DE19882328B3 - Security key handling method using biometrics - Google Patents

Abstract

A method of securely recovering a digital key (93) comprising the steps of: capturing at least one biometric image (11); Obtaining transformed image information (31) including transforming the at least one biometric image (11) into a transformation region (20); Retrieving a protected filter (100) from a memory; Inserting the transformed image information (31) into the protected filter (100) to obtain a complex-valued array as the verification information (63); and obtaining the digital key (93) from the verification information (63), characterized in that the protected filter (100) comprises a phase-only filter (53) and a compound index array (62), the phase-only filter (53) of a random Generate only phase function (52) and other phase information to obtain cryptographic security; the link index array (62) is generated, at least in part, by the random phase-only function (52) and the digital key (93); and obtaining the digital key (93) comprises employing the compound index array (62) in a function of the verification information (63).

Description

Background of the invention

Although many forms of encryption / decryption algorithms exist today, a weak link in all systems is the secure handling of the encryption / decryption key. There are basically two types of encryption systems: those based on a single, symmetric key, and those based on two different keys, one public and the other private. A symmetric key algorithm uses a single key to both encrypt and decrypt the data. These algorithms are usually fast, and their security relies entirely on maintaining the secrecy of the symmetric key. Two difficulties with these systems are the transport of the key from the sender to the intended recipient, and the secure storage of the symmetric key. A system with a public and private key uses a two key method. The public key is used for encryption and can be distributed over open channels. Because the public key can be sent through open channels, it minimizes the inconvenience and security risks associated with key transport. However, the private key is still used to decrypt the information, and must therefore be kept secret.

In the age of electronic transfers, PINs have become the dominant method of securing these encryption keys. The encryption keys will only be as secure as the length of the PIN because the PIN will recall or decrypt the encryption key. The length of a PIN that is easy to remember is limited; therefore, the security of the system is limited. At the moment, PINs are, of course, prevalent in many other areas of life, such as banking, access control, and social security program identification. The increasing number of PINs to remember and store requires a potential for a security hole. The present invention overcomes the need to carry, store, or remember private keys for encryption / decryption, or PINs for any other purposes, by deriving a digital key from a biometric during a true verify operation.

Summary of the invention

• 1) Vorzugsweise sollte das Verfahren befähigt sein, einen willkürlichen digitalen Schlüssel mit M Bits im Zusammenhang mit der Biometrik zu erzeugen.
• 2) Der selbe digitale Schlüssel mit M Bits sollte jedesmal dann freigegeben werden, wenn das System von dem authorisierten Halter des geschützten Filters benutzt wird.
• 3) Vorzugsweise sollte kein Schlüssel freigegeben werden, wenn ein nicht authorisierter Benutzer des geschützten Filters das System einzusetzen versucht.
• 4) Das geschützte Filter, als ein unabhängiger Datenblock, muß gegenüber ”Angriffen” widerstandsfähig sein.

In the present invention, the digital key is connected to the biometric only via a secure data block known as the protected filter. The correct key is derived only through the interaction of this protected filter with the correct biometrics of the user. For a biometric to be conveniently and safely used in a process for recovering a digital key from a protected filter, the method should have the following four characteristics:

• 1) Preferably, the method should be capable of generating an arbitrary digital bit with M bits associated with biometrics.
• 2) The same digital key with M bits should be released each time the system is used by the authorized holder of the protected filter.
• 3) Preferably, no key should be released when an unauthorized user of the protected filter attempts to insert the system.
• 4) The protected filter, as an independent data block, must be resistant to "attacks".

In the German patent DE 42 43 908 A1 Bodo has proposed a method for directly subtracting a digital key from a biometric. Thus, although Bodo's invention provides a method of producing a digital key from a biometric, the security of such a system is irretrievably lost when the digital key becomes known at some point. For this reason, the above feature 1 is preferred; For a system to remain secure, it should have the ability to change the digital key. The invention described here proposes a method for connecting a key to biometrics rather than directly deriving the key from biometrics; therefore, the key can be changed at any time simply by resuming the user as a member and recreating the protected filter.

Methods have been proposed for re-generating signals using biometrics, based on the use of conventional matched filters in correlators. It is well known to those skilled in the art that a matched filter does not compromise between Distortion tolerance and discrimination allowed. In a system using a matched filter, therefore, it is impossible to optimally satisfy the above features 2 and 3. Furthermore, it is known that the external terms generated at the output of a system using a matched filter disable the ability to reproduce exactly one block of predetermined data. Therefore, for known methods using matched filters, it is not easy to satisfy feature 1 above. In addition, the impulse response of a matched filter normally provides sufficient information about the biometrics to an "attacker" that he can recreate the biometrics, and therefore the signals. Therefore, a matched filter approach does not have feature 4.

In International Application No. WO 9608093 Tomko et al proposed a method for biometrically controlled key generation. A filter is generated as a function of both the Fourier-transformed biometrics and a function derived from a unique number. To meet features 2 and 3, the filter must be of the inverse type. However, it can be shown that a filter of the inverse type, such as a matched filter, contains information about the size of the Fourier transformed and therefore can be successfully "attacked". Therefore, it is impossible to fulfill the feature 4.

Phase-only filters are known for use with optical correlators to improve the signal-to-noise ratio. The US 5,214,534 von Kallman describes such a system. The US 5,485,312 Homer et al. describe an optical pattern recognition system and method for verifying the authenticity of a person, product, or article.

According to the present invention there is provided a method of securely recovering a digital key comprising the steps of: capturing at least one biometric image; Obtaining transformed image information including transforming the at least one biometric image into a transformation region; Retrieving a protected filter from a memory; Inserting the transformed image information at the protected filter to obtain a complex-valued array as verification information; and obtaining the digital key from the verification information, characterized in that the protected filter comprises a phase-only filter and a compound index array that generates phase-only filters of a random phase-only function and other phase information for obtaining cryptographic security become; the link index array is generated, at least in part, by the random phase-only function and the digital key; and obtaining the digital key comprises using the compound index array in a function of the verification information.

According to another aspect of the invention, there is provided a method of connecting a digital key to M elements to a given two-dimensional, complex-valued array, comprising the steps of: (i) combining real and imaginary parts of the complex-valued array to form a membership-receiving template; (ii) arranging positive elements and negative elements of the membership-receiving template by rank according to the size; (iii) storing row and column indices of the ranked positive elements in a positive location vector and row and column indices of the ranked negative elements in a negative location vector; and (iv) subtracting, for each of the M elements, the digital key of L elements from the negative location vector if the one key bit is a zero, and subtracting L elements from the positive location vector if the one bit is a one, for generation a two-dimensional compound index array having L rows and M columns.

According to another aspect, there is provided a method of creating a protected filter comprising the steps of: taking at least one biometric image; Obtaining transformed image information, with transformation of the at least one biometric image into a transformation area; Generating a random phase-only function; Using the random phase-only function and the transformed image information in creating a protected filter; and storing the protected filter; wherein the random-only phase function is a random function such that the protected filter comprises a cryptographic-security phase-only filter.

In one example, a method for secure user verification is provided comprising the steps of: capturing at least one biometric image; Obtaining transformed image information including transforming the at least one biometric image into a transformation region; Obtaining size information from the transformed image information; Retrieving a phase-only filter from a memory; Employing at least the magnitude information in the phase-only filter to obtain a phase and magnitude information transition filter; Multiplying the transformed image information by the transition filter to obtain verification information; Compare the Check information having a retrieved reference pattern and providing, if a satisfactory match is obtained, a user check signal.

Brief descriptions of the drawings

In the figures, which illustrate a preferred embodiment of the present invention, shows:

1 a diagram of the member recording process for generating a protected filter;

2 a diagram of a method for connecting an output level with a digital key in the member recording;

3 a diagram of the verification process for the removal of a secure key; and

4 a diagram of a method for removing the key during the review.

Description of the Preferred Embodiments

The present invention describes a method which firstly reliably generates a two-dimensional array c (x) using biometric images together with a protected filter, and secondly describes a method for connecting elements from c (x) to a digital key k with M bits , The key k will only be stripped correctly if the correct biometric is combined with the correct protected filter. The key k can be used directly as an encryption / decryption key, as a PIN, in security or communication systems.

In the preferred embodiment, the two-dimensional array c (x) is formed via the interaction of a fingerprint with a filter function stored within the protected filter. In the first embodiment, the filter function is designed for a Fourier transform processor. Neither the filter function nor the fingerprint alone can produce c (x). From the c (x) array a digital key k is subtracted. Once deducted, k is used with both an encryption algorithm and a control algorithm to generate an id identification code. The identification code id is then compared to a previously stored value id ₀ to determine the validity of the key before it is released into the encryption system or other application. The process of obtaining the identification code is as follows. Based on the required input block size of the selected encryption algorithm, S bits are encrypted from the protected filter using the generated key k. The resulting ciphertext block then becomes the input to a one-way control function which generates the identification code id. Since the control algorithm works only in one direction, the id value can not be transformed back into the key k.

Examples suggested for the above-mentioned encryption algorithm and the control algorithm are the International Data Encryption Algorithm (IDEA) and the Secure Control Algorithm (SHA). It should be noted that the use of both an encryption algorithm and a control algorithm provides more security than simply storing the control value of the generated key. This is because the S bits selected from the protected filter and encrypted using k are unique to each user. An attacker who would attempt to obtain a "universal" look-up table for the relationship between k and id (so that he could subtract id ₀ from the protected filter and so determine k ₀ for a particular user) would need all possible permutations to encrypt messages with S bits with keys with M bits. The computer and memory resources that would be required to create such a look-up table make such an attack impracticable.

1) Design of the filter function

1.1) Filter function strategy

The filter function is chosen to be tolerant to fingerprint distortion so that it accommodates the natural variations that occur in biometric images over any significant period of time. Therefore, the filter function is built using a group of T training images. It It is assumed that the group of training images is sufficient to cover all the expected distortions of the fingerprint. The filter function is calculated during a member capture process using a group of training images. The filter function should be used during a review session using a group of images without training. The filter function is intended for a legitimate user and should not be suitable for use by a non-legitimate user or "attacker".

y(x):

zweidimensionaler Array im Bildbereich

Y(u):

zweidimensionaler Array im Fourierbereich

Y:

eindimensionaler Vektor, der Daten im Gleitkommaformat oder als ganze Zahlen (nicht binär umgewandelt) enthält

y:

eindimensionaler Vektor, der binär umgewandelte Daten enthält

Y:

Skalar

The following font convention is used:

y (x):

two-dimensional array in the image area

Y (u):

two-dimensional array in the Fourier domain

Y:

one-dimensional vector containing data in floating-point format or as integers (not binary converted)

y:

one-dimensional vector containing binarized data

Y:

scalar

The biometric T-pictures are denoted by {f ₀ ¹ (x), f ₀ ² (x), f ₀ ^T (x)}, where the subscript 0 denotes a training group image.

, bezeichnet werden, mit i = √–1. The filter function that is expanded using these images is called H (u). It should be noted that complex-valued functions such as H (u) may be referred to independently by their size and / or their phase components denoted by | H (u) | respectively

, to be designated with i = √ -1 ,

The system output in response to f ₀ ^t (x) is given by c ₀ ^t (x).

The Fourier transform of c ₀ ^t (x) is given by C ₀ ^t (u) ≡ F ₀ ^t (u) * H (u), where F ₀ ^t (u) is the Fourier transform of the training image f ₀ ^t (x).

The desired output pattern that we need from the system is designated g ₀ (x).

1.2) Filter function criteria

We define two criteria that are used to optimize the filter function. We will use error terms relating to two requirements for the filter function: that it consistently produces the same output pattern for a legitimate user, and that it is tolerant of distortions present in the input pictures.

For 1 ≤ t ≤ T, we require that c ₀ ^{t (x)} ≈ g ₀ (x), so that the output pattern is as close as possible to g ₀ (x) for each image f ₀ ^t (x) in the Training group should lie.

We can define an error term E _{similarity as} follows:

The term E _similarity is therefore defined using an arbitrary function g ₀ (x) instead of using a delta function, as is normally done in the correlation process. Furthermore, we want to minimize the error due to distortions in the input images, so:

Assuming that ε _input ^ts (x) is not correlated with f ₀ ^s (x) and with itself, one can show that the variance of the error term is due to the additional distortion or changes in f ₀ ^t (x) by: E _noise = ∫ | H (u) | ² P (u) you (3) in which: P (u) = averaging over t and s of | FT {ε _input ^{t, s} (x)} | ² , where s ≠ t (4) such that P (u) represents the power spectrum of the change between the fingerprints in the training group.

In general, P (u) is quickly approximated by a function that characterizes the type of article for which the filter is designed. P (u) can take the form of a Gaussian function. For fingerprint images it turns out that P (u) can also take the form of a simple array whose elements all have the value one. In general, the form P (u) is fixed for all users of the system, although it could also be user-specific.

On the basis of the Parseval theorem arises

The term E _similarity denotes the similarity of the system output in response to each of the training group images, and the term E _noise indicates the effects of a change from image to image. Therefore, E _similarity determines how selective (or discriminating) the filter function is and sets E _noise how tolerant it is with respect to the expected biometric distortion.

1.3) Filter definition

Desired is the derivative of a filter which minimizes the total error E _total .

wobei gilt, wie voranstehend erwähnt C₀ ^t(u) = F₀ ^t(u)·H(u) (8) If one lets α vary between 0 and 1, then one can minimize E _noise for α = 1 in order to maximize the distortion tolerance of the filter; or minimize E _similarity (for α = 0) to maximize discrimination properties; or achieve optimization for any combination of these two quantities (for 0 <α <1). If one uses the filter boundary conditions defined above, one obtains

where, as stated above C ₀ ^t (u) = F ₀ ^t (u) x H (u) (8)

We want to minimize E _totally with respect to H (u). To solve this variation problem, we must obtain a partial derivative of the expression within the integral over H (u), and set that derivative equal to zero. Therefore:

Solving equation (9) for H (u) gives:

It should be noted that P (u) ≡ P * (u), where * denotes the conjugate complex size.

This defines the filter function optimized with respect to the two error terms defined in the filter function criteria section. It makes sense to define the following terms:

Therefore, applies

Furthermore, equation (13) is rewritten as follows: H (u) = H _F (u) G ₀ (u) (14) where the constant scalar (1-α ² ) ^{1/2 has been} omitted. The expression H _F (u) contains all the terms of the filter related to the training group of the fingerprint images, and G ₀ (u) is the Fourier transform of g ₀ (x). It should be noted that equation (14) defines a filter H (u) optimized for each function for G ₀ (u). We try to select a G ₀ (u) which provides maximum security of H (u).

The term α in H (u) provides a trade-off between the discrimination capability and the distortion tolerance of the filter. Therefore, α can be used to create a stricter or less stringent system, depending on requirements. The value of α is generally determined by promoting the performance of filters using a large amount of images. The parameter α may be universal, being then stored in the system, or user dependent, being then stored as part of the protected filter.

1.4) Safety of the protected filter

, gespeichert wird. Das geschützte Filter umfaßt daher das Produkt von

und einer statistischen Nur-Phasenfunktion. Der folgende Text demonstriert die ”perfekte Sicherheit” des geschützten Filters. Perfekte Sicherheit in diesem Sinne bedeutet, daß bei Vorhandensein des geschützten Filters keins der beiden Elemente, welche bei diesem Filter enthalten sind, rekonsturiert werden kann.
Theorem 1: vgl. D. Stinson, Cryptography: Theory and Practice, CRC Press, New York, 1995)One of the main requirements of the system is the fact that the protected filter must be immune to attacks, ie neither the biometric image f (x) nor the system output g ₀ (x) can be recovered from the protected filter. It should be noted that at this time the shape of the protected filter has not yet been defined. Therefore, we have the freedom to choose the form of G ₀ (u) to maximize the security of the protected filter. It turns out that the security is maximized when G ₀ (u) is a statistical, evenly distributed phase function, and only the phase of H _F (u), denoted as

, is stored. The protected filter therefore comprises the product of

and a statistical phase-only function. The following text demonstrates the "perfect security" of the protected filter. Perfect security in this sense means that in the presence of the protected filter, neither of the two elements contained in this filter can be reconstituted.
Theorem 1: cf. D. Stinson, Cryptography: Theory and Practice, CRC Press, New York, 1995)

• 1. Jeder Schlüssel mit einer Wahrscheinlichkeit 1/|K| verwendet wird, wobei |K| die Größe des Schlüsselraums bezeichnet, und
• 2. für jedes Element x ∊ P und jedes Element Y ∊ C ein eindeutiger Schlüssel k ∊ K existiert, so daß die Verschlüsselung von X mit k den Chiffriertext Y erzeugt (also e_k(x) = y).

It is assumed that a ciphering system has been defined so that the sizes of: the key space (K), the plaintext space (P), and the ciphertext space (C) are all the same. Then this encryption system provides perfect security then and only if:

• 1. Each key with a probability 1 / | K | is used, where | K | denotes the size of the key space, and
• 2. For each element x ε P and each element Y ε C a unique key k ε K exists, so that the encryption of X with k generates the ciphertext Y (ie e _k (x) = y).

The above theorem holds for an enciphering system based on the operation of addition modulo 2π, assuming that each key k in the key space K is equally probable. In other words, each key k ∈ K has the same probability of being selected as the key. In fact, this means that the random number generator used to generate k is designed so that it does not cause an uneven probability distribution in the key space, which would inevitably affect safety. As a result, the random number generator used to provide keys for the following encryption system must select a statistical key k in the key space K based on a uniform probability distribution.

Remark: [0, 2π) ^r used in the following lemma, means an r element chain, where each element can take the values j, where 0 ≤ j <2π.

Lemma 1: The enciphering system, which is defined such that P = C = K = [0, 2π) ^r , and based on the operation modulo Addition 2π with statistically generated keys, has perfect security.

Proof: The elements of P, C, and K are defined as a chain (or array) of r floating point elements, where each element lies within the range of 0 to 2π. For simplicity, β is assumed to be the number of possibilities in the space [0, 2π) when the floating point precision level is taken into account. Then | K | = | C | = | P | = β ^r . Assuming the above assumption, it follows that the probability of 1 / | K | for each key exists that it is selected. We only have to prove that for every x ε P and every y ε C there is a unique key k, so that e _k (x) = y. Because of y = e _k (x) = (x + k) mod2π, can then, if x and y are determined uniquely according to the following k using equation dissolve: k = (y - x) mod2π.

Therefore, we have the result that a ciphering system based on mod2π addition has perfect security.

Essential in the above discussion regarding the concept of handling a secure key using biometrics is the fact that the product of second phase-only arrays corresponds to addition mod2π. As a result of this equivalence relationship, the foregoing lemma also applies to a cipher system based on the product of two phase-only arrays. This gives us the following:
Lemma 2: The ciphering system which is set such that P = C = K = {e ^iβ } ^r , where {e ^iβ } ^{r is} an r elemental ^chain , and β = [0, 2π) based on Operation of multiplication with statistically generated keys has perfect security.

While it has been shown above that only maintaining the phase of H _F (u) results in excellent security for the protected filter, in combination with a statistical phase array, it requires the optimum filter which can be obtained by Equation (14) ), that the magnitude term | H _F (u) | during the generation of the output pattern c (x) is used for optimum consistency of c (x). The procedure proposed in the following sections meets both these requirements:

1.5) Format of the protected filter

In this section, we describe a method of simultaneously meeting the requirement of size information in the filter function and maintaining the security of the protected filter.

wobei U[0, 1) einen Array von Elementen darstellt, deren Wert j statistisch und gleichförmig so verteilt ist, daß gilt 0 ≤ j < 1. Es wird darauf hingewiesen, daß wir in der nachfolgenden Diskussion

dazu verwenden, im wesentlichen die statistische Nur-Phasenfunktion darzustellen, die voranstehend definiert wurde. Unter Verwendung dieses Ausdrucks zur Darstellung von G₀(u), und unter Verwendung der Gruppe an Trainingsbildern f₀ ^t(x) wird daher H(u) unter Verwendung von Gleichung (14) berechnet.

Consider generation of an array G ₀ (u) whose elements are of size one such that G ₀ (u) is a phase-only function whose phase values j are statistically and uniformly distributed such that the relationship: 0 ≤ j < 2π applies, so:

where U [0, 1) represents an array of elements whose value j is statistically and uniformly distributed such that 0 ≤ j <1. It should be noted that in the discussion below

to essentially represent the statistical phase-only function defined above. Using this expression to represent G ₀ (u), and using the set of training images f ₀ ^t (x), therefore, H (u) is calculated using Equation (14).

H (u) has been optimized to produce a consistent c ₀ (x) (and as close as possible to g ₀ (x)) when a member of the training image f ₀ ^t (x) is made available to the system. The resulting output c ₀ (x) results as follows:

wobei der Index 1 eine Gruppe von Bildern bezeichnet, die bei der Überprüfung verwendet wird. Selbstverständlich ist erwünscht, daß c₁(x) so nahe wie möglich an c₀(x) liegt, für den legitimen Benutzer. Selbstverständlich gilt: c₁(x) → c₀(x) wenn das Testbild f₁(x) identisch zu dem Trainingsbild f₀(x) ist. Es stellt sich heraus, daß mit Zunahme der Anzahl an Fingerabdrucken T in der Trainingsgruppe A₀(u) auf eine feste Funktion konvergiert (bei etwa T = 6). Da die Trainingsgruppe der Mitgliederaufnahmebilder auf dieselbe Weise aufgenommen wird wie die darauffolgenden Überprüfungsbilder, gilt bei T = 6: |A₁(u)|≅|A₀(u)| und D₁(u) ≅ D₀(u), so daß der Mittelwert der Gruppe von Überprüfungsbildern sich an den Mittelwert der Gruppe von Mitgliederanmeldungsbildern annähert. In den Gleichungen (17) und (18) verwenden wir daher A₀(u) zur Darstellung von F₀(u), und A₁(u) zur Darstellung von F₁(u), so daß wir daher den Mittelwert der transformierten Fingerabdrücke zur Darstellung der individuellen Fingerabdrücke verwenden. Um sicherzustellen, daß wir niemals irgendwelche Größeninformation in dem Filter speichern müssen (für optimale Sicherheit ist es erwünscht, nur Phasenterme zu speichern), approximieren wir auch |A₀(u)| durch |A₁(u)| und D₀(u) durch D₁(u) in Gleichung (18), was ergibt:

undThe expected output c ₁ (x) of the system, if there is a non-training based image (ie, during the check), results as:

where index 1 denotes a group of images used in the review. Of course, it is desired that c ₁ (x) be as close as possible to c ₀ (x) for the legitimate user. Of course, c ₁ (x) → c ₀ (x) if the test image f ₁ (x) is identical to the training image f ₀ (x). It turns out that as the number of fingerprints T in the training group A ₀ (u) increases, converges to a fixed function (at about T = 6). Since the training group of the member shot pictures is taken in the same way as the subsequent check pictures, when T = 6: | A ₁ (u) | ≅ | A ₀ (u) | and D ₁ (u) ≅ D ₀ (u) such that the average of the group of review images approximates the average of the group of member login pictures. In equations (17) and (18) we therefore use A ₀ (u) to represent F ₀ (u), and A ₁ (u) to represent F ₁ (u), so that we therefore use the mean of the transformed Use fingerprints to represent the individual fingerprints. To ensure that we never need to store any size information in the filter (for optimal safety, it is desirable to store only phase terms), we also approximate | A ₀ (u) | by | A ₁ (u) | and D ₀ (u) by D ₁ (u) in equation (18), giving:

and

undIt is clear from equations (19) and (20) that this approach can be used to satisfy both the constraints that only phase functions are saved, and that Size terms can be used to maintain the consistency of the output c (x) patterns. For example, if the equations are rewritten as:

and

sowie die Nur-Phasenfunktion

speichern, also

und wenn wir erneut die Größenterme des Filters ”im Durchgang” erzeugen, entweder während der Mitgliederaufnahme oder der Überprüfung, dann werden die Sicherheits- und Konsistenzaspekte gleichzeitig erzielt. Während des Vorganges der Mitgliederaufnahme und der Überprüfung erzeugen wir daher Übergangsfilter

und

welche sowohl Größen- als auch Phaseninformationen erhalten, und die zur Berechnung von c₀(x) beziehungsweise c₁(x) verwendet werden, obwohl nur die Phaseninformation jemals gespeichert wird. Das Verfahren zur Erzeugung der Filtergrößenterme wird vollständig im Abschnitt 2.2 beschrieben. Das bevorzugte Verfahren zur sicheren Verbindung eines erforderlichen Schlüssels mit dem Array c(x) wird in dem nächsten Abschnitt vorgestellt. Es wird darauf hingewiesen, daß die Sicherheit des Systems dadurch weiter erhöht werden kann, daß nur die oberen (oder unteren) Abschnitte der Arrays H_stored(u), A(u) und D(u), die voranstehend angegeben wurden, zur Erzeugung der c(x)-Ausgangsfunktionen gespeichert und verwendet werden. Dies schaltet irgendwelche potentiellen Probleme aus, die mit den Symmetrieeigenschaften von A(u) und D(u) zusammenhängen.Therefore, if we are just the product of the phase of conjugate complex of training group images

as well as the phase-only function

save, so

and if we recreate the size terms of the in-pass filter, either during membership taking or review, then the security and consistency aspects are achieved simultaneously. During the process of membership recording and review, we therefore create transition filters

and

which receive both magnitude and phase information and which are used to calculate c ₀ (x) and c ₁ (x), respectively, although only the phase information is ever stored. The procedure for generating the filter size terms is fully described in Section 2.2. The preferred method for securely connecting a required key to the array c (x) is presented in the next section. It should be understood that the security of the system can be further increased by producing only the upper (or lower) portions of the H _stored (u), A (u), and D (u) arrays noted above the c (x) output functions are stored and used. This eliminates any potential problems related to the symmetry properties of A (u) and D (u).

Generating the secure key

2.1) Membership

The secure generation of the digital key will be described with reference to FIGS 1 to 4 described.

The biometric images that make up the training group are floating point or byte arrays of 128 × 128 size.

With reference to 1 we give a random number generator 80 or use this to get a key k ₀ 90 to generate with M-bit, as the encryption system or a other system is required. An example of such a random number generator is the Blum Blum Shub Generator (BBS generator).

52 mit der Dimension 128 × 128, wie voranstehend in Gleichung (15) definiert.Using a random number generator 40 (possibly from 80 different) create an array

52 with the dimension 128 × 128, as defined above in equation (15).

kombiniert, also 52, um c₀(x), also 60, unter Verwendung von Gleichung (19) zu erhalten.Using the training group on data {f ₀ ¹ (x), f ₀ ² (x), ..., f ₀ ^T (x)} 10 , become the terms of the boxes 30 and 51 generated. Then the terms of the boxes become 30 and 51 With

combined, so 52 to c ₀ (x), ie 60 to obtain using equation (19).

, also 52, und

, also 51, als H_stored(u), also 53, wie durch Gleichung (21) definiert.The product of the phase-only function is stored

, so 52 , and

, so 51 , as H _stored (u), so 53 as defined by equation (21).

It becomes a group of S bits, 103 , from H _stored (u), 53 , determined, which is unique to each individual. Using the supplied key k ₀ , 90 , as an encryption key, this group of S bits, 103 , encrypted using an encryption algorithm, namely 94 , for example, IDEA. The output of this algorithm is then considered the input of a one-way correction algorithm, 91 , for example SHA used. The output of the control algorithm is used as the identification code id ₀ 92 used.

This output c ₀ (x), 60 , is a complex array of 128 × 128.

With reference to 2 becomes a connection algorithm, 64 which is used to connect elements of c ₀ (x), 60 , with k ₀ , 90 , is defined by the following steps: First, the central (64 × 64) section of c ₀ (x) is subtracted to an array 110 to create.

Next are the real and imaginary parts of the array 110 linked to a member pickup template 111 128x64 dimension, which is an array of 128 columns and 64 rows. For example, if the element a + bi appears at the position x, y of the 64x64 section of c ₀ (x), then the member capture template appears 111 the element a at the position x, y up, and the element b appears at the position (x + 64), y.

The elements of the member reception template 111 then be in the decision box 113 entered, which sorts the elements by sign. It should be noted that the negative elements of 111 finally, represent "0-valued" elements of the key k ₀ , whereas positive elements of 111 are used to represent "1-valued" elements of k ₀ .

The negative elements are then ranked in descending order according to their size, and the indices of the ordered elements (that is, the row and column of each ordered element in the membership template) are placed in the vector location_null, 130 , saved. The same procedure is then used for the positive elements of 111 performed, the indices of the ranked elements in the vector Orts_Einsen, 131 , get saved. It should be noted that the names of these vectors have been chosen due to their relationship to the bits of the key, as discussed above.

The value M represents the length of the requested key k ₀ , 90 Now let M _{0 be} the number of zeros in k ₀ , 90 , and M _{1 represents} the number of ones. Then the first M ₀ xL elements of place_nulls are preserved, 130 , and the first M ₁ xL elements of Orts_Einsen, 131 ,

For each of the M bits in the requested key k ₀ , 90 , one after the other or statistically L elements from either the first M ₀ xL elements of place_nulls 130 , or the first M ₁ xL elements of Orts_Einsen 131 , deducted depending on whether the requested bit was a zero or a one. The L elements subtracted for the key bit m form the mth column of a compound index array LI, 62 , with M columns and L rows. The elements of LI, 62 , therefore, form the connection index "look-up table" for the elements of the member-receiving template, 111 which have been selected to be the key k ₀ , 90 , to represent. It should be noted that it has been determined that the probability of an error in each key bit is inversely proportional to the rank of the bit components of the key. The rank was determined based on the distance of the membership record point from either the real or imaginary axis, that is, the distance of the point from zero, depending on whether the point originated from the real or imaginary part. Therefore, we can put the L elements on choose nested way, as in 2 is shown, so that the probability of the error in each of the M key bits is made uniform. However, the elements can also be statistically selected to minimize the information provided to the attacker. It should also be noted that for a key with M bits, the maximum value of L should be limited so that all valid combinations of the key are supported by the available elements of the membership template (the permutation of the requested key must be determined by the available number of 0's and 1's be supported in the membership record template).

Now the protected filter is stored, which H _stored (u), 53 has, the connection index array LI, 62 , and the ID code, id ₀ , 92 , The protected filter may also contain the value of α and / or the function of P (u) unless they are universal to the system.

2.2) Review

With reference to 3 be H _stored (u), 53 , LI, 62 , id ₀ , 92 and, if necessary, α and / or P (u) read from the protected filter.

Using the non-training based, ie, checking, set of inputs {f ₁ ¹ (x), f ₁ ² (x), ..., f ₁ ^T (x)}, 11 , together with the values of α and / or P (u), becomes the term in the box's expression 31 calculated. Then the term of the box 31 with H _stored (u), 53 , for the calculation of c ₁ (x), 63 , using equation (20), thus:

With reference to 4 becomes the central (64 × 64) section of c ₁ (x), 63 , deducted to an array 140 to create. The real and imaginary parts of 140 are linked to form a review template 141 , with the dimension 128 × 64.

Each element of the review template 141 is independently binarized, by thresholding with respect to zero, a binarized validation template 142 with the dimension 128 × 64.

It becomes k ₁ , 93 , defined as a vector with M elements, and the following steps become to subtract the elements of k ₁ from the binarized verification template 142 and the connection index 62 used.

For the m-th element of k _1, 93 , all bits of the binarized validation template are summed up, whose indices are represented by the mth column of LI, 62 be determined. The value for the mth element of k ₁ , 93 , is set to one if the sum of the bits is greater than or equal to L / 2, and otherwise set to zero.

The same group of S bits, 103 , is obtained from H _stored (u), such as that used in the membership-taking process, and using k ₁ , 93 , as an encryption key, these bits are written using k ₁ using an encryption algorithm, 94 , encrypted. The output of this algorithm is considered the input to the one-way control algorithm, 91 , used. The output of this control algorithm is the id code id ₁ , 95 , This code id ₁ is then compared, 96 , with id ₀ , 92 which is obtained from the protected filter. If there is a match, then the key k ₁ , 93 , Approved.

If id ₁ , 95 , not too id ₀ , 92 fits, then the section of c ₁ (x), 63 subtracted, which has a displacement of one pixel from the center, and the above process is repeated to a new id ₁ , 95 , to obtain. This process continues with all sections c ₁ (x) having a displacement of one pixel from the center, where id _{1 is} compared with id ₀ for each iteration (eight combinations, including the diagonal). If id ₁ ≡ id ₀ occurs at any point, the algorithm is aborted and k ₁ (≡ k ₀ ) is released. If id ₁ ≠ id ₀ for all locations, then the above procedure is repeated for stripping operations that have an offset from the center by two pixels, etc., up to displacements of approximately 16 pixels. If id ₁ ≠ id ₀ for all places is true, then a message is sent to the system that the verification failed and therefore no key was released.

It will be apparent to those skilled in the art that the above procedure will be used as a "brutal force" search to catch the relative displacement of the fingerprint images between the member record and the review. In general, it is observed that less than +/- 16 pixels of displacement can be achieved in a 128x128 image using a suitable finger positioning device, and therefore the range of displacement captured by the above algorithm is sufficient ,

It is clear that the ID code id _{0 can} also be stored in a secure location outside the protected filter. In this case, a new ID code id _{1 is sent} to this location during the check, and compared to id ₀ . This improves the security of the system in that an attacker who wants to recover the key k ₀ from the protected filter has no access to id ₀ , and therefore can only know if his attempts were successful, based on messages that be sent from the secure location and controlled by the system administrator. Therefore, the system administrator can limit the number of consecutive failed comparisons between id ₁ and id ₀ so that an attacker can not collect a large set of fingerprints and can try to use them to generate the correct key k ₀ .

Although not discussed in the preferred embodiment, those skilled in the art will appreciate that H _stored (u) may be stored as an array of quantized elements, each element being one of a finite number, for example 16, of phase levels.

It will be apparent to those skilled in the art that the foregoing algorithm could also be used to achieve validation of a system user without releasing a key. This can be achieved, for example, by storing the function c ₀ (x) in the verification system. Then, when the user the system is checking generates c ₁ (x), which is then compared to c ₀ (x), for example, by summing up the Euclidean distance between each of the elements of the two arrays to obtain a single scalar value describes the similarity between c ₁ (x) and c ₀ (x). Alternatively, a correlation could be used to judge the similarity between c ₁ (x) and c ₀ (x), and the ratio of the correlation peak height and the total correlation plane noise could be used as the scalar value. This scalar value is then compared to a predetermined system threshold, and the user is either accepted by the system or rejected. If c ₀ (x) can remain secure, it would be extremely difficult for an attacker to overcome such a system by generating an artificial c ₁ (x) and obtaining a positive verify signal.

While the preferred embodiment describes a "brutal force method" for aligning the c ₁ (x) pattern with respect to c ₀ (x) by subtracting different portions of c ₁ (x), it will be apparent to those skilled in the art, that other methods for aligning c ₁ (x) with respect to c ₀ (x) can be used. For example, some detail points from the biometrics could be stored in the protected filter, and used to prefetch c ₁ (x) with respect to c ₀ (x), before stripping off the bit components. Another method would reserve some of the bits of the member capture template for being connected to a system default sync signal. During the check, the binarized check template is searched for the specified sync signal, and once found, it is used to align c ₁ (x) with respect to c ₀ (x).

Although the foregoing embodiment sums up the bit components from the binary converted equal weighting verification template, it will be apparent to those skilled in the art that various weighting functions could be used to further improve the performance of the system. As an example, the bit components corresponding to the inverse rank order of each bit could be weighted and summed. The bit components could also be weighted inversely proportional to the expected standard deviation of each bit before being added. Moreover, the magnitude vectors could be added together using complex weights having an amplitude term such as the standard deviation and a phase term added to the phase of each element and defined by the conjugate phase of the phase of that element in the membership template. For a legitimate user, this "correction" of the phase provides magnitude vector summation along the real axis. The summation is therefore far from the origin. For an attacker, the phase of the verification template is statistically significant with respect to the Member record template of legitimate user. As a result, the complex weights do not balance the phase terms, and the summation of the magnitude vectors should collapse at zero. Here, the idea is to force the legitimate user's summation to be far from the binarization threshold (zero on the real axis), whereas the attacker's summation statistically occurs around the binarization threshold.

It will be apparent to those skilled in the art that error correction codes, such as Hamming codes and Reed-Solomon codes, can be used to reduce the number of errors in the digital key k. This could be achieved, for example, by using the bit components of the binarized verification template to derive N bits of data (with N> M) and then using error correction codes to transform the N-coding bits into the M key bits.

It will be apparent to those skilled in the art that the preferred embodiment permits periodic updating of the protected filter. For example, it may be considered that the set of training images for a particular user, f ₀ ¹ (x), f ₀ ² (x), ..., f ₀ ^T (x), is stored in a safe location, and for a system administrator is available (possibly as a measure of Private / Secure only after the legitimate user has been verified). If this user presents a subsequent group of pictures, f ₁ ¹ (x), f ₁ ² (x), ..., f ₁ ^S (x), for the system, the system administrator can display this new group of pictures with the previous one Group together to form a new set of T + S images that can now be viewed as an updated set of training images. Using this merged set of T + S images, H _stored (u) and c ₀ (x) can be regenerated (using a new version of G ₀ (u)), and a new compound index array, LI, can be determined. The new versions of H _stored (u) and LI should be stored in the protected filter. This process can be considered as "adaptive filtering" because the content of the protected filter is adjusted over time to encompass a greater fraction of the natural variations of the biometric image than can be done in a single member-capture session.

Furthermore, it is obvious that each time a new group of pictures is acquired, the key k ₀ can be changed if necessary. In this case, id ₀ should be modified in the protected filter. Updating the key has several advantages.

For example, if it is known that k _{0 has been} detected, then a new key should be introduced into the system. Although it is known that an attacker could determine the value of a key within a certain period of time, for example using a brutal force computer search, the value of the key should be updated within that time period. Periodically updating the value of the key is a standard procedure used in cryptographic and other security systems, and it will be apparent that this is easily accomplished using the methods described herein.

3) Other embodiments of the invention

A second embodiment of the invention is concerned with detailed fingerprint verification procedures.

It has been known for more than 100 years that the details are clear and relatively robust features of a fingerprint. Classical details are defined as fingerprint bar ends (type 1 details) and fingerprint bar branches (type 2 details). Of course, the details of type 1 may also be defined as fingerprint groove branches, and the details of type 2 as groove endings. In addition, there are some other fingerprinting features, sometimes referred to as details, such as bars, pores, bridges, islands, line breaks, etc., but these are usually unstable and not reproducible in successive trials. These features often create spurious details, or fingerprint noise, as they can be considered as actual details during fingerprint verification.

Numerous algorithms for automatically subtracting details have been developed in the last 20 years. The strength of these methods is in fingerprint identification, or so-called "many in one" systems, because they permit a quick comparison of a fingerprint to be identified with a large database, with a relatively low erroneous acceptance. However, one of the major disadvantages of the detailed procedures is that they provide fingerprints of high quality and without large size Require scars. This explains the fact that most of the details procedures show a minimum false rejection rate of at least a few percent in a real-life trial.

For the key manipulation in the present embodiment, we use one of the known detail deduction algorithms (see, for example, US Pat U.S. Patent No. 4,752,966 from Schiller). The algorithm scans a fingerprint image and finds the horizontal and vertical positions x and y of the details, and their orientation angle Θ, and identifies them as type 1 or 2. To improve the consistency of subtracting the details, one could print a few fingerprints use in the membership and the review. In one method, the details are tested for stability: for example, if the same item is found in at least four tries from a total of five trials, this item is retained, otherwise it is considered unstable and omitted. Another method retains all the details found in five to six attempts for further processing. An intermediate method could also be used which allows one to tune the tolerance of the system. At the end of the detail removal process, there will usually be between 5-7 and 30-50 details found in the fingerprint, depending on the peel-off procedure and the characteristics of a particular fingerprint.

In the next step, a feature array f (x, y, θ) is formed in a three-dimensional feature space containing x, y detail coordinates and their angles. In a preferred embodiment, x, y are each sampled by 64 pixels, and θ is sampled at 60 levels from (-π) to π so that the total number of pixels is 64 x 64 x 16 = 65536. If a particular occupies a particular cell (x ₀ , y ₀ , θ ₀ ) in the feature space, then the function f (x ₀ , y ₀ , θ ₀ ) = 1, if the item is type 1, and is f (x ₀ , y ₀ , θ ₀ ) = -1 for the details of type 2. Finally, f (x ₀ , y ₀ , θ ₀ ) = 0 if there is no detail in this cell.

After the function f (x, y, θ) is determined, a three-dimensional Fourier transform is performed to obtain a three-dimensional complex function F (u, v, Θ). We prefer the Fourier transform of every other transformation because it provides a translation invariant check. In addition, this embodiment is also rotationally variable since we use the detail angle as a third coordinate. In other words, during the check, placing a finger in a different position and at a different angle does not significantly affect the performance of the method.

der Fourier Transformierten der in bezug auf das Mitglied angemeldeten Merkmalsfunktion f₀(x, y, θ). Es werden die folgenden zwei Funktion berechnet:

c₀(x, y, θ) = FT^–1{Ô(|F₀(u, v, Θ)|)G₀(u, v, Θ)} (24) The next steps are very similar to those in the first embodiment. In the membership recording, a three-dimensional function G ₀ (u, v, Θ) is generated which has a unit size and a statistical and uniform phase. Then one obtains an amplitude | F ₀ | and the phase

the Fourier transform of the feature function f ₀ (x, y, θ) registered with respect to the member. The following two functions are calculated:

c ₀ (x, y, θ) = FT ^-1 {Ô (| F ₀ (u, v, Θ) |) G ₀ (u, v, Θ)} (24)

It is known that the Fourier transform of a real object has a symmetry property, that is F (u, v, Θ) = F * (-u, -v, -Θ), which adds an additional value to an attacker who has access to H _stored Can convey information. To improve the security of the method, only half of the _64x64x16 array _{H_stored} can be _extracted and stored so that its dimensions are, for example, 64x32x16.

The operator Ô in equation (24) processes the amplitude | F ₀ | to improve the system tolerance. For example, it may include a saturation denominator as in the first embodiment (Equation (19)).

The function c ₀ (x, y, θ) is used to encode a digital key k ₀ with M bits. This is done via a connection code and in the same way as in the first embodiment. More specifically, a central portion of c ₀ (x, y, θ) is subtracted, its size may be, for example, 32 × 32 × 10 or 32 × 16 × 10 when the mentioned half of H _{stored has been} stored. The real and imaginary parts of the stripped array are combined and binarized so that the resulting array Contains 20480 bits (or 10240 if the mentioned half has been stored). The connection code connects each of the M bits in the key k ₀ to L bits selected from the array of 20480 or 10240 elements. Some more advanced methods could be used, including various error correction codes. The stored protected filter has the phase-only function H _stored (u, v, θ), the data defining the connection code, and the id code id ₀ .

During the check, a feature function f ₁ (x, y, θ) and its Fourier transform F ₁ (u, v, Θ) are obtained, as was the case with the member survey. The function H _stored (u, v, Θ) is read from the memory device, and a function c ₁ (x, y, θ) is calculated as

eine Phase der Fourier Transformierten F₁.Here is

a phase of the Fourier transform F ₁ .

Then, a central portion 32 × 32 × 10 (or 32 × 16 × 10, when the mentioned half of H _stored during the membership recording has been subtracted) is subtracted from c ₁ and scanned successively over c ₁ until a correct key is recovered, or the review fails.

Normally, the dimension of the scanned box is 32x32x4 (32x16x4 for one-half). However, if the detail extraction algorithm also specifies a natural center of the fingerprint (usually this is a point of maximum line curvature), that size can be made much smaller, say 4x4x4. This significantly speeds up the verification process. Using the connection code also read from the storage device, a decrypted key k1 is determined from the deducted portion of c1. Then, the control value id1 is calculated from k1 and compared with the stored value id0. If they agree, the correct key is released.

In a third embodiment of the invention, yet another method is used to obtain a biometric information signal.

In member capture, the information contained in a two-dimensional fingerprint image f0 (x, y) is sorted into two parts: the most distinctive f0m (x, y), and the least distinctive f01 (x, y). The most distinctive information contains the areas (which we call "bricks") which contain details, scars, places with a strong line curvature, etc., in other words those areas which do not have a structure with parallel or quasi-parallel lines. One of the methods for finding these areas is in U.S. Patent No. 5,067,162 by Driscoll et al. Another method may include any detail extraction algorithm so that, once all the details have been found, the "bricks" from the source image, which contain the details as centers, will be deducted. The least distinctive regions can be found in the opposite way, so that the "bricks" are located at the places where the lines are approximately parallel and which contain no detail. For example, for an image of 128x128, the "brick" dimensions may be 16x16. Alternatively, the function f ₀₁ (x, y) may be taken as a straight strip at the bottom, top, right or left of the image, or as a corresponding combination. In this case, the information contained in f ₀₁ (x, y) need not necessarily be designated as least distinctive, but instead as the information that is maintained for common alignment.

The functions f _0m (x, y) and f ₀₁ (x, y) are 128x128 images containing the "tiles" with the most distinctive or least distinctive information, with the pixels outside the "bricks" at 0 or other predetermined values are set. These "bricks" are in the same places as those where they were in the original image f ₀ (x, y). The most distinctive information is used for the key connection, and is not stored in a protected filter, whereas the least distinctive information is only used to align a fingerprint to be verified with the fingerprint captured in the member record. The least distinctive information is stored in a protected filter. Both during membership and during the review, a few versions of the same fingerprint can be used to improve its consistency, as with the first Embodiment has been described. After a function f _0m (x, y) has been obtained, a transformation T is performed to obtain a transform F _0m (u, v) of the most distinctive information: F _0m (u, v) = T (f _0m (x, y)) (26)

und c₀(x, y) = T^–1{Ô(|F_0m(u, v)|)G₀(u, v)} (28) berechnet, wobei T^–1 eine inverse Transformation ist, und ein Operator Ô die Amplitude von f_0m(u, v) bearbeitet; ein angeforderter Schlüssel k₀ wird mit c₀(x, y) über einen Verbindungscode verbunden. Bei dieser Ausführungsform wird der gesamte Array von c₀(x, y) verwendet, nicht nur ein zentraler Anteil, wodurch das Ausmaß der verfügbaren Information erhöht wird und die Leistung verbessert wird. Ein geschütztes Filter umfasst H_stored, den Verbindungscode, die am wenigstens unterscheidungskräftige Information f₀₁(x, y), die Koordinaten der Zentren der ”Fliesen” für die Unterscheidungskräftigste Information, sowie den ID-Code id₀.In this embodiment, the transform T is not necessarily a Fourier transform, but may also be a fractional Fourier transform, a Gabor transform, one of the wavelet transforms, etc. In other words, the transform T need not necessarily be a translation-invariant method like the Fourier transform, since the images are aligned with the least distinctive information. In a preferred version of this embodiment, the remaining operations are approximately the same as in the first embodiment. It is a statistical only-phase function G ₀ (u, v) generated, the functions

and c ₀ (x, y) = T ^-1 {Ô (| F _0m (u, v) |) G ₀ (u, v)} (28) where T ^{-1 is} an inverse transformation, and an operator Ô processes the amplitude of f _0m (u, v); a requested key k ₀ is connected to c ₀ (x, y) via a connection code. In this embodiment, the entire array of c ₀ (x, y) is used, not just a central portion, thereby increasing the amount of information available and improving performance. A protected filter comprises H _stored , the connection code, the least distinctive information f ₀₁ (x, y), the coordinates of the centers of the tiles for the most discriminating information, and the id code id ₀ .

Upon verification, a new fingerprint image f ₁ (x, y) is obtained. The array f ₀₁ (x, y) containing the least distinctive information from the fingerprint captured at the time of membership recording is read from the protected filter. The array f ₀₁ (x, y) is only used to align the fingerprint images f ₀ (x, y) and f ₁ (x, y). For this purpose, a correlation function of two arrays f ₀₁ (x, y) and f ₁ (x, y) is calculated, and the x and y positions of the correlation peak, x _cor and y _{cor are} determined. If the images f ₀ (x, y) and f ₁ (x, y) were not shifted with respect to each other, the correlation peak would be exactly in the center, that is, (64, 64) in the case of 128 x 128 images. The values (x _cor - 64) and (y _cor - 64) determine the relative displacement of two images. Then, the image f ₁ (x, y) is shifted by these values to obtain a shifted image f ₁ '(x, y), so that it is assumed that the images f ₀ (x, y) and f ₁ ' (x, y) are aligned with each other. In the next stage of alignment with each other, the "tiles" are subtracted from f ₁ '(x, y) at the same locations as those "tiles" containing the least distinctive information and subtracted from f ₀ (x, y) to obtain an image f ₁₁ '(x, y) which is assumed to be the same as f ₀₁ (x, y). Then, a correlation function of f ₀ (x, y) and f ₁₁ '(x, y) is calculated. If the correlation peak is at (64, 64), it means that alignment has been performed correctly on one another, and otherwise the image f ₁ '(x, y) is again shifted to the new location of the correlation peak.

After the second stage of alignment is complete, the coordinates of the centers of the "tiles" for the most distinctive information are extracted from the protected filter, and "tiles" are subtracted at the same locations from f ₁ '(x, y) by one Array f _1m '(x, y), which is assumed to coincide with the array f _0m (x, y) subtracted during the membership recording. In order to improve the accuracy of the method, a few versions of the fingerprint f ₁ (x, y) can be obtained during the check, and a few versions of the arrays f ₁₁ '(x, y) and f _1m ' (x, y ) subtracted from. If some of the arrays f _1m '(x, y) are too different from most arrays, those arrays will be rejected. Then, a composite image f _1m (x, y) can be formed by adding the remaining arrays f _1m '(x, y) to each other.

In the next step, the transformation T of f _1m (x, y) is performed to obtain a transform F _1m (u, v). One obtains a function c ₁ (x, y):

In the next step, a key k _{1 is determined} from c ₁ (x, y) using the connection code read from the protected filter. Then, the correction value id1 is calculated from k1 and compared with the stored value id0. If there is a match, the correct key is released. In this embodiment, the array c ₁ (x, y) is not scanned unlike the first and second embodiments because the images f ₁ (x, y) and f ₀ (x, y) are aligned with each other. However, there may be an error in alignment with each other, usually one or two pixels. In this case, the aligned input image f ₁ '(x, y) may be shifted by ± 2 pixels in both the x and y directions to obtain a few functions f _1m (x, y), all at to try the checks.

A fourth embodiment of the invention is concerned with another type of biometric information, namely the iris of the eye. It has been demonstrated (see, for example, the article by J. Daugman, IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 15, No. 11, pp. 1148-1161, 1993, which is incorporated herein by reference) that Iris scanning is a relatively accurate and reliable method of biometric verification and identification. There are two major advantages of iris scanning compared to biometrics based on fingerprints. First, the iris is circular and therefore has a natural center, which solves the problem of the mutual alignment of images. In addition, when reading the iris, no mechanical contact occurs, allowing the iris image to be picked up without irregular distortion. However, the picture quality is sometimes poor, especially with a dark iris.

In the key acquisition member capture, the first step involves receiving a two-dimensional iris image, preprocessing, and transforming the image into the dimensionless projected polar coordinate system (r, θ) to obtain a machined iris image i ₀ (r, θ). Both during the membership session and during the review, a few versions of the same iris can be used, similar to all previous embodiments.

The next step involves performing a transformation of i ₀ (r, θ) to obtain a transformed I ₀ (R, Θ). In the present embodiment, this is a Gabor transformation I ₀ (R, Θ) = ∫∫exp [-iω (Θ-θ) - (R-r) / a ² - (Θ-θ) / b ² ] i ₀ (r, θ) rdr dθ (30) in which the parameters ω, a and b were predetermined. Unlike the Fourier transform, the size of the Gabor transform is not translationally invariant, but this property of transformation is not necessary in the present embodiment because the images are aligned with respect to each other by their natural centers.

Then the real and imaginary parts of I ₀ (R, Θ) are combined and binarized (with respect to a threshold equal to 0) to obtain a binary function BI ₀ (R, Θ). In the next steps, a statistical binary function BG ₀ (R, Θ) is generated; the key k ₀ is connected to BG ₀ (R, Θ) via a connection code, and is a binary stored function H _stored = BI ₀ (R, Θ) XOR BG ₀ (R, Θ) (31)

A protected filter includes H _stored the connection code, as well as the id code id ₀ .

During the check, a new, processed iris image i ₁ (r, θ) is obtained. Then the Gabor transformation is performed, and the real and imaginary parts of their result are combined and binarized to obtain a binary function BI ₁ (R, Θ). The function H _stored is recovered from the protected filter and a binary function BG ₁ (R, Θ) is obtained. BG ₁ (R, Θ) = BI ₁ (R, Θ) XOR H _stored (32)

In the next step, a decrypted key k _{1 is determined} from BG ₁ (R, Θ) using the connection code read from the protected filter. Then, the correction value id _{1 is} calculated from k1, and compared with the stored value id0. If they match, the correct key is released.

It can be seen that the method for connecting and retrieving the keys according to the fourth embodiment can be regarded as a limited and simplified case of the first embodiment. Since the irregular distortions in the iris images are significantly less significant than in the fingerprint images, we can neglect the noise term E _noise in equation (5) by setting α = 0. Then, if the images f ₀ ^t (x) obtained in the membership image are approximately identical, it follows from equations (11) and (12) that A ₀ (u) ≈ F ₀ ^t (u), D ₀ (u) ≈ | F ₀ ^t (u) | ² is. The same applies to the images in the test f ₁ (x), ie A ₁ (u) ≈ F ₁ (u), D ₁ (u) ≈ | F ₁ (u) | ² . Substituting these results into equations (19) and (20) yields:

auf. Läßt man den Faktor √2 weg, und verknüpft die reellen und imaginären Teile, so erhält man einen Array, der aus Elementen gleich ±1 besteht. Es ist offensichtlich, daß das Produkt derartiger Arrays äquivalent zur logischen XOR-Operation ist, die bei binären Arrays angewendet wird, die nur Nullen und Einsen enthalten, wobei die Werte von –1 und +1 auf 1 bzw. 0 abgebildet werden. Alle diese Überlegungen führen direkt zu den Gleichungen (31) und (32) der vierten Ausführungsform.This means that only the phase information is left and the amplitudes | A ₀ (u) |, | A ₁ (u) | the transformers of the composite images are no longer important for the distortion-free images. It should be noted that the function H _stored is still defined by equation (21). As mentioned above, the translational invariance of the algorithm is not required for the iris images, so an inverse transformation in equations (33) can be omitted and the key k ₀ can be directly connected to G (u) in the transformed region, namely u, instead of c ₀ (x) in the image area x. Finally, if the phases in equations (33) are quantized by four levels, namely π / 4, 3π / 4, 5π / 4 and 7π / 4, then all the complex exponents are equal to real and imaginary parts

on. If you leave the factor √ 2 away, and links the real and imaginary parts, one obtains an array consisting of elements equal to ± 1. It is obvious that the product of such arrays is equivalent to the logical XOR operation used on binary arrays containing only zeros and ones, mapping the values of -1 and +1 to 1 and 0, respectively. All of these considerations lead directly to equations (31) and (32) of the fourth embodiment.

Obviously, in the fourth embodiment, the key manipulation may also be performed in a manner similar to the previous embodiments, that is via a function c ₀ (r, θ) and an inverse Gabor transform (or some other transformation), as in equation (28 ). The H _stored function would not be a binary function, but a phase-only function.

It is also obvious that the third embodiment of the invention can be carried out similarly to the fourth embodiment, ie by binarizing the function F _0m (u, v) and generating H _stored via the XOR operation, as in equation (31). This would be useful, in particular, if a fingerprint input device were capable of producing distortion-free images. In general, the fourth embodiment can be implemented for any distortion-free biometrics with aligned images.

While the first three embodiments used fingerprint images and used the fourth iris images, it is apparent that other biometric images could be used in all embodiments.

It will be apparent to those skilled in the art that while the preferred embodiments are implemented in a fully digital environment, it is possible to implement components of the algorithm through other means, such as optical information processing.

Other modifications will be apparent to those skilled in the art, and thus the invention is defined in the claims.

Claims (28)

Method for the secure recovery of a digital key ( 93 ) comprising the following steps: taking at least one biometric image ( 11 ); Obtaining transformed image information ( 31 ) including transforming the at least one biometric image ( 11 ) into a transformation area ( 20 ); Retrieving a protected filter ( 100 ) from a memory; Insertion of the transformed image information ( 31 ) at the protected filter ( 100 ) to form a complex array as verification information ( 63 ) to obtain; and getting the digital key ( 93 ) from the verification information ( 63 ), characterized in that the protected filter ( 100 ) a phase-only filter ( 53 ) and a connection index array ( 62 ), the phase-only filter ( 53 ) of a random-only phase function ( 52 ) and other phase information to obtain cryptographic security; the connection index array ( 62 ) is generated, at least in part, by the random phase-only function ( 52 ) and the digital key ( 93 ) be generated; and getting the digital key ( 93 ) use of the compound index array ( 62 ) at a function of the verification information ( 63 ). The method of claim 1, wherein the step of obtaining verification information ( 63 ) comprises the steps of: obtaining size information from the transformed image information ( 31 ); Insertion of at least the size information in the phase-only filter ( 53 ) to obtain a transition filter with phase and magnitude information; and multiplying the obtained image information by the transition filter. Method according to Claim 1, in which the verification information ( 63 ) comprises a complex-valued array, and wherein to obtain a function of the verification information ( 63 the following step is provided: (i) obtaining a transform of the verification information ( 63 ); (ii) inserting an array ( 140 ), that at least a portion of the transform of the verification information ( 63 ); (iii) linking real and imaginary parts of the inserted array ( 140 ) to form a verification template ( 141 ); and (iv) Binary conversion of the verification template ( 141 ) by thresholding with respect to zero. Method according to Claim 3, in which the digital key ( 93 ) has binary elements, and the compound index array ( 62 ) an array with a predetermined number of rows and a column for each binary element of the digital key ( 93 ), and wherein the step of obtaining the key comprises: obtaining an mth element of the digital key ( 93 ) by summing all the bits of the binarized verification template ( 141 ) whose indexes are represented by an mth column of the compound index array ( 62 ), wherein a value of the mth element of the digital key ( 93 ) is set to 1 if the sum is greater than or equal to one-half the number of rows of the compound index array ( 62 ), and otherwise the mth key element is set to zero. Method according to claim 4, comprising the steps of retrieving a group of bits ( 103 ), Encrypting the group of bits ( 103 ) with the digital key ( 93 ), Passing the encrypted group of bits ( 103 ) by a one-way control algorithm ( 91 ), an identification code ( 95 ), comparing the obtained identification code ( 95 ) with a retrieved identification code ( 92 ), and sharing the digital key ( 93 ) with agreement. Method according to Claim 5, in which, if the identification code obtained ( 95 ) not to the retrieved identification code ( 92 ), an array is inserted which has a portion of the verification information (FIG. 3) different from the array of step (ii) of claim 3 (FIG. 63 ), and a repetition of steps (iii) and (iv) of claim 3 is performed. The method of claim 1, wherein the step of obtaining transformed image information ( 31 ) includes using an optimization procedure depending on a desired discrimination and a desired distortion tolerance. Method according to Claim 1, in which the transformation region ( 20 ) a Fourier transform domain ( 20 ). The method of claim 1, wherein the biometric image ( 11 ) a fingerprint image ( 11 ), and in which the obtaining of the transformed image information ( 31 ) comprises the following steps: scanning the fingerprint image ( 11 ) to obtain details including vertical and horizontal detail coordinates, detail angles, and feature types; Obtaining a feature array in a three-dimensional feature space from the details, and performing a transformation of the feature array. Method according to claim 1, in which the protected filter ( 100 ) Contains alignment information, and wherein the step of obtaining transformed image information ( 31 ) comprises the steps of: retrieving the alignment information from the protected filter ( 100 ); Inserting the alignment information to align the at least one biometric image (11) to obtain at least one aligned biometric image; Retrieving from with the digital key ( 93 ) associated biometric information from the aligned biometric image; and performing a transformation of a function with the digital key ( 93 ) related biometric information to the transformed image information ( 31 ) to obtain. Method according to Claim 1, in which the phase-only filter ( 53 ) is a binary filter and in which the transformed image information ( 31 ) comprises binarily transformed image information; and wherein the step of obtaining the verification information ( 63 ) performs an XOR operation between the binary filter and the binary transformed image information ( 31 ). Method according to Claim 1, in which the phase-only filter ( 53 ) has two components, none of which consists solely of the protected filter ( 100 ) can be reconstructed. Method according to Claim 1, in which the phase-only filter ( 53 ) a function of a phase component ( 51 ) of the transformed image information ( 31 ). Method according to Claim 1, in which the phase-only filter ( 53 ) a product of a conjugate complex value of the phase component ( 51 ) of the transformed image information ( 31 ) and a random-only phase function ( 52 ). Method for connecting a digital key ( 90 ) with M elements with a given two-dimensional, complex-valued array ( 110 ), comprising the following steps: (i) linking real and imaginary parts of the complex-valued array ( 110 ) to form a membership record template ( 111 ); (ii) Arrangement of Positive Elements and Negative Elements of the Member Acceptance Template ( 111 ) according to rank according to size; (iii) storing row and column indices of the ranked positive elements in a positive location vector ( 131 ) and of row and column indices of the ranked negative elements in a negative position vector ( 130 ); and (iv) subtract, for each of the M elements of the digital key ( 90 ) of L elements from the negative position vector ( 130 ), if the one key bit is a zero, and subtracting L elements from the positive position vector ( 131 ), if the one bit is a one, to generate a two-dimensional compound index array ( 62 ), which has L rows and M columns. Method of producing a protected filter ( 100 ) comprising the following steps: taking at least one biometric image ( 10 ); Obtaining transformed image information ( 30 ), with transformation of the at least one biometric image ( 10 ) into a transformation area ( 20 ); Generation of a random phase-only function ( 52 ); Using the random-only phase function ( 52 ) and the transformed image information ( 30 ) when creating a protected filter ( 100 ); and storing the protected filter ( 100 ); where the random-only phase function ( 52 ) is a random function, so that the protected filter ( 100 ) a phase-only filter ( 53 ) with cryptographic security. Method according to Claim 16, comprising the following steps: starting the random phase-only function ( 52 ) in the transformed image information ( 30 ) to form a complex-valued array as output ( 60 ) to obtain; Using the output size ( 60 ) and a selected digital key ( 90 ) to create a connection index array ( 62 ) to the digital key ( 90 ) to obtain; where the protected filter ( 100 ) the phase-only filter ( 53 ) and the connection index array ( 62 ). Method according to claim 17, wherein the digital key ( 90 ) M has elements, and wherein the step of obtaining the compound index array ( 62 ) to the digital key ( 90 ) comprises the following steps: (i) obtaining a transformation of the output quantity ( 60 ); (ii) linking real and imaginary parts of at least a portion of the output ( 60 ) to form a membership record template ( 111 ); (iii) Arranging positive elements and negative elements of the membership template ( 111 ) according to rank according to size; (iv) storing row and column indices of the ranked positive elements in a positive location vector ( 131 ), and row and column indices of the ranked negative elements in a negative location sector ( 130 ); and (v) subtract, for each of the M elements digital key ( 90 ), of L elements from the negative position vector ( 130 ), if the one key bit is a zero, and subtracting L elements from the positive location sector ( 131 ), if the one bit is a one, to connect index array ( 62 ), which has L rows and M columns. The method of claim 17 including the steps of retrieving a group of bits ( 103 ), Encrypting the group of bits ( 103 ) with the digital key ( 93 ), Passing the encrypted group of bits through a one-way control algorithm ( 91 ) to provide an identification code ( 92 ) and storing the protected filter ( 100 ), the protected filter ( 100 ) the phase-only filter ( 53 ), the connection index array ( 62 ) and the identification code ( 92 ). The method of claim 16, wherein the step of obtaining transformed image information ( 30 ) includes the use of an optimization procedure depending on a desired discrimination and a desired distortion tolerance. The method of claim 17, wherein the step of employing the random phase-only function ( 52 ) in the transformed image information ( 30 ) inserting size information from the transformed image information ( 30 ) in a product of the phase component ( 51 ) of the transformed image information ( 30 ) and the random-only phase function ( 52 ). The method of claim 16, wherein the transformation region ( 20 ) a Fourier transform domain ( 20 ). The method of claim 16, wherein the biometric image ( 10 ) a fingerprint image ( 10 ), and wherein the step of obtaining the transformed image information ( 30 ) comprises the following steps: scanning the fingerprint image ( 10 ) to obtain details including vertical and horizontal detail coordinates, detail angles, and detail types; Forming a multi-dimensional feature array from the details; and carrying out a transformation ( 20 ) of the feature array. The method of claim 16, wherein the step of obtaining transformed image information ( 30 ) comprises the following steps: Sort the in the biometric image ( 10 ) into biometric information related to the digital key ( 90 ), and in alignment information; Performing a transformation of a function related to the digital key ( 90 ) biometric information; where the protected filter ( 100 ) contains the alignment information. The method of claim 16, wherein the biometric image ( 10 ) comprises a feature of natural orientation, and wherein the step of obtaining the transformed information comprises the steps of: aligning the at least one biometric image ( 10 ) using the natural orientation feature to obtain at least one aligned image; and carrying out a transformation ( 20 ) a function of the aligned image. The method of claim 23, wherein the phase-only filter ( 53 ) is stored as an array of quantized elements, each of the quantified elements being a phase level. The method of claim 16, wherein the transformed image information ( 30 ) has a complex conjugate value of the phase component ( 51 ) of a transform resulting from the transformation of the at least one biometric image ( 10 ) into the transformation area ( 20 ). The method of claim 27, wherein said inserting comprises multiplying said random phase-only function ( 52 ) with the conjugate complex value to the protected filter ( 100 ) to obtain.

Images