Multiple factor-based user identification and authentication
First Claim
1. A method of authenticating the identity of a user to determine access to a system, comprising:
- providing a plurality of factor-based data instances corresponding to a user;
evaluating the factor-based data instances to determine if the user'"'"'s identity is authenticated;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating the identity of a user to determine access to a system includes providing a plurality of factor-based data instances corresponding to a user, evaluating the factor-based data instances to determine if the user'"'"'s identity is authenticated, and granting or restricting the user'"'"'s access to the system if the user'"'"'s identity is authenticated. More particularly, the method includes providing a modified data instance based on a second data instance, generating a key based on a first data instance, applying the key to the a modified data instance to generate a recovered data instance, interrogating the recovered data instance against the second data instance to generate an authentication value as a result of a correspondence evaluation, and granting or restricting the user'"'"'s access to the system based at least in part on the validity of the authentication value.
-
Citations
20 Claims
-
1. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a plurality of factor-based data instances corresponding to a user;
evaluating the factor-based data instances to determine if the user'"'"'s identity is authenticated;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a plurality of factor-based data instances corresponding to a user, including at least one modified data instance based on a second data instance of the plurality of factor-based data instances;
generating a key based on a first data instance of the plurality of factor-based data instances;
applying the key to the at least one modified data instance to generate a recovered data instance;
interrogating the recovered data instance against the second data instance to generate an authentication value as a result of a correspondence evaluation;
restricting the user'"'"'s access to the system based at least in part on an invalid authentication value; and
granting the users access to the system based at least in part on a valid authentication value. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a token having a possession-based data instance corresponding to the token, an encrypted biometric reference-based data instance corresponding td the user, and an encrypted identifying data instance corresponding to at least one of the token and the user;
providing a knowledge-based data instance corresponding to the user;
applying a predetermined algorithm to the knowledge-based data instance to generate a knowledge factor value;
providing the knowledge factor value to the token;
using the knowledge factor value to decrypt the encrypted identifying data instance;
comparing the decrypted identifying data instance to the possession-based data instance;
providing a possession factor value based on the decrypted identifying data instance only if the decrypted identifying data instance corresponds to the possession-based data instance;
using the knowledge factor value to decrypt the encrypted biometric reference-based data instance;
providing a biometric sample-based data instance corresponding to the user;
comparing the decrypted biometric reference-based data instance to the biometric sample-based data instance;
providing a biometrics factor value to the token based on the biometric reference-based data instance only if the decrypted biometric reference-based data instance corresponds to the biometric sample-based data instance;
binding the possession factor value, the knowledge factor value, and the biometrics factor value;
generating a key based on the bound possession factor value, knowledge factor value, and biometrics factor value; and
granting system access to the user based on validity of the key;
wherein the key is valid only if each of the possession factor value, the knowledge factor value, and the biometrics factor value is valid. - View Dependent Claims (14, 15, 16)
-
-
17. An arrangement for controlling access to a system by a user, comprising:
-
an input device that enters a knowledge-based data instance;
a memory device storing a predetermined algorithm;
a processor that applies the algorithm to the knowledge-based data instance to generate a knowledge factor value;
a biometric sampling device that provides a biometric sample-based data instance corresponding to the user;
a biometric comparator that compares a decrypted biometric reference-based data instance to the biometric sample-based data instance to generate a biometric comparison result; and
a token;
wherein the token includes a possession-based data instance corresponding to the token, an encrypted identifying data instance corresponding to at least one of the user and the token, a first decrypt engine that decrypts the encrypted identifying data instance using the knowledge factor value to provide a decrypted identifying data instance, a token comparator that compares the possession-based data instance to the decrypted identifying data instance to provide a possession factor value if the comparison is favorable, an encrypted biometric reference-based data instance corresponding to the user, a second decrypt engine that decrypts the encrypted biometric reference-based data instance using the knowledge factor value to provide the decrypted biometric reference-based data instance to the biometric comparator, a first hash engine that performs a hash function on the decrypted biometric reference-based data instance if the biometric comparison result is favorable, to generate a biometrics factor value, a binder that binds the possession factor value, the knowledge factor value, and the biometrics factor value, and a second hash engine that performs a hash function on the bound factor values to generate a key;
wherein system access is granted to the user based on validity of the key; and
wherein the key is valid only if each of the possession factor value, the knowledge factor value, and the biometrics factor value is valid. - View Dependent Claims (18, 19, 20)
-
Specification