DYNAMIC SEED AND KEY GENERATION FROM BIOMETRIC INDICIA

US 20110264919A1
Filed: 02/16/2011
Published: 10/27/2011
Est. Priority Date: 02/17/2010
Status: Active Grant

First Claim

Patent Images

1. A system for seed generation comprising:

a storage device associated with a storage medium for interfacing with a computer; and

a computer-readable medium integrated in or accessible by the storage device, the computer-readable medium having a plurality of modules comprising a plurality of code segments stored thereon, includingan enrollment module includinga code segment executable by the computer for receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, the storage device, such that the stored biometric template is an enrolled biometric template, anda code segment executable by the computer for assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template,a seed generation module includinga code segment executable by the computer for encrypting an item of test data using, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed,a code segment executable by the computer for storing the encrypted item of test data on, or in a location accessible by, the storage device, anda code segment executable by the computer for destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device,a live capture module including a code segment executable by the computer for receiving information indicative of a live biometric template for use in regenerating the encryption seed, anda seed regeneration module includinga code segment executable by the computer for comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user,wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template, anda code segment executable by the computer for iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data,wherein upon testing a particular value within the interval and determining that the particular value is operable to decrypt the encrypted item of test data, the encryption seed is regenerated and the iterative testing is ceased.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, a method, and a computer program for generating a seed and/or a key from live biometric indicia, such that all the information necessary for generating the seed and/or the key is not stored on a storage medium. The method comprises receiving a biometric template from a user and enrolling the template; assigning an optimization value to the enrolled biometric template; encrypting an item of test data using the optimization value, such that the optimization value is an encryption seed; storing the encrypted item of test data on the storage medium; destroying the encryption seed after encrypting the item of test data; receiving a live biometric template; comparing the templates and determining an interval based on a probability that the templates are specific to the same user; iteratively testing values within the interval to identify the value in the interval for decrypting the encrypted item of test data, wherein the value used to decrypt the item of test data is the encryption seed; and generating the key using the seed.

Citations

20 Claims

1. A system for seed generation comprising:
- a storage device associated with a storage medium for interfacing with a computer; and
  
  a computer-readable medium integrated in or accessible by the storage device, the computer-readable medium having a plurality of modules comprising a plurality of code segments stored thereon, includingan enrollment module includinga code segment executable by the computer for receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, the storage device, such that the stored biometric template is an enrolled biometric template, anda code segment executable by the computer for assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template,a seed generation module includinga code segment executable by the computer for encrypting an item of test data using, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed,a code segment executable by the computer for storing the encrypted item of test data on, or in a location accessible by, the storage device, anda code segment executable by the computer for destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device,a live capture module including a code segment executable by the computer for receiving information indicative of a live biometric template for use in regenerating the encryption seed, anda seed regeneration module includinga code segment executable by the computer for comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user,wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template, anda code segment executable by the computer for iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data,wherein upon testing a particular value within the interval and determining that the particular value is operable to decrypt the encrypted item of test data, the encryption seed is regenerated and the iterative testing is ceased.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, further including a key generation module for encrypting or decrypting one or more files stored on a secure repository associated with the storage device or for providing access to the secure repository, said key generation module includinga first code segment executable by the computer for observing and modifying a structure and a behavior of the first code segment at runtime to generate a second code segment, andgenerating a key using the second code segment executable by the computer,wherein said code segment uses the seed to generate the key,wherein said key is operable to encrypt or decrypt one or more files stored on the secure repository or to provide access to the secure repository, andwherein said first code segment is a reflective code segment.
  - 3. The system of claim 2, wherein neither the encryption seed nor the key is stored on, or otherwise made accessible by, the storage device or is transmitted to a third-party storage device, such that encryption or decryption of the files on the storage device or access to the secure repository cannot be obtained without receipt of the live biometric template.
  - 4. The system of claim 3, further including a code segment stored on the computer-readable medium and executable by the computer for supplying the key to a HOTP authentication system for obtaining a one-time password.
  - 5. The system of claim 2, wherein said code segment for receiving information indicative of the enrolled biometric template further comprisesa code segment executable by the computer for receiving information indicative of at least one biometric identifier specific to a user and for determining biometric indicia associated with the biometric identifier;
    - a code segment executable by the computer for assigning the optimization value to the biometric indicia prior to creation of the enrolled biometric template, such that the enrolled biometric template does not provide information from which the optimization value can be determined without receipt of the live biometric template.
  - 6. The system of claim 1, wherein the probability that the enrolled biometric template and the live biometric template are specific to the same user is inversely proportional to a size of a range of the interval, such that the higher the probability, the smaller the range and the fewer values within the range.
  - 7. The system of claim 1, wherein the code segment for testing at least one of the values in the interval to determine if one of the values is the encryption seed operable to decrypt the item of encrypted test data further includesa code segment executable by the computer for storing the item of test data in an unencrypted form on the storage device or otherwise making accessible by the device, anda code segment executable by the computer for comparing the decrypted item of test data with the item of test data stored in an unencrypted form to determine if the items of test data are substantially similar,wherein such comparison is performed subsequent to determining that the particular value is operable to decrypt the encrypted item of test data.
  - 8. The system of claim 1, further includinga code segment executable by the computer for applying a filter to the values within the interval so as to reduce noise within the interval, such that after application of the filter, the interval is a filtered interval,wherein said code segment is executed subsequent to determining the interval but prior to iteratively testing the values within the interval,wherein subsequent to applying the filter, the value indicative of or the same as the destroyed encryption seed remains in the filtered interval.

9. A non-transitory computer-readable storage medium encoded with code segments for generating a seed and a key for accessing a storage device interfaced with a computer, the computer-readable medium comprising:
- an enrollment module includinga code segment executable by the computer for receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, the storage device, such that the stored biometric template is an enrolled biometric template, anda code segment executable by the computer for assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template,a seed generation module includinga code segment executable by the computer for encrypting an item of test data using, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed,a code segment executable by the computer for storing the encrypted item of test data on, or in a location accessible by, the storage device, anda code segment executable by the computer for destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device,a live capture module including a code segment executable by the computer for receiving information indicative of a live biometric template for use in regenerating the encryption seed,a seed regeneration module includinga code segment executable by the computer for comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user,wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template, anda code segment executable by the computer for iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data,wherein upon testing a particular value within the interval and determining that the particular value is operable to decrypt the encrypted item of test data, the encryption seed is regenerated and the iterative testing is ceased, anda key generation module for generating the key, wherein said key is operable to encrypt or decrypt one or more files stored on a secure repository associated with the storage device or provide access to the secure repository, said key generation module includinga code segment executable by the computer for using the seed to generate the key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable medium of claim 9, wherein the key generation module includesa first code segment executable by the computer for observing and modifing a structure and a behavior of the first code segment at runtime to generate a second code segment, andgenerating the key using the second code segment executable by the computer,wherein the second code segment uses the seed to generate the key, andwherein said first code segment is a reflective code segment.
  - 11. The computer-readable medium of claim 10, wherein encryption or decryption of the files on the storage device or access to the secure repository cannot be obtained without receipt of the live biometric template.
  - 12. The computer-readable medium of claim 11, wherein neither the encryption seed nor the key is stored on, or otherwise made accessible by, the storage device or is transmitted to a third-party storage device.
  - 13. The computer-readable medium of claim 10, wherein said code segment for receiving information indicative of the enrolled biometric template further comprisesa code segment executable by the computer for receiving information indicative of at least one biometric identifier specific to a user and for determining biometric indicia associated with the biometric identifier;
    - anda code segment executable by the computer for assigning the optimization value to the biometric indicia prior to creation of the enrolled biometric template, such that the enrolled biometric template does not provide information from which the optimization value can be determined without receipt of the live biometric template.
  - 14. The computer-readable medium of claim 9, wherein the probability that the enrolled biometric template and the live biometric templates are specific to the same user is inversely proportional to a size of a range of the interval, such that the higher the probability, the smaller the range and the fewer values within the range.
  - 15. The computer-readable medium of claim 9, wherein the code segment for testing at least one of the values remaining in the interval to determine if one of the values is the encryption seed operable to decrypt the item of encrypted test data further includesa code segment executable by the computer for comparing the decrypted item of test data with the stored item of test data to determine if the items of test data are substantially similar,wherein such comparison is performed subsequent to determining that the particular value is operable to decrypt the encrypted item of test data.
  - 16. The computer-readable medium of claim 9, further includinga code segment executable by the computer for applying a filter to the values within the interval so as to reduce noise within the interval, such that after application of the filter, the interval is a filtered interval,wherein said code segment is executed subsequent to determining the interval but prior to iteratively testing the values within the interval,wherein subsequent to applying the filter, the value indicative of or the same as the destroyed encryption seed remains in the filtered interval.

17. A method for seed and key generation comprising:
- receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, a storage device, such that the stored biometric template is an enrolled biometric template;
  
  assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template;
  
  encrypting an item of test data using, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed;
  
  storing the encrypted item of test data on, or in a location accessible by, the storage device;
  
  destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device;
  
  receiving information indicative of a live biometric template for use in regenerating the encryption seed;
  
  comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user,wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template;
  
  iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data,wherein upon testing a particular value within the interval and determining that the particular value is operable to decrypt the encrypted item of test data, the encryption seed is regenerated and the iterative testing is ceased; and
  
  generating the key using the seed.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, said step of generating the key further including the steps of:
    - using a first code segment that observes and modifies its structure and behavior to generate a second code segment, andgenerating the key using the second code segment,wherein said second code segment uses the seed to generate the key,wherein said key is operable to encrypt or decrypt one or more files stored on the storage device or to provide access to the storage device, andwherein said first code segment is a reflective code segment.
  - 19. The method of claim 17, wherein encryption or decryption of files stored on the storage device or access to the storage device cannot be obtained without receipt of the live biometric template.
  - 20. The method of claim 17, wherein neither the encryption seed nor the key is stored on, or otherwise made accessible by, the storage device or is transmitted to a third-party storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CIP, LLC
Original Assignee
Ceelox, Inc.
Inventors
Pizano, Erix, Sass, Joe

Granted Patent

US 8,745,405 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0861   using biometrical features,...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

H04L 9/3231   Biological data, e.g. finge...

DYNAMIC SEED AND KEY GENERATION FROM BIOMETRIC INDICIA

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC SEED AND KEY GENERATION FROM BIOMETRIC INDICIA

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links