RU2427921C1 - Method to generate audit of personal biometric information - Google Patents

Abstract

FIELD: information technologies. ^ SUBSTANCE: method to generate audit of personal biometric information comprises stages, at which a new pair is periodically formed from an open and secret key of biometric audit data collection facility, and periodically the older secret key of audit data collection is destroyed, during registration a user provides the system of security audit data collection his or her certificate of the open key of their confidentiality warrant, whenever reliable user actions are carried out in the secured information system, the facilities of personal biometric information audit collection memorise biometric images provided by the user, as well as a part of conditions of biometric-cryptographic authentication facilities compliant with them, this information is coded on the open key of confidentiality warrant and is placed in the biometric audit archive. ^ EFFECT: increased reliability of biometric data audit with simultaneous provision of secure data storage in information system in secure form, making it possible for the user to access their personal biometric information, increased volume of personal biometric information collected during audit. ^ 3 cl

Description

The invention relates to the field of information security and can be used in electronic commerce systems, electronic banking, electronic document management with biometric authorization.

Known automated banking machines for issuing money, equipped with means of collecting information security audits, for example, made according to [1]. The main disadvantage of such a device is that the ATM does not contain biometric authorization tools for the user, in connection with which another person can use the credit card of the ATM user, having acquired this card and authorization code.

The disadvantage noted above is eliminated in all devices having means of biometric authentication of a person. For example, such a device can be performed according to [2]. The disadvantage of this type of device is that it does not meet the requirements of the Law of the Russian Federation No. 152 "On personal data". According to the patent [2], personal user biometric data is placed openly in a document signed by the machine (for example, a digital photograph of a person who has paid for a service is placed in an electronic receipt). According to the Law of the Russian Federation No. 152 “On Personal Data”, biometric personal data of a citizen of the Russian Federation and other personal data need special protection and cannot be placed in open electronic documents that are freely circulated. Electronic documents with personal, ordinary and personal biometric data of a person should be stored in special well-protected databases.

The above-mentioned drawback is eliminated in the systems made according to [3], a positive decision was made on the grant of a patent for this application. In the electronic document management system developed for this application, a biometric audit is collected by storing information that occurs during biometric authentication in the form of a user name or pseudonym, time of authentication, number of authentication attempts, number of errors detected in the access code, configuration of the biometric authentication tool at the time of registration authentication attempts (according to claim 2). This biometric authentication data can be stored in open audit data without violating the requirements of the Law on Personal Data.

The method according to the application [3] is the closest to the method proposed in this description, the main disadvantage of the prototype [3] is the low reliability of the audit due to the fact that the amount of biometric audit data collected is insufficient. It is difficult to conduct audit analysis of them during investigations of revealed incidents of attacks on biometric protection. The person charged with conducting the investigation does not have enough biometric information and cannot identify the attacker in his biometric footprints.

The technical result achieved by the proposed method is to increase the reliability of the audit of biometric data while ensuring the safe storage of data in an information system in a secure form in accordance with the requirements of Law No. 152 “On Personal Data” by increasing the amount of biometric audit data collected. The proposed method, on the one hand, solves the problem of protecting citizens from abuse by the owners of information systems, and on the other hand allows owners of information systems to increase the level of security of these systems through deeper investigations of dangerous situations and identified incidents.

The technical result achieved is achieved by the fact that when forming an audit of personal biometric information, secure biometric information is stored that occurs in the form of a user name or pseudonym, time of authentication, number of authentication attempts, number of detected errors in the access code, configuration of the biometric authentication tool at the time of the registered authentication attempt . At the same time, it was proposed to additionally collect dangerous personal biometric information in the form of a presented biometric image of the user, intermediate codes of biometric-cryptographic authentication procedures. To hide personal biometric information, use the public key of the guarantor of confidentiality (notary public, lawyer, chief physician, general director of the enterprise, representative of a public human rights organization), which is selected by the user himself. The public key of the confidentiality guarantor is transmitted to the audit collection tool by the user in the form of a valid certificate of the public key of the confidentiality guarantor issued by one of the certification centers.

The concealment of personal biometric information is carried out by encrypting it on the public key of the guarantor of confidentiality and the current secret key of the personal biometric audit collection tool. Encryption security is ensured by periodically creating a new key pair (public key and private key) for the audit collection facility. A pair of keys is created using a random number generator (this is common practice). After encryption of personal biometric information and biometric-cryptographic authentication information, the cipher program is stored, and the original open information is destroyed.

The security of storing personal biometric information is ensured by the fact that after creating a new pair of keys, the audit collection tools destroy the outdated secret key (do not store it anywhere). The availability of encrypted personal biometric information is ensured by the fact that each cipher program is stored in conjunction with the public key of the security guarantor and the public key of the biometric audit collection tool that is valid at the time of encryption.

The cipher programs are placed in the biometric audit database and store data for the period established by the security policy in force in the information system. In the event that an information security incident is detected (for example, if a user's abuse of authority has been detected), an investigation is launched. Usually, a biometric audit parser is assigned to conduct an investigation, which, according to the proposed method, extracts cryptograms from the audit archive and sends them to the confidentiality guarantor in conjunction with the public key of the audit collection tool that was valid at the time of encryption.

Further, the guarantor of confidentiality verifies the legitimacy of the motives for contacting him and, if this does not contradict legislation and moral standards, discloses personal biometric and biometric-cryptographic information encrypted on his public key using the public key of the audit collection tool and his own secret key. Having received decrypted biometric information (for example, in the form of a digital image of a digital photo camera that worked at the time of the incident being investigated), the audit parser can verify that the user himself committed a dangerous action, or some other attacker made a fake fingerprint of a legal user and attacked a biometric defense. In the latter case, a digital photograph of the attacker will appear at the disposal of the security audit parser, which can help in the investigation of the incident. If the face of the user himself appears on the encrypted photo, then this digital document is additional evidence that the user himself personally committed a dangerous action.

The technical result according to the method described above is achieved by the fact that, as in the method-analogue [2], the presented biometrics are documented (for example, digital photographs of people trying to withdraw money from an ATM are stored by presenting a credit card, their biometrics in the form of a fingerprint picture finger and authorization code), however, at the same time, personal biometric data collected in the audit by the proposed method is encrypted, and no one can unlawfully decrypt them without contacting the guarantor of confidentiality.

The disadvantage of the method implemented according to claim 1 is the large amount of time spent on analyzing biometric audit data, this is due to the lengthy procedure of contacting the guarantor of confidentiality, which is undesirable during quick operational investigations of poorly prepared obvious attacks on biometric protection, when the attacker could not achieve a positive result.

An additional technical result achieved by the proposed method according to claim 2 is to increase the speed of analysis of biometric audit data, for which it is proposed to form another pair of public and private keys for a person authorized to analyze biometric audit before launching the biometric audit collection tools conduct operational investigations into authentication procedures that fail. After that, the public key of the person conducting the audit is delivered to all means of collecting biometric audits and all personal biometric information presented by the user is encrypted on the secret key of the means of collecting audit and the public key of the person authorized to disassemble the audit and investigate incidents. At the same time, the received cipher program of personal biometric data is stored in the audit database partially or completely (depending on the information security policy in force in the system). If the biometric authentication procedure was successful, then part of the cipher program is remembered, the other remaining part of the cipher program is destroyed. If the biometric authentication procedure gave a negative result, then the memorized part of the cipher program is increased. With failed authentication procedures, more information is stored than with successful authentication procedures.

The technical result in the implementation of the second paragraph of the claimed claims is due to the fact that the legal user practically does not make mistakes in biometric authentication. The attacker, on the contrary, makes a lot of mistakes, trying to enter his biometric data and pass them off as the data of another person. In this regard, the biometric audit parser monitors the situation of a large number of errors in the biometric authentication session, which did not lead to a positive authentication result. In this case, the person performing the biometric audit analysis has the opportunity to quickly decrypt personal biometric data and find out who performed the authentication: the user himself or the attacker. For this purpose, he can use the encryption program of personal biometric data, previously encrypted by the means of collecting audit on the public key of the person authorized to analyze the audit, and the secret key of the means of collecting audit. At the same time, the analysis of authentication procedures that ended unsuccessfully can be carried out online without resorting to the guarantor of the confidentiality of biometric data. One of the important conditions (differences) between claim 1 and claim 2 of the claims is the amount of biometric information obtained for investigations. The confidentiality guarantor always has full biometric information about persons who participated in biometric-cryptographic authentication. According to claim 2 of the claims, a person authorized to analyze a personal biometric audit always has access to significantly smaller amounts of biometric personal information than a guarantor of confidentiality. Even in the event that an unsuccessful biometric authentication has occurred, the person authorized to analyze the personal biometric audit does not have complete biometric information.

The main disadvantage of the method that realizes claims 1 and 2 of the claims is that the user himself cannot take part in the investigation of incidents of attacks on his biometrics, nor can he initiate an investigation even before the detection of a dangerous incident.

This disadvantage is eliminated when implementing the method according to claim 3 of the claims. In accordance with this clause, the user creates one more pair for himself from the public and private keys and, in parallel with the public key of the privacy guarantor, provides his public key to the biometric audit collection tool, while additionally encrypting personal biometric data using the user's public key and they store all received biometric data cryptograms in an audit in conjunction with the audit collection tool that was in force at the time of encryption.

That is, according to claim 3, another additional technical result is achieved, which consists in expanding the functionality of the method due to the fact that the user, if he wishes, is able to independently analyze the biometric audit, suspicious, from his point of view, biometric authentication procedures. For example, the user himself can contact the audit parser or the administrator of the information system, receive from them his own files encrypted on his public key and view them. In fact, the user gets the opportunity to access his personal biometric information in accordance with the requirements of the Law on Personal Data.

In general, the implementation of the methods according to claims 1, 2, 3 of the claims allows, on the one hand, to ensure the collection of biometric data in much larger volumes than the prototype method. This, in turn, increases the security of the protected system due to the possibility of using a larger amount of personal biometric information when analyzing a security audit and when conducting investigations of hazardous incidents identified during the analysis. On the other hand, the implementation of the proposed methods allows you to reliably store the personal biometric data collected in the database and fulfill the requirements of the Law of the Russian Federation No. 152 “On Personal Data” regarding the organization of their safe storage and circulation, as well as the availability of personal biometric data to their owner.

One of the options for implementing the proposed method is its use in corporate electronic document management, organized with biometric authorization of the user according to the dynamics of the handwritten password and providing for the presence of a digital camera photographing the face of a person reproducing EDS under the document at the workplace. The corporate electronic document management system itself is made according to the method prototype [3].

According to the method - a prototype, in a corporate electronic document management system, a pair of keys (a public key and a secret key) is generated for each user, while each user stores his secret key and his handwritten password biometrics in a neural network container. If necessary, create an EDS, the user indicates his name and reproduces his handwritten password on a graphics tablet. Biometric data from a graphic tablet is processed and fed to the input of a neural network converter, a biometric code that was previously trained to convert the handwritten password of a specific user into the code of his secret key used to generate his digital signature, and the data of a trained neural network (its connections and weighting coefficients of these connections) further stored in a special neural network container.

If the biometric data of the handwritten password generate the user's secret key at the output of the biometrics-code converter, then their digital signature is generated under the corporate document. When the digital signature is formed, the green color of the traffic light is indicated. If the handwritten password is entered incorrectly, the traffic light gives a red color (a gross error) and a yellow color (a slight error). When the traffic light is red, the procedure for forming the EDS is interrupted, and the user must initiate it again. Provided that the yellow color of the traffic light appears, the user can repeatedly repeat his attempts to access the secret key until the green color of the traffic light appears and the correct digital signature is generated under the document.

In order to protect himself from possible security threats by the proposed method, the user provides the biometric audit collection system with a public key certificate used by everyone to verify EDS, for example, his lawyer, who acts as a guarantor of the user's biometric confidentiality. The public key used to verify the digital signature of the guarantor of confidentiality, and the secret key used to generate the digital signature of the guarantor of confidentiality can be additionally used to encrypt and decrypt data according to the proposed method. At the same time, having a public key certificate of the guarantor of confidentiality of biometrics (such certificates under the Law on Electronic Digital Signatures are publicly available), the user may or may not notify his guarantor of confidentiality of his new role. If the user has previously informed the guarantor of confidentiality about his new role and stipulated the terms of cooperation, then no special problems should arise. If the user does not notify the guarantor of confidentiality about his new role, then the guarantor of confidentiality may refuse to fulfill a new role until the agreement is reached between the contracting parties to ensure that the guarantor fulfills his new role. In this case, the disclosure by the guarantor of confidentiality of the personal data of the suspected user may be delayed if the investigation is conducted by a private corporate security service. If the investigation is officially conducted by state law enforcement agencies, then the biometrics confidentiality guarantor cannot but cooperate with the investigation, since this fact can be interpreted as concealing evidence.

According to the proposed method, the biometric audit collection tool periodically generates a pair from its public and private key and on its current secret key and public key of the biometrics confidentiality guarantor encrypts the user-entered handwritten image of the password word and the user's photo taken during the formation of the digital signature. Data encryption on the public key of the guarantor of confidentiality of biometrics and on the current secret key of the audit collection tool is carried out in accordance with any of the known asymmetric cryptography schemes, for example, described in [4]. Only those who have the secret key of the biometrics confidentiality guarantor and the public key of the biometric audit collection tool can decrypt the data.

According to the proposed method, the encryption program of the collected biometric data is placed in conjunction with the public key of the biometrics confidentiality guarantor (user’s lawyer) and a valid public key at the time of encryption of the audit collection tool. Unauthorized to read the contents of this cryptogram no one can. The lawyer cannot read it, since the cipher program has not been transmitted to him and is stored in the database of biometric security audit. The system administrator cannot read, because he does not have the secret key of the biometrics confidentiality guarantee (lawyer) and there is no secret key of the audit collection tool, since the secret key of the audit collection tool does not leave this tool and is not stored in the system (it is periodically destroyed after a new pair is generated keys).

The achievement of the technical result from the implementation of the proposed method according to claim 1 in the corporate electronic document management system is ensured by the fact that the person entrusted with the investigation of incidents can, through the biometrics confidentiality guarantor, know exactly whether the user himself or someone formed a user’s digital signature for him corporate document. If during the investigation it is revealed that another person is recorded in the photo of the person forming the digital signature under the electronic document, then the guarantor of confidentiality (user’s lawyer) receives a document justifying his client. In addition, the lawyer also receives the biometric handwritten image of the password word, possibly reproduced not by his client and being in this situation additional security information, as well as additional evidence allowing, along with the photograph of the attacker, to conduct an effective investigation. The investigation should establish the details of the attack on biometric protection: whether the neural network biometric container with user data was replaced, or the attacker learned how to correctly reproduce the legal password word-in-law by handwriting with long trainings. At the same time as the user's biometrics, the lawyer receives confidential biometric-cryptographic information of the user in the form of intermediate biometric-cryptographic authentication data, which should allow specialists to identify a possible attack on the biometric-cryptographic protection mechanism (for example, the integrity mechanism of protection mechanisms may be temporarily disabled or temporarily disabled error propagation mechanism of a neural network biometric container).

In the case of the implementation of claim 2, the claims for the person conducting the analysis of the biometric audit form their pair from the public and secret key. Further, the audit collection tool encrypts photographs of everyone who forms an electronic digital signature with the participation of the public key of the person performing the biometric audit. That is, the person conducting the audit review can at any time check who forms this or that electronic digital signature. Having access to part of the biometric information in the form of photographs of persons involved in the formation of the digital signature, the examiner can easily make sure that users (employees of the corporation) are not trying to form the digital signature for each other. When maintaining corporate accounting, the transfer of the right to form an electronic digital signature from one person to another person is unacceptable.

In addition, at the time of negative authentication (red traffic light), the proposed method documents the increased amount of biometric information with encryption on the public key of the person performing the audit analysis. For example, a handwritten biometric image of a user password word is documented. That is, in clearly dangerous situations, the person conducting the audit analysis and operational investigations has at his disposal a much larger amount of personal biometric information. This ultimately facilitates audit parsing and investigation of dangerous incidents.

In the case of implementation of claim 3 of the claims, the acceleration of parsing of the audit and investigation of incidents can be carried out with the involvement of the user. According to claim 3 of the formula, the user for himself creates another pair of the public key and the secret key. The newly created pair should be different from the pair already used by the user in corporate electronic document management, which guarantees against abuse by the owners of the protected information system. According to the proposed method, they collect all personal biometric information and encrypt it not only with the participation of the public key of the guarantor of confidentiality, but also with the participation of the new public key of the user (they receive two different ciphers). In this case, the user himself stores his second secret key in the form of records on paper at home. At the same time, the user, if necessary, gets access to all his personal biometric information. Situations when the user will doubt his safety or the audit parser asks him to participate in the investigation of attacks on his biometrics are rare. In this regard, the user rarely uses his second secret key and its storage is quite acceptable at home in the form of paper notes. The user often has to subscribe to official documents (several times a day) and in this case biometric access to the first secret key of creating an electronic digital signature under a corporate electronic document is justified. The workflow using the first secret key is much higher than the workflow using the second secret key used to possibly read your own biometric audit.

Thus, the use of the method according to claim 3 of the proposed invention enables the user to participate in the analysis of the audit if he wishes and to cooperate with the person conducting the analysis of the audit. At the same time, the time of operational investigations is significantly reduced due to the fact that the procedures for official appeal to the guarantor of confidentiality of biometrics (for example, to the user's lawyer) are excluded. If the user refuses to cooperate in the investigation of the incident, the investigation is carried out with the participation of only his guarantor of confidentiality (for example, his lawyer) by the security support forces of the corporate information system or, if necessary, by the state law enforcement agencies.

Information sources

1. Patent RU No. 2206125 C2 (application No. 200116631/09), priority 19.11.1998, IPC ⁷ G07G 19/00, G07G 1/14, G06F 17/60, “Electronic banking machine and system with autonomous audit tools”, applicant DYBOLD, INCORPORATED (US).

2. Patent RU No. 2278223 C2 (application No. 2003125689/09), IPC H04L 9/32, “Method for signing documents by electronic analog-to-digital signature and device for its implementation”, published on 10.11.2006, Bull. No. 31, author Gertner D.A., patent holder of LLC “Cruise” (RU).

3. Application No. 2007120788/09 (022642), priority 04.06.2007, IPC H04L 9/32, “Method for the generation of electronic documents and a device for its implementation”, applicants: Ivanov A.I., Funtikov V.A.

4. Yu.V. Romanets, P. A. Timofeev, V. F. Shangin “Information protection in computer systems and networks”. Moscow: Radio and Communications, 1999, p. 125.

Claims (3)

1. A method of generating an audit of personal biometric information, which consists in storing information that occurs during biometric authentication in the form of a user name or nickname, the time of authentication, the number of authentication attempts, the number of errors detected in the access code, the configuration of the biometric authentication tool at the time of the authentication attempt being registered, characterized in that they periodically form a new pair of public and private keys of a biometric audit data collection tool and periodically destroy the old secret key of the biometric audit data collection tool, when registering the user, provide the security audit collection system with a public key guarantee certificate of the user's confidentiality, then when the user takes responsible actions in the protected information system, the personal biometric information audit collection tools will remember the biometric images presented by the user and part corresponding states of biometric-cryptographic means authentication, after which the received information is encrypted on the public key of the guarantor of confidentiality and the secret key of audit collection tools, the encrypted information is stored in the personal biometric audit database in conjunction with the public key of the biometric audit data collection tool and the guarantee key of the confidentiality valid at the time of encryption, and the public key biometric and biometric-cryptographic information is destroyed, while the encrypted personal biometric and biometric-cryptographic Rafic information is stored in the biometric audit database until a dangerous incident is detected in the protected information system; upon detection of a dangerous incident and its investigation, a personal biometric information audit parser is appointed, who officially contacts the user privacy guarantor and sends him personal user biometric information cryptograms and the public key of the tool collecting a personal biometric audit, upon receipt of which, the guarantor of confidentiality does the conclusion about the legality of the motives for accessing it and, if this does not contradict the legislation and moral standards, reveals personal biometric and biometric-cryptographic information encrypted on its open key. 2. The method according to claim 1, characterized in that prior to launching the biometric audit data collection tools, they form another pair of public and private keys for the person authorized to analyze the biometric audit, then this public key is delivered to all biometric audit collection tools, after of which all personal biometric information or only part of it presented by the user is encrypted on a secret key of the audit collection tool and in the public key of a person authorized to analyze the audit and investigate detected it is a cdent, in this case, the received cryptogram of personal biometric data is partially stored in the audit database (the size of the memorized part is determined by the security policy adopted in the protected system), if the biometric authentication procedure was successful, and if the authentication was unsuccessful, the memorized part of the cryptogram is increased. 3. The method according to claim 1, characterized in that the user creates a pair of public and private keys for himself and, in parallel with the public key of the guarantor of confidentiality, provides his public key to the biometric audit data collection tool, while additionally encrypting personal biometric data using the user's public key and store all the received biometric data cryptograms in an audit in conjunction with the audit collection tool that was in force at the time of encryption.