Biometric authentication with security against eavesdropping

US 7,398,549 B2
Filed: 05/17/2002
Issued: 07/08/2008
Est. Priority Date: 05/18/2001
Status: Active Grant

First Claim

Patent Images

1. A method for authentication using biometrics, the method comprising:

providing, at a server, a reference template with a reference set of biometric data associated with an individual;

receiving, at the server, an authentication request from a client associated with a user;

generating a copy of the reference template;

in response to receiving the authentication request, modifying the copy of the reference template with modification data to generate a challenge template, and transmitting the challenge template from the server to the client;

receiving a response vector based at least in part on the challenge template and a candidate set of biometric data; and

authenticating the user as the individual associated with the reference set of biometric data based at least in part on the response vector and the modification data.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to systems and methods for using a template in the authentication process using biometric data. In one embodiment, a module modifies a template of the reference set of biometric data with the candidate set of biometric data when the user is authenticated. In another embodiment, a module modifies a copy of the template of the reference biometric data with modification data thereby creating a challenge template. The client compares the challenge template to a candidate set of biometric data thereby creating a response vector. A module authenticates the user based on the response vector and the modification data.

137 Citations

21 Claims

1. A method for authentication using biometrics, the method comprising:
- providing, at a server, a reference template with a reference set of biometric data associated with an individual;
  
  receiving, at the server, an authentication request from a client associated with a user;
  
  generating a copy of the reference template;
  
  in response to receiving the authentication request, modifying the copy of the reference template with modification data to generate a challenge template, and transmitting the challenge template from the server to the client;
  
  receiving a response vector based at least in part on the challenge template and a candidate set of biometric data; and
  
  authenticating the user as the individual associated with the reference set of biometric data based at least in part on the response vector and the modification data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - receiving the candidate set of biometric data associated with the user; and
      
      comparing the candidate set of biometric data with the challenge template thereby generating the response vector.
  - 3. The method of claim 2 wherein the comparing step further comprises:
    - determining features in the candidate set of biometric data that match; and
      
      determining features in the candidate set of biometric data that do not match.
  - 4. The method of claim 3 wherein the authenticating step further comprises authenticating the user as the individual associated with the reference set of biometric data if the matched features exceed a predetermined threshold and the mismatched features match the modification data.
  - 5. The method of claim 1 further comprising registering the individual by generating the reference template with the reference set of biometric data from the individual.
  - 6. The method of claim 1 wherein the authenticating step further comprises authenticating the user as the individual associated with the reference set of biometric data if at least a portion of the data represented by the response vector matches the modification data and not authenticating the user otherwise.
  - 7. The method of claim 1 wherein the modification data contains random data.
  - 8. The method of claim 1 wherein the response vector is a hash result.
  - 9. The method of claim 1 wherein the reference template is a portion of a supertemplate.

10. A system for authentication using biometrics, the system comprisinga server device storing:
- a reference template having a reference set of biometric data associated with an individual requesting authentication from a client machine;
  
  a modification module configured to generate, in response to receiving an authentication request, a copy of the reference template and to modify the copy of the reference template with modification data to generate a challenge template;
  
  a network interface module configured to receive the authentication request and transmit the challenge template to the client in response thereto; and
  
  an authentication module configured i) to receive a response vector based at least in part on the challenge template and a candidate set of biometric data and ii) to authenticate a user as the registered individual in response to the response vector and the modification data.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10 wherein the modification data contains random data.
  - 12. The system of claim 10 wherein the response vector is a hash result.
  - 13. The system of claim 10 wherein the template is a portion of a supertemplate.
  - 14. The system of claim 10 wherein the client comprises a comparator module configured to compare the candidate set of biometric data, associated with the user, with the challenge template thereby generating the response vector.
  - 15. The system of claim 14 wherein the comparator module is further configured i) to determine features in the candidate set of biometric data that match and ii) to determine features in the candidate set of biometric data that do not match.
  - 16. The system of claim 15 wherein the authentication module is further configured to authenticate the user as the individual associated with the reference set of biometric data if the matched features exceed a predetermined threshold and the mismatched features match the modification data.
  - 17. The system of claim 10 further comprising a registration module configured to generate the reference template with the reference set of biometric data from the individual.
  - 18. The system of claim 10 wherein the authentication module is further configured to authenticate the user as the individual associated with the reference set of biometric data if at least a portion of the data represented by the response vector matches the modification data and not authenticating the user otherwise.

19. An article of manufacture storing computer-readable program portions embodied therein for authentication using biometrics, the article comprising:
- a computer-readable program portion for providing, at a server, a reference template with a reference set of biometric data associated with an individual;
  
  a computer-readable program portion for receiving, at a server, an authentication request, from a client associated with a user;
  
  a computer-readable program portion for generating a copy of the reference template;
  
  a computer-readable program portion for modifying the copy of the reference template with modification data to generate a challenge template in response to receiving the authentication request;
  
  a computer-readable program portion for transmitting the challenge template from the server to the client;
  
  a computer-readable program portion for receiving a response vector based at least in part on the challenge template and a candidate set of biometric data; and
  
  a computer-readable program portion for authenticating the user as the registered individual based at least in part on the response vector and the modification data.
- View Dependent Claims (20, 21)
- - 20. The article of claim 19 further comprising a computer-readable program portion for receiving the candidate set of biometric data associated with the user;
    - and a computer-readable program portion for comparing the candidate set of biometric data with the challenge template thereby generating the response vector.
  - 21. The article of claim 20 further comprising a computer-readable program portion for registering the individual by generating the reference template with the reference set of biometric data from the individual.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Imprivata Incorporated
Inventors
Ting, David M. T.
Primary Examiner(s)
Kincaid; Kristine
Assistant Examiner(s)
Shaw; Yin-Chen

Application Number

US10/147,789
Publication Number

US 20020174346A1
Time in Patent Office

2,244 Days
Field of Search

713/185, 713/186, 713/168, 713/182, 382/100, 382115-119, 382124-126, 382/128, 709/223, 709/225, 726/9, 726 2- 6, 235/375
US Class Current

726/5
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/57   Certifying or maintaining t...

H04L 2463/102   applying security measure f...

H04L 63/0407   wherein the identity of one...

H04L 63/0861   using biometrical features,...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 63/20   for managing network securi...

Biometric authentication with security against eavesdropping

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

137 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Biometric authentication with security against eavesdropping

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links