## Cryptology ePrint Archive: Report 2004/021

Externalized Fingerprint Matching

Claude Barral and Jean-Sébastien Coron and David Naccache

Abstract: The 9/11 tragedy triggered an increased interest in biometric passports. According to several sources \cite{sp2}, the electronic ID market is expected to increase by more than 50\% {\sl per annum} over the three coming years, excluding China. \smallskip

To cost-effectively address this foreseen explosion, a very inexpensive memory card (phonecard-like card) capable of performing fingerprint matching is paramount.\smallskip

This paper presents such a solution. The proposed protocol is based on the following idea: the card stores the user's fingerprint information to which random minutiae were added at enrolment time (we denote this scrambled template by $t$). The card also stores a binary string $w$ encoding which of the minutiae in $t$ actually belong to the holder. When an identification session starts, the terminal reads $t$ from the card and, based upon the incoming scanner data, determines which of the minutiae in $t$ are genuine. The terminal forms a candidate $w'$ and sends it to the card. All the card needs to do is test that the Hamming weight of $w \oplus w'$ is smaller than a security threshold $d$. \smallskip

It follows that the card only needs to embark passive data storage capabilities, one exclusive-or gate, a shift register, a counter and a comparator (less than 40 logical gates).

Category / Keywords: applications / fingerprint smart-card