WO2010020658A1 - Procédé cryptographique et procédé d’identification sur la base de données biométriques - Google Patents

Procédé cryptographique et procédé d’identification sur la base de données biométriques Download PDF

Info

Publication number
WO2010020658A1
WO2010020658A1 PCT/EP2009/060718 EP2009060718W WO2010020658A1 WO 2010020658 A1 WO2010020658 A1 WO 2010020658A1 EP 2009060718 W EP2009060718 W EP 2009060718W WO 2010020658 A1 WO2010020658 A1 WO 2010020658A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
data
values
biometric
determined
Prior art date
Application number
PCT/EP2009/060718
Other languages
German (de)
English (en)
Inventor
Thomas Wölfl
Original Assignee
Psylock Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Psylock Gmbh filed Critical Psylock Gmbh
Publication of WO2010020658A1 publication Critical patent/WO2010020658A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the present invention relates to a method for encrypting and / or signing data by means of at least one key.
  • the message or part of the message is encrypted by the sender with the secret key.
  • the recipient of the message decrypts the message with the public key and compares it with the additionally transmitted unencrypted message or partial message and can determine if it matches that the signature originated from the owner of the secret key and no one since the encrypted part of the document has changed.
  • symmetric methods In addition to the asymmetric methods with a public and a secret key, there are also so-called symmetric methods in which only a secret key is used for encryption and decryption.
  • Known symmetrical methods are the Drive according to the Data Encryption Standard (DES method) or the Advanced Encoding Standard (AES method). This method is a block ciphering method in which information blocks are encrypted with keys of a certain length.
  • the problem is that at least one secret key must be stored in order to have it available for encryption and / or decryption. So if the secret key falls into the wrong hands, the encryption system is ineffective. Overall, the system is only as secure as the secret key is protected against unauthorized access.
  • the present invention thus has the object to provide an encryption method and a method for signing data, which has a higher security compared to the known methods.
  • the corresponding encryption and / or Signierbacter should be easy to implement and feasible.
  • a software program product for implementing the method to data processing systems and appropriately protected memory areas are to be made available.
  • the invention is based on the recognition that compared to stored keys for encrypting and / or signing data thereby a higher security standard can be achieved when the corresponding secret key does not need to be stored, but can be generated again and again in a reproducible manner.
  • biometric methods such as those used to identify persons in access control to security-relevant areas, such as secure houses and the like or in access to data processing systems, can be used correspondingly to at least one of them in a reproducible manner So to generate the secret key.
  • biometric methods for identifying persons are described, for example, in WO 98/06020 A1 or US Pat. No.
  • biometric information can be used, such as the image of the eyes, in particular the iris, image of the face or the image of a fingerprint.
  • At least one characteristic parameter can be determined, which is used to determine the at least one key.
  • several characteristic parameters of the biometric information can be used to determine the key.
  • longer key can be obtained from several characteristic parameters by e.g. Create concatenation of the corresponding values of the characteristic parameters.
  • the characteristic parameters may include, for example, with respect to images of the eyes, fingerprints, or faces, corresponding data about survey values such as eye distances, distances of the fingerprint lines, or density of the fingerprint lines, or the like.
  • the characteristic parameters may comprise different values.
  • these may include values regarding the holding time of all or certain keys, the transition period from releasing one key to pressing the next key, the transition period from releasing one key to releasing the next key, the transition period from pressing a key to pressing the next key , the frequency or frequency of errors, the tip rate, ie the number of words typed in a certain time, the velocity of the attack, So be the number of actuated keys in a certain time, etc.
  • the tip rate ie the number of words typed in a certain time, the velocity of the attack, So be the number of actuated keys in a certain time, etc.
  • single or multiple repetitions, ie pressing the next key before the previous key is released the frequency of use of certain function keys, the selection of alternatively available keys, such as the selection of the left or right shift key or the like be used.
  • statistical values such as frequency distributions or probability values, can be determined from this.
  • characteristic parameters also other special temporal or key-related abnormalities can be used.
  • numerical values representing the key can then be determined via mathematical functions. For example, average values may be determined from the characteristic parameters that correspond to at least one mathematical function, e.g. Division by a constant and / or rounding to be subjected. The corresponding numerical values can be used as keys since they are generated reproducibly.
  • a one-way function can be performed, in which it is possible to calculate a result in a calculation direction very quickly, while the reverse direction, so the backward calculation is very time consuming.
  • values may be determined, for example, according to the characteristic parameters of a biometric information, also called a biometric sample, such as the average holding time of all keys or a certain key and values of other characteristic parameters, then a one-way function is applied to determine a key.
  • the key can comprise at least one numerical value or several numerical values.
  • the numerical values can be determined such that the numerical values for different biometric samples of one type, ie biometric information either from the typing behavior or from the face recognition, are constant for a person.
  • equivalent numerical values are also determined, which, however, enable mutual encryption and decryption. This means that not every biometric sample, ie a person's recorded biometric data, such as the recorded keypad data, must result in the identical numerical values or values of the key, but that different equivalent numerical values are possible, but that are equivalent in nature, that they allow for mutual encryption or decryption.
  • the numerical value a is generated, while in the case of the detection of the sample B the numerical value b is determined.
  • the numerical values a and b are equivalent so that encryption with the key based on the numerical value a and decryption with the key on the basis of the numerical value b is possible, and vice versa.
  • a key can be generated or even a key pair or multiple keys so that in a key pair similar to the PGP method one of the keys can be provided as a public key.
  • the generation of a key or a plurality of keys can also simplify an identification procedure for a person in such a way that complex comparison of reference patterns acquired in an access attempt with stored characteristic reference patterns no longer has to take place, but rather that of the characteristic parameters of FIG or the corresponding keys are generated and then only the keys are compared, ie the key generated during the access attempt with a stored reference key.
  • the identification of a person can be simplified by generating a corresponding key.
  • encrypted information can also be compared in order not to have to store a reference key.
  • the method according to the invention which can preferably be realized as a computer program, allows data to be encrypted and decrypted without having to store a secret key of the corresponding person since the biometric data are always available again for generating the secret key.
  • the numerical values for the key could be constant for different biometric samples or give equivalent numerical values.
  • Tipproh stylist When typing a text that is to be sent as an encrypted message Tipproh stylist are detected, which exist for example in the timed sequence of key presses. From these tipproh data, also known as a biometric sample, characteristic parameters such as the average holding time of all keys or the average holding time of a certain key or the frequency distribution of holding periods of all keys or specific keys, the probabilities of typing errors, the probability of their use determined certain keys etc.
  • a secret key for symmetrical encryption and decryption can then be generated by corresponding methods, the key consisting of one or more numerical values.
  • the numerical values can be determined, for example, by forming average values based on values of the characteristic parameters, such as, for example, the holding periods and the transition periods.
  • the average values can be divided by a constant specified for the corresponding characteristic parameter and the result rounded to the nearest integer.
  • the corresponding rounding results can be hanged together (concatenated) to form the key.
  • the determined average value d fl of the first characteristic parameter fl is 103.5, while d_f2 of a second characteristic parameter f2 is 18, etc.
  • the constant c fl is 15, while c_f 2 is 10.
  • the rounded, concatenated values give 72 as the constant value of the biometric sample, e.g. a tip sample, and can be used as a key value.
  • the so-called RSA system can form the basis for this.
  • the next higher prime number can be determined from the determined characteristic values, and a so-called RSA modulus N can be calculated from two prime numbers by prime multiplication.
  • the Euler function ⁇ can be applied to the RSA module, which serves to determine the second numerical value next to the RSA module for, for example, the public key. For example, a divisive number e greater than 1 and less than the value of the euler function of the RSA module N can be selected. From this, the second numerical value of the secret or private key d can then be determined as a multiplicative inverse of the modulus of the Euler function ⁇ (N).
  • the recipient can determine whether the text has been changed when sending and actually comes from the owner of the secret key to the public key.
  • the recipient of the public key can send messages to the person from whom the biometric data originates in an encrypted manner by using the
  • Encrypted message with the public key and the recipient decrypts the encrypted message with the secret key.
  • the secret key can be generated at any time by the recipient from his biometric information available only to him, for example when identifying the recipient via the biometrics. see data when logging in to the data processing system over which the encrypted message is received.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé pour chiffrer et/ou signer des données avec au moins une clé, laquelle clé étant définie à partir d'un échantillon biométrique. La présente invention concerne en outre un procédé pour identifier une personne à l'aide d'un échantillon biométrique, ledit procédé consistant à déterminer des paramètres de l'échantillon biométrique et à déterminer à partir des paramètres au moins une clé qui sert ensuite à l'identification. La présente invention concerne en outre un produit-programme informatique correspondant et un emplacement de mémoire avec des données chiffrées à l'avenant.
PCT/EP2009/060718 2008-08-20 2009-08-19 Procédé cryptographique et procédé d’identification sur la base de données biométriques WO2010020658A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102008041392.5 2008-08-20
DE102008041392A DE102008041392A1 (de) 2008-08-20 2008-08-20 Kryptographieverfahren und Identifizierungsverfahren auf Basis biometrischer Daten

Publications (1)

Publication Number Publication Date
WO2010020658A1 true WO2010020658A1 (fr) 2010-02-25

Family

ID=41217573

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2009/060718 WO2010020658A1 (fr) 2008-08-20 2009-08-19 Procédé cryptographique et procédé d’identification sur la base de données biométriques

Country Status (2)

Country Link
DE (1) DE102008041392A1 (fr)
WO (1) WO2010020658A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5541994A (en) * 1994-09-07 1996-07-30 Mytec Technologies Inc. Fingerprint controlled public key cryptographic system
WO1999026372A1 (fr) * 1997-11-14 1999-05-27 Digital Persona, Inc. Creation de cle de chiffrement au moyen de donnees biometriques
EP1043862A2 (fr) * 1999-04-08 2000-10-11 Lucent Technologies Inc. Génération de clés cryptographiques répétables basées sur des paramètres variables
WO2002078249A8 (fr) * 2001-03-23 2003-12-18 Kent Ridge Digital Labs Procede d'utilisation de donnees biometriques pour la creation de secret
WO2006115491A1 (fr) * 2005-04-25 2006-11-02 Tecsec, Incorporated Procede de chiffrement et commande fonctionnelle d'elements de donnees etiquetes

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19631484C1 (de) 1996-08-03 1998-03-05 Dieter Bartmann Verfahren zur Verifizierung der Identität eines Benutzers einer mit einer Tastatur zur Erzeugung alphanumerischer Zeichen zu bedienenden Datenverarbeitungsanlage
KR19990009965A (ko) 1997-07-14 1999-02-05 정명식 타자 패턴을 이용한 사용자 인증 방법
JPH11187007A (ja) * 1997-12-17 1999-07-09 Casio Comput Co Ltd 暗号化・復号化装置およびその方法
US6694025B1 (en) * 1999-06-02 2004-02-17 Koninklijke Philips Electronics N.V. Method and apparatus for secure distribution of public/private key pairs
JP4519963B2 (ja) * 1999-06-21 2010-08-04 富士通株式会社 生体情報の暗号化・復号化方法および装置並びに、生体情報を利用した本人認証システム
JP2001168854A (ja) * 1999-12-13 2001-06-22 Sony Corp 暗号鍵生成装置、暗号化・復号化装置および暗号鍵生成方法、暗号化・復号化方法、並びにプログラム提供媒体
EP1677537A1 (fr) * 2004-12-31 2006-07-05 Swisscom Mobile AG Méthode et appareil pour la réception de données avec accès conditionnel et serveur distant
JP4792771B2 (ja) * 2005-03-07 2011-10-12 ソニー株式会社 データ処理方法およびデータ処理システム
DE102006049814B4 (de) * 2006-10-17 2009-08-06 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Verfahren und Vorrichtung zum Erzeugen und Speichern von einer Geheimkombination zugeordneten Hilfsgrößen sowie zum Wiedergewinnen der Geheimkombination

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5541994A (en) * 1994-09-07 1996-07-30 Mytec Technologies Inc. Fingerprint controlled public key cryptographic system
WO1999026372A1 (fr) * 1997-11-14 1999-05-27 Digital Persona, Inc. Creation de cle de chiffrement au moyen de donnees biometriques
EP1043862A2 (fr) * 1999-04-08 2000-10-11 Lucent Technologies Inc. Génération de clés cryptographiques répétables basées sur des paramètres variables
WO2002078249A8 (fr) * 2001-03-23 2003-12-18 Kent Ridge Digital Labs Procede d'utilisation de donnees biometriques pour la creation de secret
WO2006115491A1 (fr) * 2005-04-25 2006-11-02 Tecsec, Incorporated Procede de chiffrement et commande fonctionnelle d'elements de donnees etiquetes

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JAIN A K ET AL: "Biometric Cryptosystems: Issues and Challenges", PROCEEDINGS OF THE IEEE, IEEE. NEW YORK, US, vol. 92, no. 6, 1 June 2004 (2004-06-01), pages 948 - 960, XP011112757, ISSN: 0018-9219 *

Also Published As

Publication number Publication date
DE102008041392A1 (de) 2010-02-25

Similar Documents

Publication Publication Date Title
DE102009001718B4 (de) Verfahren zur Bereitstellung von kryptografischen Schlüsselpaaren
DE69725659T2 (de) Verfahren und Einrichtung zur Ablage eines in einem RSA-Kryptosystem benutzten Geheimschlüssels
DE102011120968B4 (de) Erzeugen von sicheren Schlüsseln auf Anforderung
Blanton et al. Secure and efficient protocols for iris and fingerprint identification
DE69731025T2 (de) Verschlüsselungsverfahren, Entschlüsselungsverfahren und Beglaubigungsverfahren
EP2433241B1 (fr) Procédé de codage
DE69534192T2 (de) Verfahren zur gemeinsamen Nutzung einer geheimen Information, zur Erzeugung einer digitalen Unterschrift und zur Ausführung einer Beglaubigung in einem Kommunikationssystem mit mehreren Informationsverarbeitungseinrichtungen und Kommunikationssystem zur Anwendung dieses Verfahrens
EP2340502B1 (fr) Système de traitement de données pour préparer des clés d'autorisation
DE102016002792A1 (de) Biometrie-Geheimnis-Bindungsschema mit verbessertem Datenschutz
EP3443705B1 (fr) Procédé et dispositif d'établissement d'une communication sécurisée entre un premier dispositif de réseau (initiateur) et un deuxième dispositif de réseau (répondant)
EP2810400B1 (fr) Procédé d'authentification et d'identification cryptographique à chiffrement en temps réel
DE102015208142A1 (de) Kompakter unscharfer privater Abgleich unter Verwendung einer vollhomomorphen Verschlüsselungsmethode
EP2656535B1 (fr) Procédé cryptographique
DE10148415C2 (de) Verfahren und Vorrichtung zum Verschlüsseln und Entschlüsseln von Daten
EP1687932B1 (fr) Autorisation d'une transaction
DE69826778T2 (de) Vorrichtungen zum Verschlüsseln und Entschlüsseln einer Schlüsselwiedergewinnungsbedingung
WO2010020658A1 (fr) Procédé cryptographique et procédé d’identification sur la base de données biométriques
DE60021985T2 (de) Verfahren ind vorrichtung zur sicheren erzeugung von öffentlichen/geheimen schlüsselpaaren
DE102017202940A1 (de) Verfahren und Vorrichtung zum Erzeugen kryptografischer Schlüssel
DE102006049814B4 (de) Verfahren und Vorrichtung zum Erzeugen und Speichern von einer Geheimkombination zugeordneten Hilfsgrößen sowie zum Wiedergewinnen der Geheimkombination
WO2001022654A1 (fr) Procede de decryptage de documents cryptes selon un procede de cryptage hybride en cas de perte de la cle cryptographique privee
EP0616447B1 (fr) Procédé de transmission sécurisée de données par une liaison non sécurisée
Costanzo Biometric cryptography: Key generation using feature and parametric aggregation
DE102017202952A1 (de) Zugangskontrollvorrichtung und Verfahren zur Authentisierung einer Zugangsberechtigung
EP2288073A1 (fr) Dispositif destiné au codage de données

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09781988

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09781988

Country of ref document: EP

Kind code of ref document: A1