Techniques for non-unique identity establishment

US 8,776,198 B2
Filed: 02/01/2008
Issued: 07/08/2014
Est. Priority Date: 02/01/2008
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

receiving multiple sets of biometric data, each set of biometric data received from one of multiple different biometric devices associated with a user, each set of biometric data represented as a separate template of a plurality of templates, wherein each template comprises a plurality of metrics, the metrics concerning physical characteristics represented by a received set of biometric data of a represented scan from a particular one of the multiple different biometric devices and wherein the plurality of metrics of each template standing alone is considered to be non-unique for establishing an electronic identity for the user;

normalizing each template, wherein normalizing each template comprises normalizing one or more of the plurality of metrics in the template making the set of biometric data of the represented scan of the template invariant across each of the multiple biometric devices;

calculating an intersection of the multiple biometric data based on the normalized plurality of templates, wherein the intersection of the multiple biometric data is considered to be a unique factor in establishing the identity for the user;

acquiring a plurality of answers to a plurality of questions from the user, some of the answers to some of the questions supplied by the user and others of the questions and the answers supplied by an administrator; and

registering the intersection of the multiple biometric data and the answers to the questions as a mechanism to subsequently authenticate the user and establish the identity for the user for access to a secure resource over a network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for non-unique identity establishment are presented. A plurality of biometric data associated with a user is acquired from a plurality of biometric devices. The intersection of the biometric data is registered or a vector for the biometric data is registered. This information is also registered along with answers to questions provided by the user. When a user attempts to subsequently access a secure resource of a network, the retained information is compared against user-supplied biometric data and in some cases where appropriate user-supplied answers to establish an identity of the user and to authenticate the user for access to the secure resource.

Citations

17 Claims

1. A machine-implemented method, comprising:
- receiving multiple sets of biometric data, each set of biometric data received from one of multiple different biometric devices associated with a user, each set of biometric data represented as a separate template of a plurality of templates, wherein each template comprises a plurality of metrics, the metrics concerning physical characteristics represented by a received set of biometric data of a represented scan from a particular one of the multiple different biometric devices and wherein the plurality of metrics of each template standing alone is considered to be non-unique for establishing an electronic identity for the user;
  
  normalizing each template, wherein normalizing each template comprises normalizing one or more of the plurality of metrics in the template making the set of biometric data of the represented scan of the template invariant across each of the multiple biometric devices;
  
  calculating an intersection of the multiple biometric data based on the normalized plurality of templates, wherein the intersection of the multiple biometric data is considered to be a unique factor in establishing the identity for the user;
  
  acquiring a plurality of answers to a plurality of questions from the user, some of the answers to some of the questions supplied by the user and others of the questions and the answers supplied by an administrator; and
  
  registering the intersection of the multiple biometric data and the answers to the questions as a mechanism to subsequently authenticate the user and establish the identity for the user for access to a secure resource over a network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein receiving further includes receiving three sets of biometric data, each set of biometric data associated with one of three biometric devices and each biometric device used for acquiring a same type of biometric data.
  - 3. The method of claim 2, wherein receiving further includes identifying each of the three biometric devices as a finger print or thumb print reader.
  - 4. The method of claim 1 further comprising:
    - replacing the intersection of the biometric data with an initially recoded vector that includes each set of biometric data from the multiple biometric data;
      
      recoding one or more tests with the user to recreate the multiple biometric data a second time and recording the test as one or more test vectors;
      
      creating a control vector that includes the initial recorded vector and the one or more test vectors; and
      
      registering the control vector with the answers as the mechanism in place of the intersection of the biometric data to subsequently authenticate the user and establish the identity for the user for access to the secure resource over the network.
  - 5. The method of claim 4 further comprising, defining a threshold of permissible error for matching the control vector against subsequently entered biometric data received from the user and registering the threshold with the control vector and the answers as the mechanism.
  - 6. The method of claim 1, further comprising:
    - receiving a biometric reading from a user that is attempting to access a secure network resource;
      
      comparing the reading against the registered intersection of the multiple biometric data; and
      
      deciding whether the comparison is within a threshold of tolerance and when it is assigning a unique identity to the user and granting access to the secure network resource, the threshold of tolerance is calculated for the comparison based on a predefined level of accuracy for identifying the user.
  - 7. The method of claim 6 further comprising:
    - determining that the comparison is not within the threshold of tolerance;
      
      presenting the user with a series of from the plurality of questions;
      
      receiving answers to the presented questions from the user; and
      
      determining whether the received answers in connection with the comparison fall within another threshold of tolerance and when it does assigning the unique identity to the user and granting access to the secure network resource and when it does not denying the user access to the secure network resource.
  - 8. The method of claim 6, wherein receiving further includes recognizing the biometric reading as one of the following:
    - a fingerprint reading, a thumbprint reading, a retina scan, a facial scan, a measurement between two or more fingers, a measurement between a particular finger and a thumb, a measurement of a length for the thumb, a measurement of a length for a particular finger, ear configuration, earlobe characteristics, blood type, typing cadence, and a voice print.
  - 9. The method of claim 6, wherein receiving further includes receiving the biometric reading as a plurality of different biometric scans for a same biometric type, the different biometric scans assembled from different biometric devices and together form the biometric reading.
  - 10. The method of claim 6, wherein receiving further includes receiving the biometric reading as a plurality of different biometric scans for different biometric types, the different biometric scans assembled from different biometric devices and together form the biometric reading.

11. A system comprising:
- a processor; and
  
  a memory coupled with and readable by the processor and having stored therein instruction which, when executed by the processor, cause the processor to provide a registration service by;
  
  receiving multiple sets of biometric data, each set of biometric data received from one of multiple different biometric devices associated with a user, each set of biometric data represented as a separate template of a plurality of templates, wherein each template comprises a plurality of metrics, the metrics concerning physical characteristics represented by a received set of biometric data of a represented scan from a particular one of the multiple different biometric devices and wherein the plurality of metrics of each template standing alone is considered to be non-unique for establishing an electronic identity for the user;
  
  normalizing each template, wherein normalizing each template comprises normalizing one or more of the plurality of metrics in the template making the set of biometric data of the represented scan of the template invariant across each of the multiple biometric devices;
  
  calculating an intersection of the multiple biometric data based on the normalized plurality of templates, wherein the intersection of the multiple biometric data is considered to be a unique factor in establishing the identity for the user;
  
  acquiring a plurality of answers to a plurality of questions from the user, some of the answers to some of the questions supplied by the user and others of the questions and the answers supplied by an administrator; and
  
  registering the intersection of the multiple biometric data and the answers to the questions as a mechanism to subsequently authenticate the user and establish the identity for the user for access to a secure resource over a network.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein receiving further includes receiving three sets of biometric data, each set of biometric data associated with one of three biometric devices and each biometric device used for acquiring a same type of biometric data.
  - 13. The system of claim 12, wherein receiving further includes identifying each of the three biometric devices as a finger print or thumb print reader.
  - 14. The system of claim 11, wherein providing the registration service further comprises:
    - replacing the intersection of the biometric data with an initially recoded vector that includes each set of biometric data from the multiple biometric data;
      
      recoding one or more tests with the user to recreate the multiple biometric data a second time and recording the test as one or more test vectors;
      
      creating a control vector that includes the initial recorded vector and the one or more test vectors; and
      
      registering the control vector with the answers as the mechanism in place of the intersection of the biometric data to subsequently authenticate the user and establish the identity for the user for access to the secure resource over the network.
  - 15. The system of claim 14, wherein providing the registration service further comprises defining a threshold of permissible error for matching the control vector against subsequently entered biometric data received from the user and registering the threshold with the control vector and the answers as the mechanism.
  - 16. The system of claim 11, wherein the instructions further cause the processor to provide an authentication service by:
    - receiving a biometric reading from a user that is attempting to access a secure network resource;
      
      comparing the reading against the registered intersection of the multiple biometric data; and
      
      deciding whether the comparison is within a threshold of tolerance and when it is assigning a unique identity to the user and granting access to the secure network resource, the threshold of tolerance is calculated for the comparison based on a predefined level of accuracy for identifying the user.
  - 17. The system of claim 16, wherein providing the authentication service further comprises:
    - determining that the comparison is not within the threshold of tolerance;
      
      presenting the user with a series of questions from the plurality of questions;
      
      receiving answers to the presented questions from the user; and
      
      determining whether the received answers in connection with the comparison fall within another threshold of tolerance and when it does assigning the unique identity to the user and granting access to the secure network resource and when it does not denying the user access to the secure network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Carter, Stephen R., Green, Tammy Anita, Burch, Lloyd Leon, Tsitkova, Zhanna A.
Primary Examiner(s)
Colin, Carl
Assistant Examiner(s)
ZHAO, DON GORDON

Application Number

US12/024,640
Publication Number

US 20090199282A1
Time in Patent Office

2,349 Days
Field of Search

726/2, 726/26, 726/7, 713/182
US Class Current

726/7
CPC Class Codes

G06F 18/2321   using statistics or functio...

G06V 10/763   Non-hierarchical techniques...

G06V 40/12   Fingerprints or palmprints

H04L 9/3231   Biological data, e.g. finge...

Techniques for non-unique identity establishment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for non-unique identity establishment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links