Mapping biometrics to a unique key

US 9,165,130 B2
Filed: 11/21/2012
Issued: 10/20/2015
Est. Priority Date: 11/21/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

enrolling an initial biometric sample of a user with an authentication application at a server;

receiving a user-specific database from the server and storing the user-specific database at a computing device of the user, the user-specific database is created specifically for the user in response to the enrolling and comprises biometric templates for a number N users, including biometric templates of other users and a biometric template of the user which is based on the initial biometric sample of the user, wherein the biometric template of the user is randomly positioned within the user-specific database, and the user-specific database is created in response to the enrolling as a proper subset of biometric templates of a number M users in a generic database, where N is less than M, and the user-specific database comprises a respective data value associated with each of the biometric templates for the N users, and each respective data value in the user-specific database is unique;

after the enrolling, receiving a subsequent biometric sample of a user at the computing device;

comparing the subsequent biometric sample to a plurality of biometric templates among the biometric templates in the user-specific database;

responsive to the comparing, selecting one of the biometric templates in the user-specific database as a best match to the subsequent biometric sample, one of the respective data values is associated with the one of the biometric templates; and

authenticating the user using the one of the respective data values as one factor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for mapping a biometric credential of a user to a data value such as a key or password. A database stores multiple entries of biometric templates and associated data values for different users. One of the entries is a match for a particular user, and the remaining entries are randomly selected. The number of entries is reasonably large to provide a desired degree of randomness for a given entry, but smaller than a key space of the data values. Based on an input of a biometric sample of the user, a best match is selected from the entries of biometric templates, and the associated data value is used to authenticate the user. Two- or three-factor authentication can be provided. Additional factors can include a password provided by the user and a key which is encrypted by the data value of the matching entry.

Citations

20 Claims

1. A method, comprising:
- enrolling an initial biometric sample of a user with an authentication application at a server;
  
  receiving a user-specific database from the server and storing the user-specific database at a computing device of the user, the user-specific database is created specifically for the user in response to the enrolling and comprises biometric templates for a number N users, including biometric templates of other users and a biometric template of the user which is based on the initial biometric sample of the user, wherein the biometric template of the user is randomly positioned within the user-specific database, and the user-specific database is created in response to the enrolling as a proper subset of biometric templates of a number M users in a generic database, where N is less than M, and the user-specific database comprises a respective data value associated with each of the biometric templates for the N users, and each respective data value in the user-specific database is unique;
  
  after the enrolling, receiving a subsequent biometric sample of a user at the computing device;
  
  comparing the subsequent biometric sample to a plurality of biometric templates among the biometric templates in the user-specific database;
  
  responsive to the comparing, selecting one of the biometric templates in the user-specific database as a best match to the subsequent biometric sample, one of the respective data values is associated with the one of the biometric templates; and
  
  authenticating the user using the one of the respective data values as one factor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein:
    - the authenticating of the user occurs without the subsequent biometric sample being transmitted outside the computing device.
  - 3. The method of claim 1, wherein:
    - the one of the respective data values comprises a password.
  - 4. The method of claim 1, further comprising:
    - accessing a private key, the private key is encrypted using a password;
      
      prompting the user to input the password;
      
      using the password as another factor in the authenticating of the user;
      
      decrypting the private key using the password to provide a decrypted private key; and
      
      using the decrypted private key as a further factor in the authenticating of the user.
  - 5. The method of claim 1, further comprising:
    - accessing a private key, the private key is encrypted using the one of the respective data values;
      
      decrypting the private key using the one of the respective data values to provide a decrypted private key; and
      
      using the decrypted private key as another factor in the authenticating of the user.
  - 6. The method of claim 5, further comprising:
    - prompting the user to input a password; and
      
      using the password as a further factor in the authenticating of the user.
  - 7. The method of claim 5, wherein:
    - the private key comprises a camouflaged private key.
  - 8. The method of claim 1, wherein:
    - the one of the respective data values comprises an n1-bit key; and
      
      the number N of the biometric templates in the database is less than 2ⁿ¹, a key space of the n1-bit key.
  - 9. The method of claim 1, wherein:
    - the one of the respective data values comprises a portion of a split key.
  - 10. The method of claim 1, wherein:
    - the authenticating uses the one of the respective data values as a key.
  - 11. The method of claim 1, wherein:
    - the biometric templates of the other users are randomly selected from among the biometric templates of the M users in the generic database.
  - 12. The method of claim 1, wherein:
    - the biometric templates of the other users comprise consecutive biometric templates among the M users in the generic database.

13. A system, comprising:
- a storage device; and
  
  a processor in communication with said storage device, the processor programmed to;
  
  obtain initial biometric data from a user;
  
  transmit the initial biometric data to a server, the server associating a data value with the initial biometric data;
  
  receive from the server a database comprising the initial biometric data of the user and the associated data value of the initial biometric data, and biometric data and associated data values of thousands of other users, wherein the database is specific to the user, the initial biometric data of the user is randomly positioned within the biometric data of the thousands of other users, and the biometric data of the thousands of other users is randomly selected as a proper subset of biometric data of users in a generic database;
  
  store the database in the storage device;
  
  receive subsequent biometric data of the user;
  
  perform a comparison of the subsequent biometric data of the user to the initial biometric data of the user and to the biometric data of the other users to determine that the initial biometric data of the user is a closest match to the subsequent biometric data of the user; and
  
  responsive to the comparison, use the associated data value of the initial biometric data to perform authentication of the user.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein the processor is programmed to:
    - responsive to the comparison, use the associated data value of the initial biometric data as one factor in the authentication of the user.
  - 15. The system of claim 14, wherein the processor is programmed to:
    - use the associated data value of the initial biometric data to decrypt an encrypted key to provide a decrypted key; and
      
      use the decrypted key in the authentication.

16. A system, comprising:
- a storage device; and
  
  a processor in communication with the storage device, the processor programmed to;
  
  receive biometric data from computing devices of a plurality of users as the plurality of users enroll with an authentication application;
  
  provide a generic database with entries for each of the plurality of users, each entry comprising the biometric data and an associated data value of the user;
  
  receive a request from one of the computing devices, the one of the computing devices is associated with a subject user;
  
  in response to the request, randomly select a proper subset of the entries, the proper subset of the entries comprising an entry of biometric data and associated data value for the subject user, and entries of biometric data and associated data values for other users of the plurality of users, and provide a user-specific database for the one of the computing devices of the subject user comprising the proper subset of the entries;
  
  receive subsequent biometric data from the one of the computing devices;
  
  compare the subsequent biometric data to biometric data of a plurality of entries among the proper subset of the entries in the user-specific database;
  
  responsive to the compare, select one of the entries in the user-specific database as a best match to the subsequent biometric data, one of the associated data values is associated with the one of the entries; and
  
  authenticate the user using the associated data values.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein:
    - the associated data value of the entry for the subject user comprises an n1-bit key; and
      
      a number of biometric templates in the user-specific database is less than 2ⁿ¹, a key space of the n1-bit key.
  - 18. The system of claim 16, wherein the processor is programmed to:
    - deploy the user-specific database for the computing device of the subject user on the computing device of the subject user.
  - 19. The system of claim 16, wherein:
    - the associated data value comprises a key which is used in an authentication process at the computing device of the subject user.
  - 20. The system of claim 16, wherein:
    - the associated data value comprises a password which is used in an authentication process at the computing device for the subject user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Malpani, Ambarish, Varadarajan, Rammohan
Primary Examiner(s)
Nguyen, Nam V

Application Number

US13/682,917
Publication Number

US 20140139318A1
Time in Patent Office

1,063 Days
Field of Search

340/5.82, 340/5.52, 713/193, 713/185, 713/186, 705/71, 382/124, 726/19
US Class Current

1/1
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

Mapping biometrics to a unique key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mapping biometrics to a unique key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links