Secure Biometric Verification of Identity
First Claim
1. An identification card comprising:
- an on-board memory for storing reference data;
an on-board sensor for capturing live biometric data;
an on-board microprocessor for comparing the captured biometric data with corresponding stored reference data within a predetermined threshold and for generating a verification message only if there is a match within the predetermined threshold; and
means for communicating the verification message to an external network.
2 Assignments
0 Petitions
Accused Products
Abstract
A high security identification card includes an on-board memory for stored biometric data and an on-board sensor for capturing live biometric data. An on-board processor on the card performs a matching operation to verify that the captured biometric data matches the locally stored biometric data. Only if there is a positive match is any data transmitted from the card for additional verification and/or further processing. Preferably, the card is ISO SmartCard compatible. In one embodiment, the ISO SmartCard functions as a firewall for protecting the security processor used for storing and processing the protected biometric data from malicious external attack via the ISO SmartCard interface. In another embodiment, the security processor is inserted between the ISO SmartCard Interface and an unmodified ISO SmartCard processor and blocks any external communications until the user'"'"'s fingerprint has been matched with a previously registered fingerprint. Real-time feedback is provided while the user is manipulating his finger over the fingerprint sensor, thereby facilitating an optimal placement of the finger over the sensor. The card may be used to enable communication with a transactional network or to obtain physical access into a secure area.
228 Citations
25 Claims
-
1. An identification card comprising:
-
an on-board memory for storing reference data;
an on-board sensor for capturing live biometric data;
an on-board microprocessor for comparing the captured biometric data with corresponding stored reference data within a predetermined threshold and for generating a verification message only if there is a match within the predetermined threshold; and
means for communicating the verification message to an external network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of verifying identity using an identification card having therein an on-board memory, an on-board sensor, an on-board security microprocessor and a communication interface for interfacing with an external network, the method comprising:
-
maintaining stored reference data in the on-board memory;
capturing live biometric data using the on-board sensor;
comparing, using the on-board security microprocessor, the captured biometric data with corresponding stored reference data within a predetermined threshold;
if there is a match within the predetermined threshold, generating a verification message;
communicating the verification message to a remote authentication system over an external network, wherein the verification message includes at least excerpts from the captured biometric data, the verification message being transmitted to a remote authentication system for additional verification using reference data that is different from the stored reference data stored on the on-board memory; and
executing a secure three-way authentication protocol in response to a match request relating to a particular logon attempt at a particular application server that produces a positive match at the authentication server, the secure three-way authentication protocol executed such that a challenge character sequence is sent from the authentication server to the identification card, which the identification card uses along with the match request to generate a challenge response that is then forwarded to the application server, in response so which the application server then forwards the challenge response to the authentication server, which then verifies whether the challenge response is valid.
-
-
21. A method for identifying a user of an intelligent identification card, the intelligent identification card including an on-board memory storing reference data and an on-board biometric sensor, the method comprising:
-
capturing live biometric data using the on-board sensor;
comparing the captured biometric data with corresponding reference data stored in the on-board memory within a predetermined threshold;
generating a verification message only if there is a match within the predetermined threshold;
communicating the verification message to an external network, the verification massage including at least excerpts from the captured biometric data; and
additionally verifying the user at a remote authentication system using reference data which is different from the reference data stored on the on-board memory. - View Dependent Claims (22, 23, 24)
-
-
25. An apparatus for identifying a user of an intelligent identification card, the intelligent identification card including an on-board memory storing reference data and an on-board biometric sensor, the apparatus comprising:
-
means for capturing live biometric data using the on-board sensor;
means for comparing the captured biometric data with corresponding reference data stored in the on-board memory within a predetermined threshold;
means for generating a verification message only if there is a match within the predetermined threshold; and
means for communicating the verification message to an external network, wherein the verification message includes at least excerpts from the captured biometric data, the verification message being transmitted to a remote authentication system for additional verification using remotely stored reference data which is different from the local reference data stored on the on-board memory.
-
Specification