GB2565551A - Method of biometric user registration with the possibility of management of the data depersonalization level - Google Patents
Method of biometric user registration with the possibility of management of the data depersonalization level Download PDFInfo
- Publication number
- GB2565551A GB2565551A GB1713007.1A GB201713007A GB2565551A GB 2565551 A GB2565551 A GB 2565551A GB 201713007 A GB201713007 A GB 201713007A GB 2565551 A GB2565551 A GB 2565551A
- Authority
- GB
- United Kingdom
- Prior art keywords
- username
- person
- computing system
- user account
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Biomedical Technology (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Collating Specific Patterns (AREA)
Abstract
A method of assigning a person an identity in a first computing system, the identity for uniquely identifying the person when the person accesses a further computing system. The identity comprises a short username created by the person and a relatively longer username created by the first computing system. The method comprises receiving the short username 50 from the person, receiving a biometric image 51 of the person, randomly generating a set of characters to create the relatively longer username 52. Then training a neural network 53 to produce the relatively longer username when presented with the biometric image, storing 54 the short username, trained parameters of the neural network, and the relatively longer username in association with one another in a registration file and publishing 54 the registration file on the internet to allow access to the registration file by any computing system accessing the Internet, including the further computing system. The biometric image may be facial geometry, fingerprint, voice, handwriting or pattern of blood vessels of the person. It may be used to restrict access to cell phones, computers, access to premises, make payments or carry out other operations in an electronic environment.
Description
METHOD OF BIOMETRIC USER REGISTRATION WITH THE POSSIBILITY OF MANAGEMENT OF THE DATA DEPERSONALIZATION LEVEL
FIELD OF INVENTION
This invention relates to computer technology, in particular to a method of identifying users which access a computing system, to facilitate payments and other important operations carried out in an electronic environment, such as Internet booths or other access terminals. The method may also be used to restrict access to cell phones, computers, as well as to control access to premises.
BACKGROUND OF INVENTION
Typically, it is necessary to assign each user of the computing system an identity within the computer system, so a user account can be created for each identity. Once the user account has been created, the user is considered to have been registered on the computing system. The user can later declare their identity to the computing system and be given access to the data associated with their user account.
A known method of user registration comprises issuing an Identification (ID) card and a 4-digit Personal Identification Number (PIN) code to the user, the ID card carrying the user identity and the PIN code being used for authentication purposes. A significant drawback of this method is the need for the user to obtain an ID card in person at a bank or at another registration centre. In addition, the registration procedure may be delayed if the ID card is physically issued far from the registration centre, and in order to get the card, the issuing centre has to send the issued card by mail. Furthermore, the user must carry the ID card around so that it is available for use when needed. If the user has forgotten the ID card, the user cannot get money from an Automated Teller Machine (ATM) and pay for purchases. If the user has lost his ID card, then the user has to personally go to the registration centre to register to get a new ID card.
Another known method of user registration comprises the creation by the user of a unique username and a password consisting of random characters. Since the username is used by the computing system to identify the user account, it must be unique within the computing system. Upon registration of a user in the computing system, the proposed username is checked against existing usernames, and if the proposed username already exists in the system then the user is prompted to make the username longer for it to be unique. The main drawback of this method is that users cannot easily remember a long username, and prefer to use short easy-toremember username. Additionally, users may be unable to remember long passwords, and set short passwords which allows computer hackers to more easily hack the passwords associated with short usernames openly stored in the system.
Usernames are typically public and need to be unique since they are used for user identification and have a one-to-one mapping to individual user accounts. In contrast, passwords are used for user authentication and so are strictly confidential. Also, different users may use the same password as one another, for example in the case of a four digit PIN password many users will often have the same PIN, and so passwords do not need to be unique.
RU 2316120 discloses a user registration method which aims to create a user password by transforming a biometric human image into the password using a socalled fuzzy extractor. The essence of the method is to convert the biometric image into a digital code which can be used as a password. Biometric images of the same person vary depending on when/where they are taken, and so to correct errors selfcorrecting codes with 20-fold redundancy are used, so that the information part of the code is 20 times shorter than the overall code. However, the fuzzy extractors provide relatively short passwords. Moreover, users still have to remember and enter long usernames before the biometric image can be used as a password.
RU 2355307 discloses that instead of fuzzy extractors a neural network biometry-code converter can be used to obtain the password (cryptographic authentication key) from the parameters of the biometric image. As compared to the fuzzy extractors, neural network converters learn using the Russian National Standard GOST R 52633.5-2011 algorithm Data protection. Data protection technique. Automatic training of neural network converters of biometry-code access, to produce access passwords and/or cryptographic authentication keys that are ten times longer than typical fuzzy extractors. Error correcting codes may be included in the passwords/keys to provide resilience to variations in the biometric image provided by the user.
However, the main drawback of biometric registration remains the same. A registered user has to remember a lot of different usernames corresponding to their accounts on various different computing systems, and to manually enter the correct username to identify themselves to the computing system, so that authentication via a memorised password or biometric image can subsequently take place.
It would be desirable to use biometric images for user identification in the computing system, rather than just user authentication. However, biometric images supplied by a user may not be sufficiently consistent with one another to always result in the same username, and biometric images from two different people can be very similar to one another, and so are not typically used to generate usernames because of the risk of one user being given access to another user’s account. Biometric images from identical twin siblings are particularly problematic. The consequence of a user being given access to another user’s account due to a failed identification process, is much more severe than the consequence of a user being denied access to his own account due to a failed authentication process. Therefore, biometric images are not typically used for identification, and are instead used for authentication after the user identity has already been determined via a username.
The problem of remembering usernames get worse as the size of the information system grows. The larger the information system, the longer the user's username needs to be in order to be unique. The longer the username, the harder it is to remember and the more difficult it is for the user to enter a long username from the keyboard without mistakes. Users typically prefer to have short and meaningful usernames which they can easily remember and which are easily understood by other users of the same system. This problem is commonly encountered in registering new email addresses where users may prefer to user their own name as their email address, but are faced with having to append a string of numbers or random characters after their name to distinguish from other existing users which have already registered an email address under that name.
Another drawback of the above methods is that a computer hacker may be able to gain access to the user’s real name stored in their user account, and track the user’s activities in the information system, for example, by calculating the amount of the user's expenses on goods of one or another category. When purchasing certain goods, such as specific medications, the user must be guaranteed anonymity because it is possible to identify his diagnosis based on some medications. This problem may be solved by the use of depersonalized biometric user registration such as that disclosed in RU 2371765, where the user's personal data relating to their username are stored outside the information system, for example, at a verification centre. A computer hacker can observe the actions of the user in the information system and actions of others in relation to the user in a particular information system, but the hacker cannot recover the user's full name and his personal information. However, the depersonalised user biometric registration disclosed in RU 2371765 still requires users to memorize long usernames in information systems that work without ID cards.
It is therefore an aim of the present invention to eliminate the need to memorize long usernames, and another aim is to protect the user’s personal information even in the event of a computer hacker gaining access to the computing system where the user’s account is registered.
SUMMARY OF INVENTION
According to an aspect of the invention, there is provided a method of assigning a person an identity in a first computing system, the identity for uniquely identifying the person when the person accesses a further computing system. The identity comprises a short username created by the person and a relatively longer username created by the first computing system, and the method comprises:
- receiving the short username from the person,
- receiving a biometric image of the person,
- randomly generating a set of characters to create the relatively longer username,
- training a neural network to produce the relatively longer username when presented with the biometric image,
- storing the short username, trained parameters of the neural network, and the relatively longer username in association with one another in a registration file, and
- publishing the registration file on the Internet to allow access to the registration file by any computing system accessing the Internet, including the further computing system.
Since the username is formed of a short username generated by the user and a relatively longer username generated by computer, the person does not need to create a long and unique username anymore, but can simply create the short username. The publication of the registration file on the Internet means that the first computing system provides a central point where user registration details are provided, and so the user registration details can be copied and duplicated into other (further) computing systems. For example, if the person is already registered in an online (first) computer system with 10,000,000 users, then the person does not need to re-register in a small (further) computer system of a nearby grocery store serving no more than 10,000 customers who live within walking distance. Instead, details can simply be copied from the published registration file of the first computer system and into a new user account on the further computer system, so that the usernames of the person’s accounts are the same in both the first and further computer systems. The new user account comprises the short username, the trained parameters of the neural network, and the relatively longer username, the user account being stored on the further computing system along with user accounts of other persons.
The person may provide the further computer system with a link to the registration file that stores their short username, their relatively longer username, and their neural network parameters that can be applied to a program emulator of a neural network for the neural network to convert their biometric image into their relatively longer username. The further computer system may store the information in the registration file and subsequently delete the link to the registration file for increased security. Preferably, the first computer system creates a new registration file for each new person that is assigned an identity in the first computer system, however the details of multiple persons could be stored in a single registration file if desired, for example if the persons belonged to a particular family or group.
The person can then log into the further computing system by inputting a biometric image that is the same or similar to the biometric image that was provided to the first computing system when the registration file was created. Specifically, the biometric image of the person may be input into the further computer system, and user accounts of the further computing system may be searched to identify the user account of the person, by for each user account:
- setting a neural network of the further computing system to have the trained parameters of the user account,
- applying the input biometric image to the neural network, and
- determining that the user account is a candidate for being the user account of the person if the application of the input biometric image to the neural network results in the relatively longer username of the user account.
If only one candidate user account is determined, then the candidate user account is the user account of the person. However, if more than one candidate user account is determined, then the short username can be used to resolve the ambiguity. Specifically the further computing system requests and receives the short username from the person, searches the candidate user accounts for the short username, and determines the candidate user account which has the short username as being the user account of the person. Once the user account of the person has been identified, the person may enter a password into the further computing system and the hash function of the password may be stored as part of the user account on the further computing system, the password for authenticating the person when the person attempts to log into the user account at a later date. The method may be used with various further computing systems to restrict access to cell phones, computers, as well as to control access to premises, make payments, or carry out other operations in an electronic environment. The further computing systems may provide various methods of access to the user, such as Internet booths or other access terminals.
There may be a case where “twins” with identical biometric images appear in the system. The system will detect this during login (the two persons will have two different long usernames each), and, if this is the case, the information system will request each of the persons to enter their short username or other data that will allow to reveal this collision safely.
By using the biometric image, the person does not have to deal with the hassle of remembering and entering long unique usernames to access his information resources in his personal electronic account when selling, buying, or making other significant actions on the further computer system. The computer independently increases the length of the user's short username by using the person’s biometrics observed by the computer system to identify the relatively long username. In most cases, the person does not need to enter the short username, since there is normally only one candidate user account determined based on the biometric image. The longer the relatively long username is, the less chance of a collision between biometric images which are transformed into the relatively long username by the neural network. The biometric images may be images such as specific human facial geometry, specific handwriting, specific voice characteristics, specific pattern(s) of subcutaneous blood vessels on the palm, etc.
A key advantage of the invention is that the short (easy-to-remember) username does not need to be unique. The person only has to enter their short username if two similar biometric images belonging to different users are registered in the further computing system that the person is trying to log into. The recognition of users is performed without the user having to remember long and unique usernames, and persons with unique biometric images will not have to enter any username at all. The invention allows people to use information systems without ID cards and without entry of long unique usernames.
The relatively long username may be created by launching a random number generator to produce a random number, and storing the produced random number as the relatively long username. More preferably, creating the relatively longer username further comprises adding error correction coding to the produced random number and using the combination of the produced random number and the error correction coding as the relatively long username, to help improve the resilience of the longer username to variations in the supplied biometric image when logging onto the further computing system. Specifically, small errors in the number output by the neural network can be corrected using the error correction coding. For example, if a person takes a first image of their face and provides this to the first computing system for creation of the registration file, and then takes a second image of their face and provides this to the further computing system for logging on, then it may be expected that the neural networks of the first and further computing systems may give slightly different results, which can be corrected by the error correcting codes.
The creation of the relatively longer username may further comprise concatenating the randomly generated characters with the short username so the relatively longer username comprises the randomly generated characters and the short username.
In further computing systems with small numbers of users, the chances of each person’s biometric image being sufficiently unique to unambiguously identify the user without requiring entry of the short username are higher. Accordingly, for small information systems required to reliably recognize all the inhabitants of a village, all the permanent members of a club, or all the regular customers of a small shop, the invention provides username-free identification of users.
In large further information systems, there may sometimes be a need for users to enter their short usernames. If the biometric image is a fingerprint, and the information system has 10,000 users, then the chances of a user’s fingerprint being erroneously matched with another user’s fingerprint may be around 0.0001. This means that in an information system serving about 10,000 users, the vast number of users will not need to enter their short usernames. One or two users may have to enter their usernames when logging in to their biometric twin’s system. However, if an information system serves 1,000,000 users, nearly every user will have to enter their short username for identification. Preferably, each short username should be at least three letters long. In large information systems, the use of the biometric image according to the invention reduces the length of the username that has to be remembered and entered by each user, however the short username still often needs to be entered to resolve collisions between biometric images.
To help reduce the number of times that the short username needs to be entered to resolve collisions, the number of collisions can be greatly reduced by the computing system receiving a further biometric image of the person, randomly generating a set of characters to create a further relatively longer username, training the neural network or another neural network to produce the further relatively longer username when presented with the biometric image, and storing further trained parameters of the or the another neural network and the further relatively longer username in the registration file in association with the short username, the trained parameters of the neural network, and the relatively longer username. Then, when logging into the further computing system, if the user supplies a biometric image which results in more than one candidate user account, then if the user wishes the user can supply the further biometric image to help determine which one of the candidate user accounts is the correct one, instead of entering the short username.
If there is still more than one candidate user account matching both biometric images, then the short username can be entered to finally determine which one of the candidate user accounts is the correct one. The use of the further biometric image can eliminate the need to enter the short username for the majority of users even in very large information systems. The biometric image and the further biometric image record different biometric characteristics of the user to one another. For example, the biometric image may be a fingerprint of a first finger of the user, and the further biometric image may be a fingerprint of a second finger of the user. Increasing the number of biometric images registered even further can further reduce the chance of needing to enter the short username, however for user identification it is normally sufficient to show a couple of images in any order.
Optionally, the first computing system may train multiple neural networks to produce the same relatively long username, based on different biometric images supplied by the person registering at the first computing system. Optionally, the first computing system may train multiple neural networks to produce different relatively long usernames, based on different biometric images supplied by the person registering at the first computing system. The further computing system may only store trained parameters a subset of those trained neural networks, so that each further computing system contains incomplete user information, and a computer hacker cannot get all information about all the user's neural networks and all user actions by intruding into one further computing system only.
Preferably the biometric images are not stored in the further computing systems, and the further computing system simply stores trained parameters of neural networks to convert biometric images into relatively long usernames. The first computing system, may delete the biometric image used to create the registration file once the neural network has been trained, to further improve security. Preferably the registration file does not include the name or address of the person, and so the registration file is depersonalised from the person and becomes much less valuable to computer hackers. The person cannot be exactly identified by the short login since this is likely to be fictitious, or a truncated portion of the person’s full name. Preferably, only the trained parameters of neural networks, the short username(s), and the relatively long username(s) to be obtained at the outputs of the neural networks in case of positive identification are stored in the registration file, to limit the amount of information available to computer hackers.
The first computing system may electronically sign the registration file with an electronic signature of the first computing system, prior to the publishing of the registration file on the Internet, so that the registration file cannot be tampered with. Preferably, the combination of the short username, relatively long username, and the trained parameters of the neural network are be combined into a single array in the registration file, and the array is signed by the electronic signature of the first computing system.
The publishing of the registration file on the Internet allows rapid registration of persons onto further computing systems, however the owners of the further computing systems may have a low level of trust in the registered persons as the owners do not have reliable information on the full personal data of the persons. This slows the expansion of the overall system. To help overcome this problem, the short username and the relatively long username of persons may be stored together with the real name of the persons in a secure file at a verification or certification centre, outside the first and further computing systems in which the persons are registered impersonally, for example by persons requesting the verification or certification centre to store their personal data files. The person can choose a trusted verification centre, and the owners of the further computing systems trust the verification centre. The verification or certification centre may electronically sign the secure file with an electronic signature of the verification or certification centre, so the file is trusted by the owners of further computing systems.
The training of a neural network to produce a given set of characters when presented with a biometric image is known in the art, as discussed in the background of the invention section further above, and so is not discussed in detail herein. For example, the training may use the Russian National Standard GOST R 52633.5-2011 algorithm, which is stable and fully automated.
The proposed method of assigning a person an identity in a first computing system, the identity for uniquely identifying the person when the person accesses a further computing system, can be used in various types of further computing systems. For example, in an Internet booth for payment of mobile communications and utilities at the entrance to an apartment building. In this case, the services of the Internet booth can be used by tenants, therefore, the Internet booth will recognize no more than 100 users by biometric images such as faces and fingerprints. Upon receipt of bills for the mobile communications and utilities, the user will just go to the Internet booth. The Internet booth will independently recognize the user and provide the necessary information, very likely without the need to supply the short username.
DETAILED DESCRIPTION
Embodiments of the invention will now be described with reference to the accompanying drawings, in which:
Fig. 1 shows a schematic block diagram of a system for implementing an embodiment of the invention; and
Fig. 2 shows a flow diagram of a method according to an embodiment of the invention.
The schematic diagram of Fig. 1 shows a system for implementing an embodiment of the invention. The system comprises a first computing system 10, a further computing system 20, a mobile device 30, and a verification centre 40, which are all connected to the Internet 50. The first computing system 10 is a central system that used for registering identities of new users, so the identities can be used to create new user accounts on further computing systems, such as the further computing system 20.
The first computing system 10 in this embodiment is a computer server, and comprises an identity creation block 12 for interfacing with the mobile device 30 via the Internet 50 to create a new user identity for the user 32. The computer server also comprises a long username generator 14 for generating a relatively long username, an artificial neural network 13, and a trainer block 15 for training the neural network 13 to produce the relatively long username when the neural network is presented with a biometric image of the user 32 from the identity creation block 12. The computer server also comprises a publication server, for publishing a short username from the identity creation block 12, trained parameters of the neural network 13, and the relatively long username from the long username generator 14.
The further computing system 20 comprises a login interface 22 for a user to log into the further computing system, an account storage block 24 where user accounts of the further computing system are stored, and a neural network 26 to help locate the correct one of the stored accounts when user attempts to log in. The further computing system 20 in this embodiment is a supermarket computing system which administers a customer loyalty scheme, however the further computing system could alternatively be practically any other type of computing system which has a need for user accounts. Although only one further computing system 20 is shown, there are typically multiple further computing systems 20, each offering various products and/or services, and storing various user accounts.
The mobile device 30 is a smartphone of a new user 32 that wishes to register an identity in the first computing system 10, however the mobile device could alternatively be any other type of mobile device controlled by the user 32, for example a tablet or computer laptop.
The flow diagram of Fig. 2 shows a method of creating an identity for the user 32 on the first computing system 10, and creating a new user account for the user 32 on the further computing system 20. To begin with, the user 32 connects with the identity creation block 12 of the first computing system 10, via the mobile device 30 and Internet 50, and makes a request to create a new identity. In response, the identity creation block 12 prompts the user to enter their name and address details, a short username in step 50, and a first biometric image in step 51. The identity creation block 12 sends the biometric image to the neural network 13, instructs the long username generator 14 to create a first relatively long username in step 52, and instructs the trainer 15 to train the neural network 13 to output the first relatively long username when presented with the first biometric image in step 53.
In this embodiment, the short username is three to six characters long, represented by 24 to 48 bits in standard computer coding, however longer short usernames could be used if desired. The relatively longer username is relatively long in comparison to the short username, and in this embodiment is 512 bits long, although could be as short as 64 bits, or even longer than 512 bits if desired. The long username generator 14 creates the 512 bits relatively longer username by generating a long random code of 256 bits, and then considering this code as an information part of the relatively longer username. The other 256 bits of the relatively longer username are generated as redundant self-correcting codes for the long random code of 256 bits, thereby giving the relatively longer username the total of 512 bits. Any code can be used as a redundant self-correcting code, for example, one of the versions of the Hamming code or BCH code (Bose-ChaudhuriHocquenghem). With the 100% redundancy given by boosting the 256 information bits up to 512 bits, most of the known classical self-correcting codes are able to correct relatively longer usernames that have up to 5% of their bits in error. This means that once the neural network has been trained, the conversion of the biometric image of the user 32 into the relatively longer username using the neural network still works well even when a different image of the same biometric of the user is presented to the neural network. Optionally, the short username may also be included as part of the relatively longer username.
The neural network 13 has 512 outputs, each output corresponding to one of the bits of the relatively longer username. The neural network 13 is trained by the trainer block 15 according to the Russian National Standard GOST R 52633.5-2011 algorithm, so that the neural network 13 converts the biometric image into the relatively longer username. Once the neural network has been trained, it comprises a set of trained parameters defining the neurons of the trained neural network 13. These trained parameters are stored, and can be applied to other neural networks to make them act in the same way as the trained neural network 13. In this embodiment, the biometric image is an image of the user’s first finger, however other types of biometric image may alternatively be used, for example an image of the user’s face, or their handwriting.
In this embodiment, the method loops back at 71 to request and receive a second biometric image of the user 32 from the mobile device 30, the second biometric image being an image of the user’s second finger. A second relatively longer username is generated, and the neural network 13 is trained to give a second set of trained parameters that result in the second relatively longer username. In alternate embodiments, the method may not perform the loop back 71 at all, so that there is only one biometric image and set of neural network parameters. If desired, then the loop back 71 can be performed again with another biometric image, however in the embodiment shown the method moves to step 54 once one loop back 71 has been performed.
In step 54, the short username is sent from the identity creation block to the publication server 16, both first and second sets of trained parameters of the neural network are sent from the neural network 13 to the publication server 16, and both first and second relatively longer usernames are sent from the long username generator 14 to the publication server 16. The publication server 16 stores the short username, sets of trained parameters, and relatively longer usernames in a registration file that is signed by the first computer system 10, and publishes the registration file on the Internet. The identity creation block 12 sends the mobile device 30 an Internet link to the registration file on the publication server 16, for example in the form of a URL (Uniform Resource Locator). The mobile device 30 can use the link to access the registration file, and/or forward the link to further computing systems so they can access the registration file.
Once the registration file has been created, the identity creation block 12 or the publication server 16, sends a secure file to the verification centre 40 via the Internet 50. The secure file includes the registration file, the user’s name and address, and optionally the biometric images. Then, the first computing system 10 deletes the user’s name and address and the biometric images, so they cannot be obtained by any computer hackers which gain unauthorised access to the first computing system 10. The verification centre allows trusted further computer systems to access the secure file to verify the user’s name and address, and/or any other personal information which may have been provided to the first computer system 10 by the user 32 during creation of their identity on the first computer system
10.
The user 32 wishes to participate in the customer loyalty scheme which is run by the supermarket computing system 20, and so in a step 55 the user uses their mobile device 30 to provide the Internet link that was received from the first computer 10 to the supermarket computing system 20. The supermarket computing system 20 follows the Internet link, downloads the user’s registration file from the publication server 16, and stores a new user account including the registration file in the account storage block 24. The supermarket computing system 20 signs the registration file in the user account, to prevent unauthorised changes from being made to it, and deletes its copy of the link.
To log into the new user account, in a step 57 the user 32 provides an image of their first finger to the login interface 22 of the supermarket computing system 20, by using their mobile device 30 to access the login interface 22 via the Internet 50. The supermarket computing system 20 searches through all of the stored user accounts in a step 58, by for each stored user account, setting the neural network 26 with the set of trained parameters stored in the user account, and applying the biometric image to the neural network 26 to see whether it results in the relatively long username stored in the user account. The supermarket computing system logs all of the user accounts where the application of the biometric image to the neural network specified by the trained parameters in the user account results in the relatively long username stored in the user account, and determines them as candidates for being the user account of the user 32. If only one user account is determined as a candidate user account, then that candidate user account is determined to be the correct user account of the user 32.
To help speed the process of searching through the user accounts, the first and further computing systems are able to classify images into approximately 16 groups, for example by following the classification methodology described in RU 2473125. The first computing system stores the classification along with the user’s short username, the sets of trained parameters, and relatively longer usernames, as part of the registration file. The classification is stored as part of the user’s account on the further computing system when the account is created based on the registration file. Then, when the further computing system receives a biometric image from a user wishing to log on, it can classify the biometric image, and only search through the user accounts having that classification, instead of searching through all the user accounts. If a particular classification has 1,000 neural networks, then all 1,000 neural networks are checked, which require about 0.01 seconds when using a regular modern computer. This is quite acceptable, since the time required for searching is typically shorter than the time required for a user to type in a username, even when large numbers of user accounts need to be searched.
If more than one candidate user account is determined in the search, then the login interface 22 prompts the user 32 via their mobile device 30 to either provide an image of their second finger (second biometric image), or their short username. If the user wishes to provide the second biometric image, then the method loops back at 72, the supermarket computing system receives the second biometric image, and searches the candidate user accounts to determine which of those user accounts the application of the second biometric image to the neural network specified by the second set of trained parameters in the user account results in the second relatively long username stored in the user account. If only one user account is determined, which is very likely even in large information systems, then that user account is determined to be the correct user account of the user 32. If more than one user account is determined, then the user is prompted to enter their short username.
In the step 59, the user provides their short username, either instead of providing the second biometric image, or after providing the second biometric image if the second biometric image still does not narrow the candidate user accounts down to a single user account. The supermarket computing system compares the short username to the short usernames in the user accounts that were determined based on the first and optionally second biometric images, and identifies the correct user account as the user account having that short username.
Once the correct user account of the user 32 has been determined, the user and/or the supermarket computing system 20 can perform operations associated with the user account, such as adding or redeeming stored value to or from the user account. Preferably, the first time the user 32 logs into their user account on the supermarket computing system 20, the user 32 is prompted to create a password which is used to authenticate the user 32 for subsequent logins to the supermarket computing system 20. This helps prevent a computer hacker from taking an unauthorised photo of the user’s finger and using the photo to gain unauthorised access to the user’s account on the supermarket computing system 20, since the computer hacker will not know the password. If a user is concerned about the protection of information stored in his account, then the user can set up the account to display the information in the account only after both the first and second biometric images have been provided and determined to result in the first and second relatively longer usernames of the account.
If required, for example when the user wishes to redeem value from their customer loyalty account when at a point-of-sale terminal in the supermarket, the supermarket computing system can verify a name and address supplied by the user 32 by contacting the verification centre 40. The verification centre 40 uses the secure file stored earlier to verify whether the name and address of the user that is seeking to redeem the stored value, is the same as the name and address of the user stored in the stored file. The name and address of the user is deleted from the supermarket computing system after verification has been performed, to protect the user’s identity in case a computer hacker successfully gains access to the supermarket computing system at a later time.
The first and second biometric images record first and second biometrics of the user 32. The first biometric image supplied from the user to the first computing system 10 when creating the new identity, and the first biometric image supplied from the user to the further computing system 20 when logging on, may be exactly the same image as one another, or may be different images of the first biometric of the user, for example two different photographs of the user’s first finger. Equivalently, the second biometric image supplied from the user to the first computing system 10 when creating the new identity, and the second biometric image supplied from the user to the further computing system 20 when logging on, may be exactly the same image as one another, or may be different images of the second biometric of the user, for example two different photographs of the user’s second finger. When different images of the same biometric are used, the error-correcting codes in the relatively long usernames help assure that the correct user accounts will still be determined, and greatly reduce the instances in which a biometric image fails to locate the correct user account. In the embodiment shown, the conversion of the biometric image into the relatively long username by the neural network has a probability of failure of around 0.05. That is, every twentieth attempt to access will be denied and will have to be repeated. For two attempts, the probability of failure will be around 0.0025, which is negligible. Three attempts to access will be extremely rare.
In the embodiment shown, the user registers an identify with the first computing system 10 and logs into the further computing system 20 using a camera ofthe mobile device 30 to take and send biometric images, however in alternate embodiments the mobile device may be omitted and the user may use a camera of the first computing system to take the biometric image for registering the new identity, and use a camera of the further computing system 20 to take the biometric image for logging into the further computing system 20. Or, more specialist equipment than cameras may be implemented at the first and further computing systems, for example dedicated fingerprint scanners or eye scanners. Then, the user interacts directly with user interfaces of the first computing system 10 and the further computing system 20, rather than with their mobile phone, to perform the registration of the new identity and to log on.
Due to the use of biometric images as described herein, the user 32 does not need to remember and enter the relatively long username at any time. At the further computing system, for example an Internet booth, the user can confirm their identity by showing a fingerprint sensor their fingerprint if the user has previously created an account at the Internet booth by transferring the information in the registration file from the first computing system. It is far easier to press a finger on the scanner than to enter a long username without errors.
Further embodiments falling within the scope of the invention will also be apparent to those skilled in the art.
Claims (20)
1. A method of assigning a person an identity in a first computing system, the identity for uniquely identifying the person when the person accesses a further computing system, the identity comprising a short username created by the person and a relatively longer username created by the first computing system, the method comprising:
- receiving the short username from the person,
- receiving a biometric image of the person,
- randomly generating a set of characters to create the relatively longer username,
- training a neural network to produce the relatively longer username when presented with the biometric image,
- storing the short username, trained parameters of the neural network, and the relatively longer username in association with one another in a registration file, and
- publishing the registration file on the Internet to allow access to the registration file by any computing system accessing the Internet, including the further computing system.
2. The method of claim 1, further comprising the first computing system electronically signing the registration file with an electronic signature of the first computing system.
3. The method of claim 1 or 2, wherein the biometric image is not stored in the registration file.
4. The method of claim 1,2, or 3, further comprising deleting the biometric image of the person from the first computing system after the neural network has been trained.
5. The method of any preceding claim, wherein creating the relatively longer username further comprises adding error correction coding to the randomly generated set of characters.
6. The method of any preceding claim, wherein creating the relatively longer username further comprises concatenating the randomly generated characters with the short username so the relatively longer username comprises the randomly generated characters and the short username.
7. The method of any preceding claim, further comprising:
- receiving a further biometric image of the person,
- randomly generating a set of characters to create a further relatively longer username,
- training the neural network to produce the further relatively longer username when presented with the biometric image, and
- storing further trained parameters of the neural network and the further relatively longer username in the registration file in association with the short username, the trained parameters of the neural network, and the relatively longer username.
8. The method of claim 7, wherein the further biometric image is not stored in the registration file.
9. The method of claim 7 or 8, further comprising deleting the further biometric image of the person from the first computing system after the neural network has been trained to produce the further relatively longer username.
10. The method of any one of claims 7 to 9, wherein creating the further relatively longer username further comprises adding error correction coding to the randomly generated set of characters.
11. The method of any preceding claim, further comprising storing a user account of the person on the further computing system, the user account comprising the short username, trained parameters of the neural network, and the relatively longer username, the user account being stored on the further computing system along with user accounts of other persons.
12. The method of claim 11, wherein storing a user account of the person on the further computing system comprises providing the further computing system with an Internet link to the registration file on the Internet, downloading the short username, the trained parameters of the neural network, and the relatively longer username of the registration file to the further computing system, and storing the short username, the trained parameters of the neural network, and the relatively longer username as part of the user account of the person.
13. The method of claim 11 or 12, further comprising the further computing system receiving an input biometric image of the person, and searching user accounts of the further computing system to identify the user account of the person, by for each user account:
- setting a neural network of the further computing system to have the trained parameters of the user account,
- applying the input biometric image to the neural network, and
- determining that the user account is a candidate for being the user account of the person if the application of the input biometric image to the neural network results in the relatively longer username of the user account.
14. The method of claim 13, wherein if only one candidate user account is determined, then the method further comprises determining that the candidate user account is the user account of the person.
15. The method of claim 13 or 14, wherein if more than one candidate user account is determined, then the method further comprises requesting and receiving the short username of the person, searching the candidate user accounts for the short username, and determining the candidate user account which has the short username as being the user account of the person.
16. The method of any one of claims 13 to 15, when claim 10 is appended to any one of claims 6 to 9, wherein the user account of the person stored on the further computing system further comprises the further trained parameters and the further relatively long username, wherein a further input biometric image of the person is received at the further computing system, and wherein the searching of the user accounts of the further computing system to identify the user account of the person further comprises for each candidate user account:
- setting the neural network of the further computing system to have the further trained parameters of the user account,
- applying the further input biometric image to the neural network, and
- determining that the user account is no longer a candidate for being the user account of the person if the application of the further input biometric image to the neural network does not result in the relatively longer username of the user account.
17. The method of any one of claims 11 to 16, further comprising the further computing system receiving a password from the person and storing the password as part of the user account of the person, the password for authenticating the person when the person attempts to log into the user account at a later date.
18. The method of any preceding claim, wherein the registration file does not include the name or address of the person.
19. The method of any preceding claim, further comprising storing the short username and the relatively long username together with the real name of the person in a secure file at a verification or certification centre.
20. The method of claim 19, further comprising the verification or certification centre electronically signing the secure file with an electronic signature of the verification or certification centre.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1713007.1A GB2565551A (en) | 2017-08-14 | 2017-08-14 | Method of biometric user registration with the possibility of management of the data depersonalization level |
PCT/GB2018/052286 WO2019034853A1 (en) | 2017-08-14 | 2018-08-10 | Method of biometric user registration with the possibility of management of the data depersonalization level |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1713007.1A GB2565551A (en) | 2017-08-14 | 2017-08-14 | Method of biometric user registration with the possibility of management of the data depersonalization level |
Publications (2)
Publication Number | Publication Date |
---|---|
GB201713007D0 GB201713007D0 (en) | 2017-09-27 |
GB2565551A true GB2565551A (en) | 2019-02-20 |
Family
ID=59896121
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1713007.1A Withdrawn GB2565551A (en) | 2017-08-14 | 2017-08-14 | Method of biometric user registration with the possibility of management of the data depersonalization level |
Country Status (2)
Country | Link |
---|---|
GB (1) | GB2565551A (en) |
WO (1) | WO2019034853A1 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030219121A1 (en) * | 2002-05-24 | 2003-11-27 | Ncipher Corporation, Ltd | Biometric key generation for secure storage |
US20090013191A1 (en) * | 2007-07-05 | 2009-01-08 | Honeywell International, Inc. | Multisystem biometric token |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8839090B2 (en) * | 2004-09-16 | 2014-09-16 | International Business Machines Corporation | System and method to capture and manage input values for automatic form fill |
US20070031009A1 (en) * | 2005-04-15 | 2007-02-08 | Julius Mwale | Method and system for string-based biometric authentication |
RU2371765C2 (en) * | 2008-01-14 | 2009-10-27 | Александр Иванович Иванов | Anonymous biometric person's registration method |
-
2017
- 2017-08-14 GB GB1713007.1A patent/GB2565551A/en not_active Withdrawn
-
2018
- 2018-08-10 WO PCT/GB2018/052286 patent/WO2019034853A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030219121A1 (en) * | 2002-05-24 | 2003-11-27 | Ncipher Corporation, Ltd | Biometric key generation for secure storage |
US20090013191A1 (en) * | 2007-07-05 | 2009-01-08 | Honeywell International, Inc. | Multisystem biometric token |
Also Published As
Publication number | Publication date |
---|---|
GB201713007D0 (en) | 2017-09-27 |
WO2019034853A1 (en) | 2019-02-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220052852A1 (en) | Secure biometric authentication using electronic identity | |
US11847199B2 (en) | Remote usage of locally stored biometric authentication data | |
AU2021201911B2 (en) | Methods and devices for acquiring and recording tracking information on blockchain | |
US7613929B2 (en) | Method and system for biometric identification and authentication having an exception mode | |
US6970853B2 (en) | Method and system for strong, convenient authentication of a web user | |
CN110753944B (en) | System and method for blockchain-based data management | |
US11244146B2 (en) | Systems and methods for secure user logins with facial recognition and blockchain | |
US20090070860A1 (en) | Authentication server, client terminal for authentication, biometrics authentication system, biometrics authentication method, and program for biometrics authentication | |
US10951609B2 (en) | System to effectively validate the authentication of OTP usage | |
KR20220123657A (en) | Privacy biometric authentication | |
KR20220004997A (en) | Generate biometric digital signatures for identity verification | |
JPWO2020136763A1 (en) | Authentication system, authentication method, and program | |
US11681787B1 (en) | Ownership validation for cryptographic asset contracts using irreversibly transformed identity tokens | |
CN110489960A (en) | Authentication method and system | |
WO2019034853A1 (en) | Method of biometric user registration with the possibility of management of the data depersonalization level | |
WO2021255821A1 (en) | Authentication server, facial image update recommendation method and storage medium | |
Purkayastha et al. | Decentralized and Secure Blockchain-Powered Smart Card-Based Cloud Voting System | |
JP2004013865A (en) | Personal identification method by associative memory | |
US20240346501A1 (en) | Pseudonymous persona code-based age verification token generation | |
US20240007293A1 (en) | Systems and methods for user identification and/or retrieval of user-related data at a local auxiliary system | |
US20240346512A1 (en) | Age verification using pseudonymous persona code-based single-use token | |
CN117061235A (en) | Identity authentication method, system, equipment and computer readable storage medium | |
GB2555401A (en) | Improvements in or relating to authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |