Electronic data vault providing biometrically protected electronic signatures
First Claim
1. An electronic data vault system (eVault) comprising means for securely storing personal data for one or more users, the secured personal data being stored in a datastore associated with a specific user, at least one item of the personal data being at least one cryptographic key for the one or more users, and wherein the system further comprises an interface for allowing controlled access to the system by a user, means for performing authentication of users using biometric matching, and further comprises a policy management system allowing a user to define policies controlling the access of specific service providers to specific parts of the user datastore, defining the data that may be deposited by specific service providers into a user'"'"'s datastore, and defining default data access levels for service providers not specifically identified.
2 Assignments
0 Petitions
Accused Products
Abstract
A system (“eVault”) securely stores personal data and documents for citizens and allows controlled access by citizens and optionally by service providers. The eVault may be adapted to allow processes involving the documents to be carried out in a secure and paperless fashion. Documents are certified, and biometric matching is used for security. On effecting a match to a biometric identifier presented by a user, the user is allowed access to their personal eVault and to a personal cryptographic key stored there. One or more of these personal keys may be securely applied within the eVault to generate an electronic signature, amongst other functions.
-
Citations
53 Claims
- 1. An electronic data vault system (eVault) comprising means for securely storing personal data for one or more users, the secured personal data being stored in a datastore associated with a specific user, at least one item of the personal data being at least one cryptographic key for the one or more users, and wherein the system further comprises an interface for allowing controlled access to the system by a user, means for performing authentication of users using biometric matching, and further comprises a policy management system allowing a user to define policies controlling the access of specific service providers to specific parts of the user datastore, defining the data that may be deposited by specific service providers into a user'"'"'s datastore, and defining default data access levels for service providers not specifically identified.
-
5. Cancelled.
-
15. A method of associating at least one cryptographic key with a specific user and storing an associated key in a datastore specific to that user, the method comprising the steps of:
-
a) storing a set having one or more personal identifiers associated with the user in a datastore specific to that user, b) linking the set of personal identifiers with at least one cryptographic key generated for that user, and wherein the set of personal identifiers associated with the user includes at least one biometric identifier, and at least one cryptographic key may subsequently be accessed by providing at least one biometric identifier, the access to the cryptographic key being effected by the steps of;
c) receiving a biometric identifier from the user, d) comparing the biometric identifier with a datastore of previously stored identifiers, and e) on matching an identifier in the datastore with the supplied biometric identifier, providing that previously stored cryptographic key for use. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 38)
-
-
25. (Cancelled)
-
26. A method of providing a user with access to an electronically stored document, the method comprising the steps of:
-
a) receiving a request;
from a user for a specific document, the request including at least one biometric identifier for that user,b) comparing the supplied biometric identifier with a set of pre-stored identifiers so as to authenticate the user, and wherein access is provided to the electronic document by forwarding a copy of the requested document to the user if the step of comparing the supplied biometric identifier authenticates the user, and wherein the biometric identifier is received at a document repository, the biometric identifier being encrypted prior to receipt at the repository, and further wherein the repository forwards the encrypted identifier to an authentication engine where it is decrypted and compared with the set of pre-stored identifiers so as to authenticate the user. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39)
-
-
27. (Cancelled)
-
40-48. -48. (Cancelled).
-
49. A security access system for providing a user with access to an electronically stored document, the document being stored in a datastore specific to that user, the system comprising:
-
a) means for receiving a request from a user for a specific document, the request including at least one biometric identifier for that user, b) means for comparing the supplied biometric identifier with a set of pre-stored identifiers so as to authenticate the user, and c) means for forwarding a copy of the requested document to the user if the means for comparing the supplied biometric identifier authenticates the user. - View Dependent Claims (50, 51, 52)
-
Specification