System and method for sequentially processing a biometric sample
First Claim
1. A system for providing access to a controlled resource, said system comprising:
- a hardware security token including a first cryptographic means and a first biometric verification means configured to allow access to a controlled resource, wherein the security token is configured to perform a first verification attempt of a biometric sample; and
a stateless server configured to respond to said security token and including second biometric verification means and second cryptographic means compatible with said first cryptographic means, the second cryptographic means being coupled to said second biometric verification means;
wherein the security token is configured to transfer the biometric sample and a biometric processing parameter to the stateless server for a second verification attempt, and wherein the stateless server generates a cryptographic secret using the biometric processing parameter and sends said cryptographic secret to said security token if said second verification attempt is successful.
3 Assignments
0 Petitions
Accused Products
Abstract
This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users. Signals generated by the stateful server are used by the security token to allow or deny access to a resource or function. In both embodiments of the invention, the heuristics remain with the security token.
-
Citations
69 Claims
-
1. A system for providing access to a controlled resource, said system comprising:
-
a hardware security token including a first cryptographic means and a first biometric verification means configured to allow access to a controlled resource, wherein the security token is configured to perform a first verification attempt of a biometric sample; and a stateless server configured to respond to said security token and including second biometric verification means and second cryptographic means compatible with said first cryptographic means, the second cryptographic means being coupled to said second biometric verification means; wherein the security token is configured to transfer the biometric sample and a biometric processing parameter to the stateless server for a second verification attempt, and wherein the stateless server generates a cryptographic secret using the biometric processing parameter and sends said cryptographic secret to said security token if said second verification attempt is successful. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for providing access to a controlled resource, said system comprising:
-
a physical security token comprising a first cryptographic module and a first biometric processing module, wherein the security token is configured to perform a first verification attempt of a biometric sample; and a stateless server configured to respond to said security token, wherein the stateless server includes a second biometric processing module and a second cryptographic module compatible with said first cryptographic module and coupled to said second biometric processing module; wherein the security token is configured to transfer the biometric sample and a biometric processing parameter to the stateless server for a second verification attempt, and wherein the stateless server generates a cryptographic secret using the biometric processing parameter and sends said cryptographic secret to said security token if said second verification attempt is successful. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A server for providing access to a controlled resource, the server comprising:
-
a biometric processing module configured to receive a biometric sample and a biometric processing parameter from a hardware security token for a second verification attempt when the security token has failed a first verification attempt of the biometric sample; a comparator in communication with the biometric processing module, wherein the comparator is configured to compare a result from the biometric processing module with a biometric reference to generate a verification signal; and a cryptographic module configured to generate a cryptographic secret using the biometric processing parameter and send said cryptographic secret to said security token if said second verification attempt is successful. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
-
Specification