What problem does this paper attempt to address?

The problems that this paper attempts to solve are: 1. **Secure and privacy - protected key establishment between stateless biometric sensors and user tokens**: In many application scenarios, it is necessary to establish a secure communication channel between a stateless biometric sensing system and a user's smart token without pre - configuration. In such scenarios, traditional methods based on pre - shared keys or public key infrastructure (PKI) may not be applicable or are inefficient. 2. **Online identity authentication**: Existing biometric authentication protocols usually require users to register in advance, and may disclose users' sensitive information during the authentication process. Therefore, this paper proposes a new online biometric authentication key exchange protocol (oBAKE), which can achieve two - way privacy - protected authentication and key establishment without disclosing the user's biometric template. 3. **Multi - round query optimization**: In order to improve the success rate of authentication, the sensing system can send queries based on different sensor data samples in multiple rounds. This enables the protocol to better adapt to non - ideal biometric collection situations that may occur in the actual environment. ### Specific problem description - **Security and privacy**: How to ensure that the user's biometric information is not disclosed during the authentication process? - **Stateless sensing system**: How to design a stateless sensing system so that it can perform authentication without user pre - registration? - **Efficiency**: How to ensure that the user token can efficiently process multiple queries to reduce the computational burden? ### Solution overview The oBAKE protocol proposed in the paper solves the above problems in the following ways: - **Feature vector matching**: Use the BBKDF (Biometric Bound Key Derivation Function) scheme for feature vector matching. By introducing the centralization technique, it is ensured that even if two feature vectors are close to the threshold in some dimensions, the same key can be generated. \[ \text{BBKDF}(\mathbf{v}_1+\mathbf{c})=\text{BBKDF}(\mathbf{v}_2+\mathbf{c}) \] where $\mathbf{c}$ is the centralization vector, and $\mathbf{v}_1$ and $\mathbf{v}_2$ are two feature vectors. - **Random numbers and encrypted verifiers**: The two parties in the protocol exchange random numbers and encrypted verifiers to ensure the security of mutual authentication. Specifically, the sensing system and the user token perform verification by calculating the MAC (Message Authentication Code). - **Multi - round query mechanism**: The sensing system can send multiple queries, each query containing a feature vector calculated from different sensor data samples. The user token only needs to perform a string comparison for each query, thereby reducing the computational burden. In conclusion, this paper aims to implement a secure, efficient, and privacy - protected online biometric authentication key exchange method through the oBAKE protocol, which is suitable for various interactive systems, such as ATM face recognition, etc.