SYSTEM AND METHOD FOR AUTHENTICATED AND PRIVACY PRESERVING BIOMETRIC IDENTIFICATION SYSTEMS
First Claim
1. A method for uniquely identifying a user via biometric analysis, comprising:
- generating a first user biometric (UB) from a plurality of data bits of information of physical biometric information with an application on a first server network device with one or more processors on an biometric identification system including a plurality of server network devices each with one or more processors and one or more biometric scanners each with one or more processors used to collect physical biometric information from a human or non-human object;
encoding cryptographically authorization information via the application into the generated first UB defining a set of privileges granted to the human or non-human objects for a security infrastructure;
generating cryptographically generating an Identification and Verification Template (IVT) from the generated and encoded first UB via the application with a lossy transformation of information stored in the generated first UB and error correcting codes, wherein the generated IVT does not include complete information from the generated and encoded first UB but does allow for verification of the human or non-human object when the IVT is accessed a later time;
discarding the generated and encoded first UB; and
storing the generated IVT on an off-line biometric storage device for use within the security infrastructure.
1 Assignment
0 Petitions
Accused Products
Abstract
A biometric based identification and authorization for a collected physical biometric for a security infrastructure is presented. The biometric identification and authorization is achieved with an identity verification template (IVT) generated from a User Biometric (UB) collected from a human or non-human object and stored on an biometric storage device (e.g., a magnetic strip card, smart card, Universal Serial Bus (USB) flash drive or a Radio Frequency Identifier (RFID) device, etc.). The generated UB is discarded. The IVT does not contain complete information from the UB but allows for accurate verification of the human or non-human object when another UB is generated for the human or non-human object at a later time.
72 Citations
17 Claims
-
1. A method for uniquely identifying a user via biometric analysis, comprising:
-
generating a first user biometric (UB) from a plurality of data bits of information of physical biometric information with an application on a first server network device with one or more processors on an biometric identification system including a plurality of server network devices each with one or more processors and one or more biometric scanners each with one or more processors used to collect physical biometric information from a human or non-human object; encoding cryptographically authorization information via the application into the generated first UB defining a set of privileges granted to the human or non-human objects for a security infrastructure; generating cryptographically generating an Identification and Verification Template (IVT) from the generated and encoded first UB via the application with a lossy transformation of information stored in the generated first UB and error correcting codes, wherein the generated IVT does not include complete information from the generated and encoded first UB but does allow for verification of the human or non-human object when the IVT is accessed a later time; discarding the generated and encoded first UB; and storing the generated IVT on an off-line biometric storage device for use within the security infrastructure. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
2. A computer readable medium having stored therein a plurality of instructions for causing one or more processors to execute the steps of:
-
generating a first user biometric (UB) from a plurality of data bits of information of physical biometric information with an application on a first server network device with one or more processors on an biometric identification system including a plurality of server network devices each with one or more processors and one or more biometric scanners used to collect physical biometric information from a human or non-human object; encoding cryptographically authorization information via the application into the generated first UB defining a set of privileges granted to the human or non-human objects for a security infrastructure; generating cryptographically generating an Identification and Verification Template (IVT) from the generated and encoded first UB via the application with a lossy transformation of information stored in the generated first UB and error correcting codes, wherein the generated IVT does not include complete information from the generated and encoded first UB but does allow for verification of the human or non-human object when the IVT is accessed a later time; discarding the generated and encoded first UB; and storing the generated IVT on an off-line biometric storage device for use within the security infrastructure.
-
-
17. A system for uniquely identifying a user via biometric analysis, comprising in combination:
-
means for generating a first user biometric (UB) from a plurality of data bits of information of physical biometric information with an application on a first server network device with one or more processors on an biometric identification system including a plurality of server network devices each with one or more processors and one or more biometric scanners used to collect physical biometric information from a human or non-human object; means for encoding cryptographically authorization information via the application into the generated first UB defining a set of privileges granted to the human or non-human objects for a security infrastructure; means for generating cryptographically generating an Identification and Verification Template (IVT) from the generated and encoded first UB via the application with a lossy transformation of information stored in the generated first UB and error correcting codes, wherein the generated IVT does not include complete information from the generated and encoded first UB but does allow for verification of the human or non-human object when the IVT is accessed a later time; means for discarding the generated and encoded first UB; means for storing the generated IVT on an off-line biometric storage device for use within the security infrastructure; means for encrypting the generated IVT on an off-line biometric storage device one or more times with one or more different encryption keys; means for receiving a request on the application on the first server network device to verify an identity of the human or non-human object; means for generating a second user biometric (UB) for the human or non-human object with the application on the first server network device; means for retrieving the IVT stored on off-line biometric storage device with the application on the first server on the biometric identification system; and means for verifying an identify of the human or non-human object using the generated second UB and the retrieved dependency vector without directly comparing the retrieved IVT and the second UB.
-
Specification