METHOD FOR GENERATING PUBLIC IDENTITY FOR AUTHENTICATING AN INDIVIDUAL CARRYING AN IDENTIFICATION OBJECT

US 20150046699A1
Filed: 03/18/2013
Published: 02/12/2015
Est. Priority Date: 03/19/2012
Status: Active Grant

First Claim

Patent Images

1-22. -22. (canceled)

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for generating a public identity for authenticating an individual carrying an identification object, the method including: entering an initial biometric datum of the individual; generating a first key from the biometric datum; generating a second key derived from a datum generated by a security component of the object; generating an initial encryption key combining the first key and the second key; communicating with a server a first identity of the individual in connection with the initial encryption key; generating by the server a public identity by encrypting the first identity using the initial encryption key, the public identity being stored by the server in connection with the initial encryption key. The public identity is not significant, but is secured by a strong connection between the object and biometry of the individual.

25 Citations

View as Search Results

35 Claims

1-22. -22. (canceled)

23. A method for verifying an identity of a user of a communicating terminal, comprising:
- a preliminary operation comprising;
  
  communicating a first piece of identity data of the user to at least one server,generating at the server a second piece of identity data of the user, the second piece of data defining a derived identity of the user, andstoring the second piece of identity data in a secure memory of the terminal;
  
  a current operation for identity verification, comprising;
  
  transmitting a token for encryption, from the server to the terminal,using the second piece of data at the terminal at least to generate an encryption of the token, the encrypted token being transmitted to the server and verified by the server, andin case of positive verification of the encrypted token by the server, the server validates the identity verification of the user of the terminal.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 24. The method according to claim 23, wherein the encryption uses a public key infrastructure, the derived identity data at least being used for generating an encryption key.
  - 25. The method according to claim 23, wherein the derived identity data is a digital certificate certifying the encryption by the terminal.
  - 26. The method according to claim 23, wherein, in case of positive verification, the encrypted token is associated with a digital identification certificate for the user.
  - 27. The method according to claim 23, wherein the communicating the first piece of identity data of the user to the server is authorized after verification of biometric data of the user of the terminal.
  - 28. The method according to claim 23, wherein the current operation further comprises verification of user-specific data before initiating, on the terminal, the using of the second piece of data for encryption of the token.
  - 29. The method according to claim 23, wherein a plurality of preliminary operations are executed, with a plurality of communications of the first piece of identity data of the user to a plurality of servers, each server generating the respective second pieces of identity data of the user, each second piece of data defining a derived identity of the user, each derived identity being specific to a service for which access is dependent on encrypted token verification on a server dedicated to the service.
  - 30. The method according to claim 23, wherein the communicating the first piece of identity data to the server is carried out via a reader including a module for short-range or wired communication,and, the terminal comprising a corresponding module for short-range or wired communication, the second piece of data is transmitted from the server to the reader, then from the reader to the terminal by short-range or wired communication.
  - 31. The method according to claim 23, wherein the transmitting the token for encryption and/or the encrypted token, between the server and the terminal, is performed via a device requesting access to a service associated with the server, access to the service being dependent on verification of the identity of the user from the user terminal in the current operation.
  - 32. The method according to claim 31, wherein the transmitting the token for encryption and/or the encrypted token, between the terminal and the device, is performed by a short-range or wired communication,the terminal including a module for short-range or wired communication and the device comprising a corresponding module for short-range or wired communication.
  - 33. The method according to claim 23, wherein the transmitting the token for encryption, from the server to the terminal, is performed using a mobile network, and transmission of the encrypted token from the terminal to the server is performed via a device requesting access to a service associated with the server, access to the service being dependent on verification of the identity of the user from the user terminal in the current operation.
  - 34. The method according to claim 23, wherein the transmitting the token for encryption, from the server to the terminal, is performed via a device requesting access to a service associated with the server, and transmission of the encrypted token from the terminal to the server is performed using a mobile network, access to the service being dependent on verification of the identity of the user from the user terminal in the current operation.
  - 35. A system for verifying the identity of a user, comprising at least a terminal and a server for implementing the method according to claim 23.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IDEMIA Identity and Security France SAS (Advent International Corporation)
Original Assignee
Morpho (Advent International Corporation)
Inventors
Benteo, Bruno, Bertiaux, Philippe

Granted Patent

US 10,007,773 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/6227   where protection concerns t...

H04L 63/0861   using biometrical features,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04W 12/068   using credential vaults, e....

METHOD FOR GENERATING PUBLIC IDENTITY FOR AUTHENTICATING AN INDIVIDUAL CARRYING AN IDENTIFICATION OBJECT

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR GENERATING PUBLIC IDENTITY FOR AUTHENTICATING AN INDIVIDUAL CARRYING AN IDENTIFICATION OBJECT

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links