Algorithms for Processing Biometric Data Oriented to Privacy Protection and Preservation of Significant Parameters

The content of a biometric database can be used for different purposes, and their complete list is usually unknown in advance. These purposes include different variants of processing noisy data, such as authentication and identification of a person on the basis of his biometric observations, detection of certain features, etc. General requirements to data processing schemes in any of these applications contain the design of a verification scheme consisting of the enrollment and the verification stages. At the enrollment stage, the input data should be converted to the data stored in the database under the identifier of the person. At the verification stage, the presented data have to be analyzed to make the decision whether they belong to the chosen person or not. Privacy protection of the data includes protection against attackers of three types:


Introduction
We address a general theory of transformations of biometric data, independently on particular biometric features taken into the processing.An application assumes representation of data in the specified format and the use of the proposed technique.
The content of a biometric database can be used for different purposes, and their complete list is usually unknown in advance.These purposes include different variants of processing noisy data, such as authentication and identification of a person on the basis of his biometric observations, detection of certain features, etc.General requirements to data processing schemes in any of these applications contain the design of a verification scheme consisting of the enrollment and the verification stages.At the enrollment stage, the input data should be converted to the data stored in the database under the identifier of the person.At the verification stage, the presented data have to be analyzed to make the decision whether they belong to the chosen person or not.Privacy protection of the data includes protection against attackers of three types: • a blind attacker, who wants to guess the content of the database using his knowledge about the probability distribution over input biometric data; • an attacker, who has access to the database and wants to find the input biometric vector processed at the enrollment stage; • an attacker, who has access to the database and wants to generate artificial data to pass through the verification stage with the acceptance decision.
• If input data are represented by the vector whose components are generated by a stationary memoryless source having the known probability distribution, then they can be converted to the vector x whose components are uniformly distributed over the (−1, +1) interval.Therefore, the scheme has a perfect protection against blind attackers.A generalized version of the procedure brings the same property for non-stationary sources.Moreover, if the source has memory or the input probability distribution is unknown, an approximate uniform distribution can be created.
• The enrollment can be organized in such a way that the constructed vector x is encrypted and mapped to the vector x, which is stored in the database.The encryption is understood as replacement of certain components of the vector x by randomly chosen components.As a result, the input biometric data cannot be reconstructed from the vector x.We show that the encryption can be organized in such a way that the properties of the constructed uniform distribution are conserved, but the union of (−1, −a) and (+a, +1) intervals replaces the (−1, +1) interval.The value of parameter a ∈ (0, 1) controls the trade-off between privacy protection and the verification performance, and it has be assigned in advance.As a result, the scheme becomes protected against attackers, who have access to the database and want to guess the input vector by reading the corresponding vector stored in the database.
• The case, when biometrics of the same person is measured at the enrollment and the verification stages, is simulated as transmission of outcomes of the enrollment stage measurements over an observation channel.We create another channel between results of transformations of these outcomes.It turns out that this channel has the property that the level of noise essentially depends on the magnitude of the transmitted component, and it is very low when the magnitude is large.Since a large magnitude at the output of the transformer is obtained when the input magnitude is large, we talk about the preservation of significant parameters under the noise, provided that these parameters are represented in a vector of outcomes of biometric measurements by components having large magnitudes.We present a verification algorithm designed on the basis of these properties.
Verification algorithms are considered in the most of publications, related to biometrics (see, in particular [1]- [4]), and they are usually introduced as algorithms of combinatorial matching of the outcomes of observations received at the enrollment and at the verification stages.However, secrecy requirements to a biometric system to be designed do not allow storage of the outcomes received at the enrollment stage, and lead to the schemes where only relatively few outcomes characterizing the person are taken into account.In the present chapter, these outcomes are referred to as significant components.The algorithms with similar understanding are presented in [6]- [8] where significance is determined by the values of the probability distribution function computed at the observed values.This approach follows the lines of information theory when data processing is represented as secret sharing [9]- [12].Some part of the secret is published, while another part is hidden by the so-called one-way hash function [13] and it has to be decoded after a noisy version of the observation data is available.The transformation of the outcomes, received at the enrollment stage, to a published part of the secret is also viewed as wrapping in a number of applications where the unwrapping is possible only when outcomes, received at the verification stage, are close to the wrapped data [14].The use of possibly non-stationary probability distributions also allows us to include multi-biometric measurements (see, for example [15], [16]) into the processing.Furthermore, the addressed issues are relevant to constructing fault-tolerant passwords from biometric data [17]- [19].The cited list of publications is certainly far from being complete, but we only indicated directions that are relevant to the material of the chapter.We also understand that specific applications of the presented results need research on probability distributions of the measured biometric data.In particular, the approaches can be fruitful for the schemes where different lengths are processed (for example, distances between certain points on the face or hand).
The chapter is organized as follows.We begin with the introduction and the notation sections and then introduce the F-transformation for the input data and their noisy observations in Sections 3,4.A possible implementation of the verification scheme, constructed using the derived properties, is presented in Section 5. Some general conclusions are included in Section 6.
Suppose that outcomes of biometric measurements of a person, received at the enrollment stage, are represented by a float-valued vector r = (r 1 , . . ., r n ) ∈ R n .The t-th component of the vector r has the sign, which is understood as and the magnitude Thus, the specification of the component r t is equivalent to the specification of the pair (sgn(r t ), |r t |).Such a representation is introduced, because we assume that sgn(r t ) and |r t | are independent parameters: if one knows the sign, then he has no information about the magnitude; if one knows the magnitude, then he has no information about the sign.Furthermore, we will assume that the magnitude |r t | characterizes "significance" of the t-th component: for example, if r t is defined as the difference between the value of the measured parameter and the average or the expected value, then |r t | determines the deviation of the t-th parameter for the particular person.
We will analyze the scheme where one of results of the processing of the vector r at the enrollment stage is expressed by a float-valued vector x = ( x1 , . . ., xn ) ∈ F n whose components have magnitudes less than 1, i.e., The vector x is stored in the database under the identifier of the person, associated with the vector r.We call it the wrapped version of the input data.The transformation r → x is not a one-to-one mapping, and some data are lost.This transformation is divided into two steps.We first introduce a one-to-one mapping r ↔ x, where x = (x 1 , . . ., x n ) ∈ F n , and Transformations of the vector r to the vector x stored in the database under the identifier of the person.(b) Transformation of the vector r ′ to the vector y at the verification stage for its comparison with the vector x and investigation of the closeness of the vectors r and r ′ .
then encrypt the vector x in such a way that the change of the t-th component x t is possible only if |r t | is small.
At the verification stage, the verifier observes a vector r ′ = (r ′ 1 , . . ., r ′ n ) ∈ R n .This vector is mapped to the vector y in the same way as r was mapped to x, and there should be an algorithm that analyzes the pair (y, x) to find the closeness of the vector r ′ and some vector r that could be used as an origin of the vector x.If the verifier decides that these vectors are close enough, then components of the vector r ′ are considered as possible outcomes of biometric measurements of the person whose identifier corresponds to the vector x.
The procedures above describe a general structure of the verification scheme under constraints that the transformation r → x is divided into two steps and that components of the constructed vectors belong to the set F. These procedures are illustrated in Figure 1 where we use some additional notation.Namely, we parameterize the mappings r ↔ x and r ′ ↔ y by a monotone increasing function F(r), r ∈ R, approaching 0 when r → −∞ and r → +∞, respectively.Formally, and By (4), (5), the function F has a uniquely determined inverse function F −1 , and we can simulate the data received at the verification stage, as the result of transmission of the vector x over a channel consisting of the deterministic F −1 -transformation x → r, the stochastic mapping r → r ′ introduced by a physical V n channel, and the deterministic F-transformation r ′ → y (see Figure 2a).As the verifier also has access to the vector x Encryptor constructed as an encrypted version of the vector x, we get the situation, when the vector x is sent to the verifier over two parallel channels.If the level of noise in the physical channel is not high, then the verifier is supposed to make the acceptance decision.As an alternative, there is a possibility that the vector r is generated independently of the vector x (see Figure 2b where we delete the F −1 -transformation).In this case, the verifier is supposed to make the rejection decision.

Notation
Let R, R ′ , X, Y denote random variables and r, r ′ , x, y denote their values.This notation is also extended to the vectors of random variables R n , (R ′ ) n , X n , Y n and their values r, r ′ , x, y.
In the basic model, we assume that the vector r is generated by a stationary memoryless source having the probability distribution (PD) F * and the probability density function (PDF) P * , The value of the PDF, associated with the vector r, is expressed as We will simulate the stochastic mapping r → r ′ as transmission of the vector r over an observation channel, which is introduced as a stationary memoryless channel specified by the collection of the conditional PDs Φ r and the collection of the conditional PDFs V r , for all r ∈ R. The value of the conditional PDF, associated with the output vector r ′ , given the input vector r, is expressed as Let where is the erf-function, denote the Gaussian PD and PDF, when m is the mean and γ 2 is the variance.We will also use the function

The F-transformation of the input data
The function F, satisfying (4), (5), is the PD of some random variable R, and we write The corresponding PDF is defined as Notice that (F * , P * ) = (F, P) in general case and denote Let us fix the function F, satisfying (4), ( 5), and map an r ∈ R to the x ∈ F using the rule The function F has a uniquely determined inverse function and the equality (20) implies r = r(x), where The F-transformation of the vector r ∈ R n will be understood as the result of n component-wise applications of the mapping (20).
Some values of r(x) for Gaussian data are given in Table 1.Notice that The data in Table 1 illustrate the point that ( 20) is a non-linear mapping.In particular, if ρ = 2, then the values belonging to the interval (0, 0.64) are mapped to the values between 0 and 0.25, . . ., the values greater than 3.92 are mapped to the values between 0.95 and 1.The mapping r ↔ x is also illustrated in Figure 3.
x = 0 0.25 0.50 0.75 0.80 0.85 0.90 0.95 1  In the following considerations we will restrict ourselves to the class of functions F, satisfying (4), ( 5) and having additional symmetric properties: and The F-transformation of input data can be viewed as an application of the inverse to the well-known construction of pseudorandom generators having a fixed probability distribution F. In this case, an algorithm generates the value z of a random variable "uniformly distributed over the (0, 1) interval" and outputs F −1 (z) ∈ (0, 1).Our scheme receives an r ∈ R and outputs 2F(r) − 1 where the multiplication by 2 and the subtraction of 1 are introduced because of further processing of the signs and the magnitudes.Notice that a similar approach can be used to generate Gaussian variables having the mean 0 and the fixed variance ρ 2 ; the transformer has to output FG −1 0,ρ (F(r)) in this case.
As 2F(R) − 1 is a deterministic function of the random variable R, the value of x is the observation of the random variable X = 2F(R) − 1 having the PD f * and the PDF p * .We write and Therefore By ( 8) and the fact that the F-transformation is a component-wise mapping, the value of the PDF, associated with the vector x, is expressed as for all x ∈ F n .
If (F * , F) = (FG 0,ρ * , FG 0,ρ ), then we use (23) and write Hence, where ψ ρ/ρ * (x) is defined by (15) with c = ρ/ρ * .Examples of the functions f * (x) and p * (x) are given in Figures 4, 5.  Suppose that F * = F. Then and i.e., X is a random variable, uniformly distributed over the set F. If the vector x is stored, then the database is perfectly protected against attackers, who want to guess its content.If F * = F, then we get an approximate uniform distribution.However, r → x is a one-to-one mapping, and the attackers, who have access to the database, can reconstruct the vector r.Our assumption that the vector r is generated by a known stationary memoryless source, and the value of the PDF, associated with this vector, is expressed by (8), can contradict to the practice.If the source is non-stationary, and P * 1 (r 1 ), . . ., P * n (r n ) replace the multipliers at the right-hand side of (8), then considerations above are directly extended by replacing the function F with the functions that approximate the PDs of components of the input vector.A more general assignment corresponds to the sources with memory, when the PDs and the PDFs are given as where r t−1 = (r 1 , . . ., r t−1 ) and t = 1, . . ., n.Then Let and x t−1 = (x 1 , . . ., x t−1 ), r(x t−1 ) = (r 1 (x 1 ), . . ., r t−1 (x t−1 )).We also denote These formulas allow us to extend statistical properties of the F-transformation of the input data to the general case.

The F-transformation of noisy observations of the input data
Let us denote for all x ∈ F. If (Φ r , V r ) = (FG r,σ , G r,σ ) for all r ∈ R, then the observation channel is an additive white Gaussian noise channel having the variance of the noise equal to σ 2 .
Let us map an r ′ ∈ R to the y ∈ F in the same way as an r ∈ R was mapped to the x ∈ F, i.e., y = 2F(r ′ ) − 1 and r ′ = r(y), where r(y) = F −1 y+1

2
. Notice that the value of y is the observation of the random variable Y = 2F(R ′ ) − 1 having the conditional PD ϕ x and the conditional PDF v x , given X = x, since 2F(R ′ ) − 1 is a deterministic function of the random variable R ′ .The result of the F-transformation of the vector r ′ ∈ R n , will be understood is the vector (2F(r ′ 1 ) − 1, . . ., 2F(r ′ n ) − 1).One can see that the stochastic dependence between random variables R and R ′ is translated to the stochastic dependence between random variables X and Y in such a way that Therefore the conditional PDs and the conditional PDFs are specified as for all x ∈ F. By (11) and the fact that the F-transformation is a component-wise mapping, the value of the PDF, associated with the vector y, given the vector x, is expressed as for all x, y ∈ F n .
The computation of the PDs ϕ x is illustrated in Figure 6 for Gaussian data, and examples of functions constructed using this procedure are given in Figures 7, 8. and the expression at the right-hand side tends to infinity, as ε → 0, i.e., the created channel becomes noiseless.In other words, we preserve significant components of the vector r in noisy observations for a wide class of observation channels.
If Φ r = FG r,σ , then and if F = FG 0,ρ , then these equalities can be continued as as it follows from (23).We also write where does not depend on ρ.By (52), the expression at the right-hand side of (57) specifies the value of v(x|x).The function E(x) is minimized at x = 0 and tends to infinity, as x → ±1 (see Table 2).Thus, the PDF v x tends to the δ-function, as x → ±1.The speed of convergence is proportional to the ratio ρ/(2σ).
The derived formulas will be used in the evaluation of verification performance, but some preliminary estimates can be already presented.Namely, let us fix a λ ∈ (0, 1) and, for all x ∈ (0, 1), denote where y λ is the solution to the equation ϕ(y λ |x) = λ and the function ϕ(y|x) is expressed in (55).Furthermore, let where the function ψ(x) is defined in (15) for c = −ρ/σ.By the symmetry properties, Λ x is the probability that the input symbol, having the magnitude x, changes the sign after the symbol is transmitted over the X → Y channel.The probability that Y < x − ∆ x (λ) is equal to λ, when +x is transmitted.The probability that Y > −x + ∆ x (λ) is also equal to λ, when −x is transmitted.The numerical illustration is included in Table 2 for (ρ, σ) = (1, 1/4).For example, if x = 0.90, then Y < 0 with the probability 2.4 • 10 −11 and components of the vector (10 −2 , 10 −4 , 10 −8 , 10 −16 ) are the probabilities of the events Y < 0.90 − (0.19, 0.37, 0.71, 1.22) = (+0.71,+0.53, +0.19, −0.32).Comparison of parameters above for different x allows us to conclude that the increase of the magnitude of the transmitted symbol leads to essential improvement over the channel having the input alphabet (-1,+1) and the output alphabet {-,+}.

Constructing the wrapped versions of input data and verification over noisy observations
We believe that there is a large variety of verification schemes that can be constructed on the basis of statistical properties of the probabilistic ensemble (X, Y).We modify the scheme in

ID(r)
a, a 0 ∈ (0, 1) x ∈ F n Hash(s) Figure 1a and introduce the so-called zone encryption (see Figure 9), x → (a, a 0 ), x, s where a, a 0 ∈ (0, 1), a > a 0 ; x = ( x1 , . . ., xn ) ∈ F n ; s = (s 1 , . . ., is the identifier of the person whose data are given by the vector r, then the enrollment is represented as the mapping ID(r), r → ID(r), (a, a 0 ), x, Hash(s) (62 where the function Hash is a cryptographic "one-way" function having the property that one can easily find the value of the function for the given argument, but the inversion (finding the argument for the known value of the function) is practically impossible.The parameters at the right-hand side are stored in an open access database (see Figure 10).
The use of "the zone encryption", is caused by the point that we partition the (−1, +1) interval into 5 zones: Significant +/− zones (Sg + , Sg − ), Buffer +/− zones (Bf + , Bf − ), Zero zone (Zr), where Let the notation xt ∼ U(+a, +1) be understood in such a way that the value of xt is chosen at random using a uniform PD over the (+a, +1) interval.Similarly, if xt ∼ U(−1, −a), then the value of xt is chosen at random using a uniform PD over the (−1, −a) interval.If x is the wrapped version of the vector r, constructed by the F-transformation, then we set Therefore components of the vector x, belonging to the Significant zones, are unchanged and components, belonging to the Zero zone, are set to zero.Components, belonging to the Buffer zones, are changed in such a way that the results belong to the Significant zones with different signs.The presented procedure is illustrated in Figure 11, and the binary vector s having components specifies the Significant zones.The zone encryption can be introduced as representation of the vector x by the sum of three vectors, constructed as follows: set x = 0 for all t = 1, . . ., n and use the rules The vector x can be also represented by the sum of three vectors, x = x(Sg) + x(Bf) + where we first set x(Sg) = 0 for all t = 1, . . ., n and then set Thus, the t-th component of the vector x is either equal to 0, or belongs to the set Sg + ∪ Sg − .Furthermore, xt > 0 implies xt ∈ Sg + , and xt < 0 implies xt ∈ Sg − .Thus, n = n (Sg) ( x) + n (Zr) ( x), where The numerical example of the zone encryption is given in Table 3.Since | − .77|,| − .81|∈ (.76, .88)= (a 0 , a), the 2-nd and the 8-th components of the vector x belong to the Buffer zones.The encryptor replaces these components by numbers chosen at random from the (+.88, +1) interval.For example, −.77 → +.90 and −.81 → +.95.The vector x = (0, +.90, +.91, 0, −.98, 0, 0, +.95) and the hidden version of the vector s = (0, 0, 1, 0, 1, 0, 0, 0) are stored in the database.
Similarly to (63), let us introduce the sets where the function r(x), x ∈ F, is defined in (22).It is important to notice that the same vector x encrypts many vectors r and If xt ∈ Sg + , then the conclusion, whether r t belongs to the sets rSg + or rBf − , is specified by the t-th component of the vector s, which is hidden from the attacker.Similarly, if xt ∈ Sg − , then the conclusion, whether r t belongs to the sets rSg − or rBf + , is also specified by the t-th component of the vector s.The total number of variants is equal to 2 n (Sg) ( x) .All of them are presented in Table 4 for the vector x, defined in (74).For example, if F = FG 0,1 , then (r(.88), r(.76)) = (1.55,1.17) and r 2 , r 3 , r 8 ∈ (+1.55, +∞) ∪ (−1.55, −1.17), r 5 ∈ (−∞, −1.55) ∪ (+1.17, +1.55), r 1 , r 4 , r 6 , r 7 ∈ (−1.17, +1.17).
If we construct a uniform probability distribution at the enrolment stage by using the F-transformation, then all variants are equivalent, and the probability of the correct guess of the vector s by an attacker, who knows the vector x, is equal to and the value of the sum n (Sg) (x) + n (Bf) (x) is a function of the vector x and the pair (a, a 0 ).
Notice that the randomization at the enrollment stage can be replaced by deterministic mappings Bf + → Sg − and Bf − → Sg + .For example, if the Significant and the Buffer zones have equal sizes, i.e., if 1 − a = a − a 0 , then one can follow the rules: if Let us introduce the decoding as the mapping y, (a, a 0 ), r 1 , r 4 , r 6 , r 7 ∈ rZr Table 4.The list of vectors r that are encrypted by the vector x, defined in (74).
Let the verifier set ŝ1 = • • • = ŝn = 0 and, for all t = 1, . . ., n, use the rule: where the value of the threshold T is a function of (a, a 0 ), which will be specified later.
The verifier can then check whether Hash( ŝ) is equal to the value of Hash(s), stored in the database, or not.If the answer is positive, then the acceptance decision is made.If the answer is negative, then the rejection decision is made.

Without loss of generality, let us suppose that
New Trends and Developments in Biometrics x 1 , . . . ,x n ∈ Sg + ∪ Bf + ∪ Zr (80) The decoding error in the case, when the vector r ′ is a noisy version of the vector r, occurs in one of two situations (see Figure 12).E 10 : (s t , ŝt ) = (1, 0).Then x t ∈ (+a, +1), as it follows from (80) and s t = 1.Furthermore, y t < +T, since ŝt = 0 implies that the conditions at the left-hand side of (79) are not satisfied.Hence, E 01 : (s t , ŝt ) = (0, 1).Then x t ∈ (+a 0 , +a), as it follows from (80) and s t = 0, ŝt = 0. Furthermore, y t < −T, since ŝt = 1 implies that the conditions at the left-hand side of (79) are satisfied.Hence, If the channel X t → Y t would be an additive channel, then its probabilistic description does not depend on the input to the channel, and the differences at the left-hand sides of (81), (82) specify the magnitudes of the noise.The differences at the right-hand sides give lower bounds on these magnitudes.If T = (a − a 0 )/2, then these differences are equal.However, as the created channel is not an additive channel, we will use another assignment of T.
The decoding error probability, denoted by Λ(T|x), can be bounded from above as where and New Trends and Developments in Biometrics The products on t at the right-hand sides are written because the observation channel is memoryless and the inequalities follow from the assumption (50).Notice that, by (55), and assign T in such a way that Suppose that there is a blind attacker, who does not have access to the database and wants to pass through the verification stage with the acceptance decision.We also assume that the attacker can fix a small δ > 0 in such a way that 1 − δ > a.Let the attacker submit a vector r ′ , which is mapped to the vector y ∈ {−1 + δ, +1 − δ} n , i.e., the t-th component of the vector y is either equal to −1 + δ or +1 − δ.Let the decision, whether the t-th component of the vector r ′ is equal to r(−1 + δ) or r(+1 − δ), be made with probabilities 1/2.The probability of the acceptance decision is equal to 2 −n (Sg) ( x) , since the verifier "punctures" n − n (Sg) ( x) components xt equal to 0 and sets the t-th component of the binary vector equal to 1 if and only if sgn( xt ) = sgn(y t ).By (77), the obtained probability is exactly the same as the probability of success of an attacker, who knows the vector x.Thus, we attain the property of a perfect algorithmic secrecy of the designed verification scheme: although the database is open and an attacker may know the vector x, he cannot include this information into the guessing strategy.
Suppose that the vector x ∈ F n is generated by a memoryless source according to a uniform probability distribution over the set F. One can see that the probability that there are i, i 0 , n − i − i 0 components of the vector x whose magnitudes belong to the (a, 1), (a 0 , a), (0, a) intervals, respectively, is equal to and arg max Hence, the typical distribution of magnitudes under considerations (see Figure 13) is specified as where w, w 0 ∈ {0, . . ., n} are integers, fixed in such a way that w ≤ w 0 .Let (w, w 0 ) = (32, 64).Compute (a, a 0 ) using the expressions at the left-hand side of (91), and consider the typical case when the distribution of magnitudes of components, belonging to the Significant and the Buffer zones, is given by the right-hand side of (91), i.e., there are 32 magnitudes belonging to the Significant zones, 64 − 32 = 32 magnitudes belonging to the Buffer zones, and n − 64 magnitudes belonging to the Zero zone.Thus, the vectors x under consideration are such that n (Sg) (x) = n (Bf) (x) = 32.Then (88) is equivalent to the equality ϕ(+T| + a) = ϕ(−T| + a 0 ).One can see that the equality above implies the assignment (F, Φ r ) = (FG 0,ρ , FG r,σ ) independently of ρ and σ.The corresponding vectors x contain 32 + 32 = 64 non-zero components, and the secrecy of the verification scheme, evaluated by the probability of correct guess of the vector s on the basis of the vector x (see (77)), is equal to 2 −64 .Notice that if the attacker would know that n (Sg) (x) = n (Bf) (x) = 32, then this probability is equal to ( 64 32 ) −1 .Some numerical results are included in Table 5, and one can see that the decoding error probability is very small even for noisy channels and relatively small lengths.
The presented version of the verification algorithm uses only the signs of components of the vector x, and this vector can be transformed further to a ternary vector whose contain either 0 or the sign.An improvement of the performance is attained by using the maximum likelihood decoding rule, when we construct the vector ŝ in such a way that ŝt =   

Conclusion
We believe that there is a request for general theory of processing biometric data, caused by a large variety of parameters that can be taken into account and their different descriptions.It is usually difficult to find a probabilistic models for biometric observations received both at the enrollment and the verification stages that agree with practical situations.One of the most important features is privacy protection, which makes the reconstruction of outcomes of biometric measurements on the basis of the corresponding record record, stored in the database difficult.Another part of privacy protection should make the generation of artificial outcomes of the measurements that allow an attacker to pass through the verification with the acceptance decision difficult.The algorithms presented above can be considered as candidates for the inclusion into such a theory.We introduce the F-transformation of input data, where F specifies some probability distribution.As a result, the data are mapped into the (−1, +1) interval and, if the actual probability distribution is memoryless and it coincides with the multiplicative extension of F, then we attain a uniform probability distribution over the (−1, +1) interval.Otherwise, a uniform distribution can be approached using a generalized version of the F-transformation.The use of the proposed technique for noisy observations at the verification stage leads to an interesting effect that rare outcomes over the artificial ensemble, defined by the probability distribution F and the corresponding probability density function P, are reliably transmitted over any additive observation channel, since P(r(y)) appears in the denominator of the constructed probability density function (see 48).This property allows us to transmit large magnitudes over the constructed X → Y channel with high reliability.Notice that this claim is not affected by the match of the actual probability distribution of input data and the introduced probability distribution F.
The points above can be translated to different verification strategies.Our verification algorithm can be viewed as a secret sharing scheme where the input vector r is converted to a pair of vectors ( x, s).The vector x is published, while the vector s is supposed to be decoded on the basis of the vector x and a noisy version of the vector r.An important ingredient of the presented algorithms is the dependence of the threshold T on the pair (a, a 0 ).This dependence assumes that the verifier assigns this pair depending on the vector x received at the enrollment stage.Some other verification schemes are described in [20].

Figure 2 .
Figure 2. Schemes for transmission of the vector x to the verifier: (a) Legitimate case.(b) Attack.

Figure 3 .
Figure 3. Illustration of the one-to-one mapping x ↔ r = r(x).

Figure 9 .
Figure 9. Processing the vector r at the enrollment stage with zone encryption.

Figure 10 .
Figure 10.Mapping of the input data to the data stored in an open access database.

Figure 11 .
Figure 11.Partitioning of the (−1, +1) interval into zones and illustration of the mapping x t → xt , when x t belongs to the Buffer zones.

Figure 12 .
Figure 12.Illustration of the events, when the decoding error occurs and x t ∈ Sg + ∪ Bf + .

1 aFigure 13 .
Figure 13.The typical partitioning of the values of magnitudes in three zones.

Table 3 .
Example of the zone encryption where gaps contain zeroes.