2013 6th International Congress on Image and Signal Processing (CISP 2013)
Biometrics for Securing Mobile Payments: Benefits, Challenges and Solutions Wencheng Yang, Jiankun Hu*
Jucheng Yang
School of Engineering and Information Technology University of New South Wales at Canberra Canberra, Australia
College of Computer Science and Information Engineering Tianjin University of Science and Technology Tianjin, China
Song Wang
Lei Shu
School of Engineering and Mathematical Sciences La Trobe University Victoria, Australia
Lab. of Petrochemical Equipment Fault Diagnosis Guangdong University of Petrochemical Technology Guangdong, China
Abstract—In this paper, we aim to shed some light on the benefits and challenges brought about by using biometrics for securing mobile payments. Some potential solutions to address the challenges are also proposed and analyzed. Based on our analysis, it is shown that biometric cryptosystems are the suitable choice for providing security protection to biometric templates and enabling a seamless integration with the existing password-based payment systems. Moreover, the employment of stable feature sets or multimodal biometrics is able to improve the recognition accuracy of biometric-based mobile payment systems. Finally, to provide security for mobile payment systems, we propose a secure mobile payment infrastructure which combines a biometric cryptography modal with a time-synchronized onetime password (TOTP) encryption modal. Keywords-Mobile payments, biometric authentication, fingerprint, template protection, system integration
“what you know”, e.g., passwords or PINs, and/or “what you have”, e.g., tokens. The user of a mobile device would be admitted access when he/she input a correct password or tap a genuine token. However, both methods suffer some weaknesses [1-3]: • First, passwords are hard to be managed. A short password is easy to recall but also easy to be guessed or broken down by the adversary via brute force attacks. While a long password can provide strong security, it is difficult to remember, especially when there are different passwords for different accounts. • Second, tokens can be lost or stolen. Most importantly, both methods cannot tell whether a presenter of the password or token is the genuine user or not. C.
I.
INTRODUCTION
A.
Mobile Payments Since mobile devices such as smart phones are no longer only playing the role of simple voice or short message communication but also are developed to be more powerful than ever, more and more people, especially youths, equip themselves with a smart phone, e.g., iphone, and cannot leave the phone off their hand in most of their daily life. With wireless network technology evolving into 4G and LTE techniques it can offer faster data transmission speed and network stability. Consumers can purchase goods they want by just tapping their mobile phone on a reader. Mobile payments are being used worldwide and there is even speculation that a combined market for all types of mobile payments may exceed that of the wire line commerce in the foreseeable future. B.
Traditional Authentication in Mobile Payments In mobile payments, the core is authentication, which will become a critical concern in mobile wireless environment. In traditional authentication methods, authentication is based on
Biometric Authentication in Mobile Payments Biometric authentication uses some unique biometric features, e.g., fingerprint, finger vein, face, palm print, gait, to achieve authentication in a more trustworthy manner. In a standard biometric authentication system, two stages are required, namely, enrollment stage and authentication stage. To be specific, in the enrollment stage, some high quality feature data are extracted and stored in the database or smartcard as templates; in the authentication stage, the query data are also extracted and compared with the template data stored in the database or smartcard to output a match or nonmatch decision. Biometrics in mobile payments is considered to be the next generation technique and biometrics-embedded mobile devices are becoming increasingly popular. For instance, Apple, one of the largest smart phone makers, has incorporated a fingerprint scanner in its lasted release, Iphone 5S and another smart phone maker, Samsung also included a facial recognition modal in its Galaxy Nexus phones. In addition to directly building a biometric authentication modal into the smart phone, accessories that can add a biometric scanner, e.g., fingerprint scanner, have been proven to be popular. FingerQ, which is a company located in Hong Kong,
*Corresponding author (Email:
[email protected])
978-1-4799-2764-7/13/$31.00 ©2013 IEEE
1699
has developed a series of Android cases that are equipped with fingerprint sensors for added security. D.
Contribution of This Work The main contribution of this work is that we investigate biometric-based systems for securing mobile payments and provide a more insightful understanding on its benefits and challenges. Specifically, we demonstrate that biometric cryptosystems not only can provide high security to biometric templates but also enable a seamless integration with the existing password-based payment systems. Moreover, the deployment of stable feature sets or multimodal biometrics is a feasible solution to enhancing the recognition accuracy of biometric-based mobile payment systems. At last, a multimodal biometric mobile payment infrastructure is proposed as an example for securing mobile payment systems. Existing research work [4] has shown that a multimodal biometric system can achieve better performance in terms of recognition accuracy and security than its unimodal counterpart. The rest of the paper is organized as follows. In Section II, we discuss about the main benefits of using biometrics to secure mobile payments. The associated challenges are presented and analyzed in Section III. In Section IV, we explore solutions to address the challenges, and propose a secure mobile payment infrastructure which combines a biometric cryptography modal with a time-synchronized onetime password (TOTP) encryption modal. The conclusion is given in Section V. II.
BENEFITS OF USING BIOMETRICS IN MOBILE PAYMENTS
Benefits in terms of security and customer convenience that are unavailable from password- or token-based authentication methods are brought by the use of biometrics for securing mobile payments. A.
Security First of all, a biometric trait is hard to forge or spoof, especially when the sensors are equipped with the liveness detection ability to ensure that the biometric being presented is from a live individual. In this way, a biometric-based authentication method can reliably determine the identity of the user while a password- or token-based authentication method cannot ensure the genuineness of a password or token user. Furthermore, a biometric trait such as the fingerprint or face of a person cannot be shared with others because a biometric trait is an intrinsic property of an individual, that is, it cannot be shared like a password. Also, it will not be lost except in an exceptional circumstance, e.g., in the case of a serious accident. In contrast, a token can be stolen or lost relatively easily. Last but not least, the biometric feature data extracted from a physical or behavioral characteristic are unique to each person. Even identical twins would have different fingerprints [5].
B.
Customer Convenience The most obvious convenience brought about by biometrics is that remembering a password is no longer needed. For some people, especially those elders, to remember a long password is a really difficult task, in particular, if different passwords are set for different cards. The use of biometrics also eliminates the necessity to carry a token whenever people want to pay their bills. Besides that, the problems caused by fraudulent cards can be avoided. Research figures indicate that approximately 10 million out of 12 billion transactions or one out of every 1200 transactions turned out to be fraudulent in 1999 [6]. To issue a new card to replace a fraudulent one will take days if not weeks, resulting in the customer not being able to make any payment during that period. III.
CHALLENGES OF USING BIOMETRICS IN MOBILE PAYMENTS
A.
Biometric Template Security The security of biometric templates has a high priority that needs more attention. First, the biometric features of a person remain unchanged over time. For example, a person’s fingerprint or face is determined by genes inherited from his/her parents and is unchangeably associated with the person throughout his or her life. Once it is compromised, it is lost forever. Moreover, the number of an individual’s biometric sources is limited, such as ten fingers, one face, and two eyes, and these biometric features cannot be reset like passwords or reissued like tokens. In particular, one biometric feature is usually used in various applications, thus template loss in one application means its loss in all other relevant applications. A compromised biometric template can lead to a permanent compromised biometric ID which is hard to be replaceable [7]. B.
Recognition Accuracy Unlike a password-based authentication system which can achieve a perfect match between an input password and the stored password, in a biometric authentication system, it is impossible to find out two perfectly matched feature sets, even if these two feature sets are originated from the same trait of a user. This is because biometric feature sets tend to be different every time under different sensing and ambient conditions and various interactions between the user and the sensor. Two basic indicators have been defined to evaluate the recognition accuracy of a biometric authentication system, namely, the false rejection rate (FRR) and the false acceptance rate (FAR) [8]. FRR is the measure of the likelihood that the system wrongly rejects an access attempt of an authorized user and can be calculated by the number of false rejections divided by the total number of genuine attempts. While FAR is the measure of the probability that the system will accept an incorrect input as a positive match and can be calculated by the number of false acceptances divided by the total number of imposter attempts. The recognition error rates of a biometric-based payment system depend on the choice of biometric traits and the quality of the extracted biometric feature data. Most of fingerprint
1700
verification techniques rely on accurate registration which is still very challenging especially for poor quality images [9-11]. Even though the recognition error rate of some specific biometric traits can be quite low, there may be millions of transactions processed by a payment authentication system just on a single day and the number of authentication errors can still be large and unacceptable in real applications. C.
Social Acceptability and System Integration Some surveys indicate that most of the populations [12] believe that biometrics is more convenient and safer than passwords. However, there are some people against the use of biometrics in mobile payment systems for variant reasons. For example, some do not trust this technology; some are afraid of the misuse of biometric feature data for the reason that the feature data may leak their privacy; some think that the exposure to biometric sensors may cause potential unknown health or hygiene risks. There are also a small portion of people who do not repel the use of biometrics but fail to enroll their features into the system due to the absence of reliable biometric features. For those people who repel to or cannot use biometrics, the best way may be allowing the co-existence of password-based and biometric-based authentication. However, the co-existence of both authentication methods may bring about the issue of system integration. In the password-based authentication method, the encrypted or hashed passwords are compared with what is stored in the database to achieve verification, while in the biometric-based authentication method, biometric data are extracted and transmitted to one or more banks for comparison, which requires a consensus on the biometric modal, e.g., fingerprint, face or voice, and biometric data formats, e.g., binary or integer array. Therefore, an integration scheme, which needs to integrate not only different authentication methods but also different biometric modals and data formats, is required. IV.
ρ
ω
ρ
ω' Figure 1. The flowchart of a fuzzy extractor
SOLUTIONS
In this section, we propose some countermeasures to overcome the challenges associated with using biometrics for securing mobile payments. We also present a multimodal biometric mobile payment infrastructure. A.
template and query data is conducted on the transformed data in the transformed domain. In this way, the adversary cannot reach the original template data even though the transformed template data are leaked. A new transformed template can be reissued just by changing the transformation function parameters. However, one main drawback of cancellable biometrics is that it can only provide a yes/no decision. The second category of biometric template protection is known as biometric cryptosystems. In a biometric cryptosystem, a secret key is either released or directly generated from the noisy biometric feature data. Meanwhile, the original biometric template feature data is encrypted by a secure sketch, e.g. fuzzy commitment [17], fuzzy vault [18] or fuzzy extractor [19], which outputs a helper data. The helper data is generated by an irreversible encryption process so that it is computationally difficult for the adversary to obtain the original template feature data from the helper data.
Biometric Template Protection Biometric template protection aims to safeguard biometric templates from malicious attacks launched by an adversary. A template protection method should satisfy several properties such as non-reversibility, recognition accuracy and diversity. However, it is a challenging task to design a template protection method to provide all the above properties because large intra-class variations exist in biometric images of the same trait in different acquisitions. The existing biometric template protection methods can be generally divided into two categories. The first category is called cancellable biometrics [13, 14] [15, 16], which applies a non-invertible transformation function to both the original template data and the query data. The matching between
In [17] and [18], the helper data is acquired from the original unprotected template binding with an external secret key, so both methods give rise to key-binding biometric cryptosystems. In [17], the authors proposed a method named fuzzy commitment which is tolerant of error and capable of protecting biometric data. This addresses a major outstanding problem, e.g., data is subject to random noise, in the theory of biometric authentication. However, there is one limitation with the fuzzy commitment method, that is, it requires the biometric data to be ordered. It is achievable for some modalities such as iris and finger vein, but the same order requirement for template and query data is impossible to achieve on some other modalities such as minutiae-based fingerprints, from which the minutiae feature data extracted is unordered. To solve this problem, a fuzzy vault method [18] is proposed by Juels and Sudan. Since the fuzzy vault method does not require the biometric data to be ordered, it complies with fingerprint recognition systems very well. In the enrollment stage of a fuzzy vault method, a user specified key
1701
is encoded using the template data set together with a set of chaff data. In the authentication stage, the user specified key can be unlocked by using the query data set as long as it has substantial overlap with the template data set. Different from [17] and [18], in [19], the helper data ρ is
(d1_ 5 , α1_ 5 , θ1_ 5 )
m2
generated from the unprotected template data ω by a secure sketch (SS), PinSketch, in the enrollment stage. A cryptographic key R , which is the same as the one generated in the authentication stage, can be extracted from the helper data ρ together with the query data ω ' by the recover modal (Rec) in the authentication stage, if ω and ω ' are close enough. Since the cryptographic key R is directly generated from the biometric feature data, the system designed by this method can also be called a key-generating biometric cryptosystem. A flowchart of a fuzzy extractor is provided in Fig. 1. Recognition Accuracy Improvement Although matching is not a big issue in unencrypted domain, matching over the encrypted domain remains an open problem. First, registration in the unencrypted domain may not be applicable to the encrypted domain since the original template data is encrypted and unable to be used for registration. Second, most existing matching algorithms for biometric cryptosystems are dependent on the error-correction codes to rectify biometric uncertainty. However, biometrics captured from the same individual at different times tends to be different, which may cause the biometric data to fail falling close to the correct codeword due to large intra-class variations. Therefore, adoption of stable biometric feature data not requiring registration, which are alignment-free and capable of reducing the biometric uncertainty intrinsic to biometric cryptosystems, is an effective means to improve recognition accuracy. For instance, Xi et al. [20] introduced an alignment-free fingerprint fuzzy vault based on a rotation- and translationinvariant composite local feature. The composite local feature is represented using a triplet, (d i _ j , α i _ j , θ i _ j ) , where d i _ j is
(d1_ 2 , α1_ 2 , θ1_ 2 )
m5
m1
(d1_ 3 , α1_ 3 , θ1_ 3 ) m3
(d1_ 4 , α1_ 4 , θ1_ 4 ) m4
B.
the edge length between two minutiae mi and m j ; α i _ j is the difference between the orientation angles of mi and m j ;
θi _ j is the counter-clockwise angle between the orientation of mi and the edge ei _ j . The composite feature (as shown in Fig. 2) instead of minutiae location coordinates is used for vault encoding and decoding. The experimental results on the database FVC2002 DB2 show that this approach achieves FRR=1.5% when FAR=0.01%, which significantly improves the performance of the simple minutiae coordinate based method (FRR=9% when FAR=0.01%) [20]. Another solution to improve recognition accuracy is the employment of multimodal biometrics which fuses biometric features from more than one source, e.g. fusion of fingerprint and finger-vein, or fusion of fingerprint and face. Multimodal biometrics, which holds richer and more discriminative
Figure 2. An example of the composite feature
information than a single-feature biometric system [4], is supposed to provide better recognition accuracy. For example, a multimodal-based fuzzy vault is proposed by Nandakumar and Jain in [21] to secure the fused template data derived from individual fingerprint and iris images. In this scheme, the iris code template data is salted by using a non-invertible transformation based on a random transformation key. After that, the transformation key instead of the iris code, which acts as the unordered set, is combined with the minutiae set to construct a secure vault sketch. In [22], Sutcu et al. combined the minutiae-based fingerprint feature data with the singular value decomposition (SVD) based face feature data to provide security protection to the fused finger-face template by using an existing cryptographic primitive. Experimental results on publicly available databases show that the performance of the above two multimodal biometric systems makes a certain extent of enhancement in terms of recognition accuracy compared with their unimodal biometric counterparts. However, improvement in recognition accuracy by using a multimodal biometric cryptosystem also comes at a cost. More sensors are needed for different biometric modals, leading to an increase in cost. Moreover, user inconvenience would be aggravated since users have to interact with at least two sensors and the enrollment and authentication time would also increase.
C.
Social Acceptability and System Integration Social acceptance of a biometric authentication system depends on the biometric trait that is included in the biometric system. For example, a face or voice based authentication system has high social acceptability because they are not intrusive features and are easy to use. However, an iris based authentication system is not popular in real applications because the extraction of iris feature data is quite intrusive. Apart from social acceptability, recognition accuracy and system cost are also factors that need consideration. In Table I,
1702
some currently used biometric traits are compared in terms of recognition accuracy, cost and social acceptability [12]. TABLE I COMPARISON OF SOME CURRENTLY USED BIOMETRIC AUTHENTICATION SYSTEMS IN TERMS OF RECOGNITION ACCURACY, COST AND SOCIAL ACCEPTABILITY
Type of Biometrics
Accuracy
Cost
Social acceptance
Fingerprint Face Iris Palm print Voice Finger vein
High Medium High Medium Medium High
Medium Medium High Low Medium Medium
Medium High Low High High Medium
From Table I, it can be seen that even if iris-based authentication shows high recognition accuracy, its social acceptance is low and the cost is very expensive. That is why we rarely see an iris-based authentication system around us. Fingerprint biometrics is one of the most developed techniques and can achieve very high accuracy. Although some people may think that capturing a fingerprint is intrusive due to its strong connection with criminal identification, fingerprint is still the most popular and commonly used biometric type. In the context of multimodal biometrics, the combination of fingerprint and finger vein may be a good choice since they are both captured from fingers and one combined sensor can extract both fingerprint and finger vein data at the same time. For example, Morpho, a hightechnology company, developed a multimodal device, Finger VP desktop, which is able to capture and process fingerprint and finger vein biometric data simultaneously. Using this
device, people who experience difficulties in enrollment with a mono-modal device can enroll successfully. Moreover, unparalleled recognition accuracy can be achieved. When FAR=10-4, FRR can be 10 times lower than the best performance of the fingerprint or finger vein modality. Last but not least, the cost of this device is inexpensive and the operation of this device is as simple as capturing fingerprints alone. As for system integration, to overcome the difficulty of biometric data exchange between password-based and biometric-based authentication systems, a biometric cryptosystem, e.g., a fuzzy vault or a fuzzy extractor, is an appropriate option. The secret key either released or generated by a biometric system can perform the same function as a password.
D.
A Biometric-based Mobile Payment Infrastructure In this section, we propose a fingerprint and finger vein based multimodal biometric mobile payment infrastructure as shown in Fig. 3. In this infrastructure, a biometric cryptography modal is combined with a time-synchronized one-time password (TOTP) encryption modal [23] to provide security for mobile payment systems. The biometric cryptography modal can release/generate a secret key kS from the query biometric data under the assistance of the biometric helper data. For the TOTP encryption modal, an accurate clock embedded in the mobile device is synchronized with the clock on the authentication server and the generation of a onetime password kotp is based on the current time stamp. The secret key kS from the biometric cryptography modal is responsible for user authentication, while the one-time
Mobile Device
Bank
Owner Info (OI) Card
Database
OI&HD Biometric Helper Data (HD)
OI
Sensor
Biometrics
And/or
Feature Extractor
Secret key,kS
TOTP encryption
C1
TOTP decryption
Secret key,kS
Comparison
Released/G enerated Secret Key Biometric Cryptosystem Payment Transaction Data
Input Info (II)
II II
Figure 3. An example of a fingerprint and finger vein based biometric mobile payment infrastructure
1703
Transaction Processing
password kotp from the TOTP encryption modal is used for encrypting the secret key kS and other transaction data, so as to ensure data security during wireless transmission. To be specific, we assume that the card owner’s information (OI), e.g., card number, user’s name and expiry date, together with a reference key kref is stored in the bank server for authentication. It is noteworthy that only the reference key kref instead of the template biometric data is stored in the server. When a transaction takes place, a user presents his/her bank card, which contains the owner’s information (OI), the biometric helper data (HD), and also his/her biometric trait on the mobile device which is equipped with some corresponding biometric sensors. Then the biometric query data is extracted and utilized to release/generate a secret key kS under the assistance of the helper data HD. To protect the security of OI, the secret key kS and the input transaction information II during the wireless transmission, they are encrypted by using the one-time password kotp generated from the TOTP encryption modal as C1 =E kotp (OI,k S ,II) . C1 is subsequently delivered to the bank server for authentication through the wireless network. After receiving the encrypted data set C1, the banking system decrypts C1 using the same password kotp created in the same time period when the payment transaction occurred, i.e. (OI,k S ,II)=D kotp (C1 ) . According to the obtained OI, the originally stored secret key kref is compared with kS. If the comparison result is positive, then the payment transaction II is processed, and vice versa.
REFERENCES [1] [2] [3] [4] [5] [6] [7]
[8] [9]
[10] [11] [12]
V.
CONCLUSION
In this paper, we investigate how to secure biometric-based mobile payments and provide a more insightful understanding on the benefits and challenges brought about by the use of biometrics in mobile payments. We observe that biometric cryptosystems, which can either release or generate a uniform and constant binary string from noisy biometric data, not only can provide high security to biometric templates but also enable a seamless integration with the existing passwordbased payment systems with minor modification. Moreover, the employment of stable feature sets or multimodal biometrics is a feasible solution to enhance the recognition accuracy of biometric-based mobile payment systems. Finally, a multimodal biometric mobile payment infrastructure based on fingerprint and finger vein biometrics is proposed.
[13]
ACKNOWLEDGMENT
[20]
This work was supported in part by ARC grants LP110100602, LP100200538, LP100100404, LP120100595 and the National Natural Science Foundation of China under Grant 61063035.
[14] [15] [16] [17] [18] [19]
[21] [22] [23]
F. Han, J. Hu, X. Yu, Y. Feng, and J. Zhou, "A novel hybrid cryptobiometric authentication scheme for ATM based banking applications," in Advances in Biometrics, ed: Springer, 2005, pp. 675-681. F. Han, J. Hu, L. He, and Y. Wang, "Generation of reliable PINs from fingerprints," in Communications, 2007. ICC'07. IEEE International Conference on, 2007, pp. 1191-1196. K. Xi and J. Hu, "Introduction to bio-cryptography," Handbook of Information and Communication Security. Springer, 2010, C. Rathgeb and C. Busch, "Multi-Biometric Template Protection: Issues and Challenges," New Trends and Developments in Biometrics, 2012, pp. 173-190. A. K. Jain, S. Prabhakar, and S. Pankanti, "On the similarity of identical twin fingerprints," Pattern Recognition, vol. 35, 2002, pp. 2653-2663. P. J. Lisboa, B. Edisbury, and A. Vellido, Business applications of neural networks: the state-of-the-art of real-world applications vol. 13: World scientific, 2000. K. Xi, J. Hu, and F. Han, "An alignment free fingerprint fuzzy extractor using near-equivalent Dual Layer Structure Check (NeDLSC) algorithm," in 6th IEEE Conference on Industrial Electronics and Applications (ICIEA), 2011, pp. 1040-1045. W. Yang, K. Xi, and C. Li, "A cancellable and fuzzy fingerprint scheme for mobile computing security," in AIP Conference Proceedings, 2012, p. 1494. Y. Wang, J. Hu, and D. Phillips, "A fingerprint orientation model based on 2d fourier expansion (fomfe) and its application to singular-point detection and fingerprint indexing," Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol. 29, 2007, pp. 573-585. Y. Wang and J. Hu, "Global ridge orientation modeling for partial fingerprint identification," Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol. 33, 2011, pp. 72-87. P. Zhang, J. Hu, C. Li, M. Bennamoun, and V. Bhagavatula, "A pitfall in fingerprint bio-cryptographic key generation," Computers & Security, vol. 30, 2011, pp. 311-319. A. K. Jain, A. Ross, and S. Prabhakar, "An introduction to biometric recognition," IEEE Transactions on Circuits and Systems for Video Technology, vol. 14, 2004, pp. 4-20. T. Ahmad, J. Hu, and S. Wang, "Pair-polar coordinate-based cancelable fingerprint templates," Pattern Recognition, vol. 44, 2011, pp. 25552564. S. Wang and J. Hu, "Alignment-free cancellable fingerprint template design: a densely infinite-to-one mapping (DITOM) approach," Pattern Recognition, vol. 45, 2012, pp. 4129-4137. J. Hu, "Mobile fingerprint template protection: progress and open issues," in 3rd IEEE Conference on Industrial Electronics and Applications, 2008, pp. 2133-2138. S. Wang and J. Hu, "Design of alignment-free cancelable fingerprint templates via curtailed circular convolution," Pattern Recognition, 2013, A. Juels and M. Wattenberg, "A fuzzy commitment scheme," in Proceedings of the 6th ACM conference on Computer and communications security, 1999, pp. 28-36. A. Juels and M. Sudan, "A fuzzy vault scheme," Designs, Codes and Cryptography, vol. 38, 2006, pp. 237-257. Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, "Fuzzy extractors: How to generate strong keys from biometrics and other noisy data," SIAM Journal on Computing, vol. 38, 2008, pp. 97-139. K. Xi and J. Hu, "Biometric mobile template protection: a composite feature based fingerprint fuzzy vault," in Communications, 2009. ICC'09. IEEE International Conference on, 2009, pp. 1-5. K. Nandakumar and A. K. Jain, "Multibiometric template security using fuzzy vault," in 2nd IEEE International Conference on Biometrics: Theory, Applications and Systems, 2008, pp. 1-6. Y. Sutcu, Q. Li, and N. Memon, "Secure biometric templates from fingerprint-face features," in IEEE Conference on Computer Vision and Pattern Recognition, 2007, pp. 1-6. A. Perrig, R. Canetti, J. D. Tygar, and D. Song, "The TESLA broadcast authentication protocol," RSA Cryptobytes, 2002, p. 12.
1704
