GB2401015A - Security method and apparatus using biometric data - Google Patents
Security method and apparatus using biometric data Download PDFInfo
- Publication number
- GB2401015A GB2401015A GB0408908A GB0408908A GB2401015A GB 2401015 A GB2401015 A GB 2401015A GB 0408908 A GB0408908 A GB 0408908A GB 0408908 A GB0408908 A GB 0408908A GB 2401015 A GB2401015 A GB 2401015A
- Authority
- GB
- United Kingdom
- Prior art keywords
- data
- individual
- biometric
- specific individual
- trusted authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Abstract
A security method and apparatus is provided in which a trusted authority (40) is arranged to receive biometric data of an individual and to use it both as a biometric reference for comparison with biometric characteristics of a present individual (70A) in order to determine (44) whether the latter is the individual (70) represented by the biometric data, and to generate a decryption key using the biometric data and private data of the trusted authority (40). This decryption key is apt to decrypt data encrypted using both public data of the trusted authority and an encryption key string comprising the biometric data (50). The decryption key therefore may be generated in accordance with identifier-based cryptography (IBE) utilising quadratic residuosity (QR) or Weil or Tate pairings. The method/system may have application in password data storage and/or retrieval.
Description
of. 2401015 Security Method aml Apparatus Ur,ing Biometric Data
Field of the Iovtion
The present invention relates to security methods and apparatuses using biometric data; in particular, the present invention relies to such methods and apparatuses, that utilise identifier-based encryption/decryption and analogous techniques.
As used herein, the term "biometric data" means any digital data, however measured or recorded, that represents characteristics of a biological individual intended to be unique to that individual. Thus, both digital image data of a human face and digital fingerprint data are examples of biometric data.
Backed of the Invention The use of biometric data for authenticating individuals is well known. It is also known to use biometric authentication techniques in relation to memory-based identity cards - for example, such a card can carry fingerprint data concerning the card owner, this date teeing used to check whether a person presenting the card is the card owner by comparing the data from the card with that generated by a local fingerprint reader. Of course, the biometric data on such a card has to be trustable; more particularly, the card should have the properties of Tess and unforgeability. Trustworthiness means that any information stored in the card must be issued by a trusted authority (that is, an authority trusted by the party relying on the authenticity ofthe stored biometric data). Unforgeability means that any information stored in the card cannot be modified by an unauthorized entity without being detected (a typical, but not the only, example of a suitable form of card would be one using a write-once memory chip).
It is also known to provide memory-based cards with cryptographic functions. For example, data may be stored in encrypted form on the card and only accessible after the card owner has entered a deer, ption key which the card uses to decrypt the stored data before it is output from the card. \ l
It is an object of the present invention to provide improved security methods based on biometric data, such methods being usable, without limitation, in relation to memory-based security cods.
The present invention is in part based on the appreciation that Identifier-Based Encryption (1BE) has certain properties than can be adapted for use in memory-card based security systems and over applications.
Identifia-Based Encryption (IBE) is an emerging cryptographic schema. In this schema (see Figure 1 of the accompanying drawings), a data provider 10 encrypts payload data 13 using both an encryption key string 14, and public data 15 provided by a trusted authorityl2. This public data 15 is derived by the trusted authority 12 using private data 17 and a one-way function 18. The data provider 10 then provides the encrypted payload data <13> to a recipient 11 who decrypts it, or has it decrypted, using a decryption key computed by the trusted authority 12 in dependence on the encryption key string and its own private data.
A feature of identifier-based encryption is that because the decryption key is generated from the encryption key string, its generation can be postponed until needed for deception.
Another feature of identifier-based encryption is that the encryption key string is cryplogracally unconair and can be any kind of string, that is, any ordered series of bits waker derived from a character string, a serialized image bit map, a digitized sound signal, or any other data source. The string may be made up of more than one component and may be formed by data already subject to upstream processing. In order to avoid cryptographic attacks based on judicious selection of a key string to reveal information about the encryption process, es pert ofthe encryption process the encryption key stringis passed through a one-way function (typically some sort of hash function) therebymaking it impossible to choose a cryptographically-prejudicial encryption key stung. In applications where defence against such attacks is not important, it would be possible to omit this processing of the string. /
Frequently, the encryption key string serves to "identify" the intended message recipient and the trusted authority is arranged to provide the decryption key only to this identified intended recipient. This has given rise to the use ofthe label "iderdifier-based" or "identity- based" generally for cryptographic methods of the type under discussion. However, depending on the application to which such a cryptographic method is put, the stony may serve a different purpose to that of identifying Me intended recipient and may be used to convey over information to the trusted authority or, indeed, may be an arbitrary string having no other purpose than to form the basis of the cryptographic processes.
Accordingly, the use of the term "identifier-based" or "IBE" herein in relation to cryptographic methods and systems is to be understood simply as implying that the methods and systems are based on the use of a cryptographically unconstrained string whether or not the string serves to identify the intended recipient. Generally, in the present specification, the term "encryption key string" or "EKS" is wed rather than "identity string" or "identifier string"; the term "encryption Icey string" is also used in the shortened form "encryption key" for reasons of brevity.
A number of IBE algorithms are known and Figure 2 indicates, for three such algorithms, the following features, namely: - the form of the encryption parameters 5 used, that is, the encryption key string and the public data of the trued authority (TA); - the conversion process 6 applied to the encryption key string to prevent attacks based on judicious selection of this string; - the primary encryption computation 7 effected; - the form of the encrypted output 8.
The three prior art IBE algorithms to which Figure 2 relates are: Quadratic Resduosity (QR) method as described in the paper: C. Cocks, "An identity based encryption scheme based on quadratic residues", Proceedings of the 8th IMA International Conference on Cryptography and Coding LNCS 2260, pp 360-363, Springer-Verlag, 2001. A brief description of this form of IBE is Oven hereinafter.
- Rear Mappings p using, for example, a modified Tate pairing t or modified Well pairing e for which: p:GxG > G2 where Gl and G2 denote two algebraic groups of prime order q and G2 is a subgroup of a multiplicative group of a finite field. For the Tate pairing an asymmetric form is also possible: A: Gl x Go > G2 where Go is a fumier algebraic group the elements of which are not restricted to being of order q. Generally, the elements of the groups Go and Gl are points on an elliptic curve though this is not nece"ily the case. A description ofthis form of IBE method, using modified Well pairings is Even in the paper: D. Boneh, M. Franklin "Identity based Encryption from the Well Pairing" in Advances in Cryptology - CRYPTS) 2001, LNCS 2139, pp. 213-229, Springer- Verlag, 2001.
- RSA-Based methods The RSA public key cryptographic method is well known and in its basic form is a two-party method in which a first party generates a publiciprivate key pair and a second party uses the first party's public key to encrypt messages for sending to the first party, the latter then using its private key to decrypt the messages. A variant ofthe basic RSA method, known as "mediated RSA", requires the involvement of a security mediator in order for a message recipient to be able to decrypt an encrypted message. An IBE method based on mediated RSA is described in the paper "Identity based encryption using mediated RSA", D. Boneh, X. Ding and G. Tsudik, 3rd Workshop on Information Security Application, Jeju Island, Korea, Aug. 2002.
A more detailed description ofthe (OR method is given below with reference to the entities depicted in Figure I and using the cone notation as given for this method in Figure 2. In the QR method, the trust authority's public data 15 comprises a value N that is a product of two random prime numbers p and q, where the values of p and q are the private data 17 of the trust authority 12. The values of p and q should ideally be in the range of 25' and 2s2 and should both satisfy the equation: p, q = 3 mod 4. However, p and q must not have the same value. Also provided is a hash function # which when applied to a string returns a value in the range O to N-l.
Each bit of the user's payload data 13 is then encrypted as follows: - The data provider 10 generates random numbers I+ (where t+ is an integer in the range [0, 2N]) until a value of t+ is found that satisfies the equationjacobi(t+,N) - n', where m' has a value of -1 or I depending on whether the corresponding bit of the user's data is O or I respectively. (As is well krown, thejacobi fiction is such that where x2 #modN the Jacobi (#, N) = -1 if x does not exist, and = 1 if x does exist) . The data provider 10 then computes the value: S+3 (t+ + K/t+)modN where: s+ corresponds to the encrypted value of the bit m ' concerned, and K= #(encryption key string) - Since K may be non-square, the data provider additionally generates additional random numbers t (integers in the range [0, 2N)) until one is found that satisfies the equation jacobi(t,N m '. The data provider 10 then computes the value: s = (t - K/t_)modN as the encrypted value of the bit m concerned.
The encrypted values s+ and s for each bit n'' of the user's data are then made available to the intended recipient 11, for example via e-mail or by being placed in a electronic public area; the identity of the trust authority 12 and the encryption key sing 14 will generally also be made available in the same way.
The encryption key string 14 is passed to the trust authority 12 by any suitable means; for example, the recipient 11 may pass it to the trust authority or some other route is used - indeed, the trust authority may have initially provided the encryption key string. The trust authority 12 detennines the associated private key B by solving the equation: B2_KmodN ("positive" solution) If a value of B does not exist, then there is a value of B that is satisfied by the equation: B2 _ - K modN ("negative" solution) As N is a product of two prime numbers p, q it would be extremely difficult for any one to calculate the decryption key B with only knowledge of the encryption key string and N. / - ( However, as the trust authority 12 has knowledge of p and (i.e. two prime numbers) it is relatively straightforward for the trust authority 12 to calculate B. Any change to the encryption key string 14 will result in a decryption key 16 that will not decrypt the payload data 13 correctly. Therefore, the intended recipient 11 cannot alter the encryption key string before supplying it to the trust authority 12.
The trust authority 12 sends the decryption key to the data recipient 11 along with an indication of whether this is the 'positive" or "negative" solution for B. If the 'positive" solution for the decryption key has been provided, the recipient 11 can now recover each bit m' of the payload data 13 using: m ' = jacobi(s++2B,N) If the 'negative" solution for the decryption key B has been provided, the recipient 11 recovers each bit m' using: m ' = jacobi(s +2B,N)
Summary of the Invention
According to one aspect of the present invention, there is provided a security method, carried out by a trusted authority, cornnsing receiving biometric data of a specific individual, and using the biometric data both: as a biometric reference for comparison with biometric characteristics of a subject individual to determine whether the latter is said specific individual, and to generate a decryption key based on at least the biometric data and private data of the trusted authority.
The present invention also envisages apparatus and a computer program product corresponding to the foregoing security method of the invention.
According to another aspect of the present invention, there is provided a data access control method comprising: (a) encrypting first data based on encryption parameters comprising public data of a trusted authority and an encryption key string formed using at least biometric data of a specific individual; (b) prodding the biometric data of said specific individual to the trusted authority which uses it bow: as a biometric reference for comparison with biometric characteristics of a subject individual to determine whether the latter is said specific individual, and to generate a decryption key based on at least the biometric data and private data of the trusted authority, said public data of the trusted authority being related to its private data; (c) using the decryption key to decrypt the encrypted first data.
In one preferred embodiment, in step (a) the biometric data of said specific individual is read from a memory device ofthe specific individual and the encrypted first data is stored back to the memory device. When the specific individual wishes to retrieve the first data, that individual presents the memory device to the trusted authority which reads off the biometric data of said specific individual, and then if satisfied that the individual is the specific individual, the trusted authority decrypts the first data and makes it available to the specific individual. This embodiment provides a simple way for a person to store password data securely and later retrieve it.
In another preferred embodiment, step (a) is carried out by a data provider with the biometric data of said specific individual being image data derived from a photon of the said specific individual, the biometric data of the specific individual being sent to a receiving party together with the encrypted first data for use by the trusted authority in step (b) .
In a further preferred embodiment, step (a) is carried out by a data provider with said biometric data ofthe specific individual comprising data that is the same as biometric data stored on a memory device of said specific individual as a result of having been either read from that card or provided from a common source. The aforesaid subject individual seeks to obtain the decryption key from the trusted authority by presenting a memory device to ! the trusted authority to enable We latter to read offbiometric data stored in the device and use it as said encryption key; the trusted authority only provides the decryption key to the subject individual if the latter is determined in step (b) to be said specific individual.
The present invention also envisages a system for implementing the foregoing data access control method of We invention.
Brief Description of the Drawings
Embodiments of the invention will now be described, by way of nonlimiting example, with reference to the accompanying diagrammatic drawings, in which: Figure 1 is a diagram illustrating the operation of a prior art encryption schema known as Identifier-Based Encryption; Figure 2 is a diagram illustrating how certain IBE operations are implemented by
three different prior art IBE methods;
Figure 3 is a diagram of a generalized system embodying the present invention; Figure 4A is a diagram of a data encryption stage of a first specific example of the Figure 3 system; and Figure 4B is a diagram of key generation and decryption stages of the first specific example of the Figure 3 systeTn.
Best Mode of Cue Invq Figure 3 illustrates a generalized system embodying the present invention, the system comprising: a data encryptor entity 20 for encrypting data D using an encryption key string KENC and public data of a trusted authority; a trusted authority entity 40 for generating a decryption key KDBC based on the encryption key string KENC and private data of the trusted authority, the public data being data generated by the entity 40 and being computationally related to the trusted authority's private data; and a data decrypter entity 30 for using the decryption key KDBC and the public data to decrypt the encrypted data D. The entities 20, and 40 are typically based around general-purpose processors executing stored programs but may include dedicated cryptographic hardware modules; furthermore, as will be discussed below, certain functions of the trusted authority may be carried out by human operators. The computing entities 20, 30 and 40 inter-communicate as needed via, for example, the internet or other network, or by the transfer of data using portable storage devices; it is also possible that at least some of the entities actually reside on the sane computing platoon. Indeed, in certain embodiments the data decrypter entity 30 may be incorporated into the trusted authority entity 40 whilst in over embodiments the data encryptor entity 20 and the data decrypter entity 30 may be associated with the same individual and be provided by the same computing device.
The system employs Identifier-Based Encryption with the entities 20, 30 and 40 having, in respect of IBE encryption/decryption processes, the roles of the data provider 10, data recipient 11 and trusted authority 12 ofthe Figure 1 IBE arrangement. The IBE algorithm used is, for example, the QR algorithm described above with respect to Figure 1 with the private data of the trusted authority being random prime numbers p,q and the corresponding public data being number N. The encryption key string KENC is based on biometric data 50 of a specific individual 70.
This biometric data is represented in Figure 3 by a face icon but can be any type of biometric data and is not limited to a facial image; possible types of biometric data include image data, fingerprint data, retina scan data etc. The biometric data can be compressed in form and can be obscured for privacy reasons, for example, by being subject to a known one-way function.
The biometric data 50 is provided in digital form to the encryptor entity 20 from a biometric data source 51 that may take a variety of forms. For example, the biometric data source 51 may be a capture device (such as a camera or fingerprint reader) for generating the biometric data directly from the individual 70 at the time it is required for use by the entity 20 - in other words, the individual 70 is present at the entity 20 at the time the data D is to be encrypted. Alternatively, the biometric data can be generated from an analogue storage source (such as a photographic print) or retrieved Mom a digital data storage medium; in particular, in one embodiment, the biometric data 50 is stored in digital form on a memory card or other storage device 51 that belongs to the individual 70 and that preferably has the aforementioned properties of trustworthiness and unforgeability The biometric data 50 is used by the entity 20 to form the encryption key string K8NC, the biometric data either being used directly as the key or after processing (see dashed operation oval 24) such as by concatenation with other data. The encryption key string KENC is then used to encrypt data D to form encrypted data 13(KENC,N;D) where E() indicates that the elements appearing before the semi-colon inside the brackets are used to IBE encrypt the element appearing after the semicolon. The encrypted data is then either stored to a storage medium for eventual transfer to the decrypter entity 30, or sent over a communications link directly or indirectly to the decrypter entity 30 (see arrow 61). Where the biometric data source is a storage device, the encrypted data may, in certain embodiments, be stored to this device as will be more fully described hereinafter. The biometric data 50 per se or as incorporated into the encryption key string KENC may be stored or transmitted along with the encrypted data.
When an individual 70A who may or may not be the same as the individual 70, wishes to access the encrypted data E(KENC,N;D) this individual presents themselves to the trusted authority entity 40 to which is also provided biometric data that may or may not be that used in the encryption key string KENC.
Considering first the situation where the biometric data is genuine - that is, it really is the biometric data used in the encryption key string KENC this is represented in Figure 3 by the dashed arrows 63 and 64. The arrow 63 represents the case where the biometric data provided to the encryptor entity 20 and the trusted authority entity 40 is passed to each entity from the same source 51, for example, because the biometric data is provided from off the same memory card to both entities. The arrow 64 represents the case where the biometric data was output by the entity 20 along with the encrypted data (typically, but not necessarily, in its form incorporated into the encryption key stung KENC) and has now been passed to the trusted authority. Where the biometric data only forms part ofthe encryption key string KENC but is provided in this form to the trusted authority, the latter is arranged to extract the biometric data from the key. ( (
The trusted authority entity first uses the biometric data 50 as a biometric reference for comparison with biometric characteristics of Me individual 70A to determine whether the latter is the individual 70 (see operation oval 44). As is well known to persons skilled m the art, this comparison and determination may be carried out automatically by compamg features represented in the reference biometric data 50 with features in me&surernent data produced by measurement of the subject individual 70A using biometric measurement equipment. Where the biometric data 50 is of obscured form (that is, the biometric measurements of individual 70 have been subject to a one-way function, for example, to produce the data 50), the un-obscured biometrics of individual 70 will have first been translated into biometric feature categories; accordingly, the same feature categorization and obscuring functions must be applied to the biometric characteristics of the individual 70A to produce data for comparison with the biometric data 50. This categonsation is necessary because when the biometric data is in its obscured form, the comparison operation 44 can only be based on an exact match (a near match being meaningless).
Particularly where the biometric data comprises facial image data, an alternative to effecting an automatic biometric comparison, is to have a human operator presented with the biometric reference data (for example, as an image of a face where the biometric data is facial image data), this operator then judging whether the present individual 70A is the same as that represented by the biometric data.
If no match is found between the individual 70A and that represented by the biometric data 50, the trusted authority 40 refuses to proceed with the generation of the decryption key KDEC needed to access the encrypted data. However, if a match is found in operation 44, the trusted authorityproceeds. Where biometric data 50 does not constitute the encryption key string KENC in its entirety, the next operation is to re-form the encryption key string (see dashed operation oval 45) - this may involve the concatenation of the biometric data with other data known to both the entities 20 and 40. For example, this other data may simply be an item of non-confidential data or it may be a shared secret; this other data may vary between encryption operations of the entity 20. Of course, where the encryption key
-
string KBNC itself was provided to the trusted authority, then this is used directly without needing to reform it.
Once the encryption key string has been obtained, the trusted authority uses it, along with its private datap, q, to generate the decryption key KDBC (see operation oval 46). As can be seen, the same biometric data that was used as the biometric reference data in operation 44 is also used in the process 46 of generating the decryption key KDBC.
The decryption key KDEC is then transferred (see arrow 66) to the data decrypter entity 30 to which the encrypted data B(KENC,N;D) is also supplied (see arrow 67). The transfer of the decryption key to the entity 30 from the entity 40 may be effected over a communications link or via a data storage device; as already indicated, in certain embodiments, the decryption entity 30 is actuallypart ofthe trusted authority so no transfer is required. The decryption key KDEC is thereafter used to decrypt the encrypted data to recover the data D in clear (operation 35). Where the decryption is effected by the trusted party entity 40, the recovered data D is typically then provided to the individual 70A (now known to be the individual 70) either by displaying it or by the transfer of an electronic or paper copy to the individual; however, the trusted authority may decide not to disclose the data D. It will be appreciated that the trusted authority can catty out the key generation operation 46 in parallel with, or even before, having determined that the individual 70A is the individual 70 - what is important is that the entity 40 does not provide the decryption key (or where it also effects the decryption operation 35, the recovered data D) to the individual 70A until the latter is determined to be the individual 70.
The foregoing description of the operation of the trusted authority entity 40 was for the situation of the biometric data provided to the entity being the genuine biometric data 50 used in the encryption key string KENC. If the biometric data presented to the trusted authority entity 40 is not that used for the encryption key string (represented by dashed arrow 65 in Figure 3) as may be the case where the individual 70A is not the individual 70 and tries to fool the trusted authority by presenting their own biometric data, then even though the trusted authority may be fooled into generating a decryption key, this key will not serve to decrypt the encrypted data E(KENC,N;D). This is because the trusted authority uses the same biometric data for both operations 44 and 46.
Figures 4A and 4B illustrates a first specific embodiment of the generalized Figure 3.
system. In this embodiment, the biometric data ofthe individual 70 is stored on a memory card 52 that serves as a security card for an organization such as a commercial enterprise.
The card has, for example, a picture ofthe individual 70 on its front face and an embedded memory chip divided into a write-once first portion 53 holding the biometric data 50 and a re-writable second portion 55. For simplicity, in the present example it is assumed that the biometric data 50 directly constitutes the encryption key string KENC to be used by the encryptor entity 20 to encrypt data D. Suppose the individual 70 wishes to safely store all the many passwords that he/she has for accessing various services. In this case, the individual supplies these passwords as the data D to an encryptor entity 20 that includes a card reader 26. The entity 20 reads the biometric data 50 from the card 52 and uses it as the encryption key string KENC to encrypt the passwords (operation 25); the entity 20 then writes the encrypted data to the rewritable portion 55 of the memory card 52. The individual 70 now has their passwords safely stored in their memory card 52. The entity 20 can be provided by a computer or other device under the control of the individual or can be provided by the trusted authority - in this example, the trusted authority may be the security office of the enterprise.
Should the individual 70 forget any oftheir passwords, he/she goes to the trusted authority (security office) and presents their memory card 52 (see Figure 4B). The biometric data 50 is read offthis card by the trusted authority entity and used in operation 44 to check that the individual presenting the memory card 52 is the owner of the card as indicated by the biometric data on the card. Preferably, the biometric data 50 is a facial image of the individual enabling a security office member to readily check that the individual presenting the card is the card owner. Assuming that the check 44 is passed, the decryptions key Kelp is generated and used by the trusted authority entity to decrypt the password data D held on the card; this password data is then displayed to the individual 70 on adisplay 48 in a manner such that the data D is not visible to members of the security office.
Rather than the password storage device being an enterprise security card and the trusted authority being a security of lice, the individual can store their passwords on any storage medium they deem appropriate and select any party as a trusted authority provided the latter can be trusted to keep their private dale (D,q) confidential and not to retain copies of the decrypted passwords. Another possible trusted authority would be a trusted computing platform having functionality such as specified, for example, in "TCPA - Trusted Computing Platform Alliance Main Specification vl.l" www.trustedcomputing.org, 2001 and described in the book "trusted computing platforms - tcpa technology in context"; Pearson (editor); Prentice Hall; ISBN 0-13-009220-7".
According to a second specific embodiment of the generalized Figure 3. system, the encryptor entity 20 is operated by a data provider that wishes to send data D to the individual 70 in a secure manner. The data provider has a reasonably current photograph of the individual 70 and so the data provider scans in the photograph to produce digital image data which is then used as the biometric data 50 from which an encryption key string KeNC is formed. The data D is then encrypted using this key and the public data of a trusted authority such as a post office local to the individual. The data provider sends the encrypted data and the encryption key string KEINC to the individual 70 who extracts the encryption key string, puts it on a floppy disc (or over storage device) and takes it to their local post of lice acting as a trusted authority. The post of lice reads the biometric data and brings up an image which a counter clerk then uses to determine if the individual presenting the biometric data is that represented by the data; if so, the clerk causes the biometric data to be used to generate a decryption key which is then stored to the storage device ofthe individual. The individual can now take away the decryption key and use it to recover the data D in clear.
According to a third specific embodiment ofthe generalized Figure 3 system, an individual has a memory card holding their biometric data. This individual wishes to store sensitive data D (such as their medical records) from a data provider and accordingly presents the
- (
memory card to the data provider. The data provider reads off the biometric data arid first confirms that this data corresponds to the individual present. Assuming this is the case, the data provider encrypts the data D and stores it back to the card. If at any time in the future, access is required to the sensitive data, a trusted authority reeds offthe biometric data and confirms that the card belongs to the individual concerned before generating the decryption key and decrypting the data D. In this embodiment, one would normally require some consensual act by the card owner (such as presentation of the card to the trusted authority); however, this embodiment also allows the trusted authority to access the data D in an emergency situation - as might be needed where the individual has had a road traffic accident and the attending medical staffneed urgently to access the medical record data D recorded on the card (in this case, the trusted authority would be the emergency services).
In the foregoing example, the data provider could in fact have initially obtained the biometric data not from the card but from a common source for example, the card and the encrypted data may be created simultaneously using the same biometric data.
As already noted, the encryption key string KENC may comprise data additional to the biometric data 50. This additional data may, for example, be conditions placed by the data provider on the release of the data D, these conditions being checked by the trusted authority before generation ofthe decryption key andfor release of the decryption key / the decrypted data.
It will be appreciated that instead of the QR IBE method, the abovedescnbed embodiments can be implemented using any other suitable IBE algorithm, such as those mentioned above that use of Well or Tate pairings, or are RSA based; analogous cryptographic algorithms can also be used.
Whilst in the foregoing example the biometric data has concerned human individuals, the biometric data can alternatively be that of another type of biological organism such as a dog or horse. (A
Furthermore, although in the described exernpIes the individuals have presented themselves to the trusted authority, the trusted authority or a party associated with it may be more pro-active and approach or otherwise select an individual (far example, a customs officer may select a traveller at an airport and ask to see their identity card which is a memory card with biometric data).
The trusted authority may be distributed in nature having, for example, a reunite station at which an individual presents t}anselves for biometric measurement, and a central station where biometric data is compared and decryption key generation is carried out.
It is possible to require the involvement of multiple trust-authority entities effectively forming a compound trust authority. This may be desirable where a single authority is not trusted to be entirely reliable. One way of achieving this would be for the data encryptor to recursively encrypt the data D, with each iteration being done using the same encryption key string but the public data of a different trusted authority - the individual must then go to several trust authorities in turn to successively roll back each encryption iteration. An alternative approach is for the data provider to encrypt the data D using a public base key associated with each ofthe trusted authorities, decryption ofthe encrypted item onlybeing possible by obtaining a decryption sukey from the trusted delegate entity acting for each trusted authority in turn. This can be expressed as: Encryption: ciphertext= E(K_all, data) Decryption: data = D(K_all, ciphertext) where K_all is encryption key string related to all trusted authorities, K'_all is the corresponding decryption key; K'_all is retrieved from all decryption sub-keys. Furler information about how multiple trusted authorities can be used is given in: Chen L., K. Harrison, A. Moss, N.P. Smart and D. Soldera. "Certification of public keys within an identify teased system" Proceedings of Information Security Conference 2002, ed. A. H. Chan and V. Gligor, LNCS 2433, pages 322-333, Sprger- Verlag, 2002.
Claims (47)
1. A security method, carried out by a trusted authority, comprising receiving biometric data of a specific individual, and using the biometric data both: as a biometric reference for comparison with biometric characteristics of a subject individual to determine whether the latter is said specific individual, and to generate a decryption key based on at least the biometric data and private data of the trusted authority.
2. A method according to claim 1, wherein the decryption key is made available to the subj ect individual only if the latter is determined by the trusted authority to be said specific individual.
3. A method according to claim 1, wherein the decryption key is used by the trusted authority to decrypt data that has been encrypted based on encryption parameters comprising public data of the trusted authority and an encryption key string formed using at least said biometric data, said public data of the trusted authority being related to its private data.
4. A method according to claim 3, wherein the decrypted data is made available to the subject individual if the latter is determined by the trusted authority to be said specific individual.
5. A method according to claim 1, wherein if the subject individual is determined by the trusted authority to be the specific individual, the decryption key is used by the trusted authority to decrypt data that has been encrypted based on encryption parameters comprising public data ofthe trusted authority and an encryption key string formed using at least said biometric data, said public data of the trusted authority being related to its private data. ó
6. A method according to claim 1, wherein the generation of the decryption key is only carried out if said subject individual is determined to be said specific individual.
7. A method according to any one of the preceding claims, wherein the subject individual is a human person that has presented hirnerselfto the trusted authority and purports to be said specific individual.
8. A method according to any one of the preceding claims, wherein the determination of whether said subject individual is said specific individual is carried out automatically by comparing features represented in the reference biometric data with features in measurement data produced by measurement of the subject individual.
9. A method according to anyone of claims 1 to 7, wherein the determination of whether said subject individual is said specific individual is carried out by a human.
10. A method according to any one of the preceding claims, wherein the biometric data comprises image data of the face of the specific individual.
11. A method according to any one of the preceding claims, wherein the biometric data is read from a memory device presented by Me subject individual.
12. A method according to any one ofthe preceding claims, wherein the generation ofthe decryption key is effected in accordance with identifierbased cryptography utilising quadratic residuosity.
13. A method according to any one of claims I to 11, wherein the generation of the decryption key is effected in accordance with identifier-based cryptography utilising Well or Tate pairings.
14. Apparatus for carrying out the method of any one of claims 1 to 13.
15. Apparatus arranged to act as a trusted authority and comprising: ( an input arrangement for receiving biometric data of a specific individual; a biometric measurement arrangement for measuring biometric characteristics of a subject individual to produce biometric measurement data; a comparison arrangement for comparing the received biometric data of said specific individual with the biometric measurement data of said subject individual to determine whether the latter is said specific individual; a key-generation arrangement for generating a decryption key based on at least the biometric data and trusted-authority private data; and a control arrangement for ensuring that until the comparison arrangement has determined that the subject individual is said specific individual, either the key generation arrangement does not generate the decryption key, or the decryption key, and any data decrypted using the decryption key, is not made available for use.
16. A computer program product for conditioning programmable apparatus for carrying 1 S out the method of any one of claims 1 to 13.
17. A computer program product for conditioning programmable apparatus provided with an input arrangement and a biometric measurement arrangement to act as a trusted authority that is arranged: to receive biometric data of a specific individual via said input arrangement; to generate biometric measurement data by using said biometric measurement arrangement to measure biometric characteristics of a subject individual; to determine whether the subject individual is said specific individual by comparing the received biometric data of said specific individual with the biometric measurement data of said subject individual; to generate a decryption key based on at least the biometric data and trusted-authority private data; and to ensure that until the apparatus been determined that the subject individual is said specific individual, either the decryption key is not generated, or the decryption key, and any data decrypted using the decryption key, is not made available for use.
18. A data access control method comprising: (
JO
(a) encrypting first data based on encryption parameters comprising public data of a trusted authority and an encryption key string formed using at least biometric data of a specific individual; (b) providing the biometric data of said specific individual to the trusted authority which uses it both: as a biometric reference for comparison with biometric characteristics of a subject individual to determine whether the latter is said specific individual, and to generate a decryption key based on at least the biometric data and private data of the trusted authority, said public data of the trusted authority being related to its private data; (c) using the decryption key to decrypt the encrypted first data.
19. A method according to claim 18, wherein the decryption key is only generated, or only made available for use in step (c), by the trusted authority if the subject individual is IS determined by the trusted authority to be the specific individual.
20. A method according to claim 18, wherein in step (a) the biometric data of said specific individual is contemporaneously generated from said specific individual.
21. A method according to claim 18, wherein in step (a) the biometric data of said s pacific individual is generated Mom recorded analogue biometric data of said specific individual.
22. A method according to clann 18, wherein in step (a) biometric data of said specific individual is retrieved from digital storage.
23. A method according to claim 22, wherein the biometric data of said specific individual is retrieved from a memory device presented by said specific individual.
24. A method according to claim 18 or claim 22, wherein the biometric data of said specific individual is provided to the trusted authority by being read offal memory device presented by said subject individual. ( '
25. A method according to any one of claims 18 to 23, wherein the biometric data of said specific individual is provided to the trusted authority by transfer from an entity carrying out step (a).
26. A method according to any one of claims 18 to 25, wherein the subject individual is a human person that has presented him/herselfto the trusted authority and purports to be said specific individual.
27. A method according to any one of claims 18 to 26, wherein in step (b) the to determination of whether said subject individual is said specific individual is carried out automatically by comparing features represented in the reference biometric data with features in measurement data produced by measurement of the subject individual.
28. A method according to any one of claims 18 to 26, wherein in step (b) the determination of whether said subject individual is said specific individual is carried out by a human.
29. A method according to any one of claims 18 to 28, wherein step (c) is carried out by the trusted authority and the decrypted data is made available to the specific individual.
30. A method according to any one of claims 18 to 28, wherein the trusted authority provides the decryption key to said specific individual which then carries out step (c).
31. A method according to any one of claims 18 to 30, wherein the biometric data of said specific individual comprises image data of the face of the specific individual.
32. A method according to claim 18, wherein in step (a) the biometric data of said specific individual is read from a memory device of said specific individual and the encrypted first data is stored to said device, the biometric data of said specific individual being provided to the trusted authority in step (b) by being read from said memory device, and step (c) being carried by the trusted authority and only if the subject individual is determined in (- step (b) to be said specific individual, the decrypted first data produced in step (c) being made available to said specific individual.
33. A method according to claim 32, wherein the first data comprises password data.
34. A method according to claim 18, wheran step (a) is carried out by a data provider with the biometric data of said specific individual being unage data derived from a photograph of said specific individual, the biometric data of said specific individual being sent to a receiving party together with the encrypted first data for use by the trusted authorityin step (b).
35. A method according to claim 34, wherein the receiving party is the trusted authority.
36. A method according to claim 34, wherein the receiving party is said specific 1 5 individual.
37. A method according to claim 18, wherein step (a) is carried out by a data provider with said biometric data of said specific individual comprising data that is the same as biometric data stored on a memory device of said specific individual as a result of having been either read from that device or provided from a common source, the said Subject individual seeking to obtain the decryption key from the trusted authority by presenting a memory device to the trusted authority to enable the latter to read offbiometric data stored in the device, the trusted authority providing the decision key to the subject individual only if the latter is determined in step (b) to be said specific individual.
38. A method according to claim 37, wherein the encryption key string includes a data element known to the data provider and passed to the trusted authority, this data element being varied between iterations of steps (a) to (c).
39. A method according to any one of claims IS to 38, wherein the cryptographic processes involving the encryption key string and decryption key are effected in accordance with identifier-based cryptography utilising quadratic residuosity. ?
40. A method according to any one of claims 18 to 38, wherein the cryptographic processes involving the encryption key string and decryption key are effected in accordance with identifier-based cryptography utilized Well or Tate pairings.
41. A system for carrying out the method of any one of claims 18 to 40.
42. A data access control system comprising: encryption apparatus for encrypting first data based on encryption parameters comprising public data of a trusted authority and an encryption key string formed using at least biometric data of a specific individual; trusted-authority apparatus comprising: an input arrangement for receiving the biometric data of said specific individual; a biometric measurement arrangement for measunug biometric characteristics of a subject individual to produce biometric measurement data; a comparison arrangement for comparing the received biometric data of said specific individual with the biometric measurement data of said subject individual to determine whether the latter is said specific individual; a key-generation arrangement for generating a decryption key based on at least the biometric data and trusted-authority private data; and a control arrangement for ensuring that until the comparison arrangement has determined that the subject individual is said specific individual, either the key generation arrangement does not generate the decryption key, or the decryption key, and any data decrypted using the decryption key, is not made available for use.
decryption apparatus for using the decryption key to decrypt the encrypted first data.
43. A system according to claim 42, wherein the decryption apparatus is part of the trusted-authority apparatus.
44. A system according to claim 42, wherein the encryption apparatus comprises an input arrangement for reading the biometric data of said specific individual from a memory device.
45. A system according to claim 42, wherein the irrupt agement of Me trusted authority apparatus is arranged to read the biometric data of said specific individual from a memory device presented by said subject individual.
46. A system according to claim 42, wherein the encryption apparatus comprises an input arrangement for reading the biometric data of said specific individual from a memory device presented by said specific individual, and an output arrangement for storing the encrypted first data in said memory device; the input arrangement of the trusted- authority apparatus being arranged to read the biometric data of said specific individual and the encrypted first data from a memory device presented by said subject individual.
47. A system according to claim 44, wherein the trusted-authority apparatus includes the decryption apparatus, and the input arrangement of the trusted-authority apparatus is I 5 further arranged to read the encrypted first data from the memory device presented by said subject individual.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GBGB0309182.4A GB0309182D0 (en) | 2003-04-23 | 2003-04-23 | Security method and apparatus using biometric data |
| GBGB0311724.9A GB0311724D0 (en) | 2003-04-23 | 2003-05-22 | Security method and apparatus using biometric data |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB0408908D0 GB0408908D0 (en) | 2004-05-26 |
| GB2401015A true GB2401015A (en) | 2004-10-27 |
| GB2401015B GB2401015B (en) | 2006-01-04 |
Family
ID=32395896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0408908A Expired - Fee Related GB2401015B (en) | 2003-04-23 | 2004-04-22 | Security method and apparatus using biometric data |
Country Status (3)
| Country | Link |
|---|---|
| JP (1) | JP2006524352A (en) |
| GB (1) | GB2401015B (en) |
| WO (1) | WO2004095770A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102006000666A1 (en) * | 2006-01-03 | 2007-07-05 | Ulrich Michael Kipper | Database device creating method for e.g. business application, involves acquiring data set containing biometric characteristic of person and confidential data, and biometrically coding set with coding determined based on characteristic |
| WO2009124819A1 (en) * | 2008-04-09 | 2009-10-15 | Siemens Aktiengesellschaft | Method for the protection of personality rights when taking pictures of persons |
| US8195576B1 (en) * | 2011-01-31 | 2012-06-05 | Bank Of America Corporation | Mobile transaction device security system |
| US8666895B2 (en) | 2011-01-31 | 2014-03-04 | Bank Of America Corporation | Single action mobile transaction device |
| US8972286B2 (en) | 2011-01-31 | 2015-03-03 | Bank Of America Corporation | Transaction authorization system for a mobile commerce device |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006128761A (en) * | 2004-10-26 | 2006-05-18 | Sony Corp | Communication method and communication system employing encryption technology, and biological information verification apparatus |
| WO2006070322A1 (en) * | 2004-12-28 | 2006-07-06 | Koninklijke Philips Electronics N.V. | Key generation using biometric data and secret extraction codes |
| US8625785B2 (en) | 2008-05-15 | 2014-01-07 | Qualcomm Incorporated | Identity based symmetric cryptosystem using secure biometric model |
| US8627103B2 (en) | 2008-05-23 | 2014-01-07 | Koninklijke Philips N.V. | Identity-based encryption of data items for secure access thereto |
| CN102833244B (en) * | 2012-08-21 | 2015-05-20 | 鹤山世达光电科技有限公司 | Communication method for authentication by fingerprint information |
| US9836896B2 (en) | 2015-02-04 | 2017-12-05 | Proprius Technologies S.A.R.L | Keyless access control with neuro and neuro-mechanical fingerprints |
| US9577992B2 (en) * | 2015-02-04 | 2017-02-21 | Aerendir Mobile Inc. | Data encryption/decryption using neuro and neuro-mechanical fingerprints |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4993068A (en) * | 1989-11-27 | 1991-02-12 | Motorola, Inc. | Unforgeable personal identification system |
| GB2370471A (en) * | 2000-12-20 | 2002-06-26 | Director Government Comm Headq | Identity based directoryless public key cryptographic system based on quadratic residues |
| WO2002073877A2 (en) * | 2001-03-09 | 2002-09-19 | Pascal Brandys | System and method of user and data verification |
| WO2003017559A2 (en) * | 2001-08-13 | 2003-02-27 | Board Of Trustees Of The Leland Stanford Junior University | Systems and methods for identity-based encryption and related cryptographic techniques |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH01161938A (en) * | 1987-12-18 | 1989-06-26 | Secom Co Ltd | Cryptographic information communication system |
| JP3564673B2 (en) * | 1995-11-21 | 2004-09-15 | 日本電信電話株式会社 | Personal authentication system, personal authentication card and center device |
| AU1081997A (en) * | 1995-11-22 | 1997-06-11 | Walker Asset Management Limited Partnership | Remote-auditing of computer generated outcomes using cryptographic and other protocols |
| JPH09284272A (en) * | 1996-04-19 | 1997-10-31 | Canon Inc | Ciphering system, signature system, key common share system, identity proving system and device for the systems |
| EP0944011A4 (en) * | 1997-08-05 | 2000-08-23 | Enix Corp | Fingerprint collation |
| JPH11149453A (en) * | 1997-11-18 | 1999-06-02 | Canon Inc | Device and method for processing information |
| US6151676A (en) * | 1997-12-24 | 2000-11-21 | Philips Electronics North America Corporation | Administration and utilization of secret fresh random numbers in a networked environment |
| JP3819608B2 (en) * | 1998-01-06 | 2006-09-13 | 株式会社東芝 | Electronic document falsification prevention system and recording medium |
| JP2001211172A (en) * | 2000-01-25 | 2001-08-03 | Shigeo Tsujii | Method and device for ciphering public key |
| CN1388946A (en) * | 2000-07-19 | 2003-01-01 | 金榮浣 | System and method for cardless secure credit transaction processing |
| JP4655358B2 (en) * | 2000-11-21 | 2011-03-23 | 沖電気工業株式会社 | Provider confirmation system and provider confirmation method |
| JP2002288605A (en) * | 2001-03-22 | 2002-10-04 | Ntt Data Technology Corp | Dna-utilizing type recording medium and genuine principal certificating system, and electronic signature system utilizing the dna-utilizing type recording medium |
| JP2004228615A (en) * | 2003-01-17 | 2004-08-12 | Ntt Docomo Inc | Key isolation type encryption method and key isolation type encryption system using secret information intrinsic to user, and external auxiliary apparatus |
-
2004
- 2004-04-21 WO PCT/GB2004/001708 patent/WO2004095770A1/en active Application Filing
- 2004-04-21 JP JP2006506154A patent/JP2006524352A/en active Pending
- 2004-04-22 GB GB0408908A patent/GB2401015B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4993068A (en) * | 1989-11-27 | 1991-02-12 | Motorola, Inc. | Unforgeable personal identification system |
| GB2370471A (en) * | 2000-12-20 | 2002-06-26 | Director Government Comm Headq | Identity based directoryless public key cryptographic system based on quadratic residues |
| WO2002073877A2 (en) * | 2001-03-09 | 2002-09-19 | Pascal Brandys | System and method of user and data verification |
| WO2003017559A2 (en) * | 2001-08-13 | 2003-02-27 | Board Of Trustees Of The Leland Stanford Junior University | Systems and methods for identity-based encryption and related cryptographic techniques |
Non-Patent Citations (1)
| Title |
|---|
| http://www.hpl.hp.com/techreports/2002/HPL 2002 185.pdf, AA trusted biometric system@, Chen et al., HP Labs, last modified 30 July 2002 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102006000666A1 (en) * | 2006-01-03 | 2007-07-05 | Ulrich Michael Kipper | Database device creating method for e.g. business application, involves acquiring data set containing biometric characteristic of person and confidential data, and biometrically coding set with coding determined based on characteristic |
| WO2009124819A1 (en) * | 2008-04-09 | 2009-10-15 | Siemens Aktiengesellschaft | Method for the protection of personality rights when taking pictures of persons |
| US8195576B1 (en) * | 2011-01-31 | 2012-06-05 | Bank Of America Corporation | Mobile transaction device security system |
| US8666895B2 (en) | 2011-01-31 | 2014-03-04 | Bank Of America Corporation | Single action mobile transaction device |
| US8972286B2 (en) | 2011-01-31 | 2015-03-03 | Bank Of America Corporation | Transaction authorization system for a mobile commerce device |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2006524352A (en) | 2006-10-26 |
| GB2401015B (en) | 2006-01-04 |
| WO2004095770A1 (en) | 2004-11-04 |
| GB0408908D0 (en) | 2004-05-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20050005136A1 (en) | Security method and apparatus using biometric data | |
| US7693279B2 (en) | Security method and apparatus using biometric data | |
| JP4463979B2 (en) | Apparatus and method for storing, verifying and using cryptographically camouflaged cryptographic keys | |
| US8630421B2 (en) | Cryptographic key backup and escrow system | |
| US7111173B1 (en) | Encryption process including a biometric unit | |
| US6385318B1 (en) | Encrypting method, deciphering method and certifying method | |
| KR100564677B1 (en) | Administration and utilization of secret fresh random numbers in a networked environment | |
| AU681822B2 (en) | A method for providing blind access to an encryption key | |
| US20080310619A1 (en) | Process of Encryption and Operational Control of Tagged Data Elements | |
| US20020124177A1 (en) | Methods for encrypting and decrypting electronically stored medical records and other digital documents for secure storage, retrieval and sharing of such documents | |
| KR102224998B1 (en) | Computer-implemented system and method for protecting sensitive data via data re-encryption | |
| US20070014399A1 (en) | High assurance key management overlay | |
| JPH11239124A (en) | Method and device for restoring secret key | |
| Avoine et al. | epassport: Securing international contacts with contactless chips | |
| GB2401015A (en) | Security method and apparatus using biometric data | |
| CN107426172A (en) | The matching method for pushing and device of a kind of identity information | |
| JP4584545B2 (en) | Variable identifier transmission device and variable identifier transmission program | |
| Mandal | Reversible steganography and authentication via transform encoding | |
| CN113190859A (en) | Data hierarchical encryption method based on block chain | |
| CN107682156A (en) | A kind of encryption communication method and device based on SM9 algorithms | |
| CN112507355B (en) | Personal health data storage system based on block chain | |
| EP1119133B1 (en) | Method and apparatus for secure data transmission via network | |
| KR20170001633A (en) | Tokenization-based encryption key managemnent sytem and method | |
| Patel et al. | The study of digital signature authentication process | |
| CN108737095A (en) | A kind of number now surveys record trust model system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20210422 |