Rolling biometric key exchange

US 10,469,259 B1
Filed: 11/07/2018
Issued: 11/05/2019
Est. Priority Date: 11/07/2018
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

at least a first computing device comprising;

a first memory to store instructions; and

first processing circuitry, coupled with the first memory, operable to execute the instructions, that when executed, cause the first processing circuitry to;

receive biological information corresponding to a user via at least one input device;

perform analysis on the biological information;

determine one or more biological characteristics uniquely associated with the user based on the performed analysis;

generate a character string based at least in part on the one or more biological characteristics, wherein the character string comprises a plurality of alphanumeric characters, the alphanumeric characters being space delimited and character delimited such that the space delimitation and the character delimitation uniquely relates to the user;

provide the character string for generating a biometric key;

at least a second computing device comprising;

a second memory to store instructions; and

second processing circuitry, coupled with the second memory, operable to execute the instructions, that when executed, cause the second processing circuitry to;

access or receive the character string;

generate, using the character string, the biometric key based on a cryptographic algorithm;

apply at least one hash function to the biometric key to generate a hashed biometric key;

apply salt to the hashed biometric key to generate a salted and hashed biometric key;

store the salted and hashed biometric key in one or more storage devices; and

change the applied at least one hash function at a predetermined interval in order to rotate, update, or roll the biometric key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments are generally directed to techniques of generating a unique biometric key, hashing and salting the key, and storing it. Embodiments include techniques to analyze biological information associated with a user and determine one or more biological characteristics from the analyzed information. The biological characteristics may be used to generate a character string unique to the user, which may be used to generate the biometric key based on a cryptographic algorithm. The hash values, salt values, or the hash function may be changed at a predetermined interval.

Citations

18 Claims

1. A system comprising:
- at least a first computing device comprising;
  
  a first memory to store instructions; and
  
  first processing circuitry, coupled with the first memory, operable to execute the instructions, that when executed, cause the first processing circuitry to;
  
  receive biological information corresponding to a user via at least one input device;
  
  perform analysis on the biological information;
  
  determine one or more biological characteristics uniquely associated with the user based on the performed analysis;
  
  generate a character string based at least in part on the one or more biological characteristics, wherein the character string comprises a plurality of alphanumeric characters, the alphanumeric characters being space delimited and character delimited such that the space delimitation and the character delimitation uniquely relates to the user;
  
  provide the character string for generating a biometric key;
  
  at least a second computing device comprising;
  
  a second memory to store instructions; and
  
  second processing circuitry, coupled with the second memory, operable to execute the instructions, that when executed, cause the second processing circuitry to;
  
  access or receive the character string;
  
  generate, using the character string, the biometric key based on a cryptographic algorithm;
  
  apply at least one hash function to the biometric key to generate a hashed biometric key;
  
  apply salt to the hashed biometric key to generate a salted and hashed biometric key;
  
  store the salted and hashed biometric key in one or more storage devices; and
  
  change the applied at least one hash function at a predetermined interval in order to rotate, update, or roll the biometric key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the second processing circuitry is further caused to:
    - (i) change the salt applied to the hashed biometric key at the predetermined interval and/or (ii) change one or more hash values of the at least one hash function at the predetermined interval.
  - 3. The system of claim 1, wherein the biological information comprises one or more of the following:
    - (i) a fingerprint, (ii) a face, (iii) a palm print, (iv) palm veins, (v) a hand geometry, (vi) a voice, (vii) an iris, (viii) a retina, (ix) an eye scan.
  - 4. The system of claim 1, wherein the at least one input device is one or more of the following:
    - (i) a camera, (ii) a microphone, (iii) a fingerprint reader, (iv) a palm print scanner or reader, (v) a palm vein scanner or reader, and (vii) an eye scanner.
  - 5. The system of claim 1, wherein the performed analysis by the first processing circuitry comprises determining one or more biological characteristics unique to the user.
  - 6. The system, of claim 5, wherein the one or more biological characteristics include one or more of the following:
    - (i) a pupillary distance (PD), (ii) a monocular PD, (iii) a distance between, or distances among, an eye, a pupil, an ear, a nose, an upper lip, a lower lip, and/or a chin, (iv) a face width, (v) a face height, (vi) voice frequency, (vii) an arch, loop, and/or whorl of a fingerprint, (viii) a distance between at least two veins of a palm, (ix) a size of an iris, (x) a size of a pupil, and (xi) a distance between at least two veins of a retina.
  - 7. The system of claim 1, wherein the biometric key is a 512-bit key, a 768-bit key, a 1024-bit key, or a 2048-bit key.
  - 8. The system of claim 1, wherein the cryptographic algorithm is one or more of the following:
    - (i) a Triple Data Encryption Standard (DES) algorithm, (ii) a RSA public-key encryption algorithm, (iii) a Blowfish algorithm, (iv) a Twofish algorithm, (v) an Advanced Encryption Standard (AES) algorithm, (vi) a Diffie-Hellman algorithm, (vii) a Cramer-Shoup algorithm, and (viii) a ElGamal encryption algorithm.
  - 9. The system of claim 1, wherein the at least one hash function is a one-way cryptographic hash function.
  - 10. The system of claim 1, wherein the salt is data uniquely associated with the user.

11. A method comprising:
- generating, via at least a first computing device, a character string based at least in part on one or more biological characteristics of a user, wherein the character string comprises a plurality of alphanumeric characters, the alphanumeric characters being space delimited and character delimited such that the space delimitation and the character delimitation uniquely relates to the user;
  
  accessing or receiving, via at least a second computing device, the character string from at least the first computing device;
  
  generating, via at least the second computing device, using the character string, the biometric key based on a cryptographic algorithm;
  
  applying, via at least the second computing device, at least one hash function to the biometric key to generate a hashed biometric key;
  
  applying, via at least the second computing device, salt to the hashed biometric key to generate a salted and hashed biometric key; and
  
  changing, via at least the second computing device, the applied at least one hash function at a predetermined interval in order to rotate, update, or roll the biometric key.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, further comprising:
    - receiving, via at least the first computing device, biological information corresponding to the user via at least one input device;
      
      performing, via at least the first computing device, analysis on the biological information;
      
      determining, via at least the first computing device, the one or more biological characteristics uniquely associated with the user based on the performed analysis; and
      
      providing, via at least the first computing device, the character string for generating a biometric key to at least the second computing device.
  - 13. The method of claim 12, further comprising storing, via at least the second computing device, the salted and hashed biometric key in one or more storage devices.
  - 14. The method of claim 12, wherein the biological information comprises one or more of the following:
    - (i) a fingerprint, (ii) a face, (iii) a palm print, (iv) palm veins, (v) a hand geometry, (vi) a voice, (vii) an iris, (viii) a retina, (ix) an eye scan.

15. A non-transitory computer-readable storage medium storing computer-readable program code executable by a processor to:
- access or receive a character string from at least a first computing device, wherein the character string comprises a plurality of alphanumeric characters and is generated by the first computing device based at least in part on one or more biological characteristics of a user, the alphanumeric characters being space delimited and character delimited such that the space delimitation and the character delimitation uniquely relates to the user;
  
  generate, using the character string, a biometric key based on a cryptographic algorithm;
  
  apply at least one hash function to the biometric key to generate a hashed biometric key;
  
  apply salt to the hashed biometric key to generate a salted and hashed biometric key; and
  
  change the applied at least one hash function at a predetermined interval in order to rotate, update, or roll the biometric key.
- View Dependent Claims (16, 17, 18)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the processor executing the computer-readable program code is included in at least a second computing device separate from at least the first computing device.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the cryptographic algorithm is one or more of the following:
    - (i) a Triple Data Encryption Standard (DES) algorithm, (ii) a RSA public-key encryption algorithm, (iii) a Blowfish algorithm, (iv) a Twofish algorithm, (v) an Advanced Encryption Standard (AES) algorithm, (vi) a Diffie-Hellman algorithm, (vii) a Cramer-Shoup algorithm, and (viii) a ElGamal encryption algorithm.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the at least one hash function is a one-way cryptographic hash function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Fox, Ryan, Hamburg, Keith
Primary Examiner(s)
Potratz, Daniel B

Application Number

US16/183,410
Time in Patent Office

363 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 63/0861   using biometrical features,...

H04L 63/123   received data contents, e.g...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0866   involving user or device id...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3242   involving keyed hash functi...

Rolling biometric key exchange

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Rolling biometric key exchange

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links