Bipartite Biotokens: Definition, Implementation, and Analysis

  • W. J. Scheirer
  • T. E. Boult
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5558)


Cryptographic transactions form the basis of many common security systems found throughout computer networks. Supporting these transactions with biometrics is very desirable, as stronger non-repudiation is introduced, along with enhanced ease-of-use. In order to support such transactions, some sort of secure template construct is required that, when re-encoded, can release session specific data. The construct we propose for this task is the bipartite biotoken. In this paper, we define the bipartite biotoken, describe its implementation for fingerprints, and present an analysis of its security. No other technology exists with the critical reissue and secure embedding properties of the bipartite biotoken. Experimental results for matching accuracy are presented for the FVC 2002 data set and imposter testing on 750 Million matches.


Security Analysis Biometric Data Biometric Template Brute Force Attack Fuzzy Extractor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Jain, A., Nandakumar, K., Nagar, A.: Biometric Template Security. EURASIP Journal on Advances in Signal Processing 2008, Article ID 579416Google Scholar
  2. 2.
    Juels, A., Sudan, M.: A Fuzzy Vault Scheme. In: Proc. of the IEEE Intl. Symposium on Information Theory (2002)Google Scholar
  3. 3.
    Nandakumar, K., Jain, A.K., Pankanti, S.: Fingerprint-based Fuzzy Vault: Implementation and Performance. IEEE Trans. on Info. Forensics and Security 2(4), 744–757 (2007)Google Scholar
  4. 4.
    Nandakumar, K., Nagar, A., Jain, A.K.: Hardening Fingerprint Fuzzy Vault Using Password. In: Lee, S.-W., Li, S.Z. (eds.) ICB 2007. LNCS, vol. 4642, pp. 927–937. Springer, Heidelberg (2007)Google Scholar
  5. 5.
    Nandakumar, K., Jain, A.K.: Multibiometric Template Security Using Fuzzy Vault. In: IEEE Conf. Biometric Theory, Application and Systems (2008)Google Scholar
  6. 6.
    Mihailescu, P.: The Fuzzy Vault for Fingerprints is Vulnerable to Brute Force Attack (2007),
  7. 7.
    Chang, W., Shen, R., Teo, F.W.: Finding the Original Point Set Hidden Among Chaff. In: Proc. of the ACM Sym. on Info. Computer And Comm. Security (2006)Google Scholar
  8. 8.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors. In: Tuyls, P., Skoric, B., Kevenaar, T. (eds.) Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting, ch. 5, pp. 79–99. Springer, Heidelberg (2007)Google Scholar
  9. 9.
    Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure Remote Authentication Using Biometrics. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Ballard, L., Kamara, S., Reiter, M.: The Practical Subtleties of Biometric Key Generation. In: USENIX Security Symposium, August 2008, pp. 61–74 (2008)Google Scholar
  11. 11.
    Scheirer, W., Boult, T.: Cracking Fuzzy Vaults and Biometric Encryption. In: Proc. of the 2007 IEEE Biometrics Symposium, held in conjunction with the Biometrics Consortium Conference (BCC 2007), Baltimore, MD (2007)Google Scholar
  12. 12.
    Boult, T., Scheirer, W., Woodworth, R.: Secure Revocable Finger Biotokens. In: Proc. of the IEEE Conf. on Computer Vision and Pattern Recognition (2007)Google Scholar
  13. 13.
    Scheirer, W., Boult, T.: Bio-cryptographic Protocols With Bipartite Biotokens. In: Proc. of the IEEE 2008 Biometrics Symposium, held in conjunction with the Biometrics Consortium Conference (BCC 2008), Tampa, FL (2008)Google Scholar
  14. 14.
    Maio, D., Maltoni, D., Wayman, J., Jain, A.K.: FVC 2002: Second Fingerprint Verification Competition. In: Proc. of the 2002 Int. Conf. Pattern Recognition (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • W. J. Scheirer
    • 1
    • 2
  • T. E. Boult
    • 1
    • 2
  1. 1.Univ. of Colorado at Colorado SpringsColorado SpringsUSA
  2. 2.Securics IncColorado SpringsUSA

Personalised recommendations