Method of comparing private data without revealing the data
First Claim
Patent Images
1. A method for identity verification, the method comprising steps of:
- receiving, by a client computer from an interface gateway, a device identifier (DID) and a noise-added biometric sample (S1+N) where S1 is a biometric sample of an individual, N is noise, and the device identifier (DID) identifies a device that transmitted the noise-added biometric sample (S1+N) to the interface gateway;
retrieving from a database, by the client computer, an encryption key laden with noise-added biometric sample (K1+S2+N), where S2 is a stored biometric sample corresponding to S1, K1 is a first key, the retrieving being based on the device identifier (DID), wherein the client computer does not know the first key (K1) or the noise (N), and S1 and S2 are non-identical;
computing, by the client computer, a second key (K2) by solving K2=(K1+S2+N)−
(S1+N);
determining whether or not the second key (K2) is similar within a threshold to a stored value of the first key (K1) located on a server computer without revealing the stored value of the first key (K1) by computing, using the client computer and the server computer, a non-zero bisector vector (x) in the equation (A1+A2)x=λ
d1Vd1+λ
d2Vd2, where A1 and A2 are private matrixes corresponding to K1 and K2, respectively, λ
d1 and λ
d2 are respective eigenvalues and Vd1 and Vd2 are corresponding unity normalized eigenvectors, the computing occurring by exchanging encrypted matrix A1;
encrypted vector λ
d1Vd1;
encrypted matrix A2; and
encrypted vector λ
d2Vd2 respectively, without the client computer or the server computer revealing d1, λ
d1, Vd1, d2, λ
d2 or Vd2;
if the determining within the threshold is satisfied, the second key (K2) and the stored value of the first key (K1) are deemed sufficiently similar;
if the determining within the threshold is unsatisfied, the second key (K2) and the stored value of the first key (K1) are deemed dissimilar;
transmitting from the server computer to the client computer, if the threshold is satisfied, helper data that permits the client computer to reconstruct a secret key (K′
) identical to the first key (K1) by combining the helper data with the private matrix A1;
transmitting, to the interface gateway, the secret key (K′
).
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed in this specification is a method and program storage device for comparing two sets of private data without revealing those private data. If the comparison deems the two data sets sufficiently similar, helper data may be provided to permit reconstruction of one of the private data sets without transmission of that private data set.
20 Citations
12 Claims
-
1. A method for identity verification, the method comprising steps of:
-
receiving, by a client computer from an interface gateway, a device identifier (DID) and a noise-added biometric sample (S1+N) where S1 is a biometric sample of an individual, N is noise, and the device identifier (DID) identifies a device that transmitted the noise-added biometric sample (S1+N) to the interface gateway; retrieving from a database, by the client computer, an encryption key laden with noise-added biometric sample (K1+S2+N), where S2 is a stored biometric sample corresponding to S1, K1 is a first key, the retrieving being based on the device identifier (DID), wherein the client computer does not know the first key (K1) or the noise (N), and S1 and S2 are non-identical; computing, by the client computer, a second key (K2) by solving K2=(K1+S2+N)−
(S1+N);determining whether or not the second key (K2) is similar within a threshold to a stored value of the first key (K1) located on a server computer without revealing the stored value of the first key (K1) by computing, using the client computer and the server computer, a non-zero bisector vector (x) in the equation (A1+A2)x=λ
d1Vd1+λ
d2Vd2, where A1 and A2 are private matrixes corresponding to K1 and K2, respectively, λ
d1 and λ
d2 are respective eigenvalues and Vd1 and Vd2 are corresponding unity normalized eigenvectors, the computing occurring by exchanging encrypted matrix A1;
encrypted vector λ
d1Vd1;
encrypted matrix A2; and
encrypted vector λ
d2Vd2 respectively, without the client computer or the server computer revealing d1, λ
d1, Vd1, d2, λ
d2 or Vd2;if the determining within the threshold is satisfied, the second key (K2) and the stored value of the first key (K1) are deemed sufficiently similar; if the determining within the threshold is unsatisfied, the second key (K2) and the stored value of the first key (K1) are deemed dissimilar; transmitting from the server computer to the client computer, if the threshold is satisfied, helper data that permits the client computer to reconstruct a secret key (K′
) identical to the first key (K1) by combining the helper data with the private matrix A1;transmitting, to the interface gateway, the secret key (K′
). - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transient program storage device readable by machine, tangibly embodying a program of instructions executable by machine to perform a method for identity verification, the method comprising steps of:
-
receiving, by a client computer from an interface gateway, a device identifier (DID) and a noise-added biometric sample (S1+N) where S1 is a biometric sample of an individual, N is noise, and the device identifier (DID) identifies a device that transmitted the noise-added biometric sample (S1+N) to the interface gateway; retrieving from a database, by the client computer, an encryption key laden with noise-added biometric sample (K1+S2+N), where S2 is a stored biometric sample corresponding to S1, K1 is a first key, the retrieving being based on the device identifier (DID), wherein the client computer does not know the first key (K1) or the noise (N), and S1 and S2 are non-identical; computing, by the client computer, a second key (K2) by solving K2=(K1+S2+N)−
(S1+N);determining whether or not the second key (K2) is similar within a threshold to a stored value of the first key (K1) located on a server computer without revealing the stored value of the first key (K1) by computing, using the client computer and the server computer, a non-zero bisector vector (x) in the equation (A1+A2)x=λ
d1Vd1+λ
d2Vd2, where A1 and A2 are private matrixes corresponding to K1 and K2, respectively, λ
d1 and λ
d2 are respective eigenvalues and Vd1 and Vd2 are corresponding unity normalized eigenvectors, the computing occurring by exchanging encrypted matrix A1;
encrypted vector λ
d1Vd1;
encrypted matrix A2; and
encrypted vector λ
d2Vd2 respectively, without the client computer or the server computer revealing d1, λ
d1, Vd1, d2, λ
d2 or Vd2;if the determining within the threshold is satisfied, the second key (K2) and the stored value of the first key (K1) are deemed sufficiently similar; if the determining within the threshold is unsatisfied, the second key (K2) and the stored value of the first key (K1) are deemed dissimilar; transmitting from the server computer to the client computer, if the threshold is satisfied, helper data that permits the client computer to reconstruct a secret key (K′
) identical to the first key (K1) by combining the helper data with the private matrix A1;transmitting, to the interface gateway, the secret key (K′
). - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCity College of New York
-
Original AssigneeCity College of New York
-
InventorsSy, Bon K., Krishnan, Arun Prakash Kumara
-
Primary Examiner(s)McNally, Michael S
-
Application NumberUS14/324,601Publication NumberTime in Patent Office505 DaysField of Search713/171US Class Current1/1CPC Class CodesG06F 17/10 Complex mathematical operat...G06F 18/2135 based on approximation crit...G06F 21/32 using biometric data, e.g. ...G06F 21/6254 by anonymising data, e.g. d...G06V 10/7715 Feature extraction, e.g. by...G06V 40/1371 Matching features related t...H04L 63/0861 using biometrical features,...H04L 9/008 involving homomorphic encry...H04L 9/0866 involving user or device id...H04L 9/3218 using proof of knowledge, e...H04L 9/3231 Biological data, e.g. finge...
