Method of authenticating a user holding a biometric certificate

US 9,984,220 B2
Filed: 10/27/2015
Issued: 05/29/2018
Est. Priority Date: 10/28/2014
Status: Active Grant

First Claim

Patent Images

1. A method of generating a biometric certificate of a user performed by a data processing device of a certifying authority, comprising:

acquiring biometric data of said user;

generating a proof of knowledge of said acquired biometric data from the acquired biometric data and a pseudo-random function;

generating a truncated authentication datum by applying a truncation function to said generated proof of knowledge;

generating a certificate for said user comprising data related to an identity of the user and the truncated authentication datum so that the certificate provides a proof of the user'"'"'s identity and allows authenticating the user with a reduced rate of error while not allowing identification of the user,wherein said method further comprises, for at least one error to be processed among a determined set of tolerable errors;

generating derived biometric data by adding said error to the acquired biometric data,generating derived proofs of knowledge from the generated derived biometric data and from said pseudo-random function, andgenerating derived truncated authentication data by applying said truncation function to said first generated derived proofs of knowledge.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention concerns a method of generating a biometric certificate of a user performed by a data processing device of a certifying authority, comprising a step of generating (E4) a certificate for said user comprising data related to the identity of the user and truncated authentication data of said user generated using a method of generating a biometric authentication datum, comprising steps of:

- acquiring (E1) first biometric data of said user;
- generating (E2) a first a proof of knowledge of said first biometric data from the first acquired biometric data and from a pseudo-random function;
- generating (E3) a first truncated authentication datum by applying a truncation function to said first generated proof of knowledge.

24 Citations

12 Claims

1. A method of generating a biometric certificate of a user performed by a data processing device of a certifying authority, comprising:
- acquiring biometric data of said user;
  
  generating a proof of knowledge of said acquired biometric data from the acquired biometric data and a pseudo-random function;
  
  generating a truncated authentication datum by applying a truncation function to said generated proof of knowledge;
  
  generating a certificate for said user comprising data related to an identity of the user and the truncated authentication datum so that the certificate provides a proof of the user'"'"'s identity and allows authenticating the user with a reduced rate of error while not allowing identification of the user,wherein said method further comprises, for at least one error to be processed among a determined set of tolerable errors;
  
  generating derived biometric data by adding said error to the acquired biometric data,generating derived proofs of knowledge from the generated derived biometric data and from said pseudo-random function, andgenerating derived truncated authentication data by applying said truncation function to said first generated derived proofs of knowledge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of generating a biometric certificate according to claim 1, wherein the data processing device of the certifying authority holds a secret encryption key, and wherein generating the certificate for said user comprises encrypting the truncated authentication data of said user.
  - 3. The method according to claim 1, wherein generating a proof of knowledge of biometric data comprises generating a hash of the biometric data performed by applying a hash function to the biometric data.
  - 4. The method according to claim 3, wherein the proof of knowledge is generated using said hash function and a secret hash key stored solely by the certifying authority.
  - 5. The method according to claim 1, wherein generating a proof of knowledge of biometric data comprises calculating a modular exponentiation of a uniformly distributed value obtained from the biometric data and from said pseudo-random function.
  - 6. The method according to claim 5, wherein generating a proof of knowledge of biometric data further comprises steps of:
    - acquiring a derivation parameter h verifying the formula;
      
      h=g^r where r is a random number, g a generator of a group of prime order p, and g and p being public data;
      
      calculating the proof of knowledge using the formula;
      
      h^X or hash(h^X) with X being a value obtained from said biometric data and from said pseudo-random function, and hash being a hashing function.
  - 7. The method according to claim 1, wherein the truncation function applies truncation over n bits, n being a function of the probability of occurrence of the tolerable errors.
  - 8. The method of generating a biometric certificate according to claim 1, further including:
    - acquiring a truncated authentication datum or a derived truncated authentication datum stored in the certificate;
      
      comparing the acquired truncated authentication datum or the derived truncated authentication datum with said generated truncated authentication datum,said method further comprising;
      
      for at least one tolerable error to be tested among a determined set of tolerable errors, generating derived biometric data by adding said error to the acquired biometric data;
      
      for each error to be tested, generating a derived proof of knowledge from the generated derived biometric data and from said pseudo-random function, and a step of generating derived truncated authentication datum by applying said truncation function to said generated derived proof of knowledge;
      
      acquiring a second truncated authentication datum or a derived truncated authentication datum obtained from said certificate;
      
      comparing the second truncated authentication datum or the derived truncated authentication datum with the generated derived truncated authentication data.

9. A method of authenticating a user holding a biometric certificate generated comprising:
- acquiring biometric data of said user to be authenticated;
  
  generating a proof of knowledge of said acquired biometric data from the acquired biometric data and a pseudo-random function;
  
  generating a truncated authentication datum by applying a truncation function to said generated proof of knowledge;
  
  acquiring a truncated authentication datum or a derived truncated authentication datum stored in the certificate;
  
  comparing the acquired truncated authentication datum or the derived truncated authentication datum with said generated truncated authentication datum,said method further comprising;
  
  for at least one tolerable error to be tested among a determined set of tolerable errors, generating derived biometric data by adding said error to the acquired biometric data;
  
  for each error to be tested, generating a derived proof of knowledge from the generated derived biometric data and from said pseudo-random function, and a step of generating derived truncated authentication datum by applying said truncation function to said generated derived proof of knowledge;
  
  acquiring a second truncated authentication datum or a derived truncated authentication datum obtained from said certificate;
  
  comparing the second truncated authentication datum or the derived truncated authentication datum with the generated derived truncated authentication data.
- View Dependent Claims (10)
- - 10. The authentication method according to claim 9, wherein the data processing device of the certifying authority holds a secret encryption key, the certificate generating step for said user comprises an encryption step of the truncated authentication data of said user, and wherein acquiring the first truncated authentication datum comprises decrypting using the encryption key the first acquired encrypted truncated authentication datum.

11. A computer program product comprising program code instructions, stored on a non-transitory computer readable medium, to perform a method of generating a biometric certificate of a user by:
- acquiring biometric data of said user;
  
  generating a proof of knowledge of said acquired biometric data from the acquired biometric data and a pseudo-random function;
  
  generating a truncated authentication datum by applying a truncation function to said generated proof of knowledge;
  
  generating a certificate for said user comprising data related to an identity of the user and the truncated authentication datum so that the certificate provides a proof of the user'"'"'s identity and allows authenticating the user with a reduced rate of error while not allowing identification of the user,wherein said method further comprises, for at least one error to be processed among a determined set of tolerable errors;
  
  generating derived biometric data by adding said error to the acquired biometric data,generating derived proofs of knowledge from the generated derived biometric data and from said pseudo-random function, andgenerating derived truncated authentication data by applying said truncation function to said first generated derived proofs of knowledge.

12. A certification server comprising:
- a processor and a memory storing instructions which when executed by the processor perform configured to perform a method of generating a biometric certificate of a user by;
  
  acquiring biometric data of said user;
  
  generating a proof of knowledge of said acquired biometric data from the acquired biometric data and a pseudo-random function;
  
  generating a truncated authentication datum by applying a truncation function to said generated proof of knowledge;
  
  generating a certificate for said user comprising data related to an identity of the user and the truncated authentication datum so that the certificate provides a proof of the user'"'"'s identity and allows authenticating the user with a reduced rate of error while not allowing identification of the user,wherein said method further comprises, for at least one error to be processed among a determined set of tolerable errors;
  
  generating derived biometric data by adding said error to the acquired biometric data,generating derived proofs of knowledge from the generated derived biometric data and from said pseudo-random function, andgenerating derived truncated authentication data by applying said truncation function to said first generated derived proofs of knowledge.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IDEMIA Identity and Security France SAS (Advent International Corporation)
Original Assignee
Morpho (Advent International Corporation)
Inventors
Chabanne, Herve, Bringer, Julien, Cipiere, Olivier, Hugel, Rodolphe
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US14/924,452
Publication Number

US 20160117492A1
Time in Patent Office

945 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/45   Structures or tools for the...

G06F 21/602   Providing cryptographic fac...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3268   using certificate validatio...

Method of authenticating a user holding a biometric certificate

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method of authenticating a user holding a biometric certificate

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links