Trusted biometric device

US 7,502,938 B2
Filed: 07/24/2003
Issued: 03/10/2009
Est. Priority Date: 07/25/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for enhancing the security of informational interactions with a biometric device, comprising:

pre-establishing an encryption relationship between a computing device and the biometric device, wherein the computing device and biometric device include separate but related encryption components and the biometric device encryption component is implemented as firmware and decrypts information encrypted by the computing device encryption component;

generating a session packet, wherein generating a session packet comprises generating a session number, generating a session time stamp, obtaining a session key, and storing the session number, the session time stamp, and the session key in the session packet;

maintaining a record of the session number, the session time stamp, and the session key in a database associated with the computing device;

encrypting the session packet utilizing the computing device encryption component and transmitting it to the biometric device;

receiving a biometric information packet from the biometric device, decrypting it with an encryption key that is complimentarily related to the session key, and making a determination as to whether or not to utilize a collection of biometric data contained in the decrypted biometric information packet, wherein making a determination comprises comparing a session number received with or as part of the biometric information packet to the record of the session number and evaluating the session time stamp to determine whether the biometric information packet was received within a predetermined time period;

wherein pre-establishing, generating, maintaining, encrypting, and receiving enhance the security of informational interactions between the biometric device that collects the collection of biometric data and the computing device that selectively utilizes the collection of biometric data; and

wherein the method is performed in the consecutive order of pre-establishing, generating, maintaining, encrypting, and receiving.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for enhancing the security of informational interactions with a biometric device is disclosed. The method includes pre-establishing an encryption relationship between a computing device and the biometric device. An instruction is received to begin an authorization or enrollment session. A session packet is generated and encrypted. The session packet is transmitted to the biometric device. A biometric information packet is received and decrypted. A determination is made, based on a content of the decrypted biometric information packet, as to whether or not to utilize a collection of biometric data contained in the decrypted biometric information packet.

57 Citations

View as Search Results

35 Claims

1. A computer-implemented method for enhancing the security of informational interactions with a biometric device, comprising:
- pre-establishing an encryption relationship between a computing device and the biometric device, wherein the computing device and biometric device include separate but related encryption components and the biometric device encryption component is implemented as firmware and decrypts information encrypted by the computing device encryption component;
  
  generating a session packet, wherein generating a session packet comprises generating a session number, generating a session time stamp, obtaining a session key, and storing the session number, the session time stamp, and the session key in the session packet;
  
  maintaining a record of the session number, the session time stamp, and the session key in a database associated with the computing device;
  
  encrypting the session packet utilizing the computing device encryption component and transmitting it to the biometric device;
  
  receiving a biometric information packet from the biometric device, decrypting it with an encryption key that is complimentarily related to the session key, and making a determination as to whether or not to utilize a collection of biometric data contained in the decrypted biometric information packet, wherein making a determination comprises comparing a session number received with or as part of the biometric information packet to the record of the session number and evaluating the session time stamp to determine whether the biometric information packet was received within a predetermined time period;
  
  wherein pre-establishing, generating, maintaining, encrypting, and receiving enhance the security of informational interactions between the biometric device that collects the collection of biometric data and the computing device that selectively utilizes the collection of biometric data; and
  
  wherein the method is performed in the consecutive order of pre-establishing, generating, maintaining, encrypting, and receiving.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein obtaining a session key comprises generating a public key portion of a PKI key pair.
  - 3. The method of claim 2, wherein receiving a biometric information packet and decrypting it comprises receiving a biometric information packet and decrypting it with a private key portion of the PKI key pair.
  - 4. The method of claim 1, wherein making a determination further comprises comparing a data representation of a user'"'"'s biometric information to at least one data representation of biometric information stored in a database.
  - 5. The method of claim 1, wherein pre-establishing an encryption relationship comprises storing a first part of a PKI key pair with the computing device and a second part of the PKI key pair with the biometric device.
  - 6. The method of claim 5, wherein encrypting the session packet comprises encrypting the session packet utilizing the first part of the PKI key pair.
  - 7. The method of claim 1, wherein Pre-establishing an encryption relationship comprises storing a first part of a static encryption key pair with the computing device and a second part of the static encryption key pair with the biometric device, one of the first and second parts being configured to decrypt information that has previously been encrypted utilizing the other part.
  - 8. The method of claim 7, wherein encrypting the session packet comprises encrypting the session packet utilizing the first part of the static encryption key pair.

9. A biometric security system comprising:
- a computing device having a first encryption component, a first encryption program, a processor, and a first interface, wherein the computing devices generates a session packet that is encrypted using the first encryption component and wherein the session packet comprises a session number, a session key, a command, a time stamp, and a first set of data;
  
  a database associated with the computing device, wherein the database stores a record of the session number, the session key, and the time stamp;
  
  a reader having a second encryption component, a second encryption program, and a second interface, wherein the reader generates a biometric information packet based upon the command, wherein the biometric information packet is encrypted using the session key, and wherein the biometric information packet comprises the session number, a model, and a second set of data;
  
  wherein the session packet is transmitted from the first interface to the second interface and the reader decrypts the session packet with the second encryption component;
  
  wherein the biometric information packet is transmitted from the second interface to the first interface and the computing device decrypts the biometric information packet with an encryption key that is complimentarily related to the session key;
  
  wherein the second encryption component is implemented as firmware and decrypts information encrypted by the first encryption component; and
  
  wherein the processor selectively utilizes the model based upon a comparison of the session number to a copy of the session number retrieved from the database and a comparison of the time stamp to a time indicative of when the biometric information packet was received by the computing device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 10. The biometric security system of claim 9 wherein the computing device generates the session packet in response to a request from the reader.
  - 11. The biometric security system of claim 9 wherein the computing device generates the session packet in response to a request from an independent application associated with the reader.
  - 12. The biometric security system of claim 9 wherein the computing device generates the session packet in response to a request for secured rights.
  - 13. The biometric security system of claim 9 wherein the session key is a public key and the encryption key complimentarily related to the session key is a private key.
  - 14. The biometric security system of claim 9 wherein the first encryption component is a first part of a PKI key pair and the second encryption component is a second part of the PKI key pair.
  - 15. The biometric security system of claim 9 wherein the first encryption component is a first part of a static key pair and the second encryption component is a second part of a static key pair.
  - 16. The biometric security system of claim 9 wherein the model comprises a collection of biometric information.
  - 17. The biometric security system of claim 16 wherein the collection of biometric information is collected as part of an enrollment operation and wherein the processor selectively utilizes the model by storing a copy of the model in the database.
  - 18. The biometric security system of claim 16 wherein the collection of biometric information is collected as part of an authorization operation and wherein the processor selectively utilizes the model to grant an access right.
  - 19. The biometric security system of claim 18 wherein the processor selectively utilizes the model to grant an access right comprises a comparison of the model to a match template stored in the database.
  - 20. The biometric security system of claim 9 wherein the processor performs an image qualification function on at least part of a collection of available image data and wherein the image qualification comprises determining whether the collection of available image data is fraudulent.
  - 21. The biometric security system of claim 9 wherein the processor performs an image qualification function on at least part of a collection of available image data and wherein the image qualification comprises determining whether the collection of available image data is of sufficient quality.
  - 22. The biometric security system of claim 9 wherein the processor performs an image qualification function on at least part of a collection of available image data and wherein the image qualification comprises determining whether the collection of available image data is fraudulent and whether the collection of available image data is of sufficient quality.

23. A computer-implement method for enhancing the security of informational interactions with a biometric device, the method comprising:
- pre-establishing an encryption relationship between the biometric device and a computing device, wherein pre-establishing comprises storing a first encryption component in the biometric device that is directly affiliated to a second encryption component stored in the computing device;
  
  requesting an access right associated with the computing device;
  
  initiating an authorization session;
  
  generating a session packet that includes a unique session number and a public key portion of a PKI key pair;
  
  retaining a copy of the session number and a private key portion of the PKI key pair;
  
  encrypting the session packet utilizing the second encryption component;
  
  transmitting the encrypted session packet that includes the session number and the public key portion of the PKI key pair to the biometric device;
  
  decrypting the session packet utilizing the first encryption component;
  
  collecting a set of biometric information from a system operator;
  
  generating a biometric information packet that includes the set of biometric information and the session number;
  
  encrypting the biometric information packet utilizing the public key portion of the PKI key pair that was transmitted to the biometric device in the encrypted session packet;
  
  transmitting the encrypted biometric information packet to the computing device;
  
  decrypting the encrypted biometric information packet utilizing the retained private key portion of the PKI key pair;
  
  comparing the retained copy of the session number to the session number included in the biometric packet;
  
  comparing a time frame to a predetermined time frame, wherein the time frame is based at least partially upon the time that the encrypted biometric packet is received by the computing device;
  
  utilizing the set of biometric information based upon a determination that the retained copy of the session number matches the session number included in the biometric packet and based upon a determination that the time frame is within the predetermined time frame;
  
  not utilizing the set of biometric information based upon a determination that the retained copy of the session number does not match the session number included in the biometric packet; and
  
  not utilizing the set of biometric information based upon a determination that the time frame is not within the predetermined time frame.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 24. The computer-implemented method of claim 23 wherein utilizing the set of biometric data comprises transferring the set of biometric information to a processor associated with the computing device.
  - 25. The computer-implemented method of claim 24 wherein transferring the biometric information to the processor associated with the computing device comprises transferring the biometric information to the processor for processing.
  - 26. The computer-implemented method of claim 25 wherein processing comprises an authentication.
  - 27. The computer-implemented method of claim 25 wherein processing comprises an enrollment.
  - 28. The computer-implemented method of claim 23 wherein the authorization session opens upon initiation and closes after a predetermined time.
  - 29. The computer-implemented method of claim 28 wherein the predetermined time comprises the amount of time required for the biometric device to complete a scan.
  - 30. The computer-implemented method of claim 23 wherein the unique session number comprises a non-consecutive number that is unique to a particular session.
  - 31. The computer-implemented method of claim 23 wherein the public key is unique to a particular session.
  - 32. The computer-implemented method of claim 23 wherein the public key is the same for multiple sessions.
  - 33. The computer-implemented method of claim 23 wherein collecting a set of biometric information from a system operator is based on a command received in the session packet.
  - 34. The computer-implemented method of claim 23 wherein the first encryption component is implemented as firmware.
  - 35. The computer-implemented method of claim 23 wherein the first encryption component is implemented as flash memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bio-Key International Incorporated
Original Assignee
Bio-Key International Incorporated
Inventors
LaCous, Mira
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
GERGISO, TECHANE

Application Number

US10/626,185
Publication Number

US 20040128520A1
Time in Patent Office

2,056 Days
Field of Search

713/186, 726/16, 726/24
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3297   involving time stamps, e.g....

Trusted biometric device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted biometric device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links