Continuous biometric authentication using frame preamble for biometric data

US 7,222,360 B1
Filed: 11/27/2002
Issued: 05/22/2007
Est. Priority Date: 11/27/2002
Status: Active Grant

First Claim

Patent Images

1. A method of continuous biometric authentication of a client connected to a network switch, wherein said client and said network switch exchange Ethernet/802.3 frames associated with a client application, and wherein said client and said network switch are coupled by a full-duplex Ethernet/802.3 communication channel, said method comprising the steps of:

capturing a biometric data sample of a user of said client;

encapsulating biometric data in an authentication protocol message frame;

separating said authentication protocol message frame into a sequence of a plurality of fragments, each fragment having a predetermined number of bytes;

assigning a respective sequence number to each of said fragments; and

inserting each of said fragments with its respective sequence number in a respective preamble of a respective one of a plurality of Ethernet/802.3 frames associated with said client application that are being transmitted from said client to said network switch.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client connected to a network switch is continuously authenticated to a network switch by using biometrics, wherein the client and the network switch exchange Ethernet/802.3 frames associated with a client application, and wherein the client and the network switch are coupled by a full-duplex Ethernet/802.3 communication channel. A biometric data sample of a user of the client is captured. Biometric data is encapsulated in an authentication protocol message frame. The authentication protocol message frame is separated into a sequence of a plurality of fragments, each fragment having a predetermined number of bytes. Respective sequence numbers are assigned to each of the fragments. Each of the fragments is inserted with its respective sequence number in a respective preamble of a respective one of a plurality of Ethernet/802.3 frames associated with the client application that are being transmitted from the client to the network switch.

72 Citations

View as Search Results

19 Claims

1. A method of continuous biometric authentication of a client connected to a network switch, wherein said client and said network switch exchange Ethernet/802.3 frames associated with a client application, and wherein said client and said network switch are coupled by a full-duplex Ethernet/802.3 communication channel, said method comprising the steps of:
- capturing a biometric data sample of a user of said client;
  
  encapsulating biometric data in an authentication protocol message frame;
  
  separating said authentication protocol message frame into a sequence of a plurality of fragments, each fragment having a predetermined number of bytes;
  
  assigning a respective sequence number to each of said fragments; and
  
  inserting each of said fragments with its respective sequence number in a respective preamble of a respective one of a plurality of Ethernet/802.3 frames associated with said client application that are being transmitted from said client to said network switch.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 further comprising the steps of:
    - reassembling said authentication protocol message frame and said first authentication tag in said network switch according to said respective sequence numbers; and
      
      processing said biometric data to determine whether said user is authorized to use said client.
  - 3. The method of claim 1 further comprising the steps of:
    - calculating a first authentication tag in response to said authentication protocol message frame; and
      
      appending said first authentication tag to said authentication protocol message frame for fragmenting and transmission in respective preambles.
  - 4. The method of claim 3 further comprising the steps of:
    - reassembling said authentication protocol message frame and said first authentication tag in said network switch according to said respective sequence numbers;
      
      calculating a second authentication tag in response to said reassembled authentication protocol message frame;
      
      comparing said first and second authentication tags;
      
      if said tags match then processing said biometric data to determine whether said user is authorized to use said client.
  - 5. The method of claim 4 further comprising the step of:
    - closing said communication channel if said tags do not substantially match.
  - 6. The method of claim 4 wherein said first and second authentication tags are calculated over an entire authentication protocol message frame.
  - 7. The method of claim 4 wherein said first and second authentication tags are calculated using a hash function.
  - 8. The method of claim 7 wherein said hash function is comprised of HMAC-MD5.
  - 9. The method of claim 7 wherein said hash function is comprised of HMAC-SHA1.
  - 10. The method of claim 2 wherein an initial biometric authentication is performed prior to exchanging said frames associated with said client application, wherein a matching biometric template used in said initial biometric authentication is transmitted to said client, and wherein said method further comprises the step of:
    - said client comparing said biometric data sample with said matching biometric template to generate variance data;
      
      wherein said biometric data encapsulated in said authentication protocol message frame is comprised of said variance data.
  - 11. The method of claim 1 wherein said predetermined number of bytes for each of said fragments is equal to 4.
  - 12. The method of claim 1 wherein each respective sequence number is appended at the beginning of each respective fragment and is comprised of 1 byte.
  - 13. The method of claim 12 wherein each respective sequence number is transmitted in a first byte of a respective preamble and wherein each respective fragment is transmitted in a second through a fifth byte of a respective preamble.
  - 14. The method of claim 1 wherein said authentication protocol message frame is comprised of an extensible authentication protocol (EAP) packet.

15. A client for continuous biometric authentication for a full-duplex network session on an Ethernet/802.3 network switch, wherein said client and said network switch exchange Ethernet/802.3 frames associated with a client application, comprising:
- an authentication protocol framer for encapsulating biometric data into an authentication protocol message frame;
  
  a calculator for calculating a first authentication tag in response to said authentication protocol message frame;
  
  a separator for forming a sequence of a plurality of fragments of said authentication protocol message frame and said first authentication tag and for appending a respective sequence number to each of said fragments; and
  
  an Ethernet/802.3 framer for inserting each of said fragments with its respective sequence number in a respective preamble of a respective one of a plurality of Ethernet/802.3 frames associated with said client application being transmitted from said client to said Ethernet/802.3 network switch.
- View Dependent Claims (16, 17)
- - 16. The client of claim 15 further comprising;
    - a biometric interface for collecting a biometric sample corresponding to a user of said client;
      
      a memory for storing a biometric template corresponding to said user; and
      
      a biometric analyzer for comparing said biometric sample with said biometric template to generate said biometric data encapsulated into an authentication protocol message frame as biometric variance data.
  - 17. The client of claim 15 wherein said calculator uses a hash function to calculate said first authentication tag.

18. A network switch providing substantially continuous biometric authentication for a full-duplex network session with a client, wherein said client and said network switch exchange Ethernet/802.3 frames associated with a client application, wherein respective preambles of said Ethernet/802.3 frames include respective fragments and sequence numbers of an authentication protocol message frame which encapsulates biometric data corresponding to captured biometric data of a user of said client, said network switch comprising:
- a re-assembler for recovering said fragments and said sequence numbers from said respective preambles and for reassembling said authentication protocol message frame from said fragments in response to said sequence numbers; and
  
  a processor for processing said biometric data to determine whether said user is authorized to use said client.
- View Dependent Claims (19)
- - 19. The network switch of claim 18 wherein said respective preambles further include respective fragments and sequence numbers of a first authentication tag calculated by said client in response to said authentication protocol message frame, said network switch further comprising:
    - a calculator for calculating a second authentication tag in response to said reassembled authentication protocol message frame; and
      
      a comparator for comparing said first and second authentication tags, wherein said network switch blocks further exchange of said Ethernet/802.3 frames associated with said client application if said first and second authentication tags do not match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Miller, Eric E.
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US10/307,110
Time in Patent Office

1,637 Days
Field of Search

None
US Class Current

726/3
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 63/0861   using biometrical features,...

H04L 63/162   at the data link layer

Continuous biometric authentication using frame preamble for biometric data

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Continuous biometric authentication using frame preamble for biometric data

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others