Patent attributes
A method of secure biometric authentication is disclosed that shuffles arrays of biometric data in a sequence determined by user's secret input. The user is authenticated by comparing arrays of biometric data shuffled on the client side with the arrays of biometric data stored on the server side and shuffled in the very same sequence. Additional layer of security is provided by second shuffling in accordance with a number generated on the server and transmitted to the client after encoding with the user's public key/string retained on the server during enrollment. Real biometric data and sequences of shuffling are neither stored not transmitted anywhere; therefore, the privacy of the user is guaranteed. Security of the data transmitted to the server is not relevant because an attacker does not know the user's private key which is repeatedly recreated on the client from the real biometric data of the user.
