Biometric authentication for remote initiation of actions and services
First Claim
Patent Images
1. A method for authenticating a user on a client machine, the method comprising:
- determining a task set for processing user authentication data at the client machine;
determining a set of software components for executing the task set;
determining if the components are trustworthy;
providing a reference set of user authentication data to the client machine only if such software components are determined to be trustworthy and not providing the reference set of user authentication data otherwise;
comparing, on the client machine, the reference set of authentication data with a candidate set of authentication data to authenticate a user associated with the client machine and if there is a sufficient match between the candidate set of authentication data and the reference set of authentication data, providing a new task set based at least in part on the identity of the authenticated user.
7 Assignments
0 Petitions
Accused Products
Abstract
In one aspect, the invention relates to generating a trusted communication channel with a client. An agent module is provided at the client along with a task set including one or more tasks. One or more client components needed to complete each of the tasks of the task set is determined, and it is further determined whether each of the needed client components is trustworthy. An equivalent component for components determined to be untrustworthy may be provided.
209 Citations
28 Claims
-
1. A method for authenticating a user on a client machine, the method comprising:
-
determining a task set for processing user authentication data at the client machine; determining a set of software components for executing the task set; determining if the components are trustworthy; providing a reference set of user authentication data to the client machine only if such software components are determined to be trustworthy and not providing the reference set of user authentication data otherwise; comparing, on the client machine, the reference set of authentication data with a candidate set of authentication data to authenticate a user associated with the client machine and if there is a sufficient match between the candidate set of authentication data and the reference set of authentication data, providing a new task set based at least in part on the identity of the authenticated user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for generating a trusted communication channel for receiving user authentication data, the system comprising:
-
a task set for processing user authentication data on a client device; a set of software components for executing the task set on the client device; a comparator module for comparing a retrieved reference set of authentication data with a candidate set of authentication data; an agent module configured to (i) determine if the software components are trustworthy, and only if so, to retrieve to the client device the reference set of authentication data, the agent module not retrieving the reference set of user authentication data otherwise, (ii) to authenticate a user associated with the client device and if there is a sufficient match between the candidate set of authentication data and the reference set of authentication data, (iii) providing a new task set based at least in part on the identity of the authenticated user. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A system for generating a trusted communication channel, the system comprising:
-
a client device comprising; a task set for processing user authentication data; and a set of software components for executing the task set; a server in communication with the client device, the server having a reference set of authentication data; a comparator module for comparing the retrieved reference set of authentication data with a candidate set of authentication data; an agent module residing on the client device and configured to (i) determine if the software components are trustworthy, and only if so, to retrieve to the client device the reference set of authentication data, the agent module not retrieving the reference set of authentication data otherwise (ii) authenticate a user associated with the client device and if there is a sufficient match between the candidate set of authentication data and the reference set of authentication data (iii) provide a new task set based at least in part on the identity of the authenticated user. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An article of manufacture having computer-readable program portions embodied thereonfor generating a trusted communication channel with a client, the article comprising:
-
a computer-readable program portion for determining a task set for processing user authentication data; a computer-readable program portion for determining a set of software components for executing the task set; a computer-readable program portion for determining if the software components are trustworthy; a computer-readable program for providing a reference set of authentication data to a client if the software components are determined to be trustworthy and not providing the reference set of authentication data otherwise; a computer-readable program portion for comparing, on the client, the reference set of authentication data with a candidate set of authentication data and a computer-readable program portion for authenticating a user associated with the client and, if there is a sufficient match between the candidate set of authentication data and the reference set of authentication data, providing a new task set based at least in part on the identity of the authenticated user.
-
Specification