Dynamic seed and key generation from biometric indicia
First Claim
1. A system for seed and key generation comprising:
- a storage device associated with a storage medium for interfacing with a computer; and
a non-transitory computer-readable medium integrated in or accessible by the storage device, the computer-readable medium having code stored thereon, wherein execution of the code by the computer performs the steps of;
receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, the storage device, such that the stored biometric template is an enrolled biometric template;
assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template;
encrypting an item of test data to obtain an encrypted item of test data, wherein the encrypting of the item of test data uses, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed;
storing the encrypted item of test data on, or in a location accessible by, the storage device;
storing the item of test data in an unencrypted form on, or in a location accessible by, the storage device;
destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device;
receiving information indicative of a live biometric template for use in regenerating the encryption seed;
comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user,wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template;
iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data,wherein said step of iteratively testing includes the steps of using at least one value within the interval to decrypt the previously stored and encrypted item of test data to obtain a decrypted item of test data, and comparing said decrypted item of test data against said previously stored item of test data in an unencrypted form to determine if the decrypted item of test data and the previously stored item of test data in an unencrypted form are substantially similar,wherein upon testing a particular value within the interval and determining that the particular value is operable to successfully decrypt the encrypted item of test data based on the comparing, the encryption seed is regenerated and the iterative testing is ceased;
generating a key using the seed, wherein said key is operable to encrypt or decrypt one or more files stored on a secure repository associated with the storage device or to provide access to the secure repository; and
destroying the key after using the key to encrypt or decrypt one or more files stored on the secure repository or to provide access to the secure repository, such that the key is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, a method, and a computer program for generating a seed and/or a key from live biometric indicia, such that all the information necessary for generating the seed and/or the key is not stored on a storage medium. The method comprises receiving a biometric template from a user and enrolling the template; assigning an optimization value to the enrolled biometric template; encrypting an item of test data using the optimization value, such that the optimization value is an encryption seed; storing the encrypted item of test data on the storage medium; destroying the encryption seed after encrypting the item of test data; receiving a live biometric template; comparing the templates and determining an interval based on a probability that the templates are specific to the same user; iteratively testing values within the interval to identify the value in the interval for decrypting the encrypted item of test data, wherein the value used to decrypt the item of test data is the encryption seed; and generating the key using the seed.
31 Citations
20 Claims
-
1. A system for seed and key generation comprising:
-
a storage device associated with a storage medium for interfacing with a computer; and a non-transitory computer-readable medium integrated in or accessible by the storage device, the computer-readable medium having code stored thereon, wherein execution of the code by the computer performs the steps of; receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, the storage device, such that the stored biometric template is an enrolled biometric template; assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template; encrypting an item of test data to obtain an encrypted item of test data, wherein the encrypting of the item of test data uses, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed; storing the encrypted item of test data on, or in a location accessible by, the storage device; storing the item of test data in an unencrypted form on, or in a location accessible by, the storage device; destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device; receiving information indicative of a live biometric template for use in regenerating the encryption seed; comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user, wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template; iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data, wherein said step of iteratively testing includes the steps of using at least one value within the interval to decrypt the previously stored and encrypted item of test data to obtain a decrypted item of test data, and comparing said decrypted item of test data against said previously stored item of test data in an unencrypted form to determine if the decrypted item of test data and the previously stored item of test data in an unencrypted form are substantially similar, wherein upon testing a particular value within the interval and determining that the particular value is operable to successfully decrypt the encrypted item of test data based on the comparing, the encryption seed is regenerated and the iterative testing is ceased; generating a key using the seed, wherein said key is operable to encrypt or decrypt one or more files stored on a secure repository associated with the storage device or to provide access to the secure repository; and destroying the key after using the key to encrypt or decrypt one or more files stored on the secure repository or to provide access to the secure repository, such that the key is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium encoded with code segments for generating a seed and a key for accessing a storage device interfaced with a computer, the computer-readable medium including code segments for performing the steps comprising:
-
receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, the storage device, such that the stored biometric template is an enrolled biometric template; assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template; encrypting an item of test data to obtain an encrypted item of test data, wherein the encrypting of the item of test data uses, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed; storing the encrypted item of test data on, or in a location accessible by, the storage device; storing the item of test data in an unencrypted form on, or in a location accessible by, the storage device; destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device; receiving information indicative of a live biometric template for use in regenerating the encryption seed; comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user, wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template; iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data, wherein said step of iteratively testing includes the steps of using at least one value within the interval to decrypt the previously stored and encrypted item of test data to obtain a decrypted item of test data, and comparing said decrypted item of test data against said previously stored item of test data in an unencrypted form to determine if the decrypted item of test data and the previously stored item of test data in an unencrypted form are substantially similar, wherein upon testing a particular value within the interval and determining that the particular value is operable to successfully decrypt the encrypted item of test data based on the comparing, the encryption seed is regenerated and the iterative testing is ceased; generating a key using the seed, wherein said key is operable to encrypt or decrypt one or more files stored on a secure repository associated with the storage device or to provide access to the secure repository; and destroying the key after using the key to encrypt or decrypt one or more files stored on the secure repository or to provide access to the secure repository, such that the key is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method for seed and key generation comprising:
-
receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, a storage device, such that the stored biometric template is an enrolled biometric template; assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template; encrypting an item of test data to obtain an encrypted item of test data, wherein the encrypting of the item of test data uses, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed; storing the encrypted item of test data on, or in a location accessible by, the storage device; storing the item of test data in an unencrypted form on, or in a location accessible by, the storage device; destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device; receiving information indicative of a live biometric template for use in regenerating the encryption seed; comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user, wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template; iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data, wherein said step of iteratively testing includes the steps of using at least one value within the interval to decrypt the previously stored and encrypted item of test data to obtain a decrypted item of test data, and comparing said decrypted item of test data against said previously stored item of test data in an unencrypted form to determine if the decrypted item of test data and the previously stored item of test data in an unencrypted form are substantially similar, wherein upon testing a particular value within the interval and determining that the particular value is operable to successfully decrypt the encrypted item of test data based on the comparing, the encryption seed is regenerated and the iterative testing is ceased; generating a key using the seed, wherein said key is operable to encrypt or decrypt one or more files stored on a secure repository associated with the storage device or to provide access to the secure repository; and destroying the key after using the key to encrypt or decrypt one or more files stored on the secure repository or to provide access to the secure repository, such that the key is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification