Iris based cancelable biometric cryptosystem for secure healthcare smart card

Health related information of an individual is very sensitive and demands a high level of security and privacy. Healthcare providers have the responsibility to ensure that patient information is secure and accessible only to authorized users. Healthcare systems are using biometrics since long for authentication and/or access control purposes. Biometrics can also be used for healthcare data security and privacy. This paper proposes an iris based cancelable biometric cryptosystem to securely store the healthcare data of patients on the smart card. It employs symmetric key cryptography to encrypt the healthcare data and store it on the smart card in encrypted form. We use the fuzzy commitment scheme to bind the secret encryption key with the cancelable iris template of the patient. Our proposed scheme provides user authentication as well as the decryption of healthcare data when needed by using the iris template of the owner of the healthcare smart card. The implementation results show that our proposed scheme provides better performance as compared to other schemes. It can generate an encryption key of a maximum of 252 bits from the input iris template with a false acceptance rate (FAR) of 0 and a false rejection rate (FRR) of 0.07. The generated key can be used for encrypting the health care data of patients using a symmetric encryption algorithm, e.g. Advance Encryption Standard (AES), International Data Encryption Algorithm (IDEA), Blowfish, etc. As compared to a conventional encryption system where the security of the system depends on keeping the key secret, our proposed scheme binds the encryption key with the iris - template of the patient impeccably without the need to store it securely. The security analysis demonstrates that it is not possible for an attacker to retrieve the secret key or healthcare data of the patient from the stolen healthcare card.