Biometric identification using homomorphic primary matching with failover non-encrypted exception handling
Inventors
Assignees
US Department of Homeland Security
Publication Number
US-11727100-B1
Publication Date
2023-08-15
Expiration Date
2042-12-13
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
Systems and methods for providing exception failover augmented, homomorphic encrypted (HE) distributing, end-to-endpoint persistent encryption, and distributed HE domain non-decrypting, privacy-protective biometric processing are provided. Some configurations may include generating HE biometric feature data, based on homomorphic encrypting the biometric feature data. Some configurations determine an exception status of the HE biometric feature data between exception and non-exception. Systems and methods may include performing a HE domain, non-decrypting biometric classifying of the HE biometric feature data.
Core Innovation
The invention provides systems and methods for exception failover augmented, homomorphic encrypted (HE) distributing, end-to-endpoint persistent encryption, and distributed HE domain non-decrypting, privacy-protective biometric processing. It includes generating HE biometric feature data by homomorphically encrypting biometric feature data derived from captured biometric records. The system determines an exception status of the HE biometric feature data and, based on that, either distributes the HE data for non-decrypting biometric classification or performs a non-distributed classification as failover.
The method involves capturing biometric information, computing biometric feature data, HE encrypting the feature data, exception status determination between exception and non-exception, distributing non-exception HE encrypted data to external processing resources for non-decrypting biometric classification, and performing local, non-distributed classification when exceptions arise. The HE encryption remains persistent through communication and processing, preventing unauthorized access to underlying biometric information, thereby enhancing privacy protection.
The problem addressed arises from high computational load in biometric identification systems, especially for one-to-many biometric comparisons. While using third-party computing resources offers a computational advantage, current techniques have shortcomings, particularly the risk of false positives caused by collisions in homomorphic encryption schemes. These collisions occur when different biometric inputs produce identical HE encrypted outputs, which can compromise accuracy. The invention provides mechanisms to detect such exceptions and perform failover processing for robustness and privacy.
Claims Coverage
The patent contains multiple independent claims detailing inventive features related to a privacy-protective biometric processing method using homomorphic encryption with exception failover handling.
Exception failover augmented homomorphic encrypted biometric processing
A method comprising capturing biometric information, computing biometric feature data, homomorphically encrypting the feature data, determining exception status (exception or non-exception), performing homomorphic encrypted data distribution and non-decrypting biometric classification when non-exception, and performing local non-distributed classification upon exception detection.
Temporary identifier association with biometric processing
Receiving biographical information, generating temporary identifiers, storing correspondence between identifiers and biographic information, communicating the temporary identifiers with biometric and classification data between the biometric capture unit and external processing resource.
Configuration of external processing resource for HE domain classification
Configuring the external computer processing resource to perform homomorphic encrypted domain, non-decrypting biometric classification of received HE biometric feature data.
Generation and use of HE biometric reference gallery
Generating a HE encrypted biometric reference gallery including HE biometric reference data for multiple identities, communicating this gallery to the external processing resource, and configuring the resource to classify based on similarity between input HE biometric feature data and the HE reference data.
Exception status determination via comparison to accumulated HE database
Determining exception status by comparing newly generated HE biometric feature data against an accumulated database of prior HE feature data, classifying as non-exception when different and storing the new data, otherwise classifying as exception.
Association of biographic information with stored HE biometric data
Storing at least a portion of user biographic information in association with corresponding HE biometric feature data in the accumulated database.
Biographic comparison upon detecting stored HE feature data
Upon detection that HE biometric feature data is already stored, comparing current user’s biographic information with stored biographic information, updating the database with biographic data, generating temporary identifiers, and storing correspondence with biographic information.
Biometric capture unit session management and feature extraction workflow
Interface session logic storing correspondence between biographic information and temporary identifiers, appending these identifiers in communications, capturing biometric data through devices, computing feature vectors from biometric data using orthogonal basis transformations (e.g., DCT, DWT), and homomorphically encrypting the feature vectors.
Exception detection and failover biometric processing
Detecting homomorphic encryption collisions as exceptions, providing failover biometric classification by performing classification with cleartext biometric data or feature vectors stored locally, including holding memory and local failover verification and identification logic.
System internal exception detection and verification logic
Implementation of accumulated HE encrypted feature vector memory, exception detection and memory update logic conditioning upload upon no collisions, and local failover classification controlling cleartext biometric classification on exception.
The inventive features cumulatively disclose a privacy-protective biometric processing system that homomorphically encrypts biometric data, detects encryption collisions as exceptions, enables external third-party processing without decryption, and performs local failover processing for exception cases, while managing biographic information and session identification to ensure secure and robust biometric identification and verification.
Stated Advantages
Provides privacy protection by ensuring biometric data remains encrypted end-to-end and non-decryptable by unauthorized parties throughout processing and communication.
Enables distributed processing using third-party resources, reducing computational load and allowing scalability.
Includes real-time detection of homomorphic encryption collisions (exceptions) and adaptive failover to local non-distributed biometric processing, mitigating false positives and enhancing robustness.
Supports dynamic adaptive processing capacity via multi-sourced computational resources with persistent encryption carry-through protection.
Documented Applications
Screening individuals prior to boarding aircraft by capturing their biometric information and performing privacy-protective biometric identification using distributed third-party computing resources.
Environmental biometric capture units located in airports, train stations, and controlled access facilities for secure and privacy-protective biometric identification and verification.
Integration with kiosks for ticketing and boarding pass issuance, capturing biometric data, and communicating with third-party resources for HE domain biometric classification.
Biometric identity verification access control devices and e-gates in security screening areas.
Interested in licensing this patent?