Method for obtaining candidate biometric data from an individual for authentication of said individual.
The method of displaying a personalized graphical element on the authentication interface addresses the vulnerability of biometric data to phishing by ensuring only legitimate interfaces can access biometric data, enhancing security and preventing unauthorized access.
Patent Information
- Authority / Receiving Office
- FR · FR
- Patent Type
- Utility models
- Current Assignee / Owner
- BANKS & ACQUIRERS INT HLDG SAS
- Filing Date
- 2024-12-19
- Publication Date
- 2026-06-26
AI Technical Summary
Biometric data is vulnerable to phishing attacks and malicious use, such as identity theft and deepfakes, due to the lack of robust protection mechanisms in traditional authentication methods.
A method involving the display of a personalized graphical element on the authentication interface, chosen by the user, to verify interface authenticity before acquiring biometric data, ensuring only legitimate interfaces can access biometric data.
Enhances security by preventing unauthorized access to biometric data, reducing the risk of phishing and identity theft, while maintaining user convenience and security.
Smart Images

Figure 00000000_0000_ABST
Abstract
Description
Title of the invention: Method for obtaining candidate biometric data from an individual for authentication of said individual.
[0001] GENERAL TECHNICAL FIELD
[0002] The present invention relates to the field of biometric authentication. More specifically, it concerns a method for obtaining candidate biometric data from an individual for the purpose of authenticating said individual.
[0003] STATE OF THE ART
[0004] Traditional authentication techniques using codes or passwords are gradually being replaced by much more secure and practical biometric techniques.
[0005] Thus, in order to access a service, a user of a mobile terminal for example may be asked to present their face in front of a camera or their finger on a fingerprint sensor.
[0006] One difficulty is, however, that biometric data are personal data that must be protected, unlike a meaningless code.
[0007] This leads to the emergence of phishing techniques in which a website fraudulently requests a user's biometric data, for example, asking them to present their face to the camera, acquire an image, and send it to a remote server. The user's personal data can thus be stolen.
[0008] Fortunately, biometric authentication methods are robust (so-called "anti-spoofing" mechanisms such as data freshness detection or liveness detection) and would not be fooled by stolen data, but this could be used for other malicious purposes (identity theft, deepfakes, etc.)
[0009] It would therefore be desirable to have a solution that reliably and universally prevents a malicious third party from stealing an individual's biometric data despite the increasing number of daily occasions when that individual is asked to present their biometrics to authenticate themselves.
[0010] The present invention also improves these situations. PRESENTATION OF THE INVENTION
[0011] The present invention therefore relates, in a first aspect, to a method for obtaining candidate biometric data from an individual for the purpose of authenticating said individual, comprising the implementation, by means of data processing equipment on a terminal, of the following steps: a. Display of an interface requiring the acquisition, with a sensor of the terminal, of said candidate biometric data on a biometric trait of the individual; b. Transmission of a request to verify the authenticity of said interface to an authentication server, said request uniquely identifying said individual; c. Receipt in response, from said authentication server, of a graphic personalization element associated with said individual; d. Display of said graphical customization element in a manner associated with said interface; e. Acquisition with said sensor, on said individual biometric trait, of said candidate biometric data.
[0012] step (d) comprising adapting said interface so as to include said graphical personalization element.
[0013] According to advantageous and non-limiting features:
[0014] Said graphic personalization element is an image previously chosen by the user.
[0015] According to a second aspect, the invention proposes a method for authenticating an individual, comprising implementing the method according to the first aspect of obtaining a candidate biometric data of the individual, then a step (f) of verifying that said candidate biometric data coincides with a reference biometric data of the individual.
[0016] According to advantageous and non-limiting features:
[0017] The method includes a preliminary step (aO) of enrolling the individual to authentication including obtaining said biometric reference data of the individual.
[0018] Step (aO) includes the selection of said graphic personalization element by the individual.
[0019] Said graphic personalization element is an image provided by the individual from said terminal.
[0020] According to a third and fourth aspect, the invention provides a computer program comprising code instructions for executing a method according to the first aspect of obtaining candidate biometric data from an individual for authentication of said individual, or a method according to the second aspect of authenticating an individual; and a computer-readable storage means on which is stored a computer program product comprising code instructions for executing a method according to the first aspect of obtaining candidate biometric data from an individual for authentication said individual, or a process according to the second aspect of authentication of an individual. PRESENTATION OF THE FIGURES
[0021] Other features and advantages of the present invention will become apparent from the following description of a preferred embodiment. This description will be given with reference to the accompanying drawings in which:
[0022] [Fig.1] [Fig.1] is a diagram of a system for implementing the method according to the invention;
[0023] [Fig.2] [Fig.2] is a flowchart illustrating the steps of an embodiment of the process according to the invention. DETAILED DESCRIPTION
[0024] Architecture
[0025] The present invention relates to a method of obtaining candidate biometric data from an individual for authentication of said individual, in a system as represented in [Fig.1].
[0026] Said authentication is initiated by the individual, on terminal 1 (see below), and typically aims to grant access to a service, authorize a transaction, unlock equipment, etc. A method for authenticating the individual implementing said method for obtaining candidate biometric data from the individual will be described later in a second aspect of the invention.
[0027] This is biometric authentication, meaning that the user authenticates themselves by presenting a biometric feature rather than a code or password, in particular their face, but also a fingerprint, iris, etc. Biometric data refers to a digital representation of this biometric feature, or encoding. For example, for a fingerprint, the biometric data could be the position of a set of minutiae. Those skilled in the art are familiar with numerous techniques for obtaining biometric data from the corresponding biometric feature, so this aspect will not be described further.
[0028] Said biometric data that we seek to obtain is a fresh biometric data acquired on the individual, called "candidate" in relation to a "reference" biometric data of the individual, advantageously stored by terminal 1 (or an authentication server which will be discussed later).
[0029] Terminal 1 is preferably a personal terminal belonging to the individual, in particular a mobile terminal (especially a smartphone), but it can be any equipment such as a workstation, or even an access control terminal. In the case of a personal terminal belonging to the individual, authentication is advantageously a strong authentication, i.e. two-factor authentication (possession of terminal 1 and biometrics), and the present process proves to be particularly secure as we will see later.
[0030] In all cases the terminal 1 is connected via a network 20 (in particular the internet network) to an authentication server 2, for example a server for the implementation of a service or a banking server (in the case of authentication), generally remote.
[0031] Terminal 1 and authentication server 2 each have data processing means 11, 21 (typically a processor) and data storage means 12, 22 (memory, for example flash). These latter, as advantageously explained, store a biometric reference data of said individual.
[0032] The terminal 1 further comprises interface means 13 such as a screen, and a sensor 14 for acquiring biometric data, in particular a camera if the biometric feature concerned is the face, a fingerprint sensor if the biometrics
[0033] Method for obtaining candidate biometric data
[0034] With reference to [Fig.2], the present method, implemented by the data processing means 11 of terminal 1, begins conventionally with a step (a) of displaying (on the display means 13) an interface requiring the acquisition with a sensor 14 of terminal 1, on a biometric trait of the individual, of said candidate biometric data.
[0035] This interface typically takes the form of a page displayed on said means 13, which may, where appropriate, be just a window or occupy the entire display area (i.e., the whole screen). This interface may be that of an application running on terminal 1 requiring authentication of the individual, for example, a payment application.
[0036] By "requiring the acquisition with a sensor 14 of terminal 1, on a biometric trait of the individual, of said candidate biometric data", it is understood that the interface displays a message indicating to the individual that terminal 1 needs to acquire his biometric data and that he must therefore present his biometric trait to sensor 14.
[0037] Originally, the process then includes a step (b) of transmitting a request to verify the authenticity of said interface to an authentication server 2, said request uniquely identifying said individual.
[0038] Indeed, the interface could be fraudulent and designed to steal the individual's candidate biometric data, so the user may wish to ensure that it is, on the contrary, authentic. Steps (b) and following will allow this.
[0039] Steps (b) and following can be implemented automatically after the interface is displayed, but preferably they are implemented upon request from the individual. Thus, if the user has no doubt about the authenticity of the present interface, he can continue the process (go directly to step (e) which will be described later), or if he has a doubt, request verification of the authenticity of said interface.
[0040] To this end, the interface provides a verification of its authenticity via an interface element such as a verification button or any other active area. When the user presses this button or performs an action corresponding to this interface element (for example, a swipe gesture on a touchscreen), the verification (i.e., step (b)) is initiated. The interface may explain this by means of text or a pictogram on or around the button.
[0041] Note that the absence of a possibility of verifying the authenticity of said interface (absence of the button) may be a sign of fraudulent character if the interface usually offers this verification.
[0042] The said request to verify the authenticity of said interface, transmitted to the authentication server 2 in step (b), uniquely identifies said individual, for example by including an identifier or at least data derived from an identifier (for example, a cryptographic hash of such an identifier). Indeed, this is an authentication process, i.e., the aim is to verify the identity of the individual and not to determine it (that would be identification). As such, the individual has normally previously provided an identifier (for example, their email address or a subscriber number, possibly entered in another interface). If terminal 1 is the individual's personal terminal, the individual is generally automatically identified (the identifier is pre-registered).
[0043] Server 2 processes this request by determining a graphical personalization element associated with that individual. More precisely, the data storage means 22 of server 2 can store a plurality of graphical personalization elements, each associated with an individual known to the authentication server 2 (i.e., already enrolled, see below), for example, via the identifier or derived data. Of course, only requests from known sources (for example, an official application, particularly one with a certificate) are processed. Indeed, a third party could attempt to integrate the verification button into a fraudulent interface, but server 2 would detect that the request comes from an untrusted source and therefore would not confirm its authenticity. A notification can be sent to the individual (at terminal 1) to inform them of the fraudulent nature of the interface and the phishing attempt.
[0044] By "personalization graphic element," we mean a graphic object such as an image, but also a texture, a video, etc., potentially unique and known to the individual. This personalization graphic element is therefore preferably previously chosen by the user, although alternatively one could arbitrarily (in particular randomly) assign them their graphic personalization element.
[0045] In all cases, it is understood that this is an element normally known only to him, which the individual must be able to recognize. The personalization element can therefore represent absolutely anything (a photo, a drawing, a signature, a text, an abstract graphic object, etc.).
[0046] Thus, in step (c), terminal 1 receives in response (to said verification request), from said authentication server 2, said graphic personalization element associated with said individual.
[0047] The method then includes a step (d) of displaying said graphical personalization element in a manner associated with said interface. By "in a manner associated with said interface," it is meant that the interface and the personalization element are clearly linked, i.e., that the personalization element is applied unambiguously to this interface and not another. To rephrase, step (d) is a step of personalizing said interface using said personalization element. Typically, step (d) includes adapting said interface to include said graphical personalization element, much like affixing a signature to a document to prove its authenticity.
[0048] This can be done in many different ways: - If the said customization element is a pattern or texture, it can simply be placed in the background of the interface; - If the said personalization element is an image, it can be embedded in a dedicated area of the interface; or displayed in another window; - If the said personalization element is a movie, it can be played over what is currently displayed by the interface, and then the previous display is restored; - Etc.
[0049] If the individual recognizes his personalization element (the one associated with him, i.e. the one he chose or at least that was assigned to him), he can be certain that the associated interface is authentic, and therefore he can consent without fear to the acquisition of the candidate biometric data.
[0050] Indeed, a third party who adds a fake verification button to a fraudulent interface might try to reassure the individual by displaying a personalization graphic element, but they do not know the individual's identity unless they access the authentic interface, which significantly reduces the risk of phishing. And if this interface displays a fake personalization graphic element, the individual will immediately recognize that it is not his and will understand that the interface is fraudulent, and will not present his biometrics.
[0051] Note that in an embodiment with strong authentication, a third party could not access the authentic interface (since it would require them to have access to the individual's terminal 1), and therefore the third party has absolutely no way of accessing and copying the graphical personalization element, so that the verification of the authenticity of the interface is potentially inviolable.
[0052] Finally, the method includes a conventional step (e) of acquiring said candidate biometric data using said sensor 14, based on said individual's biometric trait. It is understood that the possibility of acquiring the candidate biometric data can be enabled as soon as the interface is displayed (step (a)), but in practice, the individual may only authorize its implementation (by presenting their biometric trait to the sensor 14) once they have been able to verify the authenticity of the interface and therefore the legitimacy of the request to acquire their biometric data. Again, the user may feel confident with the interface displayed in step (a) and not initiate steps (b) to (d) (i.e., not press the authenticity verification button), and proceed directly to step (e), so that in most cases the present method does not slow down authentication at all and therefore does not degrade the user experience.
[0053] This acquisition classically consists, for example, of taking a photo of the biometric feature (in particular the face) and processing it in order to obtain said candidate biometric data.
[0054] Authentication method
[0055] According to a second aspect, the invention relates to a method for authenticating an individual, comprising implementing the method according to the first aspect to obtain the candidate biometric data of the individual on terminal 1 (steps (a) to (e)). This method can be triggered by terminal 1 or server 2 in response to any request requiring verification of the individual's identity, in particular a request to access a service, a transaction request, etc., initiated by the individual, most often on terminal 1.
[0056] So, in a conventional manner this process includes after obtaining the candidate biometric data a step (f) of verification that said candidate biometric data coincides with a reference biometric data of the individual.
[0057] Generally, this step (f) is implemented by the processing means 11 of terminal 1 (and said reference biometric data is stored by the storage means 12 of terminal 1), but alternatively, the biometric data can be transmitted (for example encrypted) to the server 2 so that its data processing means 21 can implement said comparison.
[0058] The latter can be made known in any way, depending on the nature of the biometric concerned, by counting the candidate biometric data and the reference biometric data and verifying that they are sufficiently similar, for example by calculating a distance between the candidate biometric data and the reference biometric data by a given distance function such as the Euclidean distance, and verifying that this distance is less than a given threshold.
[0059] If the result is positive, i.e. if said candidate biometric data coincides with a reference biometric data, the individual is authenticated and an action is implemented by server 2 (access to a requested service, authorization of the transaction, etc.).
[0060] Preferably, the authentication process includes a preliminary step (aO) of enrolling the individual for authentication, including obtaining said biometric reference data of the individual.
[0061] This enrollment can be carried out in a conventional manner and include the acquisition (with said sensor 13 or another sensor), on said individual's biometric trait, of said reference biometric data, in a secure environment. For example, this may have to be done in the presence of an authority, or when the individual is authenticated in another way (via a code or password, for example).
[0062] Therefore, step (aO) advantageously includes assigning said graphical personalization element to the individual, in particular the individual's selection of said graphical personalization element. Indeed, this is the best time to do so because of the necessary secure environment.
[0063] This can be done in many ways: - As explained, the said graphic personalization element can be selected arbitrarily and presented to the individual; - The individual may be presented on their terminal 1 with a plurality of possible graphic personalization elements, so as to choose one; - said graphic personalization element may be an image directly provided by the individual from said terminal 1, in particular an image stored on storage means 12.
[0064] Again, the present process will not be limited to any type of graphic personalization element or to any way of selecting it.
[0065] Terminal
[0066] According to a second aspect, the invention relates to terminal 1 for implementing the process according to the first aspect and at least partially to the process according to the second aspect.
[0067] Terminal 1 includes data processing means 11 and data storage means 12.
[0068] The data processing means 11 are configured to: - Display an interface requiring the acquisition with a sensor 13 of terminal 1, on a biometric trait of the individual, of a candidate biometric data, for authentication of said individual; - Transmit a request to verify the authenticity of said interface to an authentication server 2, said request uniquely identifying said individual; - To receive in response, from said authentication server 2, a graphical personalization element associated with said individual; - Display said graphical customization element in a manner associated with said interface; - Acquire with said sensor 13, on said biometric trait of the individual, said candidate biometric data.
[0069] According to a fourth aspect, the invention relates to the entire terminal 1 according to the third aspect and the authentication server 2, connected via said network 20.
[0070] Computer program product
[0071] According to a fifth and a sixth aspect, the invention relates to a computer program product comprising code instructions for the execution (on the data processing means 11,21 of terminal 1 and / or authentication server 2) of a method according to the first aspect of obtaining candidate biometric data from an individual for authentication of said individual, or of a method according to the second aspect of authenticating an individual; and a storage means (for example the data storage means 12,22 of terminal 1 and / or server 2) on which this computer program product is located.
Claims
Demands
1. A method for obtaining candidate biometric data from an individual for authentication of said individual, comprising implementing, by means of data processing (11) of a terminal (1), the steps of: a. Displaying an interface requiring the acquisition, with a sensor (14) of the terminal (1), of said candidate biometric data on a biometric trait of the individual; b. Transmitting a request to verify the authenticity of said interface to an authentication server (2), said request uniquely identifying said individual; c. Receiving in response, from said authentication server (2), a graphic personalization element associated with said individual; d. Displaying said graphic personalization element in association with said interface; e. Acquiring, with said sensor (13), of said candidate biometric data on said biometric trait of the individual.step (d) comprising adapting said interface to include said graphical personalization element.
2. Method of claim 1, wherein said graphic personalization element is an image previously chosen by the user.
3. Method for authenticating an individual, comprising implementing the method according to any one of claims 1 to 2 of obtaining a candidate biometric data of the individual, then a step (f) of verifying that said candidate biometric data coincides with a reference biometric data of the individual.
4. Method according to claim 3, comprising a preliminary step (aO) of enrollment of the individual for authentication comprising obtaining said biometric reference data of the individual.
5. Method according to claim 4, wherein step (aO) comprises the selection of said graphic personalization element by the individual.
6. Method according to claim 5, wherein said personalization graphic element is an image provided by the individual from said terminal (1).
7. Product computer program comprising code instructions for executing a method according to any one of claims 1 to 2 of obtaining candidate biometric data of an individual for authentication of said individual, or a method according to any one of claims 3 to 6 of authenticating an individual, when said program is executed on a computer.
8. Computer-readable storage means on which is recorded a computer program product comprising code instructions for the execution of a method according to any one of claims 1 to 2 of obtaining candidate biometric data of an individual for authentication of said individual, or of a method according to any one of claims 3 to 6 of authentication of an individual.