Main

About

Contact

GRIFFIN Consulting

phillipgriffin.com

Information Security Consulting

Products

Software

Capabilities

Innovation

Patents Pending:

20100201498 - Associating a Biometric Reference Template With a Radio Frequency Identification Tag

A system, method and program product for associating a biometric reference template with a RFID tag embedded in or attached to a physical object. The method includes coupling a RFID tag having a unique tag identifier to a physical object to be associated with an individual, providing a reference template having a unique reference template identifier that uniquely identifies biometric data pertaining to the individual and forming an association between the reference template and the tag, where the association provides a relationship, including a relationship type, between the object and the individual. In an embodiment, the forming step includes creating a biometric attribute in the tag for identifying the template identifier for the reference template or creating a tag attribute in the reference template, where the biometric attribute created in the tag and the tag attribute in the biometric application form an association between the object and the reference template.
20100201489 - Communicating a Privacy Policy Associated With a Radio Frequency Identification Tag and Associated Object

A system, method and program product for communicating a privacy policy associated with a RFID tag. The method includes defining in an tag a first identifier for uniquely identifying the object and a second identifier for uniquely identifying a privacy policy that indicates a proper and intended use and level of protection to be afforded data/information transmitted by the identification tag coupled to the object, associating the second identifier with the first identifier, each of the first identifier and the second identifier being coupled to the identification tag, and responsive to detection of a communication signal received from a receptor, transmitting the first identifier and the second identifier, which includes an accept-reject provision for controlling dissemination and usage of the data/information transmitted by the identification tag, where based on a response received to the accept-reject provision, the data/information is either transmitted or not transmitted to the recipient.
20110213981 - Revocation of a Biometric Reference Template

A system, method and program product for generating a biometric reference template revocation message on demand. The method includes generating, using a biometric reference template revocation engine, a biometric reference template revocation message and loading the biometric reference template revocation engine onto a secure portable device for generating on demand of the individual the biometric reference template revocation message.
20100205431 - Privacy Preserving Biometric Reference Template Revocation Status Checking

A system, method and program product for checking the revocation status of a biometric reference template. The method includes creating a revocation object for a reference template generated for an individual, where the revocation object contains first plaintext data providing a location for checking revocation status of the reference template and containing ciphertext data identifying the unique reference template identifier and a hash of the reference template. The method further includes providing the revocation object to a relying party requesting revocation status and sending a request to an issuer of the reference template for checking the revocation status of the reference template, without revealing identity of the individual. The method further includes returning results of the revocation status check to the relying party. In an embodiment, a random value is added to the ciphertext data for preserving privacy of the reference template holder.
20100205452 - Communicating a Privacy Policy Associated With a Biometric Reference Template

A system, method and program product for communicating a privacy policy associated with a reference template. The method includes assigning a first identifier for identifying a reference template created from biometric data collected, defining a second identifier for identifying a privacy policy that indicates a level of protection to be provided by a relying party requesting access to the reference template, the second identifier including an accept-reject provision for controlling the proper use and handling of the biometric data, cryptographically binding the reference template to the privacy policy and transmitting, responsive to a request received from the relying party, the accept-reject provision for the reference template, where based on a response received from the relying party to the accept-reject provision for the privacy policy, the reference template is either transmitted or not transmitted to the relying party.
20100205658 - Generating a Cancelable Biometric Reference Template On Demand

A system, method and program product for generating a cancelable biometric reference template on demand. The method includes creating, using a biometric application, a base reference template having a unique biometric template identifier that uniquely identifies biometric data corresponding to a biometric sample collected for an individual and generating, utilizing a transformation engine, a cancelable reference template derived from the base reference template, where the cancelable reference template generated is used by the individual to participate in a new biometric application without having to provide a new biometric sample or without having to rely on a biometric service provider to issue a new reference template for the new biometric application. The method further includes injecting the base reference template created into a secure portable device issued to the individual and loading the transformation engine onto the device for generating on demand the cancelable reference template.
20100205660 - Cancelable Biometric Reference Template Creation Event Journal Record

A system, method and program product for recording the creation of a cancelable biometric reference template in a biometric event journal record. The method includes providing a base biometric reference template having a unique base reference template identifier that uniquely identifies base biometric data collected for an individual, applying a data transform function having a first function key value to the base biometric reference template to create one cancelable biometric reference template and recording the one cancelable biometric reference template in a biometric event journal record. The method further includes creating additional cancelable biometric reference templates using different function key values of the data transform function. The method further includes encrypting the data transform function and the function key value applied to the base biometric reference template. The method further includes signing the cancelable biometric reference template and signing the biometric event journal with a digital signature.
2010....... - Compact Attribute for Cryptographically Protected Messages

A method for verifying a signature of a signed message comprises: receiving, by a recipient, the signed message from a sender, wherein the signed message comprises a compact attribute comprising components appearing in a predefined order, the components being identified by an object identifier associated with the compact attribute, the components comprising a processing flag and a security assertion, wherein the processing flag comprises rules to process the security assertion, and wherein the security assertion is made by an authority trusted by both the sender and the recipient; recovering the components of the compact attribute comprising the processing flag and the security assertion, by parsing the signed message from said receiving; and validating the signature of the signed message based on the processing flag and the security assertion.

Publications:

Repository-Level Biometric Reference Template Attribute , IP.com Journal, January 22, 2009.
IBM invention IPCOM000178316D. This invention disclosure defines a compact attribute format aimed at minimal storage and transmission bandwidth while preserving unique identification of attribute content and ease of use. This compact attribute is appropriate for use in applications that may interact with mobile devices or rely on networks with limited bandwidth. It can also be used to improve the throughput of high volume transaction applications, such as those that involve Internet commerce. The reduced size of a compact attribute makes it ideal for use in cryptographic modules, such as smart cards, that may have a very limited storage capacity, or in information security management applications that may involve millions of biometric reference templates. In all these environments, smaller attributes reduce transaction bandwidth and consume less memory.
Cancelable Biometric Loyalty Template Services , IP.com Journal, January 14, 2009.
IBM invention IPCOM000178052D. This invention disclosure defines an a process and system that eliminates the need for an individual to submit to successive physical enrollments in order to participate in multiple biometric systems.
ISO 19092: A Standard for Biometric Security Management , ISSA Journal, January 2007.
"Organizations that rely on biometric technology need to protect and manage the security of their biometric assets. Biometric systems security and the management of biometric information security must become integrated into the organization's overall information security management program. This program should be based on policy defined to meet the business objectives of the organization, and a risk-based approach should be used to select and impose proper controls and monitor their effectiveness."
An important milestone for the financial services security - Public Key Infrastructure (PKI) Certificate Extensions, ISO Bulletin, May 2002.
"We live in a world that relies on computers and electronic networks. Governments and businesses and banks, in particular, count heavily on computerized processes for most, if not all, of their day-to-day activities. Financial services are a critical infrastructure that must be protected from disruption, even as these services become ever more exposed on public networks. In the new digital environment, a Public Key Infrastructure (PKI) ensures that sensitive electronic communications are private and protected from tampering."

White papers:

Key Commitment Using CMS In ECMQV Key Agreement , Raleigh ISSA Chapter, 2006:
This paper describes how to use Cryptographic Message Syntax (CMS) type DigestedData for key control in a key committment protocol during the key distribution procedure in an Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement scheme for key establishment. Annotated example messages generated using the GRIFFIN Consulting XCMS Toolkit are provided.

Course offerings:

GRIFFIN Consulting offers half day and full day training sessions in the topics listed below. These courses can be held in Raleigh, North Carolina, USA, or on site at your business location. All course materials have been created by Phil Griffin, who also leads these sessions. Contact GRIFFIN Consulting for scheduling and pricing information.

Course: C0001
Title: S/MIME - Basic Cryptographic Message Syntax (CMS)

Abstract: This course provides an introduction to Cryptographic Message Syntax (CMS) and XML CMS, and describes the history, application, message types, and notation used to provide data integrity, origin authentication, and data privacy services using digital signatures, message digests (hashes), and symmetric and asymmetric encryption of arbitrary content.
[Outline]
Course: C0002
Title: S/MIME - Advanced Cryptographic Message Syntax (CMS)

Abstract: This course extends the introduction to Cryptographic Message Syntax (CMS) and XML CMS, presenting advanced information on key management techniques for key establishment. Topics include signed data signature and verification processing, Diffie-Hellman and ECMQV key agreement techniques, and key control using a key commitment protocol. A brief review of introductory CMS concepts is also provided.
[Outline]
Course: C0003
Title: ASN.1 - Basic Abstract Syntax Notation One

Abstract: This course provides a basic introduction to Abstract Syntax Notation One (ASN.1) and presents useful types. The student is introduced to the concept of modules, object identification and the specification of XML values based on an abstract schema.
[Outline]
Course: C0004
Title: ASN.1 - Advanced Abstract Syntax Notation One

Abstract: This course extends the basic introduction to Abstract Syntax Notation One and presents concepts of information objects, classes and sets. Encoding rules commonly used in security protocols are described, including XML Encoding Rules (XER) and Distinguished Encoding Rules (DER).
[Outline]

Information Object Identifier Registry:

GRIFFIN Consulting maintains a registry of information object idetifiers and makes all OID assignments available to the public in the file: oidreg.txt. Identified information object identifiers are provided here for client enterprizes, examples, products, and other named objects.

GRIFFIN Consulting will provide your business with a unique OID for $ 300.00 (US). GRIFFIN Consulting will design and create an information object registry based on your new OID for an additional $ 200.00.