SYSTEM, METHOD AND PROGRAM PRODUCT FOR COMMUNICATING A PRIVACY POLICY ASSOCIATED WITH A BIOMETRIC REFERENCE TEMPLATE

US 20100205452A1
Filed: 02/12/2009
Published: 08/12/2010
Est. Priority Date: 02/12/2009
Status: Active Grant

First Claim

Patent Images

1. A method for communicating a privacy policy associated with a biometric reference template, said method comprising the steps of:

assigning in a first attribute a first identifier for uniquely identifying a biometric reference template created for a type of biometric data collected;

defining in a second attribute a second identifier for uniquely identifying a privacy policy that indicates a level of protection to be provided by a relying party requesting access to said biometric reference template, said second identifier including an accept-reject provision for said privacy policy for controlling said proper use and handling of said biometric data;

cryptographically binding said biometric reference template to said privacy policy; and

transmitting, responsive to a request received from said relying party, said second identifier along with an accept-reject provision for said privacy policy associated with said biometric reference template for controlling said proper use and handling of said biometric data, wherein based on a response received from said relying party to said accept-reject provision for said privacy policy, said biometric reference template is either transmitted or not transmitted to said relying party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and program product for communicating a privacy policy associated with a reference template. The method includes assigning a first identifier for identifying a reference template created from biometric data collected, defining a second identifier for identifying a privacy policy that indicates a level of protection to be provided by a relying party requesting access to the reference template, the second identifier including an accept-reject provision for controlling the proper use and handling of the biometric data, cryptographically binding the reference template to the privacy policy and transmitting, responsive to a request received from the relying party, the accept-reject provision for the reference template, where based on a response received from the relying party to the accept-reject provision for the privacy policy, the reference template is either transmitted or not transmitted to the relying party.

Citations

25 Claims

1. A method for communicating a privacy policy associated with a biometric reference template, said method comprising the steps of:
- assigning in a first attribute a first identifier for uniquely identifying a biometric reference template created for a type of biometric data collected;
  
  defining in a second attribute a second identifier for uniquely identifying a privacy policy that indicates a level of protection to be provided by a relying party requesting access to said biometric reference template, said second identifier including an accept-reject provision for said privacy policy for controlling said proper use and handling of said biometric data;
  
  cryptographically binding said biometric reference template to said privacy policy; and
  
  transmitting, responsive to a request received from said relying party, said second identifier along with an accept-reject provision for said privacy policy associated with said biometric reference template for controlling said proper use and handling of said biometric data, wherein based on a response received from said relying party to said accept-reject provision for said privacy policy, said biometric reference template is either transmitted or not transmitted to said relying party.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, further comprising the steps of:
    - collecting said biometric data; and
      
      creating said biometric reference template from said biometric data collected.
  - 3. A method according to claim 2, wherein said cryptographically binding step further comprises the step of:
    - forming an association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, each of said first identifier and said second identifier being coupled to said biometric reference template, and wherein said association comprises at least one of;
      
      an external and distinct association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, an appended association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, and an inclusive association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template.
  - 4. A method according to claim 3, wherein said transmitting step further comprises the step of:
    - first ascertaining whether said relying party has accepted said accept-reject provision for said privacy policy referenced by said second identifier before transmitting to said relying party said biometric reference template.
  - 5. A method according to claim 4, wherein said transmitting step further comprises the step of:
    - responsive to a determination that said relying party has not accepted said accept-reject provision for said privacy policy referenced by said second identifier, not transmitting said biometric reference template.
  - 6. A method according to claim 5, wherein each of said first identifier and said second identifier comprises at least one of:
    - an information object identifier (OID), a universally unique identifier (UUID), a uniform resource identifier (URI), a cryptographic hash of said privacy policy and a digital signature associated with said privacy policy.
  - 7. A method according to claim 6, wherein said second identifier is cryptographically bound to said biometric reference template comprising at least one of:
    - a hash, a digital signature, a message authentication code (MAC) and encryption.

8. A computer system for associating a biometric reference template with a privacy policy, said computer system comprising:
- first program instructions to assign in a first attribute a first identifier for uniquely identifying a biometric reference template created for a type of biometric data collected;
  
  second program instructions to define in a second attribute a second identifier for uniquely identifying a privacy policy that indicates a level of protection to be provided by a relying party requesting access to said biometric reference template, said second identifier including an accept-reject provision for said privacy policy for controlling dissemination and usage of said biometric data collected;
  
  third program instructions to cryptographically bind said biometric reference template to said privacy policy; and
  
  fourth program instructions to transmit, responsive to a request received from said relying party, said second identifier along with an accept-reject provision for said privacy policy associated with said biometric reference template for controlling said proper use and handling of said biometric data, wherein based on a response received from said relying party to said accept-reject provision for said privacy policy, said biometric reference template is either transmitted or not transmitted to said relying party;
  
  a computer readable storage medium, said computer readable storage medium storing each of said first, second, third and fourth program instructions; and
  
  a central processing unit for executing each of said first, second, third and fourth program instructions.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer system according to claim 8, wherein said first program instructions include instructions to collect said biometric data and to create said biometric reference template from said biometric data collected.
  - 10. The computer system according to claim 9, wherein said third program instructions include instructions to form an association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, each of said first identifier and said second identifier being coupled to said biometric reference template.
  - 11. The computer system according to claim 10, wherein said association comprises at least one of:
    - an external and distinct association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, an appended association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, and an inclusive association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template.
  - 12. The computer system according to claim 11, wherein said fourth program instructions include instructions to first ascertain whether said relying party has accepted said accept-reject provision for said privacy policy referenced by said second identifier before transmitting to said relying party said biometric reference template.
  - 13. The computer system according to claim 12, wherein responsive to a determination that said relying party has not accepted said accept-reject provision for said privacy policy referenced by said second identifier, not transmitting said biometric reference template.
  - 14. The computer system according to claim 13, wherein each of said first identifier and said second identifier comprises at least one of:
    - an information object identifier (OID), a universally unique identifier (UUID), a uniform resource identifier (URI), a cryptographic hash of said privacy policy and a digital signature associated with said privacy policy; and
      
      wherein said second identifier is cryptographically bound to said biometric reference template comprising at least one of;
      
      a hash, a digital signature, a message authentication code (MAC) and encryption.

15. A computer program product for controlling dissemination and use of biometric data, said computer program product comprising:
- a computer readable storage medium;
  
  first program instructions to assign in a first attribute a first identifier for uniquely identifying a biometric reference template created for a type of biometric data collected;
  
  second program instructions to define in a second attribute a second identifier for uniquely identifying a privacy policy that indicates a level of protection to be provided by a relying party requesting access to said biometric reference template, said second identifier including an accept-reject provision for said privacy policy for controlling dissemination and usage of said biometric data collected;
  
  third program instructions to cryptographically bind said biometric reference template to said privacy policy; and
  
  fourth program instructions to transmit, responsive to a request received from said relying party, said second identifier along with an accept-reject provision for said privacy policy associated with said biometric reference template for controlling said proper use and handling of said biometric data, wherein based on a response received from said relying party to said accept-reject provision for said privacy policy, said biometric reference template is either transmitted or not transmitted to said relying party, and wherein said first, second, third and fourth program instructions are recorded on said computer readable storage medium.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product according to claim 15, wherein said first program instructions include instructions to collect said biometric data and to create said biometric reference template from said biometric data collected.
  - 17. The computer program product according to claim 16, wherein said third program instructions include instructions to form an association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, each of said first identifier and said second identifier being coupled to said biometric reference template.
  - 18. The computer program product according to claim 17, wherein said association comprises at least one of:
    - an external and distinct association between said second identifier and said biometric reference template, an appended association between said second identifier and said biometric reference template, and an inclusive association between said second identifier and said biometric reference template.
  - 19. The computer program product according to claim 18, wherein said fourth program instructions include instructions to first ascertain whether said relying party has accepted said accept-reject provision for said privacy policy referenced by said second identifier before transmitting to said relying party said biometric reference template, and wherein responsive to a determination that said relying party has not accepted said accept-reject provision for said privacy policy referenced by said second identifier, not transmitting said biometric reference template.
  - 20. The computer program product according to claim 19, wherein said second identifier comprises at least one of:
    - an information object identifier (OID), a universally unique identifier (UUID), a uniform resource identifier (URI), a cryptographic hash of said privacy policy and a digital signature associated with said privacy policy.

21. A process for deploying computing infrastructure comprising integrating computer-readable code into a computing system, wherein said code in combination with said computing system is capable of performing a process for controlling dissemination and use of biometric data, said process comprising:
- collecting said biometric data;
  
  creating said biometric reference template from said biometric data collected;
  
  assigning in a first attribute a first identifier for uniquely identifying said biometric reference template created for a type of biometric data collected;
  
  defining in a second attribute a second identifier for uniquely identifying a privacy policy that indicates a level of protection to be provided by a relying party accessing biometric data in said biometric reference template, said second identifier including an accept-reject provision for said privacy policy for controlling proper use and handling of said biometric data;
  
  cryptographically bind said biometric reference template to said privacy policy; and
  
  transmitting, responsive to a request received from said relying party, said second identifier along with an accept-reject provision for said privacy policy associated with said biometric reference template for controlling said proper use and handling of said biometric data, wherein based on a response received from said relying party to said accept-reject provision for said privacy policy, said biometric reference template is either transmitted or not transmitted to said relying party.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The process according to claim 21, wherein said cryptographically binding step further comprises the step of:
    - forming an association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, each of said first identifier and said second identifier being coupled to said biometric reference template, and wherein said association comprises at least one of;
      
      an external and distinct association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, an appended association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template, and an inclusive association between said second identifier identifying said privacy policy and said first identifier identifying said biometric reference template.
  - 23. The process according to claim 22, wherein said transmitting step further comprises the steps of:
    - first ascertaining whether said relying party has accepted said accept-reject provision for said privacy policy referenced by said second identifier before transmitting to said relying party said biometric reference template; and
      
      responsive to a determination that said relying party has not accepted said accept-reject provision for said privacy policy referenced by said second identifier, not transmitting said biometric reference template.
  - 24. The process according to claim 23, wherein each of said first identifier and said second identifier comprises at least one of:
    - an information object identifier (OID), a universally unique identifier (UUID), a uniform resource identifier (URI), a cryptographic hash of said privacy policy and a digital signature associated with said privacy policy.
  - 25. The process according to claim 24, wherein said second identifier is cryptographically bound to said biometric reference template comprising at least one of:
    - a hash, a digital signature, a message authentication code (MAC) and encryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Griffin, Phillip H.

Granted Patent

US 8,301,902 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

H04L 2209/805 Lightweight hardware, e.g. ...

H04L 9/3231 Biological data, e.g. finge...

SYSTEM, METHOD AND PROGRAM PRODUCT FOR COMMUNICATING A PRIVACY POLICY ASSOCIATED WITH A BIOMETRIC REFERENCE TEMPLATE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM, METHOD AND PROGRAM PRODUCT FOR COMMUNICATING A PRIVACY POLICY ASSOCIATED WITH A BIOMETRIC REFERENCE TEMPLATE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links