Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy
First Claim
1. A biometric password enrollment system, comprising:
- number generator means for producing a secret codeword "C";
conversion means for combining a biometric measurement "E", having an inherent natural variability from a user, with said secret codeword "C" to produce a reference value "R";
public parameter generation means for combining a public base number "p, g" with a secret exponent "i" derived from said secret codeword "C" to compute I=gi mod p; and
relational means for associating in a database a name "N" for said user with said reference value "R" and said public parameter "I".
3 Assignments
0 Petitions
Accused Products
Abstract
A password system comprises a set of codewords spaced apart from one another by a Hamming distance (HD) that exceeds twice the variability that can be projected for a series of biometric measurements for a particular individual and that is less than the HD that can be encountered between two individuals. To enroll an individual, a biometric measurement is taken and exclusive-ORed with a random codeword to produce a "reference value." To verify the individual later, a biometric measurement is taken and exclusive-ORed with the reference value to reproduce the original random codeword or its approximation. If the reproduced value is not a codeword, the nearest codeword to it is found, and the bits that were corrected to produce the codeword to it is found, and the bits that were corrected to produce the codeword are also toggled in the biometric measurement taken and the codeword generated during enrollment. The correction scheme can be implemented by any conventional error correction code such as Reed-Muller code R(m,n). In the implementation using a hand geometry device an R(2,5) code has been used in this invention. Such codeword and biometric measurement can then be used to see if the individual is an authorized user. Conventional Diffie-Hellman public key encryption schemes and hashing procedures can then be used to secure the communications lines carrying the biometric information and to secure the database of authorized users.
266 Citations
20 Claims
-
1. A biometric password enrollment system, comprising:
-
number generator means for producing a secret codeword "C"; conversion means for combining a biometric measurement "E", having an inherent natural variability from a user, with said secret codeword "C" to produce a reference value "R"; public parameter generation means for combining a public base number "p, g" with a secret exponent "i" derived from said secret codeword "C" to compute I=gi mod p; and relational means for associating in a database a name "N" for said user with said reference value "R" and said public parameter "I".
-
-
2. A biometric password verification method, comprising the steps of:
-
associating in a database a name "N" for a user with a reference value "R" and a public parameter "I"; obtaining a biometric reading "V" and a name "N" provided by a user and which serves as a password to-be-verified before access to a system is allowed to said user; fetching from said database said value "R" and said parameter "I" related to said name "N"; computing an approximate codeword "C'"'"'" from the exclusive-OR combination of said reading "V" and said value "R"; obtaining a secret codeword "C" that most nearly matches said approximate codeword "C'"'"'"; seeding a pseudo-random number generator with secret codeword "C" to obtain a secret exponent "i"; obtaining an exponent "j" from a random number generator; computing J=gj mod p, where "p" is a public modulus; and computing z=MD5 (Ji mod p), where MD5 is a hashing function. - View Dependent Claims (3)
-
-
4. A method for biometric authentication, comprising the steps of:
-
defining a set of original error correcting codewords; recording original biometric measurements from a set of users; convolving each of the original biometric measurements with a different original error correcting codeword from the set of original error correcting codewords to generate a set of reference values; recording a current biometric measurement from an unknown user; retrieving a reference value from the set of reference values which allegedly corresponds to the unknown user; deconvolving the current biometric measurement with the reference value to generate a reproduced error correcting codeword; and identifying the unknown user as one of the set of users if the reproduced error correcting codeword is equal to one of the set of original error correcting codewords. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A biometric password enrollment method, comprising the steps of:
-
producing a secret codeword "C"; combining a biometric measurement "E", having an inherent natural variability from a user, with said secret codeword "C" to produce a reference value "R"; combining a public base number "p, g" with a secret exponent "i" derived from said secret codeword "C" to compute I=gi mod p; and associating in a database a name "N" for said user with said reference value "R" and said public parameter "I".
-
-
16. A biometric password verification system, comprising:
-
means for associating in a database a name "N" for a user with a reference value "R" and a public parameter "I"; means for obtaining a biometric reading "V" and a name "N" provided by a user and which serves as a password to-be-verified before access to a system is allowed to said user; means for fetching from said database said value "R" and said parameter "I" related to said name "N"; means for computing an approximate codeword "C'"'"'" from the exclusive-OR combination of said reading "V" and said value "R"; means for obtaining a secret codeword "C" that most nearly matches said approximate codeword "C'"'"'"; means for seeding a pseudo-random number generator with secret codeword "C" to obtain a secret exponent "i"; means for obtaining an exponent "j" from a random number generator; means for computing J=gj mod p, where "p" is a public modulus; and means for computing z=MD5 (Ji mod p), where MD5 is a hashing function. - View Dependent Claims (17)
-
-
18. A computer-usable medium embodying computer program code for causing a computer to effect biometric password enrollment by performing the steps of:
-
producing a secret codeword "C"; combining a biometric measurement "E", having an inherent natural variability from a user, with said secret codeword "C" to produce a reference value "R"; combining a public base number "p, g" with a secret exponent "i" derived from said secret codeword "C" to compute I=gi mod p; and associating in a database a name "N" for said user with said reference value "R" and said public parameter "I".
-
-
19. A computer-usable medium embodying computer program code for causing a computer to effect biometric password verification by performing the steps of:
-
associating in a database a name "N" for a user with a reference value "R" and a public parameter "I"; obtaining a biometric reading "V" and a name "N" provided by a user and which serves as a password to-be-verified before access to a system is allowed to said user; fetching from said database said value "R" and said parameter "I" related to said name "N"; computing an approximate codeword "C'"'"'" from the exclusive-OR combination of said reading "V" and said value "R"; obtaining a secret codeword "C" that most nearly matches said approximate codeword "C'"'"'"; seeding a pseudo-random number generator with secret codeword "C" to obtain a secret exponent "i"; obtaining an exponent "j" from a random number generator; computing J=gi mod p, where "p" is a public modulus; and computing z=MD5 (Ji mod p), where MD5 is a hashing function. - View Dependent Claims (20)
-
Specification