Methods and systems for managing network activity using biometrics

US 10,009,178 B2
Filed: 11/16/2016
Issued: 06/26/2018
Est. Priority Date: 03/12/2015
Status: Active Grant

First Claim

Patent Images

1. A method of managing digital communications using biometrics, the method comprising:

identifying, by a first device, a first value N, and a cryptographic primitive modulo N, wherein N is determined during enrollment of a user;

storing, by the first device, one or more verification codes, wherein each of the one or more verification codes is generated using the cryptographic primitive modulo N to the power of a one-way function result of a respective portion of a first biometric template acquired from the user during the enrollment, and each portion of the biometric template is identified by a corresponding identifier;

receiving, by the first device, a request to connect to the first device, the request from a second device operated by the user;

transmitting, by the first device, a first identifier to the second device, wherein the second device uses the first identifier to identify a first portion of a second biometric template acquired from the user in association with the request, and to generate a first value using the identified first portion of the second biometric template; and

determining, by the first device, that the user is authenticated when the first value from the second device matches a second value generated at the first device according to the first identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes systems and methods for managing network traffic using biometrics. A server may store a first value N, a primitive root modulo N, and a plurality of verification codes generated using the primitive root modulo N to the power of a hash function result of a respective portion of a first biometric template acquired from the user during enrollment. The sever may receive a request to connect to the server, from a client operated by the user. The client may use a first offset identifier from the server to identify a first portion of a second biometric template acquired from the user, and generate a first value corresponding to a common exponentiation function. The server may generate a second value corresponding to the common exponentiation function. The server may determine that the user is authenticated if the first value from the client matches the second value.

113 Citations

20 Claims

1. A method of managing digital communications using biometrics, the method comprising:
- identifying, by a first device, a first value N, and a cryptographic primitive modulo N, wherein N is determined during enrollment of a user;
  
  storing, by the first device, one or more verification codes, wherein each of the one or more verification codes is generated using the cryptographic primitive modulo N to the power of a one-way function result of a respective portion of a first biometric template acquired from the user during the enrollment, and each portion of the biometric template is identified by a corresponding identifier;
  
  receiving, by the first device, a request to connect to the first device, the request from a second device operated by the user;
  
  transmitting, by the first device, a first identifier to the second device, wherein the second device uses the first identifier to identify a first portion of a second biometric template acquired from the user in association with the request, and to generate a first value using the identified first portion of the second biometric template; and
  
  determining, by the first device, that the user is authenticated when the first value from the second device matches a second value generated at the first device according to the first identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first value N comprises one of a prime number, a discrete logarithm element, or an elliptic curve element.
  - 3. The method of claim 1, wherein each of the one or more verification codes is generated using the cryptographic primitive modulo N to the power of a hash function result of a respective value, the respective value generated using a random number and a respective portion of the first biometric template acquired from the user during the enrollment.
  - 4. The method of claim 3, wherein the random number comprises one of:
    - a random number separate from random numbers used to generate other respective values, or comprises a common random number used to generate other respective values.
  - 5. The method of claim 1, further comprising receiving, by the first device, an identifier of the user in the request, and retrieving a first portion of the biometric template stored by the first device according to the identifier of the user and the first identifier.
  - 6. The method of claim 1, further comprising generating, by the first device, a random number z and computing a public key for the first device as comprising the sum of:
    - the cryptographic primitive modulo N to the power of z, and a first verification code from the one or more verification codes that corresponds to the first identifier.
  - 7. The method of claim 1, further comprising sending, by the first device, the public key for the first device to the second device for use in generating the first value.
  - 8. The method of claim 1, further comprising generating, by the first device, a random parameter, and sending the random parameter to the second device for use in generating the first value.
  - 9. The method of claim 1, wherein the second device generates a long term private key for the second device using the first identifier.
  - 10. The method of claim 1, wherein the second device uses a random number y to generate a short term public key for the second device, the short term public key comprising the cryptographic primitive modulo N to the power of y.

11. A system of managing digital communications using biometrics, the system comprising:
- a first device in communication with a second device operated by a user, the first device configured to identify a first value N, and a cryptographic primitive modulo N, wherein N is selected during enrollment of the user, the first device comprising;
  
  memory configured to store one or more verification codes, wherein each of the one or more verification codes is generated using the cryptographic primitive modulo N to the power of a one-way function result of a respective portion of a first biometric template acquired from the user during the enrollment, and each portion of the biometric template is identified by a corresponding identifier;
  
  a transceiver configured to receive a request from the second device to connect to the first device, and to transmit a first identifier to the second device, wherein the second device uses the first identifier to identify a first portion of a second biometric template acquired from the user in association with the request, and to generate a first value using the identified first portion of the second biometric template; and
  
  one or more processors configured to determine that the user is authenticated when the first value from the second device matches a second value generated at the first device according to the first identifier.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the first value N comprises one of a prime number, a discrete logarithm element, or an elliptic curve element.
  - 13. The system of claim 11, wherein each of the one or more verification codes is generated using a cryptographic primitive modulo N to the power of a one-way function result of a respective value, the respective value generated using a random number and a respective portion of the first biometric template acquired from the user during the enrollment.
  - 14. The system of claim 13, wherein the random number comprises one of:
    - a random number separate from random numbers used to generate other respective values, or comprises a common random number used to generate other respective values.
  - 15. The system of claim 11, wherein the transceiver is further configured to receive an identifier of the user in the request, and the one or more processors is further configured to retrieve a first portion of the biometric template stored by the first device according to the identifier of the user and the first identifier.
  - 16. The system of claim 11, wherein the one or more processors is further configured to generate a random number z and to compute a public key for the first device as comprising the sum of:
    - the cryptographic primitive modulo N to the power of z, and a first verification code from the one or more verification codes that corresponds to the first identifier.
  - 17. The system of claim 11, wherein the transceiver is further configured to send the public key for the first device to the second device for use in generating the first value.
  - 18. The system of claim 11, wherein the one or more processors is further configured to generate a random parameter, and the transceiver is further configured to send the random parameter to the second device for use in generating the first value.
  - 19. The system of claim 11, wherein the second device generates a long term private key for the second device using the first identifier.
  - 20. The system of claim 11, wherein the second device uses a random number y to generate a short term public key for the second device, the short term public key comprising the cryptographic primitive modulo N to the power of y.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EyeLock LLC (VOXX International Corporation)
Original Assignee
EyeLock LLC (VOXX International Corporation)
Inventors
Carter, Samuel J., Ream, Christopher L., Makthal, Sarvesh, Gerber, Stephen Charles
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/352,841
Publication Number

US 20170078097A1
Time in Patent Office

587 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0861   using biometrical features,...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3013   involving the discrete loga...

H04L 9/3033   details relating to pseudo-...

H04L 9/3066   involving algebraic varieti...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3271   using challenge-response

Methods and systems for managing network activity using biometrics

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

113 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for managing network activity using biometrics

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others