IDENTITY AUTHENTICATION AND SECURED ACCESS SYSTEMS, COMPONENTS, AND METHODS
First Claim
1. An identity authentication system for one or more users, the system comprising:
- at least one credential issued to one of the users, wherein the credential includes a security token comprising data encrypted by encryption software with a cryptographic algorithm and encrypted based on a biometric key that is generated from a biometric identifier of the user; and
at least one decoder including a token interface device and a biometric input device and having access to decryption software with the cryptographic algorithm and conversion software, wherein the biometric input device receives the biometric identifier from the user, the conversion software converts the biometric identifier to the biometric key, the token interface device receives the token from the user credential, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user.
5 Assignments
0 Petitions
Accused Products
Abstract
Security tokens contain data that is each uniquely encrypted based on a unique biometric identifier of an authorized user of that token. Decoders receive the token and the user'"'"'s biometric identifier, convert the biometric identifier to a biometric key, and apply the biometric key to decrypt the token. In this way, the decoders authenticate the users without performing a biometric identifier comparison. In some embodiments pieces or sets of the data are stored in designated data compartments, which are individually encrypted based on authority keys, and all of the encrypted data compartments are collectively encrypted based on the biometric key to create the token. The decoders store only the authority keys corresponding to the data compartments which they have authorization to open. In addition, in some embodiments the token and the biometric identifier are encrypted and sent to a remote authentication server for decryption of the token.
-
Citations
40 Claims
-
1. An identity authentication system for one or more users, the system comprising:
-
at least one credential issued to one of the users, wherein the credential includes a security token comprising data encrypted by encryption software with a cryptographic algorithm and encrypted based on a biometric key that is generated from a biometric identifier of the user; and at least one decoder including a token interface device and a biometric input device and having access to decryption software with the cryptographic algorithm and conversion software, wherein the biometric input device receives the biometric identifier from the user, the conversion software converts the biometric identifier to the biometric key, the token interface device receives the token from the user credential, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A set-up workstation for creating a security credential for a user, comprising:
-
at least one biometric input device; at least one token interface device; conversion software that is operable to convert biometric identifiers to biometric keys; and encryption software with a cryptographic algorithm, wherein the biometric input device receives a biometric identifier from a user, the conversion software converts the biometric identifier to a biometric key, the encryption software applies the cryptographic algorithm and the biometric key to encrypt data to form a token, and the token interface device transfers the token to the credential. - View Dependent Claims (19)
-
-
20. A method of creating a security credential for a user, comprising:
-
receiving a biometric identifier from the user; converting the biometric identifier to a biometric key; encrypting data based on the biometric key to form a token; and transferring the token to the credential. - View Dependent Claims (21)
-
-
22. A decoder for opening a security token of a credential of a user;
- comprising;
a token interface device; a biometric input device; decryption software with a cryptographic algorithm; and conversion software that is operable to convert biometric identifiers to biometric keys, wherein the biometric input device receives a biometric identifier from the user, the conversion software converts the biometric identifier to a biometric key, the token interface device receives the token from the user credential, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user. - View Dependent Claims (23, 24, 25, 26)
- comprising;
-
27. A method of authenticating the identity of a user with a security token comprising data encrypted based on a biometric key that is based on a biometric identifier of the user, the method comprising:
-
receiving the biometric identifier from the user; converting the biometric identifier to a biometric key; receiving the token from the user credential; decrypting the token using the biometric key open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user. - View Dependent Claims (28, 29, 30)
-
-
31. An identity authentication system for one or more users, the system comprising:
-
at least one credential issued to one of the users, wherein the credential includes a security token comprising data encrypted by encryption software with a cryptographic algorithm and encrypted based on a biometric key that is generated from a biometric identifier of the user; and at least one decoder including a token interface device, a biometric input device, and a network interface device, and having access to encryption software with the cryptographic algorithm, wherein the biometric input device receives the biometric identifier from the user, the token interface device receives the token from the user credential, the network interface device requests and receives a OTK, the encryption software applies the cryptographic algorithm and the OTK to encrypt the token and the biometric key into a package, and the network interface device transmits the encrypted package; and an authentication server including a network interface device, OTK generation software, conversion software, and decryption software with the cryptographic algorithm, wherein the network interface device receives the OTK request, the OTK generation software generates the OTK, the network interface device sends the OTK to the decoder and receives the encrypted package from the decoder, the conversion software converts the biometric identifier to the biometric key, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user. - View Dependent Claims (32, 33, 34, 35, 36)
-
-
37. An authentication server for opening a security token of a credential of a user, the system comprising:
-
a network interface device; generation software that is operable to generate a OTK; conversion software that is operable to convert biometric identifiers to biometric keys; and decryption software with a cryptographic algorithm, wherein the OTK generation software generates a OTK, the network interface device sends the OTK to a decoder and receives an encrypted package from the decoder, the conversion software converts the biometric identifier to the biometric key, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user. - View Dependent Claims (38)
-
-
39. A method of authenticating the identity of a user with a security token comprising data encrypted based on a biometric key that is based on a biometric identifier of the user, the method comprising:
-
receiving from a decoder a request for a OTK; generating the OTK and sending it to the decoder; receiving from the decoder a package that includes the token and the biometric key and that is encrypted based on the OTK; decrypting the encrypted package using the OTK to access the token and the biometric identifier; converting the biometric identifier to the biometric key; and decrypting the token using the biometric key to open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user. - View Dependent Claims (40)
-
Specification