CN-114868358-B - Privacy preserving biometric authentication

Abstract

A system for authenticating a subject as an individual using biometric data, the biometric data of the individual having been previously obtained. The second transducer has a digital electronic signal output characterizing a biological feature of the subject, a second computing facility receives the digital electronic signal, a server array, and a third computing facility. The component implementations include a process of generating tiles from digital electronic signals and distributing the generated tiles to a server array, the server array receiving and storing the generated tiles, performing a data exchange process using a subset of the generated tiles to form information related to authentication of a subject, and transmitting the formed information to a third computing facility to cause the third computing facility to generate an output value indicative of whether the subject is authenticated as an individual. Related sign-on systems are also provided.

Inventors

• C H H III
• T P slovtawa
• Y.H. Right

Assignees

• 徽章公司

Dates

Publication Date

20260508

Application Date

20201209

Priority Date

20191209

Claims (20)

1. 1. A method of authenticating a subject as an individual using biometric data, the biometric data of the individual having been previously obtained using a first transducer coupled to a first computing facility, the method being processed with a computer comprising: The method comprises the steps of (i) the first computing facility having generated a login patch from biometric data of an individual, (ii) having calculated multi-party computing MPC information for subsequent use in multi-party computing, (iii) the first computing facility having distributed the login patch and the MPC information to a first plurality of servers in a server array with respect to both the login patch and the MPC information: Generating an authentication patch from a digital electronic signal provided as an output of a second transducer coupled to a second computing facility, such digital electronic signal characterizing a biological feature of the subject; distributing the authentication shards to a second plurality of servers in the server array; Performing a data exchange process comprising a multiparty calculation involving communication between subsets of servers in the array and further involving the subset of login tiles, the subset of authentication tiles, and the subset of MPC information to form information related to authentication of the subject, wherein the MPC information has been configured to facilitate the multiparty calculation, and Processing the information related to the authentication of the subject to generate an output value indicative of whether the subject is authenticated as the individual.
2. 2. The method of claim 1, wherein the computer processing is performed by a computing entity configured to be limited in information sharing with respect to a set of information items selected from the group consisting of the output value, the digital electronic signal, biometric data of the individual, a biometric of the subject, the generated shards, and combinations thereof.
3. 3. The method of claim 1, the computer process further comprising encoding the digital electronic signal such that the generated slices are also encoded.
4. 4. A method according to claim 3, wherein the encoding operation comprises using a neural network.
5. 5. A method according to claim 3, wherein the encoding operation comprises representing the digital electronic signal as a set of vectors in a metric space.
6. 6. The method of claim 5, wherein performing the data exchange process using the subset of generated tiles to form information related to authentication of the subject comprises computing a set of distances in the metric space.
7. 7. The method of claim 1, wherein the operation of the data exchange process comprises performing the multiparty computation on the condition that none of the servers in the server array obtain an intermediate value for the multiparty computation.
8. 8. The method of claim 1, wherein the selected group of server arrays generates new shards based on the generated shards.
9. 9. The method of claim 1, wherein a shard is capable of being revoked by a revocation process that includes the data exchange process.
10. 10. The method of claim 9, wherein generation of a new shard does not require the individual to re-engage with the first converter after the shard is revoked.
11. 11. The method of claim 9, wherein the revocation process is configured in a manner that there is no communication between the server array and other computing entities.
12. 12. The method of claim 9, wherein the revocation processing includes performing the data exchange processing using a subset of the generated shards from a subset of the server array.
13. 13. The method of claim 12, wherein the data exchange process involves communication between selected groups of servers from the server array.
14. 14. The method of claim 12, wherein performing the data exchange process comprises processing, by each server, the server-generated individual shards alone with the server-generated subject shards to generate a new set of shards, the new set of shards constituting the output value.
15. 15. The method of claim 1, wherein the operation of the server array receiving and storing the generated shards includes receiving and storing a message authentication code for the shards and the data exchange process includes using the message authentication code to confirm that the output value itself indicative of whether the subject is authenticated as the individual is authentic.
16. 16. The method of claim 1, wherein the operation of the server array receiving and storing the generated shards comprises receiving and storing shards of a Beaver triplet distributed across the server array with the generated shards.
17. 17. The method of claim 16, wherein the operation of the server array receiving and storing the generated fragments comprises receiving and storing a message authentication code of the Beaver triplet.
18. 18. The method of claim 17, wherein the operation of the server array receiving and storing the generated fragments comprises receiving and storing fragments corresponding to message authentication code keys.
19. 19. The method of claim 1, wherein the operation of the server array receiving and storing the generated shards comprises receiving and storing shards of random values.
20. 20. The method of claim 1, wherein the operation of the server array receiving and storing the generated shards includes receiving and storing shards of a function that facilitates an authentication process.

Description

Privacy preserving biometric authentication RELATED APPLICATIONS This patent application claims the benefit of U.S. provisional patent application Ser. No.63/058,330, filed 7/29/2020, and U.S. provisional patent application Ser. No.62/945,590, filed 12/2019. Each of these applications is incorporated herein by reference in its entirety. Technical Field The present invention relates to biometric authentication, and more particularly, to privacy preserving biometric authentication. Background Biometric-based authentication provides a powerful function in today's digital world, which allows people to securely authenticate themselves using biometric features without having to remember complex passwords or carry with them a hardware token. During enrollment or registration, a biometric of the individual is captured and the biometric or biometric template is stored. A biometric template may be created (e.g., by using algorithms involving feature extraction or using machine learning or computer vision algorithms) from the biometric data) and then, during subsequent authentication, the subject's biometric is captured and compared or matched to the stored biometric or biometric template. However, this approach creates problematic security and privacy concerns. For example, in traditional biometric matching, the system must be able to access templates in plain text in order to run the matching algorithm—this makes it easy for an attacker to steal templates or destroy databases to obtain biometric data or other confidential information of the user, similar to how an attacker would destroy a cryptographic database. Damage is more severe to the biometric feature because the user cannot reset the biometric feature. The fingerprint cannot be reset like a password. The biometric features are either stored centrally or locally. When the biometric is stored in one or more centralized databases, the databases are hacked honeypots (honeypot). When the biometric is stored locally, such as in the device of the respective user (e.g. an iPhone), there are further disadvantages, for example, including that if the user loses her device, she will no longer be able to authenticate because the biometric she was logged in is stored on her lost device-so no stored biometric is available for matching. Today's "multiparty computing" or "MPC" technology still requires that biometric templates from the login be stored on a server when applied to the biometric. During authentication, a subject biometric template on the client is compared to a biometric template on the server using multiparty computation, wherein the server and client execute an MPC to compute a matching score for both templates. While this technique avoids the exchange of biometric templates by both parties (as occurs in classical biometric authentication), this approach does not protect privacy, for example because both the server and the client learn the matching score. Existing methods using MPC are too inefficient to extend to millions of users. For example, some methods require excessive computation (such as on the order of seconds per user authentication), while other methods require excessive communication (sometimes >10MB per user authentication through tens or even hundreds of rounds of exchange), while others have a weak security model (such as one or more active malicious servers are not secure). Many of these methods require the server to store the biometric templates in plain text, as in conventional biometric authentication. One approach is to fragment (shard) the data between the client and the server, which may prevent a single point of failure at the server, but which requires the same client device to be used in future authentications, as one or more fragments stored by the client device are required in future authentications. Thus, this approach has the limitation of locally stored biometric authentication, as the loss of the client device implies a loss of credentials and authentication capabilities. Disclosure of Invention The application describes a privacy protection method for authenticating a user, which is a significant improvement over the prior art. According to one embodiment of the present invention, there is provided a method of authenticating a subject as an individual using biometric data, the biometric data of the individual having been previously obtained using a first transducer. The method utilizes computer processing that includes generating a component from a digital electronic signal that is provided as an output of a second converter, such signal characterizing a biological feature of the subject. The computer process further includes the operations of distributing the generated shards to a server array such that the server array is capable of storing the generated shards and performing a data exchange process using a subset of the generated shards to form information related to authentication of the subject. The computer processing fu