System and method of user and data verification

US 20020186838A1
Filed: 03/11/2002
Published: 12/12/2002
Est. Priority Date: 03/09/2001
Status: Active Grant

First Claim

Patent Images

1. A method of generating a digital signature, the method comprising:

generating a public and a private key on a secure device;

storing biometric information indicative of a user in the secure device;

receiving biometric information indicative of the user; and

comparing the stored biometric information with the received biometric information on the secure device, and if the comparison is successful, generating a digital signature for a message.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of authenticating users and data. One embodiment of the invention includes a smart card that digitally signs a message in response to authenticating biometric information that is provided by a user. The smart card may include a random number generator and an encryption module. In an enrollment mode, the biometric data analyzer receives biometric data from a user and triggers the random number generator to create a public key and a private key. The private key is stored in a tamper-resistant component on the smart card. The public key is transmitted to an external device, such as a computer, via a card reader interface. During a signing mode, the smart card digitally signs incoming messages subsequent to verifying the biometric information that is provided by the user.

Citations

24 Claims

1. A method of generating a digital signature, the method comprising:
- generating a public and a private key on a secure device;
  
  storing biometric information indicative of a user in the secure device;
  
  receiving biometric information indicative of the user; and
  
  comparing the stored biometric information with the received biometric information on the secure device, and if the comparison is successful, generating a digital signature for a message.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the secure device is portable.
  - 3. The method of claim 1, wherein the secure device is a smart card.
  - 4. The method of claim 1, additionally comprising generating a digital certificate that includes an identifier associated with the secure device.

5. A system for generating a digital signature, the system comprising:
- means for generating a public and a private key on a secure device;
  
  means for storing biometric information indicative of a user on the secure device;
  
  means for receiving biometric information indicative of the user; and
  
  means for comparing the stored biometric information with the received biometric information on the secure device, and if the comparison is successful, generating a digital signature for a message.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, additionally comprising means for generating a digital certificate that includes an identifier associated with the secure device.
  - 7. The system of claim 5, wherein the secure device is portable.
  - 8. The system of claim 5, wherein the secure device is a smart card.

9. A method of generating a digital signature, the method comprising:
- storing biometric information in a secure and portable device; and
  
  generating, with the biometric information, a public key and a private key on the secure and portable device.
- View Dependent Claims (10, 11, 13, 14, 16, 17, 18, 20, 21)
- - 10. The method of claim 9, additionally comprising:
    - receiving a message; and
      
      generating a digital signature for the message using, at least in part, the private key.
  - 11. The method of claim 9, wherein the device includes a unique device identifier that is associated with the generated public and private keys.
  - 13. The secure device of claim 12, wherein the secure device is portable.
  - 14. The secure device of claim 12, wherein the secure device is a smart card.
  - 16. The secure device of claim 15, wherein the secure device is a smart card.
  - 17. The secure device of claim 15, wherein the secure device is portable.
  - 18. The secure device of claim 15, wherein the secure device transmits to the electronic device an electronic certificate that includes an identifier that is associated with the secure device.
  - 20. The method of claim 19, wherein the digital signature is transmitted with the message to a remote electronic device.
  - 21. The method of claim 20, additionally comprising:
    - receiving the message and the digital signature;
      
      decrypting the digital signature with the public key; and
      
      authenticating the message.

12. A secure device for generating a digital signature, the secure device comprising:
- a module configured to generate a public and a private key on a secure device;
  
  a memory configured to store biometric information indicative of a user in the secure device; and
  
  a biometric data analyzer configured to receive biometric information indicative of the user, and wherein the biometric data analyzer is configured to compare the stored biometric information with the received biometric information on the secure device, and if the comparison is successful, the biometric data analyzer generates a digital signature for a message.

15. A secure device, comprising:
- a biometrics processor configured to process biometric data and configured to authenticate the identity of a user;
  
  a biometrics interface for receiving biometric data and transmitting the biometric data to the biometrics processor;
  
  a card reader interface for transmitting at least one message to an electronic device; and
  
  a cryptoprocessor for generating a digital signature for the message;
  
  wherein the secure device transmits the generated digital signature to the electronic device via the card reader interface subsequent to the biometric processor authenticating the identity of the user.

19. A method of generating a digital signature on a smart card, comprising:
- generating a public key on a portable smart card;
  
  generating a private key on the portable smart card;
  
  storing the private key in a tamperproof memory in the portable smart card;
  
  storing biometric information indicative of a user in the portable smart card;
  
  receiving biometric information indicative of the user at the portable smart card;
  
  comparing the stored biometric information with the received biometric information on the portable smart card, and if the comparison is successful, generating a digital signature for a message, wherein the digital signature includes an encrypted message digest of the message, and wherein the digital signature is encrypted, at least in part, using the generated private key; and
  
  transmitting the generated digital signature to a remote electronic device.

22. A system for generating a digital signature, the system comprising:
- means for registering biometric information in a secure device; and
  
  means for generating a public key and a private key on the secure device in conjunction with the biometric information.
- View Dependent Claims (23)
- - 23. The system of claim 22, additionally comprising:
    - means for receiving a message; and
      
      means for generating a digital signature for the message using at least in part the private key.

24. A system, comprising:
- a network;
  
  at least one biometric input device; and
  
  a device configured to provide a digital signature to another device via the network in response to authenticating the identity of a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brandys, Pascal
Original Assignee
Brandys, Pascal
Inventors
Brandys, Pascal

Granted Patent

US 7,188,362 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

System and method of user and data verification

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of user and data verification

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links