Identity authentication and secured access systems, components, and methods
First Claim
1. An identity authentication system for one or more users, the system comprising:
- at least one credential issued to one of the users, wherein the credential includes a security token comprising data encrypted by encryption software with a cryptographic algorithm and encrypted based on a biometric key that is generated from a biometric identifier of the user; and
at least one decoder including a token interface device, a biometric input device, and a network interface device, and having access to encryption software with the cryptographic algorithm, wherein the biometric input device receives the biometric identifier from the user, the token interface device receives the token from the user credential, the network interface device requests and receives a one-time key (OTK), the encryption software applies the cryptographic algorithm and the OTK to encrypt the token and the biometric key into a package, and the network interface device transmits the encrypted package; and
an authentication server including a network interface device, OTK generation software, conversion software, and decryption software with the cryptographic algorithm, wherein the network interface device receives the OTK request, the OTK generation software generates the OTK, the network interface device sends the OTK to the decoder and receives the encrypted package from the decoder, the conversion software converts the biometric identifier to the biometric key, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user, and wherein the token is only openable upon the simultaneous presence of the token, the biometric identifier used to encrypt the token, and the authentication server with the decryption software including the cryptographic algorithm.
3 Assignments
0 Petitions
Accused Products
Abstract
Security tokens contain data that is each uniquely encrypted based on a unique biometric identifier of an authorized user of that token. Decoders receive the token and the user'"'"'s biometric identifier, convert the biometric identifier to a biometric key, and apply the biometric key to decrypt the token. In this way, the decoders authenticate the users without performing a biometric identifier comparison. In some embodiments pieces or sets of the data are stored in designated data compartments, which are individually encrypted based on authority keys, and all of the encrypted data compartments are collectively encrypted based on the biometric key to create the token. The decoders store only the authority keys corresponding to the data compartments which they have authorization to open. In addition, in some embodiments the token and the biometric identifier are encrypted and sent to a remote authentication server for decryption of the token.
-
Citations
23 Claims
-
1. An identity authentication system for one or more users, the system comprising:
-
at least one credential issued to one of the users, wherein the credential includes a security token comprising data encrypted by encryption software with a cryptographic algorithm and encrypted based on a biometric key that is generated from a biometric identifier of the user; and at least one decoder including a token interface device, a biometric input device, and a network interface device, and having access to encryption software with the cryptographic algorithm, wherein the biometric input device receives the biometric identifier from the user, the token interface device receives the token from the user credential, the network interface device requests and receives a one-time key (OTK), the encryption software applies the cryptographic algorithm and the OTK to encrypt the token and the biometric key into a package, and the network interface device transmits the encrypted package; and an authentication server including a network interface device, OTK generation software, conversion software, and decryption software with the cryptographic algorithm, wherein the network interface device receives the OTK request, the OTK generation software generates the OTK, the network interface device sends the OTK to the decoder and receives the encrypted package from the decoder, the conversion software converts the biometric identifier to the biometric key, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user, and wherein the token is only openable upon the simultaneous presence of the token, the biometric identifier used to encrypt the token, and the authentication server with the decryption software including the cryptographic algorithm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An authentication server for opening a security token of a credential of a user, the server comprising:
-
a network interface device; one-time key (OTK) generation software that is operable to generate an OTK; conversion software that is operable to convert biometric identifiers to biometric keys; and decryption software with a cryptographic algorithm, wherein the OTK generation software generates a OTK, the network interface device sends the OTK to a decoder and receives an encrypted package from the decoder, the conversion software converts a biometric identifier to a biometric key, and the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user, and wherein the token is only openable upon the simultaneous presence of the token, the biometric identifier used to encrypt the token, and the authentication server with the decryption software including the cryptographic algorithm. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method of authenticating the identity of a user with a security token comprising data encrypted based on a biometric key that is based on a biometric identifier of the user, the method comprising:
-
receiving from a decoder a request for a one-time key (OTK); generating the OTK and sending it to the decoder; receiving from the decoder a package that includes the token and the biometric key and that is encrypted based on the OTK; decrypting the encrypted package using the OTK to access the token and the biometric identifier; converting, via conversion software, the biometric identifier to the biometric key; and decrypting, via decryption software with a cryptographic algorithm, the token using the biometric key to open the token, wherein the decryption software applies the cryptographic algorithm and the biometric key to the token to decrypt and thereby open the token, wherein the token is only openable upon the user presenting the biometric identifier used to encrypt the token so that opening the token authenticates the user, and wherein the token is only openable upon the simultaneous presence of the token, the biometric identifier used to encrypt the token, and the authentication server with the decryption software including the cryptographic algorithm. - View Dependent Claims (20, 21, 22, 23)
-
Specification