1 Introduction

The biometric-based human recognition provides a genuine solution to the problems encountered in the identity representations of traditional token-based and knowledge-based systems. The significance of biometric science in today’s society has been augmented by the necessity for extensive identity management systems whose operability depends on the precise ascertainment of a person’s identity in relation to certain distinct applications [13]. The physical and behavioral traits (biometric traits) of an individual like fingerprint, face, iris, hand geometry, voice, gait, etc. have exhibited tremendous potential to distinguish between an adversary and a genuine person [37]. Among all the biometric traits, the fingerprint biometric has shown tremendous potential to substitute the conventional password or token-based security and person identification system. A fingerprint comprises of a specific pattern of interspersed ridges and valleys [9]. A feature set derived from these patterns is stored as a template in the template database in the fingerprint biometric system. The fingerprint biometric systems hold the largest market share in biometrics and have been used in diverse applications.

Besides providing secured authentication, the fingerprint-based biometric systems are also susceptible to a variety of attacks. Ratha et al. [25] in their study identified eight different types of attack points in a typical fingerprint biometric system [33,34,35]. Among all, the attack on the fingerprint templates in the database is the most severe and adverse, which may completely degrade the performance of the overall fingerprint biometric system. The fingerprint biometric trait being finite in number, any jeopardy in the fingerprint database results in permanent loss of the identity of an individual [8, 26]. The safeguarding of fingerprint template database is an onerous and crucial issue [22, 31]. To counter measure these attacks on the fingerprint template database, two broad template protection approaches have been proposed in the literature, feature transformation [5, 11, 20, 24, 27, 28, 40, 42] and biometric cryptosystem [15, 17, 23, 29, 30, 39]. The latter one requires a key to convert the template into a secured template using encryption and decryption. In cryptosystem-based template protection, some universal details about the biometric template, known as helper data, are stored. This helper data is required to draw out a key from the query feature-set during the process of matching. Where as in transformation-based template protection, a transformation function (F) is used to transmute a raw template (T) into protected-template (F (T, K)) and the transmuted template is stored in a database. Mostly, the transformation function uses an arbitrary key K as an input parameter. Before the matching, the input query feature (Q) is transmuted into protected query (F (Q, K)) using the same transformation function (F) and the transmuted query (F (Q, K)) is compared with the transmuted template (F (T, K)) [2].

In comparison to cryptosystem-based template protection, the transformation-based approaches are more popular and it requires less effort for the transformation purposes. Particularly, a lot of research work is being carried out in the field of cancellable biometrics since the last decade. One of the important issues is to design a template protection scheme that yields better performance as well as satisfies the ideal characteristics such as revocability, diversity, security and accuracy. To the best of our knowledge, several pioneer contributions from researchers have witnessed significant improvement in cancellable fingerprint template protection. One of the key concerns is to design a template security technique that besides securing the templates satisfies the ideal characteristics such a revocability, irreversibility and higher performance. Moreover, existing fingerprint cancellable template protection schemes exhibit the problem of trade-off among various ideal parameters such as security versus revocability, size of security template vs. security, and etc. Therefore, these limitations motivated us to design a novel transformation-based cancellable template security scheme for fingerprint-based systems (FinCaT). Broad motivation of this work is to present an efficient solution that satisfies the features of an ideal template protection scheme with higher security through our proposed quadrant mapping and a non-invertible function.

The prime contributions of this study are underlined as:

  1. i.

    We present a novel transformation-based template protection for scheme fingerprint trait that satisfies majority of the design criteria for an ideal template protection scheme.

  2. ii.

    Our FinCaT method utilizes the proposed quadrant mapping via a non-invertible transformation function and the minutia points in each quadrant are transformed distinctly.

  3. iii.

    The performance evaluation of the proposed FinCAT technique is also carried out on the FVC 2002 benchmark dataset.

  4. iv.

    The security and comparative analysis of the proposed FinCaT technique demonstrates promising performance as compared to other similar methods.

The list of symbols and acronyms used in this study is provided in the Table 7 under Appendix section of this article.

The rest of the paper is structured as follows: Section 2 provides a brief literature survey of various state-of-the-art transformation-based template protection schemes. Section 3 discusses the proposed template protection scheme and the algorithms. Section 4 present the template database used, the result analysis and inferences followed by the conclusions in Section 5.

2 Related work

In this section, we review and analyze some of the state-of-the-art (SOTA) transformation-based template protection techniques. For generating a cancellable and rescindable fingerprint template, polar-grid based 3-tuple quantization (PGTQ) was proposed by Jin et al. in 2012, wherein a set of minutiae points is transformed into bit-string. Cao & Jain [8] has revealed that it is possible to rebuild the image from the fingerprint template that stores the information about minutiae points in raw and the rebuilt image can be utilized in intruding the biometric systems. Wang et al. [41] used partial discrete Fourier transform (DFT) and handmade transform in order to generate a secured fingerprint template from the minutiae points. However, the recognition performance is affected by the consequential degradation of the distinguished fingerprint features in the course of transformation. Ali et al. [4] proposed a distinctly secure scheme, which utilizes the location information regarding the minutia points to create a protected user template. Security analysis proves that this technique is very sturdy and reliable. In 2019, Atighehchi et al. proposed an improved Bio-hashing algorithm in which the projection matrix is produced by integrating the secret and biometric data. The proposed technique has been evaluated on FVC2002 DB1 fingerprint database, PolyFKP (knuckle print database) and VEINEGY database (dorsal hand vein database). The experimental analysis shows that by combining the secret with biometric data, the proposed scheme has reduced the impact of the stolen-token attack. Kho et al. [19] proposed a binary cancellable fingerprint template based on an alignment-free minutiae descriptor, Partial Local Structure (PLS) and Permuted Randomized Non-Negative Least Square (PR-NNLS) optimization problem. The PLS descriptor is concatenated with the PR-NNLS to guarantee non-invertibility and cancellability of the proposed fingerprint template.

In 2020, Trivedi et al. improvised their method proposed in [36] by using Delaunay triangulation of minutiae points and user key. Some feature which does not contain any information regarding the location of minutia points is elicited from the triangle so as to obtain a non-invertible template. A modified symmetric hash method was proposed by Ajish & Anil Kumar [2] in which a key value is used as a multiplication parameter. The modified symmetric hash function is a combination of salting and non-invertible transformation. An advanced feature transformation technique was recently proposed by Jacob et al. [12], which uses DNA based encoding methodology. The Z pattern generation has been used for implementing the transformation followed by the DNA codec. Abdullahi et al. [1] proposed a novel technique for the generation of a reliable and sturdy hash from a fingerprint image using Fourier-Mellin transform and fractal coding. The proposed technique has been evaluated on FVC2002 and FVC2004 fingerprint databases. The experimental results show an average EER of 2.3325% in all six databases. The proposed method shows sturdiness and resilience to confidentiality and security attacks. Much recently, alignment-free cancellable fingerprint templates with dual protection, composed of the window-shift-XOR model and the partial discrete wavelet transform were designed by Shahzad et al. [32]. The window-shift XOR model effectively defends the ARM with simple operations and is combined with the partial DWT to provide dual protection and enhance matching performance. The designed cancellable templates satisfy non-invertibility, diversity and revocability and show superior recognition accuracy. Trivedi et al. [38] proposed a non-invertible transformation technique which uses the local geometry of the minutiae. The proposed technique introduces minutiae triangulation in which minutia points are grouped into sets to generate triplets of minutiae forming a triangle. The proposed method has been evaluated on FVC2000, FVC2004 and FVC2006 databases and produces an EER of 5.57, 2.56 and 0.478, respectively. This method satisfies all the design criteria of an ideal template protection scheme except for the revocability property. A revocable Minutia Cylinder Code-based fingerprint template protection technique has been proposed by Bedari et al. [7], which involve the utilization of a dynamic random key model known as Dyno-key model. The proposed method has been evaluated using FVC2002, FVC2004 and FVC2006 databases and yields better results in terms of EER in comparison with the existing techniques. Kavati et al. [18] proposed a novel fingerprint protection technique in which elliptical structures of minutia points are used. The proposed technique yields good results in terms of FAR and FRR. A comparison among various template security schemes is depicted in Table 1.

Table 1 An overview of state-of-the-art transformation-based template protection schemes
Full size table
Table 2 A depiction of original minutia point and their secured values
Full size table

3 The proposed FinCAT approach

In this section, we present the framework and algorithms for our novel FinCAT method. The proposed cancellable mechanism in a fingerprint-based system is explained through a two phase process via enrollment and authentication. The framework of the proposed FinCAT approach is shown in Fig. 1, where the system comprises of two phases namely; enrollment and verification. In the enrollment phase, a user identity is stored in the system database in the form of a secured template (Xt) by applying our security algorithm. A similar mechanism is employed during authentication phase, where the presented transformed template (Qt) is compared with stored template (Xt) of the user through a matching algorithm. The transformed templates are differently mapped through the notion of quadrant-mapping and non-invertible transformation function. It results into a more compact and secured template as original 2D features is mapped to a 1D space. An original 2D template of size n × 3 (i.e. n minutia points) extracted by the feature extractor is transformed by FinCAT to more secured template of size n.

Fig. 1
figure 1

Framework of the proposed FinCaT approach

Full size image

3.1 Enrollment phase

During enrollment phase, a fingerprint image Ft(x, y) is obtained from the sensor and some requisite preprocessing is performed on it. The minutia features are acquired from the enhanced fingerprint image and lastly, the transformation function is applied on the feature vector to acquire a secured template. The notion behind the proposed FinCAT technique is explained through a systematic manner and the four broad steps are: (i) Pre-processing, (ii). Feature extraction (iii) Quadrant mapping and (iv) Non-invertible transformation function.

  1. i.

    Pre-processing

The standard of input fingerprint images greatly determines the accuracy of minutiae extraction algorithms. Hence, several quality enhancement techniques are applied over the images to improve their quality such as estimation of local ridge orientation and frequency helps in predicting the missing ridge line & improving the ridge separations, segmentation is used to separate the area of the fingerprint from the background and singular regions are also detected. Binarization of fingerprint image is done to convert the gray-scale image into black and white image, which provides sharper and clearer contours in the image.

  1. ii.

    Feature extraction

The enhanced fingerprint image is subjected to the thinning operation, which removes selected foreground pixels from the digital image resulting in a thin skeleton fingerprint image. This skeleton fingerprint image is provided as an input to the feature extractor, say φ. Among the local fingerprint features, the bifurcation minutiae (where a ridge gets divided into two ridges) and termination minutiae (ridge ending points) feature points are most widely used. The coordinates of these minutia feature points are obtained as follows. If a pixel is on a thinned ridge and eight-connected, its value is 1, otherwise it is 0. Suppose a pixel (x, y) lies on a ridge and H0: H7 be its eight neighbors, then Eq. 1 [14] is applied.

Type of ridge =\( \left\{\sum \limits_{j=0}^7{H}_j=1|\left(\mathrm{x},\mathrm{y}\right)\ \mathrm{is}\ \mathrm{ridge}\ \mathrm{termination}\right\} \)

$$ \left\{\sum \limits_{j=0}^7{H}_j>2|\left(\mathrm{x},\mathrm{y}\right)\ \mathrm{is}\ \mathrm{ridge}\ \mathrm{bifurcation}\right\} $$
(1)

The orientation ‘θ’ of the minutiae is acquired as the computation of the angle between the ridge line and the horizontal axis of the minutiae coordinate position (x, y). Hence, the feature vector Vt (xt, yt, θt) is obtained.

  1. iii.

    Quadrant mapping

The quadrant mapping is defined as a process in which a Euclidean coordinate system is divided into 4 distinct quadrants. A quadrant is 1/4th of a coordinate plane as shown in Fig. 2. The quadrant mapping is applied over the feature vector Vt (xt, yt, θt) containing different minutiae, obtained in the feature extraction phase.

Fig. 2
figure 2

An illustration of our proposed quadrant mapping

Full size image

With the origin (0, 0) and θ ranging from 0° to 360°, the feature vector is divided into four quadrants I (0°- 90°), II (90°- 180°), III (180°- 270°) and IV (270°- 360°). The transformation function, when applied to distinct quadrants, takes different limit values for each quadrant in order to acquire a non-invertible template. The limit values of the transformation function are set as per the quadrant.

  1. iv.

    Non-invertible transformation function

The feature vector generated by feature extraction module is transformed to a secured fingerprint template through a non-invertible function. Initially, the coordinates (i.e. x & y) of the minutiae points are concatenated to obtain a single coordinate using the Eq. 2:

$$ z={x}_t^2+{y}_t^2 $$
(2)

A transformation function is applied over the four quadrants of the feature vector which takes the concatenated coordinate value ‘z’ and a random number ‘n’ as the parameters. The random number is generated using randint (min,max) function in python. The transformation function is given in Eq. 3:

$$ \mathrm{f}\left(\mathrm{m},\mathrm{n}\right)={\int}_0^{2\pi }z\sin n\theta\ d\theta $$
(3)

The transformation function applied over the four quadrants takes different limits in order to make the feature vector non-invertible. The transformed minutiae in different quadrants are appended together in a secure template Xt. Hence, a secured fingerprint template Xt is generated which is stored in the template database. The whole procedure can be understood with the help of an example. Suppose an image Ft (x, y) is obtained from the fingerprint sensor. After pre-processing and feature extraction, a feature vector Vt (xt, yt, θt) is obatined, where (xt, yt) is the minutiae location and θt is the minutiae orientation. Let a minutia point be \( {V}_j^k \) (2, 3, 33°). Here, z = 12 + 22 = 5. Let n be 4. As θ = 33°, it lies in the first quadrant. So, the following transformation function would be applied to it.

$$ {\displaystyle \begin{array}{c}1\left(\mathrm{m},\mathrm{n}\right)={\int}_0^{\frac{\pi }{2}}z\sin n\theta\ d\theta ={\int}_0^{\frac{\pi }{2}}5\sin 4\theta\ d\theta =5{\left|-\cos 4\theta \times 4\right|}_0^{\frac{\pi }{2}}\\ {}\kern1.5em =-20\left|\cos \left(4\times \frac{\pi }{2}\right)-\cos \left(4\times 0\right)\right|=-20\left|\mathit{\cos}2\pi -\mathit{\cos}0\right|=-20\left(1-1\right)=0\end{array}} $$

All the transformed minutiae values of the feature vector are appended in a single template Xt which is a non-invertible fingerprint template. The secure template is stored in the fingerprint template database. The algorithm for enrollment is given in Algorithm 1. The algorithm takes a fingerprint image as an input. For each image, the feature extractor extracts different features like minutiae location & orientation and these values are stored in a feature vector. For each minutia point, Eq. 2 is applied to concatenate the coordinate values into a single coordinate. After utilizing the quadrant mapping, the minutiae in each quadrant are transformed into secured minutiae. The secured minutiae are appended to a list in order to obtain a secured minutiae template. Thereafter, the resultant secured minutiae template is stored in the template database. An example showing the procedure of our algorithm is shown in Table 2, where original template is converted to corresponding secured template.

Algorithm 1
figure a

Algorithm for enrollment

Full size image

3.2 Verification phase

Through the process of verification phase, an alike course as in the enrollment phase occurs in order to transform a query fingerprint image into a secured query template. The secured query template is compared with the stored template in the database by a matching algorithm and the similarity score that is a Euclidean distance between two given templates. The result of the match/ non-match is generated based on the similarity score between the two templates. The Match_score d\( \left({\boldsymbol{X}}_{\boldsymbol{t}}^{\boldsymbol{i}},{\boldsymbol{Q}}_{\boldsymbol{t}}^{\boldsymbol{i}}\right) \) may be computed by using Eq. 4

$$ \mathrm{d}\left({\boldsymbol{X}}_{\boldsymbol{t}}^{\boldsymbol{i}},{\boldsymbol{Q}}_{\boldsymbol{t}}^{\boldsymbol{i}}\right)=\sqrt{{\left({\boldsymbol{f}}_{\boldsymbol{i}}^{\mathbf{1}}-{\boldsymbol{f}}_{\boldsymbol{i}}^{\mathbf{1}\prime}\right)}^{\mathbf{2}}+{\left({\boldsymbol{f}}_{\boldsymbol{i}}^{\mathbf{2}}-{\boldsymbol{f}}_{\boldsymbol{i}}^{\mathbf{2}\prime}\right)}^{\mathbf{2}}+{\left({\boldsymbol{f}}_{\boldsymbol{i}}^{\mathbf{3}}-{\boldsymbol{f}}_{\boldsymbol{i}}^{\mathbf{3}\prime}\right)}^{\mathbf{2}}+{\left({\boldsymbol{f}}_{\boldsymbol{i}}^{\mathbf{4}}-{\boldsymbol{f}}_{\boldsymbol{i}}^{\mathbf{4}\prime}\right)}^{\mathbf{2}}} $$
(4)

If the distance between the two templates is less or equal to a given threshold, say σ, the user is accepted otherwise user is rejected. The matching algorithm collates the query template with the secured template stored in the database. The collation is done by calculating the Euclidean distance between the respective minutiae points of the two templates. The algorithm to calculate the match_score is given in Algorithm 2.

Algorithm 2
figure b

Algorithm for verification

Full size image

4 Result analysis and discussions

This section discusses the database and the performance metrics used to assess the performance of the proposed FinCaT technique. It also provides the details about the different experiments performed to calculate the results.

4.1 Benchmark FVC2002 database

The majority of the methods have employed FVC2002 database to evaluate the results of their presented techniques. Therefore, the FVC2002 [21] database is used for the performance assessment of the proposed template and some sample images are shown in Fig. 3. A total number of 550 fingerprint samples are available in this dataset that were captured through optical sensor, capacitive sensor and SFinGv 2.51. The performance of fingerprint template security schemes using FVC databases is evaluated using two different protocols [10], namely FVC protocol and 1vs1 protocol. The detail of the FVC2002 dataset is summarized in Table 3.

Fig. 3
figure 3

Few sample images of FVC2002 database

Full size image
Table 3 An illustration of FVC2002 database with specifications
Full size table

4.2 Performance evaluation parameters

Among several parameters for designing and evaluating the proposed FinCAT approach, we use key parameters such as: quadrant mapping based on angle of the minutia feature, a transformation function, and a random number for design of FinCAT. Whereas, the threshold, false accept rate (FAR), false reject rate (FRR), equal error rate(ERR), DET curve, and ROC are used for performance evaluation. The random number is used to generate a new secured template for the user in the case when it is compromised in the dataset. The quadrant mapping and a non-invertible function ensure the more secured as well as diverse transformed template for a user. The threshold is used to evaluate our approach for effectiveness in flexible as well as more critical scenarios. On the other hand, FAR, FRR, ERR and Recognition accuracy are used for measuring the error rate of the approach so that a comparison with other similar approaches may also be carried out. Additionally, ROC and DET measures are used to find the ERR measures as some existing methods also have been evaluated on these protocols. The performance of the proposed template protection technique is evaluated using different performance metrics that are explained briefly as follows.

  1. i.

    False acceptance rate (FAR): FAR is the fraction of imposter users accepted by the biometric system. The imposters are allowed to access the system. The value of FAR should be as low as possible.

    FAR = ((Accepted imposters) / (Total imposter trials)) × 100

  2. ii.

    False rejection rate (FRR): FRR is the fraction of genuine users rejected by the biometric system. Although the users are genuine, they are forbidden to access the system. The value of FRR should be low.

    FRR = (Genuine users rejected) / (Total genuine trials) × 100

  3. iii.

    Genuine accept rate (GAR): It is the proportion of genuine users felicitously accepted by the biometric system. The value of GAR should be high. It is calculated as 1 – FRR.

  4. iv.

    Equal error rate (EER): If the performance of the system needs to be most accurate, the FAR and FRR curves must not superimpose on each other. So, the value where FAR becomes alike to FRR, the ratio is called the equal error rate. The EER value should be low.

4.3 Performance of FinCaT

In this section, we evaluate the performance of our proposed FinCaT technique through a series different experiment.

4.3.1 Recognition accuracy at different thresholds

The overall recognition accuracy of the proposed approach is evaluated after the calculation of FAR and FRR values. The FAR and FRR values are plotted against different thresholds. This gives the EER curve. EER is the point where the ratio of FAR is almost alike to the FRR and the performance of  our technique is depicted in Table 4. The GAR of FinCAT at various thresholds is illustrated in Table 5. Moreover, the efficacy of FinCaT can be obeserved from Fig. 4 that shows its performance in terms of FAR versus FRR.

Table 4 Performance of the FinCaT technique at different thresholds
Full size table
Table 5 Performance in terms of GAR against different thresholds
Full size table
Fig. 4
figure 4

Error rate of FinCaT at different thresholds

Full size image

4.3.2 ROC evaluation for FinCaT

Receiver Operating Characteristic (ROC) curve is the graphical representation of the relationship between the Genuine Accept Rate (GAR) and the False Accept Rate (FAR). The ROC graph plots the GAR (on the Y axis) and FAR (on the X axis) for a range of threshold values. The best performance curve in the ROC graph is the one which is nearer to the top and the performance of our algorithm is shown in Fig. 5 [43].

Fig. 5
figure 5

A representation of ROC evaluation for FinCaT

Full size image

4.3.3 DET curve evaluation for FinCaT

Detection Error Trade–off (DET) is the graphical plot of error rates for a range of thresholds, i.e. the graphical plot of False Reject Rate (on the Y axis) vs False Accept Rate (on the X axis) for a range of threshold values. The best performance curve in the DET graph is the one which close to the bottom (X axis) and it is depicted in Fig. 6.

Fig. 6
figure 6

DET curve evaluation of FinCaT

Full size image

4.3.4 Equal error rate evaluation for FinCaT

The EER is measured as the equal or at least equal or the minimum distance between the FAR and FRR. In the table 5.2, the FAR and FRR values are calculated with respect to the threshold values. The difference between the FAR and the FRR is minimum when the threshold value is 0.7. Hence, it is chosen as the decision threshold. The equal error rate (EER) at this threshold is calculated as 5.95%. Also, the recognition accuracy at this threshold value is calculated as 94.05%.

4.4 Comparison against similar techniques

The EER values of the proposed template scheme are calculated and compared with the EER values of other state-of-the-art template protection techniques for evaluation of the comparable performance. The performance comparison with existing techniques is depicted in Table 6.

Table 6 Performance comparison in terms of EER with existing techniques
Full size table

4.5 Analysis of the FinCAT

The proposed technique provides better performance in terms of low error rate and high accuracy. Moreover, our FinCAT technique provides high cancellability that implies that the secured template is cancellable in nature. It infers that if the secured template is compromised, the old template can be revoked and a new generated template will be replaced instead of the compromised one. As a simple non-invertible function is used for transformation purposes as well as for the matching of templates that result in low computational complexity of the proposed technique. The original 2D feature vectors are transformed to a 1D vector that results in a compact representation of the stored templates, which further improves matching performance. The transformed templates are highly secured as it is challenging to guess the exact content of the secured template by an adversary through reverse engineering. Moreover, if an adversary is able to compromise the template, it is arduous to reconstruct the original biometric template. Therefore, masquerade attacks are significantly countered by the FinCAT. Although the proposed template protection scheme has several benefits but it still suffers from some limitations. First, the proposed approach provides limited accuracy of approximately 94.6% that may be improved. Additionally, the FinCAT approach needs to be evaluated on other recent fingerprint benchmark databases.

5 Conclusions

The security and privacy of fingerprint-based systems have become one the key issue due to their susceptibly to diverse range of attacks. In this study, we proposed a novel fingerprint cancellable template protection scheme to countermeasure the template database attacks. Our method utilizes a non-invertible transformation function to create a cancellable fingerprint template with the aim of escalating the security of the FRS. It can be observed that our non-invertible transformation function distorts the location of the minutia point and represent it as a single numerical point that boost the security of the original fingerprint template. The transformation function applied over the four quadrants takes different limits in order to make the feature vector non-invertible. Since the proposed secured template does not contain the minutiae’s dimensional location, it is safe from fingerprint reconstruction. Our FinCAT approach yields comparable performance through secured templates in database with high revocability and diversity. The approach provides compact representation of the secured templates that require low storage as well as improved matching rate. In future, we plan to conduct more extensive experiments to evaluate FinCAT on other benchmark fingerprint datasets such as FVC 2004 and FVC 2006, and etc. Moreover, the work may be extended where the FinCAT may be applied to other biometrical traits such as iris, face and hand geometry.