Invariant biohash security system and method
First Claim
1. A mobile device for generating a secure biometric-based cryptographic key without storing biometric information in order to authenticate data comprising:
- (a) one or more processors, including a secure enclave processor core configured to be only accessible to;
(1) input, to the secure enclave processor core, passwords, digital biometric image data, and electronic messages targeted for encryption, and(2) provide, from the secure enclave processor core, encrypted electronic messages and public keys configured to verify the authenticity of encrypted electronic messages;
(b) a biometric reader;
(c) a display screen; and
(d) non-transitory computer-readable memory having stored thereon instructions to perform the steps of;
(1) receiving, via a first graphical user interface rendered on the display screen of the mobile device, a user password;
(2) capturing, using the biometric reader, into the secure enclave processor core, a first digital biometric image of a biometric reading of a user;
(3) converting, by the secure enclave processor core, the first digital biometric image into an invariant biometric feature vector using an integrated wavelet and Fourier-Mellin transformation process comprising the following steps within the secure enclave processor core;
(i) applying, by the secure enclave processor core, a wavelet transformation to the first digital biometric image to generate a second digital biometric image;
(ii) applying, by the secure enclave processor core, a fast Fourier transform to the second digital biometric image, to generate a third digital biometric image;
(iii) applying, by the secure enclave processor core, a log-polar transformation to the third digital biometric image to generate a fourth digital biometric image;
(iv) applying, by the secure enclave processor core, a high pass filter to the fourth digital biometric image to generate a fifth digital biometric image;
(v) applying, by the secure enclave processor core, a fast Fourier transform to the fifth digital biometric image to generate a first set of feature data;
(vi) applying, by the secure enclave processor core, row concatenation to the first set of feature data to generate the invariant biometric feature vector;
(4) converting, by the secure enclave processor core, the invariant feature vector using the user password into a 128-bit invariant code comprising the following steps within the secure enclave processor core;
(i) generating, by the secure enclave processor core, using the user password a threshold intensity value;
(ii) applying, by the secure enclave processor core, the threshold intensity value to the invariant feature vector to generate the 128-bit invariant code;
(5) generating, by the secure enclave processor core, an invariant asymmetric private key using the 128-bit invariant code and the user password;
(6) applying, by the secure enclave processor core, the invariant asymmetric private key to an electronic message comprising a message payload to generate a digitally signed electronic message to be securely transmitted to a second device;
(7) securely transmitting, from the mobile device to the second device, the digitally signed electronic message, wherein the digital signature can be verified by the second device using a corresponding public key provided to the second device, wherein the corresponding public key corresponds to the invariant asymmetric private key; and
(8) permanently deleting, from the secure enclave processor core, the user password, the first digital biometric image, the second digital biometric image, the third digital biometric image, the fourth digital biometric image, the fifth digital biometric image, the first set of feature data, the invariant biometric feature vector, the invariant asymmetric private key, and the 128-bit invariant code.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and program products for providing secure authentication for electronic messages are disclosed. A method may comprise generating an asymmetric private key based at least in part upon an invariant biometric feature vector derived from an input biometric reading. The private key may be further based at least in part upon a user password. The resulting private key may not be stored but rather may be generated when required to authenticate an electronic message, at which time it may be used to provide a digital signature for the electronic message. The private key may be deleted after use. The private key may be regenerated by inputting both a new instance of the biometric reading as well as a new instance of the password.
-
Citations
26 Claims
-
1. A mobile device for generating a secure biometric-based cryptographic key without storing biometric information in order to authenticate data comprising:
-
(a) one or more processors, including a secure enclave processor core configured to be only accessible to; (1) input, to the secure enclave processor core, passwords, digital biometric image data, and electronic messages targeted for encryption, and (2) provide, from the secure enclave processor core, encrypted electronic messages and public keys configured to verify the authenticity of encrypted electronic messages; (b) a biometric reader; (c) a display screen; and (d) non-transitory computer-readable memory having stored thereon instructions to perform the steps of; (1) receiving, via a first graphical user interface rendered on the display screen of the mobile device, a user password; (2) capturing, using the biometric reader, into the secure enclave processor core, a first digital biometric image of a biometric reading of a user; (3) converting, by the secure enclave processor core, the first digital biometric image into an invariant biometric feature vector using an integrated wavelet and Fourier-Mellin transformation process comprising the following steps within the secure enclave processor core; (i) applying, by the secure enclave processor core, a wavelet transformation to the first digital biometric image to generate a second digital biometric image; (ii) applying, by the secure enclave processor core, a fast Fourier transform to the second digital biometric image, to generate a third digital biometric image; (iii) applying, by the secure enclave processor core, a log-polar transformation to the third digital biometric image to generate a fourth digital biometric image; (iv) applying, by the secure enclave processor core, a high pass filter to the fourth digital biometric image to generate a fifth digital biometric image; (v) applying, by the secure enclave processor core, a fast Fourier transform to the fifth digital biometric image to generate a first set of feature data; (vi) applying, by the secure enclave processor core, row concatenation to the first set of feature data to generate the invariant biometric feature vector; (4) converting, by the secure enclave processor core, the invariant feature vector using the user password into a 128-bit invariant code comprising the following steps within the secure enclave processor core; (i) generating, by the secure enclave processor core, using the user password a threshold intensity value; (ii) applying, by the secure enclave processor core, the threshold intensity value to the invariant feature vector to generate the 128-bit invariant code; (5) generating, by the secure enclave processor core, an invariant asymmetric private key using the 128-bit invariant code and the user password; (6) applying, by the secure enclave processor core, the invariant asymmetric private key to an electronic message comprising a message payload to generate a digitally signed electronic message to be securely transmitted to a second device; (7) securely transmitting, from the mobile device to the second device, the digitally signed electronic message, wherein the digital signature can be verified by the second device using a corresponding public key provided to the second device, wherein the corresponding public key corresponds to the invariant asymmetric private key; and (8) permanently deleting, from the secure enclave processor core, the user password, the first digital biometric image, the second digital biometric image, the third digital biometric image, the fourth digital biometric image, the fifth digital biometric image, the first set of feature data, the invariant biometric feature vector, the invariant asymmetric private key, and the 128-bit invariant code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A mobile device for authenticating data associated with an electronic deposit sweep transfer which generates a secure biometric-based cryptographic key without storing biometric information, comprising:
-
(a) one or more processors, including a secure enclave processor core configured to be only accessible to; (1) input, to the secure enclave processor core, passwords, digital biometric image data, and electronic messages targeted for encryption, and (2) provide, from the secure enclave processor core, encrypted electronic messages and public keys configured to verify the authenticity of encrypted electronic messages; (b) a biometric reader; (c) a display screen; and (d) non-transitory computer-readable memory having stored thereon instructions to perform the steps of; (1) receiving, via a first graphical user interface rendered on the display screen of the mobile device, a user password; (2) capturing, using the biometric reader, into the secure enclave processor core, a first digital biometric image of a biometric reading of a user; (3) converting, by the secure enclave processor core, the first digital biometric image into an invariant biometric feature vector using an integrated wavelet and Fourier-Mellin transformation process comprising the following steps within the secure enclave processor core; (i) applying, by the secure enclave processor core, a wavelet transformation to the first digital biometric image to generate a second digital biometric image; (ii) applying, by the secure enclave processor core, a fast Fourier transform to the second digital biometric image, to generate a third digital biometric image; (iii) applying, by the secure enclave processor core, a log-polar transformation to the third digital biometric image to generate a fourth digital biometric image; (iv) applying, by the secure enclave processor core, a high pass filter to the fourth digital biometric image to generate a fifth digital biometric image; (v) applying, by the secure enclave processor core, a fast Fourier transform to the fifth digital biometric image to generate a first set of feature data; (vi) applying, by the secure enclave processor core, row concatenation to the first set of feature data to generate the invariant biometric feature vector; (4) converting, by the secure enclave processor core, the invariant feature vector using the user password into a 128-bit invariant code comprising the following steps within the secure enclave processor core; (i) generating, by the secure enclave processor core, using the user password a threshold intensity value; (ii) applying, by the secure enclave processor core, the threshold intensity value to the invariant feature vector to generate the 128-bit invariant code; (5) generating, by the secure enclave processor core, an invariant asymmetric private key using the 128-bit invariant code and the user password; (6) applying, by the secure enclave processor core, the invariant asymmetric private key to an electronic message comprising a message payload associated with a deposit sweep transaction to generate a digitally signed electronic message to be securely transmitted to a second device associated with the deposit sweep transaction; (7) securely transmitting, from the mobile device to the second device, the digitally signed electronic message causing the deposit sweep transaction to be initiated upon successful verification of the digital signature using a corresponding public key provided to the second device, wherein the corresponding public key corresponds to the invariant asymmetric private key; and (8) permanently deleting, from the secure enclave processor core, the user password, the first digital biometric image, the second digital biometric image, the third digital biometric image, the fourth digital biometric image, the fifth digital biometric image, the first set of feature data, the invariant biometric feature vector, the invariant asymmetric private key, and the 128-bit invariant code. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification