US2022294631A1PendingUtilityA1

System and Method for Securing Personal Information Via Biometric Public Key

58
Assignee: BADGE INCPriority: May 17, 2018Filed: May 23, 2022Published: Sep 15, 2022
Est. expiryMay 17, 2038(~11.8 yrs left)· nominal 20-yr term from priority
H04L 9/0866H04L 9/3231H04L 9/3242H04L 9/0894H04L 9/3247H04L 9/3239H04L 9/0637H04L 9/50H04L 9/30
58
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A device, method, and computer readable storage medium generate a biometric public key for an individual based on both the individual's biometric data and a secret, in a manner that verifiably characterizes both while tending to prevent recovery of either by anyone other than the individual. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust. Such biometric public keys may be distributed without compromising the individual's biometric data, and may be used to provide authentication in addition to, or in lieu of, passwords or cryptographic tokens. Various use cases are disclosed, including: enrollment, authentication, establishing and using a secure communications channel, and cryptographically signing a message.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system for at least one of peer-to-peer enrollment and authentication between a first device that purports to store biometric information of an individual and a second device being used by a subject purporting to be the individual, the system comprising:
 receiving, by the second device, biometric information of the subject;   running a protocol by the first and second devices to determine if the biometrics received by the second device match the biometrics stored by the first device above a predetermined confidence threshold, without the first device sending the biometric information of the individual to the second device and without the second device sending the biometric information of the subject to the first device; and   authenticating the subject as the individual when the biometrics received by the second device are deemed equivalent to the biometrics stored by the first device above the predetermined confidence threshold.   
     
     
         2 . The system according to  claim 1 , wherein the first device is one of a plurality of candidate devices that are registered with a broker and that purport to store biometric information of the individual, and the system executes computer processes comprising:
 providing, by the second device, specification information for the second device to the broker;   selecting, by the broker, the first device, from among the plurality of candidate devices, for at least one of peer-to-peer enrollment and authentication with the second device based on the specification information for the second device and specification information stored by the broker for each of the plurality of candidate devices; and   connecting the first and second devices for at least one of peer-to-peer enrollment and authentication.   
     
     
         3 . The system according to  claim 1 , further comprising:
 transferring user data from the first device to the second device after the subject has been authenticated as the individual.   
     
     
         4 . The system according to  claim 3 , wherein transferring user data from the first device to the second device after the subject has been authenticated as the individual comprises:
 encrypting, by the first device, data stored on the first device;   transmitting, by the first device to the second device, the encrypted data;   decrypting, by the second device, the encrypted data to recover the data; and   storing, by the second device, the data in the second device.   
     
     
         5 . The system according to  claim 1 , further comprising running a secure multiparty computation protocol between the first and second devices to compute a biometric matching function between the biometrics stored on the first and second devices without either one of the devices revealing its respective biometric information to the other. 
     
     
         6 . The system according to  claim 5 , wherein the secure multiparty computation protocol comprises:
 running an oblivious transfer (OT) step plus an execution of Yao's garbled circuits in a first direction from the first device to the second device to produce, in each device, a first output key;   running an oblivious transfer (OT) step plus an execution of Yao's garbled circuits in a second direction from the second device to the first device to produce, in each device, a second output key; and   combining, by each device, the first and second output keys to produce a final output key.   
     
     
         7 . The system according to  claim 1 , wherein the system contains a secure enclave for processing biometric data. 
     
     
         8 . The system according to  claim 7 , wherein each enclave is configured to attest its integrity prior to authentication. 
     
     
         9 . A system for at least one of peer-to-peer enrollment and authentication between a first device and a second device, wherein there exists specification information for each device, the system executes computer processes comprising:
 determining whether the specification information for the second device is compatible with the specification information for the first device; and   failing the enrollment or authentication when the specification information for the second device is incompatible with the specification information for the first device.   
     
     
         10 . A system for at least one of peer-to-peer enrollment and authentication between a first device and a second device, wherein the first device is one of a plurality of candidate devices that are registered with a broker, the system executes computer processes comprising:
 providing, by the second device, specification information for the second device to the broker;   determining, by the broker, whether any of the candidate devices are compatible with the second device based on the specification information for the second device and specification information stored by the broker for each of the plurality of candidate devices; and   failing the enrollment or authentication when the specification information for the second device is incompatible with the specification information for the candidate devices.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.