Use of a kiosk to provide verifiable identification using cryptographic identifiers

US 20040249765A1
Filed: 06/06/2003
Published: 12/09/2004
Est. Priority Date: 06/06/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method of providing verifiable identification credentials, the method comprising:

(1) in a credential generation phase, (1a) acquiring biometric information from a subject;

(1b) incorporating the biometric information into a message;

(1c) cryptographically processing the message to generate a cryptographic identifier, the cryptographic identifier serving to authenticate the message that includes the biometric information; and

(1d) storing the message and the cryptographic identifier; and

(2) in response to a request in the field to verify the identification of a subject, (2a) retrieving the stored message and cryptographic identifier nominally corresponding to the subject;

(2b) using the cryptographic identifier to authenticate the stored message that includes the biometric information;

(2c) acquiring biometric information from the subject in the field; and

(2d) verifying the identification of the subject only if the stored message is authenticated and the biometric information in the message bears a proximity relationship to the biometric information acquired in the field.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of providing verifiable identification credentials for a subject at a credential generation station (CGS) includes acquiring biometric information from the subject, incorporating the biometric information into a message, cryptographically processing the message to generate a cryptographic identifier that will serve to authenticate the message, and storing the message and the cryptographic identifier for subsequent authentication. The message may include additional information relating to one or more of the specific CGS, the subject, or the time of creating the message. A method of verifying the identification of a subject at a credential verification station (CVS) includes processing a cryptographic identifier and a message that includes previously acquired biometric information, where the cryptographic identifier and the message nominally correspond to the subject, and determining whether the cryptographic identifier authenticates the message. At least if the message is cryptographically authenticated, biometric information is acquired from the subject, and it is determined whether the newly acquired biometric information satisfies a proximity relationship to the biometric information from the message.

76 Citations

View as Search Results

39 Claims

1. A method of providing verifiable identification credentials, the method comprising:
- (1) in a credential generation phase, (1a) acquiring biometric information from a subject;
  
  (1b) incorporating the biometric information into a message;
  
  (1c) cryptographically processing the message to generate a cryptographic identifier, the cryptographic identifier serving to authenticate the message that includes the biometric information; and
  
  (1d) storing the message and the cryptographic identifier; and
  
  (2) in response to a request in the field to verify the identification of a subject, (2a) retrieving the stored message and cryptographic identifier nominally corresponding to the subject;
  
  (2b) using the cryptographic identifier to authenticate the stored message that includes the biometric information;
  
  (2c) acquiring biometric information from the subject in the field; and
  
  (2d) verifying the identification of the subject only if the stored message is authenticated and the biometric information in the message bears a proximity relationship to the biometric information acquired in the field.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 wherein the message includes information in addition to the biometric information.
  - 3. The method of claim 1 wherein cryptographically processing the message occurs at a location that is remote from the location at which the biometric information is acquired from the subject.
  - 4. The method of claim 1 wherein cryptographically processing the message and storing the message and cryptographic identifier occur at the same location as that where the biometric information is acquired from the subject.
  - 5. The method of claim 1 wherein:
    - storing the message and the cryptographic identifier includes storing the message and the cryptographic identifier at a remote location from the credential generation station; and
      
      retrieving the stored message and cryptographic identifier includes accessing the message and cryptographic identifier from the remote location.
  - 6. The method of claim 1 wherein using the cryptographic identifier to authenticate the stored message and verifying the identification of the subject only if the stored message is authenticated and the biometric information in the message bears a proximity relationship to the biometric information acquired in the field are performed at the same location at which biometric information is acquired from the subject in the field.
  - 7. The method of claim 1 wherein at least one of using the cryptographic identifier to authenticate the stored message and verifying the identification of the subject only if the stored message is authenticated and the biometric information in the message bears a proximity relationship to the biometric information acquired in the field is performed at a location that is remote from the location at which the biometric information is acquired from the subject in the field.
  - 8. The method of claim 1 wherein:
    - storing the message and the cryptographic identifier includes storing the message and the cryptographic identifier on a portable unit that is provided to the subject; and
      
      retrieving the stored message and cryptographic identifier includes reading the message and cryptographic identifier from the portable unit.
  - 9. The method of claim 8 wherein:
    - the portable unit has at least one of a printable region, a magnetic region, and an optical region; and
      
      storing the message and the cryptographic identifier includes at least one of printing the message and the cryptographic identifier on the printable region, encoding the message and the cryptographic identifier in the magnetic region, and encoding the message and the cryptographic identifier in the optical region.
  - 10. The method of claim 1 wherein the cryptographic identifier is a digital signature of the message that includes the biometric information.
  - 11. The method of claim 1 wherein the cryptographic identifier is an encrypted version of the biometric information.
  - 12. The method of claim 1 wherein:
    - the biometric information includes at least two disparate types of information; and
      
      the method further comprises verifying that the disparate types of information are being acquired from the same subject.
  - 13. The method of claim 12 wherein verifying that the disparate types of information are being acquired from the same subject comprises:
    - generating an image of the subject as the disparate types of information are being acquired; and
      
      incorporating information regarding the image as part of the biometric information that is incorporated into the cryptographic identifier.
  - 14. The method of claim 12 wherein verifying that the disparate types of information are being acquired from the same subject comprises:
    - having a trusted individual witness the biometric information being acquired from the subject; and
      
      incorporating information regarding the witnessing as part of the biometric information that is incorporated into the cryptographic identifier.

15. A method of providing verifiable identification credentials, the method comprising:
- (1) at a credential generation station, (1a) acquiring biometric information from a subject;
  
  (1b) incorporating the biometric information into a message;
  
  (1c) cryptographically processing the message to generate a cryptographic identifier, the cryptographic identifier serving to authenticate the message that includes the biometric information; and
  
  (1d) storing the message and the cryptographic identifier on a portable unit that is provided to the subject; and
  
  (2) in response to a request in the field to verify the identification of a subject, (2a) retrieving the stored message and cryptographic identifier nominally corresponding to the subject;
  
  (2b) using the cryptographic identifier to authenticate the stored message that includes the biometric information;
  
  (2c) acquiring biometric information from the subject in the field; and
  
  (2d) verifying the identification of the subject only if the stored message is authenticated and the biometric information in the message bears a proximity relationship to the biometric information acquired in the field.

16. A method, carried out at a credential generation station, of providing verifiable identification credentials, the method comprising:
- acquiring biometric information from a subject;
  
  incorporating the biometric information into a message;
  
  cryptographically processing the message to generate a cryptographic identifier, the cryptographic identifier serving to authenticate the message that includes the biometric information; and
  
  storing the message and the cryptographic identifier for subsequent retrieval.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16 wherein:
    - the message and the cryptographic identifier are stored in machine-readable form; and
      
      at least a portion of the biometric information is stored in human readable form.
  - 18. The method of claim 17 wherein:
    - the biometric information includes an image of the subject'"'"'s face; and
      
      a visual representation of the image is provided with the stored biometric information and the cryptographic identifier.

19. A method of verifying the identification of a subject, the method comprising:
- processing a cryptographic identifier and a message that includes previously acquired biometric information, the cryptographic identifier and the message nominally corresponding to the subject;
  
  determining from the processing whether the cryptographic identifier authenticates the message that includes biometric information;
  
  acquiring biometric information from the subject in the field; and
  
  verifying the identification of the subject only if the message is successfully authenticated and the biometric information acquired in the field satisfies a proximity relationship to the biometric information from the message.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19 wherein:
    - the previously acquired biometric information includes an image of the subject'"'"'s face;
      
      acquiring the biometric information in the field includes a human user visually inspecting the subject'"'"'s face; and
      
      the proximity relationship is evaluated by the human user comparing the subject'"'"'s face with the stored image of the subject'"'"'s face.
  - 21. The method of claim 19 wherein:
    - acquiring the biometric information in the field includes generating an electronic version of the acquired biometric information; and
      
      the proximity relationship is evaluated by a computer system comparing the electronic version of the biometric information with the stored biometric information.

22. A processor-based credential generation apparatus comprising:
- a biometric module for acquiring biometric information from a subject;
  
  a cryptographic module for generating a cryptographic identifier for a message that includes said biometric information from said biometric module; and
  
  an output module that transmits said message and cryptographic identifier for storage.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The credential generating apparatus of claim 22, and further comprising an encoder in communication with said output module for encoding said message and said cryptographic identifier in a portable unit that is provided to the subject.
  - 24. The credential generating apparatus of claim 23 wherein said encoder is at a location proximate said biometric module to allow the subject to obtain said portable unit without substantial delay.
  - 25. The credential generating apparatus of claim 23 wherein said encoder is at a location remote from said biometric module so that said portable unit cannot be provided to the subject without substantial delay.
  - 26. The credential generating apparatus of claim 22, and further comprising a network interface that allows said output module to transmit said message and cryptographic identifier over a network to a storage device located on said network.
  - 27. The credential generating apparatus of claim 22, and further comprising:
    - an encoder in communication with said output module for encoding said message and said cryptographic identifier in a portable unit that is provided to the subject; and
      
      a network interface that allows said output module to transmit said message and cryptographic identifier over a network to a storage device located on said network.

28. A processor-based credential verification apparatus comprising:
- a biometric module for acquiring biometric information from a presented subject;
  
  an access module that receives a previously stored message having an associated cryptographic identifier, said previously stored message including biometric information previously acquired from a subject nominally corresponding to the presented subject;
  
  a cryptographic module for verifying said cryptographic identifier to authenticate said previously stored message; and
  
  a matching module for determining whether said biometric information from the presented subject bears a proximity relationship to the biometric information included in said message; and
  
  an output module that signifies a successful identity verification only if (a) said cryptographic module successfully verifies said cryptographic identifier, and (b) said matching module determines that said biometric information from the presented subject bears said proximity relationship to the biometric information in said message.

29. A distributed credential generation and verification system comprising:
- a credential generation station (CGS) including a CGS biometric module for acquiring biometric information from a subject seeking identification credentials, and an encoder for encoding a message containing said biometric information acquired by said CGS biometric module and a cryptographic identifier in a portable unit that is provided to the subject seeking identification credentials;
  
  a credential verification station (CVS) including a CVS biometric module for acquiring biometric information from a subject presenting identification credentials;
  
  at least one instance of a cryptographic identifier generation module for generating a cryptographic identifier for a message that includes said biometric information from said CGS biometric module;
  
  at least one instance of a cryptographic verification module for authenticating said message; and
  
  at least one instance of a matching module for determining whether said biometric information from the said CVS biometric module bears a proximity relationship to the biometric information included in said message.
- View Dependent Claims (30, 31, 32, 33)
- - 30. The distributed credential generation and verification system of claim 29 wherein:
    - an instance of said cryptographic identifier generation module is present in each of a plurality of CGSs;
      
      an instance of said cryptographic verification module is present in each of a plurality of CVSs; and
      
      an instance of said matching module is present in said CVS.
  - 31. The distributed credential generation and verification system of claim 29 wherein:
    - an instance of said cryptographic identifier generation module is absent from said CGS; and
      
      the system further comprises a credentialing infrastructure system (CIS) that includes an instance of said cryptographic identifier generation module.
  - 32. The distributed credential generation and verification system of claim 29 wherein:
    - an instance of said cryptographic verification module is absent from said CVS; and
      
      the system further comprises a credentialing infrastructure system (CIS) that includes an instance of said cryptographic verification module.
  - 33. The distributed credential generation and verification system of claim 29 wherein:
    - an instance of said matching module is absent from said CVS; and
      
      the system further comprises a credentialing infrastructure system (CIS) that includes an instance of said matching module.

34. A distributed credential generation and verification system comprising:
- a plurality of credential generation station (CGSs), each CGS including a CGS biometric module for acquiring biometric information from a subject seeking identification credentials, and a plurality of credential verification stations (CVSs), each CVS including a CVS biometric module for acquiring biometric information from a subject presenting identification credentials;
  
  at least one instance of a cryptographic identifier generation module for generating a cryptographic identifier for a message that includes biometric information from a biometric module of one of said plurality of CGSs;
  
  at least one instance of an encoding module for encoding, in a portable unit that is provided to the subject seeking identification credentials, a message containing biometric information acquired by a biometric module of one of said plurality of CGSs and a cryptographic identifier generated by one of said instances of a cryptographic identifier generation module;
  
  at least one instance of a cryptographic verification module for authenticating said message; and
  
  at least one instance of a matching module for determining whether biometric information from a biometric module of one of said plurality of CVSs bears a proximity relationship to the biometric information included in said message.
- View Dependent Claims (35, 36, 37, 38, 39)
- - 35. The distributed credential generation and verification system of claim 34 wherein:
    - an instance of said cryptographic identifier generation module is present in each of a plurality of CGSs;
      
      an instance of said cryptographic verification module is present in each of a plurality of CVSs; and
      
      an instance of said matching module is present in said CVS.
  - 36. The distributed credential generation and verification system of claim 34 wherein:
    - an instance of said cryptographic identifier generation module is absent from at least one CGS; and
      
      the system further comprises a credentialing infrastructure system (CIS) that includes an instance of said cryptographic identifier generation module.
  - 37. The distributed credential generation and verification system of claim 34 wherein:
    - an instance of said cryptographic verification module is absent from at least one CVS; and
      
      the system further comprises a credentialing infrastructure system (CIS) that includes an instance of said cryptographic verification module.
  - 38. The distributed credential generation and verification system of claim 34 wherein:
    - an instance of said matching module is absent from at least one CVS; and
      
      the system further comprises a credentialing infrastructure system (CIS) that includes an instance of said matching module.
  - 39. The distributed credential generation and verification system of claim 34 wherein:
    - an instance of said encoding module is absent from at least one CGS; and
      
      the system further comprises a credentialing infrastructure system (CIS) that includes an instance of said encoding module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Neopost Incorporated
Original Assignee
Neopost Incorporated
Inventors
Leon, J.P.

Application Number

US10/455,989
Publication Number

US 20040249765A1
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/382   insuring higher security of...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G07F 7/1008   Active credit-cards provide...

Use of a kiosk to provide verifiable identification using cryptographic identifiers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Use of a kiosk to provide verifiable identification using cryptographic identifiers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links