摘要 |
<p>Methods of storing and decrypting biometrics templates on a terminal network are described. A biometrics template (14) is encrypted (18) using a key (16), and the key (16) is then divided into a number of key shares (20). The encrypted template (18), a key share (20), and a user identifier (22) are then combined to give an identification string (24). A number of strings (24) are then stored on separate terminals (26) of a terminal network (28). To decrypt the template (14), a user offers their identifier (22) to a terminal (26). The required number of identification strings (24) having that identifier (22) are retrieved from their respective terminals (26) on the network (28), and the key shares (20) combined to generate a key (16) which is then used to decrypt the template (14). The decrypted template (14) may then be used to verify the identity of the user. Using the present method, neither the unencrypted template nor the complete decryption key are transferred across the network, so improving security.</p> |