Method, device, server and system for identity authentication using biometrics

US 20100049659A1
Filed: 06/26/2007
Published: 02/25/2010
Est. Priority Date: 07/05/2006
Status: Active Grant

First Claim

Patent Images

1. A method for identity authentication using biometrics in an authentication system that at least comprises a local device and an authentication server, wherein said method comprises:

an input step of inputting biometric data into said local device via a biometric sensor;

a match step of matching said inputted biometric data with original biometric data pre-stored in a memory of said local device;

a first identification code generation step of generating a first identification code in said local device if said inputted biometric data is matched with said biometric data pre-stored in the memory; and

an authentication step of sending said first identification code to the authentication server so that the authentication server authenticates said first identification code to authorize said system to perform authorized operations.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a device, a server and a system for authenticating the identity with the biological character in an authenticating system, the authenticating system at least includes a local device and an authenticating server, wherein the method comprises the following steps: inputting step, inputting the biological character data in the local device by a biological character sensor; matching step, matching the input biological character data with the original biological character data pre-stored in the memory of the local device; first identification code producing step, producing the first identification code in the local device if the input biological character data is matched with the original biological character data pre-stored in the memory; and authenticating step, sending the first identification code to the authenticating server, authenticating the first identification code by the authenticating server in order to authorize the system to perform the authorized operation.

47 Citations

View as Search Results

49 Claims

1. A method for identity authentication using biometrics in an authentication system that at least comprises a local device and an authentication server, wherein said method comprises:
- an input step of inputting biometric data into said local device via a biometric sensor;
  
  a match step of matching said inputted biometric data with original biometric data pre-stored in a memory of said local device;
  
  a first identification code generation step of generating a first identification code in said local device if said inputted biometric data is matched with said biometric data pre-stored in the memory; and
  
  an authentication step of sending said first identification code to the authentication server so that the authentication server authenticates said first identification code to authorize said system to perform authorized operations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method according to claim 1, wherein said first identification code generation step generates the first identification code in accordance with a current time and static data.
  - 3. The method according to claim 1, wherein said authentication step further comprises the steps of:
    - receiving an authentication request by the authentication server;
      
      receiving said first identification code;
      
      generating a second identification code by using the same method as the first identification code generation step; and
      
      comparing the received first identification code with the second identification code to determine whether to authorize performance of the authorized operations.
  - 4. The method according to claim 3, wherein the step of generating the second identification code further comprises the steps of:
    - reading current time information and static data of an authenticated user; and
      
      generating the second identification code based on the read time information and static data.
  - 5. The method according to claim 4, whereinif the time interval between the moments of the generated first identification code and second identification code is less than a predetermined time interval, then the generated first identification code and second identification code are matched with each other;
    - andif the time interval between the moments of the generated first identification code and second identification code is more than a predetermined time interval, then the generated first identification code and second identification code are not matched with each other.
  - 6. The method according to claim 1, wherein the time interval between two first identification codes that are generated successively is more than a predetermined time interval, then the generated identification codes are different from each other.
  - 7. The method according to claim 5, wherein the value of said predetermined time interval ranges between 1 and 5 minutes.
  - 8. The method according to claim 4, wherein time is cut into a plurality of successive time slices with a predetermined time interval, and identification codes generated in the same time slice are identical to each other while identification codes generated in different time slices are different from each other.
  - 9. The method according to claim 1, said authentication step further comprises:
    - sending user account information to the authentication server; and
      
      extracting static data from a database by the authentication server in accordance with the received account information, for generating the second identification code.
  - 10. The method according to claim 1, wherein said method further comprises an initialization step, said initialization step comprising:
    - connecting said local device with said authentication server;
      
      exchanging local device identifiers between said local device and said authentication server; and
      
      synchronizing the timer of said local device with the timer of said authentication server.
  - 11. The method according to claim 1, wherein said method further comprises a registration step, said registration step comprising the steps of:
    - providing the authentication server with static data associated with a user of said local device; and
      
      exchanging a set of keys between said server and said local device.
  - 12. The method according to claim 11, wherein said set of keys comprises PKI keys.
  - 13. The method according to claim 11, wherein said method further comprises an enrollment step, said enrollment step comprising the steps of:
    - providing said authentication server with static data which comprises accounts and a static identification code;
      
      verifying the inputted static data by said authentication server;
      
      generating a specific set of keys for each account if verification is passed; and
      
      inputting said biometric data and storing it in said local device.
  - 14. The method according to claim 1, wherein the authorized operations in said authentication step are e-banking transactions and/or phone-banking transactions.
  - 15. The method according to claim 1, wherein the authorized operations in said authentication step are e-commerce transactions.
  - 16. The method according to claim 1, wherein the biometric data in said input step is fingerprint data, facial image data, iris data, palmprint data, voice data, subcutaneous veins data and/or handwriting data.
  - 17. The method according to claim 1, further comprising a step of indicating error information if said inputted biometric data is not matched with said biometric data pre-stored in the memory.
  - 18. The method according to claim 1, further comprising a step of displaying the generated first identification code after said generation step and before said authentication step.
  - 19. The method according to claim 1, wherein the first identification code is generated based on standard banking industry protocols, PKI encryption schemes and/or triple DES encryption.
  - 20. The method according to claim 2, wherein said static data comprises a plurality set of user data of a plurality of users and/or accounts, a user selects one set of needed user data during generation of the first identification code, and the first identification code is generated based on the selected user data.
  - 21. The method according to claim 14, wherein said e-banking transactions are the transactions implemented by POS and/or ATM.

22. A device for identity authentication using biometrics, comprising:
- a memory for pre-storing original biometric data;
  
  a biometric sensor for receiving inputs of biometric data;
  
  match means for matching the biometric data inputted through the biometric sensor with the biometric data pre-stored in said memory; and
  
  first identification code generation means for generating a first identification code if said inputted biometric data is matched with said biometric data pre-stored in said memory.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 47, 48, 49)
- - 23. The device according to claim 22, further comprising a timer for providing clock information.
  - 24. The device according to claim 23, wherein said first identification code generation means generates the first identification code in accordance with time information on a current moment provided by the timer and static data.
  - 25. The device according to claim 24, wherein the term of validity of said generated first identification code is a predetermined time interval, and after said predetermined time interval from the moment when said first identification code is generated, said identification code becomes invalid.
  - 26. The device according to claim 24, wherein said first identification code generation means divides time into a plurality of successive time slices with a predetermined time interval, judges which time slice the time information on a current moment provided by said timer belongs to and generates an identification code corresponding to said time slice, wherein identification codes generated in the same time slice are identical to each other while identification codes generated in different time slices are different from each other.
  - 27. The device according to claim 22, further comprising output means for outputting the generated first identification code.
  - 28. The device according to claim 22, wherein said output means comprises a display, a microphone and/or an external connector for connection to an external system.
  - 29. The device according to claim 28, wherein said external connector comprises a USB connector, Firewire connector and/or a wireless transceiver.
  - 30. The device according to claim 24, wherein said static data is pre-stored in said memory.
  - 31. The device according to claim 24, further comprising a card reader for reading said static data from cards.
  - 32. The device according to claim 22, further comprising power supply means for supplying power to said device.
  - 33. The device according to claim 32, wherein said power supply means comprises first power supply means and second power supply means, wherein said first power supply means is used to supply power to the whole device when said device is switched on, and said second power supply means maintains timing operations of a timer and/or operations of said memory when said device is switched off and/or said first power supply means becomes invalid.
  - 34. The device according to claim 33, wherein said power supply means is a rechargeable battery.
  - 35. The device according to claim 22, wherein said biometric sensor is a fingerprint sensor, a facial image sensor, an iris sensor, a palmprint sensor, a voice sensor subcutaneous veins sensor and/or a handwriting sensor.
  - 36. The device according to claim 22, wherein said first identification code are used in the authenticating procedure of e-banking transactions and/or phone-banking transactions.
  - 37. The device according to claim 22, wherein said first identification code are used in the authenticating procedure of e-commerce transactions.
  - 38. The device according to claim 22, further comprising self-destruction means for destroying the biometric stored in said device and/or the stored static data in attempts to disassemble the device.
  - 39. The device according to claim 22, further comprising a keypad for inputting data.
  - 40. The device according to claim 24, wherein said static data comprises user data of a plurality of users, a user selects needed user data during generation of the first identification code, and said first identification code generation means generates the first identification code in accordance with the user data selected by the user.
  - 41. The device according to claim 36, wherein said e-banking transactions are the transactions implemented by POS and/or ATM.
  - 47. A system for identification authentication using biometrics, wherein said system comprises a device according to claim 22, and a server for identification authentication, comprising:
    - input means for receiving an authentication request, static data and a first identification code to be authenticated;
      
      second identification code generation means for generating a second identification code based on the static data upon receipt of the authentication request;
      
      comparison means for comparing the received first identification code with the generated second identification code; and
      
      sending means for returning authorization information if a comparison result of said comparison means indicates that the first identification code is matched with the second identification code, otherwise rejecting authorization.
  - 48. The system according to claim 47, wherein timing information of the timer of said device is consistent with timing information of the timer of said server.
  - 49. The system according to claim 47, wherein said device and said server generates use the same algorithm to generate identification codes.

42. A server for identification authentication, comprising:
- input means for receiving an authentication request, static data and a first identification code to be authenticated;
  
  second identification code generation means for generating a second identification code based on the static data upon receipt of the authentication request;
  
  comparison means for comparing the received first identification code with the generated second identification code; and
  
  sending means for returning authorization information if a comparison result of said comparison means indicates that the first identification code is matched with the second identification code, otherwise rejecting authorization.
- View Dependent Claims (43, 44, 45, 46)
- - 43. The server according to claim 42, further comprisinga timer for providing clock information.
  - 44. The server according to claim 43, wherein said second identification code generation means generates the second identification code in accordance with time information on a current moment provided by the timer and the static data.
  - 45. The server according to claim 44, further comprising a database for storing additional static data of each user, wherein said second identification code generation means extracts corresponding additional static data from the database based on the received static data and generates said second identification code based on said extracted additional static data and/or received static data.
  - 46. The server according to claim 44, wherein said second identification code generation means divides time into a plurality of successive time slices with a predetermined time interval, judges which time slice the time information on a current moment provided by said timer belongs to and generates an identification code corresponding to said time slice, wherein identification codes generated in the same time slice are identical to each other while identification codes generated in different time slices are different from each other.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valley Technologies LLC
Original Assignee
Jean Cassone, Valley Technologies LLC
Inventors
Cassone, Jean

Granted Patent

US 8,421,595 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/382   insuring higher security of...

G06Q 20/40145   Biometric identity checks

Method, device, server and system for identity authentication using biometrics

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Method, device, server and system for identity authentication using biometrics

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links