System, method and program product for checking revocation status of a biometric reference template

US 8,327,134 B2
Filed: 02/12/2009
Issued: 12/04/2012
Est. Priority Date: 02/12/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method for checking a revocation status of a biometric reference template, said method comprising:

creating, by a processor of a computer system, a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;

inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;

said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;

obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; and

said processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and program product for checking the revocation status of a biometric reference template. The method includes creating a revocation object for a reference template generated for an individual, where the revocation object contains first plaintext data providing a location for checking revocation status of the reference template and containing ciphertext data identifying the unique reference template identifier and a hash of the reference template. The method further includes providing the revocation object to a relying party requesting revocation status and sending a request to an issuer of the reference template for checking the revocation status of the reference template, without revealing identity of the individual. The method further includes returning results of the revocation status check to the relying party. In an embodiment, a random value is added to the ciphertext data for preserving privacy of the reference template holder.

90 Citations

View as Search Results

25 Claims

1. A method for checking a revocation status of a biometric reference template, said method comprising:
- creating, by a processor of a computer system, a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;
  
  inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;
  
  said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;
  
  obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; and
  
  said processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, said method further comprising:
    - said processor receiving, from the relying party, a request for the revocation status of the biometric reference template; and
      
      after said receiving the request and prior to said ascertaining, said processor sending the reference template revocation object to the relying party.
  - 3. The method of claim 1, wherein said ascertaining is performed without revealing an identity of the individual.
  - 4. The method of claim 1, wherein said returning is performed without revealing an identity of the individual.
  - 5. The method of claim 1, said method further comprising:
    - said processor inserting into the reference template revocation object a random value for encrypting second plaintext data comprising both the identifier and the computed hash value, said plaintext data being contained in the reference template revocation object.
  - 6. The method of claim 5, said method further comprising:
    - said processor encrypting the second plaintext data in the reference template revocation object.
  - 7. The method of claim 5, said method further comprising:
    - injecting the reference template revocation object into a security token device issued to the individual;
      
      inserting into the security token device an encryption key for performing said encrypting; and
      
      inserting into the security token device a signature key for signing the reference template revocation object.

8. A computer system comprising a processor, a memory coupled to the processor, and a computer readable storage device coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory to implement a method for checking a revocation status of a biometric reference template, said method comprising:
- said processor creating a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;
  
  inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;
  
  said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;
  
  obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; and
  
  said processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer system of claim 8, said method further comprising:
    - said processor receiving, from the relying party, a request for the revocation status of the biometric reference template; and
      
      after said receiving the request and prior to said ascertaining, said processor sending the reference template revocation object to the relying party.
  - 10. The computer system of claim 8, wherein said ascertaining is performed without revealing an identity of the individual.
  - 11. The computer system of claim 8, wherein said returning is performed without revealing an identity of the individual.
  - 12. The computer system of claim 8, said method further comprising:
    - said processor inserting into the reference template revocation object a random value for encrypting second plaintext data comprising both the identifier and the computed hash value, said plaintext data being contained in the reference template revocation object.
  - 13. The computer system of claim 12, said method further comprising:
    - said processor encrypting the second plaintext data in the reference template revocation object.

14. A computer program product, comprising a computer readable hardware storage device having a computer readable program code stored therein, said program code containing instructions configured to be executed by a processor of a computer system to implement a method for checking a revocation status of a biometric reference template, said method comprising:
- said processor creating a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;
  
  inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;
  
  said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;
  
  obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; and
  
  said processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer program product of claim 14, said method further comprising:
    - said processor receiving, from the relying party, a request for the revocation status of the biometric reference template; and
      
      after said receiving the request and prior to said ascertaining, said processor sending the reference template revocation object to the relying party.
  - 16. The computer program product of claim 14, wherein said ascertaining is performed without revealing an identity of the individual.
  - 17. The computer program product of claim 14, wherein said returning is performed without revealing an identity of the individual.
  - 18. The computer program product of claim 14, said method further comprising:
    - said processor inserting into the reference template revocation object a random value for encrypting second plaintext data comprising both the identifier and the computed hash value, said plaintext data being contained in the reference template revocation object.
  - 19. The computer program product of claim 18, said method further comprising:
    - said processor encrypting the second plaintext data in the reference template revocation object.

20. A process for deploying computer infrastructure, said process comprising computer-readable code in a computer system, wherein the code in combination with the computer system is configured to perform a method for checking a revocation status of a biometric reference template, said method comprising:
- creating, by a processor of the computer system, a reference template revocation object for the biometric reference template previously generated for an individual, said creating the reference template revocation object comprising;
  
  inserting into the reference template revocation object first plaintext data providing a location for checking the revocation status of the biometric reference template, inserting into the reference template revocation object a unique biometric reference template identifier that uniquely identifies the biometric reference template, computing a hash value of the biometric reference template, and inserting into the reference template revocation object the computed hash value of the biometric reference template;
  
  said processor ascertaining the revocation status of the biometric reference template through use of the reference template revocation object, said ascertaining comprising;
  
  obtaining from the reference template revocation object the location, the identifier, and the hashed value, retrieving the biometric reference template, identified by the obtained identifier, at the obtained location, and determining the revocation status based on whether the biometric reference template retrieved at the obtained location differs from the biometric reference template from which the obtained hashed value was computed; and
  
  said processor returning the ascertained revocation status of the biometric reference template to a relying party that had requested the status of the biometric reference template.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The process of claim 20, said method further comprising:
    - said processor receiving, from the relying party, a request for the revocation status of the biometric reference template; and
      
      after said receiving the request and prior to said ascertaining, said processor sending the reference template revocation object to the relying party.
  - 22. The process of claim 20, wherein said ascertaining is performed without revealing an identity of the individual.
  - 23. The process of claim 20, wherein said returning is performed without revealing an identity of the individual.
  - 24. The process of claim 20, said method further comprising:
    - said processor inserting into the reference template revocation object a random value for encrypting second plaintext data comprising both the identifier and the computed hash value, said plaintext data being contained in the reference template revocation object.
  - 25. The process of claim 24, said method further comprising:
    - said processor encrypting the second plaintext data in the reference template revocation object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Griffin, Phillip H.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US12/370,334
Publication Number

US 20100205431A1
Time in Patent Office

1,391 Days
Field of Search

713/158, 713/170, 713/172, 713/175, 713/186, 726/6, 726/26
US Class Current

713/158
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 2209/60   Digital content management,...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

System, method and program product for checking revocation status of a biometric reference template

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

90 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and program product for checking revocation status of a biometric reference template

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links