Network of biometrically secure devices with enhanced privacy protection

摘要

Various methods and devices that involve biometrically secured networked devices with enhanced privacy protection are disclosed. For example, a computer-implemented method for onboarding a first biometrically secured device to a network is disclosed. The method comprises generating an asymmetric key pair, transmitting the public key to a second device, and receiving an encrypted master encryption key from the second device. The master key is encrypted with the public key. The method also comprises decrypting the encrypted master encryption key using the private key and receiving an encrypted set of biometric data. The encrypted set of biometric data is a set of biometric data that is encrypted with the master encryption key. The method also comprises storing the set of biometric data on a memory of the first device. The set of biometric data uniquely identifies at least two users that are registered to use both the first and second devices.

主权项

1. A computer-implemented method for onboarding a third biometrically secured point of sale device to a network comprising:
generating, using a secure execution environment on a first biometrically secured point of sale device, an asymmetric key pair, wherein the asymmetric key pair includes a private key and a public key; transmitting the public key to a second biometrically secured point of sale device; receiving an encrypted master encryption key from the second biometrically secured point of sale device, wherein the encrypted master encryption key is a master encryption key that is encrypted with the public key; decrypting, using the secure execution environment and the private key, the encrypted master encryption key; receiving an encrypted set of biometric data, wherein the encrypted set of biometric data is a set of biometric data that is encrypted with the master encryption key; storing the set of biometric data on a memory of the first biometrically secured point of sale device; receiving a second public key from a second asymmetric key pair, wherein the second asymmetric key pair includes a second private key and the second public key, and wherein the second asymmetric key pair is generated using a second secure execution environment on the third biometrically secured point of sale device; encrypting, using the secure execution environment and the second public key, the encrypted master encryption key; transmitting a second encrypted master encryption key to the third biometrically secured point of sale device, wherein the second encrypted master encryption key is the master encryption key that is encrypted with the second public key; and transmitting the encrypted set of biometric data to the third biometrically secured point of sale device, wherein the encrypted set of biometric data is a set of biometric data that is encrypted with the master encryption key; wherein the set of biometric data uniquely identifies at least two users that are registered to use the first, second and third biometrically secured point of sale devices.