Secure method and system for biometric verification

US 20050138392A1
Filed: 12/24/2003
Published: 06/23/2005
Est. Priority Date: 06/28/2001
Status: Active Grant

First Claim

Patent Images

1. A method of biometric verification comprising the steps of:

establishing parameters of a software application;

generating a biometric template from a set of user'"'"'s initialization biometric data;

generating an access software application based on said software application parameters and said biometric template; and

securing said access software application using tamper-resistant software techniques;

thereby allowing said access software application to be stored locally, yet be secure.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is a need in the computer software and data industries to protect content from unauthorized access to private information. Alphanumeric passwords have been shown to offer very weak protection. Biometrics (personal traits such as fingerprints and hand-written signatures) offer superior protection, but still have a number of weaknesses. The most significant weakness is that there is no existing way to protect the stored biometric data itself; and once a person'"'"'s fingerprint data has been obtained by an attacker, the use of that fingerprint can no longer be considered secure. The invention solves the problem by securing the access software application that manages the biometric data using tamper-resistant encoding techniques. These tamper-resistant encoding techniques include: data-flow, control-flow, mass-data and white-box encoding.

68 Citations

View as Search Results

30 Claims

1. A method of biometric verification comprising the steps of:
- establishing parameters of a software application;
  
  generating a biometric template from a set of user'"'"'s initialization biometric data;
  
  generating an access software application based on said software application parameters and said biometric template; and
  
  securing said access software application using tamper-resistant software techniques;
  
  thereby allowing said access software application to be stored locally, yet be secure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1 wherein said step of generating a biometric template comprises the steps of:
    - querying a user to input multiple initialization copies of a biometric feature;
      
      reading said multiple initialization copies; and
      
      calculating a biometric template based on said multiple initialization copies.
  - 3. The method of claim 2 wherein said step of calculating comprises the step of:
    - calculating a biometric template using pattern recognition techniques.
  - 4. The method of claim 1 wherein said step of securing comprises the step of:
    - storing said biometric template in a format different than that required at the input to said access software application.
  - 5. The method of claim 1, wherein said access software application is operable to perform the steps of:
    - challenging said user to input an access copy of said biometric feature;
      
      comparing said input access copy of said biometric feature to said biometric template, and responding to said input access copy being a match by performing the steps of;
      
      generating a secure password from said biometric template; and
      
      updating said biometric template;
      
      otherwise, generating an incorrect password.
  - 6. The method of claim 5, wherein said step of generating a secure password comprises the step of generating a high-quality cryptographic key.
  - 7. The method of claim 5, wherein said step of generating a secure password comprises the step of generating the private key of a public/private key pair.
  - 8. The method of claim 5 wherein said access software application is operable to generate different secure passwords corresponding to different verification thresholds.
  - 9. The method of claim 1 wherein said step of securing comprises the step of:
    - encoding said access software application using data flow encoding.
  - 10. The method of claim 5 wherein said step of securing said access software application comprises the step of:
    - obscuring the data in said biometric template.
  - 12. The method of claim 5, wherein said step of procuring comprises the step of:
    - encoding the data flow in said access software application into a domain which does not have a corresponding semantic structure, to increase the tamper-resistance and obscurity of said access software application.
  - 13. The method of claim 1 wherein said step of securing comprises the step of:
    - encoding said access software application using control flow encoding.
  - 14. The method of claim 5 wherein said step of securing said access software application comprises the step of:
    - obscuring said step of comparing in said access software application.
  - 16. The method of claim 5 wherein said step of securing comprises the steps of:
    - dispersing subsequences of instructions within said access software application into a plurality of locations;
      
      merging multiple dispersed subsequences into single blocks of code; and
      
      selecting said subsequences of instructions from merged blocks of code for either functionally effective or decoy execution, as needed, to separate the observable operation of resulting code from the intent of the original software during execution.
  - 17. The method of claim 5 wherein said step of securing comprises the step of:
    - adding fake-robust control transfers to said access software application, to increase the tamper-resistance of said access software application.
  - 18. The method of claim 1 wherein said step of securing comprises the step of:
    - encoding said access software application using mass data encoding.
  - 19. The method of claim 5 wherein said step of securing comprises the step of:
    - encoding said biometric template, using mass-data encoding techniques.
  - 20. The method of claim 5 wherein said step of securing comprises the step of:
    - responding to a request to store a data value at a virtual address by;
      
      mapping said virtual address onto a randomly selected actual address; and
      
      storing said data value in a memory location indexed by said actual address.
  - 21. The method of claim 1 wherein said step of securing comprises the step of:
    - encoding said access software application using white box encoding.
  - 22. The method of claim 5 wherein said step of securing comprises the steps of:
    - representing at least one algorithmic step or component as a table; and
      
      encoding said table as a nonlinear bijection.
  - 23. The method of claim 5 wherein said step of securing comprises the steps of:
    - identifying functions and transforms substantive to the targeted software program;
      
      generating new functions and transforms which alter the processing activity visible to the attacker; and
      
      replacing those identified functions and transforms with the new functions and transforms in the software program.
  - 24. The method of claim 1, in which the level of obscurity is sufficient to make attacks on stored biometric and template prohibitively expensive for attackers.
  - 25. The method of claim 1, in which said step of securing is performed after said step of establishing parameters of a software application, and said step of securing comprises the step of:
    - securing said access software application by applying tamper-resistant software techniques to said parameters.

11. (canceled)

15. (canceled)

26. An electronic device operable for biometric verification comprising:
- means for establishing parameters of a software application;
  
  means for generating a biometric template from a set of user'"'"'s initialization biometric data;
  
  means for generating an access software application based on said software application parameters and said biometric template; and
  
  means for securing said access software application using tamper-resistant software techniques.

27. (canceled)

28. (canceled)

29. (canceled)

30. A computer readable memory medium for storing software code executable to perform the method steps of:
- establishing parameters of a software application;
  
  generating a biometric template from a set of user'"'"'s initialization biometric data;
  
  generating an access software application based on said software application parameters and said biometric template; and
  
  securing said access software application using tamper-resistant software techniques;
  
  thereby allowing said access software application to be stored locally, yet be secure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Irdeto B.V. (MultiChoice Group Ltd.)
Original Assignee
Irdeto Canada Corporation (MultiChoice Group Ltd.)
Inventors
Main, Alec, Johnson, Harold J.

Granted Patent

US 7,797,549 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/14   against software analysis o...

G06F 21/32   using biometric data, e.g. ...

G06F 21/552   involving long-term monitor...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2107   File encryption

H04L 2209/043   of tables, e.g. lookup, sub...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/002   Countermeasures against att...

H04L 9/3231   Biological data, e.g. finge...

Secure method and system for biometric verification

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Secure method and system for biometric verification

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links