Claims:
We Claim:

1. A method for enabling user access to a secured system (102), comprising:
receiving a transaction request by a plurality of nodes (122A-N) in a blockchain network (104) from a user device (118A) associated with a user for enabling user access to the secured system (102), wherein the transaction request comprises a public key and an encrypted hash associated with a reference biometric template of the user generated during initial registration of the user with the blockchain network (104), wherein the public key and the encrypted hash are stored in the user device (118A), and wherein the reference biometric template is stored in an interplanetary file system (126) operatively coupled to the blockchain network (104);
decrypting the encrypted hash by the plurality of nodes (122A-N) using the public key;
comparing the decrypted hash with a reference hash of the reference biometric template generated during initial registration of the user with the blockchain network (104) and stored in the plurality of nodes (122A-N);
transmitting the reference biometric template of the user stored in the interplanetary file system (126) to the secured system (102) upon identifying a match between the decrypted hash and the reference hash;
capturing at least one biometric parameter of the user by a biometric sensor (130B) associated with the secured system (102) and generating a corresponding test biometric template from the captured biometric parameter using a machine learning system (132); and

successfully authenticating the user and further enabling the user to access the secured system (102) upon determining that the reference biometric template matches the test biometric template of the user.

2. The method as claimed in claim 1, wherein the reference biometric template of the user corresponds to a reference facial template of the user, and wherein initial registration of the user with the blockchain network (104) comprises:
capturing a facial image of the user using a camera (134) associated with the user device (118A);
extracting one or more facial features from the captured image and generating the reference facial template that is unique to the user based on the extracted facial features using the machine learning system (132) that is operatively coupled to both of the secured system (102) and the user device (118A);
transmitting user related information comprising the reference facial template from the user device (118A) to the interplanetary file system (126); and
storing the reference facial template in the interplanetary file system (126), wherein the interplanetary file system (126) generates the reference hash upon storing the reference facial template in the interplanetary file system (126).

3. The method as claimed in claim 2, wherein initial registration of the user with the blockchain network (104) further comprises:
transmitting one copy of the reference hash to the plurality of nodes (122A-N) and another copy of the reference hash to the user device (118A) by the interplanetary file system (126);
storing the reference hash in a database (124) associated with each of the plurality of nodes (122A-N) upon receiving the reference hash from the interplanetary file system (126);
generating a pair of cryptographic keys comprising the public key and a private key by the user device (118A) upon receiving the reference hash from the interplanetary file system (126); and
encrypting the reference hash of the reference facial template using the private key to obtain the encrypted hash of the reference facial template and storing the encrypted hash of the reference facial template in the user device (118A).

4. The method as claimed in claim 3, wherein the transaction request received by the plurality of nodes (122A-N) comprises one or more of a transaction identifier, an identification number associated with the user, a name of the user, the public key, the encrypted hash of the reference facial template, and an associated timestamp.

5. The method as claimed in claim 4, further comprising extracting one or more facial features from the biometric parameter of the user captured using the biometric sensor (130B) and generating the test facial template based on the extracted facial features using the machine learning system (132) communicatively coupled to the secured system (102) for authenticating the user.

6. The method as claimed in claim 5, wherein each of the reference facial template and the test facial template comprises one or more feature vectors comprising mathematical ratios derived from the extracted facial features, the extracted facial features comprising the height of a face of the user, the width of the face, a ratio between the height of the face and the width of the face, the width of lips of the user, the height of the lips, the width of a nose of the user, the height of the nose, the width of eyes of the user, and the height of the eyes.

7. An access control system (100), comprising:
a blockchain network (104) comprising a plurality of nodes (122A-N);
an interplanetary file system (126) that is operatively coupled to the plurality of nodes (122A-N) via a communications network (106), wherein the interplanetary file system (126) is configured to:
receive and store a reference biometric template from a user device (118A) associated with a user during initial registration of the user with the blockchain network (104);
generate a reference hash of the reference biometric template upon storing the reference biometric template in the interplanetary file system (126);
transmit one copy of the reference hash to the user device (118A) and another copy of the reference hash to the plurality of nodes (122A-N) during initial registration of the user;
wherein one or more of the plurality of nodes (122A-N) are configured to:
receive a transaction request from the user device (118A) for enabling user access to a secured system (102) post initial registration of the user with the blockchain network (104), wherein the user device (118A) is configured to generate the transaction request comprising a public key and an encrypted hash associated with the reference biometric template, wherein the public key and the encrypted hash are stored in the user device (118A);
decrypt the encrypted hash based on the public key included in the transaction request;
compare the decrypted hash with the reference hash generated during initial registration of the user with the blockchain network (104);
transmit the reference biometric template of the user stored in the interplanetary file system (126) to the secured system (102) upon identifying a match between the decrypted hash and the reference hash;
wherein the secured system (102) comprises:
a biometric sensor (130B) that captures at least one biometric parameter of the user; and
a processing device (128) that generates a corresponding test biometric template from the captured biometric parameter using a machine learning system (132) that is operatively coupled to the secured system (102) and the user device (118A), and wherein the processing device (128) successfully authenticates the user and further enables the user to access the secured system (102) upon determining that the reference biometric template matches the test biometric template of the user.

8. The access control system (100) of claim 7, wherein the biometric sensor (130B) comprises one or more of a camera, an iris scanner, a fingerprint scanner, a vital parameters monitor, and an audio processing device.

9. The access control system (100) of claim 7, wherein the user device (118A) is configured to generate a pair of cryptographic keys comprising the public key and a private key upon receiving the reference hash from the interplanetary file system (126), and is further configured to encrypt the reference hash using the private key to obtain the encrypted hash.

10. The access control system (100) of claim 7, wherein the secured system (102) comprises one or more of an elevator system (108), an autonomous vehicle system, a workplace, a manufacturing unit, a laboratory, a defense establishment, a banking system, and a polling system.

, Description:

BACKGROUND

[0001] Embodiments of the present specification relate generally to systems and methods for authenticating users. More particularly, the present specification relates to blockchain-based security systems and associated methods.
[0002] Authentication refers to an act by which a user validates himself or herself by providing unique identification information associated with the user. For example, the user may authenticate himself or herself using unique identity including one or more of a login password, a one-time-password, and biometric data such as facial data, fingerprint data, and voice data. Conventionally, authentication of the user occurs in two phases including a registration phase and an authentication phase.
[0003] In the registration phase, the user provides a unique identity to enroll him or her as a part of a secured system. Once registration of the user is complete, in the authentication phase, the secured system validates an identity of the user by comparing the unique identity provided at the registration phase with the unique identity provided during the authentication. Further, the secured system allows the user to access the secured system only if the unique identity provided at the registration phase matches the unique identity provided during subsequent authentication.
[0004] Passwords are the most common form of authentication used as they are simple, inexpensive, and convenient to use and implement. However, password-based authentication systems may not prevent third parties from accessing users’ information if the passwords set by the users are not strong enough. Conventionally, the password-based authentication systems are implemented as a centralized system that stores user names and passwords of various users in a single place. If such a centralized system were compromised, attackers would have access to passwords associated with accounts of various users registered with the centralized system, which may create security complications, for example, unauthorized entries into secured premises, security breaches, fraudulent transactions, loss of personal information, loss of confidential information, etc.
[0005] Unlike password-based authentication systems, biometric authentication systems may provide better security as such systems authenticate users based on their unique biological characteristics. However, most often, the collected users’ biometric information are also stored in a centralized system that may be compromised, as noted previously. For example, attackers may steal users biometric data stored in the centralized system and use the stolen biometric data for entering into secured premises fraudulently. Hence, there is a need for an improved system and method for authenticating users and enabling users access to secured systems without storing unique identities of the users in a centralized system.

BRIEF DESCRIPTION

[0006] It is an objective of the present disclosure to provide a method for enabling user access to a secured system. The method includes receiving a transaction request by a plurality of nodes in a blockchain network from a user device associated with a user for enabling user access to the secured system. The transaction request includes a public key and an encrypted hash associated with a reference biometric template of the user generated during initial registration of the user with the blockchain network. The public key and the encrypted hash are stored in the user device. The reference biometric template is stored in an interplanetary file system operatively coupled to the blockchain network.
[0007] The encrypted hash by the plurality of nodes is decrypted using the public key. The decrypted hash is compared with a reference hash of the reference biometric template generated during initial registration of the user with the blockchain network and stored in the plurality of nodes. The reference biometric template of the user stored in the interplanetary file system is transmitted to the secured system upon identifying a match between the decrypted hash and the reference hash. A biometric sensor associated with the secured system captures at least one biometric parameter of the user. A corresponding test biometric template is generated from the captured biometric parameter using a machine learning system. The user is successfully authenticated and is further enabled to access the secured system upon determining that the reference biometric template matches the test biometric template of the user.
[0008] The reference biometric template of the user corresponds to a reference facial template of the user. The initial registration of the user with the blockchain network includes capturing a facial image of the user using a camera associated with the user device. One or more facial features are extracted from the captured image and the reference facial template that is unique to the user is generated based on the extracted facial features using the machine learning system that is operatively coupled to both of the secured system and the user device. User related information including the reference facial template is transmitted from the user device to the interplanetary file system.
[0009] The reference facial template is stored in the interplanetary file system. The interplanetary file system generates the reference hash upon storing the reference facial template in the interplanetary file system. The initial registration of the user with the blockchain network further includes transmitting one copy of the reference hash to the plurality of nodes and another copy of the reference hash to the user device by the interplanetary file system. The reference hash is stored in a database associated with each of the plurality of nodes upon receiving the reference hash from the interplanetary file system. The user device generates a pair of cryptographic keys including the public key and a private key upon receiving the reference hash from the interplanetary file system.
[0010] The reference hash of the reference facial template is encrypted using the private key to obtain the encrypted hash of the reference facial template and the encrypted hash of the reference facial template is stored in the user device. The transaction request received by the plurality of nodes includes one or more of a transaction identifier, an identification number associated with the user, a name of the user, the public key, the encrypted hash of the reference facial template, and an associated timestamp. One or more facial features are extracted from the biometric parameter of the user captured using the biometric sensor. Test facial template is generated based on the extracted facial features using the machine learning system communicatively coupled to the secured system for authenticating the user.
[0011] Each of the reference facial template and the test facial template includes one or more feature vectors including mathematical ratios derived from the extracted facial features. The extracted facial features including the height of a face of the user, the width of the face, a ratio between the height of the face and the width of the face, the width of lips of the user. The extracted facial features further include the height of the lips, the width of a nose of the user, the height of the nose, the width of eyes of the user, and the height of the eyes.
[0012] It is another objective of the present disclosure to provide an access control system. The access control system includes a blockchain network including a plurality of nodes, an interplanetary file system that is operatively coupled to the plurality of nodes via a communications network. The interplanetary file system is configured to receive and store a reference biometric template from a user device associated with a user during initial registration of the user with the blockchain network. The interplanetary file system generates a reference hash of the reference biometric template upon storing the reference biometric template in the interplanetary file system.
[0013] The interplanetary file system transmits one copy of the reference hash to the user device and another copy of the reference hash to the plurality of nodes during initial registration of the user. One or more of the plurality of nodes are configured to receive a transaction request from the user device for enabling user access to a secured system post initial registration of the user with the blockchain network. The user device is configured to generate the transaction request comprising a public key and an encrypted hash associated with the reference biometric template. The public key and the encrypted hash are stored in the user device. The encrypted hash is decrypted based on the public key included in the transaction request. The decrypted hash is compared with the reference hash generated during initial registration of the user with the blockchain network.
[0014] The reference biometric template of the user stored in the interplanetary file system is transmitted to the secured system upon identifying a match between the decrypted hash and the reference hash. The secured system includes a processing device and a biometric sensor that captures at least one biometric parameter of the user. The processing device generates a corresponding test biometric template from the captured biometric parameter using a machine learning system that is operatively coupled to the secured system and the user device. The processing device successfully authenticates the user and further enables the user to access the secured system upon determining that the reference biometric template matches the test biometric template of the user.
[0015] According to an aspect of the present disclosure, the biometric sensor comprises one or more of a camera, an iris scanner, a fingerprint scanner, a vital parameters monitor, and an audio processing device.
[0016] The user device is configured to generate a pair of cryptographic keys including the public key and a private key upon receiving the reference hash from the interplanetary file system. The user device is further configured to encrypt the reference hash using the private key to obtain the encrypted hash. The secured system includes one or more of an elevator system, an autonomous vehicle system, a workplace, a manufacturing unit, a laboratory, a defense establishment, a banking system, and a polling system.

DRAWINGS

[0017] These and other features, aspects, and advantages of the claimed subject matter will become better understood when the following detailed description is read with reference to the accompanying drawings in which like characters represent like parts throughout the drawings, wherein:
[0018] FIG. 1 is a block diagram illustrating an exemplary access control system, in accordance with aspects of the present disclosure;
[0019] FIG. 2 is a flow diagram illustrating an exemplary method for a registering one or more users with a blockchain network associated with the access control system of FIG. 1, in accordance with aspects of the present disclosure; and
[0020] FIGS. 3A-B are flow diagrams illustrating an exemplary method for authenticating one or more users for providing access to a secured system using the access control system of FIG. 1, in accordance with aspects of the present disclosure.

DETAILED DESCRIPTION

[0021] The following description presents an exemplary system and method for authenticating users based on their biometric templates generated from their biometric information. Particularly, the embodiments presented herein describe an access control system that authenticates users based on their biometric templates and enables user to access a secured system based on their authentication. As used herein, the term “biometric template” refers to one or more feature vectors including mathematical values derived from one or more biometric parameters corresponding to a user.
[0022] For example, when using a facial image of the user for authentication, a “biometric parameter” of the user may include lips, nose, eyes, color of a face of the user, presence or absence of facial hair, presence or absence of a mole. Mathematical values derived from the extracted biometric parameters include, but are not limited to, the height of the face, the width of the face, a ratio between the height and the width of the face, the height and/or width of the lips, the height and/or width of the nose. The derived mathematical values may also include the height and/or width of the eyes, and red, green, and blue (RGB) values that represent color of the face. The biometric template is generated from the derived mathematical values using a machine learning system, as described with reference to FIG. 1. It may be noted that the machine learning system allows for generation of a unique biometric template for each user, which in turn, is used by the access control system to authenticate the user.
[0023] In order to authenticate a user, the access control system further includes a blockchain network that receives a transaction request for accessing the secured system from a user device associated with the user. This blockchain network performs a first level user authentication by validating the transaction request. The blockchain network validates the transaction request using a signed hash of a reference biometric template included in the transaction request and a reference hash of the reference biometric template stored previously in a database associated with the blockchain network.
[0024] The blockchain network further transmits the reference biometric template stored in an associated interplanetary file system to the secured system when a match is identified between the signed hash and the reference hash for enabling the secured system to perform a second level user authentication. The secured system performs the second level user authentication by comparing the reference biometric template received from the interplanetary file system with a test biometric template generated in near real-time from biometric parameter captured using a biometric sensor associated with the secured system. The secured system authenticates the user when the match is identified between the reference biometric template and the test biometric template generated in near real-time, and allows the user to access the secured system.
[0025] Unlike existing approaches that use a centralized system for storing unique identities associated with users such as passwords and biometric data, which if compromised, could create multiple complications such as unauthorized entries into secured premises, fraudulent transactions, loss of personal data, and loss of confidential data. The access control system of the present disclosure uses a decentralized blockchain network for authenticating users. The decentralized blockchain network includes multiple nodes having the same copy of distributed ledgers for maintaining past transactions. When a malicious entity attacks one or more nodes in the blockchain network, for example, by altering transaction data in the compromised nodes, the blockchain-based access control system enables the other nodes in the blockchain network to effectively identify and report such malicious activity to concerned authorities or systems.
[0026] Further, certain existing systems authenticate users based on their biometric parameters. Such biometric parameters-based authentication systems may not provide accurate results and accuracy may vary according to environmental conditions. For example, a user may enroll at a vehicle-driving license issuing authority with a facial image taken at an indoor environment. Subsequently, if a verification attempt occurs at an outdoor environment, existing biometrics-based authentication systems may not be able identify the user accurately every time as the lighting conditions used for capturing the facial image during enrollment may be different from the lighting conditions used for capturing the facial image during verification.
[0027] Further, pixels associated with the enrollment facial image may vary from pixels associated with the verification facial image at one or more locations unless both facial images are taken under substantially the same lighting conditions, which causes existing biometrics-based authentication systems to inaccurately verify the user. However, the access control system of the present disclosure authenticates users based on their biometric templates, for example, based on their facial templates that would not vary with environmental conditions.
[0028] It may be noted that embodiments of the present access control system may be used, for example, for authenticating and authorizing users to access a secured system based on successful authentication. Examples of the secured system include, but are not limited to, an elevator system, an autonomous vehicle system, a polling system, a workplace, a manufacturing unit, a laboratory, a defense establishment, and a banking system. For example, the access control system receives a transaction request related to an elevator call from a user device associated with a user. The access control system verifies the transaction request, authenticates the user based on a stored reference biometric template and a test biometric template generated in near real-time from one or more biometric parameters captured using a biometric sensor deployed in the vicinity of an elevator. The access control system allows the user to enter into the elevator only after successful authentication of the user.
[0029] In another example involving autonomous taxi vehicles, the access control system authenticates a registered taxi requester before he or she enters into a taxi based on a stored reference biometric template of the requester and a test biometric template generated in near real-time from a biometric parameter of the user captured using a biometric sensor deployed in the taxi. The access control system allows the taxi requester to ride only after successful authentication of the taxi requester.
[0030] In yet another example, the access control system can be used for authenticating users during elections. The access control system receives reference facial templates of registered voters and stores the reference facial templates in the interplanetary file system associated with the blockchain network. During elections, cameras deployed at polling venues capture facial images of registered voters physically present at corresponding venues for casting their votes. The access control system generates test facial templates of the registered voters from the captured images and compares the stored reference facial templates with the generated test facial templates for authenticating the voters. The access control system enables the registered voters to cast their votes only after successful authentication of the voters.
[0031] In another instance, the access control system can also be used for authenticating bank customers who perform high value transactions above a designated limit. The access control system automatically transmits a transaction request to the blockchain network When a customer enters a transaction value that exceeds the designated limit. The blockchain network receives the transaction request, and authenticates the customer based on a signed hash of a reference biometric template of the customer included in the transaction request and a reference hash stored in the blockchain network. The access control system enables the customer to perform the intended transaction only after successful authentication of the customer. Although, the present access control system may be implemented in various types of secured systems, for clarity, the present disclosure describes an embodiment of the access control system implemented with respect to a secured elevator system.
[0032] FIG. 1 is a block diagram illustrating an exemplary access control system (100) for enabling authorized access to a secured system (102), in accordance with aspects of the present disclosure. In one embodiment, the access control system (100) includes a blockchain network (104) that is operatively coupled to the secured system (102) via a communications network (106). In one embodiment, the secured system (102) corresponds to an elevator system (108) installed at a premises (110). For example, the secured system (102) includes the elevator system (108) installed at a multi storied research facility, a residential building, a commercial building such as a mall, a business center such as an office or a restaurant, a public gathering center such as a railway station or an airport, or a private center such as a medical center.
[0033] In certain embodiments, the elevator system (108) includes one or more elevators serving different floors of the premises (110). For the sake of simplicity, FIG. 1 depicts an exemplary elevator system (108) that includes a first elevator (112A) and a second elevator (112B) that serve different floors of the premises (110), for example, a ground floor (114A) and a first floor (114B). Though FIG. 1 depicts only two elevators (112A-B) that serve the two floors (114A-B), it is to be understood that the elevator system (108) can have any number of elevators deployed at one or more locations within the premises (110) and serving any number of floors.
[0034] In one embodiment, the access control system (100) allows one or more users (116A-N) to request and reserve their places in the elevators (112A-B) using their associated user devices (118A-N). Further, the access control system (100) authenticates the users (116A-N) based on their biometric templates before they enter into requested elevators (112A-B). In addition, the access control system (100) restricts unauthenticated persons such as trespassers or unauthorized persons from accessing access the elevators (112A-B) to restrict their access to the premises (110).
[0035] In certain embodiments, the access control system (100) processes an elevator request received from a designated user device (118A) associated with a user (116A) to authenticate the user (116A) for providing user access to the elevator system (108). It is to be understood that the access control system (100) similarly processes elevator requests received from other user devices associated with other users and authenticates other users for providing them access to the elevator system (108).
[0036] For requesting an elevator service, the user device (118A) associated with the user (116A) includes an elevator application (120). Examples of the user devices (118A-N) include mobile phones, smart watches, laptops, desktop computers, and tablets. One or more graphical user interfaces associated with the elevator application (120) may provide information including availability of each of the elevators (112A-B) for serving call requests, expected arrival time of the elevators (112A-B) to designated floors (114A-B), etc. Further, one or more graphical user interfaces associated with the elevator application (120) may also provide user selectable options including one or more of an option to select an originating floor, an option to select a destination floor, and an option to select a designated elevator from the elevators (112A-B).
[0037] In one embodiment, the elevator application (120) automatically generates a transaction request based on an input from the user (116A) including a selection of the designated elevator, for example, an elevator (112A). The transaction request, thus generated, includes an identifier associated with the selected elevator (112A), a signed hash of a reference biometric template of the user (116A) and a public key of the user (116A) that are generated during first time registration of the user (116A) with the blockchain network (104), as described subsequently in detail with reference to FIG. 2.
[0038] Further, the user device (118A) communicates the generated transaction request to the blockchain network (104) via the communications network (106). Examples of the communications network (106) include, but are not limited to, a Wi-Fi network, a Bluetooth network, an Ethernet, and a cellular data network. In one embodiment, the blockchain network (104) includes a plurality of nodes (122A-N) that receive the transaction request from the user device (118A) and validate the transaction request.
[0039] In certain embodiments, the plurality of nodes (122A-N) associated with the blockchain network (104) are processor enabled computing systems. In one embodiment, the plurality of nodes (122A-N) reside within the premises (110). Alternatively, the plurality of nodes (122A-N) may be deployed remotely from the premises (110). Upon receiving the transaction request, the blockchain network (104) performs a first level user authentication by enabling each of the plurality of nodes (122A-N) to decrypt the signed hash of the reference biometric template of the user (116A) using the public key of the user (116A). Further, during the first level user authentication, each of the plurality of nodes (122A-N) compares the decrypted hash of the reference biometric template with a reference hash of the reference biometric template of the user (116A) stored in an associated database (124).
[0040] The plurality of nodes (122A-N) successfully validates the transaction request only if the decrypted hash of the reference biometric template matches with the reference hash of the reference biometric template. The first level user authentication entailing a comparison of two different hashes is simple, fast, secure, and computationally less intensive, leading to faster access to the secured system (102) when compared to a complicated comparison of facial images by conventional biometric authentication systems. Additionally, the blockchain network (104) can easily identify a compromised user device during the first level user authentication itself by monitoring transaction requests that result in a mismatch between the hashes.
[0041] Further, a designated node selected from the plurality of nodes (122A-N) retrieves the reference biometric template of the user (116A) stored in an interplanetary file system (126) post validating the transaction request for initiating the second level user authentication. The designated node communicates the reference biometric template to a processing device (128) associated with the designated elevator (112A), as described in detail with reference to FIGS. 3A-B.
[0042] In one embodiment, each of the elevators (112A-B) in the elevator system (108) includes corresponding biometric sensors (130A-D) coupled to the processing device (128). Examples of the processing device (128) include, but are not limited to, mobile phones, laptops, desktop computers, tablets, cloud-based processing systems, and cloud computing processors. Examples of the biometric sensors (130A-D) include one or more of a camera, a fingerprint reader, an iris recognition sensor, a voice recognition sensor, and a signature verification sensor. In FIG. 1, the floor (114A) is depicted as having two biometric sensors (130A-B) and the floor (114B) is depicted as having another two biometric sensors (130C-D). However, it is to be understood that each of the floors (114A-B) can have any number of biometric sensors. For example, the floor (114A) may have only one biometric sensor, for example, a camera whose field of view is configured such that the camera covers the entire floor (114A).
[0043] Similarly, the floors (114A-B) may have any number of processing devices. For example, the floor (114A) may have multiple processing devices instead of having only one processing device (128). Hence, it is to be understood that there are no limitations on a number of processing devices, number of biometric sensors, or types of biometric sensors deployed within the premises (110) for authenticating the users (116A-N).
[0044] In one embodiment, a processing device (128) associated with the designated elevator (112A) receives the reference biometric template of the user (116A) from the blockchain network (104) and performs a second level user authentication. In the second level user authentication, the processing device (128) compares the reference biometric template of the user (116A) with a test biometric template generated in near real-time. For generating the test biometric template, the processing device (128) directs the biometric sensor (130A) to capture biometric data of the user (116A) who is physically present in the vicinity of the designated elevator (112A) for boarding into the designated elevator (112A).
[0045] The biometric data of the user (116A) captured using the biometric sensor (130A) is then transmitted back to the processing device (128). The processing device (128) then generates the test biometric template of the user (116A) in near-real time from the captured biometric data using a machine learning system (132) operatively coupled to the processing device (128).
[0046] In one embodiment, the machine learning system (132) is operatively coupled to both of the processing device (128) associated with the elevator system (108) and the user device (118A). Examples of the machine learning system (132) include support vector machines, Bayesian networks, and artificial neural networks such as convolutional neural networks and recurrent neural networks. In certain embodiments, the machine learning system (132) may be implemented as a supervised learning system or an unsupervised learning system for enabling generation of both of the reference and test biometric templates from the captured biometric data of the user (116A).
[0047] For example, the machine learning system (132) is configured to enable generation of facial templates including a reference facial template and/or a test facial template of the user (116A) from a captured facial image of the user (116A). To that end, the machine learning system (132) is pre-trained with a set of reference facial images. During a training phase, the machine learning system (132) learns patterns associated with various facial features such as eyes, nose, lips, cheekbones, and jaw from each of the set of reference facial images. Additionally, the machine learning system (132) learns relative position and size of the facial features such as the height and width of the face, a ratio between the height of the face and the width of the face, the width and height of lips, the width and height of nose, the width and height of eyes from each of the reference facial images. Further, the machine learning system (132) learns other types of facial features including RGB values that represent an average color of the face, presence of facial hair, etc. The machine learning system (132) then stores facial features learnt from the set of reference images in an associated database (not shown in FIGS) at the completion of the training phase.
[0048] Post completion of the training phase, the machine learning system (132) shares the learnt patterns with both the processing device (128) associated with the elevator system (108) and the user device (118A). The machine learning system (132) coupled to the user device (118A) generates a reference facial template of the user (116A) from one or more associated facial images during initial registration of the user (116A) with the blockchain network (104). Additionally, the machine learning system (132) coupled to the processing device (128) generates a test facial template of the user (116A) from one or more facial images captured using a biometric sensor deployed in the elevator system (108) during a subsequent authentication of the user (116A).
[0049] In certain embodiments, the machine learning system (132) receives one or more facial images of the user (116A) as input for generating the corresponding reference and/or test facial template. The machine learning system (132) extracts facial features from the received facial images based on previously learnt patterns. Examples of the extracted facial features include face, lips, nose, and eyes. The machine learning system (132) also classifies the extracted facial features based on their associated patterns learnt previously. Additionally, the machine learning system (132) generates mathematical values associated with the extracted facial features, for example, the height of the face corresponding to 22.1 centimeter (cm), the width of the face corresponding to 14.8 cm, and a ratio between height and width of the face corresponding to 1.49 based on a relative position and size of the extracted facial features.
[0050] The machine learning system (132) also determines mathematical values associated with extracted facial features. For example, the machine learning system (132) determines an intensity of red color as 240, an intensity of green color as 210, an intensity of blue color as 170, the width of the lips as 4.9 cm, and the height of the nose as 3.9 cm. The machine learning system (132) then generates one or more feature vectors that include the identified mathematical values derived from the extracted facial features to be used as the reference or test facial template of the user (116A).
[0051] In one embodiment, the machine learning system (132) generates the facial template from the facial image of the user (116A) more accurately when the facial image is captured in good lighting conditions. However, in certain scenarios, the one or more facial images may be captured in low lighting conditions, which may cause certain portions of the face to be poorly illuminated. For example, the user device (118A) may capture a facial image of the user (116A) in a low lighting condition and provide the captured image as an input to the machine leaning system (132) for generating the reference facial template. In another example, the biometric sensor (130A) may capture a facial image of the user (116A) located near a particular elevator (112A) that is not properly lighted and may provide the captured image as input to the machine leaning system (132) for generating the test facial template. In such a scenario, the user device (118A) and/or the processing device (128) may process such facial images using one or more image processing algorithms before providing the facial images as input to the machine learning system (132) for enabling the machine learning system (132) to accurately generate the facial template. The image processing algorithms, for example, may perform gamma correction, Gaussian filtering, masking, and egalization of contrast on the facial images for improving associated clarity.
[0052] The image processing algorithms may also compute local binary patterns, local ternary patterns, and/or distance transform similarity metric for further improving clarity of the facial images. Additionally, the image processing algorithms may reduce noise in the frequency domain while simultaneously enhancing details of the facial images based on the computed distance transform similarity metric. Further, the image processing algorithms may modify brightness of the facial images by changing facial images’ multiplication coefficient. Post processing the facial images using the image processing algorithms, the user device (118A) and/or the processing device (128) may provide these processed facial images as input to the machine learning system (132) for generating the required facial template of the user (116A).
[0053] Thus, the machine learning system (132) coupled to the processing device (128) generates the test biometric template of the user (116A) in near-real time from one or more processed images based on biometric-related features learnt previously. The processing device (128) then compares the reference biometric template of the user (116A) received from the blockchain network (104) with the test biometric template generated in near real-time. The processing device (128) successfully authenticates the user (116A) only if the reference biometric template of the user (116A) matches with the test biometric template generated in near real-time from biometric parameters of the user (116A) captured using the biometric sensor (130A). Further, the processing device (128) allows the user (116A) to access the designated elevator (112A) upon successful authentication of the user (116A).
[0054] Alternatively, the processing device (128) activates an alarm system (not shown in FIGS) deployed in the premises (110) if the user (116A) is not successfully authenticated to alert concerned authorities about a possible attempt being made by the user (116A) to seek unauthorized access to the premises (110). In certain embodiments, the user (116A) registers himself or herself with the blockchain network (104) before he or she requests for an elevator service. An exemplary method for registering users (116A-N) with the blockchain network (104) is described in detail with reference to FIG. 2.
[0055] FIG. 2 is a flow diagram illustrating an exemplary method associated with first time registration of users (116A-N) with the blockchain network (104) of the access control system (100) of FIG. 1. The order in which the exemplary method (200) is described is not intended to be construed as a limitation, and any number of the described blocks may be combined in any order to implement the exemplary method disclosed herein, or an equivalent alternative method. Additionally, certain blocks may be deleted from the exemplary method or augmented by additional blocks with added functionality without departing from the spirit and scope of the subject matter described herein.
[0056] Further, in FIG. 2, the exemplary method is illustrated as a collection of blocks in a logical flow chart, which represents operations that may be implemented in hardware, software, or combinations thereof. The various operations are depicted in the blocks to illustrate the functions that are performed in the exemplary method. In the context of software, the blocks represent computer instructions that, when executed by one or more processing subsystems, perform the recited operations.
[0057] For the sake of simplicity, FIG. 2 depicts only steps associated with first time registration of the user (116A) with the blockchain network (104). However, it is to be understood the method (200) can also be used to perform first time registration of other users with the blockchain network (104). At step (202), the user device (118A) launches the elevator application (120). In one embodiment, the user device (118A) launches the elevator application (120) in order to allow the user (116A) to make a request for registering the user (116A) with the blockchain network (104) to allow authorized use of the elevator system (108). At step (204), one or more user inputs are processed to create login credentials for using the elevator application (120). In one embodiment, the user device (118A) processes one or more user inputs including a name of the user (116A) and a password. Further, the user device (118A) creates the login credentials based on the one or more inputs from the user (116A).
[0058] At step (206), at least one biometric parameter of the user (116A) is captured. The biometric parameter, for example, includes a facial image of the user (116A) captured using a camera (134) associated with the user device (118A). The facial image of the user (116A), thus captured, may be provided as an input to the elevator application (120). Alternatively, the elevator application (120) automatically retrieves the facial image of the user (116A) pre-stored in the user device (118A). Although, the present embodiment only describes use of a facial image, the elevator application (120) may additionally or alternatively use one or more other biometric parameters such as an iris scan and fingerprints for the initial registration of the user (116A).
[0059] At step (208), the machine learning system (132) operatively coupled to the user device (118A) generates a reference facial template of the user (116A) from the captured biometric parameter of the user (116A). More specifically, the machine learning system (132) generates the reference facial template that is unique to the user (116A) from the facial image captured using the camera (134) associated with the user device (118A).
[0060] At step (210), the user device (118A) transmits the user provided information along with the generated facial template of the user (116A) to the interplanetary file system (126). More specifically, the user device (118A) transmits an identification number of the user (116A) generated by the elevator application (120), and the user provided information including the name of the user (116A) and the password along with the generated facial template of the user (116A) to the interplanetary file system (IPFS) (126).
[0061] In one embodiment, the IPFS is a peer-to-peer network implemented with multiple IPFS nodes that store files that are submitted to the IPFS network. Further, the IPFS network assigns a unique cryptographic hash for each file submitted to the IPFS network, which allows the IPFS network to automatically delete duplicates files across the IPFS nodes and track version history for each submitted file.
[0062] At step (212), the IPFS (126) associated with the blockchain network (104) generates a unique cryptographic hash (reference hash) when storing the generated facial template of the user (116A) in the IPFS (126) during user registration. At step (214), the IPFS (126) transmits one copy of the generated reference hash to the user device (118A) and another copy of the generated reference hash to the plurality of nodes (122A-N) of the blockchain network (104) via the communications network (106). Thus, the plurality of nodes (122A-N) receive the generated reference hash from the IPFS (126) and store the generated reference hash in the associated database (124) post initial registration of the user (116A) with the blockchain network (104). In addition, the plurality of nodes (122A-N) store the identification number of the user (116A), and the user provided information including one or more of the name of the user (116A) and the password in the associated database (124).
[0063] At step (216), the elevator application (120) generates a pair of cryptographic keys including a private key and a public key upon receiving the reference hash from the IPFS (126). In particular, the elevator application (120) uses the private key to generate a signature that is verifiable using the corresponding public key but cannot be forged by anyone who does not have the private key.
[0064] At step (218), the elevator application (120) encrypts the reference hash received from the IPFS (126) using the generated private key to obtain the encrypted hash of the reference facial template of the user (116A). The elevator application (120) stores the encrypted reference hash of the reference facial template and the public key in an associated database of the user device (118A) post the initial registration of the user (116A) with the blockchain network (104).
[0065] In certain embodiments, the elevator application (120) is configured to automatically generate a transaction request after completing the first time registration, whereas the transaction request is for accessing a designated elevator. The plurality of nodes (122A-N) of the blockchain network (104) receive and process the transaction request to authenticate the user (116A) and to enable the user (116A) to access a designated elevator, as described in detail with reference to FIGS. 3A-B.
[0066] FIGS. 3A-B are flow diagrams illustrating an exemplary method (300) for authenticating one or more users (116A-N) for providing elevator access using the access control system (100) of FIG. 1. For the sake of simplicity, FIGS. 3A-B depict only steps associated with authenticating a particular user, for example, the user (116A). Similarly, it is to be understood the method (300) can similarly be used for authenticating others users.
[0067] At step (302), the elevator application (120) automatically generates a transaction request for accessing a designated elevator based on a user input. In one embodiment, the elevator application (120) residing in the user device (118A) automatically generates the transaction request upon receiving a user selection of a designated elevator (112B) from a list of elevators (112A-B) displayed in a graphical user interface of the elevator application (120).
[0068] In certain embodiments, the transaction request includes a transaction identifier (ID), a name of the user (116A), an identification number of the user (116A), and the public key of the user (116A). In addition, the transaction request includes the encrypted hash of the reference facial template generated during the initial registration of the user (116A) with the blockchain network (104), timestamp, and an identification number of the designated elevator (112B) selected by the user (116A).
[0069] At step (304), the user device (118A) transmits the transaction request to the plurality of nodes (122A-N) associated with the blockchain network (104) via the communications network (106). At step (306), each of the plurality of nodes (122A-N) collates a designated number of transaction requests to generate corresponding blocks. In certain embodiments, each of the plurality of nodes (122A-N) receives the transaction request from the user device (118A) and may receive similar transaction requests from other user devices (118N). Accordingly, the plurality of nodes (122A-N) collates a designated number of received transaction requests to generate a corresponding block.
[0070] For example, each of the plurality of nodes (122A-N) may receive the transaction request from the user device (118A) and nine other similar transaction requests from other devices (118N). Accordingly, each of the plurality of nodes (122A-N) is configured to generate a corresponding block including ten different transaction requests. A maximum number of transaction requests accommodated within a block is preconfigured at the time of deployment of the blockchain network (104).
[0071] At step (308), each of the plurality of nodes (122A-N) attempts to validate all the transaction requests in the corresponding block. For instance, each of the plurality of nodes (122A-N) attempts to validate all ten transaction requests in the corresponding block. In certain embodiments, each of the plurality of nodes (122A-N) validates a particular transaction request in the corresponding block based on an encrypted hash of a reference biometric template and a public key of a user included in that particular transaction request.
[0072] For example, the plurality of nodes (122A-N) validate the transaction request received from the user device (118A) by decrypting the encrypted hash of the reference facial template of the user (116A) included in the transaction request using the public key included in the transaction request. The plurality of nodes (122A-N) then compare the decrypted hash with the reference hash associated with the reference facial template of the user (116A) stored in the database (124). The plurality of nodes (122A-N) validate the transaction request only if a match is identified between the decrypted hash and the reference hash. Similarly, it is to be understood that each of the plurality of nodes (122A-N) attempt to validate all the transaction requests in the corresponding block by decrypting encrypted hashes in the transaction requests using public keys, and by comparing decrypted hashes with reference hashes that are pre-stored in the database (124).
[0073] At step (310), a node that is the first to validate all the transaction requests in the corresponding block is selected as a designated node (122A). The designated node (122A) transmits an associated block with all the validated transactions requests to all other nodes (122B-N) in the blockchain network (104). At step (312), each of the other nodes (122B-N) cross-validates all the transaction requests in the block transmitted by the designated node (122A). In one embodiment, each of the other nodes (122B-N) cross-validates all the transaction requests in the block by decrypting encrypted hashes in the transaction requests, and by comparing decrypted hashes with reference hashes pre-stored in the corresponding database (124).
[0074] At step (314), a new block is added to existing chains of blocks (not shown in FIGS) maintained by each of the plurality of nodes (122A-N) post completion of cross-validation of the transaction requests in the block and upon achieving consensus on the resulting validation among the nodes (122A-N). At step (316), the reference facial template of the user (116A) stored in the interplanetary file system (126) of the blockchain network (104) is transmitted to the designated elevator (112B) included in the transaction request. Specifically, the designated node (122A), which is first to validate all the transaction requests in the corresponding block, transmits the reference facial template of the user (116A) stored in the interplanetary file system (126) to a processing device (128) associated with the designated elevator (112B) via the communications network (106).
[0075] In one embodiment, the designated node (122A) identifies a processing device to which the reference facial template of the user (116A) is to be transmitted based on the identification number of the elevator and an originating floor included in the transaction request. For example, the designated node (122A) transmits the reference facial template of the user (116A) to the processing device (128) when the identification number of the elevator and an originating floor included in the transaction request correspond to the elevator (112B) and the ground floor (114A), respectively.
[0076] In another embodiment, the designated node (122A) identifies the processing device (128) to which the reference facial template of the user (116A) is to be transmitted based on current location information of the user (116A). A location sensor disposed in the user device (118A) identifies current location of the user (116A). For example, the location sensor identifies that the user (116A) is currently located at the ground floor (114A) and the user device (118A) transmits the identified location information to the plurality of nodes (122A-N) associated with the blockchain network (104). Subsequently, the designated node (122A), which is first to validate the transaction requests, transmits the reference facial template of the user (116A) to the processing device (128) that is in proximity to the current location of the user (116A). In this example, the designated node (122A) transmits the reference facial template of the user (116A) to the processing device (128) as the user (116A) is currently located at the ground floor (114A) near the elevator (112B).
[0077] At step (318), the biometric sensor (130B), for example a camera, captures a facial image of the user (116A) waiting at the ground floor (114A) to board the designated elevator (112B). At step (320), the machine learning system (132) generates a test facial template of the user (116A) in near real-time from the biometric parameter captured using the biometric sensor (130B). Specifically, the machine learning system (132) coupled to the processing device (128) generates the test facial template of the user (116A) in near real-time from the facial image captured using the biometric sensor (130B) based on prior training undergone by the machine learning system (132).
[0078] At step (322), the processing device (128) compares the test facial template generated in near real-time with the reference facial template received from the designated node (122A). At step (324), the processing device (128) successfully authenticates the user (116A) if the test facial template generated in near real-time matches with the reference facial template received from the designated node (122A).
[0079] At step (326), the processing device (128) allows the user (116A) to access the designated elevator (112B) upon successfully authenticating the user (116A). Alternatively, the processing device (128) activates an alarm system (not shown in FIGS) deployed in the premises (110) if authentication of the user (116A) is not successful to alert concerned authorities about a possible attempt to seek unauthorized access to the designated elevator (112B).
[0080] In certain embodiments, the access control system (100) of the present disclosure is configured to authenticate users (116A-N) using more than one type of biometric templates to achieve improved security. For example, the access control system (100) is configured to authenticate identical users, for example, identical twins using both their facial templates and iris templates as their facial templates themselves may not be sufficient to differentiate between identical twins. To that end, during an initial registration, the blockchain network (104) mandates a user (116A) to register himself or herself with at least two types of biometric templates, for example, a facial template and an iris template. The blockchain network (104) stores both the facial template and iris template in the interplanetary file system (126), generates two different reference hashes, and transmits the reference hashes to a user device (118A) associated with the user (116A).
[0081] Further, post completion of the initial registration, the blockchain network (104) receives a transaction request from the user device (118A) including two encrypted hashes. For example, a first encrypted hash may correspond to the reference facial template of the user (116A) and a second encrypted hash may correspond to a reference iris template of the user (116A). The blockchain network (104) then validates the transaction request by decrypting the first and second encrypted hashes using a public key and by comparing decrypted hashes with the corresponding reference hashes, as noted previously with reference to FIGS. 3A-B. Further, the blockchain network (104) transmits both the reference facial template and the reference iris template of the user (116A) to the designated processing device (128) post validating the transaction request. The designated processing device (128) then compares the reference facial template and the reference iris template of the user (116A) received from the blockchain network (104) with a facial template and an iris template, respectively, generated in near real-time from one or more biometric parameters of the user (116A) captured using one or more biometric sensors (130B). In the present embodiment, the biometric sensors (130B) may include a camera and an iris scanner. However, in alternative embodiments, other biometric sensors such as fingerprint scanners, audio devices, or vital parameter monitors may alternatively or additionally be used.
[0082] In the present embodiment, the designated processing device (128) authenticates the user (116A) only when both the reference facial template and the reference iris template match with a facial template and an iris template, respectively, generated in near real-time. Thus, the access control system (100) may authenticate the user (116A) using more than one type of biometric templates to prevent another user (116N) who is identical to the user (116A) in one biometric parameter, such as facial image, from accessing a designated elevator using a transaction request generated by the user (116A).
[0083] The access control system (100) of the present disclosure authenticates users (116A-N) based on their biometric templates rather than their biometric parameters as biometric parameter-based authentication may not provide accurate results and accuracy may vary according to environmental conditions. In addition, the access control system (100) of the present disclosure employs a decentralized blockchain network (104) that includes multiple nodes (122A-N). The nodes (122A-N) by themselves identify malicious attacks occurring in the blockchain network (104) prior to providing a user having a compromised user device access to the secured system (102).
[0084] For example, a malicious attack may compromise certain nodes (122A-B) in the blockchain network (104) resulting in altered transaction data stored in the compromised nodes (122A-B). When processing transaction requests from one or more user devices (118A-N), the nodes (122A-N) may identify if there is no consensus between transaction data stored in a particular node and transaction data stored in other nodes. In such a scenario, the nodes (122A-N) identify the possibility of a malicious attack on the nodes (122A-N). In this example, the nodes (122A-N) may identify that certain nodes in the blockchain network (104) are compromised when transaction data stored in the compromised nodes (122A-B) is different from transaction data stored in uncompromised nodes (122C-N). The nodes (122A-N) then trigger an alert to report the identified malicious attack to concerned authorities to initiate necessary actions. The present access control system (100), thus, expeditely identifies suspicious malicious attacks and provides a significantly improved access control mechanism for secured systems.
[0085] Although specific features of various embodiments of the present systems and methods may be shown in and/or described with respect to some drawings and not in others, this is for convenience only. It is to be understood that the described features, structures, and/or characteristics may be combined and/or used interchangeably in any suitable manner in the various embodiments shown in the different figures.
[0086] While only certain features of the present systems and methods have been illustrated and described herein, many modifications and changes will occur to those skilled in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the claimed invention.