Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
1999-06-17
2004-02-24
Darrow, Justin T. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S155000, C713S180000, C713S186000, C380S282000, C380S285000, C380S286000
Reexamination Certificate
active
06697947
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to authentication of users and more particularly to multi-party authentication.
BACKGROUND OF THE INVENTION
In user authentication, it may be useful to provide access to certain resources or allow certain operations only if multiple users have been authenticated. For example, in software code revision, it may be beneficial to only allow certain revisions, such as publication of a new version, if such revisions are authorized by multiple authenticated users. Similarly, it may be beneficial for certain financial transactions or to maintain privacy to require multiple user authentication before completing the transaction or allowing access to the private information.
Previously, threshold systems have been devised to control access to resources, information, or to authorize transactions or activities only if a specified number of users are authenticated. Such systems provide increased security over single user authentication or verification systems because an attacker would have to impersonate each of the specified number of users to break the security system. Alternatively, a sharing scheme could be utilized where only a subset of the users are required for authentication or verification.
While such multi-party authentication and sharing schemes are known in the art, the potential still remains for an attacker to overcome the multi-party system by acquiring user identifications for multiple users and then impersonating those users utilizing the acquired user identifications. Thus, further improvements may be needed to increase the security of multi-party systems.
SUMMARY OF THE INVENTION
In view of the above discussion, it is an object of the present invention to provide improved security in multi-party authentication/verification systems.
These and other objects of the present invention may be provided by methods, systems and computer program products for multi-party authentication which receive a plurality of biometric authentication messages from a corresponding plurality of users. The biometric authentication messages include biometric data corresponding to the user. It is determined if each of the plurality of received biometric authentication messages is a valid message based on the biometric data contained in the biometric authentication messages so as to determine a quantity of valid biometric authentication messages. An indication of authentication is then provided if the quantity of the valid messages of the received plurality of messages is at least an authentication threshold value.
By providing multi-party authentication based on biometric information, the present invention provides for the increased difficulty in impersonating an authorized user which may be provided by the use of biometric information.
In a particular aspect of the present invention, the received biometric authentication messages include a user identification and user biometric data. In such a case, the received user biometric data is compared with previously stored biometric data corresponding to the user identification of the received biometric authentication message. The received biometric authentication message is considered a valid message if the comparison indicates that the received user biometric data corresponds to the stored biometric data. The received and stored user biometric data may be a canonical biometric template generated from a plurality of biometric samples. Preferably, the canonical biometric templates are generated by majority decoding the plurality of biometric samples.
In a further embodiment of the present invention, the biometric data is compared by determining a closeness between the received user biometric data and the previously stored biometric data. The received user biometric data corresponds to the previously stored biometric data if the closeness between the received user biometric data and the previously stored biometric data is within a predefined closeness threshold.
The closeness between the received user biometric data and the previously stored biometric data may be determined based on a difference in value between the user biometric data and the previously stored biometric data. Alternatively, the closeness between the received user biometric data and the previously stored biometric data may be determined based on a Hamming distance between the received user biometric data and the previously stored biometric data.
Preferably, the user biometric data and the stored biometric data comprise at least one of fingerprint, hand geometry, iris pattern, facial features, voice characteristics, handwriting dynamics, earlobe characteristics and keystroke dynamics.
In still another embodiment of the present invention, the received biometric authentication message includes a sample of biometric information from a user and a signed tuple comprising a user identification and a biometric template corresponding to the user. In such a case, the signature of the signed tuple and the received sample of user biometric data compared with the biometric template of the received tuple if the signature of the signed tuple is verified. The received biometric authentication message is a valid message if the comparison indicates that the received sample of user biometric data corresponds to the biometric template of the signed tuple.
The comparison of the received sample of user biometric data and the biometric template of the signed tuple may be a closeness comparison as described above.
In another embodiment of the present invention, the received biometric authentication message includes an encrypted biometric sample of the user. The received encrypted biometric sample is compared with encrypted biometric templates of valid users. The received biometric authentication message is considered a valid message if the comparison indicates that the received encrypted biometric sample corresponds to an encrypted biometric template of a valid user.
The comparison of the received encrypted biometric sample and the encrypted biometric template may be a determination of closeness between the received encrypted biometric sample and a candidate encrypted biometric template. The encrypted biometric sample corresponds to the candidate encrypted biometric template if the closeness between the received encrypted biometric sample and a candidate encrypted biometric template is within a closeness threshold.
As described above, the closeness between the received encrypted biometric sample and a candidate encrypted biometric template may be determined based on a difference in value between the biometric sample and the biometric template. Similarly, the closeness between the received encrypted biometric sample and a candidate encrypted biometric template may be determined based on a Hamming distance between the biometric sample and the biometric template.
In an embodiment where the closeness between the received encrypted biometric sample and a candidate encrypted biometric template is determined based on a difference in value between the biometric sample and the biometric template, the number of bits in the biometric templates (T) corresponding to the encrypted biometric templates is denoted by f, a publicly known prime number (p) larger than 2
f
is fixed, and a non-secret integer (g) between 2 and p−2 is selected. In such a case, the biometric templates (T) of valid users may be encrypted by determining z=g
T
(mod p) to provide the encrypted biometric templates (z) of valid users. Valid closeness indicator values (x) may be generated where x=g
v
(mod p) for integers between 0 and the closeness threshold. The valid closeness indicators are then stored.
The biometric sample (B) is also encrypted by determining y=g
B
(mod p) so as to provide the encrypted biometric sample (y). The closeness between the received encrypted biometric sample and a candidate encrypted biometric template and the determination that the encrypted biometric sample corresponds to the candidate encrypted biometric template if the closeness between the rec
Matyas, Jr. Stephen Michael
Peyravian Mohammad
Roginsky Allen Leonid
Zunic Nevenko
Darrow Justin T.
Lanier Benjamin E.
Myers Bigel Sibley & Sajovec, P. A.
Ray Yarletts Jeanine S.
LandOfFree
Biometric based multi-party authentication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Biometric based multi-party authentication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Biometric based multi-party authentication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3308791