System and method to facilitate separate cardholder and system access to resources controlled by a smart card

US 20040034784A1
Filed: 08/15/2002
Published: 02/19/2004
Est. Priority Date: 08/15/2002
Status: Abandoned Application

First Claim

Patent Images

1. A system to facilitate separate cardholder and authority access to resources controlled by a smart card comprising:

a client operatively equipped with said smart card and a biometric sensor for input of biometric data associated with said cardholder, said smart card including authentication means for at least preventing unauthenticated access to said resources and memory having operatively stored therein a first identifier associated with said cardholder holder and a token secret associated with a server, said server including biometric data processing means, a biometric database and at least one record in said biometric database retrievable using a biometric result of said biometric data processing, said at least one record including a biometric template associated with said cardholder and a server secret associated with said smart card.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention provides a mechanism, which allows a user'"'"'s personal identification number (PIN) to operate independently from a biometric authentication system. This improvement reduces the administrative burden of having to keep a user'"'"'s PIN synchronized with the PIN used to access the user'"'"'s smart card following successful biometric authentication. The first embodiment of the invention incorporates a cryptographic interface, which bypasses the PIN entry and allows the biometric authentication system to directly access card resources. The second embodiment of the invention provides a second system PIN having greater bit strength than the cardholder PIN. Both embodiments of the invention retrieve secrets (either a cryptographic key or system PIN) from a biometric database by comparing a processed biometric sample with known biometric templates. The biometric authentication system incorporates a client-server architecture, which facilitates multiple biometric authentications.

Citations

29 Claims

1. A system to facilitate separate cardholder and authority access to resources controlled by a smart card comprising:
- a client operatively equipped with said smart card and a biometric sensor for input of biometric data associated with said cardholder, said smart card including authentication means for at least preventing unauthenticated access to said resources and memory having operatively stored therein a first identifier associated with said cardholder holder and a token secret associated with a server, said server including biometric data processing means, a biometric database and at least one record in said biometric database retrievable using a biometric result of said biometric data processing, said at least one record including a biometric template associated with said cardholder and a server secret associated with said smart card.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The system according to claim 1 wherein a match between said biometric result and said biometric template retrieves said server secret.
  - 3. The system according to claim 2 wherein said cardholder is authenticated to said smart card using said authentication means in concert with said token secret and said server secret.
  - 4. The system according to claim 3 wherein said token secret is a first cryptographic key.
  - 5. The system according to claim 4 wherein said authentication means includes a cryptographic algorithm compatible with said first cryptographic key.
  - 6. The system according to claim 5 wherein said server secret includes a second cryptographic key compatible with said first cryptographic key.
  - 7. The system according to claim 6 wherein said authentication means includes means for performing challenge\response authentications.
  - 8. The system according to claim 3 wherein said authentication means includes a comparator.
  - 9. The system according to claim 8 wherein said token secret includes a second identifier.
  - 10. The system according to claim 9 wherein said server secret includes a third identifier.
  - 11. The system according to claim 10 wherein said authentication means compares said second identifier and said third identifier and allows access to said resources if an exact match is found.
  - 12. The system according to claim 11 wherein said first, second and third identifiers are personal identification numbers.
  - 13. The system according to claim 12 wherein said first identifier and said second identifier are different.
  - 14. The system according to claim 8 wherein said cardholder is authenticated to said smart card by said first identifier or said biometric result.
  - 15. The system according to claim 1 wherein said biometric data includes at least a fingerprint, a handwriting scan, a retinal scan, an iris scan, a hand geometry scan, a face recognition scan, or a voice pattern scan.
  - 16. The system according to claim 1 wherein said resources includes means for authenticating said smart card to said server.
  - 17. The system according to claim 1 wherein said client and said server are in processing communications using a secure messaging protocol.
  - 18. The system according to claim 17 wherein said client and said smart card are in processing communications using a secure messaging protocol.
  - 19. The system according to claim 1 wherein said at least one record is cryptographically protected.

20. A method to facilitate separate cardholder and authority access to resources controlled by a smart card comprising the steps of:
- a. collecting biometric data from a cardholder associated with said smart card, b. sending said biometric data to a server for processing, c. generating a result from said processing, d. querying a biometric database with said result, e. retrieving in said server a secret associated with a matching record, f. authenticating said cardholder to said smart card using said server secret, g. allowing access to said resources.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The method according to claim 20 wherein said step f. includes the steps of:
    - a. generating a challenge by said smart card, b. sending said challenge to said server, c. generating a response to said challenge using said server secret, d. sending said response to said smart card, e. authenticating said response by said smart card.
  - 22. The method according to claim 21 wherein said server secret is a cryptographic key compatible with an existing cryptographic key and algorithm operatively installed in said smart card.
  - 23. The method according to claim 20 wherein said step f. includes the steps of:
    - a. sending said secret to said smart card, b. comparing said secret to a previously stored secret in said smart card, c. authenticating said secret by said smart card.
  - 24. The method according to claim 20 wherein said server secret is a personal identification number unknown to said cardholder.
  - 25. The method according to claim 20 wherein said biometric data includes a fingerprint, a retinal scan, an iris scan, a hand geometry scan, a face recognition scan, or a voice pattern scan.
  - 26. The method according to claim 20 wherein said resources includes means for authenticating said smart card to said server.
  - 27. The method according to claim 20 wherein step b. includes using a secure messaging protocol.
  - 28. The method according to claim 21 wherein step b. includes using a secure messaging protocol.
  - 29. The method according to claim 23 wherein step a. includes using a secure messaging protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Le Saint, Eric F., Fedronic, Dominique Louis Joseph

Application Number

US10/218,665
Publication Number

US 20040034784A1
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/445   by mutual authentication, e...

G06F 21/78   to assure secure storage of...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/347   Passive cards

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G07F 7/10   together with a coded signa...

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

G07F 7/1075   PIN is checked remotely

System and method to facilitate separate cardholder and system access to resources controlled by a smart card

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to facilitate separate cardholder and system access to resources controlled by a smart card

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links