System and method for protecting the privacy and security of stored biometric data

US 20060239511A1
Filed: 04/22/2005
Published: 10/26/2006
Est. Priority Date: 04/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method of securely indexing and storing a biometric for subsequent retrieval, the method including the steps of:

a) Enrolling a user by effecting a capture of a specific biometric from that user and associating that biometric with an identity element specific to that user, b) Applying a blinding function to the associated identity element so as to provide a blinded identity element, the blinding function taking the identity element as a data input and providing the blinded identity element as a data output, the blinded identity element revealing no information about the data input, c) Combining the blinded identity element and the biometric as an index pair, d) Storing the index pair as a stored pair, e) Retrieving the biometric from the stored pair by subsequently providing the same identity element, applying the same blinding function to that element so as to recreate the blinded identity element and using the recreated blinded identity element to retrieve the biometric stored with that blinded identity element.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data storage system that protects privacy and ensures security includes a plurality of nodes in a networked architecture, the nodes being adapted to securely communicate and co-operate with one another to allow storage and retrieval of data. A single piece of biometric data is associated only with a blinded identifier and securely divided across one or more nodes, adapted for data storage. The data itself and the link to the original individual, from whom the biometric was acquired, cannot be obtained without the co-operation of two or more nodes.

39 Citations

View as Search Results

21 Claims

1. A method of securely indexing and storing a biometric for subsequent retrieval, the method including the steps of:
- a) Enrolling a user by effecting a capture of a specific biometric from that user and associating that biometric with an identity element specific to that user, b) Applying a blinding function to the associated identity element so as to provide a blinded identity element, the blinding function taking the identity element as a data input and providing the blinded identity element as a data output, the blinded identity element revealing no information about the data input, c) Combining the blinded identity element and the biometric as an index pair, d) Storing the index pair as a stored pair, e) Retrieving the biometric from the stored pair by subsequently providing the same identity element, applying the same blinding function to that element so as to recreate the blinded identity element and using the recreated blinded identity element to retrieve the biometric stored with that blinded identity element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method as claimed in claim 1 wherein the biometric is encrypted prior to storage.
  - 3. The method as claimed in claim 1 wherein a plurality of blinding functions are applied to the identity element, the plurality of functions being applied in a specific iterative order.
  - 4. The method as claimed in claim 3 wherein a recreated blinded identity element is generated by applying the blinding functions to the identity element in the same order as that used to create the blinded identity element.
  - 5. The method as claimed in claim 1 wherein the enrolment of the user is conducted at an enrolment location and the storage of the stored pair is conducted at a storage location, the two locations being remote from one another.
  - 6. The method as claimed in claim 5 wherein the index pair is generated at the enrolment location prior to being forwarded to the storage location for storage as the stored pair.
  - 7. The method as claimed in claim 5 including the step of separately forwarding the blinded identity element and the biometric from the enrolment location to the storage location for subsequent combination and storage.
  - 8. The method as claimed in claim 7 including the steps of:
    - a) generating a transaction identifier at the enrolment location, b) associating the transaction identifier with each of the biometric and blinded identity elements so as to form two combinations, c) forwarding each of the two combinations separately to the storage location, and d) at the storage location matching transaction identifiers from each of two separately received combinations to define the stored pair.
  - 9. The method as claimed in claim 8 further including the step, on formation of the stored pair, of deleting the transaction identifier.
  - 10. The method as claimed in claim 8 including the step of forwarding the combination having the blinded identity element to the storage location via an index governor, the index governor, on receiving a blinded identity element being configured to apply a second blind function to the blinded identity element so as to generate a doubly blinded identity element, the doubly blinded identity element being coupled to the transaction identifier for forwarding to the storage location for association with the biometric and storage as a stored pair.
  - 11. The method as claimed in claim 10 further including the step of sequentially forwarding the combination having the blinded identity element to a plurality of index governors prior to a final transmission of the blinded identity element to the storage location.
  - 12. The method as claimed in claim 1 further including the step of splitting the biometric into two or more data outputs, each of the individual two or more data outputs being stored at separate locations and wherein in order to recreate the biometric it is necessary to subsequently recombine the data outputs.
  - 13. The method as claimed in claim 12 including the step of further splitting a data output from a splitting function.
  - 14. The method as claimed in claim 1 further including the steps of enrolling multiple biometrics for a specific user, collating the multiple enrolled biometrics into a single biometric set, and using a single identity element to index this biometric set.
  - 15. The method as claimed in claim 1 further including the steps of enrolling multiple biometrics for a specific user, and using different identity elements for one or more of the multiple biometrics for indexing purposes.

16. A method of authenticating the veracity of a biometric template previously generated from a biometric image, the method including the steps of:
- a) Enrolling a user by effecting a capture of a specific biometric from that user and associating that biometric with an identity element specific to that user, b) Applying a blinding function to the associated identity element so as to provide a blinded identity element, the blinding function taking the identity element as a data input and providing the blinded identity element as a data output, the blinded identity element revealing no information about the data input, c) Combining the blinded identity element and the biometric as an index pair, d) Storing the index pair as a stored pair, e) Retrieving the biometric from the stored pair by subsequently providing the same identity element, applying the same blinding function to that element so as to recreate the blinded identity element and using the recreated blinded identity element to retrieve the biometric stored with that blinded identity element. f) Using the retrieved biometric to generate an authenticating biometric template, g) Comparing the authenticating biometric template with the biometric template previously generated, and authenticating the veracity if the templates match.

17. A computer implemented biometric storage and authentication architecture, the architecture comprising:
- a) a first module configured to enable a enrolment of a user by effecting a capture of a specific biometric from that user and associating that biometric with an identity element specific to that user, b) a second module configured to effect an application of a blinding function to the associated identity element so as to provide a blinded identity element, the blinding function taking the identity element as a data input and providing the blinded identity element as a data output, the blinded identity element revealing no information about the data input, c) a third module configured to effect a combination of the blinded identity element and the biometric so as to form an index pair, d) a repository configured for storing the index pair as a stored pair, and e) a retrieval module configured to enable a retrieval of the biometric from the stored pair by subsequently providing the same identity element, applying the same blinding function to that element so as to recreate the blinded identity element and using the recreated blinded identity element to retrieve the biometric stored with that blinded identity element.
- View Dependent Claims (18, 20, 21)
- - 18. The architecture as claimed in claim 17 wherein the repository and at least one of the first, second and third modules are provided on distinct nodes within a networked computer architecture. The architecture as claimed in claim 17 further including a data splitting module, the data splitting module being configured to enable a splitting of at least one of the identity element or biometric into two or more constituent parts.
  - 20. The architecture as claimed in claim 17 wherein the second module is configured to apply multiple blinding functions in an iterative process, the resultant blinded identity element having been blinded through a plurality of steps.
  - 21. The architecture as claimed in claim 17 further including an encryption module, the encryption module being configured to encrypt one or more of the elements of the stored pair.

19. The architecture as claimed in claim 19 wherein the splitting module provides for a storage of each of the two or more constituent parts on separate nodes of the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Corporation DAON Technology
Original Assignee
Daon Holdings Limited
Inventors
White, Conor, Peirce, Michael

Granted Patent

US 7,522,751 B2
Time in Patent Office

Days
Field of Search
US Class Current

382/115
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/6254   by anonymising data, e.g. d...

H04L 2209/04   Masking or blinding

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3231   Biological data, e.g. finge...

System and method for protecting the privacy and security of stored biometric data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting the privacy and security of stored biometric data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links