Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy

US 6,038,315 A
Filed: 03/17/1997
Issued: 03/14/2000
Est. Priority Date: 03/17/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A biometric password enrollment system, comprising:

number generator means for producing a secret codeword "C";

conversion means for combining a biometric measurement "E", having an inherent natural variability from a user, with said secret codeword "C" to produce a reference value "R";

public parameter generation means for combining a public base number "p, g" with a secret exponent "i" derived from said secret codeword "C" to compute I=gⁱ mod p; and

relational means for associating in a database a name "N" for said user with said reference value "R" and said public parameter "I".

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A password system comprises a set of codewords spaced apart from one another by a Hamming distance (HD) that exceeds twice the variability that can be projected for a series of biometric measurements for a particular individual and that is less than the HD that can be encountered between two individuals. To enroll an individual, a biometric measurement is taken and exclusive-ORed with a random codeword to produce a "reference value." To verify the individual later, a biometric measurement is taken and exclusive-ORed with the reference value to reproduce the original random codeword or its approximation. If the reproduced value is not a codeword, the nearest codeword to it is found, and the bits that were corrected to produce the codeword to it is found, and the bits that were corrected to produce the codeword are also toggled in the biometric measurement taken and the codeword generated during enrollment. The correction scheme can be implemented by any conventional error correction code such as Reed-Muller code R(m,n). In the implementation using a hand geometry device an R(2,5) code has been used in this invention. Such codeword and biometric measurement can then be used to see if the individual is an authorized user. Conventional Diffie-Hellman public key encryption schemes and hashing procedures can then be used to secure the communications lines carrying the biometric information and to secure the database of authorized users.

266 Citations

20 Claims

1. A biometric password enrollment system, comprising:
- number generator means for producing a secret codeword "C";
  
  conversion means for combining a biometric measurement "E", having an inherent natural variability from a user, with said secret codeword "C" to produce a reference value "R";
  
  public parameter generation means for combining a public base number "p, g" with a secret exponent "i" derived from said secret codeword "C" to compute I=gⁱ mod p; and
  
  relational means for associating in a database a name "N" for said user with said reference value "R" and said public parameter "I".

2. A biometric password verification method, comprising the steps of:
- associating in a database a name "N" for a user with a reference value "R" and a public parameter "I";
  
  obtaining a biometric reading "V" and a name "N" provided by a user and which serves as a password to-be-verified before access to a system is allowed to said user;
  
  fetching from said database said value "R" and said parameter "I" related to said name "N";
  
  computing an approximate codeword "C'"'"'" from the exclusive-OR combination of said reading "V" and said value "R";
  
  obtaining a secret codeword "C" that most nearly matches said approximate codeword "C'"'"'";
  
  seeding a pseudo-random number generator with secret codeword "C" to obtain a secret exponent "i";
  
  obtaining an exponent "j" from a random number generator;
  
  computing J=g^j mod p, where "p" is a public modulus; and
  
  computing z=MD5 (Jⁱ mod p), where MD5 is a hashing function.
- View Dependent Claims (3)
- - 3. The method of claim 2, further comprising the steps of:
    - computing z'"'"'=MD5 (I^j mod p); and
      
      comparing z to z'"'"';
      
      wherein a match between z and z'"'"' indicates an authorized access.

4. A method for biometric authentication, comprising the steps of:
- defining a set of original error correcting codewords;
  
  recording original biometric measurements from a set of users;
  
  convolving each of the original biometric measurements with a different original error correcting codeword from the set of original error correcting codewords to generate a set of reference values;
  
  recording a current biometric measurement from an unknown user;
  
  retrieving a reference value from the set of reference values which allegedly corresponds to the unknown user;
  
  deconvolving the current biometric measurement with the reference value to generate a reproduced error correcting codeword; and
  
  identifying the unknown user as one of the set of users if the reproduced error correcting codeword is equal to one of the set of original error correcting codewords.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 5. The method of claim 4, further comprises:
    - using Diffie-Hellman public key encryption schemes and hashing procedures to secure a communications line carrying said biometric measurements and to secure a database of the set of users.
  - 6. The method of claim 4, further comprises:
    - using a Reed-Muller code R(2,5) to improve communication error susceptibility.
  - 7. The method of claim 4, wherein the steps of convolving and deconvolving are equivalent to exclusive-ORing.
  - 8. The method of claim 4, wherein the generating step includes the step of:
    - spacing the set of error correcting codewords apart by a Hamming distance which exceeds biometric variations between the set of users.
  - 9. The method of claim 4, further comprising the step of:
    - spacing the set of error correcting codewords apart by a Hamming distance at least twice a largest Hamming distance probable between two biometric measurements from any one user.
  - 10. The method of claim 4, further comprising the step of:
    - spacing the set of error correcting codewords apart by a Hamming distance less than a smallest Hamming distance probable between biometric measurements from any two users.
  - 11. The method of claim 4, further comprising the step of:
    - rejecting the unknown user as not one of the set of users if the reproduced error correcting codeword is outside of the Hamming distance spacing of adjacent original error correcting codewords.
  - 12. The method of claim 4:
    - wherein the current biometric measurement has an inherent natural single-user biometric-reading variability; and
      
      further comprising the step of;
      
      rejecting the unknown user as not one of the set of users if the reproduced error correcting codeword differs from the original error correcting codewords by more than the inherent natural single-user biometric-reading variability.
  - 13. The method of claim 4, further comprising the steps of:
    - selecting a nearest error correcting codeword from the set of original error correcting codewords, if the reproduced error correcting codeword is not equal to one of the set of original error correcting codewords; and
      
      recovering an original biometric measurement from the current biometric measurement by toggling those bits in the current biometric measurement which correspond to those bits in the reproduced error correcting codeword which must be toggled to obtain the nearest error correcting codeword.
  - 14. The method of claim 4, further comprising the steps of:
    - selecting a nearest error correcting codeword from the set of original error correcting codewords, if the reproduced error correcting codeword is not equal to one of the set of original error correcting codewords; and
      
      recovering an original cryptographically secure random number from the nearest error correcting codeword.

15. A biometric password enrollment method, comprising the steps of:
- producing a secret codeword "C";
  
  combining a biometric measurement "E", having an inherent natural variability from a user, with said secret codeword "C" to produce a reference value "R";
  
  combining a public base number "p, g" with a secret exponent "i" derived from said secret codeword "C" to compute I=gⁱ mod p; and
  
  associating in a database a name "N" for said user with said reference value "R" and said public parameter "I".

16. A biometric password verification system, comprising:
- means for associating in a database a name "N" for a user with a reference value "R" and a public parameter "I";
  
  means for obtaining a biometric reading "V" and a name "N" provided by a user and which serves as a password to-be-verified before access to a system is allowed to said user;
  
  means for fetching from said database said value "R" and said parameter "I" related to said name "N";
  
  means for computing an approximate codeword "C'"'"'" from the exclusive-OR combination of said reading "V" and said value "R";
  
  means for obtaining a secret codeword "C" that most nearly matches said approximate codeword "C'"'"'";
  
  means for seeding a pseudo-random number generator with secret codeword "C" to obtain a secret exponent "i";
  
  means for obtaining an exponent "j" from a random number generator;
  
  means for computing J=g^j mod p, where "p" is a public modulus; and
  
  means for computing z=MD5 (Jⁱ mod p), where MD5 is a hashing function.
- View Dependent Claims (17)
- - 17. The system of claim 16, further comprising:
    - means for computing z'"'"'=MD5 (I^j mod p); and
      
      means for comparing z to z'"'"';
      
      wherein a match between z and z'"'"' indicates an authorized access.

18. A computer-usable medium embodying computer program code for causing a computer to effect biometric password enrollment by performing the steps of:
- producing a secret codeword "C";
  
  combining a biometric measurement "E", having an inherent natural variability from a user, with said secret codeword "C" to produce a reference value "R";
  
  combining a public base number "p, g" with a secret exponent "i" derived from said secret codeword "C" to compute I=gⁱ mod p; and
  
  associating in a database a name "N" for said user with said reference value "R" and said public parameter "I".

19. A computer-usable medium embodying computer program code for causing a computer to effect biometric password verification by performing the steps of:
- associating in a database a name "N" for a user with a reference value "R" and a public parameter "I";
  
  obtaining a biometric reading "V" and a name "N" provided by a user and which serves as a password to-be-verified before access to a system is allowed to said user;
  
  fetching from said database said value "R" and said parameter "I" related to said name "N";
  
  computing an approximate codeword "C'"'"'" from the exclusive-OR combination of said reading "V" and said value "R";
  
  obtaining a secret codeword "C" that most nearly matches said approximate codeword "C'"'"'";
  
  seeding a pseudo-random number generator with secret codeword "C" to obtain a secret exponent "i";
  
  obtaining an exponent "j" from a random number generator;
  
  computing J=gⁱ mod p, where "p" is a public modulus; and
  
  computing z=MD5 (Jⁱ mod p), where MD5 is a hashing function.
- View Dependent Claims (20)
- - 20. The computer-usable medium of claim 19 further performing the steps of:
    - computing z'"'"'=MD5 (I^j mod p); and
      
      comparing z to z'"'"';
      
      wherein a match between z and z'"'"' indicates an authorized access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lawrence Livermore National Security LLC (Government of the United States of America)
Original Assignee
Regents of the University of California (University of California)
Inventors
Pearson, Peter K., Sengupta, Sailes K., Strait, Robert S.
Primary Examiner(s)
Hayes, Gail O.
Assistant Examiner(s)
SONG, HOSUK

Application Number

US08/819,158
Time in Patent Office

1,093 Days
Field of Search

382/115, 382/116, 382/117, 382/118, 380/23, 380/25, 380/4, 713/202
US Class Current

713/183
CPC Class Codes

H04L 9/0662   with particular pseudorando...

H04L 9/304   based on error correction c...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3239   involving non-keyed hash fu...

Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

266 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

266 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links