Security method and apparatus using biometric data
First Claim
1. A security method, carried out by a trusted authority, comprising reading identity data from a memory device presented by a subject individual, the identity data comprising both biometric data of a specific individual and additional identity data concerning the same specific individual;
- using the biometric data read from the memory device as a biometric reference for comparison with biometric characteristics of said subject individual to determine whether the latter is said specific individual; and
generating a decryption key using private data of the trusted authority and at least the additional identity data read from the memory device or matching data.
1 Assignment
0 Petitions
Accused Products
Abstract
A security method and apparatus is provided in which a trusted authority is arranged to read in identity data from a memory device presented by an individual. This identity data comprises both biometric data of a specific individual and additional identity data concerning the same individual. The trusted authority uses the biometric data as a biometric reference for comparison with biometric characteristics of the individual presenting the memory card in order to determine whether the latter is the individual represented by the biometric data. The trusted authority uses the additional identity data or matching data, together with private data of the trusted authority, to generate a decryption key. This decryption key is apt to decrypt data encrypted using both an encryption key string comprising the additional identity data of the specific individual and public data of the trusted authority.
-
Citations
35 Claims
-
1. A security method, carried out by a trusted authority, comprising
reading identity data from a memory device presented by a subject individual, the identity data comprising both biometric data of a specific individual and additional identity data concerning the same specific individual; -
using the biometric data read from the memory device as a biometric reference for comparison with biometric characteristics of said subject individual to determine whether the latter is said specific individual; and
generating a decryption key using private data of the trusted authority and at least the additional identity data read from the memory device or matching data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. Apparatus arranged to act as a trusted authority and comprising:
-
an input arrangement for reading in from a memory device identity data comprising both biometric data of a specific individual and additional identity data concerning the same specific individual;
a biometric measurement arrangement for measuring biometric characteristics of a subject individual to produce biometric measurement data;
a comparison arrangement for comparing the read-in biometric data of said specific individual with the biometric measurement data of said subject individual to determine whether the latter is said specific individual;
a key-generation arrangement for generating a decryption key based on trusted-authority private data and at least the read-in additional identity data or matching data; and
a control arrangement for ensuring that until the comparison arrangement has determined that the subject individual is said specific individual, either the key-generation arrangement does not generate the decryption key, or the decryption key, and any data decrypted using the decryption key, is not made available for use.
-
-
15. A computer program product for conditioning programmable apparatus provided with an input arrangement and a biometric measurement arrangement to act as a trusted authority that is arranged:
-
to read in from a memory device presented to said input arrangement, identity data comprising both biometric data of a specific individual and additional identity data concerning the same specific individual;
to generate biometric measurement data by using said biometric measurement arrangement to measure biometric characteristics of a subject individual;
to determine whether the subject individual is said specific individual by comparing the read-in biometric data of said specific individual with the biometric measurement data of said subject individual;
to generate a decryption key based on trusted-authority private data and at least the read-in additional identity data or matching data; and
to ensure that until the apparatus been determined that the subject individual is said specific individual, either the decryption key is not generated, or the decryption key, and any data decrypted using the decryption key, is not made available for use.
-
-
16. A data access control method comprising:
-
(a) encrypting first data using as encryption parameters both public data of a trusted authority, and an encryption key string formed using at least non-biometric data indicative of a specific individual;
(b) providing identity data to the trusted authority by reading it from a memory device presented by a subject individual, the identity data comprising both the said non-biometric data indicative of said specific individual and biometric data of the same individual, the trusted authority;
using the biometric data read from the memory device as a biometric reference for comparison with biometric characteristics of said subject individual to determine whether the latter is said specific individual, and generating a decryption key using at least the non-biometric data read from the memory device and private data of the trusted authority, said public data being related to this private data;
(c) using the decryption key to decrypt the encrypted first data. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A data access control system comprising:
-
encryption apparatus for encrypting first data based on encryption parameters comprising public data of a trusted authority and an encryption key string formed using at least non-biometric data indicative of a specific individual;
trusted-authority apparatus comprising;
an input arrangement for reading in from a memory device identity data comprising both the said non-biometric data indicative of said specific individual and biometric data of the same individual;
a biometric measurement arrangement for measuring biometric characteristics of a subject individual to produce biometric measurement data;
a comparison arrangement for comparing the read-in biometric data of said specific individual with the biometric measurement data of said subject individual to determine whether the latter is said specific individual;
a key-generation arrangement for generating a decryption key based on trusted-authority private data and at least the read-in non-biometric data; and
a control arrangement for ensuring that until the comparison arrangement has determined that the subject individual is said specific individual, either the key-generation arrangement does not generate the decryption key, or the decryption key, and any data decrypted using the decryption key, is not made available for use. decryption apparatus for using the decryption key to decrypt the encrypted first data. - View Dependent Claims (33, 34, 35)
-
Specification