Two-level authentication for secure transactions
First Claim
1. A method for electronic authentication comprising:
- retrieving a biometric profile sample comprising transformed biometric information stored in a memory of a personal digital key (PDK), wherein the biometric profile sample is associated with a biometric profile and is based on less than the entirety of the biometric profile, and wherein the biometric profile is uniquely associated with an individual and is stored in the memory of the PDK;
receiving a biometric input;
receiving data for comparing the transformed information of the biometric profile sample to the biometric input;
comparing the transformed information of the biometric profile sample to the biometric input;
authorizing a transaction responsive to the transformed information of the biometric profile sample matching the biometric input;
establishing a secure communication channel with a remote registry;
transmitting PDK information to the remote registry using the secure communication channel, wherein the PDK information is uniquely associated with the PDK;
receiving a validation decision from the remote registry using the secure communication channel, the validation decision indicating whether the remote registry determines if the PDK is valid or invalid; and
determining if a transaction should be authorized based on (a) the validation decision and (b) the comparison between the biometric profile sample and biometric input,wherein the remote registry includes a database administered by a trusted third-party organization and the PDK is registered with the registry.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method provide efficient, secure, and highly reliable authentication for transaction processing and/or access control applications. A Personal Digital Key stores one or more profiles (e.g., a biometric profile) in a tamper-proof memory that is acquired in a secure trusted process. Biometric profiles comprise a representation of physical or behavioral characteristics that are uniquely associated with an individual that owns and carries the PDK. The PDK wirelessly transmits the biometric profile over a secure wireless transaction to a Reader for use in a biometric authentication process. The Reader compares the received biometric profile to a biometric input acquired at the point of transaction in order to determine if the transaction should be authorized.
198 Citations
37 Claims
-
1. A method for electronic authentication comprising:
-
retrieving a biometric profile sample comprising transformed biometric information stored in a memory of a personal digital key (PDK), wherein the biometric profile sample is associated with a biometric profile and is based on less than the entirety of the biometric profile, and wherein the biometric profile is uniquely associated with an individual and is stored in the memory of the PDK; receiving a biometric input; receiving data for comparing the transformed information of the biometric profile sample to the biometric input; comparing the transformed information of the biometric profile sample to the biometric input; authorizing a transaction responsive to the transformed information of the biometric profile sample matching the biometric input; establishing a secure communication channel with a remote registry; transmitting PDK information to the remote registry using the secure communication channel, wherein the PDK information is uniquely associated with the PDK; receiving a validation decision from the remote registry using the secure communication channel, the validation decision indicating whether the remote registry determines if the PDK is valid or invalid; and determining if a transaction should be authorized based on (a) the validation decision and (b) the comparison between the biometric profile sample and biometric input, wherein the remote registry includes a database administered by a trusted third-party organization and the PDK is registered with the registry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus for electronic authentication comprising:
-
a biometric reader adapted to receive a biometric input; a receiver/decoder circuit adapted to wirelessly receive a biometric profile sample from a personal digital key (PDK) over a wireless channel, wherein the biometric profile sample comprising transformed information is based on less than the entirety of a biometric profile stored in a memory of a personal digital key (PDK), wherein the biometric profile is uniquely associated with an individual; a processor coupled to the receiver/decoder circuit and the biometric reader, the processor adapted to compare the biometric profile sample to the biometric input, and indicate that a transaction should be authorized responsive to determining that the biometric profile sample matches the biometric input; and a network interface coupled to the processor and to the receiver/decoder circuit, the network interface adapted to establish the secure communication channel with a remote registry with which the PDK is registered, transmit PDK information uniquely associated with the PDK to the remote registry using the secure communication channel and receive a validation decision from the remote registry using the secure communication channel indicating whether the remote registry determines if the PDK is valid or invalid, wherein the processor determines whether to authorize the transaction using the validation decision and comparing the biometric profile sample to the biometric input. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A personal digital key (PDK) comprising:
-
a memory adapted to store a biometric profile comprising transformed biometric information in a tamper-proof format, wherein the biometric profile is uniquely associated with an individual, adapted to store a biometric profile sample, the biometric profile sample associated with the biometric profile and based on less than the entirety of the biometric profile, and adapted to store a unique PDK ID in a tamperproof format, the PDK ID comprising information identifying the PDK among other PDKs; a transceiver coupled to the memory, the transceiver adapted to wirelessly receive over a secure wireless channel data based at least in part on a biometric input, the biometric input received from an external device and wirelessly transmit the PDK ID over a secure wireless channel to the external device; and a control logic to coordinate a comparison of data based at least in part on a biometric input to a set of transformed information comprising the biometric profile sample. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A method for secure authentication using a physical, portable key (PDK) comprising:
-
storing a biometric profile in a tamper-proof memory, wherein the biometric profile is uniquely associated with an individual and comprises transformed biometric information; storing a biometric profile sample associated with the biometric profile and based on less that the entirety of the biometric profile; wirelessly receiving data based at least in part on a biometric input from an external; and responsive to receiving data based at least in part on a biometric input, the external device authorizes a transaction based on (a) a comparison between the biometric profile sample and the data based at least in part on the biometric input acquired from the individual performed by the PDK and (b) a validation decision received from a remote registry using a secure communication channel, wherein the validation decision authenticates the PDK based at least in part on whether the PDK is registered with the remote registry. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A method for secure electronic authentication comprising:
-
wirelessly receiving uniquely identifying information from a personal digital key (PDK); transmitting the uniquely identifying information from the PDK to a remote registry with which the PDK is registered; receiving a validation decision from the remote registry using a secure communication channel, the validation decision indicating whether the PDK is valid based at least in a part on the uniquely identifying; receiving profile information from the PDK indicating types of profiles stored in the PDK; determining if the types of profiles are compatible with allowable authentication types; performing one or more authentication tests to determine if a profile is valid, wherein performing the one or more authentication tests includes wirelessly receiving a biometric profile sample from the PDK, wherein the biometric profile sample is associated with a biometric profile and is based on less than the entirety of the biometric profile and wherein the biometric profile is uniquely associated with an individual, acquiring a biometric input and determining that the profile is valid responsive to the acquired biometric input matching the received biometric profile sample; and authorizing a transaction responsive to determining that the PDK is valid, determining that the types of profiles are compatible, and determining that the profile is valid. - View Dependent Claims (35, 36, 37)
-
Specification