

Could be much faster than batch algorithms.
Compared with general natural images, the fingerprint images have simpler structure.
They are only composed of ridges and valleys. In the local regions, they look the same.
Fast Processing.
High security.

MODULE DESCRIPTION
Input finger print and feature extraction
Detection of fingerprints
A. Normalization
B. Orientation field estimation
C. Orientation field approximation
D. Feature extraction
Analysis of minutiae distribution
RFL-2 Sparse Analysis and compression
Compression based on sparse representation

FEATURE EXRACTION
The error map is computed as the absolute difference between and used to construct the feature
vector.

This above mentioned process of fingerprint feature extraction applied on the entire
fingerprint database to generated sparse measurements vector to each fingerprint image and
stored at system database as enrolled database. This process is applied when any fingerprint
image is come for individual recognition.
Any query fingerprint image is come for individual recognition and then convert query
fingerprint image is converting in to sparse measurements vector using fingerprint feature
extraction process. This feature is denoted as Query Feature. Then find similarity between Query
Feature with all Authentic Feature using Structural Similarity Index Measure (SSIM). Here we
have described two conditions for individual recognition based on fingerprint.

DETECTION OF FINGERPRINTS
A. Normalization
An input fingerprint image is normalized by cropping a rectangular region of the fingerprint,
which is located at the center of the fingerprint and aligned along the longitudinal direction of the finger,
using the NIST Biometric Image Software (NBIS). This step ensures that the features extracted in the
subsequent steps are invariant with respect to translation and rotation of finger.
B. Orientation field estimation
The orientation field of the fingerprint is computed using the gradient-based method. The initial
orientation field is smoothed averaging filter, followed by averaging the orientations in pixel blocks. A
foreground mask is obtained by measuring the dynamic range of gray values of the fingerprint image in
local blocks and morphological process for filling holes and removing isolated blocks is performed.
C. Orientation field approximation
The orientation field is approximated by a polynomial model to obtain.

ANALYSIS OF MINUTIAE DISTRIBUTION

In this module, a minutia in the fingerprint indicates ridge characteristics such as ridge ending or
ridge bifurcation. Almost all fingerprint recognition systems use minutiae for matching. In addition to the
abnormality observed in orientation field, we also noted that minutiae distribution of altered fingerprints
often differs from that of natural fingerprints.
Based on the minutiae extracted from a fingerprint by the open source minutiae extractor in
NBIS, a minutiae density map is constructed by using the Parzen window method with uniform kernel
function.

RFl-2 WAVELET SCALAR QUANTIZATION (WSQ) COMPRESSION

In this module, it is used for gray-scale fingerprint images. It is based on wavelet theory
and has become a standard for the exchange and storage of fingerprint images. This compression
method is preferred over standard compression algorithms like JPEG because at the same
compression ratios RFL-2 WSQ doesn't present the "blocking artifacts" and loss of fine-scale
features that are not acceptable for identification.
After processing the appropriate files for the encoder and decoder, a certification request
containing the test report, test results, and all generated compressed and reconstructed files
(cmp000xx with extensions '.wsq' and '.pgm') are forwarded to the FBI for review and
evaluation.
RFL-2 COMPRESSION BASED ON SPARSE REPRESENTATION:
In this module, for a given fingerprint, slice into small patches. For each patch its mean is
calculated and subtracted from the patch. For each patch solve the minimization problem by
those coefficients whose absolute value are less than a given threshold are treated as zero.
Record the remaining coefficients and their locations. Encode the atom number of each patch,
the mean value of each patch and the indexes, quantize and encode the coefficients. Output the
compressed stream.
1) Compiling case studies of incidents where individuals were found to have altered their
fingerprints for circumventing AFIS,
2) Investigating the impact of fingerprint alteration on the accuracy of a commercial
fingerprint matcher,
3) Classifying the alterations into three major categories and suggesting possible
countermeasures,
4) Developing a technique to automatically detect altered fingerprints based on analyzing
orientation field and minutiae distribution, and

5) Evaluating the proposed technique and the NFIQ algorithm on a large database of
altered fingerprints provided by a law enforcement agency. Experimental results show the
feasibility of the proposed approach in detecting altered fingerprints and highlight the need to
further pursue this problem.

CONCLUSION

The process is categorized into three modules using RFL-2 process.

1) Pre-processing of acquired iris and fingerprint,
2) Extraction of discriminable Features,
3) The RFL-2 Multimodal biometric template generation. Initially, the preprocessing are perform separately for iris and fingerprint. Followed by the
minutiae point's extraction from Fingerprint, which includes termination,
bifurcation, and angle of orientation of each point respectively. Subsequently,
the iris features are extracted using wavelet transform.
Then feature level fusion is performed. Finally, a 120 bit secure
cryptographic template is generated from the multi-biometric template. We
test our results on standard Fingerprint database. The several experimental
results demonstrate the effectiveness of the proposed approach. Also the
security of biometric template is improved with the help of
encryption.REFERENCES

1) W. Zhang and Y. Wang, Core-based structure matching algorithm of fingerprint

verification, in Proc. 16th ICPR, 2002, pp. 7074.
2) K. Xi and J. Hu, Dual layer structure check (DLSC) fingerprint verification scheme
designed for biometric mobile template protection, in Proc. 4th ICIEA, May 2009, pp.
630635.

3) X. Jiang and W.-Y. Yau, Fingerprint minutiae matching based on the local and global
structures, in Proc. 15th ICPR, 2000, pp. 10381041.
4) N. K. Ratha, V. D. Pandit, R. M. Bolle, and V. Vaish, Robust fingerprint authentication
using local structural similarity, in Proc. 5th IEEE WACV, 2000, pp. 2934.
5) X. Chen, J. Tian, X. Yang, and Y. Zhang, An algorithm for distorted fingerprint
matching based on local triangle feature set, IEEE Trans. Inf. Forensics Security, vol. 1,
no. 2, pp. 169177, Jun. 2006.
6) S. Wang and J. Hu, Alignment-free cancelable fingerprint template design: A densely
infinite-to-one mapping (DITOM) approach, Pattern Recognit., vol. 45, no. 12, pp.
41294137, 2012.
7) T. Ahmad, J. Hu, and S. Wang, Pair-polar coordinate-based cancelable fingerprint
templates, Pattern Recognit., vol. 44, nos. 1011, pp. 25552564, 2011.
8) Uludag, S. Pankanti, S. Prabhakar, and A. K. Jain, Biometric cryptosystems: Issues and
challenges, Proc. IEEE, vol. 92, no. 6, pp. 948960, Jun. 2004.
A. Juels and M. Wattenberg, A fuzzy commitment scheme, in Proc. 6th ACM CCS,
1999, pp. 2836.
9) Juels and M. Sudan, A fuzzy vault scheme, Designs, Codes Cryptogr., vol. 38, no. 2,
pp. 237257, 2006.
10) Y. Dodis, L. Reyzin, and A. Smith, Fuzzy extractors: How to generate strong keys from
biometrics and other noisy data, in Proc. Int. Conf. Theory Appl. Cryptogr. Techn., 2004,
pp. 523540.
11) Chen, R. N. J. Veldhuis, T. A. M. Kevenaar, and A. H. M. Akkermans, Multi-bits
biometric string generation based on the likelihood ratio, in Proc. IEEE Int. Conf.
Biometrics, Theory, Appl., System, Sep. 2007, pp. 16.
12) Chen and R. Veldhuis, Binary biometric representation through pairwise adaptive phase
quantization, EURASIP J. Inf. Secur., 2011.
13) Maiorana, P. Campisi, and A. Neri, IRIS template protection using a digital modulation
paradigm, in Proc. IEEE Int. Conf. Acoust., Speech Signal Process., May 2014, pp.
37593763.
14) Maiorana, P. Campisi, and A. Neri, User adaptive fuzzy commitment for signature
template protection and renewability, J. Electron. Imag., vol. 17, no. 1, pp. 011011-1
011011-12, 2008.

15) V. Krivokuca, W. Abdulla, and A. Swain, A dissection of fingerprint fuzzy vault

schemes, in Proc. 27th Conf. Image Vis. Comput., 2012, pp. 256261.
16) T. C. Clancy, D. J. Lin, and N. Kiyavash, Secure smartcard based fingerprint
authentication, in Proc. ACM SIGMM Workshop Biometric Methods Appl., Berkeley,
CA, USA, Nov. 2003, pp. 4552.
17) U. Uludag, S. Pankanti, and A. K. Jain, Fuzzy vault for fingerprints, in Proc. AudioVideo-Based Biometric Person Authentication, 2005, pp. 310319.
18) S. Yang and I. Verbauwhede, Automatic secure fingerprint verification system based on
fuzzy vault scheme, in Proc. IEEE ICASSP, Mar. 2005, pp. 609612.
19) K. Nandakumar, A. K. Jain, and S. Pankanti, Fingerprint-based fuzzy vault:
Implementation and performance, IEEE Trans. Inf. Forensics Security, vol. 2, no. 4, pp.
744757, Dec. 2007.
20) Nagar, K. Nandakumar, and A. K. Jain, Securing fingerprint template: Fuzzy vault with
minutiae descriptors, in Proc. 19th ICPR Dec. 2008, pp. 14.
21) Y. Wang, J. Hu, and D. Phillips, A fingerprint orientation model based on 2D Fourier
expansion (FOMFE) and its application to singular-point detection and fingerprint
indexing, IEEE Trans. Pattern Anal. Mach. Intell., vol. 29, no. 4, pp. 573585, Apr.
2007.
22) P. Zhang, J. Hu, C. Li, M. Bennamoun, and V. Bhagavatula, A pitfall in fingerprint biocryptographic key generation, Comput. Security, vol. 30, no. 5, pp. 311319, 2011.
23) P. Li, X. Yang, K. Cao, X. Tao, R. Wang, and J. Tian, An alignmentfree fingerprint
cryptosystem based on fuzzy vault scheme, J. Netw. Comput. Appl., vol. 33, no. 3, pp.
207220, 2010
24) A. Arakala, J. Jeffers, and K. J. Horadam, Fuzzy extractors for minutiae-based
fingerprint authentication, in Proc. Int. Conf. Adv. Biometrics, 2007, pp. 760769.
25) W. Yang, J. Hu, S. Wang, and M. Stojmenovic, An alignment-free fingerprint biocryptosystem based on modified Voronoi neighbor structures, Pattern Recognit., vol. 47,
no. 3, pp. 13091320, 2014.