System and method for protecting the privacy and security of stored biometric data

US 7,522,751 B2
Filed: 04/22/2005
Issued: 04/21/2009
Est. Priority Date: 04/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method of securely indexing and storing a biometric for subsequent retrieval, the method including:

using a processor to carry out the steps of;

a) Enrolling a user at an enrolment location by effecting a capture of a specific biometric from that user and associating that biometric with an identity element specific to that user,b) Applying a blinding function to the associated identity element so as to provide a blinded identity element, the blinding function taking the identity element as a data input and providing the blinded identity element as a data output, the blinded identity element revealing no information about the data input,c) generating a transaction identifier at the enrolment location;

d) associating the transaction identifier with each of the biometric and blinded identity elements to form two combinations,e) Separately forwarding each of the two combinations to a storage location which is remote from the enrolment location, matching transaction identifiers from each of the two combinations, and combining the blinded identity element and the biometric-as an index pair,f) Storing the index pair as a stored pair at the storage location, andg) Retrieving the biometric from the stored pair by subsequently providing the same identity element, applying the same blinding function to that element so as to recreate the blinded identity element and using the recreated blinded identity element to retrieve the biometric stored with that blinded identity element,wherein the step of forwarding the combination having the blinded identity element to the storage location is via an index governor, the index governor, on receiving a blinded identity element being configured to apply a second blind function to the blinded identity element so as to generate a doubly blinded identity element which is coupled to the transaction identifier for forwarding to the storage location for association with the biometric and storage as a stored pair.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data storage system that protects privacy and ensures security includes a plurality of nodes in a networked architecture, the nodes being adapted to securely communicate and co-operate with one another to allow storage and retrieval of data. A single piece of biometric data is associated only with a blinded identifier and securely divided across one or more nodes, adapted for data storage. The data itself and the link to the original individual, from whom the biometric was acquired, cannot be obtained without the co-operation of two or more nodes.

Citations

16 Claims

1. A method of securely indexing and storing a biometric for subsequent retrieval, the method including:
- using a processor to carry out the steps of;
  
  a) Enrolling a user at an enrolment location by effecting a capture of a specific biometric from that user and associating that biometric with an identity element specific to that user,b) Applying a blinding function to the associated identity element so as to provide a blinded identity element, the blinding function taking the identity element as a data input and providing the blinded identity element as a data output, the blinded identity element revealing no information about the data input,c) generating a transaction identifier at the enrolment location;
  
  d) associating the transaction identifier with each of the biometric and blinded identity elements to form two combinations,e) Separately forwarding each of the two combinations to a storage location which is remote from the enrolment location, matching transaction identifiers from each of the two combinations, and combining the blinded identity element and the biometric-as an index pair,f) Storing the index pair as a stored pair at the storage location, andg) Retrieving the biometric from the stored pair by subsequently providing the same identity element, applying the same blinding function to that element so as to recreate the blinded identity element and using the recreated blinded identity element to retrieve the biometric stored with that blinded identity element,wherein the step of forwarding the combination having the blinded identity element to the storage location is via an index governor, the index governor, on receiving a blinded identity element being configured to apply a second blind function to the blinded identity element so as to generate a doubly blinded identity element which is coupled to the transaction identifier for forwarding to the storage location for association with the biometric and storage as a stored pair.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as claimed in claim 1 wherein the biometric is encrypted prior to storage.
  - 3. The method as claimed in claim 1 wherein a plurality of blinding functions are applied to the identity element, the plurality of functions being applied in a specific iterative order.
  - 4. The method as claimed in claim 3 wherein a recreated blinded identity element is generated by applying the blinding functions to the identity element in the same order as that used to create the blinded identity element.
  - 5. The method as claimed in claim 1 further including the step of sequentially forwarding the combination having the blinded identity element to a plurality of index governors prior to a final transmission of the blinded identity element to the storage location.
  - 6. The method as claimed in claim 1 further including the step of splitting the biometric into two or more data outputs, each of the individual two or more data outputs being stored at separate locations and wherein in order to recreate the biometric it is necessary to subsequently recombine the data outputs.
  - 7. The method as claimed in claim 6 including the step of further splitting a data output from a splitting function.
  - 8. The method as claimed in claim 1 further including the steps of enrolling multiple biometrics for a specific user, collating the multiple enrolled biometrics into a single biometric set, and using a single identity element to index this biometric set.
  - 9. The method as claimed in claim 1 further including the steps of enrolling multiple biometrics for a specific user, and using different identity elements for one or more of the multiple biometrics for indexing purposes.
  - 10. The method as claimed in claim 1, further including the steps of:
    - h) Retrieving a stored and indexed biometric from the stored pair by subsequently providing the same identity element, applying the same blinding function to that element so as to recreate the blinded identity element and using the recreated blinded identity element to retrieve the biometric stored with that blinded identity element,i) Using the retrieved biometric to generate an authenticating biometric template,j) Comparing the authenticating biometric template with the biometric template previously generated, and authenticating the veracity if the templates match.

11. A computer implemented biometric storage and authentication architecture, the architecture comprising a processor and computer readable memory storing programs comprising:
- a) a first module configured to enable a enrolment of a user by effecting a capture of a specific biometric from that user and associating that biometric with an identity element specific to that user,b) a second module configured to effect an application of a blinding function to the associated identity element so as to provide a blinded identity element, the blinding function taking the identity element as a data input and providing the blinded identity element as a data output, the blinded identity element revealing no information about the data input,c) a third module configured to generate a transaction identifier and to associate the transaction identifier with each of the biometric and the blinded identity to form two combinations and to forward each for the two combinations separately to a remote repository,d) an index governor provided between the third module and the remote repository, the index governor being configured on receiving a blinded identity element to apply a second blind function to the blinded identity element so as to generate a doubly blinded identity element, the doubly blinded identity element being coupled to the transaction identifier for forwarding to the remote repository for association with the biometric and storage as a stored paid,e) a fourth module located at the remote repository and configured to match the transaction identifiers from each of the two separately received combinations so as to effect a combination of the blinded identity element and the biometric so as to form an index pair and effect storing of the index pair as a stored pair, andf) a retrieval module configured to enable a retrieval of the biometric from the stored pair by subsequently providing the same identity element, applying the same blinding function to that element so as to recreate the blinded identity element and using the recreated blinded identity element to retrieve the biometric stored with that blinded identity element.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The architecture as claimed in claim 11 wherein the repository and at least one of the first, second and third modules are provided on distinct nodes within a networked computer architecture.
  - 13. The architecture as claimed in claim 11 wherein the second module is configured to apply multiple blinding functions in an iterative process, the resultant blinded identity element having been blinded through a plurality of steps.
  - 14. The architecture as claimed in claim 11 further including an encryption module, the encryption module being configured to encrypt one or more of the elements of the stored pair.
  - 15. The architecture as claimed in claim 11 further including a data splitting module, the data splitting module being configured to enable a splitting of at least one of the identity element or biometric into two or more constituent parts.
  - 16. The architecture as claimed in claim 15 wherein the splitting module provides for a storage of each of the two or more constituent parts on separate nodes of the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Corporation DAON Technology
Original Assignee
Daon Holdings Limited
Inventors
White, Conor, Peirce, Michael
Primary Examiner(s)
Strege; John B

Application Number

US11/112,513
Publication Number

US 20060239511A1
Time in Patent Office

1,460 Days
Field of Search

382/115, 340/5.53, 340/5.83
US Class Current

382/115
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/6254   by anonymising data, e.g. d...

H04L 2209/04   Masking or blinding

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3231   Biological data, e.g. finge...

System and method for protecting the privacy and security of stored biometric data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting the privacy and security of stored biometric data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links