Secure off-chip processing such as for biometric data
US-9361440-B2 · Jun 7, 2016 · US
Distributed storage of authentication data
US10237270B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10237270-B2 |
| Application number | US-201615279492-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 29, 2016 |
| Priority date | Sep 29, 2016 |
| Publication date | Mar 19, 2019 |
| Grant date | Mar 19, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A biometric server receives, a transmission of a biometric sample and an encrypted enrollment template of the user from a client device, wherein the encrypted enrollment template comprises an encrypted mathematical representation of historical biometric data of the user, and wherein the biometric sample comprises a current snapshot of the biometric data. The biometric server decrypts the encrypted enrollment template to an enrollment template using an enrollment template key. The biometric server converts the biometric sample to a biometric template. The biometric server, based on determining that the biometric template is similar to the enrollment template associated with the user, sends an access token to the client device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for distributed storage and authentication of biometric data of a user, comprising: receiving, by a biometric server, a transmission of a biometric sample an encrypted enrollment template, and a nonce of the user from a client device, wherein the encrypted enrollment template comprises an encrypted mathematical representation of historical biometric data of the user generated by the biometric server during an enrollment phase, wherein the biometric sample comprises a current snapshot of the biometric data, and wherein the nonce based on an arbitrary number used to determine communication authenticity; decrypting, by the biometric server, the encrypted enrollment template to an enrollment template using an enrollment template key, wherein the enrollment key was generated and stored on the server during the enrollment phase; converting, by the biometric server, the biometric sample to a biometric template wherein the biometric template is based on encrypting the biometric sample with the enrollment key; and based on determining, by the biometric server, that a current hash value and an enrollment template hash value associated with the user are identical and that the biometric template is similar to the enrollment template associated with the user, sending, by the biometric server, an access token to the client device, wherein determining the template is similar to the enrollment template associated with the user is based on determining that a template matching is within predetermined tolerance thresholds, wherein the current hash value determined from the received encrypted enrollment template, and wherein the enrollment template hash value is stored on the server and generated during the enrollment phase. 2. The method of claim 1 , wherein the transmission is based on an asymmetrical encryption of the biometric data using a public key to encrypt the biometric data and a private key to decrypt the biometric data. 3. The method of claim 2 , wherein receiving the transmission of the biometric sample and the encrypted enrollment template further comprises: receiving a payload, wherein the payload is encrypted using the asymmetrical encryption and comprises a biometric sample, an encrypted enrollment template and the nonce; decrypting the payload using the private key; and determining the authenticity of the payload based on analyzing the nonce. 4. The method of claim 1 , further comprising: receiving, during the enrollment phase, a raw biometric sample associated with the user; converting the raw biometric sample to the enrollment template; generating the enrollment template key; encrypting the enrollment template based on the enrollment template key; sending the encrypted enrollment template to the client device; and storing the enrollment template key on the biometric server. 5. The method of claim 4 , further comprising: determining the enrollment template hash value from the enrollment template prior to sending the encrypted enrollment template to the client device; based on receiving the encrypted enrollment sample, determining a current hash value; and determining that the current hash value and the enrollment template hash value associated with the user are identical. 6. The method of claim 1 , wherein the encrypted enrollment template is stored on the client device and the enrollment template key is stored on the biometric server. 7. The method of claim 1 , further comprising based on determining, by the biometric server, that the biometric template is not similar to the enrollment template associated with the user, sending notification to the client device. 8. A computer program product for distributed storage and authentication of biometric data of a user, the computer program product comprising: one or more computer-readable storage devices and program instructions stored on at least one of the one or more tangible storage devices, the program instructions comprising: program instructions to receive, by a biometric server, a transmission of a biometric sample an encrypted enrollment template, and a nonce of the user from a client device, wherein the encrypted enrollment template comprises an encrypted mathematical representation of historical biometric data of the user generated by the biometric server during an enrollment phase, wherein the biometric sample comprises a current snapshot of the biometric data, and wherein the nonce based on an arbitrary number used to determine communication authenticity; program instructions to decrypt, by the biometric server, the encrypted enrollment template to an enrollment template using an enrollment template key, wherein the enrollment key was generated and stored on the server during the enrollment phase; program instructions to convert, by the biometric server, the biometric sample to a biometric template, wherein the biometric template is based on encrypting the biometric sample with the enrollment key; and based on program instructions to determine, by the biometric server, that a current hash value and an enrollment template hash value associated with the user are identical and that the biometric template is similar to the enrollment template associated with the user, sending, by the biometric server, an access token to the client device, wherein determining the template is similar to the enrollment template associated with the user is based on determining that a template matching is within predetermined tolerance thresholds, wherein the current hash value determined from the received encrypted enrollment template, and wherein the enrollment template hash value is stored on the server and generated during the enrollment phase. 9. The computer program product of claim 8 , wherein the transmission is based on an asymmetrical encryption of the biometric data using a public key to encrypt the biometric data and a private key to decrypt the biometric data. 10. The computer program product of claim 9 , wherein receiving the transmission of the biometric sample and the encrypted enrollment template further comprises: program instructions to receive a payload, wherein the payload is encrypted using the asymmetrical encryption and comprises a biometric sample, an encrypted enrollment template and the nonce; program instructions to decrypt the payload using the private key; and program instructions to determine the authenticity of the payload based on analyzing the nonce. 11. The computer program product of claim 8 , further comprising: program instructions to receive, during the enrollment phase, a raw biometric sample associated with the user; program instructions to convert the raw biometric sample to the enrollment template; program instructions to generate the enrollment template key; program instructions to encrypt the enrollment template based on the enrollment template key; program instructions to send the encrypted enrollment template to the client device; and program instructions to store the enrollment template key on the biometric server. 12. The computer program product of claim 11 , further comprising: program instructions to determine the enrollment template hash value from the enrollment template prior to sending the encrypted enrollment template to the client device; based on program instructions to receive the encrypted enrollment sample, program instructions to determine a current hash value; and program instructions to determine that the current hash value and the enrollment template hash value associated with the user are identical. 13. The computer program product of claim 8 , wherein the encrypted enrollment template i
Assignees
Inventors
Classifications
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
- H04L63/0861Primary
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10237270B2 cover?
- A biometric server receives, a transmission of a biometric sample and an encrypted enrollment template of the user from a client device, wherein the encrypted enrollment template comprises an encrypted mathematical representation of historical biometric data of the user, and wherein the biometric sample comprises a current snapshot of the biometric data. The biometric server decrypts the encryp…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0861. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 19 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).