Match template protection within biometric security systems
First Claim
1. A method for performing user authentication in the context of a biometric security system, the method comprising:
- obtaining a first collection of biometric data based on a first biometric source;
applying a transform function to the first collection of biometric data to generate a match template;
receiving from a biometric data collector a second collection of biometric data based on the first biometric source;
generating an authentication model based on the second collection of biometric data, the authentication model being different than the match template, wherein the process utilized to generate the authentication model is distinct from the processing associated with applying the transform function such that the representation of biometric data associated with the authentication model will be different than the representation of biometric data associated with the match template even if the first and second collections of biometric data were identical;
comparing the authentication model to the match template, wherein comparing comprises evaluating the relationship between the authentication model and the match template without directly comparing one to the other, and wherein comparing comprises comparing the authentication model to a set of database keys that describe a plurality of match template characteristics; and
granting or denying an access right based on the result of the comparison of the authentication model to the match template.
2 Assignments
0 Petitions
Accused Products
Abstract
Biometric security systems are disclosed wherein a match template is unique as compared to a corresponding authentication model generated during enrollment and/or attempts at authentication. In accordance with one embodiment, the uniqueness of the match template as compared to a corresponding biometric authentication model is complete and non-reversible. Accordingly, the data in the match template cannot be directly utilized to produce an authentication model. Accordingly, match templates stored in a database need only be protected to assure that they are not substituted, altered or supplemented. Replication of match template data is not of paramount concern, as it cannot be used for a direct authentication.
-
Citations
17 Claims
-
1. A method for performing user authentication in the context of a biometric security system, the method comprising:
-
obtaining a first collection of biometric data based on a first biometric source; applying a transform function to the first collection of biometric data to generate a match template; receiving from a biometric data collector a second collection of biometric data based on the first biometric source; generating an authentication model based on the second collection of biometric data, the authentication model being different than the match template, wherein the process utilized to generate the authentication model is distinct from the processing associated with applying the transform function such that the representation of biometric data associated with the authentication model will be different than the representation of biometric data associated with the match template even if the first and second collections of biometric data were identical; comparing the authentication model to the match template, wherein comparing comprises evaluating the relationship between the authentication model and the match template without directly comparing one to the other, and wherein comparing comprises comparing the authentication model to a set of database keys that describe a plurality of match template characteristics; and granting or denying an access right based on the result of the comparison of the authentication model to the match template. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of providing security in the context of a biometric security system, the method comprising:
-
obtaining a first data representation of a first collection of biometric information; obtaining a second data representation of a second collection of biometric information; applying an entity specific transform function to the first and second data representations to produce an entity specific match template, wherein data from both the first and second data representations are used to produce the entity specific match template; obtaining a third data representation of a third collection of biometric information; generating an authentication model based on the third data representation; comparing the authentication model to the entity specific match template to determine whether they are sufficiently related to be deemed matching, wherein comparing comprises comparing without applying the entity specific transform function to the authentication model; and granting at least one access right if they are sufficiently related to be deemed matching. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for performing user authentication in the context of a biometric security system that simultaneously monitors a plurality of access points, the method comprising:
-
obtaining a first collection of biometric data based on a first biometric source; applying a transform function to the first collection of biometric data to generate a match template, wherein the match template is a non-reversible derivation of the first collection of biometric data; deleting the first collection of biometric data; storing an indication of access rights in correspondence to the match template; receiving from a biometric data collector a second collection of biometric data based on the first biometric source; generating an authentication model based on the second collection of biometric data, the authentication model being different than the match template, wherein the process utilized to generate the authentication model is distinct from the processing associated with applying the transform function such that the representation of biometric data associated with the authentication model will be different than the representation of biometric data associated with the match template even if the first and second collections of biometric data were identical; comparing the authentication model to the match template, wherein comparing comprises evaluating the relationship between the authentication model and the match template; comparing the indication of access rights to a required access right of at least one of the plurality of access points; and granting or denying an access right based on the result of the comparison of the authentication model to the match template and based on the result of the comparison of the indication of access rights and the required access right.
-
Specification