Biometrics template
First Claim
1. A method of storing a biometrics template on a terminal network, the method comprising the steps of:
- generating an encrypted biometrics template from a biometrics template using a cryptographic key;
generating a plurality of shares of the key using a sharing algorithm;
associating each respective key share with a copy of the encrypted template and an identification code for the template, to form an identification string; and
storing each respective identification string on a respective terminal of a terminal network.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods of storing and decrypting biometrics templates on a terminal network are described. A biometrics template 14 is encrypted 18 using a key 16, and the key 16 is then divided into a number of key shares 20. The encrypted template 18, a key share 20, and a user identifier 22 are then combined to give an identification string 24. A number of strings 24 are then stored on separate terminals 26 of a terminal network 28. To decrypt the template 14, a user offers their identifier 22 to a terminal 26. The required number of identification strings 24 having that identifier 22 are retrieved from their respective terminals 26 on the network 28, and the key shares 20 combined to generate a key 16 which is then used to decrypt the template 14. The decrypted template 14 may then be used to verify the identity of the user. Using the present method, neither the unencrypted template nor the complete decryption key are transferred across the network, so improving security.
-
Citations
19 Claims
-
1. A method of storing a biometrics template on a terminal network, the method comprising the steps of:
-
generating an encrypted biometrics template from a biometrics template using a cryptographic key; generating a plurality of shares of the key using a sharing algorithm; associating each respective key share with a copy of the encrypted template and an identification code for the template, to form an identification string; and storing each respective identification string on a respective terminal of a terminal network. - View Dependent Claims (2, 3, 4, 15)
-
-
5. A method of verifying a claimed biometrics identity of a user on a terminal network, the method comprising the steps of:
-
obtaining a biometrics identity and an identification code from a user at a terminal of a terminal network; requesting and obtaining a plurality of identification strings associated with the identification code from terminals of a terminal network, each identification string comprising an encrypted biometrics template, a key share, and an identification code; combining a plurality of key shares to generate a key; decrypting at least one of the encrypted biometrics templates by means of the generated key to generate a decrypted biometrics template and verifying the biometrics identity of the user against the decrypted biometrics template. - View Dependent Claims (11, 16)
-
-
6. A method of storing a biometrics template within a terminal network having a server and terminals, the method comprising the steps of:
-
generating an encrypted biometrics template from a biometrics template using a cryptographic key; generating a plurality of shares of the key using a sharing algorithm; associating each respective key share with a copy of the encrypted template and an identification code for the template, to form an identification string and storing each respective identification string on a server of a terminal network. - View Dependent Claims (17)
-
-
7. A method of verifying a claimed biometrics identity of a user on a terminal network having a server and terminals, the method comprising the steps of:
-
obtaining a biometrics identity and an identification code from a user at a terminal of a terminal network; obtaining a plurality of identification strings corresponding to the identification code from a server of a terminal network, each identification string comprising an encrypted biometrics template, a key share, and an identification code; combining a plurality of key shares to generate a key; decrypting at least one of the encrypted biometrics templates using said generated key to generate a decrypted biometrics template; and verifying the biometrics identity of the user against the decrypted biometrics template. - View Dependent Claims (12, 18)
-
-
8. A method of storing a biometrics template on a terminal network, the method comprising the steps of:
-
generating an encrypted biometrics template from a biometrics template using a cryptographic key; generating a plurality of shares of the key using a sharing algorithm; associating each respective key share with a copy of the encrypted template and with an identification code to form an identification string; and storing each respective identification string on a respective terminal of a terminal network. - View Dependent Claims (19)
-
-
9. A method of verifying a claimed biometrics identity of a user on a terminal network, the method comprising the steps of:
-
obtaining a biometrics identity from a user at a terminal of a terminal network; requesting and obtaining a plurality of identification strings from terminals of a terminal network, each identification string comprising an encrypted biometrics template, an identification code, and a key share;
combining a plurality of key shares to generate a key;decrypting at least one of the encrypted biometrics templates using the generated key to generate a decrypted biometrics template and verifying the biometrics identity of the user against the decrypted biometrics template. - View Dependent Claims (13)
-
-
10. A terminal for use in a terminal network, the terminal comprising:
-
means for obtaining a biometrics identity from a user; means for obtaining an identification code from a user; means for using the identification code to request one or more identification strings from a remote location on a network; means for combining key shares from identification strings to generate a decryption key; means for decrypting an encrypted biometrics template contained within an identification string using a generated key; and means for verifying a decrypted biometrics template against the user'"'"'s biometrics identity. - View Dependent Claims (14)
-
Specification