Computers & Security (2004) 23, 606e614

www.elsevier.com/locate/cose

Personalised cryptographic key generationbased on FaceHashing

Andrew B.J. Teoha,*, David C.L. Ngoa,1, Alwyn Gohb,2

aFaculty of Information Science and Technology, Multimedia University,Jalan Ayer Keroh Lama, 75450 Melaka, MalaysiabCorentix Laboratories, 32 Jalan Tempua 5, 47100 Puchong, Malaysia

Received 8 January 2004; accepted 2 June 2004

KEYWORDSBiometric based key

cryptography;Face recognition;Wavelet Fourier-Mellin

transform;Tokenised pseudo

random number;Shamir’s secret-

sharing scheme;

Abstract Among the various computer security techniques practice today,cryptography has been identified as one of the most important solutions in theintegrated digital security system. Cryptographic techniques such as encryption canprovide very long passwords that are not required to be remembered but are in turnprotected by simple password, hence defecting their purpose. In this paper, weproposed a novel two-stage technique to generate personalized cryptographic keysfrom the face biometric, which offers the inextricably link to its owner. At the firststage, integral transform of biometric input is to discretise to produce a set of bitrepresentation with a set of tokenised pseudo random number, coined as FaceHash.In the second stage, FaceHash is then securely reduced to a single cryptographickey via Shamir secret-sharing. Tokenised FaceHashing is rigorously protective of theface data, with security comparable to cryptographic hashing of token andknowledge key-factor. The key is constructed to resist cryptanalysis even against anadversary who captures the user device or the feature descriptor.ª 2004 Elsevier Ltd. All rights reserved.

* Corresponding author. Tel.: C606 252 3457; fax: C606 231 8840.E-mail addresses: bjteoh@mmu.edu.my (A.B.J. Teoh), david.ngo@mmu.edu.my (D.C.L. Ngo), alwyn_goh@yahoo.co.uk (A. Goh).

1 Tel.: C606 252 3111/3485.2 Tel.: C603 58910155.

0167-4048/$ - see front matter ª 2004 Elsevier Ltd. All rights reserved.doi:10.1016/j.cose.2004.06.002

Personalised cryptographic key generation 607

Introduction

Security is a major concern in today’s digital era.Cryptography has been recognized as one of themost popular technology to solve the four principlesecurity goals, i.e. privacy, authentication, integ-rity and authorization (Smith, 1997). In general,data will be secured using symmetric cryptosystem, while public-key system will be deployedfor digital signatures and for secure key exchangebetween users. Cryptographic techniques such asencryption can provide very long passwords (strongcryptographic keys) which are not required to beremembered but are in turn protected by a simplepassword, but once the password is compromised,the entire solution may fall apart.

A biometric is a feature measured from thehuman body that is distinguishing enough to beused for user authentication. Examples includevoice, handwriting, face, eye and face and signa-ture. Biometric offers to inextricably link theauthenticator to its owner, something passwordsor token cannot do, since they can be lent orstolen. When used in cryptographic key generationcontext, this inextricable link can be adopted toreplace password to rectify the aforementionedproblem. In the simplest biometrics-cryptographickey application, an external specific crypto keymay be stored as a portion of a user’s particular,i.e. user name, biometric template, access priv-ileges, etc. which may be released upon a success-ful match. This is fine in key management butsecure only when the user’s particular is placedand the matching is done in secure region. Appar-ently, it is useful to generate cryptographic keydirectly from the user-specific biometrics. Thiscan be done by deriving some independent, non-recovery parameters that are solely tied to a par-ticular person, and thus crypto techniques canutilize these parameters as crypto key for encryp-tion or decryption purposes. Basically, the bio-metrics based key generation process could bemade either in a front-end approach or in a back-end approach (Peyravian et al., 1999). In front-endapproach, the designation of the initial seed valueof PRNG (Pseudo Random Number Generator) ismodified or extended to include a user-specificdata, i.e. biometrics component whereas in theback-end approach, the random numbers whichare produced by the PRNG are processed to makeit dependent on biometrics data. However, therepresentation problem is simply that biometricdata are continuous and statistically frustrated,while cryptographic parameters are discreteand have zero-uncertainty. Biometric consistency

measured from the difference between referenceand test data is similar but never equal and henceinadequate for cryptographic purposes which re-quire exact reproduction.

The first notion of using biometric parameterdirectly as a crypto key was proposed by Bodo(1994). However, instability of biometrics duringthe course of time and non-appreciable equal errorratedthe error rate occurring when the decisionthreshold of a system is set so that the proportionof false rejections will be approximately equal tothe proportion of false acceptancesdhinders itsdirect use as a crypto key. Also if the key is evercompromised, the use of that biometrics will belost irrevocably which is inconsistent with a systemthat requires periodic updating. The Soutar et al.(1999) research outlines cryptographic key recov-ery from the integral correlation of fingerprintdata and previously registered Bioscrypts. Bio-scrypts result from the mixing of random anduser-specific data, thereby preventing recoveryof the original fingerprint data with data captureuncertainties addressed via multiply-redundantmajority-result table lookups. The Soutar et al.formulation is nevertheless restrictive in that keysare externally specified and then recovered, rath-er than internally computed. The Davida et al.(1998) formulation outlines cryptographic signa-ture verification of iris data without stored refer-ences. This is accomplished via open token-basedstorage of user-specific Hamming codes necessaryto rectify offsets in the test data, thereby allowingverification of the corrected biometrics. Such self-correcting biometric representations are applica-ble towards key computation, with recovery of irisdata via analysis of these codes prevented bycomplexity theory. Monrose et al. key computationfrom user-specific keystroke (Monrose et al., 1999)and voice (Monrose et al., 2001) data is bothdeterministic and probabilistic. The methodology(broadly similar in both cases) specifies the de-terministic concatenation of single bit outputsbased on logical characterizations of the biometricdata, in particular whether user-specific featuresare below (0) or above (1) some population-genericthreshold. This accumulation of 0 and 1 responsewith the additional possibility of an indeterminate(B) output for certain features is then used inconjunction with randomized lookup tables formu-lated via Shamir secret-sharing (Shamir, 1979).

This paper proposed a novel cryptographic keycomputation technique from face biometrics. Theproposed technique can be characterized as hav-ing two stages: feature extraction and key com-putation (cryptographic key interpolation) Goh and

608 A.B.J. Teoh et al.

Ngo, 2003. In the feature extraction stage, certainfeatures of raw input from a biometric-measuringdevice are examined and used to compute a set ofbit string, coined as FaceHash. The key computa-tion stage develops a cryptographic key from theFaceHash and stored cryptographic data in thedevice. If two FaceHash are sufficiently similar,then the same cryptographic key will be generatedfrom them. We provide the experimental results toillustrate high stability of FaceHash, which is vitalfor key generation. FaceHash is rigorously pro-tective of the face data, with security comparableto cryptographic hashing of token and knowledgekey-factor. The key is constructed to resist crypt-analysis even against an adversary who capturesthe user device or the feature descriptor.

The following section provides an overview ofour approach while the next three sections presentits components in detail. Further the experimentalresults and a security analysis in terms of key-factor independent and non-recovery are discus-sed. Finally, the last section gives the concludingremarks of this paper.

Biometric based cryptographic keyderivation overview

As aforementioned, biometrics and cryptographyare the two opposed paradigms and this had moti-vated the formulation of highly offset-tolerantdiscretisationmethodologydFaceHashing.Thepro-cess is crucial to our biometric based crypto keyderivation through our two-stage scheme as illus-trated in Fig. 1.

The proposed scheme contains two stages whilestage one could be subdivided into two parts:

Stage 1: Feature extraction(a) The first step is to transform the raw face

data, I˛<N, where N is the image pixelisationdimension into another image representationin log-polar frequency domain, G˛<M, whereM! N denotes log-polar spatial frequency

dimension by using integrated Wavelet andFourier-Mellin transform framework (WFMT)(Andrew and David, 2003). Wavelet transform,with its approximate decomposition is used toreduce the noise and produce a representationin the low frequency domain, and hence makesthe facial images insensitive to facial expres-sion and small occlusion. The Fourier-Mellintransform served to produce a translation,rotation and scale invariant feature.

(b) This step engaged discretisation process ofthe data via a repeated inner-product of asecret number (a number uniquely associ-ated with a token) and user data, i.e.sZ !cdxf0(x)g(x) for integral transform func-tions f, g˛L2 with enhance offset tolerance.The goal is to extract the main features ofthe face data, which are the most stable forimages from same user, and vary a lot fordifferent users. The extracted bit strings arecoined as FaceHash.

Stage 2: Key computation (cryptographic keyinterpolation)

By using a secret-sharing scheme (calledShamir’s threshold scheme), we develop acryptographic key kc (an element of the fieldZq, for some prime q) from FaceHash withlength lb, b˛f0; 1glb , and stored cryptographicdata in the device. It can be shown that thisscheme satisfies both the availability (i.e.,a quorum number of key shares suffice toreconstruct the secret key) and non-recovery(i.e., compromise of certain number of keyshares does not expose the secret key)properties. The subsequent sections will detailthese three components.

Stage 1(a): wavelet Fourier-Mellintransform feature construction

The wavelet decomposition of a signal f(x) can beobtained by convolution of signal with a family ofreal orthonormal basis, ja,b(x)

Figure 1 Biometric based cryptographic key derivation procedure.

Personalised cryptographic key generation 609

ðWjfðxÞÞða;bÞ ¼ jaj�1=2

Z<

fðxÞj�x� b

a

�dx ð1Þ

where a, b and as 0 are the dilation parameterand the translation parameter, respectively. Two-dimensional wavelet transform leads to a decom-position of approximation coefficients at levelj� 1 in four components: the approximationsat level j, Lj and the details in three orienta-tions (horizontal, vertical and diagonal), Djvertical,Djhorizontal and Djdiagonal (Mallat, 1998).

In an early study, Harmon (1973) found thatinformation in low spatial frequency bands havea dominant role in face recognition. Besides,Nastar et al. (1997) found that facial expressionsand small occlusion affect the high-frequencyspectrum whereas changes in pose or scale ofa face affect their low frequency spectrum, whilea change in face will affect all frequency compo-nents. As such, Lj, as the smoothed version thatcorresponded to low or middle band in the fre-quency spectrum, are insensitive to the facialexpressions and small occlusion and optimal forthe recognition purpose.

In the face authentication, the varying position,scale and the orientation angle of the face imageduring the capturing time may severely reduceperformance. These alignment problems can besolved by transforming a face image into aninvariant feature by using Fourier-Mellin transform(FMT) Reddy and Chatterji, 1996. FMT is trans-lation invariant and represents rotation and scalingas translations along the corresponding axes inparameter space, and thus this technique decou-ples images rotation, scaling and translation, andis also therefore very efficient numerically byutilizing the Fast Fourier transform (FFT). How-ever, the result stated for the continuous casedoes not carry over exactly to the discrete case.

Some artifacts may be introduced due to thesampling and truncation if the implementation isnot done with care. Therefore a high-pass filter isapplied on the logarithm spectra, H(x,y) Z(1 � cos(px) cos(py))(2 � cos(px) cos(py)) with�0.5 % x, y% 0.5. And hence, the block diagramof Wavelet Fourier-Mellin transform (WFMT) fea-ture representation, G is shown in Fig. 2.

Stage 1(b): biometrics discretisation

At this stage, the invariant face feature, G˛<M

with M, the log-polar spatial frequency dimension,is reducing down to a set of single bit, b˛f0; 1glb ,with lb the length of the bit string via a uniformdistributed secret pseudo random number,r˛f�1; 1g that is uniquely associated with a token.

Specifically, let G˛<M,

(1) Use token to generate a set of pseudo randomnumber, fri ˛<M

��i ¼ 1;.; lbg.(2) Apply the Gram-Schmidt process to transform

the basis fri ˛<M��i ¼ 1;.; lbg into an ortho-

normal set of matrices fr?i ˛<M��i ¼ 1;.; lbg.

(3) Compute fCG��r?iD˛<

��i ¼ 1;.; lbg where C j Dindicates inner-product operation.

(4) Compute lb bits FaceHash, bi ˛ 2lb from

bi ¼�

0 if CG��r?iD%t

1 if CG��r?iDOt

lb%M;

where t is a preset threshold. In this paper, the t isset to 0.

Repetition of this procedure to obtain multiplebits renders the issue of inter-bit correlations, thisissue is addressed via Gram-Schmidt process toobtain orthonormal set 2 ¼ fr?k

��k ¼ 1; 2;.; lbg.Each bit bi(x) is hence rendered independent of

Figure 2 Block diagram of generating the WFMT features.

610 A.B.J. Teoh et al.

all others, so that legitimate (and unavoidable)variations in G that invert bi(x) would not neces-sarily have the same effect on bIC1(x). Besides,the progression is worth noting that there is noapriori restriction on the value of lb, though lb !Mand that by the virtue of using pseudo randompattern, b˛f0; 1glb can be interpolated.

The above-listed parameters are said to be zeroknowledge (ZK) representations of their inputs ifthe transformations are non-invertible, as in thecase of cryptographic hash

hðr;kÞ : 2lb!cl0b

2l0b/2lb

for tokenised pseudo random number, r and secretknowledge (arbitrary-length password) k. The non-recovery of key-factors Cr; kD from h(r, k) motivatesan equivalent level of protection for biometric G,which is accomplished via token-specification ofrepresentations in this stage 1(b) and stage 2briefed in the section following ‘Introduction’,such that FaceHash Hðr?;GÞ : 2lb!<M/2lb doesnot jeopardize Cr?;GD. This is crucial from thesecurity viewpoint whether (or how) these trans-formations can be inverted to recover the inputinformation because once a biometric image ortemplate is stolen; it is stolen forever and cannotbe reissued, updated or destroyed as well as itscorresponding crypto key. ZK representationH(r\, G) is subsequently useful for standard crypto-graphic operations, such as signature generationand message decryption. Note H has an important(and challenging) additional requirement over h,namely offset tolerance so that H(r\, G) is stablefor G˛<M. This requirement essentially addressesthe fundamental gap between biometric similarityand cryptographic equality.

Cryptographic key interpolation(Shamir’s (2, ls)-thresholding scheme)

The limited uncertainty of FaceHash, b˛f0; 1glb isaddressed via Shamir secret-sharing (Shamir,1979); which uses modular polynomialp(x) : Zq/ Zq where q is a prime for secretencoding p(0) Z kc i.e. the 2lb 3 Zq cryptographickey in our context. In the simplest case of linearpolynomials, this allows secret recovery via

kc ¼HðbÞpðHðr?ÞÞHðbÞ �Hðr?Þ

CHðr?ÞpðHðbÞÞHðr?Þ�HðbÞ ðmod qÞ ð2Þ

where r\ be the orthonormalized token num-ber used to compute the FaceHash, b and H( )is the hashing function. The details of the

implementation of the biometrics based crypto-graphic key derivation, which occurs during theenrollment and the verification stage are providedbelow. This constitutes a rigorous 2 of ls thresholdsystem with ls the number b of a particular user.

Enrollment

Let kc be a secret key and fb0i ji ¼ 1;.; lsg denotes

ls possible FaceHash associated with a particularuser. The superscript 0 refers to the imagesacquired during the enrollment.

1. Choose a random degree-1 polynomial p˛Zqsuch that pð0Þ ¼ kc.

2. Compute coordinate pair {X0, Y0} toconstitute a secret-share, such asX0 : fx0

r?¼ Hðr?ÞWx0

i ¼ Hðb0i Þji ¼ 1;.; lsg,

H0 : fh0i ¼ Hðx0

i Þ; ji ¼ 1;.; lsg andY0 : fy0

r?¼ pðx0

r?ÞWy0

i ¼ pðx0i Þji ¼ 1;.; lsg.

3. Store c ¼ fH0;Y0g on token.

Verification (key retrieval)

Let fb1i ji ¼ 1;.lsg. The superscript 1 represents

an image used in verification.

1. ComputeX1 : fx1

r?¼ Hðr?ÞWx1

i ¼ Hðb1i Þji ¼ 1;.; lsg and

H1 : fh1i ¼ Hðx1

i Þji ¼ 1;.; lsg.2. Retrieve H0 : fh0

i ji ¼ 1;.; lsg andY0 : fy0

r?Wy0

i ji ¼ 1;.; lsg from c in token.3. Extract kc iff h0

i ¼ h1j for any i; j˛f1;.; lsg,

kc ¼y0r?x1j

x1j � x1

r?

Cy0i x

1r?

x1r?� x1

j

ðmod qÞ:

Note that kc cannot be computed without one ofthe FaceHash, b or correct token r\ and thatneither of these can be recovered from the ZKrepresentations in c. The latter can in fact bestored completely in the open, which is illustrativeof the protocol-level security.

Key interpolation is interpreted as a final error-correcting step in this context, supplementing thebasic robustness of FaceHash and the replacementof bits over-sensitive to legitimate variations in G.End result H(r\, G) is hence:

- Sensitively dependant on r\: so that exactcorrectness is required for r\ and H(r\), theformer of which contributes sensitively to-wards b˛f0; 1glb .

Personalised cryptographic key generation 611

- Robustly dependant on b so that:1. Minor variations (corresponding to the same

user) still result in b.2. Major variations (corresponding to different

users) result in b0 (sb) commensurate withthe discrete r\ and continuous kc key-factors.

Experiments and discussion

In this section, we provide the experimentalresults to illustrate highly error tolerant of Face-Hash, which is vital for key generation. The pro-posed method has been evaluated in terms of theirsame user ( genuine)/different user (imposter)population distribution achieved in Essex Faces94 and Olivetti Face Database (ORL database).Essex Faces 94 contains frontal face photos takenfrom a fixed camera distance and under theuniform background and the illumination, withthe subjects asked to speak: throughout the pro-cess; resulting very minor variations in turn, tiltand slant as well as rotation in plane face imagesand in fix illumination and scale. The test setcontains 153 subjects with 20 images for eachsubject. Fnces 94 is considered to be somewhatless challenging in comparison to ORL databasefrom the viewpoint of scale, aspect and illumina-tion offsets; but it is well suited to simulate ouranticipated operational scenario, such as individ-ual users in desktop or kiosk environments. Thisdatabase is assembled by the Computer VisionGroup of Essex University, and made publiclyavailable at URL http://cswww.essex.ac.uk/mv/allfaces/index.html. On the other hand, ORLdatabase is made up of 10 different images of 40distinct subjects. For some subjects, the imageswere taken at different times, varying lighting,facial expressions (open/closed eyes, smiling/notsmiling), and facial details (glasses/no glasses). Allthe images were taken against a dark homoge-

neous background with the subjects in an upright,frontal position with variations in turn, tilt andslant. ORL database is publicly available at the URLhttp://www.uk.research.att.com/facedatabase.html. Fig. 3 shows a few samples that are takenfrom ORL Face Database.

For the imposter population generation, thefirst image of each subject is matched by usinga certain dissimilarity measure against the firstimage of all other subjects and the same matchingprocess was repeated for subsequent impressions,leading to 232,560 (23,256 ! 20) imposter at-tempts for Essex Faces 94 and 7800 (780 ! 10)for ORL database. For the genuine population,each image of each subject is matched against allother images of the same subject, leading to29,070 (190 attempts o f each subject ! 153) forEssex Faces 94 while 1800 (45 attempts of eachsubject ! 40) for ORL database. Note that sinceonly face images are found in the scene in bothdatabases, thus face detection is not required forthis database. Generally speaking, all waveletbases with smooth, compactly support orthogonalcan be chosen, and hence a wavelet base withDaubechies Filter 7 in level 1 is selected for WFMTgeneration.

Following are the abbreviations used for brevityin this paper:

� wfmt: denoting wavelet Fourier-Mellin trans-form configuration;

� wfmtd-lb: denoting 2lb discretisation, where lbis the bit length.

The experimental data are acquired for lb Z 20,40, 60 and 80 in all cases while for the dissimilaritymatching, Euclidean distance metric is adoptedfor wfmt whereas Hamming distance is used inwfmtd-lb.

From Fig. 5, genuine populations for wfmtd-lbcentralized at Hamming distance of 0, particularlyfor lb Z 40, 60 and 80 while imposter populationscentered at lb/2 for Essex Faces 94, indicate that

Figure 3 Face samples from ORL Face Database.

612 A.B.J. Teoh et al.

Figure 4 Genuine and imposter population distribution for wfmt from (a) Essex Faces 94 and (b) ORL Face Database.

zero (or very small) bit different of two faceimages from a user and about 50% bit differentfrom different face images. For ORL database,they also had shown centralization of near 0 forgenuine population and lb/2 for imposter popula-tions despite ORL database being more challengingthan Essex Faces 94. Besides, clear separation ofgenuine/imposter population is tremendously im-portant from the security viewpoint as it impliesthat both zero False Acceptance (the probabilitythat a biometric system fails to reject an impostor)as well as False Rejection (the probability thata biometric system fails to verify the legitimate)claimed identity of an enrollee. Compared to theconventional biometrics approach, for wfmt asshown in Fig. 4, it is extremely difficult orimpossible to obtain a clear separation of genu-ine/imposter population (Daugman, 2002). Thisindicates that wfmtd-lb outweighs wfmt by mini-mizing the intra-class distance and maximizing theinter-class distance. Both observations vindicatethe robustness of FaceHash, b to resist the varia-tions among the same users and otherwise for thedifferent users as discussed in ‘Verification (keyretrieval)’ section.

Security analysis

The security of H : 2lb!<M/Zq, where q isa prime number, transformation should be evalu-ated in terms of key-factor:

� Independence, such as evaluation of H(r\, G) inthe absence of r\ or G.

� Non-recovery of r\ or G given specific value ofG(r\, G) and the other factor.With the bench-mark being cryptographic hashing

hðr;kÞ : 2l!cl0

2l0/2l

and secret knowledge k, where aZ h(r, k) cannotbe computed without both Cr; kD factors, so thatadversarial deduction is no more probable thanrandom guessing of order 1/2l.Cr; kD is also pro-tected by the target-collision resistance of h, sothat deduction of r or k from output aZ h(r, k) andone of the factors is no more probable than 1/2l.

Key-factor independence

Non-possession of r\ means that tokenised 2(r\) isunavailable to an adversary; thereby previouslyintercepted (or fabricated) G is simply not useful.This prevents meaningful deduction of H(r\, G),with random guessing being of probability q�1

in this case. Possession of r is more useful asit leads to adversarial knowledge of H0 :fh0

i ¼ Hðx0i Þ;

���i ¼ 1;.; lsg from token, cZ {H0, Y0}which suggests an analytic strategy whereby ran-dom b˛2lb bit string are tested for suitability withrespect condition h(h(G))Z H0. The collision prob-ability is ls2�lb in this case, hence the motivationto minimize ls, and to maximize lb. Note that the lbis restricted to not more than dimension of log-polar frequency domain, M, though M is a hugenumber (MZ 64 ! 64 used in this paper).

The operational security of our scheme is en-hanced via token-side access control and encryp-tion of c, with respective session key Cj0; jD ¼ hði0; iÞfor domain or platform serialization i0. This neces-sitates prior token-side storage of jZ Ej0(c), withthe following operational sequence:

1. Compute Cj0; jD from token i2. Transmit j to retrieve j from token

Figure 5 Genuine and imposter population distribution for wfmtd-lb for 1b Z 20, 40, 60 and 80.

614 A.B.J. Teoh et al.

3. Decrypt cZ Dj0(j)

prior to the computations of ‘Verification (keyretrieval)’ section, successful completion of whichis restricted to domain/platform i.

Key-factor non-recovery

Knowledge of G(r\, G) and G does not in any wayjeopardize r\, due to non-recovery of:

� Any b˛2lb from G

� Any r?˛<M from b or G

thereby resulting in r\ deduction being no lessprobable than the 1=2lb of random guessing. Theother scenario of r\ and G compromise (con-sequent to which H0 is also divulged) allows ana-lytic strategy based on the testing of randomG˛<M for suitability with respect conditionH0 : fh0

i ¼ Hðx0i Þ; ji ¼ 1;.; lsg. Probability of re-

covery in this case is ls2�lb .Key-factor protection is enhanced via adoption

of measures previously discussed:

� Minimize the ls, and maximize the lb� Access control and encryption of c

Concluding remarks

This paper described an error-tolerant biometricsfeature discretisation methodologydFaceHashingthat leads to the cryptographic key computationbased on face biometrics with uniquely tokenisedpseudo random number. The FaceHashing hassignificant functional advantages over solely bio-metrics or token usage, such as extremely clearseparation of the genuine and the imposter pop-ulations and thereby introduce an error free de-cision. H(r\, G) is furthermore highly secure withrespect to independence and non-recovery of theCr?;GD key-factor, with immunity against biometricinterception or fabrication. The key is constructedto resist cryptanalysis even against an adversarywho captures the user device or the featuredescriptor. Our security analysis suggests that ourtechnique is viable for use in practice.

References

Albert Bodo. Method for producing a digital signature with aidsof a biometric feature. German Patent DE 42 43 908 A1; 1994.

Andrew TBJ, David NCL. Integrated wavelet and Fourier-Mellininvariant feature in fingerprint verification system. ACM

SIGMM 2003 multimedia biometrics method and applicationworkshop, CA, USA; 2003. p. 82e8.

Daugman John. Biometric decision landscapes, Technical Re-port, No. 482, Cambridge University Computer Laboratory;2002.

Davida GI, Frankel Y, Matt BJ. On enabling secure applicationsthrough offline biometric identification. Proceedings ofthe 1998 IEEE symposium on security and privacy; 1998.p. 148e57.

Goh A, Ngo David CL. Computation of cryptographic keys fromface biometrics. Lecture notes in computer science, vol.2828. Springer-Verlag; 2003. p. 1e13.

Harmon LD. The recognition of faces. Sci Am 1973; 229.Mallat S. A wavelet tour of signal processing. San Diego:

Academic Press; 1998.Monrose F, Reiter MK, Li Q, Wetzel S. Cryptographic key

generation from voice. IEEE symposium security & privacy;2001. p. 202e13.

Monrose F, Reiter MK, Wetzel S. Password hardening based onkeystroke dynamics. Proceedings of the sixth ACM confer-ence on computer and communications security; 1999.p. 73e82.

Nastar C, Moghaddam B, Pentland A. Flexible images: matchingand recognition using learned deformations. Comput VisionImage Understanding 1997;65(2):179e91.

Smith Richard E. Internet cryptography: Addison-Wesley; 1997.Peyravian M, Matyas SM, Roginsky A, Zunic N. Generating user-

based cryptographic keys and random numbers. ComputSecur 1999;18(7):619e26.

Reddy BS, Chatterji BN. An FFT-based technique for translation,rotation and scale-invariant image registration. IEEE TransImage Process 1996;5(8):1266e71.

Shamir A. How to share a secret. Commun ACM 1979;22:612e3.Soutar C, Roberge D, Stoianov A, Gilroy R, Vijaya Kumar BVK.

Biometric encryption. In: Nichols RK, editor. ICSA guide tocryptography. New York: McGraw-Hill; 1999. p. 649e75.

Andrew Teoh Beng Jin obtained his BEng (Electronic) in 1999and PhD degree in 2003 from National University of Malaysia. Heis currently a lecturer in Faculty of Information Science andTechnology, Multimedia University. He held the post of co-chair(Biometrics Division) in Center of Excellent in Biometrics andBioinformatics in the same university. His research interest is inmultimodal biometrics, pattern recognition, multimedia signalprocessing and Internet security.

David Chek Ling Ngo is an Associate Professor and the Dean ofthe Faculty of Information Science & Technology at MultimediaUniversity, Malaysia. He has worked there since 1999. Ngo wasawarded a BAI in Microelectronics & Electrical Engineering andPhD in Computer Science in 1990 and 1995 respectively, bothfrom Trinity College Dublin. Ngo’s research interests lie in thearea of Automatic Screen Design, Aesthetic Systems, BiometricEncryption, and Knowledge Management. He is author and co-author of over 20 invited and refereed papers. He is a memberof Review Committee of Displays and Multimedia Cyberscape.

Alwyn Goh is an experienced and well-published researcher inbiometrics, cryptography and information security. His work isrecognized by citations from the Malaysian National ScienceFoundation and the European Federation of Medical Informat-ics. He previously lectured Computer Sciences at UniversitiSains Malaysia where he specialised in data-defined problems,client server computing and cryptographic protocols. Goh hasa Masters in Theoretical Physics from the University of Texas,and a Bachelors in Electrical Engineering and Physics from theUniversity of Miami.