Method and apparatus for securely handling data in a database of biometrics and associated data
First Claim
1. A method for the secure handling of data, comprising the steps of:
- (a) acquiring a database of personal identifiers and data comprising, repetitively;
(i) acquiring a person identifier;
(ii) acquiring data;
(iii) encrypting said data with an encryption key such that said encrypted data has a decryption key;
(iv) associating said encrypted data with said personal identifier in said database;
(v) encrypting said decryption key utilising a personal identifier;
(b) comparing a personal identifier of a given individual with the database and, on a match with a personal identifier in said database, obtaining encrypted data associated with said matching personal identifier;
(c) obtaining a decryption key for the encrypted data with the following steps;
(i) obtaining an encrypted version of said decryption key from storage;
(ii) performing a decryption operation on said encrypted decryption key utilising said personal identifier of step (a)(v);
(d) performing a decryption operation on the encrypted data with the key obtained in step (c)(ii).
2 Assignments
0 Petitions
Accused Products
Abstract
A person wanting an entitlement, such as welfare, typically inputs his fingerprint to a database. On a match with a fingerprint already in the database, a profile of the person with the matching fingerprint is retrieved to guard against double dipping. There is a concern for the privacy of the information in the database. To assure privacy, the profile associated with each fingerprint in the database is encrypted so that when a new person attempts to enroll and a matching fingerprint is found in the database, the associated profile returned is encrypted. In order to access this encrypted profile, PINs are required from one or two authorized operators. The PIN of an authorized operator is stored on a card in an encrypted fashion such that it may be recovered by the authorized operator inputting his fingerprint to the system. One or both PINs are needed to decipher the profile.
-
Citations
32 Claims
-
1. A method for the secure handling of data, comprising the steps of:
-
(a) acquiring a database of personal identifiers and data comprising, repetitively; (i) acquiring a person identifier; (ii) acquiring data; (iii) encrypting said data with an encryption key such that said encrypted data has a decryption key; (iv) associating said encrypted data with said personal identifier in said database; (v) encrypting said decryption key utilising a personal identifier; (b) comparing a personal identifier of a given individual with the database and, on a match with a personal identifier in said database, obtaining encrypted data associated with said matching personal identifier; (c) obtaining a decryption key for the encrypted data with the following steps; (i) obtaining an encrypted version of said decryption key from storage; (ii) performing a decryption operation on said encrypted decryption key utilising said personal identifier of step (a)(v); (d) performing a decryption operation on the encrypted data with the key obtained in step (c)(ii). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for the secure handling of data for a database of biometrics and associated data, comprising the steps of:
-
a) acquiring a database of biometric representations and data comprising, repetitively; (i) acquiring a biometric representation; (ii) acquiring data; (iii) encrypting said data with an encryption key such that said encrypted data has a decryption key; (iv) storing said encrypted data at an address; (v) associating an address pointer pointing to said address with said biometric representation; b) comparing a biometric representation of a given individual with the database of biometric representations and, on a match with a biometric representation in said database, obtaining the address pointer associated with said matching biometric representation to retrieve encrypted data associated with said matching biometric representation; c) obtaining said decryption key for the encrypted data; d) performing a decryption operation on the encrypted data with said encrypted decryption key. - View Dependent Claims (19)
-
-
20. Apparatus for the secure handling of data in a database of biometrics and data comprising the following:
-
(a) a database of biometric representations and data with each biometric representation in said database being associated in the database with data and at least a portion of the data associated with each biometric representation being encrypted; (b) an input for a biometric of a given individual; (c) means responsive to said given individual biometric input for comparing a biometric representation of a given individual with the database of biometric representations and, on a match with a biometric representation in said database, for retrieving both encrypted data associated with said matching biometric representation and an encrypted version of a decryption key for said encrypted data; (d) an input for a biometric of an operator desiring access to said encrypted data; (e) means responsive to said operator biometric input for obtaining a decryption key for said encrypted decryption key; (f) means responsive to said means for obtaining a decryption key for said encrypted decryption key for performing a decryption operation on said encrypted decryption key; and (g) means responsive to said means for performing a decryption operation on said encrypted decryption key for performing a decryption operation on the encrypted data. - View Dependent Claims (21, 22)
-
-
23. A method for the secure handling of data, comprising the steps of:
-
(a) acquiring a database of representations of biometrics and data comprising, repetitively; (i) acquiring a representation of a biometric; (ii) acquiring data; (iii) encrypting said data with an encryption key such that said encrypted data has a decryption key; (iv) associating said encrypted data with said representation of a biometric in said database; (v) encrypting said decryption key utilising a personal identifier of an operator; (b) comparing a representation of a biometric of a given individual with the database and, on a match with a representation of a biometric in said database, obtaining encrypted data associated with said matching representation of a biometric; (c) obtaining a decryption key for the encrypted data with the following steps; (i) obtaining an encrypted version of said decryption key from storage; (ii) performing a decryption operation on said encrypted decryption key utilising a representation of a biometric of said operator; (d) performing a decryption operation on the encrypted data with the key obtained in step (c)(ii). - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for the secure handling of data comprising the steps of:
-
(a) acquiring a database of biometric representations and data comprising, repetitively; (i) acquiring a biometric representation and storing said biometric representation; (ii) acquiring data and storing said data; (iii) associating said data with said biometric representation by way of an address pointer between said biometric representation and said data; (iv) encrypting said pointer utilizing said biometric representation as an encryption key and associating said encrypted address pointer with said biometric representation; (b) comparing a biometric representation of a given individual with said database and, on a match with a biometric representation in said database, obtaining said encrypted address pointer associated with said matching biometric representation; (c) decrypting said encrypted address pointer utilizing said biometric representation of said given individual; (d) retrieving data utilizing said address pointer associated with said matching biometric representation. - View Dependent Claims (32)
-
Specification