Secure biometric authentication system
First Claim
1. A method of authenticating the identity of a user via biometric analysis, the method comprising:
- a. querying the user for an identifier associated with the user;
b. selecting at least one biometric template associated with the identifier, the identifier and biometric template stored in a first computer server;
c. selecting biometric data stored in a second computer server associated with the biometric template, the second computer server storing the biometric data but not the identifier or the biometric template;
d. collecting a biometric sample from the user;
e. comparing the biometric sample with the biometric data and verifying that the biometric sample and the biometric data match; and
f. generating an authentication report if the biometric sample matches the biometric data.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authentication a user'"'"'s identity via biometrics is disclosed. The system includes client software, an authentication server, and an independent biometric services server. Data associated with the biometric samples provided by a user are stored in the biometric services server and the user is assigned a unique identifier. The authentication server stores biometric templates consisting of information regarding the biometric samples and type of samples, e.g. voice, retina scans, fingerprints, DNA, etc. The authentication server also stores at least one pointer to the biometrics services server providing a link between the biometric samples stored in the biometric services server and the user'"'"'s biometric template(s). Identity authentication is accomplished by a series of steps including querying the user for an identifier and analyzing a biometric sample provided by the user with the biometric samples stored in the biometric services server. Once the user has been authenticated, a service provider can then securely provide services to and exchange information with the user. A system and method for enrolling a user into the biometric authentication system is also disclosed.
-
Citations
34 Claims
-
1. A method of authenticating the identity of a user via biometric analysis, the method comprising:
-
a. querying the user for an identifier associated with the user;
b. selecting at least one biometric template associated with the identifier, the identifier and biometric template stored in a first computer server;
c. selecting biometric data stored in a second computer server associated with the biometric template, the second computer server storing the biometric data but not the identifier or the biometric template;
d. collecting a biometric sample from the user;
e. comparing the biometric sample with the biometric data and verifying that the biometric sample and the biometric data match; and
f. generating an authentication report if the biometric sample matches the biometric data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of authenticating the identity of a user via biometric analysis, the method comprising:
-
a. querying the user for an identifier associated with the user;
b. generating a challenge code;
c. communicating to the user the challenge code;
d. selecting at least one biometric template associated with the identifier, the identifier and biometric template stored in a first computer server;
e. selecting biometric data stored in a second computer server associated with the biometric template, the second computer server storing the biometric data but not the identifier or biometric template;
f. initiating communication with the user and querying the user for the challenge code;
g. collecting a biometric sample from the user, if the challenge code is received;
h. comparing the biometric sample with the biometric data and verifying that the biometric sample and the biometric data match; and
i. generating a positive authentication report if the biometric sample matches the biometric data. - View Dependent Claims (10, 11, 12)
-
-
13. A method of authenticating via biometric analysis the identity of a user of a service provider application on a computer network to provide the user access to services provided by a service provider, the method comprising:
-
a. receiving a request for access to services;
b. querying the user for a first identifier associated with the user provided by the service provider and selecting a second identifier associated with the first identifier, the second identifier stored in a client in communication with the service provider application;
c. selecting at least one biometric template associated with the second identifier, the biometric template stored in a first computer server in communication with the client;
d. selecting biometric data associated with the biometric template stored in a second computer server, the second computer server in communication with the first computer server and storing the biometric data but not the identifier or biometric template;
e. collecting a biometric sample from the user;
f. comparing the biometric sample with the biometric data and verifying that the biometric sample and the biometric data match;
g. generating a positive authentication report if the biometric sample matches the biometric data; and
h. providing the user access to the service provider if a positive authentication report is generated. - View Dependent Claims (14, 15)
-
-
16. An apparatus for authenticating via biometric analysis the identity of a user on a computer network, the apparatus comprising:
-
(a) a client for receiving a request for identity authentication from a user, the client in communication with a first computer server;
(b) the first computer server storing a unique identifier associated with the user and at least biometric template associated with the identifier, the first computer server in communication with a second computer server;
(c) the second computer server storing biometric data associated with the biometric template, but not storing identifiers or biometric templates, wherein the second computer server is adapted to collect a biometric sample from the user, compare the biometric sample with the biometric data, verify that the biometric sample and the biometric data match, and generate a positive authentication report if the biometric sample and the biometric data match; and
(d) a means for communicating the authentication report. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A method of enrolling a user in a biometric identity authentication system, the method comprising:
-
(a) receiving a request for enrollment from the user;
(b) querying the user for selected personal information including the user'"'"'s identity and storing the personal information in a first computer server;
(c) analyzing the personal information;
(d) generating and assigning a unique identifier associated with the user, the identifier stored in the first computer server;
(e) generating a biometric template associated with the identifier and storing it in the first computer server;
(f) receiving a request to submit at least one biometric specimen from the user and collecting one or more biometric specimens of a predetermined type from the user, collection performed by a second computer server;
(g) generating biometric data associated with the biometric specimens and storing the biometric data in the second computer server; and
(h) associating the biometric template with the biometric data. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. An apparatus for enrolling a user in a biometric identity authentication system, the apparatus comprising:
-
(a) a first computer server adapted to accept personal information provided by a user wishing to be enrolled biometrically and to analyze that information and generate and store a unique identifier and biometric template associated with the user;
(b) a second computer server in communication with the first computer server, the second computer server adapted to collect a biometric specimen of a pre-determined type from the user, generate biometric data associated with the biometric specimen, and store the biometric data in the second computer server, the second computer server further adapted to generate an enrollment report and communicate it to the first computer server, which associates the biometric template stored in the first computer server and the biometric data stored in the second computer server; and
(c) a means for communication between the user and the second computer server through which the second computer server collects the biometric specimen from the user. - View Dependent Claims (34)
-
Specification