Biometric identification using homomorphic primary matching with failover non-encrypted exception handling
Inventors
Assignees
US Department of Homeland Security
Publication Number
US-12346422-B2
Publication Date
2025-07-01
Expiration Date
2042-12-13
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
Systems and methods for providing exception failover augmented, homomorphic encrypted (HE) distributing, end-to-endpoint persistent encryption, and distributed HE domain non-decrypting, privacy-protective biometric processing are provided. Some configurations may include generating HE biometric feature data, based on homomorphic encrypting the biometric feature data. Some configurations determine an exception status of the HE biometric feature data between exception and non-exception. Systems and methods may include performing a HE domain, non-decrypting biometric classifying of the HE biometric feature data.
Core Innovation
The invention relates to methods and systems providing exception failover augmented, homomorphic encrypted (HE) distributing, end-to-end persistent encryption, and distributed HE domain non-decrypting, privacy-protective biometric processing. It involves capturing biometric information of an individual as biometric records, computing biometric feature data from these records, generating HE biometric feature data through homomorphic encryption of said feature data, determining an exception status of the HE biometric feature data, and performing HE domain, non-decrypting biometric classification using external computer processing resources. In response to exception detection, the system performs non-distributed classifying of biometric feature data or biometric records.
The problem being solved arises from the computational load in biometric identity verification, especially in 1:N biometric comparisons, and the need to use third-party computer resources such as cloud services. Current techniques have shortcomings including the risk of false positives from collisions in homomorphic encryption schemes where encrypted biometric data from different individuals can be identical. The invention provides real-time collision detection and failover to non-distributed, cleartext biometric processing to mitigate these collisions. Additionally, it offers persistent encryption ensuring biometric data remains encrypted throughout processing and communications, enhancing privacy protection.
Claims Coverage
The patent includes multiple independent claims covering inventive features related to generating homomorphic encryption (HE) encrypted biometric reference and exception tables, distributing these tables, and implementing exception failover augmented, privacy-protective biometric processing.
Generation and distribution of HE encrypted biometric reference and failover exception tables
A system controller generates a HE encrypted reference biometric feature vector (FV) table for a third-party computer resource and a controller-generated failover exception table for a biometric capture and HE encrypted distribution unit. Both tables are distributed accordingly. The system controller initializes an index and computes feature vectors from a biometric reference gallery for homomorphic encryption processing.
Orthogonal basis transformation for feature vector computation
Computing feature vectors involves applying orthogonal basis transformations including discrete cosine transform (DCT), discrete wavelet transform (DWT), Walsh Transform, or Walsh Hadamard Transform (WHT) to biometric reference images prior to homomorphic encryption.
Collision detection and management in HE encrypted reference galleries
After HE encrypting feature vectors, the system performs collision checking against a controller maintained HE encrypted FV table. When collisions occur, matching encrypted vectors are removed from the main table and inserted into a controller maintained exception table, which is distributed to biometric capture units for exception handling and failover.
Distributed privacy-protective biometric identification with exception failover
The system receives HE encrypted reference galleries and biometric feature vectors from biometric capture units, performs HE domain, non-decrypting N+1 class classification using vector similarity algorithms, detects exceptions such as collisions, and initiates failover processing locally using cleartext biometric data when exceptions are encountered.
Biometric capture session management with biographic information and temporary identifiers
During biometric capture, the system receives biographic information from users, assigns temporary session identifiers, stores correspondence between biographic information and temporary IDs, captures biometric data, computes and HE encrypts feature vectors, and manages accumulated HE encrypted feature vector memory for collision detection and processing.
Exception handling failover with verification based on biographic information
Upon detecting HE encryption collisions, the system compares biographic information to distinguish between previously captured identical HE encrypted vectors from the same or different users. It verifies matching users and proceeds with HE distribution, or flags invalid collisions and performs local cleartext biometric processing as failover.
The claims encompass the inventive features of generating and managing HE encrypted biometric data and exception tables, applying orthogonal transforms for feature extraction, collision detection and failover handling, distributed HE domain biometric classification, and integration of biographic information for robust exception failover in privacy-protective biometric identification systems.
Stated Advantages
Improves privacy protection by maintaining biometric data in persistent homomorphic encryption throughout capture, distribution, and processing, preventing unauthorized access to underlying biometric information.
Mitigates false positives caused by collisions in homomorphic encryption schemes through real-time collision detection and responsive failover to non-distributed cleartext biometric processing.
Enables use of third-party distributed computer resources for biometric processing while avoiding exposure of biometric data in decrypted form, enhancing security and scalability.
Provides dynamic, multi-sourced computational load-adaptive processing resources with integrated persistent encryption carry-through protection against unauthorized data access.
Facilitates flexible selection of homomorphic encryption algorithms by handling collision-related costs, allowing use of HE schemes offering broader arithmetic operations and higher repeat operation limits.
Documented Applications
Screening individuals prior to boarding aircraft in locations such as airports and controlled access facilities using biometric capture devices like fingerprint scanners and facial image capture cameras.
Performing biometric identity verification and matching in environments including airports, train stations, and entranceways to controlled facilities using distributed third-party computing resources accessed through cloud services.
Use in kiosks and electronic gates (e-gates) for capturing biometric information, encrypting, and securely distributing data for HE domain biometric classification.
Deployment in security screening areas with integration of various screening equipment like millimeter wave scanners, computed tomography scanners, and baggage screening systems.
Interested in licensing this patent?