EP1905185A2 - System and method for decoupling identification from biometric information in biometric access systems - Google Patents
System and method for decoupling identification from biometric information in biometric access systemsInfo
- Publication number
- EP1905185A2 EP1905185A2 EP06786766A EP06786766A EP1905185A2 EP 1905185 A2 EP1905185 A2 EP 1905185A2 EP 06786766 A EP06786766 A EP 06786766A EP 06786766 A EP06786766 A EP 06786766A EP 1905185 A2 EP1905185 A2 EP 1905185A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- calculation
- biometric
- individual
- biometric information
- identification number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
Definitions
- TITLE SYSTEM AND METHOD FOR DECOUPLING IDENTIFICATION FROM
- the disclosed embodiments pertain to secure methods for storing biometric templates and more specifically, a system and method for minimizing the risk of coupling an identification record to decrypted biometric information in a database.
- biometric information such as a fingerprint image or biometric template
- biometric scanner e.g., fingerprint scanner
- sample biometric or biometric information is ultimately compared to the biometric information previously obtained from the individual during an registration or enrollment process and now stored in the database (hereinafter referred to as the "registered" biometric or biometric information).
- biometric image such as a fingerprint image
- biometric templates are digital transformations typically based on proprietary algorithms that convert a biometric image, such as a digital fingerprint image, into a digital representation of observed points in the fingerprint image and relationships between those points. Such transformation thereby enables the comparison of one biometric template against another in order to assess the closeness of a match and determine whether there has been an authentication.
- the threshold of confidence, or level of closeness of the match can be adjusted depending upon the need for higher or lower confidence in the comparison. A higher threshold may lead to a higher “false rejection rate” while a lower threshold may lead to a higher “false acceptance rate.”
- Authentication of an individual generally requires the submission by the individual of sample biometric information as well as a personal identification number (“PIN”) via, for example, a PIN pad, keypad, keyboard or other input device or mechanism (e.g., a card scanner, etc.).
- PIN personal identification number
- the PIN is often a common, fixed-sized number, such as the individual's telephone number, or other alphanumeric sequence, and it need not be unique to the particular individual.
- the PIN may be used to locate a single registered biometric information in the database against which the sample biometric information will be compared to authenticate an individual.
- the PIN may be used to identify a subset of registered biometric information (e.g., hereinafter referred to as "bin” or a “basket”) in the database against which the sample biometric information will be compared against to find a potential match which shall reveal an identity that is linked to the particular registered biometric information which is matched.
- a subset of registered biometric information e.g., hereinafter referred to as "bin” or a “basket”
- FIG. 1 depicts an exemplary biometric access system for authentication purposes utilizing binning or basketing technology.
- Binning is often used to enhance the search speed by limiting the number of registered biometric information (e.g., biometric templates) in each bin, such as 115.
- the PIN may also be referred to as a personal search code ("PSC") 105 and need not be unique to each individual.
- PSC 105 is used to identify a bin number 110 for the bin 115 that includes one or more biometric templates encrypted with an encryption key 120.
- the encryption key 120 is known by the biometric access system and is used as an additional security mechanism to reduce the risk of storing biometric information in a database.
- the biometric access system performs a 1 :N matching of sample biometric information against the registered biometric information stored in the bin 115. Because only a subset of the registered biometric information is located in bin 115, search times are improved.
- Consumer advocacy and privacy groups have expressed concerns that an individual's biometric information stored in such biometric access systems can be accessed by third parties for different uses than originally intended and without the explicit authorization of the individual. For example, local authorities could subpoena the biometric information to assist in a criminal investigation or for other purposes. Such a subpoena may force the biometric access system provider to divulge access to its entire database, including all internally managed encryption keys, encryption and biometric conversion algorithms, system methods and processes.
- the present disclosure relates to methods for using information known only to an individual desiring access to a biometric access system in order to access stored biometric information in the biometric access system.
- Such methods minimize the risk of storing information in the biometric access system such that in the event such a biometric access system is compromised, the information stored in that system is insufficient to decrypt stored biometric information or link such biometric information to personal data stored in the system.
- a method comprises receiving a PIN from an individual, obtaining biometric information associated with the individual, applying a calculation on the PIN, wherein the result of the calculation serves as an encryption key, encrypting the biometric information using the result of the calculation as an encryption key; and storing the encrypted biometric information in the database.
- the method may be further enhanced, for example, in an identification system by further applying a second calculation on the PIN, wherein the result of the second calculation serves as a bin number in the database in which to store the biometric information, and wherein storing the encrypted biometric information in the database comprises storing the encrypted biometric information in a bin associated with the bin number.
- the present disclosure discloses a method for minimizing the risk of storing personal information and biometric information by using the PIN to calculate the actual address of an individual's record where the personal information is stored. In this manner, even if the biometric information is decrypted, for example, by a brute force method, the link between the biometric information and the individual's record still cannot be determined without the PIN from the individual (and therefore an identity cannot be determined based purely on the biometric information).
- Figure 1 depicts a biometric access system for authentication purposes utilizing binning or basketing technology.
- Figure 2 depicts an exemplary process flow for a biometric access system according to the present invention.
- Figure 3 depicts a system diagram for an exemplary biometric access system separating biometric information and personal information and access thereto.
- Figure 4 depicts a relationship between a biometric access database and a consumer information database in accordance with one embodiment.
- Figure 5 depicts a block diagram for enrollment and authentication of biometric data in a biometric access system according to the present invention.
- Figure 6 depicts a flow diagram for an exemplary enrollment process in a biometric access system according to the present invention.
- Figure 7 depicts a flow diagram for an exemplary authentication process in a biometric access system according to the present invention.
- FIG. 2 depicts an exemplary access flow for an embodiment of a biometric access system for identification purposes that utilizes binning for increased searching efficiency.
- an individual's PSC 205 that is entered at the point-of-access, such as a PIN pad at a point-of-sale ("POS") terminal at a merchant location, may be used for the calculation of both an encryption key 220 and a bin number 235 that is used to locate the individual's registered biometric information, in this case, a stored biometric template, in the database of the biometric access system.
- POS point-of-sale
- the encryption key 220 may be dynamically calculated in real-time during the individual's access process using, for example, a combination of a strong symmetric encryption algorithm 210 and a one-way hash function 215 on the submitted PSC 205.
- the one-way hash function 215 may prevent reverse engineering of the PSC 205 from the encryption key 220.
- An exemplary one-way hash function is the SHA256 hashing function. Because the encryption key 220 is generated from the PSC 205, the encryption key need not be stored in the biometric access systems' database, thereby making the encryption key more difficult to determine than in current existing solutions as previously discussed, where the encryption key is always known to the biometric access system.
- the Advanced Encryption Standard (“AES”) using a 256 bit key may be used as the encryption algorithm 210 in one embodiment. While the 256 bit key used with the AES algorithm would be stored and known by the biometric access system, the encryption key 220, as previously discussed, may not be permanently stored in the database, but may be generated in real-time during an individual's access request. However, the encryption key 220 may be temporarily stored during the access request. In an alternative embodiment, a one-to-one deterministic function (i.e., a function that outputs a unique result for each unique input) other than an encryption algorithm that needs to use of a key may be used at 210.
- AES Advanced Encryption Standard
- the individual may select (or be given) a PSC to be used in future system access attempts and the individual's registered biometric information (e.g., biometric template) may be encrypted with the encryption key 220 (obtained by applying the same encryption algorithm 220 and one-way hash function 215 to the PSC as used during the point-of-access process) prior to being stored in a bin 240.
- biometric information e.g., biometric template
- the bin number 235 may be dynamically calculated in real-time during the individual's access process based on a combination of a deterministic function 225 performed using the individual's PSC 205 and a one-way hash 230 of the result of the deterministic function calculation.
- the deterministic function 225 may be used to ensure that a single bin, such as 240, may include registered biometric information associated with a plurality of different individuals who have selected different PSCs, such as 205.
- a single bin such as 240
- one such possible deterministic function that may be used in an embodiment is to extract a certain sequential subset of the PSC (e.g., digits 2 through 7 in a PSC of 10 digits, for example).
- the bin number 235 that is stored in the database of the biometric access system may significantly reduce the risk that a PSC 205 can be reversed engineered from knowledge of the bin number 235 and subsequently passed though the encryption algorithm 210 and hash function 215 in order to derive the encryption key 220.
- the resulting dynamically generated encryption key 220 and the bin number 235 may then be used to access the bin 240 in the biometric access system's database containing the individual's registered biometric information and subsequently to decrypt the biometric information with the encryption key 220. Because different PSCs can lead to the same bin, not all biometric information within a particular bin 240 may be encrypted with the same encryption key 220. That is, given a particular one-way hash function, it is possible that different PSCs (with different encryption keys) can hash to the same bin number. As such, the risk of exposing all biometric information in a particular bin 240 when a particular PSC relating to a particular bin number 235 and an encryption key 220 is compromised may decrease because the encryption keys for different biometric templates in the bin may differ.
- deterministic functions and hashing techniques may increase the security of an embodiment.
- One goal of using a different encryption algorithm in 210 and deterministic function 225 may be to ensure that the bin number 235 and the encryption key 220 are not readily derived from one another because the encryption algorithm would provide a different value than the deterministic function.
- different algorithms for hash functions 215 and 230 may also or alternatively be used to further disassociate the encryption key 220 from the bin number 235. Accordingly, derivation of the encryption key 220 from the bin number 235 becomes difficult and may only be readily obtained in a dynamic fashion from an offered PSC 205.
- FIG 3 depicts a system diagram for one embodiment of a biometric access system wherein registered biometric information and personal information are handled differently.
- individuals' registered biometric information and personal information e.g., payment modalities, demographic information, payment details, etc.
- An individual's account information may be accessible by the individual via a biometric access path by submitting the individual's biometric sample and PSC (for transactions).
- biometric information e.g., biometric image
- PSC PSC
- the POS terminal 315 may obtain the biometric information (e.g., a biometric image) submitted through a biometric scanner 305 and a PSC submitted through a PIN pad 310.
- the biometric image may be converted into a biometric template and the template and PSC may then be submitted to the biometric access server 320 for comparison with registered biometric information stored in the database 325.
- the biometric access server 320 may be converted into a biometric template and the template and PSC may then be submitted to the biometric access server 320 for comparison with registered biometric information stored in the database 325.
- the biometric access server 320 may be converted into a biometric template and the template and PSC may then be submitted to the biometric access server 320 for comparison with registered biometric information stored in the database 325.
- the biometric access server 320 may be converted into a biometric template and the template and PSC may then be submitted to the biometric access server 320 for comparison with registered biometric information stored in the database 325.
- the PSC may be submitted to the biometric access server 320 which may return the registered biometric template to be compared at the POS terminal 315.
- the actual biometric image rather than a converted template may be sent to the biometric access server
- the registered biometric information (e.g., registered biometric template or biometric image depending upon embodiments) stored in the database 325 may be located by manipulating the received PSC as previously discussed and depicted in Figure 2. If the sample biometric information is authenticated against a particular registered biometric information in a particular bin in database 325, account information corresponding to the biometric template and containing information pertaining to the individual may be accessed from a consumer information database 330.
- the consumer information database 330 may include, without limitation, demographic information, payment modalities (e.g., credit card number, debit card number, checking account, etc.), payment details, payment history, membership information, and the like.
- access to information in the database 330 may be provided for administrative purposes such as auditing, account modifications, troubleshooting and the like.
- An individual who has registered and enrolled in the biometric access system may request account related changes through the secure administrative access server 340 by providing alternate and/or additional identification 335, such as a username, passcode, mnemonic or the like.
- the biometric information is stored in a separate database 325 from the consumer information database 340 and therefore utilization of the administrative access path does not provide access to the registered biometric information relating to the consumer information stored in database 330.
- the database 330 contains no linking information to the information in the biometric database 325. Accordingly, the administrative access server 340 is not able to access or create a link between the biometric information stored in database 325 and the consumer information stored in database 330.
- an individual's biometric information in database 325 is stored in a record 405 (in an appropriate bin number derived from the PSC as taught herein) that also contains a link or address 410 to a record 415 in database 330 that contains the relevant individual's personal information.
- a record 405 in an appropriate bin number derived from the PSC as taught herein
- biometric information 420 e.g., biometric template or image
- the entire record 405, including the link to the individual's record 415 could also be encrypted by the encryption key 220.
- the individual's record 415 does not have a link or address back to the relevant biometric record 405.
- access to an administrative access server, such as 340 in Figure 3, which provides access to the individual's record 415 may not provide an easy way to obtain the individual's related biometric information (still in encrypted form due to the encryption key 220) to the individual's record 415.
- the biometric access system may apply an encryption algorithm (with an encryption key known to the biometric access system) or other one-to-one deterministic function (i.e., a deterministic function that outputs a unique result for each unique input, unlike deterministic function 225) and a hash function 430 to the PSC 205 or any similar combination of deterministic functions, encryption algorithms, hash functions, etc. known to those with ordinary skill in the art to calculate a link to a unique address to the correct record 415 in the consumer database.
- the PSC 205 may need to be unique in order to assure the generation of a unique address for each individual record.
- the actual address is thus not stored in a record such as 405 but rather obtained in real time during an access request, when the individual submits his PSC 205.
- a unique stored value "representing" the address or link may be stored in the record 405 and manipulated by a calculation that includes the individual's PSC 205 as an input in order to calculate and produce the true address or link value.
- the PSC 205 may not need to be unique, given the uniqueness of the stored value.
- any such derivation process should ultimately result in a unique legitimate link or address value (or a value linked to a legitimate address table) in the consumer database 330 for each individual's record.
- the deterministic function 425 and hash function 430 or other computational process may or may not be the same or similar to those used in Figure 2 for the derivation of the encryption key 220 or the bin number 235.
- the deterministic function 425 and hash function 430 may aid in generating or maintaining a unique end result of the calculation (in addition to minimize risks of reverse engineering).
- any successful derivation of the encryption key by an unauthorized "hacker" that did not involve reverse engineering the PSC 205 may only lead to decrypted biometric information 420 and may not enable such a hacker to access the relevant identity by accessing the individual's record 415 because the address 410 would need to be separately derived from the PSC.
- FIG. 5 depicts a block diagram for enrollment and authentication of biometric data in a biometric access system according to an embodiment.
- the individual may supply biometric information 504 (e.g., biometric image which may be converted into a biometric template) and a secret PSC 506 to a secure enrollment terminal 502, for example and without limitation, located at a merchant location, installed as part of a personal computer system to which the individual has access or embodied in a handheld device.
- the enrollment terminal 502 may encrypt 508 the received information and transmit the information across a transport medium 510 such as the Internet, intranet, private network or other similar network to a secure server 520 managed by the biometric access system.
- a transport medium 510 such as the Internet, intranet, private network or other similar network
- the secure server 520 may enroll the received information by decrypting 530 the information to determine the biometric information 504 and the PSC 506.
- the incoming information may be decrypted 530 using a first secret key 550 which may be embodied in hardware and/or software.
- a deterministic function 532 (as further depicted and described in Figure 2) may be applied to the PSC 506.
- a first hash function 534 (as further depicted and described in Figure 2) may be applied to the result of the deterministic function 532.
- the result of the first hash function 534 may be a bin number corresponding to a bin in which to store the biometric information 504 in the biometric database 325.
- the PSC 506 may also be encrypted 536 using a second secret key 552 which also may be embodied in hardware and/or software.
- a second hash function 538 may be applied to the encrypted PSC as a seed value to produce an encryption key 540.
- the encryption key 540 may be used to encrypt 542 the biometric information 504.
- the encrypted biometric information may then be stored in a database 554 in a bin corresponding to the bin number and the encryption key 540 is discarded from the biometric access system. While not depicted in Figure 5, those skilled in the art will recognize that the enrollment process may further request personal information such as name, address, payment modalities, etc. for the individual that may be stored in the consumer database 330.
- the individual may similarly supply biometric information 514 and a secret PSC 516 to a secure POS (or other verification terminal) 512 located at a merchant location or any other appropriate location or device as described elsewhere herein.
- the POS 512 may encrypt 518 the received information (similar to 508 in the enrollment process) and transmit the information across the transport medium 410 to the secure server 420.
- the enrollment terminal 502 may be the same as the POS 512 (i.e., if the POS terminal also has enrollment capabilities).
- the secure server 420 may authenticate the received information by decrypting 560 the information to determine the biometric information 514 and the secret PSC 516.
- the incoming information may be decrypted 560 using the first secret key 550.
- the deterministic function 532 may then be applied to the PSC 516 and the first hash function 534 may be applied to the result of the deterministic function 532 resulting in the bin number in which the registered biometric information is expected to be stored.
- the bin number may then be used to retrieve 562 one or more of the encrypted biometric information (e.g., biometric templates) stored in the bin of the database 554 corresponding to the bin number.
- the PSC 516 may also be encrypted 536 using the second secret key 552.
- the second hash function 538 may be applied to the encrypted PSC as a seed value to produce a decryption key 564.
- the encryption key 540 is the same as the decryption key 564.
- the decryption key 564 may then be used to decrypt 566 the encrypted biometric information from the bin of the database 554 corresponding to the bin number.
- the matching biometric information may be authenticated 568 with the supplied biometric information 514.
- the biometric access system will be able to successfully assess whether particular stored encrypted biometric information in the bin has been successfully decrypted with the decryption key 564 because the format of unencrypted biometric information would be recognizable by the system (i.e., decrypting biometric information with the incorrect key would likely result in non-sensical data or would not successfully complete the decryption process).
- the matching algorithm that compares the supplied biometric information 514 with the registered biometric information may provide the highest threshold score for the correct registered biometric information when compared to the supplied biometric information 514.
- FIG. 6 depicts a flow diagram for an exemplary enrollment process in a biometric access system according to an embodiment.
- enrolling an individual may begin by gathering biometric information such as a biometric template 605 and a secret PSC 610.
- the biometric template 605 and the PSC 610 may be transmitted 615 to a secure server using a secure channel.
- the channel may be secured by using a symmetric encryption algorithm, such as Triple DES, AES or the like.
- a symmetric encryption algorithm such as Triple DES, AES or the like.
- an encryption key may then be calculated.
- the PSC 610 may be encrypted using a symmetric encryption algorithm with a secret key known to the secure server 620.
- a one-way hash may then be applied to the result 625.
- the result of the one-way hash may serve as an encryption key to encrypt the biometric template in step 630.
- the encrypted biometric template may be stored 635 in the bin having the appropriate bin number, also determined and dependent upon the PSC 610.
- the bin number may be calculated 640 by applying a one way hash on the result of a deterministic function performed on the PSC 610.
- the encrypted biometric template may then be stored in the appropriately calculated bin number.
- pre-existing stored templates in a selected bin can be successfully decrypted using the enrollee's PSC
- such pre-existing stored templates may be compared against the enrollee's submitted biometric template.
- the biometric access system may request that the enrollee select a different PSC (and ultimately a different bin) to lessen the risk of a false acceptance during an access request.
- personal information including, but not limited to, the name of the individual and various payment modalities (e.g., credit card, debit card, checking account, etc.) may also be obtained from the individual 645 and transmitted to the secure server in step 615 (or alternatively, a separate server for maintaining personal information).
- the secure server may receive the personal information and in similar fashion to the calculation of the bin number, may apply a one-to-one deterministic function to the PSC 610 and may subsequently apply a one-way hash function to the result 650.
- the result of this oneway hash may serve as a link or address to a separate consumer database wherein the personal information is placed into a record and stored at such address 655.
- FIG. 7 depicts a flow diagram for an exemplary authentication process in a biometric access system according to an embodiment. Similar to the enrollment process of Figure 6, as shown in Figure 7, authenticating an individual may also begin, for example, at a POS terminal at a merchant location, by gathering a biometric sample (e.g., biometric template) 705 and a secret PSC 710 from the individual. The biometric sample 705 and the PSC 710 may be transmitted 715 to the secure server using a secure channel.
- a biometric sample e.g., biometric template
- PSC 710 secret PSC 710
- a decryption key may be derived by encrypting the PSC using a symmetric encryption algorithm with a secret key known to the biometric access system 720 and applying a one-way hash of the encrypted PSC 725.
- a bin number may also be derived from the PSC 710 by applying a one-way hash to the result of a deterministic function that is performed on PSC 730.
- the derived decryption key may be applied to the first stored encrypted registered biometric template in the bin 740. If the decryption is successful (e.g., determined by examining the format of the decrypted result to assess whether it matches the correct format for an unencrypted biometric template, for example), the decrypted registered biometric template may be compared to the received sample biometric template to determine a threshold biometric comparison score according to the biometric template comparison 745.
- All registered biometric templates in the bin may be analyzed in this manner (see steps 750 and 755) with the possibility that some will successfully decrypt (i.e., individuals used the same PSC) and some will not successfully decrypt (i.e., individuals used different PSCs but such PSCs hashed to the same bin).
- a comparison score for those registered templates that successfully decrypted may be determined by comparing such registered templates against the sample biometric template 765. If the highest score meets the threshold set by the biometric access system that indicates a successful authentication 770, the identity of the individual is authenticated 775.
- an alternative process flow may decrypt and compare only those biometric templates up to the point that a first biometric template with a comparison score that meets the threshold is discovered.
- a one-to-one deterministic function and one-way hash may be applied to the secret PSC in a manner similar to deriving the bin number. Such a process may derive a link or address to the appropriate individual account record at the consumer database where the individuals' personal information is stored (separate from the biometric database).
- the biometric access system may thereby be able to access the appropriate personal information (e.g., payment modalities such as credit cards, debit cards, checking account, etc.) requested by the individual at the secure POS or verification terminal.
- the PSC may be fixed or be allowed to vary in its length (e.g., the length could be greater than or equal to ten alphanumeric characters).
- the biometric access system may encourage the individual to hold the PSC as a secret.
- variable length PSC e.g., greater than ten characters
- each character may be selected from any alphanumeric character or punctuation character
- binning is used to speed up the searching for the appropriate registered biometric information
- the techniques described herein, particularly as they pertain to using the PSC to encrypt registered biometric information also apply in verification systems where each individual may utilize a unique PIN such that binning is not needed.
- biometric information is used throughout the disclosure and is not meant to limit the disclosure to any particular type biometric information, such as a fingerprint, eye scan or voice print or form of biometric information (e.g., biometric template or biometric image).
- biometric template is a reference to one or more biometric templates and equivalents thereof known to those skilled in the art.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US69789105P | 2005-07-08 | 2005-07-08 | |
PCT/US2006/026722 WO2007008789A2 (en) | 2005-07-08 | 2006-07-10 | System and method for decoupling identification from biometric information in biometric access systems |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1905185A2 true EP1905185A2 (en) | 2008-04-02 |
Family
ID=37637819
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP06786766A Withdrawn EP1905185A2 (en) | 2005-07-08 | 2006-07-10 | System and method for decoupling identification from biometric information in biometric access systems |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP1905185A2 (en) |
WO (1) | WO2007008789A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109978698A (en) * | 2019-04-02 | 2019-07-05 | 吴国兴 | A kind of wealth insurance management data security system based on Internet of Things |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NL1036400C2 (en) * | 2009-01-09 | 2010-07-13 | Priv Id B V | Method and system for verifying the identity of an individual by employing biometric data features associated with the individual. |
FR2951842B1 (en) | 2009-10-28 | 2011-12-30 | Sagem Securite | IDENTIFICATION BY CONTROLLING USER DATA |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4922417A (en) * | 1986-10-24 | 1990-05-01 | American Telephone And Telegraph Company | Method and apparatus for data hashing using selection from a table of random numbers in combination with folding and bit manipulation of the selected random numbers |
US5764789A (en) * | 1994-11-28 | 1998-06-09 | Smarttouch, Llc | Tokenless biometric ATM access system |
US6401206B1 (en) * | 1997-03-06 | 2002-06-04 | Skylight Software, Inc. | Method and apparatus for binding electronic impressions made by digital identities to documents |
US6845453B2 (en) * | 1998-02-13 | 2005-01-18 | Tecsec, Inc. | Multiple factor-based user identification and authentication |
US7195151B2 (en) * | 2003-02-25 | 2007-03-27 | American Cash Exchange, L.L.C. | Method and system for automated value transfer |
-
2006
- 2006-07-10 WO PCT/US2006/026722 patent/WO2007008789A2/en active Application Filing
- 2006-07-10 EP EP06786766A patent/EP1905185A2/en not_active Withdrawn
Non-Patent Citations (1)
Title |
---|
See references of WO2007008789A3 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109978698A (en) * | 2019-04-02 | 2019-07-05 | 吴国兴 | A kind of wealth insurance management data security system based on Internet of Things |
Also Published As
Publication number | Publication date |
---|---|
WO2007008789A2 (en) | 2007-01-18 |
WO2007008789A3 (en) | 2008-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20070038863A1 (en) | System and Method for Decoupling Identification from Biometric Information in Biometric Access Systems | |
US9887989B2 (en) | Protecting passwords and biometrics against back-end security breaches | |
EP3435591B1 (en) | 1:n biometric authentication, encryption, signature system | |
US9654468B2 (en) | System and method for secure remote biometric authentication | |
EP1815637B1 (en) | Securely computing a similarity measure | |
US6317834B1 (en) | Biometric authentication system with encrypted models | |
CA2636453C (en) | Multisystem biometric token | |
US20200228340A1 (en) | Use of biometrics and privacy preserving methods to authenticate account holders online | |
CN112926092A (en) | Privacy-protecting identity information storage and identity authentication method and device | |
US7783893B2 (en) | Secure biometric authentication scheme | |
US20220021537A1 (en) | Privacy-preserving identity attribute verification using policy tokens | |
US20220129531A1 (en) | Optimized private biometric matching | |
JP2006209697A (en) | Individual authentication system, and authentication device and individual authentication method used for the individual authentication system | |
CN101420301A (en) | Human face recognizing identity authentication system | |
US11716328B2 (en) | Method of constructing a table for determining match values | |
KR100974815B1 (en) | System for Authenticating a Living Body Doubly | |
GB2457491A (en) | Identifying a remote network user having a password | |
EP1905185A2 (en) | System and method for decoupling identification from biometric information in biometric access systems | |
JP2001312477A (en) | System, device, and method for authentication | |
Ueshige et al. | A Proposal of One-Time Biometric Authentication. | |
JP2003134107A (en) | System, method and program for individual authentication | |
Chen et al. | A hybrid scheme for securing fingerprint templates | |
KR20080030599A (en) | Method for authenticating a living body doubly | |
WO2023181163A1 (en) | Collation system, collation device, collation method, and program | |
Wei et al. | Achieve efficient and privacy-preserving online fingerprint authentication over encrypted outsourced data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20080207 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA HR MK YU |
|
RAX | Requested extension states of the european patent have changed |
Extension state: RS Extension state: MK Extension state: HR Extension state: BA Extension state: AL |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20100202 |