System and method for authenticated and privacy preserving biometric identification systems
First Claim
1. A method for generating an Identification and Verification Template (IVT) for a biometric comprising the steps of:
- obtaining a user biometric from a biometric system with one or more servers, wherein the biometric system includes one or more biometric scanners to collect physical information from the user which is stored as bits of information on the biometric system, wherein the user biometric includes previously encoded authorization information defining a set of privileges granted to a user by an authorization officer for a security infrastructure;
generating a dependency vector from the user biometric on an identification processing system with one or more servers, wherein the dependency vector is generated with a lossy transformation of information stored in the user biometric; and
storing the dependency vector in an Identification and Verification Template (IVT) on a reliable storage medium external to the identification processing system, such that the IVT is bound cryptographically to the user from which the user biometric was obtained, wherein the IVT does not include complete information from the obtained user biometric but does allow for verification of the user when the IVT is accessed for the security infrastructure at a later time.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for the identification of users and objects using biometric techniques is disclosed. This invention describes a biometric based identification and authorization systems which do not require the incorporation of an on-line database of stored complete biometrics for the security infrastructure. In order to remove the connectivity requirements, an off-line biometric system is achieved by incorporating an identity verification template (IVT) on a storage device/token (e.g., magnetic strip or smart-card) during the user'"'"'s registration which provides for a reliable storage medium; however, there are no security requirements required of the token even to protect the privacy of the stored biometric. The IVT does not contain complete information of the user'"'"'s biometric but allows for the verification of the user when that user later provides a biometric reading. To deal with errors that may be introduced into later scans of the biometric (for example at the time of verification) error correcting techniques, well known in the art of communication and error control systems, are incorporated into the system. The system is also usable in the online model. Moreover, it may also be used to enable cryptographic operations by being used to partially compose or encrypt private keys for cryptographic operation.
144 Citations
16 Claims
-
1. A method for generating an Identification and Verification Template (IVT) for a biometric comprising the steps of:
-
obtaining a user biometric from a biometric system with one or more servers, wherein the biometric system includes one or more biometric scanners to collect physical information from the user which is stored as bits of information on the biometric system, wherein the user biometric includes previously encoded authorization information defining a set of privileges granted to a user by an authorization officer for a security infrastructure; generating a dependency vector from the user biometric on an identification processing system with one or more servers, wherein the dependency vector is generated with a lossy transformation of information stored in the user biometric; and storing the dependency vector in an Identification and Verification Template (IVT) on a reliable storage medium external to the identification processing system, such that the IVT is bound cryptographically to the user from which the user biometric was obtained, wherein the IVT does not include complete information from the obtained user biometric but does allow for verification of the user when the IVT is accessed for the security infrastructure at a later time. - View Dependent Claims (2, 3, 4, 5, 15, 16)
-
-
6. A method for uniquely identifying a user via biometric analysis comprising the steps of:
-
acquiring an input from a user comprising a User Biometric (UB) from an offline reader, wherein the offline reader includes one or more scanners to acquire physical information about the user; acquiring an input comprising an Identification and Verification Template (IVT) from a token or card on an identification processing system with one or more servers, wherein the IVT was generated by the identification processing system with a lossy transformation of a previously obtained UB, is cryptographically bound to a user from which the UB was obtained and wherein the IVT does not include complete information from the obtained UB but does allow for verification of the user when the IVT is accessed for a security infrastructure at a later time; and performing a validation protocol on the identification processing system with the UB and the IVT, whereby a decision value is computed giving either Authorization privileges or Other privileges to the user for access to the security infrastructure, where Other privileges may be anything else but Authorization privileges, wherein the validation protocol does not require use of a compare operation between the acquired UB and the acquired IVT. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A method of secure biometric pattern recognition comprising the steps of:
-
acquiring a first user biometric (UB) pattern from a biometric system with one or more servers, wherein the biometric system includes one or more scanners to collect physical information from the user; acquiring authenticating information from a reliable storage medium previously generated by an identification processing system with one or more servers, wherein the reliable storage medium is external to the identification processing system; combining the UB pattern with the authenticating information with a lossy transformation of information stored in the UB on the identification processing system; encrypting the combination of the UB pattern and the authenticating information to provide an Identification and Verification Template (IVT), wherein the IVT includes less than all information obtained from the first UB; acquiring a second UB pattern from the biometric system; and processing the second UB pattern and the IVT on the identification processing system to determine if the first UB pattern and the second UB pattern are the same without directly comparing the first UB pattern with the second UB pattern. - View Dependent Claims (14)
-
Specification