SYSTEM, METHOD AND PROGRAM PRODUCT FOR CHECKING REVOCATION STATUS OF A BIOMETRIC REFERENCE TEMPLATE
First Claim
1. A method for checking revocation status of a biometric reference template, said method comprising the steps of:
- creating a reference template revocation object for a biometric reference template generated for an individual, said reference template revocation object containing a first set of plaintext data providing a location for checking revocation status of said biometric reference template and containing ciphertext data corresponding to a second set of plaintext data identifying said unique biometric reference template identifier and a hash of said biometric reference template;
providing said reference template revocation object created to a relying party requesting revocation status of said biometric reference template; and
sending a request to an issuer of said biometric reference template for checking said revocation status of said biometric reference template, without revealing identity of said individual.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method and program product for checking the revocation status of a biometric reference template. The method includes creating a revocation object for a reference template generated for an individual, where the revocation object contains first plaintext data providing a location for checking revocation status of the reference template and containing ciphertext data identifying the unique reference template identifier and a hash of the reference template. The method further includes providing the revocation object to a relying party requesting revocation status and sending a request to an issuer of the reference template for checking the revocation status of the reference template, without revealing identity of the individual. The method further includes returning results of the revocation status check to the relying party. In an embodiment, a random value is added to the ciphertext data for preserving privacy of the reference template holder.
-
Citations
25 Claims
-
1. A method for checking revocation status of a biometric reference template, said method comprising the steps of:
-
creating a reference template revocation object for a biometric reference template generated for an individual, said reference template revocation object containing a first set of plaintext data providing a location for checking revocation status of said biometric reference template and containing ciphertext data corresponding to a second set of plaintext data identifying said unique biometric reference template identifier and a hash of said biometric reference template; providing said reference template revocation object created to a relying party requesting revocation status of said biometric reference template; and sending a request to an issuer of said biometric reference template for checking said revocation status of said biometric reference template, without revealing identity of said individual. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for checking revocation status of a biometric reference template comprising:
-
a central processing unit; a biometric application for creating a biometric reference template having a unique biometric reference template identifier that uniquely identifies a biometric sample collected from an individual; a revocation status tool for creating a reference template revocation object associated with said biometric reference template for checking revocation status of said biometric reference template without revealing said unique biometric reference template identifier, said reference template revocation object containing a first set of plaintext data providing a location for checking said revocation status of said biometric reference template and containing ciphertext data containing a second set of plaintext data identifying said unique biometric reference template identifier and a hash of said biometric reference template; an authentication tool for enciphering, using a cryptographic key in sole possession of an issuer of said biometric reference template, said second set of plaintext data contained in said reference template revocation object to form said ciphertext data identifying said unique biometric reference template and said hash of said biometric reference template, and for deciphering said ciphertext data for checking revocation status of said biometric reference template without revealing identity of said individual; and a reader device for reading said revocation status of said biometric reference template and for communicating said revocation status read for said biometric reference template to a relying party. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for checking revocation status of a biometric reference template, said computer program product comprising:
-
a computer readable storage medium; first program instructions to create a reference template revocation object for a biometric reference template generated for an individual, said reference template revocation object containing a first set of plaintext data providing a location for checking revocation status of said biometric reference template and containing ciphertext data corresponding to a second set of plaintext data identifying said unique biometric reference template identifier and a hash of said biometric reference template; second program instructions to inject said reference template revocation object created into a security token device; third program instructions to access said location for checking revocation status of said biometric reference template without revealing said unique biometric reference template identifier assigned to said biometric reference template generated for said individual, wherein said ciphertext data may only be recovered by an issuer of said biometric reference template in possession of a cryptographic key; and a central processing unit for executing each of said first, second and third program instructions, wherein said first, second and third program instructions are recorded on said computer readable storage medium. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A process for deploying computing infrastructure comprising integrating computer-readable code into a computing system, wherein said code in combination with said computing system is capable of performing a process for checking revocation status of a biometric reference template, said process comprising:
-
generating a biometric reference template having a unique biometric reference template identifier assigned thereto that uniquely identifies biometric data processed from a sample collected for an individual; creating a reference template revocation object for a biometric reference template generated for an individual, said reference template revocation object containing a first set of plaintext data providing a location for checking revocation status of said biometric reference template and containing ciphertext data corresponding to a second set of plaintext data identifying said unique biometric reference template identifier and a hash of said biometric reference template; providing said reference template revocation object created to a relying party requesting revocation status of said biometric reference template; and sending a request to an issuer of said biometric reference template for checking said revocation status of said biometric reference template, without revealing identity of said individual. - View Dependent Claims (22, 23, 24, 25)
-
Specification