Biometric-based system and method for enabling authentication of electronic messages sent over a network

US 7,689,832 B2
Filed: 09/05/2001
Issued: 03/30/2010
Est. Priority Date: 09/11/2000
Status: Active Grant

First Claim

Patent Images

1. A system for data and user authentication using biometric means, to verify to a third party that a document purporting to be from a first party is an unaltered version of a document issued by said first party, the system comprising:

a) at least one network enabled client device for sending data to a network;

b) at least one biometric data input mechanism on said client device for capturing biometric data, said data input mechanism further being configured to digitally bind said captured biometric data at said client device to a document, said digital binding comprising encrypting said document using a session key generated from said biometric data, said session key being retained for subsequent decryption of said document therefrom at an instigation of said third party; and

c) an authentication server configured with storage for storing said session key, said storage making said session key available for said instigation by said third party, and enabling remote data and user authentication at said authentication server side and further configured to pass a token to said client device if said user authentication is successful, said token to enable generation of said binding in association with said authentication, said binding thereby verifying the document in a current version as coming from said first party, and reversing said binding using said session key thereby verifying to said third party that a document obtained thereby is said current version from said first party, said first party identification thereby comprising biometric identification.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network based mechanism for real time verification and authentication of data and user identities. The present invention enables a method whereby biometric elements, such as voice prints, are utilized to enhance the Public Key Infrastructure as a means to decrypt data and verify data authenticity, such that the user'"'"'s private key is authenticated remotely on a one-time basis. The present invention comprises an authentication server (25) with various software modules that enable authentication of user identity, secure user access to data, digital signatures, secure messaging and secure online transactions.

Citations

26 Claims

1. A system for data and user authentication using biometric means, to verify to a third party that a document purporting to be from a first party is an unaltered version of a document issued by said first party, the system comprising:
- a) at least one network enabled client device for sending data to a network;
  
  b) at least one biometric data input mechanism on said client device for capturing biometric data, said data input mechanism further being configured to digitally bind said captured biometric data at said client device to a document, said digital binding comprising encrypting said document using a session key generated from said biometric data, said session key being retained for subsequent decryption of said document therefrom at an instigation of said third party; and
  
  c) an authentication server configured with storage for storing said session key, said storage making said session key available for said instigation by said third party, and enabling remote data and user authentication at said authentication server side and further configured to pass a token to said client device if said user authentication is successful, said token to enable generation of said binding in association with said authentication, said binding thereby verifying the document in a current version as coming from said first party, and reversing said binding using said session key thereby verifying to said third party that a document obtained thereby is said current version from said first party, said first party identification thereby comprising biometric identification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein said authentication server further comprises:
    - i) a web-server component for serving HTTP requests;
      
      ii) a business logic application for matching between biometric data to be verified and stored biometric data; and
      
      iii) at least one database for storing system data.
  - 3. The system of claim 1, wherein said authentication server includes:
    - i) a registration module for enabling secure remote registration to the authentication server; and
      
      ii) a secure access module for enabling secure access to data stored on a network, said secure access enabling one-time user authentication, following said secure remote registration.
  - 4. The system of claim 3, wherein said secure access module is designed and configured to verify a biometric sample, a unique device identity and a PIN.
  - 5. The system of claim 3, wherein the secure access module comprises a digital signature module designed and configured for enabling the one-time user authentication.
  - 6. The system of claim 5, wherein said digital signature is designed and configured to verify a biometric sample, a unique device identity and a PIN.
  - 7. The system of claim 3, wherein the secure access module comprises a secure messaging module designed and configured to enable secure messaging between at least two network-enabled client devices.
  - 8. The system of claim 7, wherein said secure messaging module is designed and configured to verify a biometric sample, a unique device identity and a PIN.
  - 9. The system of claim 3, further comprising a secure transactions module for enabling secure network-based transactions between said client devices and network-based commercial entities, said transactions requiring one-time user authentication.
  - 10. The system of claim 9, wherein said secure transactions module is designed and configured to verify a biometric sample, a unique device identity and a PIN.
  - 11. The system of claim 1, further comprising at least one additional network-enabled client device for receiving data from first said at least one network-enabled client device and from said authentication server.
  - 12. The system of claim 1, wherein said digital binding comprises applying one member of the group consisting of whole document encryption, whole document tagging, and whole document attachment.

13. A method for enhancing data and user authentication using a biometric mechanism to verify to third parties that a document purporting to be from a first party is an unaltered version of a document issued by said first party, comprising the steps of:
- a) enabling secure biometric remote registration by at least one user;
  
  b) authenticating user identity, by an authentication server, by means of a secure data access procedure implemented from a client side device, said secure data access procedure comprising digitally binding biometric data of said biometric remote registration to a document, said digital binding comprising reversibly encrypting said document using a session key generated from said biometric data,c) storing said session key for said third parties to make authentication queries on said document;
  
  d) sending a token from said authentication server to said client side device following said data and user authentication, said token enabling said binding to be generated in association with said authentications;
  
  e) subsequently decrypting said document using said session key at the instigation of one or more of said third parties, said decrypting using said session key providing said data and user authentication, said user authentication thereby comprising biometric identification.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 14. The method of claim 13, further comprising accessing said authentication server from a plurality of devices, said devices selected from the group consisting of PCs, laptops, PDAs, smart phones, cellular phones, wireline phones and mobile computers.
  - 15. The method of claim 13, further comprisingc) execution of a digital signature verification procedure, by said authentication server, to authenticate a digital signature of said authenticated user.
  - 16. The method of claim 13, wherein said authenticating said user identity includes the steps of:
    - i) registering personal details with an authentication server, by said user;
      
      ii) registering at least one biometric characteristic with said authentication server, by said user;
      
      iii) sending a secret number to said user, by an authentication server;
      
      iv) logging in to said authentication server, using said secret number, a computer device ID and at least one biometric characteristic, by said user; and
      
      v) verifying said user, by comparing said login data with said registered information, such that said registered information includes said computer device ID and at least one said biometric characteristic.
  - 17. The method of claim 14, wherein said accessing said authentication server from a plurality of devices includes the steps of:
    - i) authenticating said user;
      
      ii) creating a roaming diskette for said user; and
      
      iii) performing authentication actions on a computing device that is compatible with said diskette, using said diskette;
      
      wherein said roaming diskette enables accessing said authentication server from a plurality of devices.
  - 18. The method of claim 13, wherein said secure data access procedure includes the following steps:
    - i) providing a memory unit for storing information including a stored voice print and an identity of each of a plurality of individuals, said stored voice print of each of said plurality of individuals being generated from corresponding voice data thereof;
      
      ii) collecting information provided by said user, said information being for verifying that said user is a specific individual from among said plurality of individuals;
      
      iii) processing temporary voice data collected from said user into a temporary voice print;
      
      iv) comparing said temporary voice print with said stored voice print of each of at least a portion of said plurality of individuals including said specific individual; and
      
      v) granting access to said user, only if said temporary voice print is similar to said stored voice print of said specific individual.
  - 19. The method of claim 18, wherein a sender signs and sends a digitally signed message and a recipient, receiving the digitally signed message opens the message;
    - and wherein the opening causes a notification of opening to be sent to an authentication server, the server responding by sending a transaction certificate to said recipient, said certificate including information selected from the group consisting of a sender'"'"'s email, date stamp, time stamp, gender, first name, last name, service provider name, public key of said transaction, and a digital signature signed by a Business Registrar.
  - 20. The method of claim 15, wherein said execution of a digital signature verification procedure includes the steps of:
    - i) entering, by a sender, a location of an information source to be signed;
      
      ii) requesting said sender to enter a user PIN and entering prompted combinations;
      
      iii) obtaining an envelope for said document, such that said envelope facilitates hashing of said document;
      
      iv) encrypting said document using a hashing mechanism;
      
      v) sending said encrypted document to at least one receiver as a message; and
      
      vi) combining said encrypted document and said prompted combinations to form said user'"'"'s digital signature of the message.
  - 21. The method of claim 20, further including the steps of:
    - vii) receiving said message, with said encrypted document as an attachment thereof;
      
      viii) opening said attachment, and starting a digital signature module (DSM) application to decrypt the received digital signature and verify sender'"'"'s authenticity; and
      
      ix) comparing a voice and a hash of said hashing mechanism, and validating said received message only if the voice and the hash match, and receiving sender user/personal details from said authentication server.
  - 22. The method of claim 20, wherein step vi further comprises storing said digital signature as user proof-of-purchase.
  - 23. The method of claim 13 further comprising execution of a secure messaging verification procedure.
  - 24. The method of claim 23, wherein said execution of a secure messaging verification procedure includes:
    - i) creating a message;
      
      ii) sending the message to a receiver;
      
      iii) obtaining a voice sample of the receiver;
      
      iv) authenticating the voice sample of the message receiver receiving the message;
      
      v) matching recipient personal information with information specified by a sender; and
      
      vi) opening said message.
  - 25. The method of claim 24, wherein authenticating a voice sample of the message receiver comprises the steps of:
    - 1) sending a token of a request number to a message sender, by said server;
      
      2) generating a random symmetric encryption key and sending said key to said server, by said message sender;
      
      3) if the voice sample of the message receiver is authenticated by said server, sending said token of request number from said recipient to said server; and
      
      4) sending said symmetric encryption key corresponding to said request, by said server.
  - 26. The method of claim 24, wherein said sender specifies a plurality of recipients.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sentrycom Limited
Original Assignee
Sentrycom Limited
Inventors
Talmor, Rita, Talmor, Alon, Talmor, Eli
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Powers; William S

Application Number

US10/344,162
Publication Number

US 20030135740A1
Time in Patent Office

3,128 Days
Field of Search

713/186, 726/26
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/645   using a third party

H04L 2209/56   Financial cryptography, e.g...

H04L 9/006   involving public key infras...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3249   using RSA or related signat...

Biometric-based system and method for enabling authentication of electronic messages sent over a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Biometric-based system and method for enabling authentication of electronic messages sent over a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links