SECURE RE-ENROLLMENT OF BIOMETRIC TEMPLATES USING DISTRIBUTED SECURE COMPUTATION & SECRET SHARING
First Claim
1. A method comprising:
- generating, by a computation engine of a biometric authentication system and according to biometric information of a user, helper data for authenticating the user;
generating, by the computation engine, a plurality of secret shares of the biometric information;
storing, by the computation engine, each of the plurality of secret shares of the biometric information to a corresponding one of a plurality of storage nodes; and
performing, by the computation engine, re-enrollment of the biometric information by;
outputting a plurality of messages to instruct each of the plurality of storage nodes to generate a respective share of a new helper data in accordance with the plurality of secret shares of the biometric information and a secure computation protocol,receiving the respective share of the new helper data from two or more storage nodes of the plurality of storage nodes, anddetermining the new helper data based on the respective share of the new helper data from each of the two or more storage nodes for subsequent authentication of the user,wherein the re-enrollment occurs without receiving additional or repeat biometric information of the user and thereby results in faster re-enrollment.
1 Assignment
0 Petitions
Accused Products
Abstract
An example computing device includes a shares generation unit configured to generate secret shares of biometric information of a user; a storage interface configured to interface with storage nodes for storing each of the secret shares to a corresponding one of the storage nodes; and a computation engine configured to perform re-enrollment by outputting a plurality of messages to instruct each of the storage nodes to generate a respective share of a new helper data in accordance with the secret shares of the biometric information and a secure computation protocol, receive the respective share of the new helper data from two or more storage nodes, and determine the new helper data based on the respective share of the new helper data from each of the two or more storage nodes for subsequent authentication of the user, wherein the re-enrollment occurs without receiving additional/repeat biometric information, thereby resulting in faster re-enrollment.
6 Citations
20 Claims
-
1. A method comprising:
-
generating, by a computation engine of a biometric authentication system and according to biometric information of a user, helper data for authenticating the user; generating, by the computation engine, a plurality of secret shares of the biometric information; storing, by the computation engine, each of the plurality of secret shares of the biometric information to a corresponding one of a plurality of storage nodes; and performing, by the computation engine, re-enrollment of the biometric information by; outputting a plurality of messages to instruct each of the plurality of storage nodes to generate a respective share of a new helper data in accordance with the plurality of secret shares of the biometric information and a secure computation protocol, receiving the respective share of the new helper data from two or more storage nodes of the plurality of storage nodes, and determining the new helper data based on the respective share of the new helper data from each of the two or more storage nodes for subsequent authentication of the user, wherein the re-enrollment occurs without receiving additional or repeat biometric information of the user and thereby results in faster re-enrollment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing device of a biometric authentication system comprising:
-
a shares generation unit implemented in circuitry and configured to generate a plurality of secret shares of biometric information of a user; a storage interface implemented in circuitry and configured to; interface with a plurality of storage nodes for storing each of the plurality of secret shares to a corresponding one of the plurality of storage nodes; and a computation engine implemented in circuitry and configured to; generate helper data according to biometric information of the user for authenticating a user, and perform a re-enrollment of the biometric information, wherein to perform the re-enrollment of the biometric information, the computation engine is configured to; output a plurality of messages to instruct each of the plurality of storage nodes to generate a respective share of a new helper data in accordance with the plurality of secret shares of the biometric information and a secure computation protocol, receive the respective share of a new helper data from two or more storage nodes of the plurality of storage nodes, and determine the new helper data based on the respective share of the new helper data from each of the two or more storage nodes for subsequent authentication of the user, wherein the re-enrollment occurs without receiving additional or repeat biometric information of a user and thereby results in faster re-enrollment. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable storage medium of a biometric authentication system having stored thereon instructions that, when executed, cause a processor to:
-
generate, according to biometric information of a user, helper data for authenticating the user; generate, according to the biometric information of the user, a plurality of secret shares of the biometric information; store each of the plurality of secret shares of the biometric information to a corresponding one of a plurality of storage nodes; and perform re-enrollment of the biometric information, wherein the instructions to perform re-enrollment of the biometric information comprise instructions that, when executed, cause the processor to; output a plurality of messages to instruct each of the plurality of storage nodes to generate a respective share of a new helper data in accordance with the plurality of secret shares of the biometric information and a secure computation protocol, receive a respective share of the new helper data from two or more storage nodes of the plurality of storage nodes, and determine the new helper data based on the respective share of the new helper data from each of the two or more storage nodes for subsequent authentication of the user, wherein the re-enrollment occurs without receiving additional or repeat biometric information of a user and thereby results in faster re-enrollment. - View Dependent Claims (18, 19, 20)
-
Specification