Trusted biometric device
First Claim
1. A computer-implemented method for enhancing the security of informational interactions with a biometric device, comprising:
- pre-establishing an encryption relationship between a computing device and the biometric device, wherein the computing device and biometric device include separate but related encryption components and the biometric device encryption component is implemented as firmware and decrypts information encrypted by the computing device encryption component;
generating a session packet, wherein generating a session packet comprises generating a session number, generating a session time stamp, obtaining a session key, and storing the session number, the session time stamp, and the session key in the session packet;
maintaining a record of the session number, the session time stamp, and the session key in a database associated with the computing device;
encrypting the session packet utilizing the computing device encryption component and transmitting it to the biometric device;
receiving a biometric information packet from the biometric device, decrypting it with an encryption key that is complimentarily related to the session key, and making a determination as to whether or not to utilize a collection of biometric data contained in the decrypted biometric information packet, wherein making a determination comprises comparing a session number received with or as part of the biometric information packet to the record of the session number and evaluating the session time stamp to determine whether the biometric information packet was received within a predetermined time period;
wherein pre-establishing, generating, maintaining, encrypting, and receiving enhance the security of informational interactions between the biometric device that collects the collection of biometric data and the computing device that selectively utilizes the collection of biometric data; and
wherein the method is performed in the consecutive order of pre-establishing, generating, maintaining, encrypting, and receiving.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method for enhancing the security of informational interactions with a biometric device is disclosed. The method includes pre-establishing an encryption relationship between a computing device and the biometric device. An instruction is received to begin an authorization or enrollment session. A session packet is generated and encrypted. The session packet is transmitted to the biometric device. A biometric information packet is received and decrypted. A determination is made, based on a content of the decrypted biometric information packet, as to whether or not to utilize a collection of biometric data contained in the decrypted biometric information packet.
57 Citations
35 Claims
-
1. A computer-implemented method for enhancing the security of informational interactions with a biometric device, comprising:
-
pre-establishing an encryption relationship between a computing device and the biometric device, wherein the computing device and biometric device include separate but related encryption components and the biometric device encryption component is implemented as firmware and decrypts information encrypted by the computing device encryption component; generating a session packet, wherein generating a session packet comprises generating a session number, generating a session time stamp, obtaining a session key, and storing the session number, the session time stamp, and the session key in the session packet; maintaining a record of the session number, the session time stamp, and the session key in a database associated with the computing device; encrypting the session packet utilizing the computing device encryption component and transmitting it to the biometric device; receiving a biometric information packet from the biometric device, decrypting it with an encryption key that is complimentarily related to the session key, and making a determination as to whether or not to utilize a collection of biometric data contained in the decrypted biometric information packet, wherein making a determination comprises comparing a session number received with or as part of the biometric information packet to the record of the session number and evaluating the session time stamp to determine whether the biometric information packet was received within a predetermined time period; wherein pre-establishing, generating, maintaining, encrypting, and receiving enhance the security of informational interactions between the biometric device that collects the collection of biometric data and the computing device that selectively utilizes the collection of biometric data; and
wherein the method is performed in the consecutive order of pre-establishing, generating, maintaining, encrypting, and receiving. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A biometric security system comprising:
-
a computing device having a first encryption component, a first encryption program, a processor, and a first interface, wherein the computing devices generates a session packet that is encrypted using the first encryption component and wherein the session packet comprises a session number, a session key, a command, a time stamp, and a first set of data; a database associated with the computing device, wherein the database stores a record of the session number, the session key, and the time stamp; a reader having a second encryption component, a second encryption program, and a second interface, wherein the reader generates a biometric information packet based upon the command, wherein the biometric information packet is encrypted using the session key, and wherein the biometric information packet comprises the session number, a model, and a second set of data; wherein the session packet is transmitted from the first interface to the second interface and the reader decrypts the session packet with the second encryption component; wherein the biometric information packet is transmitted from the second interface to the first interface and the computing device decrypts the biometric information packet with an encryption key that is complimentarily related to the session key; wherein the second encryption component is implemented as firmware and decrypts information encrypted by the first encryption component; and wherein the processor selectively utilizes the model based upon a comparison of the session number to a copy of the session number retrieved from the database and a comparison of the time stamp to a time indicative of when the biometric information packet was received by the computing device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-implement method for enhancing the security of informational interactions with a biometric device, the method comprising:
-
pre-establishing an encryption relationship between the biometric device and a computing device, wherein pre-establishing comprises storing a first encryption component in the biometric device that is directly affiliated to a second encryption component stored in the computing device; requesting an access right associated with the computing device; initiating an authorization session; generating a session packet that includes a unique session number and a public key portion of a PKI key pair; retaining a copy of the session number and a private key portion of the PKI key pair; encrypting the session packet utilizing the second encryption component; transmitting the encrypted session packet that includes the session number and the public key portion of the PKI key pair to the biometric device; decrypting the session packet utilizing the first encryption component; collecting a set of biometric information from a system operator; generating a biometric information packet that includes the set of biometric information and the session number; encrypting the biometric information packet utilizing the public key portion of the PKI key pair that was transmitted to the biometric device in the encrypted session packet; transmitting the encrypted biometric information packet to the computing device; decrypting the encrypted biometric information packet utilizing the retained private key portion of the PKI key pair; comparing the retained copy of the session number to the session number included in the biometric packet; comparing a time frame to a predetermined time frame, wherein the time frame is based at least partially upon the time that the encrypted biometric packet is received by the computing device; utilizing the set of biometric information based upon a determination that the retained copy of the session number matches the session number included in the biometric packet and based upon a determination that the time frame is within the predetermined time frame; not utilizing the set of biometric information based upon a determination that the retained copy of the session number does not match the session number included in the biometric packet; and not utilizing the set of biometric information based upon a determination that the time frame is not within the predetermined time frame. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification