A Review on Protection and Cancelable Techniques in Biometric Systems

An essential part of cloud computing, IoT, and in general the broad field of digital systems, is constituted by the mechanisms which provide access to a number of services or applications. Biometric techniques aim to manage the access to such systems based on personal data; however, some biometric traits are openly exposed in the daily life, and in consequence, they are not secret, e.g., voice or face in social networks. In many cases, biometric data are non-cancelable and non-renewable when compromised. This document examines the vulnerabilities and proposes hardware and software countermeasures for the protection and confidentiality of biometric information using randomly created supplementary information. Consequently, a taxonomy is proposed according to the operating principle and the type of supplementary information supported by protection techniques, analyzing the security, privacy, revocability, renewability, computational complexity, and distribution of biometric information. The proposed taxonomy has five categories: 1) biometric cryptosystems; 2) cancelable biometrics; 3) protection schemes based on machine learning or deep learning; 4) hybrid protection schemes; and 5) multibiometric protection schemes. Furthermore, this document proposes quantitative evaluation measures to compare the performance of protection techniques. Likewise, this research highlights the advantages of injective and linear mapping for the protection of authentication and identification systems, allowing the non-retraining of these systems when the protected biometric information is canceled and renewed. Finally, this work mentions commercial products for cancelable biometric systems and proposes future directions for adaptive and cancelable biometric systems in low-cost IoT devices.


I. INTRODUCTION
Nowadays, a vast majority of digital applications and services use the internet through a cyber-physical ecosystem with human-machine interaction. Therefore, intelligent devices The associate editor coordinating the review of this manuscript and approving it for publication was Donato Impedovo . and cloud computing have experienced an exponential increase. In addition, smart devices or the internet of things (IoT) have evolved into wearable devices and must offer good mobility, social acceptance, performance, quality of experience (QoE), security, and privacy to users through limited resources such as computing, storage, and power consumption [1], [2], [3]. Therefore, smart devices or IoT VOLUME 11, 2023 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ devices are implementing services or applications that need pattern recognition systems to control and manage user access. In fact, IoT devices can be used or not in any area of application of pattern recognition systems. Currently, the next categories of user recognition are commonly considered: 1) secret information memorized by the user, e.g., personal identification number (PIN) or password; 2) unique symbolic information, e.g., passport, token or smart card; and 3) physiological (static) or behavioral (dynamic) information constituting biometric systems, e.g., fingerprint, electrocardiogram (ECG) [4], or hand veins [5]. However, secret and symbolic information can be forgotten, estimated, stolen, lost, or exchanged; this affects the security and privacy of applications or services. For this reason, biometric systems are an excellent niche opportunity to improve safety in applications or services based on pattern recognition systems, especially pattern recognition systems implemented in IoT devices or wireless and low-cost devices [6], [7], [8].
There are two biometric operation modes: 1) Authentication, in which a one-to-one matching is performed to verify or authenticate the claimed identity. 2) Identification, in which a one-to-many matching process is required to distinguish the identity of the subject within a database.
Biometric traits are classified into hard biometrics (hard traits) and soft biometrics (soft traits). Hard biometrics have a high degree of discrimination (hard) and permanence, e.g., iris, voice, face, etc. On the other hand, soft biometrics is conformed by auxiliary traits with a low degree of discrimination (soft), which provide additional information to profile a user, e.g., hair color, weight, health, emotional status, etc. Therefore, hard traits are used to develop biometric systems. Furthermore, hard traits are divided into physiological traits and behavioral traits. Physiological traits are inherent or static physical characteristics of an individual, e.g., fingerprint, iris, etc. Likewise, behavioral traits are dynamic characteristics of an individual based on the nature of his/her actions, e.g., voice, handwritten signature, etc. In general, physiological traits have less intra-user variability than behavioral traits. However, biometric systems based on behavioral traits have a cancelable approach due to the dynamic characteristics.
Nonetheless, hard and soft biometrics together allow the profiling of people for several purposes, such as the so-called business biometric profiles. IoT devices, biometrics, artificial intelligence (AI), and neuroscience create customer/ employee profiles along five levels [9]: 1) identification profiling (who is this person?); 2) physical profiling (what type of person is this?); 3) emotion profiling (what is this person feeling?); 4) behavioral profiling (what is this person doing?); and 5) cognitive profiling (what is the person thinking?). These levels offer great opportunities for companies, such as: 1) deepening consumer perspectives; 2) customizing the marketing mix; 3) automating customer travel; 4) strengthening safety; 5) improving personal health and well-being; and 6) help with employee recruitment, FIGURE 1. Documents published by year in Scopus found with the search formula: (((biometric OR biometrics) AND ((protection OR (security OR privacy)) OR (cancellable OR cancelable))) AND (review OR survey)). support and management. Therefore, it is evident that the collection, processing, and storage of biometric information requires a high level of attention and care, since it deals with personal and sensitive data. Furthermore, although biometric traits are unique and permanent in a person's life, intra-user variations may appear in the short and long term. In addition, these traits cannot be canceled and renewed as passwords or tokens. Noteworthy, the security and privacy of biometric information is an important research area that has gained much attention in recent years (see Fig. 1).
Biometric techniques provide application security, e.g., a fingerprint cannot be exchanged, lost, or forgotten. However, biometrics need security to avoid compromising application interoperability (cross-matching); for instance, if a biometric trait such as the face or iris in a social media photo is compromised (copied or spoofed), all the applications that use that trait are affected in their security level. Additionally, deep learning (DL) techniques artificially synthesize an image, video, or audio by realistically exchanging the biometric traits of one user for another, as shown in Fig. 2. The above process is called Deep-Fakes and threatens applications with biometric systems. DeepFakes enables synthesis, identity swap, attribute manipulation, and expression swap using generative adversarial networks (GAN) [10], [11]. Consequently, applications with biometric systems need to detect DeepFakes, but most of these detection algorithms are computationally expensive. Therefore, the information security field is a promising solution for the confidentiality and privacy of biometrics.
Thus, the landscape of biometric systems presents a significant challenge in information protection. Therefore, the probability of cross-matching attacks decreases using several biometric traits, especially inherent biometric traits of liveliness, e.g., an electroencephalogram (EEG) and voice-based system [13] or a photoplethysmography (PPG) and ECG-based system [14]. Furthermore, biometric systems can also use biometric template protection (BTP) techniques to prevent counterfeiting and increase information security and privacy. BTP techniques allow the cancelation, renewal, and confidentiality of biometric information using random information. Consequently, the focus of this research seeks to answer the following: In addition, this paper contributes to the following objectives through a review of the literature on BTP techniques: 1) examine vulnerabilities and propose countermeasures for biometric systems at the hardware and software levels; 2) expose the formalization and standardization of BTP techniques at the international level; 3) define a novel taxonomy according to the principle of operation and the type of supplementary information supported by BTP techniques; 4) analyze the security, privacy, revocability, renewability, computational complexity, and distribution of biometric information for BTP techniques; and 5) establish evaluation measures to compare BTP techniques. This document has the following structure: First, section II presents the motivation and justification of BTP techniques through the hardware and software-level vulnerabilities and countermeasures for biometric systems. Consequently, section III covers the formalization and standardization of BTP techniques in the interoperability of different biometric-based applications or services. Concerning the focus of this paper, section IV presents previous works that reviewed the literature and proposed taxonomies of protection techniques. In addition, this section identifies and highlights the contributions and challenges in the field of BTP. Thus, section V describes the protocol of the systematic literature review in BTP techniques implemented in this work. This section also presents the contributions of this research in the area of BTP compared to previous works. As a result of the literature review protocol, section VI proposes a novel taxonomy according to the principle of operation and the type of supplementary information supported by the different protection techniques. Likewise, protection and cancelation techniques for each category of the proposed taxonomy are explained in detail. Therefore, qualities and functioning are analyzed for techniques based on biometric cryptosystems (section VII), cancelable biometrics (section VIII), schemes based on machine learning or deep learning (section IX), hybrid schemes (section X), and multibiometric schemes (section XI). Furthermore, section XII summarizes the techniques studied in the proposed taxonomy, highlighting its strengths and weaknesses. However, the literature review identifies a gap in the mathematical formulation of evaluation metrics for the performance of protection techniques. For this reason, section XIII proposes quantitative evaluation metrics to compare BTP techniques. Additionally, section XIV shows existing commercial products that implement BTP techniques for revocable biometric systems. Finally, section XV presents the conclusions and future directions of this research.

II. VULNERABILITIES AND COUNTERMEASURES FOR BIOMETRIC SYSTEMS
The information of a biometric trait changes slightly in several presentations due to some injury, pathology, variability in the acquisition environment, or variability in the user's body conditions [15]. Therefore, biometric systems can make incorrect decisions due to intra-user variability or failures in the sensing and processing modules; such failures are intrinsic failures. On the other hand, extrinsic failures are generated by external attacks that modify the environment and the correct operation of the recognition system. Therefore, failures directly affect the performance rate of the system. Then, the most common action to deal with the intrinsic failures is to design a specific technique of preprocessing, feature extraction, and decision-making for the behavior of the biometric trait and its intra-user variability. A particular case facing intra-user variations under practical considerations is presented by [4] for biometric recognition based on ECG signal.
Attacks that generate extrinsic failures can be passive or active. Passive attacks only observe or monitor information, compromising the confidentiality of biometrics. Active attacks manipulate, steal or delete information, compromising the integrity and confidentiality of biometrics [16]. Then, active attacks affect system performance, causing denial-ofservice (DoS), unauthorized access to an impostor, or illegal use of biometric information related to user identity.
Biometric information privacy is the power to control and limit its disclosure to third parties, preserving confidentiality, especially unnecessary and unauthorized disclosure; this seeks to prevent spoofing or illegal use of information. In parallel, biometric information security ensures that private information is secure, providing the veracity and integrity of the information available only to authorized entities. Therefore, the most common active and passive attacks on biometric systems are the following [17], [18]: • Brute force attack: An attacker sends all possible combinations of the protected information to the decision-making module until successful recognition.
• Hill-climbing attack: An attacker iteratively sends fake templates to the decision-making module until successful recognition. The attacker receives feedback to modify the fake template at each attempt. VOLUME 11, 2023 • Record Multiplicity attack or attack via Record Multiplicity: An attacker tries to find the correlation between multiple protected templates of a user to access the original template.
• Attack via lost supplementary information: An attacker attempts to estimate the original template when the supplementary information and the protected information have been compromised simultaneously.
• Dictionary-based attack: An attacker sends only the protected templates with the highest probability of successful recognition to the decision-making module.
• Pre-image attack or similarity-based attack: An attacker tries to find the original template that generates a protected template of reference through the similarity score obtained with the reference template.
• Known-template attacks: An attacker attempts to estimate the BTP technique or supplementary information when the original template and the protected template have been compromised simultaneously. The probability of success in an active or passive attack decreases when the recognition system modules are in the same specialized hardware processing unit [19], e.g., in the same hardware description language (HDL) implementation. Although a biometric system is implemented in a specialized hardware processing unit, it has several points vulnerable to attacks, as shown in Fig. 3. First, the communication channel between the user and the user interface (point A) can suffer from the physical presentation of false or artificially created synthetic biometrics. Second, the communication channel between the user interface and the processing unit (point B) may receive attacks that generate false or altered digital information, e.g., a DeepFake attack. Third, the communication channel between the processing unit and the database (point C) may be compromised by observation attacks, manipulation, deletion, theft, or replacement of the biometric template generated by feature extraction. Point C attacks imply that the attacker needs prior knowledge about the representation and feature extraction technique implemented in the system [20], [21], [22]. Finally, point C is the communication channel between a client (processing unit) and a server (database).
The production of fake biometrics to attack point A is more costly and time-consuming than producing or modifying false digital information for attacks at points B and C. In other words, attacks on the sensing unit (point A) through a 3D model of a fingerprint, a contact lens with the iris pattern, a voice synthesizer, or a realistic model for facial recognition are more challenging and complex to produce than an active attack on the digitized biometric information. Indeed, spoofing in the sensing unit for a biometric system based on cardiovascular signals is unlikely. Therefore, the vulnerability of point A is overcome using liveness detection techniques or using inherent biometrics of liveliness to ensure that the trait presented is not an artificial reproduction, e.g., an ECG-based biometric system is difficult to falsify and provides psychological, physiological, and clinical information about a user [23]. On the other hand, the threat of point B is solved by using embedded sensor systems (ESS), i.e., user interface and digital processing unit in the same device; otherwise, the communication channel must be secure, not wireless, or not over the internet.
Techniques that protect the confidentiality and integrity of the information solve the insecurity of point C. These techniques alter the information exchanged and do not degrade the system's performance [18]. Hence, biometric templates protection (BTP) or biometric information protection (BIP) techniques generate protected information that does not reveal important information about user identity or original biometric information. These techniques use randomly created supplementary information to perform protection; protected information is renewed by revoking and renewing random information. Consequently, random number generators (RNG) must have low computational costs and provide security to applications with biometric systems. Therefore, physical unclonable functions (PUF) are an excellent possibility to generate secure random information [24], [25].
In general, there are protection approaches for biometric systems based on hardware and software, whereas BTP techniques are software-based. Then, a biometric system can implement: 1) liveliness certification; 2) a secure channel between the user interface and processing unit; 3) a specialized hardware processing unit; and 4) BTP techniques with secret and unique RNG on each integrated circuit. Additionally, a biometric system can implement physical isolation of the database, in other words, decentralize the database [26], [27]. Hence, the storage of protected information in the enrollment phase has three forms: 1) Central or online database: The protected information of all users is on a single storage device, e.g., cloud storage. 2) Local or offline database: Each user has a storage device with their protected information (personal storage). This device can be a physical token, USB, chip, smart card, key chain, magnetic strip, smart phone, smart watch, bracelet, etc. 3) Hybrid database: A percentage of the protected information is stored in a central database and the other portion of information in a local database.
A hybrid database improves security because the information is on several devices, and the control of the information is the partial responsibility of the users. However, the management of revocation of protected information is more straightforward with a central database. On the other hand, hybrid storage uses a private key to decrypt data, avoiding vulnerability when the storage device is compromised.

III. FORMALIZATION OF BIOMETRIC TEMPLATES PROTECTION (BTP) TECHNIQUES
Some biometric traits are not secret and can be obtained without a person's consent, e.g., the voice while having a conversation, the face on a social media photo, or the fingerprint when touching a public object. Therefore, the protected template is information that has been altered or processed using some BTP technique to mitigate the security and privacy threats present in biometric systems during the storage and transfer of information. In addition, BTP techniques allow canceling and renewing the versions of the templates protected in the biometric system, modifying the supplementary information that defines the processing parameters or conditions. Consequently, BTP techniques preserve or enhance the privacy of information while preserving the discriminatory power of biometric traits. Moreover, these techniques seek to guarantee non-repudiation and noncoercion in applications with biometric systems.
Each country must regulate the treatment of biometric information from a legal and technical point of view to ensure the interoperability of recognition systems and the non-linking of biometric data between databases or applications. The protection requirements and specifications for biometric information processing have been standardized internationally by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), establishing two important technical subcommittees: • ISO/IEC JTC 1/SC 37 -Biometrics: It develops generic biometric standards to support interoperability and data exchange between applications and systems.
• ISO/IEC JTC 1/SC 27 -Information security, cybersecurity, and privacy protection: It sets standards for protecting information and communication technologies (ICT).
The subcommittees mentioned above have defined several standards that address aspects related to biometric systems, such as the ISO/IEC 24745:2022 standard -Biometric information protection, which explains the requirements and recommendations that a processing and BTP scheme must meet in terms of security and privacy: • Unlinkability: Different versions of protected information can be obtained from a user's biometric without any link between them or with some version of another user's protected information, avoiding cross-matching and thus guaranteeing diversity in protected information between applications or systems.
• Revocability and renewability: A version of the protected information can be revoked or canceled and renewed from the database if it is compromised or has expired.
• Non-reversibility or Non-invertibility: The original biometric information must be computationally difficult to recover from the protected data.
• Performance: BTP techniques should not degrade unprotected system performance. Furthermore, the protected template D = [PI, HD] is generated from biometric information extracted x at the enrollment stage. This protected information has two components: 1) pseudonymous identifier (PI), which is the anonymous and renewable information that acquires the discriminatory power for each user; and 2) auxiliary data or helper data (HD), which is the additional user-specific information used to reconstruct a PI ′ in the recognition phase using biometric information of query x ′ as illustrated in Fig. 4. The stored information D is also known as a renewable biometric record; such information is protected by supplementary information s. On the other hand, the decision-making process receives stored PI and compares it with query PI ′ . Moreover, PI and HD do not reveal important information about the user or the original biometric (anonymity). Therefore, protection techniques should maximize the security, trust, and privacy of data and minimize the cost of storage and transmission of protected information [28], [29]. Protection techniques use supplementary information in the following way: 1) user-specific supplementary information, i.e., each user uses supplementary information unique and independent of other users; and 2) user-common supplementary information, i.e., all users use the same system-dependent supplementary information, where the application provider or the biometric system manages random information. Thus, user-specific supplementary information increases the discriminatory power of each user but generates greater complexity and computational cost for generation, storage, and management. Likewise, all supplementary information (common or specific) should be non-public information. Nonetheless, the supplementary information must be different (independent) for each biometric application and service.
A biometric system with BTP techniques needs supplementary information management. Therefore, the biometric system has two databases: 1) protected information; and 2) supplementary information. Consequently, the processing unit stores the user-common supplementary information. In contrast, a central, local, or hybrid database stores user-specific supplementary information [30]. A protection scheme with user-specific management and a local or hybrid database for protected information defines a twoor three-factor recognition model. On the other hand, a protection scheme with user-common management and a central database for protected information establishes a model of a single recognition factor. As a result, a system based on multiple factors increases the difficulty of the success of an attack. Still, it must guarantee the flexibility and comfort of the user in the recognition [28].
The applications, services, or uses of biometric systems with protection schemes must allow non-repudiation, i.e., these link the biometric information and the user's identity as proof of responsibility for the actions performed. Likewise, these applications must guarantee the authenticity of the biometric information through liveness detection [31]. Furthermore, biometric traits are considered personal data. Therefore, biometric systems must comply with the guidelines governing the protection of privacy and the transnational flow of personal data [26]: 1) An application or service should specify the purpose of data collection. In addition, this should limit the data usage to the specified proposition. 2) The regulations, responsibilities, and identity of the personnel responsible for data protection should be open to the public.
3) The collection of personal data should be obtained by lawful means with the knowledge and consent of the user. 4) Personal data should not be available for other purposes except with the user's consent or by the authority of the law. 5) The user can request processes such as deleting, rectifying, completing or modifying the personal data provided. 6) Personal data should be governed by legislation and technical procedures that prevent security and privacy risks, such as unauthorized disclosure or illegal use of data.

IV. BACKGROUND
Traditional user recognition systems are based on nonvariable information, e.g., passwords, PINs, tokens, etc. These traditional systems use hash functions to protect the input data, as shown in Fig. 5. Consequently, the first approach to the application of biometrics was inspired   Intra-user variability in PQRST complexes due to physical activity or temporary stress [4].
by recognition systems based on non-variable information, where biometric traits are used to extract stable features that identify or authenticate users. A hash function is a one-way mathematical transformation that receives variable-length information and generates fixed-length protected information. The avalanche effect is the principle of operation of hash functions, where a slight change in the input creates significant changes in the output. Therefore, hash functions are ideal for recognition systems based on exact information (non-variable), but these functions face substantial challenges in biometric systems due to intra-user variations (see Fig. 6 and Fig. 7).
Quantification or encoding techniques are frequently used to generate stable keys. Furthermore, personalized hash functions have been developed based on the biometric information of each user, called robust hash functions [32], [33] or kernelized hash functions [34], [35]. These functions preserve the privacy and discriminatory power of biometric information while addressing intra-user variability. Still, the revocation and renewal capacity depends on the capacity of the quantization technique and the hash function 8536 VOLUME 11, 2023 itself. Then, behavioral biometrics allows extending the protected information's revocation and renewal capacity by changing the activity's pattern or action, such as protection schemes based on: 1) a user's voice while speaking a password [36]; 2) dynamic or on-line handwritten signatures [37], [38]; and 3) brain activity responses (EEG) under mathematical calculations, visual stimuli or optical effects [39], [40].
Biometric cryptosystems are the first proposed category of protection techniques [15], [20]. These use renewable keys, error correction codes (ECC), and cryptographic techniques to address intra-user variability and preserve information privacy. In 2001, the concept of cancelable biometrics (CB) proposed protection, privacy, and revocability of biometric information through one-way transformations [41], where renewable random information sets the transformation parameters. Over time, various BTP techniques have been proposed and categorized differently.
Cancelable biometrics and biometric cryptosystems are the two main categories of BTP techniques [17], [19], [21], [22], [42], [43], [44], [45], [46], [47], [48], [49], [50], [51], [52], [53]. Thus, key binding schemes and key generation schemes often integrate the cryptosystems, and transformations and salting schemes are the frequent subcategories in cancelable biometrics. Another technique introduced in biometric cryptosystems is secure multiparty computation, such as homomorphic encryption [42]. Moreover, the digital representation of the biometric information introduced to the protection technique divides the BTP techniques into schemes that support information with discrete distribution and schemes that support information with continuous distribution [54], i.e., protection techniques that operate with integers or binary numbers and protection techniques that receive rational numbers or numbers with fixed-point representation. Previous works discussed below propose different taxonomies and relevant aspects of BTP techniques.
The research developed by [22] analyzes the principle of operation of some biometric cryptosystem techniques based on key release schemes. In addition, this paper discusses the security-level vulnerabilities of biometric systems. On the other hand, [43] reviewed the advances, limitations, and vulnerabilities of cancelable biometrics. Also, this work analyzes different techniques of cancelable biometrics, such as non-invertible geometric transformations, random projections, correlation filters, BioConvolving, Bloom filters, knowledge signatures, BioHashing, random permutations, salting methods, and hybrid methods.
The work published by [46] performs a systematic literature review of approaches and modalities of BTP techniques between 2005 and 2016. This paper presents a taxonomy with four categories: 1) cancelable biometrics with techniques such as geometric transforms, robust hashing, random projections, biometric filters, random permutations, and BioHashing; 2) biometric cryptosystems with techniques such as biometric encryption, fuzzy commitment, fuzzy vault, quantization schemes, and secure sketch; 3) hybrid methods; and 4) homomorphic encryption. In addition, this paper reports that 49% of the literature reviewed uses cancelable biometrics, 35% cryptosystems, 8% homomorphic encryption, and 8% hybrid methods. Likewise, 44% of the BTP schemes developed use fingerprint, 21% iris, 12% face, 10% signature, 5% multibiometrics, 4% palmprint, 3% voice, and 1% finger vein traits. Finally, this paper highlights that most of the investigations on BTP techniques are developed for small and midsize databases; therefore, analyzing these techniques on more extensive databases is challenging.
The research presented by [17] performs a comprehensive survey of attacks and protection techniques for biometric systems. This paper presents a taxonomy consisting of: 1) cryptography-based methods such as visual cryptography, image hashing, knowledge signature, elliptic curve cryptography, chaos, steganography, fuzzy commitment, fuzzy vault, and Hill cipher; 2) transformation-based methods with techniques such as non-invertible transformation, partial Hadamard transformation, and random projection; 3) filterbased methods; 4) hybrid methods; 5) multimodal-based methods; and 6) other methods such as BioConvolving, random permutations, deep learning, etc. Furthermore, this work proposes to improve the performance rate, time, and computational cost of BTP techniques as a future challenge.
Finally, [19] discussed problems related to biometric systems and provided state of the art for various protection techniques with different biometric traits. In addition, this paper proposes a taxonomy categorized into: 1) biometric cryptosystems; 2) feature transformations; 3) homomorphic encryption; 4) visual cryptography; 5) hybrid methods; and 6) steganography and watermarking-based approaches. Likewise, this article highlights: 1) the dominance of authentication systems compared to identification systems; 2) feature extraction using deep learning techniques to address alignment issues and intra-user variability; and 3) the need to develop biometric protection systems and adaptive biometric systems for low-cost devices as a future challenge. Table 1 illustrates a comparative analysis of proposed taxonomies, analysis of evaluation metrics, and contributions made by previous surveys and reviews in BTP. This comparative analysis concludes that the principle of operation of the protection techniques has been the primary criterion for classifying the different techniques; some of these taxonomies differ in the classification of some techniques, as shown in the second column of Table 1. Therefore, one of this work's contributions is proposing a novel taxonomy for BTP techniques based not only on the principle of operation but also on the type of supplementary information supported by each technique. In addition, the taxonomy proposed in this paper considers whether the BTP technique allows decision-making or not in the protected/transformed domain. In particular, the latest review of the systematic literature corresponds to the research published by [46] in 2017, where a protocol for searching and selecting relevant information on VOLUME 11, 2023 BTP techniques was defined. Still, this review did not cover the evaluation metrics of protection techniques.
The third column of Table 1 highlights the investigations that have contributed to the analysis and study of evaluation metrics for BTP techniques. These works qualitatively suggest some metrics but not a clear, practical, and complete mathematical formulation, i.e., a mathematical formulation based on the variance and correlation of random templates and not on the probability estimation function of random templates. For example, the research developed in [42] suggests: 1) privacy leakage (unlinkability) through mutual information; 2) the successful attack rate (SAR) with SAR ≥ FAR; and 3) storage requirements. Likewise, the paper published in [44] qualitatively recommends: 1) non-invertibility through normalized Shannon conditional entropy; and 2) unlinkability through mutual information. In addition, the authors in [45] also guide qualitatively: 1) non-invertibility through conditional Shannon entropy; 2) non-linkability through privacy leakage with mutual information; 3) revocability condition; 4) computational complexity through processing speed; and 5) storage requirements. On the other hand, the survey developed in [17] defines quantitatively: 1) linear correlation through the co-relational coefficient and co-relation index; 2) efficiency; and (3) template capacity (revocability). Furthermore, this work also qualitatively suggested diversity or unlinkability through mutual information but did not define how to measure irreversibility. Finally, the study developed in [50] qualitatively recommends: 1) non-invertibility through the probability of an imposter obtaining the original template; 2) unlinkability through mutual information; and 3) performance or usability (efficacy) in a quantitative way.

A. CHALLENGES IDENTIFIED FOR BTP
On the other hand, the Table 1 summarizes our systematic literature review, which identifies three significant challenges in the field of BTP:

1) ALIGNMENT-FREE PROTECTION TECHNIQUES
The first challenge corresponds to the degradation of the recognition rate by BTP techniques due to intra-user variations. To date, the appropriate selection of pre-processing, feature extraction, and decision-making techniques face this challenge; the above process is called the biometric alignment method. However, this way of facing this challenge demands a great computational effort. Moreover, it is not always compatible with achieving a reasonable recognition rate through the protection technique implemented. Therefore, the challenge of facing the intra-user variations, protecting and revoking the information, and not degrading the recognition rate through the same processing technique needs a solution. In particular, the iris, face, and fingerprint are the most advanced biometric traits in this challenge by implementing adaptive Bloom filters [49] because they are biometric traits acquired in two dimensions. Therefore, deep learning techniques and adaptive systems in a dynamic environment are possible general solutions to this challenge.

2) RE-TRAINING
This challenge avoids re-training or re-definition of the parameters of the decision-making strategies when a new cancelation or renewal of the protected information is performed. Previous investigations only analyzed protection systems for a single revocation of protected templates. The re-training of the decision-making parameters demands time and computational effort depending on the length of the protected information and the number of users enrolled in the biometric system. Therefore, the analysis of BTP techniques that do not degrade the recognition rate and do not demand re-training at each revocation is necessary.

3) QUANTITATIVE EVALUATION METRICS
This challenge refers to the mathematical formulation of evaluation metrics based on random templates' variance and correlation coefficients. These metrics should quantify: unlinkability (diversity), non-invertibility, storage cost, and efficiency of BTP techniques under a given number of cancelations (revocations) and users.

V. LITERATURE REVIEW PROTOCOL ON BTP TECHNIQUES
A systematic literature review (SLR) identifies, evaluates, and interprets all relevant research for a set of research questions or topics of interest [55]. Therefore, this systematic literature review aims to: 1) summarize the existing evidence on BTP techniques in a detailed and unbiased manner; and 2) identify some gaps in BTP to provide an overview for future research. Consequently, these purposes inspire the following research questions based on the qualitative approach that this document seeks to answer: • What are the BTP techniques that currently exist?
• What are the taxonomies of BTP techniques in the background?
• What are the aspects of security, privacy, revocability, renewability, computational complexity, biometric information distribution, and open challenges for existing BTP techniques?
• How could the different BTP techniques be classified according to their principle of operation and the type of supplementary information supported?

A. SEARCH STRATEGY
The protocol for the systematic literature review on BTP techniques established a search strategy based on the following search criteria for investigations written in English in the last decade.

1) DATABASES FOR LITERATURE REVIEW
The following digital databases were used to search for investigations on BTP techniques: • IEEE Xplore Digital Library.
• ACM Digital Library.

3) SEARCH TERM COMBINATION
Search terms were combined to define the following search formula anywhere in a document: (((biometric OR biometrics) AND ((protection OR (security OR privacy)) OR (cancellable OR cancelable)))) AND (review OR survey)). Figure 1 shows an example of documents published under this search function between 2010 and 2021 in the Elsevier abstract and citation database (Scopus).

4) INCLUSION CRITERIA
The included investigations developed the idea of a scheme, method, technique, or protection solution for the privacy and security of biometric information regardless of the biometric trait. Sources included are review and research articles in journals, conference papers, magazine documents, and book chapters.

B. LITERATURE REVIEW METHODOLOGY
The review protocol based on the search criteria identifies 377 relevant documents. On the other hand, the selection criteria are based on: 1) documents that satisfy the inclusion criteria; and 2) documents that contain background, the principle of operation, and strengths and weaknesses of some BTP technique or idea. Therefore, the result of the first stage of exclusion corresponds to 229 documents that meet the selection criteria based on the information extracted from the title, summary, and conclusions of the documents. Likewise, the second and last stage of exclusion based on the synthesis of the full texts corresponds to 174 documents that satisfy the selection criteria and help to answer the research questions proposed for this SLR.

C. CONTRIBUTIONS FROM THIS SLR
According to the CASP systematic review checklist, the search strategy and literature review methodology guide the correct type of documents that contributed to the purposes of this review. As a result, the following sections show the synthesis of the extracted data. This synthesis contributes to the existing literature in the following: 1) A novel taxonomy is proposed through the principle of operation and type of supplementary information supported by BTP techniques, i.e., techniques that support user-common or user-specific supplementary information and techniques that support only user-specific supplementary information. In addition, the computational complexity, revocation and renewal capacity, security and privacy characteristics, decisionmaking in the protected domain or not, and some examples are discussed in each technique of this taxonomy. Furthermore, the protection technique called intrinsic artifacts is introduced as a protection technique that supports only user-specific supplementary information corresponding to the subcategory of salting schemes. Finally, subcategories of protection schemes based on modern cryptography are also presented.
2) The category of protection schemes based on machine learning or deep learning is introduced as an alignment-free protection scheme to deal with the degradation of the recognition rate through BTP techniques due to intra-user variations.
3) The importance of protection techniques based on linear and injective mappings is identified and highlighted to avoid the degradation of the recognition rate and the re-training of the decision-making parameters when a new cancelation or renewal of the protected information is performed. 4) A quantitative formulation of evaluation metrics to compare the performance of BTP techniques is proposed. These metrics quantify the efficiency under various cancelations and renewals, the cost of storage for a given number of users, the capacity of revocations and renewals, unlinkability, non-invertibility, and interoperability supported by the protection techniques.

VI. TAXONOMY OF BTP TECHNIQUES
Biometric information protection is based on hardware, software (digital processing), or both. Section II discussed some hardware-level countermeasures. Therefore, this section proposes a novel taxonomy for protection techniques at the digital processing level. Thus, this categorization results from synthesizing and analyzing the information selected in the systematic literature review.
The taxonomy proposed for this research contains five categories, as shown in Fig. 8: 1) biometric cryptosystems; 2) cancelable biometrics; 3) protection schemes based on machine learning or deep learning; 4) hybrid protection schemes; and 5) multibiometric protection schemes. Nonetheless, this taxonomy is based on the principle of operation of the biometric template protection module in Fig. 3 and the type of random supplementary information used for protection (see section III). Moreover, the taxonomy also considers the domain of operation (protected or unprotected) of the decision-making module and the distribution of the input biometric information in the feature domain or the signal domain.
Biometric cryptosystems and cancelable biometrics are the main categories of BTP techniques, as shown in Fig. 8. As a result, the Table 2 highlights the main differences between the proposed categories or families of protection techniques through the analysis of: 1) the principle of operation; 2) the type of supplementary information supported; 3) the distribution of the input information; and 4) the domain of operation of the decision-making module. For example, biometric cryptosystems protect information using cryptographic primitives and error-correcting codes. Therefore, most of their techniques require input information in a finite field or discrete distribution, e.g., integers. In addition, all biometric cryptosystem techniques do not allow decision-making in the protected domain, but all techniques support user-common and user-specific supplementary information.
Nonetheless, the principle of operation of cancelable biometrics is based on injective or non-injective transformations. For this reason, all cancelable biometrics techniques support the rational representation of the input data, i.e., continuous distribution. Likewise, all cancelable biometrics techniques allow decision-making in the protected domain, but all cancelable biometrics techniques do not support user-common supplementary information, e.g., salting schemes.
Anyway, biometric systems can use machine learning and deep learning algorithms in the feature extraction and decision-making modules, where a biometric cryptosystems technique or cancelable biometrics protects the biometric information. For this reason, a new family of protection techniques is defined when the BTP module specifically implements machine or deep learning algorithms. Consequently, protection techniques or schemes based on machine learning or deep learning face the alignment-free protection technique challenge (see section IV). The principle of operation of these techniques is based on machine learning or deep learning algorithms to protect information by renewable supplementary information. Additionally, these techniques aim to extract features in the face of intra-user variability, make the decision in the protected domain and allow the revocation of the protected information. Furthermore, these techniques allow input information with continuous or discrete distribution. Moreover, these techniques support user-common and user-specific supplementary information.
On the other hand, the principle of operation of hybrid protection schemes uses more than one protection technique with one biometric trait or several traits. However, the principle of operation of multibiometric protection schemes uses more than one biometric trait with one protection technique or several techniques for each biometric trait. Therefore, all multibiometric protection schemes are hybrid schemes, but not all hybrid schemes are multibiometric schemes.
Defining the best protection technique is challenging because it depends mainly on the purpose, needs, constraints, and specifications of the biometric service or application to be developed. For this reason, section XII summarizes the most important characteristics of the protection techniques employing the Table 3. In addition, section XIII complements the comparison shown in Table 3. Therefore, the summary of the different protection techniques and the quantitative evaluation measures provide a better overview to select the most suitable protection technique for the desired biometric system.
The following sections present and describe the protection techniques for the proposed categories. For each defined BTP technique, the following is explained: 1) operating principle; 2) security and privacy characteristics; 3) computational complexity; and 4) revocation and renewal capacity. In addition, some relevant examples with different biometrics are mentioned for each technique.

VII. BIOMETRIC CRYPTOSYSTEMS
The word cryptosystem is an abbreviation of the term cryptographic system. A cryptographic system guarantees the security of the information exchanged using cryptographic techniques. Hence, biometric cryptosystems offer protection for biometric information through encryption/decryption schemes or biometric-dependent key-release schemes. Therefore, a biometric-dependent key-release scheme aims to recover or rebuild a secret key from HD and biometric information of query.
Biometric cryptosystems are composed of two shielding or processing functions; one function in the enrollment phase gives security to information, and another function in the recognition phase reveals and takes advantage of protected information. Then, biometric cryptosystems are divided into three categories: 1) key binding schemes; 2) key generation schemes; and 3) modern cryptography schemes.
In summary, the main advantage of biometric cryptosystems in the security and privacy of original information corresponds to the complexity of encryption schemes, specifically in transmitting and storing data through an insecure communication channel, as shown in Table 2. In other words, the security and privacy of the original information depend on the information revealed from HD in the key binding and key generation schemes. Consequently, one difference in information security and privacy is that cancelable biometrics techniques do not generate helper data. Additionally, most biometric cryptosystem techniques based on modern cryptography schemes do not allow decision-making in the protected domain, causing a security and privacy vulnerability of the original information. This vulnerability is the main VOLUME 11, 2023

A. KEY BINDING SCHEMES
A key binding scheme is when HD is obtained by binding a secret key to a biometric template, with the key independent of the template. A key binding scheme is associated with an error correction code (ECC), and the tolerance to intra-user variations depends on the ECC's capacity. In addition, the security of these schemes depends on the level of information revealed by HD.

1) FUZZY COMMITMENT SCHEME
This scheme combines ECC and cryptography (hash functions) to make the system more tolerant to intra-user variations [56]. The information processed by this scheme has a binary representation of length n ∈ N + .
The binding process is based on the idea of commit: 1) a binary codeword c generated by an ECC applied to a secret digital key s of n bits; 2) binary biometric information or witness x represented in n bits; and 3) a off-set or difference vector δ, such that, x = c ⊕ δ, under the constraint that the enrollment template x and query x ′ have sufficient similarity through the Hamming distance, i.e., dist(x, x ′ ) ≤ τ , being τ the similarity threshold. Under these constraints, the scheme should be able to reconstruct in the recognition phase the codeword c ′ using δ and x ′ , as shown in Fig. 9.
The helper data in the scheme illustrated in Fig. 9 corresponds to the off-set or difference vector, and the pseudonymous identifier is the result of applying a hash function to the linked secret digital key s, i.e., the protected information stored is D = [hash(s), δ]. Revocation and renewal of protected information are done by generating a new key and changing the ECC or hash function parameters. Usually, the cancelation and renewal capacity of the protected templates D depends on the number of keys that the associated RNG can produce. Therefore, this scheme allows only authentication systems because it is a key-release scheme.
This protection technique receives biometric information with a discrete probability distribution; this is a challenge due to intra-user variations and discretization resolution. Furthermore, this technique has no tolerance for variation in the order of the biometric information. On the other hand, this protection scheme has a medium computational complexity due to the ECC and the hash function. Some examples of biometric systems with fuzzy commitment-based protection are mentioned below.
A fuzzy commitment scheme for iris authentication was developed by [57], using Hadamard and Reed-Solomon's ECC. Furthermore, a system for handwritten signature authentication was developed by [58], using BCH code and SHA-1 as a hash function. In the authentication with fingerprint, a scheme was proposed by [59], using turbo codes and defining a representation known as binarized phase spectrum (BiPS). Likewise, [60] proposed a face authentication scheme using BCH code. Also, [61] developed a voice authentication scheme using the ECC of Hadamard. On the other hand, [62] proposed a palmprint authentication system using the ECC of Reed-Solomon. Similarly, an authentication scheme based on finger veins was developed by [63], using BCH code in mobile healthcare data protection. Finally, [64] proposed an authentication scheme with EEG signals using BCH code.

2) FUZZY VAULT SCHEME
This scheme uses an unordered set A (order invariance) of elements in a public universe U and a secret s to generate a locked vault V. Then, an unordered set B of equal length and similar to A allows unlocking the vault and retrieving s [65]. The secret s is a row vector with a binary representation of length n ∈ N + , and an ECC uses this to construct a codeword c. On the other hand, A and B elements have a continuous probability distribution.
This scheme performs a polynomial encoding by constructing the coefficients of a polynomial P from c. Later, the created polynomial projects the elements of A. Then, chaff points are added to confuse the genuine projection. The genuine projection points and the chaff points define the fuzzy vault V, equivalent to the helper data. On the other hand, the pseudonymous identifier results from a hash function applied to the secret s. Therefore, the protected information stored is D = [hash(s), V]. In the recognition phase, the fuzzy vault and B elements allow the reconstruction of the polynomial P ′ and the secret s ′ , as shown in Fig. 10. Polynomial interpolation techniques and ECCs recover the secret.
The security of this scheme depends on the infeasibility of the polynomial reconstruction, the degree of the polynomial, and the number of chaff points. The number of chaff points should be much larger than the number of points projected from the biometric. In addition, this scheme is invariant to the order of the information. Still, it does not guarantee security and privacy against attacks via record multiplicity, surreptitious key-inversion attacks, and blended substitution attacks [66]. Furthermore, the capacity to cancel and renew depends on the power of the RNG to create new keys and chaff points; the polynomial order can also be changed. Likewise, this protection technique has medium computational complexity due to the ECC and hash function. Lastly, this scheme only allows authentication systems because it is a key-release scheme.
Some examples of fuzzy vault schemes for biometric authentication systems using cyclic redundancy check (CRC) code and Lagrange interpolation were developed for fingerprint [67], handwritten signature [68], palmprint [69], or with multiple biometric traits such as fingerprint, palmprint, iris and hand veins [70]. On the other hand, an iris authentication scheme was developed by [71], using the ECC of Reed-Solomon and Lagrange interpolation. In addition, [72] developed a fuzzy vault scheme for authentication with fingerprint and password (two-factor recognition), performing a transformation to the biometric data based on the password; the password is independent of the key or secret used to build the vault.

B. KEY GENERATION SCHEMES
A key generation scheme is when HD is obtained only from the biometric template. These schemes are not very tolerant of intra-user variations. Therefore, stable keys with high entropy are challenging to generate. These schemes use user-specific quantification or coding techniques. Furthermore, security depends on the level of information revealed by HD.

1) FUZZY EXTRACTOR AND QUANTIFICATION SCHEMES
A fuzzy extractor is a key generation scheme to combat intrauser variability. Therefore, this scheme generates a uniform random key λ of n bits and helper data from the biometric trait of each user. Then, a secure sketch is a function that produces , revealing little biometric information. In general, few secure sketches use data from an RNG. However, the helper data reconstructs the key from a biometric query x ′ very similar to the biometric enrollment x. Besides, the generated secret keys are frequently used in cryptographic systems [73].
Techniques of coding, quantization, discretization, or interval mapping transform biometric data into a representation with a discrete probability distribution. This transformation preserves the class distribution and differentiating power of the original information. Key generation techniques define stable conditions or intervals to perform binary encoding. Therefore, PI results from a hash function applied to the key generated λ in the enrollment phase. Nevertheless, HD corresponds to the information on each user's specific limits, conditions, or quantification intervals to obtain the stable key in the recognition phase. Fig. 11 illustrates that the query information and helper data obtain the key in the recognition phase. Hence, the protected information stored is D = [hash(λ), ]. To avoid the collision, the generated keys and hash functions must be pairwise independent.
Eventually, the quality of the keys depends on the amount of discriminatory information extracted from the biometric information [74].  Generally, these schemes suffer from a loss of discrimination power due to the quantization process. Therefore, these schemes degrade the recognition rate. Furthermore, changing the parameters (specifications) of encoding or quantification generates revocation and renewal of the protected information. Nevertheless, this process suffers from the problem of key entropy, i.e., a limited number of keys or forms of quantification. In short, generating keys with high stability and entropy is difficult. Additionally, the storage cost of HD is high; for this reason, the storage of user-specific data is based on two-or three-factor recognition schemes. Then, the computational cost of this technique is medium due to the user-specific quantization and the hash function. Finally, the fuzzy extractors protect authentication and identification systems.
The methods and specifications of encoding or quantification depend primarily on the biometric trait. Thus, quantification schemes with equal probability, frequency, and optimized intervals have been proposed, such as the biometric quantification for fingerprint and face presented by [75] called detection rate optimized bit allocation (DROBA). This quantization transforms the actual value of the extracted features into a binary string of fixed length, assigning more bits to the more discriminative features and fewer bits to the less discriminatory features. This transformation maximizes the probability that all features are in genuine intervals, but this task is computationally complex.
A fuzzy extractor for face authentication was developed by [76], using the quantization of specific ranges between the minimum and maximum value of the features extracted from each user. On the other hand, [77] presented a fingerprint authentication system, creating a binary representation through the Gabor filter and a quantification defined by statistical analysis. Furthermore, an iris authentication system based on interval-mapping techniques was proposed by [78]. Moreover, [79] published an authentication system with feature-level fusion for fingerprint and palmprint using a 2 n discretization, which divides the probability density function of features into 2 n intervals with equal probability of occurrence and encodes each interval with n bits.
A key generation method from the pronunciation of a password was proposed by [36], where the features extracted from the voice are quantified, encoded, and used as a look-up table for authentication. Likewise, [80] developed another key generation method, generating keys from facial recognition through binarizing the features within the region [µ − σ, µ + σ ] defined by the mean µ and standard deviation σ of the distribution of authentic features and the overall distribution of features. Furthermore, [81] published a fingerprint-based key generation scheme using interval encoding and a two-layer error-correcting technique (Hadamard code with Reed-Solomon code). Other widely used discretization techniques to generate binary keys are local binary pattern (LBP) and local ternary pattern (LTP). Nonetheless, the examples of key generation schemes discussed above have a limited revocation and renewal capacity.

C. MODERN CRYPTOGRAPHY SCHEMES
Modern cryptographic schemes provide secret and secure communication through an insecure channel between a client and a server using encryption and decryption. The encryption stage uses a key s e to convert the information x into incomprehensible and secure information, i.e., ω = enc (x, s e ) = ξ (x). In contrast, the decryption stage uses a key s d to recover the original information sent. Therefore, the most common encryption schemes are: • Symmetric cryptography: It uses a single private key for encryption and decryption, i.e., s e = s d . This cryptography enhances the privacy and confidentiality of information. The most used algorithms are advanced encryption standard (AES) and data encryption standard (DES).
• Asymmetric cryptography: It uses one key for encryption and another for decryption, i.e., s e ̸ = s d , where one key is public and the other is private. This cryptography guarantees the authenticity and non-repudiation of the information. These algorithms are based on: 1) factorization of large prime numbers as the RSA algorithm; 2) discrete logarithm as the ElGamal or Diffie-Hellman key exchange algorithm; and 3) elliptic curves as the elliptic curve cryptography. The keys of an asymmetric system are longer than the keys of a symmetric design. Furthermore, symmetric cryptography has a higher execution speed and lower computational effort than asymmetric cryptography. However, asymmetric cryptography authenticates information using more efficient digital signatures [82]. A digital signature is a mathematical technique used to validate the authenticity, non-repudiation, and integrity of digital information in public key infrastructure (PKI); this signature depends on some secret information known only to the signer and is associated with an authentication system. Therefore, digital signatures employ asymmetric cryptography and are often used to implement electronic signatures; a standard algorithm is the digital signature algorithm (DSA).
In an encryption and decryption scheme, PI is the data encrypted in the enrollment phase, and HD is the decryption key used in the recognition phase. Consequently, the protected information stored is D = [ξ (x) , s d ]. Furthermore, the decryption key can be user-specific or usercommon and stored in a central, local, or hybrid database. However, if the key s d is disclosed or compromised, then the protected information or encrypted template is not secure. In other words, the problem of biometric template protection evolves into the problem of cryptographic key management and security; this last problem is also a great challenge [31], [44]. In the recognition phase, protected templates are decrypted, as shown in Fig. 12, even when the decryption key is not disclosed or compromised since decision-making is not performed in the encrypted domain. Therefore, the decryption process creates a security and privacy vulnerability by having the original representation of the enrollment biometric x and query biometric x ′ at the recognition phase runtime.
The security of a modern cryptography scheme depends on the complexity (length, entropy, and time of use) of the cryptographic keys and the protection of the biometric information decrypted in the recognition phase. In addition, the cancelation and renewal capacity depends on the power of the RNG and the computational complexity of the cryptographic key creation algorithm. Besides, modern cryptography techniques for BTP enable authentication and identification systems.
The keys of the elliptic curve cryptography are shorter than the keys of the RSA cryptography, offering the same security. Furthermore, elliptic curve cryptography is the best option due to the computational complexity of the discrete logarithm problem. For instance, [83] proposed an e-passport authentication scheme with iris and elliptic curve cryptography, where the iris information generates the cryptographic protocol parameter; these parameters are stored on a chip (passport) to be then used in the verification of the passport holder. Another authentication system with elliptic curve cryptography was developed by [84] using fingerprints on mobile devices.
Chaotic encryption algorithms are efficient, secure, and highly sensitive to the initial conditions, i.e., small changes in the initial conditions generate significant changes in the system's behavior. For example, [85] proposed a fingerprint authentication system using a chaotic encryption algorithm; furthermore, the system was implemented on a 32-bit microcontroller.
Cryptography aims to encrypt secret information by altering its structure in a detectable communication; this information is legible only by authorized entities. On the other hand, steganography seeks to insert and hide secret information in a non-secret media without changing its structure through invisible communication. Steganography uses carrier media such as text, audio, video, and image. In comparison, cryptography is implemented only in alphanumeric text files. For instance, the iris authentication system developed by [86] uses a steganography technique by combining Huffman encoding and discrete cosine transform (DCT).
A digital watermark is information embedded and hidden in noise-tolerant media. The confidential information is not necessarily related to the carrier media but is used to identify copyright ownership of that media. The digital watermarks use steganographic techniques with the difference that there are visible and invisible watermarks. For example, [87] developed an iris authentication system using a chaotic watermark. On the other hand, a face and iris authentication system was proposed by [88], using a watermark based on the discrete Wavelet transform (DWT). Indeed, watermarking techniques prevent counterfeiting and unauthorized distribution of information.
On the other hand, [89] developed a novel protection scheme based on visual cryptography techniques, where an image is partitioned and encrypted into n non-overlapping blocks known as visual secret shares (VSS). The VSS creation process uses random parameters that allow revocability. In addition, these blocks of information are stored and shared. In the recognition phase, all or some shared blocks must be stacked without the need for complex cryptographic algorithms. Another example of visual cryptography-based protection was developed by [90] for fingerprint, iris codes, and face.
Most modern cryptography schemes do not allow processing or decision-making in the encrypted domain. In addition, these schemes generate a significant vulnerability when the information is decrypted in the recognition phase. Consequently, protection techniques that preserve privacy and solve the vulnerability in the recognition phase are presented below.

1) KNOWLEDGE SIGNATURE
This technique is a mathematical construction that allows group members to sign some information, where the signer guarantees to belong to the group through the signature (authenticity). In addition, this signature does not reveal the signer's identity (confidentiality). The knowledge signature is a membership authentication system based on the similarity of the signatures [91].
This technique is developed in a cyclic group G of order n ∈ N + and generator element g ∈ G. The knowledge signature is based on the Schnorr signature scheme of a public verification key y ∈ G defined by a private signature key s ∈ Z * n (Z * n denotes the multiplicative group of integers modulo n), such that: The signature is constructed using an adjustment value k ∈ Z n (Z n denotes the ring of integers modulo n) and VOLUME 11, 2023 a hash function applied to the concatenation of biometric information x and public verification key information [92], i.e.: where r ∈ Z * n is a random element of the allowed set, the signature of the biometric information x is obtained from a randomly generated s private signature key and a random element r. The signature is the pair of the adjustment value k and the result c ∈ Z n . Then, PI = [c] and HD = [ ] with = [g, y, k, g r ], where the private data of the systems are s and r. In the recognition phase, c ′ = hash x ′ ∥y∥g∥g r is calculated using biometric information of query x ′ and the helper data, as shown in Fig. 13. Finally, the match between enrollment c and query c ′ is validated using a similarity metric, i.e., dist(c, c ′ ) ≤ τ , where τ is the similarity threshold.
This technique has a significant security advantage. If c and k are compromised, then the original biometric information cannot be revealed since s and r are secret and not shared by the insecure channel. However, this technique only allows authentication systems. Moreover, the revocation and renewal capacity depends on the RNG's power and the algorithm's complexity to select a signature key s and a random element r from the allowed set. Finally, [93] developed a knowledge signature-based voiceprint authentication system.

2) HOMOMORPHIC ENCRYPTION
The homomorphic encryption allows processing and decision-making with the information in the encrypted domain. The best known homomorphic encryption technique is the Paillier encryption, an asymmetric cryptographic technique that preserves the privacy of information.
Homomorphic operations are applied in a finite modular domain for an encryption public key s e = s 1 s 2 where s 1 and s 2 are large odd prime numbers with a generator element g ∈ Z * s 2 e . Therefore, the N features of the biometric information x must be mapped to a modular value x i ∈ Z s e with i = 1, 2, . . . , N . In the above process, calculations cannot overflow, and negative values must be shareable with the operations [94]. Consequently, a constant additive value can be used for all features. Then, the homomorphic encryption of biometric information x under the Paillier encryption is [95]: where ω i ∈ Z * s 2 e is the encryption of feature i with i = 1, 2, . . . , N and r i ∈ Z * s e is a random number within the allowed set. However, homomorphic encryption is a technique that performs algebraic operations on the encrypted information, obtaining the result equivalent to algebraic operations on the original information. Therefore, additive homomorphic encryption for two biometric features (x 1 and x 2 ) with the same encryption public key s e satisfies [95], [96]: From the above equations, a consequence of the additive homomorphic property for the power k ∈ N of an encrypted result fulfills: ξ k 1 = g (kx 1 ) mod s e (r 1 ) ks e mod s 2 e (12) Fig. 14 shows the homomorphic encryption scheme for the BTP. In the enrollment phase, the same public key s e encrypts all the biometric templates, which are then stored. The decryption key is private to each user. Moreover, a similarity metric is performed on the encrypted domain in the recognition phase. Therefore, this protection technique does not generate helper data, and PI corresponds to the encrypted information. Then, the protected information stored is D = [ξ (x) , 0]. For instance, the squared Euclidean distance in the unencrypted domain for the N features of the biometric information under the additive homomorphic identity is: Hence, the calculation equivalent to the distance encryption is [42], [97]: Homomorphic encryption preserves the privacy of the biometric information and the distance results in the encrypted 8546 VOLUME 11, 2023 domain. Therefore, this encryption protects biometric templates in authentication and identification systems [98]. In addition, the processing in the encrypted environment has allowed obtaining the computation for the Hamming distance, squared Euclidean distance, edit distance, and cosine similarity [99], [100]. However, calculations of other operations have not been obtained, e.g., the Mahalanobis distance. Thus, [101] proposed a BTP scheme based on Paillier encryption, where decision-making is performed in the encrypted domain using the dynamic time warping (DTW) algorithm for variable-length protected templates obtained from the dynamic handwritten signature.
The homomorphic encryption's storage cost and computational complexity are high due to the extended key length and the high overhead of operations on the encrypted domain [42], [45], [97]. In addition, the cancelation and renewal capacity depends on the RNG's power and the algorithm's complexity to generate the encryption keys within the set of allowed elements.
Some authentication systems with protection based on homomorphic encryption that calculates the squared Euclidean distance in the encrypted domain were proposed for biometric traits such as fingerprint [102], iris [103], and face [104], [105]. In addition, [106] proposed an authentication system for speaker recognition that implemented cosine similarity in the encrypted domain. Finally, BTP schemes with binary Hamming distance computation in the encrypted environment were proposed for iris [107] and fingerprint [108].

VIII. CANCELABLE BIOMETRICS
The cancelable biometrics (CB) performs an intentional and repeatable distortion to biometric data through transformations [41]. This distortion is performed in the signal domain or the feature domain, i.e., the biometric information introduced x to the BTP module in Fig. 3 corresponds to the information acquired and preprocessed by the user interface module or to the information obtained by the feature extraction module, respectively. Furthermore, the transformations perform a mapping of elements from X to Y through one-way functions, i.e., f : X → Y for y = f (x) guaranteeing x ̸ = f (x). The purpose of the CB transformations is to maintain the statistical properties, class distribution, and discriminatory power of the biometric information of enrollment x and query x ′ . Therefore, the CB performs the matching and decision-making in the transformed or protected domain, fulfilling the information entropy retention under a distance of similarity with a decision threshold τ , that is: The parameters of the transformations are given by a vector of random numbers s created using an RNG. Then, the CB improves the security and privacy of biometric templates. Furthermore, these transforms allow the cancelation and creation of multiple templates for the same user by changing the transform parameters or the one-way functions. The transformation functions are called parameterized distortion functions. Fig. 15 illustrates the principle of operation of cancelable biometrics. The enrollment phase uses a one-way transform defined by s, and the transformed result is stored. Then, the recognition phase uses the same one-way transform to obtain a protected query y ′ . Consequently, cancelable biometrics does not generate helper data. Therefore, the protected information stored is D = [y, 0]. The CB's diversity depends on the RNG's capacity and the function definition. Injective mapping prevents spoofing in identification and authentication systems. On the other hand, non-injective mapping has strength in non-invertibility but is vulnerable to brute-force attacks, attacks via record multiplicity, or solvingequations attacks [109]. In addition, the non-injective mapping facilitates false acceptance due to the many-to-one property. For this reason, non-injective mapping is a problem for identification systems, as shown in Fig. 16. Therefore, an injective mapping is a one-to-one function, i.e., no element in the domain is mapped to the same element in the codomain, fulfilling: Two categories divide the BTP techniques for CB according to the type of implementation of the supplementary information s: 1) transformation schemes, which support user-specific or user-common supplementary information; and 2) salting schemes, which support only user-specific supplementary information. Indeed, the BTP technique and the type of supplementary information are defined by the purpose, constraints, needs, and specifications of the biometric system to be developed.

A. TRANSFORMATION SCHEMES
These protection techniques are based on transformations with parameterized one-way functions by secret information s. This random information can be user-specific or user-common supplementary information. In addition, the pseudonymous identifier corresponds to the result of the transform. As mentioned above, these techniques based on transformations protect the information in the signal or feature domains.

1) GEOMETRIC TRANSFORMS
Geometric transforms divide and enumerate the twodimensional biometric information x into smaller blocks, cells, or regions of data. The segmentation is performed in geometric regions or sectors oriented with rectangular coordinates (cartesian transformation) or in polar coordinates (polar transformation). Therefore, the transform consists of randomly changing the position of the cells [110]. Nonetheless, the cartesian and polar transform perform noninjective mapping, and the random vector s defines the random translation.
Intra-user variability is the main limitation of the cartesian and polar transform. Therefore, a locally smooth transformation solves the above problem. This solution is called functional transformation, surface folding transformation, mesh warping transformation, or texture warping transformation. This transform is inspired by an electric potential field parameterized by a random distribution of charges, where renewable information s defines the transform's parameters. Fig. 17 illustrates an example of a functional transformation for facial recognition. The protected templates' security and privacy depend on the entropy of the translation parameters. Likewise, the cancelation and renewal capacity is directly related to the RNG capacity. Furthermore, geometric transforms have low computational complexity, and protect authentication and identification systems. Below, examples of biometric systems protected with geometric transforms are mentioned.
A cancelable iris authentication system was proposed by [111] using a cartesian transform and texture warping transformation. Furthermore, [112] developed a protected authentication system using a key-dependent geometric transform for fingerprint recognition. Lastly, authentication systems with finger vein patterns was published by [113] and [114] using cartesian transform and functional transform.

2) RANDOM PERMUTATIONS
This BTP technique randomly permutes the biometric information [115]. The first idea of random permutation for non-binary biometric information is called GRAY-COMBO, which divides the original information x into smaller segments and randomly exchanges the segments. In addition, addition or multiplication operations can randomly combine the exchanged segments. On the other hand, a similar permutation applied to binary biometric information is called BIN-COMBO, which randomly changes the segmented information, and XOR or XNOR operations can combine the data. The combinations are optional for these two methods, and the data size decreases due to the combinations. Furthermore, the random information s defines the segmentation, changes, and combinations.
Random permutations are sensitive to intra-user variations and have low computational complexity. Furthermore, random combinations increase the security and privacy of information but affect the recognition rate. Likewise, the revocation and renewal capacity depends on the power of the RNG. In other matters, the protection of random permutations depends on the metrics or matching techniques in the decision module; in other words, invariant or variable distances to the order of the elements, e.g., Euclidean distance and DTW distance. Finally, the random permutations protect authentication and identification systems. Fig. 18 illustrates an example of a transform based on random permutation for information from a person's ECG signal, where the information is randomly divided and permuted; even the permuted information can be inverted. In general, random permutations protect one-and two-dimensional biometric information [116].
Cancelable biometric systems based on random permutations are mentioned. For instance, [117] proposed a fingerprint authentication system that performs random permutations and random binary combinations, where the transformation is inspired by the operations of a standard genetic algorithm. On the other hand, a cancelable authentication and identification system for iris recognition was developed by [118]. Finally, [119] developed a random permutation approach for face, iris, and ear recognition, creating a random permutation matrix from an identity matrix, where rows and columns are randomly permuted to obtain a 1 in each row and column. Therefore, the protected information is obtained by multiplying the biometric information with the created matrix.

3) BioConvolving
This technique performs the linear convolution of onedimensional biometric information sequences x ∈ R N with N coefficients or features [120]. Consequently, the transform divides the information x into h ∈ N + nonoverlapping segments or sequences. Then, each segment has a length defined through a random vector s = [0, s 1 , s 2 , . . . , s h−1 , 100] sorted in ascending order with s i ∈ N + : 1 ≤ s i ≤ 99 for i = 1, 2, . . . , (h − 1). Therefore, the vector v contains the random lengths of the sequences via an auxiliary vector b as follows: The protected information corresponds to the linear convolution ( * ) of the h sequences or segments created, i.e.: The original information length corresponds to N coefficients, and the sequence protected by BioConvolving has a size of k = N −h+1 coefficients. Furthermore, the protected sequence y is normalized to have zero mean and unit standard deviation. This protection technique protects authentication and identification systems and is projected as a technique that provides security and privacy to biometric information with low computational complexity. Fig. 19 shows an example of biometric protection based on BioConvolving for speech recognition. This technique's diversity depends on the RNG's capacity to create several versions of the random vector s. Furthermore, the number of segments h can be changed randomly. Nonetheless, [121] developed an example of this technique for a dynamic handwritten signature-based authentication system, where the decision-making is performed with a hidden Markov model (HMM). On the other hand, an independent recognition scheme for face, iris, palmprint, fingerprint, and ear was proposed by [122], extracting features through a convolutional neural network (CNN) and conventional techniques. In addition, a featurelevel fusion is performed, and BioConvolving protects the fused information.

4) POLYNOMIAL TRANSFORMS
This technique maps biometric information using random polynomial functions of order m ∈ N + [41]. For example, independent polynomial functions could map each element of biometric information; otherwise, a polynomial function could map all the information elements, that is: where s i ∈ N (0, 1) is the coefficient i of the polynomial for i = 0, 1, 2, . . . , m. Nevertheless, the maximum and minimum values of the features define the range of the roots of the polynomial [116]. Fig. 20 illustrates a third-order polynomial with injective mapping; the coefficients guarantee  This technique's security and privacy depend on the polynomial's order and the entropy of the coefficients defined by the random vector s. In addition, a polynomial transformation for each information element increases the level of protection. On the other hand, the RNG's power defines the cancelation and renewal capacity. Likewise, this technique protects authentication and identification systems using injective mapping, preserving the discriminatory power of the original biometric information. Besides, the computational complexity of this technique is low. VOLUME 11, 2023 An example of a face authentication system based on a polynomial transform of order one was developed by [123], using the transform y = ((x −x) + d) s, wherex is the mean of the enrollment features, s ∈ N (1, σ 2 ) is a vector of random numbers and d ∈ N (0, 1) is a random translation vector. This system also uses a sorted index number (SIN) to give more security and privacy to protected information. On the other hand, [124] proposed a cancelable authentication system, with protection based on specially defined random polynomials using user-specific tokens and biometric information of face, thermal face, palmprint, palm vein, and finger vein.

5) RANDOM PROJECTIONS
This technique performs a linear transform and is widely used for dimensionality reduction. The Johnson-Lindenstrauss lemma is the crucial idea of random projection, which consists in projecting a set of information x ∈ R N of N dimensions to a random subspace through a projection random matrix s ∈ R m×N with m ≤ N . Hence, the Euclidean distance between pairs of unprojected data is preserved at a value 0 < ϵ < 1 to the distance of the projected information, that is: When m < N , a dimensionality reduction is performed via a non-injective mapping (many-to-one); and when m = N , an injective transformation (one-to-one) is performed, called linear operator. Therefore, the random projection is defined by [125]: Being y ∈ R m the random projection. This technique transforms the original biometric information and preserves the statistical properties useful for recognition. Each element of the matrix s of i = 1, 2, . . . , m rows and j = 1, 2, . . . , N columns is an independent realization of a random variable with a specific probability distribution. Likewise, the rows of s must be independent to avoid distortion of the statistical properties. In general, the probability distribution of the elements s i,j of the projection matrix defines different random projections.
When the elements of the projection matrix have a standard Gaussian distribution, i.e., s i,j ∈ N (0, 1). The projection corresponds to a Gaussian random projection, where the matrix rows are orthogonalized using the Gram-Schmidt algorithm, and the norm of each row must be one. The above process is essential to preserve the similarity in the new space and fulfill the isometry property. This projection type has been proposed for cancelable biometric systems based on face [126], [127] and palmprint [128].
Some random projections have been developed to reduce the computational cost and speed up projection processing z times compared to Gaussian random projection. Therefore, each element of the matrix s can be a realization of a random variable with a probability distribution given by: When z = 1, the projection matrix s must be non-singular and is a realization of the Bernoulli distribution. Thus, this projection is a Bernoulli random projection. On the other hand, if z = 3, then the projection is called sparse random projection [125]. An authentication system with sparse random projection for facial recognition was proposed by [129]. Finally, when z ≫ 3 for example, z = √ N , the projection is a very sparse random projection [130].
The computational complexity of this protection technique depends on the probability distribution selected for the projection matrix. Furthermore, the cancelation and renewal capacity depends on the power of the RNG to create multiple versions of the matrix s. Thus, the entropy of the random matrix s establishes the security and privacy of the protected templates. Likewise, random projections protect authentication and identification systems through injective mappings, i.e., m = N .
Sectored random projection is another type of random projection that faces intra-user variability. Therefore, the original biometric information is divided into smaller sectors, as shown in Fig. 21. Then, these segments are projected, and the protected information corresponds to the concatenation of the projections [131]. Nonetheless, [132] developed an iris authentication and identification system based on sectored random projection. A type of non-linear random projection is called dynamic random projection, which dynamically assembles or builds a projection matrix by selecting m candidate row vectors. The selection of the vectors depends on the biometric features and is performed using amplitude quantification techniques [133]. For instance, an authentication system with this projection was developed for iris [134] and fingerprint [135].
Another type of projection was proposed for fingerprint authentication by [136]. This projection is based on the Hadamard transform, formed by the Walsh functions. This transform can be of two types: Partial Hadamard and Full Hadamard. Therefore, the partial Hadamard transform is performed with a submatrix H p formed by the random selection of m rows from the full-order Hadamard matrix H of n × n with m < n, where n is the order of the full Hadamard matrix. Then, the full-order Hadamard matrix is orthogonal and symmetric, but the submatrix H p of m × n has deficient rank of columns, i.e., non-invertible. Therefore, this projection is called Hadamard partial random projection and is defined as: where y ∈ R n is the result of the projection. Furthermore, the biometric information x is adjusted to the dimension of the full-order Hadamard matrix H. The main advantages of the Hadamard partial random projection are: 1) low computational cost due to the exclusive use of addition and subtraction operations; and 2) low storage cost due to storing the indices of the randomly selected rows. Therefore, the random vector s sets the indices of the m selected rows of the matrix H.

6) HILL CIPHER
This technique is based on modular arithmetic and linear algebra concepts. In addition, this technique performs a random projection between the biometric information x ∈ R N with N features and a random projection matrix s ∈ R m×N with m ≤ N , where the module of q is calculated for each value of the projection, that is: where y ∈ Z and q can be equal to 26 for the English alphabet or 256 for grayscale values, each element of s is a rational value with probability distribution N (0, 1), where s is an orthogonal matrix by the Gram-Schmidt process. Fig. 22 illustrates an example of this transformation with q = 256. On the other hand, matrix elements with negative and non-negative rational values increase the security and privacy of this technique even when the protected information and the projection matrix are simultaneously compromised. Therefore, the information recovered from the compromised data is very noisy and has significant content losses [137], [138]. In addition, the revocation and renewal capacity depends on the power of the RNG. Finally, this technique has medium computational complexity due to modular arithmetic. This protection technique protects authentication and identification systems. For example, [137], [138] developed a Hill cipher-based authentication system for face and palmprint.

7) CORRELATION FILTERS
This technique transforms images or two-dimensional biometric information using convolution kernels or masks. The random kernel of convolution s has non-null values created by an RNG. Fig. 23 illustrates the idea of correlation filters for BTP. In the enrollment phase, this technique creates a reference model from the biometric information of enrollment x. In the recognition phase, this technique obtains the cross-correlation in the protected domain between the convolution of a sample query x ′ and the created reference. The cross-correlation operation (⋆) between two protected templates is equivalent to the convolution operation ( * ) between the templates, where one of the templates is in its inverted version, which corresponds to turning 180 degrees or flipping left to right (fliplr (·)), i.e.: Furthermore, the cross-correlation satisfies the convolution theorem, obtaining: where F (·) is the discrete Fourier transform (DFT), F −1 (·) is its inverse, and F * (·) the complex conjugate of the DFT. The correlation filters can create reference models using a single sample or a collection of information samples. On the other hand, this protection technique addresses intra-user variations and prevents gradual performance degradation. Furthermore, this technique protects authentication and identification systems for two-dimensional biometric information.
The reference model can be defined by a minimum average correlation energy (MACE) filter, and the result of the cross-correlation is obtained in a peak-to-sidelobe ratio (PSR), which is used for the decision-making of VOLUME 11, 2023 the system [139]. This correlation filter is sensitive to noise but offers good recognition performance. Then, [139] proposed a facial recognition system with a MACE filter for protection. On the other hand, a correlation filter also performs correlation invariant random filtering (CIRF). This filter builds the reference model using a number theoretical transform (NTT); this transform is a kind of discrete Fourier transform over a finite field with matches based on cross-correlation. Finally, an authentication system using a CIRF was developed for finger vein patterns [140] and fingerprint [141].
Protection based on correlation filters does not leak information. Therefore, linkability and reversibility are extremely difficult. On the other hand, the capacity to revoke and renew depends on the RNG's power to create various convolution kernels. Furthermore, the computational complexity is medium for this technique. In particular, a palmprint authentication system was developed by [142], which performs convolution between the biometric information and a Gabor filter defined by random information. Likewise, [143] proposed a cancelable authentication system with protection based on the convolution operation between fingerprint information and a random kernel generated with chaotic maps.

8) BLOOM FILTERS
An adaptive Bloom filter is a probabilistic structure that evaluates membership queries and compares biometric information on the protected domain. Furthermore, [144] introduced the adaptive Bloom filters, which were used for the BTP by [145]. This technique uses two-dimensional biometric information in binary representation. Fig. 24 illustrates the operating principle of this technique based on two-dimensional biometric information x of N columns, where each column represents a biometric feature of n bits in length. This information is divided into k blocks of equal size, i.e., x = [x 1 , x 2 , . . . x k ] where each block x i with i = 1, 2, . . . , k has η = N /k columns of n bits. On the other hand, a Bloom filter y is a binary matrix of k columns and 2 n rows. Initially, all positions of y are assigned to zero, and then the positions given by the results of an independent binary operation are set to one. In other words, c ∈ N : 0 ≤ c ≤ 2 n − 1 is the result of the binary operation and is used as row index in its decimal value for position y c,z = 1 with z = 1, 2, . . . , k.
The binary operation performs the XOR operation between a random binary vector s of n bits and the information vector corresponding to column j of the block i with j = 1, 2, . . . , η and i = 1, 2, . . . , k, that is: The binary operation is performed with each column vector x i,j of the η columns of each of the k blocks of binary information. This technique is irreversible under the constraint that η ≤ 2 n and also by the probability of assigning several column vectors to the same index (non-injective mapping). In other words, a position in y can be assigned to one multiple times [146]. In the recognition phase, y ′ is obtained from x ′ in the same way as in the enrollment phase. Therefore, matching or permanence of query information in y must ensure that all positions in one of y ′ are set to one for y; if this is true, the query is successful, and a probability of false positive is assumed. Otherwise, the query information x ′ is not a member of y [145]. An improved evolution of the Bloom filter corresponds to the Cuckoo filter and Morton filter, which provide bounded false positive probability [50].
The Bloom filters satisfy the irreversibility property but do not efficiently satisfy the unlinkability property due to the non-injective mapping [147]. Additionally, these filters are fast and memory-efficient, specifying when an element is a group member. Likewise, this technique has three significant benefits for biometric recognition: 1) it protects the information; 2) it compresses the information; and 3) it speeds up the processing, reducing the overall response time without degrading the system's performance [148]. On the other hand, this technique has low computational complexity and protects only authentication systems.
The capacity to cancel and revoke protected information depends on the power of the RNG to create multiple vectors s. Furthermore, independent binary operations can be used for each of the k information blocks. Nonetheless, the binary operation can also be changed for another. In fact, some cancelable biometric systems based on Bloom filters have been developed for iris [145], face [149], and fingerprint [150]. Finally, the operating principle of Bloom filters has been transferred to protection techniques based on consistent bit extraction and decimal encoding to perform randomized look-up table mapping. An example of this protection scheme is developed by [151] for an iris-based authentication system.

B. SALTING SCHEMES
The salting schemes are transformations based on the mix or combination of biometric information and userspecific external random patterns, which protect and increase the discriminatory power of biometric information [47], [115], [138]. Therefore, only user-specific supplementary information achieves the above goal. Then, salting schemes use two or more recognition factors. On the other hand, the recognition rate of the protected biometric system is inversely proportional to the dependence, link, or correlation of the user-specific supplementary information. In addition, the security of each user with his supplementary information establishes the probability of reversibility of the protected data. Consequently, the security and privacy of salting schemes are partially user-dependent. For this reason, salting schemes are often called reversible or invertible transformations in literature. However, invertibility is not a specification of salting schemes. Instead, the exclusive use of user-specific random information is a specification of salting schemes.
The additional recognition factors are external, secret, and independent information for each user based on passwords, smart cards, USBs, accessories, tokens, or random noise. Consequently, there are three salting schemes for biometric protection: 1) BioHashing; 2) BioPhasor; and (3) intrinsic artifacts. Therefore, BioHashing and BioPhasor are user-specific discretization or quantization schemes, and the input information corresponds mainly to information in the feature domain. Meanwhile, intrinsic artifact schemes are based on user-specific information added in the acquisition zone, and the input information corresponds primarily to information in the signal domain.

1) BioHashing
BioHashing is based on the binary discretization of random projections between biometric information and user-specific tokenized random numbers [152], [153]. Hence, the one-way transformation based on BioHashing uses two or more recognition factors to obtain the projection matrix and generate compact binary information called BioCode or BioHash. Furthermore, the random projection matrix is userspecific, i.e., the new projection spaces are different for each user.
This technique is a transform that performs a random multispatial quantification (RMQ) process to generate uncorrelated templates tolerant to intra-user variations. These templates preserve the discriminative power of the original biometric information and amplify inter-user variations [154]. Likewise, the projection matrices were proposed with a Gaussian distribution, but these can have any probability distribution analyzed for random projections.
The protected information or BioCode is a binary vector of n bits obtained in two steps, as shown in Fig. 25. First, the biometric information x ∈ R N is projected using a user-specific random projection matrix s ∈ R n×N . Second, the result of the projection b ∈ R n is discretized by a quantification threshold T as follows: The threshold T is empirically determined, but in most implementations, it is defined as T = 0. Protected information is the result of the interaction of user-specific supplementary information and original biometric information but is not reproducible in the absence of either. On the other hand, the security and privacy of BioHashing are based on the RMQ process. Still, it is vulnerable to genetic algorithms (GA) when the token and the protected information are compromised simultaneously [155]. Therefore, the security of the token is essential to the security and privacy of the protected biometric system. Furthermore, three additional steps enhance the protection of this technique [156]: 1) normalizing the original biometric information; 2) using various thresholds for the RMQ process; and 3) performing permutations of the information before the projection. Additionally, this technique's revocation and renewal capacity depend on the power of the user-specific supplementary information generation and management processes. Finally, this technique has low computational complexity.
BioHashing protects authentication systems, where the separation between the genuine and impostor population increases, decreasing the false acceptance rate (FAR) without increasing the false rejection rate (FRR), achieving EER = 0% [153]. On the other hand, this technique is not feasible for identification systems due to the lack of prior interaction to present the user-specific supplementary information, as illustrated in Fig. 3. Besides, if tokens are unique, independent, and secret to each user, then biometrics are unnecessary. For example, two scenarios based on fingerprint recognition: 1) identify an employee involved in unauthorized access and distribution of budget in a company; and 2) identify a person with memory or health problems who is disoriented. In both scenarios, only biometric information is present but not supplementary information.

2) BioPhasor
This technique performs a binary quantization by mixing user-specific tokenized random numbers and biometric information. This cancelable transform is based on the computation of complex arguments to generate a binary VOLUME 11, 2023 vector of n bits [162]. Thus, BioPhasor is a non-linear extension of BioHashing.
A user-specific matrix s ∈ R n×N with n ≤ N is generated from the user-specific supplementary information. Each element of s has a Gaussian distribution N (0, 1), and each row of the matrix s must be orthonormal using the Gram-Schmidt process. Then, the transform of the biometric information x ∈ R N of N features is obtained in four steps, as shown in Fig. 26. First, the complex numbers z i = x + js i are generated, where s i is the row vector i of the matrix s with i = 1, 2, . . . , n and z ∈ C n×N . Second, the phase angles or complex arguments of the elements of each row of z are obtained, i.e., ϕ i = arg (z i ) with i = 1, 2, . . . , n and ϕ ∈ R n×N . Third, average complex arguments are obtained for each row of ϕ. Fourth and last, the protected information vector y of n bits is created through a quantization process as follows: The protected template does not leak information about the original biometric template. Furthermore, this transform is more secure than BioHashing [162]. Nevertheless, the quantification process degrades the recognition rate; for this reason, the complex plane should be divided into more sectors to perform the quantification. Furthermore, this protection technique has low computational complexity.
BioPhasor protects authentication systems, addressing intra-user variations and increasing inter-user variations to achieve EER = 0%. However, this technique does not protect identification systems. On the other hand, the revocation and renewal capacity depends on the power of the user-specific supplementary information generation and administration processes. Finally, a BioPhasor-based authentication system for face [163], and dynamic handwritten signature [164], where the complex plane is divided into 2 m segments for the quantification in m bits.

3) INTRINSIC ARTIFACTS
This technique is resistant to spoofing due to the combination of biometric information with random artifacts added in the biometric acquisition zone. So, the random artifacts are artificially created patterns that contain user-specific supplementary information. This concept was inspired by the intrinsic patterns from the inherent texture of the magnetic micro-fibers [165]. Therefore, this technique uses the data extracted from the random patterns to create protected templates.
Artifacts can be objects, accessories, garments, elements, or stickers added to the body area of the biometric trait. These intrinsic patterns are unique and permanent for each user. Likewise, these patterns must be repeatable on every query and difficult to clone. An example of this protection technique is illustrated in Fig. 27, where dot stickers are added to the hand. The points' form, position, and direction generate several artifacts that allow cancelable biometrics. This technique depends on the artifacts designed, the biometric trait used, and intrinsic patterns' role in processing and protection. The transforms allow the repeatability and reproducibility of the pattern, increasing inter-user variability. On the other hand, security and privacy depend on the difficulty of cloning the random artifacts. Furthermore, this protection technique has low computational complexity. Likewise, this technique protects authentication systems when the artifacts are present in the user's body. Finally, the capacity to cancel and renew depends on the ability to generate and manage the unique and intrinsic artifacts.
Some examples of these protection techniques are mentioned below. An authentication system for hotel check-in process was developed by [166] using stickers with a random pattern of points on the thumb's fingernail, the protected template is obtained from the continuous distance between the finger outline and the middle of the two points. Access is allowed to a limited number of users for approximately five days. Another authentication system was proposed by [167], where a hybrid recognition is used between the fingerprint and a circular sticker with a random pattern on the fingernail of the same finger.

IX. PROTECTION SCHEMES BASED ON MACHINE LEARNING OR DEEP LEARNING
Machine learning (ML) and deep learning (DL) algorithms are widely used in pattern recognition. Still, these algorithms have been used in recent years to generate cancelable biometric templates from renewable supplementary information [168], [169], [170]. In other words, these algorithms receive biometric information x and supplementary information s to generate protected templates, as shown in Fig. 28. Hence, the focus is on the BTP module, not the feature extraction module or the decision-making module. However, this technique does not create helper data, and the pseudonymous identifier corresponds to the output of the learning algorithm. These protection schemes preserve the privacy and confidentiality of biometric information through highly non-linear protection algorithms. Furthermore, these schemes deal with intra-user variations and allow revocation and renewal of the protected template by changing the random data s. Some advantages of these protection schemes are: 1) receiving biometric information with discrete or continuous distribution; and 2) guaranteeing non-invertibility and nonlinkability. Consequently, these protection techniques are safe against cross-matching attacks. Likewise, the recognition performance is promising due to the power of ML or DL algorithms for feature extraction and decision-making.
ML and DL-based protection schemes solve the challenge of alignment-free protection techniques, i.e., a processing technique (end-to-end framework) that addresses intra-user variability, protects and revokes information, and does not degrade the recognition rate. In most of these protection schemes, the random information is user-specific supplementary information. Therefore, the cancelation and renewal capacity depends on the power of the RNG. These protection techniques have high computational complexity and protect authentication and identification systems. But DL-based protection techniques need more extensive databases for their enrollment or training phase.
ML or DL-based protection schemes are trained to minimize intra-user variations and maximize inter-user variations. In addition, these techniques are more resistant to active attacks than biometric cryptosystems and cancelable biometrics. Moreover, this family of approaches is being explored; ML and DL algorithms allow the development of multiple individual protection approaches. In general, protection techniques based on deep learning algorithms have longer training time, higher computational complexity, and better address the intra-user variability than protection techniques based on machine learning algorithms. Additionally, the techniques of this family protect biometric information in the feature domain or signal domain, with input information in one or two dimensions. However, investigations of this family of techniques are increasing and are focusing on solving the challenge of re-training when protected information is compromised. This challenge is important because if only one template is compromised, the entire database of protected information must be renewed due to the necessary re-training of all the weights or parameters of the protection algorithm.
Some examples of this family of BTP techniques are mentioned. Such as the protection scheme based on a back-propagation neural network (BPNN) proposed by [169], using user-specific supplementary information for authentication systems based on face, fingerprint, and finger vein. Furthermore, a face and fingerprint authentication system for IoT devices with protection based on an evolutionary genetic algorithm (GA) was published by [171]. Likewise, [172] proposed an iris-based cancelable authentication system using a generative adversarial network (GAN) with renewable supplementary information. Besides, an iris-based cancelable biometric system was proposed by [173]; this scheme utilizes a bidirectional associative memory (BAM) neural network to bind biometric templates to random bit-strings in a secure and efficient manner. Finally, [174] developed a finger vein authentication system with protection based on deep learning (deep belief networks) and random projections.
A representative method of this family of BTP techniques is detailed below.

1) PROTECTION SCHEMES BASED ON CONVOLUTIONAL NEURAL NETWORKS
This deep learning protection scheme employs convolutional neural networks (CNN) to create the protected templates using renewable supplementary information [168], [175]. These schemes address the challenge of alignment-free protection techniques, achieving robustness against intrauser variability. Moreover, these protection schemes allow decision-making in the protected domain and do not generate helper data, i.e., the protected information stored corresponds to the output of the CNN. Likewise, the revocability and renewability of the protected information are achieved when the supplementary information (common or specific) is canceled and renewed. In other words, the cancelation and renewal capacity of these schemes depends on the power of the RNG. Nonetheless, supplementary information may intervene: 1) in the first or any other convolution layer (once or several times); 2) in the flattening layer; or 3) in the fully connected layer. Then, the CNN is trained to minimize intra-user variations and maximize inter-user variations [176]. VOLUME 11, 2023 On the other hand, CNN-based protection schemes allow the development of authentication and identification systems. Furthermore, these protection schemes provide good security and privacy for biometric information due to the non-linear operation principle. In other words, the mutual information between inputs and outputs is minimized, obtaining a good unlinkability index. Likewise, these schemes guarantee a good irreversibility index. But, these schemes have high computational complexity due to the structure of the CNN.
A future direction of CNN-based schemes is to address the challenge of re-training. Some examples of these protection schemes are mentioned. Such as the ECG-based cancelable authentication system proposed by [168], which protects information through CNN using easily changeable keys, where the binding of an input and a key happened before the first dense layer. In addition, [175] proposed a randomized CNN to generate protected face biometric templates given the input face image and a user-specific key. Finally, [177] implemented CNN to learn a mapping from facial images to maximum entropy binary (MEB) codes. This work demonstrated that the exceptional performance of CNN can be utilized to minimize the loss of matching accuracy in template protection algorithms.

X. HYBRID PROTECTION SCHEMES
The protection schemes for biometric information can use two or more techniques from biometric cryptosystems and cancelable biometrics. The above defines the hybrid protection schemes. These schemes seek to achieve the following goals: 1) greater robustness against intra-user variations, improving the recognition rate; and 2) better security and privacy of biometric information, performing decision-making in the protected domain. However, the security, privacy, and diversity of these hybrid schemes depend on the properties of each technique used. Furthermore, there are two representative types of hybrid protection schemes: 1) combination of techniques from the same family; and 2) combination of techniques from different families. These types of schemes address the compatibility of the distribution of biometric data, preserving the discriminatory power. Nonetheless, hybrid protection schemes can use several BTP techniques for the same biometric trait or several biometric traits.

A. COMBINATION OF TECHNIQUES FROM THE SAME FAMILY
These hybrid protection schemes use two or more techniques from the same family, i.e., combine various biometric cryptosystem techniques or various cancelable biometric techniques. An example is the fingerprint authentication system developed by [178], where the information generated by a fuzzy vault scheme is protected with a fuzzy commitment scheme. Another example is the face authentication system proposed by [179], which implements BioHashing and random permutations according to a chaotic sequence.

B. COMBINATION OF TECHNIQUES FROM DIFFERENT FAMILIES
Hybrid protection schemes can use two or more BTP techniques from different families, i.e., combine various biometric cryptosystem techniques with cancelable biometric techniques. Various hybrid protection schemes have been developed for different biometric traits. For instance, [180] reported a fingerprint authentication system, performing random permutations and reliable bit selection for a secure sketch. Another example is the face authentication system designed by [181]; this system is based on random projection, discriminability-preserving transform, and a fuzzy commitment scheme. On the other hand, [182] proposed a voiceprint authentication system, which implements a random projection and fuzzy vault scheme. Lastly, [183] published a fingerprint authentication system with protection based on BioHashing, fuzzy extractor, and fuzzy vault scheme.

XI. MULTIBIOMETRIC PROTECTION SCHEMES
The Multi-biometric or multimodal protection schemes incorporate BTP techniques and the fusion of two or more biometric traits for the security and renewal of information. The fusion of two or more biometric traits decreases the intra-user variation and increases the inter-user variation [184]. Multimodal protection schemes offer better security, privacy, confidentiality, and recognition rate (identification or authentication) than unimodal protection schemes, but the computational cost and complexity of the systems are higher. Furthermore, these schemes are more robust against spoofing or identity theft attacks.
There are three levels of fusion for multiple biometric traits: 1) sensor or feature-level fusion; 2) matching or similarity score-level fusion; and 3) decision-level fusion. Furthermore, various fusion methods are possible, such as the weighted sum rule, decision trees, k-nearest neighbors, majority vote, or linear discriminant function. Likewise, the possible fusions of information and protection techniques applied to the fused information define the cancelation and renewal capacity. Additionally, the information on each biometric trait can be protected before the fusion using one or more BTP techniques mentioned above.
Next, some examples of multibiometric protection schemes are mentioned. For example, [185] proposed different multimodal fusions of biometric traits such as the face, thermal face, palmprint, palm vein, and finger vein. The protected information is generated from the distance between the original features and random points derived from the user-specific key. This protection technique is called random distance method. Another protection system for multimodal recognition was developed by [186], with decision-level fusion for iris and voice. In addition, the protection is based on BioHashing, polynomial interpolation, and BioConvolving.
On the other hand, a multimodal protection scheme based on Paillier's homomorphic encryption was developed by [100], with biometric information obtained from dynamic handwritten signature and fingerprint. Three levels of fusion and two matching distances in the encrypted domain are analyzed: cosine similarity and squared Euclidean distance. Likewise, [187] proposed a protection system with feature-level fusion for ear and face, where the biometric information is divided into equal parts, permuted, and protected by random projection. Finally, [188] designed a feature-level fusion protection scheme for fingerprint, iris, and face using a fuzzy vault scheme and fuzzy commitment scheme.
The authors in [189] proposed a feature-level fusion protection scheme for fingerprint and palmprint, using a random tiling and equal-probable 2 n discretization scheme. On the other hand, [190] developed a multimodal protection scheme for the face and iris, where a CNN extracts features, and a joint representation layer is implemented to fuse extracted features. Furthermore, the protected information is a binary vector created using a quantization scheme, an ECC, and a hash function. Finally, a multimodal protection scheme with feature-level fusion for face, iris, fingerprint, and finger veins was published by [146] using Bloom filters.

XII. SUMMARY OF BTP TECHNIQUES
The previous sections discussed the protection families and techniques that constitute the proposed taxonomy. These BTP families and techniques are the result of the synthesis of the systematic literature review. In general, the selection of the best BTP technique is challenging because it depends on the purpose, constraints, needs, and specifications of the biometric systems to be developed. This challenge is also based on the biometric trait, i.e., an image or a data sequence. Therefore, this section presents Table 3, which summarizes the relevant information on the different BTP techniques. Table 3 aims to highlight the strengths and weaknesses of the protection techniques. In addition, this table contains the following information: • Column A: Storage cost categorized as low (L), medium (M), and high (H).
• Column B: Probability distribution of input biometric information categorized into discrete (D) and continuous (C). In short, techniques that support continuous distribution also support discrete distribution.
• Column C: Computational complexity is categorized into low (L), medium (M), and high (H).
• Column D: Revocability and renewability capacity categorized into limited (L) and non-limited (N).
• Column E: Does technique allow decision-making in the protected domain?, answering yes (Y) or no (N).
• Column F: BTP techniques support input biometric information in one dimension (O) or two dimensions (T). In other words, protection techniques operate with data sequences or images in the signal domain or the feature domain. In short, the techniques that support two-dimensional information also support data sequences. Table 3 complements and deepens Table 2. In addition, the Table 3 gives a better overview of the appropriate selection of the protection technique. For example, all protection techniques do not support identification systems; several techniques are non-injective transformers; and some techniques do not allow decision-making in the protected domain. Moreover, the storage cost is essential because there are techniques that increase or decrease the size of the biometric information. Another important aspect of selection is the distribution of the input information because additional discretization steps generate a loss of discriminative power. Likewise, computational complexity is critical due to the implementation constraints of the biometric system. Above all, non-limited revocability and renewability are vital for a BTP system.
The challenges defined in section IV are considered in the synthesis of the literature review and Table 3. Therefore, protection techniques that guarantee the isometric property face the challenge of re-training. In addition, the Table 3 highlights techniques that attempt to address intra-user variability and techniques that are sensitive to intra-user variability. Consequently, protection schemes based on machine learning and deep learning are proposed to solve the challenge of alignment-free protection techniques.
This summary of relevant information for each technique is complemented by the evaluation metrics presented in the next section; this guides the designer in selecting the most appropriate protection technique for developing the biometric system.

XIII. EVALUATION MEASURES FOR BTP TECHNIQUES
This section presents quantitative measures to evaluate the performance of BTP techniques for input data with discrete and continuous distribution. Therefore, the degree of security and privacy at the information level evaluates the quality of BTP techniques under the interpretation of the ISO/IEC 24745 standard. In addition, a benchmarking of technical, protection, and operational performance measures the quality of BTP techniques [191]. The technical performance seeks to evaluate: 1) the recognition rate of the system without and with protection; 2) the storage cost of the protected information; 3) the time and computational cost of creation, comparison, cancelation, and renewal of the protected information; and 4) the maximum number of versions of protected templates generated from the same biometric trait. On the other hand, the performance of the protection estimates the irreversibility and unlinkability of the protected information when it is compromised. Finally, the operational performance aims to assess the interoperability quality of the system.

A. EFFICIENCY
Efficiency (ef) evaluates the recognition rate (RR) before and after implementing the BTP technique [161] as a function of the system's number β of revocations and renewals. 8558 VOLUME 11, 2023 Therefore, this measure is defined as follows: where RR can be the identification rate (IR) of an identification system or the verification rate (VR) of an authentication system (VR = 1 − (FRR + FAR) /2), the subscripts P and O refer to the recognition rate for the protected and unprotected/original system, respectively. Therefore, RR P,i corresponds to the protected system recognition rate for version i of the β full versions created in the biometric system. When ef = 1, the protection system is efficient and does not degrade system performance. A value of ef < 1 means that the protection technique degrades recognition performance. Conversely, a value of ef > 1 indicates that the protection technique increases the recognition rate and the discrimination power of the biometric system. In conclusion, the user-specific supplementary information in two or three recognition factors increases the strength of discrimination.

B. STORAGE COST
The storage cost (SC) is the minimum number of bytes needed to store protected information D = [PI, HD] from the total population of the recognition system: where θ is the total number of system users, SC PI and SC HD are the byte storage cost of the pseudonymous identifier and helper data generated by the protection technique.

C. REVOCABILITY AND RENEWABILITY CAPACITY
This measure indicates the number of protected templates generated from a biometric trait using a BTP technique. This capacity can be limited or non-limited. Thus, when the number of cancelations and renewals of the protected information depends on the capacity of the RNG and not on the BTP technique, it is called non-limited capacity. On the other hand, a limited capacity is when the number of revocations and renewals depends on the BTP technique and not on the capacity of the RNG.

D. UNLINKABILITY
The unlinkability index (UNI) measures the statistical dependency or linear and non-linear relationship between the versions of protected templates generated for the same user in different applications or biometric systems. This measure evaluates the diversity of the protected templates to avoid cross-matching [192]. Therefore, mutual information measures the linear and non-linear dependencies of a set of random variables. Consequently, the definition of entropy is studied below to establish the mutual information of protected biometric templates with discrete and continuous probability distribution.

1) ENTROPY
Entropy measures the uncertainty or self-information of a random variable; in other words, this is the amount of information provided by the dispersion of all possible states of the variable. Therefore, the entropy depends on the probability function of the variable. So, when a discrete random variable T 1 takes B states with probability function p(T 1i ) for i = 1, 2, . . . , B, the entropy is: where H (T 1 ) ≥ 0, since 0 ≤ p (T 1i ) ≤ 1. Furthermore, the logarithm is in base two; therefore, the entropy is expressed in bits and quantifies the average number of bits needed to represent the random variable. Thus, the degree of difficulty in predicting the current state of the random variable is more significant if the entropy is greater. Nonetheless, the entropy for a continuous random variable T 1 with probability density function f (T 1 ) is called differential entropy and is defined as follows [193]: where G 1 is the support set of the random variable. Then, the differential entropy of a continuous random variable T 1 for a normal distribution N µ 1 , σ 2 1 with mean µ 1 ∈ R and variance σ 2 1 ∈ R > 0 is: On the other hand, when the random variable T 1 is a binary number of n bits, the random variable follows a binomial distribution B(n , p) with n ∈ N + and p = 1/2, where the probability of obtaining α bits in one regardless of order is described by: For α = 0, 1, 2, . . . , n. The binomial distribution can be approximated as a normal distribution N (np, np(1 − p)) by the DeMoivre-Laplace theorem when n → ∞ and p is constant [194], i.e.: As a consequence of the above, the differential entropy for a random binary number T 1 of n bits with binomial distribution B(n, 1/2) is: 2) JOINT ENTROPY Joint entropy measures the uncertainty associated with a set of random variables. In this order of ideas, the joint differential entropy of two continuous random variables T 1 and T 2 for a VOLUME 11, 2023 two-dimensional joint probability density function f ( ) with = [T 1 , T 2 ] is defined as [193]: where G is the support set of the random variables T 1 and T 2 . Hence, the joint probability density function for the two-dimensional random variable that has a normal distribution N 2 (µ, ) with mean vector µ and covariance matrix is [195]: Being | | the determinant of and also: Then, the joint differential entropy of the normal distribution N 2 (µ, ) is defined as follows [193]: Two n-bit binary random variables T 1 and T 2 that have an approximate normal distribution N (n/2, n/4) define the following joint differential entropy: where φ 12 is the Phi coefficient, which measures the association or linear correlation between two dichotomous variables T 1 and T 2 , i.e. two binary numbers. In the binary case φ 12 = ρ 12 [196], [197].

3) CONDITIONAL ENTROPY
The conditional entropy quantifies the uncertainty conditional on a random variable T 1 when another random variable T 2 is known or committed; in other words, this entropy is the amount of information needed to describe the value of T 1 when T 2 is known. Therefore, the conditional differential entropy is: The variable T 1 can be predicted from T 2 when h (T 1|T 2) < h(T 1), this probability increases if h (T 1|T 2) decreases. Also, h (T 1 |T 2 ) ̸ = h (T 2 |T 1 ). The conditional differential entropy of two random variables T 1 and T 2 with normal distribution N µ 1 , σ 2 1 and N µ 2 , σ 2 2 is defined as follows: When the two random variables T 1 and T 2 are binary numbers of n bits, the conditional differential entropy is:

4) MUTUAL INFORMATION
The mutual information measures the statistical dependence and the amount of reciprocal information obtained from a random variable T 1 when another random variable T 2 is observed. Thus, the mutual information corresponds to [193]: Mutual information is measured in bits when the entropies use logarithm in base two. Moreover, I (T 1 ; T 2 ) ≥ 0 and I (T 1 ; T 2 ) = I (T 2 ; T 1 ), i.e., T 1 says as much about T 2 as T 2 says about T 1 . The mutual information of a random variable with itself is the entropy of the random variable. Finally, two random variables are statistically independent when I (T 1 ; T 2 ) = 0.
Then, the mutual information of two continuous random variables T 1 and T 2 is obtained as follows: On the other hand, when the two random variables T 1 and T 2 are binary numbers of n bits, the mutual information is approximated as follows: Fig. 29 illustrates the behavior of (65) and (66). If ρ 12 = φ 12 = ±1 then two variables are perfectly correlated and the mutual information or statistical dependence is infinite.

5) UNLINKABILITY INDEX
This measure quantifies the linear and non-linear relationship between the β versions of protected templates from the same biometric source. Then, the calculation of the mutual information of template pairs produces the unlinkability index (UNI) in a system of θ users under the same BTP technique: where T i,j is the version j of the protected template for user i and T i,k is the version k of the protected template for user i. Assuming that T i,k is committed. Therefore, UNI at zero or close to zero indicates good diversity.

E. IRREVERSIBILITY
An original biometric template must be computationally difficult to obtain when a protected version is compromised. Therefore, the degree of irreversibility is an essential measure in evaluating BTP techniques.

1) IRREVERSIBILITY INDEX
The irreversibility index (IRI) uses conditional entropy to quantify the difficulty of reverting a protected template. Fig. 30 illustrates the uncertainty or difficulty of obtaining T 1 when T 2 is known. The most significant degree of difficulty occurs for two statistically independent variables, i.e., h (T 1 |T 2 ) = h (T 1 ). Therefore, a normalized uncertainty corresponds to h (T 1 |T 2 ) /h (T 1 ); if this relation is equal to one, then the degree of irreversibility is null and the BTP technique preserves the privacy of the biometric information [198]. The irreversibility index is evaluated for the β versions of protected templates of the θ users that use the protection technique, that is: where T i,O is the original biometric template of the subject i and T i,j is the version j of the protected template for the user i. Thus, IRI at one or close to one indicates good security and privacy of biometric information, consequently, a reliable BTP technique.

F. INTEROPERABILITY
BTP techniques must be efficient, flexible, safe, fast, and computationally inexpensive. In addition, the techniques must attend to the standardizations in biometric signal processing and personal information management. Therefore, interoperability is the overall evaluation of the performance, cost, security, privacy, flexibility, and scalability of an implemented BTP technique.

XIV. COMMERCIAL PRODUCTS WITH BTP TECHNIQUES
Technology companies are increasingly implementing biometric services or systems in their devices. Therefore, the security and privacy of biometric data are essential. Currently, companies such as Apple, Samsung, Microsoft, Google, Amazon, etc., are developing authentication systems that protect biometric information but do not directly provide the property cancelation and renewal of templates. For example, Apple developed Touch ID and Face ID authentication technologies, which safeguard biometric data's privacy and security using AES algorithms. However, these authentication technologies do not allow decision-making in the protected domain. Therefore, this section presents commercial (non-academics) products based on revocable biometric systems using BTP techniques.
• GenKey Group [199]: This company develops biometric software and provides various biometric recognition products and services used globally by governments, public institutions, and businesses. GenKey was developed out of a merger with Priv-ID. This company offers a BTP implementation using BioHASH®, a patented software that provides privacy and security to biometric templates through a stable code generation and hash function. This product complies with ISO/IEC 24745 for biometric traits such as fingerprint, vein, iris, voice, and face. In addition, this product has limited biometric entropy.
• Precise Biometrics [200]: This company offers biometric identification software worldwide. This company provides a facial recognition product called Precise YOUNiQ™, which maximizes the security and privacy of biometric information using AES 256-bit algorithms with unique keys for each image.
• Hitachi Group [201]: This company developed a finger vein authentication technology called VeinID. This technology offers physical and logical access control for multiple applications or services, e.g., cardless payment systems. Moreover, this company provides authentication modules with finger veins and fingerprints for embedding in devices. Furthermore, this company offers cancelable authentication technology, where biometric data can be revoked by changing the encryption key [202]. Likewise, this company develops cancelable authentication systems based on correlation filters, specifically correlation-invariant random filtering [141].
• Private Identity LLC [203]: This company developed and patented a solution for fully homomorphic encryption. This company developed a technology called Private ID®, which provides revocable biometric systems based on face, voice, and fingerprint. This VOLUME 11, 2023 technology preserves the user's privacy and security by efficiently implementing homomorphic encryption.
The development of commercial products with revocable biometric systems is limited. However, several companies are implementing biometric systems in their devices but still need to develop cancelable systems. Therefore, the implementation of protection techniques in real-life biometric applications or services is an open challenge in the field of BTP.

XV. CONCLUSION AND FUTURE DIRECTIONS
Biometric data consists of non-cancelable and non-renewable personal information. Therefore, the security and privacy of biometrics are critical challenges in the rise of IoT devices implementing biometric systems. This research examined vulnerabilities and proposed countermeasures for biometric systems at the hardware and software level (BTP techniques under ISO standardization). In addition, this work defined a taxonomy according to the operating principle and the type of supplementary information supported by the BTP techniques, analyzing the security, privacy, revocability, renewability, computational complexity, and distribution of biometric information for these protection techniques. Moreover, this document established quantitative evaluation measures based on information theory to compare BTP techniques. Currently, there is no obsolete protection technique. However, this manuscript gives a better overview of the advantages and disadvantages of each BTP technique.
The selection of the most suitable protection technique for a biometric system is challenging, but this research provided a detailed review of existing BTP techniques. Moreover, the proposed metrics have real-life application scenarios when different techniques need to be compared to analyze their security (irreversibility), privacy (unlikability), lifetime (revocability and renewability capacity), and performance (efficiency). This comparison helps to select the most suitable technique, e.g., in biometric applications or services with limited resources. Another application scenario is the selection of the most appropriate technique to avoid tracking, linking, cross-matching, and other personal data mining attacks in the interoperability of biometric applications or services.
On the other hand, protection techniques based on injective mappings safeguard authentication and identification systems. Furthermore, linear and injective mappings do not need to re-train the biometric system when the information is canceled and renewed. Likewise, cancelable biometrics techniques allow decision-making in the protected domain, reducing computational costs and increasing processing speed. Additionally, protection schemes based on user-specific supplementary information improve the recognition rate only in authentication systems. Finally, protection schemes based on machine learning or deep learning address the challenge of alignment-free protection systems.
Investigations in the area of BTP have solved several challenges, e.g., the three challenges addressed in this document: alignment-free protection techniques, re-training, and quantitative evaluation metrics. However, some challenges need to be addressed. Therefore, the following list of future directions is presented: • BTP techniques must be implemented and compared under evaluation metrics using authentication and identification systems with extensive databases. A secure option is to use databases based on biometric signals of liveliness, e.g., ECG, PPG, and others.
• BTP techniques are based on randomly created supplementary information. Therefore, secure and stable RNGs should be studied in detail because each BTP technique demands supplementary information with a unique distribution and range of values. In addition, RNGs should contribute to the security and privacy of supplementary information. For this reason, physical unclonable functions (PUF) are an excellent opportunity to generate secure supplementary information.
• Intra-user variability in the short and long term is a current challenge for biometric systems, but the security and privacy of biometric information are necessary. Therefore, new BTP techniques can help to address this challenge and protect biometric data. Even adaptive and cancelable biometric systems are the future direction in the field of biometrics.
• Cancelable biometrics will minimize intra-user variability and maximize inter-user variability while protecting and revoking biometric information. Consequently, the future perspective of cancelable biometrics corresponds to binding hardware and software countermeasures that reduce the computational cost and execution time, increasing the security and privacy of biometric information.
• Biometric cryptosystems need to develop new techniques and improve the techniques that enable decision-making in the protected domain, e.g., knowledge signature and homomorphic encryption. Furthermore, this family of techniques has the challenge of dealing with intra-user variability through error correction codes with low computational costs.
• ML or DL-based protection techniques need to address the re-training challenge, i.e., if a single protected template is compromised, then all parameters of the decision-making module should not be re-enrolled.
• BTP techniques must be tested and analyzed for active and passive attacks. This study would help to identify the vulnerabilities of the protection techniques. As a result, BTP techniques can be improved to prevent successful attacks, disclosure, or undesired learning of sensitive and non-private biometric information.
• More commercial biometric products with BTP techniques need to be developed. Most biometric systems with BTP techniques are in academia, and existing commercial products are mostly authentication systems. However, the implementation of BTP techniques in the real world considers the computational cost and execution time.
• The protection of biometric information safeguards privacy and prevents the disclosure of permanent information in the user's life. Therefore, the protection of biometric information should have greater social acceptance.