System, method and program product for checking revocation status of a biometric reference template
First Claim
1. A method for checking a revocation status of a biometric reference template, said method comprising:
- creating, by a processor of a computer system, a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;
inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;
said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;
obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; and
said processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method and program product for checking the revocation status of a biometric reference template. The method includes creating a revocation object for a reference template generated for an individual, where the revocation object contains first plaintext data providing a location for checking revocation status of the reference template and containing ciphertext data identifying the unique reference template identifier and a hash of the reference template. The method further includes providing the revocation object to a relying party requesting revocation status and sending a request to an issuer of the reference template for checking the revocation status of the reference template, without revealing identity of the individual. The method further includes returning results of the revocation status check to the relying party. In an embodiment, a random value is added to the ciphertext data for preserving privacy of the reference template holder.
90 Citations
25 Claims
-
1. A method for checking a revocation status of a biometric reference template, said method comprising:
-
creating, by a processor of a computer system, a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;
inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;
obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; andsaid processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system comprising a processor, a memory coupled to the processor, and a computer readable storage device coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory to implement a method for checking a revocation status of a biometric reference template, said method comprising:
-
said processor creating a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;
inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;
obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; andsaid processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer program product, comprising a computer readable hardware storage device having a computer readable program code stored therein, said program code containing instructions configured to be executed by a processor of a computer system to implement a method for checking a revocation status of a biometric reference template, said method comprising:
-
said processor creating a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;
inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;
obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; andsaid processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A process for deploying computer infrastructure, said process comprising computer-readable code in a computer system, wherein the code in combination with the computer system is configured to perform a method for checking a revocation status of a biometric reference template, said method comprising:
-
creating, by a processor of the computer system, a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;
inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;
obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; andsaid processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification