Use of a kiosk to provide verifiable identification using cryptographic identifiers
First Claim
1. A method of providing verifiable identification credentials, the method comprising:
- (1) in a credential generation phase, (1a) acquiring biometric information from a subject;
(1b) incorporating the biometric information into a message;
(1c) cryptographically processing the message to generate a cryptographic identifier, the cryptographic identifier serving to authenticate the message that includes the biometric information; and
(1d) storing the message and the cryptographic identifier; and
(2) in response to a request in the field to verify the identification of a subject, (2a) retrieving the stored message and cryptographic identifier nominally corresponding to the subject;
(2b) using the cryptographic identifier to authenticate the stored message that includes the biometric information;
(2c) acquiring biometric information from the subject in the field; and
(2d) verifying the identification of the subject only if the stored message is authenticated and the biometric information in the message bears a proximity relationship to the biometric information acquired in the field.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of providing verifiable identification credentials for a subject at a credential generation station (CGS) includes acquiring biometric information from the subject, incorporating the biometric information into a message, cryptographically processing the message to generate a cryptographic identifier that will serve to authenticate the message, and storing the message and the cryptographic identifier for subsequent authentication. The message may include additional information relating to one or more of the specific CGS, the subject, or the time of creating the message. A method of verifying the identification of a subject at a credential verification station (CVS) includes processing a cryptographic identifier and a message that includes previously acquired biometric information, where the cryptographic identifier and the message nominally correspond to the subject, and determining whether the cryptographic identifier authenticates the message. At least if the message is cryptographically authenticated, biometric information is acquired from the subject, and it is determined whether the newly acquired biometric information satisfies a proximity relationship to the biometric information from the message.
76 Citations
39 Claims
-
1. A method of providing verifiable identification credentials, the method comprising:
-
(1) in a credential generation phase, (1a) acquiring biometric information from a subject;
(1b) incorporating the biometric information into a message;
(1c) cryptographically processing the message to generate a cryptographic identifier, the cryptographic identifier serving to authenticate the message that includes the biometric information; and
(1d) storing the message and the cryptographic identifier; and
(2) in response to a request in the field to verify the identification of a subject, (2a) retrieving the stored message and cryptographic identifier nominally corresponding to the subject;
(2b) using the cryptographic identifier to authenticate the stored message that includes the biometric information;
(2c) acquiring biometric information from the subject in the field; and
(2d) verifying the identification of the subject only if the stored message is authenticated and the biometric information in the message bears a proximity relationship to the biometric information acquired in the field. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of providing verifiable identification credentials, the method comprising:
-
(1) at a credential generation station, (1a) acquiring biometric information from a subject;
(1b) incorporating the biometric information into a message;
(1c) cryptographically processing the message to generate a cryptographic identifier, the cryptographic identifier serving to authenticate the message that includes the biometric information; and
(1d) storing the message and the cryptographic identifier on a portable unit that is provided to the subject; and
(2) in response to a request in the field to verify the identification of a subject, (2a) retrieving the stored message and cryptographic identifier nominally corresponding to the subject;
(2b) using the cryptographic identifier to authenticate the stored message that includes the biometric information;
(2c) acquiring biometric information from the subject in the field; and
(2d) verifying the identification of the subject only if the stored message is authenticated and the biometric information in the message bears a proximity relationship to the biometric information acquired in the field.
-
-
16. A method, carried out at a credential generation station, of providing verifiable identification credentials, the method comprising:
-
acquiring biometric information from a subject;
incorporating the biometric information into a message;
cryptographically processing the message to generate a cryptographic identifier, the cryptographic identifier serving to authenticate the message that includes the biometric information; and
storing the message and the cryptographic identifier for subsequent retrieval. - View Dependent Claims (17, 18)
-
-
19. A method of verifying the identification of a subject, the method comprising:
-
processing a cryptographic identifier and a message that includes previously acquired biometric information, the cryptographic identifier and the message nominally corresponding to the subject;
determining from the processing whether the cryptographic identifier authenticates the message that includes biometric information;
acquiring biometric information from the subject in the field; and
verifying the identification of the subject only if the message is successfully authenticated and the biometric information acquired in the field satisfies a proximity relationship to the biometric information from the message. - View Dependent Claims (20, 21)
-
-
22. A processor-based credential generation apparatus comprising:
-
a biometric module for acquiring biometric information from a subject;
a cryptographic module for generating a cryptographic identifier for a message that includes said biometric information from said biometric module; and
an output module that transmits said message and cryptographic identifier for storage. - View Dependent Claims (23, 24, 25, 26, 27)
-
-
28. A processor-based credential verification apparatus comprising:
-
a biometric module for acquiring biometric information from a presented subject;
an access module that receives a previously stored message having an associated cryptographic identifier, said previously stored message including biometric information previously acquired from a subject nominally corresponding to the presented subject;
a cryptographic module for verifying said cryptographic identifier to authenticate said previously stored message; and
a matching module for determining whether said biometric information from the presented subject bears a proximity relationship to the biometric information included in said message; and
an output module that signifies a successful identity verification only if (a) said cryptographic module successfully verifies said cryptographic identifier, and (b) said matching module determines that said biometric information from the presented subject bears said proximity relationship to the biometric information in said message.
-
-
29. A distributed credential generation and verification system comprising:
-
a credential generation station (CGS) including a CGS biometric module for acquiring biometric information from a subject seeking identification credentials, and an encoder for encoding a message containing said biometric information acquired by said CGS biometric module and a cryptographic identifier in a portable unit that is provided to the subject seeking identification credentials;
a credential verification station (CVS) including a CVS biometric module for acquiring biometric information from a subject presenting identification credentials;
at least one instance of a cryptographic identifier generation module for generating a cryptographic identifier for a message that includes said biometric information from said CGS biometric module;
at least one instance of a cryptographic verification module for authenticating said message; and
at least one instance of a matching module for determining whether said biometric information from the said CVS biometric module bears a proximity relationship to the biometric information included in said message. - View Dependent Claims (30, 31, 32, 33)
-
-
34. A distributed credential generation and verification system comprising:
-
a plurality of credential generation station (CGSs), each CGS including a CGS biometric module for acquiring biometric information from a subject seeking identification credentials, and a plurality of credential verification stations (CVSs), each CVS including a CVS biometric module for acquiring biometric information from a subject presenting identification credentials;
at least one instance of a cryptographic identifier generation module for generating a cryptographic identifier for a message that includes biometric information from a biometric module of one of said plurality of CGSs;
at least one instance of an encoding module for encoding, in a portable unit that is provided to the subject seeking identification credentials, a message containing biometric information acquired by a biometric module of one of said plurality of CGSs and a cryptographic identifier generated by one of said instances of a cryptographic identifier generation module;
at least one instance of a cryptographic verification module for authenticating said message; and
at least one instance of a matching module for determining whether biometric information from a biometric module of one of said plurality of CVSs bears a proximity relationship to the biometric information included in said message. - View Dependent Claims (35, 36, 37, 38, 39)
-
Specification