Secure local or remote biometric(s) identity and privilege (BIOTOKEN)

US 7,805,614 B2
Filed: 03/31/2005
Issued: 09/28/2010
Est. Priority Date: 04/26/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for utilizing a BIOTOKEN, wherein the BIOTOKEN includes a processor, biometric reader, a memory, and a communications interface, for secure identification comprising:

upon detecting a null value in a secure storage of private keys, generating and validating a public/private asymmetric key pair containing a public key and a private key;

transmitting the public key and a unique serial number of the BIOTOKEN to an initialization point when the private key is detected in the memory at power up of the BIOTOKEN;

collecting biometric data from a user;

temporarily storing the biometric data in the memory on the BIOTOKEN;

creating a first data packet including a random number and the collected biometric data;

encrypting the first data packet using a symmetric key;

encrypting the symmetric key using the private key so that the first data packet can be decrypted only by the public key;

creating a second data packet including the encrypted first data packet, the encrypted symmetric key and the unique serial number;

issuing a public certificate containing the unique serial number of the BIOTOKEN;

transmitting the second data packet to the initialization point;

immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN after initialization; and

during enrollment, cryptographically binding the unique serial number, the biometrics and the public certificate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.

47 Citations

View as Search Results

42 Claims

1. A method for utilizing a BIOTOKEN, wherein the BIOTOKEN includes a processor, biometric reader, a memory, and a communications interface, for secure identification comprising:
- upon detecting a null value in a secure storage of private keys, generating and validating a public/private asymmetric key pair containing a public key and a private key;
  
  transmitting the public key and a unique serial number of the BIOTOKEN to an initialization point when the private key is detected in the memory at power up of the BIOTOKEN;
  
  collecting biometric data from a user;
  
  temporarily storing the biometric data in the memory on the BIOTOKEN;
  
  creating a first data packet including a random number and the collected biometric data;
  
  encrypting the first data packet using a symmetric key;
  
  encrypting the symmetric key using the private key so that the first data packet can be decrypted only by the public key;
  
  creating a second data packet including the encrypted first data packet, the encrypted symmetric key and the unique serial number;
  
  issuing a public certificate containing the unique serial number of the BIOTOKEN;
  
  transmitting the second data packet to the initialization point;
  
  immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN after initialization; and
  
  during enrollment, cryptographically binding the unique serial number, the biometrics and the public certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving the random number from the initialization point.
  - 3. The method of claim 1, wherein the received serial number is transmitted from the initialization point.
  - 4. The method of claim 1, further comprising:
    - comparing the received serial number with the unique serial number;
      
      if the received serial number does not match the unique serial number, clearing all memory locations storing at least one of the first data packet and the second data packet.
  - 5. The method of claim 1, wherein the collecting biometric data comprises one or more of the following from the user:
    - collecting a voice print from the user;
      
      collecting a finger print from the user;
      
      scanning the user'"'"'s retina;
      
      orcollecting a DNA sample from the user.
  - 6. The method of claim 1, further comprising:
    - clearing all memory locations storing at least one of the first data packet and the second data packet after the second data packet is transmitted to the initialization point.
  - 7. The method of claim 1, further comprising:
    - generating the symmetric key at the BIOTOKEN.

8. A method for initializing a BIOTOKEN, wherein the BIOTOKEN includes a processor, a biometric reader, a memory, and a communications interface, comprising:
- generating a private key and a public key when a null private key is detected after powering up the BIOTOKEN;
  
  storing the private key in the memory;
  
  transmitting a unique serial number associated with the BIOTOKEN and the public key to an initialization point;
  
  collecting biometric data from a user;
  
  temporarily storing the biometric data in the memory on the BIOTOKEN;
  
  creating a first data packet including a random number and the collected biometric data;
  
  encrypting the first data packet using a symmetric key;
  
  encrypting the symmetric key using the private key so that the first data packet can be decrypted only by the public key;
  
  creating a second data packet including the encrypted first data packet, the encrypted symmetric key and the unique serial number;
  
  transmitting the second data packet to the initialization point; and
  
  immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN after initialization.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising:
    - receiving the random number from the initialization point.
  - 10. The method of claim 8, wherein the received serial number is transmitted from the initialization point.
  - 11. The method of claim 8, further comprising:
    - comparing the received serial number with the unique serial number;
      
      if the received serial number does not match the unique serial number, clearing all memory locations storing at least one of the first data packet and the second data packet.
  - 12. The method of claim 8, wherein the collecting biometric data comprises one or more of the following from the user:
    - collecting a voice print from the user;
      
      collecting a finger print from the user;
      
      scanning the user'"'"'s retina;
      
      orcollecting a DNA sample from the user.
  - 13. The method of claim 8, further comprising:
    - clearing all memory locations storing at least one of the first data packet and the second data packet after the second data packet is transmitted to the initialization point.

14. A method for initializing a BIOTOKEN at an initialization point, the method comprising:
- receiving a public key and a unique serial number from a BIOTOKEN, wherein the BIOTOKEN includes a processor, a biometric reader, a memory, and a communications interface, wherein an encrypted biometric data associated with a user can only be decrypted using the public key;
  
  generating a random number;
  
  transmitting the random number and the unique serial number to the BIOTOKEN;
  
  comparing a serial number received from the BIOTOKEN with the unique serial number, and when there is a match,decrypting an encrypted symmetric key that is encrypted by a private key and transmitted by the BIOTOKEN using the public key; and
  
  decrypting an encrypted random number and the encrypted biometric data using the decrypted symmetric key;
  
  comparing the decrypted random number with the transmitted random number at the initialization point and, when there is a match, validating the decrypted biometric data;
  
  issuing a public certificate containing the unique serial number of the BIOTOKEN;
  
  transmitting the received serial number and the public key to a certification authority when the biometric data is validated; and
  
  immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN after initialization; and
  
  during enrollment, cryptographically binding the unique serial number, the biometrics and the public certificate.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The method of claim 14, further comprising:
    - issuing an authentication certificate associated with the BIOTOKEN by the certification authority.
  - 16. The method of claim 14, further comprising:
    - publishing the authentication certificate in a database, wherein the database is only accessible by authorized parties.
  - 17. The method of claim 14, wherein validating the decrypted biometric data comprises:
    - comparing the decrypted biometric data associated with the user with a test biometric data associated with a BIOTOKEN owner.
  - 18. The method of claim 14, wherein the user is an authorized user of the BIOTOKEN.
  - 19. The method of claim 14, further comprising:
    - establishing test biometric data associated with a BIOTOKEN owner.
  - 20. The method of claim 14, further comprising:
    - aborting the initialization method if one or more of the following are true;
      
      the received serial number does not match the unique serial number;
      
      the received serial number does not match the unique serial number within a predetermined period of time;
      
      the decrypted random number does not match the transmitted random number;
      
      orthe decrypted random number does not match the transmitted random number within a predetermined period of time.
  - 21. The method of claim 14, further comprising:
    - destroying one or more of the following if the received serial number does not match the unique serial number;
      
      the public key, the decrypted random number, the generated random number or the decrypted biometric information.
  - 22. The method of claim 14, further comprising:
    - destroying one or more of the following if the decrypted random number does not match the transmitted random number;
      
      the public key, the decrypted random number, the generated random number of the decrypted biometric information.

23. A method for enrolling a BIOTOKEN, the method comprising:
- receiving a unique serial number from a BIOTOKEN, wherein the BIOTOKEN includes a processor, a biometric reader, a memory, and a communications interface;
  
  generating random number;
  
  transmitting the random number and the unique serial number to the BIOTOKEN;
  
  retrieving a public key and an authentication certificate associated with the BIOTOKEN based on the unique serial number, wherein an encrypted biometric data associated with a user can only be decrypted using the public key;
  
  comparing a serial number received from the BIOTOKEN with the unique serial number, and when there is a match,decrypting an encrypted symmetric key that is encrypted by a private key and transmitted by the BIOTOKEN using the public key;
  
  decrypting an encrypted random number and the encrypted biometric data using the decrypted symmetric key;
  
  comparing the decrypted random number with the transmitted random number at an enrolling point and, when there is a match, validating the decrypted biometric data;
  
  transmitting the received serial number and the public key to a certification authority when the biometric data is validated; and
  
  immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The method of claim 23, further comprising:
    - issuing an authentication certificate associated with the BIOTOKEN by the certification authority, wherein the authentication certificate contains the received serial number, the public key, identity data for the user and a set of privileges granted to the user of the BIOTOKEN.
  - 25. The method of claim 24, further comprising:
    - publishing the authentication certificate and the decrypted biometric data associated with the user in a database, wherein the database is only accessible by authorized parties.
  - 26. The method of claim 23, further comprising:
    - establishing reference biometric data associated with a BIOTOKEN owner.
  - 27. The method of claim 26, wherein the validating the decrypted biometric data comprises:
    - comparing the decrypted biometric data associated with the user with the reference biometric data associated with a BIOTOKEN owner.
  - 28. The method of claim 23, further comprising:
    - aborting the enrollment method if one or more of the following is true;
      
      a public key is received from the BIOTOKEN;
      
      the received serial number does not match the unique serial number;
      
      the received serial number does not match the unique serial within a predetermined period of time;
      
      the decrypted random number does not match the transmitted random number;
      
      orthe decrypted random number does not match the transmitted random number within a predetermined period of time.
  - 29. The method of claim 23, within the user is an authorized user of the BIOTOKEN.
  - 30. The method of claim 23, further comprising:
    - destroying one or more of the following if the received serial number does not match the unique serial number;
      
      the public key, the decrypted random number, the generated random number or the decrypted biometric information.
  - 31. The method of claim 23, further comprising:
    - destroying one or more of the following if the decrypted random number does not match the transmitted random number;
      
      the public key, the decrypted random number, the generated random number of the decrypted biometric information.

32. A method for authenticating a BIOTOKEN, the method comprising:
- receiving a unique serial number from a BIOTOKEN, wherein the BIOTOKEN includes a processor, a biometric reader, a memory, and a communications interface, wherein an encrypted biometric data associated with a user can only be decrypted using the public key;
  
  generating a random number;
  
  transmitting the random number and the unique serial number to the BIOTOKEN;
  
  retrieving a public key and a authentication certificate associated with the BIOTOKEN based on the unique serial number;
  
  comparing a serial number received from the BIOTOKEN with the unique serial number, and when there is a match,decrypting an encrypted symmetric key that is encrypted by a private key and transmitted by the BIOTOKEN using the public key; and
  
  decrypting an encrypted random number and the encrypted biometric data using the decrypted symmetric key;
  
  comparing the decrypted random number with the transmitted random number at an authentication point and, when there is a match, comparing the decrypted biometric data with reference biometric data;
  
  authenticating the user of the BIOTOKEN when the decrypted biometric data matches the reference biometric data; and
  
  immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The method of claim 32, further comprising:
    - establishing reference biometric data associated with a BIOTOKEN owner.
  - 34. The method of claim 32, further comprising:
    - a public key is received from the BIOTOKEN;
      
      the received serial number does not match the unique serial number;
      
      the received serial number does not match the unique serial umber within a predetermined period of time;
      
      the decrypted random number does not match the transmitted random number;
      
      orthe decrypted random number does not match the transmitted random number within a predetermined period of time.
  - 35. The method of claim 32, further comprising:
    - destroying one or of the following if the received serial number does not match the unique serial number;
      
      the public key, the decrypted random number, the generated random number of the decrypted biometric information.
  - 36. The method of claim 32, further comprising:
    - destroying one or more of the following if the decrypted random number does not match the transmitted random number;
      
      the public key, the decrypted random number, the generated random number or the decrypted biometric information.

37. A BIOTOKEN comprising:
- a processor;
  
  a biometric reader;
  
  a communications interface; and
  
  a memory, wherein the memory stores a plurality of executable instructions to be executed by the processor to implement a method comprising;
  
  transmitting by the communications interface, a unique serial number associated with the BIOTOKEN, to an initialization point when a private key is detected in the memory at power up of the BIOTOKEN;
  
  collecting biometric data from a user at the biometric reader;
  
  temporarily storing the biometric data in the memory on the BIOTOKEN;
  
  creating a first data packet including a random number and the collected biometric data;
  
  encrypting the first data packet using a symmetric key;
  
  encrypting the symmetric key using the private key;
  
  creating a second data packet including the encrypted first data packet, the encrypted symmetric key and a received serial number;
  
  transmitting the second data packet to the initialization point; and
  
  immediately deleting the biometric data from the memory after decryption of the symmetric key so that the biometric data does not remain on the BIOTOKEN.
- View Dependent Claims (38, 39, 40, 41, 42)
- - 38. The BIOTOKEN of claim 37, wherein the biometric reader is one or more of a fingerprint reader, a retina scanner, a voice analyzer or a DNA analyzer.
  - 39. The BIOTOKEN of claim 37, wherein the memory stores additional executable instructions to generate a public key and the private key on the BIOTOKEN if a private key is not detected at power up.
  - 40. The BIOTOKEN of claim 39, wherein the communications interface transmits the public key with the unique serial number from the BIOTOKEN to the initialization point.
  - 41. The BIOTOKEN of claim 37, wherein the communications interface receives the random number from the initialization point.
  - 42. The BIOTOKEN of claim 37, wherein the processor compares the received serial number with the unique serial number and if the received serial number does not match the unique serial number, clears all memory locations in the memory storing at least one of the first data packet and the second data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Northrop Grumman Systems Corporation (Northrop Grumman Corporation)
Original Assignee
Northrop Grumman Corporation
Inventors
Gravell, William, Rekas, James B., Aull, Kenneth W.
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
SCHWARTZ, DARREN B

Application Number

US11/094,452
Publication Number

US 20050240779A1
Time in Patent Office

2,007 Days
Field of Search

380/255, 380/259, 380/277, 380281-285, 713/150, 713155-159, 713168-173, 713/175, 713/178, 713/181, 713182-186, 726 2- 10, 726 16- 21
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

H04L 2209/80   Wireless network architectu...

H04L 9/32   including means for verifyi...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3263   involving certificates, e.g...

Secure local or remote biometric(s) identity and privilege (BIOTOKEN)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Secure local or remote biometric(s) identity and privilege (BIOTOKEN)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links