METHOD AND SYSTEM FOR PROVIDING ONLINE AUTHENTICATION UTILIZING BIOMETRIC DATA

US 20070198435A1
Filed: 01/31/2007
Published: 08/23/2007
Est. Priority Date: 02/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method for providing user authentication services to an online service provider, the method comprising:

receiving biometric device identification information associated with a biometric device coupled to an online terminal;

receiving a biometric sample of a user taken by the biometric device;

retrieving at least one registered biometric sample associated with the biometric device identification information;

comparing the biometric sample with the at least one registered biometric sample;

upon a match with the at least one registered biometric sample, retrieving a user identifier associated with the matched registered biometric sample;

extracting a federated identity associated with the user identifier and the online service provider; and

transmitting the federated identity to the online service provider.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for securely authenticating a user for the purpose of accessing information such as private financial or personal information, in an online environment are disclosed. In addition, a system and method for allowing consumers to make secure payments from an electronic wallet with biometric authentication are disclosed.

Citations

37 Claims

1. A method for providing user authentication services to an online service provider, the method comprising:
- receiving biometric device identification information associated with a biometric device coupled to an online terminal;
  
  receiving a biometric sample of a user taken by the biometric device;
  
  retrieving at least one registered biometric sample associated with the biometric device identification information;
  
  comparing the biometric sample with the at least one registered biometric sample;
  
  upon a match with the at least one registered biometric sample, retrieving a user identifier associated with the matched registered biometric sample;
  
  extracting a federated identity associated with the user identifier and the online service provider; and
  
  transmitting the federated identity to the online service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the biometric device identification information and the biometric sample are received through a direct connection with the online terminal.
  - 3. The method of claim 2, further comprising:
    - receiving through the direct connection network identifying information relating to the online service provider; and
      
      utilizing the network identifying information to transmit the federated identity to the online service provider.
  - 4. The method of claim 2, further comprising:
    - receiving through the direct connection a session ID relating to an online communication session between the user and the online service provider; and
      
      transmitting the session ID to the online service provider in conjunction with transmitting the federated identity to the online service provider.
  - 5. The method of claim 1, further comprising:
    - receiving, from the online service provider, payment transaction details relating to an e-commerce purchase being conducted by the user at the online service provider;
      
      extracting electronic wallet information relating to the user identifier;
      
      transmitting at least a portion of the electronic wallet information and at least a portion of the payment transaction details to a payment processor; and
      
      transmitting an approval message to the online service provider indicating whether the payment processor has authorized the e-commerce purchase.
  - 6. The method of claim 5 wherein the payment transaction details include a purchase price and merchant account information.
  - 7. The method of claim 5 wherein the electronic wallet information includes a financial account associated with the user.
  - 8. The method of claim 5, further comprising:
    - generating a transaction identifier associated with the payment transaction details; and
      
      transmitting the transaction identifier to the online service provider as part of the approval message.
  - 9. The method of claim 5 wherein the approval message includes the federated identity.
  - 10. The method of claim 5, further comprising:
    - establishing a direct connection with the online terminal; and
      
      presenting at least a portion of the payment transaction details to the user through the direct connection with the online terminal for an approval by the user.
  - 11. The method of claim 10, further comprising:
    - presenting to the user at least one financial account in the electronic wallet information through the direct connection with the online terminal; and
      
      receiving a selection of the at least one financial account from the user through the direct connection.
  - 12. The method of claim 1 wherein transmitting the federated identity to the online service provider occurs via the online terminal.
  - 13. The method of claim 1 wherein the received biometric sample corresponds to one of a fingerprint scan of the user, an iris scan of the user, a voice scan of the user, a retinal scan of the user, a facial scan of the user and a hand architecture of the user.

14. A method for providing user authentication services to an online service provider, the method comprising:
- obtaining biometric device identification information from a biometric device;
  
  obtaining a biometric sample of a user from the biometric device;
  
  obtaining network identifying information from a web server of the online service provider;
  
  obtaining a session ID from a communication session between the user'"'"'s web browser and the web server of the online service provider;
  
  establishing a direct connection with an authentication provider service; and
  
  transmitting the biometric device identification information, biometric sample, network identifying information, and session ID to the authentication provider service, wherein upon an authentication by the authentication provider service, the user'"'"'s web browser gains online access to the user'"'"'s account at the online service provider.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14 wherein the obtained biometric sample, is a template generated by the biometric device based on a scan of a user biometric characteristic.
  - 16. The method of claim 14 wherein the obtained network identifying information is one of an IP address of the online service provider web server, a host name and a public certificate.
  - 17. The method of claim 14, further comprising:
    - receiving a federated identity associated with the user and the online service provider; and
      
      transmitting the federated identity to the online service provider.

18. A computer-readable carrier containing one or more programming instructions for performing a method for providing user authentication services to an online service provider, the method comprising:
- obtaining biometric device identification information from a biometric device;
  
  obtaining a biometric sample of a user from the biometric device;
  
  obtaining network identifying information from a web server of the online service provider;
  
  obtaining a session ID from a communication session between the user'"'"'web browser and the web server of the online service provider;
  
  establishing a direct connection with an authentication provider service; and
  
  transmitting the biometric device identification information, biometric sample, network identifying information, and session ID to the authentication provider service, wherein upon an authentication by the authentication provider service, the user'"'"'s web browser gains access to the user'"'"'s account at the online service provider.
- View Dependent Claims (19, 20)
- - 19. The computer readable carrier of claim 18 wherein the one or more programming instructions corresponds to one of an ActiveX control, a Java applet, a browser helper object and a browser plug-in.
  - 20. The computer-readable carrier of claim 18 wherein the method for providing user authentication services to an online service provider further comprises:
    - receiving a federated identity associated with the user and the online service provider; and
      
      transmitting the federated identity to the online service provider.

21. An online computer server for providing a service to online service providers for authenticating users, the server comprising:
- an identity management software component configured to receive biometric samples from online terminals and to transmit federated identifies to the online service providers;
  
  a biometric authentication server software component configured to receive biometric samples from the identity management software component and to compare the received biometric samples to registered biometric samples;
  
  a biometric directory configured to store the registered biometric samples in association with user identifiers and biometric device identification information; and
  
  a federated identity directory configured to store the federated identities in association with the user identifiers and the online service providers.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The server of claim 21 wherein the identity management software component is further configured to be capable of establishing a direct network connection with the online terminals.
  - 23. The server of claim 21 wherein the identity management software component is configured to transmit the federated identities to the online service providers via the online terminals.
  - 24. The server of claim 21, further comprising:
    - an electronic wallet server component configured to receive the user identifiers and to retrieve at least a portion of electronic wallets relating to the user identifiers;
      
      an electronic wallet database configured to store electronic wallets in association with the user identifiers; and
      
      a payment management software component configured to receive at least a portion of the electronic wallets from the electronic wallet server, to receive payment transaction details from the online service providers, to transmit at least a portion of the payment transaction details and a portion of the electronic wallets to a payment processor to authorize a payment transaction, and to transmit an approval message to the online service provider indicating whether the payment process has authorized the payment transaction.
  - 25. The server of claim 24 wherein the payment transaction details include a purchase price and merchant account information.
  - 26. The server of claim 24 wherein the payment management software component is further configured to:
    - generate transaction identifiers associated with the payment transaction details; and
      
      transmit the transaction identifiers to the online service providers as part of the approval message.
  - 27. The server of claim 24 wherein the approval message includes a federated identity.
  - 28. The server of claim 24 wherein the payment management software component is further configured to:
    - establish a direct connection with the online terminals; and
      
      present at least a portion of the payment transaction details to the users through the direct connection with the online terminals for an approval by the users.
  - 29. The server of claim 24 wherein the payment management software component is further configured to:
    - present to the users at least one financial account from the electronic wallets through the direct connection with the online terminals; and
      
      receive a selection of the at least one financial account from the users through the direct connection.

30. A method for enabling a user at an online terminal to conduct an e-commerce transaction through an online merchant for which a user does not have a merchant account, the method comprising:
- receiving from the online merchant payment transaction details relating to the e-commerce purchase;
  
  retrieving a user identifier upon a biometric authentication of the user conducted through a direct connection with the online terminal;
  
  extracting electronic wallet information relating to the user identifier;
  
  generating a new federated identity associated with the user identifier and the online merchant;
  
  transmitting at least a first portion of the electronic wallet information and the new federated identity to the online merchant for the online merchant to establish a merchant account for the user;
  
  transmitting at least a second portion of the electronic wallet information and at least a portion of the payment transaction details to a payment processor; and
  
  transmitting an approval message to the online merchant indicating whether the payment processor has authorized the e-commerce purchase.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
- - 31. The method of claim 30 wherein the first portion of the electronic wallet information includes a name and a shipping address of the user.
  - 32. The method of claim 30 where the second portion of the electronic wallet information includes a financial account associated with the user.
  - 33. The method of claim 30, further comprising:
    - generating a transaction identifier associated with the payment transaction details; and
      
      transmitting the transaction identifier to the online merchant as part of the approval message.
  - 34. The method of claim 30 wherein the approval message includes the federated identity.
  - 35. The method of claim 30 wherein the step of transmitting the new federated identity to the online merchant occurs via the online terminal.
  - 36. The method of claim 30, further comprising:
    - establishing a second direct connection with the online terminal; and
      
      presenting at least a portion of the payment transaction details to the user through the second direct connection with the online terminal for an approval by the user.
  - 37. The method of claim 36, further comprising:
    - presenting to the user at least one financial account in the electronic wallet information through the second direct connection with the online terminal; and
      
      receiving a selection of the at least one financial account from the user through the second direct connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Invention Network LLC
Original Assignee
You Technology Incorporated
Inventors
Siegal, Jon, Hintz, Thomas, Rowell, Simon

Granted Patent

US 7,502,761 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/08   Payment architectures

G06Q 20/085   involving remote charge det...

G06Q 20/10   specially adapted for elect...

G06Q 20/12   specially adapted for elect...

G06Q 20/16   Payments settled via teleco...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/4014   Identity check for transact...

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/02   Banking, e.g. interest calc...

H04L 63/0861   using biometrical features,...

METHOD AND SYSTEM FOR PROVIDING ONLINE AUTHENTICATION UTILIZING BIOMETRIC DATA

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PROVIDING ONLINE AUTHENTICATION UTILIZING BIOMETRIC DATA

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links