Biometric identification using homomorphic primary matching with failover non-encrypted exception handling
Inventors
Assignees
US Department of Homeland Security
Publication Number
US-12242582-B2
Publication Date
2025-03-04
Expiration Date
2042-12-13
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
Systems and methods for providing exception failover augmented, homomorphic encrypted (HE) distributing, end-to-endpoint persistent encryption, and distributed HE domain non-decrypting, privacy-protective biometric processing are provided. Some configurations may include generating HE biometric feature data, based on homomorphic encrypting the biometric feature data. Some configurations determine an exception status of the HE biometric feature data between exception and non-exception. Systems and methods may include performing a HE domain, non-decrypting biometric classifying of the HE biometric feature data.
Core Innovation
The invention relates to systems and methods for privacy-protective biometric processing utilizing homomorphic encryption (HE) to enable distributed, non-decrypting biometric matching and verification. It involves capturing biometric information, generating biometric feature data, homomorphically encrypting the feature data, and distributing the HE encrypted biometric data to third-party computer resources. These resources perform biometric classification within the encrypted domain without decrypting the data, preserving user privacy throughout data transmission and processing.
A significant aspect of the invention is the handling of exceptions, particularly collisions arising in the HE encryption process when different biometric feature vectors yield identical encrypted outputs. The system includes logic to detect such exceptions and perform failover to local, non-distributed, cleartext biometric processing to ensure accurate identification and verification despite encryption collisions.
The problem addressed is the computational load in biometric identification and verification, especially for large-scale comparisons like one-to-many matching against reference galleries, and the shortcomings of current third-party resource utilization which include potential privacy risks and false positives due to HE encryption collisions. The invention aims to provide privacy protection throughout the process and robustness against exceptions by integrating failover mechanisms and persistent encryption from capture to processing and response.
Claims Coverage
The patent presents seventeen main inventive features spread across the independent claims relating to privacy-protective biometric identification using homomorphic encryption with exception handling and failover processing.
Biometric capture and session management with homomorphic encryption
The system maintains a correspondence between captured biographic information and temporary identifiers, capturing biometric information, computing feature vectors, homomorphically encrypting them, and uploading encrypted feature vectors to a biometric reference gallery.
Collision detection and failover processing
The method detects collisions where different users have identical HE encrypted feature vectors and provides exception-based failover by performing local cleartext biometric classification to manage these exceptions.
HE domain non-decrypting biometric classification
The system configures third-party computer resources to perform non-decrypting HE domain biometric classification, including 1:N matching, against encrypted reference galleries without exposing underlying biometric data.
Generation and management of HE encrypted reference galleries
The technique includes generating HE encrypted versions of biometric reference galleries by applying orthogonal basis function transformations and encrypting feature vectors, managing exceptions through detection and exclusion of HE encryption collisions from the galleries.
Biometric processing exception detection and memory update
Exception detection and memory update logic condition uploading of HE encrypted feature vectors to ensure only non-colliding encrypted data is distributed, maintaining a memory of previously generated encrypted feature vectors for collision checks.
Local failover verification and identification logic
Local failover logic controls the biometric classification of cleartext feature vectors or biometric images held in temporary memory when exceptions or collisions are detected in the encrypted domain processing.
Communication of temporary identifiers with biometric data and results
Temporary identifiers associated with biometric capture sessions are attached to communications sent to third-party resources and their processing results to ensure correlation between data and results while maintaining privacy protections.
The claims collectively cover a comprehensive privacy-protective biometric identification system based on homomorphic encryption that incorporates session and metadata management, HE encrypted biometric feature extraction and distribution, collision detection with failover to local cleartext processing, and configuration of third-party resources for non-decrypting biometric classification using encrypted reference galleries.
Stated Advantages
Provides persistent end-to-end homomorphic encryption ensuring biometric privacy during data transmission and processing by third-party resources.
Mitigates false positives arising from collisions in HE encryption through real-time exception detection and failover biometric processing.
Enables distributed, scalable biometric processing with dynamically adaptive computational load management using third-party computing resources.
Offers integrated protection against unauthorized access to underlying biometric information during storage, transmission, and processing.
Documented Applications
Screening individuals prior to boarding aircraft by verifying biometric information captured at kiosks against stored biometric galleries.
Biometric identification and verification in controlled access environments such as airports, train stations, and access entryways.
Use with biometric capture devices including fingerprint scanners and facial image capture cameras integrated with interfaces such as kiosks and e-gates.
Distributed biometric processing employing cloud and third-party computer resources for privacy-protective identification or verification workflows in large scale biometric systems.
Interested in licensing this patent?