Method and apparatus for a token
First Claim
Patent Images
1. A token comprising:
- a secure memory in the token to store a biometric template for a user and data divided into a plurality of subsets;
a transceiver, in the token, to receive biometric data from a terminal;
an identity verifier, in the token, to determine if the received biometric data matches the stored biometric template without requiring a user to physically touch the token;
the transceiver to send a pseudonym and a certified public key to the terminal, wherein the pseudonym is a linked identity that does not include information about a real-world identity of the user;
a secure session creator to establish a secure communications channel between the wireless token and the terminal using the certified public key without passing the stored biometric template from the token to the terminal; and
the transceiver to transmit an acknowledgement to the terminal when the received biometric data matches the stored biometric template for the user, and the transceiver to transmit a subset of the data from the memory to the terminal based on a verification level of the terminal.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus of using a token comprises receiving an indication of a presence of a nearby short-range terminal and waking up the token in response to receiving the indication. The method further comprises performing authentication between the token and the terminal, without requiring a user to directly interact with the token.
34 Citations
30 Claims
-
1. A token comprising:
-
a secure memory in the token to store a biometric template for a user and data divided into a plurality of subsets; a transceiver, in the token, to receive biometric data from a terminal; an identity verifier, in the token, to determine if the received biometric data matches the stored biometric template without requiring a user to physically touch the token; the transceiver to send a pseudonym and a certified public key to the terminal, wherein the pseudonym is a linked identity that does not include information about a real-world identity of the user; a secure session creator to establish a secure communications channel between the wireless token and the terminal using the certified public key without passing the stored biometric template from the token to the terminal; and the transceiver to transmit an acknowledgement to the terminal when the received biometric data matches the stored biometric template for the user, and the transceiver to transmit a subset of the data from the memory to the terminal based on a verification level of the terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A terminal to permit use of a wireless token for authentication, the terminal comprising:
-
a ping generator to generate periodic pings, a ping having a temporary lifetime based on information included within the ping that expires, for a response to be used by a wireless token; a secure session logic to establish a secure session with the wireless token after determining that the connection request was within the temporary lifetime of the ping by verifying the information in the connection request; a transceiver to send biometric data received through a sensor via the secure session to the wireless token for authentication by the wireless token, the transceiver to send a pseudonym and a certified public key to the terminal, wherein the pseudonym is a linked identity that does not include information about a real-world identity of the user; and access control to provide access to a limited access system, in response to receiving authentication information from the wireless token, wherein the authentication information is received in response to the wireless token determining that biometric information stored on the wireless token matches the biometric data sent to the wireless token from the transceiver in the terminal, and wherein a selected level of data provided by the wireless token to the terminal is one of a plurality of levels of data, the selected level of data based on an identity of the terminal. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A method of using a wireless token comprising:
-
storing, by the wireless token, a biometric template on the wireless token and data divided into a plurality subsets, a subset of data being terminal-specific data; receiving, by the wireless token, biometric data from one of a plurality of nearby short range terminals, without requiring a user to physically touch or interact with the wireless token; sending, by the wireless token, a pseudonym and a certified public key to the terminal, wherein the pseudonym is a linked identity that does not include information about a real-world identity of the user; determining, by the wireless token, if the received biometric data matches the stored biometric template; sending, by the wireless token, a response to a nearby short range terminal when the authentication has been performed, wherein the response includes an acknowledgement to the nearby short range terminal when the received biometric data matches the stored biometric template for the user; and a secure session creator to establish a secure communications channel between the wireless token and the terminal using the certified public key without passing the stored biometric template from the token to the terminal, sending, by the wireless token, the terminal-specific data to the nearby short range terminal after authentication has been performed, the terminal-specific data being a subset of the data from the memory based on a verification level of the terminal. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification