Authorized anonymous authentication

US 8,352,746 B2
Filed: 02/19/2010
Issued: 01/08/2013
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for processing data, comprising:

(a) performing, in a computer, an enrollment process, comprising;

receiving a first biometric data and encrypting the first biometric data using an irreversible cryptographic algorithm executed by a computer;

receiving a first personal key and encrypting the first personal key using an irreversible cryptographic algorithm executed by a computer;

combining the encrypted first biometric data and the encrypted first personal key to form a first processed data;

eliminating all storage or trace of the first biometric data and the first personal key in an unprocessed and unencrypted form, after the first biometric data and the first personal key have been irreversibly encrypted and before any comparison is performed; and

storing the first processed data in a repository for use in a subsequent authentication process; and

(b) performing, in a computer, an authentication process, comprising;

receiving a second biometric data and encrypting the second biometric data using an irreversible cryptographic algorithm executed by a computer;

receiving a second personal key and encrypting the second personal key using an irreversible cryptographic algorithm executed by a computer;

combining the encrypted second biometric data and the encrypted second personal key to form a second processed data;

eliminating all storage or trace of the second biometric data and the second personal key in an unprocessed and unencrypted form, after the second biometric data and the second personal key have been irreversibly encrypted and before any comparison is performed; and

comparing the second processed data to the first processed data previously stored in the repository, without accessing either the first or second processed data in an unprocessed and unencrypted form, in order to enable an authentication process for an entity represented by the second biometric data and the second personal key in a confidential manner, wherein a signal is generated pertaining to the comparison of the second processed data to the first processed data for use in the authentication process of the entity represented by the second biometric data and the second personal key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, program and system for processing data is disclosed. The method, program and system comprising the steps of: (a) receiving (e.g., during an enrollment process) a first biometric data and a first personal key, (b) processing the first biometric data and the first personal key through an irreversible cryptographic algorithm, sometimes after: (i) generating one or more variants from the first biometric data, (ii) processing the first personal key through a reversible cryptographic algorithm, and (iii) adding salt to the first biometric data or first personal key, (c) receiving (e.g., during an authentication process) a second biometric data and a second personal key, (d) processing the second biometric data and the second personal key through the irreversible cryptographic algorithm, (e) comparing the second processed data to the first processed data, and (f) generating a signal pertaining to the comparison of the second processed data to the first processed data, such as: (i) a confirmation reflecting authentication when the second processed data matches the first processed data (sometimes allowing access to a facility or system) or (ii) a denial reflecting no confirmation when the second processed data does not match the first processed data.

105 Citations

21 Claims

1. A computer-implemented method for processing data, comprising:
- (a) performing, in a computer, an enrollment process, comprising;
  
  receiving a first biometric data and encrypting the first biometric data using an irreversible cryptographic algorithm executed by a computer;
  
  receiving a first personal key and encrypting the first personal key using an irreversible cryptographic algorithm executed by a computer;
  
  combining the encrypted first biometric data and the encrypted first personal key to form a first processed data;
  
  eliminating all storage or trace of the first biometric data and the first personal key in an unprocessed and unencrypted form, after the first biometric data and the first personal key have been irreversibly encrypted and before any comparison is performed; and
  
  storing the first processed data in a repository for use in a subsequent authentication process; and
  
  (b) performing, in a computer, an authentication process, comprising;
  
  receiving a second biometric data and encrypting the second biometric data using an irreversible cryptographic algorithm executed by a computer;
  
  receiving a second personal key and encrypting the second personal key using an irreversible cryptographic algorithm executed by a computer;
  
  combining the encrypted second biometric data and the encrypted second personal key to form a second processed data;
  
  eliminating all storage or trace of the second biometric data and the second personal key in an unprocessed and unencrypted form, after the second biometric data and the second personal key have been irreversibly encrypted and before any comparison is performed; and
  
  comparing the second processed data to the first processed data previously stored in the repository, without accessing either the first or second processed data in an unprocessed and unencrypted form, in order to enable an authentication process for an entity represented by the second biometric data and the second personal key in a confidential manner, wherein a signal is generated pertaining to the comparison of the second processed data to the first processed data for use in the authentication process of the entity represented by the second biometric data and the second personal key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising generating a first variant from the first biometric data prior to encrypting the first biometric data.
  - 3. The method of claim 1, further comprising generating a second variant from the second biometric data prior to encrypting the second biometric data.
  - 4. The method of claim 1, further comprising encrypting the first processed data using an irreversible cryptographic algorithm.
  - 5. The method of claim 1, further comprising encrypting the second processed data using an irreversible cryptographic algorithm.
  - 6. The method of claim 1, further comprising associating a first primary key with the first processed data.
  - 7. The method of claim 1, further comprising associating a second primary key with the second processed data.

8. A computer-implemented method for processing data, comprising:
- receiving a first biometric data and encrypting the first biometric data using an irreversible cryptographic algorithm executed by a computer;
  
  receiving a first personal key and encrypting the first personal key using an irreversible cryptographic algorithm executed by a computer;
  
  combining the encrypted first biometric data and the encrypted first personal key to form a first processed data;
  
  eliminating all storage or trace of the first biometric data and the first personal key in an unprocessed and unencrypted form, after the first biometric data and the first personal key have been irreversibly encrypted and before any comparison is performed; and
  
  storing the first processed data in a repository for use in a subsequent authentication process;
  
  wherein an authentication process;
  
  receives a second biometric data and encrypts the second biometric data using an irreversible cryptographic algorithm executed by a computer;
  
  receives a second personal key and encrypts the second personal key using an irreversible cryptographic algorithm executed by a computer;
  
  combines the encrypted second biometric data and the encrypted second personal key to form a second processed data;
  
  eliminates all storage or trace of the second biometric data and the second personal key in an unprocessed and unencrypted form, after the second biometric data and the second personal key have been irreversibly encrypted and before any comparison is performed;
  
  compares the second processed data to the first processed data previously stored in the repository, without accessing either the first or second processed data in an unprocessed and unencrypted form, in order to enable an authentication process for an entity represented by the second biometric data and the second personal key in a confidential manner, wherein a signal is generated pertaining to the comparison of the second processed data to the first processed data for use in the authentication process of the entity represented by the second biometric data and the second personal key.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising generating a first variant from the first biometric data prior to encrypting the first biometric data.
  - 10. The method of claim 8, wherein a second variant is generated from the second biometric data prior to the second biometric data being encrypted.
  - 11. The method of claim 8, further comprising encrypting the first processed data using an irreversible cryptographic algorithm.
  - 12. The method of claim 8, wherein the second processed data is encrypted using an irreversible cryptographic algorithm.
  - 13. The method of claim 8, further comprising associating a first primary key with the first processed data.
  - 14. The method of claim 8, wherein a second primary key is associated with the second processed data.

15. A computer-implemented method for processing data, comprising:
- receiving a first biometric data and encrypting the first biometric data using an irreversible cryptographic algorithm executed by a computer;
  
  receiving a first personal key and encrypting the first personal key using an irreversible cryptographic algorithm executed by a computer;
  
  combining the encrypted first biometric data and the encrypted first personal key to form a first processed data;
  
  eliminating all storage or trace of the first biometric data and the first personal key in an unprocessed and unencrypted form, after the first biometric data and the first personal key have been irreversibly encrypted and before any comparison is performed; and
  
  comparing the first processed data to a second processed data previously stored in a repository, without accessing either the first or second processed data in an unprocessed and unencrypted form, in order to enable an authentication process for an entity represented by a second biometric data and a second personal key in a confidential manner, wherein a signal is generated pertaining to the comparison of the first processed data to the second processed data for use in the authentication process of the entity represented by the second biometric data and the second personal key,wherein an enrollment process;
  
  receives the second biometric data and encrypts the second biometric data using an irreversible cryptographic algorithm executed by a computer;
  
  receives the second personal key and encrypts the second personal key using an irreversible cryptographic algorithm executed by a computer;
  
  combines the encrypted second biometric data and the encrypted second personal key to form the second processed data;
  
  eliminates all storage or trace of the second biometric data and the second personal key in an unprocessed and unencrypted form, after the second biometric data and the second personal key have been irreversibly encrypted and before any comparison is performed; and
  
  stores the second processed data in the repository for use in a subsequent authentication process.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, further comprising generating a first variant from the first biometric data prior to encrypting the first biometric data.
  - 17. The method of claim 15, wherein a second variant is generated from the second biometric data prior to the second biometric data being encrypted.
  - 18. The method of claim 15, further comprising encrypting the first processed data using an irreversible cryptographic algorithm.
  - 19. The method of claim 15, wherein the second processed data is encrypted using an irreversible cryptographic algorithm.
  - 20. The method of claim 15, further comprising associating a first primary key with the first processed data.
  - 21. The method of claim 15, wherein a second primary key is associated with the second processed data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jonas, Jeffrey J.
Primary Examiner(s)
Patel, Nirav B

Application Number

US12/709,333
Publication Number

US 20100153738A1
Time in Patent Office

1,054 Days
Field of Search

713/186, 713/182, 713/185, 726 2- 5, 726/9, 726/19, 726/20, 705/64, 705/65, 705/74, 340/5.52, 340/5.53, 235/380, 235/382
US Class Current

713/186
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

H04L 9/3231 Biological data, e.g. finge...

Authorized anonymous authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

105 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authorized anonymous authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links