Biometric authentication system

US 10,038,555 B2
Filed: 03/15/2013
Issued: 07/31/2018
Est. Priority Date: 03/15/2012
Status: Active Grant

First Claim

Patent Images

1. A method of secure transaction, comprising:

receiving, by a personal electronic device (PED), transaction information;

capturing, by the PED, first biometric information from a user;

identifying, by the PED, if the user is an authorized user of the PED based on the captured first biometric information; and

if the captured first biometric information identifies an authorized user, performing, by the PED, the steps of;

enabling a first transaction request cryptographic key stored on the PED, the first transaction request cryptographic key corresponding to the authenticated user;

generating, using the enabled first transaction request cryptographic key, a digital signature;

generating and transmitting, via a computer network, a purchase data bundle comprising the received transaction information, the generated digital signature and a second transaction request cryptographic key complementary to the first transaction request cryptographic key;

receiving, by the PED via the computer network, a purchase approval confirmation comprising a first transaction approval cryptographic key; and

determining whether the received purchase approval confirmation corresponds to the authenticated user according to the first transaction approval cryptographic key of the received purchase approval confirmation and a second transaction approval cryptographic key stored on the PED, the second transaction approval cryptographic key corresponding to the authenticated user;

capturing, by the PED, second biometric information;

performing, by the PED, user authentication based on the captured second biometric information;

presenting, by the PED, the received confirmation when the first transaction approval cryptographic key is complementary to the second transaction approval cryptographic key and when the user is successfully authenticated based on the captured second biometric information; and

disabling the first transaction request cryptographic key upon generating the digital signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a system and method of completing a transaction over a network, a personal electronic device (PED) receives transaction information; captures biometric information from the PED user; and uses such information to identify if the user is an authorized user of the PED. If the captured biometric information identifies an authorized user of the PED, the PED: enables a first one of a pair of cryptographic keys stored on the PED corresponding to the identified authorized user; generates a digital signature for the transaction using the enabled first key; generates an authenticated transaction request using the received transaction information; and transmits the authenticated transaction request to a transaction approval center via the network. The transaction approval center uses the authenticated transaction request to complete the transaction; and the PED receives confirmation regarding the transaction from the transaction approval center.

39 Citations

8 Claims

1. A method of secure transaction, comprising:
- receiving, by a personal electronic device (PED), transaction information;
  
  capturing, by the PED, first biometric information from a user;
  
  identifying, by the PED, if the user is an authorized user of the PED based on the captured first biometric information; and
  
  if the captured first biometric information identifies an authorized user, performing, by the PED, the steps of;
  
  enabling a first transaction request cryptographic key stored on the PED, the first transaction request cryptographic key corresponding to the authenticated user;
  
  generating, using the enabled first transaction request cryptographic key, a digital signature;
  
  generating and transmitting, via a computer network, a purchase data bundle comprising the received transaction information, the generated digital signature and a second transaction request cryptographic key complementary to the first transaction request cryptographic key;
  
  receiving, by the PED via the computer network, a purchase approval confirmation comprising a first transaction approval cryptographic key; and
  
  determining whether the received purchase approval confirmation corresponds to the authenticated user according to the first transaction approval cryptographic key of the received purchase approval confirmation and a second transaction approval cryptographic key stored on the PED, the second transaction approval cryptographic key corresponding to the authenticated user;
  
  capturing, by the PED, second biometric information;
  
  performing, by the PED, user authentication based on the captured second biometric information;
  
  presenting, by the PED, the received confirmation when the first transaction approval cryptographic key is complementary to the second transaction approval cryptographic key and when the user is successfully authenticated based on the captured second biometric information; and
  
  disabling the first transaction request cryptographic key upon generating the digital signature.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1, wherein the first transaction request cryptographic key, second transaction request cryptographic key and first transaction approval cryptographic key are private, public and public keys, respectively.
  - 3. The method according to claim 1, further comprising capturing and recognizing, using the PED, at least one of voice and gesture inputs, wherein the first biometric information is captured in response to successful recognition of the at least one of the voice and gesture inputs.
  - 4. The method according to claim 1, further comprising capturing, by the PED, non-biometric information comprising at least one of a swipe pattern and a personal identification number, wherein the user authentication is performed further based on the captured non-biometric information.

5. A personal electronic device (PED) comprising:
- a hardware-based processor; and
  
  a biometric reader, a communication interface and a data storage in operative communication with the hardware-based processor, the data storage comprising instructions executable by the hardware-based processor to;
  
  receive, via the communication interface, transaction information;
  
  capture, using the biometric reader, first biometric information of a user;
  
  if the captured first biometric information identifies an authorized user, perform the steps of;
  
  enabling a first transaction request cryptographic key stored on the biometric reader, the first transaction request cryptographic key corresponding to the authenticated user;
  
  generating, using the enabled first transaction request cryptographic key, a digital signature;
  
  generating and transmitting, via the communication interface, a purchase data bundle comprising the received transaction information, the generated digital signature and a second transaction request cryptographic key complementary to the first transaction request cryptographic key;
  
  receiving, via the communication interface, a purchase approval confirmation comprising a first transaction approval cryptographic key; and
  
  determining whether the received purchase approval confirmation corresponds to the authenticated user according to the first transaction approval cryptographic key of the received purchase approval confirmation and a second transaction approval cryptographic key stored on the PED, the second transaction approval cryptographic key corresponding to the authenticated user,wherein the PED further comprises at least one of a display and an audible output and the data storage further comprises instructions to;
  
  capture, using the biometric reader, second biometric information;
  
  perform user authentication based on the captured second biometric information;
  
  present, using the at least one of the display and the audible output, the received confirmation when the first transaction approval cryptographic key is complementary to the second transaction approval cryptographic key and when the user is successfully authenticated based on the captured second biometric information; and
  
  disable the first transaction request cryptographic key upon generating the digital signature.
- View Dependent Claims (6, 7, 8)
- - 6. The PED according to claim 5, wherein the first transaction request cryptographic key, second transaction request cryptographic key and first transaction approval cryptographic key are private, public and public keys, respectively.
  - 7. The PED according to claim 5, further comprising at least one of an audio pickup and a pointer in operative communication with the hardware-based processor, wherein:
    - the data storage further comprises instructions to capture and recognize at least one of voice and gesture inputs using the at least one of the audio pickup and the pointer; and
      
      the first biometric information is captured in response to successful recognition of the at least one of the voice and gesture inputs.
  - 8. The PED according to claim 5, further comprising a user input interface, the wherein the data storage further comprises instructions to:
    - capture, using the user input interface, non-biometric information comprising at least one of a swipe pattern and a personal identification number, wherein the user authentication is performed further based on the captured non-biometric information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mikoh Corporation
Original Assignee
Mikoh Corporation
Inventors
Atherton, Peter Samuel
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US14/385,284
Publication Number

US 20150046707A1
Time in Patent Office

1,964 Days
Field of Search

713 1, 713168, 705 75
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/02   involving a neutral party, ...

G06Q 20/3227   using secure elements embed...

G06Q 20/3825   Use of electronic signatures

G06Q 20/40145   Biometric identity checks

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0861   using biometrical features,...

H04L 9/0866   involving user or device id...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

Biometric authentication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Biometric authentication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links