Biometrics template

US 7,302,583 B2
Filed: 09/30/2002
Issued: 11/27/2007
Est. Priority Date: 11/08/2001
Status: Active Grant

First Claim

Patent Images

1. A method of storing a biometrics template on a terminal network, the method comprising the steps of:

generating an encrypted biometrics template from a biometrics template using a cryptographic key;

generating a plurality of shares of the key using a sharing algorithm;

associating each respective key share with a copy of the encrypted template and an identification code for the template, to form an identification string; and

storing each respective identification string on a respective terminal of a terminal network.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods of storing and decrypting biometrics templates on a terminal network are described. A biometrics template 14 is encrypted 18 using a key 16, and the key 16 is then divided into a number of key shares 20. The encrypted template 18, a key share 20, and a user identifier 22 are then combined to give an identification string 24. A number of strings 24 are then stored on separate terminals 26 of a terminal network 28. To decrypt the template 14, a user offers their identifier 22 to a terminal 26. The required number of identification strings 24 having that identifier 22 are retrieved from their respective terminals 26 on the network 28, and the key shares 20 combined to generate a key 16 which is then used to decrypt the template 14. The decrypted template 14 may then be used to verify the identity of the user. Using the present method, neither the unencrypted template nor the complete decryption key are transferred across the network, so improving security.

Citations

19 Claims

1. A method of storing a biometrics template on a terminal network, the method comprising the steps of:
- generating an encrypted biometrics template from a biometrics template using a cryptographic key;
  
  generating a plurality of shares of the key using a sharing algorithm;
  
  associating each respective key share with a copy of the encrypted template and an identification code for the template, to form an identification string; and
  
  storing each respective identification string on a respective terminal of a terminal network.
- View Dependent Claims (2, 3, 4, 15)
- - 2. A method according to claim 1, further comprising the steps of:
    - generating a list of the locations of each respective identification string, andstoring a copy of the list on each respective terminal.
  - 3. A method according to claim 1, further comprising the step of:
    - moving an identification string to an alternative terminal for storage.
  - 4. A method according to claim 2, further comprising the step of:
    - moving an identification string to an alternative terminal for storage.
  - 15. Method according to claim 1, and further comprising:
    - delivering several of said identification strings to a single terminal, in response to multiple requests issued by that single terminal.

5. A method of verifying a claimed biometrics identity of a user on a terminal network, the method comprising the steps of:
- obtaining a biometrics identity and an identification code from a user at a terminal of a terminal network;
  
  requesting and obtaining a plurality of identification strings associated with the identification code from terminals of a terminal network, each identification string comprising an encrypted biometrics template, a key share, and an identification code;
  
  combining a plurality of key shares to generate a key;
  
  decrypting at least one of the encrypted biometrics templates by means of the generated key to generate a decrypted biometrics template andverifying the biometrics identity of the user against the decrypted biometrics template.
- View Dependent Claims (11, 16)
- - 11. Method according to claim 5, wherein the terminal which obtains the biometrics identity and identification codes from the user comprises an Automated Teller Machine, ATM.
  - 16. Method according to claim 5, wherein a single terminal obtains said plurality of identification strings, by issuing requests to the terminals storing said strings.

6. A method of storing a biometrics template within a terminal network having a server and terminals, the method comprising the steps of:
- generating an encrypted biometrics template from a biometrics template using a cryptographic key;
  
  generating a plurality of shares of the key using a sharing algorithm;
  
  associating each respective key share with a copy of the encrypted template and an identification code for the template, to form an identification string andstoring each respective identification string on a server of a terminal network.
- View Dependent Claims (17)
- - 17. Method according to claim 6, and further comprising:
    - delivering several of said identification strings to a single terminal, in response to multiple requests issued by that single terminal.

7. A method of verifying a claimed biometrics identity of a user on a terminal network having a server and terminals, the method comprising the steps of:
- obtaining a biometrics identity and an identification code from a user at a terminal of a terminal network;
  
  obtaining a plurality of identification strings corresponding to the identification code from a server of a terminal network, each identification string comprising an encrypted biometrics template, a key share, and an identification code;
  
  combining a plurality of key shares to generate a key;
  
  decrypting at least one of the encrypted biometrics templates using said generated key to generate a decrypted biometrics template; and
  
  verifying the biometrics identity of the user against the decrypted biometrics template.
- View Dependent Claims (12, 18)
- - 12. Method according to claim 7, wherein the terminal which obtains the biometrics identity and identification codes from the user comprises an Automated Teller Machine, ATM.
  - 18. Method according to claim 7, wherein a single terminal obtains said plurality of identification strings, by issuing requests to the terminals storing said strings.

8. A method of storing a biometrics template on a terminal network, the method comprising the steps of:
- generating an encrypted biometrics template from a biometrics template using a cryptographic key;
  
  generating a plurality of shares of the key using a sharing algorithm;
  
  associating each respective key share with a copy of the encrypted template and with an identification code to form an identification string; and
  
  storing each respective identification string on a respective terminal of a terminal network.
- View Dependent Claims (19)
- - 19. Method according to claim 8, and further comprising:
    - delivering several of said identification strings to a single terminal, in response to multiple requests issued by that single terminal.

9. A method of verifying a claimed biometrics identity of a user on a terminal network, the method comprising the steps of:
- obtaining a biometrics identity from a user at a terminal of a terminal network;
  
  requesting and obtaining a plurality of identification strings from terminals of a terminal network, each identification string comprising an encrypted biometrics template, an identification code, and a key share;
  
  combining a plurality of key shares to generate a key;
  
  decrypting at least one of the encrypted biometrics templates using the generated key to generate a decrypted biometrics template andverifying the biometrics identity of the user against the decrypted biometrics template.
- View Dependent Claims (13)
- - 13. Method according to claim 9, wherein the terminal which obtains the biometrics identity and identification codes from the user comprises an Automated Teller Machine, ATM.

10. A terminal for use in a terminal network, the terminal comprising:
- means for obtaining a biometrics identity from a user;
  
  means for obtaining an identification code from a user;
  
  means for using the identification code to request one or more identification strings from a remote location on a network;
  
  means for combining key shares from identification strings to generate a decryption key;
  
  means for decrypting an encrypted biometrics template contained within an identification string using a generated key; and
  
  means for verifying a decrypted biometrics template against the user'"'"'s biometrics identity.
- View Dependent Claims (14)
- - 14. Apparatus according to claim 10, wherein the terminal comprises an Automated Teller Machine, ATM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NCR Atleos Corp., Rapid Brands Corp.
Original Assignee
NCR Corporation (NCR Voyix Corporation)
Inventors
Forrest, Simon J.
Primary Examiner(s)
Barron; Gilberto
Assistant Examiner(s)
Dinh; Minh

Application Number

US10/261,140
Publication Number

US 20030088782A1
Time in Patent Office

1,884 Days
Field of Search

None
US Class Current

713/186
CPC Class Codes

H04L 9/085 Secret sharing or secret sp...

H04L 9/3231 Biological data, e.g. finge...

Biometrics template

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Biometrics template

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links