Simplified multi-factor authentication

US 8,370,640 B2
Filed: 12/01/2008
Issued: 02/05/2013
Est. Priority Date: 12/01/2008
Status: Active Grant

First Claim

Patent Images

1. A method of handling a factor of a multi-factor authentication sequence, said method comprising:

receiving a biometric candidate at a device associated with an identity verification element, said device lacking access to a biometric template until received from said identity verification element;

generating a cryptographic key from said biometric candidate;

decrypting a previously stored, encrypted character sequence associated with said identity verification element, wherein said decrypting employs said cryptographic key and results in a decrypted character sequence;

transmitting said decrypted character sequence to said identity verification element;

receiving, from said identity verification element, an indication of character sequence verification;

determining, from said indication, that said identity verification element has verified said decrypted character sequence; and

responsive to said determining, proceeding with said multi-factor authentication sequence by;

extracting said biometric template from said identity verification element; and

determining that said biometric candidate matches said biometric template.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A reader element is associated with an identity verification element. The reader element has a biometric input device and is configured, through enrollment of a biometric element is used to encrypt a character sequence associated with the identity verification element. In a verification phase subsequent to the enrollment, a user may be spared a step of providing the character sequence by, instead, providing the biometric element. Responsive to receiving the biometric element, the reader element may decrypt the character sequence and provide the character sequence to the identity verification element.

Citations

14 Claims

1. A method of handling a factor of a multi-factor authentication sequence, said method comprising:
- receiving a biometric candidate at a device associated with an identity verification element, said device lacking access to a biometric template until received from said identity verification element;
  
  generating a cryptographic key from said biometric candidate;
  
  decrypting a previously stored, encrypted character sequence associated with said identity verification element, wherein said decrypting employs said cryptographic key and results in a decrypted character sequence;
  
  transmitting said decrypted character sequence to said identity verification element;
  
  receiving, from said identity verification element, an indication of character sequence verification;
  
  determining, from said indication, that said identity verification element has verified said decrypted character sequence; and
  
  responsive to said determining, proceeding with said multi-factor authentication sequence by;
  
  extracting said biometric template from said identity verification element; and
  
  determining that said biometric candidate matches said biometric template.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein said biometric candidate comprises a candidate fingerprint.
  - 3. The method of claim 1 wherein said identity verification element comprises a smart card.
  - 4. The method of claim 3 wherein said character sequence comprises a personal identification number associated with said smart card.
  - 5. The method of claim 1 wherein said proceeding with said multi-factor authentication sequence further comprises:
    - receiving a random challenge from an associated device;
      
      transmitting said random challenge to said identity verification element;
      
      receiving a signed challenge from said identity verification element; and
      
      transmitting said signed challenge to said associated device.

6. A smart card reader comprising:
- a storage component interface for receiving a smart card for communication therewith;
  
  a memory for storing an encrypted character sequence associated with said smart card, said memory lacking access to a biometric template until received from said smart card;
  
  a biometric input device; and
  
  a processor configured to;
  
  receive a biometric candidate from said biometric input device;
  
  generate a cryptographic key from said biometric candidate;
  
  decrypt said encrypted character sequence, wherein said decrypting employs said cryptographic key and results in a decrypted character sequence;
  
  transmit said decrypted character sequence to said smart card;
  
  receive, from said smart card, an indication of character sequence verification;
  
  determine, from said indication, that said smart card has verified said decrypted character sequence; and
  
  responsive to said determining, proceed with a multi-factor authentication sequence by;
  
  extracting said biometric template from said smart card; and
  
  determining that said biometric candidate matches said biometric template.
- View Dependent Claims (7, 8, 9)
- - 7. The smart card reader of claim 6 wherein said biometric candidate comprises a candidate fingerprint.
  - 8. The smart card reader of claim 6 wherein said character sequence comprises a personal identification number associated with said smart card.
  - 9. The smart card reader of claim 6 wherein, to proceed with said multi-factor authentication sequence, said processor is further configured to:
    - receive a random challenge from an associated device;
      
      transmit said random challenge to said identity verification element;
      
      receive a signed challenge from said identity verification element; and
      
      transmit said signed challenge to said associated device.

10. A non-transitory computer readable medium containing computer-executable instructions that, when performed by a processor, cause said processor to:
- receive a biometric candidate at a device associated with an identity verification element, said device lacking access to a biometric template until received from said identity verification element;
  
  generate a cryptographic key from said biometric candidate;
  
  decrypt a previously stored, encrypted character sequence associated with an identity verification element, wherein said decrypting employs said cryptographic key and results in a decrypted character sequence;
  
  transmit said decrypted character sequence to said identity verification element;
  
  receive, from said identity verification element, an indication of character sequence verification;
  
  determine, from said indication, that said identity verification element has verified said decrypted character sequence; and
  
  responsive to said determining, proceed with a multi-factor authentication sequence by;
  
  extracting said biometric template from said identity verification element; and
  
  determining that said biometric candidate matches said biometric template.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The non-transitory computer readable medium of claim 10 wherein said biometric candidate comprises a candidate fingerprint.
  - 12. The non-transitory computer readable medium of claim 10 said identity verification element comprises a smart card.
  - 13. The non-transitory computer readable medium of claim 12 wherein said character sequence comprises a personal identification number associated with said smart card.
  - 14. The non-transitory computer readable medium of claim 10 wherein, to further proceed with said multi-factor authentication sequence, said instructions further cause said processor to:
    - receive a random challenge from an associated device;
      
      transmit said random challenge to said identity verification element;
      
      receive a signed challenge from said identity verification element; and
      
      transmit said signed challenge to said associated device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Adams, Neil Patrick, Sibley, Richard Paul, Davis, Dinah Lea Marie, Singh, Ravi
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
SHAW, BRIAN F

Application Number

US12/325,602
Publication Number

US 20100138666A1
Time in Patent Office

1,527 Days
Field of Search

713/186, 340/5.61, 382/115, 235/380, 235/441
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/40145   Biometric identity checks

G07F 7/0886   the card reader being porta...

G07F 7/1091   Use of an encrypted form of...

H04L 2209/80   Wireless

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

Simplified multi-factor authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified multi-factor authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links