Method and apparatus for biometric authentication

US 7,404,086 B2
Filed: 01/24/2003
Issued: 07/22/2008
Est. Priority Date: 01/24/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a user, comprising:

receiving biometric information from a user;

retrieving an authentication policy that includes at least one requirement for authentication based on at least one security condition, including time of day;

retrieving stored user biometric information based on the authentication policy;

comparing the stored user biometric information and the received biometric information based on the authentication policy; and

determining if a user is authentic based on the comparing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A biometric authentication method and system may be implemented in a client server architecture to provide substantial access control security and ease of administration. Users are enrolled in the system by providing multiple biometric measurements which are stored in a database as part of the user'"'"'s biometric profile. Upon attempted access of a computer, the biometric authentication engine determines which biometrics are required and what the biometric matching criteria are based on the location of the computer, time of day and other security conditions. If the user is determined not to be authentic, a security policy may cause an action to occur such as revoking the user'"'"'s access privileges or causing the login attempt to appear to be successful while the authorities are summoned.

44 Citations

View as Search Results

57 Claims

1. A method for authenticating a user, comprising:
- receiving biometric information from a user;
  
  retrieving an authentication policy that includes at least one requirement for authentication based on at least one security condition, including time of day;
  
  retrieving stored user biometric information based on the authentication policy;
  
  comparing the stored user biometric information and the received biometric information based on the authentication policy; and
  
  determining if a user is authentic based on the comparing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method according to claim 1, wherein the biometric information is received from the user over a network.
  - 3. The method according to claim 2, wherein the network is the Internet.
  - 4. The method according to claim 1, wherein the authentication policy includes at least one requirement for authentication based on the user location.
  - 5. The method according to claim 1, wherein the at least one security condition includes previous failed login attempts.
  - 6. The method according to claim 1, wherein the authentication policy includes matching criteria.
  - 7. The method according to claim 6, wherein the matching criteria are determined based on security conditions.
  - 8. The method according to claim 7, wherein the security conditions further include at least one previous failed login attempt.
  - 9. The method according to claim 1, wherein the authentication policy includes a security policy and wherein the security policy defines a security action to be taken when the user is determined not to be authentic.
  - 10. The method according to claim 9, wherein the security action is simulating a normal authentication.
  - 11. The method according to claim 9, wherein the authentication policy determines not to retrieve any additional biometric information from the user when a predetermined threshold is reached.
  - 12. The method according to claim 1, further comprising:
    - retrieving additional biometric information from the user when the comparing determines that additional biometric information is needed.
  - 13. The method according to claim 1, further comprising:
    - granting a user access to a computer upon determining that the user is authentic.
  - 14. The method according to claim 1, further comprising:
    - storing user identification, location and time information for failed authentication attempts.
  - 15. The method according to claim 1, wherein the authentication policy is retrieved from a network database.
  - 16. The method according to claim 1, wherein the authentication policy is retrieved from a personal storage media.
  - 17. The method according to claim 1, further comprising at least two authentication policies corresponding to policies in effect at different physical locations and further comprising selecting the authentication policy for retrieval.
  - 18. The method according to claim 1, wherein the stored biometric information includes fingerprint information for more than one finger of at least one user, and wherein the comparing the stored user biometric information and the received biometric information based on the authentication policy includes comparing a scan of at least one of a user'"'"'s finger with the fingerprint information for a corresponding one of the fingers.

19. A computer program product for causing a computer to authenticate a user, the computer program product comprising a physical, computer usable medium having computer program logic stored therein, the computer program logic comprising:
- logic causing the computer to retrieve scanned biometric information for a user from a scanning device;
  
  logic causing the computer retrieve an authentication policy that includes user biometric information and requirements for authentication based on at least one security condition, including time of day;
  
  logic causing the computer to compare the user biometric information and the scanned biometric information based on the authentication policy; and
  
  logic causing the computer to determine if a user is authentic based on the comparing.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 20. The computer program product according to claim 19, wherein the biometric information is received from the user over a network.
  - 21. The computer program product according to claim 20, wherein the network is the Internet.
  - 22. The computer program product according to claim 19, wherein the authentication policy includes requirements for authentication based on the user location.
  - 23. The computer program product according to claim 19, wherein the security conditions include previous failed login attempts.
  - 24. The computer program product according to claim 23, wherein the security conditions include the time of day for previous failed login attempts.
  - 25. The computer program product according to claim 19, wherein the authentication policy includes matching criteria.
  - 26. The computer program product according to claim 25, wherein the matching criteria are determined based on security conditions.
  - 27. The computer program product according to claim 19, wherein the authentication policy includes a security policy and wherein the security policy takes a security action when the user is determined not to be authentic.
  - 28. The computer program product according to claim 27, wherein the security action is simulating a normal authentication.
  - 29. The computer program product according to claim 19, further comprising:
    - logic causing the computer to retrieve additional biometric information from the user when the comparing determines that additional biometric information is needed.
  - 30. The computer program product according to claim 29, wherein the authentication policy causes the computer to determine not to retrieve any additional biometric information from the user when a predetermined threshold is reached.
  - 31. The computer program product according to claim 19, further comprising:
    - logic causing the computer to grant a user access to a computer upon determining that the user is authentic.
  - 32. The computer program product according to claim 19, further comprising:
    - storing user identification, location and time information for failed authentication attempts.
  - 33. The computer program product according to claim 19, wherein the authentication policy is retrieved from a network database.
  - 34. The computer program product according to claim 19, wherein the authentication policy is retrieved from a personal storage media.
  - 35. The computer program product according to claim 19, further comprising at least two authentication policies corresponding to policies in effect at different physical locations and wherein the computer program logic further comprises logic causing the computer to select the authentication policy for retrieval.
  - 36. The computer program product according to claim 19, wherein the retrieved biometric information includes fingerprint information for more than one finger of a user and the logic causing the computer to compare the retrieved user biometric information and the scanned biometric information based on the authentication policy includes comparing a scan of at least one of a user'"'"'s fingers with the fingerprint information for a corresponding one of the fingers.

37. A system for authenticating a user, comprising:
- a persistent storage medium for storing an authentication policy, including at least one requirement for authentication based on at least one security condition, including time of day;
  
  a computer in communication with a network, the computer including a server authentication program stored therein, the computer executing the server authentication program to a) receive scanned biometric information from a scanning device for a user;
  
  b) retrieve an authentication policy;
  
  c) retrieve stored user biometric information based on the authentication policy;
  
  d) compare the stored user biometric information and the received biometric information based on the authentication policy; and
  
  e) determine if a user is authentic based on the comparing.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 38. The system according to claim 37, wherein the computer receives the scanned biometric information from the user over a network.
  - 39. The system according to claim 38, wherein the network is the Internet.
  - 40. The system according to claim 37, wherein the authentication policy includes requirements for authentication based on the user location.
  - 41. The system according to claim 37, wherein the security conditions include previous failed login attempts.
  - 42. The system according to claim 37, wherein the authentication policy includes matching criteria.
  - 43. The system according to claim 42, wherein the matching criteria are determined based on security conditions.
  - 44. The system according to claim 43, wherein the security conditions include the time of day or previous failed login attempts.
  - 45. The system according to claim 37, wherein the authentication policy includes a security policy and wherein the security policy causes the computer to take a security action when the user is determined not to be authentic.
  - 46. The system according to claim 45, wherein the security action is simulating a normal authentication.
  - 47. The system according to claim 37, wherein the computer retrieves additional biometric information from the user when the computer determines, based on the comparing, that additional biometric information is needed.
  - 48. The system according to claim 37, wherein the computer determines based on the authentication policy not to retrieve any additional biometric information from the user when a predetermined threshold is reached.
  - 49. The system according to claim 37, wherein the computer further grants a user access upon determining that the user is authentic.
  - 50. The system according to claim 37, wherein the computer stores user identification, location and time information for failed authentication attempts.
  - 51. The system according to claim 37, wherein the computer retrieves the authentication policy from a network database.
  - 52. The system according to claim 37, wherein the computer retrieves the authentication policy from a personal storage media.
  - 53. The system according to claim 37, further comprising at least two authentication policies corresponding to policies in effect at different physical locations and wherein the computer further executes the server authentication program to select the authentication policy for retrieval.
  - 54. The system according to claim 37, wherein the stored biometric information includes fingerprint information for more than one finger of at least one user, and wherein the comparison of the computer in d) includes comparing a scan of at least one of a user'"'"'s fingers with the fingerprint information for a corresponding one of the fingers.

55. A method for authenticating a user, comprising:
- receiving biometric information from a user;
  
  retrieving an authentication policy that includes a security policy;
  
  retrieving stored user biometric information based on the authentication policy;
  
  comparing the stored user biometric information and the received biometric information based on the authentication policy; and
  
  determining if a user is authentic based on the comparing; and
  
  wherein the security policy defines at least one security action when the user is determined not to be authentic.
- View Dependent Claims (56)
- - 56. The method according to claim 55, wherein the security action includes simulating a normal authentication.

57. A method for authenticating a user, comprising:
- receiving biometric information from a user;
  
  retrieving an authentication policy that includes at least one requirement for authentication based on at least one security condition;
  
  retrieving stored user biometric information based on the authentication policy;
  
  comparing the stored user biometric information and the received biometric information based on the authentication, policy; and
  
  determining if a user is authentic based on the comparing; and
  
  wherein the security conditions include the time of day of previous failed login attempts by a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced Biometric Controls, LLC
Original Assignee
AC Technologies SA
Inventors
Sands, Justin M., Sands, Christopher A., Sands, Arthur J. Jr.
Primary Examiner(s)
SMITHERS, MATTHEW

Application Number

US10/350,003
Publication Number

US 20040148526A1
Time in Patent Office

2,006 Days
Field of Search

713/186
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G07C 9/257   electronically G07C9/26 tak...

G07C 9/37   using biometric data, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

Method and apparatus for biometric authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for biometric authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links