Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-01-27
2003-01-14
Hua, Ly V. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C382S115000, C382S124000, C382S190000, C382S209000, C382S215000, C382S276000
Reexamination Certificate
active
06507912
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to systems, methods and computer program products for identifying and/or verifying an individual, and more specifically to systems, methods and computer program products that use biometric data to identify and/or verify an individual.
Background of the Invention
Biometric information is now being used as an identification and/or verification technique for individuals. As is well known to those having skill in the art, biometric information is one or more behavioral and/or physiological characteristics of an individual. Biometric identification and/or verification uses a data processing system to enable automatic identification and/or verification of identity by computer assessment of a biometric characteristic. In biometric verification, biometric information is verified for a known individual. In biometric identification, biometric information for an individual is compared to known biometric information for many individuals in order to identify the individual.
Biometric identification/verification systems, methods and computer program products can measure one or more of the following behavioral and/or physiological characteristics of an individual: fingerprint, hand geometry, iris pattern, facial features, voice characteristics, handwriting dynamics, earlobe characteristics and keystroke dynamics. Other biometric characteristics may be used. Applications using biometric technologies include biometric check cashing machines, payment systems that substitute biometric data for personal identification numbers, access control systems that use biometric data, biometric employee time and attendance recording and biometric passenger control for transportation. Many other applications may utilize biometric information for identification and/or verification. See the publications entitled “
Biometrics, Is it a Viable Proposition for Identity Authentication and Access Control
”, to Kim, Computers & Security, Vol. 14, 1995, pp. 205-214; “
A Robust Speaker Verification Biometric
”, to George et al., Proceedings, the IEEE 29
th
International Carnahan Conference on Security Technology, October 1995, pp. 41-46; “
On Enabling Secure Applications Through Off-line Biometric Identification
”, to Davida et al., Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 1998, pp. 148-157; and “
Biometric Encryption: Information Privacy in a Networked World
”, to Brown et al., EDI Forum: The Journal of Electronic Commerce, v. 10, No. 3, 1997, pp. 37-43.
FIG. 1
is a block diagram of conventional biometric identification and/or verification systems, methods and computer program products. In
FIG. 1
, biometric identification and/or verification is presented in a “client-server” environment using Internet plug-ins. As is well known to those having skill in the art, a server is a computer and/or a software program running on a computer and/or special purpose hardware that provides a specific kind of service to a client. A client is a computer and/or a software program running on a computer and/or special purpose hardware that is used to contact and obtain data from a server over a communications network. The client and server each may comprise one or more mainframe, midrange and/or personal computers and/or one or more applications running on one or more of these computers and/or special purpose hardware. The client and server may run on the same computer or on different computers. The communications network may be a local area network, a wide area network, the Internet, an application interface and any other communication mechanism that may be used to connect a client and a server. When using the Internet as a communication network between a client and a server, a web browser may be used as a client and a web server may be used as a server.
Referring now to
FIG. 1
, a client
10
communicates with a server
12
over the Internet
14
. The client
10
includes a browser
16
, and the server
12
includes a web server
18
. When biometric identification and/or verification is used for electronic commerce between clients and servers over the Internet, a client biometric plug-in
22
and a server biometric script
24
may be used. For example, a biometric plug-in for a Netscape browser, such as Netscape Communicator or Netscape Navigator, may be used. At the server, a Uniform Resource Locator (URL) from the client invokes a script which can include and/or invoke one or more application programs to perform biometric functions. The design and use of plug-ins and scripts are well known to those having skill in the art and need not be described further herein.
Still referring to
FIG. 1
, the client biometric plug-in
22
includes biometric data acquisition
32
that performs sampling of a biometric characteristic at the client to generate samples related to the biometric characteristic. In order to provide secure transmission of the samples from the client
10
to the server
12
, an encryption module
34
may use conventional encryption techniques such as the Data Encryption Standard (DES) algorithm to encrypt the samples. Added security may be obtained using a signature module
36
, which may use an RSA public key algorithm or other conventional signature algorithm to add a signature to the encrypted samples. Accordingly, the client biometric plug-in transmits encrypted and signed samples, denoted ENC(SAMPLES), SIGNED in
FIG. 1
, from the client
10
to the server
12
over the Internet
14
using the browser
16
and the web server
18
.
At the server
12
, the server biometric script
24
includes and/or can invoke a signature verification module
46
that verifies the signature, for example using the RSA public key algorithm, and a decryption module
44
that decrypts the encrypted samples, for example using the DES algorithm. The samples are then applied to a template compare module
42
which contains therein a plurality of templates T
1
-Tn. Techniques for comparing templates to verify biometric data are well known to those having skill in the art and need not be described further herein.
Unfortunately, the use of encryption and/or signatures may be disadvantageous in biometric applications. For example, if the biometric data is 1.2K byte fingerprint data that is encrypted on a smart card, and is transmitted to a finger-scan reader for verification, the RSA signature may take more power and time, and may run the risk of signal corruption. DES encryption also may use complex key management techniques in order to establish a common secret encryption key at the client and at the server. Thus, the use of high security algorithms, such as DES and RSA algorithms may increase the cost and/or complexity of the overall biometric application. As the cost of biometric technology decreases, the cost of security may become a dominant factor in inhibiting the widespread use of biometric technology. Moreover, in some cases, the use of complex high-speed encryption, with its associated high cost, may even be unwarranted. Accordingly, it would be desirable to provide systems, methods and computer program products that can secure the biometric data during transmission, without unduly increasing the cost and/or complexity of the biometric application.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide improved biometric identification and/or verification systems, methods and computer program products.
It is another object of the present invention to provide biometric identification and/or verification systems, methods and computer program products that need not use encryption and/or signatures to transmit biometric data from a client to a server.
These and other objects are provided, according to the present invention, by performing key-dependent sampling of a biometric characteristic at the client, to thereby generate key-dependent biometric data samples. The key-dependent biometric data samples are then transmitted from the client to the server.
The present invention stems from a realization that in orde
Matyas, Jr. Stephen Michael
Peyravian Mohammad
Hua Ly V.
Myers Bigel & Sibley & Sajovec
Ray-Yarletts Jeanine S.
LandOfFree
Protection of biometric data via key-dependent sampling does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Protection of biometric data via key-dependent sampling, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Protection of biometric data via key-dependent sampling will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3012346