The present invention relates to a system and a method of verifying the identity of an individual by employing biometric data associated with the individual (603), wherein privacy of said biometric data (X, Y) is provided. A helper data scheme (HDS) is employed to provide privacy of the biometric da
The present invention relates to a system and a method of verifying the identity of an individual by employing biometric data associated with the individual (603), wherein privacy of said biometric data (X, Y) is provided. A helper data scheme (HDS) is employed to provide privacy of the biometric data. The present invention is advantageous for number of reasons. First, processing of security sensitive information is performed in a secure, tamper-proof environment (601, 604, 606) which is trusted by the individual. This processing, combined with utilization of a helper data scheme, enables set up of a biometric system where the biometric template is available in electronic form only in the secure environment. Moreover, electronic copies of the biometric templates are not available in the secure environment permanently, but only when the individual offers her template to the sensor.
대표청구항▼
1. A system for verifying the identity of an individual by employing biometric data associated with the individual, the system providing privacy of said biometric data, the system comprising: a verifier;a secure, tamper-proof user employed device employed with a biometric sensor, wherein said user e
1. A system for verifying the identity of an individual by employing biometric data associated with the individual, the system providing privacy of said biometric data, the system comprising: a verifier;a secure, tamper-proof user employed device employed with a biometric sensor, wherein said user employed device is owned and trusted by the individual and is separate and distinct from said verifier;an enrollment authority; anda central storage, wherein said enrollment authority is arranged to store enrollment data (S) at said central storage, the enrollment data (S) being secret and based on a first set (X) of biometric data of the individual;said employed user device is arranged to temporarily receive, with said biometric sensor, a second set (Y) of biometric data of the individual directly from the individual that is not available to the verifier, to generate secret verification data (S′) based on said second set (Y) of biometric data and helper data (W), said helper data (W) being based on the first set of (X) biometric data and related to the secret enrollment data (S), the helper data (W) being chosen such that, when a delta-contracting function is applied to the first set (X) of biometric data and the helper data (W), the outcome equals the enrollment data (S); andsaid verifier is arranged to acquire the secret enrollment data (S) from the central storage, to acquire the secret verification data (S′) received from the user employed device, wherein communication between said verifier and said user employed device is established using a communication channel, such that the second set (Y) of biometric data of the individual is not revealed from the secret verification data (S′) and to compare the secret enrollment data (S) with the secret verification data (S′) to check for correspondence, wherein the identity of the individual is verified if correspondence exists. 2. The system according to claim 1, wherein said central storage is arranged to store the helper data (W); and said verifier is arranged to acquire said helper data (W) from the central storage and send said helper data (W) to the user employed device using said communication channel. 3. The system according to claim 2, wherein said user employed device is arranged to generate the helper data (W) and forward the helper data (W) to the enrollment authority using said communication channel, and wherein said enrollment authority is arranged to store the helper data (W) at the central storage. 4. The system according to claim 2, wherein said enrollment authority is arranged to generate the helper data (W) and store it in the central storage. 5. The system according to claim 1, wherein said user employed device is arranged to generate the helper data (W) and store it at the user employed device. 6. The system according to claim 1, wherein said enrollment authority is arranged to generate the helper data (W) and forward to and store on the helper data (W) at the user employed device using said the communication channel. 7. The system according to claim 1, wherein said helper data (W) is generated, and subsequently used in a delta-contracting function. 8. The system according to claim 3, wherein said user employed device is arranged to derive the first set of biometric data (X) of the individual using said biometric sensor, to generate the enrollment data (S), and to send the enrollment data (S) to the enrollment authority. 9. The system according to claim 8, wherein said biometric sensor of said user employed device further is arranged for deriving a biometric template from at least one physical feature of the individual. 10. The system according to claim 4, wherein said enrollment authority is arranged to derive the first set (X) of biometric data of the individual and to generate the enrollment data. 11. The system according to claim 10, wherein said enrollment authority calls upon the biometric sensor to derive a biometric template from at least one physical feature of the individual. 12. The system according to claim 1, wherein the user device comprises a smart card. 13. A method of verifying the identity of an individual by employing biometric data associated with the individual, the method providing privacy of said biometric data, the method comprising: acquiring, at a verifier, enrollment data (S) from a central storage, the enrollment data being secret and based on a first set (X) of biometric data of the individual;acquiring, at said verifier, verification data (S′) and helper data (W) over a communication channel, wherein said verification data (S′) is from a user employed device employed with a biometric sensor owned and trusted by the individual, said user employed device being distinct and separate from said verifier, the verification data (S′) being secret and based on a second set (Y) of biometric data of the individual and said helper data (W) directly from the user employed device of the individual not available to the verifier, and wherein aid helper data (W) is based on the first set (X) of biometric data of the individual and related to the enrollment data (S), the helper data (W) being chosen such that, when a delta-contracting function is applied to the first set (X) of biometric data and the helper data (W), the outcome equals the enrollment data (S); andcomparing the enrollment data (S) with the verification data (S′) to check for correspondence, wherein the identity of the individual is verified if correspondence exists;wherein processing of the first set (X) and the second set (Y) of biometric data of the individual, the enrollment data (S) and the verification data (S′) is performed in a secure, tamper-proof environment which is trusted by the individual. 14. The method according to claim 13, further comprising: acquiring said helper data (W); andsending said helper data (W) to the secure, tamper-proof environment which is trusted by the individual. 15. The method according to claim 13, further comprising: generating the helper data (W) at the secure, tamper-proof environment which is trusted by the individual; andforwarding the helper data (W) to an enrollment authority. 16. The method according to claim 14, further comprising: generating the helper data (W) at said enrollment authority. 17. The method according to claim 13, wherein said helper data (W) is generated, and subsequently used in a delta-contracting function. 18. The method according to claim 15, wherein deriving the first set (X) of biometric data of the individual, generating the enrollment data (S), and sending the enrollment data (S) to the enrollment authority is performed at the secure, tamper-proof environment which is trusted by the individual. 19. The method according to claim 16, wherein deriving the first set (X) of biometric data of the individual and generating the enrollment data (S) is performed at said enrollment authority. 20. A computer program, embodied in a non-transitory computer readable medium, for verifying the identity of an individual by employing biometric data associated with the individual, comprising: acquiring enrollment data (S) from a central storage, the enrollment data (S) being secret and based on a first set (X) of biometric data of the individual;acquiring verification data (S′) and helper data (W) over a communication channel, said verification data (S′) from a user employed device employed with a biometric sensor owned and trusted by the individual, said user employed device being separate and distinct from said computer program, the verification data (S′) being secret and based on a second set (Y) of biometric data of the individual not available to the verifier and said helper data (X), and wherein said helper data (W) is based on the first set (X) of biometric data of the individual and related to the enrollment data (S), said helper data (W) being chosen such that, when a delta-contracting function is applied to the first set (X) of biometric data and said helper data (W), the outcome equals the enrollment data (S); andcomparing the enrollment data (S) with the verification data (S′) to check for correspondence, wherein the identity of the individual is verified if correspondence exists;wherein processing of the first set (X) and the second set (Y) of biometric data of the individual, the enrollment data (S) and the verification data (S′) is performed in a secure, tamper-proof environment which is trusted by the individual.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (9)
Kevenaar, Thomas A. M.; Bruekers, Alphons A. M. L, Apparatuses, system and method for authentication.
Bruekers, Alphons Antonius Maria Lambertus; Kevenaar, Thomas Andreas Maria; Van Der Veen, Minne; Akkermans, Antonius Hermanus Maria, Template renewal in helper data systems.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.