BIOMETRIC AUTHENTICATION SYSTEM FOR ENHANCING NETWORK SECURITY
First Claim
1. A computer program for enabling a biometric authentication system, wherein at least a portion of the program is stored on a computer-usable medium, the computer program comprising:
- a code segment for enabling a first computer to receive biometric data and identification information from a user and to communicate the biometric data and the identification information to a second computer;
a code segment for enabling the second computer to create a first transaction identifier, and to verify the identification information received from the first computer by confirming that the biometric data corresponds to at least a portion of the identification information;
a code segment for enabling a third computer to communicate to the second computer a request for at least a portion of the identification information, wherein the request includes a second transaction identifier; and
a code segment for enabling the second computer to communicate at least a portion of the identification information to the third computer if the first transaction identifier corresponds to the second transaction identifier and if the biometric data corresponds to at least a portion of the identification information.
1 Assignment
0 Petitions
Accused Products
Abstract
A network-based biometric authentication system includes a client computer (10), a third party server (24), and a biometric authentication server (26). A user requests access to a web site hosted by the third party server via the client computer, wherein the third party server communicates a deployable object to the client computer. The client computer executes the deployable object, wherein the object enables the client computer to receive a user name, password, and biometric data from the user and to communicate the user name, password, and biometric data to the biometric authentication server in a secure fashion. The biometric authentication server authenticates the user name, password, and biometric data, and communicates the user name and password to the third party server, which attempts to verify the user name and password in a conventional manner and grants access to the user if the user name and password are verified.
101 Citations
35 Claims
-
1. A computer program for enabling a biometric authentication system, wherein at least a portion of the program is stored on a computer-usable medium, the computer program comprising:
-
a code segment for enabling a first computer to receive biometric data and identification information from a user and to communicate the biometric data and the identification information to a second computer;
a code segment for enabling the second computer to create a first transaction identifier, and to verify the identification information received from the first computer by confirming that the biometric data corresponds to at least a portion of the identification information;
a code segment for enabling a third computer to communicate to the second computer a request for at least a portion of the identification information, wherein the request includes a second transaction identifier; and
a code segment for enabling the second computer to communicate at least a portion of the identification information to the third computer if the first transaction identifier corresponds to the second transaction identifier and if the biometric data corresponds to at least a portion of the identification information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer program for enabling a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
-
a code segment for enabling a first computer to communicate a deployable object to a second computer via a network communications medium, wherein the deployable object enables the second computer to generate a first token, to receive identification information and biometric data from a user, to bundle the identification information with the biometric data and secure the bundle, and to communicate the first token to the first computer and the bundle to a third computer;
a code segment for enabling the first computer to communicate the first token to the third computer;
a code segment for enabling the third computer to create a second token and to verify the first token received from the first computer by determining whether the first token corresponds to the second token;
a code segment for enabling the third computer to verify the biometric data received from the second computer by comparing the received data to biometric data stored in a database; and
a code segment for enabling the third computer to communicate the identification information received from the second computer to the first computer if the second token corresponds to the first token, if the received biometric data matches biometric data stored in the database, and if the biometric data corresponds to at least a portion of the identification information. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer program for enabling a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
-
a code segment for enabling a network server computer to communicate an ActiveX control to a network client computer via a network communications medium, wherein the ActiveX control enables the client computer to generate a first token, to receive a user name and password from the user, to control a biometric sensor and receive biometric data from the user via the sensor, to encrypt the biometric data and password using the first token as an encryption key, to combine the first token and the user name with the encrypted biometric data and password to form a bundle and encrypt the bundle using the first token as an encryption key, and to communicate the first token to the network server computer and the bundle to the biometric authentication server;
a code segment for enabling the network server computer to communicate the first token to the biometric authentication server;
a code segment for enabling the biometric authentication server to create a second token and to determine whether the first token corresponds to the second token;
a code segment for enabling the biometric authentication server to determine whether the biometric data received from the client matches biometric data stored in a database;
a code segment for enabling the biometric authentication server to determine whether the biometric data received from the client corresponds to the user name or the password; and
a code segment for enabling the biometric authentication server to communicate the user name and password received from the client computer to the network server computer if the first token corresponds to the second token, if the biometric data received from the client matches biometric data stored in a database, and if the biometric data received from the client corresponds to the user name or the password. - View Dependent Claims (20, 21, 22)
-
-
23. A method of providing biometric authentication to a network security system, the method comprising:
-
enabling a first computer to receive biometric data and identification information from a user and to communicate the biometric data and the identification information to a second computer;
enabling the second computer to create a first transaction identifier and to verify the identification information by confirming that the biometric data corresponds to at least a portion of the identification information;
communicating a request from a third computer to the second computer, wherein the request is for at least a portion of the identification information and wherein the request includes a second transaction identifier; and
communicating from the second computer to the third computer at least a portion of the identification information if the first transaction identifier corresponds to the second transaction identifier and if the biometric data corresponds to at least a portion of the identification information. - View Dependent Claims (24, 25, 26, 27)
-
-
28. A method of providing biometric authentication to a network security system, the method comprising:
-
communicating a deployable object from a first computer to a second computer via a network communications medium, wherein the deployable object enables the second computer to create a first token, to receive identification information and biometric data from a user, to bundle the identification information with the biometric data and secure the bundle, and to communicate the first token to the first computer and the bundle to a third computer;
enabling the first computer to communicate the first token to the third computer and to request identification information from the third computer corresponding to the first token;
enabling the third computer to create a second token and to verify the first token received from the first computer by determining whether the first token corresponds to the second token;
enabling the third computer to verify the biometric data received from the second computer by comparing the received data to biometric data stored in a database; and
communicating the identification information from the third computer to the first computer if the second token corresponds to the first token, if the received biometric data matches biometric data stored in the database, and if the biometric data corresponds to at least a portion of the identification information. - View Dependent Claims (29, 30, 31)
-
-
32. A computer program for enabling at least a portion of a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
-
a code segment for enabling the computer to receive a token seed from a first external location;
a code segment for enabling the computer to create a token based on the token seed;
a code segment for enabling the computer to receive identification information and biometric data from a user;
a code segment for enabling the computer to encode the identification information and the biometric data using the token;
a code segment for enabling the computer to communicate the token to a second external location; and
a code segment for enabling the computer to communicate the encoded identification information and biometric data to the first external location. - View Dependent Claims (33)
-
-
34. A computer program for enabling at least a portion of a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
-
a code segment for enabling the computer to receive a request for a token seed from a first external location;
a code segment for enabling the computer to communicate the token seed to the first external location;
a code segment for enabling the computer to create a token based on the token seed;
a code segment for enabling the computer to receive encoded identification information and biometric data from the first external location;
a code segment for enabling the computer to decode the encoded identification information and biometric data using the token;
a code segment for enabling the computer to authenticate the identification information and biometric data by comparing the identification information and biometric data to stored information; and
a code segment for enabling the computer to communicate the identification information and biometric data to a second external location if the identification information and biometric data are valid.
-
-
35. A computer program for enabling at least a portion of a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
-
a code segment for enabling the computer to receive a request from a first external location to access information stored on the computer;
a code segment for enabling the computer to communicate a deployable object to the first external location, the deployable object including computer-executable code segments for receiving a token seed, creating a token based on the token seed, receiving identification information and biometric data from a user, encoding the identification information and the biometric data using the token, and communicating the token to the computer and communicating the encoded identification information and biometric data to a second external location;
a code segment for enabling the computer to receive the token;
a code segment for enabling the computer to communicate the token to the second external location and to request the identification information and biometric data from the second external location; and
a code segment for enabling the computer to receive the identification information from the second external location and to verify the identification information.
-
Specification