System and method for biometric protocol standards
Inventors
Callahan, John Raymond • Othman, Asem
Assignees
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Publication Number
US-11329980-B2
Publication Date
2022-05-10
Expiration Date
Abstract
Secure communications are provided between a user computing device and a server computing device. An enrollment request is received from a user computing device that is configured via a distributed client software application and is processed. The enrollment request is usable to enroll the user computing device in a network and includes an encrypted partial initial biometric vector associated with a user. An authentication request is processed that is subsequently received that includes an encrypted partial second biometric vector and that is associated with a user of the user computing device. A comparison of the encrypted partial initial biometric vector and the encrypted partial second biometric vector is performed, and a value representing the comparison is generated and transmitted to the user computing device. The user computing device is authenticated where the value is above a minimum threshold.
Core Innovation
The invention describes Biometric Open Protocol Standards (BOPS) for decentralized user authentication. It registers an identity with an authentication system by receiving, from a mobile computing device, encrypted cryptographic shares of an initial biometric vector and a public key of a public key/private key pair generated mathematically using a seed, then generating an identity data set, storing it in remote storage, and distributing an identity reference value as a transaction record among a plurality of ledgers stored on respective nodes.
The description includes embodiments in which the initial biometric vector is provided to a neural network that translates the initial biometric vector to a Euclidian measurable feature vector, and the Euclidian measurable feature vector is encrypted using the private key of the public key/private key pair. It further includes embodiments where the initial biometric vector is visually encrypted using a Shamir Secret Sharing Schema algorithm, producing encrypted cryptographic shares, so that plaintext biometric data is not stored.
For access and matching, an identity reference value is used to locate transaction records among ledgers and determine the storage location of a corresponding identity data set. The system accesses the cryptographically associated first identity data set, verifies an authorization system signature value and enrollment public key, receives a current biometric vector and a local encrypted biometric cryptographic share, decrypts the local encrypted cryptographic share and the remote encrypted cryptographic share, combines them into a combined cryptographic vector, and compares the combined cryptographic vector with the current biometric vector such that matching causes the resource provider to provide access to the user.
Claims Coverage
The partial content includes three independent claims. The claims cover identity registration across ledgers, access control based on cryptographic biometric matching, and distributed ledger matching using neural-network-generated Euclidian measurable feature vectors validated by ledger nodes.
Ledger-based registration of encrypted biometric shares
Receiving, from a mobile computing device over a data communication network, encrypted cryptographic shares of an initial biometric vector and a public key of a public key/private key pair generated mathematically using a seed; generating a first identity data set including an authorization system signature, the public key, and the encrypted cryptographic share; storing the first identity data set in remote storage; generating an identity reference value that resolves to the remote storage location; cryptographically associating the identity reference value with the generated first identity data set; and distributing a transaction record including the identity reference value among a plurality of ledgers stored on respective nodes.
Access control by locating ledger records and matching combined decrypted biometric cryptographic vectors
Receiving an identity reference value associated with a first identity data set, an authorization system signature value, and the public key of an enrollment public key/private key pair; locating a transaction record among a plurality of ledgers stored on respective nodes; determining a storage location of the corresponding first identity data set; accessing the cryptographically associated first identity data set; verifying the authorization system signature value and enrollment public key; receiving a current biometric vector and a local encrypted biometric cryptographic share; decrypting the local encrypted cryptographic share and remote encrypted cryptographic share using the public key of the enrollment public key/private key pair; combining the decrypted shares to form a combined cryptographic vector; comparing the combined cryptographic vector with the current biometric vector; and causing the resource provider to provide access when the vectors match.
Neural-network feature-vector signing, encryption, distributed validation, and absolute-distance ledger matching
Providing an initial biometric vector to a neural network that translates it to a Euclidian measurable feature vector; digitally signing the Euclidian measurable feature vector using a private key; encrypting the Euclidian measurable feature vector using a public key; distributing the encrypted Euclidian measurable feature vector and the public key among a plurality of ledgers stored on respective nodes; decrypting and validating the Euclidian measurable feature vector at each node and appending it to the respective ledger; receiving a current biometric vector; translating it to a current Euclidian measurable feature vector; signing and encrypting the current Euclidian measurable feature vector with a second public key/private key pair; distributing the current Euclidian measurable feature vector and public key across the ledgers; and matching a biometric input record with at least one biometric record as a function of an absolute distance computed between Euclidian measurable feature vectors.
The claims collectively focus on encrypted biometric identity registration, ledger-based identity reference resolution, access control by decrypting and combining biometric cryptographic shares, and distributed matching of Euclidian measurable feature vectors using neural-network translation and absolute-distance computation.
Stated Advantages
Documented Applications
Registering an identity with an authentication system using encrypted cryptographic shares of an initial biometric vector distributed with transaction records among multiple ledgers.
Providing a user with access to a resource provider by locating stored identity data across ledgers, decrypting and combining encrypted biometric cryptographic shares, comparing to a current biometric vector, and granting access when they match.
Matching a biometric input record with biometric records stored on a plurality of distributed ledgers by translating biometric vectors to Euclidian measurable feature vectors, distributing and validating signed and encrypted feature vectors across ledger nodes, and matching based on absolute distance computed between Euclidian measurable feature vectors.
Interested in licensing this patent?