Device and user authentication

US 9,031,231 B2
Filed: 04/02/2010
Issued: 05/12/2015
Est. Priority Date: 04/10/2009
Status: Active Grant

First Claim

Patent Images

1. A personal healthcare method comprising:

registering a physiological data measuring device which has a unique device ID and is configured to make a physiological data measurement, including;

performing a biometric measurement of a user,extracting a key and helper data for the user from the biometric measurement, the helper data being configured to extract the key from the biometric data,storing the helper data in the physiological data measuring device,electronically transmitting the device ID and an ID of the user to a remote server which includes a remote server computer processor and is associated with an electronic data storage configured to store physiological data measurements of a plurality of users;

authenticating the device and the user including with a physiological data site computer processor;

receiving a current biometric measurement and a current physiological data measurement of the user,retrieving the helper data for the user,generating the key from the current biometric measurement and the helper data,generating a message including the current measured physiological data and one of (a) a message authenticating code derived from the current measured physiological data and the key or (b) a signature for the current measured physiological data derived from the key,electronically transmitting the message to the remote server, andwith the remote server computer processor of the remote server, authenticating the device and the user with the message and the device ID and the user ID which was transmitted during the registering step.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data. There is then generated a message comprising the key or a component derived from the key, which transmitted to a remote service, and at the service there is carried out the step of authenticating the device and the user with the message. In a preferred embodiment, the generating of the key further comprises generating the key from the device ID.

22 Citations

View as Search Results

20 Claims

1. A personal healthcare method comprising:
- registering a physiological data measuring device which has a unique device ID and is configured to make a physiological data measurement, including;
  
  performing a biometric measurement of a user,extracting a key and helper data for the user from the biometric measurement, the helper data being configured to extract the key from the biometric data,storing the helper data in the physiological data measuring device,electronically transmitting the device ID and an ID of the user to a remote server which includes a remote server computer processor and is associated with an electronic data storage configured to store physiological data measurements of a plurality of users;
  
  authenticating the device and the user including with a physiological data site computer processor;
  
  receiving a current biometric measurement and a current physiological data measurement of the user,retrieving the helper data for the user,generating the key from the current biometric measurement and the helper data,generating a message including the current measured physiological data and one of (a) a message authenticating code derived from the current measured physiological data and the key or (b) a signature for the current measured physiological data derived from the key,electronically transmitting the message to the remote server, andwith the remote server computer processor of the remote server, authenticating the device and the user with the message and the device ID and the user ID which was transmitted during the registering step.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, whereinthe step of generating the current key includes generating the current key and the helper data for the user from the current biometric measurement and the device ID;
    - the step of storing the helper data includes storing the helper data in the physiological data measuring device along with the user ID;
      
      the step of transmitting the device ID and the user ID to the remote server further includes transmitting the key to the remote server; and
      
      the step of authenticating the physiological data measuring device and the user in the remote server includes authenticating the physiological data measurement device and the user with the message and the device ID, the user ID, and the key transmitted during the step of registering.
  - 3. The method according to claim 2, wherein the step of generating the key and the helper data for the user from the biometric measurement and the physiological data measurement device ID includes generating a codeword from the physiological data measurement device ID and a random string, and generating the key from the codeword and the biometric measurement.
  - 4. The method according to claim 2, and further including in the message the physiological data measurement device ID and/or the user ID.
  - 5. The method according to claim 1, whereinregistering the physiological data measurement device and the user in the system server further includes the step of generating a codeword from the device ID and a random string;
    - the step of generating the key and the helper data for the user from the biometric measurement includes generating the key and the helper data for the user from the biometric measurement and the codeword;
      
      the step of storing the helper data includes storing the helper data in the physiological data measurement device along with the user ID;
      
      the step of transmitting the device ID and the user ID to the remote server further includes transmitting the random string to the remote server ; and
      
      the step of authenticating the physiological data measurement device and the user in the remote server includes authenticating the physiological data measurement device and the user with the message and the device ID, the user ID, and the random string transmitted during the step of registering.
  - 6. The method according to claim 1, whereinthe step of transmitting the device ID and the user ID to the remote server further includes transmitting the key to the remote server;
    - authenticating the device and the user with the remote server further includes encrypting the device ID using the key;
      
      the generated message further includes the encrypted device ID; and
      
      the step of authenticating the physiological data measurement device and the user in the remote server includes authenticating the physiological data measurement device and the user with the message and the device ID, the user ID, and the key transmitted during the step of registering.
  - 7. The method according to claim 1, whereinregistering the physiological data measurement device and the user in the system further includes generating a random value and generating an additional helper data from the random value and the key;
    - the step of storing the helper data further includes storing the additional helper data;
      
      the step of transmitting the device ID and the user ID to the remote server further includes transmitting a function of the key, a random value, and the device ID to the remote server;
      
      retrieving the helper data further includes retrieving the additional helper data;
      
      authenticating the physiological data measurement device and the user with the remote server further includes obtaining the random value from the additional helper data and the key and generating an additional key from the function of the key, the random value, and the device ID;
      
      the message generating step includes deriving the message authenticating code from the measured physiological data and the additional key; and
      
      the step of authenticating the physiological data measurement device and the user in the remote server includes authenticating the physiological data measurement device and the user with the message, the device ID, the user ID, the function of the key, the random value, and the device ID transmitted during the step of registering.

8. A system for authenticating a device and a user comprising:
- a measurement apparatus configured to perform a biometric measurement of the user;
  
  a sensing device configured to measure physiological data of the user, the sensing device including an electronic memory having a device ID stored therein;
  
  a remote server;
  
  a processor apparatus configured to;
  
  during a procedure for registering the sensing device and a user with a remote server;
  
  retrieve the device ID for the sensing device from the sensing device electronic memory,receive a biometric measurement of the user from the measurement apparatus,generate a key and helper data for the user from the biometric measurement, the helper data being configured for extracting one or more keys from biometric measurements,store the helper data in a processor electronic memory,electronically transmit the device ID and a user ID to the remote server, andduring a procedure for authenticating the sensing device and the user with the remote server;
  
  receiving a current biometric measurement and currently measured physiological data,obtain the device ID for the sensing device from the sensing device,retrieve the helper data for the user,generate a key from the current biometric measurement and retrieved helper data,generate a message including the current measured data and either (a) a message authenticating code derived from the currently measured data and the key or (b) a signature for the measured data derived from the key, andtransmit the message to the remote service,wherein the remote server is configured to authenticate the sensing device and the user with the message and the device ID and the user ID received during the registration procedure.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system according to claim 8, wherein the processor apparatus is further configured to:
    - generate the key and the helper data for the user from the biometric measurement and the device ID;
      
      store the helper data in the sensing device along with the user identity;
      
      transmit the key to the remote server along with the device ID and the user ID; and
      
      wherein the remote server is further configured to authenticate the sensing device and the user with the message and the device ID, the user ID, and the key transmitted during the procedure for registering.
  - 10. The system according to claim 9, wherein the processor apparatus is further configured to generate the key and the helper data for the user from the biometric measurement and the device ID by generating a codeword from the device ID and a random string, and generating the key from the codeword and the biometric measurement.
  - 11. The system according to claim 9, wherein the processor apparatus is further configured to include in the message the device ID and/or the user ID.
  - 12. The system according to claim 8, whereinduring the registering of the sensing device and the user, the processor apparatus is further configured to:
    - generate a codeword from the device ID and a random string,generate the key and the helper data for the user from the biometric measurement and the codeword,store the helper data in the sensing device along with a user identity,transmit the random string to the remote service along with the device ID and the user ID; and
      
      wherein the remote server is configured to authenticate the sensing device and the user with the message and the device ID, the user ID, and the random string transmitted during the registering.
  - 13. The system according to claim 8, whereinthe processor apparatus is further configured to:
    - transmit the key to the remote server along with the device ID and the user ID,encrypt the device ID using the key during the authenticating of the sensing device and the user with the remote server,generate the message including the encrypted device ID; and
      
      wherein the remote server is configured to authenticate the sensing device and the user with the message and the device ID, the user ID, and the key transmitted during the registering.
  - 14. The system according to claim 8, whereinthe processor apparatus is further configured to:
    - generate a random value and additional helper data from the random value and the key during the registration of the sensing device and the user,store the additional helper data,transmit a function of the key, the random value, and the device ID to the remote server along with the device ID and the user ID,retrieve the additional helper data,obtain the random value from the additional helper data and the key and generate an additional key from the function of the key, the random value, and the device ID during the authentication of the sensing device and the user with the remote server,generate the message authenticating code from the measured data and the additional key; and
      
      wherein the remote server is configured to authenticate the sensing device and the user with the message and the device ID, the user ID, and the function of the key, the random value and the device ID transmitted during registering.

15. A personal health record system comprising:
- a sensing device configured to sense physiological data of a user, the sensing device having a sensing device ID;
  
  a measurement device configured to perform a biometric measurement on the user to generate biometric data;
  
  a hub device including a hub computer processor and a transmitter configured to transmit encoded physiological data over a data channel, the hub computer processor being connected with the sensing device to receive the physiological data and the sensing device ID, and with the measurement device to receive the biometric data;
  
  a remote server configured to receive the encoded physiological data from the data channel, authenticate the encoded physiological data and store the authenticated physiological data of the user in a personal health record of the user corresponding to the user in a health record system of a third party healthcare provider, the remote server including a server computer processor;
  
  the hub and server computer processors being configured to register the sensing device and the user, wherein the hub computer processor is configured to;
  
  generate from the biometric data helper data with which keys are extractable from the biometric data,store the helper data in a hub memory,cause the transmitter to transmit the helper data, the device ID, and a user ID to the sensor computer processor; and
  
  the hub and server computer processors are further configured to authenticate the physiological data, wherein the hub computer processor is further configured to;
  
  generate a key from the helper data and the biometric data,generate a message including current physiological data and one of (a) the key and a message authenticating code derived from the physiological data and (b) a signature for the current measured data derived from the key,control the transmitter to transmit the message; and
  
  wherein the server computer processor is further configured to;
  
  authenticate the sensing device and the user with the message and the device ID and the user ID receive during registration.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system according to claim 15, wherein the hub computer processor is further configured to:
    - generate the key and the helper data for the user from the biometric measurement and the device ID;
      
      store the helper data along with the user ID;
      
      transmit the key to the server computer processor along with the device ID and the user ID; and
      
      wherein the server computer processor is further configured to authenticate the sensing device and the user with the message and the device ID, the user ID, and the key transmitted during registration.
  - 17. The system according to claim 16, wherein the hub computer processor is further configured to generate the key and the helper data for the user from the biometric measurement and the device ID by generating a codeword from the device ID and a random string, and generating the key from the codeword and the biometric measurement.
  - 18. The system according to claim 15, whereinduring the registering of the sensing device and the user, the hub computer processor is further configured to:
    - generate a codeword from the device ID and a random string,generate the key and the helper data for the user from the biometric measurement and the codeword,store the helper data in the sensing device along with the user ID,transmit the random string to the server computer processor along with the device ID and user ID; and
      
      wherein the server computer processor is configured to authenticate the sensing device and the user with the message and the device ID, the user identity, and the random string transmitted during registration.
  - 19. The system according to claim 15, whereinthe hub computer processor is further configured to:
    - transmit the key to the server computer processor along with the device ID and the user ID,encrypt the device ID using the key during the authentication of the sensing device and the user with the computer processor,generate the message including the encrypted device ID; and
      
      wherein the server computer processor is configured to authenticate the sensing device and the user with the message and the device ID, the user ID, and the key transmitted during registration.
  - 20. The system according to claim 15, whereinthe hub computer processor is further configured to:
    - generate a random value and additional helper data from the random value and the key during the registration of the sensing device and the user,store the additional helper data,transmit a function of the key, the random value, and the device ID to the server computer processor along with the device ID and the user ID,retrieve the additional helper data,obtain the random value from the additional helper data and the key and generate an additional key from the function of the key, the random value, and the device ID during the authentication of the sensing device and the user with the server computer processor,generate the message authenticating code from the measured data and the additional key; and
      
      wherein the server computer processor is configured to authenticate the sensing device and the user with the message and the device ID, the user ID, and the function of the key, the random value and the device ID transmitted during registration.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips N.V.
Original Assignee
Koninklijke Philips N.V.
Inventors
Asim, Muhammad, Merchan, Jorge Guajardo, Petkovic, Milan
Primary Examiner(s)
CHAO, MICHAEL W

Application Number

US13/263,854
Publication Number

US 20120033807A1
Time in Patent Office

1,866 Days
Field of Search

380/44
US Class Current

380/44
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/606   by securing the transmissio...

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2129   Authenticate client device ...

G16H 10/65   stored on portable record c...

H04L 2209/88   Medical equipments

H04L 9/0866   involving user or device id...

H04L 9/3231   Biological data, e.g. finge...

Device and user authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device and user authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links