IDENTITY AUTHENTICATION AND SECURED ACCESS SYSTEMS, COMPONENTS, AND METHODS

US 20120066507A1
Filed: 11/23/2011
Published: 03/15/2012
Est. Priority Date: 07/12/2007
Status: Active Grant

First Claim

Patent Images

1. An identity authentication system for one or more users, the system comprising:

at least one credential issued to one of the users, wherein the credential includes a security token comprising data encrypted by encryption software with a cryptographic algorithm and encrypted based on a biometric key that is generated from a biometric identifier of the user; and

at least one decoder including a token interface device, a biometric input device, and a network interface device, and having access to encryption software with the cryptographic algorithm, wherein the biometric input device receives the biometric identifier from the user, the token interface device receives the token from the user credential, the network interface device requests and receives an OTK, the encryption software applies the cryptographic algorithm and the OTK to encrypt the token and the biometric key into a package, and the network interface device transmits the encrypted package; and

an authentication server including a network interface device, OTK generation software, conversion software, and decryption software with the cryptographic algorithm, wherein the network interface device receives the OTK request, the OTK generation software generates the OTK, the network interface device sends the OTK to the decoder and receives the encrypted package from the decoder, the conversion software converts the biometric identifier to the biometric key, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user, and wherein the token is only openable upon the simultaneous presence of the token, the biometric identifier used to encrypt the token, and the authentication server with the decryption software including the cryptographic algorithm.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security tokens contain data that is each uniquely encrypted based on a unique biometric identifier of an authorized user of that token. Decoders receive the token and the user'"'"'s biometric identifier, convert the biometric identifier to a biometric key, and apply the biometric key to decrypt the token. In this way, the decoders authenticate the users without performing a biometric identifier comparison. In some embodiments pieces or sets of the data are stored in designated data compartments, which are individually encrypted based on authority keys, and all of the encrypted data compartments are collectively encrypted based on the biometric key to create the token. The decoders store only the authority keys corresponding to the data compartments which they have authorization to open. In addition, in some embodiments the token and the biometric identifier are encrypted and sent to a remote authentication server for decryption of the token.

21 Citations

View as Search Results

23 Claims

1. An identity authentication system for one or more users, the system comprising:
- at least one credential issued to one of the users, wherein the credential includes a security token comprising data encrypted by encryption software with a cryptographic algorithm and encrypted based on a biometric key that is generated from a biometric identifier of the user; and
  
  at least one decoder including a token interface device, a biometric input device, and a network interface device, and having access to encryption software with the cryptographic algorithm, wherein the biometric input device receives the biometric identifier from the user, the token interface device receives the token from the user credential, the network interface device requests and receives an OTK, the encryption software applies the cryptographic algorithm and the OTK to encrypt the token and the biometric key into a package, and the network interface device transmits the encrypted package; and
  
  an authentication server including a network interface device, OTK generation software, conversion software, and decryption software with the cryptographic algorithm, wherein the network interface device receives the OTK request, the OTK generation software generates the OTK, the network interface device sends the OTK to the decoder and receives the encrypted package from the decoder, the conversion software converts the biometric identifier to the biometric key, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user, and wherein the token is only openable upon the simultaneous presence of the token, the biometric identifier used to encrypt the token, and the authentication server with the decryption software including the cryptographic algorithm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the token includes at least one data compartment storing the data, the data compartment is encrypted by the same or different encryption software and encrypted based on at least one authority key.
  - 3. The system of claim 2, wherein the authentication server has access to the at least one authority key, wherein after opening the token the authentication server applies the decryption software and the at least one authority key to open the data compartment.
  - 4. The system of claim 2, wherein the token encryption and the data compartment encryption are based on at least two biometric keys generated from the same or a different biometric identifier of the user.
  - 5. The system of claim 4, wherein the authentication server generates the at least two biometric keys from the same or the different biometric identifier, and the authentication server has access to the at least one authority key, wherein after opening the token with a first one of the biometric keys the authentication server applies the decryption software, the at least one authority key, and a second one of the biometric keys to open the data compartment.
  - 6. The system of claim 1, wherein the token includes a plurality of data compartments each able to store one piece or set of the data and each encrypted by the same or different encryption software and encrypted based on at least one of a plurality of authority keys, the data compartments are collectively encrypted based on the biometric key to form the token.
  - 7. The system of claim 6, wherein the authentication server has access to at least one of the authority keys, wherein after opening the token the authentication server applies the same or different decryption software and its at least one authority key to open the data compartment corresponding to its at least one authority key, and wherein the authentication server cannot open any of the data compartments for which it does not have access to the corresponding authority key.
  - 8. The system of claim 1, wherein the authentication server is located remotely from the decoder for remote authentication applications.
  - 9. The system of claim 1, wherein the decoder includes copies of the decryption software, the conversion software, and the authority keys for local authentication applications.
  - 10. The system of claim 1, further comprising a set-up workstation including at least one biometric input device, at least one token interface device, conversion software, and the encryption software with the cryptographic algorithm, wherein the biometric input device receives the biometric identifier from the user, the conversion software converts the biometric identifier to the biometric key, the encryption software applies the cryptographic algorithm and the biometric key to encrypt the data to form the token, and the token interface device transfers the token to the credential.
  - 11. The system of claim 10, wherein the set-up workstation has access to at least one authority key, encrypts at least a portion of the data in a data compartment of the token based on the authority key, and then encrypts the data compartment of the token based on the biometric key.
  - 12. The system of claim 1, wherein the credential is a network access credential and the token includes user identification information.

13. An authentication server for opening a security token of a credential of a user, the system comprising:
- a network interface device;
  
  OTK generation software that is operable to generate an OTK;
  
  conversion software that is operable to convert biometric identifiers to biometric keys; and
  
  decryption software with a cryptographic algorithm,wherein the OTK generation software generates a OTK, the network interface device sends the OTK to a decoder and receives an encrypted package from the decoder, the conversion software converts the biometric identifier to the biometric key, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user, and wherein the token is only openable upon the simultaneous presence of the token, the biometric identifier used to encrypt the token, and the authentication server with the decryption software including the cryptographic algorithm.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The authentication server of claim 13, wherein the token includes at least one data compartment storing the data, the data compartment is encrypted by the same or different encryption software and encrypted based on at least one authority key, and the authentication server has access to the at least one authority key, wherein after opening the token the authentication server applies the decryption software and the at least one authority key to open the data compartment.
  - 15. The authentication server of claim 14, wherein the token encryption and the data compartment encryption are based on at least two biometric keys generated from the same or a different biometric identifier of the user, and the authentication server generates the at least two biometric keys from the same or the different biometric identifier, wherein the authentication server has access to the at least one authority key, wherein after opening the token with a first one of the biometric keys the authentication server applies the decryption software, the at least one authority key, and a second one of the biometric keys to open the data compartment.
  - 16. The authentication server of claim 13, wherein the token includes a plurality of data compartments each able to store one piece or set of the data and each encrypted by the same or different encryption software and encrypted based on at least one of a plurality of authority keys, and wherein the data compartments are collectively encrypted based on the biometric key to form the token.
  - 17. The authentication server of claim 13, wherein the authentication server has access to at least one of the authority keys, wherein after opening the token the authentication server applies the same or different decryption software and its at least one authority key to open the data compartment of the token corresponding to its at least one authority key, and wherein the authentication server cannot open any of the data compartments of the token for which it does not have access to the corresponding authority key.
  - 18. The authentication server of claim 13, wherein the cryptographic algorithm of the decryption software is the same as that used to encrypt data based on the biometric key to create the token.

19. A method of authenticating the identity of a user with a security token comprising data encrypted based on a biometric key that is based on a biometric identifier of the user, the method comprising:
- receiving from a decoder a request for an OTK;
  
  generating the OTK and sending it to the decoder;
  
  receiving from the decoder a package that includes the token and the biometric key and that is encrypted based on the OTK;
  
  decrypting the encrypted package using the OTK to access the token and the biometric identifier;
  
  converting, via conversion software, the biometric identifier to the biometric key; and
  
  decrypting, via decryption software with a cryptographic algorithm, the token using the biometric key to open the token, wherein the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user, and wherein the token is only openable upon the simultaneous presence of the token, the biometric identifier used to encrypt the token, and the authentication server with the decryption software including the cryptographic algorithm.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19, wherein the token includes at least one data compartment storing the data and encrypted based on at least one authority key, and further comprising:
    - accessing the at least one authority key;
      
      decrypting the data compartment using the at least one authority key after decrypting the token using the biometric key.
  - 21. The method of claim 20, wherein the step of decrypting the data compartment includes decrypting the data compartment using the at least one authority key and using a second biometric key generated from the same or a different biometric identifier of the user.
  - 22. The method of claim 19, wherein the token includes a plurality of data compartments each storing a portion of the data and each encrypted based on at least one of a plurality of authority keys, and further comprising:
    - accessing the authority keys;
      
      decrypting the data compartments using the authority keys after decrypting the token using the biometric key.
  - 23. The method of claim 19, wherein the step of decrypting the token using the biometric key to open the token comprises applying a cryptographic algorithm that is the same as that used to encrypt data based on the biometric key to create the token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Innovation Investments, LLC
Original Assignee
Innovation Investments, LLC
Inventors
JOBMANN, Brian C.

Granted Patent

US 8,275,995 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/62   Protecting access to data v...

G06F 2221/2107   File encryption

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 2463/082   applying multi-factor authe...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 9/0866   involving user or device id...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04W 12/068   using credential vaults, e....

IDENTITY AUTHENTICATION AND SECURED ACCESS SYSTEMS, COMPONENTS, AND METHODS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTITY AUTHENTICATION AND SECURED ACCESS SYSTEMS, COMPONENTS, AND METHODS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links