PatentsDB

Secure data processing method and use in biometry

US9747470B2 · US · B2

Patent metadata
FieldValue
Publication numberUS-9747470-B2
Application numberUS-201414774671-A
CountryUS
Kind codeB2
Filing dateMar 11, 2014
Priority dateMar 11, 2013
Publication dateAug 29, 2017
Grant dateAug 29, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

  1. Title

    What the patent document calls the invention.

  2. Abstract

    A short plain-language summary of the technical disclosure.

  3. Assignees and inventors

    Who owns or filed the patent and who is credited as inventor.

  4. Key dates

    Filing, priority, publication, and grant dates set the timeline.

  5. First independent claim

    The legal scope of protection — read this for what is actually claimed.

  6. CPC / IPC classifications

    Technology tags used to group this patent with similar filings.

  7. Citations and related patents

    Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The invention relates to a processing method, including the calculation of one function between a datum to be compared and a reference datum. The function can be written in the form of a sum of: a term that depends on the datum to be compared, a term that depends on the reference datum, and a polynomial, such that all the monomials of the polynomial include at least one coordinate of each datum. The method includes an initialization step including: generating masking data; scrambling reference data by means of a server unit on the basis of said masking data; and calculating, by means of a client unit, the term of the function that depends on the datum to be compared. The method also includes steps for executing the calculation of the function between the datum to be compared and the reference datum, indexed by an index c, during which: the client unit sends the coordinates of the datum to be compared to a secure component, which returns said datum, in a masked form, to said component; the client unit retrieves, from the server unit, the reference datum, indexed by the index c and scrambled by the masking data; and on the basis of the data obtained from the secure component and the server unit, the client unit calculates the sum of the term of the function that depends solely on the reference datum and the polynomial term and adds, to said sum, the term that depends on the datum to be compared, such as to obtain the result of the function.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method for authentication or identification of an individual by comparing an acquired biometric datum (y) of the individual to at least one biometric reference data (x 1 , . . . , x N ) acquired on listed individuals, wherein said comparing is carried out by a secure data-processing system including: a) a server-unit ( 10 ) including a processor and storing the biometric reference data (x 1 , . . . , x N ) in a server memory, b) a client-unit ( 20 ) including a processor and storing the biometric datum (y), and an index c of the at least one biometric reference data (x 1 , . . . , x N ) in a client memory, and c) a secure component ( 30 ), wherein said secure component is an integrated circuit card including a secure component memory, the method comprising: calculating a function (f) between the biometric datum (y) and the at least one biometric reference data (x 1 , . . . , x N ) indexed by an index c, the function (f) expressed as a sum of: a term (f 2 ) dependent only on the biometric datum (y), a term (f 1 ) dependent only on the biometric reference data (x 1 , . . . , x N ), and a polynomial term having variables which are coordinates of the biometric datum (y) and the biometric reference data (x i , . . . , x N ) indexed by the index c, such that each monomial of the polynomial term includes at least one coordinate of each of the biometric datum (y) and the biometric reference data (x 1 , . . . , x N ) indexed by the index c, the method further including an initialization step ( 1000 ) comprising: i) generating ( 1100 ) masking data by the server-unit ( 10 ), or jointly by the server-unit ( 10 ) and the secure component ( 30 ), ii) integrating ( 1200 ) the secure component ( 30 ) into the client-unit ( 20 ), iii) scrambling ( 1300 ) the biometric reference data (x 1 , . . . x N ) by the server-unit using said masking data, and iv) calculating ( 1400 ), by the client-unit ( 20 ), the term (f 2 ) dependent only on the biometric datum (y), the method further including execution ( 2000 ) steps for calculating the function (f) comprising: the client-unit ( 20 ) sending ( 2100 ) the coordinates of the biometric datum (y) to the secure component, which returns the coordinates as masked using the masking data, the client-unit retrieving ( 2200 ) from the server-unit the biometric reference data (x 1 , . . . , x N ) indexed by the index c scrambled by the masking data, and from data obtained from the secure component and the server-unit, the client-unit calculating ( 2300 ) the sum of the term (f 1 ) dependent only on the biometric reference data, and the polynomial term, and adding to said sum the term (f 2 ) dependent only to the biometric datum to obtain the result of the function (f), wherein when said result is less than a predetermined threshold, said result is considered to be that of the individual. 2. The method according to claim 1 , wherein the function is the squared Euclidian distance between the datum to be compared (y) and the biometric reference data indexed by the index c. 3. The method according to claim 1 , wherein the masking data are generated randomly, by the secure component ( 30 ) and/or the server-unit ( 10 ), the masking data integrated to the secure component comprising a first set s and a second set r, and the masking data held by the server-unit comprising the first set s, and a third set having elements which are the inverse of the elements of the set r. 4. The method according to claim 1 , wherein the recovery step ( 2200 ), by the client-unit ( 20 ), of the reference datum indexed by the index c scrambled from masking data is conducted by oblivious transfer. 5. The method according to claim 1 , wherein the biometric reference data (x 1 , . . . , x N ) and the datum (y) to be compared are biometric data resulting from the digital acquisition of biometric traits of individuals. 6. The method according to claim 1 , further comprising initializing said secure component, said initializing including: randomly generating a set of data r and a set of data s, such that the server-unit ( 10 ) stores said data r and said data s and the secure component ( 30 ) stores said data s, and a set of data elements which are the inverse of the elements of the data r, and integrating said secure component into a processing unit forming a client-unit of the server-unit. 7. A data-processing method executed by a processing unit ( 10 ) holding N reference data (x 1 , . . . , x N ), for execution of the processing method according to claim 1 , during which said server unit processor: inserts said masking data into the secure component, or loads onto the secure component an initialization key enabling generation by the secure component of pseudo-random numbers ( 1050 ), and scrambles ( 1300 ) the biometric reference data from said masking data. 8. The system for authentication or identification according to claim 1 , wherein the client-unit is an electronic device personal to the individual to be identified or authenticated, and the secure component ( 30 ) is a smart card. 9. A non-transitory computer program product comprising program code instructions for executing a method for authentication or identification of an individual by comparing an acquired biometric datum (y) of the individual to at least one biometric reference data (x 1 , . . . , x N ) acquired on listed individuals wherein said comparing is carried out by a secure data-processing system including: a) a server-unit ( 10 ) including a processor and storing the biometric reference data (x 1 , . . . x N ) in a server memory, b) a client-unit ( 20 ) including a processor and storing the biometric datum (y), and an index c of the at least one biometric reference data (x 1 , . . . x N ) in a client memory, and c) a secure component ( 30 ), wherein said secure component is an integrated circuit card including a secure component memory, the method comprising: calculating a function (f) between the biometric datum (y) and the at least one biometric reference data (x 1 , . . . x N ) indexed by an index c, the function (f) expressed as a sum of: a term (f 2 ) dependent only on the biometric datum (y), a term (f 1 ) dependent only on the biometric reference data (x 1 , . . . x N ), and a polynomial term having variables which are coordinates of the biometric datum (y) and the biometric reference data (x 1 , . . . x N ) indexed by the index c, such that each monomial of the polynomial term includes at least one coordinate of each of the biometric datum (y) and the biometric reference data (x 1 , . . . x N ) indexed by the index c, the method further including an initialization step ( 1000 ) comprising: i) generating ( 1100 ) masking data by the server-unit ( 10 ), or jointly by the server-unit ( 10 ) and the secure component ( 30 ), ii) integrating ( 1200 ) the secure component ( 30 ) into the client-unit ( 20 ), iii) scrambling ( 1300 ) the biometric reference data (x 1 , . . . x N ) by the server-unit using said masking data, and iv) calculating ( 1400 ), by the client-unit ( 20 ), the term (f 2 ) dependent only on the biometric datum (y), the method further including execution ( 2000 ) steps for calculating the function (f) comprising: the client-unit ( 20 ) sending ( 2100 ) the coordinates of the biometric datum (y) to the secure component, which returns the coordinates as masked using the masking data, the client-unit retrieving ( 2200 ) from the server-unit the biometric reference data (x 1 , . . . x N ) indexed by the index c scrambled by the masking data, and from data obtained from the secure component and the server-unit, the client-unit calculating ( 2300 ) the sum of the term (f 1 ) dependent

Assignees

Inventors

Classifications

  • G06F21/71Primary

    to assure secure computing or processing of information · CPC title

  • G06F21/77Primary

    in smart cards · CPC title

  • G06F21/32

    using biometric data, e.g. fingerprints, iris scans or voiceprints · CPC title

  • H04L2209/50

    Oblivious transfer · CPC title

  • H04L2209/04

    Masking or blinding · CPC title

Patent family

Related publications grouped by family.

View patent family 49054641

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9747470B2 cover?
The invention relates to a processing method, including the calculation of one function between a datum to be compared and a reference datum. The function can be written in the form of a sum of: a term that depends on the datum to be compared, a term that depends on the reference datum, and a polynomial, such that all the monomials of the polynomial include at least one coordinate of each datum…
Who is the assignee on this patent?
Morpho
What technology area does this patent fall under?
Primary CPC classification G06F21/71. Mapped technology areas include Physics.
When was this patent published?
Publication date Tue Aug 29 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?
We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).