×

Electronic data vault providing biometrically protected electronic signatures

  • US 7,865,449 B2
  • Filed: 10/29/2009
  • Issued: 01/04/2011
  • Est. Priority Date: 06/18/2001
  • Status: Expired due to Fees
First Claim
Patent Images

1. An electronic data vault system for remotely and securely storing data for a user such that the user can subsequently access the data via a network interface, said electronic data vault system comprising:

  • a remote server comprising a document and data repository configured to securely store personal data for at least one user, wherein the secured personal data for each specific user is stored in a datastore associated with the specific user;

    a key trust configured to generate at least one cryptographic key pair for the at least one user, to store a first cryptographic key of the at least one cryptographic key pair, to encrypt the first cryptographic key with a third cryptographic key, and to export a second cryptographic key of the at least one cryptographic key pair from said key trust;

    a biometric database configured to provide a storage location for at least one biometric captured from and associated with the at least one user, wherein the at least one biometric is captured during enrollment in said electronic data vault system;

    an interface configured to allow controlled access to said remote server by the at least one user and to allow for transmission of the at least one captured user biometric to said electronic data vault system;

    an authentication engine configured to interface with said biometric database to authenticate the at least one user based on a match of the at least one captured user biometric with previously stored biometrics, to sign a claim of identity with a cryptographic key of the authentication engine and to forward the signed claim of identity to said key trust, wherein the at least one user provides the identity claim prior to authentication, said authentication engine is configured to generate an authentication ticket by signing the identity claim upon authentication of the at least one user, and after authentication of the at least one user said key trust is further configured to decrypt the first cryptographic key with the third cryptographic key; and

    an e-signature application configured to verify that said authentication engine signed the authentication ticket, sign the authentication ticket upon verifying that the authentication engine signed the authentication ticket, and request re-authentication by said authentication engine when the authentication ticket is no longer valid, wherein said key trust is further configured to verify the signature of said e-signature application to ensure the authentication ticket was received from a trusted e-signature application prior to decrypting the first cryptographic key with the third cryptographic key.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×