	US 12,335,385 B2
	Biometric data protection during decentralized biometric authentication
Hua Yang, Millbrae, CA (US); Leonid Kontsevich, San Francisco, CA (US); Kevin Horowitz, Sherman Oaks, CA (US); and Igor Lovyagin, Deerfield, IL (US)
Assigned to Redrock Biometrics, Inc., San Francisco, CA (US)
Filed by REDROCK BIOMETRICS INC, San Francisco, CA (US)
Filed on Sep. 9, 2020, as Appl. No. 17/016,171.
Application 17/016,171 is a continuation in part of application No. 17/013,772, filed on Sep. 7, 2020.
Application 17/013,772 is a continuation in part of application No. 16/964,981, granted, now 11,823,194, previously published as PCT/US2019/015465, filed on Jan. 28, 2019.
Prior Publication US 2021/0044429 A1, Feb. 11, 2021
Int. Cl. H04L 9/08 (2006.01); H04L 9/30 (2006.01); H04L 9/40 (2022.01)

CPC H04L 9/088 (2013.01) [H04L 9/30 (2013.01); H04L 63/0435 (2013.01)]

7 Claims

1. A method for biometric authentication of an electronically-captured user live scan against a biometric template digitally stored on a user computing device, by a decentralized computing network comprising a plurality of processors, each processor comprised of a network-connected computer and being associated with a processor encryption key pair comprising a processor public encryption key and a processor private encryption key, the method comprising:

receiving, by the user device via a digital communications network, a plurality of processor public encryption keys, each key associated with one of said plurality of processors;

generating, by the user device, a user device symmetric encryption key;

generating, by the user device, an encrypted live scan and encrypted template by encrypting a biometric live scan procured by the user device and a biometric template stored on the user device, using the user device symmetric encryption key;

encrypting, by the user device, a plurality of copies of the user device symmetric encryption key, each copy encrypted using a different one of the processor public encryption keys;

transmitting, by the user device via the digital communications network, authentication requests to a plurality of the processors, each authentication request comprising the encrypted live scan, the encrypted template, and one of said copies of the user device symmetric encryption key having been encrypted with the one of said processor public encryption keys corresponding to processor to which the authentication request is directed; and

receiving, by the user device via the digital communications network, biometric matching results from the one or more processors based upon comparison of the biometric template and the biometric live scan, each processor having decrypted at least one encrypted copy of the user device symmetric key using one of said processor private encryption keys and having utilized the user device symmetric key to decrypt the encrypted live scan and encrypted template;

wherein the step of transmitting authentication requests to a plurality of processors comprises: (a) transmitting a first authentication request to a transaction director comprising a network-connected computer; and (b) further transmitting, from the transaction director to each of the plurality of processors, a second authentication request comprising: the encrypted live scan, the encrypted template, and an encrypted copy of the user device symmetric encryption key encrypted by a processor public key associated with the processor to which the second authentication request is transmitted.