US-20260128880-A1 - METHOD AND SYSTEM FOR IMPLEMENTING A PRIVACY PRESERVING, FACE-BASED PROTECTED PUBLIC KEY INFRASTRUCTURE

Abstract

A computer-implemented method of registering a user identifier in a public key infrastructure comprising a trusted device and a server is provided. The method includes the steps: receiving the user identifier as an input to the trusted device; obtaining a hash value of the user identifier; the trusted device obtaining biometric data comprising a facial image of the user; generating a public key and a privacy preserving data structure using the biometric data, encrypting the user identifier using the public key, and storing the encrypted user identifier as metadata in the privacy preserving data structure, wherein a private key for decrypting the encrypted user identifier can be generated from the privacy preserving data structure using subsequently acquired biometric data comprising the facial image of the user; generating a device token corresponding to the trusted device and obtaining a hash value of the device token, the server storing the privacy preserving data structure uniquely indexed by the hash value of the device token while using the hash value of the user identifier as a primary key, and the trusted device storing the device token.

Inventors

• Varun Chatterji
• Ashish Kushwaha

Assignees

• SEVENTH SENSE ARTIFICIAL INTELLIGENCE PRIVATE LIMITED

Dates

Publication Date

20260507

Application Date

20240517

Priority Date

20230519

Claims (20)

1. 1 . A computer-implemented method of registering a user identifier in a public key infrastructure, the public key infrastructure comprising a server and a trusted device, the method including: receiving the user identifier as an input to the trusted device; obtaining a hash value of the user identifier; obtaining, by the trusted device, biometric data comprising a facial image of the user; generating a public key and a privacy preserving data structure using the biometric data; encrypting the user identifier using the public key; storing the encrypted user identifier as metadata in the privacy preserving data structure, wherein a private key for decrypting the encrypted user identifier can be generated from the privacy preserving data structure using subsequently acquired biometric data comprising the facial image of the user; generating a device token corresponding to the trusted device; obtaining a hash value of the device token; storing, by the server, the privacy preserving data structure uniquely indexed by the hash value of the device token while using the hash value of the user identifier as a primary key; and storing, by the trusted device, the device token.
2. 2 . The computer-implemented method of claim 1 , wherein the method further includes forwarding the user identifier and the biometric data to the server, wherein the public key and the privacy preserving data structure are generated by the server.
3. 4 . The computer-implemented method of claim 1 , wherein the device token is generated by the server and transmitted to the trusted device.
4. 5 . The computer-implemented method of claim 4 , wherein the server does not store a copy of the device token after transmitting the device token to the trusted device.
5. 6 - 8 . (canceled)
6. 9 . The computer-implemented method of claim 1 , further comprising determining if the user identifier is associated with an existing privacy preserving data structure stored on the server.
7. 10 . The computer-implemented method of claim 9 , further including searching for the hash value of the user identifier on the server.
8. 11 . The computer-implemented method of claim 9 , further comprising: authenticating the user in response to determining that the user identifier is associated with the existing privacy preserving data structure stored on the server.
9. 12 . The computer-implemented method of claim 11 , wherein authenticating the user includes: obtaining subsequently acquired biometric data comprising the facial image of the user; retrieving, by the server, the existing privacy preserving data structure by reference to the hash value of the user identifier; generating a private key from the existing privacy preserving data structure using the subsequently acquired biometric data; and decrypting the encrypted user identifier stored in the existing privacy preserving data structure using the private key to authenticate the user.
10. 13 . The computer-implemented method of claim 1 , wherein the device token is a new device token to replace an existing device token associated with the user identifier.
11. 14 . The computer-implemented method of claim 1 , further comprising: requesting, by the server, public key certificate from a certificate authority for the public key and the user identifier; and storing, by the certificate authority, the public key certificate in a public key registry.
12. 15 - 27 . (canceled)
13. 28 . A public key infrastructure system for registering a user identifier, the system comprising: a trusted device having a biometric sensor; and a server in communication with the trusted device, wherein the trusted device is configured to: receive the user identifier as an input; and obtain biometric data comprising a facial image of a user via the biometric sensor, wherein at least one of the trusted device and the server is configured to: obtain a hash value of the user identifier; generate a public key and a privacy preserving data structure using the biometric data; encrypt the user identifier using the public key; store the encrypted user identifier as metadata in the privacy preserving data structure, wherein a private key for decrypting the encrypted user identifier can be generated from the privacy preserving data structure using subsequently acquired biometric data comprising the facial image of the user; generate a device token corresponding to the trusted device; and obtain a hash value of the device token, wherein the server is configured to store the privacy preserving data structure uniquely indexed by the hash value of the device token and having the hash value of the user identifier as a primary key, and wherein the trusted device is further configured to store the device token.
14. 29 . The public key infrastructure system of claim 28 , the system further comprising a computing device configured to: redirect a user from a website to a third-party sign-in page connected to the server; and display a unique code from the third-party sign-in page, wherein the trusted device is further configured to: receive the unique code as an input; obtain subsequently acquired biometric data comprising the facial image of the user; and transmit the biometric data, the unique code, the user identifier, and the device token to the server.
15. 30 . The public key infrastructure system of claim 28 , wherein the trusted device is further configured to: obtain subsequently acquired biometric data comprising the facial image of the user; and transmit the subsequently acquired biometric data, the user identifier, and the device token to the server.
16. 31 . A server comprising: a network interface, one or more processors, and a memory containing machine executable instructions which, when executed on the one or more processors, cause the one or more processors to: connect to a trusted device via the network interface; receive biometric data comprising a facial image of a user from the trusted device; generate a public key and a privacy preserving data structure using the biometric data; encrypt a user identifier using the public key; store the encrypted user identifier as metadata in the privacy preserving data structure, wherein a private key for decrypting the encrypted user identifier can be generated from the privacy preserving data structure using subsequently acquired biometric data comprising the facial image of the user; generate a device token corresponding to the trusted device; obtain a hash value of the device token; store, in the memory, the privacy preserving data structure uniquely indexed by the hash value of the device token and having the hash value of the user identifier as a primary key; and transmit the device token to the trusted device.
17. 32 . (canceled)
18. 33 . The server of claim 31 , wherein the machine executable instructions which, when executed on the one or more processors, further cause the one or more processors to: store a plurality of privacy preserving data structures that are each associated with a respective hash of a different respective user identifier.
19. 34 . The server of claim 33 , wherein the hash value of the user identifier is a first hash value of a first user identifier, wherein the privacy preserving data structure is a first privacy preserving data structure associated with the first hash value of the first user identifier, wherein the plurality of privacy preserving data structures include a second privacy preserving data structure that is associated with a second hash of a second user identifier.
20. 35 . The server of claim 33 , wherein the machine executable instructions which, when executed on the one or more processors, further cause the one or more processors to: receive an authentication request that includes a particular device token; and search the plurality of privacy preserving data structures for a particular privacy preserving data structure that is associated with the particular device token.

Description

This application claims priority from SG 10202301398S filed 19 May 2023, the contents and elements of which are herein incorporated by reference for all purposes. FIELD OF THE INVENTION The present invention relates to computer-implemented methods, devices, and systems for face-based authentication of a user in a public key infrastructure. BACKGROUND Public Key Infrastructure is common in scenarios where information must be signed or encrypted with non-repudiation and authenticity in mind. In such scenarios, there is typically a trusted root Certificate Authority (CA) that can generate a certificate vouching for the identity (and public key) of an end-user. Documents can then be signed with end-user's private key, and the signature can be verified by validating it against the signed public key contained in the certificate issued by the root CA. Since the root CA is trusted, and its public key is known (via a self-signed certificate), certificates issued by the CA can be verified using the CA's root certificate, and since they contain identity information of the end-user, the end-user's identity information can be safely associated with their public key by virtue of the certificate issued to them by the root CA. Present document signing systems typically employ e-signatures where documents are annotated with visible signatures in signing fields. Such methods typically send the document via email and maintain an audit trail of when events occurred. Documents can typically be opened from emails and users can either draw, or adopt a signature based on available fonts. Once the document is e-signed by all parties, the signing platform may add the audit trail page and cryptographically sign the document as completed by using its own private key. However, such documents can be contested in court under the clause of plausible deniability. Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge of or responsibility for actions by members of their organizational hierarchy. Since, in many situations, executives have secretaries with access to their email, the e-signing regime can be easily contested in court by an executive claiming that the secretary signed the document and not them. Facial recognition-based user authentication methods identify users by their unique biological features. Secure websites can use such methods for signing in its users, providing an effective means of user authentication without requiring the users to recall a password. Typically, users sign up on the website by supplying a biometric sample of their facial features to generate a feature template which is stored in a database as biometric data. Later, when the user presents another biometric sample, a new feature template is generated and compared with the previously stored template. If the respective feature templates are found to be sufficiently similar, the system deems that the same person supplied each sample. In this regard, the feature templates are ‘linkable’. The ability to compare feature templates with one another is also what makes the stored data biometric in nature. However, in the context of data protection, this is an undesirable property of biometric data because it is possible to identify the user from their biometric data. Another concern with traditional facial recognition-based user authentication methods is that one feature template can be generated from a single biometric sample. Therefore, if the feature template is compromised, the user cannot generate a new feature template as a replacement. This is analogous to having a password that cannot be changed. The present invention has been devised in light of the above considerations. SUMMARY OF THE INVENTION Broadly, the present invention relates to systems and methods for face-based authentication of a user in a public key infrastructure. In particular, biometric data comprising a facial image of a user is used to generate a public key and a privacy preserving data structure which can be used to generate a corresponding private key. The corresponding private key can only be generated from the privacy preserving data structure using subsequently acquired biometric data comprising the facial image of the user that was used to generate the privacy preserving data structure. Therefore, the privacy preserving data structure enables the user to protect the private key using their biometric data by ensuring that the corresponding private key can only be generated at run time from the user's face. The privacy preserving data structure may store entropy which is used in conjunction with the subsequently acquired biometric data to generate the private key. The privacy preserving data structure may contain encrypted metadata relating to the user which can only be decrypted using the corresponding private key. Although an ‘incorrect’ private key may be generated using a different facial image, the inco