System and method for user authentication

US 7,039,812 B2
Filed: 01/25/2001
Issued: 05/02/2006
Est. Priority Date: 01/26/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for authenticating the identity of a user by an authority, comprising:

enrolling a plurality of credentials for the user with the authority;

establishing at least one shared secret between the user and the authority relating to a predefined shared secret manner for presenting each of a plurality of current user credentials to the authority for the user for consecutive occasions;

receiving at least one currently presented user credential by the authority for authentication of the identity of the user;

authenticating an identity of the user by the authority based on a correspondence between the enrolled and current user credentials and a correspondence between the shared secret manner for presenting the current user credential and the manner in which the current user credential is presented to the authority;

wherein receiving the current user credential further comprises receiving at least one additional currently presented user credential by the authority; and

wherein receiving the current user credential further comprises receiving at least one additional currently presented user credential by the authority in one of a plurality of randomly selected predefined shared secret sequences as directed by the authority.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating the identity of a user by an authority makes use of presenting biometric data for the user in a predetermined shared secret sequence. The method and system can be augmented by requesting an additional shared secret, such as a PIN or additional credentials, to establish multiple layers of authentication. Varying the layers of authentication results in greater or lesser security, and the accuracy for any given layer can be relaxed without compromising the integrity of the entire method.

Citations

82 Claims

1. A method for authenticating the identity of a user by an authority, comprising:
- enrolling a plurality of credentials for the user with the authority;
  
  establishing at least one shared secret between the user and the authority relating to a predefined shared secret manner for presenting each of a plurality of current user credentials to the authority for the user for consecutive occasions;
  
  receiving at least one currently presented user credential by the authority for authentication of the identity of the user;
  
  authenticating an identity of the user by the authority based on a correspondence between the enrolled and current user credentials and a correspondence between the shared secret manner for presenting the current user credential and the manner in which the current user credential is presented to the authority;
  
  wherein receiving the current user credential further comprises receiving at least one additional currently presented user credential by the authority; and
  
  wherein receiving the current user credential further comprises receiving at least one additional currently presented user credential by the authority in one of a plurality of randomly selected predefined shared secret sequences as directed by the authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 2. The method of claim 1, wherein enrolling the user credential further comprises receiving the plurality of user credentials by the authority for enrollment.
  - 3. The method of claim 2, wherein receiving the plurality of user credentials for enrollment further comprises storing the plurality of user credentials by the authority.
  - 4. The method of claim 3, wherein storing the plurality of user credentials further comprises storing at least one biometric template for the user.
  - 5. The method of claim 3, wherein storing the plurality of user credentials further comprises storing at least one document for the user.
  - 6. The method of claim 3, wherein storing the plurality of user credentials further comprises storing the plurality of user credentials on one of a host computer, a local terminal, and a smart card for the user.
  - 7. The method of claim 1, wherein enrolling the plurality of user credentials further comprises enrolling at least one biometric template and at least one document for the user.
  - 8. The method of claim 7, wherein enrolling the biometric template further comprises enrolling the biometric template for at least one of a fingerprint template, a face template, a voice template, and an iris template for the user.
  - 9. The method of claim 7, wherein enrolling the document further comprises enrolling at least one of a digital document and a paper document for the user.
  - 10. The method of claim 9, wherein enrolling the digital document further comprises enrolling at least one of a digital certificate and a digital signature for the user.
  - 11. The method of claim 9, wherein enrolling the paper document further comprises enrolling a passport for the user.
  - 12. The method of claim 1, wherein enrolling the plurality of user credentials with the authority further comprises storing user authentication information on a user token for the user.
  - 13. The method of claim 12, wherein storing the information on the user token further comprises storing the user authentication information on a smart card for the user.
  - 14. The method of claim 13, wherein storing the information on the smart card further comprises storing biometric information for the user.
  - 15. The method of claim 14, wherein storing the biometric information for the user further comprises storing biometric information for one of a fingerprint, a face, a voice, and an iris for the user.
  - 16. The method of claim 13, wherein storing the information on the smart card further comprises storing the shared secret for the user on the smart card.
  - 17. The method of claim 13, wherein storing the information on the smart card further comprises storing the authentication information on the smart card signed with a private key for the user.
  - 18. The method of claim 1, wherein establishing the predefined shared secret manner of presenting the user credential further comprises establishing at least one predefined shared secret sequence of presenting the current user credential to the authority.
  - 19. The method of claim 18, wherein establishing the predefined shared secret sequence of presenting the current user credential further comprises establishing the predefined shared secret sequence which functions in a manner analogous to a personal identification number for the user.
  - 20. The method of claim 1, wherein establishing the shared secret further comprises storing information about the shared secret by the authority.
  - 21. The method of claim 20, wherein storing the information about the shared secret by the authority further comprises storing the information about the shared secret and the plurality of user credentials together in a database by the authority.
  - 22. The method of claim 21, wherein storing the information about the shared secret and the plurality of user credentials in the database further comprises storing the information about the shared secret and the plurality of user credentials encrypted and digitally signed.
  - 23. The method of claim 1, wherein establishing the shared secret further comprising establishing at least one additional shared secret between the user and the authority.
  - 24. The method of claim 23, wherein establishing the additional shared secret further comprises establishing a predefined shared secret personal identification number for the user.
  - 25. The method of claim 23, wherein establishing the additional shared secret further comprises establishing at least one additional predefined shared secret manner of presenting the current user credential to the authority for the user.
  - 26. The method of claim 23, wherein establishing the additional shared secret further comprises establishing a predefined shared secret manner of presenting at least one additional current user credential to the authority for the user.
  - 27. The method of claim 1, wherein establishing the predefined shared secret manner of presenting of each of the plurality of current user credentials further comprises establishing a variation of the predefined shared secret manner of presenting each of the current user credentials to the authority for the user corresponding to a variation in a degree of security.
  - 28. The method of claim 1, wherein receiving the currently presented user credential further comprises receiving the current user credential by the authority in a predefined shared secret sequence.
  - 29. The method of claim 1, wherein receiving the currently presented user credential further comprises receiving a current biometric sample by the authority.
  - 30. The method of claim 29, wherein receiving the current biometric sample by the authority further comprises receiving a current biometric sample for one of a fingerprint, a face, a voice, and an iris for the user.
  - 31. The method of claim 1, wherein receiving the currently presented user credential further comprises receiving the current user credential by the authority from the user in a shared secret manner directed by the authority.
  - 32. The method of claim 38, wherein receiving the current user credential in the manner directed by the authority further comprises directing the user by the authority to present a biometric sample for at least one user fingerprint.
  - 33. The method of claim 31, wherein receiving the current user credential in the manner directed by the authority further comprises directing the user by the authority to present a combination of biometric samples for at least two of a user fingerprint, a user face, a user voice, and a user iris in a predefined shared secret sequence.
  - 34. The method of claim 1, wherein receiving the current user credential further comprises receiving at least one additional currently presented user credential by the authority in a manner directed by the authority.
  - 35. The method of claim 1, wherein authenticating the identity of the user by the authority further comprises authenticating the identity of the user by one of a host computer and a local device.
  - 36. The method of claim 35, wherein authenticating the identity of the user by the local device further comprises authenticating the identity of the user for activation one of a gate controller, a door opener, a telephone, and an appliance.
  - 37. The method of claim 1, wherein authenticating the identity of the user by the authority further comprises authenticating the identity of the user based on the enrolled user credential and the shared secret manner for presenting the current user credential stored together in one of a local database and a remote database of the authority.
  - 38. The method of claim 1, wherein authenticating the identity of the user by the authority further comprises authenticating the identity of the user in order for access to one of a device, a physical location, and a network.
  - 39. The method of claim 1, wherein authenticating the identity of the user by the authority further comprises authenticating the identity of the user to a smart card.

40. A method for authenticating the identity of a user by an authority, comprising:
- enrolling at least one credential for the user with the authority;
  
  establishing at least one shared secret between the user and the authority relating to a predefined shared secret manner for presenting a current user credential to the authority;
  
  receiving at least one currently presented user credential by the authority for authentication of the identity of the user;
  
  authenticating an identity of the user by the authority based on a correspondence between the enrolled and current user credentials and a correspondence between the shared secret manner for presenting the current user credential and the manner in which the current user credential is presented to the authority;
  
  wherein establishing the shared secret further comprises establishing at least one additional shared secret between the user and the authority;
  
  wherein establishing the additional shared secret further comprises establishing a predefined shared secret manner of presenting each of a plurality of additional current user credentials to the authority for the user; and
  
  wherein establishing the predefined shared secret manner of presenting each of the plurality of additional current user credentials further comprises establishing a variation of the predefined shared secret manner of presenting each of the additional current user credentials to the authority for the user for consecutive occasions.

41. A method for authenticating the identity of a user by an authority, comprising:
- enrolling a plurality of credentials for the user with the authority;
  
  establishing at least one shared secret between the user and the authority relating to a predefined shared secret manner for presenting each of a plurality of current user credentials to the authority for the user for consecutive occasions;
  
  receiving at least one currently presented user credential by the authority for authentication of the identity of the user;
  
  authenticating an identity of the user by the authority based on a correspondence between the enrolled and current user credentials and a correspondence between the shared secret manner for presenting the current user credential and the manner in which the current user credential is presented to the authority; and
  
  wherein authenticating the identity of the user by the authority further comprises authenticating the identity of the user to activate a silent alarm for the user.

42. A system for authenticating the identity of a user by an authority, comprising:
- means for enrolling a plurality of credentials for the user with the authority;
  
  means for establishing at least one shared secret between the user and the authority relating to a predefined shared secret manner for presenting each of a plurality of current user credentials to the authority for the user for consecutive occasions;
  
  means for receiving at least one currently presented user credential by the authority for authentication of the identity of the user;
  
  means for authenticating an identity of the user by the authority based on a correspondence between the enrolled and current user credentials and a correspondence between the shared secret manner for presenting the current user credential and the manner in which the current user credential is presented to the authority;
  
  wherein the means for receiving the current user credential further comprises means for receiving at least one additional currently presented user credential by the authority; and
  
  wherein the means for receiving the current user credential further comprises means for receiving at least one additional currently presented user credential by the authority in one of a plurality of randomly selected predefined shared secret sequences as directed by the authority.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80)
- - 43. The system of claim 42, wherein the means for enrolling the user credential further comprises means for receiving the plurality of user credentials by the authority for enrollment.
  - 44. The system of claim 43, wherein the means for receiving the plurality of user credentials for enrollment further comprises means for storing the plurality of user credentials by the authority.
  - 45. The system of claim 44, wherein the means for storing the plurality of user credentials further comprises means for storing at least one biometric template for the user.
  - 46. The system of claim 44, wherein the means for storing the plurality of user credentials further comprises means for storing at least one document for the user.
  - 47. The system of claim 44, wherein the means for storing the plurality of user credentials further comprises means for storing the plurality of user credentials on one of a host computer, a local terminal, and a smart card for the user.
  - 48. The system of claim 42, wherein the means for enrolling the plurality of user credentials further comprises means for enrolling at least one biometric template and at least one document for the user.
  - 49. The system of claim 48, wherein the means for enrolling the biometric template further comprises means for enrolling the biometric template for at least one of a fingerprint template, a face template, a voice template, and an iris template for the user.
  - 50. The system of claim 48, wherein the means for enrolling the document further comprises means for enrolling at least one of a digital document and a paper document for the user.
  - 51. The system of claim 50, wherein the means for enrolling the digital document further comprises means for enrolling at least one of a digital certificate and a digital signature for the user.
  - 52. The system of claim 50, wherein the means for enrolling the paper document further comprises means for enrolling a passport for the user.
  - 53. The system of claim 42, wherein the means for enrolling the plurality of user credentials with the authority further comprises means for storing user authentication information on a user token for the user.
  - 54. The system of claim 53, wherein the means for storing the information on the user token further comprises means for storing the user authentication information on a smart card for the user.
  - 55. The system of claim 54, wherein the means for storing the information on the smart card further comprises means for storing biometric information for the user.
  - 56. The system of claim 55, wherein the means for storing the biometric information for the user further comprises means for storing biometric information for one of a fingerprint, a face, a voice, and an iris for the user.
  - 57. The system of claim 54, wherein the means for storing the information on the smart card further comprises means for storing the shared secret for the user on the smart card.
  - 58. The system of claim 54, wherein the means for storing the information on the smart card further comprises means for storing the authentication information on the smart card signed with a private key for the user.
  - 59. The system of claim 42, wherein the means for establishing the predefined shared secret manner of presenting the user credential further comprises means for establishing at least one predefined shared secret sequence of presenting the current user credential to the authority.
  - 60. The system of claim 59, wherein the means for establishing the predefined shared secret sequence of presenting the current user credential further comprises means for establishing the predefined shared secret sequence which functions in a manner analogous to a personal identification number for the user.
  - 61. The system of claim 42, wherein the means for establishing the shared secret further comprises means for storing information about the shared secret by the authority.
  - 62. The system of claim 61, wherein the means for storing the information about the shared secret by the authority further comprises means for storing the information about the shared secret and the plurality of user credentials together in a database by the authority.
  - 63. The system of claim 62, wherein the means for storing the information about the shared secret and the plurality of user credentials in the database further comprises means for storing the information about the shared secret and the plurality of user credentials encrypted and digitally signed.
  - 64. The system of claim 42, wherein the means for establishing the shared secret further comprising establishing at least one additional shared secret between the user and the authority.
  - 65. The system of claim 64, wherein the means for establishing the additional shared secret further comprises means for establishing a predefined shared secret personal identification number for the user.
  - 66. The system of claim 64, wherein the means for establishing the additional shared secret further comprises means for establishing at least one additional predefined shared secret manner of presenting the current user credential to the authority for the user.
  - 67. The system of claim 64, wherein the means for establishing the additional shared secret further comprises means for establishing a predefined shared secret manner of presenting at least one additional current user credential to the authority for the user.
  - 68. The system of claim 42, wherein the means for establishing the predefined shared secret manner of presenting of each of the plurality of current user credentials further comprises means for establishing a variation of the predefined shared secret manner of presenting each of the current user credentials to the authority for the user corresponding to a variation in a degree of security.
  - 69. The system of claim 42, wherein the means for receiving the currently presented user credential further comprises means for receiving the current user credential by the authority in a predefined shared secret sequence.
  - 70. The system of claim 42, wherein the means for receiving the currently presented user credential further comprises means for receiving a current biometric sample by the authority.
  - 71. The system of claim 70, wherein the means for receiving the current biometric sample by the authority further comprises means for receiving a current biometric sample for one of a fingerprint, a face, a voice, and an iris for the user.
  - 72. The system of claim 42, wherein the means for receiving the currently presented user credential further comprises means for receiving the current user credential by the authority from the user in a shared secret manner directed by the authority.
  - 73. The system of claim 72, wherein the means for receiving the current user credential in the manner directed by the authority further comprises means for directing the user by the authority to present a biometric sample for at least one user fingerprint.
  - 74. The system of claim 72, wherein the means for receiving the current user credential in the manner directed by the authority further comprises means for directing the user by the authority to present a combination of biometric samples for at least two of a user fingerprint, a user face, a user voice, and a user iris in a predefined shared secret sequence.
  - 75. The system of claim 42 wherein the means for receiving the current user credential further comprises means for receiving at least one additional currently presented user credential by the authority in a manner directed by the authority.
  - 76. The system of claim 42, wherein the means for authenticating the identity of the user by the authority further comprises means for authenticating the identity of the user by one of a host computer and a local device.
  - 77. The system of claim 76, wherein the means for authenticating the identity of the user by the local device further comprises means for authenticating the identity of the user for activation one of a gate controller, a door opener, a telephone, and an appliance.
  - 78. The system of claim 42, wherein the means for authenticating the identity of the user by the authority further comprises means for authenticating the identity of the user based on the enrolled user credential and the shared secret manner for presenting the current user credential stored together in one of a local database and a remote database of the authority.
  - 79. The system of claim 42, wherein the means for authenticating the identity of the user by the authority further comprises means for authenticating the identity of the user in order for access to one of a device, a physical, location, and a network.
  - 80. The system of claim 42, wherein the means for authenticating the identity of the user by the authority further comprises means for authenticating the identity of the user to a smart card.

81. A system for authenticating the identity of a user by an authority, comprising:
- means for enrolling at least one credential for the user with the authority;
  
  means for establishing at least one shared secret between the user and the authority relating to a predefined shared secret manner for presenting a current user credential to the authority;
  
  means for receiving at least one currently presented user credential by the authority for authentication of the identity of the user;
  
  means for authenticating an identity of the user by the authority based on a correspondence between the enrolled and current user credentials and a correspondence between the shared secret manner for presenting the current user credential and the manner in which the current user credential is presented to the authority;
  
  wherein the means for establishing the shared secret further comprises means for establishing shared secret between the user and the authority;
  
  wherein the means for establishing the additional shared secret further comprises means for establishing a predefined shared secret manner of presenting each of a plurality of additional current user credentials to the authority for the user; and
  
  wherein the means for establishing the predefined shared secret manner of presenting each of the plurality of additional current user credentials further comprises means for establishing a variation of the predefined shared secret manner of presenting each of the additional current user credentials to the authority for the user for consecutive occasions.

82. A system for authenticating the identity of a user by an authority, comprising:
- means for enrolling a plurality of credentials for the user with the authority;
  
  means for establishing at least one shared secret between the user and the authority relating to a predefined shared secret manner for presenting each of a plurality of current user credentials to the authority for the user for consecutive occasions;
  
  means for receiving at least one currently presented user credential by the authority for authentication of the identity of the user;
  
  means for authenticating an identity of the user by the authority based on a correspondence between the enrolled and current user credentials and a correspondence between the shared secret manner for presenting the current user credential and the manner in which the current user credential is presented to the authority; and
  
  wherein the means for authenticating the identity of the user by the authority further comprises means for authenticating the identity of the user to activate a silent alarm for the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citicorp Credit Services Incorporated (Citigroup Incorporated)
Original Assignee
Citicorp Development Center Incorporated (Citigroup Incorporated)
Inventors
Chu, Ronald King-Hang, Smushkovich, Yosif, Kawan, Joseph C.
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US09/769,844
Publication Number

US 20010049785A1
Time in Patent Office

1,923 Days
Field of Search

713/150, 713/155, 713/168, 713/182, 713184-186, 380/229, 380/232, 380247-250, 380/258, 705/67, 726/2
US Class Current

713/186
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

G06Q 20/3674 involving authentication

System and method for user authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

82 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for user authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

82 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links