BIOMETRIC AUTHENTICATION SYSTEM FOR ENHANCING NETWORK SECURITY

US 20070245152A1
Filed: 04/13/2006
Published: 10/18/2007
Est. Priority Date: 04/13/2006
Status: Abandoned Application

First Claim

Patent Images

1. A computer program for enabling a biometric authentication system, wherein at least a portion of the program is stored on a computer-usable medium, the computer program comprising:

a code segment for enabling a first computer to receive biometric data and identification information from a user and to communicate the biometric data and the identification information to a second computer;

a code segment for enabling the second computer to create a first transaction identifier, and to verify the identification information received from the first computer by confirming that the biometric data corresponds to at least a portion of the identification information;

a code segment for enabling a third computer to communicate to the second computer a request for at least a portion of the identification information, wherein the request includes a second transaction identifier; and

a code segment for enabling the second computer to communicate at least a portion of the identification information to the third computer if the first transaction identifier corresponds to the second transaction identifier and if the biometric data corresponds to at least a portion of the identification information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network-based biometric authentication system includes a client computer (10), a third party server (24), and a biometric authentication server (26). A user requests access to a web site hosted by the third party server via the client computer, wherein the third party server communicates a deployable object to the client computer. The client computer executes the deployable object, wherein the object enables the client computer to receive a user name, password, and biometric data from the user and to communicate the user name, password, and biometric data to the biometric authentication server in a secure fashion. The biometric authentication server authenticates the user name, password, and biometric data, and communicates the user name and password to the third party server, which attempts to verify the user name and password in a conventional manner and grants access to the user if the user name and password are verified.

101 Citations

View as Search Results

35 Claims

1. A computer program for enabling a biometric authentication system, wherein at least a portion of the program is stored on a computer-usable medium, the computer program comprising:
- a code segment for enabling a first computer to receive biometric data and identification information from a user and to communicate the biometric data and the identification information to a second computer;
  
  a code segment for enabling the second computer to create a first transaction identifier, and to verify the identification information received from the first computer by confirming that the biometric data corresponds to at least a portion of the identification information;
  
  a code segment for enabling a third computer to communicate to the second computer a request for at least a portion of the identification information, wherein the request includes a second transaction identifier; and
  
  a code segment for enabling the second computer to communicate at least a portion of the identification information to the third computer if the first transaction identifier corresponds to the second transaction identifier and if the biometric data corresponds to at least a portion of the identification information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer program as set forth in claim 1, further comprising a code segment for enabling the third computer to communicate an object to the second computer, wherein the object includes the code segment for enabling the first computer to receive biometric data and identification information from a user and to communicate the biometric data, the identification information to the second computer.
  - 3. The computer program as set forth in claim 2, wherein the object is an ActiveX object.
  - 4. The computer program as set forth in claim 3, wherein the third computer communicates the ActiveX object to the first computer in response to a user-initiated request to access a file managed by the third computer.
  - 5. The computer program as set forth in claim 4, wherein the third computer is a network server that communicates the ActiveX object in response to a user-initiated request to access a web site hosted by the third computer.
  - 6. The computer program as set forth in claim 1, wherein the identification information includes a user name and a password.
  - 7. The computer program as set forth in claim 6, further comprising a code segment for enabling the first computer to combine and encrypt the biometric data and the password, to combine the user name with the encrypted biometric data and password to form a bundle, to encrypt the bundle, and to communicate the encrypted bundle to the second computer.
  - 8. The computer program as set forth in claim 1, wherein the first computer is a hand-held wireless device.
  - 9. The computer program as set forth in claim 1, further comprising:
    - a code segment for enabling the first computer to request and receive a token seed from the second computer;
      
      a code segment for enabling the first computer to create a first token based on the token seed, wherein the first token forms at least part of the first transaction identifier; and
      
      a code segment for enabling the second computer to create a second token based on the token seed, wherein the second token forms at least part of the second transaction identifier.
  - 10. The computer program as set forth in claim 9, further comprising:
    - a code segment for enabling the first computer to encrypt the biometric data and the password using at least a portion of the first token, to combine the user name with the encrypted biometric data and password to form a bundle, to encrypt the bundle using at least a portion of the first token, and to communicate the encrypted bundle to the second computer; and
      
      a code segment for enabling the second computer to decrypt the bundle using at least a portion of the second token.
  - 11. The computer program as set forth in claim 1, wherein the biometric data is chosen from the group consisting of fingerprint data, voice print data, retinal scan data, iris scan data, facial characteristics, and signature data.

12. A computer program for enabling a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
- a code segment for enabling a first computer to communicate a deployable object to a second computer via a network communications medium, wherein the deployable object enables the second computer to generate a first token, to receive identification information and biometric data from a user, to bundle the identification information with the biometric data and secure the bundle, and to communicate the first token to the first computer and the bundle to a third computer;
  
  a code segment for enabling the first computer to communicate the first token to the third computer;
  
  a code segment for enabling the third computer to create a second token and to verify the first token received from the first computer by determining whether the first token corresponds to the second token;
  
  a code segment for enabling the third computer to verify the biometric data received from the second computer by comparing the received data to biometric data stored in a database; and
  
  a code segment for enabling the third computer to communicate the identification information received from the second computer to the first computer if the second token corresponds to the first token, if the received biometric data matches biometric data stored in the database, and if the biometric data corresponds to at least a portion of the identification information.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The computer program as set forth in claim 12, wherein the identification information includes a user name and a password.
  - 14. The computer program as set forth in claim 13, further comprising a code segment for enabling the second computer to combine and encrypt the biometric data and the password using the first token as an encryption key, to combine the user name with the encrypted biometric data and the password to form a bundle, and to encrypt the bundle using the first token as an encryption key.
  - 15. The computer program as set forth in claim 12, wherein the biometric data is chosen from the group consisting of fingerprint data, voice print data, retinal scan data, iris scan data, facial characteristics, and signature data.
  - 16. The computer program as set forth in claim 12, wherein the deployable object is an ActiveX object.
  - 17. The computer program as set forth in claim 12, wherein the second computer is a handheld wireless device.
  - 18. The computer program as set forth in claim 12, further comprising:
    - a code segment for enabling the third computer to generate a token seed and to create the second token based at least in part on the token seed, wherein the deployable object enables the second computer to request and receive the token seed from the third computer and to generate the first token based at least in part on the token seed.

19. A computer program for enabling a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
- a code segment for enabling a network server computer to communicate an ActiveX control to a network client computer via a network communications medium, wherein the ActiveX control enables the client computer to generate a first token, to receive a user name and password from the user, to control a biometric sensor and receive biometric data from the user via the sensor, to encrypt the biometric data and password using the first token as an encryption key, to combine the first token and the user name with the encrypted biometric data and password to form a bundle and encrypt the bundle using the first token as an encryption key, and to communicate the first token to the network server computer and the bundle to the biometric authentication server;
  
  a code segment for enabling the network server computer to communicate the first token to the biometric authentication server;
  
  a code segment for enabling the biometric authentication server to create a second token and to determine whether the first token corresponds to the second token;
  
  a code segment for enabling the biometric authentication server to determine whether the biometric data received from the client matches biometric data stored in a database;
  
  a code segment for enabling the biometric authentication server to determine whether the biometric data received from the client corresponds to the user name or the password; and
  
  a code segment for enabling the biometric authentication server to communicate the user name and password received from the client computer to the network server computer if the first token corresponds to the second token, if the biometric data received from the client matches biometric data stored in a database, and if the biometric data received from the client corresponds to the user name or the password.
- View Dependent Claims (20, 21, 22)
- - 20. The computer program as set forth in claim 19, wherein the ActiveX control enables the client computer to request and receive a token seed from the biometric authentication server.
  - 21. The computer program as set forth in claim 20 further comprising a code segment for enabling the biometric authentication server to create the token seed, to create the second token based on the seed, and communicate the seed to the client computer.
  - 22. The computer program as set forth in claim 20, wherein the ActiveX control enables the client computer to generate the first token based at least in part on the token seed.

23. A method of providing biometric authentication to a network security system, the method comprising:
- enabling a first computer to receive biometric data and identification information from a user and to communicate the biometric data and the identification information to a second computer;
  
  enabling the second computer to create a first transaction identifier and to verify the identification information by confirming that the biometric data corresponds to at least a portion of the identification information;
  
  communicating a request from a third computer to the second computer, wherein the request is for at least a portion of the identification information and wherein the request includes a second transaction identifier; and
  
  communicating from the second computer to the third computer at least a portion of the identification information if the first transaction identifier corresponds to the second transaction identifier and if the biometric data corresponds to at least a portion of the identification information.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The method as set forth in claim 23, further comprising enabling the third computer to communicate an object to the second computer, wherein the object enables the first computer to receive the biometric data and identification information from a user and to communicate the biometric data and the identification information to the second computer.
  - 25. The method as set forth in claim 24, wherein the object controls a biometric sensor peripheral device associated with the second computer to capture the biometric data.
  - 26. The method as set forth in claim 23, wherein the identification information includes a user name and a password.
  - 27. The method as set forth in claim 26, further comprising enabling the first computer to combine and encrypt the biometric data and the password, to combine the user name with the encrypted biometric data and password to form a bundle, to encrypt the bundle, and to communicate the encrypted bundle to the second computer.

28. A method of providing biometric authentication to a network security system, the method comprising:
- communicating a deployable object from a first computer to a second computer via a network communications medium, wherein the deployable object enables the second computer to create a first token, to receive identification information and biometric data from a user, to bundle the identification information with the biometric data and secure the bundle, and to communicate the first token to the first computer and the bundle to a third computer;
  
  enabling the first computer to communicate the first token to the third computer and to request identification information from the third computer corresponding to the first token;
  
  enabling the third computer to create a second token and to verify the first token received from the first computer by determining whether the first token corresponds to the second token;
  
  enabling the third computer to verify the biometric data received from the second computer by comparing the received data to biometric data stored in a database; and
  
  communicating the identification information from the third computer to the first computer if the second token corresponds to the first token, if the received biometric data matches biometric data stored in the database, and if the biometric data corresponds to at least a portion of the identification information.
- View Dependent Claims (29, 30, 31)
- - 29. The method as set forth in claim 28, wherein the object controls a biometric sensor peripheral device associated with the second computer to capture the biometric data.
  - 30. The method as set forth in claim 28, wherein the identification information includes a user name and a password.
  - 31. The method as set forth in claim 30, wherein the deployable object enables the second computer to combine and encrypt the biometric data and the password using the first token as an encryption key, to combine the user name with the encrypted biometric data and password to form the bundle, to encrypt the bundle using the first token as an encryption key, and to communicate the encrypted bundle to the third computer.

32. A computer program for enabling at least a portion of a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
- a code segment for enabling the computer to receive a token seed from a first external location;
  
  a code segment for enabling the computer to create a token based on the token seed;
  
  a code segment for enabling the computer to receive identification information and biometric data from a user;
  
  a code segment for enabling the computer to encode the identification information and the biometric data using the token;
  
  a code segment for enabling the computer to communicate the token to a second external location; and
  
  a code segment for enabling the computer to communicate the encoded identification information and biometric data to the first external location.
- View Dependent Claims (33)
- - 33. The computer program as set forth in claim 32, further comprising:
    - a code segment for enabling the computer to receive a request from a user to view information stored at the second external location; and
      
      a code segment for enabling the computer to receive a deployable object from the second external location, the deployable object including the code segments for enabling the computer to receive the token seed from the first external location, create the token based on the token seed, receive the identification information and the biometric data from the user, encrypt the identification information and the biometric data using the token, communicate the token to the second external location, and communicate the encrypted identification information and biometric data to the first external location.

34. A computer program for enabling at least a portion of a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
- a code segment for enabling the computer to receive a request for a token seed from a first external location;
  
  a code segment for enabling the computer to communicate the token seed to the first external location;
  
  a code segment for enabling the computer to create a token based on the token seed;
  
  a code segment for enabling the computer to receive encoded identification information and biometric data from the first external location;
  
  a code segment for enabling the computer to decode the encoded identification information and biometric data using the token;
  
  a code segment for enabling the computer to authenticate the identification information and biometric data by comparing the identification information and biometric data to stored information; and
  
  a code segment for enabling the computer to communicate the identification information and biometric data to a second external location if the identification information and biometric data are valid.

35. A computer program for enabling at least a portion of a biometric authentication system, at least a portion of the program being stored on a computer-usable medium, the computer program comprising:
- a code segment for enabling the computer to receive a request from a first external location to access information stored on the computer;
  
  a code segment for enabling the computer to communicate a deployable object to the first external location, the deployable object including computer-executable code segments for receiving a token seed, creating a token based on the token seed, receiving identification information and biometric data from a user, encoding the identification information and the biometric data using the token, and communicating the token to the computer and communicating the encoded identification information and biometric data to a second external location;
  
  a code segment for enabling the computer to receive the token;
  
  a code segment for enabling the computer to communicate the token to the second external location and to request the identification information and biometric data from the second external location; and
  
  a code segment for enabling the computer to receive the identification information from the second external location and to verify the identification information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ceelox, Inc.
Original Assignee
Ceelox, Inc.
Inventors
Aiken, Kass, Pizano, Erix

Application Number

US11/279,715
Publication Number

US 20070245152A1
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0861   using biometrical features,...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3231   Biological data, e.g. finge...

BIOMETRIC AUTHENTICATION SYSTEM FOR ENHANCING NETWORK SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

101 Citations

35 Claims

Specification

Use Cases

Quick Links

Others

BIOMETRIC AUTHENTICATION SYSTEM FOR ENHANCING NETWORK SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

35 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others