Method and apparatus for secure authorization and identification using biometrics without privacy invasion

US 6,957,337 B1
Filed: 08/11/1999
Issued: 10/18/2005
Est. Priority Date: 08/11/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating a subject, comprising:

using one or a plurality of biometric measurements for authentication without any sharing of the subject'"'"'s biometric data, by accomplishing said authentication without any of said one or plurality of biometric measurements being accessible in any form to any external device or external party, said biometric data being encrypted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for authenticating (or identifying) a subject, includes using one or a plurality of biometric measurements for authentication (or identification) without any sharing of the subject'"'"'s biometric data with a party requesting authentication.

Citations

50 Claims

1. A method of authenticating a subject, comprising:
- using one or a plurality of biometric measurements for authentication without any sharing of the subject'"'"'s biometric data, by accomplishing said authentication without any of said one or plurality of biometric measurements being accessible in any form to any external device or external party, said biometric data being encrypted.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, further comprising:
    - storing said biometric data in an individual unit, said individual unit belonging to said subject.
  - 3. The method according to claim 2, wherein said individual unit is portable for being carried by said subject.
  - 4. The method according to claim 2, wherein said individual unit is non-portable.
  - 5. The method according to claim 2, wherein said individual unit comprises one of a smart card, a personal area network (PAN) tool, and an apparatus linked to a network.
  - 6. The method according to claim 1, further comprising:
    - after said authentication, selectively obtaining access to any of a location, a service, and an option in a service by said subject.

7. A method of authenticating a subject, comprising:
- using one or a plurality of biometric measurements for authentication without any sharing of the subject'"'"'s biometric data, by accomplishing said authentication without any of said one or plurality of biometric measurements being accessible in any form to any external device or external party; and
  
  generating at least one of a password and another authentication procedure based on biometric authentication locally under the subject'"'"'s control.
- View Dependent Claims (8, 9, 10)
- - 8. The method according to claim 7, further comprising:
    - securely storing the biometric on an apparatus carried by said subject.
  - 9. The method according to claim 7, further comprising:
    - deriving said at least one of the password and the another authentication procedure from compressed biometrics extracted locally under the subject'"'"'s control or from a network, when authentication is required.
  - 10. The method according to claim 7, further comprising:
    - managing multiple passwords and authentication procedures, by at least one of;
      
      monitoring an authentication request;
      
      identifying a requester;
      
      generating at least one of a new password and an authentication procedure for a new requester;
      
      storing the authentication procedure generation method and the identity of the requester in a secure manner; and
      
      authenticating the user for known requesters using the stored procedure and the result of the local authentication procedure.

11. A method of authenticating a subject, comprising:
- using one or a plurality of biometric measurements for authentication without any sharing of the subject'"'"'s biometric data, by accomplishing said authentication without any of said one or plurality of biometric measurements being accessible in any form to any external device or external party; and
  
  generating at least one of a password and another authentication procedure based on at least one biometric feature extracted locally under the subject'"'"'s control.
- View Dependent Claims (12, 13)
- - 12. The method according to claim 11, wherein said generating is performed without storing the subject'"'"'s biometric feature.
  - 13. The method according to claim 11, further comprising:
    - deriving said at least one of the password and the another authentication procedure from the biometric extracted locally when authentication is required.

14. A method of authenticating a characteristic of a subject, without compromising privacy of the subject, said method comprising:
- using at least one of a plurality of authentication methods including personal information of the subject, a biometric of the subject, a password, a personal identification number (PIN) and a secured component; and
  
  simultaneously with said using, said subject maintaining confidentiality of authentication information by withholding access of said authentication information from any external device or external party,wherein said withholding access further includes an encryption of data stored that represents said biometric.
- View Dependent Claims (15)
- - 15. The method according to claim 14, further comprising:
    - selectively completing the authentication with a remote service using a communication port and protocol.

16. A method of authenticating a characteristic of a subject, without compromising privacy of the subject, said method comprising:
- using at least one of a plurality of authentication methods including personal information of the subject, a biometric of the subject, a password, a personal identification number (PIN) and a secured component;
  
  simultaneously with said using, said subject maintaining confidentiality of authentication information by withholding access of said authentication information from any external device or external party; and
  
  generating at least one of a password and another authentication procedure based on authentication locally under the subject'"'"'s control.
- View Dependent Claims (17, 18, 19)
- - 17. The method according to claim 16, further comprising:
    - securely storing authentication information on an apparatus locally under the subject'"'"'s control.
  - 18. The method according to claim 17, further comprising:
    - securely storing the authentication information on the apparatus using at least one of a knowledge-based information, a possession-based information, a password-based information, and a biometric-based information.
  - 19. The method according to claim 16, further comprising:
    - deriving said at least one of the password and the another authentication procedure from the local authentication when authentication is required.

20. A method for secure authentication of a subject, said method comprising:
- selectively requesting any of a password and a knowledge-based information from said subject; and
  
  simultaneously with said selectively requesting, interrogating biometric information of the subject, said biometric information being carried by said subject and being maintained inaccessible by any external device.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 21. The method according to claim 20, further comprising:
    - using said biometric information to generate said password.
  - 22. The method according to claim 20, further comprising:
    - performing biometric data verification by a device associated with said subject,wherein said biometric data verification activates a password-controlled authentication mechanism which transfers information, but which withholds sufficient information so that the biometric is not revealed, to a party requiring authentication.
  - 23. The method according to claim 21, wherein obtaining said password is performed by using at least one of an encryption and secure hashing.
  - 24. The method according to claim 20, wherein a device is carried by the subject to be authorized to perform a task,wherein at a moment of authorization, said device is presented to a reader of an authorizing machine of an entity seeking authentication, which prompts said device for a password for authorization to be given, and wherein said device reads a biometric of said subject using a sensor included in the device and computes the password.
  - 25. The method according to claim 24, wherein said device allows the password to be read by the authorizing machine.
  - 26. The method according to claim 25, wherein said password is read in a contacting manner.
  - 27. The method according to claim 25, wherein said password is read in a contact-free manner.
  - 28. The method according to claim 24, further comprising:
    - using one of a hashing and a mapping technique, which is stable with respect to variations of the biometric extracted, said using including mapping regions of a biometric-print space, to the password having been computed.
  - 29. The method according to claim 28, wherein said using includes:
    - measuring a biometric-print of the subject by ranking biometric prints of N subsets of M biometrics,wherein an index of a top ranking of each of the N subsets is used in computing the password.
  - 30. The method according to claim 24, further comprising:
    - storing on the device information regarding a previous authentication including a biometric-print of the subject.
  - 31. The method according to claim 20, further comprising:
    - encrypting a biometric-print using the subject'"'"'s biometric and personal knowledge onto a device carried by said subject.
  - 32. The method according to claim 20, further comprising:
    - providing a unique non-duplicable authentication mechanism on a device associated with said subject, said authentication mechanism being constructed so as to be completely independent of the biometric,wherein said authentication mechanism is prevented from accessing the biometric itself.
  - 33. The method according to claim 32, wherein said device associated with said subject produces a correct password only when the device reads a biometric from the subject.
  - 34. The method according to claim 20, wherein biometric information for a plurality of subjects is stored in a device associated with the subject.
  - 35. The method of claim 20, wherein said being maintained inaccessible includes an encryption of said biometric information before being stored to be carried by said subject.

36. An apparatus for secure authentication, without compromising privacy of a subject, said apparatus comprising:
- a reader, associated with the subject, for reading a specified biometric of said subject; and
  
  a password generator for producing a password needed, based on said biometric,wherein said biometric is maintained as being inaccessible to any external device.
- View Dependent Claims (37)
- - 37. The apparatus according to claim 36, wherein said password generator includes an encryption device using at least one of encryption and secure hashing.

38. An apparatus for secure authentication, said apparatus comprising:
- means, associated with a subject, for reading a specified biometric of said subject; and
  
  means for producing a password needed based on said biometric, without providing access to said biometric by any external device or by anyone other than said subject.
- View Dependent Claims (39)
- - 39. The apparatus according to claim 38, wherein said means for producing said password includes an encryption device using at least one of encryption and secure hashing.

40. A method of identifying a subject, said method comprising:
- using one or a plurality of biometric measurements for identification without any sharing of the subject'"'"'s biometric data by maintaining said biometric data as inaccessible to any external device,wherein said maintaining as inaccessible includes an encryption of said one or said plurality of biometric measurements before being stored as said biometric data.

41. A method of identifying a subject, said method comprising:
- using one or a plurality of biometric measurements for identification without any sharing of the subject'"'"'s biometric data by maintaining said biometric data as inaccessible to any external device, wherein a the subject'"'"'s identity is determined locally, under the subject'"'"'s control, by having the subject provide at least one of a user ID and by biometric identification of the subject among enrolled authorized subjects, andwherein said identification produces a set of N best matches for N subsets, and an index formed by concatenation of the N indices uniquely identifies the subject.

42. A method for identification of a subject, said method comprising:
- selectively requesting any of a password and a knowledge-based information from said subject; and
  
  simultaneously with said selectively requesting, interrogating biometric information of the subject, said biometric information being carried by said subject and being maintained as inaccessible by any external device.
- View Dependent Claims (43)
- - 43. The method of claim 42, wherein a subject'"'"'s identity is determined locally under the subject'"'"'s control, by having the subject provide at least one of a user ID and by biometric identification of the subject among enrolled authorized subjects, andwherein said identification produces a set of N best matches for N subsets, and an index formed by concatenation of the N indices uniquely identifies the subject.

44. An apparatus for identification of a subject, said apparatus comprising:
- a reader, associated with the subject, for reading a specified biometric of said subject; and
  
  a password generator for producing a password needed, based on said biometric,wherein said biometric is maintained inaccessible by any external device.
- View Dependent Claims (45, 46, 47, 48, 49)
- - 45. The apparatus according to claim 44, further comprising:
    - means for storing data of said biometric in an individual unit, said individual unit belonging to said subject.
  - 46. The apparatus according to claim 45, wherein said individual unit is portable for being carried by said subject.
  - 47. The apparatus according to claim 45, wherein said individual unit is non-portable.
  - 48. The apparatus according to claim 45, wherein said individual unit comprises one of a smart card, a personal area network (PAN) tool, and an apparatus linked to a network.
  - 49. The apparatus according to claim 45, wherein a subject'"'"'s identity is determined locally, under the subject'"'"'s control, by having the subject provide at least one of a user ID and by biometric identification of the subject among enrolled authorized subjects being read by said reader, andwherein said identification produces a set of N best matches for N subsets, and an index formed by concatenation of the N indices uniquely identifies the subject.

50. An apparatus comprising:
- at least two sensors to obtain at least two forms of biometric data, each said biometric data form respectively providing an identification metric that uniquely identifies an individual;
  
  a non volatile memory to store biometric data from said at least two sensors during an initiation stage; and
  
  a comparator to compare said biometric data stored in said non volatile memory with a biometric data obtained by said at least two sensors during an authentication stage,wherein said at least two sensors, said non volatile memory, and said comparator are all located on a same device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Rutledge, Joseph Dela, Tresser, Charles Philippe, Chainer, Timothy Joseph, Kitchens, Bruce P., Maes, Stephane Herman, Martens, Marco
Primary Examiner(s)
Smithers, Matthew

Application Number

US09/372,170
Time in Patent Office

2,260 Days
Field of Search

713/186, 713/182, 713/200, 713/201, 713/202, 713/168, 713/172, 382/115, 382/124
US Class Current

713/186
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/6245   Protecting personal data, e...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40145   Biometric identity checks

G07F 7/1008   Active credit-cards provide...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3231   Biological data, e.g. finge...

Method and apparatus for secure authorization and identification using biometrics without privacy invasion

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure authorization and identification using biometrics without privacy invasion

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links