Systems, apparatus and methods for secure electrical communication of biometric personal identification information to validate the identity of an individual
Abstract
An apparatus for validating an identity of an individual based on biometrics includes a memory and a processor operatively coupled to a distributed database and the memory. The processor is configured to provide biometric data as an input to a predefined hash function to obtain a first biometric hash value. The processor is configured to obtain, using a first pointer to the distributed database, a signed second biometric hash value. The processor is configured to define a certification of the biometric data in response to verifying that a signature of the signed second biometric hash value is associated with the compute device and verifying that the first biometric hash value corresponds with the second biometric hash value. The processor is configured to digitally sign the certification using a private key associated with the processor to produce a signed biometric certification and store the signed biometric certification in the distributed database.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . An apparatus, comprising:
a memory; and a processor operatively coupled to a distributed database and the memory, the processor configured to:
receive encrypted biometric data associated with a compute device;
decrypt the biometric data using a private key associated with the processor to obtain biometric data;
provide the biometric data as an input to a predefined hash function to obtain a first biometric hash value;
receive a first pointer to a record in the distributed database, the record including a signed second biometric hash value;
obtain, using the first pointer, the signed second biometric hash value from the distributed database;
validate an identity of a user of the compute device in response to:
verifying that a signature of the signed second biometric hash value is associated with the compute device using a public key of the compute device; and
verifying that the first biometric hash value corresponds with the second biometric hash value;
define a certification based on the validating;
digitally sign the certification using a private key associated with the processor to produce a signed biometric certification;
store the signed biometric certification in the distributed database; and
provide, to the compute device, a second pointer to the signed biometric certification in the distributed database such that the compute device can provide the second pointer to a relying entity.
2 . The apparatus of claim 1 , wherein the biometric data includes at least one of: a fingerprint, a facial image, an iris-scan, a voice print or DNA data.
3 . The apparatus of claim 1 , wherein the signed second biometric hash value is signed using a private key associated with the compute device.
4 . The apparatus of claim 1 , wherein the processor is configured to provide the second pointer to the compute device such that the compute device can provide the first pointer, the second pointer, the biometric data and the public key to the relying entity.
5 . The apparatus of claim 1 , wherein the distributed database is a blockchain.
6 . The apparatus of claim 3 , wherein the private key associated with the compute device is paired with the public key associated with the compute device.
7 . The apparatus of claim 1 , wherein the encrypted biometric data is encrypted using at least one of Rivest-Shamir-Adleman (RSA) encryption algorithm or Elliptic Curve Digital Signature Algorithm (ECDSA).
8 . A method, comprising:
receiving, at a processor, encrypted biometric data associated with a compute device; decrypting the encrypted biometric data using a private key associated with the processor to obtain biometric data; providing the biometric data as an input to a predefined hash function to obtain a first biometric hash value; receiving a first pointer to a first record in a distributed database, the first record including a second biometric hash value; obtaining, using the first pointer, the second biometric hash value from the distributed database; validating an identity of a user of the compute device in response to:
verifying that a signature of the second biometric hash value is associated with the compute device using the public key of the compute device; and
verifying that the first biometric hash value corresponds with the second biometric hash value; and
receiving, a second pointer to a second record in the distributed database based on the validating.
9 . The method of claim 8 , wherein the second record includes a signed biometric certification, the method further comprising:
obtaining, using the second pointer, the signed biometric certification from the distributed database; and validating, based on the signed biometric certification, that the identity of the user of the compute device has been certified.
10 . The method of claim 8 , wherein the second record includes a signed biometric certification, the method further comprising:
obtaining, using the second pointer, the signed biometric certification from the distributed database; and validating, that the identity of the user of the compute device has been certified in response to:
verifying that a signature of the signed biometric certification is associated with a relying entity device using a public key of the relying entity device; and
verifying that the signed biometric certification is associated with the second biometric hash value.
11 . The method of claim 8 , wherein the biometric data includes at least one of: a fingerprint, a facial image, an iris-scan, a voice print or DNA data.
12 . The method of claim 8 , wherein the second biometric hash value is signed using a private key associated with the compute device.
13 . The method of claim 8 , wherein the distributed database is a blockchain.
14 . The method of claim 12 , wherein the private key associated with the compute device is paired with the public key associated with the compute device.
15 . The method of claim 8 , wherein the encrypted biometric data is encrypted using Rivest-Shamir-Adleman (RSA) encryption algorithm or Elliptic Curve Digital Signature Algorithm (ECDSA).
16 . An apparatus, comprising:
a memory; and a processor operatively coupled to the memory, the processor configured to:
define a data block including data to be sent to a compute device;
digitally sign the data block to produce an envelope signature;
generate envelope content including the data block and the envelope signature;
encrypt the envelope content using a public key of the compute device to produce a secure envelope;
store the secure envelope at a server; and
provide, to the compute device, an identifier to the secure envelope at the server such that the compute device can obtain the secure envelope from the server using the identifier.
17 . The apparatus of claim 16 , wherein the data block further includes: a seal identifier of the processor, a seal identifier of the compute device, a timestamp, a session identifier, and a public key associated with the processor.
18 . The apparatus of claim 16 , wherein the data block is signed using a private key associated with the processor to produce the envelope signature.
19 . The apparatus of claim 16 , wherein the public key associated with the compute device is paired with a private key associated with the compute device such that the compute device can use the private key associated with the compute device to decrypt the secure envelope.
20 . The apparatus of claim 16 , wherein the processor is configured to provide the identifier to the compute device via at least one of an email, a text message, or Near-field communication (NFC).
21 . The apparatus of claim 16 , wherein the envelope content is encrypted using at least one of Rivest-Shamir-Adleman (RSA) encryption algorithm or Elliptic Curve Digital Signature Algorithm (ECDSA) to produce the secure envelope.
22 . The apparatus of claim 16 , wherein the identifier further includes an address of the server.
23 . The apparatus of claim 16 , wherein the identifier is at least one of a bar code, a QR code, or a pdf-417-code.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.