System and method for sequentially processing a biometric sample

US 20040034783A1
Filed: 08/15/2002
Published: 02/19/2004
Est. Priority Date: 08/15/2002
Status: Active Grant

First Claim

Patent Images

1. A sequential biometric verification system which facilitates the transfer of an initially unverifiable biometric sample and related biometric information from a security token to a stateless server for a subsequent verification attempt and return of a result, said system comprising:

said security token including a first cryptographic means and a first biometric verification means coupled to an access controlled resource, said stateless server responsive to said security token including second biometric verification means and second cryptography means compatible with said first cryptographic means coupled to said second verification means, wherein successful verification of said initially unverifiable biometric sample returns a cryptographic result to said security token functional by said first cryptographic means to allow access to said access controlled resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users. Signals generated by the stateful server are used by the security token to allow or deny access to a resource or function. In both embodiments of the invention, the heuristics remain with the security token.

52 Citations

View as Search Results

33 Claims

1. A sequential biometric verification system which facilitates the transfer of an initially unverifiable biometric sample and related biometric information from a security token to a stateless server for a subsequent verification attempt and return of a result, said system comprising:
- said security token including a first cryptographic means and a first biometric verification means coupled to an access controlled resource, said stateless server responsive to said security token including second biometric verification means and second cryptography means compatible with said first cryptographic means coupled to said second verification means, wherein successful verification of said initially unverifiable biometric sample returns a cryptographic result to said security token functional by said first cryptographic means to allow access to said access controlled resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The system according to claim 1 further comprising a stateful server, said stateful server responsive to said stateless server including a biometric database, third biometric verification means and third cryptography means coupled to said third verification means.
  - 3. The system according to claim 2 wherein said second verification means is adapted to send an unverifiable biometric sample and said related biometric information to said stateful server for a third verification attempt and return of said result to said security token.
  - 4. The system according to claim 3 wherein said related biometric information includes a unique identifier and telecommunications address associated with said security token, a biometric template and a biometric processing algorithm descriptor.
  - 5. The system according to claim 4 wherein said biometric database contains a plurality of high resolution biometric templates, each of said plurality of high resolution biometric templates being associated with a unique token identifier.
  - 6. The system according to claim 5 wherein said high resolution biometric templates are retrievably indexed by said unique token identifier.
  - 7. The system according to claim 6 wherein said third biometric verification means includes means to retrieve said high resolution biometric templates using said unique token identifier.
  - 8. The system according to claim 2 wherein said second or third biometric verification means includes a plurality of replaceable biometric processing algorithms.
  - 9. The system according to claim 8 wherein said plurality of replaceable biometric processing algorithms includes an associated unique biometric processing algorithm descriptor.
  - 10. The system according to claim 2 wherein said security token and said stateless server are in processing communications over a telecommunications link.
  - 11. The system according to claim 10 wherein said stateless server and said stateful server are in processing communications over said telecommunications link.
  - 12. The system according to claim 11 wherein said processing communications includes a secure messaging protocol.
  - 13. The system according to claim 2 wherein said first cryptography means includes a token access key.
  - 14. The system according to claim 13 wherein said second or third cryptography means include a master key having a functional relationship with said token access key.
  - 15. The system according to claim 1 wherein said related biometric information includes a unique identifier associated with said security token, a biometric template and a biometric processing algorithm descriptor.
  - 16. The system according to claim 15 wherein said unique identifier is used by said second or third cryptography means to diversify said master key to generate said secret.
  - 17. The system according to claim 5 wherein said biometric template includes unique physiological data associated with an authorized user of said security token.
  - 18. The system according to claim 2 wherein said second or said third verification means includes means for generating a reject result if said subsequent verification attempt is unsuccessful.
  - 19. The system according to claim 18 wherein said returned result is either said reject or said secret.
  - 20. The system according to claim 19 wherein said reject includes means to lock said security token.
  - 21. The system according to claim 2 wherein both stateless and stateful servers include greater processing capabilities than said security token.
  - 22. The system according to claim 2 wherein said security token is operatively connected to a client, said client including interface means to facilitate telecommunications between said security token and said stateless server.
  - 23. The system according to claim 22 wherein said client further includes biometric sample pre-processing means.
  - 24. The system according to claim 2 wherein said stateful server further includes audit trail generating means.
  - 25. The system according to claim 24 wherein said audit trail generating means includes means to record transactions occurring on said stateless server, said stateful server or both.

26. A sequential biometric verification method comprising the steps of:
- a. receiving an initially unverifiable biometric sample, a biometric template and a set of biometric processing parameters sent from a security token to a stateless server, b. retrieving a biometric processing algorithm using one of said set of biometric processing parameters, c. processing said biometric sample by said retrieved biometric processing algorithm using a public portion of said biometric template, d. attempting to verify said biometric sample against a private portion of said biometric template, e. generating a cryptographic secret using another of said set of biometric processing parameters and sending said generated cryptographic secret to said security token if step 26d. is successful, f. sending a reject signal to said security token if step 26d. is unsuccessful.

27. A sequential biometric verification method comprising the steps of:
- a. receiving a secondarily unverifiable biometric sample and a set of biometric processing parameters sent from a stateless server to a stateful server, b. retrieving a biometric template from a biometric database using another of said set of biometric processing parameters, c. retrieving a biometric processing algorithm using one of said first set of biometric processing parameters, d. processing said biometric sample by said retrieved biometric processing algorithm using a public portion of said retrieved biometric template, e. attempting to verify said biometric sample against a private portion of said retrieved biometric template, f. generating a cryptographic secret using another of said set of biometric processing parameters and sending said generated cryptographic secret to said security token if step 27e. is successful, g. sending a reject signal to said security token if step 27e. is unsuccessful.
- View Dependent Claims (28)
- - 28. The method according to claim 27 further including the steps:
    - a. repeating steps 27c., 27d. and 27e. until either step 27e. is successful or all available biometric processing algorithms have been tried, b. continuing with steps 27f. or 27g. as appropriate.

29. A method to optimize a biometric processing applet included in a security token comprising the steps of:
- a. determining an optimum server based biometric processing algorithm using a biometric sample previously processed by said security, b. retrieving a biometric processing applet equivalent to said optimized server based biometric processing algorithm, c. generating a replacement biometric template, d. generating a cryptographic secret to unlock said security token, e. downloading said replacement biometric template and retrieved biometric processing algorithm to said security token, f. operatively installing said replacement biometric template and retrieved biometric processing algorithm to said security token.

30. A method to identify the origin of an unverifiable biometric sample comprising the steps of:
- a. identifying the physiological data type represented by said unverifiable biometric sample, b. retrieving a generic public template appropriate for said physiological data type, c. retrieving a biometric processing algorithm appropriate for said physiological data type, d. processing said unverifiable biometric sample using said biometric processing algorithm and said generic public template, e. performing a one-to-many query of an internal biometric database containing a plurality of biometric templates records using the results of said processing, f. attempting to match said results of said processing to at least one of said plurality of biometric templates records, g. recording the results of said internal biometric database query, h. querying an external biometric database if unsuccessful, i. recording the results of said external biometric database query.

31. A system to perform sequential biometric verification using a security token and a stateless server comprising:
- said security token adapted to transfer an initially unverifiable biometric sample and at least one biometric processing parameter to a stateless server and including means to allow access to at least one controlled resource upon presentation of a valid cryptographic secret, said stateless server adapted to perform biometric verification of said biometric sample using said at least one biometric processing parameter and including means to present said valid cryptographic secret to said security token if said initially unverifiable biometric sample is verified.

32. A system to perform sequential biometric verification using a security token, a stateless server and stateful server comprising:
- said security token adapted to transfer an initially unverifiable biometric sample and at least one biometric processing parameter to a stateless server and including means to allow access to at least one controlled resource upon presentation of a valid cryptographic secret, said stateless server adapted to perform biometric verification of said biometric sample using said at least one biometric processing parameter and including means to present said valid cryptographic secret to said security token if said biometric sample is verified and means to transfer said unverifiable biometric sample and at least one biometric processing parameter to said stateful server, said stateful server adapted to perform biometric verification of said biometric sample using said at least one biometric processing parameter and including means to present said valid cryptographic secret to said security token if said initially unverifiable biometric sample is verified.

33. A system to perform sequential biometric verification using a security token, a stateless server and stateful server comprising:
- said security token adapted to allow access to a controlled resource comprising an access gate responsive to either an affirmative verification signal or an affirmative cryptographic signal, said stateless server adapted to perform biometric verification of a biometric sample received from said security token and further adapted to return said affirmative cryptographic signal to said security token if said biometric verification is successful, said stateful server adapted to perform biometric verification of a biometric sample received from stateless server and further adapted to return said affirmative cryptographic signal to said security token if said biometric verification is successful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ActivIdentity, Inc. (Assa Abloy AB)
Original Assignee
ActivIdentity, Inc. (Assa Abloy AB)
Inventors
Le Saint, Eric F., Fedronic, Dominique Louis, Joseph

Granted Patent

US 7,574,734 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

G07C 9/37 using biometric data, e.g. ...

System and method for sequentially processing a biometric sample

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for sequentially processing a biometric sample

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links