System and method for authenticating electronic transactions using biometric certificates
First Claim
1. A system for authenticating electronic transactions involving a user, comprising:
- a transaction input device configured to receive transaction data relating to an electronic transaction;
a biometric input device configured to generate biometric data corresponding to a physical condition of the user;
a biometric certificate generator configured to generate a biometric certificate from the transaction data, the biometric data, and a public key corresponding to the user;
a hash function generator configured to generate a hash value signal from the biometric certificate using a hash function;
a registration authority configured to generate a biometric digital signature from the hash value signal and a private key corresponding to the user;
an electronic transaction generator configured to generate a transaction signal, corresponding to the electronic transaction to be transmitted over a network, from the biometric digital signature and the transaction data;
a receiver configured to receive the transaction signal from the network and process the received transaction signal to extract the biometric certificate; and
a biometric certificate management system configured to certify the electronic transaction as being from the user, including;
a biometric data extractor configured to isolate the biometric data from the extracted biometric certificate, and a classifier configured to retrieve pre-registered biometric data corresponding to the user from a biometric database, compare the biometric data to the pre-registered biometric data, generate an authentication decision signal based on the comparison, and provide the authentication decision signal to the receiver to permit the receiver to determine whether the electronic transaction involves the user.
6 Assignments
0 Petitions
Accused Products
Abstract
A technique for combining biometric identification with digital certificates for electronic authentication called biometric certificates. The technique includes the management of biometric certificates through the use of a biometric certificate management system. Biometric certificates may be used in any electronic transaction requiring authentication of the participants. Biometric data is pre-stored in a biometric database of the biometric certificate management system by receiving data corresponding to physical characteristics of registered users through a biometric input device. Subsequent transactions to be conducted over a network have biometric certificates generated from the physical characteristics of a current user, which is then appended to the transaction, and which then authenticates the user by comparison against the pre-stored biometric data of the physical characteristics of users in the biometric database.
-
Citations
26 Claims
-
1. A system for authenticating electronic transactions involving a user, comprising:
-
a transaction input device configured to receive transaction data relating to an electronic transaction;
a biometric input device configured to generate biometric data corresponding to a physical condition of the user;
a biometric certificate generator configured to generate a biometric certificate from the transaction data, the biometric data, and a public key corresponding to the user;
a hash function generator configured to generate a hash value signal from the biometric certificate using a hash function;
a registration authority configured to generate a biometric digital signature from the hash value signal and a private key corresponding to the user;
an electronic transaction generator configured to generate a transaction signal, corresponding to the electronic transaction to be transmitted over a network, from the biometric digital signature and the transaction data;
a receiver configured to receive the transaction signal from the network and process the received transaction signal to extract the biometric certificate; and
a biometric certificate management system configured to certify the electronic transaction as being from the user, including;
a biometric data extractor configured to isolate the biometric data from the extracted biometric certificate, and a classifier configured to retrieve pre-registered biometric data corresponding to the user from a biometric database, compare the biometric data to the pre-registered biometric data, generate an authentication decision signal based on the comparison, and provide the authentication decision signal to the receiver to permit the receiver to determine whether the electronic transaction involves the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
an iris reader configured to obtain a visual image of an iris of the user, a hand geometry reader configured to obtain a visual image of a geometry of a hand of the user, a retinal reader configured to obtain a visual image of a retina of the user, a facial reader configured to obtain a visual image of a face of the user, a body information extractor configured to obtain body data from the user, and a sound transducer configured to capture speech from the user.
-
-
3. The system of claim 1, wherein the biometric certificate generator includes:
a concatenator configured to combine the transaction data, the biometric data, and the public key to form the biometric certificate.
-
4. The system of claim 3, wherein the concatenator includes an adder.
-
5. The system of claim 1, wherein the hash function generator is configured to subject the biometric certificate to a one-way hashing function to form the hash value signal.
-
6. The system of claim 1, wherein the registration authority is configured to encrypt the hash value signal using the private key to generate the biometric digital signature.
-
7. The system of claim 1, wherein the electronic transaction generator includes:
a concatenator configured to combine the biometric digital signature and the transaction data to form the transaction signal.
-
8. The system of claim 7, wherein the concatenator includes an adder.
-
9. The system of claim 1, wherein the electronic transaction generator is further configured to transmit the transaction signal over the network.
-
10. The system of claim 1, wherein the receiver is configured to decrypt the received transaction signal using a private key.
-
11. The system of claim 1, wherein the receiver is configured to subject the received transaction signal to an inverse of the hashing function.
-
12. The system of claim 1, wherein the receiver is configured to decrypt the received transaction signal and to subject the decrypted transaction signal to an inverse of the hashing function.
-
13. The system of claim 1, wherein the classifier includes one of a neural network, a fuzzy logic classifier, and a processor.
-
14. A system for authenticating electronic transactions involving a user, comprising:
-
means for receiving transaction data relating to an electronic transaction;
means for obtaining biometric data corresponding to a physical condition of the user;
means for generating a biometric certificate from the transaction data, the biometric data, and a public key corresponding to the user;
means for generating a hash value signal from the biometric certificate using a hash function;
means for generating a biometric digital signature from the hash value signal and a private key corresponding to the user;
means for generating a transaction signal, corresponding to the electronic transaction, from the biometric digital signature and the transaction data;
means for processing the transaction signal to extract the biometric certificate;
means for isolating the biometric data from the extracted biometric certificate;
means for retrieving pre-registered biometric data corresponding to the user from a biometric database;
means for comparing the biometric data to the pre-registered biometric data to generate an authentication decision signal based on the comparison; and
means for identifying the electronic transaction as one of authentic from the user and fraudulent.
-
-
15. A method for authenticating electronic transactions involving a user, comprising:
-
receiving transaction data relating to an electronic transaction;
obtaining biometric data corresponding to a physical condition of the user;
generating a biometric certificate from the transaction data, the biometric data, and a public key corresponding to the user;
generating a hash value signal by processing the biometric certificate using a hash function;
generating a biometric digital signature from the hash value signal and a private key corresponding to the user;
generating a transaction signal, corresponding to the electronic transaction, from the biometric digital signature and the transaction data;
processing the transaction signal to extract the biometric certificate;
isolating the biometric data from the extracted biometric certificate;
retrieving pre-registered biometric data corresponding to the user from a biometric database;
comparing the biometric data to the pre-registered biometric data to generate an authentication decision signal based on the comparison; and
determining whether the electronic transaction involves the user based on the authentication decision signal. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
capturing at least one of a visual image of an iris of the user, a visual image of a geometry of a hand of the user, a visual image of a retina of the user, a visual image of a face of the user, body data from the user, and speech from the user.
-
-
17. The method of claim 15, wherein the generating a biometric certificate includes:
combining the transaction data, the biometric data, and the public key to form the biometric certificate.
-
18. The method of claim 15, wherein the generating a hash value signal includes:
subjecting the biometric certificate to a one-way hashing function.
-
19. The method of claim 15, wherein the generating a biometric digital signature includes:
encrypting the hash value signal using the private key.
-
20. The method of claim 15, wherein the generating a transaction signal includes:
combining the biometric digital signature and the transaction data to form the transaction signal.
-
21. The method of claim 15, wherein the processing the transaction signal includes:
decrypting the transaction signal using a private key.
-
22. The method of claim 15, wherein the processing the transaction signal includes:
subjecting the transaction signal to an inverse of the hashing function.
-
23. The method of claim 15, the processing the transaction signal includes:
-
decrypting the transaction signal, and subjecting the decrypted transaction signal to an inverse of the hashing function.
-
-
24. A method for generating an electronic transaction involving a user, comprising:
-
receiving transaction data relating to an electronic transaction;
obtaining biometric data corresponding to a physical condition of the user;
generating a biometric certificate from the transaction data, the biometric data, and a public key corresponding to the user;
generating a hash value signal from the biometric certificate using a hash function;
encrypting the hash value signal, using a private key corresponding to the user, to form a biometric digital signature;
generating a transaction signal, corresponding to the electronic transaction, by appending the biometric digital signature to the transaction data; and
transmitting the transaction signal over a network for authentication of the electronic transaction.
-
-
25. A method for authenticating an electronic transaction involving a user, comprising:
-
receiving a transaction signal from a network, the transaction signal including transaction data relating to an electronic transaction and a biometric digital signature, the biometric digital signature including a hash value signal encrypted using a private key corresponding to the user, the hash value signal including the transaction data, biometric data obtained from the user and corresponding to a physical condition of the user, and a public key corresponding to the user subjected to a hashing function;
decrypting the received transaction signal using a private key;
de-hashing the decrypted transaction signal using an inverse of the hashing function;
isolating the biometric data from the de-hashed transaction signal;
retrieving pre-registered biometric data corresponding to the user from a biometric database;
comparing the biometric data to the pre-registered biometric data to generate an authentication decision signal based on the comparison; and
identifying the electronic transaction as one of authentic from the user and fraudulent based on the authentication decision signal.
-
-
26. An electronic transaction stored in a computer-readable medium, comprising:
-
transaction data corresponding to a transaction performed by a user; and
a biometric digital signature including a hash value signal encrypted using a private key corresponding to the user, the hash value signal including the transaction data, biometric data obtained from the user and corresponding to a physical condition of the user, and a public key corresponding to the user subjected to a hashing function.
-
Specification