METHOD AND SYSTEM FOR SECURE TRANSMISSION OF BIOMETRIC DATA

US 20140258718A1
Filed: 03/05/2014
Published: 09/11/2014
Est. Priority Date: 03/07/2013
Status: Abandoned Application

First Claim

Patent Images

1. A system for securing the transmission of biometric data over an insecure network, the system including:

at least one transaction terminal including a user interface which is configured to receive personal identification information input by a user, a biometric scanner which is configured to read biometric data of the user, and a communication interface which is configured to transmit data to and receive data from a processing unit over an insecure network, the transaction terminal having a unique serial number and an associated unique private key;

a secure database for storing personal identification information and associated biometric templates of registered users, and the unique serial number and associated unique private key of said at least one transaction terminal; and

a processing unit which is operatively connected to the secure database,wherein said at least one transaction terminal is operable to receive personal identification information via the user interface from a user participating in a transaction;

to receive biometric data from the user via the biometric scanner;

to generate a unique transaction code;

to generate a hash of at least the received personal identification information, the received biometric data and the unique transaction code;

to encrypt at least the hash using said unique private key; and

to transmit the encrypted data over the insecure network to the processing unit for use in the transaction.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a system (100) for securing the transmission of biometric data over an insecure network (16). The system (100) includes a transaction terminal (18) having a user interface (28, 30), a biometric scanner (26), and a communication interface (24) for transmitting and receiving data to and from a processing unit (19) over the network (16). The terminal (18) has a unique serial number (400) and a unique private key. The system (100) includes a secure database (10), to which the processing unit (19) is connected, for storing personal identification information and biometric templates of users, and the serial number (400) and associated private key of the terminal (18). The terminal (18) receives identification information and biometric data via the user interface (28, 30) and scanner (26), and generates a unique transaction code (402). The terminal (18) then generates a hash of the received identification information, biometric data and transaction code (402), and encrypts the hash using the key. The terminal (18) then sends the encrypted data over the network (16) to the processing unit (19).

17 Citations

View as Search Results

20 Claims

1. A system for securing the transmission of biometric data over an insecure network, the system including:
- at least one transaction terminal including a user interface which is configured to receive personal identification information input by a user, a biometric scanner which is configured to read biometric data of the user, and a communication interface which is configured to transmit data to and receive data from a processing unit over an insecure network, the transaction terminal having a unique serial number and an associated unique private key;
  
  a secure database for storing personal identification information and associated biometric templates of registered users, and the unique serial number and associated unique private key of said at least one transaction terminal; and
  
  a processing unit which is operatively connected to the secure database,wherein said at least one transaction terminal is operable to receive personal identification information via the user interface from a user participating in a transaction;
  
  to receive biometric data from the user via the biometric scanner;
  
  to generate a unique transaction code;
  
  to generate a hash of at least the received personal identification information, the received biometric data and the unique transaction code;
  
  to encrypt at least the hash using said unique private key; and
  
  to transmit the encrypted data over the insecure network to the processing unit for use in the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the at least one transaction terminal includes a processor and associated secure memory, the memory being configured to store the unique serial number and associated unique private key of the transaction terminal, and the processor being configured to generate the hash of at least the received personal identification information, the received biometric data and the unique transaction code, and to encrypt at least the hash using the unique private key.
  - 3. The system of claim 2, wherein the processor is configured to generate said hash from the received personal identification information, the received biometric data, the unique transaction code, and additionally from received vendor identification information and current time data relating to the transaction.
  - 4. The system of claim 1, wherein the processor is configured to:
    - append further data to said hash, the further data including at least some of the data used to generate the hash; and
      
      encrypt the hash and the appended further data.
  - 5. The system of claim 4, wherein the further data includes all the data used to generate the hash.
  - 6. The system of claim 5, wherein the processing unit is configured to:
    - receive the encrypted data transmitted by the transaction terminal;
      
      decrypt the encrypted data by using the private key;
      
      generate a hash of the further data; and
      
      compare the generated hash of the further data with the hash included in the encrypted data transmitted by the transaction terminal, in order to determine whether or not they match.
  - 7. The system of claim 6, wherein the processing unit is configured to compare the biometric data included in the decrypted data to a biometric template stored on the database and which is associated with the personal identification information included in the decrypted data, in order to verify the identity of the user.
  - 8. The system of claim 1, wherein the user interface of said at least one transaction terminal includes:
    - a keyboard or keypad; and
      
      a display.

9. A method of securing the transmission of biometric data over an insecure network, the method including:
- receiving encrypted data from at least one transaction terminal; and
  
  decrypting, by using a processor, the encrypted data using an associated unique private key, wherein the decrypted data includes a hash of at least personal identification information of a user, biometric data of the user and a transaction code.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the decrypted data further includes additional data to the hash, and wherein the method includes:
    - generating, by using a processor, a hash of the said additional data; and
      
      comparing, by using a processor, the generated hash with the hash included in the decrypted data in order to determine whether or not they match.
  - 11. The method of claim 10, which further includes, if it is determined that the generated hash and the hash included in the decrypted data match:
    - querying a database in order to retrieve a biometric template which is associated with the personal identification information included in the decrypted data; and
      
      comparing, by using a processor, the biometric data included in the decrypted data with the biometric template in order to verify the identity of the user.
  - 12. The method of claim 10, wherein the decrypted data relates to a transaction, and the method further includes, if it is determined that the generated hash and the hash included in the decrypted data match, querying a database in order to determine whether or not the transaction code has been used in a previous transaction.
  - 13. The method of claim 10, wherein the decrypted data relates to a transaction, and the decrypted data further includes vendor identification information and current time data relating to the transaction.
  - 14. The method of claim 13, wherein the method further includes, if it is determined that the generated hash and the hash included in the decrypted data match, comparing, by using a processor, the said current time data with the actual current time and determining, by using a processor, whether or not a difference in time between the actual current time and a time indicated by the current time data falls within pre-determined limits.

15. A method of securing the transmission of biometric data over an insecure network, the method including:
- receiving personal identification information and biometric data of a user via a user interface and generating a unique transaction code by using a processor;
  
  generating, by using a processor, a hash of at least the received personal identification information, the received biometric data and the transaction code;
  
  encrypting, by using a processor, the hash using a unique private key; and
  
  transmitting the encrypted data over the insecure network.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, wherein the transmission of the encrypted data over the insecure network is transmitted to a processing unit which is associated with a secure database, and the method therefore includes transmitting the encrypted data over the insecure network to the processing unit.
  - 17. The method of claim 16, which includes:
    - appending further data to the hash, by using a processor, wherein the further data includes the same data included in the hash; and
      
      encrypting the hash and the appended data using the unique private key, by using a processor.
  - 18. The method of claim 17, which includes, after transmitting the encrypted data to the processing unit, receiving encrypted data from the processing unit and decrypting, by using a processor, the encrypted data received from the processing unit by using an associated unique private key.
  - 19. The method of claim 18, wherein the decrypted data includes a hash of information of at least one bank account which is associated with the user, as well as additional data to the hash, and wherein the method further includes:
    - generating, by using a processor, a hash of the said additional data; and
      
      comparing, by using a processor, the generated hash with the hash included in the decrypted data in order to determine whether or not they match, wherein a match indicates that the additional data corresponds with the data of the hash which is included in the decrypted data.

20. A transaction terminal which includes:
- a user interface which is configured to receive personal identification information input by a user;
  
  a biometric scanner which is configured/arranged to read biometric data of the user;
  
  a communication interface which is configured to transmit data to and receive data from a processing unit which is associated with a secure database over an insecure network, the transaction terminal having a unique serial number and an associated unique private key; and
  
  a processor which is configured to receive personal identification information via the user interface from a user participating in a transaction;
  
  to receive biometric data from the user via the biometric scanner;
  
  to generate a unique transaction code;
  
  to generate a hash of at least the received personal identification information, the received biometric data and the unique transaction code;
  
  to encrypt at least the hash using said unique private key; and
  
  to transmit the encrypted data to the processing unit via the communication interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Asymptote Security LLC
Original Assignee
Asymptote Security LLC
Inventors
ISAKOW, Devon

Application Number

US14/197,456
Publication Number

US 20140258718A1
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/0861   using biometrical features,...

H04L 63/123   received data contents, e.g...

METHOD AND SYSTEM FOR SECURE TRANSMISSION OF BIOMETRIC DATA

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR SECURE TRANSMISSION OF BIOMETRIC DATA

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links