BIOMETRIC VERIFICATION SHARED BETWEEN A PROCESSOR AND A SECURE ELEMENT

Abstract

The present invention relates to a method for enrolling an individual with a view to processing biometric data of the individual by a processor and by a secure element, comprising the following steps implemented by the processor from a reference biometric data acquired on the individual: obtaining a logical object calculated from the reference biometric data and from a key, said logical object making it possible to subsequently reconstruct said key from an acquired biometric data if a distance between the reference biometric data and the acquired biometric data is less than a threshold, said logical object being referred to as helper data, transmitting the key to the secure element.

The processor and the secure element are for example embedded on the same physical medium.

Claims

1. An enrollment method of an individual for processing biometric data of the individual by a processor and by a secure element, comprising the following steps implemented by the processor from a reference biometric data (w) acquired on the individual: obtaining (200) a logical object calculated from the reference biometric data (w) and from a key (PIN), said object making it possible to subsequently reconstruct said key (PIN) from an acquired biometric data (w) if a distance between the reference biometric data (w) and the acquired biometric data (w) is less than a threshold, said logical object being referred to as helper data (H1), transmitting (300) the key (PIN) to the secure element.

2. The enrollment method according to claim 1, wherein the processor (10) and the secure element (11) are embedded on a single physical medium (2).

3. The method according to claim 1, wherein the helper data (H1) comprises a result from the exclusive OR operator applied to the reference biometric data (w) and to the key (PIN).

4. The enrollment method according to claim 1, wherein the key (PIN) is independent from the reference biometric data (w).

5. The enrollment method according to claim 1, wherein the processor is configured to perform a reconstruction function (Rec.sub.1) taking as input the helper data (H1) and an acquired biometric data (w), wherein a reconstruction result provided as output by the reconstruction function (Rec.sub.1) depends on the distance between the reference biometric data (w) and the acquired biometric data (w).

6. The enrollment method according to claim 1, wherein the helper data (H1) is calculated from an error correcting code (C) associated with a plurality of error correcting code elements separated two by two by a predetermined gap.

7. The enrollment method according to claim 1, wherein, during the transmission step (300), the key (PIN) is transmitted in encrypted form to the secure element.

8. The enrollment method according to claim 1, wherein the reference biometric data (w) is erased from the memory of the processor at the end of the enrollment method.

9. The enrollment method according to claim 1 comprising an additional step of recording the key in a memory of the secure element, in encrypted form.

10. The enrollment method according to claim 1, wherein the reference biometric data (w) is obtained from a biometry pattern, said biometry preferably being a fingerprint or an iris or a face or a voice.

11. A biometric processing method of data from a candidate individual by a processor and by a secure element, the processing following an enrollment of at least one authorized individual according to an enrollment method according to claim 1, the processing method comprising the following steps implemented by the processor: receiving (1100) an acquired biometric data (w); obtaining (1200) a reconstruction result from the acquired biometric data (w) and from a helper data (H1) obtained during the enrollment of the authorized individual; transmitting (1300) the reconstruction result to the secure element.

12. The biometric processing method according to claim 11, wherein the biometric processing comprises an authentication or an identification of the candidate individual, comprising a step implemented by the secure element of binary comparison (1400) between, on the one hand, the reconstruction result and, on the other hand, a key (PIN) transmitted to the secure element during enrollment.

13. The biometric processing method according to claim 12, wherein the binary comparison step (1400) is implemented with respect to a plurality of keys (PIN) each associated with an authorized individual.

14. A processor (10) for use in processing biometric data from an individual, comprising computer code instructions for making it possible to obtain a reconstruction result from an acquired biometric data and from the helper data, the processor being configured to perform the enrollment method and to perform a biometric processing method according to claim 11.

15. An assembly for processing biometric data from an individual comprising a processor (10) according to claim 14 and further comprising a secure element (11), the processor comprising an interface (14) for communication with the secure element.

Description

GENERAL DESCRIPTION OF THE FIGURES

[0048] Other characteristics, goals, and advantages of the invention will become clear from the following description, which is purely illustrative and non-limiting, accompanied by the attached drawings in which:

[0049] FIG. 1 depicts an assembly comprising a smart card and a biometric sensor;

[0050] FIG. 2 illustrates the steps of an enrollment method according to an embodiment;

[0051] FIG. 3a and FIG. 3b depict the calculation of helper data during an enrollment and the use of said helper data during an authentication, respectively according to a first variant and according to a second variant;

[0052] FIG. 4 illustrates the steps of an enrollment method according to an embodiment.

DETAILED DESCRIPTION OF EMBODIMENTS

[0053] The description below relates to an exemplary enrollment of a candidate individual 1 with a view to subsequent authentication, i.e. that the candidate individual claims to have an identity corresponding to that of an authorized individual, of which at least one data has been prerecorded on a secure element of a computer medium. A comparison of the type 1:1 is then carried out, during the authentication between the prerecorded data and the results obtained from a biometric data acquired on the candidate individual, coming from the same type of biometric as that used for the enrollment.

[0054] However, it is understood that the invention may be applied, with the same benefits, in the case of an identification. Subsequently, the data acquired on the candidate individual is compared with a plurality of prerecorded data in the secure element, corresponding to M different authorized individuals. The comparison carried out is then of the type 1:M.

[0055] More generally, the invention may be applied to any biometric data processing intended to verify the identity of a candidate individual.

[0056] In the following description and in the accompanying drawings, similar elements are designated by the same alphanumeric references.

Electronic Voting System

[0057] In FIG. 1 an assembly for processing biometric data of a candidate individual 1 with a view to verifying their identity has been depicted.

[0058] This assembly comprises a card 2 comprising an electronic chip (hereinafter smart card) and a biometric sensor 3. Preferably, the biometric sensor 3 is directly integrated into the smart card 2.

[0059] Alternatively, the smart card 2 could be separable from the biometric sensor 3. In this latter variant, the biometric sensor 3 may for example comprise a slot for inserting the card 2. The slot comprises therefore an electronic link to allow data exchange between the card and the sensor.

[0060] Referring back to FIG. 1, the smart card 2 comprises a processor 10 and a secure element 11.

[0061] The smart card 2 thus constitutes a single physical medium whereon the processor 10 and the secure element 11 are stored.

[0062] Secure element means a secure material platform configured to carry out inviolable data storage using cryptographic keys. The secure element 11 has its own cryptographic keys, which are preferably distinct from any other eventual keys used by the processor 10.

[0063] If the secure element is an electronic chip, this chip is physically separated from the rest of the physical medium, herein from the smart card 2. The electronic chip forming the secure element is in particular separated from the means for calculating and storing data comprised in the processor 10.

[0064] Herein, the secure element 11 comprises a memory 13 for storing at least one reference biometric data, or a key, associated with an authorized individual. Any writing of data and any extraction of data from the memory 13 requires encryption/decryption with the cryptographic keys of the secure element.

[0065] Such a secure element is easily auditable by a trusted authority, to certify its security.

[0066] By way of examples of secure elements, it is possible to use a SIM chip, a secure micro-SD chip, or a bank chip conforming to the EMV standard (initials for Europay Mastercard Visa). An EMV chip is specifically configured to perform banking transactions such as debits or credits.

[0067] In the example of FIG. 1, the card 2 is a bank payment card and the secure element 11 is an EMV chip. This is advantageous because the number of electronic payment terminals throughout Europe and in many other territories is predominantly adapted for the use of payment cards with EMV chips.

[0068] Advantageously, the secured element 11 is a standard secured element, commonly available on the market.

[0069] Standard secure element means that the secure element 11 (herein the EMV chip) is devoid of an algorithm specific to biometric operations. In particular, the secure element 11 does not comprise a software block dedicated to biometrics. Thus, it is not necessary to provide a secure element of a specific type for biometrics when the card is manufactured. Additionally, by virtue of the enrollment methods and authentication described below, a secure element with a high computing power is not necessary.

[0070] The processor 10 is preferably a microprocessor. It comprises a memory 12 for storing data, in particular biometric data and intermediate calculation results. It also has an interface 14 for communication with the secure element 11. The data exchanged on the interface 14 are encrypted.

[0071] Preferably, the processor 10 has a higher computing power than that of the secure element 11.

[0072] It should be noted that, according to a variant, the smart card 2 can be replaced by any electronic device having a platform forming a secure element, and comprising calculation means separate from the secure element. Said electronic device is preferably a mobile device that can be easily transported, e.g. a USB stick or a mobile terminal, but it can also be a fixed device. If the sensor 3 is external to said electronic device, said electronic device communicates wired or wirelessly with the sensor 3.

[0073] The sensor 3, whether integrated or not in the smart card 2, comprises a biometric acquisition area 30; in this example, fingerprints are used as biometrics and the area 30 is a finger positioning area.

[0074] Alternatively, any type of biometrics can be used. It is possible to use images of the candidate individual, e.g. face images. In particular, it is possible to extract an iris pattern from an image of the individual 1. It is also possible to use a sound signal derived from the voice of the candidate individual.

[0075] The sensor 3 further comprises a communication interface with the card 2 for communicating the biometric data acquired to the card 2.

[0076] The assembly of FIG. 1 makes it possible to control access to a service. Herein, the smart card 2 is used on a remote payment terminal 4, adapted to operate with the international EMV standard.

Enrollment of Authorized Individuals

[0077] In FIG. 2 the steps of the enrollment method 20 of authorized individuals according to a first embodiment have been depicted.

[0078] The enrollment is intended to acquire and record data from an individual's biometric, with a view to recognizing the same individual in a subsequent biometric authentication attempt. This method can be implemented by the processor 10 of FIG. 1, in conjunction with the sensor 3 and the element 11.

[0079] In a step 100, a reference biometric data w is acquired in a certified manner on the individual. Certified acquisition means that the acquired data can be reliably associated with the individual. For example, the individual may be asked to provide an official identity document at the time of the certified acquisition.

[0080] Herein, a fingerprint pattern is acquired using the sensor 3, then the fingerprint minutiae are extracted. The reference biometric data w is generated as a binary vector.

[0081] Alternatively, the reference biometric data w may have been acquired prior to enrollment 20, and the processor retrieves the reference biometric data from a remote database. In this case, the reference biometric data has preferably been stored in the database in a secure manner.

[0082] Then, in a step 200, the processor 10 of the card 2 generates helper data. The helper data are also called helper data according to current Anglo-Saxon terminology. Preferably, these helper data are calculated by a secure sketch function or secure sketch.

[0083] The purpose of the helper data stored in the memory of the processor 10 is to be able subsequently to reconstruct, during authentication, a comparison data from a biometric data acquired on the fly, if the distance between the latter data and the reference biometric data w is sufficiently small.

[0084] In this respect, the helper data comprise a logical object H1 calculated from the reference biometric data w, representing the distance between the data w and a key. This key is, for example, a number generated randomly according to a method preconfigured in the processor, or a key entered by the user. The key is for example a PIN code.

[0085] In a secure sketch construction, the helper data comprise a binary vector that represents the Hamming distance between the vector w and said key.

[0086] An error correcting code C comprises a plurality of error correcting code elements, called codewords, separated two by two by a minimum gap d.sub.min, the gap d.sub.min being obtained as the Hamming distance between the codewords.

[0087] Thus, if the Hamming distance between two binary vectors is less than d.sub.min/2, the codeword least distant from each of the two binary vectors is the same.

[0088] For a complete mathematical construction of an error correcting code C on a finite alphabet F, reference should be made to section 2.1 of the following document: The best of both worlds: Applying secure sketches to cancelable biometrics, Julien Bringer, Herv Chabanne, Bruno Kindarji, Science of Computer Programming 74 (2008) 43-51.

[0089] At the end of step 200, the helper data (here the logical object H1) are recorded in the memory of the processor.

[0090] It should be noted that an external attacker cannot go back to the reference biometric data w from the helper data. An external attacker cannot either go back to the PIN key from the helper data.

[0091] Finally, in a step 300, in order to complete the enrollment, a comparison data, provided during the enrollment, is transmitted by the processor 10 to the secure element 11.

[0092] The comparison data is a data directly provided to the processor, which is not obtained by a processing performed by the processor.

[0093] In this first embodiment, the reference biometric data w is transmitted directly to the secure element 11. The comparison data associated with the enrollment of the authorized individual is therefore the reference biometric data w itself.

[0094] Alternatively, the data corresponding to the reconstruction result (herein the data w) is directly acquired by the secure element. The data is then not transmitted by the processor.

[0095] In view of the very high level of security of the secure element 11, the data stored in the element 11 is considered inviolable.

[0096] To the left of FIG. 3a, operations carried out during an enrollment according to the embodiment of FIG. 2 have been depicted schematically.

[0097] The helper data H.sub.1 are here calculated using a secure sketch function SS1 loaded into the processor. The function SS.sub.1 is associated with an error correcting code C. The function SS.sub.1 takes as input, in the step 200 above, the data w:

H.sub.1=SS.sub.1(w)=w XOR N,

where N is a key (herein a random vector of the same dimension as the data w), and XOR is the exclusive OR operator.

[0098] The processor then stores the helper data H.sub.1 and transmits the reference biometric data w to the secure element, preferably in encrypted form (using, for example, a hash function).

[0099] Very advantageously, the data w is not recorded in the processor 10 at the end of enrollment.

[0100] To the left of FIG. 3b, operations of an enrollment according to a second embodiment have been depicted schematically.

[0101] In this second embodiment, the helper data, herein denoted H.sub.2, are calculated from the reference data w, and using a PIN key. Herein the PIN key is a vector of the same dimension as the data w.

[0102] The PIN key is, for example, a key entered by the authorized individual during their enrollment, or a randomly selected key.

[0103] Preferably, a numerical value of the PIN key is independent from a numerical value of the reference biometric data w. This condition is typically satisfied if the PIN key is entered by the user or randomly generated by the processor.

[0104] This PIN key is intended to remain secret, as is the data w.

[0105] Advantageously, the helper data H.sub.2 are calculated using a secure sketch function SS.sub.2 loaded into the processor, which is associated with an error correcting code C and which takes as input the data w and the PIN key:

H.sub.2=SS.sub.2(w,PIN)=w XOR PIN,

where XOR is the exclusive OR operator.

[0106] The processor then stores the helper data H.sub.2 and transmits the PIN to the secure element, preferably in encrypted form (using, for example, a hash function). The comparison data transmitted to the secure element is therefore the PIN key herein.

[0107] An enrollment according to this second embodiment does not require the transmission, to the secure element, of the reference biometric data w of the authorized individual.

[0108] The enrollment according to this second embodiment therefore is advantageous because even if an external attacker compromises the communication interface 14 between the processor 10 and the secure element 11 during the enrollment, this attacker cannot obtain the data w.

[0109] Very advantageously, neither the data w nor the PIN key is recorded in the processor 10 at the end of the enrollment.

[0110] It should be noted that enrollment according to any one of the above embodiments, or according to both cumulative embodiments, can be used to enroll a single individual or a plurality of authorized individuals. A plurality of helper data associated with different individuals is then stored in the processor, and a plurality of biometric data and/or keys associated with those individuals are recorded in the secure element.

Authentication of Candidate Individuals

[0111] FIG. 4 illustrates a method for processing biometric data of a candidate individual, according to a first embodiment. Herein, biometric processing is an authentication aimed at establishing whether the identity of the candidate corresponds to an authorized and previously enrolled individual.

[0112] Authentication is implemented for example by an assembly as described above with reference to FIG. 1.

[0113] Preferably, the authorized individual has been enrolled according to one of the enrollment methods described above.

[0114] Before authentication, the card 2 comprises, in the memory of the secure element 11, a comparison data associated with the authorized individual, entered during enrollment. The comparison data herein is a reference biometric data w of the authorized individual, and/or a PIN key associated with the authorized individual. The authentication comprises a comparison between a reconstruction result, obtained from biometric data acquired on the fly on the candidate, and said comparison data.

[0115] In a step 1100, a biometric data w is acquired on the candidate individual. The biometric data w acquired must correspond to the type of biometry used for enrollment. Herein, the data w comes from a fingerprint pattern, and is a binary vector.

[0116] Alternatively, biometric data w may be acquired prior to authentication.

[0117] In a step 1200, from the acquired data w, and from the helper data (e.g. H.sub.1 or H.sub.2) previously stored in the processor 10, a reconstruction result is obtained.

[0118] The reconstruction result is calculated using a reconstruction function taking as input the data w, the reconstruction function being loaded into the memory of the processor. This function is such that, if the distance between the data w and the reference data w coming from the authorized individual is less than a predetermined threshold (herein d.sub.min/2), then the reconstruction result corresponds to the comparison data recorded during the enrollment.

[0119] The reconstruction result, provided as output by the reconstruction function, therefore depends on the distance between the reference biometric data w and the acquired data w.

[0120] The reconstruction result from step 1200 is transmitted to the secure element in a step 1300, preferably in encrypted form.

[0121] Then, in a step 1400, a binary comparison is performed between the reconstruction result and the comparison data recorded in the secure element in relation to the authorized individual.

[0122] If the reconstruction result (herein w) is identical to the recorded data (herein the reference biometric data w), then a positive determination 1401 is obtained.

[0123] If the reconstruction result is not identical to the recorded data, then a negative determination 1402 is obtained.

[0124] Optionally, access to a service, such as an electronic vote or a remote payment, may be granted or denied depending on the result of the authentication.

[0125] In the method illustrated in FIG. 4, the authentication is carried out according to a first embodiment depicted to the right of FIG. 3a.

[0126] This first embodiment for authentication may be implemented following enrollment according to the embodiment depicted in FIG. 3a.

[0127] In this embodiment, a reconstruction function Rec.sub.1 is performed in step 1200. The function Rec.sub.1 takes as input the acquired data w and the helper data H.sub.1 as described above.

[0128] Herein, an intermediate result B.sub.1 is obtained by the following equation:

B.sub.1=H.sub.1 XOR w

[0129] Then, the error correcting code C is applied to this intermediate result to obtain a result B.sub.1*.

[0130] If the distance between w and w is less than d.sub.min/2, then, by constructing the error correcting code C, N is obtained as output of the error correcting code, with N being the random number that had been used to generate the data H.sub.1.

[0131] Finally, the reconstruction result is obtained as follows:

w=Rec.sub.1(w)=H.sub.1 XOR B.sub.1*

[0132] If the distance from w to w is less than d.sub.min/2 the following is obtained:

w=w.

[0133] In step 1300, the reconstruction result w is transmitted to the secure element, which performs a binary comparison in step 1400 between w and w and determines whether the biometric authentication is valid.

[0134] In FIG. 3b to the right a second embodiment for authentication, which can be implemented following an enrollment using a PIN key, such as the enrollment of FIG. 3b, has been depicted.

[0135] In this embodiment, in step 1200, a function Rec.sub.2 takes as input the acquired data w and the helper data H.sub.2 as described above.

[0136] Herein, an intermediate result B.sub.2 is obtained by the following equation:

B.sub.2=H.sub.2 XOR w

[0137] The error correcting code C is then applied to the intermediate result B.sub.2, in order to obtain a reconstruction result PIN.

[0138] If the distance between w and w is less than d.sub.min/2, then, by constructing the error correcting code C, the PIN key is obtained as an output of the error correcting code:

PIN=Rec.sub.2(w)=PIN.

[0139] The result as an output of the error correcting code is transmitted to the secure element 11 in step 1300. In the case where the distance between w and w is less than d.sub.min/2, the result of the comparison 1400 within the secured element is positive.

[0140] It should be noted that, in this second embodiment, it is possible to replace steps 1100 to 1300, comprising the acquisition of a biometric data, by simply entering a key (e.g. a PIN code) on an equipment such as a payment terminal.

[0141] If the key entered corresponds to the key prerecorded in the secure element, then the result of the authentication of the candidate individual is positive.

[0142] Enrollment using a PIN code therefore has the benefit of subsequently allowing authentication either by biometric data acquisition or by manual input of the PIN code.

[0143] In either of the embodiments described above for authentication, the secure element is used solely to carry out a binary comparison based on the reconstruction result.

[0144] Thus, it is not necessary to have a secure element integrating a software block dedicated to biometrics with a high computing power. A standard secure element can be used.

[0145] Moreover, the biometric reference data of the authorized individual is never used by the processor. Therefore, an external attacker cannot go back to the biometric data of the authorized individual.