Trusted biometric client authentication

US 6,167,517 A
Filed: 04/09/1998
Issued: 12/26/2000
Est. Priority Date: 04/09/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for authenticating an identity of a user in order to secure access to a host system, comprising:

receiving, at the host system, an identifier for the user from a client system;

retrieving, at the host system, a template containing biometric data associated with the user, the template being retrieved from a database of templates by the host system;

sending the template to the client system;

waiting for the client system to compare the template with a biometric sample gathered from the user to produce a comparison result, and to compute a first message digest using the template, the comparison result and an encryption key;

receiving, at the host system, the first message digest from the client system;

computing, at the host system, a second message digest using the template, a comparison result indicating a successful match between the biometric sample and the template, and the encryption key;

comparing, at the host system, the first message digest and the second message digest; and

allowing the user to access the host system if the first message digest matches the second message digest;

wherein using the template in computing the second message digest provides an additional measure of security because the first message digest will not match the second message digest unless the client system also used the template in computing first message digest, which indicates that the client computed the comparison result using the template.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a method for authenticating an identity of a user in order to secure access to a host system. In this embodiment, the host system receives an identifier for the user from a client system. This identifier is used to retrieve a template containing biometric data associated with the user, and this template is returned to the client. The client then gathers a biometric sample from the user, and compares this biometric sample with the template to produce a comparison result. Next, the client computes a message digest using the template, the comparison result and an encryption key, and sends the message digest to the host system. This computation takes places within a secure hardware module within the client computing system that contains a secure encryption key in order to guard against malicious users on the client system. Next, the host system receives the message digest and authenticates the user by determining whether the message digest was computed using the template, the encryption key, and a comparison result indicating a successful match between the biometric sample and the template. If so, the host has confidence that the client has successfully matched the template with the biometric sample, and the client is allowed to access a service on the host system. By requiring the secure hardware in the client system to include the template in the message digest, the host system can guard against a malicious user who substitutes another template to gain unauthorized access to the host system. In a variation on this embodiment, the host system retrieves the template from a centralized repository for templates.

359 Citations

45 Claims

1. A method for authenticating an identity of a user in order to secure access to a host system, comprising:
- receiving, at the host system, an identifier for the user from a client system;
  
  retrieving, at the host system, a template containing biometric data associated with the user, the template being retrieved from a database of templates by the host system;
  
  sending the template to the client system;
  
  waiting for the client system to compare the template with a biometric sample gathered from the user to produce a comparison result, and to compute a first message digest using the template, the comparison result and an encryption key;
  
  receiving, at the host system, the first message digest from the client system;
  
  computing, at the host system, a second message digest using the template, a comparison result indicating a successful match between the biometric sample and the template, and the encryption key;
  
  comparing, at the host system, the first message digest and the second message digest; and
  
  allowing the user to access the host system if the first message digest matches the second message digest;
  
  wherein using the template in computing the second message digest provides an additional measure of security because the first message digest will not match the second message digest unless the client system also used the template in computing first message digest, which indicates that the client computed the comparison result using the template.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 24)
- - 2. The method of claim 1, further comprising if the first message digest does not match the second message digest:
    - computing, at the host system, a third message digest using the template, a comparison result indicating an unsuccessful match between the biometric sample and the template, and the encryption key;
      
      comparing the first message digest and the third message digest;
      
      if the first message digest matches the third message digest, sending a message to the client system to retry the comparison with a new biometric sample; and
      
      if the first message digest does not match the third message digest, logging an alarm to indicate an intruder may be attempting to gain unauthorized access to the host system.
  - 3. The method of claim 1, further comprising sending a randomized number from the host system to the client system;
    - andwherein the second message digest and the first message digest are both computed using the randomized number.
  - 4. The method of claim 1, further comprising sending a comparison threshold to the client system, the comparison threshold indicating how closely the biometric sample taken from the user must match the template in order to allow the user to access the host system.
  - 5. The method of claim 4, wherein the first message digest and the second message digest are both computed using the comparison threshold.
  - 6. The method of claim 1, wherein the template includes finger print data.
  - 7. The method of claim 1, wherein the template includes retinal scan data.
  - 8. The method of claim 1, wherein the template includes voice data.
  - 9. The method of claim 1, wherein the template includes handwriting data.
  - 10. The method of claim 1, wherein computing the first message digest and computing the second message digest both include computing an MD5 checksum.
  - 11. The method of claim 1, wherein retrieving the template includes retrieving the template from a centrally managed repository for templates.
  - 12. The method of claim 1, wherein retrieving the template includes retrieving the template from a database on the host system.
  - 13. The method of claim 1, wherein allowing the user to access the host system includes allowing the user to access a database system.
  - 14. The method of claim 1, wherein waiting for the client system includes waiting for secure hardware in the client system to compare the template with a biometric sample gathered from the user to produce a comparison result, and to compute a first message digest using the template, the comparison result and an encryption key.
  - 24. The method of claim 14, wherein computing the first message digest includes computing an MD5 checksum.

15. A method for authenticating an identity of a user in order to secure access to a host system, comprising:
- sending an identifier for the user to the host system;
  
  receiving, from the host system, a template containing biometric data associated with the user, the template being retrieved from a database of templates by the host system;
  
  gathering a biometric sample from the user;
  
  comparing the template with the biometric sample to produce a comparison result;
  
  computing a first message digest using the template, the comparison result and an encryption key;
  
  sending the first message digest to the host system; and
  
  receiving access to the host system if the host system determines that the first message digest matches a second message digest computed at the host system using the template, a comparison result indicating a successful match between the biometric sample and the template and the encryption key;
  
  wherein using the template in computing the second message digest provides an additional measure of security because the first message digest will not match the second message digest unless the client system also used the template in computing first message digest, which indicates that the client computed the comparison result using the template.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The method of claim 15, wherein comparing the template and computing the first message digest both take place inside of a secure hardware module within the client system that contains the encryption key.
  - 17. The method of claim 15, further comprising receiving a randomized number from the host system;
    - andwherein computing the first message digest includes using the randomized number, and computing the second message digest includes using the randomized number.
  - 18. The method of claim 15, further comprising receiving a comparison threshold from the host system, the comparison threshold indicating how closely a biometric sample taken from a user must match the template in order to allow the user to access the host system.
  - 19. The method of claim 18, wherein computing the first message digest includes using the comparison threshold, and computing the second message digest includes using the comparison threshold.
  - 20. The method of claim 15, wherein the template includes fingerprint data.
  - 21. The method of claim 15, wherein the template includes retinal scan data.
  - 22. The method of claim 15, wherein the template includes voice data.
  - 23. The method of claim 15, wherein the template includes handwriting data.

25. A method for authenticating an identity of a user in order to secure access to a host system, comprising:
- receiving, at the host system, an identifier for the user from a client system;
  
  retrieving, at the host system, a template containing biometric data associated with the user from a database of templates;
  
  sending the template to the client system;
  
  receiving the template at the client system;
  
  gathering, at the client system, a biometric sample from the user;
  
  comparing, at the client system, the template with the biometric sample to produce a comparison result;
  
  computing, at the client system, a first message digest using the template, the comparison result and an encryption key;
  
  sending the first message digest to the host system;
  
  receiving, at the host system, the first message digest;
  
  computing, at the host system, a second message digest using the template, a comparison result indicating a successful match between the biometric sample and the template, and the encryption key;
  
  comparing, at the host system, the first message digest and the second message digest; and
  
  allowing the user to access the host system if the first message digest matches the second message digest;
  
  wherein using the template in computing the second message digest provides an additional measure of security because the first message digest will not match the second message digest unless the client system also used the template in computing first message digest, which indicates that the client computed the comparison result using the template.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The method of claim 25, further comprising sending a randomized number from the host system to the client system;
    - andwherein the second message digest and the first message digest are both computed using the randomized number.
  - 27. The method of claim 25, further comprising sending a comparison threshold from the host system to the client system, the comparison threshold indicating how closely the biometric sample taken from the user must match the template in order to allow the user to access the host system.
  - 28. The method of claim 27, wherein the first message digest and the second message digest are both computed using the comparison threshold.
  - 29. The method of claim 25, wherein comparing the template and computing the first message digest at the client system both take place inside of a secure hardware module within the client system that contains the encryption key.

30. A method for authenticating an identity of a user in order to secure access to a host system, comprising:
- receiving, from the host system, a randomized number;
  
  gathering a biometric sample from the user;
  
  computing a first message digest using the biometric sample, the randomized number and an encryption key;
  
  sending the biometric sample and the first message digest to the host system;
  
  receiving access to the host system if the host system determines that the biometric sample matches a template containing biometric data associated with the user, and that the first message digest matches a second message digest computed at the host system using the biometric sample, the randomized number and the encryption key;
  
  wherein the template is retrieved from a database of templates by the host system; and
  
  wherein using the template in computing the second message digest provides an additional measure of security because the first message digest will not match the second message digest unless the client system also used the template in computing first message digest, which indicates that the client computed the comparison result using the template.

31. A program storage device storing instructions that when executed by a computer perform a method for authenticating an identity of a user in order to secure access to a host system, comprising:
- receiving, at the host system, an identifier for the user from a client system;
  
  retrieving, at the host system, a template containing biometric data associated with the user, the template being retrieved from a database of templates by the host system;
  
  sending the template to the client system;
  
  waiting for the client system to compare the template with a biometric sample gathered from the user to produce a comparison result, and to compute a first message digest using the template, the comparison result and an encryption key;
  
  receiving, at the host system, the first message digest from the client system;
  
  computing, at the host system, a second message digest using the template, a comparison result indicating a successful match between the biometric sample and the template, and the encryption key;
  
  comparing, at the host system, the first message digest and the second message digest; and
  
  allowing the user to access the host system if the first message digest matches the second message digest;
  
  wherein using the template in computing the second message digest provides an additional measure of security because the first message digest will not match the second message digest unless the client system also used the template in computing first message digest, which indicates that the client computed the comparison result using the template.

32. An apparatus for authenticating an identity of a user in order to secure access to a host system, comprising:
- the host system;
  
  a mechanism within the host system that receives an identifier for the user from a client system;
  
  a mechanism within the host system that retrieves a template containing biometric data associated with the user from a database of templates;
  
  a mechanism within the host system that sends the template to the client system;
  
  a mechanism within the host system that receives a first message digest from the client system;
  
  a mechanism within the host system that computes a second message digest using the template, an encryption key, and a comparison result indicating a successful match between the template and the biometric sample taken from the user;
  
  a comparison mechanism within the host system for comparing the first message digest and the second message digest; and
  
  a mechanism within the host system that allows the user to access the host system if the first message digest matches the second message digest;
  
  wherein using the template in computing the second message digest provides an additional measure of security because the first message digest will not match the second message digest unless the client system also used the template in computing first message digest, which indicates that the client computed the comparison result using the template.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
- - 33. The apparatus of claim 32, wherein the comparison mechanism can be used to compare the first message digest with a third message digest, and further comprising:
    - a mechanism within the host system that computes the third message digest using the template, the encryption key, and a comparison result indicating an unsuccessful match between the template and the biometric sample taken from the user;
      
      a mechanism within the host system that sends a message to the client system to retry the comparison with a new biometric sample if the first message digest matches the third message digest;
      
      a mechanism within the host system that logs an alarm to indicate an intruder may be attempting to gain unauthorized access to the host system if the first message digest does not match the third message digest.
  - 34. The apparatus of claim 32, further comprising a mechanism within the host system that sends a randomized number to the client system;
    - andwherein the mechanism within the host system that computes the second message digest is configured to compute the second message digest using the randomized number.
  - 35. The apparatus of claim 32, further comprising a mechanism within the host system that sends a comparison threshold to the client system, the comparison threshold indicating how closely a biometric sample taken from a user must match the template in order to allow the user to have access to the host system.
  - 36. The apparatus of claim 35, wherein the mechanism within the host system that computes the second message digest is configured to compute the second message digest using the comparison threshold.
  - 37. The apparatus of claim 32, wherein the mechanism that retrieves the template is configured to retrieve the template from a centrally managed repository for user templates.
  - 38. The apparatus of claim 32, wherein the mechanism that retrieves the template is configured to retrieve the template from a database on the host system.
  - 39. The apparatus of claim 32, wherein the host system includes a database system.

40. An apparatus for authenticating an identity of a user in order to secure access to a host system, comprising:
- a client system;
  
  a mechanism, within the client system, that sends an identifier for the user to the host system;
  
  a mechanism, within the client system, that receives a template containing biometric data associated with the user from the host system;
  
  a biometric gathering device, for gathering a biometric sample from the user;
  
  a comparison unit, within the client system, coupled to the biometric gathering device, including circuitry to compare the biometric sample with the template; and
  
  a computation unit, within the client system, for computing a first message digest using the template, a result from the comparison unit and an encryption key; and
  
  a mechanism, within the client system, that sends the first message digest to the host system;
  
  a mechanism, within the client system, for receiving access to the host system if the host system determines that the first message digest matches a second message digest computed at the host system using the template, a comparison result indicating a successful match between the biometric sample and the template, and the encryption key, the template being retrieved from a database of templates by the host system;
  
  wherein using the template in computing the second message digest provides an additional measure of security because the first message digest will not match the second message digest unless the client system also used the template in computing first message digest, which indicates that the client computed the comparison result using the template.
- View Dependent Claims (41, 42, 43, 44, 45)
- - 41. The apparatus of claim 40, wherein the comparison unit and the computation unit are implemented together in a single piece of circuitry.
  - 42. The apparatus of claim 40, wherein the comparison unit and the computation unit are encased in a sealed insulating layer.
  - 43. The apparatus of claim 40, further comprising a mechanism within the client system for receiving a randomized number from the host system;
    - andwherein the computation unit includes circuitry to compute the first message digest using the randomized number.
  - 44. The apparatus of claim 40, further comprising a mechanism within the client system for retrieving a comparison threshold from the host system, the comparison threshold indicating how closely a biometric sample taken from a user must match the template in order to allow the user to have access to the host system.
  - 45. The apparatus of claim 44, wherein the computation unit is configured to compute the message digest using the comparison threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle Corporation
Inventors
Gilchrist, Gary, Viavant, Steven D.
Primary Examiner(s)
Hayes, Gail O.
Assistant Examiner(s)
Seal, James

Application Number

US09/058,394
Time in Patent Office

992 Days
Field of Search

713/186, 713/182
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

Trusted biometric client authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

359 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted biometric client authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

359 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links