Security method and apparatus using biometric data

US 7,693,279 B2
Filed: 04/21/2004
Issued: 04/06/2010
Est. Priority Date: 04/23/2003
Status: Active Grant

First Claim

Patent Images

1. A security method, carried out by a trusted authority entity, for generating decryption keys for multiple individuals, the method comprising:

(a) receiving biometric data of a specific individual,(b) comparing the biometric data with biometric characteristics of a subject individual to determine whether the latter is said specific individual, and(c) using at least the biometric data and private data of the trusted authority entity to generate, by an identifier-based cryptography process, a decryption key that forms one key of an asymmetric key pair, and(d) repeating (a) to (c) for each of multiple specific individuals, the same trusted-authority private data being used in generating each decryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security method and apparatus is provided in which a trusted authority is arranged to read in identity data from a memory device presented by an individual. This identity data comprises both biometric data of a specific individual ,and additional identity data concerning the same individual. The trusted authority uses the biometric data as a biometric reference for comparison with biometric characteristics of the individual presenting the memory card in order to determine whether the latter is the individual represented by the biometric data. The trusted authority uses the additional identity data or matching data, together with private data of the trusted authority, to generate a decryption key. This decryption key is apt to decrypt data encrypted using both an encryption key string comprising the additional identity data of the specific individual and public data of the trusted authority.

58 Citations

View as Search Results

36 Claims

1. A security method, carried out by a trusted authority entity, for generating decryption keys for multiple individuals, the method comprising:
- (a) receiving biometric data of a specific individual,(b) comparing the biometric data with biometric characteristics of a subject individual to determine whether the latter is said specific individual, and(c) using at least the biometric data and private data of the trusted authority entity to generate, by an identifier-based cryptography process, a decryption key that forms one key of an asymmetric key pair, and(d) repeating (a) to (c) for each of multiple specific individuals, the same trusted-authority private data being used in generating each decryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method according to claim 1, wherein the decryption key is made available to the subject individual only if the latter is determined by the trusted authority entity to be said specific individual.
  - 3. A method according to claim 1, wherein the decryption key is used by the trusted authority entity to decrypt data that has been encrypted based on encryption parameters comprising public data of the trusted authority entity and an encryption key string formed using at least said biometric data, said public data of the trusted authority entity being related to its private data.
  - 4. A method according to claim 3, wherein the decrypted data is made available to the subject individual if the latter is determined by the trusted authority entity to be said specific individual.
  - 5. A method according to claim 1, wherein if the subject individual is determined by the trusted authority entity to be the specific individual, the decryption key is used by the trusted authority entity to decrypt data that has been encrypted based on encryption parameters comprising public data of the trusted authority entity and an encryption key string formed using at least said biometric data, said public data of the trusted authority entity being related to its private data.
  - 6. A method according to claim 1, wherein the generation of the decryption key is only carried out if said subject individual is determined to be said specific individual.
  - 7. A method according to claim 1, wherein the subject individual is a human person that has presented him/herself to the trusted authority entity and purports to be said specific individual.
  - 8. A method according to claim 1, wherein the determination of whether said subject individual is said specific individual is carried out automatically by comparing features represented in the reference biometric data with features in measurement data produced by measurement of the subject individual.
  - 9. A method according to claim 1, wherein the determination of whether said subject individual is said specific individual is carried out by a human.
  - 10. A method according to claim 1, wherein the biometric data comprises image data of the face of the specific individual.
  - 11. A method according to claim 1, wherein the biometric data is read from a memory device presented by the subject individual.
  - 12. A method according to claim 1, wherein the generation of the decryption key is effected in accordance with identifier-based cryptography utilising quadratic residuosity.
  - 13. A method according to claim 1, wherein the generation of the decryption key is effected in accordance with identifier-based cryptography utilising Weil or Tate pairings.

14. A data access control method comprising:
- (a) encrypting first data using encryption parameters comprising public data of a trusted authority entity and an encryption key string formed using at least biometric data of a specific individual;
  
  (b) providing the biometric data of said specific individual to the trusted authority entity which uses it both;
  
  as a biometric reference for comparison with biometric characteristics of a subject individual to determine whether the latter is said specific individual, andto generate, by an identifier-based cryptography process, a decryption key that forms one key of an asymmetric key pair and that is based on at least the biometric data and private data of the trusted authority entity, said public data of the trusted authority entity being related to its private data;
  
  (c) using the decryption key to decrypt the encrypted first data; and
  
  (d) repeating (a) to (c) for each of multiple specific individuals, the same trusted-authority private data being used in generating each decryption key.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 15. A method according to claim 14, wherein the decryption key is only generated, or only made available for use in step (c), by the trusted authority entity if the subject individual is determined by the trusted authority entity to be the specific individual.
  - 16. A method according to claim 14, wherein in step (a) the biometric data of said specific individual is contemporaneously generated from said specific individual.
  - 17. A method according to claim 14, wherein in step (a) the biometric data of said specific individual is generated from recorded analogue biometric data of said specific individual.
  - 18. A method according to claim 14, wherein in step (a) biometric data of said specific individual is retrieved from digital storage.
  - 19. A method according to claim 18, wherein the biometric data of said specific individual is retrieved from a memory device presented by said specific individual.
  - 20. A method according to claim 14, wherein the biometric data of said specific individual is provided to the trusted authority entity by being read off a memory device presented by said subject individual.
  - 21. A method according to claim 14, wherein the biometric data of said specific individual is provided to the trusted authority entity by transfer from an entity carrying out step (a).
  - 22. A method according to claim 14, wherein the subject individual is a human person that has presented him/herself to the trusted authority entity and purports to be said specific individual.
  - 23. A method according to claim 14, wherein in step (b) the determination of whether said subject individual is said specific individual is carried out automatically by comparing features represented in the reference biometric data with features in measurement data produced by measurement of the subject individual.
  - 24. A method according to claim 14, wherein in step (b) the determination of whether said subject individual is said specific individual is carried out by a human.
  - 25. A method according to claim 14, wherein step (c) is carried out by the trusted authority entity and the decrypted data is made available to the specific individual.
  - 26. A method according to claim 14, wherein the trusted authority entity provides the decryption key to said specific individual which then carries out step (c).
  - 27. A method according to claim 14, wherein the biometric data of said specific individual comprises image data of the face of the specific individual.
  - 28. A method according to claim 14, wherein in step (a) the biometric data of said specific individual is read from a memory device of said specific individual and the encrypted first data is stored to said device, the biometric data of said specific individual being provided to the trusted authority entity in step (b) by being read from said memory device, and step (c) being carried by the trusted authority entity and only if the subject individual is determined in step (b) to be said specific individual, the decrypted first data produced in step (c) being made available to said specific individual.
  - 29. A method according to claim 28, wherein the first data comprises password data.
  - 30. A method according to claim 14, wherein step (a) is carried out by a data provider with the biometric data of said specific individual being image data derived from a photograph of said specific individual, the biometric data of said specific individual being sent to a receiving party together with the encrypted first data for use by the trusted authority entity in step (b).
  - 31. A method according to claim 30, wherein the receiving party is the trusted authority entity.
  - 32. A method according to claim 30, wherein the receiving party is said specific individual.
  - 33. A method according to claim 14, wherein step (a) is carried out by a data provider with said biometric data of said specific individual comprising data that is the same as biometric data stored on a memory device of said specific individual as a result of having been either read from that device or provided from a common source, the said subject individual seeking to obtain the decryption key from the trusted authority entity by presenting a memory device to the trusted authority entity to enable the latter to read off biometric data stored in the device, the trusted authority entity providing the decryption key to the subject individual only if the latter is determined in step (b) to be said specific individual.
  - 34. A method according to claim 33, wherein the encryption key string includes a data element known to the data provider and passed to the trusted authority entity, this data element being varied between iterations of steps (a) to (c).
  - 35. A method according to claim 14, wherein the cryptographic processes involving the encryption key string and decryption key are effected in accordance with identifier-based cryptography utilising quadratic residuosity.
  - 36. A method according to claim 16, wherein the cryptographic processes involving the encryption key string and decryption key are effected in accordance with identifier-based cryptography utilising Weil or Tate pairings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Harrison, Keith Alexander, Chen, Liqun
Primary Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US10/829,930
Publication Number

US 20050005135A1
Time in Patent Office

2,176 Days
Field of Search

713/186
US Class Current

380/44
CPC Class Codes

H04L 9/0866 involving user or device id...

H04L 9/3073 involving pairings, e.g. id...

Security method and apparatus using biometric data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

58 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Security method and apparatus using biometric data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links