Distributed network system using biometric authentication access

US 7,702,918 B2
Filed: 07/02/2002
Issued: 04/20/2010
Est. Priority Date: 07/18/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A customer relationship management system providing management and sharing of user information between two or more independent service providers, the customer relationship management system comprising:

a distributed network comprising a plurality of independently operable servers, each of the servers being (i) associated with a different service provider and (ii) adapted to communicate directly over the network with other servers included in the plurality of servers, each of the servers having a datastore with a plurality of datafields, each datastore adapted to store information about one or more users such that the information related to a single user is distributed across a plurality of different servers included in the network of independently operable servers; and

an authentication engine provided separately from the independently operable servers and from the datastores, the authentication engine having one or more previously enrolled biometrics and being adapted to enable an authentication of the identity of a user based on a match of a user provided biometric identifier with a biometric selected from the previously enrolled biometrics, whereinthe customer relationship management system is configured to enable within the network, on biometric authentication of a user, automatic communication and sharing of information relating to the user directly between two or more of the independently operable servers, andthe customer relationship management system is configured to provide a centralized access point for a user to a plurality of different datastores defined for a specific user and located at different ones of the independently operable servers, such that on authentication of the identity of the user by the authentication engine the user can interface with and access data at any one of the plurality of independently operable servers without requiring additional authentication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed network of independently operable servers is provided. Each server is adapted to communicate over the network with at least one of the other servers and has a datastore with a plurality of datafields adapted to store information about at least one user. By enabling an authentication of a user based on a user supplied biometric identifier, the network is adapted to enable the transfer of information relating to the user between different servers.

Citations

23 Claims

1. A customer relationship management system providing management and sharing of user information between two or more independent service providers, the customer relationship management system comprising:
- a distributed network comprising a plurality of independently operable servers, each of the servers being (i) associated with a different service provider and (ii) adapted to communicate directly over the network with other servers included in the plurality of servers, each of the servers having a datastore with a plurality of datafields, each datastore adapted to store information about one or more users such that the information related to a single user is distributed across a plurality of different servers included in the network of independently operable servers; and
  
  an authentication engine provided separately from the independently operable servers and from the datastores, the authentication engine having one or more previously enrolled biometrics and being adapted to enable an authentication of the identity of a user based on a match of a user provided biometric identifier with a biometric selected from the previously enrolled biometrics, whereinthe customer relationship management system is configured to enable within the network, on biometric authentication of a user, automatic communication and sharing of information relating to the user directly between two or more of the independently operable servers, andthe customer relationship management system is configured to provide a centralized access point for a user to a plurality of different datastores defined for a specific user and located at different ones of the independently operable servers, such that on authentication of the identity of the user by the authentication engine the user can interface with and access data at any one of the plurality of independently operable servers without requiring additional authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23)
- - 2. The system as claimed in claim 1, wherein:
    - the provision of the biometric identifier to the authentication engine by the user is via at least one of the servers; and
      
      the biometric identifier being encrypted such that only the authentication engine can obtain access to the presented biometric.
  - 3. The system as claimed in claim 2 wherein the biometric identifier is routed directly to the authentication engine from the at least one of the servers.
  - 4. The system as claimed in claim 2 wherein the biometric identifier is routed to the authentication engine through at least one of the other servers from the at least one of the servers.
  - 5. The system as claimed in claim 1 wherein:
    - the biometric identifier is accompanied by a claim identity;
      
      both the biometric identifier and claim identity are linkable to a unique user; and
      
      the authentication engine utilizes both the claim identity and biometric identifier to effect authentication of the user.
  - 6. The system as claimed in claim 1, wherein the authentication engine performs authentication of a user, where no additional user claim of identity is presented, on the basis of effecting a match between the submitted biometric identifier and at least one enrolled biometric identifier stored within the authentication engine.
  - 7. The system as claimed in claim 1, wherein:
    - a first server, included in the plurality of servers, includes a generic datastore that provides a generic dataset of information relevant to the user, which may be required by others of the plurality of servers; and
      
      the network is configured such that the first server is capable of being accessed by others of the plurality of servers.
  - 8. The system as claimed in claim 7 wherein the first server includes configuration information relevant to how information in the network is capable of being shared between the servers.
  - 9. The system as claimed in claim 1 further comprising a plurality of authentication engines, each of the plurality of authentication engines being adapted to communicate over a trusted communication link, whereby authentication by a user at a first authentication engine, included in the plurality of authentication engines, is capable of being accepted by a second authentication engine as authentication for that second authentication engine.
  - 10. The system as claimed in claim 9 wherein the authentication engines are configured such that if a request for authentication of an end user is received at the first engine and the first engine is not capable of authenticating the end user, the first authentication engine is adapted to forward the request to a second authentication engine, which on authentication of the user is adapted to respond to the first authentication engine confirming authentication.
  - 11. The system as claimed in claim 1 wherein the information relating to the one or more users is customer relationship management information.
  - 12. The system as claimed in claim 1 wherein the plurality of servers are configured such that any updating of information in a datastore of a first server, included in the plurality of servers, is communicated to at least a second server, included in the plurality of servers, so as to update the user information therein.
  - 13. The system as claimed in claim 1 wherein the sharing of information between servers is controlled by a set of policies and configurations determined by the user and stored at one of the servers.
  - 14. The system as claimed in claim 1 wherein the authentication engine is configured to at least one of store and receive a plurality of templates for use in the authentication of a user, the templates varying in either the biometric sample type that was used to create that template or offering different templates for the same sample type.
  - 15. The system as claimed in claim 14 wherein the provision of multiple templates that can then be matched against one or more presented identity claims enables the authentication engine to utilize multi-modal authentication means for a user or to use an alternative template for authentication if and when a first template is corrupted or fails to match.
  - 16. The system as claimed in claim 2 wherein the biometric identifier is provided in a template incorporating a biometric sample or values derived from the biometric sample, the template being encrypted with a public key of the authentication engine.
  - 17. The system as claimed in claim 1, wherein:
    - the authentication engine is adapted to store a plurality of datastore claim identities, each datastore claim identity being associated with one of the servers; and
      
      on receiving a biometric identifier associated with a user from another of the servers for authentication, the authentication engine is adapted to associate the another server with at least one of the stored datastore claim identities and return an appropriate claim identity to the another server upon authentication of the user.
  - 18. The system as claimed in claim 17 being further adapted to enable a user to register at the authentication engine a new datastore claim identity for a new server by effecting an assertion of a previously stored claim identity with the authentication engine, the assertion of the previously stored biometric identifier obviating the requirement to re-enroll the appropriate biometric identifier for association with the new datastore identity.
  - 19. The system as claimed in claim 1, wherein:
    - at least one of the servers is adapted to enable a transaction to be conducted between a user and the service provider in a first time period, the completion of the transaction effecting the association of a biometric identifier uniquely associated with the user with the transaction; and
      
      the server is adapted to enable a subsequent authentication of the associated biometric identifier by the authentication engine so as to authenticate the user.
  - 20. The system as claimed in claim 19, wherein the transaction data is a one-way hash of a digital document to be signed by the user, and after successful authentication of that user through the authentication engine, the network is adapted to enable the construction of a user digital signature using the document hash and a server-stored user signing key.
  - 21. The system as claimed in claim 1 adapted to enable plurality of users to conduct a simultaneous transaction, a server of the plurality of servers with which the users are interacting being configured such that the transaction is associated with a biometric identifier associated with each of the users and the transaction is only accepted once the authentication engine has authenticated each of the plurality of users.
  - 23. The system as claimed in claim 1, wherein the automatic communication and sharing of information relating to the user directly between two or more of the independently operable servers is in response to authentication by the user of the two or more of the independently operable servers.

22. A method of providing a customer relationship management system to enable a sharing of user specific information over a distributed network of a plurality of independently operable servers each being associated with a different service provider and to allow a user to access information personal to the user at any one of a number of the servers within the distributed network, said method comprising:
- providing a central datastore of generic user information;
  
  providing at each of the independently operable servers a plurality of remotely located datastores, each of the datastores having specific user information storeable thereon;
  
  providing within the system a distinct and separate authentication engine, the authentication engine being adapted to authenticate the user on the basis of a user presented biometric identifier; and
  
  enabling, on authentication of the user by the authentication engine, the user to access any one of the independently operable servers to at least one of retrieve and update user specific information within the datastore specific to the user, and to configure how the user specific information is to be transferred in a direct communication between respective datastores of the independently operable servers, whereineach of the remotely located datastores includes an address for the central datastore and the central datastore includes configuration information for transferring information between the distributed datastores, andon initially accessing the datastore specific to the user, the user is separately authenticated with the authentication engine and can then update information at any one of the datastores, the updating of the information effecting an updating of related information on any one of the other datastores through a direct communication between a plurality of the datastores.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Daon Holdings Limited
Original Assignee
Daon Holdings Limited
Inventors
Tattan, Oliver, Peirce, Michael
Primary Examiner(s)
Lanier; Benjamin E
Assistant Examiner(s)
ZECHER, CORDELIA P K

Application Number

US10/483,141
Publication Number

US 20040250085A1
Time in Patent Office

2,849 Days
Field of Search

713/186, 726 2- 5, 726/7, 726/8
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2117   User registration

H04L 63/0815   providing single-sign-on or...

H04L 63/0861   using biometrical features,...

H04L 63/126   the source of the received ...

H04L 67/01   Protocols

H04L 67/1001   for accessing one among a p...

H04L 67/1023   based on a hash applied to ...

H04L 67/306   User profiles

H04L 69/329   in the application layer [O...

Distributed network system using biometric authentication access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed network system using biometric authentication access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links