SUMMARYDespite their usability advantages over traditional authentication systems, biometrics-based authentication systems suffer from inherent privacy violation and non-revocability issues. In order to address these issues, the concept of cancelable biometrics was introduced as a means of generating multiple, revocable, and noninvertible identities from true biometric templates. Apart from BioHashing, which is a two-factor cancelable biometrics technique based on mixing a set of tokenized userspecific random numbers with biometric features, cancelable biometrics techniques usually cannot preserve the recognition accuracy achieved using the unprotected biometric systems. However, as the employed token can be lost, shared, or stolen, BioHashing suffers from the same issues associated with token-based authentication systems. In this paper, a reliable tokenless cancelable biometrics scheme, referred to as BioEncoding, for protecting IrisCodes is presented. Unlike BioHashing, BioEncoding can be used as a one-factor authentication scheme that relies only on sole IrisCodes. A unique noninvertible compact bit-string, referred to as BioCode, is randomly derived from a true IrisCode. Rather than the true IrisCode, the derived BioCode can be used efficiently to verify the user identity without degrading the recognition accuracy obtained using original IrisCodes. Additionally, BioEncoding satisfies all the requirements of the cancelable biometrics construct. The performance of BioEncoding is compared with the performance of BioHashing in the stolen-token scenario and the experimental results show the superiority of the proposed method over BioHashing-based techniques.