Method and system for improving security in network applications

US 6,076,167 A
Filed: 08/11/1997
Issued: 06/13/2000
Est. Priority Date: 12/04/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of enhancing network security comprising the steps of:

(a) initiating a communication session between a first computer and a second other computer;

(b) transmitting from the first computer to the second other computer in communication therewith a process for securing communications therebetween;

(c) characterising biometric information received at the second other computer with the process and transmitting to the first computer data in dependence upon the characterisation; and

,(d) securing communications on the first computer using a process for receiving the secured information and performing one of reversing the securing process and analysing the secured information on the first computer and associated with the transmitted process.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of enhancing network security is provided for a communication session initiated between a first computer and a second other computer. From the first computer to the second computer in communications therewith a process for securing communications therebetween is transmitted. One such process is a biometric characterisation process for characterising fingerprints. The process is for execution on the second computer and is selected to be compatible therewith. Communications from the second computer to the first computer are secured using the transmitted process on the second computer and using, on the first computer, a compatible process to the transmitted process. The host computer can modify or replace the process or data particular to the process before each session, during a session, or at intervals.

Citations

18 Claims

1. A method of enhancing network security comprising the steps of:
- (a) initiating a communication session between a first computer and a second other computer;
  
  (b) transmitting from the first computer to the second other computer in communication therewith a process for securing communications therebetween;
  
  (c) characterising biometric information received at the second other computer with the process and transmitting to the first computer data in dependence upon the characterisation; and
  
  ,(d) securing communications on the first computer using a process for receiving the secured information and performing one of reversing the securing process and analysing the secured information on the first computer and associated with the transmitted process.
- View Dependent Claims (2)
- - 2. A method of enhancing network security as defined in claim 1 wherein the step of (d) securing communications on the first computer using a process associated with the transmitted process comprises the step of receiving the data, registering the data against templates of biometric information determined in accordance with a compatible characterisation process to produce a registration result and, when the registration result is within a predetermined range performing one of identifying a source of the biometric information and authorising the second other computer to access information stored on the first computer.

3. A method of enhancing network security comprising the steps of(a) initiating a communication session between a first computer and a second other computer;
- (b) transmitting from the first computer to the second other computer in communication therewith a process for characterising user authorisation information comprising a non reversible transformation of the information;
  
  (c) characterising user authorisation information received at the second other computer to produce data using the process for characterising user authorisation information;
  
  (d) transmitting the data to the first computer; and
  
  (e) comparing the data received by the first computer to information on the first computer to determine a value and when the value is within predetermined limits performing one of identifying a source of the authorisation information and authorising access from the second other computer to information secured by the first computer, wherein the user authorisation information is biometric information.
- View Dependent Claims (4, 5, 6, 7, 8)
- - 4. A method of enhancing network security as defined in claim 3 wherein the user authorisation information comprises a fingerprint.
  - 5. A method of enhancing network security as defined in claim 3 comprising the step ofproviding data indicative of a user identity to the second other computer;
    - and,transmitting the data indicative of a user identity to the first computer wherein the user authorisation information is biometric information, wherein the process is selected by the first computer in dependence upon data indicative of a user identity, and wherein the process for characterising user authorisation information transmitted to the second other computer comprises the step of extracting features from the biometric information.
  - 6. A method of enhancing network security as defined in claim 3 wherein the user authorisation information is biometric information comprising the steps ofproviding a biometric information sample to a biometric input device in communication with the second other computer;
    - providing data indicative of a biometric information source of the biometric information sample;
      
      providing data indicative of a user identity;
      
      transmitting to the first computer the data indicative of a user identity and the biometric information source;
      
      selecting a process from a plurality of processes associated with one of a plurality of templates associated with the identified biometric information source of the identified individual;
      
      and wherein the step of (e) performing one of identifying a source of the biometric information and authorising access from the second other computer to information secured by the first computer comprises the step of determining within predetermined level of security whether the biometric information provided is from a same individual as that identified.
  - 7. A method of enhancing network security as defined in claim 3 wherein the user authorisation information is biometric information comprising the steps ofproviding data indicative of a user identity;
    - wherein the process comprises one of a plurality of processes associated with the data indicative of a user identity and wherein the process comprises the step of;
      
      prompting the user to provide a biometric information sample from a predetermined biometric information source to a biometric input device in communication with the second other computer;
      
      and wherein the step of (e) performing one of identifying a source of the biometric information and authorising access from the second other computer to information secured by the first computer comprises the step of determining within predetermined level of security whether the biometric information provided is from a same individual as the user identity.
  - 8. A method of enhancing network security as defined in claim 7 comprising the steps of:
    - when the determination is not with a predetermined level of security, repeating steps (b), (c), (d) and (e).

9. A method of enhancing network security comprising the steps of(a) initiating a communication session between a first computer and a second other computer;
- (b) transmitting from the first computer to the second other computer in communication therewith a process for characterising biometric information;
  
  (c) providing a biometric information sample from a biometric information source to the second other computer using a biometric input device;
  
  (d) characterising the biometric information sample provided to the second other computer according to the process transmitted from the first computer to produce data;
  
  (e) transmitting the data to the first computer; and
  
  (f) comparing the data received by the first computer during the session to information on the first computer to determine with a predetermined level of security an identification of an individual by whom the biometric information sample was provided.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. A method of improving network communication security for a system having a first computer in communications with a second other computer as defined in claim 9 comprising the step of replacing the process at intervals.
  - 11. A method of enhancing network security as defined in claim 9 comprising the steps of:
    - providing to the second other computer data indicative of a user identity; and
      
      transmitting to the first computer the data indicative of the user identity.
  - 12. A method of enhancing network security as defined in claim 11 comprising the step of:
    - selecting from a plurality of processes a process associated with the data indicative of a user identity wherein the process transmitted from the first computer to the second other computer is the selected process.
  - 13. A method of enhancing network security as defined in claim 9 comprising the steps of:
    - (c2) providing a second biometric information sample from a second other biometric information source to the second other computer using a biometric input device;
      
      (d2) characterising the second biometric information sample provided to the second other computer according to the process transmitted from the first computer to produce second data;
      
      (e2) transmitting the second data to the first computer; and
      
      wherein the step of (f) comparing the data received by the first computer during the session to information on the first computer to determine with a predetermined level of security an identification of an individual by whom the biometric information sample was provided comprises the steps of;
      
      registering data and a template to determine a registration value;
      
      registering second data and a second template to determine a second registration value;
      
      determining if a point in a multidimensional space and having co-ordinates corresponding substantially to the registration value and the second registration value falls within a multi-dimensional range determined in dependence upon a predetermined false acceptance rate.
  - 14. A method of enhancing network security as defined in claim 9 comprising the steps of:
    - (c2) providing a second biometric information sample from a second other biometric information source to the second other computer using a biometric input device;
      
      (d2) characterising the second biometric information sample provided to the second other computer according to the process transmitted from the first computer to produce second data;
      
      (e2) transmitting the second data to the first computer; and
      
      wherein the step of (f) comparing the data received by the first computer during the session to information on the first computer to determine with a predetermined level of security an identification of an individual by whom the biometric information sample was provided comprises the step of;
      
      determining within predetermined level of security whether the plurality of biometric information samples provided are from a same known individual.

15. A method of enhancing network security comprising the steps of(a) initiating a communication session between a first computer and a second other computer;
- (b) transmitting from the first computer to the second other computer in communication therewith a process for execution on the second other computer for characterising biometric information, the process comprising the steps of;
  
  accepting a first biometric information sample from a biometric source of the individual to a biometric input device in communication with a host processor, andusing the processor of the second other computer, characterising the biometric information sample;
  
  (c) executing the process on the second other computer;
  
  (d) transmitting the characterised first biometric information to the first computer;
  
  (e) using the processor of the first computer, registering the characterised first biometric information sample with a first template to produce a first registration value;
  
  (f) when the first registration value is within predetermined limits, identifying the individual; and
  
  ,(g) when the first registration value is within other predetermined limits, transmitting a signal indicative of such to the second other computer and performing the steps of;
  
  (g1) executing the process on the second other computer with another different biometric information source,(g2) transmitting the characterised first biometric information to the first computer,(g3) using the processor of the first computer, registering the current biometric information sample with a template to produce a current registration value,(g4) when the first registration value and the current registration value are within predetermined limits, identifying the individual, and(g5) when the first registration value and the current registration value are within second other predetermined limits, repeating step (g).
- View Dependent Claims (16, 17, 18)
- - 16. A method of improving network communication security for a system having a first computer in communications with a second other computer as defined in claim 15 comprising the step of replacing the process at intervals.
  - 17. A method of enhancing network security as defined in claim 15 comprising the step ofproviding data indicative of a user identity to the second other computer;
    - and,transmitting the data indicative of a user identity to the first computer wherein the process for characterising biometric information transmitted to the second other computer is selected by the first computer in dependence upon data indicative of a user identity.
  - 18. A method of enhancing network security as defined in claim 15 wherein the step of(g) when the first registration value is within other predetermined limits, transmitting a signal indicative of such to the second other computer and performing the steps of:
    - (g1) executing the process on the second other computer with another different biometric information source,(g2) transmitting the characterised first biometric information to the first computer,(g3) using the processor of the first computer, registering the current biometric information sample with a template to produce a current registration value,(g4) when the first registration value and the current registration value are within predetermined limits, identifying the individual, and(g5) when the first registration value and the current registration value are within second other predetermined limits, repeating step (g);
      
      comprises the step of;
      
      (g0) transmitting from the first computer to the second other computer in communication therewith a process for execution on the second other computer for characterising biometric information, the process comprises the steps of;
      
      accepting a current biometric information sample from a biometric source of the individual to a biometric input device in communication with a host processor;
      
      using the processor of the second other computer, characterising the current biometric information sample,wherein the process for characterising the current biometric information transmitted to the second other computer is selected by the first computer in dependence upon a previous registration value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Activcard Ireland, Limited (Assa Abloy AB)
Original Assignee
DEW Engineering and Development Limited (Trelleborg AB)
Inventors
Borza, Stephen J.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Shaw, Brian H.

Application Number

US08/907,958
Time in Patent Office

1,037 Days
Field of Search

395/187.01, 395/188.01, 395/200.59, 713/201, 713/202, 709/229, 380/4, 380/23, 380/25
US Class Current

726/5
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/445   by mutual authentication, e...

G06Q 20/40145   Biometric identity checks

G07C 9/37   using biometric data, e.g. ...

H04L 63/0442   wherein the sending and rec...

Method and system for improving security in network applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for improving security in network applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links