EP4732508A1 - A system for protecting security and privacy of biometric data in autonomous vehicles - Google Patents
A system for protecting security and privacy of biometric data in autonomous vehiclesInfo
- Publication number
- EP4732508A1 EP4732508A1 EP25824210.6A EP25824210A EP4732508A1 EP 4732508 A1 EP4732508 A1 EP 4732508A1 EP 25824210 A EP25824210 A EP 25824210A EP 4732508 A1 EP4732508 A1 EP 4732508A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- attack
- traffic
- biometric
- determining whether
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/25—Means to switch the anti-theft system on or off using biometry
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Biomedical Technology (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Computation (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Data Mining & Analysis (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Molecular Biology (AREA)
- Medical Informatics (AREA)
- Biodiversity & Conservation Biology (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention relates to a system that ensures the security and protects the privacy of biometric authentication systems in autonomous vehicles, characterized in that it comprises the process steps of; determining the IP addresses and MAC addresses of all devices in the network and scanning the biometric device (100), determining whether the device is found (101), executing the attack on the target device (102), evaluating whether the attack is successful (103), copying the network traffic (104), determining whether the information obtained from the network traffic is sufficient for deep learning (200), determining whether the captured attack has the necessary feature (201), detecting the traffic flow from biometric devices (202), observing the traffic flow in real time (203), determining whether deep learning is sufficient (204), evaluating whether the traffic is sufficient (205), alerting the administrator via SMS/email if the traffic is authorized and limiting the authorized traffic (300), and alerting the administrator via SMS/email if the traffic is unauthorized and blocking the unauthorized traffic (301).
Description
A SYSTEM FOR PROTECTING SECURITY AND PRIVACY OF BIOMETRIC DATA IN AUTONOMOUS VEHICLES
Technical Field:
This invention relates to a system that ensures the security and protects the privacy of biometric authentication systems in autonomous vehicles.
State of the Art:
In today's digital age, biometric data has become a cornerstone for secure identification and access control systems in a variety of sectors, including law enforcement, banking, and personal device security. However, the sensitivity and uniqueness of biometric data raises significant privacy and security concerns. Unlike passwords or PINs, biometric data, once compromised, cannot be changed or revoked, making its protection crucial.
One of the biggest anticipated challenges with systems in the current art is the balance between safety and user convenience. In particular, while providing biometric security, some problems may occur between the security protocol and the user. These problems are usually related to user experience, perception of security, data privacy, and accuracy of biometric data. Users may have privacy concerns about the storage and processing of their biometric data (e.g. fingerprints, facial recognition data). The theft or misuse of this data can have irreversible consequences. Biometric systems sometimes fail to correctly identify the user. False positive (identifying an unauthorized person as authorized) and false negative (identifying an authorized person as unauthorized) errors can negatively impact security and user experience. It is also important for biometric systems to be user-friendly and easy to use. Complex and difficult to understand systems can lead users to have a negative attitude towards biometric security protocols.
As one of the world's leading biometric system manufacturers, Thales is also known for its cyber security efforts in the field of biometrics. Ensuring Protection against security vulnerabilities, especially in the collection, processing, verification, transmission, and
storage processes of biometric data, is one of the most critical issues in this field. Thales group uses artificial intelligence and machine learning methods to detect and prevent common cyber security threats in various sectors. Especially with the increasing use of biometric data in loT and HoT systems, the potential of expert systems in this field has emerged. Thales Group offers a wide range of cyber security services in the fields of aerospace, defense and technology, as well as the automotive sector. However, while Thales offers a wide range of security solutions, it does not appear to have enough depth to offer specific solutions in more niche fields such as biometric data security.
As a result, there is a need for a new technology which can overcome the disadvantages mentioned above.
Definition of the Invention:
This invention aims to raise awareness of potential threats and teach methods for effectively securing personal and organizational biometric data. It offers an innovative solution that addresses not just improvements like systems in the current art, but also the limitations of existing biometric security technologies. Similarly, it offers an unprecedented level of data protection unlike traditional data security methods such as BDIAF. This system is designed to meet the needs of a rapidly evolving digital environment, ensuring robust security measures are in place to protect against increasingly sophisticated cyber threats.
The invention addresses an established market, such as the autonomous vehicle industry, which has long recognized the importance of cyber security, and a different approach to address new needs emerging with technological advances and digital transformation initiatives.
The aim of the invention is to revolutionize the way biometric data is protected. The invention aims to develop a robust expert system that can automatically detect security vulnerabilities in biometric data processing systems, from data capture to storage and analysis. Thus, applications through loT/lloT concepts will be clarified with an industrial approach through the application of biometric data in infotainment systems in autonomous vehicles. The invention encompasses a software process achieved with a
cyber security infrastructure that is proactive, intelligent, and adaptable to evolving threats.
The invention is differentiated by being proactive in nature. The developed expert system aims to prevent breaches before they happen through continuous monitoring and learning. Furthermore, while existing solutions can provide protection piece by piece, the present invention envisages a holistic security architecture that takes into account all aspects of biometric data processing. The integration of Al (artificial intelligence) and ML (machine learning) not only allows for real-time threat detection, but also facilitates a dynamic response capability that traditional static defenses lack. This adaptability ensures that the system remains effective against rapidly evolving cyber threats.
The invention focuses on solutions that are seamless for the end user, such as background security checks and non-intrusive authentication methods. In this way, there are no problems between security and user convenience.
The invention aims to develop a flexible framework that can be tailored to specific system requirements and ensures broad applicability across different technologies and industries. Successful implementation of the invention has the potential to set a new standard in biometric data security. A structure that not only protects the privacy and security of individuals, but also increases trust in biometric systems.
Face data found as a result of searches in the database is presented to the request initiator in an impersonal format and contains only encrypted images that match the target face data. Each attack vector in the flow diagram mentioned in the scope of the invention has specific features. Therefore, different algorithms need to be used for the features detected for each attack vector. Agile method will be preferred as the software development methodology of optimal algorithms in the biometric data processing phase. This method will involve the preparation of a development environment in which algorithms and expert systems will be integrated in accordance with the requirements. In this process, algorithms will be made compatible with the biometric system, software interfaces are created, and testing and verification stages are passed. This approach is an important step to ensure reliable and effective use of the software. As part of the software developed with the Agile method of the obtained optimal algorithms, an
effective logging system is available for the detection and reporting of attacks. This logging system continuously monitors and records user activities, system events, and potential security breaches. In addition, when attacks or security breaches are detected, these events are automatically reported and the relevant teams are immediately notified. This will be a critical component to enhance the ability of biometric systems to maintain security and respond quickly to attacks. This software will be deployed and operated on a cloud-based system. This cloud-based approach is preferred to increase the scalability of systems, ensure security, and make it easier for users to access from anywhere. Furthermore, cloud-based infrastructure supports more effective management of logging, monitoring and security measures. This is an important component in improving the security of biometric systems and ensuring that users get a better experience and achieve their goals.
The invention uses artificial intelligence and machine learning algorithms to detect anomalies and potential security threats with high accuracy. Biometric data can be combined with other forms of verification to provide an additional layer of security and reduce the risk of unauthorized access.
Description of the Drawings:
The invention will be described with reference to the accompanying figures, so that the features of the invention will be more clearly understood and appreciated, however it is not intended to limit the invention to these particular embodiments. On the contrary, it is intended all alternatives, modifications, and equivalences that may be included in the field of the invention as defined by the accompanying claims are within the scope. It should be understood that the details shown are for the sole purpose of illustrating preferred embodiments of the present invention and are intended to provide the most useful and easily understandable description of both the embodiment of the methods and the rules and conceptual features of the invention. In the drawings;
Fig. 1 is a schematic diagram showing the operation of the system of the invention.
Fig. 2 is a schematic diagram showing the operation of the system of the invention.
The figures which will help understand this invention are numbered as indicated in the accompanying drawing and are given below with their names.
Description of the References:
100. Biometric device scanning
101 . Evaluation of whether the device is found
102. Execution of the attack
103. Evaluation of the success of the attack
104. Copying of network traffic
200. Determination of the adequacy of deep learning
201 . Determination of whether it has the feature
202. Detection of traffic flow
203. Observation in real time
204. Determination of the adequacy of deep learning
205. Determination of whether the traffic is sufficient
300. Limiting of authorized traffic
301 . Blocking of unauthorized traffic
Detailed Description of the Invention:
The process steps of the system of the invention generally comprise the process steps of; determining the IP addresses and MAC addresses of all devices in the network and scanning the biometric device (100), determining whether the device is found (101), executing the attack on the target device (102), evaluating whether the attack is successful (103), copying the network traffic (104), determining whether the information obtained from the network traffic is sufficient for deep learning (200), determining whether the captured attack has the necessary feature (201), detecting the traffic flow from biometric devices (202), observing the traffic flow in real time (203), determining whether deep learning is sufficient (204), evaluating whether the traffic is sufficient (205), alerting the administrator via SMS/email if the traffic is authorized and limiting the authorized traffic (300), and alerting the administrator via SMS/email if the traffic is unauthorized and blocking the unauthorized traffic (301).
A network map including the IP addresses and MAC addresses of all devices on the network is created. This process is for determining the scope of the scan. If required, it is also possible to perform scanning in specific IP ranges. Particular device-specific
information such as the brand, model, and software versions of biometric devices are recorded in the scan results. Then, once the device is found, a number of attacks are executed on the device. These attacks can belong to any of the following types: DoS/DDoS attack, pass the hass (PtH) attack, replay attack, false data attack, brute force attack, web attack, and mobile attack. A DoS/DDoS attack is an attack to overload a system, network or service to render it unusable. It engages the target system with a large volume of requests usually from a single source. Pass the Hash attack is a technique that an attacker uses to log in directly with the hash value (encrypted version) of a user's password. This attack makes it possible to move around the system by impersonating a user whose hash value has been compromised. A replay attack is an attack on a network in which a valid data transmission is intercepted and then resent. In this way, the attacker can gain unauthorized access by forging a previously valid communication. A false data attack (false data injection) is an attack that sends false data to systems or sensor networks, causing the system to make incorrect decisions or execute incorrect actions. A brute force attack is an attack that tries all possible combinations to guess a user's password. This attack method can be made difficult by using strong and complex passwords. Web attacks can be attack types such as SQL, XSS, CSRF. Mobile attacks, on the other hand, can be one of the attacks in the form of malware, fake mobile applications, etc. to be installed on the device.
After the attack, if the attack is successful, firstly, the network traffic is copied to detect the attack. Once the network traffic is copied, the network traffic is monitored and analyzed to detect malicious activity. In order to understand whether this attack has the necessary features, the analysis of whether the attack has the specified features is carried out through artificial intelligence. Artificial intelligence has a deep learning model and is retrained with new data each time, enhancing its performance and improving itself over time. In addition, with the deep learning model, large data sets can be processed and analyzed. This model will also be able to handle images, audio and other types of unstructured data. In addition, various network protocols such as TCP/IP, UDP, HTTP, HTTPS can be used for monitoring the network traffic mentioned in the invention. Traffic data will be collected and analyzed instantly. In this way, abnormal data traffic flows and behaviors can be detected and necessary measures can be taken.
Lastly, it will be determined whether the traffic has an authorized use. If said use is authorized, the administrator will be alerted via SMS/email and a limit will be placed on authorized traffic. If the traffic network is unauthorized, the administrator will be alerted via SMS/email in the same way and unauthorized traffic will be blocked.
Said attacks are implemented to test the resilience of devices against known vulnerabilities.
Claims
1. A system for protecting the security and privacy of biometric data in autonomous vehicles, characterized in that it comprises the process steps of;
- determining the IP addresses and MAC addresses of all devices in the network and scanning the biometric device (100),
- determining whether the device is found (101),
- executing the attack on the target device (102),
- evaluating whether the attack is successful (103),
- copying the network traffic (104),
- determining whether the information obtained from the network traffic is sufficient for deep learning (200),
- determining whether the captured attack has the necessary feature (201),
- detecting the traffic flow from biometric devices (202),
- observing the traffic flow in real time (203),
- determining whether deep learning is sufficient (204),
- evaluating whether the traffic is sufficient (205),
- alerting the administrator via SMS/email if the traffic is authorized and limiting the authorized traffic (300),
- alerting the administrator via SMS/email if the traffic is unauthorized and blocking the unauthorized traffic (301).
2. The process step of executing the attack (102) according to claim 1 , characterized in that it comprises DoS/DDoS attack, pass the hass (PtH) attack, replay attack, false data attack, brute force attack, web attack, and mobile attack types.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TR2024/010429A TR2024010429A2 (en) | 2024-08-09 | 2024-08-09 | A SYSTEM THAT PROVIDES SECURITY AND PRIVACY OF BIOMETRIC DATA IN AUTONOMOUS VEHICLES |
| PCT/TR2025/050100 WO2025264196A1 (en) | 2024-08-09 | 2025-02-10 | A system for protecting security and privacy of biometric data in autonomous vehicles |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| EP4732508A1 true EP4732508A1 (en) | 2026-04-29 |
Family
ID=98213623
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP25824210.6A Pending EP4732508A1 (en) | 2024-08-09 | 2025-02-10 | A system for protecting security and privacy of biometric data in autonomous vehicles |
Country Status (3)
| Country | Link |
|---|---|
| EP (1) | EP4732508A1 (en) |
| TR (1) | TR2024010429A2 (en) |
| WO (1) | WO2025264196A1 (en) |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US12184697B2 (en) * | 2015-10-28 | 2024-12-31 | Qomplx Llc | AI-driven defensive cybersecurity strategy analysis and recommendation system |
| CN116684181A (en) * | 2023-06-28 | 2023-09-01 | 深圳钰丰信息技术有限公司 | Data information security protection method |
| CN118300834A (en) * | 2024-03-28 | 2024-07-05 | 鹏城实验室 | Attack traffic generation method, device and related equipment based on network target range |
-
2024
- 2024-08-09 TR TR2024/010429A patent/TR2024010429A2/en unknown
-
2025
- 2025-02-10 EP EP25824210.6A patent/EP4732508A1/en active Pending
- 2025-02-10 WO PCT/TR2025/050100 patent/WO2025264196A1/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| TR2024010429A2 (en) | 2024-11-21 |
| WO2025264196A1 (en) | 2025-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8522349B2 (en) | Detecting and defending against man-in-the-middle attacks | |
| US11902307B2 (en) | Method and apparatus for network fraud detection and remediation through analytics | |
| Ho et al. | Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems | |
| CN107659583B (en) | Method and system for detecting attack in fact | |
| CN114598540A (en) | Access control system, method, device and storage medium | |
| CN112351017A (en) | Transverse penetration protection method, device, equipment and storage medium | |
| CN115694928B (en) | Cloud honeypot for the entire ship computing environment, attack event perception, and behavior analysis methods | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| CN119561787B (en) | Secure encryption transmission system for game data | |
| CN115460023B (en) | Method and system for integrally guaranteeing network security | |
| Kotlaba et al. | Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques. | |
| CN113079182B (en) | Network security control system | |
| CN119276617A (en) | Zero trust security identification method, device, electronic device and storage medium | |
| US11916953B2 (en) | Method and mechanism for detection of pass-the-hash attacks | |
| CN121217419A (en) | A device fingerprint-based MCP client authentication method for information security | |
| Palmieri et al. | Automatic security assessment for next generation wireless mobile networks | |
| Goli et al. | A survey on securing iot ecosystems and adaptive network vision | |
| Al Makdi et al. | Trusted security model for IDS using deep learning | |
| WO2019159809A1 (en) | Access analysis system and access analysis method | |
| CN110430199B (en) | Method and system for identifying attack source of IoT botnet | |
| EP4732508A1 (en) | A system for protecting security and privacy of biometric data in autonomous vehicles | |
| Uyyala | Multilevel authentication system using hierarchical intrusion detection architecture for online banking | |
| Saini et al. | Vulnerability and Attack Detection Techniques: Intrusion Detection System | |
| CN119232440A (en) | A network attack prevention method, device, terminal equipment and storage medium | |
| Rahim et al. | Improving the security of internet of things (iot) using intrusion detection system (ids) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
| 17P | Request for examination filed |
Effective date: 20260112 |
|
| AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR |