Dynamic seed and key generation from biometric indicia

US 8,745,405 B2
Filed: 02/16/2011
Issued: 06/03/2014
Est. Priority Date: 02/17/2010
Status: Active Grant

First Claim

Patent Images

1. A system for seed and key generation comprising:

a storage device associated with a storage medium for interfacing with a computer; and

a non-transitory computer-readable medium integrated in or accessible by the storage device, the computer-readable medium having code stored thereon, wherein execution of the code by the computer performs the steps of;

receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, the storage device, such that the stored biometric template is an enrolled biometric template;

assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template;

encrypting an item of test data to obtain an encrypted item of test data, wherein the encrypting of the item of test data uses, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed;

storing the encrypted item of test data on, or in a location accessible by, the storage device;

storing the item of test data in an unencrypted form on, or in a location accessible by, the storage device;

destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device;

receiving information indicative of a live biometric template for use in regenerating the encryption seed;

comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user,wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template;

iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data,wherein said step of iteratively testing includes the steps of using at least one value within the interval to decrypt the previously stored and encrypted item of test data to obtain a decrypted item of test data, and comparing said decrypted item of test data against said previously stored item of test data in an unencrypted form to determine if the decrypted item of test data and the previously stored item of test data in an unencrypted form are substantially similar,wherein upon testing a particular value within the interval and determining that the particular value is operable to successfully decrypt the encrypted item of test data based on the comparing, the encryption seed is regenerated and the iterative testing is ceased;

generating a key using the seed, wherein said key is operable to encrypt or decrypt one or more files stored on a secure repository associated with the storage device or to provide access to the secure repository; and

destroying the key after using the key to encrypt or decrypt one or more files stored on the secure repository or to provide access to the secure repository, such that the key is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, a method, and a computer program for generating a seed and/or a key from live biometric indicia, such that all the information necessary for generating the seed and/or the key is not stored on a storage medium. The method comprises receiving a biometric template from a user and enrolling the template; assigning an optimization value to the enrolled biometric template; encrypting an item of test data using the optimization value, such that the optimization value is an encryption seed; storing the encrypted item of test data on the storage medium; destroying the encryption seed after encrypting the item of test data; receiving a live biometric template; comparing the templates and determining an interval based on a probability that the templates are specific to the same user; iteratively testing values within the interval to identify the value in the interval for decrypting the encrypted item of test data, wherein the value used to decrypt the item of test data is the encryption seed; and generating the key using the seed.

31 Citations

View as Search Results

20 Claims

1. A system for seed and key generation comprising:
- a storage device associated with a storage medium for interfacing with a computer; and
  
  a non-transitory computer-readable medium integrated in or accessible by the storage device, the computer-readable medium having code stored thereon, wherein execution of the code by the computer performs the steps of;
  
  receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, the storage device, such that the stored biometric template is an enrolled biometric template;
  
  assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template;
  
  encrypting an item of test data to obtain an encrypted item of test data, wherein the encrypting of the item of test data uses, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed;
  
  storing the encrypted item of test data on, or in a location accessible by, the storage device;
  
  storing the item of test data in an unencrypted form on, or in a location accessible by, the storage device;
  
  destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device;
  
  receiving information indicative of a live biometric template for use in regenerating the encryption seed;
  
  comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user,wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template;
  
  iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data,wherein said step of iteratively testing includes the steps of using at least one value within the interval to decrypt the previously stored and encrypted item of test data to obtain a decrypted item of test data, and comparing said decrypted item of test data against said previously stored item of test data in an unencrypted form to determine if the decrypted item of test data and the previously stored item of test data in an unencrypted form are substantially similar,wherein upon testing a particular value within the interval and determining that the particular value is operable to successfully decrypt the encrypted item of test data based on the comparing, the encryption seed is regenerated and the iterative testing is ceased;
  
  generating a key using the seed, wherein said key is operable to encrypt or decrypt one or more files stored on a secure repository associated with the storage device or to provide access to the secure repository; and
  
  destroying the key after using the key to encrypt or decrypt one or more files stored on the secure repository or to provide access to the secure repository, such that the key is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein generating the key further comprises:
    - observing and modifying a structure and a behavior of a first code segment at runtime to generate a second code segment,wherein said first code segment is a reflective code segment, andwherein the key is generated using the second code segment.
  - 3. The system of claim 2, wherein encryption or decryption of the files on the storage device or access to the secure repository cannot be obtained without receipt of the live biometric template.
  - 4. The system of claim 3, further including supplying the key to a HOTP authentication system for obtaining a one-time password.
  - 5. The system of claim 2, wherein receiving information indicative of the enrolled biometric template further comprises:
    - receiving information indicative of at least one biometric identifier specific to a user and determining biometric indicia associated with the biometric identifier; and
      
      assigning the optimization value to the biometric indicia prior to creation of the enrolled biometric template, such that the enrolled biometric template does not provide information from which the optimization value can be determined without receipt of the live biometric template.
  - 6. The system of claim 1, wherein the probability that the enrolled biometric template and the live biometric template are specific to the same user is inversely proportional to a size of a range of the interval, such that the higher the probability, the smaller the range and the fewer values within the range.
  - 7. The system of claim 1, further including applying a filter to the values within the interval so as to reduce noise within the interval, such that after application of the filter, the interval is a filtered interval,wherein said filter is applied to the values subsequent to determining the interval but prior to iteratively testing the values within the interval, andwherein subsequent to applying the filter, the value indicative of or the same as the destroyed encryption seed remains in the filtered interval.

8. A non-transitory computer-readable storage medium encoded with code segments for generating a seed and a key for accessing a storage device interfaced with a computer, the computer-readable medium including code segments for performing the steps comprising:
- receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, the storage device, such that the stored biometric template is an enrolled biometric template;
  
  assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template;
  
  encrypting an item of test data to obtain an encrypted item of test data, wherein the encrypting of the item of test data uses, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed;
  
  storing the encrypted item of test data on, or in a location accessible by, the storage device;
  
  storing the item of test data in an unencrypted form on, or in a location accessible by, the storage device;
  
  destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device;
  
  receiving information indicative of a live biometric template for use in regenerating the encryption seed;
  
  comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user,wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template;
  
  iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data,wherein said step of iteratively testing includes the steps of using at least one value within the interval to decrypt the previously stored and encrypted item of test data to obtain a decrypted item of test data, and comparing said decrypted item of test data against said previously stored item of test data in an unencrypted form to determine if the decrypted item of test data and the previously stored item of test data in an unencrypted form are substantially similar,wherein upon testing a particular value within the interval and determining that the particular value is operable to successfully decrypt the encrypted item of test data based on the comparing, the encryption seed is regenerated and the iterative testing is ceased;
  
  generating a key using the seed, wherein said key is operable to encrypt or decrypt one or more files stored on a secure repository associated with the storage device or to provide access to the secure repository; and
  
  destroying the key after using the key to encrypt or decrypt one or more files stored on the secure repository or to provide access to the secure repository, such that the key is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer-readable medium of claim 8, wherein generating the key further comprises:
    - observing and modifying a structure and a behavior of a first code segment at runtime to generate a second code segment,wherein said first code segment is a reflective code segment, andwherein the key is generated using the second code segment.
  - 10. The computer-readable medium of claim 9, wherein encryption or decryption of the files on the storage device or access to the secure repository cannot be obtained without receipt of the live biometric template.
  - 11. The computer-readable medium of claim 9, wherein receiving information indicative of the enrolled biometric template further comprises:
    - receiving information indicative of at least one biometric identifier specific to a user and determining biometric indicia associated with the biometric identifier; and
      
      assigning the optimization value to the biometric indicia prior to creation of the enrolled biometric template, such that the enrolled biometric template does not provide information from which the optimization value can be determined without receipt of the live biometric template.
  - 12. The computer-readable medium of claim 8, wherein the probability that the enrolled biometric template and the live biometric template are specific to the same user is inversely proportional to a size of a range of the interval, such that the higher the probability, the smaller the range and the fewer values within the range.
  - 13. The computer-readable medium of claim 8, further including applying a filter to the values within the interval so as to reduce noise within the interval, such that after application of the filter, the interval is a filtered interval,wherein said filter is applied to the values subsequent to determining the interval but prior to iteratively testing the values within the interval, andwherein subsequent to applying the filter, the value indicative of or the same as the destroyed encryption seed remains in the filtered interval.

14. A method for seed and key generation comprising:
- receiving information indicative of at least one biometric template specific to a user for storing on, or otherwise making accessible by, a storage device, such that the stored biometric template is an enrolled biometric template;
  
  assigning an optimization value to the enrolled biometric template that is indicative of a representative feature associated with the enrolled biometric template;
  
  encrypting an item of test data to obtain an encrypted item of test data, wherein the encrypting of the item of test data uses, at least in part, the optimization value associated with the enrolled biometric template, such that the optimization value serves as an encryption seed;
  
  storing the encrypted item of test data on, or in a location accessible by, the storage device;
  
  storing the item of test data in an unencrypted form on, or in a location accessible by, the storage device;
  
  destroying the encryption seed after encrypting the item of test data, such that the seed is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device;
  
  receiving information indicative of a live biometric template for use in regenerating the encryption seed;
  
  comparing the enrolled biometric template with the live biometric template and determining an interval having a range based on a probability that the enrolled and live templates are specific to the same user,wherein the interval has a plurality of values therein, and one of the values is indicative of or is the same as the destroyed encryption seed associated with the optimization value for the enrolled biometric template;
  
  iteratively testing the values within the interval to identify the value in the interval for decrypting the encrypted item of test data,wherein said step of iteratively testing includes the steps of using at least one value within the interval to decrypt the previously stored and encrypted item of test data to obtain a decrypted item of test data, and comparing said decrypted item of test data against said previously stored item of test data in an unencrypted form to determine if the decrypted item of test data and the previously stored item of test data in an unencrypted form are substantially similar,wherein upon testing a particular value within the interval and determining that the particular value is operable to successfully decrypt the encrypted item of test data based on the comparing, the encryption seed is regenerated and the iterative testing is ceased;
  
  generating a key using the seed, wherein said key is operable to encrypt or decrypt one or more files stored on a secure repository associated with the storage device or to provide access to the secure repository; and
  
  destroying the key after using the key to encrypt or decrypt one or more files stored on the secure repository or to provide access to the secure repository, such that the key is not stored on, or otherwise made accessible by, the storage device or transmitted to a third-party storage device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein generating the key further of comprises:
    - observing and modifying a structure and a behavior of a first code segment at runtime to generate a second code segment,wherein said first code segment is a reflective code segment, andwherein the key is generated using the second code segment.
  - 16. The method of claim 14, wherein encryption or decryption of the files on the storage device or access to the secure repository cannot be obtained without receipt of the live biometric template.
  - 17. The method of claim 14, further including supplying the key to a HOTP authentication system for obtaining a one-time password.
  - 18. The method of claim 14, wherein receiving information indicative of the enrolled biometric template further comprises:
    - receiving information indicative of at least one biometric identifier specific to a user and determining biometric indicia associated with the biometric identifier; and
      
      assigning the optimization value to the biometric indicia prior to creation of the enrolled biometric template, such that the enrolled biometric template does not provide information from which the optimization value can be determined without receipt of the live biometric template.
  - 19. The method of claim 14, wherein the probability that the enrolled biometric template and the live biometric template are specific to the same user is inversely proportional to a size of a range of the interval, such that the higher the probability, the smaller the range and the fewer values within the range.
  - 20. The method of claim 14, further including applying a filter to the values within the interval so as to reduce noise within the interval, such that after application of the filter, the interval is a filtered interval,wherein said filter is applied to the values subsequent to determining the interval but prior to iteratively testing the values within the interval, andwherein subsequent to applying the filter, the value indicative of or the same as the destroyed encryption seed remains in the filtered interval.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CIP, LLC
Original Assignee
Ceelox Patents, LLC
Inventors
Pizano, Erix, Sass, Joe
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
RUPRECHT, CHRISTOPHER S

Application Number

US13/028,715
Publication Number

US 20110264919A1
Time in Patent Office

1,203 Days
Field of Search

None
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0861   using biometrical features,...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

H04L 9/3231   Biological data, e.g. finge...

Dynamic seed and key generation from biometric indicia

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic seed and key generation from biometric indicia

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links