© 2005 the generics group ag presentation to bcs/12th april 2005 biometrics & identity...

© 2005 The Generics Group AG

Presentation to BCS/12th April 2005

Biometrics & IdentityAddressing the concerns of privacy through technology

- 2 -© 2005 The Generics Group AG

Biometrics & Privacy

Generics group research activities in biometrics and security

Overview of biometrics and basic model of how they work

Conventional and cryptographic modes of operation

Biometric key generation technology


Scientific Generics - Background

Cambridge based technology consultancy, research and development organisation with regional offices in US, Germany, Scandinavia and Hong Kong

Involved in the incubation of over 50 start off companies in fields ranging from:

Compact fuel cells Optical telecommunications Transmission of data over sound (e.g. between TV and mobile phone) Sensor devices Tracking and location technologies

Mainstay of business revenues come from fees for services consultancy activities relating to the interaction of technology with business value

Company retains a commitment to investment in commercially focused technology research activities


Background to biometrics research activities

Programme initiated in early 2001 with a view to deep integration of biometrics with private key management within a PKI with a view to realisation of the concept of I am my private key

First proof of principal demonstrator developed for iris in 2002

Security research activities broadened in 2003 to include consideration address of full range of privacy concerns impacting on the use of biometrics within national identity cards

Second verification demonstrator developed in 2004 which verifiably reproduced 400 bit keys from third party iris test data

2005 - current research activities focused on moving towards publication of test results that verify the technology creation of wider applications relating to other biometrics such as finger-print alpha product development of related security technologies incorporation as a commercial venture


Privacy risk of biometric identification systems

National Identity System

Biometric data

Identification Powers

Privacy Risk

RiskMitigation

Steps

Improvingacceptance

Cost of privacy

Residual perceived

privacy Risk

Financial costs

Political costs


Privacy enabling technology - reducing the costs of privacy

Biometric data

Identification Powers

Reduces privacy risk

RiskMitigation

costsAcceptance costs

Costs of privacy

National Identity System

Privacy enabling technolog

y

Reduces cost

Increases personal security

Increases system security

Increases acceptance


Technology Overview

Eliminate cost and complexity from biometric security infrastructure by a suite of technologies that support privacy by design

Biometric key generation - reduces need to access reference data Secure anonymisation - removes privacy issues of identification checks Secure workflow engine - enables robust policy enforcement in respect of

biometric escrow and identify registration processes Highly scalable wholesale delivery of high security identification and

certification services

SecureSystem

Privacy

PrivacyCompatible Secure

System

Cryptographic modes of biometrics increases privacy AND security whilst reducing costs


Biometrics - a definition

Biometrics are automated methods of recognising a person based on physiological or behavioural characteristics

Among the features measured are: face, fingerprints, hand geometry, iris, handwriting (signature), retinal, vein and voice

Ordinarily people distinguish between two different operational modes for biometrics:

Verification - are you who you claim to be (one-to-one) Identification - who are you really (one to many)

The UK and US biometric identity card systems are based on the use of both operational modes:

Verification for standard operational mode Identification for watch lists and multiple identity enrolment detection

Biometrics are fundamentally based on authentication of an individual based on: WHO YOU ARE or SOMETHING I AM


Why are biometrics so compelling?

The human interface is the biggest security gap in most security systems

Authentication, rather than encryption is the major problem facing security

The aspiration of biometrics is automated recognition of identity based on the immutable properties of a person’s being

The promise of direct proof of presence of the individual is the central premise of the appeal


Why are biometrics so difficult?

High quality image capture of biometrics is difficult

High performance discrimination based on biometric data is challenging

Biometric capture processes can be challenging or upsetting to users

Biometrics are not the same as passwords

Protecting biometrics against spoofing is problematic

There are competing methods of authentication that are arguably lower cost, easier to use and do not invade privacy of the person - e.g. strong passwords, RSA SecureId tokens, smart-card protected secrets etc

The cost benefit barriers for adoption should not be under-estimated of


The biometric conundrum

Biometrics are compelling to the market - otherwise any technology that is so difficult to use would otherwise have been dropped long ago.

Biometrics are problematic - otherwise anything so compelling would have been adopted on a much wider scale than has hitherto been the case

Will biometrics become a niche technology relied on in times of political insecurity and for high value applications?

ORIs the mass adoption of biometrics simply a question of time?


Examples of biometrics

Iris - highly accurate, relatively expensive

Finger Live-scan highly accurate, high cost finger scan reasonably accurate, low cost

Face - limited to one-to-one, best interoperability

Voice - limited performance, easily spoofed

Retina -highly accurate, difficult to use

Hand vein - accurate, easy to use, low adoption

Hand geometry - reasonably accurate, use in new applications diminishing

Signature - difficult to use but very attractive for PDA etc


Biometric images - iris

Commercial iris camera

Standard camera plus macro lens


Biometric images - fingerprint

High quality - optical High volume - thermal swipe


Limitations of biometrics

Performance

Cost

Security

Societal

Systems integration issues


Performance - alphabet soup

FMR - false match rate (or false accept)

FNMR - false non match rate (or false reject)

FTE - failure to enrol

Equal error rate - FMR=FNMR

ATV - ability to verify FTE * FNMR

SFMR - system false match rate

SFNMR - system false non match rate


Cost

Typical costs for high quality sensor devices (iris, finger, retina) is of the order of several thousand to several tens of thousands of dollars.

There is however also an emerging low-cost commodity tier of biometric devices that will enable most biometrics, with the possible exception of retina, to operate at price points of less than $100.

However the nature of applications compensates in that those applications which have the requirement of high throughput and high quality devices the cost tolerance for devices also tends to be higher.

For one-to-many applications such as border-control a small number of high cost devices can be used to support enrolment whilst a larger number of lower quality devices may be exploited to support verification.


Security

Security of authentication as measured by the SFMR

Biometric templates are a symmetric verification measure

Biometrics can be spoofed, if image data is stolen or captured by stealth

Mitigation of above with liveness checks

One to many matching requires central database storage. Data protection issues mandate that this is held in secure storage with high integrity, auditability and accountability of process

Security of the biometric image process environment to protect against interception

New sensor devices include use of capture specific generated nonce embedded into a trusted device as part of the defence against replay attacks


Societal factors

Public enthusiasm for national enrolment programmes! Or what? Actually most market research indicates reasonable compliance.

Who needs access to one to many matching and at what point? One to many matching is required to trap multiple identity registration. There

is NO other legitimate reason other than covert surveillance.

Postulated conclusions Required at enrolment only. Match database should be fully anonymised. ALL other checks should be one to one Highly secure mechanisms for biometric escrow, and subsequent escalation

need to be in place and under the control of a trusted intermediary authority Trusted authority acts to uphold the institution of Government - but is not

constituted by officers of the government.


Systems integration

BioAPI is the emerging standard

This is a framework approach supporting plug-in provider applications

Given the diversity of biometrics and the encoding regimes used this framework is highly abstract and has a light touch.

Framework is primarily focused on template based methods.

Cryptographic modes operate on a password substitution model and do not require the complexity of a framework since the integration problem is much cleaner


Other standards

ICAO all biometrics to be stored in full image format to support multi-vendor

operability face to be stored in unencrypted format other biometrics, iris or face, to be stored using encryption protocols to be

determined by n-lateral agreements for n-lateral read US led definition of ad-hoc standards - ultimately these will

be moderated by the domestic mandates for privacy


Biometric modes

Conventional biometrics Template matching One to one Vs one to many Local storage Vs central storage Data protection Encrypted storage/universal access

Cryptographic modes Repeatable number generation - biometric keys Digitally signed identity certificate Entitlement certificate Private key mode Password substitution


Standard biometrics is based on comparison with stored templates

X1 X2 X3 X4 X5 X6

X7 X8 X9 X10 X11 X12

X13 X14 X15 X16 X17 X18

X19 X20 X21 X22 X23 X24

X25 X26 X27 X28 X29 X30

X1 X2 X3 X4 X5 X6

X7 X8 X9 X10 X11 X12

X13 X14 X15 X16 X17 X18

X19 X20 X21 X22 X23 X24

X25 X26 X27 X28 X29 X30

X1 X2 X3 X4 X5 X6

X7 X8 X9 X10 X11 X12

X13 X14 X15 X16 X17 X18

X19 X20 X21 X22 X23 X24

X25 X26 X27 X28 X29 X30

AcceptBiometric

RejectBiometric

Pattern matching against stored data is an effective basis for authentication but is reliant on a system maintained record of a biometric reference template that is available at all points of authentication


Cryptographic modes are enabled by biometric key generation

Cryptographic modes Overview

AsymmetricProcess

Instructions

Asymmetric process instructions represent stored data generated at enrolment that are subsequently used to stabilise the regeneration of the biometric key


A biometric key can be exploited in a number of cryptographic modes

Biometric certificate - incorporated as a component of a digital signature (zero storage mode)

Biometric pin – biometric is a numeric component of a cryptographic key (zero knowledge mode)

Cryptographic modes Overview

BiometricCertificate

Data

Signature (IA)


Biometric certificates – zero storage mode

Biometric number is a stable integer value and can therefore be used as a component of signing data for a digital signature

The signing data can include other data attributes that can be bound to a biometric under the security jurisdiction of the private key that is used to generate the signature

The combination of digital signature and associated data is referred to as a biometric certificate since it contains a certified assertion of the binding between a biometric identity and related information

The security of the resultant document is based entirely on a single principal PKI key pair – i.e. protection of the private key used at issuance and trusted distribution of the public key that is used at verification

The biometric data does not contain any security sensitive data. It can be stored openly in plain-text format and does not require secure storage. This is a major driver of cost reduction as well as privacy.


Biometric certificate – biometric as a component of signing data

ProcessInstructions

SHA

Hash

RSA

Signature


Identity orEntitlement

Data

ProcessInstructions

Signature

Biometric certificate is a manifest of a verifiable digital binding between biometric identity and associated data

Private key of Issuing authority

Security perimeter


Data

Cryptographic modes Biometric certificate


Biometric Certificate – in summary



Data

ProcessInstructions

Signature (IA)

Biometric certificate enables the regeneration and authentication of a biometric source without revealing its value



Biometric certificates - applications

Public identity certificate – e.g. ID card

Anonymous Entitlement certificate – e.g. benefits entitlement card

Anonymous identity certificate

Biometric extension to public key certificate



Biometric certificate – as an identity document


Private Key of passport office used to create digitalbinding of biometric to identity data

Biometric source

Personal Identity Data

DigitalSignature

Biometric Certificate

Public Key of passport office used to verify documentsignature

DatabaseSmart Card

Biometric certificate can be stored in an open format at any location

ProcessInstructions



EntitlementData

ProcessInstructions

Signature (IA)

Biometric certificate - as an anonymous entitlement


Private Key of benefits office used to create digitalbinding of biometric to entitlement data

Biometric source

Benefit entitlement

DigitalSignature

Public Key of benefits office used to verify certificate

Biometric is used as a proof of entitlement but preserves privacy of identity

ProcessInstructions


Biometric certificate – as a privacy enhanced identity check


Patient recordData

ProcessInstructions

Signature (IA)


Private Key of health-care systemBiometric

source

Medical Record Header

DigitalSignature

Public Key of health-care system

Biometric is used as an identity integrity check – whilst preserving absolute privacy of identity

ProcessInstructions


Biometric certificate and public key certificates



Data

ProcessInstructions

Signature (IA)

Public keyCertificate

Identity orTrusted status

Data

Public key

Signature (CA)

+ =Public keyCertificate

Identity orTrusted status

Data

Public key

Signature (CA)

ProcessInstructions

Biometric certificate is the complement of a public certificate. BC binds the identity data to the biological identity, whilst a PKC binds the identity data to the digital identity of a private key



Biometric PKC – as a robust identity check of online identity

BiometricPKC

X.509 PKC

ProcessInstructions

Signature (IA)


Issuance: Private Key of trusted third partyBiometric

source

DigitalIdentity

DigitalSignature

Verification: Public Key of TTP

Biometric is used as an identity integrity check – whilst preserving absolute privacy of identity

ProcessInstructions

Face/voice fromVideo-conference

link


Biometric pin – zero knowledge protocols

A biometric number can function mathematically as a conventional password or pin

The interface between a biometric pin generation mode of cryptographic and a digital security system is the generated number

It therefore works directly to add biometric security as an incremental measure to existing security models

Password protection of private key Chip and pin Password based log-on to secured connection point

And provides some new security models Physical presence decryption of secured data – e.g. DNA component of a

medical record Symmetric encryption of biometric history


Biometric pin – zero knowledge protocol

Existing security

pinmechanism

sPin

Generator

Biometric key can be used incrementally to replace or enhance existing security models to support generation of a secret pin


Biometric enabled pin – something I have, something I know, something I am

AsymmetricProcess

Instructions

Pass phrase

Smart Card

Pin Generator

Cryptographic modes Biometric pin

Biometric key can be used to implement the three factor security model in a manner that is totally consistent with classical digital security models


Biometric enabled pin – biometric enhanced chip and pin

Pass phrasePin

Generator

Cryptographic modes Biometric pin

Biometric key can be used as incremental security layer to existing chip and pin models

Smart Card


Biometric pin – in summary

Biometric key that is used as a component of a generated PIN allows biometrics to be used as a replacement or enhancement to any existing password enabled application


Biometric pin – as a sign-on mechanism to computer device

Biometric key that is used as a component of a log-on password to add biometric authentication as an incremental security mechanism

Password based log-on


Biometric pin – as an enabler of a private key

Biometric key that is used as a component of a generated PIN allows biometrics to be used as a replacement or enhancement to any existing password enabled application

SHA+

AES

Private key enablement


Biometric private key – physical presence decryption in closed system PKI

Cipher- Records

PatientDatabase

Public Key

Write/store

read/access

Private Key


Biometric signing device – private key management for open system PKI

User

Process Instructions

Public Key

Process Instructions

Public Key

User biometric unlocks a private key to enable crypto operations within a secure user managed environment Public Key

Network

Network connectedreliant party

Remote authentication supported by standard PKI

• Universal biometric sign-on through a single user controlled device• Physical presence security protects digital assets on device• No means of attack of digital identity through stolen device• New device can be activated by download from networked repository

Network Repository


Biometric pin – as a symmetric encryption key to support drift tracking

Biometric pin

ValueHistory

SHA+

AES

ProcessInstructions

Enrolment

update

ValueHistory

History statistics on previous readings are stored encrypted under the biometric pin, used in symmetric encryption mode. Access to value history supports continuous enrolment.


Secure Server

Biometric key – two phase protocol for attack resistant keys

Pin Generator/Key enabler

External pin

External pin

Server controlled key share

Key blob

Attack resistantpin or private key

Server protectedpublic key


Technology overview for biometric key generation


Basic premise of biometric key generation

AsymmetricProcess

Instructions

Likely to be impossible

Difficult but tractable


Issues to be addressed for biometric key generation

Consistency of spatial alignment

Consistency of measurement structure boundaries of inclusion consistency of reference index – i.e. spatial sequencing Errors of inclusion – false minutiae, missed minutiae

Consistency of encoding

Consistency of value Feature classification Stability of digital value following conversion from real to integer

Scalability to large number of features As the volume of biometric information increases the probability of at least

one error increases exponentially


Spatial alignment of a biometric – alignment vector

Sacrificial feature elements – either a partial image, or location references for a small feature subset

External reference points – alignment by device(finger guides on scanner), or alignment by other reference data – eyelid corners

Implicit reference points – use second order information about biometric e.g. fault map minimisation

Sacrificial featuresor partial image

External reference points

Implicit reference points


Consistency of measurement structure

Inclusion boundary – specified by a stored policy and reinforced by exclusion vector

Spatial order resolution – enforced by sequence vector which is used to identity sequence clusters

Inclusion errors – propagation effect is mitigated by the use of specialised structural error correction techniques

Consistently exclude unstable features

Consistent spatial sequence through targeted use of secondary sort attributeStructural error correction detects and locates presence and position of inclusion errors

7

2130

38


Configuration of encoders

Selection of encoders – e.g. selection of wavelet function and secondary properties such as scale, orientation

Spatial variation of encoders – different elements of the biometrics may be configured separately so as to maximise information extracted

Typical examples for iris: Grid resolution of biometric surface Selection of encoder, texture, intensity gradient, normalised intensity

Configuration is dynamically optimised at enrolment and once optimised is remembered in the form of stored configuration parameters

Configuration instructions provide the formal basis of interaction between generic enrolment processes and plug-in encoders

Optimisation models will typically explore the configuration space of the enabled encoders


Consistency of value

Any conversion from real number measurement to integer is subject to digital boundary effect

The effect is an arbitrary consequence of a uniform measurement basis

Digital boundary effect is eliminated through the use of independent basis of measurement for each measured value

1

2

3

4

2 0 1 3 2 1

Rea

l D

om

ain

Digital Encoding Domain

Best case

Worst case


Scalability to large numbers of features

Use redundant data of biometric as a data channel for error correction

Residual key-data is converted to error correction code-words to generate error correction bits

Error correction bits are encoded under fault tolerant symmetric encryption by redundant data

Results in a configurable level of fault tolerance

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

M M M M M M M M

M M M M M M M M

M M M M M M M M

M M M M M M M M


Value stabilisation in detail

Exploration of the digital boundary effect reveals it to be an arbitrary property of an unnecessarily constrained measurement basis

The key to addressing the digital boundary effect is in adaptive customisation of the measurement axis on a per-feature basis

This supports minimisation of element faults that arise from digital boundary noise

The limitations on effectiveness of the technique derive from statistical analysis of offset patterns in data-encoding schemes where over-sampling has been applied.

In this situation the property of asymmetry is compromised because analysis of the offsets provides better than random predictability of where edge transitions occur


Exploring the digital boundary effect

Best case

1

4

3

2 Worst case

A measurement profile is like a vibration along its probability distribution

A collision with a digital boundary generates an encoding fault - noise

The propensity to error is a function of the placement of the distribution relative to digital boundaries

If a measurement vibration is contained between two adjacent quantisation boundaries then the feature faults rarely – resulting in low level of noise


Addressing the digital boundary effect

There is no requirement for a common basis of measurement across all encoded features

Stored offsets that are used to provide localised shift of the measurement axis

The effect of this is that all measurement vibrations are optimally situated with respect to fault boundaries

Resulting in a minimised level of digital boundary noise

1

4

3

2

StandardOrigin

Best case


Normalising signal to noise ratio across a biometric

Some features may exhibit higher stability than others – with reduced deviation in measurement error profile

Different resolutions of encoding are therefore appropriate

Stored process instructions can be used to customise the unit scaling of encoding prior to digital conversion

Resulting in a homogenised level of element fault probability across all features Stable feature Unstable feature

Normalised probability of element fault


Error correction – in detail



Use redundant data of biometric as a data channel for error correction

Residual key-data is converted to error correction code-words to generate error correction bits

Error correction bits are encoded under fault tolerant symmetric encryption by redundant data

Results in a configurable level of fault tolerance

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

M M M M M M M M

M M M M M M M M

M M M M M M M M

M M M M M M M M



Partition

K K K K K K K K

K K K K K K K K

K K K K K K K K

K K K K K K K K

Map datageneration

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B BR R R R R R R R

R R R R R R R R

R R R R R R R R

R R R R R R R R

P P P P P P P P

P P P P P P P P

P P P P P P P P

P P P P P P P P

M M M M M M M M

M M M M M M M M

M M M M M M M M

M M M M M M M M

Biometric data

Redundant data

Key data Error correction data


Exploits standard forward error correction techniques as applied to data communications and storage

D D D D P P P PD D D D

D D D D P P P PD D D D

Transmission

encoding

decoding

Bit fault

The data transmission channel includes a proportion of redundant data to support fault tolerance

An error correction algorithm, e.g. Hamming, BCH or Golay supports the generation of code words by appending parity data

Transmission on a noisy channel gives rise to random bit faults

The algorithm supports maximum likelihood decoding of a faulty code-word to regenerate a fault-free version of the initial data


Enrolment steps for error correction

Partition the biometric data into key-data (k-data) and redundant data (r-data)

Decompose the key-data into error correction code words according to the configured algorithm

Apply the configured algorithm to generate the required error correction parity data for each code-word

Recover all of the generated parity data as an array of binary data (p-data)

Apply binary mapping function to store the P-data, transformed under R-data to generate the mapping data M-data

Place the M-data within the storage unit for stored process instructions


Partitioning of data

Partition

K K K K K K K K

K K K K K K K K

K K K K K K K K

K K K K K K K KB B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B


R R R R R R R R

R R R R R R R R

R R R R R R R R

Biometric data

Redundant data

Key data

Partition algorithm is deterministic under a given encoding regime

Partition algorithm performs pseudo random redistribution of data

Takes explicit account of the size of error correction code-words

Component bits of each code-word are based on scattered sampling across biometric surface – dilutes burst error

Key data is based on equi-distribution of sample points of biometric surface – maximises residual entropy


Generation of error correction data

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

K K K K K K K K

K K K K K K K K

K K K K K K K K

K K K K K K K K

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

P P P P P P P P

P P P P P P P P

P P P P P P P P

P P P P P P P P

Key data is decomposed into error correction code words to form the data component of the transmission data

Configured error correction algorithm generates the parity data

Parity data is extracted as a byte stream


Generation of stored error correction mapping data

P P P P P P P P

P P P P P P P P

P P P P P P P P

P P P P P P P P

R R R R R R R R

R R R R R R R R

R R R R R R R R

R R R R R R R R

M M M M M M M M

M M M M M M M M

M M M M M M M M

M M M M M M M M

=XOR

Redundant data from the biometric is used to create a fault tolerant reversible mapping of error correction parity data into a form of safe storage

The mapping is reversible such that in the presence of equivalent redundant data from any subsequent measurement instance the parity data can be recovered from the mapping data

Mapping data is stored as a byte stream within the process instructions

Redundant data forms a data-channel for the storage and recovery of the error correction parity data

Key data is not stored and is recovered directly from each measurement instance of the biometric source


Application of stored mapping data to apply error correction to biometric key

Partition the biometric into K-Data and R-Data using the same algorithm as applied in enrolment

Read M-Data from the process instructions

Recover P-Data by applying the inverse mapping of M-Data under R-Data

Decompose K-data into error correction code words as at enrolment

Populate the parity data of each code word from the recovered P-Data

Apply the error correction algorithm for each code word

Recover K-data as the error corrected data component of each code word


Partitioning of data

Partition

K K K K K K K K

K K K K K K K K

K K K K K K K K

K K K K K K K KB B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B


R R R R R R R R

R R R R R R R R

R R R R R R R R

Biometric data

Redundant data

Key data

Partition algorithm is exactly the same as enrolment

Any degrees of freedom are fixed at enrolment and stored as configuration instructions


Recovery of parity data and reconstruction of code words

P P P P P P P P

P P P P P P P P

P P P P P P P P

P P P P P P P P

R R R R R R R R

R R R R R R R R

R R R R R R R R

R R R R R R R R

M M M M M M M M

M M M M M M M M

M M M M M M M M

M M M M M M M M

=XOR

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

K K K K K K K K

K K K K K K K K

K K K K K K K K

K K K K K K K K

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

Redundant data is used to recover P-data from the stored M-data

The K-data is decomposed into error correction code words

The parity component of code-words is populated from P-data


Recovery of biometric key

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

K K K K K K K K

K K K K K K K K

K K K K K K K K

K K K K K K K K

Error correction algorithm is applied to each code word to regenerate the error corrected data-component of each code word

The error corrected K-data is extracted from the error corrected code words


Fault map generation

Error corrected K-Data, k-Data’ can be used to regenerate error corrected form of P-Data, P-Data’ using the configured error correction algorithm

P-Data’ can be combined with stored M-Data to regenerate error corrected form of R-Data, R-Data’

The original form of biometric data, B-Data’, can be recovered by applying the inverse partitioning algorithm on K-data’ and R-Data’

XOR mapping between the currently measured B-Data and the fully error corrected form B-Data’, enables the regeneration of an element fault map – representing the difference between the current biometric and the biometric values generated at enrolment

Application of the stored offsets in combination with B-data’, allows complete regeneration of the exact biometric measurements that are represented by the enrolment data


Regeneration of fault map – recovery of error corrected R-Data

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

D D D D

K K K K K K K K

K K K K K K K K

K K K K K K K K

K K K K K K K K

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

D D D D P P P P

P P P P P P P P

P P P P P P P P

P P P P P P P P

P P P P P P P P

R R R R R R R R

R R R R R R R R

R R R R R R R R

R R R R R R R R

M M M M M M M M

M M M M M M M M

M M M M M M M M

M M M M M M M M

P P P P P P P P

P P P P P P P P

P P P P P P P P

P P P P P P P P

=XOR

Original values of P-Data can be regenerated from error corrected K-data

Original values of R-Data can be regenerated from mapping between M-data and P-data


Regeneration of biometric data

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

Recombine

K K K K K K K K

K K K K K K K K

K K K K K K K K

K K K K K K K K

R R R R R R R R

R R R R R R R R

R R R R R R R R

R R R R R R R R

Recombining R-Data and K-Data through inverse partition algorithm regenerates original form of B-data generated at enrolment


Fault map generation

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

XOR

F F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

=

Recombining error corrected form of B-data’ with the uncorrected B-data corresponding to current encoding enables construction of a fault map

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

Enrolment value Measured value Differences


Error Correction of Multi-bit Integer Data

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B BB B B B B B B BB B B B B B B BB B B B B B B BB B B B B B B BB B B B B B B BB B B B B B B BB B B B B B B B



LSBHSB

Integers are represented as multiple bits

Measurement error is not homogeneous across bit position

Appropriate to split biometric surface into multiple bit streams

Allow different level of redundancy for different bit streams – or even different algorithms


Error Correction of Multi-bit DataF F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

F F F F F F F F

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B




LSBHSB

For correctly tuned system the majority of errors will be +/-1 since the margin of error for +/-2 is approx 3 times greater in extent

Majority of errors, typically 98% in higher order bit streams will have corresponding error in LSB plane

Fault map can be fully determined from the LSB bit plane

Use of fault map to constrain the most likely error locations improves error correction in higher order bit streams


Fault map decoding

D D D D D D D D D D D D P P P P P P P P P P P

Using the fault map we can determine through partition maps exactly which bits in HSB streams correspond to detected faults in the LSB bit plane

D D 0 D D D D D D 0 D D P P P P 0 P P P P P P








D D D D D D D D D D

D D D D D D D D D D

D D D D D D D D D D

D D D D D D D D D D

D D D D D D D D D D

D D D D D D D D D D

D D D D D D D D D D

D D D D D D D D D D

Set of all code-words consistent with fault map

Set of all error corrected values consistent with fault map

D D D D D D D D D D

Modal value

Exploring the code space to determine the modal value consistent with the fault map efficiently exploits the available information to maximise error correction performance


Regeneration of real-number version of biometric data

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

B B B B B B B B

+

O O O O O O O O

O O O O O O O O

O O O O O O O O

O O O O O O O O

O O O O O O O O

O O O O O O O O

O O O O O O O O

O O O O O O O O

b b b b b b b b

b b b b b b b b

b b b b b b b b

b b b b b b b b

b b b b b b b b

b b b b b b b b

b b b b b b b b

b b b b b b b b

=

Recombining digital form of B-data with the offset vector enables complete reconstruction of the real number measurement values of the biometric


Use of recovered b-data to support continuous enrolment


+

O O O O O O O OO O O O O O O OO O O O O O O OO O O O O O O OO O O O O O O OO O O O O O O OO O O O O O O OO O O O O O O O

b b b b b b b bb b b b b b b bb b b b b b b bb b b b b b b bb b b b b b b bb b b b b b b bb b b b b b b bb b b b b b b b

=






Value history

Value history can be locked under biometric key, in symmetric encryption mode, to support continuous revision of value related process instructions

© 2005 the generics group ag presentation to bcs/12th april 2005 biometrics & identity...

Documents

securityoverview of

use of biometrics

definition biometrics

biometrics identityaddressing

security research activities

deep integration of

concerns of privacy

technology consultancy