Biometric cryptosystems: Issues and challenges

In traditional cryptosystems, user authentication is based on possession of secret keys, which falls apart if the keys are not kept secret (i.e., shared with nonlegitimate users). Further, keys can be forgotten, lost, or stolen and, thus, cannot provide nonrepudiation. Current authentication systems based on physiological and behavioral characteristics of persons (known as biometrics), such as fingerprints, inherently provide solutions to many of these problems and may replace the authentication component of the traditional cryptosystems. In this paper, we present various methods that monolithically bind a cryptographic key with the biometric template of a user stored in the database in such a way that the key cannot be revealed without a successful biometric authentication. We assess the performance of one of these biometric key binding/generation algorithms using the fingerprint biometric. We illustrate the challenges involved in biometric key generation primarily due to drastic acquisition variations in the representation of a biometric identifier and the imperfect nature of biometric feature extraction and matching algorithms. We elaborate on the suitability of these algorithms for the digital rights management systems. © 2004 IEEE.