Access Control Through Multifactor Authentication with Multimodal Biometrics

US 20150347734A1
Filed: 06/23/2015
Published: 12/03/2015
Est. Priority Date: 11/02/2010
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user of a computing device as an enrolled user of the computing device during a transaction, the method comprising:

i. determining whether the computing device is associated with the enrolled user;

ii. determining whether the user exhibits knowledge of a predetermined fact;

iii. determining the identity of the user based on at least one biometric challenge; and

iv. determining whether the user is a live person based on at least one liveness challenge.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided in which a person may use a Cellular (Mobile) Telephone, a PDA or any other handheld computer to make a purchase. This is an example only. The process may entail any type of transaction which requires authentication, such as any financial transaction, any access control (to account information, etc.), and any physical access scenario such as doubling for a passport or an access key to a restricted area (office, vault, etc.). It may also be used to conduct remote transactions such as those conducted on the Internet (E-Commerce, account access, etc.). In the process, a multifactor authentication is used.

233 Citations

44 Claims

1. A method of authenticating a user of a computing device as an enrolled user of the computing device during a transaction, the method comprising:
- i. determining whether the computing device is associated with the enrolled user;
  
  ii. determining whether the user exhibits knowledge of a predetermined fact;
  
  iii. determining the identity of the user based on at least one biometric challenge; and
  
  iv. determining whether the user is a live person based on at least one liveness challenge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, wherein:
    - the at least one biometric challenge comprises a multimodal biometric challenge.
  - 3. The method of claim 1, wherein:
    - the determining of i) includes identifying the computing device based on at least one device identifier associated with the computing device.
  - 4. The method of claim 3, wherein:
    - the at least one device identifier is selected from the group consisting of a unique identifier (UUID), IP address, MAC address, subscriber identifier, caller ID, radio-frequency ID (RFID), near field communication (NFC) ID, Bluetooth ID, CPU information, OS information, and a random sequence.
  - 5. The method of claim 1, wherein:
    - the determining of ii) includes challenging the user to provide at least one of a passcode, a PIN, predefined keywords or phrases, facial expressions, body movements, at least one speech or vocal sample, at least one handwriting sample, at least one audio sample, and a brain computer interface signal.
  - 6. The method of claim 1, wherein:
    - the determining of iii) involvesgenerating and storing a biometric model of the enrolled user during enrollment,obtaining at least one biometric test sample of the user, andprocessing the at least one biometric test sample of the user in conjunction with the stored biometric model of the enrolled user in order to determine whether the user is the enrolled user.
  - 7. The method of claim 6, further comprising:
    - comparing the at least one biometric test sample of the user to the stored biometric model of the enrolled user in order to determine whether or not the user is the enrolled user.
  - 8. The method of claim 6, further comprising:
    - using the at least one biometric test sample of the user to derive a test biometric model, andcomparing the test biometric model to the stored biometric model of the enrolled user in order to determine whether the user is the enrolled user.
  - 9. The method of claim 6, wherein:
    - the at least one biometric test sample of the user is also used as part of the determining of ii) and/or the determining of iv).
  - 10. The method of claim 6, wherein:
    - the biometric test sample of the user and the stored biometric model of the enrolled user involves at least one of speaker recognition, image-based or audio-based ear recognition, face recognition, fingerprint recognition, palm recognition, hand-geometry recognition, iris recognition, retinal scan, thermographic image recognition, vein recognition, signature verification, keystroke dynamics recognition, and brain wave recognition using a brain-computer interface (BCI).
  - 11. The method of claim 6, further comprising:
    - comparing distance between the at least one biometric test sample and the biometric model of the enrolled user with distance between the at least one biometric test sample and at least one competing model in order to determine whether the user is the enrolled user.
  - 12. The method of claim 11, wherein:
    - the least one competing model comprises a plurality of biometric models of user clusters.
  - 13. The method of claim 1, wherein:
    - the determining of iv) involves eliciting a response from the user in response to a prompt.
  - 14. The method of claim 13, wherein:
    - the response includes at least one of speech uttered by the user reading a displayed random prompt, a valid response to a random question, a facial or hand gesture including handwriting, generating non-speech audio response including whistling, tapping, and clapping, gait or pose of the user, brainwave activity of the user.
  - 15. The method of claim 1, wherein:
    - the computing device is one of a mobile computing device and a stationary computing device.
  - 16. The method of claim 1, further comprising:
    - selectively processing the transaction based on the results of the determinations of i), ii), iii) and iv).
  - 17. The method of claim 16, further comprising:
    - generating a plurality of scores for two or more of the determination of i), ii), iii) and iv);
      
      combining the plurality of scores to derive a resultant score; and
      
      comparing the resultant score to a threshold in order to authenticate the user and selectively process the transaction.
  - 18. The method of claim 16, further comprising:
    - employing the determinations of i), ii), iii) and iv) for a number of users in series in order to authenticate the number of users and selectively process the transaction for the number of users.
  - 19. The method of claim 16, wherein:
    - the processing of the transaction involves granting at least one user access to a physical location.
  - 20. The method of claim 19, wherein:
    - granting the at least one user access to a physical location includes unlocking a door.
  - 21. The method of claim 16, wherein:
    - the processing of the transaction involves granting at least one user access to data and/or applications stored locally on the computing device or data and/or applications stored remotely from the computing device.
  - 22. The method of claim 21, wherein:
    - the processing of the transaction involves granting at least one user access to data and/or applications stored locally on the computing device that includes personal records of the user stored on the computing device.
  - 23. The method of claim 22, wherein:
    - the personal records of the user includes data selected from personal health data of the user and personal financial data of the user.
  - 24. The method of claim 21, wherein:
    - the processing of the transaction involves granting at least one user access to data and/or applications stored locally on the computing device that includes digital cash of the user stored on the computing device.
  - 25. The method of claim 21, wherein:
    - the processing of the transaction involves granting at least one user access to data and/or applications stored remotely from the computing device for remote home automation control.
  - 26. The method of claim 1, wherein:
    - at least the determination of iii) involves at least one biometric model of the enrolled user stored in encrypted form on the computing device, wherein authenticity of the at least one biometric model is verified through exchange of information with a certificate authority.

27. A transaction processing method comprising:
- i) registering authentication software that executes on a computing device of an enrolled user with a certificate authority, thereby generating software certificate reference data;
  
  ii) registering the software certificate reference data in association with the enrolled user with a transaction authority; and
  
  iiii) communicating with the transaction authority to validate that the software certificate reference data associated with the authentication software that executes on the computing device matches the software certificate reference data stored by the transaction authority in order to authenticate a user of the computing device as the enrolled user and selectively process a transaction via operation of the computing device of the enrolled user.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The transaction processing method of claim 27, wherein:
    - authentication of the user of the computing device as the enrolled user further involves;
      
      i. determining whether the computing device is associated with the enrolled user;
      
      ii. determining whether the user exhibits knowledge of a predetermined fact;
      
      iii. determining the identity of the user based on at least one biometric challenge; and
      
      iv. determining whether the user is a live person based on at least one liveness challenge.
  - 29. The transaction processing method of claim 28, wherein:
    - at least the determination of iii) involves at least one biometric model of the enrolled user stored in encrypted form on the computing device, wherein authenticity of the at least one biometric model is verified through exchange of information with a certificate authority.
  - 30. The transaction processing method of claim 27, wherein:
    - the software certificate reference data comprises a signed hashed value provided by a certificate authority based on a code signature of the authentication software that executes on the computing device.
  - 31. The transaction processing method of claim 27, wherein:
    - the validation that the software certificate reference data associated with the authentication software that executes on the computing device matches the software certificate reference data stored by the transaction authority involves;
      
      hashing the software certificate using a hashing function;
      
      sending an encrypted value of the hashed certificate to the transaction authority; and
      
      comparing, at the transaction authority, the encrypted value of the hashed certificate with a hashed certificate that was previously stored at the transaction authority.
  - 32. The transaction processing method of claim 27, further comprising:
    - transmitting encrypted transaction information to the transaction authority through a point of service registered with the transaction authority.
  - 33. The transaction processing method of claim 32, wherein:
    - the point of service is selected from the group including a point of sale terminal, an e-commerce website, a door access control device, and a virtual data access control.
  - 34. The transaction processing method of claim 33, wherein:
    - the point of service and computing device are integrated together.
  - 35. The transaction processing method of claim 27, wherein:
    - the functionality of the transaction authority is carried out by the computing device.

36. A method of controlling access to a physical location by operation of a computing device whose execution provides a physical access control interface, the method comprising:
- configuring the physical access control interface to selectively grant access to the physical location based a number of operations, includingi. determining whether a user of the physical access control interface exhibits knowledge of a predetermined fact,ii. determining the identity of the user of the physical access control interface based on at least one biometric challenge, andiii. determining whether the user of the physical access control interface is a live person based on at least one liveness challenge.
- View Dependent Claims (37, 38, 39, 40)
- - 37. The method of claim 36, further comprising:
    - determining whether the user of the physical access control interface belongs to a class of enrolled users that is permitted access to a physical location.
  - 38. The method of claim 36, wherein:
    - the at least one biometric challenge comprises a multimodal biometric challenge.
  - 39. The method of claim 36, wherein:
    - selectively granting access to the physical location involves unlocking a door.
  - 40. The method of claim 36, further comprising:
    - employing the determinations of i), ii), iii) for a number of users in series in order to authenticate the number of users and selectively grant access to the physical location for the number of users.

41. A method of controlling access to personal health data of an enrolled user stored on a computing device, the method comprising:
- i. determining whether the computing device is associated with the enrolled user;
  
  ii. determining whether a user of the computing device exhibits knowledge of a predetermined fact;
  
  iii. determining the identity of the user of the computing device based on at least one biometric challenge; and
  
  iv. determining whether the user of the computing device is a live person based on at least one liveness challenge.
- View Dependent Claims (42, 43, 44)
- - 42. The method of claim 41, wherein:
    - the at least one biometric challenge comprises a multimodal biometric challenge.
  - 43. The method of claim 41, further comprising:
    - selectively granting access to the personal health data of the enrolled user stored on a computing device based on the results of the determinations of i), ii), iii) and iv).
  - 44. The method of claim 42, further comprising:
    - retrieving at least a portion of the personal health data stored on the computing device; and
      
      authorizing the release of the at least a portion of the personal health data stored on the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Homayoon Beigi
Original Assignee
Homayoon Beigi
Inventors
Beigi, Homayoon

Granted Patent

US 10,042,993 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/6245   Protecting personal data, e...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3827   Use of message hashing

G06Q 20/409   Device specific authenticat...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0861   using biometrical features,...

H04L 9/006   involving public key infras...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04W 12/069   using certificates or pre-s...

Access Control Through Multifactor Authentication with Multimodal Biometrics

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

233 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Access Control Through Multifactor Authentication with Multimodal Biometrics

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

233 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links