Juels and Sudan proposed in 2002 an algorithm for computing a fuzzy vault that binds a user's biometric template with his secret. It was suggested that this vault could be used to securely store one's secret or a cryptographic key without losing his biometric information. However, in this classical fuzzy vault, if an attacker captures multiple vaults generated from one biometric template, he is able to obtain some biometric template information by cross-matching, and then he can use it to illegally recover the secret message. To overcome this disadvantage, in this paper, a cancelable fuzzy vault algorithm is proposed based on the user's transformed fingerprint features which are used to generate a fuzzy vault. Our novel fuzzy vault is secure and can overcome the cross-matching attack without intensive computational complexity. Also, the use of three check values makes our vault have a much higher probability to detect a false query fingerprint template than some other vault versions, and it will highly improve the probability whether the reconstructed polynomial is correct or not.

• 出版日期2017-3
• 单位杭州电子科技大学