Systems and methods for provisioning digital identities to authenticate users

US 10,650,632 B2
Filed: 12/22/2017
Issued: 05/12/2020
Est. Priority Date: 12/22/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for use in provisioning a digital identity for a user from an identification provider to a communication device, the method comprising:

authenticating, by a communication device, a certificate provided from a card device, via a wireless connection with the card device;

receiving, at the communication device, an authentication request from an identification provider;

capturing, by an input device of the communication device, a first biometric associated with a user, the first biometric including at least an image of the user;

after authenticating the certificate provided from the card device, transmitting, by the communication device, the authentication request and the first biometric to the card device, via the wireless connection;

in response to the first biometric not being compared to a first reference biometric in the card device, capturing, by the communication device, an image associated with a physical document indicative of an identity of the user;

comparing, by the communication device, the first biometric to the captured image associated with the physical document; and

transmitting an indicator, received from the card device and representative of a second biometric comparison by the card device, to the identification provider in response to the first biometric and the captured image associated with the physical document matching, thereby permitting the identification provider to provision a digital identity to the communication device when the comparison of the first biometric and the captured image associated with the physical document indicate a match and the indicator from the card device associated with the second biometric comparison indicates a match between a second biometric captured at the card device and a second reference biometric stored at the card device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for use in providing digital identities for users. One exemplary method includes receiving, at a card device, an authentication request and a captured first biometric of the user, from a communication device associated with the user, and comparing the first biometric and a first biometric reference at the card device, when the first biometric reference is stored in at the card device. The method also includes capturing, at the card device, a second biometric of the user and comparing the second biometric to a second biometric reference stored at the card device. The method further includes compiling a response to the authentication request including a first indicator associated with the comparison of the first biometric to the first biometric reference and a second indicator associated with the comparison of the second biometric to the second biometric reference, and transmitting the response to the communication device.

28 Citations

16 Claims

1. A computer-implemented method for use in provisioning a digital identity for a user from an identification provider to a communication device, the method comprising:
- authenticating, by a communication device, a certificate provided from a card device, via a wireless connection with the card device;
  
  receiving, at the communication device, an authentication request from an identification provider;
  
  capturing, by an input device of the communication device, a first biometric associated with a user, the first biometric including at least an image of the user;
  
  after authenticating the certificate provided from the card device, transmitting, by the communication device, the authentication request and the first biometric to the card device, via the wireless connection;
  
  in response to the first biometric not being compared to a first reference biometric in the card device, capturing, by the communication device, an image associated with a physical document indicative of an identity of the user;
  
  comparing, by the communication device, the first biometric to the captured image associated with the physical document; and
  
  transmitting an indicator, received from the card device and representative of a second biometric comparison by the card device, to the identification provider in response to the first biometric and the captured image associated with the physical document matching, thereby permitting the identification provider to provision a digital identity to the communication device when the comparison of the first biometric and the captured image associated with the physical document indicate a match and the indicator from the card device associated with the second biometric comparison indicates a match between a second biometric captured at the card device and a second reference biometric stored at the card device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, further comprising generating a key pair including a public key and a private key;
    - andtransmitting the public key and a device ID for the communication device to the identification provider, prior to receiving the authentication request from the identification provider.
  - 3. The computer-implemented method of claim 2, further comprising polling for the card device for a defined interval after transmitting the public key to the identification provider.
  - 4. The computer-implemented method of claim 1, wherein capturing the first biometric includes capturing an image of a face of the user;
    - andfurther comprising capturing the second biometric by the card device, the second biometric including a fingerprint of the user.
  - 5. The computer-implemented method of claim 1, further comprising receiving a signed, encrypted response from the card device, in response to the authentication request, when the first reference biometric for the first biometric is included in the card device and the response includes an indicator of a match for the comparison between the first reference biometric and the first biometric.
  - 6. The computer-implemented method of claim 5, further comprising passing the signed, encrypted response from the card device to the identification provider.
  - 7. The computer-implemented method of claim 1, further comprising informing the card device of a match for the comparison between the first biometric and the captured image associated with the physical document, thereby permitting the card device to store the first biometric as the first reference biometric for one or more subsequent authentication requests.
  - 8. The computer-implemented method of claim 1, wherein the card device is a payment card device associated with a payment account issued to the user by an issuer, whereby the payment card device is capable of initiating a payment account transaction funded via the payment account.

9. A system for use in provisioning a digital identity for a user from an identification provider to a communication device, the system comprising:
- a communication device configured to;
  
  authenticate a certificate provided from a card device, via a wireless connection with the card device;
  
  receive an authentication request from an identification provider;
  
  capture a first biometric associated with a user, the first biometric including at least an image of the user;
  
  after authenticating the certificate provided from the card device, transmit the authentication request and the first biometric to the card device, via the wireless connection;
  
  in response to the first biometric not being compared to a first reference biometric in the card device, capture an image associated with a physical document indicative of an identity of the user;
  
  compare the first biometric to the captured image associated with the physical document; and
  
  transmit an indicator, received from the card device and representative of a second biometric comparison by the card device, to the identification provider in response to the first biometric and the captured image associated with the physical document matching, thereby permitting the identification provider to provision a digital identity to the communication device when the comparison of the first biometric and the captured image associated with the physical document indicate a match and the indicator from the card device associated with the second biometric comparison indicates a match between a second biometric captured at the card device and a second reference biometric stored at the card device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the communication device is further configured to:
    - generate a key pair including a public key and a private key; and
      
      transmit the public key and a device ID for the communication device to the identification provider, prior to receiving the authentication request from the identification provider.
  - 11. The system of claim 10, wherein the communication device is further configured to poll for the card device for a defined interval after transmitting the public key to the identification provider.
  - 12. The system of claim 9, wherein the first biometric is an image of a face of the user;
    - andwherein the communication device is further configured to capture the second biometric by the card device, the second biometric including a fingerprint of the user.
  - 13. The system of claim 9, wherein the communication device is further configured to receive a signed, encrypted response from the card device, in response to the authentication request, when the first reference biometric for the first biometric is included in the card device and the response includes an indicator of a match for the comparison between the first reference biometric and the first biometric.
  - 14. The system of claim 13, wherein the communication device is further configured to pass the signed, encrypted response from the card device to the identification provider.
  - 15. The system of claim 9, wherein the communication device is further configured to inform the card device of a match for the comparison between the first biometric and the captured image associated with the physical document, thereby permitting the card device to store the first biometric as the first reference biometric for one or more subsequent authentication requests.
  - 16. The system of claim 9, wherein the card device is a payment card device associated with a payment account issued to the user by an issuer, whereby the payment card device is capable of initiating a payment account transaction funded via the payment account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Kamal, Ashfaq, Bhatt, Sumeet, Reany, Robert D.
Primary Examiner(s)
St Cyr, Daniel

Application Number

US15/853,643
Publication Number

US 20190197815A1
Time in Patent Office

872 Days
Field of Search

235380, 235382, 235385
US Class Current
CPC Class Codes

G06Q 20/105   involving programming of a ...

G06Q 20/3223   Realising banking transacti...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/353   Payments by cards read by M...

G06Q 20/36   using electronic wallets or...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/40145   Biometric identity checks

G06V 40/166   using acquisition arrangements

G06V 40/70   Multimodal biometrics, e.g....

G07C 9/257   electronically G07C9/26 tak...

G07C 9/26   using a biometric sensor in...

G07F 7/0806   Details of the card record ...

G07F 7/0813   Specific details related to...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 9/0861   Generation of secret inform...

H04L 9/3231 : Biological data, e.g. finge...

H04L 9/3239 : involving non-keyed hash fu...

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

H04L 9/3273 : for mutual authentication n...

H04L 9/50 : using hash chains, e.g. blo...

H04W 12/06 : Authentication

H04W 12/71 : Hardware identity

H04W 4/80 : Services using short range ...

View All

Systems and methods for provisioning digital identities to authenticate users

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for provisioning digital identities to authenticate users

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links