BIOMETRIC AUTHENTICATION TECHNICAL FIELD
The present invention pertains to digital certificates and more particularly to a digital certificate that incorporates biometric data, as well as methods and apparatus for generating it. BACKGROUND ART
A unique digital certificate assists in verifying the identity of a natural person as a sender of e-mail or other form of electronic correspondence or electronic transaction. For digital certificates to become a mandatory and viable requirement for engaging in electronic transactions, there will need to be a method that better identifies the natural person uniquely.
Whilst the currently known Public Key Infrastructure (PKI) infrastructure, certificate and signature concepts are sound, the sub-optimal authentication of the owner of the certificate is a failing of current digital signatures. DISCLOSURE OF THE INVENTION
The invention pertains to a verifiably unique certificate which combines a conventional digital certificate with data derived from bio-metric information and optionally (b) statistical data or bona fides (e.g. age, security classification, licence information, medical conditions).
The invention also provides management of the authentication processes. MODES FOR CARRYING OUT THE INVENTION
A Public Key Infrastructure is a combination of hardware and software products, policies and procedures. A PKI is based on digital IDs known as digital certificates, which act like 'electronic passports'. A typical PKI should consist of:
(a) A security policy for establishing top-level security, as well as the processes and principles for the use of cryptography. It is essentially the rules by which an administering organisation will handle keys and valuable information. (b) Certificate Practice Statement (CPS). This is a document defining the operational procedures on how the security policy will be enforced and supported in practice, how certificates are issued, accepted and revoked, and how keys will be generated, registered and certified, where they will be stored, and how they will be made available to users. (c) Certificate Authority (CA). The CA system is the trust basis of a PKI as it manages public key certificates for their whole life cycle. The CA issues certificates by binding the identity of a user or system to a public key with a digital signature. The CA establishes the schedule of expiry dates for certificates and ensures certificates are revoked when necessary by publishing Certificate Revocation Lists (CRLs). When implementing a
PKI, an organisation can either operate its own CA system, or use the CA service of a Commercial CA or Trusted Third Party, (d) Authentication Centre (AC) and Virtual Authentication Centre (VAC). An AC provides an optional intermediary between the user and the CA. It captures and authenticates the identity of the users and submits the certificate request to the CA. Whereas VAC provides an optional intermediary between the user and the CA, when the user submits the request for a certificate remotely with the means of facilities provided in the locations approved by the authentication centre (e.g. esignated computing device, vending machines).
PKI-enabled Applications.
A PKI is a means to an end, providing the security framework by which PKI-enabled applications can be confidently deployed to achieve the end benefits, in this case the generation and use of a digital certificate which incorporates a unique biometric of its users.
The certificate is generated as follows: -
(a) The inputs may include: applicant's name, biometric data, address, country, date of birth, drivers licence number, social security number, passport number, tax-file number, birth certificate number and location of birth, public key of CA, official descriptor, expiry date, other data.
(b) The inputs are manipulated through an algorithm to produce a unique identification number.
(c) The CA identifier (assigned by the root CA) and the CA's URL is appended to the identification number to form a globally unique certificate.
(d) The certificate may incorporate a compliance seal. The compliance seal is a flag or image data, which the certificate carries in a readable field. The field may carry an image or cause a browser or plug-in to display an image. The image may be depicted within a browser window or as part of the browser. The compliance seal may be available (visual, mechanical, audible) on the browser or on the resource. Associated with the availability of the compliance seal is a link to the issuing CA (for example this link will take the user to the home page of the CA from which complaints may be lodged, the CPS may be available, etc). In addition to generally accepted privacy and security guidelines (e.g.
Guidelines issued by Defence Signals Directorate, Australia), special security arrangements should be made to secure the public/private key pair for CA,
resources (hardware and software) involved in the production and delivery of the biometric certificate. Strong encryption would be implied in delivering the biometric certificate from the CA to the user. Certificate Practice Statement Whole or part of this document (CPS) may, or may not be, publicly available.
The CPS document will consist of, but is not limited to, procedures for the following: (a) PKI Infrastructure (b) Organisational relationships
(c) Public policy and legislative matters.
(d) AC and CA standard operating internal controls and procedures.
(e) Privacy Policy.
(f) Security classifications. (g) Codes of conduct.
(h) Fees and charges.
(i) List of acceptable bona-fides for all stakeholders.
(j) Application for certificate.
(k) Method of generating a unique certificate number. (I) Generation and security of digital certificate
(m) Procedure for manual authentication and issue.
(n) Procedure for virtual authentication and issue.
(o) Procedure for use of a certificate.
(p) Requirements to be a referee. (q) Auditing prior to application.
(r) Ongoing auditing.
(s) Terms and conditions.
(t) Rules of use.
(u) Delivery of digital certificate and seal, (v) Revocation of digital certificate and seal, (w) Distribution and usage of revocation and attribute tables. (x) Frequently asked questions, (y) User help (z) Complaints mechanisms, (aa) Metrics and statistical analysis.
(bb) Distribution, installation, operation and security of applications.. (cc) General information.
(dd) Enforcement mechanisms and penalties, (ee) Any other applicable information.
(ff) Renewal in the event of an accident, plastic surgery or genetic therapy, (gg) Maintenance of audit trails. (hh) Eligibility criteria for witnesses and digital referees.
(ii) Criteria, guidelines and responsibility of the accredited organizations acting as a digital referees.
Accordingly, the invention provides a method of combining the existing digital certificate technology with any one or a combination of (a) data derived from bio-metric information and (b) statistical data (e.g. age, security classification, licence information, medical conditions).
The invention also provides management of the authentication processes.
The certificate of the present invention incorporates a signature derived from an algorithm which operates on biometric data, such as genetic input, blood type, facial data, finger or iris image data, voice data, etc. The certificate
also includes a uniquely allocated number or signature of the authenticating authority, a check digit or crc.
The certificate of the present invention may be securely stored in electronic, optical, magnetic, physical, biological or printed form. Four methods of obtaining an authenticated biometric certificate are as follows: -
(a) Remotely with authentication supplied via "trusted" parties who have an established digital signature, i.e. "digital referee". The fact that a party is eligible to be a digital referee may be an attribute of their digital signature.
(b) Remotely with authentication supplied via the provision of acceptable data or facsimile of acceptable documents which is subject to verification through the data or document issuing authorities as referee. (c) Remotely, by assessing documents presented by the applicant, and confirmed via trusted third parties, (d) In person with authentication supplied via the provision of acceptable data or acceptable documents, which may be subject to verification through the data issuing authorities as referee. These methods are explained in the following examples:
Example 1 : A candidate person presents themselves in front of a live digital biometric sampling device at a location approved by the certification authority (e.g. vending machine) and establishes a secure link, such as a network connection, with digital referees accompanying that person into a virtual authentication centre (VAC). A digital referee is a person who is a current biometric certificate user and who can verify, in real time, the identity of an applicant based on live biometric (and perhaps other data) data or other
bona fides (such as documents, other digital certificates etc.) offered by the applicant during (in real time) the authentication process. The term "real time" is used here as including network lag and data transit time as means simply: as fast as the network technology will reasonably allow. The referees observe the image (or other data) of the person and optionally confirm the answers to a few questions asked of the person. The referee may also confirm live, the taking of a biometric by the candidate. A genetic sample may be taken, the proper sampling being confirmed by the referee analysed and transformed into digital data. A positive ID from the referee results in a certificate being issued immediately. The certificate is preferably created using an algorithm which operates on the same biometric data offered by the applicant and used by the referee for the verification. In this example, the attendance of a digital referee would either have to be pre-arranged or may be conducted in real time through the aid of a device. That device (e.g. phone or mobile computer) may transmit the digital referee's signature, it may capture a biometric image of the digital referee or it may ask certain questions of the referee based on the signature attributes or other data. Essentially there must be a mechanism to authenticate a digital referee in real-time if the attendance of the digital referee to the digital authentication centre has not been pre-arranged. Example 2: A person presents themselves in front of a live digital biometric sampling device (e.g. digital or optical recording equipment) at a location approved by the certification authority (e.g. kiosk, vending machine etc.) and establishes a secure link with a virtual authentication centre. In the absence of referees, questions might be asked based on electronically available information (e.g. credit card statement, phone bill, etc). In the alternative, a representative of an organization that issues or has authorised access to photo IDs may act as the digital referee by comparing the live image
to networked stored resources, such as a company's stored image and optionally asking questions related to data within their or another database and providing only verification of identity or refusal to the VAC. Verification by the referee, in real time, results in the certificate being issued. Example 3: A person presents themselves in front of a live digital biometric sampling device at a location approved by the certification authority (e.g. vending machine) and establishes a secure link with a virtual authentication centre. A static image of the applicant's face on a facsimile of a drivers licence or passport or other approved document (optionally scanned by the machine) is transmitted to the virtual interviewer at the virtual authentication centre. The passport and or driver's licence or other document details are verified by the virtual certification centre by comparing the applicant's transmitted document image with the live transmission of the applicant's image. If verified, both are then optionally compared to an image provided by the issuer of the document against the issuing authority's transmission of the same image of the supporting documents and a positive match results in the certificate being subsequently issued.
Example 4: A person presents themselves in the physical authentication centre (offices of the certificate issuing authority or its agents). Fills in the application form for the biometric digital certificate and submits it with the original driver's licence, the passport or other approved documents to the issuing officer. The applicant is presented in front of a live digital biometric sampling device and photograph or biometric data is taken. The passport and/or driver's licence or other documents are verified by the authentication centre against the issuing authority of the supporting documents and a certificate is issued on verification of these documents.
In use, the recipient of the user's certification may wish to verify that it was the user, and not an impostor, that sent the certificate. This requires that the recipient challenge the user to provide: (a) Information uniquely known to the user; Recipient initiates a new transaction between VAC and user. VAC pushes a browser window (or equivalent means of communication) to user. User answers VAC's questions. VAC verifies the answers and notifies the recipient whether the actual user is online or some one else is using the users certificate. (b) Information gleaned from electronic records about the user;
By prior arrangement/consent to allow details of the electronic information such as phone bill or credit card details, etc. are conveyed to VAC for real time use between VAC and user. VAC may ask a few questions from the electronic information they have. If the user's response is correct, VAC sends the confirmation to the recipient that the user online is the actual user otherwise a negative response is sent to the recipient, (c) Real time verification using networked equipment;
The applicant is verified in real time using the equipment, e.g., digital recorder, finger print or genetic sampling device, etc. attached to the applicants networked equipment on the request of the recipient or on random intervals.
It will be understood that a person's biometrics may change. When obtaining the certificate, a user may be compelled to agree to update their biometric containing certificate in the advent that a biometric altering event (BAE) occurs before the expiry of the certificate. A BAE may be genetic therapy, plastic surgery, disfiguring injury, etc. This also applies to the
alteration of any data field embodied in the certificate such as date of birth, name, address, etc.
Industrial Application: At the present time there is great concern amongst governments and industry over the ability to identify the country of origin and age of an individual wishing to partake in internet gambling. This patent, effectively implemented would provide a viable solution to exclusion of minors and not permitting residents of certain jurisdictions to play prohibited games by providing reliable and secure authentication of a user.