Generation of biometric-based reference tables to share cryptographic keys in a public network

By generating reference matrices from biometric images using one-way functions and error-reducing schemes, the method addresses the challenges of reconstructing biometric data and changes over time, providing secure and robust cryptographic key generation.

WO2026136441A1PCT designated stage Publication Date: 2026-06-25ARIZONA BOARD OF REGENTS ACTING FOR & ON BEHALF OF NORTHERN ARIZONA UNIV

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
ARIZONA BOARD OF REGENTS ACTING FOR & ON BEHALF OF NORTHERN ARIZONA UNIV
Filing Date
2025-12-16
Publication Date
2026-06-25

AI Technical Summary

Technical Problem

Existing cryptographic methods using biometric data for key generation face challenges such as the risk of reconstructing original biological information, changes over time, and difficulties with varying measurement conditions, compromising security and accuracy.

Method used

The generation of reference matrices from biometric images using one-way functions, combined with error-reducing schemes, ensures that biometric data is not reconstructible and accounts for changes over time, using a challenge-response-pair mechanism for secure key generation.

Benefits of technology

This approach enhances security by preventing reconstruction of biometric data and addressing changes in biological objects, ensuring robust and secure cryptographic key generation without storing personal information, with improved entropy and one-wayness.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure US2025059954_25062026_PF_FP_ABST
    Figure US2025059954_25062026_PF_FP_ABST
Patent Text Reader

Abstract

Protocols for generating reference tables using biological information are disclosed. The protocols are usable for sharing cryptographic keys in a public key infrastructure (PKI). During an enrollment cycle, reference matrices or tables are constructed from the biometric images of one or more users (e.g., user's of client devices). To protect user privacy, the knowledge of these reference matrices cannot reveal the biometric images, and a third party cannot generate the same matrices from the biometric images. The shared keys may enable secure communication between a server and one or more of the users.
Need to check novelty before this filing date? Find Prior Art

Description

ATTORNEY DOCKET NO. 2024-025 (133502.00250)GENERATION OF BIOMETRIC-BASED REFERENCE TABLES TO SHARE CRYPTOGRAPHIC KEYS IN A PUBLIC NETWORK CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] The present application claims priority to U. S. Provisional Application 63 / 734,640 entitled “GENERATION OF BIOMETRIC -BASED REFERENCE TABLES TO SHARE CRYPTOGRAPHIC KEYS IN A PUBLIC NETWORK”, filed December 16, 2024, the entirety of which is incorporated herein by reference.STATEMENT REGARDING FEDERALLY-SPONSORED RESEARCH

[0002] Not Applicable.BACKGROUND

[0003] Central organizations managing networks of computing devices, such as private enterprises, financial organizations, financial transaction networks, governments, and various other commercial entities face ongoing challenges by malicious actors seeking to gain access to secure systems with sensitive information. Such entities generally implement stringent methods to prevent malicious use and to ensure that only authorized users have access to sensitive systems. Examples include requests to users and client devices to frequently change passwords, supply tokens generated by multi-factor authentication and mandatory software updates. Users of such systems are accustomed to handle such mandatory requests in a routine manner, without verifying that the server managing security is legitimate.

[0004] Many methods have been suggested for the generation of cryptographic keys for encrypting communications between remote users (also described herein as users, clients and / or terminal devices) and central devices (also described herein as servers). Once such method is disclosed in U. S. Patent Application No. 17 / 879,697, entitled, “PUF -Protected Pseudo-Homomorphic Methods to Generate Session Keys,” filed on August 2, 2022, and published as 2023 / 0045288 on February 9, 2023. That application, which is incorporated herein by reference in its entirety, discusses systems and methods for using physical uncl enable functions (PUFs) to enable a user to authenticate a server, or a server to authenticate a user, and to generate session keys to enable authenticated communication between a client (user) and server. In one embodiment described in that application, the generation of session keys, initiated by client 1QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)devices, is based on the use of PUFs embedded in the server. During an initial setup, the client device selects a set of passwords and a set of random numbers to hash the passwords multiple times. The server uses the resulting stream as a set of challenges to generate a set of responses from the PUF, which are stored as reference. To generate a session key, the client device picks a new set of random numbers which are smaller than the initial set of random numbers, to hash its password multiple times; the resulting messages are sent to the server. Using its PUF and the initial responses, the server can find the differences between both random numbers which are used to generate a shared session key. This method is pseudo-homomorphic because the computations never disclose the original passwords. Without the PUF, it is not possible to analyze the information and generate shared keys.

[0005] US patent 10,503,890, entitled “Authentication of Images Extracted from Unclonable Objects,” filed as 15 / 434967 on February 16, 2017 and published as 2017 / 0235938 on August 17, 2017, describes how an unclonable and unique physical object, which may be a biological object, can be used for authentication using a CRP mechanism quite similar to the way physical unclonable functions (PUFs) are operating. That patent and publication are incorporated herein by reference in its entirety. According to that disclosure, the responses generated from the image of the unclonable object are then compared with the responses generated from the image kept as references. The CRP mechanism described in this publication is usable with any image of an unclonable object, including biological objects, such as images of human faces, irises, retinal vasculature and fingerprints.

[0006] What is common to these previously disclosed methods is the use of physical objects as one-way functions capable of generating responses to challenges, similar to cryptographic hash functions, but with certain improvements. In the case of PUFs, the challenges are generally specifications for measurement parameters of physical properties of the PUF. In the case of PUF arrays, the challenges may be sets of addresses of individual PUF elements that are to be measured, and conditions for measurement. Thus, the challenges specify how the PUF is to be measured, and the responses are physical characteristics of the PUF devices that are measured. In the case of a physical object, which may include a biological object, the challenges again specify measurement conditions. For example, image data may be taken of a biological object (like a finger print or a retina), and the challenges may specify addresses of locations in x and y2QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)within the image to measure variations in color or light intensity in the image. Another example usable with images of human faces is generating challenges that specify landmark facial features, and coordinates within an x-y coordinate space. The responses to these challenges may be the distance from a specified coordinate to a facial feature.

[0007] So generally, the challenges specify measurement conditions and parameters, and the responses are data that result from the measurements. The image data of a biological object is one example of a biometric print. As used herein, a biometric print is some set of data reflecting an accurate physical measurement of biological object. One example of a biometric print would be processed or unprocessed image data of a biological object, such as retinal vasculature or a fingerprint. The biometric print may result from rotating and scaling such image data such that it fits on and is in a fixed and known orientation with respect to a standard coordinate system. For example, when a human face and its features are used as the biological CRP mechanism, part of the biometric print generation process will be to recognize certain features (e.g., pupils), and use the distance and angle between those features to rotate and scale the image data to a standard, predetermined size and orientation. This enables future images of the same face to be accurately compared to previous images.

[0008] Many methods for the use of biological objects, as well as biometric prints made from biological objects, in cryptography have been suggested. In most of these methods, a biological object (that is, a direct measurement of the object such as an image of a face, gait, iris, retinal vasculature, fingerprint, etc.) or a biometric print (that is, some stored data indicia of the biological object, like stored image data) is used as a CRP mechanism. That CRP mechanism is then used for cryptographic key generation, and the cryptographic keys may then be used for various encryption and authentication tasks. Disclosures of these known methods may be found in the following patents and publications, all of which are incorporated by reference herein in their entirety: U. S. Patent Publication No. US20240348436A1 entitled “Biometry With Challenge Response Pair Mechanism”, published on October 17, 2024; U. S. Patent Publication No. US20250373437A1 entitled “Template-less Object Recognition With Challenge / Response Pair Mechanism”, published on December 4, 2025; U. S. Publication No. US20240214224A1 entitled “Pseudo-homomorphic Authentication of Users With Biometry” published on June 27, 2024.3QB\99989849.1 ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0009] More generally, protocols using reference matrices generated from physical unclonable functions (PUFs), also called crypto-tables, for authentication or shared key generation, have been described in prior work. These matrices are generated during an enrollment cycle, stored by a server, and used during authentication or key generation cycles.

[0010] Press et al. (1995) address the protection of cryptographic infrastructure by preventing the unauthorized substitution of weaker cryptographic algorithms with stronger ones designated for core security infrastructure. The central innovation lies in employing a challengeresponse mechanism to verify that cryptographic algorithms utilized within the system are both authentic and authorized for their specific purpose. This approach ensures proper segmentation between user-level and infrastructure-level security, preventing unintended substitution.Furthermore, encrypting the pointer serves to defend against 'man-in-the-middle' attacks, thus enhancing the overall security of the system.

[0011] Wallrabenstein et al. (2018) propose a multistage process incorporating Physically Unclonable Functions (PUFs), in which each stage retrieves and utilizes distinct secret values derived from the PUF. This approach enhances security by making it nearly impossible for attackers to clone or predict the secret values, as they are dependent on the unique, unclonable output of the PUF. Utilizing different secret values at each stage further strengthens the cryptographic operation's resilience against side-channel and memory-based attacks.Additionally, memory-clearing mechanisms between stages help to minimize the risk of exposing sensitive data.

[0012] Miller et al. (2016) devised a scheme combining dynamic key cryptography and a challenge-response mechanism with device minutiae (encompassing both hardware and software) for user and device authentication. The approach leverages a diverse array of minutiae — hardware, software, and biometric data — ensuring a highly secure and unique device identification. Rather than calculating the expected response in real time, the system employs a pre-computed set of responses that correspond to the unique minutiae of the device, enhancing both the speed and security of the authentication process.

[0013] Press et al. (1996) introduced an innovation aimed at safeguarding cryptographic systems by preventing the unauthorized substitution of weaker cryptographic algorithms with4QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)those reserved for internal security. This protection is achieved through a challenge-response mechanism, whereby the cryptographic support facility sends a challenge to the algorithm, which then generates a response using a cryptographic function. This response is verified by the facility to confirm the algorithm’s authenticity before granting access to the function table, which contains the cryptographic operations. To protect against 'man-in-the-middle' attacks, the pointer to this function table is encrypted using a shared secret key, ensuring secure execution of cryptographic tasks without risk of tampering or interception.

[0014] Walsh et al. (2017) present an authentication device and method that securely binds metadata, such as biometric information, to hardware-intrinsic properties derived from a physical unclonable function (PUF), establishing a unique 'root of trust.' The device integrates device enrollment parameters and sensitive metadata, processed via cryptographic hashing with the PUF, to generate a binding value that serves as the foundation for creating an authentication proof token. This token supports both interactive and non-interactive authentication through zero-knowledge proofs, protecting sensitive information by verifying identity without revealing private metadata, thereby enhancing secure and privacy-preserving authentication.

[0015] The utilization of trusted hardware components to issue and verify challenges that assess the device’s configuration and responsiveness to enhance the security of untrusted devices is shown by Winslow et al., (2014). The process involves the trusted component sending a request with specific challenges for the untrusted device to execute. By comparing the device's responses to pre-determined expected responses, the system evaluates the security status of the untrusted device, allowing or restricting further functions based on this assessment. The design supports cryptographic operations and can suspend sensitive operations to maintain security during processes like secure calls, offering robust, protocol-compliant protection against unauthorized access or compromised devices.

[0016] Bennison et al. (2022) proposed a four-factor authentication system that strengthens user authentication by combining a device-bound identity token, user-specific password, biometric data, and a dynamic challenge-response mechanism. The device identity token (Device-ID), cryptographically bound to the device, serves as the first authentication factor, while a unique user password provides the second. Biometric minutiae generate a cryptographic signature, contributing the third factor, and a random challenge from a remote authentication 5QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)system (RAS) constitutes the fourth. This challenge-response protocol, conducted over an encrypted, multi-channel setup, offers robust protection against interception, impersonation, and replay attacks while minimizing stored secrets and enhancing secure access reliability.

[0017] Hamlet et al. (2014) proposed a system that integrates a cryptographic fingerprint unit within a hardware device to enhance user authentication through a multi-factor authentication (MFA) approach. Central to this system is a Physically Unclonable Function (PUF) that generates a unique and unclonable value, serving as the first authentication factor. This PUF value is combined with additional factors — such as biometrics or passwords — through combining logic to produce a multi-factor authentication value, which then seeds a key generator to create a public-private key pair. The system incorporates noise reduction to stabilize the PUF output and securely deletes sensitive data following key generation, increasing resistance to spoofing and tampering. This design not only preserves user privacy by minimizing stored sensitive information but also ensures robust security for applications such as secure token generation and remote access control.

[0018] Ikeda et al. (2017) proposed a method in which a non-transitory computer-readable storage medium houses a program for a biometric reference information certificate generation apparatus that communicates with a biometric storage apparatus over a network. This storage apparatus maintains biometric reference information, its hash value, and a valid certificate. The program instructs the generation apparatus to record a user ID, the biometric certificate, and a validation flag, store a second private key, and generate challenge information. Upon receiving biometric data from the authentication target, the storage apparatus computes a hash value, generates a first digital signature, and establishes a biometric authentication context. The generation apparatus then verifies the challenge information and the first digital signature; if both are valid, it produces a second digital signature, creates the biometric reference certificate, and transmits it back. The storage apparatus subsequently validates the certificate and notifies the generation apparatus of a successful response, which includes the user ID and the certificate itself.

[0019] Andrada et al. (2017) utilizes a mobile device to acquire an encryption key pair (public and private keys) and interact with a Public Key Infrastructure (PKI) Certificate Authority (CA) to request a digital certificate using the private key. Upon receiving a rejection of 6QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)a certificate signing request (CSR) that includes an authentication and key agreement (AKA) challenge, the device calculates an AKA response and submits a second CSR to the PKI CA, which subsequently issues a digital certificate. The device collects biometric data from the user — such as fingerprints, iris scans, or voice recordings — derives a password from this biometric input, and securely stores the keys and digital certificate in a protected key store using the derived password. In our work, we propose a methodology for creating a unique crypto-table from biometric information, which can be utilized to generate seeds for digital signatures and authenticate users. This crypto-table is designed such that it is not possible to reconstruct the user's biometric information, ensuring that the stored data or crypto-table bears no resemblance to the original biometric data.

[0020] Liang et al. (2021) proposed a method that involves scanning and digitizing multiple biometric traits to create a set of digitized biometrics, from which an encryption key for cryptographic applications is generated. A biometrics encryption seed is obtained through various methods, including user input, automatic device generation, secure transmission from a remote server, device pairing, or retrieval from a key management system. This seed is subsequently employed to encrypt the digitized biometrics, resulting in a set of securely stored encrypted biometrics. This method ensures the protection of biometric data while facilitating the generation and utilization of an encryption key tailored for specific cryptographic tasks.

[0021] Chang et al. (2022) devised a scheme that involves receiving encrypted biometric enrollment data, which includes at least one enrollment sample encrypted with a key generated from a user secret. This data is associated with a user identifier, which is matched against a stored user secret to create a decryption key. The key is then used to decrypt the enrollment data, enabling the retrieval of the biometric sample, which is processed to generate a unique biometric reference template identifier. Additionally, the system receives an access request for a financial account from an aggregator, containing a user identifier, timestamp token, and encrypted authentication information. The system retrieves the corresponding shared secret, generates a key for decrypting the authentication data, and verifies the device and token identifiers against stored records to authenticate the aggregator and grant access to the user's account information, thus ensuring a secure authentication process.7QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0022] While the disclosures above provide some security advantages, they also face shortcomings amenable to improvement. For example, many known systems require storage of biometric print, or reference tables constructed from biological measurements or measurements of biometric prints, and in some cases, these reference tables are constructed in such a way as to permit reconstruction of the original biological information. This is a security flaw, and presents the risk of compromising sensitive information about users. Additionally, relying on biological objects as or to generate CRP generation mechanisms carries an inherent difficulty in that biological objects change over time with aging, damage etc. Additionally, methods that rely on measuring biological objects during an enrollment process, and then remeasuring the same biological object later (referred to herein as a “contemporaneous measurement”) have difficulty dealing with differing measurement conditions. Thus, further improvement is warranted.BRIEF SUMMARY

[0023] Embodiments of the invention are directed to improved methods for using CRP generation mechanisms derived from biological objects and biometric prints for cryptographic purposes such as key generation. In certain embodiments disclosed herein, reference matrices are generated from biometric images with one-way functions. The reference matrices may then be used as CRP generation mechanisms, i.e., they are addressable, and challenges indicating addresses may be generated to retrieve corresponding response data from the indicated addresses. The building of reference matrices with one-way functions prevents the uncovering of the images or biometric prints from being reconstructed from the matrices. An example of a mathematical method used to generate matrices is the one developed with Johnson-Lindenstrauss based algorithms in which randomly picked matrices are used to enhance the one-wayness.Moreover, an infinite number of matrices can be generated from the same biometric image preventing an opponent from generating the matrices stored by the server.

[0024] Additionally, biometric images are never the same; therefore, to reduce the error rates in the matrices, in certain embodiments, multiple images are captured during the enrollment cycle of each user. During such a cycle, a ternary representation can identify the stable states with either a “0” or a “1” from the less predictable states that carry the third state “x”. The challenges are exchanged through the networks allowing concurrent generation of the same responses from the reference tables of the server, and the biometric images of the users. The8QB\99989849.1 ATTORNEY DOCKET NO. 2024-025 (133502.00250)cryptographic keys are concurrently computed from the responses by the server and the user, thereby equipping them with the same keys. During the key generation cycle, only the stable cells are selected, combined with lightweight error correcting schemes. Examples of cryptographic protocols generating and distributing keys can use challenge-response-pair (CRP) mechanism.

[0025] In one embodiment, a method to generate a reference table for a challenge-response-pair (CRP) mechanism is provided. The method relies on data regarding a biological object -typically a stored or contemporaneously taken image of a biological object. The object can be any object that demonstrates a sufficiently high level of uniqueness, and may be an iris, fingerprint, palm print, retinal vasculature, etc., but in the non-limiting examples set forth in this disclosure, will be a human face.

[0026] The method includes generating a random number Seed (e.g., with a RNG or PRNG process running on a programable processor. The random number Seed is of sufficient bit length to parse it into a set of N positions in x-y in a 2D image of the biological object, as well as instructions pertaining to each of those N positions. Thus, Seed is divided into N segments, each segment having a position (1 to N), and each segment being readable as an address in an x-y coordinate space and optionally as an instruction set. The set of instructions associated with each identified x-y address may specify some measurement conditions to be applied to the specified position, i.e., some analysis, measurement or computation of some parameter gathered from the image that is a function of each of the identified x-y positions. That is, the resulting digital stream is the result of the application of the instructions (measurement conditions) at each of the specified locations. The locations and instructions may be screened to generate a digital stream from a set of instructions that is consistent when measured multiple times, and will vary significantly across x-y positions. That is, the “challenges” may be screened such that they result in responses that are unique and repeatable above some threshold, and challenges that do not meet this criteria may be excluded.

[0027] In certain embodiments, a reference table is constructed using the list of locations in the image, and the corresponding response stream just described (“responses”). The reference table X-Y is constructed by:Ordering along the X-axis the positions 1 to N.Ordering along the Y-axis the digital stream computed at each position.9QB\99989849.1 ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0028] In certain embodiments, the above steps are performed on a server device during an enrollment process, which may involve taking a biometric print of a user (i.e, imaging the user’s face, and then rotating and scaling the image).

[0029] In some embodiments, the method includes implementing an error reducing schemes such as, not limited to, the ones using Gray codes, wherein the b-bit long digital streams can be converted to b-bit long digital stream with the Gray-code methodology.

[0030] In some embodiments, the method includes redundant elements: the protocol starts with a greater number of positions, for example and not limited to 2*N, and only keeps the positions that are the most similar when the computations are repeated with multiple similar biometric images.

[0031] In certain embodiments, the method is modified to generate reference tables with three states: the “x” states that trend to be erratic, the “0” or “I” states that are stable. For example, not limited to, multiple similar biometric images of the subject are captured to generate multiple digital streams at each position x-y in the biometric image with their set of instructions; the erratic states are identified by comparing the multiple digital streams with each other.

[0032] As noted above, the biometric images may be generated from, not to be limited to, facial images, fingerprints, palmprints, iris. Moreover, the methods are extendable to other sorts of biological objects, such as non-human biological objects (wood grains, patterns in leaves, crystal growth patterns, etc.) as well as other unique data regarding individual humans gait.

[0033] Cryptographic key pairs may be shared between a server and client device using the reference table discussed above. Assume that a server device builds a reference table above on the basis of one or biometric prints (e.g., images of a human face). This may occur during enrollment of a user or client. To generate a Key, the server may generate a random binary bitstream Key using a random number generator (RNG) or pseudo random number generator (PRNG). The Key is N bits long. As a binary number, Key, will be an ordered sequence of Is and 0s, having m is and N-m 0s. The server then consults the reference table (or generates a new one from a stored biometric print - although this is not preferred) and retrieves a subset of m responses from the full set of N responses in the table. The retrieved responses correspond to the responses having the positions in N that correspond to Is (or a first binary symbol) in Key. For 10QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)example, assume that there are three entries in the reference table Nl, N2, and N3. These columns correspond to the first, second and third segments into which the number N was divided to generate individual addresses and instruction sets. Each entry has a corresponding digital response stream Rl, R2 and R3. Assume that Key is 101. The subset of m responses selected is R1 R3. Thus, subsets are generated by ignoring the responses positioned in entries of the Key equal to 0, and keeping the responses positioned in entries equal to 1.

[0034] A user or client device may then generate its own copy of Key. The recovery of the Key is possible when both the m responses (the selected subset) and the complete reference table of N responses are known. In this example, the receiving party recovers the key K by recognizing the relative position of the subset of m responses among the initial sequence of N responses. To do this, the user or client device constructs the same reference table. This may be done by imaging the biological object (e.g., the user’s own pre-enrolled face that was used to build the server’s reference table) to result in a biometric print. The image may be scaled and rotated according to the same process used by the server during enrollment. The client then retrieves the original random number Seed, which may be received from the server as part of some handshake communication, but preferably is pre-stored on the client device as part of the enrollment process. As occurred on the server side, the client then segments the Seed into N challenge segments, parses those segments to identify x-y addresses and optional measurement instructions, and then applies the challenges to the biometric print to generate N responses. The server’s N responses are then compared to m responses received from the server. The Key has a “1” (or the first binary symbol) in positions where the segment of N has a response that matches one of the m responses, and a “0” or a second binary symbol elsewhere.

[0035] The result of this process is a matching key pair shared between client and server. Assuming Seed is pre-stored at the client device, the only piece of information that needs to be transmitted is the m response subset. The keys, now shared by both devices, are usable for typical cryptographic functions such as encrypting and decrypting other keys or files for storage, or for encrypting / decrypting communications for transfer between the devices. The keys may also be used for applying and authenticating digital signatures. The keys, or indicia created by the keys, may be compared to authenticate one device to the other.11QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0036] Other embodiments expand on these protocols to cases including multi-factor authentication (MFA), peer to peer key exchange, access control for secured environments (e.g., bank ATMs or secure buildings), and other applications.

[0037] Embodiments of the invention have certain advantages relative to the known cryptographic methods described above. As noted above, the inventive embodiments address an inherent disadvantage to using biological objects as or to generate CRP mechanisms, namely drift of changes to the biological object over time and / or changes in measurement conditions between enrollment and verification cycles. Additionally, inventive embodiments use a novel mechanism to generate unique reference matrices for challenge-response mechanisms using biometric images or images of objects from various random angles for authentication and recognition. The enhanced entropy and one-wayness that the inventive methods achieve using biological objects as the basis of CRP mechanism is uniquely advantageous.

[0038] The above features and advantages of the present invention will be better understood from the following detailed description taken in conjunction with the accompanying drawings.BRIEF DESCRIPTION OF THE DRAWINGS

[0039] The drawings described herein constitute part of this specification and include example embodiments of the present invention which may be embodied in various forms. It is to be understood that in some instances, various aspects of the invention may be shown exaggerated or enlarged to facilitate an understanding of the invention. Therefore, drawings may not be to scale.

[0040] FIGs. 1 and 2 schematically depict an arrangement for enrollment and subsequent key exchange between a server and client device.

[0041] FIG. 3 shows how a biometric print of a human face may be used as a CRP generation mechanism according to the inventive embodiments.

[0042] FIG. 4 depicts an example of challenges producing distances to capture geometric properties of a face12QB\999898491ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0043] FIG. 5 depicts enhanced algorithms for constructing CRP matrices out of biological objects, and specifically, images of biological objects such as faces.DETAILED DESCRIPTION

[0044] The described features, advantages, and characteristics may be combined in any suitable manner in one or more embodiments. One skilled in the relevant art will recognize that the invention may be practiced without one or more of the specific features or advantages of a particular embodiment. In other instances, additional features and advantages may be recognized in certain embodiments that may not be present in all embodiments.

[0045] Reference throughout this specification to “one embodiment,” “an embodiment,” or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, appearances of the phrase “in one embodiment,” “in an embodiment,” and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.

[0046] It is contemplated that, in preferred embodiments, the methods described below will be carried out in a computing environment including at least two computing devices in electronic communication with one another. The first device will be referred to as a “server” or a “central” device, and the second device will be referred to as a “client” or a “terminal” device. References to “users” refer generally to individuals accessing a particular computing device or resource, to an external computing device accessing a particular computing device or resource, or to various processes executing in any combination of hardware, software, or firmware that access a particular computing device or resource. Both the client and server devices are, preferably, general purpose or specialized computing devices, which may include non-volatile storage, a programmable processor, input / output devices, and network interface devices. The non-volatile storage may encode computer readable instructions that, when executed, cause the processors in the server and client devices to execute the method steps described throughout this disclosure.

[0047] The client and server devices discussed below preferably also include circuitry and electronic instruments necessary to measure a physical characteristic of some physical object, such as a PUF, or preferably, a biological object and to generate responses from the resulting measurements. An optical image capture device such as a camera (having an optical imaging13QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)system, a 2-D detector and, optionally, illumination optics such as LEDs) is one example of such an electronic instrument. Other examples would include 2-D or 1-D flatbed scanners for taking image data of a fingerprint. In certain cases, the client device may be a smart phone including a camera. In certain cases, the central and terminal devices may be processes running on the same device.

[0048] In the examples that follow, a biological object is used as the foundational element for CRP generation, however the inventive embodiments are not so limited. It should be understood that the methods described herein apply to any CRP generation mechanism based on any uncl enable physical object. In addition to biological objects, PDFs, including addressable PDFs, may also be used as the CRP mechanism. In these embodiments, the challenge represents measurement conditions (such as device addresses) for the PUF, and the response is based on a measured physical characteristic of the device under the specified conditions. Exemplary usable PUF arrangements are disclosed in U. S. Patent Application 17 / 879,697, entitled “PUF -Protected Pseudo-Homomorphic Methods to Generate Session Keys,” published as 20230045288 on February 9, 2023, which is incorporated herein by reference in its entirety. Exemplary PUF devices usable with embodiments described below include PUF devices of the following types: SRAM cells, ring oscillator circuits, gate delay circuits; resistive memory devices; ferroelectric memory devices; phase change memory devices; magnetic memory devices; flash memory devices; and one-time programmable memory devices. Non-limiting examples of measurable physical characteristics of devices used in PUF arrays are time delays of transistor-based ring oscillators and transistor threshold voltages. Additional examples include data stored in SRAM or information derived from such data For example, an SRAM PUF exploits the metastability in the start-up process of SRAM cells. In the instant after start-up, the two halves of each SRAM cell circuit both try to pull the output of the memory cell to either a “1” or “0” state. Depending on the specific process variation of the transistors in the circuit, one half of the SRAM cell will be unpredictably stronger and will force the SRAM cell into the corresponding state. The behavior of the structure of SRAM cells must then be combined in some way by a control system or architecture to provide the challenge / response mechanism and provide the PUF interface. In the example of an SRAM-based PUF device, the device could be power-cycled 100 times and the frequency of the “0” or “I” state could be used as a characteristic of that device. Other nonlimiting examples of suitable characteristics include optical measurements. For instance, a PUF 14QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)device may be an optical PUF device which, when illuminated by a light source such as a laser, produces a unique image. This image may be digitized, and the pixels may be used as an addressable PUF array. A good PUF should be predictable, and subsequent responses to the same challenge should be similar to each other (and preferably identical).

[0049] Other physical objects may also be used as a CRP mechanism. For example, image data may be taken and measured by biological objects from non-human subjects, or from non- biological natural objects, the appearance of which, demonstrates sufficient randomness and complexity. For example, U. S. Patent Application No. 15 / 434976, published as 20170235938 on December 10, 2019, describes taking image data of DNA or nanoparticles and then measuring those images as a CRP mechanism That application is incorporated by reference herein in its entirety

[0050] In the examples that follow, a biological object, unique to an individual, is used as an unclonable function, capable of generating unique and repeatable responses when measured according to certain measurement parameters (challenges). In practice, the biological object is some feature of an individual user’s body (e.g., a fingerprint, iris, retina, facial features, etc.). The challenges are instructions that specify a particular set of biological object measurement conditions. For example, a challenge might be a location on an image of a fingerprint, and an area at that location to be measured. The responses might be features (variations in color or shade or shape, intersection of lines, etc.) measured at the specified area or areas, or along a specified direction. In some embodiments, a biological object may be subject to a preenrollment setup state to generate calibration data that is used to standardize all future image data taken from the object. This enables future measurements of the same object to perform under the same conditions as prior measurements. In the case of taking image data from the object, the preenrollment data may enable the system to rotate and scale future images to a baseline orientation and scale before each response measurement such that all measurements of the same features are as repeatable as possible. This same calibration and scaling methodology may be applied to any of the protocols described below, which all involve measuring a first set of enrollment responses from a biological object, and comparing those responses to a second set of responses from the same biological object measured at a different time in the future. These two measurements have15QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)to be compatible, so inventive embodiments are capable of rotating and scaling images, and calibration data may be stored to accomplish this.

[0051] Biological objects, and datasets derived from them, are uniquely well-suited for use as CRP generation methods. While the types of biological (and non-biological) objects usable with the methods below are potentially unlimited, in preferred embodiments, objects will be selected according to a number of performance criteria now described:

[0052] Predictability: The same set of addresses (challenges) should generate the same data stream. In that standpoint, the challenge-response pairs (CRP) should be the same when the same challenge is inserted. Minor variations are acceptable when error correcting schemes can be applied. False Reject Rates (FRRs) measure the probability of a failure in the recovery process due to un-correctable changes.

[0053] Uni city: Each user should have a unique set of CRPs that can be used for authentication, and cryptographic key generation. Minor variations in user-to-user should be rejected. False Acceptance Rates (FARs) measure the probability of wrongly accepting the wrong users.

[0054] One-wayness: Without having access to the biometric image, it should be near impossible to find the reference table from the biometric image, therefore impossible to find the challenges from the responses. In that regard, the CRP mechanism acts similarly to a cryptographic hash function.

[0055] High entropy: The number of possible matrices with distinct CRP configurations of the same user should be quasi-infmite. The intent is to prevent an opponent from generating the same matrix from the same visual image. Entropy, the logarithm base 2 of the number of possible matrices, should be greater than 128 to prevent brute force attacks.

[0056] To enhance these attributes, the protocols presented in this disclosure the reference tables carry a ternary representation in which the content of each address is either a state “0”, “1” or “x”. To identify the “x” states, repetitive enrollment cycles generating multiple reference tables permit the identifications of the addresses that are not stable. These unstable positions are masked during key generation to reduce FRR without impacts on FAR.16QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0057] In the examples that follow biometric prints are used as the basis to generate CRP mechanisms (i.e., matrices). A biometric print is some accurate data representation of the biological object, e.g., processed or unprocessed image data of fingerprints, palms, facial features, retinal vasculature and other vein patterns, iris appearance, combinations thereof, image data regarding body gait or infrared images of body parts. It is important to note, however, that other CRP mechanisms can be used in conjunction with the protocols that follow. For example, PUFs may be used as a CRP mechanism. Indeed, while the protocols described herein are advantageous because they address problems inherent to measuring responses from physical objects during different points in time, the CRP mechanisms described need not be physical. The methods work even with deterministic and / or non-physical CRP mechanisms, including hash functions, one-time pads, etc.

[0058] In the examples that follow, methods for enhanced and error-resistant generation of CRP mechanisms from biological objects are disclosed. The disclosed CRP mechanisms are usable for any suitable cryptographic purpose such as key generation, key exchange, digital signatures and authentication, particularly in connection with public key infrastructure (PKI). The described methods are advantageous because they do not require storing any personal biometric information after enrollment cycles. The described methods also exhibit increased resistance to measurement errors, which may occur because of drift or noise in measurements of biological objects caused by changes in the object overtime.

[0059] FIG. 1 schematically illustrates the use of biological objects and biometric prints as CRP generation mechanisms for use in cryptographic tasks, such as key exchange. The FIG. 1 scheme is presented as a use case for the enhanced CRP generation mechanisms described below in reference to FIG. 5. That is, FIG. 1 depicts a simplified enrollment and key verification procedure where the biological print itself may be used as a CRP mechanism, and the algorithms of FIG. 5 extend that disclosure to include building matrices from the biological object, and then using those matrices as the CRP mechanism.

[0060] Referring now to FIG. 1, an enrollment procedure is conducted in a secure environment. The enrollment procedure begins with the generation of an ordered sequence of n random seed numbers. In the exemplary methods described below, input parameters, “challenges”, which are measurement conditions for the biological object, in this case a face, are 17QB\999898491ATTORNEY DOCKET NO. 2024-025 (133502.00250)generated from random seeds. These seeds are shared by the client and the server and used by both to generate n challenges: Cl, C2,..,, Cn. These challenges are functions that operate on information generated from biometric images, in a manner similar to that of a one-way function to produce outputs. In the exemplary cases described below, a user individual presents an image of her face by looking into a camera. This image is transformed into a vector v (i.e., a biometric print) upon which the challenge functions Ci operate, producing an ordered sequence of n responses: Rl, R2,..., Rn, with each Ri = Ci (v). The challenge functions have the following properties. In a manner similar to a one-way function, it should be a very hard problem to map back from the responses Ri and obtain any information about the biometric information v. Also, different responses Ri, Rj with i not equal to j, arising from different randomly generated Ci, Cj, should be completely independent of each other. However, if the identical challenges Ci are applied to a slightly different vector v’ arising from a very similar image of the same person, the responses R’i = Ci(v’) should be very close to each other. This behavior is quite different from a standard hash function, where even one bit of difference in the input should create an entirely different output. To summarize, a vector of n functions of slightly different images of the same face: (R’I, R’2,..., R’n) should be very close to the original vector (Rl, R2,..., Rn) when the same collection of challenges Cl, C2,..,, Cn is applied to the two vectors v and v’ generated by the same client. One way of thinking about this is that a collection of different images of the same client should map to n-dimensional vectors inside a sphere of small radius in n-dimensional space. However, a different client should produce a vector w of biometric information whose corresponding vector of responses under the same challenges: (Cl(w), C2(w),..., Cn(w)) is as distant as possible from the sphere containing (Cl(v), C2(v),..., Cn(v)). The methods described below achieve this balance, that is, mapping similar images of one client to a small sphere, and mapping images of a different person to a discemably different position in space, is achieved, which greatly enhances the usability and security of the described protocols.

[0061] At the end of the enrollment the server and client each store the ordered list of challenge-generating seeds. In the first protocol presented below, the server can store the ordered list of responses. Neither stores any private biometric information.

[0062] During an authentication session a client looks into a camera second time, and creates a second image of her face, and maps this to a vector v’, duplicating the process used during18QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)enrollment. The client then regenerates the challenges C i from the stored seeds. The client then generates, from a random seed, a cryptographic key of length n, for example a sequence of n l’s and 0’s. Suppose there is a 1 in location m. The client then applies C m to v’, obtaining R’m = Cm.(v’). The client repeats this with each 1 in the key: computing a response for each. This list, averaging n / 2 responses, is then conveyed, possibly insecurely, to the server. The server compares this subset of responses to its ordered list of the full set of n responses. The server takes the first response on the list and compares it with its original list of responses. If there is a sufficiently close match with a response on the original ordered list, the server places a 1 in the corresponding key. It then continues, matching the subset of responses to the closest fitting ones in its list. At the end, the key was shared.

[0063] Referring now to FIG. 2, there is shown a method of cryptographic key exchange between a server device (“server’) and a terminal device (“user”) according to one inventive embodiment. The protocol described in reference to FIG. 2 and throughout the remaining examples of this disclosure uses biometry (i.e., the measurement of some biological object) to share cryptographic keys without keeping any image data captured during enrollment.Exemplary biological objects, biological prints derived therefrom, suitable challenge instructions, and the sorts of responses measured for those challenges are set forth in U. S. Patent Publication No. US20240214224A1 entitled “Pseudo-Homomorphic Authentication of Users With Biometry,” published on June 27, 2024, which again is incorporated by reference herein in its entirety, and to which this case claims priority.

[0064] In the arrangement of FIG. 2, there is an initial enrollment process shown in “1”, “initial set up”. Preferably, this process occurs in a trusted environment as part of a secure video conferencing event. During the enrollment cycle, a biometric print of an individual using the terminal device is sent to the server for processing (i.e., the generation of responses). The response generation step will be repeated by the user later, using a different (i.e., contemporaneous) biometric print. During the enrollment cycle, the server needs to process the biometric image of the user with CRP mechanism; the user follows the same CRP -based process during the key exchange operation.19QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0065] The enrollment cycle proceeds as follows:1. During the secure setup session, the terminal device creates a sequence of 256 bit seeds and sends them to the server. The seeds may be generated with the assistance of a random number generator (RNG), running on a processor at the terminal device. The seeds may also be generated with a password, supplied by the user, which may be processed (e.g., sequentially hashed with an extended output function). Some combination of the aforementioned methods may also be used (e.g., by hashing a password with the output of a RNG, concatenating the two, etc.). The result is preferably an ordered sequence of 256 bit seeds of length n, as shown below:{Si, S2,..., Sn} with Si G {0, 1} and i G {1, n)2. The server uses the seeds as, or preferably to create an ordered sequence of n challenges, for example by using a hash function with an extended output function (XoF):{Cl, C2, Cn}*-{S1, S2, Sn}3. The terminal device captures a biometric print (e.g., image data of a biological object of the individual user such as an image of the user’s face, retina etc.), and sends it to the server. Alternatively, the server is in real time video conferencing with the terminal device and user and is allowed to capture a biometric image using the terminal device’s camera.4. The server applies the CRP mechanism of the image to the n challenges to generate n responses. That is to say, the server uses the challenges as measurement instructions and measures the biometric print in accordance with those instructions:{Ri, R2,..., Rn}^{Ci, C2,..., C„}It is preferrable for the responses to be appreciably long to achieve BERs of below 20%, for example, 256-bits long. In certain embodiments, this may be accomplished by providing the raw response data to a hashing for XoF function, which is then stored as the responses.5. The server finally erases the seeds {Si, S2,..., Sn}, the sequence of 11 challenges {Ci, C2,..., Cn}, retaining in memory only the sequence of n responses{Ri, R2,..., Rn}.6. The user retains only in its memory the sequence of seeds {Si, S2,..., Sn}.20QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0066] At the end of the enrollment the server and client each store the ordered list of challenge-generating seeds, and the server can store the ordered list of responses. Neither stores any private biometric information.

[0067] The key exchange cycle proceeds as follows:1. The seeds are used again to create an ordered sequence of n challenges:{Ci, c2, cn}HSi, s2,..., s,j2. The terminal device captures a biometric self-image of the user with the same camera, and similar macro-measurement conditions as the capture used during enrollment. The system may optionally calibrate the second image data such that it matches the image data taken during enrollment. This process may involve scaling and rotating the image and adjusting signal level such that it matches the initial image taken during enrollment.3. The terminal device applies the CRP mechanism to the n challenges to get n responses:{R’i, R’2,..., R’n}^{Ci, C2,..., C„}4. The terminal device randomly generates (e.g., with an RNG) an n-bit long key K. The bits are then ordered from position 1 to position n. An m-bit long subset of index integers{ii, i2, is generated by capturing the positions of K’s entries equal to “1”, ignoring the entries equal to “0”; ij G { 1, n}, and j G {1, m}.The space of choices here has size roughly 2n, n should be large enough, 256, or higher 5. The client sends only the list of m responses {R'ix, R'i2,..., R'jm} to the server,6. The server identifies the sequence {ii, i2, im} as follows:a. Let d R'jj, Rk) denote the hamming distance between the responses R'^ and Rk. b. For each R'j., the server cycles through the list of responses from position 1 to position n, and finds the unique k such that:d(R'j., Rk) < £, where £ is the cutoff point.[With n = 256 and BER < 20%, an E of 52 bits should keep FARs and FRRs low] 7. From the list of indices {ii, i2,...,i(m)} the server can uncover the key K.

[0068] The server and client can then use the shared Ks to engage in encypted communications. The shared keys may be used to encrypt and decrypt communications according to any symmetrical encryption protocol (e.g., AES). The keys may also be used by21QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)each party to authenticate the other, e.g., by signing some shared piece of information and comparing the result.

[0069] To restate the key sharing process, the client uses its stored seeds to generate a sequence of n challenges. The biometric print is measured in accordance with the challenges to generate an ordered sequence of n responses (i.e., a first response, a second response, etc., up to the nth response). A random binary number K is generated of length n. That number will have a sequence of m Is. Responses in the ordered sequence corresponding to positions in the random number having the value “1” are identified, and only these m responses are sent to the server. In other words, if n = 3, there are three responses R’ 1, R’2 and R’3. If the random number K is 101, m=2 and only responses R’ 1 and R’3 are sent to the server, corresponding to the first and third Is in K. The server knows the length of K, because it is equal to the originally received number of responses, n. The server selects R’ 1, and it sequentially computes the Hamming distance between R’ 1 and every response that it stored during enrollment R1.. Rn. Where this computation results in a Hamming distance below some threshold, or the minimum Hamming distance of all the computations in the sequence, the server has determined the position of R’ 1 in the order of the original responses. In the example above, the Hamming distance between R’ 1 and R1 will be low, and in fact, it should be the lowest Hamming distance of any of the comparison steps. The server knows that R1 was the first response in the enrollment sequence, so it knows that R’ 1 is also the first response in the sequence of exchange responses, so it assigns the first position in the key a “1”. R’3 will match with R3, and so the third position in the key will be assigned a “1”. All other positions are assigned “0”. In this manner, the server has generated K.

[0070] In another embodiment of the key exchange protocol, steps 4 to 7 in the algorithm above are modified by sending n responses in the key exchange step, but where random responses have been inserted for enrollment responses within m corresponding to positions in n where the entries for K are zero. Optionally, but preferably, the enrollment response string is reordered randomly. The server then takes each of the new responses, and sequentially attempts to match it against the enrollment responses. If there is a match, an entry of 1 is assigned to the server’s copy of K in the position of the match response. For all unmatching responses, the server’s copy of K is assigned a zero in the corresponding position. This embodiment introduces22QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)more entropy to the system at a cost of requiring the server to check matches for all n of the received responses during the key exchange step. As above, a match between a second response and a first response may be determined by computing a Hamming distance and declaring a match when the Hamming distance is below some threshold, or for whatever first response the second response demonstrates the minimal Hamming distance across the set.

[0071] This modified protocol proceeds as follows:1. The user chooses randomly a n-bit long key K The bits are then ordered from position 1 to position n. The sequence of n responses is altered by replacing the responses positioned at entries equal to “0” by randomly generated streams of the same length. The responses positioned at entries equal to “1” are kept intact. This results in a new set of n responses that are reordered randomly: {R'P1, RZp2- • RzPn}.2. The client sends only the list of n responses {R'P1, R'P2,..., R'Pn} to the server.3. The server differentiates the valid responses as follows:a. Let d(R'p., Rk) denotes the hamming distance between the responses R'p. and Rk. b. For each R'p. with intact response, corresponding to a “ 1” entry of K, the server cycles through the list of responses from position 1 to position n, and finds the unique k such that: d(R'k., Rk) < £, where £ is the cutoff point.c. For each R'p. with a response changed to a random stream, corresponding to a “0” entry of K, no Rk matches are available due to the high entropy of the CRP mechanism.4. From the list of matching positions, the server can uncover the key K.

[0072] This last protocol is simplified in other alternative embodiments by eliminating the random reordering of the revised n responses at the end of step 4. The search of step 6 is then much faster as the server does not have any more to cycle through the list of responses. The number of searches is reduced to n searches rather than a number that could be as high as (nA2) / 4.

[0073] The key exchange protocols described above can be further enhanced to eliminate collisions and remove the pairs that are not reliable. One possible protocol starts with a greater number of challenges, for example 2n, and selects only half of the challenges. The server iterates 23QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)multiple CRP cycles with the set of 2n challenges to test BERs. The server only keeps the n collision-free challenges with the lowest BERs. A 2n-bit long mask is generated with the entries at 0 for the positions that should be eliminated, and entries at 1 for the positions that are kept. An outline of the modified enrollment is the following:1. n-bit long seed: {Si, S2,..., Sn} with Si G {0, 1} and i E { 1, n}2. The server generates 2n long challenge: {Ci, C2,..., C2n}*-{Si, S2,..., Sn{.3. Capture a biometric image.4. The server finds a 2n-bit long mask M to generate the responses:[{Ri, R2,..., Rn}; Mask M] {Ci, C2,..., C2n}5. The server retains in memory the sequence of n responses{Ri, R2,..., Rn}, and sends M to the user.6. The user retains only in its memory mask M, and the sequence of seeds {Si, S2,..., Sn{.

[0074] The outline of the modified key exchange cycle is described as follows:1. The user generates the 2n long set of challenges: {Ci, C2,..., C2n}*-{Si, S2,..., Sn{.2. Biometric image.3. The user applies the CRP mechanism to the 2n challenges with the mask M to get n responses:{R’i, R’2,..., R’n} [{Cl, C2,..., c2n{, M]4. The user chooses key K. The subset of integers {ii, i2,..., im} is generated by capturing the l’s.5. The client sends the m responses {R'^, R'i2,..., R'im} to the server.6. The server identifies K from the sequence {ii, i2,..., im}.

[0075] This collision avoidance and masking protocol can also adopt the variation presented above, in which the size of the sequences of responses is kept constant by replacing the responses positioned at entries of 0 of K by random streams.

[0076] In the improved examples that follow, which add the additional layer of matrices on top of the use of biometric prints, human faces are used as the example of a suitable biological object. FIG. 3 shows, in additional detail, how a human face can be used as the basis of a CRP mechanism. In the example of FIG. 3, the biological object is a human face, and the biometric print being measured is an image of the face. An image of a human face contains identifiable 24QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)landmarks such as the bridge of the nose, the tip of the nose, pupils, etc. These landmarks are preferably identified in a pre-enrollment process, and calibration data is stored to rotate and orient future images of the same face to a standard x-y coordinate system, and to scale future images to a standard scale. An example of this process (shown in FIG. 8) would be to define a line connecting the center of pupils as the X axis of a reference coordinate system, and to scale the facial images such that the interpupillary distance for all images is a set amount in the coordinate system. This enables all images of the same face to be compared accurately.

[0077] As shown in FIG. 8, an exemplary set of challenges is a starting X-Y coordinate in the system, and a facial feature (e.g., -3, -4, center of left pupil). Random numbers (e.g., the seeds discussed above) may be parsed to render coordinates in a straightforward manner, and it is contemplated that a lookup table may be constructed that maps numbers to facial features. Thus, a random number like 11001010 may be decomposed into a first portion that maps to a first coordinate, a second portion that maps to a second coordinate, and third portion that maps to a facial feature through a predetermined lookup table. In this way, challenges may be constructed of random numbers, or random numbers expanded to certain lengths and / or hashed with passwords as discussed above. The responses are the results of applying these challenges. An exemplary response would be a scalar distance value (e.g., the distance in the coordinate system from (-3, -4) to the center of the left pupil. Angle information may also be incorporated, e.g., the distance and angle to a feature from the challenge coordinate. It will be recognized that this sort of use of biological features as a CRP mechanism may be extended to other objects that have recognizable landmarks, such as irises, retinas, fingerprints and palm prints, all of which are within the scope of this invention as biological objects form which biometric prints may be generated.

[0078] The use of a human face as a biological object is advantageous because it has relatively high levels of intrinsic entropy, and modern image recognition algorithms are particularly good at identifying facial features. A sense of the number of unique responses that can be generated from a biometric print of a human face (i.e., a rotated and scaled image) is shown in FIG. 4. Again, it is contemplated that x-y addresses and facial features will be identified as a challenge, and the response may be distance, angle, or some combination of the two, to the feature.25QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0079] In the methods that follow, security and error resistance is enhanced by the introduction of cryptographic tables or matrices built from biometric prints. These reference matrices or “cryptographic tables are useful because they serve to obfuscate the biometric images, that is, possession of a reference table built from a biometric image does not permit reconstruction of the image, and the methods to be discussed do not require storage of the biometric image.

[0080] As shown in FIG. 4, Every facial image can be simplified into a set of landmarks marking key features such as the center of each eye, the nose and mouth. Publicly available image processor techniques can quickly find the set of K landmarks in a biometric image with K varying from 50 to 500. The use of these images to generate CRP mechanisms as biometric reference tables will now be described. The algorithms are summarized at FIG. 5.

[0081] Generation of biometric reference tables:

[0082] An example of method to generate a reference table from the landmarks of a biometric image is described as follows:

[0083] Step 1: A random number RN is picked (e.g., using a RNG or PRNG as described above) and is parsed into an ordered set of N subparts, each of which is read to identify a position in an x-y coordinate system. The random number RN is sufficiently long such that it can generate a set of N address positions x-y in the biometric image of a subject. Considering that a typical digital image can be described by 256^256 pixels the number of possible combinations is staggering high when N=256, a typical value to implement the protocol.

[0084] Step 2: A digital stream for each of these N positions is generated by measuring the distances between the position, and the K landmarks. Angles to vectors pointing at each of the K landmarks could also be used, as could a combination distance and angle. Indeed, in some embodiments, some of the n addresses may use distance and some may use angle (e.g.,.Whatever parameter is selected (e.g., distance), these distances are converted into digital streams that are b-bit long. Methods to reduce errors include the use of Gray codes converting the digital streams into a b-bit long “Gray” digital streams.26QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0085] Step 3: A reference table X-Y (i.e., a 2D matrix) is constructed by Ordering along the X-axis the positions 1 to N that were generated, and ordering along the Y-axis the digital stream computed at each position. The size of the resulting reference table is thereby given by NxbK.

[0086] Step 4: Optionally, using repeated measurements with the N addresses, the method can generate reference tables with three states: the “x” states that tend to be erratic, the “0” or “1” states that are stable. For this purpose, multiple similar biometric images of the subject are captured to generate multiple digital streams at each position x-y in the biometric image; the erratic states are identified by comparing the multiple reference tables with each other.

[0087] Example of key generation and sharing using biometric tables:

[0088] Step 1 - Enrollment: Following the protocol described just above, a controlling authority (e.g., a server) picks a random number RN1 that is used to generate a biometric reference table BRI from the facial image of a person. Both the random number RN1 and the reference table BRI are stored on a server.

[0089] Step 2 - Key generation: The controlling authority picks a second random number RN2 to be used to generate M positions biometric reference table BRI. These M positions would be a subset of the N addresses specified by RN1 in Step 1. The M-bit long digital stream measured in these M positions are converted into a cryptographic key.

[0090] Step 3 - Transmission: The controlling authority transmits to the person through a public network the random numbers RN1, and RN2 to the person.

[0091] Step 4 - Key recovery: The person can find the same biometric reference table from its own facial image and the random number RN 1. With the second number RN2 the person finds the same M positions and can recover the same cryptographic key.

[0092] Note: The use of error reduction schemes, such as tables with ternary representation as presented above, and known error correcting schemes may be used to improve the protocol.

[0093] To enhance security, multi-factor authentication is needed. For example, a password shared by the controlling entity and the person can be concatenated with the random numbers27QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)RN1 to find the N position of the facial image, and random number RN2 to find the M positions on the biometric table.

[0094] The general method described above may be improved by protocols based on Johnson-Lindenstrauss Algorithms (“JL”), which will now be described.

[0095] Generation of a general sized cryptographic table with JL:

[0096] Using landmark generating schemes, recognize the face and superimpose 68 landmarks onto the face.

[0097] From the two factors generate k random points.

[0098] Generate a feature vector v by doing the following:

[0099] Find the L_p distance between each landmark and each random point and store as vector v'.

[0100] Take every element of v', and square it.

[0101] Find the smallest element and subtract every element in v' by it.

[0102] Take multiplier m£R, multiply every element of v' by m.

[0103] Finally take the sine of every element in v' to get v.

[0104] This gives a vector of size 1 xn=lx68-k.

[0105] Using the two factors generate a set of q, n*t matrices M such that each matrix M_i has entries -1 or +1. Here n is the length of the feature vector and t is the number of rows we want after Gray coding.

[0106] Multiply each matrix in set M by the feature vector to get a projection vector p_i=v-M_i. This creates a matrix PER (q*t).

[0107] Use a g bit Gray code on every entry to obtain the array P_g of size qxtg.28QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0108] Treat every row in P_g, as a polynomial p(x)G(Z_2 [x]) / (xAtg-l), and perform the following:p(x)=p(x)+l / 2 pA2 (x)+l / 4 pA4 (x) mod (xAgt-l,2)

[0109] Note pA2 (x) and pA4 (x) can be computed quickly using an NTT and division by two and four can be done by right shifting every array element by one position and two positions, respectively.

[0110] Finally reshape the array to be of size t*qg.

[0111] Example of the protocol above for generating a crypto-table of size 4096*256:

[0112] Using landmark generating schemes, recognize the face and superimpose landmarks onto the face.

[0113] Create vectors based on distances and other geometric properties from random point (based off a two factor) to each landmark c_i=(p_(i,0),p_(i, 1),- -,p_(i,67) ) for a 68-landmark system.

[0114] In this case each p_(i,j) has the structure ofp_(i,j)=(x_dist,y_dist, L_l, L_2, L_3, L_4,sin(9),cos (0),9,(|))

[0115] For each random point (say 4096 points) create one of these vectors and make a matrix C such that C=(c_0,c_l,---,c_4095 ). This matrix in this case has size 4096*680.

[0116] Using the two factors generate a matrix M, such that it only contains ±1, and for this case would be of size 680*32. We use this to perform P=C M.

[0117] Then use Gray code on each entry of P using an 8-bit Gray code to get a table of size 4096*256.

[0118] Generation of tables with three states “0”, “1”, “x”:

[0119] Multiple frames are enrolled such as an array of these cryptographic tables are generated, where each table is the same size.29QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0120] First, create a blank array of the same size of each frame’s cryptographic table, call it T.

[0121] Second, look at the same position (i,j) in each frame’s cryptographic table then do the following:

[0122] If the bit never changes (i.e. if at position (i,j) each table read all 0’s or all l’s) we write that bit to T_(i,j ).

[0123] If the bit ever changes, then write a -1 to T_(i,j).

[0124] Finally, once all the trits have been written to T, mask all the -1 trits. Save this mask as an array of positions T mask, and the array of binary values B.

[0125] This process results in a masked binary cryptographic table B and a way to repeat this mask over unstable positions T mask.

[0126] Protocols Based on Featured Vectors

[0127] Introduction to Feature Vectors: The four pillars of modem face recognition are detection, alignment, representation, and classification. The first two are fairly self-explanatory: for a given image, a face must be detected, and the image is normally rotated so that all faces are presented to the algorithm in the same orientation. The overall goal of the representation phase is to reduce the pixels of the image containing the face to a compact numerical representation, normally a list of numbers. These lists of numbers are called “feature vectors”, and they can vary greatly in size, depending on the algorithm used to produce them; normally they’re somewhere between 128 and 4096 numbers long, and this length is the dimensionality of the vector. That is, a feature vector of 128 numbers, for example, is called a 128-dimensional feature vector. The classification phase is where “recognition” happens. A face recognition system would be enrolled with feature vectors from many images of many individuals, and to recognize the person in front of the camera, the system detects their face, aligns it, extracts a new feature vector (“probe”) from it, and tries to find feature vectors in the enrollment which closely match the probe. Ideally, the record associated with the person in the probe is at the top of the list.30QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0128] Properties Of Good Feature Vectors: An n-dimensional feature vector is a point in n-dimensional space, and a set of vectors of a given individual form a “cloud” in n-space that belongs that that individual. By computing the centroid of an individual’s cloud and measuring the Euclidean distance between the points in the cloud and the centroid, we can define a sphere for each individual within which all of that individual’s points are contained. In the ideal case, these n-spheres are small, which happens when the feature vector algorithm stays relatively insensitive to changes in lighting or pose or other types of biometric drift. The spheres for different individuals should also be relatively far apart, meaning that each individual occupies its own n-dimensional cloud without infringing on the boundaries of the clouds be- longing to different individuals. By making measurements of these spheres, like how much they intersect, how far apart they are, how they are distributed in their n-dimensional space, and how big their radii are, we can measure and characterize the likelihood that that a particular feature vector mechanism will be able to accurately differentiate between individuals. If the spheres are small, far apart, and have very little overlap, then a feature vector algorithm will be very likely to correctly classify the individuals enrolled in such a system.

[0129] Methods for Producing Feature Vectors

[0130] Geometric Algorithms: Geometric feature vector algorithms extract shape-based properties from input face images, typically based on distance, angle, and / or ratio measurements between key points (landmarks) on the face. The algorithm encodes these spatial relationships into a vector which represents the geometric uniqueness of the subject’s face. Geometric algorithms are most successful with high- quality, consistent images of the subjects, such as those captured in controlled environments, but often struggle with the variability in lighting and pose that comes with “in-the-wild” images of subjects in uncontrolled environments. This results in a system which will only produce matching feature vectors for an individual if the second authentication factor matches as well. The most important benefit that this confers is that the enrollments become cancelable: if a user wishes to revoke their enrollment in the system, they only need to change their second factor, which will result in an entirely different enrollment. Such a system furthermore protects the privacy of the user, because the meaning of the geometric information encoded into the feature vector is linked to the second factor, and an adversary who31QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)steals the enrollment vectors for that individual will have no way to extract the geometry of the user’s face without knowledge of the second factor.

[0131] The sequence is as follows:

[0132] Collect a two-factor password P from the user and a frame or set of frames F of the user’s face

[0133] Produce a set of L (x, y) point challenges C from the password.

[0134] Create a face shape S using a machine learning shape predictor.

[0135] Shuffle S using a pseudorandom number generator seeded with P.

[0136] Build a full set of L raw response lists by computing the distances from each of the L challenges to each of the k landmarks [Algorithm 1 - FIG. 2] [FIG.1],

[0137] Normalize all the raw response distances into an l-bit range [Algorithm 2 - FIG. 2],

[0138] Convert the normalized response distances into their l-bit gray code representation [Algorithm 2 - FIG. 2],

[0139] Build L-response set R by concatenating the L lists of k normalized gray coded responses each into a single response bitstring [Algorithm 3 - FIG. 2],

[0140] Neural networks

[0141] The most successful feature vector algorithms today produce their outputs by passing the in- put face image through a series of neurons (“layers”) in a convolutional neural network structure. Each layer transforms the data, producing a feature vector which compactly represents the uniqueness of the input face. Broadly, such algorithms start with the input layer, an array of pixel values which contains a face. The pixel data goes through a series of convolutional filters, which detect things like edges and corners and textures. An activation function at the next level introduces non-linearity, enabling the algorithm to extract complex relationships in the data. Ultimately, the data arrives at a layer of fully-connected computational units, which condense the large amount of data from the higher levels into a relatively low-dimensional output, the feature vector. Enrollments from such vectors can also be made into two-factor cancelable vectors with 32QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)relative ease, by adding a second factor and using that factor to drive a non-invertible transformation of the vector, such that an adversary in possession of the transformed data will be unable to re- cover usable information about the subject’s face without knowledge of the second factor. For example, the vector could be transformed by a random projection, where the second factor seeds a random number generator that produces a random projection matrix through which the original vector is transformed, either increasing or decreasing the dimensionality of the feature vector and obfuscating the data and relationships contained in the original vector.

[0142] A revocable biometric system based on projection would work according to the following general steps:

[0143] Original n-dimensional feature vector vi produced from any CNN which produces such vectors;

[0144] Two-factor password drives generation of an x m random projection matrix M;

[0145] Feature vector vi is transformed (projected) through M to produce vf, by computingvf= vi • M

[0146] A random projection is a function (p: Rn c— > Rm, such that cp(v^i) = M • v”, where MVA G Rm is the projection. vA is an n-dimensional biometric feature vector from any algorithm that produces such vectors, and vf* is a m-dimensional projection of vA,vf* = cp(vA) = MvA

[0147] M in this case is a random matrix, where M G Rn*m and m » n. M is generated from a secret seed s which is the XOR of the user’s second secret factor t and a random nonce v unique to the enrollment, s = t ® u.

[0148] Cryptographic protocols using the cryptographic tables.

[0149] The reference matrix, or crypto-table, possesses wide applications in the field of cybersecurity, encompassing user verification, secure peer-to-peer communication, biometric data protection, secure financial transactions, and more.33QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0150] User Authentication: By generating a reference matrix from biometric information, it can be employed to verify users, as each individual produces a unique reference matrix. By challenging this matrix, a unique cryptographic key can be created, which not only facilitates user verification but also enables access to personal devices such as cell phones, personal computers, laptops, tablets, and various other electronic devices.

[0151] Digital Signatures: This reference matrix can be seamlessly integrated with NIST-standardized post-quantum cryptographic protocols, such as CRYSTALS Dilithium and CRYSTALS Kyber. To establish secure peer-to-peer communication, clients must first undergo verification. The reference matrix adds an additional layer of security atop these post-quantum cryptographic protocols, which can verify devices but not users themselves. Our proposed reference matrix addresses this issue by requiring user verification prior to device validation, thereby facilitating secure communication.

[0152] Biometric Data Protection: Given that biometric data is crucial for individuals, securing this information is of paramount importance. Biometric information is among the most sensitive data an individual possesses, making it a significant area of research. Our novel method of generating the reference matrix is unique and exhibits the property of one-wayness, ensuring that the stored reference matrix cannot be reverse-engineered to recreate the user-provided data. This feature has substantial security implications.

[0153] Secure Transactions: In the realm of secure online transactions, the risk of financial cards, such as credit and debit cards, being lost or stolen is significant. Malicious individuals may exploit such situations for illicit financial gain. This risk can be mitigated by requiring user verification before card usage. Reference matrices can be utilized not only to authenticate users but also to ensure that transaction approval relies on both the physical card and the reference matrix, thereby securing critical financial transactions.

[0154] Ubiquitous Integration: The reference matrix is inherently lightweight, facilitating straightforward integration into existing systems. Current ATMs, embedded systems, and a wide array of loT devices with limited memory and computational capabilities can effectively utilize this technology due to its low resource consumption, making its application and integration ubiquitous.34QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0155] 3D Biometry Protocol: Enhanced Face Recognition System: The following scheme integrates seamlessly with ’Template-less Object Recognition with Challenge-Response Pair’ i.e., ’3D Biometry Protocol’. This integration offers a novel solution for overcoming the limitations of traditional biometric systems by providing a secure and trustworthy verification process capable of identifying individuals from multiple angles. During the enrollment phase, the user can capture the facial features from different angles such as front, top, bottom, left, right, etc, and facial landmarks can be detected using libraries like Dlib and Mediapipe. The captured data is processed through JL Black Box, which generates a Matrix, ensuring privacy by avoiding the storage of raw data. The matrix, along with the Challenge- Response Pair mechanism can be used for robust authentication. This approach allows users to authenticate from any angle, which provides flexibility and reliability. By minimizing security and privacy risks, it ensures a swift and dependable authentication process, particularly in critical infrastructures. This approach is especially valuable in environments where security is critical, such as airports, military bases, and other sensitive infrastructure, enabling prompt and effective action against security threats.

[0156] Fingerprint Authentication System: The following scheme can be integrated with the advanced fingerprint recognition technology, offering a novel solution to the limitations of traditional fingerprint systems. By focusing on unique fingerprint patterns, this approach provides a highly secure and efficient verification process capable of accurately identifying individuals. During enrollment, the user can capture their fingerprints using high-resolution scanners for precise feature extraction. The key features, such as minutiae, can be extracted using the Source AFIS and NIST Biometric Image Software[2], After the information collected is processed by JL Box, it generates a Matrix, which ensures enhanced privacy since it doesn’t retain the raw information, mitigating the risks of data breaches. The matrix in conjunction with the Challenge- Response Mechanism, can be used to authenticate the user without compromising the data security. This approach allows users to authenticate their identity efficiently, even under suboptimal conditions, such as partial prints or smudges. This scheme is valuable for high-security environments such as financial institutions like banks, government facilities, border control, etc. This approach represents a significant leap in biometric technology, providing a dependable and secure solution for a variety of applications by enabling rapid and effective action against security risks.35QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0157] Iris Recognition: Humans possess unique iris patterns, which can be leveraged as biometric identifiers due to their distinctive properties. This biometric information is critical, and maintaining its confidentiality is of utmost importance. A reference table can serve as a solution for both unique iris recognition and the secure storage of this sensitive data. The reference table functions as a one-way mechanism, making it impossible to reconstruct the original biometric data from it. Additionally, each unique iris pattern will generate a corresponding unique reference matrix or table.

[0158] Crypto wallets: The reference matrix can also be applied in the context of crypto wallets. As crypto wallets hold valuable private keys that grant access to protected cryptocurrencies, a reference or "crypto" table can be effectively utilized to generate these private keys. Furthermore, private keys can be directly linked to users' biometric information, thereby establishing a robust root of trust for the crypto wallet. This approach eliminates the need for crypto wallets to store a single static private key; instead, private keys can be dynamically generated based on challenges, enhancing security.

[0159] Document Verification: The described method can be extended to digital document verification systems. This approach offers protection against document duplication. In this system, each document is converted into a reference matrix. During this process, a unique identifier is integrated into each document prior to its conversion. The verifier maintains challenge-response pairs generated from the document. During the verification process, any attempt to use a duplicate document will fail to produce matching responses, as the duplicate would not have incorporated the required nonce during the generation of the challenge-response pairs.

[0160] While the aforementioned systems and methods have been described in reference to CRP mechanisms built from biological objects, the invention is not so limited. The methods described herein of encoding the 1 positions in a cryptographic key in stored responses of a CRP mechanism are equally applicable to any CRP mechanism or one-way function, including non-biological physical CRP mechanisms, PUFs or even purely mathematical CRP mechanisms like hash functions and those described in U. S. Patent Publication No. US20250023736A1 entitled “Protocols with Noisy Response-Based Cryptographic Subkeys,” published on January 16, 2025 2024, the entirety of which is incorporated herein by reference.36QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)

[0161] It should be understood that, unless explicitly stated or otherwise required, the features disclosed in embodiments explicitly described herein and elsewhere in this disclosure may be used in any suitable combinations. Other embodiments and uses of the above inventions will be apparent to those having ordinary skill in the art upon consideration of the specification and practice of the invention disclosed herein. It should be understood that features listed and described in one embodiment may be used in other embodiments unless specifically stated otherwise. The specification and examples given should be considered exemplary only, and it is contemplated that the appended claims will cover any other such embodiments or modifications as fall within the true scope of the invention.37QB\99989849.1

Claims

ATTORNEY DOCKET NO. 2024-025 (133502.00250)CLAIMSThe invention claimed is:

1. A method of generating a cryptographic challenge-response-pair mechanism at a first computing device, comprising:executing an enrollment procedure comprising:generating a seed bitstream;deriving, from the seed bitstream, a first ordered sequence of N challenges specifying measurement instructions for a biometric print;receiving a first biometric print of a biological object, and measuring the first biometric print in accordance with the first ordered sequence of N challenges resulting in a first ordered sequence of N responses;subjecting the first ordered sequence of N responses to one way digital processing, resulting in a first ordered set of N digital streams each corresponding to one of the N responses;generating a first reference table that associates each of the N challenges with each of the corresponding N digital streams.

2. The method of claim 1, wherein the step of receiving a first biometric print comprises generating a first biometric print from a measurement of a biological object.

3. The method of claim 2, comprising measuring the biological object.

4. The method of claim 3, wherein the biological object is one of a human face, fingerprint, palmprint, iris or retina.

5. The method of claim 2, wherein the first biometric print is a digital data representation of a 2-d image of the biological object.

6. The method of claim 5, wherein the biological object is a human face, wherein generating the first biometric print comprises recognizing two predetermined physical structures of the biological object reflected in the 2-d image, defining an axis through the centers of38QB\999898491ATTORNEY DOCKET NO. 2024-025 (133502.00250)the two predetermined structures, and rotating the 2-d image such that the axis has a predetermined angular orientation relative to a predetermined coordinate system.

7. The method of claim 5 wherein generating the first biometric print comprises scaling digital data representing the 2-d image of the biological object such that recognizable physical structures are a predetermined distance apart in a predetermined coordinate system.

8. The method of claim 5, wherein the N challenges specify 2-d coordinate locations in the first biometric print, and wherein measuring the first biometric print in accordance with the first ordered sequence of N challenges comprises identifying one or more physical structures represented in the first biometric print and measuring one or more distances from each coordinate location to the one or more physical structures.

9. The method of claim 5, wherein the N challenges specify 2-d coordinate locations in the first biometric print, and wherein measuring the first biometric print in accordance with the first ordered sequence of N challenges comprises identifying one or more physical structures represented in the first biometric print, defining one or more vectors from 2-d coordinate locations to the one or more physical structures, and determining the one or more angles made between the one or more vectors and a predetermined axis.

10. The method of claim 1, further comprising measuring the first biometric print in accordance with the first ordered sequence of N challenges resulting in a second ordered sequence of N responses;comparing the first and second ordered sequence of N responses to determine locations where responses in the first ordered sequence do not match corresponding responses in the second ordered sequence;defining as erratic challenges those challenges that elicit non-matching responses on repeated application, and building a mask identifying the erratic challenges, and excluding erratic challenges from the first ordered sequence of N challenges.

11. The method of claim 1,39QB\999898491ATTORNEY DOCKET NO. 2024-025 (133502.00250)wherein the first biometric print of a biological object comprises image data reflecting a human face;wherein the N challenges specify 2-d coordinate locations in the first biometric print, andwherein measuring the first biometric print in accordance with the first ordered sequence of N challenges resulting in a first ordered sequence of N responses comprises identifying a plurality of facial landmarks in the first biometric print and for each of the 2-d coordinate locations specified by the N challenges, measuring a distance from the coordinate location to each of the identified facial landmarks.

12. The method of claim 1, wherein generating a seed bitstream comprises generating the seed bitstream using one or more of a random number generator pseudorandom number generator and a user supplied factor.

13. A method of establishing communication between a first computing using the cryptographic challenge-response-pair mechanism of claim 1 and a second computing device, comprising:at the first computing device:generating a random binary Key of bitlength length N;selecting digital streams in the first ordered sequence of N digital streams that occur at positions in the ordered sequence corresponding to the position of a first binary symbol in the Key, resulting in an ordered subset of m streams;transmitting the ordered subset of m streams to the second computing device, and at the second computing device:deriving, from the seed bitstream, the first ordered sequence of N challenges; making a second biometric print of the biological object, and measuring the second biometric print in accordance with the ordered sequence of N challenge instructions resulting in a second ordered sequence of N responses;subjecting the second ordered sequence of N responses to the one way digital processing, resulting in a second ordered set of N digital streams each corresponding to one of the N responses in the second ordered set of N responses;40QB\99989849.1ATTORNEY DOCKET NO. 2024-025 (133502.00250)comparing each of the ordered subset of m digital streams to each response in the second ordered sequence of N digital streams to determine matches;generating a copy of the Key by, on the basis of the comparison, determining positions of streams in the second ordered sequence of N digital streams that match streams in the subset of m streams, assigning the first binary symbol to those positions, and assigning a second binary symbol to the remaining positions.

14. The method of claim 13, wherein the first binary symbol is 1.

15. The method of claim 13, wherein the first biometric print of a biological object comprises image data reflecting a human face, and wherein making a second biometric print comprises taking an image of the human face using a camera at the second computing device.

16. The method of claim 13, further comprising, at the second computing device, using the copy of the Key to encrypt a file, and sending the file to the first computing device.

17. The method of claim 13, further comprising, at the second computing device, using the copy of the Key to decrypt an encrypted file received from the first computing device.

18. The method of claim 13, further comprising, at the second computing device, using the copy of the Key to digitally sign a file, and sending the file to the first computing device.

19. The method of claim 1, wherein the one way digital processing comprises application of Johnson-Lindenstrauss Algorithms.

20. The method of claim 1, wherein the one way digital processing comprises cryptographic hashing.41QB\99989849.1