Biometrically enabled private secure information repository

US 20030225693A1
Filed: 09/17/2002
Published: 12/04/2003
Est. Priority Date: 08/27/1997
Status: Active Grant

First Claim

Patent Images

1. A system to provide a centralized, secured and authenticated storage of information comprising:

a) at least one client subsystem to receive and send transactional data comprising;

i) at least one biometric processing client subsystem for capturing biometric data; and

ii) at least one data capturing device to capture any and all types of additional data;

b) at least one remote data management subsystem for managing the processing, sending receiving, and storing of the transactional data;

c) at least one remote data storage subsystem to store any and all transactional data;

d) at least one data processing subsystem for processing all transactional data, with the client subsystem providing encrypted subsystem identification information and encrypted transactional data to the data processing subsystem;

e) at least one biometric subsystem to verify the user'"'"'s identity, and at least one encryption subsystem for ensuring the security of the transactional data; and

f) at least one communication network for secure transmission of transactional data within and between said at least one client subsystem, and said at least one data management subsystem.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for remote data acquisition and private and secure and authenticated, centralized processing and storage is disclosed called the DataTreasury™ Repository System. The DataTreasury™ Repository System provides a secure system for the storage and retrieval of data comprising personal information, financial information, and general information. The identity of the users are held private through the use of a biometric as the sole personal identifier. The system acquires transactional data at at least one remote locations, encrypts the data, transmits the encrypted data to a central location, transforms the data to a usable form, performs identification verification using biometric data, generates informative reports from the data and transmits the informative reports to the remote location(s), while maintaining privacy, security, and authenticity of the user'"'"'s data and biometric. To ensure the complete security of the system, all data is reencrypted while in storage, or when it is in a state of nonuse.

Citations

74 Claims

1. A system to provide a centralized, secured and authenticated storage of information comprising:
- a) at least one client subsystem to receive and send transactional data comprising;
  
  i) at least one biometric processing client subsystem for capturing biometric data; and
  
  ii) at least one data capturing device to capture any and all types of additional data;
  
  b) at least one remote data management subsystem for managing the processing, sending receiving, and storing of the transactional data;
  
  c) at least one remote data storage subsystem to store any and all transactional data;
  
  d) at least one data processing subsystem for processing all transactional data, with the client subsystem providing encrypted subsystem identification information and encrypted transactional data to the data processing subsystem;
  
  e) at least one biometric subsystem to verify the user'"'"'s identity, and at least one encryption subsystem for ensuring the security of the transactional data; and
  
  f) at least one communication network for secure transmission of transactional data within and between said at least one client subsystem, and said at least one data management subsystem.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 40, 41, 42, 43, 44)
- - 2. The system, as in claim 1, wherein said at least one client subsystem further comprise at least one biometric device for capturing biometric data.
  - 3. The system, as in claim 2, wherein said at least one client subsystem successively transforms the captured biometric data to an encrypted image format, a compressed image file, data transmission identifying a location and time of the transactional data capture, further comprising at least one transaction stub for interfacing to the data management subsystem.
  - 4. The system, as in claim 1, wherein said at least one client subsystem further comprise at least one input device for capturing any and all types of additional data.
  - 5. The system, as in claim 4, wherein said at least one client subsystem successively encrypts the transactional data, which further comprises at least one transaction stub for interfacing a transaction management subsystem.
  - 6. The system, as in claim 2, wherein said at least one input of biometric data facilitates a client transaction.
  - 7. The system as in claim 1, wherein said at least one encryption subsystem creates, utilizes, and stores keys to encrypt and decrypt transactional data.
  - 8. The system, as in claim 6, wherein said at least one client subsystem further comprises at least one printer for printing the transactional data initiated by said at least one biometric interface.
  - 9. The system, as in claim 1, wherein said data management subsystem comprises:
    - at least one server providing for resources for processing, and managing the storage of transactional data from said at least one remote client subsystem;
      
      at least one report generator for generating reports from the transactional data;
      
      a transaction processing architecture for dynamically administrating a series of intelligent data management services among said at least one server; and
      
      a memory hierarchy.
  - 10. The system, as in claim 9, wherein said at least one server contains an object oriented programming language.
  - 11. The system, as in claim 9, wherein said processing of transactional data by said data processing subsystem occurs after said transactional data is decrypted by said encryption subsystem.
  - 12. The system, as in claim 9, wherein said transactional data is re-encrypted by said encryption subsystem after said data processing and said data is then stored in said data storage subsystem.
  - 13. The system, as in claim 9, wherein said at least one transaction processing architecture contains a CORBA object request broker (ORB) architecture, that apportions and balances transactional resources among at least one server.
  - 14. The system, as in claim 13, wherein said at least one ORB architecture utilizes an interface definition language (IDL) and an IDL compiler to create an interface between application components.
  - 15. The system, as in claim 14, wherein said at least one IDL compiler generates a series of stubs and skeletons to facilitate an interface.
  - 16. The system, as in claim 9, wherein said at least one server also receives encrypted transactional data, said data storage subsystem stores the encrypted transactional data, and said at least one server verifies the biometric data.
  - 17. The system, as in claim 16, wherein said at least one biometric subsystem reduces the biometric data to a series of invariant characteristics through the use of an algorithm.
  - 18. The system, as in claim 17, wherein said at least one server utilizes a biometric search algorithm to facilitate a one to many search to identify a corresponding data storage subsystem resident enrolled biometric to verify the user.
  - 19. The system, as in claim 18, wherein said at least one server identifies an appropriate user account corresponding a verified user biometric.
  - 20. The system, as in claim 17, wherein said at least one server has a personal identifier to reduce the parameters of the one to many search to identify a corresponding data storage subsystem with a corresponding enrolled biometric to verify the user.
  - 21. The system, as in claim 20, wherein said at least one server identifies the appropriate user account corresponding to a verified user biometric.
  - 22. The system, as in claim 9, wherein said memory hierarchy comprises at least one primary memory for storage of recently accessed encrypted transactional data and at least one secondary memory for storage of other encrypted transactional data.
  - 23. The system, as in claim 22, wherein said at least one secondary memory comprises at least one magnetic media.
  - 24. The system, as in claim 22, wherein said at least one secondary memory comprises a plurality of data stores housed in separate distinct remote physical locations.
  - 25. The system, as in claim 24, wherein said specific data stores, house unique types of data.
  - 26. The system, as in claim 1, wherein said at least one communication network comprises:
    - at least one first local area network for transmitting data within a corresponding one of said at least one remote client subsystem;
      
      at least one second local area network for transmitting data within a corresponding one of said at least one data management subsystem; and
      
      at least one wide area network for transmitting data between said at least one remote client subsystems and said at least one data management subsystem.
  - 27. The system, as in claim 26, wherein said at least one communication network further comprises:
    - at least one Ethernet for connecting said at least one first local area network of said at least one client subsystems to a corresponding one of said at least one second local area network of said at least one data management subsystem through said at least one wide area network; and
      
      at least one frame relay for connecting said at least one second local area network of said at least one data management subsystem to a corresponding one or more of said at least one first local area network of said at least one client subsystems through said at least one wide area network.
  - 28. The system, as in claim 26, wherein said at least one communication network comprises a wireless network between said at least one remote client subsystems and said at least one data management subsystem.
  - 29. The system, as in claim 28, wherein said at least one wireless network may be implemented utilizing various technologies selected from the group consisting of:
    - a cellular communication network;
      
      a personal communications services network;
      
      a k-band technology;
      
      an infrared technology;
      
      a local multipoint distribution system;
      
      a satellite system;
      
      a microwave technology;
      
      a radio frequency technology;
      
      a code division multiple access technology;
      
      a time division multiple access technology;
      
      a global system for mobile communication system;
      
      a Bluetooth technology;
      
      a plurality of wireless application protocols; and
      
      a wide area point to point network technology.
  - 30. The system, as in claim 1, further comprising at least one data collecting subsystem for collecting and sending the transactional data comprising a further data management subsystem for managing the collecting and sending of the transactional data.
  - 31. The system, as in claim 30, wherein said further data management subsystem of said at least one data collecting subsystem comprises:
    - at least one server for receiving said at least one remote client subsystems for transactional data;
      
      a database for storing the transactional data in a useful form;
      
      at least one server for managing the collecting of the transactional data;
      
      a transaction processing architecture for dynamically assigning one of said at least one server to receive portions of the transactional data for balancing the transactional data among said at least one server; and
      
      a memory hierarchy.
  - 32. The system as in claim 9, wherein said at least one server has an object oriented programmning language.
  - 33. The system as in claim 9, wherein said at least one transaction processing architecture has a CORBA ORB architecture, that apportions and balances transactional resources.
  - 34. The system as in claim 33, wherein said at least one server has an interface definition to create an interface between application components.
  - 35. The system as in claim 34, wherein said at least one IDL compiler generates stubs and skeletons to create an interface.
  - 36. The system, as in claim 31, wherein said memory hierarchy comprises at least one primary memory for collecting transactional data and at least one secondary memory for backup storage of the encrypted transactional data.
  - 37. The system, as in claim 36, wherein said at least one secondary memory comprises at least one tape library.
  - 40. The system, as in claim 30, wherein said at least one communication network comprises:
    - at least one first local area network for transmitting encrypted transactional data within a corresponding one of said at least one remote client subsystems;
      
      at least one second local area network for transmitting encrypted transactional data within a corresponding one of said at least one data collecting subsystem;
      
      at least one third local area network for transmitting encrypted transactional data within a corresponding one of said at least one data processing subsystem; and
      
      at least one wide area network for transmitting encrypted transactional data between said at least one remote client subsystems, said at least one data collecting subsystem and said at least one data processing subsystem.
  - 41. The system, as in claim 40, wherein said at least one communication network further comprises:
    - at least one first Ethernet network for connecting said at least one first local area network of said at least one client subsystems to a corresponding one of said at least one second local area network through said at least one wide area network;
      
      at least one frame relay for connecting said at least one second local area network of said at least one data collecting subsystem to a corresponding some of said at least one first local area network of said at least one client subsystems through said at least one wide area network;
      
      at least one first wide area network router for connecting a corresponding one of said at least one second local area network of said at least one data collecting subsystem to said at least one wide area network; and
      
      at least one second wide area network router for connecting a corresponding one of said at least one third local area network of said at least one data processing subsystem to said at least one wide area network.
  - 42. The system, as in claim 41, wherein said at least one first wide area network and said at least one second wide area network comprises a carrier cloud, said carrier cloud using a frame relay method for transmitting the transactional data.
  - 43. The system, as in claim 42, wherein said at least one second local area network and said at least one third local area network further comprises a corresponding one of at least one network switch for routing transactional data within said at least one second local area network and said at least one third local area network.
  - 44. The system, as in claim 40, wherein said at least one wireless network may be implemented utilizing various technologies which further comprise:
    - a cellular communication network;
      
      a personal communications services network;
      
      a k-band technology;
      
      an infrared technology;
      
      a local multipoint distribution system;
      
      a satellite system;
      
      a microwave technology;
      
      a radio frequency technology;
      
      a code-division multiple access technology;
      
      a time division multiple access technology;
      
      a global system for mobile communication system;
      
      a Bluetooth technology;
      
      a plurality of wireless application protocols; and
      
      a wide area point to point network technology.

38. The system as in claimed 37, wherein said at least one secondary memory comprises numerous data stores housed in separate distinct physical locations.
- View Dependent Claims (39)
- - 39. The system as in claim 38, wherein said specific data stores house unique types of data.

45. A method for central management, security, storage, biometric authentication, verification, and initiator initiates data transactions comprising the steps of:
- capturing transactional data including an image of the biometric data, further any and all types of additional data, at at least one remote locations encrypting, and sending encrypted transactional data;
  
  verifying the authenticity of the user using a one to one search for access to an appropriate account;
  
  encrypting transactional data upon transmissions and storage, further decrypting data upon processing and presentation to the authorized user;
  
  managing the capturing and sending of the transactional data;
  
  collecting, processing, sending and storing the encrypted transactional data at a remote centralized location;
  
  managing the collecting, processing, sending and storing of the transactional data; and
  
  transmitting the encrypted transactional data and a subsystem identification information within and between the remote location(s), the centralized location(s), and other entities.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 46. The method as in claim 45, wherein said capturing the transactional data which includes biometric data step comprises:
    - capturing biometric data;
      
      successively transforming the captured biometric data to a biometric signature, an encrypted, compressed file identifying a location and time of the biometric data capturing;
      
      storing the tagged, encrypted, compressed biometric signature file; and
      
      initiating a transaction upon the capture of a biometric.
  - 47. The method as in claim 46, wherein said capturing step of the transactional data which includes any and all additional types of data, comprises:
    - capturing any and all additional types of data;
      
      successively encrypting the data, identifying a location and time of the data capturing; and
      
      storing the tagged, encrypted, compressed biometric signature file.
  - 48. The method, as in claim 45, wherein said encrypting step comprises the steps of:
    - creating encryption keys to encrypt data; and
      
      encrypting and decrypting transactional data with the encryption and decryption keys.
  - 49. The method, as in claim 45, wherein:
    - said biometric capturing and sending step occurs at a plurality of remote locations; and
      
      said collecting, processing, sending and storing step occurs at a plurality of independent locations.
  - 50. The method, as in claim 49, wherein said collecting, processing, sending and storing step comprises the steps of:
    - remote locations transmitting transactional data with servers at the central locations;
      
      storing specific types of encrypted transactional data at distinct independent remote locations in a memory hierarchy, said storing maintains recently accessed encrypted transactional data in a primary memory and other encrypted transactional data in a secondary memory;
      
      dynamically assigning the servers at the central location to receive portions of the transactional data for balancing the transactional data among the servers; and
      
      generating reports from the transactional data and providing data to software applications.
  - 51. The method, as in claim 50, wherein said storing the encrypted transactional data step comprises the step of partitioning the stored transactional data into tables.
  - 52. The method, as in claim 51, wherein said searching the memory for matching biometric data step comprises:
    - transmitting captured biometric data from remote locations to centralized servers at the remote independent locations;
      
      reducing the captured biometric data to the invariant characteristics with an algorithm; and
      
      conducting a search of the enrolled user biometric data resident in memory stores.
  - 53. The method, as in claim 52, wherein said searching of the enrolled user biometric comprises:
    - utilizing a one to many search to scan the complete data store of the enrolled user biometrics through the use of a one to many biometric search algorithm for the matching biometrics;
      
      comparing the captured biometric data to stored enrolled biometric data respectively for identification verification; and
      
      allowing verified and authenticated user access to the authorized user account.
  - 54. The method, as in claim 52, wherein said searching of the enrolled user biometric comprises:
    - utilizing a personal identifier for each user;
      
      reducing the search to a smallest subset possible with the personal identifier;
      
      conducting a one-to-many search for matching biometric data;
      
      comparing the captured biometric data to stored enrolled biometric data respectively for identification verification; and
      
      allowing verified and authenticated user access to the authorized user account.
  - 55. The method, as in claim 52, wherein said transmitting the encrypted transactional data step comprises the steps of:
    - transmitting data within the remote locations;
      
      transmitting data from each remote location to a corresponding central location; and
      
      transmitting data within the central locations.
  - 56. The method, as in claim 55, wherein said transmitting data from each remote location to a corresponding central location step comprises the steps of:
    - connecting each remote location to a corresponding central location; and
      
      connecting each central location to corresponding remote locations.
  - 57. The method, as in claim 49, further comprising the steps of:
    - collecting and sending the encrypted transactional data at intermediate locations;
      
      managing the collecting and sending of the encrypted transactional data; and
      
      transmitting the encrypted transactional data within the intermediate location and between the intermediate locations and the remote locations and the central locations.
  - 58. The method, as in claim 57, wherein said managing the collecting and sending step comprises the steps of:
    - polling the remote locations for transactional data with servers in the intermediate locations;
      
      storing the encrypted transactional data in the intermediate locations, said storing step maintaining the encrypted transactional data in a primary memory of a memory hierarchy and performing backup storage of the encrypted transactional data into a secondary memory of the memory hierarchy; and
      
      dynamically assigning the servers to receive portions of the encrypted transactional data for balancing the encrypted transactional data among the servers.
  - 59. The method, as in claim 57, wherein said step of transmitting the encrypted transactional data comprises the steps of:
    - transmitting the encrypted transactional data within the remote locations;
      
      transmitting the encrypted transactional data from each remote location to a corresponding intermediate location;
      
      transmitting the encrypted transactional data within the intermediate locations;
      
      transmitting the encrypted transactional data from each intermediate location to corresponding central locations; and
      
      transmitting the encrypted transactional data within the central locations.
  - 60. The method, as in claim 59, wherein said transmitting data from each remote location to corresponding intermediate locations step comprises the steps of:
    - connecting each remote location to a corresponding intermediate location; and
      
      connecting the intermediate locations to corresponding remote locations.
  - 61. The method, as in claim 59, wherein said transmitting data from each intermediate location to corresponding central locations comprises the steps of:
    - connecting each intermediate location to an external communication network; and
      
      connecting the corresponding central locations to the communication network.
  - 62. The method as in claim 49, wherein said transmitting data from each intermediate location to corresponding central locations comprises the steps of:
    - connecting each intermediate location to an external communication network; and
      
      connecting the corresponding central locations to the communication network.

63. A system to facilitate financial commercial transactions between a buyer and a seller through the stored information, wherein each party may select from financial accounts on file to facilitate requests for credits and/or debits through financial institutions comprising:
- at least one client subsystem to facilitate user requested transactions, wherein biometric data is captured through a biometric device and further at least one input device to capture any and all transactional data;
  
  at least one transaction processing architectural system to manage processing, sending, receiving and storage of transactional data;
  
  at least one data processor to facilitate the processing, encrypting, Personal Identification Number (PIN)-less and Personal Identification Card (PIC)-less searching and biometric matching of the transactional data;
  
  at least one database to store transactional data; and
  
  at least one communication network to facilitate user access to the system through the client subsystems, and to interconnect the client subsystems with the data processing subsystem, the storage subsystems, and other external entities.

64. A method to facilitate financial commercial transactions between a buyer and a seller through the stored information, wherein each party may select from financial accounts on file to facilitate requests for credits and/or debits through financial institutions comprising:
- verifying users through a PIN-less and PIC-less, one to many search of an enrollment storage subsystem, to allocate the appropriate user account to be accessed;
  
  managing data processing, and storage through the use of an intelligent data management subsystem;
  
  populating requested transaction fields for the transaction;
  
  requesting a credit and/or debit from financial institutions;
  
  transmitting and receiving transactional data from external entities; and
  
  storing any and all transactional data within the data storage subsystem.

65. A system to facilitate transactions between biometrically verified users through stored information, wherein information required of the transaction may be populated from the storage subsystem comprising:
- at least one client subsystem to facilitate user requested transactions, wherein biometric data is captured through a biometric device and further at least one input device to capture any and all transactional data;
  
  at least one transaction processing architectural system to manage processing, sending, receiving and storage of transactional data;
  
  at least one data processor to facilitate the processing, encrypting, PIN-less and PIC-less searching and biometric matching of the transactional data;
  
  at least one database to store transactional data; and
  
  at least one communication network to facilitate user access to the system through the client subsystems, and to interconnect the client subsystems with the data processing subsystem, the storage subsystems, and other external entities.

66. A method to facilitate transactions between biometrically verified users through stored information, wherein information required of the transaction may be populated from the storage subsystem comprising:
- verifying the users through a PIN-less and PIC-less, one to many search of an enrollment storage subsystem to allocate the appropriate authorized user account to access;
  
  managing data processing, and storage through the use of an intelligent data management subsystem;
  
  populating requested transaction fields for the transaction;
  
  requesting a credit and/or debit from financial institutions;
  
  transmitting and receiving transactional data from external entities; and
  
  storing any and all transactional data within the data storage subsystem.

67. A method for central management, security, storage, biometric authentication, verification, and initiator initiates data transactions comprising the steps of:
- capturing transactional data including an image of the biometric data, further any and all types of additional data, at at least one remote locations encrypting, and sending encrypted transactional data;
  
  verifying the identity of a user using a one to many search for access to an appropriate account;
  
  encrypting transactional data upon transmissions and storage, further decrypting data upon processing and presentation to the authorized user;
  
  managing the capturing and sending of the transactional data;
  
  collecting, processing, sending and storing the encrypted transactional data at a remote centralized location;
  
  managing the collecting, processing, sending and storing of the transactional data; and
  
  transmitting the encrypted transactional data and subsystem identification information within and between the remote location(s), the centralized location(s), and other entities.
- View Dependent Claims (68, 69, 70, 71, 72, 73, 74)
- - 68. The method as in claim 67, wherein said step of capturing transactional data includes capturing voting data from said user.
  - 69. The method as in claim 67, wherein said step of capturing transactional data includes capturing health care data from said user, including said user'"'"'s health related history and said user'"'"'s health insurance information.
  - 70. The method as in claim 67, further comprising the step of creating a pseudo identifier for said user.
  - 71. The method as in claim 70 wherein said pseudo identifier is a demographic tag that can be set to reveal any and all information relating to the user.
  - 72. The method as in claim 70, wherein said step of creating a pseudo identifier occurs after said step of identifying said user.
  - 73. The method as in claim 70 further comprising the step of storing said pseudo identifier in a pseudo identifier database.
  - 74. The method as in claim 73, further comprising the step of setting a security filter so that said pseudo identifier and said pseudo identifier database do not reveal said user'"'"'s original identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DataTreasury Corporation
Original Assignee
DataTreasury Corporation
Inventors
Cassata, James, Ballard, Claudio R., Pathak, Amarish, Currie, Edward H., Imbruce, Michael T.

Granted Patent

US 7,519,558 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/42
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06K 17/00   Methods or arrangements for...

G06Q 10/10   Office automation; Time man...

G06Q 20/00   Payment architectures, sche...

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/389   Keeping log of transactions...

G06V 10/94   Hardware or software archit...

H04L 63/0428   wherein the data content is...

H04L 63/0861   using biometrical features,...

Biometrically enabled private secure information repository

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

74 Claims

Specification

Solutions

Use Cases

Quick Links

Biometrically enabled private secure information repository

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

74 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links