Security method and apparatus using biometric data

US 20050005136A1
Filed: 04/21/2004
Published: 01/06/2005
Est. Priority Date: 04/23/2003
Status: Abandoned Application

First Claim

Patent Images

1. A security method, carried out by a trusted authority, comprising reading identity data from a memory device presented by a subject individual, the identity data comprising both biometric data of a specific individual and additional identity data concerning the same specific individual;

using the biometric data read from the memory device as a biometric reference for comparison with biometric characteristics of said subject individual to determine whether the latter is said specific individual; and

generating a decryption key using private data of the trusted authority and at least the additional identity data read from the memory device or matching data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security method and apparatus is provided in which a trusted authority is arranged to read in identity data from a memory device presented by an individual. This identity data comprises both biometric data of a specific individual and additional identity data concerning the same individual. The trusted authority uses the biometric data as a biometric reference for comparison with biometric characteristics of the individual presenting the memory card in order to determine whether the latter is the individual represented by the biometric data. The trusted authority uses the additional identity data or matching data, together with private data of the trusted authority, to generate a decryption key. This decryption key is apt to decrypt data encrypted using both an encryption key string comprising the additional identity data of the specific individual and public data of the trusted authority.

Citations

35 Claims

1. A security method, carried out by a trusted authority, comprising reading identity data from a memory device presented by a subject individual, the identity data comprising both biometric data of a specific individual and additional identity data concerning the same specific individual;
- using the biometric data read from the memory device as a biometric reference for comparison with biometric characteristics of said subject individual to determine whether the latter is said specific individual; and
  
  generating a decryption key using private data of the trusted authority and at least the additional identity data read from the memory device or matching data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method according to claim 1, wherein the decryption key is made available to the subject individual only if the latter is determined by the trusted authority to be said specific individual.
  - 3. A method according to claim 1, wherein the decryption key is used by the trusted authority to decrypt data that has been encrypted using public data of the trusted authority and an encryption key string formed using at least said additional identity data, said public data being data derived by the trusted authority using its private data.
  - 4. A method according to claim 3, wherein the decrypted data is made available to the subject individual if the latter is determined by the trusted authority to be said specific individual.
  - 5. A method according to claim 1, wherein if the subject individual is determined by the trusted authority to be the specific individual, the decryption key is used by the trusted authority to decrypt data that has been encrypted using public data of the trusted authority and an encryption key string formed using at least said additional identity data, said public data being data derived by the trusted authority using its private data.
  - 6. A method according to claim 1, wherein the generation of the decryption key is only carried out if said subject individual is determined to be said specific individual.
  - 7. A method according to claim 1, wherein the subject individual is a human person that has presented him/herself to the trusted authority and purports to be said specific individual.
  - 8. A method according to claim 1, wherein the determination of whether said subject individual is said specific individual is carried out automatically by comparing features represented in the reference biometric data with features in measurement data produced by measurement of the subject individual.
  - 9. A method according to claim 1, wherein the determination of whether said subject individual is said specific individual is carried out by a human.
  - 10. A method according to claim 1, wherein the biometric data comprises image data of the face of the specific individual.
  - 11. A method according to claim 1, wherein said additional identity data is non-biometric data.
  - 12. A method according to claim 1, wherein the generation of the decryption key is effected in accordance with identifier-based cryptography utilising quadratic residuosity.
  - 13. A method according to claim 1, wherein the generation of the decryption key is effected in accordance with identifier-based cryptography utilising Weil or Tate pairings.

14. Apparatus arranged to act as a trusted authority and comprising:
- an input arrangement for reading in from a memory device identity data comprising both biometric data of a specific individual and additional identity data concerning the same specific individual;
  
  a biometric measurement arrangement for measuring biometric characteristics of a subject individual to produce biometric measurement data;
  
  a comparison arrangement for comparing the read-in biometric data of said specific individual with the biometric measurement data of said subject individual to determine whether the latter is said specific individual;
  
  a key-generation arrangement for generating a decryption key based on trusted-authority private data and at least the read-in additional identity data or matching data; and
  
  a control arrangement for ensuring that until the comparison arrangement has determined that the subject individual is said specific individual, either the key-generation arrangement does not generate the decryption key, or the decryption key, and any data decrypted using the decryption key, is not made available for use.

15. A computer program product for conditioning programmable apparatus provided with an input arrangement and a biometric measurement arrangement to act as a trusted authority that is arranged:
- to read in from a memory device presented to said input arrangement, identity data comprising both biometric data of a specific individual and additional identity data concerning the same specific individual;
  
  to generate biometric measurement data by using said biometric measurement arrangement to measure biometric characteristics of a subject individual;
  
  to determine whether the subject individual is said specific individual by comparing the read-in biometric data of said specific individual with the biometric measurement data of said subject individual;
  
  to generate a decryption key based on trusted-authority private data and at least the read-in additional identity data or matching data; and
  
  to ensure that until the apparatus been determined that the subject individual is said specific individual, either the decryption key is not generated, or the decryption key, and any data decrypted using the decryption key, is not made available for use.

16. A data access control method comprising:
- (a) encrypting first data using as encryption parameters both public data of a trusted authority, and an encryption key string formed using at least non-biometric data indicative of a specific individual;
  
  (b) providing identity data to the trusted authority by reading it from a memory device presented by a subject individual, the identity data comprising both the said non-biometric data indicative of said specific individual and biometric data of the same individual, the trusted authority;
  
  using the biometric data read from the memory device as a biometric reference for comparison with biometric characteristics of said subject individual to determine whether the latter is said specific individual, and generating a decryption key using at least the non-biometric data read from the memory device and private data of the trusted authority, said public data being related to this private data;
  
  (c) using the decryption key to decrypt the encrypted first data.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 17. A method according to claim 16, wherein the decryption key is only generated, or only made available for use in step (c), by the trusted authority if the subject individual is determined by the trusted authority to be the specific individual.
  - 18. A method according to claim 16, wherein in step (a) the non-biometric data indicative of said specific individual is retrieved from said memory device.
  - 19. A method according to claim 16, wherein step (a) is carried out by a data provider with said non-biometric data indicative of said specific individual comprising data that is the same as the non-biometric data stored in the memory device as a result of having been either read from that card or provided from a common source.
  - 20. A method according to claim 16, wherein the subject individual is a human person that has presented him/herself to the trusted authority and purports to be said specific individual.
  - 21. A method according to claim 16, wherein in step (b) the determination of whether said subject individual is said specific individual is carried out automatically by comparing features represented in the reference biometric data with features in measurement data produced by measurement of the subject individual.
  - 22. A method according to claims 16, wherein in step (b) the determination of whether said subject individual is said specific individual is carried out by a human.
  - 23. A method according to claims 16, wherein step (c) is carried out by the trusted authority and the decrypted data is made available to the specific individual.
  - 24. A method according to claims 16, wherein the trusted authority provides the decryption key to said specific individual which then carries out step (c).
  - 25. A method according to claims 16, wherein the biometric data of said specific individual comprises image data of the face of that individual.
  - 26. A method according to claim 16, wherein in step (a) the non-biometric data indicative of said specific individual is read from the memory device and the encrypted first data is stored to said device, step (c) being carried by the trusted authority only if the subject individual is determined in step (b) to be said specific individual, and the decrypted first data produced in step (c) being made available to said specific individual.
  - 27. A method according to claim 26, wherein the first data comprises password data.
  - 28. A method according to claims 16, wherein the encryption key string includes a data element known to the entity carrying out step (a) and to the trusted authority, this data element being varied between iterations of steps (a) to (c).
  - 29. A method according to claims 16, wherein the cryptographic processes involving the encryption key string and the decryption key are effected in accordance with identifier-based cryptography utilising quadratic residuosity.
  - 30. A method according to claims 16, wherein the cryptographic processes involving the encryption key string and the decryption key are effected in accordance with identifier-based cryptography utilising Weil or Tate pairings.
  - 31. A method according to claim 16, wherein the memory device is a memory card that is both trustworthy and unforgeable.

32. A data access control system comprising:
- encryption apparatus for encrypting first data based on encryption parameters comprising public data of a trusted authority and an encryption key string formed using at least non-biometric data indicative of a specific individual;
  
  trusted-authority apparatus comprising;
  
  an input arrangement for reading in from a memory device identity data comprising both the said non-biometric data indicative of said specific individual and biometric data of the same individual;
  
  a biometric measurement arrangement for measuring biometric characteristics of a subject individual to produce biometric measurement data;
  
  a comparison arrangement for comparing the read-in biometric data of said specific individual with the biometric measurement data of said subject individual to determine whether the latter is said specific individual;
  
  a key-generation arrangement for generating a decryption key based on trusted-authority private data and at least the read-in non-biometric data; and
  
  a control arrangement for ensuring that until the comparison arrangement has determined that the subject individual is said specific individual, either the key-generation arrangement does not generate the decryption key, or the decryption key, and any data decrypted using the decryption key, is not made available for use. decryption apparatus for using the decryption key to decrypt the encrypted first data.
- View Dependent Claims (33, 34, 35)
- - 33. A system according to claim 32, wherein the decryption apparatus is part of the trusted-authority apparatus.
  - 34. A system according to claim 32, wherein the encryption apparatus comprises an input arrangement for reading the non-biometric data indicative of said specific individual from a memory device.
  - 35. A system according to claim 32, wherein the encryption apparatus comprises an input arrangement for reading the non-biometric data indicative of said specific individual from a memory device presented by said specific individual, and an output arrangement for storing the encrypted first data in the same memory device;
    - the input arrangement of the trusted-authority apparatus being arranged to read in the encrypted first data from the same memory device as said identity data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Harrison, Keith Alexander, Chen, Liqun

Application Number

US10/829,931
Publication Number

US 20050005136A1
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/602   Providing cryptographic fac...

G06F 2221/2115   Third party

G07C 9/257   electronically G07C9/26 tak...

H04L 9/0847   involving identity based en...

H04L 9/3033   details relating to pseudo-...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/321   involving a third party or ...

H04L 9/3231   Biological data, e.g. finge...

Security method and apparatus using biometric data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Security method and apparatus using biometric data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links