Use of a biometric image for authorization

US 10,735,412 B2
Filed: 05/14/2018
Issued: 08/04/2020
Est. Priority Date: 01/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method for a first user to complete a purchase on an online store, the method comprising:

receiving, from the online store over a network, by a secure processing system of an electronic device, an online account token associated with an account of the first user on the online store;

storing the online account token in a non-persistent memory of the secure processing system;

receiving, from the online store over the network, by the secure processing system of the electronic device, user identifier data associated with the first user;

storing the user identifier data in a persistent memory of the secure processing system;

prohibiting a processing device of the electronic device, wherein the processing device is outside the secure processing system, from accessing data stored in the non-persistent memory and data stored in the persistent memory;

prohibiting the online account token from being stored in the persistent memory;

determining, by the processing device of the electronic device, that the purchase requires authorization from a second user;

receiving, in response to a biometric authentication of the second user, authorization to complete the purchase on the online store;

in response to receiving the authorization to complete the purchase on the online store, countersigning, by a secure processing device of the secure processing system, the online account token with the user identifier data associated with the first user, wherein the countersigned online account token indicates the purchase on the online store is complete; and

transmitting the countersigned online account token to the online store.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A second user can authorize a first user to take or complete an online action by submitting one or more biometric images. For example, the second user can authorize a purchase by the first user on an online store. The second user can submit the one or more biometric images on the electronic device being used by the first user, or the second user can submit the biometric image or images remotely using another electronic device.

Citations

26 Claims

1. A method for a first user to complete a purchase on an online store, the method comprising:
- receiving, from the online store over a network, by a secure processing system of an electronic device, an online account token associated with an account of the first user on the online store;
  
  storing the online account token in a non-persistent memory of the secure processing system;
  
  receiving, from the online store over the network, by the secure processing system of the electronic device, user identifier data associated with the first user;
  
  storing the user identifier data in a persistent memory of the secure processing system;
  
  prohibiting a processing device of the electronic device, wherein the processing device is outside the secure processing system, from accessing data stored in the non-persistent memory and data stored in the persistent memory;
  
  prohibiting the online account token from being stored in the persistent memory;
  
  determining, by the processing device of the electronic device, that the purchase requires authorization from a second user;
  
  receiving, in response to a biometric authentication of the second user, authorization to complete the purchase on the online store;
  
  in response to receiving the authorization to complete the purchase on the online store, countersigning, by a secure processing device of the secure processing system, the online account token with the user identifier data associated with the first user, wherein the countersigned online account token indicates the purchase on the online store is complete; and
  
  transmitting the countersigned online account token to the online store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as in claim 1, further comprising:
    - prior to countersigning the online account token;
      
      receiving, into the secure processing system, a biometric image associated with the first user; and
      
      determining that the biometric image associated with the first user matches a reference biometric image associated with the first user and stored by the secure processing system.
  - 3. The method as in claim 2, further comprising establishing a window of time in which purchases are permitted to be made on the online store, via the electronic device, without having to reenter an additional biometric image.
  - 4. The method as in claim 2, wherein the user identifier data comprises a universally unique identifier that is associated with a biometric sensing device of the electronic device and a directory services identification (DSID) that represents the account of the first user on the online store.
  - 5. The method as in claim 1, prior to receiving authorization to complete the purchase, providing a notification to the second user regarding the purchase on the online store by the first user.
  - 6. The method as in claim 5, wherein the notification comprises at least one of an identity of the online store, a monetary amount of the purchase on the online store, or an identity of a content of the purchase on the online store.
  - 7. The method as in claim 5, wherein the notification permits the second user to limit at least one of an amount of money the first user can spend in the purchase or an amount of time the first user can spend on the online store.
  - 8. The method as in claim 5, wherein:
    - the electronic device is a first electronic device;
      
      the method further comprises, prior to determining if the purchase requires authorization from the second user, submitting, by the electronic device, the purchase to the online store; and
      
      providing the notification to the second user regarding the purchase on the online store by the first user comprises providing the notification to the second user on a second electronic device different from the first electronic device regarding the purchase on the online store by the first user.
  - 9. The method as in claim 1, wherein the user identifier data comprises a universally unique identifier and a directory services identification (DSID) that represents the account of the first user on the online store.
  - 10. The method as in claim 9, wherein the user identifier data further comprises a password that is associated with the account on the online store.
  - 11. The method as in claim 9, wherein the DSID comprises a hash of the DSID.
  - 12. The method as in claim 1, wherein the online account token is prohibited from being stored in the persistent memory.

13. A system, comprising:
- a processing device; and
  
  a secure processing system comprising a secure memory that is inaccessible to the processing device, the secure memory including a persistent memory and a non-persistent memory and configured to;
  
  receive, from an online store over a network, an online account token associated with an account of a first user on the online store;
  
  store the online account token only in the non-persistent memory, such that the online account token is inaccessible to the processing device and is automatically cleared when the non-persistent memory loses power;
  
  prohibit the online account token from being stored in the persistent memory;
  
  receive, from the online store over the network, user identifier data associated with the first user; and
  
  store the user identifier data in the persistent memory, wherein;
  
  the processing device is configured to determine if a purchase on the online store by the first user requires authorization of a second user;
  
  in response to the processing device determining that the purchase on the online store by the first user requires authorization of the second user, the secure processing system is configured to;
  
  receive, in response to a biometric authentication of the second user, authorization to complete the purchase on the online store by the first user; and
  
  in response to receiving the authorization, countersign the online account token with the user identifier data associated with the first user; and
  
  the countersigned online account token indicates the purchase on the online store is complete.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The system as in claim 13, wherein the system further comprises a biometric sensing device configured to:
    - receive a biometric image from the second user; and
      
      provide the biometric image to a secure processing device to perform the biometric authentication of the second user.
  - 15. The system as in claim 14, wherein:
    - the secure processing system and the biometric sensing device are included in a single electronic device; and
      
      the secure processing device is a component of the secure processing system.
  - 16. The system as in claim 14, wherein:
    - the secure processing system is included in a first electronic device; and
      
      the biometric sensing device and the secure processing device are included in a second electronic device.
  - 17. The system as in claim 14, wherein the user identifier data comprises a universally unique identifier that is associated with the biometric sensing device.
  - 18. The system as in claim 17, wherein the user identifier data further comprises a directory services identification (DSID) that represents the account of the first user on the online store.
  - 19. The system as in claim 13, wherein:
    - the system further comprises a biometric sensing device operatively connected to the secure processing system; and
      
      the secure processing system is adapted to receive a biometric image from the first user and countersign the online account token with user identifier data only when the biometric image received from the first user matches a second reference biometric image associated with the first user and stored in the secure memory.
  - 20. The system as in claim 19, wherein the user identifier data comprises a universally unique identifier that is associated with the biometric sensing device.
  - 21. The system as in claim 13, wherein the user identifier data comprises at least one of a directory services identification (DSID) that represents the account of the first user on the online store or a password that is associated with the account of the first user on the online store.
  - 22. The system as in claim 21, wherein the DSID comprises a hash of the DSID.

23. A method for a first user to complete a purchase on an online store, the method comprising:
- receiving, from the online store over a network, by a first secure processing system of a first electronic device, an online account token associated with an account of the first user on the online store;
  
  storing the online account token in a non-persistent memory of the first secure processing system;
  
  receiving, from the online store over the network, by the first secure processing system of the first electronic device, user identifier data associated with the first user;
  
  storing the user identifier data in a persistent memory of the first secure processing system;
  
  prohibiting a first processing unit of the first electronic device, wherein the first processing unit is outside the first secure processing system, from accessing data stored in the non-persistent memory and data stored in the persistent memory;
  
  prohibiting the online account token from being stored in the persistent memory;
  
  receiving, at the first secure processing system, a first biometric image associated with the first user;
  
  determining, by the first secure processing system, that the first biometric image matches a reference biometric image stored in the persistent memory;
  
  determining, by the first processing unit of the first electronic device, that the purchase by the first user requires authorization from a second user;
  
  transmitting, by the first processing unit, a notification requesting the second user to authorize the purchase;
  
  receiving an authorization by the second user to complete the purchase in response to a second secure processing system of a second electronic device determining that a second biometric image associated with the second user captured based on the notification matches a second reference fingerprint; and
  
  in response to receiving the authorization to complete the purchase, countersigning, by the first secure processing system, the online account token with the user identifier data associated with the first user, wherein the countersigned online account token indicates the purchase on the online store is complete.
- View Dependent Claims (24, 25, 26)
- - 24. The method as in claim 23, further comprising transmitting the countersigned online account token to the online store.
  - 25. The method as in claim 23, wherein the notification comprises at least one of the following:
    - an identity of the online store;
      
      a monetary amount of the purchase on the online store;
      
      an input that permits the second user to limit an amount of money the first user can spend in the purchase; and
      
      an input that permits the second user to limit an amount of time the first user can spend on the online store.
  - 26. The method as in claim 23, wherein the notification is transmitted in response to determining that the first biometric image associated with the first user matches the reference biometric image associated with the first user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Alsina, Thomas, Syed, Farman A., Chu, Michael K., Irani, Cyrus D., Zadro, Ivan, Kelly, Sean B.
Primary Examiner(s)
Shaikh, Mohammad Z

Application Number

US15/979,251
Publication Number

US 20180262494A1
Time in Patent Office

813 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/3674   involving authentication

G06Q 20/3821   Electronic credentials

G06Q 20/40145   Biometric identity checks

G06Q 30/0609   Buyer or seller confidence ...

G06Q 30/0637   Approvals

H04L 63/0861   using biometrical features,...

Use of a biometric image for authorization

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Use of a biometric image for authorization

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links