Method and system for secure transmission of biometric data

US 20060112280A1
Filed: 11/17/2005
Published: 05/25/2006
Est. Priority Date: 11/19/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for preparing a biometric identifier template for transmission over a network, the method comprising:

extracting a biometric template from a biometric sample image of a biometric identifier;

receiving a current time response from a trusted time server;

forming a transport unit (TU) by appending the current time response as a time stamp to biometric template; and

transmitting the TU over the network to a biometric template matching server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide methods and systems for securely transmitting a biometric identifier template across a network using a transport unit formed by appending a trusted time-stamp to the biometric template, and for authenticating such templates based on the time stamp. The method is applicable to fingerprint and other biometric identifier based identification and authentication systems.

Citations

36 Claims

1. A method for preparing a biometric identifier template for transmission over a network, the method comprising:
- extracting a biometric template from a biometric sample image of a biometric identifier;
  
  receiving a current time response from a trusted time server;
  
  forming a transport unit (TU) by appending the current time response as a time stamp to biometric template; and
  
  transmitting the TU over the network to a biometric template matching server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the biometric sample comprises a live biometric sample.
  - 3. The method of claim 1, wherein the biometric identifier comprises a fingerprint.
  - 4. The method of claim 1 comprising sending to the trusted time server a request to receive the current time.
  - 5. The method of claim 4 wherein sending the request to the trusted time server comprises sending the request to the trusted time server via a relay agent on the network.
  - 6. The method of claim 4 wherein if the trusted time server does not respond within a preset timeout period, sending the request sequentially to one or more additional trusted time servers until a response is received within the preset timeout period or canceling transmitting the TU if none of the trusted time servers respond within the preset timeout period.
  - 7. The method of claim 1 wherein receiving a current time response from a trusted time server comprises receiving the current time response from a network time protocol (NTP) time source.
  - 8. The method of claim 1 comprising encrypting the TU prior to transmitting the TU over the network.
  - 9. The method of claim 8 wherein encrypting the TU comprises encrypting the TU with a symmetric key using an encryption method consistent with specifications of the Advanced Encryption Standard (AES).
  - 10. The method of claim 1 wherein forming the TU comprises appending to the biometric template a quality value for the biometric image.
  - 11. The method of claim 1 wherein forming the TU further comprises appending to the biometric template an indicator of the biometric imaging device type.
  - 12. The method of claim 1 wherein the network comprises one or more public networks and/or one or more private network.
  - 13. The method of claim 12 wherein the network comprises an Internet Protocol (IP) network.

14. A method for authenticating a biometric identifier template of a user on a network, the method comprising:
- receiving a Transport Unit (TU), the TU including a time stamp and a biometric template extracted from a biometric sample image of a biometric identifier;
  
  reading the time stamp from the TU;
  
  receiving a current time response from a trusted time server;
  
  comparing the elapsed time between the time stamp and the current time response to a threshold; and
  
  if the elapsed time is less than the threshold, accepting the biometric template.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The method of claim 14, wherein the biometric identifier comprises a fingerprint.
  - 16. The method of claim 14 comprising sending to the trusted time server a request to receive the current time.
  - 17. The method of claim 14 wherein receiving a current time response from a trusted time server comprises receiving the current time response from a network time protocol (NTP) time source.
  - 18. The method of claim 14 wherein sending the request to the trusted time server comprises sending the request to the trusted time server via a relay agent on the network.
  - 19. The method of claim 14 wherein if the trusted time server does not respond within a preset timeout period, sending the request sequentially to one or more additional trusted time servers until a response is received within the preset timeout period or rejecting the TU if none of the trusted time servers respond within the preset timeout period.
  - 20. The method of claim 14 comprising, rejecting the biometric template if the elapsed time exceeds the threshold.
  - 21. The method of claim 14 comprising decrypting the TU.
  - 22. The method of claim 14 further comprising, if the biometric template is accepted, processing the biometric template for identification.
  - 23. The method of claim 22 wherein processing the biometric template comprises:
    - comparing the biometric template from the TU to a set of reference biometric templates stored in a database; and
      
      if the accepted biometric template matches one of the reference biometric templates according to a configurable set of criteria, determining the identity of the user corresponding to the reference biometric template.
  - 24. The method of claim 14 further comprising, if the accepted biometric template is accepted:
    - Comparing the biometric template from the TU to a set of reference biometric templates stored in a database; and
      
      if the accepted biometric template matches one of the reference biometric templates according to a configurable set of criteria, transmitting an authorization code for the user from whom the biometric sample image was taken to an application server on the network.

25. A method for transmitting a biometric identifier template over a network, the method comprising the steps of:
- extracting a biometric template from a biometric sample image of a biometric identifier;
  
  sending a request for a first current time to a first trusted time server;
  
  receiving a first current time response from the first trusted time server;
  
  forming a transport unit (TU) by appending a time stamp of the first current time response to the biometric template;
  
  encrypting the TU;
  
  transmitting the TU over the network to a template matching server;
  
  receiving the TU at the template matching server;
  
  decrypting the TU;
  
  reading the time stamp from the TU;
  
  receiving a second current time response from the first trusted time server or a second trusted time server;
  
  comparing the elapsed time between the time stamp and the second current time response to a threshold; and
  
  if the elapsed time is less than the threshold, accepting the biometric template.
- View Dependent Claims (26)
- - 26. The method of claim 25 wherein the biometric identifier comprises a fingerprint.

27. A system for transmitting a biometric identifier template for transmission over a network, the system comprising:
- a biometric template matching server to receive a Transport Unit (TU), transmitted over the network from a client, the TU including a biometric template extracted from a biometric sample image of a biometric identifier of a user and a time stamp, to read the time stamp from the TU, to receive a current time response from a trusted time server, to compare the time elapsed between the time stamp and the current time response with a threshold, and, if the elapsed time is less than the threshold, to accept the biometric template for identification processing.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 28. The system of claim 27 further comprising a client device to extract the biometric template of the user, to receive a second time response from the trusted time server or from a second trusted time server accessible by the client device, to form the TU, and to transmit the TU over the network.
  - 29. The system of claim 28, wherein a second current time response comprises a current time received from the trusted time server substantially at the time of extraction of the biometric template of the user.
  - 30. The system of claim 28, wherein the template matching server is adapted to decrypt the TU and the client device is adapted to encrypt the TU.
  - 31. The system of claim 28 further comprising an imaging device connected to the client device to generate the biometric sample image.
  - 32. The system of claim 28, wherein the TU by further includes a quality value for the biometric image.
  - 33. The system of claim 28, wherein the TU further includes an indicator of the biometric imaging device type.
  - 34. The system of claim 27 wherein the biometric identifier is a fingerprint.
  - 35. The system of claim 27, wherein the biometric template matching server is further adapted to read the accepted biometric template;
    - to compare the accepted biometric template to a set of reference biometric templates stored in a database; and
      
      if the accepted biometric template matches a reference biometric template according to a configurable set of criteria, to determine the identity of the user corresponding to the reference biometric template.
  - 36. The system of claim 27, wherein the biometric template matching server is further adapted to read the accepted biometric template;
    - to compare the accepted biometric template to a set of reference biometric templates stored in a database; and
      
      if the accepted biometric template matches a reference biometric template according to a configurable set of criteria, to transmit an authorization code for the user from whom the biometric sample image was taken.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Triad Biometrics LLC
Original Assignee
Triad Biometrics LLC
Inventors
Coby, Scott Stanley Allan, Cohen, Mark Sherman, Chirputkar, Shailesh

Application Number

US11/280,220
Publication Number

US 20060112280A1
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/128   involving web programs, i.e...

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 2221/2117   User registration

G06V 10/95   structured as a network, e....

G06V 40/10   Human or animal bodies, e.g...

G07C 9/37   using biometric data, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0861   using biometrical features,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3297   involving time stamps, e.g....

Method and system for secure transmission of biometric data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure transmission of biometric data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links