Biometric authentication system
First Claim
1. A method of secure transaction, comprising:
- receiving, by a personal electronic device (PED), transaction information;
capturing, by the PED, first biometric information from a user;
identifying, by the PED, if the user is an authorized user of the PED based on the captured first biometric information; and
if the captured first biometric information identifies an authorized user, performing, by the PED, the steps of;
enabling a first transaction request cryptographic key stored on the PED, the first transaction request cryptographic key corresponding to the authenticated user;
generating, using the enabled first transaction request cryptographic key, a digital signature;
generating and transmitting, via a computer network, a purchase data bundle comprising the received transaction information, the generated digital signature and a second transaction request cryptographic key complementary to the first transaction request cryptographic key;
receiving, by the PED via the computer network, a purchase approval confirmation comprising a first transaction approval cryptographic key; and
determining whether the received purchase approval confirmation corresponds to the authenticated user according to the first transaction approval cryptographic key of the received purchase approval confirmation and a second transaction approval cryptographic key stored on the PED, the second transaction approval cryptographic key corresponding to the authenticated user;
capturing, by the PED, second biometric information;
performing, by the PED, user authentication based on the captured second biometric information;
presenting, by the PED, the received confirmation when the first transaction approval cryptographic key is complementary to the second transaction approval cryptographic key and when the user is successfully authenticated based on the captured second biometric information; and
disabling the first transaction request cryptographic key upon generating the digital signature.
1 Assignment
0 Petitions
Accused Products
Abstract
In a system and method of completing a transaction over a network, a personal electronic device (PED) receives transaction information; captures biometric information from the PED user; and uses such information to identify if the user is an authorized user of the PED. If the captured biometric information identifies an authorized user of the PED, the PED: enables a first one of a pair of cryptographic keys stored on the PED corresponding to the identified authorized user; generates a digital signature for the transaction using the enabled first key; generates an authenticated transaction request using the received transaction information; and transmits the authenticated transaction request to a transaction approval center via the network. The transaction approval center uses the authenticated transaction request to complete the transaction; and the PED receives confirmation regarding the transaction from the transaction approval center.
39 Citations
8 Claims
-
1. A method of secure transaction, comprising:
-
receiving, by a personal electronic device (PED), transaction information; capturing, by the PED, first biometric information from a user; identifying, by the PED, if the user is an authorized user of the PED based on the captured first biometric information; and if the captured first biometric information identifies an authorized user, performing, by the PED, the steps of; enabling a first transaction request cryptographic key stored on the PED, the first transaction request cryptographic key corresponding to the authenticated user; generating, using the enabled first transaction request cryptographic key, a digital signature; generating and transmitting, via a computer network, a purchase data bundle comprising the received transaction information, the generated digital signature and a second transaction request cryptographic key complementary to the first transaction request cryptographic key; receiving, by the PED via the computer network, a purchase approval confirmation comprising a first transaction approval cryptographic key; and determining whether the received purchase approval confirmation corresponds to the authenticated user according to the first transaction approval cryptographic key of the received purchase approval confirmation and a second transaction approval cryptographic key stored on the PED, the second transaction approval cryptographic key corresponding to the authenticated user; capturing, by the PED, second biometric information; performing, by the PED, user authentication based on the captured second biometric information; presenting, by the PED, the received confirmation when the first transaction approval cryptographic key is complementary to the second transaction approval cryptographic key and when the user is successfully authenticated based on the captured second biometric information; and disabling the first transaction request cryptographic key upon generating the digital signature. - View Dependent Claims (2, 3, 4)
-
-
5. A personal electronic device (PED) comprising:
-
a hardware-based processor; and a biometric reader, a communication interface and a data storage in operative communication with the hardware-based processor, the data storage comprising instructions executable by the hardware-based processor to; receive, via the communication interface, transaction information; capture, using the biometric reader, first biometric information of a user; if the captured first biometric information identifies an authorized user, perform the steps of; enabling a first transaction request cryptographic key stored on the biometric reader, the first transaction request cryptographic key corresponding to the authenticated user; generating, using the enabled first transaction request cryptographic key, a digital signature; generating and transmitting, via the communication interface, a purchase data bundle comprising the received transaction information, the generated digital signature and a second transaction request cryptographic key complementary to the first transaction request cryptographic key; receiving, via the communication interface, a purchase approval confirmation comprising a first transaction approval cryptographic key; and determining whether the received purchase approval confirmation corresponds to the authenticated user according to the first transaction approval cryptographic key of the received purchase approval confirmation and a second transaction approval cryptographic key stored on the PED, the second transaction approval cryptographic key corresponding to the authenticated user, wherein the PED further comprises at least one of a display and an audible output and the data storage further comprises instructions to; capture, using the biometric reader, second biometric information; perform user authentication based on the captured second biometric information; present, using the at least one of the display and the audible output, the received confirmation when the first transaction approval cryptographic key is complementary to the second transaction approval cryptographic key and when the user is successfully authenticated based on the captured second biometric information; and disable the first transaction request cryptographic key upon generating the digital signature. - View Dependent Claims (6, 7, 8)
-
Specification