Multiple factor-based user identification and authentication
First Claim
1. A method of authenticating the identity of a user to determine access to a system, comprising:
- providing a possession-based data instance, a modified version of the possession-based data instance, a knowledge-based data instance, a biometric-based data instance, and a modified version of the biometric-based data instance;
generating a first cryptographic key based on the knowledge-based data instance;
applying the first cryptographic key to the modified version of the possession-based data instance to generate a first recovered data instance;
interrogating the first recovered data instance against the possession-based data instance to generate a possession value as a result of a first correspondence evaluation;
applying the first cryptographic key to the modified version of the biometric-based data instance to generate a second recovered data instance;
interrogating the second recovered data instance against the biometric-based data instance to generate a biometric value as a result of a second correspondence evaluation;
combining the first cryptographic key, the possession value, and the biometric value to form a second cryptographic key;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated, based at least in part on the second cryptographic key; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated, based at least in part on the second cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of authenticating the identity of a user to determine access to a system includes providing a plurality of factor-based data instances corresponding to a user, evaluating the factor-based data instances to determine if the user'"'"'s identity is authenticated, and granting or restricting the user'"'"'s access to the system if the user'"'"'s identity is authenticated. More particularly, the method includes providing a modified data instance based on a second data instance, generating a key based on a first data instance, applying the key to the a modified data instance to generate a recovered data instance, interrogating the recovered data instance against the second data instance to generate an authentication value as a result of a correspondence evaluation, and granting or restricting the user'"'"'s access to the system based at least in part on the validity of the authentication value.
136 Citations
12 Claims
-
1. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a possession-based data instance, a modified version of the possession-based data instance, a knowledge-based data instance, a biometric-based data instance, and a modified version of the biometric-based data instance;
generating a first cryptographic key based on the knowledge-based data instance;
applying the first cryptographic key to the modified version of the possession-based data instance to generate a first recovered data instance;
interrogating the first recovered data instance against the possession-based data instance to generate a possession value as a result of a first correspondence evaluation;
applying the first cryptographic key to the modified version of the biometric-based data instance to generate a second recovered data instance;
interrogating the second recovered data instance against the biometric-based data instance to generate a biometric value as a result of a second correspondence evaluation;
combining the first cryptographic key, the possession value, and the biometric value to form a second cryptographic key;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated, based at least in part on the second cryptographic key; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated, based at least in part on the second cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a possession-based data instance, a biometric-based data instance, and a modified version of the biometric-based data instance;
applying the possession-based data instance to the modified version of the biometric-based data instance to generate a recovered data instance;
interrogating the recovered data instance against the biometric-based data instance to generate a biometric value as a result of a correspondence evaluation;
combining the possession-based data instance and the biometric value to form a cryptographic key;
evaluating the cryptographic key to determine if the user'"'"'s identity is authenticated;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated, based at least in part on the cryptographic key; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated, based at least in part on the cryptographic key. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification