Secure biometric authentication system

US 20070061590A1
Filed: 09/13/2005
Published: 03/15/2007
Est. Priority Date: 09/13/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of authenticating the identity of a user via biometric analysis, the method comprising:

a. querying the user for an identifier associated with the user;

b. selecting at least one biometric template associated with the identifier, the identifier and biometric template stored in a first computer server;

c. selecting biometric data stored in a second computer server associated with the biometric template, the second computer server storing the biometric data but not the identifier or the biometric template;

d. collecting a biometric sample from the user;

e. comparing the biometric sample with the biometric data and verifying that the biometric sample and the biometric data match; and

f. generating an authentication report if the biometric sample matches the biometric data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authentication a user'"'"'s identity via biometrics is disclosed. The system includes client software, an authentication server, and an independent biometric services server. Data associated with the biometric samples provided by a user are stored in the biometric services server and the user is assigned a unique identifier. The authentication server stores biometric templates consisting of information regarding the biometric samples and type of samples, e.g. voice, retina scans, fingerprints, DNA, etc. The authentication server also stores at least one pointer to the biometrics services server providing a link between the biometric samples stored in the biometric services server and the user'"'"'s biometric template(s). Identity authentication is accomplished by a series of steps including querying the user for an identifier and analyzing a biometric sample provided by the user with the biometric samples stored in the biometric services server. Once the user has been authenticated, a service provider can then securely provide services to and exchange information with the user. A system and method for enrolling a user into the biometric authentication system is also disclosed.

Citations

34 Claims

1. A method of authenticating the identity of a user via biometric analysis, the method comprising:
- a. querying the user for an identifier associated with the user;
  
  b. selecting at least one biometric template associated with the identifier, the identifier and biometric template stored in a first computer server;
  
  c. selecting biometric data stored in a second computer server associated with the biometric template, the second computer server storing the biometric data but not the identifier or the biometric template;
  
  d. collecting a biometric sample from the user;
  
  e. comparing the biometric sample with the biometric data and verifying that the biometric sample and the biometric data match; and
  
  f. generating an authentication report if the biometric sample matches the biometric data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the biometric sample is a voice sample.
  - 3. The method of claim 2 wherein the voice sample is collected by the second computer server after initiating a telephone call to the user.
  - 4. The method of claim 1 wherein at least two biometric templates stored in the first computer server are selected for analysis and biometric samples are collected from the user and compared with the biometric data associated with the selected biometric templates to verify that the biometric samples and biometric data match.
  - 5. The method of claim 4 wherein the biometric samples collected from the user are comprised of at least two different biometric data types.
  - 6. The method of claim 1 further including the steps of comparing the biometric sample provided by the user with selected biometric data and generating an authentication rejection report if there is a match between the biometric sample and the selected biometric data.
  - 7. The method of claim 1 further including the step of generating an authentication confidence report associated with the authentication report, the authentication confidence report chosen from a menu of two or more different levels of authentication confidence reports based on predetermined criteria.
  - 8. The method of claim 7 further including the steps of collecting a second biometric sample from the user, comparing the second biometric sample with the biometric data, and verifying whether there is a match between the second biometric sample and the biometric data upon the occurrence of a selected authentication confidence report before generating an authentication report.

9. A method of authenticating the identity of a user via biometric analysis, the method comprising:
- a. querying the user for an identifier associated with the user;
  
  b. generating a challenge code;
  
  c. communicating to the user the challenge code;
  
  d. selecting at least one biometric template associated with the identifier, the identifier and biometric template stored in a first computer server;
  
  e. selecting biometric data stored in a second computer server associated with the biometric template, the second computer server storing the biometric data but not the identifier or biometric template;
  
  f. initiating communication with the user and querying the user for the challenge code;
  
  g. collecting a biometric sample from the user, if the challenge code is received;
  
  h. comparing the biometric sample with the biometric data and verifying that the biometric sample and the biometric data match; and
  
  i. generating a positive authentication report if the biometric sample matches the biometric data.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9 further including the steps of generating a response code associated with the challenge code, querying the user for the response code, providing the user with the response code if a positive authentication report is generated, and providing the user access to a service provider upon collection of the response code.
  - 11. The method claim 9 further including the step of verifying that the user is registered before collecting the biometric sample from the user.
  - 12. The method of claim 9 further including the step of collecting a second biometric sample from the user before generating the authentication report upon the occurrence of a predetermined condition.

13. A method of authenticating via biometric analysis the identity of a user of a service provider application on a computer network to provide the user access to services provided by a service provider, the method comprising:
- a. receiving a request for access to services;
  
  b. querying the user for a first identifier associated with the user provided by the service provider and selecting a second identifier associated with the first identifier, the second identifier stored in a client in communication with the service provider application;
  
  c. selecting at least one biometric template associated with the second identifier, the biometric template stored in a first computer server in communication with the client;
  
  d. selecting biometric data associated with the biometric template stored in a second computer server, the second computer server in communication with the first computer server and storing the biometric data but not the identifier or biometric template;
  
  e. collecting a biometric sample from the user;
  
  f. comparing the biometric sample with the biometric data and verifying that the biometric sample and the biometric data match;
  
  g. generating a positive authentication report if the biometric sample matches the biometric data; and
  
  h. providing the user access to the service provider if a positive authentication report is generated.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13 further including the steps of making a record of the request for access associated with the user and providing the user an interface through which the user can access the record of the request for access.
  - 15. The method of claim 13 wherein the step of selecting the biometric template further includes querying the service provider application for the type of biometric data to be used for the biometric analysis and selecting a biometric template associated with the second identifier of a biometric data type corresponding to the type of biometric data provided by the service provider application.

16. An apparatus for authenticating via biometric analysis the identity of a user on a computer network, the apparatus comprising:
- (a) a client for receiving a request for identity authentication from a user, the client in communication with a first computer server;
  
  (b) the first computer server storing a unique identifier associated with the user and at least biometric template associated with the identifier, the first computer server in communication with a second computer server;
  
  (c) the second computer server storing biometric data associated with the biometric template, but not storing identifiers or biometric templates, wherein the second computer server is adapted to collect a biometric sample from the user, compare the biometric sample with the biometric data, verify that the biometric sample and the biometric data match, and generate a positive authentication report if the biometric sample and the biometric data match; and
  
  (d) a means for communicating the authentication report.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The apparatus of claim 16 further including a user interface in communication with the first computer server, the user interface adapted to allow the user to select the type of biometric sample collected from the user during identity authentication request operation.
  - 18. The apparatus of claim 16 further including a user interface in communication with the first computer server, the user interface adapted to allow the user to select the number of biometric samples collected from the user during identity authentication request operation.
  - 19. The apparatus of claim 16 further including a user interface, in communication with the first computer server, adapted to require the user to submit a biometric specimen upon the occurrence of a predetermined condition, wherein the biometric specimen is collected by the second computer server and biometric data associated with the biometric specimen is generated by the second computer server and stored in the second computer server and associated with the identifier associated with the user.
  - 20. The apparatus of claim 16 wherein the client includes a means for linking a plurality of service providers to the client so that the user may initiate a request for identity authentication directly from a website provided by any of the plurality of service providers.
  - 21. The apparatus of claim 20 wherein:
    - (a) the client is adapted to generate a response code and communicates the response code to the second computer server, which generates a challenge code associated with the response code, the client further adapted to communicate the challenge code to the user and query the user for the response code and upon successful communication of the response code, the client provides the user access to the service provider; and
      
      (b) the second computer server is adapted to collect the biometric sample from the user only after receipt of the challenge code from the user and is further adapted to communicate the response code to the user after verifying that the biometric sample collected from the user and the biometric data match.
  - 22. The apparatus of claim 20 wherein the first computer server is adapted to store personal information associated with the user and communicate selected portions of the personal information to at least one of the linked service providers.

23. A method of enrolling a user in a biometric identity authentication system, the method comprising:
- (a) receiving a request for enrollment from the user;
  
  (b) querying the user for selected personal information including the user'"'"'s identity and storing the personal information in a first computer server;
  
  (c) analyzing the personal information;
  
  (d) generating and assigning a unique identifier associated with the user, the identifier stored in the first computer server;
  
  (e) generating a biometric template associated with the identifier and storing it in the first computer server;
  
  (f) receiving a request to submit at least one biometric specimen from the user and collecting one or more biometric specimens of a predetermined type from the user, collection performed by a second computer server;
  
  (g) generating biometric data associated with the biometric specimens and storing the biometric data in the second computer server; and
  
  (h) associating the biometric template with the biometric data.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The method of claim 23 further including the steps of:
    - (a) generating a session code and storing it in the second computer server;
      
      (b) communicating the session code to the user; and
      
      (c) after receiving a request to submit biometric specimens from the user, querying the user for the session code and comparing the session code collected from the user with the session code stored in the second computer server before collecting one or more biometric specimens from the user.
  - 25. The method of claim 23 wherein at least two biometric specimens of different biometric data types are collected from the user by the second computer server.
  - 26. The method of claim 23 wherein the biometric specimen is a voice specimen.
  - 27. The method of claim 26 wherein the voice specimen is collected by the second computer server after receiving a telephone call from the user.
  - 28. The method of claim 23 wherein at least two biometric specimens of the same biometric data type are collected from the user by the second computer server.
  - 29. The method of claim 23 further comprising the steps of comparing the biometric specimen provided by the user against selected biometric data and generating an enrollment rejection report if there is a match between the biometric specimen and the selected biometric data.
  - 30. The method of claim 23 wherein at least some of the personal information collected from the user is received in a face-to-face transaction by a person and further including the step of verifying that the identity of the user presenting the personal information matches the identity claimed during enrollment step 23(b).
  - 31. The method of claim 23 further including the step of assigning an identity verification certification associated with the user from a menu of at least two identity verification certifications corresponding to predetermined criteria.
  - 32. The method of claim 23 further including the step of collecting additional biometric specimens from the user upon the occurrence of a predetermined condition.

33. An apparatus for enrolling a user in a biometric identity authentication system, the apparatus comprising:
- (a) a first computer server adapted to accept personal information provided by a user wishing to be enrolled biometrically and to analyze that information and generate and store a unique identifier and biometric template associated with the user;
  
  (b) a second computer server in communication with the first computer server, the second computer server adapted to collect a biometric specimen of a pre-determined type from the user, generate biometric data associated with the biometric specimen, and store the biometric data in the second computer server, the second computer server further adapted to generate an enrollment report and communicate it to the first computer server, which associates the biometric template stored in the first computer server and the biometric data stored in the second computer server; and
  
  (c) a means for communication between the user and the second computer server through which the second computer server collects the biometric specimen from the user.
- View Dependent Claims (34)
- - 34. The apparatus of claim 33 wherein the communication means is a telephone call and the biometric specimen collected by the second computer server is a voice sample.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dag Boye, David Wise
Original Assignee
Dag Boye, David Wise
Inventors
Boye, Dag, Wise, David

Application Number

US11/225,276
Publication Number

US 20070061590A1
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/32   using biometric data, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

Secure biometric authentication system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Secure biometric authentication system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links