Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
  • H04L9/3231—Biological data, e.g. fingerprint, voice or retina
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
  • G06N3/00—Computing arrangements based on biological models
  • G06N3/02—Neural networks
  • G06N3/08—Learning methods
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
  • H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
  • H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
  • H04W12/08—Access security
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
  • H04W12/60—Context-dependent security

Definitions

• Biometric information of a user e.g., iris, facial, fingerprint, etc.
• a candidate can provide information to be compared against the registration information.
• biometric systems may not require an exact match during the comparison stage, but instead may rely upon techniques such as a Hamming distance between the registration information (e.g., a registration code) and the comparison information (e.g., a comparison code). If the differences between the registration information and the comparison information are small enough, a biometric match may be identified.
• a registration code e.g., a registration code
• the comparison information e.g., a comparison code
• a method for generating a secure biometric code from facial data of a user comprises capturing samples from a plurality of regions of a face of the user and combining a first portion of the samples from a first region of the plurality of regions with a second portion of the samples from a second region of the plurality of regions.
• the method may further comprise generating a complex representation of the combined samples, wherein each data point within the complex representation is based on at least the first portion of samples and the second portion of samples.
• the method may further comprise acquiring a public code that is based on previously acquired facial data of the user, wherein the public code does not include any previously acquired samples of facial data of the user and wherein none of the previously acquired samples of the of the facial data of the user can be determined based on the public code.
• the method may further comprise modifying, based on calibration data of the public code, the complex representation of the combined samples to correspond to one or more features of the previously acquired samples of facial data.
• a biometric processing system comprises a sensor configured to capture facial data from a user, a memory comprising instructions stored thereon, and a processor coupled to the sensor and the memory.
• the processor may be configured to execute the instructions to capture samples from a plurality of regions of a face of the user, combine a first portion of the samples from a first region of the plurality of regions with a second portion of the samples from a second region of the plurality of regions, and generate a complex representation of the combined samples, wherein each data point within the complex representation is based on at least the first portion of samples and the second portion of samples.
• the processor may also be configured to execute the instructions to acquire a public code that is based on previously acquired facial data of the user, wherein the public code does not include any previously acquired samples of facial data of the user and wherein none of the previously acquired samples of the of the facial data of the user can be determined based on the public code.
• the processor may also be configured to execute the instructions to modify, based on calibration data of the public code, the complex representation of the combined samples to correspond to one or more features of the previously acquired samples of facial data, binarize the modified complex representation to generate a binary code, and determine, based on a bitwise comparison of the binary code with a private code previously determined from the previously acquired samples of facial data of the user, whether the user is authentic.
• a non-transitory computer- readable medium has instructions stored thereon, that when executed by a processor of a biometric processing system cause the processor to perform operations comprising capturing samples from a plurality of regions of a face of the user and combining a first portion of the samples from a first region of the plurality of regions with a second portion of the samples from a second region of the plurality of regions.
• the instructions may also cause the processor to perform operations of generating a complex representation of the combined samples, wherein each data point within the complex representation is based on at least the first portion of samples and the second portion of samples, and acquiring a public code that is based on previously acquired facial data of the user, wherein the public code does not include any previously acquired samples of facial data of the user and wherein none of the previously acquired samples of the of the facial data of the user can be determined based on the public code.
• the instructions may also cause the processor to perform operations of modifying, based on calibration data of the public code, the complex representation of the combined samples to correspond to one or more features of the previously acquired samples of facial data, binarizing the modified complex representation to generate a binary code, and determining, based on a bitwise comparison of the binary code with a private code previously determined from the previously acquired samples of facial data of the user, whether the user is authentic.
• FIG. 2 shows a number of valid and stable biometric code bits over the time taken to generate the biometric code in accordance with some embodiments of the present disclosure
• FIGS. 3A - 3C show a stable iris annulus 1D signal obtained from a 2D iris image in accordance with some embodiments of the present disclosure
• FIG. 4 depicts an exemplary captured fingerprint image in accordance with some embodiments of the present disclosure
• FIG. 5 depicts an exemplary region of interest (ROI) of a captured fingerprint in accordance with some embodiments of the present disclosure
• FIG. 6 depicts an exemplary ROI orientation, registration, and verification in accordance with some embodiments of the present disclosure
• FIG. 1D shows a stable iris annulus 1D signal obtained from a 2D iris image in accordance with some embodiments of the present disclosure
• FIG. 4 depicts an exemplary captured fingerprint image in accordance with some embodiments of the present disclosure
• FIG. 5 depicts an exemplary region of interest (ROI) of a captured fingerprint in accordance with some embodiments of
• FIG. 7 depicts the operation of exemplary fingerprint ROI relocation operations in accordance with some embodiments of the present disclosure
• FIG. 8 depicts exemplary fingerprint ridge vector identification and processing in accordance with some embodiments of the present disclosure
• FIG. 9 depicts an exemplary embodiment of biometric registration and authentication in accordance with some embodiments of the present disclosure
• FIG. 10 depicts exemplary extraction of feature vectors for use in developing a stable code in accordance with some embodiments of the present disclosure
• FIG. 11 depicts an exemplary supporting mask of a region of interest in accordance with some embodiments of the present disclosure
• FIG. 11 depicts an exemplary supporting mask of a region of interest in accordance with some embodiments of the present disclosure
• FIG. 12 depicts exemplary feature vector maps extracted from four captures of the same finger at different times in accordance with some embodiments of the present disclosure
• FIG. 13 depicts an exemplary identification of stable feature vector locations from Fourier amplitude maps in accordance with some embodiments of the present disclosure
• FIG. 14 depicts an exemplary fingerprint capture with multiple ROIs in accordance with some embodiments of the present disclosure
• FIG. 15 depicts an exemplary phase calibration for binarization of feature vector data in accordance with some embodiments of the present disclosure
• FIG. 16 depicts an exemplary binarization of feature vector amplitudes in accordance with some embodiments of the present disclosure
• FIG. 16 depicts an exemplary binarization of feature vector amplitudes in accordance with some embodiments of the present disclosure
• FIG. 17 shows a process for biometric verification using a primary biometric code in accordance with some embodiments of the present disclosure
• FIG. 18 shows a process for biometric verification using a masked biometric code in accordance with some embodiments of the present disclosure
• FIG. 19 shows exemplary generation of a validity mask from received biometric data over time in accordance with some embodiments of the present disclosure
• FIG. 20 shows masked biometric codes determined by a minor code and a major code, respectively, in accordance with some embodiments of the present disclosure
• FIG. 21 shows an exemplary flow diagram of a biometric identification system in accordance with some embodiments of the present disclosure
• FIG. 28 shows an exemplary flow diagram of a biometric identification system in accordance with some embodiments of the present disclosure
• FIG. 22 shows an exemplary flow diagram of a biometric identification and authentication system in accordance with some embodiments of the present disclosure
• FIG. 23 shows a process for biometric authentication comprising a biometric hash in accordance with some embodiments of the present disclosure
• FIG. 24 shows a test to determine if a code is ready to be hashed in accordance with some embodiments of the present disclosure
• FIG. 25 shows feature vectors determined from facial features in accordance with some embodiments of the present disclosure
• FIG. 26 shows an exemplary embodiment of registration of multiple ROIs in accordance with some embodiments of the present disclosure
• FIG. 23 shows a process for biometric authentication comprising a biometric hash in accordance with some embodiments of the present disclosure
• FIG. 24 shows a test to determine if a code is ready to be hashed in accordance with some embodiments of the present disclosure
• FIG. 25 shows feature vectors determined from facial features in accordance with some embodiments of the present disclosure
• FIG. 26 shows an exemplary embodiment of registration of multiple ROIs in accord
• FIG. 27 shows an exemplary embodiment of generating and using compensation codes with multiple ROIs in accordance with some embodiments of the present disclosure
• FIG. 28 shows an exemplary embodiment of verification of multiple ROIS in accordance with some embodiments of the present disclosure
• FIG. 29 shows an exemplary embodiment of code extraction and generation for multiple ROIs in accordance with some embodiments of the present disclosure
• FIG.30 shows exemplary biometric hash generation and checking for multiple ROIs in accordance with some embodiments of the present disclosure
• FIG. 31 depicts exemplary asymmetric encryption utilizing biometric codes in accordance with some embodiments of the present disclosure
• FIG. 32 depicts exemplary PKI encryption utilizing biometric codes in accordance with some embodiments of the present disclosure
• FIG. 33 depicts exemplary identification hash registration in accordance with some embodiments of the present disclosure
• FIG. 34 depicts exemplary hash identification and authentication in accordance with some embodiments of the present disclosure
• FIG. 35 depicts an exemplary biometric processing system in accordance with some embodiments of the present disclosure
• FIG. 36 depicts partial facial features determined from a face capture, in accordance with some embodiments of the present disclosure
• FIG. 37 depicts illustrative examples of composite feature vector sets that are generated by a composite feature generating process, in accordance with some embodiments of the present disclosure
• FIG. 38 depicts illustrative examples of composite feature vector sets that are generated by a composite feature generating process, in accordance with some embodiments of the present disclosure.
• FIG. 38 depicts illustrative examples of a composite feature extraction process for non-ideal face captures with occluded regions, in accordance with some embodiments of the present disclosure
• FIG. 39 depicts an exemplary embodiment of a biometric registration and authentication process that includes a witness code, in accordance with some embodiments of the present disclosure
• FIG. 40 depicts illustrative steps of a process that utilizes a composite feature generating process to generate a public code, a biometric hash, and a witness code from a biometric input, in accordance with some embodiments of the present disclosure
• FIG. 41 depicts a secure automatic revocation process of verification codes, in accordance with some embodiments of the present disclosure
• FIG. 48 FIG.
• FIG. 42 depicts acquisition of multiple modalities of security information, in accordance with some embodiments of the present disclosure.
• FIG. 43 depicts verification of a user based on multiple modalities of security information, in accordance with some embodiments of the present disclosure.
• the present disclosure is directed to identification and authentication systems for biometric and physical data, such as iris, facial, fingerprint, fluid, and gaseous recognition systems, as well as any other data that is subject to measurement error or variability.
• any set of data that measures a physical entity or a phenomenon may output fuzzy data having a variability that makes bitwise analysis (e.g., for cryptographic applications) extremely difficult, due to a variation in one bit of measured data compromising an entire encrypted output or hash function.
• a set of captured data points may be analyzed to determine which of the data points are suitable for use in a validity mask (e.g., feature vectors may comprise data points to be used in a validity mask).
• That validity mask may then be utilized with the captured biometric data to generate a repeatable registration code (e.g., a hashed biometric code) that is capable of being compared on a bit-wise basis with later-captured comparison data.
• a repeatable registration code e.g., a hashed biometric code
• the validity mask may be utilized by the device capturing the comparison biometric data to generate a repeatable comparison code (e.g., a hash of the captured data modified by the validity mask).
• the validity mask may be generated such that the repeatable registration code can be compared to the repeatable comparison code on a bit-wise basis (e.g., a comparison of hash functions) while maintaining low false rejection rates (FRR) and false acceptance rates (FAR).
• FRR false rejection rates
• FAR false acceptance rates
• biometric captures systems are described herein for the purpose of illustration and not limitation. For example, one skilled in the art can appreciate that the illustrative embodiments can have application with respect to other biometric systems and to other recognition applications such as iris, facial, or fingerprint recognition systems.
• Captured biometric information may be represented by information such as a binary code.
• the biometric information may be quantified by a “primary” code.
• the primary code can require a candidate to have an exact match to the enrolled biometric code (i.e., one different bit value prevents a bitwise match).
• Feature vectors that characterize a captured biometric image may commonly be of low amplitude for all people, and in this way, are easily affected by fluctuations due to noise from the camera or other capture device, illumination variation, focus, boundary detection, etc.
• High-quality data of an iris, facial features, fingerprint, or other biometric or physical characteristic may be required to maintain a repeatable and robust identification.
• High-quality data may be produced by more expensive components and a controlled environment (e.g., the distance, pointing direction and/or orientation of the eye/face/fingerprint/etc., and illumination and other controls must be identical for each authentication trial).
• These operational constraints make primary codes difficult to be used in common- use cases where controlled environments cannot be achieved (e.g., mobile phone user identification).
• Embodiments of the present disclosure describe systems of generating a robust quantified representation of captured biometric data for use in biometric verification systems.
• a masked biometric code is one such representation that addresses the limitations of primary biometric codes.
• a masked biometric code provides flexibility with the environment capturing the biometric images and accordingly, allows for the use of lower-cost components and provides more tolerance on natural variability in the time.
• the masked biometric code is repeatable with a low False Acceptance Rate due to the use of a validity mask. This stability in performance may allow for a combined use of biometric verification with a linked field of application (e.g., jointly authenticating a digital signature using biometric identification).
• the raw image Prior to creating the electronic SRI, the raw image may be enhanced to improve the captured modulation transfer function (MTF) (e.g., for images captured by a system having EDOF optics).
• MTF modulation transfer function
• FIG. 1 shows codes 100 produced by a portion of biometric data in accordance with some embodiments of the present disclosure.
• the code is a binary representation of a portion of a biometric image, facial image, fingerprint capture, or other biometric or physical data.
• the code bit may be represented by a third symbol (e.g., an asterisk). As can be seen from FIG. 1, in some instances a significant portion of the bits cannot be determined with the minimum error probability.
• captured codes 102 and 104 may represent two different biometric data captures from a first individual
• captured codes 112 and 114 may represent two different biometric data captures from a second individual
• captured code 122 and 124 may represent two different biometric data captures from a third individual.
• the captured bits for the same individual i.e., codes 102 and 104, codes 112 and 114, and codes 122 and 124) are identical, which is consistent with a biometric match.
• FIG. 2 shows a number of valid and stable biometric code bits over the time 200 taken to generate the biometric code in accordance with some embodiments of the present disclosure.
• a time ta e.g., after a suitable number of frames such as 8 frames
• t R 208 e.g., after the processing of additional frames of biometric data
• the system may determine a number of valid bits N R 206 that are suitable for processing of biometric codes.
• the system continues to generate biometric code bits and will generate NV 204 bits, wherein NV is a limit of convergence for the number of valid bits during the biometric image capture process.
• the maximum number of valid bits may vary by biometric parameter and image quality (e.g., resolution).
• the number of valid bits, NV may be at least 85% of the total number of biometric code bits, N.
• the number of valid bits may be at least 95% of the total number of biometric code bits.
• the increased number of differentiating biometric features reflects a high biometric entropy.
• a biometric source with a sparse number of differentiating features can provide a smaller percentage of valid bits (e.g., 75% of the biometric code bits are valid by meeting a certain confidence threshold).
• Biometric entropy is a quantity linked to the possible number of differentiating patterns that can be associated with biometric sources of similar patterns. This quantity is determined with the assumption that a group of biometric sources patterned similarly can be represented by one binary code. The biometric entropy considers an existing partial dependency of bits between each other even hidden by a cryptographic salt.
• the 2D electronic SRI is modified by linear transformations.
• the electronic SRI representations can be projected on a base of normalized and orthogonal vectors.
• the orthogonalization guarantees internal independence of each compound of the code.
• the base of projection may be needed to filter out or reject effects of dependencies between pixel gray levels.
• the sampled collection of information must collect independent features.
• the system may take an auto-correlation on the polar angle and radial coordinates of the biometric patterns that comprise the captured image.
• a rich biometric pattern may have a sharp and narrow auto-correlation function, indicating that the features of the biometric sources are very different from one another.
• Using independent vectors with bitwise independency is important to prevent a security breach that can be caused by bitwise dependency (e.g., some bits can be determined from others). These vectors may also be referred to as “feature vectors.”
• feature vectors have properties designed for biometric identification.
• a feature vector is orthogonal from other feature vectors to maximize the independency of each bit inside a code. For example, the third element in the vector is not a modulo 2 of the sum of the first and second elements.
• the feature vectors may be optionally normalized if the amplitude of the feature vector possesses variations that may cause an improper characterization of the biometric source (e.g., boundary variations, which will be described in other parts herein). Feature vectors may be selected such that they represent sections of the biometric source that are exposed to the camera or other capture device most often and are not corrupted by interfering objects (e.g., eyelashes for iris, hair for facial, and debris for fingerprint, etc.).
• FIG. 3A – 3C show a stable iris annulus 1D signal obtained from a 2D iris image 300 in accordance with some embodiments of the present disclosure.
• Feature vectors may be obtained by taking the Fast Fourier Transform (FFT) of a one-dimensional representation 340 of a stable iris annulus.
• the stable iris annulus can be a section of a ring of an iris containing iris patterns without any obstruction from interfering eye features such as eyelashes.
• FIG. 3A an exemplary two-dimensional image of an iris is depicted in FIG. 3A.
• a raw image 302 captures an image of a portion of a user’s face, including an eye 304.
• an external iris boundary 306 may be identified as well as an external boundary of a pupil 308 and a specular reflection on the cornea 310. These features may be used to identify an iris including features 314 to capture for iris recognition.
• a stable iris annulus 312 corresponds to a portion of the iris that should not change between image captures and that is unlikely to be obstructed by objects such as eyelashes or the like. [0065] The stable iris annulus 312 may be represented through polar coordinates as depicted in FIG. 3B.
• a normalized iris image 324 may include a depiction 320 of the iris in polar coordinates, including an iris pattern 328, obstructions such as eyelashes 326, and cropped regions 322.
• Data in the form of a stable iris annulus 1D signal 340 may be captured from the stable iris annulus region of the polar coordinate image, as depicted in FIG. 3C.
• the stable iris annulus 312 can be multiplied by a smoothing function to remove boundary variation effects.
• frequencies 1 and 2 are subject to an illumination gradient.
• the discrete frequencies can be considered as wavenumbers with units of cycles per unit distance or radians per unit distance.
• frequencies 4 to 12 may carry most of the iris features present in an iris image.
• the feature vectors, following FFT properties, are orthogonal.
• an iris pattern of frequency 4 can be out of phase with an iris pattern of IUHTXHQF ⁇ DQG ⁇ WKH ⁇ SKDVH ⁇ VKLIW ⁇ FDQ ⁇ EH ⁇ D ⁇ YDOXH ⁇ IURP ⁇ WR ⁇ LQFOXVLYH ⁇ ZLWK ⁇ DQ ⁇ equal probability of being any such value.
• the feature vectors may be in binary. In some embodiments, binarization of feature vectors may be done with the encoding of positive and negative amplitudes into 1’s and 0’s, respectively.
• a single feature vector can be represented by a complex amplitude that can be further represented by two independent and orthogonal vectors with real amplitudes.
• a complex single vector can be separated into a sum of two real components (e.g., using Euler’s method).
• the signs of the amplitudes of the two real components may indicate the values of the feature vector bit. In this way, there is an equal probability of encoding the bit to a 0 or a 1.
• the stable iris annulus can be modified by a smoothing function to avoid boundary variation effects. Particularly when using FFT, it may be useful if the boundaries of the discrete signal do not differ by too large a magnitude such that the system does not incorrectly determine a high-frequency response at the boundaries of the discrete signal.
• a smoothing function can be multiplied with the stable iris annulus signal prior to taking the FFT (e.g., by multiplication of the iris annulus signal with a Hamming window). In this way, the ends of the iris annulus signal can be similar values that do not cause false high-frequency responses when an FFT is taken.
• 24 valid bits may be collected. For example, in a proof-of-concept experiment, the system was able to collect 24 valid bits of 32 total bits for 2% of the sampled population (e.g., 2% of the population may have poor iris patterns). The 24 valid bits representing a poor iris pattern may result in a low biometric entropy of only 64,000.
• An exemplary biometric entropy carried by the masked code with 24 valid bits and measured for average iris quality for two eyes is approximately 250,000.
• the entropy of fully independent 24 valid bits is 16,777,216 (e.g., 2 ⁇ ).
• the proof of concept also used at least two concentric annuli at different diameters on the iris, which led to partial correlations between the annulus due to a nonzero radial correlation on natural iris features.
• the entropy is reduced to approximately 250,000 because of the partially correlated pairs of bits.
• the FAR can be reduced by increasing the number of bits in the validity mask.
• the scan of the iris is limited to the most frequently exposed region of the iris.
• the validity mask associated with an iris code may be subject to change on a few bits each time a respective user registers. In some instances, the repeated registration of the same person makes the biometric identity more secure by these validity mask bits changes. The registration is automatically revocable by a new registration as it will produce a different minor validity mask and so consequently a different compact code (CC), as described herein.
• Fingerprint capture 400 both in the registration and authentication and/or identification steps of the process, may require accurate and consistent capture of a particular portion (i.e., a “region of interest”) of the fingerprint, to facilitate analysis of the same fingerprint features and generation of the same biometric code can be extracted at each new scan of a same finger.
• fingerprint capture may be performed in accordance with a threshold or quality test procedure. However the fingerprint data is obtained (e.g., by optical sensing, capacitive sensing, ultrasonic sensing, thermal sensing), data relating to the location, width, depth, and other features of a fingerprint are captured.
• captured fingerprint data may be used only when a quality score threshold is met.
• the captured fingerprint data may be enhanced for further analysis, such as by post-processing or filtering. For example, a non-linear filter may extract the ridges of a fingerprint with enhanced contrast, resulting in a filtered fingerprint image that is closer to standardized fingerprint patterns. Filtering may also reduce impacts of variations of pressure, moisture, environmental conditions, and in some embodiments, may modify these conditions based on current or recent measurements or analysis of such conditions.
• a fingerprint image can be analyzed over numerous samples over a period of time, allowing for further sharpening and filtering.
• reference point 410 e.g., for identifying an ROI
• the location of interest may be identified in a variety of manners, in some embodiments the location of interest may correspond to known or typical fingerprint features that generally correspond to a central area of the fingerprint (e.g., corresponding to locations where particular ridge patterns are typically located). The selection of ROI position should reflect the most frequent central zone exposed to the sensor to make the user experience smooth and natural.
• a reference orientation (e.g., axes 412 and 414) may be identified.
• fingerprint orientation e.g., axes 412 and 414.
• one exemplary property of a fingerprint orientation search is to acquire a repeatable orientation reference axis having low sensitivity to variations of collected data due to the particular manner that the fingerprint is being scanned (e.g., device used for capture, moisture, finger pressure, environmental conditions, etc.).
• a repeatability of the reference orientation such as a variation of an DUELWUDU ⁇ ILQJHU ⁇ D[LV ⁇ RI ⁇ )RU ⁇ H[DPSOH ⁇ WHFKQLTXHV ⁇ VXFK ⁇ DV ⁇ DQJXODU ⁇ KLVWRJUDP ⁇ RI ⁇ gradients, moments, and the like are well known in the art and may be used to identify the reference orientation.
• An exemplary formal mathematical expression comprises a coordinate system ⁇ ( ⁇ ⁇ , ⁇ ⁇ , ⁇ ⁇ ), where ⁇ ⁇ and ⁇ ⁇ are set by the stable reference orientation measurement, and ⁇ ⁇ is orthogonal to the fingerprint plate.
• One or more regions of interest may be identified from the captured fingerprint data for extraction of biometric features.
• a region of interest e.g., square, oval, other shapes, a predetermined number of ridges from a reference point, etc.
• an ROI may have a circular shape and may have a of 2 mm diameter to 10 mm diameter.
• a larger ROI results in a higher biometric entropy for the captured data, but adversely creates a greater probability that the entire ROI will not be collected for a particular fingerprint scan.
• the ROI may be selected and/or dynamically modified based on capture conditions, capture hardware, required security levels, and the like, for example, based on requirement that provide an appropriate compromise between FAR and FRR.
• FIG. 5 depicts an exemplary ROI 504 of a captured fingerprint 502 in accordance with some embodiments of the present disclosure.
• An ROI location, shape, and orientation can be selected in a variety of manners.
• an ROI can be arbitrarily set in the middle of a captured image, without regard to an actual “middle” location of the fingerprint. For example, if the same region can be consistently captured in registration and authentication/identification, the particular fingerprint region may not be required to be the actual center or include specific minutia or features.
• an initial position may be close to the center of the fingerprint region the user will expose during normal use of a fingerprint scan on the sensor (e.g., even when scanning in haste, most users capture at least a portion of the center of the fingerprint).
• a good user experience requires having the full ROI disk overlapping the captured region of the finger. Cropping of the ROI disk will not allow generation of a stable biometric code, as fingerprint features used to generate the code will be missing or incomplete due to a cropped region contributing negatively to the amplitude of a sub-set of feature vectors calculated from the features within the ROI.
• FIG. 6 depicts an exemplary ROI orientation and identification and registration and authentication/identification in accordance with some embodiments of the present disclosure.
• the selected ROI from the registration step should be relocated in the fingerprint capture of the verification step.
• a first fingerprint capture 602 from a registration stage is depicted with respect to x-and-y axes corresponding to the capture region.
• a circular ROI 614 is located near the center of captured fingerprint 602.
• the ROI is oriented along axes 606 and 608, which provide a frame of reference and orientation for the ROI 614 as depicted in resampled ROI 612.
• An axis 610 is located at the center of the ROI 614 and extends parallel to the x-axis of the capture region.
• An angle ⁇ Ri represents the angle between the axis 610 and axis 608 of the ROI 614.
• a second fingerprint capture 622 from a verification stage is depicted with respect to x-and-y axes corresponding to the capture region.
• the second fingerprint capture 622 is of the same fingerprint as the registration fingerprint capture 602, but is located at a different area of the capture device and at a different orientation.
• a circular ROI 634 is located near the center of captured fingerprint 622.
• the ROI is oriented along axes 626 and 628, which provide a frame of reference and orientation for the ROI 634 as depicted in resampled ROI 632.
• An axis 630 is located at the center of the ROI 634 and extends parallel to the x-axis of the capture region.
• An angle ⁇ Vi represents the angle between the axis 630 and axis 628 of the ROI 634.
• the x-axis and y-axis coordinates (e.g., X Vi and YVi) of the center point of ROI 634 and the angle ⁇ Vi define the location and orientation 624 used to establish resampled ROI 632 for generation of biometric codes for comparison to registration biometric codes.
• the relocation will have to meet a certain level of accuracy.
• the extraction of feature can be truncated and shifted.
• some bits of the biometric code may be calculated incorrectly and a false rejection may occur.
• the relocation will not work or will find some unpredictable region having few criteria of similarity. If the relocation algorithm returns an error message, there may be no need to try to issue a code, as this is a threshold true rejection event. If the relocation algorithm returns a position and orientation of the ROI, the internal fingerprint pattern will differ and will issue a different code.
• FIG. 7 depicts the operation of exemplary fingerprint ROI relocation operations in accordance with some embodiments of the present disclosure.
• Some exemplary fingerprint algorithms may perform relocation based on stitch scans of different regions of a same finger by registering images of the finger while it is moving between different locations of a screen. Identification of a common overlap allows the system to find regions that stitch together and to build a complete template. Such stitching algorithms can provide coordinates for relocation from an arbitrary origin point.
• correlations of portions of captured fingerprint data may be used for relocation.
• an origin or reference of a location 704 may be considered the location of one central image of the fingerprint 702 acquired during the registration phase, with the orientation of the ROI 706 corresponding to axes 708 and 710.
• an annular relocation region 712 of the captured fingerprint 702 data is selected that encircles the ROI 706 but that has in inner diameter that is only slightly larger than the outer diameter of the ROI 706. In this manner, use of the relocation region may be closely tied to features adjacent to the ROI 706 and thus unlikely to produce errors due to issues such as finger placement location, pressure, distortion, and the like.
• a separation gap may be retained between the relocation region 712 and the ROI 706 for feature vectors extraction to produce the biometric stable code.
• the collected and pre-processed data used for relocation may be included in the biometric public code structure passed to the authentication process. This data may then be used to compute and find the relocation coordinates in the identification/authentication data collected during verification.
• the relocation data may be provided in a manner such that none of the underlying biometric information relating to the relocation region is transferred in the biometric public code.
• An exemplary relocation region 714 is analyzed and quantized in a manner to permit comparison to similar regions 732 (e.g., having the same inner and outer diameter relative to the center point 726) of fingerprint data 722 acquired for verification.
• similar regions 732 e.g., having the same inner and outer diameter relative to the center point 726
• a candidate fingerprint used during verification may not be applied at the same location and orientation (e.g., based on axes 728 and 730) as the fingerprint data 702 acquired during registration.
• a correlation of quantized data for respective relocation regions 712 may be performed according to correlation techniques known in the art, and as is depicted in FIG. 7.
• orientation 716a of the relocation region 714 may result in a low correlation as depicted at 716b, when correlated with a relocation region 732 oriented as depicted in FIG. 7 (e.g., the relocation regions are oriented approximately 90 degrees apart).
• orientation 718a of the relocation region 714 may result in a low correlation as depicted at 718b, when correlated with a relocation region 732 oriented as depicted in FIG. 7 (e.g., the relocation regions are oriented approximately 45 degrees apart).
• orientation 720a of the relocation region 716 may result in a correlation peak as depicted at 720b, when correlated with a relocation region 732 oriented as depicted in FIG. 7 (e.g., the relocation regions are oriented overlapping).
• better processing efficiency may be obtained by performing the FFT of the correlation template with the captured verification image.
• Rotation management may be handled by a loop of correlation by rotating the template by a small rotational angle step.
• the bottom right fingerprint image demonstrates one exemplary embodiment for identifying feature vectors from fingerprint information once a fingerprint location and orientation (e.g., during registration and/or verification) are identified.
• a fingerprint location and orientation e.g., during registration and/or verification
• mapping of ridge directions may be performed by collecting a two dimensional meshing with normalized vectors. There are multiple possible algorithms to extract the ridges-direction, such as, in one exemplary embodiment, utilizing the normalized orthogonal direction to the ridges. In the exemplary embodiment of FIG.
• a set of signals may be collected from vectors on ridges based on their orientation to a set of ellipses, such as ellipses 416, 418, 420, and 422.
• each of the ellipses is centered on a fixed coordinate point in the coordinate system.
• the configuration of the ellipses e.g., size, orientation, eccentricity
• may set e.g., dynamically based on captured images in a manner that approximates a fit to the ridge structures, resulting in a lower sampling rate and reduced computational load.
• FIG. 8 depicts exemplary fingerprint ridge vector identification and processing 800 in accordance with some embodiments of the present disclosure. Consistent with FIG.
• a fingerprint capture 802 includes a center point 810 and orientation axes 812 and 814.
• Ellipses 816, 818, 820, and 822 are situated relative to ridges of the fingerprint 802.
• ridge locations may be identified relative to portions of the ellipses.
• each orientation vector may be normalized such that for each vector Un ⁇ a normal direction vector of the ellipse (e.g., vectors 830, 834, 838, 842, 846, and 850).
• the fingerprint layout vector Vn ⁇ is also acquired (e.g., vectors 832, 836, 840, 844, 848, and 852), with the vector V n ⁇ normalized also.
• the vectors U n ⁇ and V n ⁇ may be oriented external to the ellipse.
• Sample results 860 may depict exemplary sample results determined according to this methodology.
• the discrete FFT Fast Fourier Transform
• Frequencies beyond 12 may provide less stability as a result of having higher sensitivity to noise, finger pressure, errors of measurement on reference point position, and direction.
• the retained feature vectors are independent inside a common collecting ellipse. This result may be a feature resulting from the nature of individual fingers and the orthogonality of the Fourier base.
• the respective gaps between ellipses may be selected to optimize gap distance and correlation between ellipse vector results. In some embodiments, using around 4 or 5 ellipses provides a good compromise to provide independent bits with high entropy.
• a validity mask may be calculated for the data. For each ellipse and each frequency, the resulting output has a complex amplitude. The real part and the imaginary part may be separated as amplitudes of separated feature vectors.
• a threshold of an absolute value of amplitude may be applied to determine the associated bit code and can be retained or discarded. If the threshold is exceeded, the bit can be considered as valid and usable for a biometric code as described herein.
• the validity bit may be 1 when the amplitude meets the threshold criteria and 0 when it does not.
• an accumulation frame by frame of feature vector amplitudes can be optionally included to improve the stability of the measurement.
• the registration process may continue until the minimum number of required valid bits is hit and the minor validity mask may be set.
• the code bit value will be set by the sign of amplitude of the corresponding feature vector (e.g., 1 for positive, 0 for negative).
• the process or collecting valid bits continues until all the validity mask bits at 1 from the registration will reach a 1 for the verification phase, as described herein for other biometric modalities.
• FIG. 9 depicts an exemplary embodiment of biometric registration and authentication in accordance with some embodiments of the present disclosure.
• the process will be described in the context of a fingerprint type biometric data, although it will be understood that the disclosure of FIG.
• a registration device 902 and an authentication device 904 are used at different times to first acquire the biometric data of a user and then authenticate the user at a later time based on a later acquisition of the same biometric data.
• a biometric capture device 906 such as a fingerprint capture system (e.g., optical sensing, capacitive sensing, ultrasonic sensing, thermal sensing) may capture biometric data of a user.
• a registration portion 908 of the registration device 902 may perform operations as described herein in order to generate biometric codes, keys, and related data (e.g., relocation information) for performing biometric registration and authentication as described herein.
• an ROI or set of ROIs may be selected and projected onto a feature vector base, and feature vectors may be selected (e.g., based on acceptability for consistent binarization and low likelihood of bit inversion).
• Relocation data may be encoded and selected feature vectors processed with a validity mask.
• the registration portion 908 of the registration device 902 may generate a variety of biometric codes, keys, and related data, in an exemplary embodiment of the present disclosure the registration portion 908 may generate a stable code 910 and public code 912.
• a public code 912 does not contain any biometric information, such that the information carried by the public code 912 does not allow a third party to identify a person by guessing any bit value of the stable code 910.
• This separation between the public code 912 and the stable code i.e., which includes biometric information, which is later obscured such as by hashing before being released for use) facilitates a system in which actual underlying biometric data never needs to be transmitted or stored.
• the public code 912 is generated at the registration stage only (e.g., at registration device 902), while in some embodiments, a public code may be a modification of earlier public code.
• the public code 912 may function to facilitate the stable code 910 generation algorithm to get the proper feature vectors listed and sorted that will enable stable bit extraction when the biometric scan comes from a genuine person.
• the public code 912 may include information used to select the feature vectors that are in turn used to rebuild the stable code 910.
• the particular manner of operation of the public code 912 may vary based on the particular biometric modality.
• the public code contains guiding information telling a device during another biometric capture where the stable or repeatable features are located that are to be used for binarization and how all this information is sorted.
• the public code answers to the question of “where is the information?” However, in answering that question the public code does not contain any information allowing any third party to guess any bits of the stable code in the absence of the actual underlying biometric information.
• the public code can include a validity mask, which delineates which bits derived from biometric information should be considered valid and which bits should be discarded.
• the calibration of extraction of feature vectors may be automatically controlled by use of natural boundaries and easy locating points such as the internal and external biometric boundaries, or detection of a common axis between the two eyes.
• a fingerprint more complex information may be required in the public code, because a fingerprint may have a limited number of natural boundaries or common and repeatable patterns.
• a public code 912 may include a variety of data types and structures
• an exemplary public code 912 for captured biometric data may include a variety of information that, while not identifying any aspect of the underlying biometric data, assists in the generation of biometric stable codes during authentication that may be compared bitwise (e.g., after generation of a repeatable code such as by hashing) with the biometric stable code 910.
• the public code may include data for relocation of a fingerprint captured during authentication as well as calibration data for generation of a stable code.
• Exemplary relocation data may include information for identifying particular features for relocation, such as a table of pixel data containing features of interest and a table of selected coordinates of feature vectors in a feature vector space.
• Exemplary data for calibration may include information such as a table of reference phases (e.g., 1 value per selected feature vector) and optional information such as salt bits, obfuscating code, and data representing a validity mask.
• Relocation data may be processed and stored in a variety of ways, depending on factors such as the particular relocation method used, available bits of the public code 912, and the like.
• One exemplary way to produce relocation data is to produce a kernel of correlation data extracted from the registration scan data with an annular mask encircling the ROI.
• the relocation process will attempt a sequence of correlations with the correlation kernel rotated at different angles by small steps (e.g., every 2 degrees) as compared to the acquired authentication data.
• the maximum of all correlation peaks will correspond to the location for translation (e.g., on the x-and-y axes of the acquired data) and the angle of rotation ( ⁇ ) around the ROI center point after translation.
• the ROI data may be resampled at the translated and rotated coordinates so the matrix of data including the feature vectors projection is ready for further processing.
• a stable code 910 may be a binary code or a sequence of characters issued from the binarization of the projection of the biometric scan.
• a table of selected coordinates of feature vectors in feature vector space may be a list of coordinates in the feature vector space. These coordinates may be selected at the registration phase as coordinates that correspond to stable feature vectors. As depicted and described with respect to FIG. 10 herein, particular coordinates may be selected to provide independent bits for use in generating the stable code 910.
• a number of rules may be enforced with respect to the statistical properties of the fingerprint patterns and texture in the space of feature vectors.
• the sequence and selection of used feature vectors for the stable code 910 is guided by the public code 912.
• the size of the stable code 910 may be directly dependent of the number of independent feature vectors identified as strong during registration. For example, for a fingerprint acquired at 500 dpi and ROI diameter 4mm, an exemplary number of stable bits may be 64. A high level of internal independency of bits is enabled based on an orthogonal base of feature vectors.
• FIG. 10 depicts exemplary extraction of feature vectors for use in developing a stable code 910 in accordance with some embodiments of the present disclosure.
• An efficient space to search for extracting stable feature vectors is present in the Fourier space of the ROI.
• An FFT operates on a complex matrix of the discrete Fourier Transform.
• a two-dimensional FFT is operated on matrix size 2 n ⁇ 2 n , with n being a positive integer value.
• a value of n 6 or may be utilized for fingerprint scans (e.g., corresponding to a resolution of 500 dpi) to cover the ROI without underdamping the image and to cover the range of spatial frequency where stable features are found.
• An exemplary advantage of using the Fourier space includes having control of the spatial frequency bandwidth to collect stable features.
• Another exemplary advantage of using the Fourier space may be that each vector is a function of all collected pixel data in the ROI, such that there is not a strong dependence of a local area that could be corrupted by scratches or points of moisture or other types of fingerprint data corruption.
• Another exemplary advantage of using the Fourier space that the frequency selection may automatically reject very low frequencies that are more related to variation of pressure or moisture of the finger than actual biometric features.
• a fingerprint 1002 may be associated with an ROI 1004, that in turn is centered at the intersection of axes 1006 and 1008 and oriented with respect to these axes.
• an identified ROI 1010 may be relocated, and the relocated ROI 1012 may be analyzed based on a two- dimensional map 1014 of an FFT of the relocated ROI 1012.
• four respective quadrants 1016, 1018, 1020, and 1022 are selected in the low and medium spatial frequencies on the two dimensional map 1014 of the FFT.
• quadrants 1020 and 1022 may be symmetrically redundant because the input matrix is a real matrix.
• the result is an even complex function where the real part and imaginary part are represented in two separate matrices, as represented by real and imaginary data 1024 and 1026 (real and imaginary data with respect to quadrant 1016 and feature vector 1032), and real and imaginary data 1028 and 1030 (real and imaginary data with respect to quadrant 1018 and feature vector 1034).
• real and imaginary data 1024 and 1026 real and imaginary data with respect to quadrant 1016 and feature vector 1032
• real and imaginary data 1028 and 1030 real and imaginary data with respect to quadrant 1018 and feature vector 1034.
• lighter areas may correspond to negative values
• grey areas may correspond to positive values.
• FIG. 11 depicts an exemplary supporting mask of a region of interest in accordance with some embodiments of the present disclosure.
• FIG. 11 depicts an exemplary ROI before masking (1102) and after masking (1104).
• a supporting mask of the ROI may be a disk or an ellipse with low eccentricity.
• This cropping mask may provide a level of performance independent of the finger orientation, and in some embodiments, may be apodized by a rotational symmetrical revolute smoothing function as shown at 1104.
• a function having a “hat” shape can be used, 5 including a hyper-gaussian function such as the following: [0113]
• the apodization may provide better numerical stability on amplitudes of f eature vector projection ⁇ ⁇ ⁇ ( ⁇ , ⁇ )
• a relocation error in translation may produce a phase shift.
• FIG. 12 depicts exemplary feature vector maps extracted from four captures 1212, 1214, 1216, and 1218 of the same finger at different times 1202, 20 1204, 1206, and 1208 in accordance with some embodiments of the present disclosure.
• a texture in the Fourier base from fingerprint data processed as described herein may produce peaks and valleys that are consistent from one biometric scan to another.
• the results may be resilient to error sources such as natural relocation errors, changes in fingerprint pressure, moisture, noise from the 25 sensor, and the like.
• the peaks and valleys of the feature vectors due to fingerprint features such as ridge position may be orders of magnitude more prominent and stable than changes due to finger placement, pressure, moisture, sensor noise, and the like.
• each of a first quadrant 1302 feature vector and second quadrant 1304 feature vector 1304 includes respective real and imaginary parts (real part 1306 and imaginary part 1308 for first quadrant 1302, and real part 1310 and imaginary part 1312 for second quadrant 1304).
• peaks and valleys in the range of discriminant frequencies may be identified.
• an evaluation of volume continence of these peaks and valleys may provide a good estimator of the respective strength of these peaks and valleys.
• Stability maps 1316 may represent the degree to which feature vectors have errors over a number of scans after binarization. For example, the darker zones may represent portions of the feature vectors that experienced errors during the number of scans under test (e.g., at least one error per hundred scans) while light regions may represent feature vectors that did not experience errors, or experienced less than a threshold percentage of errors. Stable feature vector locations 1318 may correspond to locations within the feature vectors that are possibilities for binarization based on exceeding a threshold level of stability.
• FIG. 14 depicts an exemplary fingerprint capture with multiple ROIs in accordance with some embodiments of the present disclosure.
• Each ROI may have a shape and size (e.g., circular with a particular diameter) such that multiple ROIs can be obtained from a single typical fingerprint. Acquiring multiple ROIs at registration and authentication may provide additional tolerance against user or equipment error, or damaged fingerprints that do not provide a complete fingerprint image.
• multiple ROIs e.g., ROIs 1406, 1408, and 1410 of a fingerprint image (e.g., fingerprint image 1402) may allow the establishment of multiple independent feature vectors and associated public codes and stable codes, for example, based on respective ROI feature vectors (e.g., feature vectors 1412, 1414, and 1416) and the respective real and imaginary parts of data quadrants formed therefrom (e.g., real part 1418 and imaginary part 1420 of a first quadrant and real part 1422 and imaginary part 1424 of a second quadrant).
• FIG. 15 depicts an exemplary phase calibration for binarization of feature vector data in accordance with some embodiments of the present disclosure.
• a phase reference for binarization of the feature vector data can be set (e.g., centered) based on the measured phase at registration.
• the phase reference may then be recorded in the public code for each feature vector.
• a number of operations may be performed to remove any biometric information from the phase reference information of the public code, such that no discernable biometric data nor any information that can be used to determine underlying biometric data is included in the public code.
• Feature vector samples 1502 depict a first set of acquired feature vectors “j” on real (x-axis) and imaginary (y-axis) axes for a first acquired fingerprint of a first user, while feature vector samples 1504 depict a second set of acquired feature vectors “k” on real and imaginary axes for a second acquired fingerprint of second user.
• Calibrated feature vector samples 1506 and 1508 correspond to “j” feature vector samples 1502 after binarization about the real axis, e.g., such that the resulting feature vector samples 1506 and 1508 are clearly defined by their real components and enabling binarization based on the feature vector sample values on the real axis (e.g., “j” feature vector samples 1506 corresponding to “0,” “j” feature vector samples 1508 corresponding to “1,” or vice-versa).
• Calibrated feature vector samples 1510 and 1512 correspond to “k” feature vector samples 1504 after binarization about the real axis, e.g., such that the resulting feature vector samples 1510 and 1512 are clearly defined by their real components and enabling binarization based on the feature vector sample values on the real axis (e.g., “k” feature vector samples 1510 corresponding to “0,” “k” feature vector samples 1512 corresponding to “1,” or vice-versa).
• phase calibration for binarization may be performed in different manners, for example, by calibrating for binarization about the imaginary axis.
• the measured complex amplitude Aj may be multiplied by ⁇ ⁇ ⁇ to reduce the probability of error in binarization where ⁇ corresponds to the reference phase that is to be recorded with the public code.
• ⁇ corresponds to the reference phase that is to be recorded with the public code.
• the result may correspond to ⁇ ⁇ ⁇ .
• the reference phase may be recorded in encrypted form by a random inversion of the phase. An inversion of phase inverts the associated bit code.
• the original phases before applying the sequence of random inversion of phase reference may not be recorded in the public code, so it will not be possible to guess any bit of the stable code without access to the genuine biometric scan to project the related feature vectors on it.
• An inversion of the phase inverts the associated bit code, for example, as follows: [0121]
• the value for “Bit_rand()” may be 0 or 1 based on a suitable random value generation (e.g., utilizing pure random base generation with equal distributed probabilities 0.5 and 0.5).
• a resulting table of ⁇ ⁇ may correspond to a table of reference phases, with one value per selected feature vector.
• the resulting calibrated feature vector samples may correspond to the following: [0122]
• a more precise estimation of ⁇ ⁇ may be obtained by performing the registration over multiple biometric (e.g., fingerprint) data captures by averaging the respective amplitudes associated with captured data.
• an equivalent relocation error contribution from the registration stage may decrease in accordance with the inverse square root of the number of registration captures.
• the function Bit_rand() may produce random bit values 0 or 1. From a cryptographic perspective, the random bit generator may provide as close to true random data as possible.
• Random values created such as by a pseudo-random generator may include deterministic sequences that could result in a security breach.
• the underlying random values utilized for the phase calibration may not be recorded in the public code, such that for each phase reference recorded in the public code it is not possible to determine whether the particular bit for the phase reference was inverted or not during the generation phase.
• the captured biometric (e.g., fingerprint) data from registration may contain a number of different categories of noise, such as shot noise, that may be largely or entirely uncorrelated with underlying information that is useful for generating the public code and/or primary code.
• FIG. 16 depicts an exemplary binarization of feature vector amplitudes in accordance with some embodiments of the present disclosure. The representation of FIG. 16 simplifies the two dimensional signal into a one dimensional signal for clarity of the representation of feature vectors (x-axis) versus amplitude (y-axis).
• feature vector data may be binarized in a number of ways based on amplitude and changes in amplitude
• the feature vectors are identified and binarized based on amplitude zero crossings (e.g., where a zero amplitude crossing occurs at a threshold slope value, the zero crossing exceeds a threshold portion of feature vector data along the x-axis, and/or the maximum amplitude (e.g., at slope equal to zero) for the zero crossing exceeds a threshold).
• amplitude zero crossings e.g., where a zero amplitude crossing occurs at a threshold slope value, the zero crossing exceeds a threshold portion of feature vector data along the x-axis, and/or the maximum amplitude (e.g., at slope equal to zero) for the zero crossing exceeds a threshold.
• a set of feature vectors Fvi 1602, Fvi+11604, Fvi+2 1606, Fv i+3 1608, Fv i+4 1610, and Fv i+5 1612 may be identified as having corresponding zero-slope amplitude peaks/valleys A i (for Fv i 1602), A i+1 (for Fv i+1 1604), Ai+2 (for Fvi+21606), Ai+3 (for Fvi+31608), Ai+4 (for Fvi+41610), Ai+5 (for Fv i+5 1612).
• a peak (amplitude > 0) may correspond to a binary “1” while a valley (amplitude ⁇ 1) may correspond to a binary value of “0.”
• binarization may be based on certain respective feature vector parameters meeting threshold conditions, such as the absolute difference between feature vector amplitudes (e.g., zero-slope peaks and valleys) exceeding a threshold, requiring a zero amplitude crossing between peaks and valleys, absolute value of amplitude at peaks and valleys, other suitable techniques, and combinations thereof. Stricter requirements for feature vector value binarization decrease the number of bits but reduce the probability of bit inversion on verification as a result of natural variations.
• a validity mask of public code 912 may also be generated as a component of the public code 912.
• the validity mask may not contain any biometric information or any other mention that enables derivation of any bits of the stable code 910.
• Each bit of the validity mask may be associated with a bit of the generated stable code 910.
• the set of feature vector coordinates used to generate the stable code 910 may not require the use of a validity mask for registration or authentication, since a valid bit may exist for each feature vector used to generate the code.
• introducing a validity mask into the public code 912 may provide significant additional flexibility for the creation of pairs of stable code bits.
• a validity mask applied on the stable code e.g., by an AND Boolean operator
• the stable code 910 may undergo a hashing operation 914 (e.g., as an example of generating a repeatable code). Because the stable code 910 is the sole source of underlying biometric information (i.e., biometric information cannot be determined from public code 912), the hashing algorithm should be a robust one- way hashing algorithm (e.g., SHA-256). In some embodiments, a salt may be utilized for the hashing operation 914.
• the biometric code size for the stable code 910 may be directly dependent on the number of independent stable bits that were collected during the registration process. For example, utilizing existing fingerprint capture techniques, it may be possible to collect 30-70 stable bits on an ROI having a diameter of 3mm to 5 mm.
• the stable code may be normalized to a suitable number of bits (e.g., 2 N bits, where N is an integer) such as by concatenating the stable code into a 64-bit pattern for the hashing operation 914 to generate the biometric hash 918 (e.g., a 256-bit biometric hash generated using SHA256 hashing).
• a repeatable code such as the biometric hash 918 should be long enough to be resistant to attacks such as a brute force attack.
• One manner to expand the number of bits in the biometric hash result is to add a number of “salt” bits.
• the salt bits may be random bits that are included within the public code 912.
• the salt bits are generated by a random process, they do not contain any biometric information. In some embodiments, it may nonetheless be desirable to obscure the salt bits within the public code 912. For example, the salt bits may be interspersed within the public code 912 according to a number of known obfuscation methods. There are efficient confusing methods to mix the salt bits in a code well known by people in the art. This requires adding few more bits of confusing code, so the confusion remains decryptable during the verification sequence.
• the public code may be encrypted by an encryption operation 916 (e.g., symmetric encryption) to create an encrypted public code 920, which can be published for use by authentication devices. Disclosing the encrypted public code 920 does not reveal any of the underlying biometric information, since the only source of biometric information that is retained after the registration process is the biometric hash 918 (i.e., all intermediary biometric data obtained during registration is permanently deleted).
• an encryption operation 916 e.g., symmetric encryption
• biometric information is not available (e.g., all biometric data is deleted, and accessible only by verification versus biometric hash 918), the security of the present system remains strong.
• a hacker with knowledge of what feature vectors are used without having the actual underlying biometric data will not be able to determine bits of the underlying stable code 910 used to generate the biometric hash 918.
• standard symmetric encryption may be utilized to apply strong encryption to the public code 912.
• applying “salt” and “pepper” bits with the relocation information makes identification of bits of the validity mask very difficult for a potential hacker.
• Creating a salted and encrypted public code with a sufficient number of bits results in an encrypted public code 920 that is not realistically possible to hack.
• a simple symmetric encryption 916 of the public code 912 is adequate to confuse the relationship with the underlying base of feature vectors.
• the secure authentication device 904 (or a secure enclave of such a device) may include information to decrypt (e.g., using symmetric decryption 924) to obtain the public code 926.
• Biometric capture 922 (e.g., fingerprint data capture) may be performed and provided to authentication portion 928, which utilizes the information contained in the code to relocate the data from biometric capture 922, reverse salting and obfuscation operations, and apply the validity mask to obtain the stable code 930.
• the stable code may be processed to generate a repeatable code such as by hashing operation 932, which utilizes the same hashing algorithm as hashing operation 914. If the bits of stable code 930 corresponding to obtained biometric data from biometric capture 922 (e.g., as modified by the relocation data and validity mask) matches the bits of stable code 910, the biometric hash 934 will match biometric hash 918.
• biometric hashes may be compared bitwise to authenticate the user, without the underlying biometric information from the biometric scans 906 and 922 ever being accessible outside of the secure registration and authentication devices 902 and 904 (or secure enclaves thereof).
• the biometric data may further be deleted immediately within the secure devices 902 and 904 immediately after being used to generate the stable codes.
• the present disclosure enables a robust bitwise comparison of biometric data without ever compromising underlying biometric data.
• the biometric data is only accessible for the minimal time that it exists in the secure devices, and only to the extent that a hacker can obtain unobstructed access to the secure devices. [0134] FIG.
• FIG. 17 shows a process 1700 for biometric verification using a primary biometric code in accordance with some embodiments of the present disclosure.
• the system can determine a binary code 1704 that represents the captured biometric data 1702.
• a primary code 1706 not having an associated validity mask, an exact match with the entire primary code from registration is required for a bitwise match.
• the system may verify genuine identity match only when all bits of the biometric codes (e.g., biometric codes 1708 and 1712) under trial match the enrolled biometric code (e.g., as indicated by confirmation bits 1710 and 1714), where the enrolled biometric code is also the primary biometric code.
• FIG. 18 shows a process 1800 for biometric verification using a masked biometric code in accordance with some embodiments of the present disclosure. After capturing the biometric data 1802, the system can determine a binary code 1804 that represents the captured biometric data 1802.
• the system may then determine a validity mask 1806, wherein the validity mask can be the same length as the biometric code (e.g., biometric code that is 8 bits long is associated with a validity mask that is also 8 bits long, etc.).
• the masked biometric code does not have to exactly match the enrolled biometric code for all bits because of a validity mask 1806 that enables or disables certain bits of the biometric code 1804 for verification.
• the second bit of an 8-bit validity mask 1810 may be set to ”0,” thereby disabling the second bit of the enrolled biometric code 1808.
• the third bit of the 8-bit validity mask 1810 may be set to ”1,” thereby enabling the third bit of the enrolled biometric code 1808 for verification.
• the value of the bit in the validity mask 1810 may indicate if a corresponding biometric code 1808 bit is known and if the bit can be used or not with enough confidence.
• a bit of the validity mask 1810 may be set to ‘1’ only when the corresponding bit of the enrolled biometric code is generated above a confidence level.
• the validity mask 1810 is the result of signal analysis across multiple biometric capture cycles. [0136] Multiple masks may be generated for a single validity mask 1810 associated with a biometric code.
• mask 1816 of trial 1, mask 1822 of trial 2, and validity mask 1812 of the enrolled biometric code have been generated to authenticate trial biometric code 1814 in trial 1, trial biometric code 1820 in trial 2, and an imposter biometric code 1826.
• a generated validity mask 1812 is associated with the first, third, fourth, fifth, sixth, and eighth bits.
• the resulting data potentially used for comparison thus comprises 6 of 8 possible valid bits corresponding to the enabled validity mask bits.
• the mask 1816 tests for a matching first, fourth, sixth, and eighth bit (e.g., a subset of the validity mask from registration).
• the bit of a biometric code under trial 1814 in a position corresponding to an enabled mask bit 1816 must match the bit of the enrolled biometric code 1808 in the enabled bit position.
• an “enabled” bit is one with a value of ‘1’ and a “masked bit” is a bit of the biometric code under trial in a position where a mask bit is not enabled.
• match result 1818 all enabled mask bit positions of the trial biometric code 1814 will match the corresponding bits of the enrolled biometric code 1808.
• the second match trial of biometric code 1820 also determines that all the masked bits associated with the mask 1822 (i.e., with the first, fourth, fifth, and sixth bits enabled) are matching. In this way, the system verifies the identity of the user through the captured biometric data, as depicted by match result 1824.
• at least one bit of the masked bits by mask 1828 may not match the enrolled biometric code.
• the masked bits of the biometric code 1826 under trial do not match the respective bits of the enrolled biometric code 1808 (e.g., at the eighth and fourth bit positions in FIG. 18), as depicted by match result 1830.
• the system rejects the biometric code under trial and may consider the biometric data to be from an imposter.
• the biometric code and validity mask are dynamically checked when generated.
• the amplitudes used to determine the frequency may evolve over time as an annulus signal is recollected again and again. When the amplitudes determined over multiple time frames begin to change less and less, the system may determine a higher degree of confidence for those amplitudes.
• a code may similarly stabilize over additional capture cycles.
• a score function array can measure the sensitivity of each element in the feature vector (e.g., the score function array can represent the differential over time of each frequency amplitude corresponding to the elements of the feature vector). The amplitudes are dynamically checked with each time frame, and may be considered valid once a degree of confidence reaches a threshold confidence value.
• FIG. 19 shows exemplary generation 1900 of a validity mask from received biometric data over time in accordance with some embodiments of the present disclosure.
• An exemplary biometric code and the corresponding validity mask may each be a 32-bit vector. The value of each of the 32 bits is oriented as one row in the chart of FIG. 19.
• Increments in time are shown on the left side of the chart and increase in the direction going from the top to the bottom, starting at time rank 1 and ending at time rank 30, with each time rank corresponding to a capture of biometric data.
• a validity mask of “0.”associated with data does not satisfy a confidence criterion and is indicated by an asterisk, while a validity mask of “1” and an associated value “0” or “1” for the bit of the biometric code are indicated by a “0” or “1.”
• time rank 1 of chart in FIG. 19 there is no data about the consistency of the collected biometric data over multiple samples, as only one sample has been created.
• the 8th bit of the code is determined to be zero with a high enough confidence value that the validity mask is set to “1” and the biometric code is set to “0.” In some embodiments, the 8th bit can remain set at ‘0’ for all future time frames while other bits are determined. For example, in the next time rank, time rank 6, of the chart, the 16th bit is determined to be ”1” after the estimation, done through a score function array, determines that the amplitudes calculated at each time frame have not been subject to relatively large change over time. [0144] By time rank 22 (i.e., corresponding to validity mask and values 1906) of exemplary chart 1900, 22 of the 32 total bits of the code have been determined with confidence values that at least meet the threshold of confidence value.
• the validity mask is also determined to be enabled for bits that meet the threshold and disabled for those that fail to meet the threshold (e.g., bits 31 and 30 can be “0” corresponding to a validity mask of “1” and a value of “0,” bits 29 and 28 can be “*” corresponding to a validity mask of “0,” and bits 25 and 27 can be “1” corresponding a to a validity mask of “1” and a value of “1”).
• the validity mask and values 1906 may correspond to a “minor code.” [0145]
• time rank 30 i.e., corresponding to validity mask and values 1908) of exemplary chart 1900, 22 of the 32 total bits of the code have been determined with confidence values that at least meet the threshold of confidence value.
• the validity mask is also determined to be enabled for bits that meet the threshold and disabled for those that fail to meet the threshold (e.g., bits 31 and 30 can be “0” corresponding to a validity mask of “1” and a value of “0,” bits 29 and 28 can be “*” corresponding to a validity mask of “0,” and bits 24-27 can be “1” corresponding a to a validity mask of “1” and a value of “1”).
• the validity mask and values 1908 may correspond to a “major code.”
• the biometric source can be positioned at a greater variation of locations relative to a capture device because the implementation of the validity mask does not require an exact match between the biometric code under trial and the enrolled biometric code.
• Primary biometric codes can require a tight tolerance on biometric source positioning due to the requirement that an exact match must be determined.
• masked biometric codes may take a reduced amount of time (e.g., 2.5-5X less than a primary code) to determine if captured biometric data is genuinely matched to a user or is an imposter’s biometric data. [0147] Masked biometric codes may also improve the FRR and FAR of biometric identification.
• primary codes requiring the biometric source under trial to exactly match the enrolled biometric data may have up to 50% FRR.
• Masked biometric codes may have lower FRR and can produce no false rejections at all (e.g., 0% FRR) considering all biometric scans at a correct score quality level. While primary codes may have a 0.01% FAR, masked biometric codes can have a much smaller percentage of false acceptances at 0.0001% FAR.
• masked biometric codes may be revoked (e.g., by modifying the validity mask and/or underlying data) while primary biometric codes do not have revocability.
• a hard reset can be performed by updating a stable code.
• the public code can be changed such that the correct stable code and biometric hash cannot be created during authentication, even with a proper fingerprint.
• this revocation can use the previous public code and switch some of the bits to be off by changing some of the bits of the validity mask from 1 to 0. Masking and optionally sorting the bits of the code differently will produce a different code.
• This form of revocation may not be as strong as making a revocation by a hard reset. Only one bit change is enough to get a new hash code having no correlation with a previous hash code.
• the masked biometric code can be used in verification applications involving EDOF lenses, wherein the EDOF provides a stable MTF to further reduce the possibility of error.
• the additional use of an EDOF lens allows for a stable MTF in the spatial frequency bandwidth used to collect the biometric patterns across an extended range of distance. Because the operational working distance range afforded by the EDOF may significantly increase that of a standard lens, the EDOF solution offers a better user experience (e.g., the user does not need to be held in position by a machine to maintain strict distance between the lens and the iris).
• An exemplary biometric capture system may be implemented with a camera or other sensors having an increased speed (e.g., for a camera, based on a suitable shutter speed such as 25 fps) for capture and thus code generation. shortening the time required to perform biometric identification significantly (e.g., less than two seconds, or on a scale of a few hundred milliseconds.
• the system may use an algorithm written in standard C (ANSI) that allows the SDK to be rebuilt for different operating systems (e.g., Android).
• the camera driver may work with a LINUX kernel. There may be a direct MIPI connection between the image capture camera and the allocated processor rather than a USB, which can prevent any security breach over USB data collection.
• FIG. 20 shows masked biometric codes 2000 for an 8-bit minor code 2006 and an 8-bit major code 2016, respectively, in accordance with some embodiments of the present disclosure.
• the quality of the masked code can be measured bit by bit.
• a minor code 2006 uses a validity mask 2004 configured with the minimum of valid bits that will be valid at all attempts for identification.
• a minor code 2006 can be a code that is quickly generated once the criterion of a minimum number of bits is achieved.
• a minor code 2006 comprises 4 valid bits as depicted by validity mask 2004 over 8 total code bits 2002.
• a major code 2016 has the maximum number of valid bits that can be identified. This may require a longer process with a large number of images.
• a major code 2016 comprises 6 valid bits as depicted by validity mask 2014 over 8 total code bits 2012.
• a minor code may be a collection of a number ⁇ ⁇ bits set to be valid, meaning the code may have a score function providing enough confidence on the validity and stability of the bit. These score functions can be separate for each bit or subgroup of bits, depending on the binarization method of the amplitude of the feature vectors.
• An exemplary binarization method uses the sign of the feature vector elements to determine the value of the code bits. The bits may be sorted in an arbitrary but constant order.
• Each sequence of biometric acquisition grouping a sub-sequence of raw biometric capture can produce valid bits and invalid bits.
• the value of bits set to invalid status may not matter as it may be either a ”0” or a ”1.” These bits can be automatically masked by the validity mask.
• the position of valid bits is not necessarily static and strictly repeatable. Some changes can occur from one sequence to another.
• the bits can be classified into three categories: very reliable bits, reliable bits close to the threshold limit of reliability, and unreliable bits.
• the very reliable bits can be rapidly set at valid status in a capture sequence. In some embodiments, all these bits will be present and valid in a minor code.
• the reliable bits close to the threshold limit of reliability may sometimes be set as valid or not at each sequence of biometric acquisition. In this way, there can be changes in the outcome of the validity mask.
• the bits may be set as valid if the capture conditions are favorable and if there is more time given in the acquisition to improve the quality of the accumulated signal (e.g., more acquisitions accumulated may reduce the signal-to-noise ratio).
• the code generated under these conditions can be called a major code.
• the unreliable bits are generated from feature vectors with insufficiently high amplitudes relative to the natural fluctuations (e.g., noise). This can lead to a reliability score below the threshold of acceptance.
• FIG. 21 shows an exemplary flow diagram 2100 of a biometric identification system in accordance with some embodiments of the present disclosure.
• the registration 2102 of a new user starts at step 2106 may include three main steps: Loop acquisition of the biometric data (e.g., including biometric capture 2108 and confirmation of enough data 2110), issuing a minor code 2112, and hashing 2114 to create a biometric code 2116.
• Loop acquisition may involve multiple rounds of acquisition (e.g., until the conditions of decision box 2110 are satisfied) to determine whether adequate data has been obtained, as described herein.
• the feature vector amplitude may be added to the previous qualifying captures. In this way, there is an iterative integration of amplitudes of feature vectors.
• the integration has to have limited support such that the integration will converge to a constant integrated amplitude when the subject is constantly exposed to the biometric sensor.
• the integration can be limited to a number of acquisitions.
• the point spread function (Dirac peak) may be a discrete gate function.
• ⁇ ⁇ , ⁇ is the integrated amplitude of rank of time ⁇ of the feature vector of rank ⁇
• ⁇ ⁇ , ⁇ is the direct measured amplitude of rank of time ⁇ of the feature vector of rank ⁇
• ⁇ is the coefficient of integration.
• ⁇ is of a value 0 ⁇ ⁇ ⁇ 1, and when ⁇ is closer to 1, the integration width is longer.
• the recurrent integration function has the properties of a linear low-pass filter of the first order. A person having ordinary skill in the art can extend that to recurrent summation by an additional order to get a second-order low-pass filter, which may be more efficient when rejecting wrong peaks.
• a validity test can be done on each feature vector amplitude.
• the most important criterion of validity is the stability.
• the quality of the amplitude can be measured by the ratio between the integrated amplitude over the temporal standard deviation of the amplitude ⁇ ⁇ : In some embodiments, if the quality of the amplitude exceeds a threshold quality value (e.g., ⁇ ⁇ , ⁇ > 4, where this is indicative that the amplitude is at least four times the standard deviation of its temporal variation), the associated bit may be considered stable and reliable.
• a threshold quality value e.g., ⁇ ⁇ , ⁇ > 4, where this is indicative that the amplitude is at least four times the standard deviation of its temporal variation
• a recurrent summation of the variance can be used for a limited number of accumulated biometric captures.
• a recurrent summation having the properties of a first-order low-pass filter can be used for a limited number of accumulated biometric captures.
• ⁇ is of a value 0 ⁇ ⁇ ⁇ 1, and when ⁇ is closer to 1, the integration width is longer.
• a general condition for issuing a minor code may be to have enough valid amplitudes to produce directly valid bits. One reason for this is that the number of valid bits increases with the number of biometric acquisitions. In some embodiments, an increased number of bits causes higher entropy but a longer processing time.
• a minor code may be a binary code. The binary code and the validity mask may both be ⁇ bits long.
• each bit of the code can be paired with a corresponding bit of the validity mask, and the validity bits may be sorted the same way the code bits are. This sorting can be done differently according to a secret code to confuse malicious attacks.
• this code and validity mask may be encrypted by a symmetric encryption using a secret private key or an asymmetric encryption where the biometric device keeps the secret private key.
• the minor code may have two distinct uses.
• the minor code is an input code for generating the biometric hash.
• the minor code provides the minor validity mask of the code that can be used as a public code that will allow for the production of the same biometric hash during both identification and authentication.
• the minor code can be composed of ⁇ bits of code noted ⁇ and ⁇ bits of validity mask noted ⁇ .
• This compact code may be an example of a final stable biometric code that can be used for the biometric hash.
• stability may be determined in a variety of manners as described herein, in some embodiments, the stability is assumed as long as the same validity mask is used by the same person who also uses the biometric device that produces the same code bit value enabled by the same validity mask.
• any portions of the bit code that are not enabled by a corresponding validity mask may not matter.
• the Boolean operation generating the compact biometric code produces a ”0” on each bit set as not valid on the minor validity mask.
• the validity mask of a minor code can change by a few bits with each new independent registration on the same user. This property makes a registration intrinsically revocable.
• a new independent registration generating a new minor validity mask has a significant percentage of ranks of validity that changes. The probability of producing the same validity mask may be very low and this probability may decrease quickly with an increasing number of bits of the code. If the revocation is necessary because of the loss of the device or having sensitive biometric data stolen, the new minor validity mask can differ intentionally or be naturally changed.
• This property of revocability may solve the limitation of biometric systems using some biometric distance measurement giving some tolerance on variability of measured data. For instance, if iris registration data has leaked to a third party, a Hamming distance-based identification will accept a new independent registration.
• the revocability of the present disclosure can add higher protection on the biometric data and the minor validity mask, and it offers along the way further security by providing a personal revocable key to enable a biometric authentication of the same person.
• the minor code and validity mask e.g., as part of a public code 2120
• a biometric hash 2116 of the generated stable code is generated.
• the hash may be a digital process that allows any input code to be transformed to a unique code with a constant size that does not allow transformation to reverse the hash back to the original biometric data.
• There are many standardized hash solutions in the public domain such as SHA-1, SHA-2, SHA-256, and SHA-512.
• the strength of the hash may depend mainly on the number of bits output. For example, the greater number of bits output, the less risk of two users with the same hash (e.g., a collision).
• the security of the biometric system can be improved by the addition of cryptography.
• the biometric system may proceed to an identification and verification phase 2104.
• the identification and verification phase starts at step 2122, after which the biometric information of the user is captured in a similar loop process to registration, except that in the mode of identification and verification 2104 the loop confirms that biometric capture data 2124 encompasses the portions of biometric data included in minor code and validity mask (steps 2126 and 2128). If all of those bits cannot be obtained, then the user is likely an imposter.
• FIG. 22 shows an exemplary flow diagram 2200 of a biometric identification and authentication system in accordance with some embodiments of the present disclosure.
• a registration system 2202 starts at step 2206.
• Biometric capture 2208 is performed in a loop, in which the captured data is repeatedly projected on feature vectors 2210, integrated with previous feature vectors 2212, and the biometric code and validity mask are updated at step 2214 until adequate bits for a minor code are obtained at step 2216, as described herein.
• each of the registration system 2202 and the identification/authentication/verification system 2204 may include a private key 2218/2252.
• the private key 2218 may be used to encrypt 2220 the generated compact code and minor validity mask 2222, which may be provided as part of a public code 2230, and in some embodiments, stored in a networked backup device 2228.
• the compact code (e.g., stable biometric code) may be hashed 2224 as described herein to generate the biometric hash 2226.
• An exemplary identification/authentication/verification system 2204 starts at step 2234.
• Biometric capture 2236 is performed in a loop, in which the captured data is repeatedly projected on feature vectors 2238, integrated with previous feature vectors 2240, and the biometric code and validity mask are updated until adequate bits for a minor code are obtained at step 2242, as described herein.
• the minor validity mask 2248 is obtained from the public code 2230 by decryption 2250 based on a public key 2232 (e.g., an asymmetric public key associated with private key 2218).
• the iteratively updated biometric code and validity mask 2242 are processed 2244 based on the minor validity mask 2248 as described herein, and the loop continues until all necessary bits for an eventual biometric hash comparison are obtained at step 2246.
• FIG. 23 shows a process 2300 for biometric authentication comprising a biometric hash in accordance with some embodiments of the present disclosure.
• a registration phase 2304 may receive input code 2302, from which a minor code 2308 including a minor biometric code (MiBC) 2312 and a minor validity mask 2314 (MiVM) may be generated.
• a minor code 2308 including a minor biometric code (MiBC) 2312 and a minor validity mask 2314 (MiVM) may be generated.
• MiBC minor biometric code
• MiVM minor validity mask
• the biometric hash may require a stable input before hashing.
• the stable biometric code has to be strictly the same as the code produced at the registration phase.
• the identification/authentication/verification phase may be required to produce strictly the same compact code 2328 C2 as the compact verification code 2316 C1 generated during the registration phase 2304.
• This requirement may be met by two conditions.
• One condition may be to have access to the minor validity mask 2314 (MiVM) from registration.
• a second condition may be to test at 2326 if all valid bits on the current major validity mask 2324 (MaVM) are also valid on the registered minor validity mask 2314 (MiVM).
• a major code 2322 is obtained (e.g., MaBC).
• the stable compact biometric code 2328 C 2 may be the same as the verification code 2316 C 1 generated during the registration phase 2304 if the same person is presented to the device.
• the respective compact codes may be hashed at steps 2318 and 2330 and compared at 2332 to confirm the identity/authenticity of the biometric input 2320.
• FIG. 24 shows a test 2400 to determine if a code is ready to be hashed in accordance with some embodiments of the present disclosure.
• a test using a bitwise Boolean operation 2414 may be used to determine whether all bits of a valid minor code are valid as well on a major validity mask.
• ⁇ ⁇ ( ⁇ ⁇ ) ⁇ 0? If at least one valid output of the test is ”1,” the system may determine that the code is not ready for hashing.
• a first minor validity mask 2402 may have binary values of 10011001 while a complement of a first major validity mask 2404 may have binary values 01101010.
• a compact code 2410 having binary values of 00001000, with the “1” corresponding to the fourth bit value “1” of the first minor validity mask 2402 ANDed with the complement of the fourth bit value “0” (i.e., ANDed with “1”) of the first major validity mask 2404.
• the first codes associated with first minor validity mask 2402 and first major validity mask 2404 may not be ready for hashing.
• a second minor validity mask 2406 may have binary values of 10011001 while second major validity mask 2408 may have binary values 10111101.
• An AND operation of these respective binary values may result in a compact code 2412 having binary values of 00000000, i.e., equal to zero.
• the second codes associated with second minor validity mask 2406 and second major validity mask 2408 may not be ready for hashing.
• various encryption operations may be added in the identification, authentication, and verification phase to increase security or comply with various system architectures. A person having ordinary skill in the art may add or customize the general flow as disclosed.
• the minor mask can possess specific properties that enable the generation of a compact and stable biometric code.
• the primary function is to list the bits of the code that are measured on a reliable and repeatable basis. These enabled valid bits may be part of the stable code.
• the “AND” Boolean operation with the collected code bits may constitute the stable and compact biometric code.
• a secondary function may be to generate a personal public code enabling the generation of the same compact code from the collection of a new independent collection of valid bits. This may be necessary for authentication of the same person.
• the biometric code is the most sensible data to keep secret instead of the validity mask.
• the minor validity mask can be exposed without any threat for security. In order to cause greater difficulty for incoming attacks, the information carried by the public minor validity mask can be encrypted as well so that the attacker does not know where the bits are valid and where they are not valid. This may implicitly add salt in the global coded information.
• the public minor validity mask may not need to be exported if the same device or processing unit is used for both registration and authentication. In some embodiments, the public minor validity mask may be kept a secret.
• the public minor validity mask generated on the registration device can be required to be transferred to the authentication device to enable the generation of the same compact biometric code by collecting new biometric code from the same person.
• a different person e.g., an imposter
• the result will be both a different biometric code and different final compact code.
• an imposter biometric scan will not be capable of providing a genuine stable code from which a matching biometric hash can be generated. For example, an imposter biometric scan will not be able to be properly relocated based on the information in the public code.
• the relocation algorithm itself may identify the biometric data as an imposter, for example, based on a failure to find a correlation that exceeds a threshold value. To the extent that imposter biometric data can possibly pass a relocation algorithm, the rejection will occur during generation of the stable code.
• the phase of selected feature vectors may be distributed on a random distribution with uniform density of probability in range (e.g., of [-S, S] mod 2S)
• each bit of code resulting from an imposter scan will result in an unpredictable bit value (e.g., in ⁇ 0,1 ⁇ ).
• the probability of making a false match is theoretically 2 -n , where n is the number of considered valid bits in the code.
• biometric features e.g., iris features, facial features, fingerprint textures
• FAR False Accept Rate
• the probability of issuing a false accept by comparing two compact codes or two hash codes is ⁇ ⁇ ⁇ , where ⁇ ⁇ is the entropy.
• ⁇ ⁇ is the entropy.
• FIG. 25 shows feature vectors determined from facial features 2500 in accordance with some embodiments of the present disclosure.
• the method of accumulated amplitudes on feature vectors, the generation of the minor validity mask, and other methods described herein can also apply to generating a compact code and a hash code of facial features and other biometric or physical data subject to fuzzy measurements.
• Independent and orthogonal feature vectors can be extracted from a face image in specific, localized regions by finding landmarks.
• the landmarks are stable points that define a new stable coordinate system.
• FIG. 25 shows an example of 70 landmarks corresponding to portions of the brows 2502 and 2504, eyes 2506 and 2508, nose 2510 and 2512, mouth 2514, and jaw 2516.
• FIG. 25 shows an example of 70 landmarks corresponding to portions of the brows 2502 and 2504, eyes 2506 and 2508, nose 2510 and 2512, mouth 2514, and jaw 2516.
• ROI 25 also shows four examples of regions, each denoted as a Region of Interest (ROI) located relative to the landmarks, including ROI 2518 (corresponding to a cheek region), ROI 2520 (corresponding to region between the nose and eye), ROI 2522 (corresponding to a bridge of the nose), and ROI 2524 (corresponding to a region between the brows).
• ROI 2518 corresponding to a cheek region
• ROI 2520 corresponding to region between the nose and eye
• ROI 2522 corresponding to a bridge of the nose
• ROI 2524 corresponding to a region between the brows.
• a simple region may be shaped as a circle, but regions are not limited to being circular.
• the closed perimeters of regions of interest may have free form.
• the gray level on pixels can be re- sampled on N samples. This collection of data in a discrete array can be periodic by having a closed freeform.
• Orthogonal feature vectors can be extracted from select frequencies of the Fast Fourier Transform of the collected data at the perimeter of the freeform.
• Each complex amplitude at a frequency can be used as two independent vectors with real amplitude (e.g., separating the complex amplitude into its real part and imaginary part that correspond to a cosine and sine, respectively).
• the independence of generated bits issued from the binarization of the amplitudes of the select frequencies and free forms may not be effective at all frequencies. In this way, the selection of frequency is not arbitrary. Low frequencies can have very strong correlation across different faces. Medium-high frequencies may provide more differentiation between faces (e.g., lower correlation across faces at frequencies 4- 12).
• the grey pixel levels collected in a normalized coordinate system refer to stable landmarks and opens a very large number of possible vectoral bases.
• the process can be extended to a very high number of dimensions.
• Common facial recognition solutions project facial data on Eigen vectors.
• principal component analysis describes the intensity patterns in face images in terms of a set of basis functions frequently called “eigenfaces.” This can be combined with 3D modeling.
• the high number of dimensions may require using deep learning techniques to sort and identify vectors or combinations of orthogonal vectors that stable binarization of their coefficients.
• FIG. 26 shows an exemplary embodiment of registration of multiple ROIs in accordance with some embodiments of the present disclosure. In some embodiments, it may be desirable to register multiple ROIs for a single user. Multiple ROIs provide more variability as to how a user scans their biometric information during authentication. Although FIG. 26 and the following figures relating to multiple ROIs (e.g., FIGS.27 - 30) may be described in the context of fingerprint capture, it will be understood that other biometric techniques may similarly utilize multiple ROIs (e.g., multiple annular regions for iris capture or multiple facial features for facial recognition). [0190] In the exemplary embodiment of FIG.
• ROI 2602 located near the middle of the fingerprint 2602, ROI 2604 located offset in the -y direction from the center of the fingerprint 2602, ROI 2606 located offset in the +x direction from the center of the fingerprint 2602, ROI 2608 located offset in the +y direction from the center of the fingerprint 2602, and ROI 2610 located offset in the -x direction from the center of the fingerprint 2602.
• ROI centers and locations 2614 for n ROIs are established for each of the ROIs. These in turn are processed to generate respective outputs of n cryptographic outputs 2618, each cryptographic output including components 2616 of a public code, a stable code, and a compensation mask.
• the public codes and stable codes are generated as described herein.
• FIG. 27 shows an exemplary embodiment of generating and using compensation codes with multiple ROIs in accordance with some embodiments of the present disclosure.
• the properties of the global stable code 2706 are such that when each of the stable codes 2702 (e.g., each stable code (i)) is modified by its respective associated compensation mask 2704 (e.g., each compensation mask (i)) by a suitable operation (e.g., a bitwise exclusive-or operation 2710), the same global stable code 2706 is obtained, assuming that each of the underlying stable codes was properly obtained from the same user’s fingerprint.
• the properties of the compensation masks 2704 and global stable code 2706 may be such that performing the same operations used to generate the global stable code 2706 on the global stable code 2706 in reverse results in the recovery of the original respective stable code 2702 (e.g., based on a bitwise exclusive-or 2712 with the respective compensation mask 2704) or compensation mask (e.g., based on a bitwise exclusive-or 2708 with the respective stable code 2702).
• FIG. 28 shows an exemplary embodiment of verification of multiple ROIS in accordance with some embodiments of the present disclosure. In the exemplary embodiment of FIG.
• the system attempts to capture five ROIs, consistent with the five ROIs obtained during registration, offset based on each one’s different location (e.g., further up in the -y direction) and angle (turned approximately negative 35o – 40o).
• five ROIs are associated with fingerprint 2802, including ROI 2812 located near the middle of the fingerprint 2802, ROI 2804 located offset in the -x direction and -y direction from the center of the fingerprint 2802, ROI 2806 located offset in the +x direction and -y direction from the center of the fingerprint 2802, ROI 2808 located offset in the +x direction and +y direction from the center of the fingerprint 2802, and ROI 2810 located offset in the -x direction and +y direction from the center of the fingerprint 2802.
• ROI centers and locations 2814 for n ROIs are established by relocation as described herein for each of the ROIs. These in turn are processed to generate respective outputs of n cryptographic outputs 2818, each cryptographic output including components 2816 of a public code, a stable code, and a compensation mask.
• the public codes and stable codes are generated as described herein.
• the compensation codes applied by bitwise XOR (exclusive-or) operations on stable codes, described herein, provide a translation between the ROIs such that all of the stable codes can be modified to have a common global stable code 2820 value for hashing and comparison to the extent that the biometric capture for each of the stable codes is successful.
• FIG. 29 shows an exemplary embodiment of code extraction and generation for multiple ROIs in accordance with some embodiments of the present disclosure.
• fingerprint 2902 corresponds to fingerprint 2802
• ROI 2904 corresponds to ROI 2804
• ROI 2906 corresponds to ROI 2806
• ROI 2908 corresponds to ROI 2808
• ROI 2910 corresponds to ROI 2810
• ROI 2912 corresponds to ROI 2812.
• each of the ROIs 2906, 2908, 2910, and 2912 may be successfully obtained and relocated, such that the required bits for the respective stable codes may be obtained.
• ROI 2904 may be partially cropped, such that a matching stable code cannot be determined from the captured biometric data of ROI 2904.
• Exemplary stable codes 2916 are depicted as associated with each of the respective ROIs. Each of the stable codes 2916 is dependent on the underlying biometric data and feature vectors of the respective ROIs, thus each of the stable codes is different. For ROI 2904, no stable code satisfying the requirements herein can be determined, so all bits are set to a default value (e.g., “0”). Each of the stable codes 2916 associated with each ROI is modified (e.g., by bitwise exclusive- or operations 2920) with a respective compensation mask 2918.
• the bitwise exclusive-or operations 2914 of the stable codes 2916 and compensation masks 2918 outputs a common compensated code 2922 of “EFB8DEE4” for ROIs 2906, 2908, 2910, and 2912.
• ROI 2904 has a different compensated code 2922 value as a result of the failed attempt to obtain the stable code 2916 for ROI 2904.
• the compensated codes are checked 2924 and the common compensated code EFB8DEE4 is established as the global stable code 2926 for comparison with the codes established at registration (e.g., after hashing of each of the global stable code values, as described herein).
• more than one of the ROIs may not match the other ROIs.
• bad data or imposter data may be passed through the algorithm as a possible stable code 2916.
• a number of approaches may be used to select the value to be used as the global stable code 2926. For example, all of the possible compensated code values may be hashed and compared to the original biometric hash from registration. So long as one of the hashed compensated codes matches, this may be adequate for some applications. In some embodiments, higher security requirements may be established, such as requiring at least two ROIs having matching compensated codes, or utilizing only compensated codes associated with ROIs having little interference or missing data.
• FIG.30 shows exemplary biometric hash generation and checking for multiple ROIs in accordance with some embodiments of the present disclosure.
• the respective salted stable codes 3002 correspond (from left to right), with ROI 2808/2908, ROI 2810/2910, ROI 2804/2904, ROI 2806/2906, and ROI 2812/2912.
• the respective stable codes are salted as described herein to generate salted stable codes 3002, except that a robust stable code was not able to be generated from ROI 2804/2904.
• the salted stable codes 3002 are hashed 3004 to generate private hash codes 3006, which are modified (e.g., by exclusive-or operations 3010) by hash compensation masks 3008 to generate compensated hash codes 3012.
• the compensated hash codes 3012 associated with all but ROI 2804/2904 match at hash code check 3014, and the matching compensated hash codes 3012 are established as the global stable hash code 3016.
• FIG. 31 depicts exemplary asymmetric encryption utilizing biometric codes in accordance with some embodiments of the present disclosure.
• a large random number 3102 is input into a key generation program 3104 to generate respective private key 3108 and public key 3106.
• biometric capture 3112 is used to acquire biometric data that is then used to generate the private and public keys.
• the biometric data is processed by a biometric hash algorithm 3114 to generate the public code 3116 (or, in the instance of an asymmetric encryption to generate a private and/or public key, the biometric hash algorithm 3114 accesses the public data 3116) and the biometric hash 3118.
• the biometric hash 3118 is then used as the input to the key generation program 3120 to create the private key 3124 and public key 3122. In this manner, the biometric hashes generated in accordance with the present disclosure can be used to generate and distribute both private and public asymmetric keys based on a user’s biometric data.
• FIG. 32 depicts exemplary PKI encryption utilizing biometric codes 3200 in accordance with some embodiments of the present disclosure.
• a user’s biometric information may be used to generate a distributed public key (e.g., public key 3220/3270) and to generate a repeatable temporary private key (e.g., private key 3216/3266). In this manner, the user’s biometric information essentially functions as the private key.
• a user’s biometric information 3202 may be obtained as described herein in a loop until a local secure device 3204 identifies enough valid bits 3206 to determine a stable code 3208 and public code 3210.
• the public code 3210 may be made available (e.g., as an encrypted public code) to other devices for later processing (e.g., such as local secure device 3254).
• a biometric hash 3212 may be generated from the stable code 3208, and the biometric hash 3212 may in turn be processed by a key generation process (e.g., PKI keys generation 3214) to generate a distributed public key 3220 and a temporary private key 3216.
• the private key can be used to process any encoded messages 3222 that are encoded by the public key 3220 to access decoded messages 3218. If there are no current encoded messages to process, or if processing of encoded messages is complete, the private key can be permanently deleted.
• the user will have to reestablish the private key with the user’s biometric information.
• biometric information can be used to generate the private key 3216/3266 at other local secure devices (e.g., local secure device 3254).
• the user’s biometric information 3252 may be obtained as described herein in a loop until the local secure device 3254 identifies enough valid bits 3256 to determine a stable code 3258.
• the public code 3260 may correspond to the public code 3210 and may be acquired by the local secure device 3254 as described herein.
• a biometric hash 3262 may be generated from the stable code 3258, and the biometric hash 3262 may in turn be processed by a key generation process (e.g., PKI keys generation 3264) to generate a temporary private key 3266. Assuming that the user is in fact the same user who registered the original private key 3216 and public key 3220, the private key 3266 should match the private key 3216 and should function to decode encoded messages 3272 that are encoded by public key 3270/3220. In this manner, the user can access decoding messages 3268 at the local secure device 3254, without ever permanently storing the user’s private key at any device.
• FIG. 33 depicts exemplary identification hash registration in accordance with some embodiments of the present disclosure.
• a public code may not include information from which a user’s biometric data may be determined, while the biometric hash allows total bitwise comparison of data that is permanently obscured by the underlying one-way hash function used to create the biometric hash.
• Biometric hashes may also be used to generate private/public key pairs as described herein. None of this output data allows the underlying biometric information to be determined, but rather, only the same biometric features may be used to identify and/or authenticate the user.
• the captured biometric data 3302 may be processed by a biometric hash program 3304 to create a public code 3306, biometric hash 3308 for storage 3312 and later comparison, and a biometric hash 3310 for generation 3314 of private keys 3318 and public keys 3316.
• This information with the exception of the private keys 3318, which may be deleted after use as described herein, may be stored and distributed as necessary to provide the user the ability to quickly and easily perform identification and/or authentication at virtually any location or capture device worldwide, and without compromise or even storage of the user’s underlying biometric information.
• FIG. 34 depicts exemplary hash identification and authentication in accordance with some embodiments of the present disclosure.
• biometric hashes 3424, and public key 3418 may already be established at registration databases or other public repositories.
• a secure device captures the biometric data 3402, which is processed by a biometric hash program 3404 based on an associated public code 3408. If the proper user provides the biometric information, the resulting biometric hash 3410 may be used for identifying matches 3422 with biometric hashes 3424, while private key 3420 can be generated from biometric has 3412 by a key generation program 3416 to match the original private key (e.g., private key 3318) and to encode or decode information for communication with a third party in possession of the public key 3418. [0203] FIG.
• a mobile device such as a biometric device 3510 such as a smartphone
• a biometric data capture and processing device is depicted as an biometric data capture and processing device, which is then in communication with other capture devices, processing devices, storage, servers, remote processing, and other suitable components for performing the operations described herein over suitable wired and wireless networks as is known in the art.
• biometric device 3510 may be described as including certain components, hardware, and software, it will be understood that any suitable portion of the operations and components of biometric device 3510 may be split between multiple local and/or networked devices in accordance with the present disclosure, such as locally networked capture devices, IoT devices, smart systems of appliances/vehicles/equipment, desktop or laptop computers, and other suitable devices having the necessary processing, communication, and/or data capture capabilities.
• local and/or networked devices such as locally networked capture devices, IoT devices, smart systems of appliances/vehicles/equipment, desktop or laptop computers, and other suitable devices having the necessary processing, communication, and/or data capture capabilities.
• An exemplary biometric capture system (e.g., optical, IR, time-of-flight, capacitive, ultrasonic, etc.) 3520 for one or more biometric features (e.g., iris, facial, fingerprint, etc.) includes a controller 3550 that includes one or more processors 3554 (e.g., microprocessor, core or application processor, graphic processor, and/or processor, etc.) and includes an operating system such as iOS, Microsoft WINDOWS, LINUX, Android, or the like.
• the processor may be or include any suitable processor having processing capability necessary to perform the processing functions described herein, including but not limited to hardware logic, computer-readable instructions running on a processor, or any combination thereof.
• the processor 3554 may include a general- or special-purpose microprocessor, finite state machine, controller, computer, central- processing unit (CPU), field-programmable gate array (FPGA), or digital signal processor.
• Processor 3554 may run software to perform the operations described herein, including software accessed in machine-readable form on a tangible non- transitory computer-readable storage medium (e.g., flash, RAM, ROM, SRAM, EEPROM, hard drives, etc.), as well as software that describes the configuration of hardware such as hardware description language (HDL) software used for designing chips.
• Controller 3550 may also include a memory unit (“memory”) 3512 operably coupled to processor 3554, on which may be stored a series of instructions executable by processor 3554.
• tangible computer-readable storage mediums may include volatile and non-volatile, removable and non-removable media, such as computer readable instructions, data structures, program modules or other data. Examples of such media include RAM, ROM, EPROM, EEPROM, flash memory, CD-ROM, DVD, disks or optical storage, magnetic storage, or any other non-transitory medium that stores information that is accessed by a processor or computing device.
• controller 3550 may include a port or drive (not depicted) adapted to accommodate a removable processor-readable medium 3516, such as CD-ROM, DVD, memory stick or like storage medium.
• a removable processor-readable medium 3516 such as CD-ROM, DVD, memory stick or like storage medium.
• the biometric methods of the present disclosure may be implemented in various embodiments in a machine-readable medium (e.g., memory 3512) comprising machine-readable instructions (e.g., computer programs and/or software modules) for causing controller 3550 to perform the methods and the controlling operations for the operating system.
• the computer programs run on processor 3554 out of memory 3512, and may be transferred to main memory from permanent storage via disk drive or port 3522 when stored on removable media 3516, or via a wired or wireless network connection when stored outside of controller 3550, or via other types of computer or machine-readable media from which it can be read and utilized.
• some or all of the processing described herein may be performed by a remote system that receives biometric data, public and stable codes, or other data (e.g., scores associated with biometric data) to perform aspects of the processing (e.g., processing of biometric data, generation of biometric codes, comparison to code reference databases, etc.) remotely from the hand-held device.
• the computer programs and/or software modules may comprise multiple modules or objects to perform the various methods of the present disclosure, and control the operation and function of the various components in the biometric device 3510.
• the type of computer programming languages used for the code may vary between procedural code type languages to object-oriented languages.
• the files or objects need not have a one-to-one correspondence to the modules or method steps described, depending on the desires of the programmer.
• the method and apparatus may comprise combinations of software, hardware and firmware.
• Firmware can be downloaded into processor 3554 for implementing the various exemplary embodiments of the disclosure.
• Controller 3550 may also include a display 3530 (e.g., a touchscreen display providing various applications and interfaces), which may be any suitable display for displaying information in any suitable manner, for example, using a wide variety of alphanumeric and graphical representations.
• the instructions in the memory 3512 and/or memory associated with the processor may include instructions for various applications that may make use of the biometric capture and processing capabilities of biometric device 3510, such as to provide access to the hand-held device, to provide access to particular applications running on the hand-held device, to assist in setup of a biometric identification system (e.g., to enroll users), or perform other suitable functionality.
• display 3530 may display biometric images (e.g., images captured and/or enhanced by the biometric device 3510), information relating to biometric codes, instructions for enrolling users, or possible user matches.
• Controller 3550 may also include a data-entry device 3532, which, in the embodiment of the hand-held device of FIG. 35, may be embodied as images of a user interface depicted on the touchscreen display 3530.
• data entry device 3532 may include any suitable device that allows a user of system 3510 to interact with controller 3550.
• a keyboard or touchscreen may allow a user to input information for controller 3550 (e.g., the name of the object being captured, etc.) and to manually control the operation of system 3510.
• controller 3550 is made sufficiently compact to fit within a small form-factor housing of a handheld or portable device, such as device 3552 shown in FIG. 35.
• the Biometric device 3510 may also include a database unit operably connected to controller 3550.
• the database unit may include a memory unit that serves as a computer-readable medium adapted to receive public codes, stable codes, and other biometric information from processor 3554 and store the associated processed digital data.
• a memory unit of the database unit may include any suitable memory as described herein, and may be operably connected to controller 3550 in any suitable manner (e.g., locally within the biometric device 3510 or remotely).
• FIG. 36 shows partial facial feature capture 3600 determined from a face capture, in accordance with some embodiments of the present disclosure. Although FIG. 36 is described in the context of facial image capture, it will be understood that similar captures may occur with other types of biometric information. In an embodiment of a non-ideal face capture the capture process may occur, for instance, in real-time scenarios where less controlled facial capture conditions are present and a timely verification is preferred (e.g., quickly unlocking a phone, at an entrance to a building, unlocking a digital wallet, etc.).
• the exemplary partial facial feature capture 3600 includes samples from a plurality of regions of a face of the user, including front neck region 3602, earlobe region 3604, left-and-back neck region 3606, left-side temple region 3608, left cheek and jaw region 3610, left brow 3612, left eye 3614, partial chin 3616, mouth 3618, partial right cheek and nose 3620, partial right eye 3622, and partial forehead 3624.
• the samples include a plurality of portions, and each portion of the plurality of portions may correspond to a different region of the plurality of regions of the face, where there are numerous other regions (e.g., right neck region, right cheek region, right temple region, right cheek region, right jaw region, right nose region, right eye region) that are only partially captured or not captured at all.
• the non-ideal face capture may have parts of the face occluded from the capture, such that one or more samples corresponding to the occluded region may be missing.
• some of the facial features corresponding to the right side of the face such as right cheek 3620, right eye 3622, and a portion of mouth 3618 and chin 3616 may be occluded in the non-ideal face capture, and the determined facial feature vectors in these local regions may be limited or missing.
• information necessary for comparison such as for authentication or verification may be unavailable, such that it is not possible to test for a match with the image at all under typical conditions or biometric comparison techniques.
• approximation or partial matching techniques such as Hamming or Euclidean distances, or use of error-correction codes may be used to test for a match.
• composite feature sets e.g. composite facial feature vectors
• suitable for bitwise comparison to the original comparison information e.g., a biometric hash
• the original comparison information e.g., a biometric hash
• the source data for the composite features are unlocalized, drawn from all regions of the face, and thus obfuscate the origin of the underlying vector set (e.g., the raw captured data).
• a second facial feature capture 3600a depicts a second example of a non- ideal face capture events that has a portion of different or corrupted underlying facial features due to any number of reasons (e.g., different lighting conditions, tilt of the face, corruption or cropping).
• the second exemplary partial facial feature capture 3600a includes samples from a plurality of regions of a face of the user, including front neck region 3602a, earlobe region 3604a, left-and-back neck region 3606a, left-side temple region 3608a, left cheek and jaw region 3610a, left brow 3612a, left eye 3614a, partial chin 3616a, mouth 3618a, partial right cheek and nose 3620a, partial right eye 3622a, and partial forehead 3624a.
• Extracted face vectors 3630 are established and include data from underlying features that meets a criteria of certainty and/or repeatability, for example, as described herein.
• the extracted face vectors 3630 and 3631 are transformed in 3632 to calculate the respective but still dissimilar composite features 3633 and 3634.
• the differences between these two composite feature sets are not equally distributed, and for each determined composite feature there is a varying probability of error. Additionally, the ratio difference over the gap to the threshold of binarization that determines the probability of error is not equally distributed. These factors permit sorting and selection of each individual composite feature to disable those that have a high probability of error through the use of a composite- feature specific validity mask. In total, with this ratio of standard deviation of the observed dispersion over the gap to the binarization threshold the Gaussian distribution-determined probability of error decreases quickly and ensures that the probability of relying upon erroneous composite features converges to zero.
• each component of the composite features 3633 and 3634 where each of the components are represented by the symbols complex value symbols “C10”, “C 11 ”, “C 13 ”, etc. on composite features 3633 and “C 20 ”, “C 21 ”, “C 23 ”, etc. on composite features 3634.
• Post-binarization each composite feature set has been transformed into the binary arrays 3636 and 3637, respectively.
• a previously-calculated composite feature validity mask is applied to these binary arrays (a bitwise AND operation) to create stable codes 3650 and 3651.
• stable code 3650 and 3651 have the same binary value.
• FIG. 37 depicts illustrative examples of composite feature vector sets that are generated by a composite feature generating process, in accordance with some embodiments of the present disclosure.
• an initial face capture which in some instances may include more captures, better lighting, better angles, etc. than a later capture
• facial features vectors are captured from numerous locations on the face, for example, in a manner depicted in FIG. 36 with dozens or hundreds of individual captured points and corresponding vectors associated with those points.
• FIG. 37 represents the creation of a subset of feature vectors (depicted in feature vector set 3700) that in turn are based on underlying captured data points and feature vectors.
• the original captured features may be combined and interpolated, using an isomorphic vectorial transformation or a projection in a new orthogonal vectorial base, to generate a complex representation of the combined samples (e.g., as depicted for feature sets 3702, 3704, and 3706) such as the composite features and composite feature vector sets 3712, 3714 or 3716.
• the composite feature vectors are unlocalized, obfuscating the origin of the underlying vector set (e.g., the raw captured data), and may be used to generate a stable, private code.
• the composite feature components are linked to (i.e., based on) all regions of the face, connecting the composite feature vector set 3712, 3714 or 3716.
• a single composite feature is based on complex combinations of a derivation of multiple adjacent features by the process 3740, such that different subsets of underlying raw data will generate the same composite data in most instances, with such composite data and composite feature vectors being suitable for bitwise comparison to a private code originally calculated for the same user, e.g., based on the same composite feature vectors generated from at least partially different raw data.
• the inputs to the process of composite feature generation are not restricted to simple localized features and works equally on facial vectors generated by advanced facial algorithms (e.g., based on deep learning classification technique).
• composite data points and composite feature vectors function as an “artificial” set of biometric data, that is nonetheless unique to an individual with some relatively limited amplitudes of variation from a same face in different captures and can only create the same biometric hash (based on information identified in a public code) with at least portions of the same underlying biometric information.
• the vector output of is thus a face template composed of an array of numerical values (e.g. ⁇ floats) generally sized where each of these individual values or vector components are already linked to all or most regions of the face.
• a composite feature processing module operates on any injected vectorized facial representation, whether localized on facial region or unlocalized, by using other bases of representations.
• the composite features generation is an isomorphic vectorial transformation or a projection in a new orthogonal vectorial base.
• This transformed base of representation has a number of properties.
• the output numerical values or face vector representation in the composite feature representation base contains components that are function of all input facial features.
• the outcoming composite feature are thus unlocalized, obfuscating the origin of data and making any reverse transformation very difficult even if the original composite information is available, which it is not except during creation of the original composite data points and composite feature vectors.
• Any unbalanced noise or errors on injected facial features related to face variations, illumination, yaw, pitch and various capture artefacts are diluted among the “composite feature” output set.
• Subsets of composite features may be used to generate public codes, private codes, cryptographic hashes, and the like, as described herein. In this manner, a single composite feature vector set 3712, 3714 or 3716 may be used to generate multiple sets of authentication and verification data for a single user, such as for different purposes.
• FIG. 38 depicts illustrative examples of a composite extraction process for non-ideal face captures with occluded regions, in accordance with some embodiments of the present disclosure.
• the exemplary FIG. 38 depicts illustrative examples of a composite extraction process for non-ideal face captures with occluded regions, in accordance with some embodiments of the present disclosure.
• the exemplary FIG. 38 depicts illustrative examples of a composite extraction process for non-ideal face captures with occluded regions, in accordance with some embodiments of the present disclosure.
• the first subset of features 3802 includes a first subset of features 3802 with a first occluded region 3803, a second subset of features 3804 with a second occluded region 3805, and a third subset of features 3806 with a third occluded region 3807, although other subsets of composite features and/or corresponding occluded regions may be included or substituted in other embodiments.
• the first subset of features 3802 i.e., similar to the first subset of six features 3702
• the occluded region may be anywhere on the face, as shown in the second subset of features 3804 (i.e., similar to the second subset of six features 3704) that includes the second occluded region 3805 (i.e., in a different region of the face compared to that of the first occluded region 3803). It will be further understood that the occluded region may include one or more regions of the face, as shown in the third subset of features 3806 (i.e., similar to the third subset of seven features 3706) that includes the third occluded region 3807 which occludes two regions of the captured face.
• each component of the composite feature vector set is unlocalized, even if one or more points of a subset of composite features used to generate the feature vectors are missing, a generated composite feature vector set derived from other samples may still be stable enough to function as a suitable complex representation used to generate the private code. For example, in each of the instances depicted in FIG.
• an occluded region is covering up a location associated with a composite data point of the feature subset (e.g., first occluded region 3803 is covering up two composite data points associated with the eyes or forehead of 3802/3702)
• second occluded region 3805 is covering up a composite data points associated with the jaw of 3804/370
• occluded region 3807 is covering up two composite data points and partially covering up another two data points associated with the eye regions of 3806/3706).
• the composite data points are “artificial” and are created from relationships between numerous data points, despite such theoretical occlusions the underlying data point can still be derived from actual available raw facial data.
• FIG. 39 depicts an exemplary embodiment of a biometric registration and authentication process 3900 that includes a witness code, in accordance with some embodiments of the present disclosure.
• the process will be described in the context of a facial type biometric data, although it will be understood that the disclosure of FIG. 39 may suitably be applied jointly or severally to other biometric modalities (e.g., iris, fingerprint, etc.) as well as confirmation of other measurement of physical and chemical properties.
• biometric modalities e.g., iris, fingerprint, etc.
• a registration device 3950 and an authentication device 3960 are used at different times to initially acquire the biometric data of a user and then authenticate the user at a later time based on a later acquisition of the user’s biometric data.
• a biometric capture device 3902 such as a facial capture system may capture biometric data of a user. In some embodiments, multiple samples of the biometric feature may be examined from a single use, or the user may additionally be asked to provide multiple readings to acquire additional samples for analysis and comparison.
• a registration portion 3904 of the registration device 3950 may perform operations as described herein in order to generate biometric codes, keys, and related data (e.g., relocation information) for performing biometric registration and authentication as described herein.
• biometric codes, keys, and related data e.g., relocation information
• a subset of all available captured facial features may be used to generate an artificial complex representation that includes a composite feature vector set as described herein.
• a subsequent validity mask and/or calibration data may be encoded and selected, where the validity mask and the calibration data describe the features and/or the process used to generate the composite feature vector set.
• the registration portion 3904 of the registration device 3950 may generate a variety of biometric codes, keys, and related data
• the registration portion 3904 may generate a private code 3906 and public code 3914.
• a public code such as public code 3914 does not contain any biometric information, such that the information carried by the public code 3914 does not provide information from which the biometric information of the user or biometric-dependent information (e.g., private keys, private codes, stable codes, etc.) may be fully or partially determined.
• the public code 3914 is generated at the registration stage only (e.g., at registration device 3950), while in some embodiments, a public code may be a modification of earlier public code.
• the public code 3914 may function to facilitate the private code 3906 generation algorithm to get the proper feature vectors listed and sorted that will enable private bit extraction when the biometric scan comes from a genuine person.
• the public code 3914 may include information used to select the feature vectors that are in turn used to build data that can be matched to the private code 3906 (or other bitwise values derived therefrom).
• the particular manner of operation of the public code 3914 may vary based on the particular biometric modality.
• the public code 3914 contains guiding information telling a device during another biometric capture where the private or repeatable binary features are located that are to be used for binarization and how all this information is sorted.
• the public code may contain information that facilitates the orientation and/or location of underlying biometric data used to composite features and the manner of combining such features.
• the public code 3914 may include data describing which features and/ or composite features are included in the subset of facial features and/ or composite features and/or the algorithmic process used to generate the composite feature vector set, without identifying any biometric data or values of the captured facial feature data.
• Private code 3906 may undergo an operation that generates a biometric hash (e.g., as an example of generating a repeatable binary code) by an appropriate one-way hashing algorithm as described herein (e.g., SHA256) to generate a stable code 3910 that is suitable for later bitwise comparison to a private code later derived from the same individual’s biometric information.
• the hashed private code can then be processed to extract a non-reversable witness code (e.g., at step 3912) to ensure both high entropy and low probability of output collision.
• the witness code can simply be a hash (e.g., SHA256) of the private code.
• the witness code can be calculated using a key derivation function (KDF) (e.g., PBKDF2).
• KDF key derivation function
• PBKDF2 key derivation function 2
• Other approaches include combining portions of the hashed private code in a suitable manner, or even a portion of the private code encrypted with a secret key.
• a witness code 3916 generated in this manner cannot be utilized to determine even a portion of the original private code 3906 (which is discarded by the registration device 3950 after being used to determine the hashed witness code 3916) because it is in turn based of a portion of the hashed data or a number calculated therefrom.
• the underlying biometric data source e.g., user’s face
• a later-generated witness code can match the originally generated witness code.
• the generated public code 3910 and witness code 3916 may then be used by the authentication device 3960 to generate a second stable code for comparison to the stable code generated from the original hash of the private code.
• the public code 3914 and witness code 3916 are shown as being accessed from a registration device or other (e.g., cloud) system, because neither contains information from which underlying biometric information can be determined, such information can be accessed from centralized servers or other accessible locations.
• the authentication portion 3922 utilizes the public code 3914 to identify appropriate information within the biometric sample captured by biometric capture device 3920.
• the public code includes information that describes where biometric information is located (e.g., phase calibration data, validity mask, etc.) and in some embodiments, how that underlying data is combined (e.g., into composite features having complex representations).
• the extracted biometric data is identified, processed, and combined as appropriate and is binarized to generate the private code 3924.
• the public code will guide the orientation, sampling, and combination to generate a private code 3924 that will match the stable code generated from the original hashing of the private code during registration.
• the private code 3924 may then be hashed to generate a stable code (e.g., hash 3926), which utilizes the same hashing algorithm as hashing operation 3908. Accordingly, if the underlying data capture was performed properly on the same individual, the stable code 3926 should match the stable code 3910 that was generated originally and used for later comparison as described herein. However, prior to outputting the calculated stable code 3926 for comparison for a variety of purposes as described herein, at operation 3928 a witness code 3930 may be extracted from stable code 3926 in the same manner as done at registration, for example, by selecting a portion of the stable code for comparison or generating calculated values (e.g., checksums, etc.) for comparison. In some embodiments, not depicted in FIG.
• witness code 3930 generated during verification is compared to the witness code 3916 via bitwise comparison 3932. By comparing the witness codes at the local device 3960, a determination of the robustness of the underlying biometric capture 3920 can be determined. If the witness code 3930 does not match the witness code 3916, an error code 3938 is returned, and the verification process on local device 3960 returns to the biometric capture 3920 (i.e., the local device recaptures the samples of biometric data and restarts the authentication process using the new biometric capture samples, or by combination of multiple captures).
• a timeout occurs if the witness code 3930 is not matched with the witness code 3916 within a period of time or if some other criteria is met (e.g., number of image captures, measure of image capture conditions, etc.), where the verification process on local device 3960 returns to the biometric capture 3920 (e.g., the samples are recaptured) until the timeout or other criteria is met. If the witness code 3930 matches witness code 3916, processing continues to step 3934 stable code 3926 is provided as an output stable code 3936 with total confidence that it matches the value of the originally captured stable code 3910, despite never directly comparing these two data.
• some other criteria e.g., number of image captures, measure of image capture conditions, etc.
• FIG. 40 depicts illustrative steps of a process 4000 that utilizes a composite feature generating process to generate a public code and a witness code from a biometric input 4002, in accordance with some embodiments of the present disclosure.
• FIG. 40 may depict the processes that occur, for example, at a registration or verification device.
• FIG. 40 is described in the context of the particular structures, components, and processing of the present disclosure, and although a particular order and flow of steps are depicted in FIG.
• Process 4000 begins at step 4002, where a face scan of a user occurs, and where samples of facial features are captured.
• the scan may occur via a biometric capture device such as a facial imaging or time-of-flight system.
• samples of the biometric feature may be captured from a single capture cycle, or multiple acquisition cycles may be performed. Processing may then continue to step 4004.
• the captured facial features are utilized to generate a complex representation that includes a composite feature vector set or a subset thereof, as described herein.
• the captured features, or a subset thereof may be interpolated, using an isomorphic vectorial transformation or a projection in a new orthogonal vectorial base, to generate a complex representation that includes composite feature vectors.
• the composite feature vectors may unlocalized, obfuscating the origin of the vector set, and that the injected facial features related to facial variations (e.g., illumination, yaw, pitch, various capture artefacts, or a combination thereof) are diluted within the composite feature vector set, and therefore the composite feature vector set (or a subset thereof) may be a suitable complex representation used to generate a private code with a suitably low FRR or FNR value. Processing may then continue to step 4006.
• a hashing operation occurs to transform the composite feature vector set into the private code 4008, as described herein.
• private code 4008 is based off the captured biometric data, it only exists temporarily locally and is not saved or distributed. Once the private code 4008 is generated, processing may then continue to step 4010.
• the private code 4008 is processed via a hashing operation 4010 to produce a unique witness code 4018, although a witness code may also be generated by other methods as described herein.
• the witness code is encrypted with other components of the public code such as the validity mask and concatenated with arbitrary information 4022 to constitute one possible embodiment of a public code 4024.
• some or all of the arbitrary information 4022 may be additionally secured similar to the witness code.
• the combined witness code and arbitrary information 4022 are then made available as a persistence-ready public code 4024.
• the stable code may then further be processed at steps 4012 and 4014 to perform additional obfuscation and salting as described herein, to generate a key 4016 for use in a variety of operations as described herein.
• the obfuscation process includes a variety of hashing or KDF techniques, with a list of available cryptographic operations being unlimited.
• Permissible uses of key 4016 include but are not limited to symmetric cryptographic operations (e.g., AES) or asymmetric cryptographic operations (e.g., RSA) and Elliptic Curve Cryptography.
• FIG. 41 depicts a secure automatic revocation process 4100 of verification codes, in accordance with some embodiments of the present disclosure.
• An automatic revocation process 4100 may be utilized, for example, in some embodiments that require changing verification codes between uses. It will be understood that other revocation process embodiments may include maintaining a centralized or distributed list (public or non-public) of valid and revoked verification codes, along with other arbitrary or relevant data that may contextualize the revocation itself.
• the process will be described in the context of a facial type of biometric data, although it will be understood that the disclosure of FIG.
• a first local authentication device 4150 takes in a biometric capture 4102 and a first public code.
• the samples are verified in a first verification process 4106 (i.e., using similar processes and operations as described herein), which first utilizes the information contained within public code 4104 in order to process the data from biometric capture 4102 in a manner that is suitable for bitwise comparison, perform reverse salting and obfuscation operations as appropriate, and obtain private code 4108.
• the private code 4108 may then be processed to generate a biometric hash 4110 (e.g., a repeatable binary code) as described herein, to generate a private key 4112.
• the key generation process can directly use the biometric hash 4110 or, in some embodiments, utilize derived key algorithms (e.g., PBKDF2 ) to never expose the secret biometric hash itself.
• the biometric hash 4110 may be utilized in a key generation process (e.g., a PKI encryption and keys generation process, as described herein), such that a temporary first private key 4112 is generated.
• the first private key 4112 may then function to perform a function such as an access or transactional function 4114.
• An internal revocation process 4116 includes a feature vector random selection process 4118.
• captured facial features may be used to generate a composite feature vector set, and a subset of the composite features vector set may be utilized to generate the first public key and the first public code 4104 in the registration process.
• the vector random selection process 4118 may, for example, select a different subset of the composite feature vector set.
• Embodiments that do not utilize the random selection process 4118 continue to use the same set of selected composite features, relying instead on cryptographic techniques to power the revocation process.
• the internal revocation process 4116 also includes a randomization process 4120, where an additional number of “salt” and “pepper” bits may be generated, and/or a XOR mask (e.g., a validity mask) may be added.
• a second public code 4134 is generated via a public code processing operation 4122 using the selected feature vectors 4118, the salt/pepper and XOR mask 4120, and the original public code 4104.
• the public code processing operation 4122 may also output a new private code 4124 associated with the second public code 4134.
• the private code 4124 may be hashed via a hashing operation to generate biometric hash 4126.
• Biometric hash 4126 may then be used in a key generating process to generate a local second private key 4128 and a distributed second public key 4130.
• Access or transactional function 4144 may be encoded (or reencoded) using the second public key 4130.
• biometric capture 4132 and the second public code 4134 are used in a second verification process 4130 (i.e., having similar functions and operations as that of first verification process 4106).
• FIG. 42 depicts acquisition of multiple modalities of security information, in accordance with some embodiments of the present disclosure. In the exemplary embodiment of FIG.
• a flow of registration steps assigns a common secret code 4222 to several security modalities of a person or a group of people.
• an individual might have multiple types of security features (e.g., biometric or other features) that can be used as substitutes (e.g., depending on later capture conditions) or may be layered to provide multiple layers of security for different conditions, types of transactions, etc.
• multiple individuals in a group may create common codes that can be used by any member of the group, or combined in multiple layers of security as necessary.
• a first person uses facial capture 4206 to perform a first registration 4209.
• the registration process 4209 includes the steps described herein, for example, to create a biometric hash 4210.
• a Random Number Generator of an external secret number 4222 is provided.
• a bitwise XOR operation produces a Compensation Mask code 4214 that is recorded jointly with the Public Code 4218.
• the process or registration can be repeated on an other modality such as fingerprint. Any modality that can produce a new independent biometric hash can be associated, including non-biometric security modalities or other criteria that can be repeatably measured or determined.
• the registration 4208 uses the fingerprint capture 4207 to produce a biometric hash 4211 and a second public code 24219.
• the bitwise XOR operand 4223 produces a second compensation mask code 2 4215 from the same random or secret code 4222 and the second biometric hash 4211.
• the second compensation mask code 4215 is joined to the second public code #2.
• a password 4205 is hashed 4230 to produce a third hash 4212 .
• the bitwise XOR operand 4223 produces a third compensation mask code 4216 from the same random or secret code 4222 and the third biometric hash 4212.
• the third compensation mask code 4216 is then joined to the third public code 4220.
• the random or secret code can also be associated with a biometric hash from a different person from any biometric modality.
• the biometric capture 4208 is driven by a registration process 4208 to produce the fourth hash 4213.
• the bitwise XOR operand 4223 produces a fourth compensation mask code 4217 from the same random or secret code 4222 and the fourth biometric hash 4212.
• the fourth compensation mask code 4217 is joined to the fourth public code 4221.
• the random number or secret code 4222 can be derived into a secret cryptographic key 4224 (e.g., a private key for asymmetric encryption or PKI Public Key Infrastructure).
• the private key 4224 is derived into a public key 4225 for distribution.
• FIG. 43 depicts verification of a user based on multiple modalities of security information, in accordance with some embodiments of the present disclosure. In the embodiment of FIG.
• a first person uses a face image capture 4304 and a first public code 4301 to perform verification 4308, for example, to produce a first biometric hash 4310 as described herein.
• a first compensation mask 4314 previously recorded jointly with the first public code 4301 is injected with the first biometric hash 4310 to a bitwise XOR operand 4318 to produce a common hash code 4319.
• the common hash code 4319 is utilized, such as by derivation into a secret cryptographic key (e.g., private key for asymmetric encryption or PKI usage).
• Another biometric capture 4305 (e.g., fingerprint) of a same person that was using the same random number or secret code 4222 of FIG. 22 that was used to produce the second compensation mask 4311 and a second public code 4302 are used for a second verification process 4331 to produce the second biometric hash 4311. Then the second biometric hash 4211 and the second compensation mask code 4311 are injected to the bitwise XOR operand 4318 to produce the common hash code 4319. Then the common hash code 4319 is utilized, such as by derivation into a secret cryptographic key (e.g., private key for asymmetric encryption or PKI usage).
• a secret cryptographic key e.g., private key for asymmetric encryption or PKI usage
• Other non-biometric security information e.g., password 4307
• a hashing process 4332 to produce the third hash 4312.
• the third hash 4212 and the third compensation mask code 4316 are injected to the bitwise XOR operand 4318 to produce the common hash code 4319.
• the common hash code 4319 is utilized, such as by derivation into a secret cryptographic key (e.g., private key for asymmetric encryption or PKI usage).

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Theoretical Computer Science (AREA)
• Physics & Mathematics (AREA)
• Life Sciences & Earth Sciences (AREA)
• Biomedical Technology (AREA)
• General Physics & Mathematics (AREA)
• Software Systems (AREA)
• General Health & Medical Sciences (AREA)
• Health & Medical Sciences (AREA)
• General Engineering & Computer Science (AREA)
• Data Mining & Analysis (AREA)
• Molecular Biology (AREA)
• Biophysics (AREA)
• Computational Linguistics (AREA)
• Computer Hardware Design (AREA)
• Evolutionary Computation (AREA)
• Power Engineering (AREA)
• Artificial Intelligence (AREA)
• Computing Systems (AREA)
• Mathematical Physics (AREA)
• Biodiversity & Conservation Biology (AREA)
• Collating Specific Patterns (AREA)
• Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
• Apparatus For Radiation Diagnosis (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=92903838

Family Applications (1)

Country Status (2)

Family Cites Families (6)

• 2024
  • 2024-03-21 EP EP24778381.4A patent/EP4695937A2/de active Pending
  • 2024-03-21 WO PCT/IB2024/052739 patent/WO2024201229A2/en not_active Ceased

Also Published As

Similar Documents

Legal Events