Simplified multi-factor authentication
First Claim
Patent Images
1. A method of handling a factor of a multi-factor authentication sequence, said method comprising:
- at an enrollment phase;
receiving a first biometric candidate at a device associated with an identity verification element;
responsive to said receiving said first biometric candidate, generating a first cryptographic key from said first biometric candidate;
receiving a character sequence associated with said identity verification element;
employing said first cryptographic key to encrypt said character sequence to result in an encrypted character sequence;
storing said encrypted character sequence;
at a verification phase that occurs at a different time than the enrollment phase;
receiving a second biometric candidate at said device, said device lacking access to a biometric template for use in verifying said second biometric candidate;
responsive to said receiving said second biometric candidate, generating a second cryptographic key from said second biometric candidate;
decrypting said encrypted character sequence associated with said identity verification element, wherein said decrypting employs said second cryptographic key and results in a decrypted character sequence;
responsive to determining the decryption of the encrypted character sequence was successful at said device;
transmitting said decrypted character sequence to said identity verification element, andreceiving, from said identity verification element, an indication of failed character sequence verification;
determining, from said indication, that said identity verification element has failed to verify said decrypted character sequence; and
responsive to said determining from said indication that said identity verification element has failed to verify said decrypted character sequence, providing an indication of failure to verify;
wherein not one of the first or second biometric candidate is persistently stored.
4 Assignments
0 Petitions
Accused Products
Abstract
A reader element is associated with an identity verification element. The reader element has a biometric input device and is configured, through enrollment of a biometric element is used to encrypt a character sequence associated with the identity verification element. In a verification phase subsequent to the enrollment, a user may be spared a step of providing the character sequence by, instead, providing the biometric element. Responsive to receiving the biometric element, the reader element may decrypt the character sequence and provide the character sequence to the identity verification element.
-
Citations
17 Claims
-
1. A method of handling a factor of a multi-factor authentication sequence, said method comprising:
-
at an enrollment phase; receiving a first biometric candidate at a device associated with an identity verification element; responsive to said receiving said first biometric candidate, generating a first cryptographic key from said first biometric candidate; receiving a character sequence associated with said identity verification element; employing said first cryptographic key to encrypt said character sequence to result in an encrypted character sequence; storing said encrypted character sequence; at a verification phase that occurs at a different time than the enrollment phase; receiving a second biometric candidate at said device, said device lacking access to a biometric template for use in verifying said second biometric candidate; responsive to said receiving said second biometric candidate, generating a second cryptographic key from said second biometric candidate; decrypting said encrypted character sequence associated with said identity verification element, wherein said decrypting employs said second cryptographic key and results in a decrypted character sequence; responsive to determining the decryption of the encrypted character sequence was successful at said device; transmitting said decrypted character sequence to said identity verification element, and receiving, from said identity verification element, an indication of failed character sequence verification; determining, from said indication, that said identity verification element has failed to verify said decrypted character sequence; and responsive to said determining from said indication that said identity verification element has failed to verify said decrypted character sequence, providing an indication of failure to verify;
wherein not one of the first or second biometric candidate is persistently stored. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A smart card reader comprising:
-
a storage component interface for receiving a smart card for communication therewith; a memory for storing, in an encrypted manner, a character sequence associated with said smart card, said memory lacking access to a biometric template during a verification phase; a biometric input device; and a processor adapted to; at an enrollment phase; receive a first biometric candidate; generate, responsive to said receiving said first biometric candidate, a first cryptographic key from said first biometric candidate; receive said character sequence associated with said smart card; employ said first cryptographic key to encrypt said character sequence to result in an encrypted character sequence; store, in said memory, said encrypted character sequence; at said verification phase which occurs at a different time than the enrollment phase; receive a second biometric candidate from said biometric input device; generate, responsive to said receiving said second biometric candidate, a second cryptographic key from said second biometric candidate; decrypt said encrypted character sequence, wherein said decrypting employs said second cryptographic key and results in a decrypted character sequence; responsive to determining the decryption of the encrypted character sequence was successful at said smart card reader; transmit said decrypted character sequence to said smart card, and receive, from said smart card, an indication of failed character sequence verification; determine, from said indication, that said smart card has failed to verify said decrypted character sequence; and responsive to said determining from said indication that said smart card has failed to verify said decrypted character sequence, provide an indication of failure to verify;
wherein not one of the first or second biometric candidate is persistently stored. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory computer readable medium containing computer-executable instructions that, when performed by a processor at a device associated with an identity verification element, cause said processor to:
-
at an enrollment phase; receive a first biometric candidate; generate, responsive to said receiving said first biometric candidate, a first cryptographic key from said first biometric candidate; receive a character sequence associated with said identity verification element; employ said first cryptographic key to encrypt said character sequence to result in an encrypted character sequence; store, in memory, said encrypted character sequence; at a verification phase that occurs at a different time than the enrollment phase; receive a second biometric candidate at said device associated with said identity verification element, said device lacking access to a biometric template; generate, responsive to said receiving said second biometric candidate, a second cryptographic key from said second biometric candidate; decrypt said encrypted character sequence associated with said identity verification element, wherein said decrypting employs said second cryptographic key and results in a decrypted character sequence; responsive to determining the decryption of the encrypted character sequence was successful at said device; transmit said decrypted character sequence to said identity verification element, and receive, from said identity verification element, an indication of failed character sequence verification; determine, from said indication, that said identity verification element has failed to verify said decrypted character sequence; and responsive to said determining from said indication that said identity verification element has failed to verify said decrypted character sequence, provide an indication of failure to verify;
wherein not one of the first or second biometric candidate is persistently stored. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification