Simplified multi-factor authentication

US 8,812,864 B2
Filed: 01/10/2013
Issued: 08/19/2014
Est. Priority Date: 12/01/2008
Status: Active Grant

First Claim

Patent Images

1. A method of handling a factor of a multi-factor authentication sequence, said method comprising:

at an enrollment phase;

receiving a first biometric candidate at a device associated with an identity verification element;

responsive to said receiving said first biometric candidate, generating a first cryptographic key from said first biometric candidate;

receiving a character sequence associated with said identity verification element;

employing said first cryptographic key to encrypt said character sequence to result in an encrypted character sequence;

storing said encrypted character sequence;

at a verification phase that occurs at a different time than the enrollment phase;

receiving a second biometric candidate at said device, said device lacking access to a biometric template for use in verifying said second biometric candidate;

responsive to said receiving said second biometric candidate, generating a second cryptographic key from said second biometric candidate;

decrypting said encrypted character sequence associated with said identity verification element, wherein said decrypting employs said second cryptographic key and results in a decrypted character sequence;

responsive to determining the decryption of the encrypted character sequence was successful at said device;

transmitting said decrypted character sequence to said identity verification element, andreceiving, from said identity verification element, an indication of failed character sequence verification;

determining, from said indication, that said identity verification element has failed to verify said decrypted character sequence; and

responsive to said determining from said indication that said identity verification element has failed to verify said decrypted character sequence, providing an indication of failure to verify;

wherein not one of the first or second biometric candidate is persistently stored.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A reader element is associated with an identity verification element. The reader element has a biometric input device and is configured, through enrollment of a biometric element is used to encrypt a character sequence associated with the identity verification element. In a verification phase subsequent to the enrollment, a user may be spared a step of providing the character sequence by, instead, providing the biometric element. Responsive to receiving the biometric element, the reader element may decrypt the character sequence and provide the character sequence to the identity verification element.

Citations

17 Claims

1. A method of handling a factor of a multi-factor authentication sequence, said method comprising:
- at an enrollment phase;
  
  receiving a first biometric candidate at a device associated with an identity verification element;
  
  responsive to said receiving said first biometric candidate, generating a first cryptographic key from said first biometric candidate;
  
  receiving a character sequence associated with said identity verification element;
  
  employing said first cryptographic key to encrypt said character sequence to result in an encrypted character sequence;
  
  storing said encrypted character sequence;
  
  at a verification phase that occurs at a different time than the enrollment phase;
  
  receiving a second biometric candidate at said device, said device lacking access to a biometric template for use in verifying said second biometric candidate;
  
  responsive to said receiving said second biometric candidate, generating a second cryptographic key from said second biometric candidate;
  
  decrypting said encrypted character sequence associated with said identity verification element, wherein said decrypting employs said second cryptographic key and results in a decrypted character sequence;
  
  responsive to determining the decryption of the encrypted character sequence was successful at said device;
  
  transmitting said decrypted character sequence to said identity verification element, andreceiving, from said identity verification element, an indication of failed character sequence verification;
  
  determining, from said indication, that said identity verification element has failed to verify said decrypted character sequence; and
  
  responsive to said determining from said indication that said identity verification element has failed to verify said decrypted character sequence, providing an indication of failure to verify;
  
  wherein not one of the first or second biometric candidate is persistently stored.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein said first biometric candidate comprises a candidate fingerprint.
  - 3. The method of claim 1 wherein said identity verification element comprises a smart card.
  - 4. The method of claim 3 wherein said encrypted character sequence comprises a personal identification number associated with said smart card.
  - 5. The method of claim 1 wherein said providing said indication of failure to verify comprises communicating an indication of authentication failure to an associated device.
  - 6. The method of claim 1 wherein said providing said indication of failure to verify comprises providing an indication of authentication failure directly on a display module.

7. A smart card reader comprising:
- a storage component interface for receiving a smart card for communication therewith;
  
  a memory for storing, in an encrypted manner, a character sequence associated with said smart card, said memory lacking access to a biometric template during a verification phase;
  
  a biometric input device; and
  
  a processor adapted to;
  
  at an enrollment phase;
  
  receive a first biometric candidate;
  
  generate, responsive to said receiving said first biometric candidate, a first cryptographic key from said first biometric candidate;
  
  receive said character sequence associated with said smart card;
  
  employ said first cryptographic key to encrypt said character sequence to result in an encrypted character sequence;
  
  store, in said memory, said encrypted character sequence;
  
  at said verification phase which occurs at a different time than the enrollment phase;
  
  receive a second biometric candidate from said biometric input device;
  
  generate, responsive to said receiving said second biometric candidate, a second cryptographic key from said second biometric candidate;
  
  decrypt said encrypted character sequence, wherein said decrypting employs said second cryptographic key and results in a decrypted character sequence;
  
  responsive to determining the decryption of the encrypted character sequence was successful at said smart card reader;
  
  transmit said decrypted character sequence to said smart card, andreceive, from said smart card, an indication of failed character sequence verification;
  
  determine, from said indication, that said smart card has failed to verify said decrypted character sequence; and
  
  responsive to said determining from said indication that said smart card has failed to verify said decrypted character sequence, provide an indication of failure to verify;
  
  wherein not one of the first or second biometric candidate is persistently stored.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The smart card reader of claim 7 wherein said first biometric candidate comprises a candidate fingerprint.
  - 9. The smart card reader of claim 7 wherein said encrypted character sequence comprises a personal identification number associated with said smart card.
  - 10. The smart card reader of claim 7 wherein, to provide said indication of failure to verify, said processor is further adapted to communicate an indication of authentication failure to an associated device.
  - 11. The smart card reader of claim 7 further comprising a display module and wherein, to provide said indication of failure to verify, said processor is further adapted to provide an indication of authentication failure directly on the display module.

12. A non-transitory computer readable medium containing computer-executable instructions that, when performed by a processor at a device associated with an identity verification element, cause said processor to:
- at an enrollment phase;
  
  receive a first biometric candidate;
  
  generate, responsive to said receiving said first biometric candidate, a first cryptographic key from said first biometric candidate;
  
  receive a character sequence associated with said identity verification element;
  
  employ said first cryptographic key to encrypt said character sequence to result in an encrypted character sequence;
  
  store, in memory, said encrypted character sequence;
  
  at a verification phase that occurs at a different time than the enrollment phase;
  
  receive a second biometric candidate at said device associated with said identity verification element, said device lacking access to a biometric template;
  
  generate, responsive to said receiving said second biometric candidate, a second cryptographic key from said second biometric candidate;
  
  decrypt said encrypted character sequence associated with said identity verification element, wherein said decrypting employs said second cryptographic key and results in a decrypted character sequence;
  
  responsive to determining the decryption of the encrypted character sequence was successful at said device;
  
  transmit said decrypted character sequence to said identity verification element, andreceive, from said identity verification element, an indication of failed character sequence verification;
  
  determine, from said indication, that said identity verification element has failed to verify said decrypted character sequence; and
  
  responsive to said determining from said indication that said identity verification element has failed to verify said decrypted character sequence, provide an indication of failure to verify;
  
  wherein not one of the first or second biometric candidate is persistently stored.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory computer readable medium of claim 12 wherein said first biometric candidate comprises a candidate fingerprint.
  - 14. The non-transitory computer readable medium of claim 12 said identity verification element comprises a smart card.
  - 15. The non-transitory computer readable medium of claim 14 wherein said encrypted character sequence comprises a personal identification number associated with said smart card.
  - 16. The non-transitory computer readable medium of claim 12 wherein, to provide said indication of failure to verify, said instructions further cause said processor to communicate an indication of authentication failure to an associated device.
  - 17. The non-transitory computer readable medium of claim 12 wherein, to provide said indication of failure to verify, said instructions further cause said processor to providing an indication of authentication failure directly on the display module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Adams, Neil Patrick, Sibley, Richard Paul, Davis, Dinah Lea Marie, Singh, Ravi
Primary Examiner(s)
SHAW, BRIAN F

Application Number

US13/738,456
Publication Number

US 20130132732A1
Time in Patent Office

586 Days
Field of Search

713/186, 340/5.61, 235/380, 235/441, 382/115
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/40145   Biometric identity checks

G07F 7/0886   the card reader being porta...

G07F 7/1091   Use of an encrypted form of...

H04L 2209/80   Wireless

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

Simplified multi-factor authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified multi-factor authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links