System and method for authenticated and privacy preserving biometric identification systems

US 7,711,152 B1
Filed: 04/30/1999
Issued: 05/04/2010
Est. Priority Date: 04/30/1999
Status: Active Grant

First Claim

Patent Images

1. A method for generating an Identification and Verification Template (IVT) for a biometric comprising the steps of:

obtaining a user biometric from a biometric system with one or more servers, wherein the biometric system includes one or more biometric scanners to collect physical information from the user which is stored as bits of information on the biometric system, wherein the user biometric includes previously encoded authorization information defining a set of privileges granted to a user by an authorization officer for a security infrastructure;

generating a dependency vector from the user biometric on an identification processing system with one or more servers, wherein the dependency vector is generated with a lossy transformation of information stored in the user biometric; and

storing the dependency vector in an Identification and Verification Template (IVT) on a reliable storage medium external to the identification processing system, such that the IVT is bound cryptographically to the user from which the user biometric was obtained, wherein the IVT does not include complete information from the obtained user biometric but does allow for verification of the user when the IVT is accessed for the security infrastructure at a later time.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for the identification of users and objects using biometric techniques is disclosed. This invention describes a biometric based identification and authorization systems which do not require the incorporation of an on-line database of stored complete biometrics for the security infrastructure. In order to remove the connectivity requirements, an off-line biometric system is achieved by incorporating an identity verification template (IVT) on a storage device/token (e.g., magnetic strip or smart-card) during the user'"'"'s registration which provides for a reliable storage medium; however, there are no security requirements required of the token even to protect the privacy of the stored biometric. The IVT does not contain complete information of the user'"'"'s biometric but allows for the verification of the user when that user later provides a biometric reading. To deal with errors that may be introduced into later scans of the biometric (for example at the time of verification) error correcting techniques, well known in the art of communication and error control systems, are incorporated into the system. The system is also usable in the online model. Moreover, it may also be used to enable cryptographic operations by being used to partially compose or encrypt private keys for cryptographic operation.

144 Citations

16 Claims

1. A method for generating an Identification and Verification Template (IVT) for a biometric comprising the steps of:
- obtaining a user biometric from a biometric system with one or more servers, wherein the biometric system includes one or more biometric scanners to collect physical information from the user which is stored as bits of information on the biometric system, wherein the user biometric includes previously encoded authorization information defining a set of privileges granted to a user by an authorization officer for a security infrastructure;
  
  generating a dependency vector from the user biometric on an identification processing system with one or more servers, wherein the dependency vector is generated with a lossy transformation of information stored in the user biometric; and
  
  storing the dependency vector in an Identification and Verification Template (IVT) on a reliable storage medium external to the identification processing system, such that the IVT is bound cryptographically to the user from which the user biometric was obtained, wherein the IVT does not include complete information from the obtained user biometric but does allow for verification of the user when the IVT is accessed for the security infrastructure at a later time.
- View Dependent Claims (2, 3, 4, 5, 15, 16)
- - 2. The method of claim 1, wherein the dependency vector includes check digits of the user biometric generated using an error correcting code.
  - 3. The method of claim 1, wherein a canonical user biometric is generated from a biometric processing function of multiple readings of the user biometric from the user.
  - 4. The method of claim 3, wherein the biometric processing function is a majority decoding function.
  - 5. The method of claim 1, in which the IVT includes public identification information for the user.
  - 15. The method of claim 1, wherein the user biometric is an iris scan or a portion of an iris scan of the user.
  - 16. The method of claim 1, wherein the reliable storage medium includes a magnetic strip or smart card.

6. A method for uniquely identifying a user via biometric analysis comprising the steps of:
- acquiring an input from a user comprising a User Biometric (UB) from an offline reader, wherein the offline reader includes one or more scanners to acquire physical information about the user;
  
  acquiring an input comprising an Identification and Verification Template (IVT) from a token or card on an identification processing system with one or more servers, wherein the IVT was generated by the identification processing system with a lossy transformation of a previously obtained UB, is cryptographically bound to a user from which the UB was obtained and wherein the IVT does not include complete information from the obtained UB but does allow for verification of the user when the IVT is accessed for a security infrastructure at a later time; and
  
  performing a validation protocol on the identification processing system with the UB and the IVT, whereby a decision value is computed giving either Authorization privileges or Other privileges to the user for access to the security infrastructure, where Other privileges may be anything else but Authorization privileges, wherein the validation protocol does not require use of a compare operation between the acquired UB and the acquired IVT.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6, wherein the validation protocol is a cryptographic validation mechanism for an authentication scheme.
  - 8. The method of claim 6, wherein the acquired UB is an iris scan or a portion of an iris scan of the user.
  - 9. The method of claim 6, where the acquired UB is derived from a biometric processing function comprising multiple scans of the UB.
  - 10. The method of claim 9, where the biometric processing function includes a majority decoding function.
  - 11. The method of claim 10, where the biometric processing function further includes error correction of a biometric component after the majority decoding function is applied.
  - 12. The method of claim 6, where the IVT incorporates a password encrypted value of the IVT.

13. A method of secure biometric pattern recognition comprising the steps of:
- acquiring a first user biometric (UB) pattern from a biometric system with one or more servers, wherein the biometric system includes one or more scanners to collect physical information from the user;
  
  acquiring authenticating information from a reliable storage medium previously generated by an identification processing system with one or more servers, wherein the reliable storage medium is external to the identification processing system;
  
  combining the UB pattern with the authenticating information with a lossy transformation of information stored in the UB on the identification processing system;
  
  encrypting the combination of the UB pattern and the authenticating information to provide an Identification and Verification Template (IVT), wherein the IVT includes less than all information obtained from the first UB;
  
  acquiring a second UB pattern from the biometric system; and
  
  processing the second UB pattern and the IVT on the identification processing system to determine if the first UB pattern and the second UB pattern are the same without directly comparing the first UB pattern with the second UB pattern.
- View Dependent Claims (14)
- - 14. The method of claim 13 wherein the processing step does not require use of a compare operation between the acquired second UB pattern and the IVT to securely identified a user associated with the second UB.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gidipo LLC
Original Assignee
George I. Davida, Yair Frankel
Inventors
Frankel, Yair, Davida, George I.
Primary Examiner(s)
Carter; Aaron W

Application Number

US09/303,053
Time in Patent Office

4,022 Days
Field of Search

382/100, 382115-127, 382/209, 235/380, 235/382, 235/382.5, 380/29, 380/30, 380/23, 713200-202, 713/182, 713/186, 713/155, 340/825, 340/825.31, 340/825.34, 340/5.1, 340/5.2, 340/5.51, 340/5.52, 340/5.53, 340 58- 586
US Class Current

382/115
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06V 40/10   Human or animal bodies, e.g...

System and method for authenticated and privacy preserving biometric identification systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

144 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authenticated and privacy preserving biometric identification systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

144 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links