Wireless biometric authentication system and method

By generating biometric identification templates and using a fuzz extractor and public-key encryption technology, the slowness and security risks of biometric identification authentication systems are solved, enabling secure and convenient wireless biometric identification authentication and reducing the risk of data leakage.

CN114637979BActive Publication Date: 2026-07-14VISA INTERNATIONAL SERVICE ASSOCIATION

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
VISA INTERNATIONAL SERVICE ASSOCIATION
Filing Date
2016-10-26
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Existing biometric authentication systems may be slow and cumbersome to use, and biometric data is easily stolen and misused, especially posing security risks during wireless transmission.

Method used

By generating biometric identification templates and using a fuzz extractor and public-key encryption technology, the secure transmission and authentication of biometric identification data in wireless communication is ensured. The fuzz extractor generates public values ​​and password keys, and the access device broadcasts encrypted messages to multiple mobile devices, allowing only matching mobile devices to decrypt the data.

Benefits of technology

It achieves both security and convenience in wireless biometric authentication, allowing users to complete authentication without manual operation, reducing the risk of biometric data leakage, and improving the security and efficiency of the system.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN114637979B_ABST
    Figure CN114637979B_ABST
Patent Text Reader

Abstract

Embodiments of the invention relate to wireless authentication of individuals using biometric templates. In one embodiment, a mobile device can generate a first biometric template and a first public value from a first biometric sample of a user, and generate a first cryptographic key by passing the first biometric template to a generation function of a fuzzy extractor. An access device can generate a second biometric template from a second biometric sample of the user, generate a second secret cryptographic key by passing the second biometric template and the first public value to a reproduction function of the fuzzy extractor, encrypt the second biometric template with the second secret cryptographic key, and broadcast the encrypted template to a plurality of nearby mobile devices including the mobile device. If the mobile device is able to decrypt the encrypted template with the first cryptographic key, the access device can associate the user with the mobile device.
Need to check novelty before this filing date? Find Prior Art

Description

[0001] This invention application is a divisional application of the invention patent application with international application number PCT / US2016 / 058880, international application date of October 26, 2016, and Chinese national phase application number 201680062390.2, entitled "Wireless Biometric Identification and Authentication System and Method".

[0002] Cross-reference to related applications

[0003] This application is the official application and claims priority to U.S. Provisional Application No. 62 / 246,476 (Agent No.: 079900-0961921-1549US01), filed on October 26, 2015, which is incorporated herein by reference in its entirety for all purposes. Background Technology

[0004] Using biometrics as a means of authenticating individuals offers various advantages. In systems that control access to resources through biometrics, individuals can present biometric data to the system's access device for authentication. This biometric data originates from one or more inherent physical characteristics of the individual (e.g., facial photographs, retinal scans, fingerprints, voiceprints, etc.). Therefore, individuals do not need to remember passwords, provide answers to security questions, or store physical security tokens.

[0005] However, existing biometric-based authentication systems are not without their problems. For example, such systems can be slow or cumbersome to use. In one particular system, to facilitate future authentication at a resource provider (such as a trade show organizer), an individual (such as a trade show participant) could register their personal smartphone with the resource provider and provide a photograph of their face. When the individual later requests access to a resource (such as entering a trade show), the access device will detect the individual's smartphone and retrieve a set of photos including the individual's photograph. However, the access device still requires human input (e.g., input from security personnel) to match the smartphone with the individual's photograph before authorizing access to the individual.

[0006] Furthermore, biometric data is also vulnerable to the theft and misuse of various malicious actors. For example, while the vast majority of access devices are likely reliable, there is a possibility of encountering access devices that have been hacked or otherwise compromised. Therefore, when an individual requests access to a resource, this malicious access device could steal the individual's biometric data. Additionally, in authentication systems involving the wireless transmission of biometric data, a person who happens to be nearby during the transmission could potentially steal the biometric data.

[0007] The embodiments of the present invention individually and collectively address these and other problems. Summary of the Invention

[0008] Embodiments of the present invention relate to using biometric identification templates to securely authenticate individuals via wireless communication technology.

[0009] For example, a first mobile device can obtain a first biometric sample from a first user of the first mobile device, and generate a first large biometric template and a first small biometric template from the first biometric sample. The first mobile device can then generate a first public value and a first cryptographic key by passing the first small biometric template to a fuzzy extractor. At some point when the first user is located at a location associated with a resource provider (i.e., the resource provider's location), the first mobile device can detect an access device associated with the resource provider. In response, the first mobile device can transmit the first public value to the access device. Therefore, if there are other users at the resource provider's location, the access device can receive the public value generated by the mobile device based on the biometric sample of the user of that mobile device from the mobile device of each of them.

[0010] When the access device authenticates the first user, it can obtain a second biometric sample and generate a second large biometric template and a second small biometric template from the second biometric sample. In the event that multiple mobile devices are located within range of the access device, the access device can attempt to determine which mobile device is associated with the first user (which will be the first mobile device).

[0011] Therefore, the access device can detect multiple mobile devices located within a vicinity of the access device, wherein the multiple devices include a first mobile device. For each of the neighboring mobile devices, the access device can perform the following steps: the access device can retrieve a public value associated with the mobile device; generate a secret key by passing a second small biometric template and the public value to the reproduction function of a fuzzy extractor; encrypt a second large biometric template with the secret key; and broadcast the encrypted second large biometric template to the multiple mobile devices. Therefore, each time the access device broadcasts a second large biometric template, the template can be encrypted with a different secret key.

[0012] For each broadcast, each mobile device receiving the broadcast can attempt to decrypt the encrypted second biometric template using a secret key that has been generated and stored on the mobile device. However, a mobile device can only successfully attempt to decrypt if the access device encrypts the second biometric template using a secret key generated by the access device using public values ​​received from the mobile device before executing that particular broadcast.

[0013] For example, when a first mobile device receives a broadcast of an encrypted second biometric template, the first mobile device can attempt to decrypt the template using a first cryptographic key. However, the decryption attempt will only succeed if the encryption for that particular broadcast uses a secret cryptographic key generated using a first public value. If the encryption uses a secret cryptographic key generated using a different public value (which is generated by different mobile devices from biometric samples of different users), the decryption attempt will fail.

[0014] If the decryption attempt is successful, the first mobile device can determine whether the second biometric template matches the first biometric template stored on the first mobile device. If they match, the first mobile device can send a confirmation of the match to the access device. Since the access device has determined that the first mobile device is associated with the first user, the access device can authorize the first user to access the resources.

[0015] Other implementations involve systems, portable consumer devices, and computer-readable media associated with the methods described herein.

[0016] A better understanding of the nature and advantages of embodiments of the present invention can be obtained by referring to the following detailed description and accompanying drawings. Attached Figure Description

[0017] Figure 1 A system for detecting mobile devices at the location of a resource provider, according to some implementation schemes, is described.

[0018] Figure 2 A system for controlling access to resources using wireless biometric authentication, according to some implementation schemes, is described.

[0019] Figure 3 Another exemplary system for controlling access to resources using wireless biometric authentication, according to some implementations, is described.

[0020] Figure 4 A flowchart illustrating a wireless biometric authentication process using public-key encryption according to some implementation schemes is shown.

[0021] Figure 5-8The diagrams illustrate the concept of using a fuzzy extractor according to some implementation schemes.

[0022] Figure 9 A flowchart illustrating a wireless biometric authentication process using the concept of a fuzz extractor according to some implementation schemes is shown.

[0023] Figure 10 A block diagram of a portable communication device according to some embodiments is shown. Detailed Implementation

[0024] Embodiments of the present invention relate to using biometric templates to securely authenticate individuals via wireless communication technology. Some embodiments allow users to gain access to resources by self-authenticating against an access device simply by capturing biometric data. This verification of user biometrics does not require the user to take out their phone and can reduce the risk of user biometric data disclosure.

[0025] For example, a first mobile device (i.e., a portable communication device) can obtain a first biometric sample (e.g., take a first photograph of the first user's face) from a first user of the first mobile device, and generate a first large biometric template and a first small biometric template from the first biometric sample. The first mobile device can then generate a first public value and a first cryptographic key by passing the first small biometric template to a generation function of a fuzzy extractor. At some point when the first user is located at a location associated with a resource provider (i.e., the resource provider's location), the first mobile device can detect an access device associated with the resource provider (e.g., via a beacon broadcasting through a broadcasting device or on behalf of a broadcasting device). In response, the first mobile device can transmit the first public value to the access device. Thus, if there are other users at the resource provider's location, the access device can receive the public value generated by that mobile device based on the biometric sample of the user of that mobile device from the mobile device of each of them.

[0026] When the access device authenticates the first user, it can obtain a second biometric sample (e.g., take a second photo of the first user's face) and generate a second large biometric template and a second small biometric template from the second biometric sample. In the event that multiple mobile devices are within range of the access device, the access device can attempt to determine which mobile device is associated with the first user (which will be the first mobile device).

[0027] Therefore, the access device can detect multiple mobile devices located within a vicinity of the access device, wherein the multiple devices include a first mobile device. For each of the neighboring mobile devices, the access device can perform the following steps: the access device can retrieve a public value associated with the mobile device; generate a secret key by passing a second small biometric template and the public value to the reproduction function of a fuzzy extractor; encrypt a second large biometric template with the secret key; and broadcast the encrypted second large biometric template to the multiple mobile devices. Therefore, each time the access device broadcasts a second large biometric template, the template can be encrypted with a different secret key.

[0028] The second biometric template can be broadcast as many times as the number of mobile devices nearby at the time of authentication. For each broadcast, each mobile device receiving the broadcast can attempt to decrypt the encrypted second biometric template using a secret key generated and stored on the mobile device. However, a mobile device can only successfully attempt to decrypt if, prior to performing that particular broadcast, the access device encrypts the second biometric template using a secret key generated by the access device using public values ​​received from the mobile device.

[0029] For example, when a first mobile device receives a broadcast of an encrypted second biometric template, the first mobile device can attempt to decrypt the template using a first cryptographic key. However, the decryption attempt will only succeed if the encryption for that particular broadcast uses a secret cryptographic key generated using a first public value. If the encryption uses a secret cryptographic key generated using a different public value (which is generated by different mobile devices from biometric samples of different users), the decryption attempt will fail (e.g., generate junk).

[0030] If the decryption attempt is successful, the first mobile device can determine whether the second biometric template matches the first biometric template stored on the first mobile device (e.g., whether the first and second photos show the first user's face). If they match, the first mobile device can send a confirmation of the match to the access device. Since the access device has determined that the first mobile device is associated with the first user, the access device can authorize the first user to access the resources.

[0031] In some implementations, when a mobile device enters a resource provider's location, it can detect a beacon containing a transmitter identifier sent from the transmitter to the mobile device. Upon receiving the transmitter identifier, the mobile device can send the transmitter identifier to an external service computer and, in response, receive a resource provider identifier associated with the resource provider. Upon receiving the resource provider identifier, the mobile device can send its user identifier (i.e., user identifier), a public value generated on the mobile device, and the resource provider identifier to the transmitter.

[0032] Some embodiments of the present invention may relate to BLE (Bluetooth Low Energy) usage by customers (i.e., users) with smartphones (i.e., mobile devices) shopping in physical stores (i.e., resource provider locations). Here, facial recognition (or recognition through the use of other biometric identification) can help identify customers at or near the checkout (i.e., access device) without the customer having to perform any explicit action.

[0033] Before discussing other specific implementation schemes and examples, the following provides some descriptions of the terminology used in this article.

[0034] As used herein, an "access device" can be any suitable device that can be used to access external systems. For example, an access device can be used to communicate with a merchant's computer or payment processing network and to interact with payment devices, user computer devices, and / or user mobile devices. Access devices can typically be located in any suitable location, such as at a merchant's location. Access devices can be of any suitable form. Some examples of access devices include POS devices, cellular phones, PDAs, personal computers (PCs), tablets, handheld dedicated readers, set-top boxes, electronic cash registers (ECRs), automated teller machines (ATMs), virtual cash registers (VCRs), kiosks, security systems, access systems, websites, etc. Access devices can use any suitable contact or contactless operating mode to send or receive data from, or associate with, payment devices and / or user mobile devices. In some embodiments where the access device may include a POS terminal, any suitable POS terminal can be used, and it may include a reader, processor, and computer-readable medium. The reader may include any suitable contact or contactless operating mode. For example, an exemplary card reader may include a radio frequency (RF) antenna, an optical scanner, a barcode reader, or a magnetic stripe reader to interact with a payment device and / or a mobile device. The access device may also have a biometric reader capable of reading any biometric sample described herein or otherwise.

[0035] An "authorization request message" can be an electronic message sent to request an authorization action. In some implementations, an "authorization request message" can be a message sent to a payment processing network and / or the issuer of a payment card to request transaction authorization. Authorization request messages according to some implementations may conform to ISO 8583, a standard for systems exchanging information about electronic transactions associated with payments made by consumers using payment devices or payment accounts. Authorization request messages may include an issuer account identifier that can be associated with a payment device or payment account. Authorization request messages may also include additional data elements corresponding to "identification information," including (by way of example only): service code, CVV (card verification value), dCVV (dynamic card verification value), expiry date, etc. Authorization request messages may also include "transaction information," such as any information associated with the current transaction, such as transaction amount, merchant identifier, merchant location, etc., and any other information that can be used to determine whether to identify and / or authorize the transaction.

[0036] An "authorization response message" can be an electronic message reply to an authorization request message. It can be generated by the issuing financial institution or a payment processing network. An authorization response message may include (by way of example only) one or more of the following status indicators: Approval - the transaction is approved; Rejection - the transaction is not approved; or Call Center - further information is pending, and the merchant must call the toll-free authorization number. An authorization response message may also include an authorization code, which can be a code returned by the credit card issuing bank to the merchant's access device (e.g., a POS device) in response to the authorization request message in the electronic message (directly or via the payment processing network), indicating that the transaction has been approved. The code can be used as evidence of authorization. As described above, in some implementations, the payment processing network may generate or forward authorization response messages to the merchant.

[0037] As used in this article, an “e-wallet” or “digital wallet” can store user information, payment information, bank account information, etc., and can be used in various transactions such as, but not limited to, e-commerce, social networks, money transfers / individual payments, mobile commerce, proximity payments, etc., for retail purchases, digital goods purchases, utility payments, fund transfers between users, etc.

[0038] As used herein, a “mobile device” (sometimes referred to as a “mobile communication device”) can include any suitable electronic device that a user can transport or operate, and that also provides the ability to communicate remotely with a network. Examples of remote communication capabilities include the use of mobile phone (wireless) networks, wireless data networks (such as 3G, 4G, or similar networks), Wi-Fi, Bluetooth, Bluetooth Low Energy (BLE), Wi-Max, or any other communication medium that can provide access to networks such as the Internet or a private network. Examples of mobile devices include mobile phones (e.g., cellular phones), PDAs, tablet computers, netbooks, laptops, wearable devices (e.g., watches), vehicles (e.g., cars, motorcycles), personal music players, handheld dedicated readers, and so on. A mobile device can include any suitable hardware and software for performing such functions, and can also include multiple devices or components (e.g., when a device remotely accesses a network by being attached to another device, i.e., using another device as a modem, the two devices used together can be considered a single mobile device). A mobile device can also include authentication tokens, which may take the form of, for example, security hardware or software components within the mobile device and / or one or more external components that can be coupled to the mobile device. A detailed description of a mobile device is provided below.

[0039] As used herein, a “payment account” (which may be associated with one or more payment devices) can refer to any suitable payment account, including a credit card account, a checking account, or a prepaid account.

[0040] As used herein, "payment device" can refer to any device that can be used to conduct financial transactions, such as providing payment information to merchants. Payment devices can be of any suitable form. For example, suitable payment devices can be handheld and compact, allowing them to be placed in a consumer's wallet and / or pocket. For example These are pocket-sized devices and can take the form of mobile devices as described above. They can include smart cards, magnetic stripe cards, keychain devices (such as the Speedpass™ available from ExxonMobil), etc. Other examples of payment devices include cellular phones, personal digital assistants (PDAs), pagers, payment cards, security cards, access cards, smart media, transponders, 2D barcodes, electronic or digital wallets, and so on. Such devices can operate in contact or contactless modes.

[0041] As used in this article, a "server computer" is typically a powerful computer or cluster of computers. For example, a server computer can be a mainframe, a small cluster of computers, or a group of servers that work like cells. In one instance, a server computer could be a database server coupled to a web server.

[0042] "Biometric data" includes data that can be used to uniquely identify an individual based on one or more inherent physiological or behavioral characteristics. For example, biometric data can include fingerprint data and retinal scan data. Other examples of biometric data include digital photographic data (e.g., facial recognition data), deoxyribonucleic acid (DNA) data, palm print data, hand geometry data, and iris recognition data.

[0043] A "biometric template" can be a digital reference of different characteristics extracted from a biometric sample provided by a user. A biometric template can be derived from biometric data. It is used in the biometric authentication process. Data from a biometric sample provided by the user during authentication can be compared with the biometric template to determine if the provided biometric sample closely matches the template. In some implementations, a "large biometric template" can refer to the biometric template initially derived from the biometric data, while a "small biometric template" can refer to an incomplete or at least partially obscured copy of the large biometric template. In some implementations, a "biometric template" can include a small biometric template, a large biometric template, or a combination of both.

[0044] A “resource-providing entity” can be any entity that provides resources during the transaction. For example, a resource-providing entity can be a merchant, a venue operator, a building owner, a government entity, and so on.

[0045] "User identification information" can be any information associated with and capable of identifying a user. User identification information may include, but is not limited to, main account (PAN), telephone number, email address, postal code, mailing address, photo ID, personal identification number (PIN), etc.

[0046] I. Wireless Biometric Identification and Authentication System

[0047] Figure 1 , 2 Figures 3 and 4 illustrate various aspects of one or more systems used for wireless biometric authentication. Specifically, each system may be located at a resource provider's location and may include one or more users located at the resource provider's location and transacting with the resource provider, wherein each user may possess a mobile device.

[0048] A. Launching station

[0049] Figure 1A system 100 for detecting mobile devices at the location of a resource provider is depicted. System 100 includes a transmitting station 102, a mobile device 104, and an external service 106. Figure 1 The steps described in the document illustrate how a mobile device interacts with a launch station at a resource provider's location before interacting with an access device (e.g., before checkout).

[0050] Mobile device 104 can be a mobile device carried by the user when the user is at the resource provider's location. For example, the user can be a customer with a smartphone (i.e., a mobile device) shopping at a physical store (i.e., the resource provider's location).

[0051] Transmitting station 102 may be a fixed device associated with a resource provider's location. When a mobile device is brought to the resource provider's location by its respective user, transmitting station 102 can detect the mobile device and communicate with it. Communication can be performed using a short-to-medium range wireless communication mechanism. For example, transmitting station 102 may be a Bluetooth Low Energy (BLE) beacon that detects the presence of a customer's smartphone via BLE when the customer enters the store and sends a beacon including a transmitting station identifier (i.e., a beacon ID) to the smartphone.

[0052] Although this example describes a BLE communication mechanism, it should be understood that embodiments of the invention can utilize any suitable wireless communication mechanism. Examples of such communication mechanisms may include the use of suitable electrical, electromagnetic, or even acoustic communication modes. For example, embodiments of the invention may use RF, IR, or even audio signals to wirelessly transmit data between two devices. Preferred communication mechanisms include short- to medium-range wireless communication mechanisms. Examples of communication mechanisms may include Wi-Fi, BLE, classic Bluetooth, etc.

[0053] In some implementations, BLE technology is used as a short-range communication protocol or technology. Bluetooth Low Energy is a wireless personal area network (BPAN) technology for transmitting data over short distances. It is designed for low power consumption and low cost while maintaining a communication range similar to classic Bluetooth. BLE communication mainly consists of “advertisements” or small data packets, which are broadcast at regular intervals via radio waves through beacons (which may be present in or be a base station) or other BLE-enabled devices.

[0054] External service 106, which can be implemented as a cloud-based system or as a server computer system, can be remotely located relative to the resource provider's location. Mobile device 104 can use external service 106 as a trusted service (which could be a merchant or payment processor driver) to translate a transmitter identifier into an identifier for the resource provider's location (i.e., a resource provider location identifier). Communication between mobile device 104 and external service 106 can be performed using any suitable communication network. A suitable communication network can be any one and / or a combination of the following: direct interconnect, the Internet, a local area network (LAN), a metropolitan area network (MAN), an Operational Mission as an Internet node (OMNI), a mesh network, a secure custom connection, a wide area network (WAN), a wireless network (e.g., using protocols such as, but not limited to, Wireless Application Protocol (WAP), I-mode, etc.), etc. Communication can be performed using secure communication protocols, such as Transport Layer Security (TLS), Secure Sockets Layer (SSL) protocols, or other suitable secure communication protocols.

[0055] like Figure 1 As shown, the mobile device 104 can be carried by the user when entering the resource provider's location. At this time, the mobile device can possess a biometric template generated from the user's biometric sample. For example, a smartphone application can be installed on the mobile device 104 to guide the user through the process of generating the biometric template, wherein the mobile device takes a photo of the user's face and generates a biometric template based on that photo. The biometric template can then be stored in the mobile device.

[0056] Although this example describes using a facial image as a biometric identification sample, other biometric identification samples that can be used may include voice samples, fingerprint samples, DNA samples, hair samples, retinal scan samples, etc.

[0057] At step S101, transmitter 102 detects a mobile device 104 carried to the resource provider's location. For example, a customer's smartphone may be detected when the customer enters a store. Upon sensing the mobile device 104, transmitter 102 may send a beacon to the mobile device, wherein the beacon includes a transmitter identifier (e.g., a beacon ID) that uniquely identifies the transmitter. The transmitter identifier may be extracted from the beacon by an application installed on the mobile device 104.

[0058] In the same step, mobile device 104 and transmitting station 102 can exchange address information (e.g., IP address, MAC address) so that transmitting station 102 and mobile device 104 can recognize each other for subsequent communication.

[0059] In step S102, mobile device 104 communicates with external service 106 to identify a resource provider based on a received transmitter identifier. Specifically, an application installed on mobile device 104 can send the transmitter identifier to external service 106. If geolocation information is available (e.g., mobile device 104 has geolocation enabled and the user has agreed to share that geolocation information), the application can send the geolocation information to external service 106, which will enable the external service to detect attempts to spoof the transmitter identifier.

[0060] At step S103, external service 106 responds to mobile device 104 with an appropriate resource provider location identifier. Upon receiving the transmitter identifier, external service 106 can resolve the transmitter identifier to a resource provider location identifier. In some cases, this may involve resolving the transmitter identifier to a merchant identifier and a store identifier. In some embodiments, the merchant identifier and store identifier may be referred to as a “Cardholder ID” (CAID) and a “Cardholder Name” (CAN), respectively. Any such identifier can be used, as long as they uniquely identify the resource provider location. Once the resource provider location identifier is determined, it can be transmitted back to mobile device 104.

[0061] In step S104, the mobile device 104 sends a message including several pieces of information to the transmitting station 102. This information may include a temporary mobile device identifier that identifies the mobile device 104 when it is located at a resource provider's location. Dev_ ID In some cases, the mobile device ID can be a large random number (e.g., 8 bytes) generated each time a mobile device is brought to a resource provider's location. Specifically, each mobile device entering a resource provider's location can provide a mobile device ID that uniquely identifies the mobile device during its visit. The resource provider can use these mobile device IDs to identify each mobile device and maintain consistent communication with each mobile device without confusing them between interactions when multiple mobile devices are located at the resource provider's location.

[0062] This information may include resource provider location identifiers (e.g., CAID and CAN This information may include customer identifiers that the user wishes to be known in the store at this time. Cust_ID . User_ID This information can be permanent or used only for current access to the resource provider's location. It may include a random number. n It is a random number of a specific size (e.g., 128 bits) generated by the mobile device 104.

[0063] In an implementation that uses public-key cryptography to securely transmit biometric templates, the information may include a public-key certificate associated with the mobile device 104. PKCert The certificate is signed by a Certificate Authority (CA). In such an implementation, the resource provider (i.e., the access device) will possess (or have access to) the CA's public key, enabling the resource provider to verify the public key certificate of mobile device 104. Messages can be signed using the private key of mobile device 104. Therefore, in such an implementation, an instance message sent by mobile device 104 to transmitter 102 may include the following:

[0064] sign Pv { Dev_ID , Cust_ID , n , CAID , CAN}, PKCert

[0065] As can be seen from the formula above, the instance message includes the public key certificate. PKCert Customer identifier Cust_ID Device identifier Dev_ID Resource provider location identifier CAID and CAN Random numbers n as well as Dev_ID , Cust_ID , n , CAID and CAN The signature. See below for reference. Figure 4 The use of public-key encryption to securely transmit biometric templates will be discussed in more detail.

[0066] In an implementation using encryption based on a fuzz extractor to securely transmit biometric templates, the information may include public values ​​generated from the biometric templates stored on a mobile phone. See below for reference. Figure 5-9 The use of fuzz extractor-based encryption for secure transmission of biometric templates is discussed in more detail.

[0067] After step S104, the mobile device 104 may store status information including a resource provider location identifier and geographic location information, which informs the mobile device which resource provider location it is accessing. Therefore, an application installed on the mobile device 104 can be designed to service transactions involving only the resource provider location identifier.

[0068] Upon receiving a message from mobile device 104, transmitting station 102 can cause a status entry containing information about the presence of the mobile device at the resource provider's location to be created. Therefore, the resource provider can maintain a status entry (e.g., in a database) for each mobile device brought to the resource provider's location. For example, each status entry can include parameters associated with a specific mobile device at the resource provider's location. Dev_ID , Cust_ID , n and PKCert .

[0069] When the mobile device 104 approaches the access device to perform a transaction, the status entry associated with the mobile device can provide information for completing the transaction.

[0070] B. Access device

[0071] Figure 2 A system 200 for conducting transactions using wireless biometric authentication, according to several implementation schemes, is described. Specifically, Figure 2 Users 202, 204, 206, and 208 are shown queuing to transact with access device 210. Users 202, 204, 206, and 208 are carrying mobile devices 104, 220, 222, and 224, respectively. Therefore, Figure 2 All the mobile devices shown are within range of access device 210. It should be noted that, although... Figure 2 Only mobile devices 104, 220, 222 and 224 are depicted, but there may be other mobile devices that are considered to be at the location of the resource provider but not within the vicinity of the access device 210.

[0072] like Figure 2 As shown, when user 202 is ready to transact with access device 210, user 202 can stand in front of the access device while mobile device 104 remains in their pocket. Access device 210 captures an image of user 202's face and generates a biometric identification template based on that image. At this point, access device 210 can determine that it should transact with the mobile device possessed by user 202. However, access device 210 may not necessarily know which of mobile devices 104, 220, 222, and 224 is the mobile device carried by user 202. Therefore, access device 210 can use the biometric identification template to identify the correct mobile device to complete the transaction.

[0073] Specifically, access device 210 may broadcast its biometric template to all nearby mobile devices in an attempt to determine which mobile device possesses a biometric template that matches the access device's biometric template. It should be noted that in some embodiments, the first biometric template need not be identical to the second biometric template in order to "match" the template. For the purposes of these embodiments, the first biometric template can be considered a match for the second biometric template as long as it is sufficiently close to the second biometric template (e.g., the first biometric template has a similar number of features and / or has features sufficiently similar to those of the second biometric template). In some embodiments, a "match" can be defined by a threshold match score. For example, the first biometric template may correspond to a photograph of user 202's face taken by mobile device 104, while the second biometric template may correspond to a photograph of user 202's face taken by access device 210, where the similarity between the faces shown in the first and second photographs can be used to determine the match between the first and second biometric templates.

[0074] When a mobile device determines a match between its stored biometric template and a biometric template received in a broadcast, the mobile device can send a confirmation of the match back to access device 210. Upon receiving the confirmation, access device 210 can conduct a transaction with the mobile device that sent the confirmation. Therefore, by using biometric authentication, the user of the first mobile device can perform secure wireless transactions without having to manually operate the first mobile device or a portable transaction device (e.g., a credit card).

[0075] However, it should be noted that biometric templates cannot be broadcast in plaintext, as doing so could compromise transaction security and lead to privacy breaches. After all, it can be assumed that users do not want their facial images or other biometric information to be publicly broadcast. Therefore, embodiments of the present invention can encrypt the biometric template before broadcasting. Two main techniques for encrypting biometric templates can include a first technique using public-key encryption, referred to below. Figure 4 A description of this, as well as a second technique using the concept of a fuzz extractor, are referenced below. Figure 5-9 Describe it.

[0076] Figure 3 Another exemplary system 300 for conducting transactions using wireless biometric authentication, according to some implementation schemes, is depicted. Specifically, Figure 3 The transmitter 102, mobile device 104, external service 106, and access device 210 are shown.

[0077] Access device 210 and transmitting station 102 can be decoupled or coupled together. In some embodiments, access device 210 and transmitting station 102 can be embodied in the same device. In other embodiments, access device 210 and transmitting station 102 can be embodied in different devices that communicate with each other via a network (e.g., a local area network).

[0078] exist Figure 3 In this context, steps S301, S302, S303, and S304 can respectively correspond to Figure 1 Steps S101, S102, S103, and S104 are described herein. The descriptions of these steps are incorporated herein and need not be repeated.

[0079] When a user is ready to check out and stands in front of the access device 210, the access device 210 can capture an image of the user's face and generate a biometric template from that image. It should be noted that in other embodiments of the invention, other types of biometric samples can be captured. The access device 210 can also encrypt the user's facial image.

[0080] At step S305, access device 210 may broadcast its encrypted biometric template to all nearby mobile devices, including mobile device 104. Upon receiving the broadcast, mobile device 104 may attempt to decrypt the encrypted biometric template. If the decryption attempt is successful, mobile device 104 may determine whether its stored biometric template matches the received biometric template.

[0081] In step S306, upon determining a biometric template match, the access device 210 sends a confirmation of the match back to the access device 210. After receiving the confirmation, the access device 210 can conduct a transaction with the mobile device 104 representing the user 202. After the transaction is completed, the user 202 can leave, and the next user in the queue, 204, can stand in front of the access device 210 to have their photo taken, which restarts the mobile device identification process for subsequent transactions.

[0082] II. Wireless biometric authentication using public-key cryptography

[0083] Figure 4 A flowchart illustrating a wireless biometric authentication process using public-key encryption is shown. The wireless biometric authentication process can be performed by an access device, mobile device, transmitter, and / or external service, as described above. Figure 1-3 As described in [the text].

[0084] At step 402, the first mobile device generates a first biometric template based on a first biometric sample obtained from a first user carrying the first mobile device. For example, the first mobile device may correspond to... Figure 1 The mobile device 104 in the middle, and the first user can correspond to Figure 2 User 202. When the application is first installed on mobile device 104, the application can cause the mobile device to take a photo of user 202's face. The application can then generate a biometric template from the photo and store the biometric template in mobile device 104.

[0085] At step 404, the first mobile device sends the first public key to the transmitting station at the resource provider's location. For example, the transmitting station could correspond to... Figure 1 Launch station 102 in the middle. (See above reference.) Figure 1 As explained, when user 202 arrives at a resource provider's location with mobile device 104, transmitting station 102 can send a beacon including a transmitting station identifier to mobile device 104 upon detecting the mobile device. Upon receiving the beacon, mobile device 104 can communicate with external service 106 to resolve the transmitting station identifier into a resource location identifier. Mobile device 104 can then send a message to transmitting station 102, wherein the message includes the mobile device's public key certificate.

[0086] At step 406, the transmitting station receives and stores a public key, including the first public key, from a plurality of mobile devices, including the first mobile device. Specifically, upon receiving the first public key sent in step 404, the transmitting station may create a first state entry corresponding to the first mobile device and containing the first public key. Additionally, if the transmitting station receives public keys from other mobile devices located at the resource provider's location, the transmitting station may create additional state entries, each storing the public key of one of the other mobile devices. These state entries may be provided to access devices at the resource provider's location.

[0087] At step 408, the access device generates a second biometric template based on the second biometric sample obtained from the first user. For example, the access device may correspond to... Figure 2 Access device 210 in the above reference. Figure 2-3 As explained, when user 202 stands in front of access device 210 to conduct a transaction with the access device, access device 210 can take a photo of the user's face. Then, access device 210 can generate another biometric identification template for user 202 from the photo.

[0088] During steps 410-416, the second biometric template can be broadcast multiple times to all nearby devices. To protect transaction and user privacy, the access device can encrypt the second biometric template each time before broadcasting it using a public key associated with one of the nearby mobile devices. When the second biometric template is encrypted with the mobile device's public key, only that mobile device can use its private key to decrypt the broadcast, and all other nearby mobile devices will be unable to decrypt the same broadcast. To ensure that each nearby device has a chance to decrypt the encrypted second biometric template, the access device can repeatedly encrypt and broadcast the second biometric template using a different public key each time until (i) the access device receives a matching confirmation from one of the nearby mobile devices or (ii) the public key of each nearby mobile device has been used at least once. Therefore, the second biometric template can be broadcast as many times as the number of nearby mobile devices.

[0089] Before broadcasting, the access device can identify which mobile devices are nearby. For example, access device 210 can use BLE (with adjustable power) and / or mesh technology to determine that each of mobile devices 104, 220, 222, and 224 is close enough to be a mobile device carried by user 202. Upon determining that four mobile devices are nearby, access device 210 can broadcast the second biometric template up to four times. For the first, second, third, and fourth broadcasts, access device 210 can encrypt the second biometric template using the public keys of mobile device 104, 220, 222, and 224, respectively. After broadcasting, the access device can wait for a response from one of the nearby mobile devices to confirm a match between the second biometric template and the mobile device's stored biometric template.

[0090] At step 410, the access device retrieves the public key of the next mobile device. Specifically, the access device may obtain the public key of the mobile device from a previously created state entry in response to the detection of the mobile device.

[0091] At step 412, the access device encrypts the second biometric template using a public key. Specifically, the access device can generate a message including the following:

[0092] encryption PK { template , Amount , CAID , CAN , n , m , sk(n , m )}.

[0093] As can be seen from the formula above, the message can include a combination of values ​​encrypted using the public key retrieved in step 410. These values ​​can include: template , representing a biometric identification template; Amount This indicates the purchase amount involved in the transaction; the resource provider location identifier (i.e., CAID and CAN ), n , representing a random number received from a mobile device associated with the public key; m , represents another fresh random number generated by the resource provider that is unique to each device and transaction; and " sk (n, m) The '' indicates the secret session key, which the mobile device can use to encrypt a matching confirmation sent back to the accessing device. The secret session key is unique to each device and transaction.

[0094] At step 414, the access device broadcasts the encrypted second biometric template to all nearby mobile devices, including the first mobile device. For example, access device 210 may generate a message including the formula described above in 412 and broadcast the message to mobile devices 104, 220, 222, and 224.

[0095] At step 416, the access device determines if there are any other nearby mobile devices whose public keys have not yet been used to encrypt the second biometric template. If so, the process returns to step 410, where the access device retrieves the public key of another mobile device to prepare for subsequent broadcasting of the second biometric template. Otherwise, the process proceeds to step 418.

[0096] At step 418, the access device waits for one of the nearby mobile devices to send confirmation that the second biometric template matches the biometric template stored in the mobile device.

[0097] It should be noted that after a nearby mobile device (including the first mobile device) receives the broadcast message, each mobile device can attempt to decrypt the message using its own private key. Whichever mobile device successfully decrypts the message can determine whether its stored biometric template matches a second biometric template. If a match is found, the mobile device can conclude that its user is transacting with the access device. Therefore, the mobile device can use the confirmation of the match to respond to the access device.

[0098] At step 420, the first mobile device receives an encrypted second biometric template broadcast by the access device. Specifically, the first mobile device may receive a message including the formula described above in step 412.

[0099] At step 422, the first mobile device determines whether its private key can be used to decrypt the second biometric template. Specifically, the first mobile device may attempt to decrypt the message content to obtain the second biometric template, the purchase amount, the resource provider's location identifier, and a random number. n Random numbers m The message includes the secret session key. If the decryption attempt fails, the first mobile device ignores the message and waits for the next broadcast. If the decryption attempt succeeds, the process proceeds to step 424.

[0100] At step 424, the first mobile device determines whether the first biometric identification template matches the second biometric identification template. In some implementations, the first mobile device checks a random number before making the determination. n Does it match a random number previously sent to the resource provider? If so, the first mobile device can also check if the resource provider's location identifier matches the expected location identifier. If so, the first mobile device can determine if the first biometric template matches the second biometric template. If a match is found, the first mobile device can conclude that its owner is transacting with the access device. n If incorrect, the resource provider location identifier has an unexpected value, or the biometric identification template does not match, and the first mobile device ignores the message.

[0101] At step 426, the first mobile device sends a matching confirmation to the access device. For example, after determining a match between its stored biometric template and a second biometric template, the mobile device 104 can prepare a payment message including the following:

[0102] encryption sk(n,m) { Sign Pv ( n , m , CAID , CAN , PAN , Date of Expiry , Amount )}

[0103] As can be seen from the formula above, the message can include a combination of values ​​encrypted using the secret session key described in step 412. These values ​​can include: Amount This refers to the purchase amount involved in the transaction; the resource provider location identifier (i.e., CAIDand CAN ); n and m , which is the random number described in step 412; PAN (For example, the last four digits of PAN), which is the primary account identifying user 202's payment account; and Date of Expiry This is the expiration date associated with the payment account. Additionally, the combination can be signed using the mobile device's private key before being encrypted with the secret session key. Pv Mobile device 104 can send payment messages to access device 210 in the form of contactless transactions.

[0104] At step 428, the access device performs a transaction or otherwise authorizes the first user to access the requested resource. For example, when access device 210 receives the payment message sent by mobile device 104 in step 426, it can use the public key of mobile device 104 to verify the signature. Access device 210 can also verify... n and m Whether they match. Then, access device 210 can display the user's customer identifier Cust_ID to user 202 and prompt the user to accept the payment. Here, user 202 can press a button provided by access device 210, which causes the resource provider to submit an authorization request message to the payment processing network associated with user 202's payment account. In some implementations, upon receiving authorization approval, the receipt can be wirelessly transmitted to mobile device 104 (e.g., via SMS).

[0105] It should be noted that the messages sent between the access device and the first mobile device in steps 414 and 426 include random numbers. m This prevents man-in-the-middle (MITM) attacks because the access device verifies that the signing key used for signing matches the key used to encrypt the message sent in step 414. m The public key is consistent.

[0106] III. Wireless Biometric Authentication Using a Fuzzy Extractor

[0107] To address the problem of broadcasting a user's biometric identification template to nearby mobile devices, certain embodiments of the present invention may utilize the concept of a fuzzy extractor. Figure 2In the system shown, although access device 210 can encrypt the second biometric template with a public key each time it broadcasts the template, each mobile device 104, 220, 222, and 224 may decrypt the second biometric template at least once. Therefore, each mobile device 220, 222, and 224 not carried by user 202 may attempt to decrypt the biometric template generated from user 202's face. Despite encryption, another user may obtain user 202's biometric sample without user 202's consent. Ideally, neither encrypted nor unencrypted biometric samples should be transferred to other users' mobile devices.

[0108] Therefore, to limit the number of mobile devices capable of decrypting the second biometric template, the access device can utilize encryption based on the concept of a fuzzy extractor. The concept of a fuzzy extractor will now be described. At a high level, a fuzzy extractor can correspond to a mechanism for generating a cryptographic key from a biometric template in such a way that if the mechanism generates a specific cryptographic key from the first biometric template, it will generate the same cryptographic key from the second biometric template, provided that the second biometric template matches the first biometric template (i.e., not necessarily exactly the same, but close enough). The function of the fuzzy extractor is defined as follows.

[0109] The fuzz extractor includes two functions: the first fuzz extractor function G Second fuzz extractor function R . G Take biometric identification template W_D and map it to a pair of values (R_D, S_D) ,in R_D It is a secret key, and S_D From and W_D Any matching biometric template W_D' Recreate R_D Required public values. R Pick W_D' and S_D And map them to secret cryptographic keys. R_D' If W_D' match W ,but R_D' equal R_D In other words, the fuzz extractor function. G Used to generate secret key and public key values ​​from a first biometric identification template, while the second fuzz extractor function... RThe same secret key can be regenerated from the same public value and the second biometric template, provided that the first and second biometric templates match. Further details about fuzzy extractors can be found in Yegeniy Dodis et al., entitled “Fuzzy Extractors; How to Generate Strong Keys from Biometrics and Other Noisy Data” (SIAM Journal on Computing, 38(1): 97-139, 2008). This reference is incorporated herein by reference in its entirety for all purposes.

[0110] Figure 5 This illustrates how to use the first fuzz extractor function. G The image. (As shown) Figure 5 As shown, the mobile device can obtain a first biometric sample from its user. The mobile device can then generate a first biometric template based on the first biometric sample. W_D Then, the mobile device will W_D Gifts G G will W_D Mapped to secret cryptographic key R_D and common values S_D . S_D It can then be sent to the access device.

[0111] Figure 6 This demonstrates how to use the second fuzz extractor function. R The image. (As shown) Figure 6 As shown, the access device can be obtained from the mobile device. S_D The access device obtains a second biometric sample from the user of the mobile device. Then, the access device can generate a second biometric template based on the second biometric sample. W_D' Then, the access device will W_D' and S_D Gifts R R maps it to a secret cryptographic key. R_D' Here, if W_D' and W_D If matched, then R_D' Will equal to R_ D Therefore, the mobile device and the access device can independently generate the same secret password key from the same public value and matching biometric template. Thus, the access device can use... R_D' To encrypt the messages it broadcasts to mobile devices and other nearby mobile devices.

[0112] In addition to protecting communication between access devices and mobile devices, it can also use R_D' Determine W_D Whether or not W_D' Matching. In other words, since two devices can only generate the same secret key if their biometric templates match, any mobile device can infer from the successful decryption of a broadcast message that: (i) the mobile device and the access device have generated the same key, and (ii) the mobile device's biometric template matches the access device's biometric template. This provides the advantage of keeping a user's biometric template confidential from other nearby users' mobile devices during a transaction.

[0113] This technique of using a fuzzy extractor concept to encrypt biometric templates can be further developed to address situations where the access device itself is not entirely trustworthy. For example, a user may encounter a malicious terminal (e.g., a fake terminal, a stolen terminal, or a hacked terminal). Furthermore, in some implementations, a malicious access device could potentially reconstruct the biometric template stored on the user's mobile device based on a matching biometric template generated by the terminal and public values ​​provided to the access device from the mobile device, potentially leading to privacy breaches. Therefore, in cases where the biometric template generated on the user's mobile device is particularly detailed (e.g., the biometric template is derived from a particularly high-quality photograph of the user's face), the user may be less inclined to entrust their complete biometric template to the access device.

[0114] For the reasons mentioned above, some implementation schemes may use large biometric identification templates and small biometric identification templates. Figure 7 This illustration demonstrates how the first fuzzy extraction function is used in an implementation that utilizes large and small biometric recognition templates. G The image. (As shown) Figure 7 As shown, the mobile device can obtain a first biometric sample from its user. The mobile device can then generate a first biometric template based on the first biometric sample. W_ D Then, the mobile device can be blurred. W_D Or delete W_D Part of the source W_D Generate the first small biometric recognition template w_D Then, the mobile device will w_D Gifts G G will w_D Mapped to secret cryptographic key r_D and common values s_D . s_DIt can then be sent to the access device. If the access device is proven to be malicious, the access device may use... s_D and with w_ D Matching biometric identification templates w_D' To regenerate w_D However, due to w_D Poor quality is something mobile device users might not mind. w_D It was leaked.

[0115] Figure 8 This illustration demonstrates how to use the second fuzz extractor function in an implementation that utilizes large and small biometric recognition templates. R The image. (As shown) Figure 8 As shown, the access device can be obtained from the mobile device. s_D The access device obtains a second biometric sample from the user of the mobile device. Then, the access device can generate a second biometric template based on the second biometric sample. W_D' Then, the access device can be similar to that from... W_D generate w_D The method of generating a second biometric identification template w_D' Then, the access device will w_D' and s_D Gifts R R maps it to a secret cryptographic key. r_D’ Here, if W_D match W_D' ,So w_D' Match w_D .if w_D match w_D' ,but R_D' Will equal to R_D Once again, the mobile device and the access device are able to independently generate the same secret password key from the same public value and matching biometric template. Therefore, the access device can use... r_D’ To encrypt the messages it broadcasts to mobile devices and other nearby mobile devices.

[0116] Figure 9 A flowchart illustrating a wireless biometric authentication process using the concept of a fuzzy extractor is shown. The wireless biometric authentication process can be performed by an access device, mobile device, transmitter, and / or external service, as described above. Figure 1-3 As described in [the text].

[0117] At step 902, the first mobile device generates a first biometric template based on a first biometric sample obtained from a first user carrying the first mobile device. W_DAnd the first small biometric identification template w_D For example, the first moving device may correspond to Figure 1 The mobile device 104 in the middle, and the first user can correspond to Figure 2 User 202 in the middle.

[0118] At step 904, the first moving device will w_D Feed to the first extractor function G In order to obtain the first secret key and the first public value.

[0119] At step 906, the first mobile device sends its public value to the transmitting station at the resource provider's location. For example, the transmitting station could correspond to... Figure 1 Launch station 102 in the middle. (See above reference.) Figure 1 As explained, mobile device 104 can send a message to transmitting station 102, wherein the message includes a public value generated by mobile device 104.

[0120] At step 908, the transmitting station receives and stores a common value, including a first common value, from multiple mobile devices, including the first mobile device. Specifically, after receiving the first common value sent in step 906, the transmitting station can create a first status entry corresponding to the first mobile device and containing the first common value. Additionally, if the transmitting station receives common values ​​from other mobile devices located at the resource provider's location, the transmitting station can create additional status entries, each storing the common value of one of the other mobile devices. These status entries can be provided to the access device at the resource provider's location.

[0121] At step 910, the access device generates a second biometric template based on the second biometric sample obtained from the first user. W_D' Second biometric identification template w_D' For example, the access device can correspond to Figure 2 Access device 210 in the middle.

[0122] At step 912, the access device retrieves the public value of the next mobile device. Specifically, the access device may obtain the public value of the mobile device from a previously created status entry in response to the detection of the mobile device.

[0123] At step 914, the access device will w_D' and public value feed to the second extractor function R To obtain the secret password key corresponding to the next mobile device. r_D' .

[0124] At step 916, the access device uses r_D' To encrypt W_D' Specifically, the access device can generate a message that includes the following:

[0125] encryption r_D’ { W_D'}

[0126] As can be seen from the formula above, the message may include the use of r_D' Encrypted W_D' Although not reflected in the formula above, the message may also include additional values ​​that are also encrypted using r_D'. For example Resource provider location identifier, random number, etc.

[0127] At step 918, the access device broadcasts the message to all nearby mobile devices. For example, access device 210 may generate a message including the formula described above in 916 and broadcast the message to mobile devices 104, 220, 222, and 224.

[0128] At step 920, the access device determines whether there are more nearby mobile devices whose public values ​​have not yet been used to generate the secret password key. If so, the process returns to step 912, where the access device retrieves the public value of another mobile device to prepare for subsequent broadcasting of the second biometric template. Otherwise, the process proceeds to step 922.

[0129] At step 922, the access device waits for one of the nearby mobile devices to send confirmation that the second biometric template matches the biometric template stored in the mobile device.

[0130] It should be noted that after a nearby mobile device (including the first mobile device) receives the broadcast message, each mobile device attempts to decrypt the message using its own secret cryptographic key. Whichever mobile device successfully decrypts the message can be considered to have a small biometric identification template (e.g., in the case of the first mobile device). w_D )match w_D' And from this, it can be inferred that there is a high probability that it is a large biometric identification template (e.g., in the case of the first mobile device, it is a match). W_D )match W_D' Therefore, the mobile device can continue to determine whether its large biometric identification template matches. W_D' If a match is confirmed, the mobile device can determine that its user is transacting with the access device. Therefore, the mobile device can respond to the access device using the confirmation of the match.

[0131] At step 924, the first mobile device receives encrypted... W_D'Specifically, the first mobile device can receive messages that include the formula described in step 916 above.

[0132] At point 926, the first mobile device determines whether the first cryptographic key can be used to decrypt the encrypted data. W_D' If the decryption attempt fails (e.g., the decryption attempt only generates garbage), the first mobile device ignores the message and waits for the next broadcast. If the decryption attempt succeeds, the first mobile device takes this as evidence that the first user may be transacting with the access device. Therefore, the process proceeds to decision 928.

[0133] At point 928, the first mobile device makes a judgment. W_D Whether or not W_D' A match is found. If a match is found, the first mobile device can determine that its owner is transacting with the access device. If W_D and W_D' If there is no match, the first mobile device ignores the message.

[0134] At step 930, the first mobile device sends a matching confirmation to the access device. This confirmation may include various additional information, including the first user's PAN (e.g., the last four digits of the PAN), the first user's customer identifier, and / or authentication information (e.g., card pattern).

[0135] At step 932, the access device performs a transaction or otherwise authorizes the first user to access the requested resource. For example, upon receiving a confirmation sent by mobile device 104 in step 930, access device 210 may display information provided by the confirmation (e.g., PAN, customer identifier, card pattern) to user 202, enabling the user to confirm that the correct mobile device has been selected. Access device 210 may also prompt the user to accept the fee.

[0136] It should be noted that while it is generally expected that for any given transaction, only one of the nearby mobile devices will respond with a matching confirmation, extreme cases may occur where none of the nearby mobile devices confirm a match or multiple mobile devices confirm a match. Various measures that can be used alone or in combination to address such extreme cases are now described.

[0137] In one measure, when the access device from N (Where N = 1, 2, 3 ...) nearby mobile devices receive confirmation, and when all these devices determine a match, a match is created. NA fake entry is identified. The access device then presents the user with a set of buttons, including one for each matching device and one for each fake entry. Each button associated with a matching device may display the card pattern, customer identifier, phone number, expiration date, and / or part of the PAN of the user associated with that device, while each button associated with a fake entry displays false information. The user is then prompted to press the button associated with the user's relevant information.

[0138] In another measure, the access device can save photos of the users who performed the transactions for dispute resolution purposes.

[0139] Another measure involves storing photos on the user's mobile device, rather than on the access device. Here, the photos can be encrypted in a way that only the resource provider or an entity on the payment processing network can decrypt them.

[0140] In another approach, the mobile device can transmit a code to the access device. The access device can then prompt the user to enter the code. The transaction is only completed if the user enters the correct code. In some implementations, the code may be a piece of information known to the user (e.g., 2-4 digits of the user's phone number).

[0141] In another measure, the access device prompts the user to enter a symbol, signature, or other pattern on the access device's touchscreen, and then transmits it from the access device to the user's mobile device. A transaction is only completed if the pattern entered by the user matches a pattern stored on the mobile device.

[0142] In some implementations, if wireless biometric authentication fails in some way, the access device can revert to performing the transaction via conventional methods (e.g., credit card, cash, etc.).

[0143] In the above embodiments, once a biometric template stored in the mobile device matches another biometric template obtained from the resource provider, any suitable transaction can be performed. For example, (i) a contactless NFC transaction can be performed between the mobile device and the resource provider's access device, (ii) a remote transaction can be performed, or (iii) a contact transaction can be performed. In some embodiments, the access device can generate an authorization request message, which is sent to the issuing computer via the acquiring computer and the payment processing network. The issuing computer can then return an authorization response via a reverse path of approving or rejecting the transaction. If the transaction is approved, a clearing and settlement process can occur between the acquiring computer, the payment processing network, and the issuing computer.

[0144] While the examples above specifically discuss payment transactions, embodiments of the present invention are not limited to payment transactions. For example, the wireless biometric authentication technology described above can be used to access resources provided by any suitable resource-providing entity. Other examples of resources that can be accessed using the authentication process according to embodiments of the present invention include access to locations, access to information, etc.

[0145] IV. Portable communication devices

[0146] Figure 10 A block diagram of a portable communication device 1001 according to some embodiments is shown. Device 1001 may be an example of a previously described mobile device (e.g., 104). Portable communication device 1001 may include device hardware 1004 coupled to memory 1002. Device hardware 1004 may include processor 1005, communication subsystem 1008, user interface 1006, and display 1007 (which may be part of user interface 1006). Processor 1005 may be implemented as one or more integrated circuits (e.g., one or more single-core or multi-core microprocessors and / or microcontrollers) and is used to control the operation of portable communication device 1001. Processor 1005 may execute various programs in response to program code or computer-readable code stored in memory 1002 and may maintain multiple concurrently executing programs or processes. Communication subsystem 1009 may include one or more RF transceivers and / or connectors that can be used by portable communication device 1001 to communicate with other devices and / or connect to external networks. User interface 1006 may include any combination of input and output elements to allow a user to interact with portable communication device 1001 and invoke its functions. In some embodiments, display 1007 may be part of user interface 1006.

[0147] Memory 1002 may be implemented using any combination of any number of non-volatile memories (e.g., flash memory) and volatile memories (e.g., DRAM, SRAM) or any other non-transitory storage medium or combination thereof. Memory 1002 may store a mobile OS 1014 and a mobile application environment 1010, wherein one or more mobile applications 1012 (e.g., payment applications, such as mobile wallet applications, merchant applications, mobile location applications, etc.) reside and are executed by processor 1005. Additionally, memory 1002 may store computer code executable by processor 1005 for performing any of the functions described herein.

[0148] Some entities or components described herein may be associated with or operate one or more computer devices to contribute to the functions described herein. Some entities or components described herein, including any server or database, may use any suitable number of subsystems to contribute to the functions described herein.

[0149] Examples of such subsystems or components can be interconnected via a system bus. Other subsystems are shown, such as printers, keyboards, fixed disks (or other memory including computer-readable media), monitors coupled to display adapters, and other subsystems. Peripheral devices and I / O devices coupled to input / output (I / O) controllers (which may be processors or any suitable controllers) can be connected to the computer system via any number of means known in the art, such as serial ports. For example, serial ports or external interfaces can be used to connect computer devices to wide area networks (such as the Internet), mouse input devices, or scanners. Interconnection via a system bus allows the central processing unit to communicate with each subsystem and control the execution of instructions from system memory or fixed disks, as well as the exchange of information between subsystems. System memory and / or fixed disks may embody computer-readable media.

[0150] The embodiments of the present invention offer numerous advantages. For example, they allow users to perform hands-free transactions, requiring only a mobile device capable of wireless communication with a resource provider. Specifically, biometric samples are automatically associated with a user's image and their mobile device, eliminating the need for the user to manually provide this association to the resource provider. Furthermore, the embodiments of the present invention enable users to participate in biometric-based hands-free transactions while reducing the risk of user biometric samples being leaked. Specifically, encryption based on a fuzz extractor ensures that the user's biometric samples are not exposed to other nearby mobile devices, while the use of large and small templates reduces the risk of malicious access devices stealing the user's biometric samples. Moreover, the embodiments of the present invention can provide a fully automated wireless biometric authentication system that requires no manual input from operators during the user authentication process.

[0151] Messages between computers, networks, and devices described herein can be transmitted using protocols such as, but not limited to, File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), Secure Hypertext Transfer Protocol (HTTPS), Secure Sockets Layer (SSL), ISO (e.g., ISO 8583), and / or other secure communication protocols.

[0152] Other embodiments of the present invention are also conceivable. Other embodiments of the present invention may include: obtaining a second biometric sample of a user from a mobile device; generating a second minor biometric template and a second major biometric template from the biometric sample; generating a first secret key and a public value by passing the second major biometric template to a fuzzy extractor via a first function; transmitting the public value to an access device; receiving an encrypted first major biometric template from the access device, the first major biometric template being encrypted using a secret key generated by passing the public value and the first minor biometric template to the fuzzy extractor via a second function, wherein the first minor biometric template is generated from a first biometric sample on the access device; attempting to decrypt the encrypted first major biometric template using the first secret key; determining whether the first major biometric template matches the second major biometric template in response to decrypting the encrypted first major biometric template; and sending a confirmation of the match to the access device in response to determining that the first major biometric template matches the second major biometric template.

[0153] Another embodiment of the invention may relate to an access device that includes code that can be executed by a processor to perform the methods described above.

[0154] Other embodiments of the present invention may include: obtaining a first biometric sample of a user from an access device; generating a first small biometric template and a first large biometric template from the first biometric sample; for each of a plurality of mobile devices within a range of the access device, the plurality of mobile devices including the first mobile device; retrieving a common value of the mobile devices, wherein: the common value of the mobile devices is generated by passing the small biometric template of the mobile device to a first function of a fuzz extractor; and the small biometric template of the mobile device is generated from the biometric sample of the mobile device; generating a secret password key by passing the first small biometric template and the common value of the mobile device to a second function of the fuzz extractor; encrypting the first large biometric template with the secret password key; and broadcasting the encrypted first large biometric template to the plurality of mobile devices;

[0155] Another embodiment of the invention may relate to an access device that includes code that can be executed by a processor to perform the methods described above.

[0156] Receive confirmation from the first mobile device that a match is made between the first large biometric identification template and the biometric identification template of the first mobile device, wherein the biometric identification template of the first mobile device is generated from the biometric identification sample of the first mobile device; and in response to the confirmation, conduct a transaction between the access device and the first mobile device.

[0157] Specific details regarding some of the foregoing aspects have been provided above. These specific details may be combined in any suitable manner without departing from the spirit and scope of the embodiments of the invention. For example, although the foregoing embodiments relate to authentication processing, other types of processing can be performed using embodiments of the invention. For instance, since embodiments of the invention can verify that a user is actually in a specific location, embodiments of the invention can also be used to provide encouragement or rewards to users.

[0158] It should be understood that the present invention as described above can be implemented in a modular or integrated manner using computer software (stored in a tangible physical medium) in the form of control logic. Based on the disclosure and teachings provided herein, those skilled in the art will know and understand other ways and / or methods of implementing the present invention using hardware and combinations of hardware and software.

[0159] Any software component or function described in this application may be implemented as software code executable by a processor using, for example, conventional or object-oriented techniques and in any suitable computer language, such as, for example, Java, C++, or Perl. The software code may be stored as a series of instructions or commands on a computer-readable medium, such as random access memory (RAM), read-only memory (ROM), magnetic media (such as hard disks or floppy disks), or optical media (such as CD-ROMs). Any such computer-readable medium may reside on or within a single computing device and may exist on or within different computing devices within a system or network.

[0160] The above description is illustrative and not restrictive. Many variations of the invention will become apparent to those skilled in the art upon reading this disclosure. Therefore, the scope of the invention should not be determined by reference to the foregoing description, but rather by reference to the pending claims and their full scope or equivalents.

[0161] Without departing from the scope of the invention, one or more features of any embodiment may be combined with one or more features of any other embodiment.

[0162] Unless explicitly indicated otherwise, the use of the terms "a," "an," or "the / described" is intended to mean "one / a kind or a plurality of / kinds."

[0163] All patents, patent applications, publications, and descriptions mentioned above are incorporated herein by reference in their entirety for all purposes. They are not recognized as prior art.

Claims

1. A method for biometric authentication, the method comprising: A second biometric sample of the user is obtained from a mobile device; A second biometric template is generated based on the second biometric sample; The first secret password key and public value are generated by passing the second biometric template to the first function of the fuzz extractor; Send the public value to the access device; The access device receives a plurality of encrypted first biometric templates, each of which is encrypted using a corresponding secret key. Attempt to decrypt the first template among the plurality of encrypted first biometric templates using the first secret key; In response to the failure to decrypt the first template among the plurality of encrypted first biometric templates, an attempt is made to decrypt the next template among the plurality of encrypted biometric templates; In response to decrypting the next template in the encrypted first biometric template to indicate that the next template in the plurality of encrypted biometric templates is encrypted using a secret password key generated by passing the common value and the first biometric template to the second function of the fuzz extractor, it is determined whether the first biometric template matches the second biometric template, wherein the first biometric template is generated by the access device based on a first biometric sample on the access device; as well as In response to determining that the first biometric template matches the second biometric template, a confirmation of the match is sent to the access device.

2. The method according to claim 1, Generating the first biometric template based on the first biometric sample includes generating a first small biometric template and a first large biometric template; Generating the second biometric template based on the second biometric sample includes generating a second small biometric template and a second large biometric template; Generating the common value includes the first function of passing the second small biometric template to the fuzz extractor; The secret password key is generated by passing the common value of the first small biometric template and the mobile device to the second function of the fuzz extractor. The access device encrypts the first biometric template using the secret password key; The matching is between the first large biometric template and the second large biometric template.

3. The method according to claim 2, wherein the first small biometric template is one of the following: A blurred copy of the first major biometric template; and An incomplete copy of the first major biometric template.

4. The method according to claim 2, wherein the first large biometric template and the first small biometric template are generated based on the first biometric sample through the following steps: Extract one or more different features from the first biometric sample; and Generate digital references for the one or more different features.

5. The method according to claim 1, wherein the access device is a point-of-sale terminal.

6. The method of claim 1, wherein the mobile device is a mobile phone.

7. The method of claim 2, wherein the similarity between the first biometric template and the second biometric template of the mobile device exceeds a threshold matching score.

8. The method according to claim 2, further comprising: The mobile device receives the transmitter identifier from the transmitter.

9. The method of claim 2, wherein obtaining the second biometric sample of the user comprises one of the following: Take a photograph of the user's face; Obtain the user's fingerprint; Obtain the user's voice sample; Obtain the user's DNA sample; Perform a retinal scan on the user; and Obtain a hair sample from the user.

10. The method of claim 1, wherein the first biometric template is encrypted together with a resource provider identifier and a random number.

11. The method of claim 1, wherein the public value is a public key.

12. The method of claim 1, wherein the confirmation includes a payment message, the payment message including an amount, a resource provider identifier, and a master account.

13. The method of claim 12, wherein the payment message is signed by the first secret cryptographic key.

14. The method of claim 2, wherein the access device broadcasts the encrypted first biometric template to a plurality of mobile devices in the vicinity of the access device.

15. A mobile device, comprising: processor; as well as A computer-readable medium coupled to the processor, the computer-readable medium comprising code executable by the processor to implement the method according to any one of claims 1-14.