摘要 |
A system is disclosed consisting of a token, such as a smart card, and a token reader for reading the token. The token has a digital certificate stored on it, containing a private key and a public key. The token also stores cryptographically encoded biometric data obtained from the user in an enrolment process. The cryptographic encoding may take the form of hashing, or reversible encryption but in either case preferably involves the public key from the digital certificate. The private key of the digital certificate is protected using the biometric data. When a user wishes to use the private key he must provide a biometric sample to the token reader, which cryptographically encodes the sample and compares it with the cryptographically encoded sample stored on the token. If they match the private key of the digital certificate may be accessed. The comparison may be performed within the token, so that the biometric data does not have to leave the token. Alternatively the comparison may be performed externally of the token.
|