On Mon, 17 Apr 2000 [EMAIL PROTECTED] wrote:
> >Some of these, such as template-less biometrics, are so new they are
> >little more than a theoretical sparkle in designers' imaginations, but
> >they are moving fast.
>
> Any idea what is meant by a "template-less biometric?" In order to verify
> a person's identity, the live scan data must be compared with something,
> i.e., a template.
Maybe this refers to using a hash of a template instead of a full template
itself as the standard for comparison? I'm just guessing; my guess is
based on the existence of a paper by Ari Juels (from RSA Labs) & a
co-author whose name I don't recall now on
"Fuzzy Commitment Schemes" at this year's ACM Conference on Computer and
Communications Security.
The idea is that current hash functions are inadequate for biometric
identification. You can't just hash a template and then hash incoming
readings and expect them to match; there's too much variation between
various readings for this to work.
A "fuzzy commitment scheme" or a "fuzzy hash" is a hash function such that
you can determine whether hash inputs are "sufficiently close" to a hash
output. At the same time, you want to preserve the same kind of one-way
and collision resistance properties which make hash functions worth using
in the first place -- i.e. accept almost no false incoming data and
prevent an adversary from learning the template from its hash.
As I recall, the scheme was based on some kind of hashing to an error
correcting code. Template hashes would be specific codewords, and then
incoming data would be matched to see if it was "close enough" to that
codeword. Probably better to do a web search for the paper at this point..
Thanks,
-David
