US2024015152A1PendingUtilityA1

Privacy-Preserving Key Generation in Biometric Authentication

70
Assignee: BADGE INCPriority: Dec 9, 2019Filed: Sep 21, 2023Published: Jan 11, 2024
Est. expiryDec 9, 2039(~13.4 yrs left)· nominal 20-yr term from priority
G06N 3/02G06F 21/32H04L 63/0861G06N 3/04H04L 9/0891H04L 9/0894H04L 9/3242H04L 2209/46H04L 9/085H04L 9/3231H04L 2209/42H04L 9/3221G06Q 20/40145G06F 2221/2117
70
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method for using biometric data to authenticate a subject as an individual whose biometric data has been previously obtained using a first transducer, the method utilizing computer processes including: generating shards from a digital electronic signal, provided as an output by a second transducer, such signal characterizing a biometric of the subject; causing distribution of the generated shards to an array of servers, so that the array of servers can store the generated shards and perform a data exchange process using a subset of the generated shards to develop information relating to authentication of the subject, where the authentication information includes a key of the subject, and processing the authentication information in a verification process to indicate whether the subject is authenticated as the individual.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for using biometric data to authenticate a subject as an individual whose biometric data has been previously obtained using a first transducer, the method utilizing computer processes comprising:
 generating shards from a digital electronic signal, provided as an output by a second transducer, such signal characterizing a biometric of the subject;   causing distribution of the generated shards to an array of servers, so that the array of servers can store the generated shards and perform a data exchange process using a subset of the generated shards to develop information relating to authentication of the subject, wherein the authentication information includes a key of the subject, and   processing the authentication information in a verification process to indicate whether the subject is authenticated as the individual.   
     
     
         2 . A method according to  claim 1 , wherein the processing of the authentication information includes causing the development of a signed message. 
     
     
         3 . A method according to  claim 2 , wherein the computer processes further comprise causing the data exchange process to use the generated shards to develop a further key of the subject and to cause the further key of the subject to be used to develop a second signed message. 
     
     
         4 . A method according to  claim 2 , wherein the verification process includes using an authentication key of the individual in relation to the signed message to determine whether the subject is authenticated as the individual. 
     
     
         5 . A method according to  claim 4 , wherein the authentication key of the individual is an ECDSA public key that is used in the verification process in relation to the signed message, signed using a ECDSA private key of the subject to determine whether the subject is authenticated as the individual. 
     
     
         6 . A method according to  claim 1 , wherein the key of the subject is a root private key. 
     
     
         7 . A method according to  claim 1 , wherein the key of the subject is an ECDSA (Elliptic Curve Digital Signature Algorithm) private key. 
     
     
         8 . A method according to  claim 1 , wherein the key of the subject is a major key. 
     
     
         9 . A method according to  claim 8 , wherein a set of minor keys of the subject is associated with the major key of the subject. 
     
     
         10 . A method according to  claim 9 , wherein the data exchange process to develop the key of the subject includes causing a subset of the set of the minor keys of the subject to be used in developing the signed message. 
     
     
         11 . A method according to  claim 10 , wherein the verification process includes determining whether the subset of the set of minor keys of the subject is associated with a major key of the individual. 
     
     
         12 . A method according to  claim 1 , wherein the recited computer processes are carried out with access to a public key of the individual, but without access to the biometric data of the individual. 
     
     
         13 . A method according to  claim 1 , wherein the computer processes are performed by computing entities configured as information-sharing restricted with respect to a set of items of information selected from a group consisting of: the digital electronic signal; the biometric data of the individual; the biometric of the subject; the generated shards; the authentication information; the key of the subject; and a result of the verification process. 
     
     
         14 . A method according to  claim 1 , wherein the computer processes further comprise causing use of the key of the subject for encryption. 
     
     
         15 . A method according to  claim 1 , wherein the computer processes further comprise causing use of the key of the subject for decryption. 
     
     
         16 . A method according to  claim 1 , wherein the computer processes further comprise: generating further shards and causing distribution of the further shards to a subset of servers in the array to be used in a second authentication process. 
     
     
         17 . A method according to  claim 1 , wherein the computer processes further comprise, if the subject is authenticated as the individual, granting the subject access, based on a security policy, for a defined session, to a set selected from a group consisting of: one or more applications; a service; an operating system; a resource; a server; a computing facility; a set of data; an administrator configuration; and a transaction. 
     
     
         18 . A method for using biometric data to authenticate a subject as an individual whose biometric data has been previously obtained using a first transducer, the method utilizing computer processes comprising:
 causing generation of authentication shards from a digital electronic signal characterizing a biometric of the subject, such signal provided as an output by a second transducer;   causing distribution of the authentication shards to a first plurality of servers in an array of servers, so that the array of servers can cause storage of the authentication shards and can be caused (a) to perform a data exchange process involving a second plurality of servers in the array, and (b) using data derived from the individual's biometric data and a subset of the authentication shards, to develop information relating to authentication of the subject, wherein the authentication information includes a key of the subject; and   following development of the authentication information, causing processing of the authentication information to indicate whether the subject is authenticated as the individual.   
     
     
         19 . A method according to  claim 18 , wherein the processing of the authentication information includes causing the development of a signed message. 
     
     
         20 . A method according to  claim 19 , wherein the computer processes further comprise causing the data exchange process to use the generated authentication shards to develop a further key of the subject and to cause the further key of the subject to be used to develop a second signed message. 
     
     
         21 . A method according to  claim 19 , wherein the computer processes further comprise processing the authentication information in a verification process including using an authentication key of the individual in relation to the signed message to determine whether the subject is authenticated as the individual. 
     
     
         22 . A method according to  claim 21 , wherein the authentication key of the individual is an ECDSA public key that is used in the verification process in relation to the signed message, signed using a ECDSA private key of the subject to determine whether the subject is authenticated as the individual. 
     
     
         23 . A method according to  claim 18 , wherein the key of the subject is a root private key. 
     
     
         24 . A method according to  claim 18 , wherein the key of the subject is an ECDSA (Elliptic Curve Digital Signature Algorithm) private key. 
     
     
         25 . A method according to  claim 18 , wherein the key of the subject is a major key. 
     
     
         26 . A method according to  claim 25 , wherein a set of minor keys of the subject is associated with the major key of the subject. 
     
     
         27 . A method according to  claim 26 , wherein the data exchange process to develop the key of the subject includes causing a subset of the set of the minor keys of the subject to be used in developing a signed message. 
     
     
         28 . A method according to  claim 27 , wherein the processing of the authentication information includes determining whether the subset of the set of minor keys of the subject is associated with a major key of the individual. 
     
     
         29 . A method according to  claim 18 , wherein the recited computer processes are carried out with access to a public key of the individual, but without access to the biometric data of the individual. 
     
     
         30 . A method according to  claim 18 , wherein the computer processes are performed by computing entities configured as information-sharing restricted with respect to a set of items of information selected from a group consisting of: the digital electronic signal; the biometric data of the individual; the biometric of the subject; the generated authentication shards; the authentication information; the key of the subject; and a result of the processing of the authentication information. 
     
     
         31 . A method according to  claim 18 , wherein the computer processes further comprise causing use of the key of the subject for encryption. 
     
     
         32 . A method according to  claim 18 , wherein the computer processes further comprise causing use of the key of the subject for decryption. 
     
     
         33 . A method according to  claim 18 , wherein the computer processes further comprise: generating further shards and causing distribution of the further shards to a subset of servers in the array to be used in a second authentication process. 
     
     
         34 . A method according to  claim 18 , wherein the computer processes further comprise, if the subject is authenticated as the individual, granting the subject access, based on a security policy, for a defined session, to a set selected from a group consisting of: one or more applications; a service; an operating system; a resource; a server; a computing facility; a set of data; an administrator configuration; and a transaction. 
     
     
         35 . A method for using biometric data to authenticate a subject as an individual whose biometric data has been previously obtained using a first transducer, the method utilizing computer processes comprising:
 causing generation of authentication shards from a digital electronic signal characterizing a biometric of the subject, such signal provided as an output by a second transducer;   causing distribution of the authentication shards to an array of servers;   causing a plurality of servers in the array of servers to perform a data exchange process using a subset of the authentication shards to develop a signed message; and   causing processing of the signed message in a verification process to indicate whether the subject is authenticated as the individual.   
     
     
         36 . A method according to  claim 35 , wherein performing the data exchange process includes causing the data exchange process to use the subset of the authentication shards to develop a key of the subject and to cause the key of the subject to be used to develop the signed message. 
     
     
         37 . A method according to  claim 35 , wherein the verification process includes using an authentication key of the individual in relation to the signed message to determine whether the subject is authenticated as the individual. 
     
     
         38 . A method according to  claim 37 , wherein the authentication key of the individual is an ECDSA public key that is used in the verification process in relation to the signed message, signed using a ECDSA private key of the subject to determine whether the subject is authenticated as the individual. 
     
     
         39 . A method according to  claim 36 , wherein the key of the subject is a root private key. 
     
     
         40 . A method according to  claim 36 , wherein the key of the subject is an ECDSA (Elliptic Curve Digital Signature Algorithm) private key. 
     
     
         41 . A method according to  claim 36 , wherein the key of the subject is a major key. 
     
     
         42 . A method according to  claim 41 , wherein a set of minor keys of the subject is associated with the major key of the subject. 
     
     
         43 . A method according to  claim 42 , wherein the data exchange process to develop the key of the subject includes causing a subset of the set of the minor keys of the subject to be used in developing the signed message. 
     
     
         44 . A method according to  claim 43 , wherein the verification process includes determining whether the subset of the set of minor keys of the subject is associated with a major key of the individual. 
     
     
         45 . A method according to  claim 35 , wherein the recited computer processes are carried out with access to a public key of the individual, but without access to the biometric data of the individual. 
     
     
         46 . A method according to  claim 36 , wherein the computer processes are performed by computing entities configured as information-sharing restricted with respect to a set of items of information selected from a group consisting of: the digital electronic signal; the biometric data of the individual; the biometric of the subject; the generated authentication shards; authentication information; the key of the subject; and a result of the verification process. 
     
     
         47 . A method according to  claim 35 , wherein the computer processes further comprise: generating further shards and causing distribution of the further shards to a subset of servers in the array to be used in a second authentication process. 
     
     
         48 . A method according to  claim 35 , wherein the computer processes further comprise, if the subject is authenticated as the individual, granting the subject access, based on a security policy, for a defined session, to a set selected from a group consisting of: one or more applications; a service; an operating system; a resource; a server; a computing facility; a set of data; an administrator configuration; and a transaction.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.