Method and system for confirming the identity of a user

US 7,690,032 B1
Filed: 05/22/2009
Issued: 03/30/2010
Est. Priority Date: 05/22/2009
Status: Active Grant

First Claim

Patent Images

1. A method of confirming the identity of a user comprising:

collecting a plurality of biometric credentials from an individual;

extracting biometric data, personal data and an original security feature corresponding to the biometric and personal data from each of the biometric credentials, wherein the original security feature for each credential is different;

processing the extracted biometric and personal data to generate a set of biometric data and a set of personal data, respectively, by converting the extracted biometric and personal data into a computer-readable data containing format such that the original security feature corresponding to the biometric and personal data extracted from a same credential is separately associated with the corresponding biometric data as a biometric security feature and is separately associated with the corresponding personal data as a personal security feature;

storing the set of biometric data and the set of personal data in a device as device data;

associating an additional security feature with an item of biometric data included in the set of biometric data and associating the additional security feature with at least one item of personal data included in the set of personal data, wherein the at least one item of personal data is from a different credential than the item of biometric data;

generating a user configurable policy comprising identities of a plurality of authenticating entities, each of the authenticating entities being associated with one of a plurality of levels of trust and a default rule corresponding to the one level of trust, wherein the default rule is one of a plurality of default rules that permit releasing a portion of the device data in accordance with a corresponding one of the levels of trust;

storing the user configurable policy in the device;

presenting, by a user in possession of the device, the device to one of the authenticating entities at an authentication station;

requesting biometric and personal data of the user from the device data, the biometric data corresponding to at least one biometric feature desired for authenticating the user, said requesting operation being performed by a workstation of the one authenticating entity;

consulting the user configurable policy in response to said requesting operation to determine whether the requested biometric data is permitted to be released from the device data;

releasing the requested biometric and personal data from the device data to the one authenticating entity when the default rule associated with the one authenticating entity permits releasing the requested biometric and personal data;

validating a logical link between the user in possession of the device and the released personal data by establishing a logical link between the released personal data and the released biometric data by certifying that a biometric security feature associated with the released biometric data and a personal security feature associated with the released personal data have not been modified and were issued in an original credential by a suitable issuer, and authenticating a biometric link between the user and the released biometric data by comparing the released biometric data against actual biometric data captured from the user in possession of the device; and

generating an output after said validating operation indicating a result of said validating operation.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of confirming the identity of a user includes processing biometric credentials, generating a user configurable policy including identities of a plurality of authenticating entities, storing the user configurable policy in a device, presenting the device to an authenticating entity at an authentication station, and requesting biometric and personal data of the user from the device data. The biometric data corresponds to at least one biometric feature desired for authenticating the user and the requesting operation is performed by a workstation of the authenticating entity. Moreover, the method includes consulting the user configurable policy in response to the requesting operation to determine whether the requested biometric data is permitted to be released from the device data, and releasing the requested biometric and personal data from the device data to the authenticating entity when the default rule associated with the one authenticating entity permits releasing the requested biometric and personal data.

335 Citations

15 Claims

1. A method of confirming the identity of a user comprising:
- collecting a plurality of biometric credentials from an individual;
  
  extracting biometric data, personal data and an original security feature corresponding to the biometric and personal data from each of the biometric credentials, wherein the original security feature for each credential is different;
  
  processing the extracted biometric and personal data to generate a set of biometric data and a set of personal data, respectively, by converting the extracted biometric and personal data into a computer-readable data containing format such that the original security feature corresponding to the biometric and personal data extracted from a same credential is separately associated with the corresponding biometric data as a biometric security feature and is separately associated with the corresponding personal data as a personal security feature;
  
  storing the set of biometric data and the set of personal data in a device as device data;
  
  associating an additional security feature with an item of biometric data included in the set of biometric data and associating the additional security feature with at least one item of personal data included in the set of personal data, wherein the at least one item of personal data is from a different credential than the item of biometric data;
  
  generating a user configurable policy comprising identities of a plurality of authenticating entities, each of the authenticating entities being associated with one of a plurality of levels of trust and a default rule corresponding to the one level of trust, wherein the default rule is one of a plurality of default rules that permit releasing a portion of the device data in accordance with a corresponding one of the levels of trust;
  
  storing the user configurable policy in the device;
  
  presenting, by a user in possession of the device, the device to one of the authenticating entities at an authentication station;
  
  requesting biometric and personal data of the user from the device data, the biometric data corresponding to at least one biometric feature desired for authenticating the user, said requesting operation being performed by a workstation of the one authenticating entity;
  
  consulting the user configurable policy in response to said requesting operation to determine whether the requested biometric data is permitted to be released from the device data;
  
  releasing the requested biometric and personal data from the device data to the one authenticating entity when the default rule associated with the one authenticating entity permits releasing the requested biometric and personal data;
  
  validating a logical link between the user in possession of the device and the released personal data by establishing a logical link between the released personal data and the released biometric data by certifying that a biometric security feature associated with the released biometric data and a personal security feature associated with the released personal data have not been modified and were issued in an original credential by a suitable issuer, and authenticating a biometric link between the user and the released biometric data by comparing the released biometric data against actual biometric data captured from the user in possession of the device; and
  
  generating an output after said validating operation indicating a result of said validating operation.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method of confirming the identity of a user in accordance with claim 1, wherein the released biometric data is released from the set of biometric data and the released personal data is released from the set of personal data.
  - 3. A method of confirming the identity of a user in accordance with claim 1, said authenticating operation comprising:
    - determining a numerical score for each of a plurality of different biometric comparison matches, wherein each numerical score is based on a quality of corresponding biometric comparison matches;
      
      calculating a confidence score by combining the numerical scores; and
      
      confirming the identity of the user when the confidence score is at least equal to a predetermined threshold value.
  - 4. A method of confirming the identity of a user in accordance with claim 1, further comprising prompting the one authenticating entity to select from alternative biometric data and personal data that an appropriate default rule permits releasing from the device data, when the appropriate default rule does not permit releasing the requested biometric and personal data from the device data.
  - 5. A method of confirming the identity of a user in accordance with claim 1, further comprising prompting the device to release the requested biometric and personal data after determining that the biometric data and the personal released by the device are not in accordance with said requesting operation such that the released biometric and personal data are not acceptable for authentication by the authenticating entity.

6. A system for confirming the identity of a user comprising:
- at least one computer configured as a server, said server comprising a processor and a database said processor being configured toextract biometric data, personal data and an original security feature corresponding to the biometric and personal data from each of a plurality of biometric credentials collected from an individual, wherein the original security feature for each credential is different,process the extracted biometric and personal data to generate a set of biometric data and a set of personal data, respectively, by converting the extracted biometric and personal data into a computer-readable data containing format such that the original security feature corresponding to the biometric and personal data extracted from a same credential is separately associated with the corresponding personal biometric security feature and is separately associated with the corresponding personal data as a personal security feature, andassociate an additional security feature with at least one item of biometric data included in the set of biometric data and associate the additional security feature with at least one item of personal data included in the set of personal data, wherein the at least one item of personal data is from a different credential that the at least one item of biometric data;
  
  a device having stored therein the set of biometric data and the set of personal data as device data, wherein each item of biometric data included in the set of biometric data corresponds to an item of personal data included in the set of personal data, said device being configured to store a user configurable policy comprising identities of a plurality of trusted authenticating entities, each of the trusted authenticating entities being associated with one of a plurality of levels of trust and a default rule corresponding to the one level of trust, the default rule being one of a plurality of default rules that permit releasing a portion of the device data in accordance with a corresponding one of the levels of trust, wherein each item of biometric data includes at least one representation of a biometric feature of an individual; and
  
  at least one workstation positioned at an authenticating station, said workstation comprising at least a workstation computer operationally coupled to a biometric credential reading device, wherein said server and said at least one workstation communicate and whereinsaid at least one workstation is configured to at least request biometric and personal data of a user in possession of said device from said device data when the user presents said device to said at least one workstation, the biometric data corresponding to at least one biometric feature desired to be used for authenticating the user, said device is further configured to consult the user configurable policy in response to the request for biometric and personal data, to determine whether the requested biometric and personal data are permitted to be released from the device data, and to release the requested biometric and personal data from the device data to an authenticating entity when an appropriate one of the default rules associated with the authenticating entity permits releasing the requested biometric and personal data, andsaid at least one workstation is further configured to validate a logical link between the user and personal data released by said device by establishing a logical link between the personal data and biometric data released by said device by certifying that the biometric security feature associated with the released biometric data and the personal security feature associated with the released personal data have not been modified and were issued in an original credential by a suitable issuer, and authenticating a biometric link between the user and the released biometric data by comparing the released biometric data against actual biometric data captured from the user, and generate an output indicating whether or not the logical link between the user and the released personal data is valid.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A system for confirming the identity of a user in accordance with claim 6, wherein the released biometric data is released from the set of biometric credential data and the released personal data is released from the set of personal data.
  - 8. A system for confirming the identity of a user in accordance with claim 6, wherein said device is further configured to change the levels of trust associated with corresponding trusted authenticating entities and to change the default rules corresponding to the levels of trust in response to user input.
  - 9. A system for confirming the identity of a user in accordance with claim 6, wherein said device is further configured to prompt said workstation to select from alternative biometric data and personal data that an appropriate default rule permits releasing from said device data, when the appropriate default rule does not permit releasing the requested biometric and personal data from said device data.
  - 10. A system for confirming the identity of a user in accordance with claim 6, wherein said workstation is further configured to prompt said device to release the requested biometric and personal data after determining that the biometric data and the personal data released by said device are not in accordance with the request for biometric and personal data such that the released biometric and personal data are not acceptable for authentication by the trusted authenticating entity.

11. A universal biometric credential device for confirming the identity of a user at an authenticating station, said universal biometric credential device comprising:
- a computer-readable recording medium configured to store a user configurable policy, a set of biometric data and a set of personal data, whereinthe user configurable policy comprises identities of a plurality of trusted authenticating entities, each of the trusted authenticating entities being associated with one of a plurality of levels of trust and a default rule corresponding to the one level of trust, the default rule being one of a plurality of default rules that permit releasing a portion of the device data in accordance with a corresponding one of the levels of trust, wherein each item of biometric data includes at least one representation of a biometric feature of an individual, andeach item of biometric data included in the set of biometric data corresponds to an item of personal data included in the set of personal data; and
  
  a device processor configured to receive a request from each of the trusted authenticating entities for biometric and personal data stored in said universal biometric credential device, configured to consult the user configurable policy in response to the request to determine whether the requested biometric and personal data are permitted to be released from said universal biometric credential device, and configured to release the requested biometric and personal data from said universal biometric credential device when an appropriate one of the default rules permits releasing the requested biometric and personal data, whereinsaid universal biometric credential device communicates with at least one workstation positioned at an authentication station of each of the authenticating entities, the at least one workstation comprises at least a workstation computer operationally coupled to a biometric credential reading device and is operable tocommunicate with a server,request biometric and personal data of a user in possession of said universal biometric credential device from the device data when the user presents said universal biometric credential device to the at least one workstation, the biometric data corresponding to at least one biometric feature desired to be used for authenticating the user,validate a logical link between the user and personal data released by said universal biometric credential device by establishing a logical link between the personal data and biometric data released by said universal biometric credential device by certifying that the biometric security feature associated with the released personal data have not been modified and were issued in an original credential by a suitable issuer, and authenticating a biometric link between the user and the released biometric data by comparing the released biometric data against actual biometric data captured from the user, andgenerate an output indicating whether or not the logical link between the user and the released person data is valid,the server comprises a server processor and a database, wherein the server processor is operable toextract biometric data, personal data and an original security feature corresponding to the biometric and personal data from each of a plurality of biometric credentials collected from an individual, wherein the original security feature for each credential is different,process the extracted biometric and personal data to generate the set of biometric data and the set of personal data, respectively, by converting the extracted biometric and personal data into a computer-readable data containing format such that the original security feature corresponding to the biometric and personal data extracted from a same credential is separately associated with the corresponding biometric data as a biometric security feature and is separately associated with the corresponding personal data as a personal security feature, andassociate an additional security feature with at least one item of biometric data included in the set of biometric data and associate the additional security feature with least one item of personal data included in the set of personal data, wherein the at least one item of personal data is from a different credential that the at least one item of biometric data.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The universal biometric credential device in accordance with claim 11, wherein said device processor is further configured to prompt each of the trusted authenticating entities to select from alternative biometric and personal data that the appropriate one of the default rules permits releasing from said universal biometric credential device, when the appropriate one of the default rules does not permit releasing the requested biometric and personal data from said universal biometric credential device.
  - 13. The universal biometric credential device in accordance with claim 11, wherein said universal biometric credential device is further configured to change the levels of trust associated with corresponding trusted authenticating entities and to change the default rules corresponding to the levels of trust in response to user input.
  - 14. The universal biometric credential device in accordance with claim 11, wherein the released biometric data is released from the set of biometric credential data and the released personal data is released from the set of personal data.
  - 15. The universal biometric credential device in accordance with claim 11, wherein the workstation is further operable to prompt said universal biometric credential device to release the requested biometric and personal data after determining that the biometric data and the personal data released by said universal biometric credential device are not in accordance with the request for biometric and personal data such that the released biometric and personal data are not acceptable for authentication by the trusted authenticating entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Daon Holdings Limited
Original Assignee
Daon Holdings Limited
Inventors
Peirce, Michael
Primary Examiner(s)
Homayounmehr; Farid

Application Number

US12/470,781
Time in Patent Office

312 Days
Field of Search

726/9, 726/20, 380/229, 713172-174, 705 65- 69
US Class Current

726/9
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/3678   e-cash details, e.g. blinde...

Method and system for confirming the identity of a user

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

335 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method and system for confirming the identity of a user

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

335 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others