Patent Application
20070136604
The present invention relates in general to the field of networks and more specifically to managing secure access to data in a network.
Authentication is the foundation of security systems. It refers to methods used for verifying authenticity of a user. These authentication methods can be used in a security system to associate a unique identity with a user. A critical requirement for authentication in a security system is that while authenticating, the security system must unambiguously associate a user with his identity.
Credentials are required to verify a user. Credentials comprise information that can only be provided by the user. Examples of credentials include user passwords, user personal identification numbers (PINs), user identification cards, and tokens. Passwords are the most common form of authentication used in many security systems. Tokens are also widely used for user authentication. Tokens that are designed for authentication include information that establishes the user's identity. The user must demonstrate physical possession of the token when requested. However, passwords and tokens can be easily stolen. In this case, the person in possession of the password or token can breach the concerned security system. Further, a password may be forgotten in an infrequent and stressful situation. Recently, other credentials, such as biometrics, have become a preferred method of authentication. Biometrics authentication is an automated method for the identification and verification of users by means of their physical or behavioral characteristics. Examples of physical characteristics include face, fingerprints and iris patterns, whereas examples of behavioral characteristics are gait and signature.
Currently, there are methods available for authenticating users in a network based on their biometric information. One of these methods involves maintaining an encrypted database of biometric credentials of users on a server. A decryption key, for decrypting the encrypted database, is also kept at the server. Another method involves storing the biometric information about the user in a device present at the user end and utilizing the biometric information to establish the user's identity. Yet another method involves avoiding revealing biometric information about the user to the server by means of a user device. This is achieved by the user device performing the authentication, by matching modified versions of the biometric information, and not the actual biometric information, at the user's end.
However, one or more of the methods described above have one or more of the following limitations. First, the server with the encrypted database is susceptible to attacks by hackers. Since the decryption key is present on the server, the decryption key and the information with the server may get stolen. Second, the use of a device that stores the biometric information is not suitable for high-security applications, since the server administrator can maintain better control over a system when the credentials are stored on the server. Further, device compromise is a significant concern. Third, systems in which user authentication is performed by matching modified versions of the biometric information at a server suffer from reverse engineering attacks, in that illegitimate parties have demonstrated the ability to recover the raw information from the modified versions. Finally, all existing systems are susceptible to compromise if either the server or the device storing the biometric information is hacked.
In the accompanying figures, like reference numerals refer to identical or functionally similar elements throughout the separate views. These, together with the detailed description below, are incorporated in and form part of the specification, and serve to further illustrate the embodiments and explain various principles and advantages, in accordance with the present invention.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements, to help in improving an understanding of various embodiments of the present invention.
Before describing in detail the particular method and system for managing secure access to data by a user in a network in accordance with the present invention, it should be observed that the present invention resides primarily in combinations of method steps and system components related to use of biometric information to manage secure access to the data. Accordingly, the system components and method steps have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms ‘comprises,’ ‘comprising,’ or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. An element proceeded by ‘comprises . . . a’ does not, without more constraints, preclude the existence of additional identical elements in the process, method, article, or apparatus that comprises the element.
The present invention describes a method for managing secure access to data by a user in a network. The method involves using biometric information of the user to gain access to the data. The method includes receiving a key from a user device for creating an unencrypted biometric profile of the user from a database of encrypted biometric profiles. More specifically, a stored encrypted biometric profile corresponding to the user is decrypted using the key to yield the unencrypted biometric profile. The method also includes receiving a biometric sample of the user and authenticating the user using the unencrypted biometric profile and the biometric sample. Moreover, the method includes discarding the key, the biometric sample, and the unencrypted biometric profile after authenticating the user.
The present invention further describes a method used in a user device. The method includes transmitting a key to a server. The method also includes transmitting a biometric sample of a user to the server for authentication.
Moreover, the present invention describes a server for managing secure access to data in a network. The server includes a means for communicating, a memory, a processor, a database of encrypted biometric profiles, and an authentication unit. The memory stores a key and a biometric sample received from the user. The processor is capable of accessing the database of encrypted biometric profiles. The processor is also capable of using the key to decrypt an encrypted biometric profile corresponding to the user, to yield an unencrypted biometric profile. The authentication unit is capable of authenticating the user by using the biometric sample and the unencrypted biometric profile.
The present invention also describes a user device. The user device includes a transceiver and a means to access data. The transceiver is configured to transmit a key and a biometric sample of the user to the server.
The processor 208 is capable of accessing the database 202 and the memory 206. The processor 208 selects an encrypted biometric profile corresponding to a user and decrypts the selected encrypted biometric profile using the corresponding key, to yield an unencrypted biometric profile. For example, the encrypted biometric profile 212 corresponds to the user device 104. In some embodiments of the present invention, the encrypted biometric profile of the user is selected from the database 202 using an identification code sent to the server 102 by the user device 104. The server 102 is capable of discarding the unencrypted biometric profiles, the keys, and the biometric samples of the one or more users, after the users have been authenticated. The authentication unit 210 is capable of authenticating the one or more users. In an embodiment of the present invention, the authentication unit 210 can authenticate the one or more users using the corresponding biometric samples and the unencrypted biometric profiles. The one or more user devices may be granted (may gain) access to the data after successful authentication of the corresponding one or more users.
In an embodiment of the present invention, a portion of the data is stored in a second server 103. The one or more user devices may be granted secure access to the portion of the data on the second server 103 by the server 102 after the successful authentication of the one or more users.
In an embodiment of the present invention, the authentication unit 308 authenticates the server 102 before the key is transmitted to the server 102. The access unit 304 accesses the data after successful authentication of the user device 104.
At step 404, a biometric sample of the user may be transmitted by the user device 104 and received by the server 102. At step 406, the encrypted biometric profile corresponding to the user is decrypted by the server by using the key, to yield an unencrypted biometric profile. For example, the processor 208 decrypts the encrypted biometric profile 212 corresponding to the user of the user device 104 by using the key, to yield an unencrypted biometric profile. In an embodiment of the present invention, the selection of encrypted biometric profile from the database 202 may be based on the user identification code.
At step 408, the user may be authenticated by an authentication unit 210 of the server 102. In an embodiment of the present invention, the authentication unit 210 may authenticate the user based on the biometric sample of the user and the unencrypted biometric profile. The authentication unit 210 may compare the biometric sample of the user with the unencrypted biometric profile for authentication using existing methods. The user device 104 may be granted access to the data by the server when the biometric sample of the user is found to be an adequate match to the unencrypted biometric profile through means well understood to those of normal skill in the art. In an embodiment of the present invention, the server grants the user device access to a portion of the data that is stored on a second server. For example, the server 102 grants the user device 104 secure access to the portion of the data on the second server 103 after the successful authentication of the user of the user device 104.
At step 410, the unencrypted biometric profile, the key and the biometric sample of the user are discarded by the server. For example, the server 102 discards the key, the sample biometric profile, and the unencrypted biometric profile after authentication of the user of the user device 104.
At step 504, a biometric sample is transmitted by the user device to the server. For example, the transceiver 302 transmits the biometric sample of the user that is received by the biometric sensor 306, to the server 102.
At step 506, the user device accesses the data after successful authentication of the user. For example, the access unit 304 accesses the data after successful authentication of the user of the user device 104 by the server 102. In an embodiment of the present invention, a portion of the data stored on a second server is accessed by the user device. For example, the access unit 304 of the user device 104 accesses the portion of the data that is present on the second server 103, after successful authentication of the user.
As described above, various embodiments of the present invention enable the splitting of security-related information between a server and a user device. This information is necessary to access the data. The present invention increases security by distributing the information necessary for access to the data, between the server and the user device. The key is available only during transactions between the user device and the server. Similarly, a security breach of the user device does not allow an adversary to access the biometric information of the user, since this biometric information is stored on the server. The matching of the biometric sample with the corresponding encrypted biometric profile takes place at the secure server. As a result, the adversary with the compromised user device is unable to access the biometric information of the user, since the adversary is unable to supply a biometric sample of the user for authentication. The present invention provides additional security since the server discards the key, the biometric sample of the user, and the unencrypted biometric information of the user, obtained during the authentication, immediately after the authentication. Thus, a compromise of the server does not reveal any user's unencrypted biometric profile to the adversary.
It will be appreciated the modules described herein may be comprised of one or more conventional processors and unique stored program instructions that control the one or more processors to implement, in conjunction with certain non-processor circuits, some, most, or all of the functions of the modules described herein. The non-processor circuits may include, but are not limited to, a radio receiver, a radio transmitter, signal drivers, clock circuits, power source circuits, and user input devices. As such, these functions may be interpreted as steps of a method to perform accessing of a communication system. Alternatively, some or all functions could be implemented by a state machine that has no stored program instructions, or in one or more application specific integrated circuits (ASICs), in which each function or some combinations of certain of the functions are implemented as custom logic. Of course, a combination of the two approaches could be used. Thus, methods and means for these functions have been described herein.
It is expected that one of ordinary skill, notwithstanding possibly significant effort and many design choices motivated by, for example, available time, current technology, and economic considerations, when guided by the concepts and principles disclosed herein will be readily capable of generating such software instructions and programs and ICs with minimal experimentation.
In the foregoing specification, the invention and its benefits and advantages have been described with reference to specific embodiments. However, one of ordinary skill in the art appreciates that various modifications and changes can be made without departing from the scope of the present invention as set forth in the claims below. Accordingly, the specification and figures are to be regarded in an illustrative rather than a restrictive sense, and all such modifications are intended to be included within the scope of present invention. The benefits, advantages, solutions to problems, and any element(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential features or elements of any or all the claims. The invention is defined solely by the appended claims including any amendments made during the pendency of this application and all equivalents of those claims as issued.
