BIOMETRIC VERIFICATION WITH IMPROVED PRIVACY AND NETWORK PERFORMANCE IN CLIENT-SERVER NETWORKS

US 20140337635A1
Filed: 05/13/2014
Published: 11/13/2014
Est. Priority Date: 05/13/2013
Status: Active Grant

First Claim

Patent Images

1. A method of biometric authentication of a client-side authorized smart device user at least occasionally connected to a remote server via a communication network, comprising:

comparison by the smart device of an input biometric template corresponding to a biometric representation operably received by the smart device with a reference biometric template previously stored on the smart device and corresponding to a biometric representation of the user; and

reporting by the smart device of user authentication success/failure to the server based on the comparison of the input biometric template and the previously stored reference biometric template.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to improving the privacy of biometric information used in biometric authentication of identity by retaining all biometric information corresponding to a given user, and conducting all transactions related thereto (i.e., the actual authentication process) on a client (i.e., user) side of the system, thereby maximizing the user'"'"'s control over biometric information corresponding to himself and preventing the storage of biometric templates on third-party servers outside of the control of the concerned individual. In a particular example of the present invention, security for the biometric information is further enhanced by encrypting the biometric template (used as a comparison reference during authentication, as is known) stored on the client side and completely destroying an original unencrypted version of the template. Also specified is secure storage of encryption keys for encrypting biometric data at the client. In yet a further example of the present invention, authentication is preferably conducted using the encrypted biometric templates.

Citations

11 Claims

1. A method of biometric authentication of a client-side authorized smart device user at least occasionally connected to a remote server via a communication network, comprising:
- comparison by the smart device of an input biometric template corresponding to a biometric representation operably received by the smart device with a reference biometric template previously stored on the smart device and corresponding to a biometric representation of the user; and
  
  reporting by the smart device of user authentication success/failure to the server based on the comparison of the input biometric template and the previously stored reference biometric template.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein previously storing the reference biometric template corresponding to a biometric representation of the user comprises:
    - recording a biometric representation of the user on the client-side;
      
      converting the biometric representation of the user into an unencrypted reference biometric template;
      
      encrypting the unencrypted reference biometric template to obtain an encrypted reference biometric template; and
      
      storing the encrypted reference biometric template in a memory of the smart device and substantially simultaneously permanently deleting the recorded biometric representation of the user and the unencrypted reference biometric template.
  - 3. The method of claim 2, wherein the biometric representation operably received by the smart device corresponds to a person to be authenticated as the authorized user corresponding to the reference biometric template stored in the smart device, wherein the method further comprises:
    - reception by the smart device of the biometric representation of the person to be authenticated;
      
      converting the biometric representation of the person to be authenticated into an unencrypted input biometric template;
      
      encrypting the unencrypted input biometric template to obtain an encrypted reference biometric template; and
      
      storing the encrypted reference biometric template in a memory of the smart device and substantially simultaneously permanently deleting the recorded biometric representation of the user and the unencrypted reference biometric template.
  - 4. The method according to claim 1, wherein communication between the client-side smart device and the remote server is encrypted in both directions.
  - 5. The method according to claim 4, wherein communication between the client-side smart device and the remote server is encrypted in both directions using an SSL secure communication protocol.
  - 6. The method of claim 2, wherein the biometric representation of the user is recorded using a biometric representation detector either integral with or operably associated with the smart device.
  - 7. The method of claim 2, wherein encrypting the unencrypted reference biometric template comprises using a Revocable Hardwired Encryption Key.
  - 8. The method according to claim 3, wherein, prior to generating a new reference biometric template corresponding to a subsequent legitimate user of the smart device, the current user of the smart device must authenticate himself in order to permit generation and retention of the new reference biometric template corresponding to the subsequent legitimate user of the smart device.
  - 9. The method according to claim 1, wherein the biometric representation is one of fingerprints, retinal vein patterns, facial structure, iris patterns, voice prints, and palm prints.

10. A system for authenticating the identity of a smart device client user, comprising:
- a smart device constructed and arranged to selectively receive a biometric representation of an authorized user of the smart device, convert the biometric representation into a biometric reference template, and encrypt the biometric reference template, wherein the smart device comprises or is operably associated with a biometric representation reader for detecting and inputting the biometric representation of the authorized user; and
  
  at least one remote server in at least occasional electronic communication with the smart device client, and constructed and arranged to selectively send a request to a given smart device client user to authenticate himself, and to act in response to the authentication result transmitted back from the smart device client.
- View Dependent Claims (11)
- - 11. The system according to claim 10, wherein the biometric representation is one of fingerprints, retinal vein patterns, facial structure, iris patterns, voice prints, and palm prints.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ira Konvalinka
Original Assignee
Ira Konvalinka
Inventors
Konvalinka, Ira

Granted Patent

US 9,189,612 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 63/045   wherein the sending and rec...

H04L 63/0861   using biometrical features,...

H04L 63/166   at the transport layer

H04L 67/04   specially adapted for termi...

BIOMETRIC VERIFICATION WITH IMPROVED PRIVACY AND NETWORK PERFORMANCE IN CLIENT-SERVER NETWORKS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

BIOMETRIC VERIFICATION WITH IMPROVED PRIVACY AND NETWORK PERFORMANCE IN CLIENT-SERVER NETWORKS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links