Patent attributes
A method performed by a client device of enrolling biometric data of a user with a network node over a secure communication channel comprises capturing the biometric data, transforming the biometric data into a first set of transformed biometric data using a first feature transformation key, generating a second feature transformation key, and transforming the biometric data into a second set of transformed biometric data using the second feature transformation key. The method further comprises encrypting the first and second set of transformed biometric data with an encryption key, encrypting the second feature transformation key with another encryption key shared with the network node at which the first and second sets of transformed biometric data are to be enrolled, and submitting, to the network node, an Enrollment request comprising the encrypted first and second sets of transformed biometric data, the encrypted second feature transformation key, and user profile data.
