System and method to facilitate separate cardholder and system access to resources controlled by a smart card
First Claim
1. A system to facilitate separate cardholder and authority access to resources controlled by a smart card comprising:
- a client operatively equipped with said smart card and a biometric sensor for input of biometric data associated with said cardholder, said smart card including authentication means for at least preventing unauthenticated access to said resources and memory having operatively stored therein a first identifier associated with said cardholder holder and a token secret associated with a server, said server including biometric data processing means, a biometric database and at least one record in said biometric database retrievable using a biometric result of said biometric data processing, said at least one record including a biometric template associated with said cardholder and a server secret associated with said smart card.
4 Assignments
0 Petitions
Accused Products
Abstract
This invention provides a mechanism, which allows a user'"'"'s personal identification number (PIN) to operate independently from a biometric authentication system. This improvement reduces the administrative burden of having to keep a user'"'"'s PIN synchronized with the PIN used to access the user'"'"'s smart card following successful biometric authentication. The first embodiment of the invention incorporates a cryptographic interface, which bypasses the PIN entry and allows the biometric authentication system to directly access card resources. The second embodiment of the invention provides a second system PIN having greater bit strength than the cardholder PIN. Both embodiments of the invention retrieve secrets (either a cryptographic key or system PIN) from a biometric database by comparing a processed biometric sample with known biometric templates. The biometric authentication system incorporates a client-server architecture, which facilitates multiple biometric authentications.
-
Citations
29 Claims
-
1. A system to facilitate separate cardholder and authority access to resources controlled by a smart card comprising:
-
a client operatively equipped with said smart card and a biometric sensor for input of biometric data associated with said cardholder, said smart card including authentication means for at least preventing unauthenticated access to said resources and memory having operatively stored therein a first identifier associated with said cardholder holder and a token secret associated with a server, said server including biometric data processing means, a biometric database and at least one record in said biometric database retrievable using a biometric result of said biometric data processing, said at least one record including a biometric template associated with said cardholder and a server secret associated with said smart card. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method to facilitate separate cardholder and authority access to resources controlled by a smart card comprising the steps of:
-
a. collecting biometric data from a cardholder associated with said smart card, b. sending said biometric data to a server for processing, c. generating a result from said processing, d. querying a biometric database with said result, e. retrieving in said server a secret associated with a matching record, f. authenticating said cardholder to said smart card using said server secret, g. allowing access to said resources. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification