User authenticating system and method using one-time fingerprint template

US 7,035,442 B2
Filed: 06/01/2001
Issued: 04/25/2006
Est. Priority Date: 11/01/2000
Status: Active Grant

First Claim

Patent Images

1. A user authenticating system including a web server for providing web services, a user'"'"'s PC, which is a client desiring a user authentication for access to the web server through a network, and an authenticating server for performing authentication upon request thereof by the user, the request transferred from the client through the web server through connection to the web server, characterized in that the client comprises:

a client communication interface for communication with the client;

a fingerprint input means for reading-in a user'"'"'s fingerprint for obtaining authentication from the authenticating server;

a fingerprint feature data extracting means for extracting fingerprint feature data from the inputted fingerprint;

a one-time template (OTT) key request means for requesting from the authenticating server a transfer of an OTT key;

an OTT key receiving means for receiving the OTT key transferred from the authenticating server;

an OTT generation means for generating an OTT by combining the received OTT key with the fingerprint feature data; and

an OTT encrypting means for encrypting the OTT in a predetermined manner,and the web server, which provides a web page to be actually used by the user, comprises;

a first server communication interface for communication with the client server;

a second server communication interface for communication with the authenticating server;

a data interchange means for interchanging data between the client and the authenticating server;

and an authentication result receiving means for receiving an authentication result transferred from the authenticating server, and transmitting the web page to the client,and the authenticating server comprises;

an authentication server communication interface for communicating with the web server;

an OTT key generation means for generating an OTT key upon request of the OTT key from the client;

an OTT key storing means for storing the generated OTT key;

an OTT key transfer means for transmitting the generated OTT key to the client;

an OTT receiving means for receiving the encrypted OTT transferred from the client;

an OTT decrypting means for restoring the original OTT by decrypting the encrypted and received OTT;

an OTT key extracting means for extracting an OTT key from the restored OTT;

an OTT key validity determination means for determining validity of the OTT key by comparing the OTT key stored in the OTT storing means and the OTT key extracted by the OTT key extracting means;

a fingerprint authentication means for authenticating an access of the user based on the fingerprint thereof by comparing registered fingerprint feature data with the inputted fingerprint feature data, if the OTT key is determined to be valid, and refusing authentication if the OTT key is determined to be at least one of invalid an the fingerprint feature data do not coincide with each other as a result of comparison; and

an OTT key deletion means for deleting the OTT key used for determining validity of the OTT key upon completion of the authenticating process by the fingerprint authentication means so that another OTT key newly generated by the OTT key generation means can be used for a next user authentication,whereby the authentication result receiving means provides the web page to the client upon receipt of the authentication allowing result through the web server transferred from the fingerprint authenticating means of the authenticating server, and denies the user'"'"'s log-in upon receipt of the authentication refusing result through the web server transferred from the fingerprint authenticating means of the authenticating server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to a user authenticating system and a method using aone-time fingerprint template. The system and the method according to the invention are improvements of the conventional user authentication based on the manner of comparing the fingerprint feature data only, for the purpose of preventing a false authentication by misusing fingerprint feature data, if exposed in the course of transfer thereof. In the system and the method according to the invention, fingerprint feature data of a user are combined with an OTT key transferred from a server. The combined result is encoded and transferred to an authenticating server. The authenticating server then confirms validity of the OTT key and authenticates the user based on the fingerprint. Thus, the present invention has an advantage of preventing a false authentication through hacking, etc., even if the OTT key is exposed to a network, because the OTT key is used only once for authentication.

71 Citations

View as Search Results

16 Claims

1. A user authenticating system including a web server for providing web services, a user'"'"'s PC, which is a client desiring a user authentication for access to the web server through a network, and an authenticating server for performing authentication upon request thereof by the user, the request transferred from the client through the web server through connection to the web server, characterized in that the client comprises:
- a client communication interface for communication with the client;
  
  a fingerprint input means for reading-in a user'"'"'s fingerprint for obtaining authentication from the authenticating server;
  
  a fingerprint feature data extracting means for extracting fingerprint feature data from the inputted fingerprint;
  
  a one-time template (OTT) key request means for requesting from the authenticating server a transfer of an OTT key;
  
  an OTT key receiving means for receiving the OTT key transferred from the authenticating server;
  
  an OTT generation means for generating an OTT by combining the received OTT key with the fingerprint feature data; and
  
  an OTT encrypting means for encrypting the OTT in a predetermined manner,and the web server, which provides a web page to be actually used by the user, comprises;
  
  a first server communication interface for communication with the client server;
  
  a second server communication interface for communication with the authenticating server;
  
  a data interchange means for interchanging data between the client and the authenticating server;
  
  and an authentication result receiving means for receiving an authentication result transferred from the authenticating server, and transmitting the web page to the client,and the authenticating server comprises;
  
  an authentication server communication interface for communicating with the web server;
  
  an OTT key generation means for generating an OTT key upon request of the OTT key from the client;
  
  an OTT key storing means for storing the generated OTT key;
  
  an OTT key transfer means for transmitting the generated OTT key to the client;
  
  an OTT receiving means for receiving the encrypted OTT transferred from the client;
  
  an OTT decrypting means for restoring the original OTT by decrypting the encrypted and received OTT;
  
  an OTT key extracting means for extracting an OTT key from the restored OTT;
  
  an OTT key validity determination means for determining validity of the OTT key by comparing the OTT key stored in the OTT storing means and the OTT key extracted by the OTT key extracting means;
  
  a fingerprint authentication means for authenticating an access of the user based on the fingerprint thereof by comparing registered fingerprint feature data with the inputted fingerprint feature data, if the OTT key is determined to be valid, and refusing authentication if the OTT key is determined to be at least one of invalid an the fingerprint feature data do not coincide with each other as a result of comparison; and
  
  an OTT key deletion means for deleting the OTT key used for determining validity of the OTT key upon completion of the authenticating process by the fingerprint authentication means so that another OTT key newly generated by the OTT key generation means can be used for a next user authentication,whereby the authentication result receiving means provides the web page to the client upon receipt of the authentication allowing result through the web server transferred from the fingerprint authenticating means of the authenticating server, and denies the user'"'"'s log-in upon receipt of the authentication refusing result through the web server transferred from the fingerprint authenticating means of the authenticating server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The user authenticating system of claim 1 wherein the OTT key comprises indices representing serial numbers, and a global unique ID (GUID) appended to each index in a predetermined length to represent a random value.
  - 3. The user authenticating system of claim 1 or 2 wherein the request for the OTT key by the OTT key request means of the client and the transfer of the OTT key by the OTT key transfer means of the authenticating server are performed by hypertext transfer protocol (HTTP).
  - 4. The user authenticating system of claim 1 or 2 wherein the OTT encrypting means of the client performs encrypting by using a public key, and the OTT decrypting means of the authenticating server performs decrypting by using a private key.
  - 5. The user authenticating system of claim 1 or 2 wherein the OTT encrypting means of the client and the OTT decrypting means of the authenticating server perform encrypting or decrypting by using a symmetrical key.
  - 6. The user authenticating system of claim 1 or 2 wherein the authentication is performed by a single authenticating server connected to a plurality of web servers.
  - 7. A user authenticating method used in the system of claim 1 or 2 comprising the steps of:
    - extracting fingerprint feature data from the user'"'"'s fingerprint data inputted to the fingerprint input means of the client through the fingerprint feature data extracting means;
      
      requesting from the authenticating server a transfer of the OTT key through the OTT request means of the client;
      
      generating and storing an OTT key through the OTT key generation means of the authenticating server;
      
      transmitting the OTT key to the client through the OTT key transfer means of the authenticating server;
      
      generating an OTT by combining the OTT key with the fingerprint feature data received from the OTT receiving means of the client through the OTT generation means;
      
      requesting from the authenticating server an authentication by transmitting the OTT encrypted by the OTT encrypting means of the client to the authenticating server;
      
      restoring the original OTT by receiving the OTT encrypted and transferred by the web server through the OTT receiving means, and by decrypting the same through the OTT decrypting means;
      
      extracting an OTT key through the OTT key extracting means of the authenticating server;
      
      determining validity of the OTT key by comparing the extracted OTT key with the OTT key stored in the OTT key storing means;
      
      allowing authentication of the fingerprint if the OTT key is determined to be valid, refusing authentication of the fingerprint if the OTT key is determined to be invalid, and transmitting the authentication result to the web server;
      
      providing the web page to the client upon receipt of the result allowing an authentication from the authenticating server, and refusing log-in of the user upon receipt of the result refusing the authentication from the authenticating server; and
      
      deleting the OTT key used for the authentication so that another OTT key newly generated in the OTT key generating step can be used for a next user authentication.
  - 8. The user authenticating method of claim 7 wherein the request for the OTT key by the OTT key request means of the client and the transfer of the OTT key by the OTT key transfer means of the authenticating server are performed by HTTP.
  - 9. The user authenticating method of claim 7 wherein the OTT encrypting means of the client performs encrypting by using a public key, and the OTT decrypting means of the authenticating server performs decrypting by using a private key.
  - 10. The user authenticating method of claim 7 wherein the OTT encrypting means of the client and the OTT decrypting means of the authenticating server perform encrypting or decrypting by using a symmetrical key.
  - 11. The user authenticating method of claim 7 wherein the authentication is performed by a single authenticating server connected to a plurality of web servers.
  - 12. The user authenticating method of claim 7 wherein the OTT key comprises indices representing serial numbers, and a GUID appended to each index in a predetermined length to represent a random value.
  - 13. The user authenticating method of claim 12 wherein the request for the OTT key by the OTT key request means of the client and the transfer of the OTT key by the OTT key transfer means of the authenticating server are performed by HTTP.
  - 14. The user authenticating method of claim 12 wherein the OTT encrypting means of the client performs encrypting by using a public key, and the OTT decrypting means of the authenticating server performs decrypting by using a private key.
  - 15. The user authenticating method of claim 12 wherein the OTT encrypting means of the client and the OTT decrypting means of the authenticating server perform encrypting or decrypting by using a symmetrical key.
  - 16. The user authenticating method of claim 12 wherein the authentication is performed by a single authenticating server connected to a plurality of web servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecuGen Corporation (Pivotec Corp.)
Original Assignee
SecuGen Corporation (Pivotec Corp.)
Inventors
Lee, Dong-Won, Chang, Woo-Seok, Kang, Young-Mi, Ha, Tai-Dong, Jun, Jae-Hyun
Primary Examiner(s)
CHAWAN, SHEELA C

Application Number

US10/130,470
Publication Number

US 20030152254A1
Time in Patent Office

1,789 Days
Field of Search

382/124, 382/115, 382/190, 382/209, 382/217, 382/218, 713/168, 713/171, 713/155, 713/176, 713/169, 713/170, 709/203, 380/277, 380/278, 380/279, 380/282, 380/30, 705/67, 705/71, 705/57, 705/64, 340/5.8, 340/5.81
US Class Current

382/124
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/0861   using biometrical features,...

User authenticating system and method using one-time fingerprint template

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

User authenticating system and method using one-time fingerprint template

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links