Secure Transaction Systems and Methods using User Authenticating Biometric Information

US 20110138450A1
Filed: 06/03/2010
Published: 06/09/2011
Est. Priority Date: 10/06/2009
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus configured to perform a secured transaction, comprising:

a biometric sensor configured to identify biometric information associated with a user;

a storage device coupled to the biometric sensor and configured to store user information;

a biometric service coupled to the biometric sensor and configured to communicate with the biometric sensor; and

a web browser application configured in software code and stored on a client device and configured to be executed by a client processor on the apparatus, wherein the web browser application includes a biometric extension configured to communicate with the biometric sensor via the biometric service, and wherein the biometric extension is further configured to communicate with a plurality of web servers with which to perform a secured transaction, the web browser application configured to perform the following functions when executed by the client processorreceiving a user transaction request at a client device;

communicating the user transaction request to a server, wherein the server determines whether the user transaction request is a secure transaction;

receiving transaction data from the server via the web browser application;

if the received transaction data from the server indicates a secure transaction;

prompting the user to provide biometric data;

receiving biometric data from the user; and

communicating a transaction confirmation to the server with the web browser application.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user transaction request is received at a client device. A web browser plug-in communicates the user transaction request to a server that determines whether the user transaction request is a secure transaction. Transaction data is received from the server via the web browser plug-in. If the received transaction data indicates a secure transaction, the user is prompted to provide biometric data from a user using a biometric device and related security protocols. The web browser plug-in then communicates a transaction confirmation to the server.

Citations

20 Claims

1. An apparatus configured to perform a secured transaction, comprising:
- a biometric sensor configured to identify biometric information associated with a user;
  
  a storage device coupled to the biometric sensor and configured to store user information;
  
  a biometric service coupled to the biometric sensor and configured to communicate with the biometric sensor; and
  
  a web browser application configured in software code and stored on a client device and configured to be executed by a client processor on the apparatus, wherein the web browser application includes a biometric extension configured to communicate with the biometric sensor via the biometric service, and wherein the biometric extension is further configured to communicate with a plurality of web servers with which to perform a secured transaction, the web browser application configured to perform the following functions when executed by the client processorreceiving a user transaction request at a client device;
  
  communicating the user transaction request to a server, wherein the server determines whether the user transaction request is a secure transaction;
  
  receiving transaction data from the server via the web browser application;
  
  if the received transaction data from the server indicates a secure transaction;
  
  prompting the user to provide biometric data;
  
  receiving biometric data from the user; and
  
  communicating a transaction confirmation to the server with the web browser application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1, wherein the web browser application is further configured to receive user credentials associated with the user.
  - 3. The apparatus of claim 1, wherein the web browser application is further configured to receive user credentials associated with the user from one of the plurality of web servers.
  - 4. The apparatus of claim 1, wherein the storage device is configured to store a secret key associated with the user.
  - 5. The apparatus of claim 1, further comprising an encryption key embedded within the biometric sensor.
  - 6. The apparatus of claim 1, wherein the biometric extension has an associated digital signature.
  - 7. The apparatus of claim 1, wherein the biometric sensor is further configured to release an authentication token to the biometric service upon authentication of the user.
  - 8. The apparatus of claim 7, wherein the authentication token is a secret key.
  - 9. The apparatus of claim 7, wherein the authentication token is a one time password.
  - 10. The apparatus of claim 7, wherein the authentication token is an RSA signature.
  - 11. The apparatus of claim 1, wherein the biometric sensor is a fingerprint sensor.
  - 12. The apparatus of claim 11, wherein the fingerprint sensor is a placement fingerprint sensor.
  - 13. The apparatus of claim 11, wherein the fingerprint sensor is a swipe fingerprint sensor.

14. A method comprising:
- identifying a biometric sensor associated with a client device, wherein the biometric sensor is identified by a biometric extension associated with a web browser application;
  
  receiving a token and a user transaction request from the biometric sensor in response to a valid user activation of the biometric sensor;
  
  transmitting the token to a web server using the biometric extension, wherein the server determines whether the user transaction request is a secure transaction;
  
  transmitting a user identifier associated with the user to the web server, wherein the user identifier is communicated by the biometric extension at the client device; and
  
  transmitting a biometric sensor identifier associated with the biometric sensor to the web server using the biometric extensiontransmitting a transaction confirmation to the server with the web browser application.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising generating a request to authenticate the user of the biometric sensor.
  - 16. The method of claim 14, wherein the method is initiated in response to the web browser application accessing a web site that supports biometric authentication.
  - 17. The method of claim 16, further comprising determining whether the user is enrolled with the web site being accessed.
  - 18. The method of claim 14, further comprising creating a secure communication link between the biometric extension and the web server.
  - 19. The method of claim 14, further comprising receiving a session identifier from the web server using the biometric extension.
  - 20. The method of claim 14, wherein the token is one of a secret key, a one time password, and an RSA signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synaptics Incorporated
Original Assignee
Validity Sensors Incorporated (Synaptics Incorporated)
Inventors
Schwab, Frank, Baghdasaryan, Davit, Hattery, Larry, Chan, Philip Yiu Kwong, Kesanupalli, Ramesh

Application Number

US12/793,499
Publication Number

US 20110138450A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/40145   Biometric identity checks

Secure Transaction Systems and Methods using User Authenticating Biometric Information

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Transaction Systems and Methods using User Authenticating Biometric Information

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links