Biometric non-repudiation network security systems and methods
First Claim
1. A client device, comprising:
- a biometric unit configured to generate a biometric feature based on sensing a portion of a human body, a first biometric feature being generated at a first time for establishing a biometric key pair, a second biometric feature being generated at a second time that is after the first time for authenticating the client device;
a transceiver unit configured to send and receive message data over a network; and
a cryptographic engine configured to one of encrypt and decrypt message data and to generate one or more cryptographic keys based on a predetermined key generating algorithm, the cryptographic engine being configured to generate a client public key and a client private key associated with a client device identifier, the cryptographic engine being configured to generate a biometric public key and a biometric private key associated with the first user biometric feature, the cryptographic engine encrypting a hash of a first message data using the biometric private key when the first biometric feature matches the second biometric feature, wherein the first message data is encrypted with the client public key and contains a random token data from a server, the encrypted hash being appended to the first message data to form an authenticated first message data, the authenticated first message data being encrypted by a server public key to form an encrypted authenticated first message data, the encrypted authenticated first message data being sent over the network.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with an embodiment of the present invention, a client device includes a biometric unit, a transceiver unit, and a cryptographic engine. The biometric unit generates a first biometric feature at a first time and a second biometric feature at a second time based on sensing a portion of a human body. The transceiver unit sends and receives message data over a network. The cryptographic engine encrypts and decrypts message data, generates client public and private keys associated with a client device identifier, and generates biometric public and private keys associated with the first user biometric feature. The cryptographic engine encrypts a hash of a first message data using the biometric private key when the first and second biometric features match, and appends the encrypted hash forming an authenticated first message data that is encrypted by a server public key and sent over the network.
54 Citations
24 Claims
-
1. A client device, comprising:
-
a biometric unit configured to generate a biometric feature based on sensing a portion of a human body, a first biometric feature being generated at a first time for establishing a biometric key pair, a second biometric feature being generated at a second time that is after the first time for authenticating the client device; a transceiver unit configured to send and receive message data over a network; and a cryptographic engine configured to one of encrypt and decrypt message data and to generate one or more cryptographic keys based on a predetermined key generating algorithm, the cryptographic engine being configured to generate a client public key and a client private key associated with a client device identifier, the cryptographic engine being configured to generate a biometric public key and a biometric private key associated with the first user biometric feature, the cryptographic engine encrypting a hash of a first message data using the biometric private key when the first biometric feature matches the second biometric feature, wherein the first message data is encrypted with the client public key and contains a random token data from a server, the encrypted hash being appended to the first message data to form an authenticated first message data, the authenticated first message data being encrypted by a server public key to form an encrypted authenticated first message data, the encrypted authenticated first message data being sent over the network. - View Dependent Claims (2, 3, 4, 5, 24)
-
-
6. A user authentication device, comprising:
-
a component for generating a biometric feature based on sensing a portion of the body of a user, a first biometric feature being generated at a first time for establishing a biometric key pair, a second biometric feature being generated at a second time that is after the first time for authenticating; a component for sending and receiving message data over a network; and a component for encrypting and decrypting message data, the component for encrypting and decrypting message data being configured to generate one or more cryptographic keys based on a predetermined key generating algorithm, the component for encrypting and decrypting being configured to generate a client public key and a client private key associated with a client device identifier, the component for encrypting and decrypting being configured to generate a biometric public key and a biometric private key associated with the first user biometric feature, the component for encrypting and decrypting encrypting a hash of a first message data using the biometric private key when the first biometric feature matches the second biometric feature, wherein the first message data is encrypted with the client public key and contains a random token data from a server, the encrypted hash being appended to the first message data to form an authenticated first message data, the authenticated first message data being encrypted by a server public key to form an encrypted authenticated first message data, the encrypted authenticated first message data being sent over the network by the component for sending and receiving message data. - View Dependent Claims (7)
-
-
8. A biometric authentication method for a client device, comprising the operations of:
-
establishing a client device key pair, the client device key pair having a client private key and a client public key; establishing a user biometric key pair, the biometric key pair having a biometric private key and a biometric public key; asserting, by the client device, a transaction request; responding, by the client device, to a received biometric challenge from a second device that includes a predetermined portion encrypted with the client public key, wherein the predetermined portion includes a random token data from a server; generating, by the client device, a second user biometric feature in response to the received biometric challenge; generating, by the client device, a server public key encrypted biometric authentication when the second user biometric feature matches the first user biometric feature, the server public key encrypted biometric authentication including a hash of the random token data encrypted with the biometric private key and the transaction request; and establishing an authenticated communication with the second device. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A file server device, comprising:
-
a removable tamper proof memory configured to store and retrieve a server private key; a memory configured to store and retrieve a client public key, a biometric public key, and a token data; a cryptographic engine configured to one of encrypt and decrypt message data and to generate one or more cryptographic keys based on a predetermined key generating algorithm, the cryptographic engine being configured to generate a server public key and the server private key; and a transceiver unit configured to send and receive message data over a network, the transceiver unit being configured to receive a transaction request message from a client device and send a biometric challenge message to the client device, a portion of the biometric challenge message including the token data encrypted with the client public key, the transceiver unit being configured to receive a biometric authentication from the client device, a portion of the biometric authentication including a hash of the token data encrypted with the biometric private key and the transaction request message, both encrypted with the server public key, the file server decrypting the biometric authentication using the server private key, extracting the hash of the token data, decrypting the hash of the token data using the biometric public key to form a received token hash, computing a hash of the token data to form a stored token hash, and processing the transaction request when the stored token hash matches the received token hash. - View Dependent Claims (21)
-
-
22. A biometric authentication method for a server device, comprising the operations of:
-
receiving a transaction request from a client device including a predetermined portion encrypted with a server public key, the client device having a client private key and a client public key; asserting, by the server device, a biometric challenge to the transaction request, the biometric challenge including a random token data encrypted with the client public key, a successful response from the client device to the biometric challenge requiring a match between a golden biometric sample captured during an initialization sequence and a new biometric sample captured after the assertion of the biometric challenge; authenticating, by the server device, the transaction request when the biometric response from the client device is successful, wherein the authenticating comprises comparing a hash of the random token data received from the client device with a hash of the random token data stored in the server device, wherein the server device receives a server public key encrypted transaction request comprising a biometric private key encrypted hash; and establishing an authenticated communication with the client device. - View Dependent Claims (23)
-
Specification