1. Field of Invention
The invention described herein is related to using biometric data samples, user knowledge of secret numbers, and device hardware ID data with encryption in a cooperative manner to authenticate device users to the stand-alone computing devices, to enable these devices to store secure encrypted biometric templates and to provide the basis for them to be accepted as trusted computing devices to remote computers or servers without the need for the user to remember and enter complex passwords. The invention is described mainly in the context of biometric data, and particularly signature/sign data, which is rotated to a consistent angle of inclination prior to feature extraction according to the above mentioned patent application Ser. No. 12/627,413 and it is applicable to any image-based biometric modality.
2. Description of the Prior Art
Today, there are many stand-alone computing devices in operation, all of which contain much sensitive, private and/or confidential information which is at risk in the event the device is lost or stolen. Devices in this category include, but are not limited to Cell Phones, iPads, PDA's, Tablet PC's, laptops and other mobile computing devices. There has been unprecedented growth in (finger) touch sensitive devices sparked by recent introductions of the iPhone, Android devices, the iPad and Windows Phone 7, which use capacitive screens for finger input. These devices are very attractive consumer devices and consequently, there is more pressure than ever for Enterprises to allow them to connect to corporate networks, particularly for email and cell phone use and for banks to allow them to be used as on-line payment instruments Connection to corporate networks for other purposes than email is allowed by some enterprises, whereas other enterprises choose not to allow such access because of the security risks involved—Is the device user really the device owner? The data accessible to these device users (owners or not) contain, at least, highly confidential personal information, which could be used for financial payment card fraud, identity theft or for other nefarious purposes and, in other cases, confidential personal and corporate data which could be highly detrimental to the corporate entity if it came into the public domain. For government workers and the military, if these devices fall into enemy hands or into the hands of foreign Governments and they do not have suitable protection the devices can be detrimental to National Security
Most of these devices, if they are protected at all, rely upon the submission of a password, or just a simple PIN to gain access to the device. The PIN, on its own, although relatively user friendly, is very insecure. It can be passed on, guessed, overseen at entry, or generated through a brute force attack (an automated attack based upon submitting sequential PIN values until the correct one is found). Depending upon the password, this too can be insecure for the same reasons. If the password is sufficiently complex to provide sufficient security (e.g. a regularly-changing, randomly-chosen eight-character string consisting of lower case, upper case, numeric and special characters) the password becomes difficult to remember and enter on these devices and is very user unfriendly. As a result of the inherent lack of security associated with the devices many of them are not allowed to connect to their enterprise networks and this severely restricts their usefulness.
Over the last ten years or so and particularly since 9/11 there has come a realization that authentication systems based upon password entry at the keyboard are particularly vulnerable to unauthorized and unfettered access from many different sources. This despite increasingly sophisticated encryption methods and algorithms. The science of Biometrics, which captures samples of biological properties or behavioral characteristics of individuals, extracts measurable features from the samples and compares them to stored templates, has made much progress and there are now many such systems in situ protecting access to physical and logical assets by ensuring that access rights are granted only to authentic individuals and denied to imposters. Image-based biometric systems, which use Fingerprint and Palm patterns, Face and Iris patterns, Hand Geometry and Vein analysis, etc., are all in use or under current development. Dynamic or behavioral biometric systems, which introduce the dimension of time into the sample analysis rely upon the submission of stylus or finger-based Signs or Signatures, Voice or Keystroke patterns and are also being used for similar applications. These latter biometric technologies have several advantages over systems based purely upon physiological imaging technologies. For example, they offer the possibility of user-chosen, secret-based templates preserving privacy, increasing performance and allowing template revocation and replacement in the event of compromise.
One of the major issues in using biometric systems for protecting access to stand-alone computing devices has been the problem of protecting the biometric template from being extracted from the device in the event of its loss or theft. If a password based encryption key is used then system access is again reliant upon the entered password. One of the inherent properties of biometric samples is that successive samples from the same user are never the same, although they might be very similar, especially in the case of image based biometric samples. Consequently the sample can not be used to generate a constant encryption key without some degradation of performance of the overall biometric system.
Methods that attempt to generate keys directly from the biometric sample offer little information on the accuracy they deliver. Examples here are:
Taekyoung Kwon and Jae-I I Lee, “Practical digital signature generation using biometrics, Computational Science and Its Applications”, LNCS (Lecture Notes in Computer Science) Vol. 3043, Springer-Verlag, pp. 728-737, May 2004
C. Soutar, D. Roberge, A. Stoianov, R. Golroy, and B. Vijaya Kumar, “Biometric Encryption,” ICSA Guide to Cryptography, McGraw-Hill, 1999.
The majority of claims in this invention are based upon the parent application, requiring a transformation of biometric data and use a combination of PIN hash, device ID and a previously selected, obfuscated and de-obuscatable password together with a biometric test as the basis for authentication and key generation. Some claims address authentication and encryption without requiring a transformation of the biometric data and others rely upon the use of more specific signature/sign verification techniques for the biometric function.
One existing method which uses a PIN in conjunction with a biometric sample for protecting access to stand-alone devices is described by Shinzaki in U.S. Pat. No. 6,957,339. This employs a combination of stored PIN (hash), a public/private key pair and the biometric sample whose biometric template is also encrypted using public key encryption methodology. This invention does not require a stored PIN hash, nor does it rely upon the need for a public/private key pair, although it can be used to release the private key in this context. Unlike Shinzaki, this invention makes possible the use of a symmetrical key for both encryption and decryption. However, where the device uses the PKI infrastructure the invention can be used to release/generate the private key.
There have been other attempts to address this thorny problem and examples of reference art are described in:
Scheidt et al—US Publication 2002/0184509. This shows a method of validating a user for access to a system based upon a number of user-provided factors including a user-known key and the user's biometric information, which is encrypted using a key derived from one or more data input instances, including knowledge-based data, possession-based data terminal ID or MAC address. These latter data can be used to decrypt the biometric template. The method does not disclose using a device ID with a PIN hash and a previously selected password to generate an obfuscated password which can be de-obfuscated to provide password-based authentication and data encryption for stored and transmitted data. Nor does it disclose using the obfuscated password with the PIN hash to encrypt and decrypt the biometric template.
Other references of record in this field from Nguyen et al—US Publication 2007/0038863, Gennaro et al—U.S. Pat. No. 6,317,834, Sathath et al—US Publication 2006/0245619 and Talmor et al—US Publication 2003/0135740 all describe methods using a combination of PIN, Device ID and biometric data but none of them combines these with the use of a de-obfuscatable, obfuscated password to provide user authentication and symmetrical encryption keys for template encryption and decryption of stored data and data in transit.
Some of the components of this system, using an earlier, inferior method of transforming the biometric data are also disclosed in U.S. Pat. No. 5,892,824, authored by two of the present inventors.
In the light of this art there is a real need to find a method and system to:
a) Securely authenticate the user to the device by automatically releasing a password to the device authentication system in response to a matched biometric sample and a correct PIN.
b) Authenticate the user and the device to a remote computer or server to provide a trusted stand-alone computer system.
c) Remove the need for the user to remember and enter complex passwords, whilst retaining the benefits of complex password infrastructure and/or PKI for authentication and encryption.
d) Encrypt the biometric template and other data on the device.
e) Automatically generate strong encryption keys for device data and template encryption and to protect secure data communications between the device and the server.
f) Release trusted credentials, including electronic signatures, to provide proof of authorship for transactions and electronic documents
Although some of the art references above achieve some of these components, none provides for a comprehensive system containing all of them.