TEMPLATE PROTECTION FOR DYNAMIC TIME ... - Semantic Scholar

TEMPLATE PROTECTION FOR DYNAMIC TIME WARPING BASED BIOMETRIC SIGNATURE AUTHENTICATION Emanuele Maiorana, Patrizio Campisi, Alessandro Neri Dipartimento di Elettronica Applicata, Universita degli Studi "Rorna Tre" Via della Vasca Navale 84, 00146 Roma, Italy e-mail: {maiorana, campisi, neri}@uniroma3.it

ABSTRACT In this paper, we propose a protected on-line signature based biometric authentication system. The original signature templates are protected by transforming them in a non-invertible way. Recovering the original biometrics from the stored data is thus computationally as hard as random guessing. The transformed templates are compared employing a Dynamic Time Warping (DTW) matching strategy. The reported experimental results, evaluated on the public MCYT signature database, show that the recognition rates are only slightly affected by the proposed protection scheme, which is able to guarantee the desired security for the employed biometrics.

Index Terms- Biometrics, Identity Theft, On-line Signature, Cancelable Templates, Biometric Security. 1. INTRODUCTION Being based on who a person is or what a person does, rather than on what a person knows (e.g., password) or what a person has (e.g., tokens), biometric based recognition systems are typically able to guarantee significant convenience and security for their users, when compared to traditional authentication methods. However, the use of biometric data in an automatic recognition system involves serious risks: if biometric data are somehow stolen or copied, they can be difficult to replace. Moreover, biometric data can contain sensitive information (e.g., health, genetic background), that can be used in an unauthorized manner for malicious or undesired intents [1]. Users' privacy can also be compromised if a cross-matching between different biometric database is performed, in order to track the enrolled subjects using their personal biometric traits. The issues deriving from security and privacy concerns need to be carefully considered when implementing a biometric based recognition system, trying to provide countermeasures to the possible attacks that can be perpetrated at the vulnerable points of the system, enumerated and detailed in [2]. The adopted measures should be able to enhance biometric data resilience against attacks, while allowing the matching to be performed efficiently, thus guaranteeing acceptable recognition performance.

The present paper is organized as follows: in Section 2 the different solutions which have been investigated in the recent past to secure biometric templates are analyzed. The proposed protected on-line signature recognition system is illustrated in Section 3. The experimental framework and the obtained results are shown in Section 4.

2. BIOMETRIC TEMPLATE SECURITY The unauthorized copy of the stored biometric data is probably the most dangerous threat regarding users' privacy and security. Therefore, many solutions have been investigated in the recent past to secure the biometric templates. Among them, the most promising approaches consist in the implementation of what has been called cancelable biometrics [2]. This expression is commonly referred to the application of non-invertible and repeatable modifications to the original biometric templates. A classification of the approaches already proposed for the generation of secure and renewable biometric has been presented in [3]. Specifically, two macrocategories, referred to as biometric cryptosystem and feature transformation approaches, have been introduced. Biometric cryptosystems [4] typically employ binary keys to secure the biometric templates, and during the process some public information, usually referred to as helper data, is used. This category can be further divided in key binding systems, where the helper data are obtained by binding a random binary key with the biometric template [5, 6], and key generation systems, where both the helper data and the cryptographic key are directly generated from the biometric template [7]. Typically, these approaches are able to manage the intra-user variations in biometric data through the use of error correcting codes. However, it is generally not possible to use dedicated matchers, thus reducing the system matching accuracy. Feature transformation approaches modify the original templates according to a key-dependent transform. It is possible to distinguish two sub-categories: salting [8] and non-invertible transform approaches [9]. A salting method employs invertible transforms: the security of the templates thus relies in the secure storage of the transformation keys.

978-1-4244-3298-1/09/$25.00 ©2009 IEEE

Authorized licensed use limited to: BIBLIOTECA D'AREA SCIENTIFICO TECNOLOGICA ROMA 3. Downloaded on January 14, 2010 at 05:05 from IEEE Xplore. Restrictions apply.

DSP 2009

On the other hand, when non-invertible transforms are considered, it is computationally hard to recover the original data from the transformed templates, even if the transformation's keys are known. Feature transformation approaches typically produce transformed templates which remain in the same (feature) space of the original ones: it is therefore possible to employ, in the authentication stage, the matchers designed for the original biometric templates. This allows to guarantee performances which are similar to those of an unprotected approach. It is also worth pointing out that, having the possibility of employing dedicated matchers, a score can be obtained as the output of the protected recognition process: secure multibiometric systems can therefore be implemented through score-level fusion techniques [10]. The first practical non-invertible transform-based approach for the protection of biometric data was presented in [11], where the minutiae pattern extracted from a fingerprint undergoes a key-dependent geometric transform. Generalizing the approach in [11], three different non-invertible transforms, namely a cartesian, a polar and a functional transform, were proposed in [9] for generating cancelable fingerprint templates. Applying the transformation to the minutiae pattern, each fingerprint region undergoes a random displacement, thus obtaining that two minutiae, belonging to different regions of the input image, are mapped into the same region in the transformed template. Considering a minutia relying in such a zone, it is impossible to determine which of the original disjoint input regions it then belongs to. A geometric approach for fingerprint template protection has also been presented in [12], where the fingerprint minutiae are mapped on a circle centered on their centroid, and the obtained projections are organized into bins according to their position to create a fingerprint code. Signature template protection has been first considered in [13] and [14], where a set of parametric features is extracted from the acquired dynamic signatures, and a hash function is applied to the feature binary representation, obtained from the analysis of some statistical properties estimated during enrollment. This method provides protection for the signature templates, although the cancelability property is not considered. In [15] an adaptation of the fuzzy vault [6] to signature protection is proposed. A salting approach has been proposed in [16] as an adaptation of the Bio-phasoring method to signature templates, while a user-adaptive version of the fuzzy commitment [5] has been proposed in [17] to provide security to the on-line signature features. Each of these approaches provide protection to a set of parametric features extracted from the considered on-line signatures. On the contrary, the approach proposed in this paper directly employs the time sequences, acquired by touch screens or digitizing tablets, as signature representation. Specifically, a non-invertible transform based approach is applied to the available time sequences, in order to generate transformed versions ofthe original functions, from which recovering any

information about the original biometrics is as much hard as random guessing. The generated templates remain in the same space of the original ones, thus allowing to employ the same matchers designed for the original biometrics. Specifically, a Dynamic Time Warping (DTW) matching strategy is here exploited to compare the transformed templates. This approach allows us to obtain authentication performances far better than those achievable with the already proposed signature template protection schemes.

3. ON-LINE SIGNATURE RECOGNITION WITH PROTECTED TEMPLATES In this Section, the proposed template protected on-line signature based authentication system is illustrated. Specifically, in Section 3.1 the template to protect, consisting of a set of signature discrete time sequences (e.g., position trajectories, pressure, etc.), is characterized. The non-invertible transform employed to protect the considered signature templates has been proposed by the authors in [18], and its description is summarized in Section 3.2. The enrollment and authentication stages are then sketched in Section 3.3. The proposed implementation employs a Dynamic Time Warping (DTW) based matching strategy to compare the biometric templates. The employed DTW algorithm [19] is briefly outlined in 3.4. In Section 4, the performance of the proposed approach employing DTW based matching strategy are given, and they are compared with the performance obtained in [18], where a Hidden Markov Model (HMM) based matching strategy has been employed. It is shown that better results can be achieved employing DTW, in both an unprotected and a protected online signature authentication system.

3.1. Feature extraction The acquired on-line signatures can be represented by the horizontal x[n] and vertical y[n] position trajectories, and the pressure signal p[n] (where n == 1, ... ,N is the discrete time index, and N is the time duration of the signature in sampling units). A geometric normalization, consisting of position normalization followed by rotation alignment, is applied to the pen-position functions x[n] and y[n]. Other four discrete time sequences are derived from x[n] and y[n], and used as an additional set of functions, namely the path-tangent angle B[n], the path velocity magnitude v[n], the log curvature radius p[n], and the total acceleration magnitude a[n] . In this paper, we have considered two different sets of functions as possible original signature templates: R 7 == {x[n], y[n],p[n],B[n], v[n], p[n], a[n]} and

7 d j - i , j = 1, . . . , W, in a vector d = [do, . .. , dw jT, where do and d w are respectively set to 0 and 100. Considering a generic original sequence r( i) [n ] E R F , this function is divided into W segments r(i)j ,Nj [n] oflength N j = bj - bj - i , r( i)j ,Nj [n]

= r(i) [n + bj -

i ],

j

=

1, ... , W,

(I)

l-Mo . J,

where bj = N j = 1, . .. , W. Basically, the function r( i) [n ] is split into W separated parts according to the randomly generated vector d. A transformed function J(i) [n], n = 1, ... , K, is then obtained through the linear convolution of the functions r( i) j ,Nj [n ], j = 1, ... , W: J(i) [n] = r(i)l ,N, [n]

* ... * r(i)W,Nw [n].

I I

Fig. 2. Warping function and Sakoe/Chiba band definition (adapted from [21]). the attacker collects more than a single transformed template, and try to recover the original biometric information by using them all together. It is worth pointing out that other already proposed non-invertible transform based protection schemes, like those in [11] and [9], are vulnerable to a record multiplicity attack. 3.3. Enrollment and Authentication stages In the proposed template protected on-line signature based authentication system, E signatures are acquired from each user during enrollment. From each signature, the original representation R'F is evaluated, and then the protected templates T F, e = 1, . . . , E , are computed and stored in a database. During authentication, the user claims his identity providing a test signature, which is processed to generate its transformed template T~. This test sample is then compared to all the E templates in the reference set. The comparisons are performed employing the DTW algorithm described in Section 3.4, whose output is the distance b..(TF, T~) between the test sample T~ and the reference sample TF. The minimum of the E distances between the test sample T~) and the E reference samples TF), e = 1, . .. , E, is taken as representative of the verification process. A decision regarding whether the signature is authentic or a forgery is made by comparing the result of the matching to a threshold.

(2)

Different realizations can be obtained from the same original functions, simply by varying the size or the values of the parameter key d. The effects of the employed transforms are shown in Figure I, where the horizontal and vertical position trajectories extracted from an original signature are transformed according to different decomposition vectors, and then recombined to reconstruct the transformed signature. In [18] it has been shown that recovering an original sequence r(i) [n] from its transformed counterpart J(i) [n] is computationally as hard as random guessing. Moreover, the difficulty of inverting the employed transform has been discussed also considering a record multiplicity attack, where

3.4. Dynamic Time Warping Dynamic Time Warping (DTW) [19] is a well known method to compare sequences of different lengths. The use of DTW for template matching is encouraged by the results obtained during the Signature Verification competition in 2004 (SVC 2004) [20], where the algorithm [19], employing DTW matching, has given the best performances in terms of Equal Error Rate (EER), when tested with skilled forgeries. The DTW algorithm finds the optimal alignment between two sequences, such that the sum of the differences between each pair of aligned points is minimal. Formally, having indicatedwithA = {ad,i = 1, ... , I , and B = {b j},j =

Authorized licensed use limited to: BIBLIOTECA D'AREA SCIENTIFICO TECNOLOGICA ROMA 3. Downloaded on January 14, 2010 at 05:05 from IEEE Xplore. Restrictions apply.

35

I CJE ERR _ EE RF

30

_

SF

'

25

'~"" 20

~ 15 8 10 o '-----~----'-

o

4

6

10

o0

,-., 25 ·

,......, 25 ..

'"e" 20 "" ~ t: 15

'~""" 20

§

o

'T 4

]E 10

6

·

§

.

~ 15 .

° 10

10 .

5 .

o

0

4

6

10

o

0

4

6

EER(in %)

EER(in %)

EER(i n %)

EER(i n %)

(a)

(b)

(e)

(d)

10

Fig. 3. Normalized histograms for the EERs obtained repeating 20 times the authentication process. The employed system parameters are W = 2, D = 10%.(a) E = 5,F = 7; (b) E = 5,F = 14; (c) E = 1O,F = 7; (d) E = 1O,F = 14. 1, ... , J , two sequences of feature vectors, representing respectively the biometric template employed as reference and the biometric sample to be verified, a point-to-point distance J (i , j) between the elements a, and b j can be evaluated, for i = 1, ... ,Iandj = 1, ... , J . Typically,J(i,j) is computed as the Euclidean distance between the vectors a, and b j . With reference to Figure 2, where the patterns A and B are developed along in an i - j plane, the DTW algorithms finds the optimal warping function W = {w(kn = {(i(k) ,j(k)n, k = 1, ... , K, which connects the points w(l) = (1,1) and w(K) = (1, J), minimizing the total distance

L\w(A, B)

=

K

K

k =l

k= l

L J(w(k)) = L J(i(k) ,j(k))

(3)

The minimum accumulated distance minW EW{L\w(A , B)}, where W represents the set of all properly defined distortion paths W for A and B, is employed to characterize the dissimilarity of the considered sequences. In order to compensate the effect of the summation of K terms in (3), a normalization has to be done on the minimum accumulated distance. Specifically, we normalized the distance minwEw{L\w(A , Bn with respect of the length I of the reference sequence A, thus defining the asymmetric distance L\(A,B) = minwEw{L\w(A,Bn jI as the dissimilarity measure between the sequences A and B. The paths in W have to satisfy the necessary monotonic and continuity requirements [21]. Moreover, only the paths which remain in the so-called Sakoe /Chiba band [21], depicted in Figure 2, are taken into account. Differently from [19], no additional slope constraint has been considered. Eventually, instead of using the normalized minimum, maximum, and template distance values as in [19], only the minimum accumulated distance minwEw{L\w(A , Bn is considered as matching score, without any user dependent score normalization, It is worth pointing out that, when employing DTW as matcher in an unprotected signature based recognition system, the stored templates permit to perfectly reconstruct both the shape and the dynamics of the signatures. This

important privacy and security issue gives a remarkable relevance to the proposed signature template protection approach.

4. EXPERIMENTAL RESULTS An extensive set of experiments is performed to test the effectiveness of the proposed non invertible transform based signature protection scheme. The tests are conducted using the public version of the MCYT on-line signature corpus [22], which comprises 100 users, for each of which 25 genuine signatures and 25 skilled forgeries have been captured during five different sessions. Forgers were asked to perform the imitation after observing the static image of the signatures to imitate, having tried to copy them at least 10 times , and by then writing the forgeries naturally without breaks or slowdowns. We first verify the variability of the authentication performance with respect to the selection of the trans formation key d. To accomplish this task, we perfonned the authentication process over the available database 20 times, randomly varying at each iteration the transformation parameters d for each user. The values dj , j = 1, ... , W - 1, which define the decomposition vector d, are taken in the range of integers [5, 95] to guarantee a minimum segment's length. We keep fixed the number of segments W = 2 in which the signature time sequences are divided, and the width of the Sakoe /Chiba band employed in the DTW algorithm [21], as indicated in 3.4 (D = 10%, expressed as percentage of the minimum length between the test and reference signature). For each user, the enrollment is performed taking E signatures from the first two available sessions, while signatures belonging to the other three sessions are employed to test the authentication performances, in terms of False Recognition Rate (FRR). The False Acceptance Rate (FAR) for skilled forgeries (FARsF) is computed using the available 25 skilled forgeries. The FAR for random forgeri es (FAR R F ) is computed taking, for each user, ten signature from each of the remaining users. In Figure 3 the dependence of the matching performance from the employed transformation parameters is shown. Specifically, the normalized histograms of the EERs obtained considering both random (EERRF) and skilled for-

Authorized licensed use limited to: BIBLIOTECA D'AREA SCIENTIFICO TECNOLOGICA ROMA 3. Downloaded on January 14, 2010 at 05:05 from IEEE Xplore. Restrictions apply.

30 1fT'~r=======:::;""]

_

20

~ c

-=--....

15

o?

~

10

10

15 20 FRR(in %)

25

o o

30

25

o

o

30

10

15

20

30

25

FRR(in %)

(a)

(b)

(e)

(d)

Fig. 4. ROC curves for an unprotected system, and for protected systems with W = 2,3,4, considering skilled forgeries. The employed system parameter is D = 10%. (a) E = 5, F = 7; (b) E = 5, F = 14; (c) E = 10, F = 7; (d) E = 10, F = 14. EE R (in %)

HMM DTW

Unprotected approach

W - 2

Protected approach

W - 3

W -4

9 .75 5 .53

12.55 8 .13

15 .70 11.07

20 .05 14.09

Table 1. EERs achieved employing HMM and DTW based matching strategies, considering skilled forgeries. E 5 signatures are considered for the enrollment , and F = 7 functions for the signature representation RF. geries (EERs F) are given. Moreover, different test cases are taken into account, varying both the number E of signatures considered during enrollment (E E {5, 10}), and the number F of functions which are considered in the original signature representation R F (F E {7,14}). As requested for a properly designed non-invertible transform method, varying the employed transform parameters does not result in significant modifications of the matching performances. The variance of the obtained EERs decreases when the number of enrollment signatures E is higher. When E = 10 signature are taken for the enrollment, and R F consists of F = 14 signature sequences, the EER obtained considering skilled forgeries has a mean value of 5.7%, and a variance of 0.41 %. The EER for random forgeries has a mean value of 3.4% and a standard variation of 0.62%. The performances of an unprotected and a protected system where DTW is used as matching algorithm are also compared. In Figure 4 the achieved authentication performances, where the FAR is referred to the situation with skilled forgeries (FARs F), are presented. Considering the case when E = 10 and F = 14, the EER for skilled forgeries in an unprotected system is equal to 3.93%, and it decreases only slightly to 5.7% when template protection is provided, considering W = 2. When W = 3 an EER of about 7.4% is obtained, while if each signature function is divided in W = 4 segments before performing the convolutions, the EER raises to 9.7%. It can be also seen how increasing the number F of employed functions in the signature representation R F greatly improves the recognition performances, and produces

F

7

14

D(in %)

Unprotected approach

W -2

Protected approach

W - 3

W -4

I 5 10 15

6.53 4.20 4 .00 4.00

7.07 5 .95 6. 33 7.00

9.07 8.80 8.67 8 .60

11.13 10.73 11.40 11.40

I 5 10 15

6.00 4.07 3 .93 4.00

6.70 5 .22 5.71 5.97

8.80 7.20 7.40 7 .13

10.93 9 .20 9.73 9.47

Table 2. EERs (in %) considering skilled forgeries. E signatures are considered for the enrollment.

=

10

enhancements comparable to those achieved increasing the number E of signature taken during enrollment. The recognition rates achieved employing the proposed DTW based matching strategy are also compared to those obtained employing HMM modeling for template matching, as in [18]. Specifically, in Table 1 the EERs achievable using the two matching algorithms , related to a test case with E = 5 and F = 7, are shown. The tests are performed using the public MCYT database, and considering skilled forgeries. As it can be seen, when considering both unprotected and protected systems, the DTW based matching strategy outperforms the HMM based one. The reported recognition rates represent the best achievable performances for the HMM based approach, with respect to the selection of the HMM parameters (number of states and number of Gaussian densities for each state). The performances related to the use of a DTW strategy can still be optimized with respect to the width D of the Sakoe/Chiba band employed during the matching. Specifically, the EERs achievable considering skilled forgeries, and varying the parameters F , W, D while keeping fixed the number of signature taken during enrollment (E = 10), are listed in Table 2. The best authentication rates achievable for protected and unprotected systems, considering both F = 7 and F = 14, are reported in bold in Table 2. When a protected system with W = 2 is taken into account , the best performances are obtained for D = 5%.

Authorized licensed use limited to: BIBLIOTECA D'AREA SCIENTIFICO TECNOLOGICA ROMA 3. Downloaded on January 14, 2010 at 05:05 from IEEE Xplore. Restrictions apply.

When comparing HMM and DTW based matchers, it is worth reporting that a DTW based matcher usually requires more time to perform authentication than a HMM based one, depending on the number of enrollment acquisitions E. However, being signatures usually employed for verification instead of for identification, the computational velocity is not a practical issue for real world applications.

5. CONCLUSIONS In this paper a biometric authentication system, where non invertible transforms are employed to protect the employed signature templates, has been proposed. A DTW based matcher is exploited to compare the transformed templates. Experimental results, evaluated on the public MCYT signature database, illustrate that the performances of the proposed protected approach are comparable with those of an unprotected system, and that the employed DTW matcher outperforms the HMM strategy proposed in [18]. Employing the proposed non invertible transform based protection approach, the system described in this paper can be fused with the one presented in [18] by exploiting score fusion techniques [10]. In this way, it is possible to further improve the authentication performances, while properly guaranteeing the security of the employed biometric data.

6. REFERENCES [1] S. Prabhakar, S. Pankanti, A.K. Jain, "Biometric Recognition: Security and Privacy Concerns", IEEE Security & Privacy Magazine, Vol. 1, No.2, pp: 33-42,2003. [2] N.K. Ratha, J.H. Connell, R. Bolle, "Enhancing Security and Privacy ofBiometric-based Authentication Systems", IBM Systems Journal, Vol. 40, No.3, pp. 614-634,2001. [3] A.K. Jain, K. Nandakumar, A. Nagar, "Biometric Template Security", EURASIP JASP, January 2008. [4] U. Uludag, S. Pankanti, A.K. Jain, "Biometric cryptosystems: Issues and Challenges", IEEE Multimedia Security for Digital Rights Managmement, Vol. 92, No.6, pp: 948960,2004. [5] A. Juels, M. Wattenberg, "A Fuzzy Commitment Scheme", ACM Conf. Computer and Comm. Sec., 1999. [6] A. Juels, M. Sudan, "A Fuzzy Vault Scheme", Des. Codes Cryptography, Vol. 38, No.2, pp. 237-257,2006. [7] Y. Sutcu, Q. Li, N. Memon, "Protecting Biometric Templates with Sketch: Theory and Practice", IEEE Trans. on Information Forensensic and Security, Vol. 2, No.3, pp. 503-512, 2007. [8] A.B.J. Teoh, D.C.L. Ngo, A. Goh, "Random Multispace Quantization as an Analytic Mechanism for BioHashing

of Biometric and Random Identity Inputs", IEEE Trans. on PAMI, Vol. 28, No. 12, pp. 1892-1901,2006. [9] N. Ratha, S. Chikkerur J. H. Connell, R. M. Bolle, "Generating Cancelable Fingerprint Templates", IEEE Trans. on PAMI, Vol. 29, No.4, pp. 561-572, April 2007. [10] A.A. Ross, K. Nandakumar, A.K. Jain, Handbook of Multibiometrics, Springer, USA, 2006. [11] R. Ang, R. Safavi-Naini, L. McAven, "Cancelable KeyBased Fingerprint Templates", Australian Conference Information Security and Privacy, pp. 242-252, July 2005. [12] Y. Sutcu, H.T. Sencar, N. Memon, "A Geometric Transformation to Protect Minutiae-Based Fingerprint Templates", SPIE Defense & Security, 2007. [13] C. Vielhauer, R. Steinmetz, A. Mayerhofer, "Biometric Hash based on statistical Features of online Signatures", ICPR, Vol.1, pp. 123-126,2002. [14] H. Feng, C.W. Chan, "Private Key Generation from Online Handwritten Signatures", Information Management and Computer Security, pp: 159-164, 2002. [15] M. Freire-Santos, J. Fierrez-Aguilar, J. Ortega-Garcia, "Cryptographic key generation using handwritten signature", SPIE Defense & Security, Vol. 6202, pp. 225-231, 2006. [16] W.K. Yip, A. Goh, D.C.L. Ngo, A.B.J. Teoh, "Generation of Replaceable Cryptographic Keys from Dynamic Handwritten Signatures", ICB, pp. 509-515,2006 [17] E. Maiorana, P. Campisi, A. Neri, "User Adaptive Fuzzy Commitment for Signature Templates Protection and Renewability," SPIE JEI, Special Section on Biometrics, 2008. [18] E. Maiorana, M. Martinez-Diaz, P. Campisi, J. OrtegaGarcia, A. Neri, "Template Protection for HMM-based On-line Signature Authentication", CVPR, June 2008. [19] A. Kholmatov, B. Yanikoglu, "Identity Authentication Using Improved Online Signature Verification Method", Pattern Recognition Letters, Vol. 26, No. 15, 2005. [20] D.-Y. Yeung et aI., "SVC2004: First International Signature Verification Competition", ICBA, July 2004. [21] H. Sakoe, S. Chiba, "Dynamic programming algorithm optimization for spoken word recognition", IEEE Trans. on Acoustics, Speech and Signal Processing, Vol. 26, No. 1, pp. 43-49, 1978. [22] J. Ortega-Garcia et al. "MCYT baseline corpus: A bimodal biometric database", lEE VISp, Special Issue on Biometrics on the Internet, Vol. 150, No.6, 2003.

Authorized licensed use limited to: BIBLIOTECA D'AREA SCIENTIFICO TECNOLOGICA ROMA 3. Downloaded on January 14, 2010 at 05:05 from IEEE Xplore. Restrictions apply.