Secure local or remote biometric(s) identity and privilege (BIOTOKEN)
First Claim
1. A method for utilizing a BIOTOKEN, wherein the BIOTOKEN includes a processor, biometric reader, a memory, and a communications interface, for secure identification comprising:
- upon detecting a null value in a secure storage of private keys, generating and validating a public/private asymmetric key pair containing a public key and a private key;
transmitting the public key and a unique serial number of the BIOTOKEN to an initialization point when the private key is detected in the memory at power up of the BIOTOKEN;
collecting biometric data from a user;
temporarily storing the biometric data in the memory on the BIOTOKEN;
creating a first data packet including a random number and the collected biometric data;
encrypting the first data packet using a symmetric key;
encrypting the symmetric key using the private key so that the first data packet can be decrypted only by the public key;
creating a second data packet including the encrypted first data packet, the encrypted symmetric key and the unique serial number;
issuing a public certificate containing the unique serial number of the BIOTOKEN;
transmitting the second data packet to the initialization point;
immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN after initialization; and
during enrollment, cryptographically binding the unique serial number, the biometrics and the public certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.
47 Citations
42 Claims
-
1. A method for utilizing a BIOTOKEN, wherein the BIOTOKEN includes a processor, biometric reader, a memory, and a communications interface, for secure identification comprising:
-
upon detecting a null value in a secure storage of private keys, generating and validating a public/private asymmetric key pair containing a public key and a private key; transmitting the public key and a unique serial number of the BIOTOKEN to an initialization point when the private key is detected in the memory at power up of the BIOTOKEN; collecting biometric data from a user; temporarily storing the biometric data in the memory on the BIOTOKEN; creating a first data packet including a random number and the collected biometric data; encrypting the first data packet using a symmetric key; encrypting the symmetric key using the private key so that the first data packet can be decrypted only by the public key; creating a second data packet including the encrypted first data packet, the encrypted symmetric key and the unique serial number; issuing a public certificate containing the unique serial number of the BIOTOKEN; transmitting the second data packet to the initialization point; immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN after initialization; and during enrollment, cryptographically binding the unique serial number, the biometrics and the public certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for initializing a BIOTOKEN, wherein the BIOTOKEN includes a processor, a biometric reader, a memory, and a communications interface, comprising:
-
generating a private key and a public key when a null private key is detected after powering up the BIOTOKEN; storing the private key in the memory; transmitting a unique serial number associated with the BIOTOKEN and the public key to an initialization point; collecting biometric data from a user; temporarily storing the biometric data in the memory on the BIOTOKEN; creating a first data packet including a random number and the collected biometric data; encrypting the first data packet using a symmetric key; encrypting the symmetric key using the private key so that the first data packet can be decrypted only by the public key; creating a second data packet including the encrypted first data packet, the encrypted symmetric key and the unique serial number; transmitting the second data packet to the initialization point; and immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN after initialization. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method for initializing a BIOTOKEN at an initialization point, the method comprising:
-
receiving a public key and a unique serial number from a BIOTOKEN, wherein the BIOTOKEN includes a processor, a biometric reader, a memory, and a communications interface, wherein an encrypted biometric data associated with a user can only be decrypted using the public key; generating a random number; transmitting the random number and the unique serial number to the BIOTOKEN; comparing a serial number received from the BIOTOKEN with the unique serial number, and when there is a match, decrypting an encrypted symmetric key that is encrypted by a private key and transmitted by the BIOTOKEN using the public key; and decrypting an encrypted random number and the encrypted biometric data using the decrypted symmetric key; comparing the decrypted random number with the transmitted random number at the initialization point and, when there is a match, validating the decrypted biometric data; issuing a public certificate containing the unique serial number of the BIOTOKEN; transmitting the received serial number and the public key to a certification authority when the biometric data is validated; and immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN after initialization; and during enrollment, cryptographically binding the unique serial number, the biometrics and the public certificate. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for enrolling a BIOTOKEN, the method comprising:
-
receiving a unique serial number from a BIOTOKEN, wherein the BIOTOKEN includes a processor, a biometric reader, a memory, and a communications interface; generating random number; transmitting the random number and the unique serial number to the BIOTOKEN; retrieving a public key and an authentication certificate associated with the BIOTOKEN based on the unique serial number, wherein an encrypted biometric data associated with a user can only be decrypted using the public key; comparing a serial number received from the BIOTOKEN with the unique serial number, and when there is a match, decrypting an encrypted symmetric key that is encrypted by a private key and transmitted by the BIOTOKEN using the public key; decrypting an encrypted random number and the encrypted biometric data using the decrypted symmetric key; comparing the decrypted random number with the transmitted random number at an enrolling point and, when there is a match, validating the decrypted biometric data; transmitting the received serial number and the public key to a certification authority when the biometric data is validated; and immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A method for authenticating a BIOTOKEN, the method comprising:
-
receiving a unique serial number from a BIOTOKEN, wherein the BIOTOKEN includes a processor, a biometric reader, a memory, and a communications interface, wherein an encrypted biometric data associated with a user can only be decrypted using the public key; generating a random number; transmitting the random number and the unique serial number to the BIOTOKEN; retrieving a public key and a authentication certificate associated with the BIOTOKEN based on the unique serial number; comparing a serial number received from the BIOTOKEN with the unique serial number, and when there is a match, decrypting an encrypted symmetric key that is encrypted by a private key and transmitted by the BIOTOKEN using the public key; and decrypting an encrypted random number and the encrypted biometric data using the decrypted symmetric key; comparing the decrypted random number with the transmitted random number at an authentication point and, when there is a match, comparing the decrypted biometric data with reference biometric data; authenticating the user of the BIOTOKEN when the decrypted biometric data matches the reference biometric data; and immediately deleting the biometric data and the public key from the memory after transmission so that the biometric data and the public key do not remain on the BIOTOKEN. - View Dependent Claims (33, 34, 35, 36)
-
-
37. A BIOTOKEN comprising:
-
a processor; a biometric reader; a communications interface; and a memory, wherein the memory stores a plurality of executable instructions to be executed by the processor to implement a method comprising; transmitting by the communications interface, a unique serial number associated with the BIOTOKEN, to an initialization point when a private key is detected in the memory at power up of the BIOTOKEN; collecting biometric data from a user at the biometric reader; temporarily storing the biometric data in the memory on the BIOTOKEN; creating a first data packet including a random number and the collected biometric data; encrypting the first data packet using a symmetric key; encrypting the symmetric key using the private key; creating a second data packet including the encrypted first data packet, the encrypted symmetric key and a received serial number; transmitting the second data packet to the initialization point; and immediately deleting the biometric data from the memory after decryption of the symmetric key so that the biometric data does not remain on the BIOTOKEN. - View Dependent Claims (38, 39, 40, 41, 42)
-
Specification