VERIFICATION OF AUTHENTICITY AND RESPONSIVENESS OF BIOMETRIC EVIDENCE AND/OR OTHER EVIDENCE

US 20130138964A1
Filed: 11/30/2011
Published: 05/30/2013
Est. Priority Date: 11/30/2011
Status: Active Grant

First Claim

Patent Images

1. A sensor configured to acquire evidence that is to be provided for validation of the authenticity and responsiveness of the evidence without regard for whether there is direct control over the sensor, the sensor comprising:

a sample acquisition apparatus configured to acquire one or more samples; and

one or more processors configured to execute computer program modules, the computer program modules comprising;

a communications module configured to receive a request for evidence, the evidence including one or more samples or a representation of one or more samples, the request for evidence including a challenge;

a sample acquisition module configured to obtain individual ones of the one or more samples acquired by the sample acquisition apparatus; and

a data packaging module configured to combine the evidence and a response to the challenge into a signed or encrypted unit of data, the sensor communications module being further configured to transmit the signed or encrypted unit of data;

wherein the evidence included in the signed or encrypted unit of data is validated based on a comparison between the response to the challenge included in the signed or encrypted unit of data and the challenge sent with the request for evidence.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authenticity and responsiveness of evidence (e.g., biometric evidence) may be validated without regard for whether there is direct control over a sensor that acquired the evidence. In some implementations, only a data block containing evidence that is (1) appended with a server-generated challenge (e.g., a nonce) and (2) signed or encrypted by the sensor may validate that the evidence is responsive to a current request and belongs to a current session. In some implementations, trust may be established and/or enhanced due to one or more security features (e.g., anti-spoofing, anti-tampering, and/or other security features) being collocated with the sensor at the actual sampling site.

Citations

28 Claims

1. A sensor configured to acquire evidence that is to be provided for validation of the authenticity and responsiveness of the evidence without regard for whether there is direct control over the sensor, the sensor comprising:
- a sample acquisition apparatus configured to acquire one or more samples; and
  
  one or more processors configured to execute computer program modules, the computer program modules comprising;
  
  a communications module configured to receive a request for evidence, the evidence including one or more samples or a representation of one or more samples, the request for evidence including a challenge;
  
  a sample acquisition module configured to obtain individual ones of the one or more samples acquired by the sample acquisition apparatus; and
  
  a data packaging module configured to combine the evidence and a response to the challenge into a signed or encrypted unit of data, the sensor communications module being further configured to transmit the signed or encrypted unit of data;
  
  wherein the evidence included in the signed or encrypted unit of data is validated based on a comparison between the response to the challenge included in the signed or encrypted unit of data and the challenge sent with the request for evidence.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The sensor of claim 1, wherein the challenge includes a nonce, the nonce including a random number generated by a given processor, the random number being indiscernible prior to its generation except by the given processor.
  - 3. The sensor of claim 1, wherein the computer program modules further comprise an anti-tampering module configured to perform one or more anti-tampering checks to determine whether the sensor has been tampered with.
  - 4. The sensor of claim 3, wherein the sensor communications module is further configured to transmit an indication that the sensor has been tampered with responsive to the one or more anti-tampering checks resulting in a positive determination.
  - 5. The sensor of claim 3, wherein the anti-tampering module is further configured to record an indication that the sensor has been tampered with responsive to the one or more anti-tampering checks resulting in a positive determination.
  - 6. The sensor of claim 1, wherein individual ones or the one or more samples acquired by the sample acquisition apparatus include a biometric sample obtained for one or more of biometric authentication, identification, verification, or enrollment.
  - 7. The sensor of claim 1, further comprising a template extraction module configured to extract a template associated with a given sample acquired by the sample acquisition apparatus, the template including measurement data from the given sample.
  - 8. The sensor of claim 1, wherein a given sample includes an image of a body part of a user.
  - 9. The sensor of claim 1, wherein the computer program modules further comprise an anti-spoofing module configured to perform one or more anti-spoofing checks to determine whether a given sample was obtained from one or more of a false representation of a sample acquired by the sample acquisition apparatus, a surrogate, or a prosthetic.
  - 10. The sensor of claim 9, wherein the sensor communications module is further configured to transmit an indication that the given sample was obtained from one or more of a false representation of a sample acquired by the sample acquisition apparatus, a surrogate feature, or a prosthetic feature, the indication being transmitted responsive to the one or more anti-spoofing checks resulting in a positive determination.
  - 11. The sensor of claim 1, wherein the request for evidence is received responsive to a request to access a protected resource, the protected resource including one or both of protected information or a protected device.
  - 12. The sensor of claim 1, wherein combining the evidence and the challenge into the signed or encrypted unit of data includes packing the evidence and the challenge into a single data block.
  - 13. The sensor of claim 1, wherein combining the evidence and the challenge into the signed or encrypted unit of data includes:
    - packing the evidence and the challenge into two or more data blocks;
      
      obtaining hashes of the two or more data blocks; and
      
      obtaining a cross-coupled data block that includes the hashes of the two or more data blocks.
  - 14. The sensor of claim 1, wherein the computer program modules further comprise a cryptography module configured to provide a digital signature for the signed or encrypted unit of data.
  - 15. The sensor of claim 14, wherein the digital signature is associated with a private key stored at the sensor.
  - 16. The sensor of claim 15, wherein the private key is associated with a public key infrastructure certificate, the public key infrastructure certificate identifying one or more of a manufacturer of the sensor, a vendor of the sensor, a sensor type, a sensor model, a serial number, a security feature, or a security level.
  - 17. The sensor of claim 1, further comprising a display apparatus configured to present a transaction identifier to a user.
  - 18. The sensor of claim 17, wherein the transaction identifier is presented as one or more of an image, an icon, or text.

19. A system configured to validate the authenticity and responsiveness of evidence without regard for whether there is direct control over a sensor that acquired the evidence, the system comprising:
- one or more processors configured to execute computer program modules, the computer program modules comprising;
  
  a communications module configured to transmit a request for evidence, the evidence including one or more samples or a representation of one or more sample, the request for evidence including a challenge;
  
  the communications module being further configured to receive a unit of data signed or encrypt, the signed or encrypted unit of data including evidence and a response to the challenge; and
  
  an authentication module configured to determine whether the evidence included in the signed or encrypted unit of data is valid based on a comparison between the response to the challenge included in the signed or encrypted unit of data and the challenge sent with the request for evidence.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The system of claim 19, wherein the authentication module is further configured to validate the signed or encrypted unit of data based on the digital signature of the unit of data.
  - 21. The system of claim 19, wherein the challenge includes a nonce, the nonce including a random number generated by a given processor, the random number being indiscernible prior to its generation except by the given processor.
  - 22. The system of claim 19, wherein the signed or encrypted unit of data is received via a browser running on a client computing platform.
  - 23. The system of claim 19, wherein the signed or encrypted unit of data is received from one or more of a security camera, a smart card reader, a credit card reader, a magnetic stripe reader, or a biometric sensor.

24. A method for validating the authenticity and responsiveness of evidence without regard for whether there is direct control over a sensor that acquired the evidence, the method comprising:
- transmitting a request for evidence, the evidence including one or more samples or a representation of one or more samples, the request including a challenge;
  
  receiving a unit of data signed or encrypted, the signed or encrypted unit of data including evidence and a response to the challenge; and
  
  determining whether the evidence included in the signed or encrypted unit of data is valid based on a comparison between the response to the challenge included in the signed or encrypted unit of data and the challenge sent with the request for evidence.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The method of claim 24, wherein determining whether the evidence included in the signed or encrypted unit of data is valid is further based on validating the digital signature of the unit of data.
  - 26. The method of claim 24, wherein the challenge includes a nonce, the nonce including a random number generated by a given processor, the random number being indiscernible prior to its generation except by the given processor.
  - 27. The method of claim 24, wherein the signed or encrypted unit of data is received via a browser running on a client computing platform.
  - 28. The method of claim 24, wherein the signed or encrypted unit of data is received from one or more of a security camera, a smart card reader, a credit card reader, a magnetic stripe reader, or a biometric sensor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biobex, LLC
Original Assignee
Advanced Biometric Controls, LLC
Inventors
JOYCE, Arthur W. III

Granted Patent

US 9,160,536 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/40145   Biometric identity checks

G07C 9/25   using biometric data, e.g. ...

G07C 9/26   using a biometric sensor in...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

VERIFICATION OF AUTHENTICITY AND RESPONSIVENESS OF BIOMETRIC EVIDENCE AND/OR OTHER EVIDENCE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

VERIFICATION OF AUTHENTICITY AND RESPONSIVENESS OF BIOMETRIC EVIDENCE AND/OR OTHER EVIDENCE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links