×

Invariant biohash security system and method

  • US 10,134,035 B1
  • Filed: 08/30/2016
  • Issued: 11/20/2018
  • Est. Priority Date: 01/23/2015
  • Status: Active Grant
First Claim
Patent Images

1. A mobile device for generating a secure biometric-based cryptographic key without storing biometric information in order to authenticate data comprising:

  • (a) one or more processors, including a secure enclave processor core configured to be only accessible to;

    (1) input, to the secure enclave processor core, passwords, digital biometric image data, and electronic messages targeted for encryption, and(2) provide, from the secure enclave processor core, encrypted electronic messages and public keys configured to verify the authenticity of encrypted electronic messages;

    (b) a biometric reader;

    (c) a display screen; and

    (d) non-transitory computer-readable memory having stored thereon instructions to perform the steps of;

    (1) receiving, at the mobile device, from a deposit sweep computer system comprising one or more computers, first machine-readable instructions to render a destination institution management graphical user interface, the destination institution management graphical user interface comprising a different destination depository institution notification associated with a first allocation of funds indicating that at least a portion of customer funds associated with a deposit sweep customer are allocated to a different destination depository institution that does not currently hold funds for the deposit sweep customer for the deposit sweep program, the destination institution management graphical user interface further comprising a graphical accept option to approve the first allocation of funds and a graphical reject option to reject the first allocation of funds;

    (2) rendering, by the mobile device using the first machine-readable instructions, the destination institution management graphical user interface on the display screen;

    (3) receiving, at the mobile device, a selection of the graphical accept option;

    (4) generating, by the mobile device, a digitally signed approval of the first allocation of funds by;

    (a) receiving, via a second graphical user interface on the mobile device, a user password associated with the deposit sweep customer;

    (b) capturing, using the biometric reader, into the secure enclave processor core, a first digital biometric image of a biometric reading of a user;

    (c) converting, by the secure enclave processor core, the first digital biometric image into an invariant biometric feature vector using an integrated wavelet and Fourier-Mellin transformation process comprising the following steps within the secure enclave processor core;

    (i) applying, by the secure enclave processor core, a wavelet transformation to the first digital biometric image to generate a second digital biometric image;

    (ii) applying, by the secure enclave processor core, a fast Fourier transform to the second digital biometric image, to generate a third digital biometric image;

    (iii) applying, by the secure enclave processor core, a log-polar transformation to the third digital biometric image to generate a fourth digital biometric image;

    (iv) applying, by the secure enclave processor core, a high pass filter to the fourth digital biometric image to generate a fifth digital biometric image;

    (v) applying, by the secure enclave processor core, a fast Fourier transform to the fifth digital biometric image to generate a first set of feature data;

    (vi) applying, by the secure enclave processor core, row concatenation to the first set of feature data to generate the invariant biometric feature vector;

    (d) converting, by the secure enclave processor core, the invariant feature vector using the user password into a 128-bit invariant code comprising the following steps within the secure enclave processor core;

    (i) generating, by the secure enclave processor core, using the user password a threshold intensity value;

    (ii) applying, by the secure enclave processor core, the threshold intensity value to the invariant feature vector to generate the 128-bit invariant code;

    (e) generating, by the secure enclave processor core, an invariant asymmetric private key using the 128-bit invariant code and the user password;

    (f) applying, by the secure enclave processor core, the invariant asymmetric private key to an electronic message comprising a message payload indicating approval of the allocation to generate a digitally signed electronic message comprising the digitally signed approval to be securely transmitted to the deposit sweep computer system; and

    (5) transmitting, from the mobile device to the deposit sweep computer system, the digitally signed approval of the allocation.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×