System and method for user identification and authentication

US 20070192601A1
Filed: 08/03/2006
Published: 08/16/2007
Est. Priority Date: 08/03/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for authenticating a user comprising:

obtaining an indication of a biometric parameter using a secured computing device from a user, wherein the indication provides information on the identity of the user;

verifying that the obtained indication of the biometric parameter substantially matches the stored indication of the biometric parameter;

obtaining a first password from the user;

verifying that the first password matches a stored second password;

communicating the identity of the user to a remote host and requesting a salt value;

receiving from the remote host said salt value and a remote host challenge value;

calculating a device challenge value;

calculating a hash using the salt value and first password;

encrypting the remote host challenge value and the device challenge value using the hash;

receiving an unencrypted device challenge value from the remote host;

verifying that the received unencrypted device challenge value is identical to the calculated device challenge value; and

generating a session master secret;

encrypting the session master secret; and

communicating the session master secret to the remote host.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user identification and authentication device provides a secure computing platform and a secure computing path for communication with a secure remote host. The device is coupled to an unsecure PC but provides for secure verification of a user'"'"'s identity and authorization in participating in a transaction.

127 Citations

View as Search Results

19 Claims

1. A method for authenticating a user comprising:
- obtaining an indication of a biometric parameter using a secured computing device from a user, wherein the indication provides information on the identity of the user;
  
  verifying that the obtained indication of the biometric parameter substantially matches the stored indication of the biometric parameter;
  
  obtaining a first password from the user;
  
  verifying that the first password matches a stored second password;
  
  communicating the identity of the user to a remote host and requesting a salt value;
  
  receiving from the remote host said salt value and a remote host challenge value;
  
  calculating a device challenge value;
  
  calculating a hash using the salt value and first password;
  
  encrypting the remote host challenge value and the device challenge value using the hash;
  
  receiving an unencrypted device challenge value from the remote host;
  
  verifying that the received unencrypted device challenge value is identical to the calculated device challenge value; and
  
  generating a session master secret;
  
  encrypting the session master secret; and
  
  communicating the session master secret to the remote host.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising initiating the communication between the secured device and the remote host using an unsecured device, wherein the communication path between the secured device and the remote host passes through the unsecured device and wherein the communications are not shared with the unsecured device.
  - 3. The method of claim 1, further comprising storing transaction information on the secured computing device.
  - 4. The method of claim 1, further comprising:
    - retrieving a stored hash at the remote host;
      
      decrypting the remote host challenge value and the device challenge value using the retrieved stored hash;
      
      determining whether the host challenge value and the device challenge value are identical;
      
      transmitting the unencrypted device challenge value if the decrypted challenge value and device challenge value are identical.

5. A method of providing authenticated and secure electronic communications over an unsecured electronic communication path comprising:
- providing a secured device comprising at least a biometric sensor, a user input, and a display; and
  
  wherein the secured device is configured to communicate with a secure network server;
  
  requesting a secure communication value from the secure network server over an unsecured communication path;
  
  receiving at the secured device the secure communication value;
  
  displaying on the display a message;
  
  authenticating a user'"'"'s identity using the biometric sensor;
  
  encrypting a message using the secured device; and
  
  communicating the encrypted message over the unsecured communication path to the secured network server.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The method of claim 5, wherein authenticating a user'"'"'s identity further comprises authenticating a second user'"'"'s identity using the biometric sensor.
  - 7. The method of claim 5, wherein the secured device comprises connectable to an unsecured computing platform.
  - 8. The method of claim 7, wherein the unsecured computing platform provides the unsecured network communication path.
  - 9. The method of claim 8, wherein the authentication and encryption device communicates with the secure network sever through the unsecured computing platform without sharing useful information with the unsecured computing platform.
  - 10. The method of claim 5, wherein the biometric sensor comprises a finger or thumb print reader.
  - 11. The method of claim 5, wherein the user input comprises a keypad.
  - 12. The method of claim 5, further comprising calculating an authentication device challenge value and using a salt value to calculate a hash of the salt and receiving a user password entered via the input device to create an encryption key, and encrypting one or more challenge values using said encryption key, wherein said salt value is received from a remote host after said processor has verified said user using data from said biometric sensor

13. A device for providing secure communication through an unsecured system comprising:
- a processor configured to calculate an authentication device challenge value and use a salt value to calculate a hash of the salt and a user password entered via the input device to create an encryption key, said processor further configured to encrypt one or more challenge values using said encryption key, wherein said salt value is received from a remote host after said processor has verified said user using data from said biometric sensor;
  
  a display in communication with the processor;
  
  a biometric sensor in communication with the processor configured to obtain biometric information useful in identifying an individual;
  
  an input device in communication with the processor; and
  
  a computer interface configured to provide a communication path between an unsecured computing platform and the processor;
  
  wherein the processor is further configured to communicate with a remote host through the unsecured computing platform, wherein the encryption key is not shared with the unsecured computing platform.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The authentication device of claim 13, further comprising a non-volatile memory, wherein said processor is further configured to store an audit file in said non-volatile memory.
  - 15. The authentication device of claim 13, wherein said input device comprises a keypad.
  - 16. The authentication device of claim 13, wherein said computer interface comprises a USB interface.
  - 17. The authentication device of claim 13, further comprising an internal power source, wherein said processor is configured to delete selected security data when said computer interface is disconnected from a computer.

18. A system for authenticating a transaction comprising:
- an unsecured device configured to initiate a transaction with a secured remote host;
  
  a secure device connectable to the unsecured device and configured to verify a user'"'"'s identity by obtaining a biometric indication;
  
  wherein the secure device is further configured to send and receive encrypted communications with the remote host; and
  
  wherein the encrypted communications pass through the unsecured device without being unencrypted by the unsecured device.
- View Dependent Claims (19)
- - 19. The system of claim 18, where the biometric indication is an indication of finger prints.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
John Spain, Martin Bushman, Richard Lee, Scott Volmar
Original Assignee
John Spain, Martin Bushman, Richard Lee, Scott Volmar
Inventors
Lee, Richard, Spain, John, Bushman, Martin, Volmar, Scott.

Application Number

US11/462,258
Publication Number

US 20070192601A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

G06F 21/42   using separate channels for...

G06F 2221/2103   Challenge-response

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/0869   for achieving mutual authen...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3273   for mutual authentication n...

System and method for user identification and authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

127 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for user identification and authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links