FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See Section 10 and Rule 13)
Title of invention:
METHOD AND SYSTEM FOR BIOMETRIC SINGLE SIGN-ON AUTHENTICATION VIA HOMOMORPHIC HASH BASED MESSAGE AUTHENTICATION CODE
Applicant
Tata Consultancy Services Limited A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India
Preamble to the description:
The following specification particularly describes the invention and the manner in which it is to be performed.

TECHNICAL FIELD [001] The disclosure herein generally relates to the field of cybersecurity and, more particularly, to a method and system for biometric single sign-on authentication via homomorphic hash based message authentication code. 5
BACKGROUND [002] Single Sign On (SSO) authentication is preferred nowadays over other authentication mechanisms to reduce password related security risks and to avoid phishing attacks. The SSO is an authentication scheme where users can
10 securely authenticate and gain access to multiple applications and websites by
only logging in with a single username and password. SSO reduces the number of attack surfaces because user’s login once each day and use one set of credentials. Reducing the number of login to one set of credentials improves security of organizations.
15 [003] However, in conventional SSO methods, identity providers typically
have full access to the user's biometric information, making them susceptible for attackers and potentially leading to privacy breaches or unauthorized sharing of biometrics. Further, in conventional methods, users often have limited control on how their biometric information is used, shared or processed. Even if the biometric
20 information is stored in encrypted form using traditional encryption schemes, it still
needs to be decrypted for user authentication. Current SSO systems require user's biometric information either in plain or in encrypted format for authentication. However, even if biometrics are encrypted, they need to be decrypted at the identity provider side at some point to authenticate a user. This can lead to privacy concerns
25 for the users as it exposes biometric information to the identity provider. Therefore,
it is challenging to develop a technology solution that can perform SSO authentication without revealing biometric information.

SUMMARY
[005] Embodiments of the present disclosure present technological
improvements as solutions to one or more of the above-mentioned technical
problems recognized by the inventors in conventional systems. For example, in one
5 embodiment, a method for Biometric single sign-on authentication via
homomorphic hash based message authentication code is provided. The method includes receiving, by one or more hardware processors of a service provider, a service request from a user associated with a client machine. Further, the method includes sending, by the one or more hardware processors of the service provider
10 via an identity provider, an authentication request to the client machine for the
service request, wherein the client machine performs (i) capturing a biometric data pertaining to the user using a biometric capturing device associated with the client machine, and (ii) generating an encrypted biometric data associated with the user based on the captured biometric data using a Fully Homomorphic Encryption (FHE)
15 public key of the user, wherein the encrypted biometric data is transmitted to the
identity provider for authentication. Furthermore, the method includes transmitting, by the one or more hardware processors of the service provider, a secure nonce to the identity provider, wherein the transmitted secure nonce is received by the identity provider post receiving the encrypted biometric data from the client
20 machine. Furthermore, the method includes receiving, by the one or more hardware
processors of the service provider, a decrypted authentication result and an associated decrypted proof from the client machine, wherein the decrypted authentication result and the associated decrypted proof are generated by the client machine based on an encrypted authentication result and an associated encrypted
25 proof received from the identity provider, and wherein the encrypted authentication
result is computed by the identity provider by: (i) computing a similarity score by comparing the encrypted biometric data with a plurality of biometric templates associated with a plurality of users pre captured and stored (ii) obtaining an encrypted authentication result by comparing the similarity score with a pre-defined
30 encrypted threshold, wherein the encrypted authentication result is one of, (i) a
match and (ii) a non-match and (iii) generating the associated encrypted proof for

the encrypted authentication result, wherein the encrypted authentication result and
the associated encrypted proof are transmitted to the client machine by the identity
provider. Furthermore, the method includes, re-computing, by the one or more
hardware processors of the service provider, an authentication tag based on the
5 received decrypted authentication result and the secret nonce. Finally, the method
includes providing service, by the one or more hardware processors of the service provider to the client machine, if the re-computed authentication tag matches with the associated decrypted proof.
[006] In another aspect, a system for biometric single sign-on
10 authentication via homomorphic hash based message authentication code is
provided. The system includes a plurality of client machines, an identity provider and a service provider, wherein the service provider, the plurality of client machines and the identity provider comprises at least one memory storing programmed instructions; one or more Input /Output (I/O) interfaces; and one or more hardware
15 processors of the service provider, the plurality of client machines and the identity
provider are operatively coupled to a corresponding at least one memory, wherein the system is configured to receive, by a service provider, a service request from a user associated with a client machine. Further, the system is configured to send, by the service provider via an identity provider, an authentication request to the client
20 machine for the service request, wherein the client machine performs (i) capturing
a biometric data pertaining to the user using a biometric capturing device associated with the client machine, and (ii) generating an encrypted biometric data associated with the user based on the captured biometric data using a Fully Homomorphic Encryption (FHE) public key of the user, wherein the encrypted biometric data is
25 transmitted to the identity provider for authentication. Furthermore, the system is
configured to transmit, by the service provider, a secure nonce to the identity provider, wherein the transmitted secure nonce is received by the identity provider post receiving the encrypted biometric data from the client machine. Furthermore, the system is configured to receive, by the service provider, a decrypted
30 authentication result and an associated decrypted proof from the client machine,
wherein the decrypted authentication result and the associated decrypted proof are

generated by the client machine based on an encrypted authentication result and an
associated encrypted proof received from the identity provider, and wherein the
encrypted authentication result is computed by the identity provider by: (i)
computing a similarity score by comparing the encrypted biometric data with a
5 plurality of biometric templates associated with a plurality of users pre captured and
stored (ii) obtaining an encrypted authentication result by comparing the similarity score with a pre-defined encrypted threshold, wherein the encrypted authentication result is one of, (i) a match and (ii) a non-match and (iii) generating the associated encrypted proof for the encrypted authentication result, wherein the encrypted
10 authentication result and the associated encrypted proof are transmitted to the client
machine by the identity provider. Furthermore, the system is configured to re-compute, by service provider, an authentication tag based on the received decrypted authentication result and the secret nonce. Finally, the system is configured to provide service, by the service provider to the client machine, if the re-computed
15 authentication tag matches with the associated decrypted proof.
[007] In yet another aspect, a computer program product including a non-transitory computer-readable medium having embodied therein a computer program for biometric single sign-on authentication via homomorphic hash based message authentication code is provided. The computer readable program, when
20 executed on a computing device, causes the computing device to receive, by a
service provider, a service request from a user associated with a client machine. Further, the computer readable program, when executed on a computing device, causes the computing device to send, by the service provider via an identity provider, an authentication request to the client machine for the service request,
25 wherein the client machine performs (i) capturing a biometric data pertaining to the
user using a biometric capturing device associated with the client machine, and (ii) generating an encrypted biometric data associated with the user based on the captured biometric data using a Fully Homomorphic Encryption (FHE) public key of the user, wherein the encrypted biometric data is transmitted to the identity
30 provider for authentication. Furthermore, the computer readable program, when
executed on a computing device, causes the computing device to transmit, by the

service provider, a secure nonce to the identity provider, wherein the transmitted
secure nonce is received by the identity provider post receiving the encrypted
biometric data from the client machine. Furthermore, the computer readable
program, when executed on a computing device, causes the computing device to
5 receive, by the service provider, a decrypted authentication result and an associated
decrypted proof from the client machine, wherein the decrypted authentication result and the associated decrypted proof are generated by the client machine based on an encrypted authentication result and an associated encrypted proof received from the identity provider, and wherein the encrypted authentication result is
10 computed by the identity provider by: (i) computing a similarity score by comparing
the encrypted biometric data with a plurality of biometric templates associated with a plurality of users pre captured and stored (ii) obtaining an encrypted authentication result by comparing the similarity score with a pre-defined encrypted threshold, wherein the encrypted authentication result is one of, (i) a match and (ii)
15 a non-match and (iii) generating the associated encrypted proof for the encrypted
authentication result, wherein the encrypted authentication result and the associated encrypted proof are transmitted to the client machine by the identity provider. Furthermore, the computer readable program, when executed on a computing device, causes the computing device to re-compute, by service provider, an
20 authentication tag based on the received decrypted authentication result and the
secret nonce. Finally, the computer readable program, when executed on a computing device, causes the computing device to provide service, by the service provider to the client machine, if the re-computed authentication tag matches with the associated decrypted proof.
25 [008] It is to be understood that both the foregoing general description and
the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS
[009] The accompanying drawings, which are incorporated in and
constitute a part of this disclosure, illustrate exemplary embodiments and, together
with the description, serve to explain the disclosed principles:
5 [0010] FIG. 1A is a functional block diagram of a system for biometric
single sign-on authentication via homomorphic Hash based Message Authentication Code (HMAC), according to some embodiments of the present disclosure.
[0011] FIG. 1B is a functional block diagram of a computing device
10 associated with the system of FIG. 1A, according to some embodiments of the
present disclosure.
[0012] FIGS. 2A and 2B are exemplary flow diagrams for the method for
biometric single sign-on authentication via homomorphic HMAC implemented by
the system of FIG. 1A, in accordance with some embodiments of the present
15 disclosure.
[0013] FIG. 3A illustrates an activity diagram for biometric registration for
a method for biometric single sign-on authentication via homomorphic HMAC
implemented by the system of FIG. 1A, according to some embodiments of the
present disclosure.
20 [0014] FIG. 3B illustrates an activity diagram illustrating the method for the
biometric single sign-on authentication via homomorphic HMAC, in accordance with some embodiments of the present disclosure.
DETAILED DESCRIPTION OF EMBODIMENTS
25 [0015] Exemplary embodiments are described with reference to the
accompanying drawings. In the figures, the left-most digit(s) of a reference number
identifies the figure in which the reference number first appears. Wherever
convenient, the same reference numbers are used throughout the drawings to refer
to the same or like parts. While examples and features of disclosed principles are
30 described herein, modifications, adaptations, and other implementations are
possible without departing from the spirit and scope of the disclosed embodiments.

[0016] Hash-based Message Authentication Code (HMAC) is a result of
work done on developing a MAC derived from cryptographic hash functions.
HMAC has great resistance towards cryptanalysis attacks as it uses the hashing
concept twice. HMAC consists of twin benefits of Hashing and MAC and thus is
5 more secure than any other authentication code.
[0017] Homomorphism property preserves new secure method to perform a group of operations on ciphertexts in untrusted third party without knowledge of any secret information. The ability to perform simple computation on ciphertexts leads to a lot of applications and security protocols, but the complicated structure
10 of homomorphic cryptosystems limits applicability in some protocols that need fast
computation.
[0018] Conventional Biometric-Single Sign On (B-SSO) user
authentication workflow has two phases named enrollment phase and authentication phase. In enrollment workflow, a biometric device captures the
15 user’s biometric data (e.g. fingerprints, iris) and extracts specific features from it.
The template associated with the user is then stored in a database or secure location at identity provider. In the authentication workflow, the system extracts feature from the newly captured biometric data in a similar manner to the enrollment phase. The template created from the extracted features of the current biometric is
20 compared with the template stored during enrollment. This is typically done using
matching algorithms like similarity score, or decision based techniques. If the similarity score exceeds a predefined threshold or falls within an acceptable range, the authentication is considered successful, and the user is granted access. Otherwise, authentication fails.
25 [0019] In the said conventional SSO methods, the identity provider has full
access to the user’s biometric information and the user has limited control on how his biometric information is used, shared or processed. Even though the biometric information is stored in an encrypted form, using traditional encryption schemes, biometrics need to be decrypted to authenticate a user. Once biometric information
30 is compromised, it is not possible for users to revoke or change their biometric
credentials, unlike passwords or tokens that can be easily reset.

[0020] To overcome the challenges of the conventional approaches, embodiments herein provide a method and system for biometric single sign-on authentication via homomorphic HMAC. The present disclosure helps in authenticating user without revealing the biometric information to a third- party 5 identity provider. This is done by encrypting the biometric information and leveraging homomorphic Hash based Message Authentication Code (HMAC) to authenticate user without decrypting biometric information. The proposed invention provides a protocol for biometric authentication in SSO using homomorphic HMAC.
10 [0021 ] The present disclosure proposes a construction that can authenticate
a user without revealing his/her biometric information to the identity provider. This is done by encrypting the biometric information and leveraging homomorphic HMAC for trusted decryption. The present disclosure eliminates the need for (i) device binding of private keys on user-side as needed in passkeys, and (ii) storing
15 un-encrypted biometric templates at the identity provider as needed in current B-SSO systems.
[0022] Fully Homomorphic Encryption (FHE), considered as holy grail of cryptography, enables computations on encrypted data without the need for decryption, thereby preserving privacy of the data. For a set of FHE ciphertexts
20 corresponding to a set of plaintexts, any arbitrary function can be evaluated without revealing the plaintexts. FHE supports addition and multiplication as primitive operations as shown in equations (1) and (2).
���(� + �) = ���(�) + ���(�) ………………. (1) ���(�∗�)=���(�) ∗ ���(�) ………………… (2)
25 [0023] A public key FHE scheme � consists of an additional ����� along
with the usual (�������, ����, ����) from any other public key scheme. ����� is
the evaluation algorithm used for computations on encrypted data. This algorithm
takes as input a polynomial expression � and a set of ciphertexts � =
{�0,�1 ��} as inputs to �.
30 [0024] The input output of ����� satisfies following equation (3):

����(�����(�,�,��),��) = �(����(�,��)) ………………(3)
[0025] To improve the efficiency of homomorphic operations and to reduce
space complexity, one can leverage homomorphic batching technique where
multiple plaintexts are batched into a single ciphertext. On this batched ciphertext,
5 operations can be performed on component wise plaintexts and can be executed in
parallel in Single Instruction Multiple Data (SIMD) manner.
[0026] Homomorphic HMAC: In scenarios where user outsources its computations to the server, and it should know only about the result of the computation but not the inputs. For server, to know the result, it should send the 10 encrypted result back to the user for decryption. However, there is no guarantee that the user is sending the correct decrypted result back to the server. Trusted decryption primitive ensures the proof of correctness of the decrypted result sent by the user. The trusted decryption workflow is as follows: 1. Outsource Computation: User outsources a computation �(�) to a server. 15 2. Encrypt inputs: User encrypts inputs ip using FHE public key to get ����(��).
3. Transfer inputs: User transmits encrypted inputs ����(��) to server.
4. Compute: Server computes a function � on encrypt inputs: �(����(��)) to get ����(������).
5. Compute Proof: Server uses a secret nonce � to compute proof of result using
20 homomorphic HMAC as follows:
����(���)= ���_����(����(������), ����(�)) ……… (4)
6. Forward Result: Server forwards ����(������) and ����(���) to user.
7. Decrypt Result and Proof: User decrypts the ����(������) and ����(���) using
ski to get result and tag. Here, tag acts as a trusted decryption and ensures that
25 user has not tampered with the result.
8. Send Decrypted Result and Proof: User sends result and tag to the server.
9. Proof of Decrypted Result: Server re-computes tag using the result sent by the user and secret nonce N using
���� = ���� (������, �) ………..(5)

���� is compared with tag shared by the user. If comparison is successful, server confirms that result has not been tampered by the user.
[0027] Referring now to the drawings, and more particularly to FIGS. 1A
through 3, where similar reference characters denote corresponding features
5 consistently throughout the figures, there are shown preferred embodiments, and
these embodiments are described in the context of the following exemplary system
and/or method.
[0028] FIG. 1A is a functional block diagram of a system 100 for the biometric single sign-on authentication via homomorphic HMAC, according to
10 some embodiments of the present disclosure. The system 100 includes a plurality
of client machines 102A, 102B through 102N, a service provider 104, a network 106, and an identity provider 108. The plurality of client machines 102A through 102N, the service provider 104 and the identity provider 108 are connected by the network 106.
15 [0029] In an embodiment, the network 106 can be a wireless or a wired
network, or a combination thereof. In an example, the network 106 can be implemented as a computer network, as one of the different types of networks, such as virtual private network (VPN), intranet, local area network (LAN), wide area network (WAN), the internet, and such. The network 106 may either be a dedicated
20 network or a shared network, which represents an association of the different types
of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), and Wireless Application Protocol (WAP), to communicate with each other. Further, network 106 may include a variety of network devices, including routers, bridges,
25 servers, computing devices, storage devices. The network devices within network
106 may interact with the system 102 through communication links.
[0030] In an embodiment, the plurality of client machines 102A through 102N, the service provider 104, and the identity provider 108 may be implemented in a computing device as shown in FIG. 1B. The plurality of client machine 102A
30 through 102N, the service provider 104, and the identity provider 108 can be a hand-
held device, a laptop or other portable computer, a tablet computer, a mobile phone,

a PDA, a smartphone, and a desktop computer. The client machine 102 and the proxy server machine 104 may also be implemented in a workstation, a mainframe computer, a server, and a network server.
[0031] FIG. 1B is a functional block diagram of computing device 107
5 associated with the system of FIG. 1A implementing the service provider 104/ the
identity provider 108/ the client machine 102, according to some embodiments of the present disclosure. The computing device 107 is otherwise in communication with hardware processors 120, at least one memory such as a memory 110, an I/O interface 118. The hardware processors 120, memory 110, and the Input /Output
10 (I/O) interface 118 may be coupled by a system bus such as a system bus 116 or a
similar mechanism. In an embodiment, the hardware processors 120 can be one or more hardware processors.
[0032] The I/O interface 118 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and
15 the like. The I/O interface 118 may include a variety of software and hardware
interfaces, for example, interfaces for peripheral device(s), such as a keyboard, a mouse, an external memory, a printer and the like. Further, interface 118 may enable the server machine 104 to communicate with other devices, such the client machine 102 via the network 106, web servers and external databases and the like.
20 [0033] The I/O interface 118 can facilitate multiple communications within
a wide variety of networks and protocol types, including wired networks, for example, local area network (LAN), cable, etc., and wireless networks, such as Wireless LAN (WLAN), cellular, or satellite. For the purpose, the I/O interface 118 may include one or more ports for connecting a number of computing systems with
25 one another or to another server computer. The I/O interface 118 may include one
or more ports for connecting a number of devices to one another or to another server.
[0034] The one or more hardware processors 120 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal
30 processors, central processing units, state machines, logic circuitries, and/or any
devices that manipulate signals based on operational instructions. Among other

capabilities, the one or more hardware processors 120 is configured to fetch and execute computer-readable instructions stored in memory 110.
[0035] The memory 110 may include any computer-readable medium
known in the art including, for example, volatile memory, such as static random
5 access memory (SRAM) and dynamic random access memory (DRAM), and/or
non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. In an embodiment, memory 110 includes a plurality of modules 112. Memory 110 also includes a data repository 114 for storing data processed, received, and generated
10 by the plurality of modules 112.
[0036] The plurality of modules 112 include programs or coded instructions that supplement applications or functions performed by the server machine 104 for the homomorphic HMAC scheme. The plurality of modules 112, amongst other things, can include routines, programs, objects, components, and data structures,
15 which performs particular tasks or implement particular abstract data types. The
plurality of modules 112 may also be used as, signal processor(s), state machine(s), logic circuitries, and/or any other device or component that manipulates signals based on operational instructions. Further, the plurality of modules 112 can be used by hardware, by computer-readable instructions executed by the one or more
20 hardware processors 120, or by a combination thereof. The plurality of modules
112 can include various sub-modules (not shown). The plurality of modules 112 may include computer-readable instructions that supplement applications or functions performed by the system 100 for the homomorphic HMAC scheme.
[0037] The data repository 114 may include a plurality of abstracted pieces
25 of code for refinement and data that is processed, received, or generated as a result
of the execution of the plurality of modules in module(s) 112.
[0038] Although the data repository 114 is shown internal to the system 100, it will be noted that, in alternate embodiments, the data repository 114 can also be implemented external to the system 100, where the data repository 114 may be
30 stored within a database (not shown in FIG. 1) communicatively coupled to the
system 100. The data contained within such an external database may be

periodically updated. For example, new data may be added into the database (not
shown in FIG. 1) and/or existing data may be modified and/or non-useful data may
be deleted from the database (not shown in FIG. 1). In one example, the data may
be stored in an external system, such as a Lightweight Directory Access Protocol
5 (LDAP) directory and a Relational Database Management System (RDBMS).
[0039] As understood by ordinary person skilled in the art, the client machines 102A through 102N has functional components similar to functional components of the service provider 104 and the identity provide 108 as depicted by computing device 107 in FIG. 2 and not repeated herein for brevity. The
10 components perform functions in accordance with instructions stored in the
memory block of the client device enabling the client device to communicate with server 104.
[0040] FIGS. 2A and 2B are exemplary flow diagrams for a processor implemented method for the biometric single sign-on authentication via
15 homomorphic HMAC implemented by the system of FIG. 1A and FIG. 1B
according to some embodiments of the present disclosure. In an embodiment, the computing device 107, implementing the server 104, comprises one or more data storage devices or the memory 110 operatively coupled to the one or more hardware processor(s) 120 and is configured to store instructions for execution of steps of the
20 method 200 by the one or more hardware processors 120. The steps of method 200
of the present disclosure will now be explained with reference to the components or blocks of the system 107 as depicted in FIG. 1B and the steps of flow diagram as depicted in FIG. 2A and FIG. 2B. The method 200 may be described in the general context of computer executable instructions. Generally, computer executable
25 instructions can include routines, programs, objects, components, data structures,
procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. Method 200 may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communication network. The order in which the
30 method 200 is described is not intended to be construed as a limitation, and any
number of the described method blocks can be combined in any order to implement

the method 200, or an alternative method. Furthermore, the method 200 can be
implemented in any suitable hardware, software, firmware, or combination thereof.
[0041] Entities of the present disclosure include User/Client machine,
Service Provider (SP) 104 and Identity provider 108 (IdP).
5 [0042] Key Generation: Each entity owns a FHE public and private key pair
(��, ��), for example user A has public and private key pair (���, ���).
[0043] At step 202 of method 200, the one or more hardware processors of the service provider 104 receives a service request from a user associated with a client machine. For example, the service request can be any web service requests.
10 [0044] At step 204 of the method 200, the one or more hardware processors
of the service provider 104 sends via the identity provider, an authentication request to the client machine 102 for the service request. The client machine 102 performs (i) capturing biometric data pertaining to the user using a biometric capturing device associated with the client machine 102 and (ii) generating an encrypted biometric
15 data associated with the user based on the captured biometric data using the FHE public key of the user, wherein the encrypted biometric data is transmitted to the identity provider 108 for authentication. For example, user � encrypts ��� using FHE publickey ��� to get ����(���) and transmits ����(���).
[0045] For example, the technique for capturing biometric data is explained
20 below. User captures his/her fingerprint using biometric reader. Fingerprint is captured with simulated data points representing the fingerprint's characteristics. An example fingerprint characteristics is given as [1,0,1,1,………………..1,0,1]. Further, minutiae points and ridge patterns are extracted from the fingerprint characteristics. An example set of minutiae points is given as [5, 4, 9, 32, 96, 12,
25 55, 7, 69, 36] and example ridge pattern is given as ['A', 'A', 'A', 'A', 'C, 'C, 'A', 'B', 'C, 'B', 'A', 'C, 'C, 'C, 'C, 'C, 'C, 'C, 'B', 'B', 'C, 'C, 'B', 'B', 'C, 'B', 'B', 'A', 'C, 'B', 'A', 'B', 'B', 'C, 'A', 'B', 'C, 'A', 'B', 'A', 'C, 'B', 'B', 'A', 'C, 'A', 'A', 'B', 'C, 'B', 'B', 'A', 'A', 'B', 'C, 'B', 'B', 'C, 'A', 'C, 'C, 'B', 'C, 'B', 'A', 'C, 'B', 'A', 'B', 'B', 'B', 'C, 'A', 'B', 'B', 'C, 'C, 'A', 'B', 'B', 'C, 'B', 'C, 'A', 'C, 'B', 'C, 'B', 'C, 'C, 'A', 'B', 'A',

'A', 'C, 'C, 'A', 'B', 'B', 'A']. Further, the extracted features (minutiae points and ridge patterns) are encoded into a sequence of 1s and 0s as given below. template1=000101000100010100001000100111000010100000000011010001100 10001100011101000011001010100101000010000000010110100 5 …………….(6)
The above encoded template 1 is further encrypted using FHE public key to get ����(���). The encrypted biometric data is transmitted to the identity provider 108 for authentication.
����(���) =
10 E(0001010001000101000010001001110000101000000000110100011001
0001100011101000011001010100101000010000000010110100) ……….
(7)
[0046] At step 206 of the method 200, the one or more hardware processors
15 of the service provider 104 transmits a secure nonce to the identity provider, wherein the transmitted secure nonce is received by the identity provider 108 post receiving the encrypted biometric data from the client machine. For example, the secure nonce is “1023”.
[0047] At step 208 of the method 200, the one or more hardware processors
20 of the service provider 104 receives a decrypted authentication result and an associated decrypted proof from the client machine, wherein the decrypted authentication result and the associated decrypted proof is generated by the client machine 102 based on an encrypted authentication result and an associated encrypted proof received from the identity provider.
25 [0048] The steps for computing the encrypted authentication result by the
identity provider 108 is explained as follows: Initially a similarity score is computed by comparing the encrypted biometric data with a plurality of biometric templates associated with a plurality of users captured and stored initially.
[0049] For example, the plurality of biometric templates are generated
30 during the biometric enrollment workflow (shown in FIG. 3A): The biometric enrollment includes the following steps.

1. Capture Biometric: The biometric reader on user’s side, captures biometric data.
2. Create Template: A biometric template is created from the captured biometric data for a user say user i, with features such as minutiae points, core and delta points, ridge shapes or patterns and so on. This biometric template is converted to
5 a fixed length binary string fi using spectral minutiae representation, a mathematical transformation applied to analyze the spatial relationships between the minutiae points.
3. Encrypt Template: �� is encrypted using FHE public key of user � to get ����(��).
4. Transfer Template: User sends ����(��) to the identity provider.
10 5. Store Template: Identity provider 108 stores ����(��) in a database.
[0050] The matching module on identity provider’s side compares the input
biometric ����(���) against the stored biometric ����(��) to produce a similarity
score ����(��), which is then compared to a encrypted threshold ����(�) to produce
match or non-match decision (authentication result) ����(������) which can be
15 either ����(0)/ ����(1).
[0051] Further, the associated encrypted proof is generated for the
encrypted authentication result ����(������) as shown in equation (8) and an
example is shown in equation (9), wherein the encrypted authentication result and
the associated encrypted proof are transmitted to the client machine 102 by the
20 identity provider 108.
����(���) = Hom HMAC(����(������),���� (N))…………(8) ����(���) = ���_����(����(������,�(1023)) = �(�011���3�75��6600�2362�1�2�46�53��1���28) ……(9) [0052] At step 210 of the method 200, the one or more hardware processors 25 of the service provider 104 re-computes, an authentication tag based on the received decrypted authentication result and the secret nonce as given in equation (10) an a corresponding example is given in equation (11).
���� = ����(������,�) ………………….(10)
���1= ����(1,1023) =
30 �011���3�75��6600�2362�1�2�46�53��1���28 ……..(11)

[0053] At step 212 of the method 200, the one or more hardware processors of the service provider 104 provides service to the client machine, provides service, only if the re-computed authentication tag matches with the associated decrypted proof. For example, tag1 is compared with tag to get: 5 (�011���3�75��6600�2362�1�2�46�53��1���28 == �011���3�75��6600�2362�1�2�46�53��1���28) = 1 (���ℎ���������� ������� ).
Since, comparison result is 1, the user is granted access to the requested service. If comparison result is 0, the user is denied access to the requested service.
10 [0054] FIG. 3B illustrates an activity diagram illustrating the method for the
biometric single sign-on authentication via homomorphic HMAC, in accordance with some embodiments of the present disclosure. Now referring to FIG. 3B, when the user initiates an authentication request to access an application or service provided by the service provider, the service provider 104 redirects to identity
15 provider. If the user is not already authenticated, the service provider 104 redirects the user to the identity provider 108 for authentication. Further, user captures and encrypts his/her biometrics using homomorphic HMAC, creates ciphertext. User submits his/her encrypted biometrics to the identity provider 108 for authentication. The identity provider 108 uses template matching algorithms to compare the user
20 submitted encrypted biometrics (fingerprint, iris) with stored templates. The identity provider 108 then transmits authentication result and the corresponding proof of authentication to the client machine 102. The client machine 102 decrypts the authentication result and proof and transmits it to the service provider 104. Further, the service provider 104 re-computes the authentication tag based on the
25 received decrypted authentication result and the secret nonce. Finally, the service provider 104 provides the requested service to the client machine 102, only if the re-computed authentication tag matches with the associated decrypted proof.
[0055] Some of the compelling use cases of the present disclosure are as follows: (i) Biometric wearables such as smartwatches or fitness bands that can
30 capture biometric data for authentication purposes (ii) IoT devices, such as smart locks or connected vehicles, can utilize biometric authentication to ensure secure

access (iii) Healthcare industry can utilize biometric authentication to secure and
efficient access to patient records and healthcare systems. Using biometric SSO
healthcare providers can enable quick and secure authentication for accessing
electronic health records (EHR) systems, medication administration platforms, and
5 other healthcare applications. This ensures that patient biometric information
remains confidential and (iv) Government applications: Government utilizes biometric authentication in border control systems, law enforcement applications, and various government portals.
[0056] The written description describes the subject matter herein to enable
10 any person skilled in the art to make and use the embodiments. The scope of the
subject matter embodiments is defined by the claims and may include other modifications that occur to those skilled in the art. Such other modifications are intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent
15 elements with insubstantial differences from the literal language of the claims.
[0057] The embodiments of present disclosure herein address the unresolved problem of biometric single sign-on authentication via homomorphic hash based message authentication code. The present disclosure can authenticate a user without revealing his/her biometric information to a third-party identity
20 provider. This is obtained by encrypted biometrics leverage FHE for encrypting
biometric data stored at identity provider. Further, verification using encrypted biometrics leverage FHE for biometric template comparison and matching at identity provider 108 directly using encrypted data - authentication result is also in encrypted form. Finally, trusted decryption leverages Homomorphic HMAC based
25 on FHE for enhanced trust in the decrypted authentication result provided by the
user.
[0058] It is to be understood that the scope of the protection is extended to such a program and in addition to a computer-readable means having a message therein such computer-readable storage means contain program-code means for
30 implementation of one or more steps of the method when the program runs on a
server or mobile device or any suitable programmable device. The hardware device

can be any kind of device which can be programmed including e.g. any kind of
computer like a server or a personal computer, or the like, or any combination
thereof. The device may also include means which could be e.g. hardware means
like e.g. an application-specific integrated circuit (ASIC), a field-programmable
5 gate array (FPGA), or a combination of hardware and software means, e.g. an ASIC
and an FPGA, or at least one microprocessor and at least one memory with software modules located therein. Thus, the means can include both hardware means and software means. The method embodiments described herein could be implemented in hardware and software. The device may also include software means.
10 Alternatively, the embodiments may be implemented on different hardware
devices, e.g. using a plurality of CPUs, GPUs and edge computing devices.
[0059] The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by
15 various modules described herein may be implemented in other modules or
combinations of other modules. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The illustrated steps are set
20 out to explain the exemplary embodiments shown, and it should be anticipated that
ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description.
25 Alternative boundaries can be defined so long as the specified functions and
relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed
30 embodiments. Also, the words “comprising,” “having,” “containing,” and
“including,” and other similar forms are intended to be equivalent in meaning and

be open ended in that an item or items following any one of these words is not
meant to be an exhaustive listing of such item or items, or meant to be limited to
only the listed item or items. It must also be noted that as used herein and in the
appended claims, the singular forms “a,” “an,” and “the” include plural references
5 unless the context clearly dictates otherwise. Furthermore, one or more computer-
readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for
10 execution by one or more processors, including instructions for causing the
processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e. non-transitory. Examples include random access memory (RAM), read-only memory (ROM),
15 volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives,
disks, and any other known physical storage media.
[0060] It is intended that the disclosure and examples be considered as exemplary only, with a true scope of disclosed embodiments being indicated by the following claims.

WE CLAIM:
1. A processor implemented method (200), the method comprising:
receiving (202), by one or more hardware processors of a service
5 provider, a service request from a user associated with a client machine;
sending (204), by the one or more hardware processors of the service
provider via an identity provider, an authentication request to the client
machine for the service request, wherein the client machine performs (i)
capturing a biometric data pertaining to the user using a biometric capturing
10 device associated with the client machine, and (ii) generating an encrypted
biometric data associated with the user based on the captured biometric data using a Fully Homomorphic Encryption (FHE) public key of the user, wherein the encrypted biometric data is transmitted to the identity provider for authentication;
15 transmitting (206), by the one or more hardware processors of the
service provider, a secure nonce to the identity provider, wherein the transmitted secure nonce is received by the identity provider post receiving the encrypted biometric data from the client machine;
receiving (208), by the one or more hardware processors of the
20 service provider, a decrypted authentication result and an associated
decrypted proof from the client machine, wherein the decrypted
authentication result and the associated decrypted proof are generated by
the client machine based on an encrypted authentication result and an
associated encrypted proof received from the identity provider, and wherein
25 the encrypted authentication result is computed by the identity provider by:
computing a similarity score by comparing the encrypted biometric data with a plurality of biometric templates associated with a plurality of users pre captured and stored;

obtaining an encrypted authentication result by comparing the similarity score with a pre-defined encrypted threshold, wherein the encrypted authentication result is one of, (i) a match and (ii) a non-match; and
5 generating the associated encrypted proof for the
encrypted authentication result, wherein the encrypted authentication result and the associated encrypted proof are transmitted to the client machine by the identity provider;
re-computing (210), by the one or more hardware processors of the
10 service provider, an authentication tag based on the received decrypted
authentication result and the secret nonce; and
providing service (212), by the one or more hardware processors of the service provider to the client machine, if the re-computed authentication tag matches with the associated decrypted proof.
15 2. The method as claimed in claim 1, wherein generating the encrypted
biometric data associated with the user based on the captured biometric data using the FHE public key of the user comprises:
generating a biometric template pertaining to the user comprising a
plurality of biometric features based the captured biometric data, wherein
20 the plurality of biometric features comprises a plurality of minutiae points,
a plurality of core points, a plurality of delta points and a plurality of ridge
shapes;
generating a biometric string pertaining to the user by converting the
biometric template associated with the user into a fixed length binary string
25 using spectral minutiae transformation technique; and
encrypting the biometric string using the FHE public key of the user to obtain the encrypted biometric data.

3. A system (100) comprising:
A plurality of client machines (102A through 102N), an identity provider
(108) and a service provider (104), wherein the service provider (104), the
plurality of client machines (102A through 102N) and the identity provider
5 (108) comprises at least one memory storing programmed instructions; one
or more Input /Output (I/O) interfaces; and one or more hardware processors
of the service provider (108), the plurality of client machines (102A through
102N) and the identity provider (108) are operatively coupled to a
corresponding at least one memory, wherein the system is configured to:
10 receive, by a service provider, a service request from a user
associated with a client machine;
send, by the service provider via an identity provider, an
authentication request to the client machine for the service request, wherein
the client machine performs (i) capturing a biometric data pertaining to the
15 user using a biometric capturing device associated with the client machine,
and (ii) generating an encrypted biometric data associated with the user based on the captured biometric data using a Fully Homomorphic Encryption (FHE) public key of the user, wherein the encrypted biometric data is transmitted to the identity provider for authentication;
20 transmit, by the service provider, a secure nonce to the identity
provider, wherein the transmitted secure nonce is received by the identity provider post receiving the encrypted biometric data from the client machine;
receive, by the service provider, a decrypted authentication result
25 and an associated decrypted proof from the client machine, wherein the
decrypted authentication result and the associated decrypted proof are
generated by the client machine based on an encrypted authentication result
and an associated encrypted proof received from the identity provider, and

wherein the encrypted authentication result is computed by the identity provider by:
computing a similarity score by comparing the
encrypted biometric data with a plurality of biometric
5 templates associated with a plurality of users pre captured
and stored;
obtaining an encrypted authentication result by
comparing the similarity score with a pre-defined encrypted
threshold, wherein the encrypted authentication result is one
10 of, (i) a match and (ii) a non-match; and
generating the associated encrypted proof for the encrypted authentication result, wherein the encrypted authentication result and the associated encrypted proof are transmitted to the client machine by the identity provider;
15 re-compute, by service provider, an authentication tag based on the
received decrypted authentication result and the secret nonce; and
provide service, by the service provider to the client machine, if the re-computed authentication tag matches with the associated decrypted proof.
20 4. The system of claim 3, wherein generating the encrypted biometric data
associated with the user based on the captured biometric data using the FHE public key of the user comprises:
generating a biometric template pertaining to the user comprising a
plurality of biometric features based the captured biometric data, wherein
25 the plurality of biometric features comprises a plurality of minutiae points,
a plurality of core points, a plurality of delta points and a plurality of ridge
shapes;

generating a biometric string pertaining to the user by converting the biometric template associated with the user into a fixed length binary string using spectral minutiae transformation technique; and
encrypting the biometric string using the FHE public key of the user
5 to obtain the encrypted biometric data.
Dated this 10th Day of May 2024
Tata Consultancy Services Limited
10 By their Agent & Attorney