Device and user authentication
First Claim
Patent Images
1. A personal healthcare method comprising:
- registering a physiological data measuring device which has a unique device ID and is configured to make a physiological data measurement, including;
performing a biometric measurement of a user,extracting a key and helper data for the user from the biometric measurement, the helper data being configured to extract the key from the biometric data,storing the helper data in the physiological data measuring device,electronically transmitting the device ID and an ID of the user to a remote server which includes a remote server computer processor and is associated with an electronic data storage configured to store physiological data measurements of a plurality of users;
authenticating the device and the user including with a physiological data site computer processor;
receiving a current biometric measurement and a current physiological data measurement of the user,retrieving the helper data for the user,generating the key from the current biometric measurement and the helper data,generating a message including the current measured physiological data and one of (a) a message authenticating code derived from the current measured physiological data and the key or (b) a signature for the current measured physiological data derived from the key,electronically transmitting the message to the remote server, andwith the remote server computer processor of the remote server, authenticating the device and the user with the message and the device ID and the user ID which was transmitted during the registering step.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data. There is then generated a message comprising the key or a component derived from the key, which transmitted to a remote service, and at the service there is carried out the step of authenticating the device and the user with the message. In a preferred embodiment, the generating of the key further comprises generating the key from the device ID.
22 Citations
20 Claims
-
1. A personal healthcare method comprising:
-
registering a physiological data measuring device which has a unique device ID and is configured to make a physiological data measurement, including; performing a biometric measurement of a user, extracting a key and helper data for the user from the biometric measurement, the helper data being configured to extract the key from the biometric data, storing the helper data in the physiological data measuring device, electronically transmitting the device ID and an ID of the user to a remote server which includes a remote server computer processor and is associated with an electronic data storage configured to store physiological data measurements of a plurality of users; authenticating the device and the user including with a physiological data site computer processor; receiving a current biometric measurement and a current physiological data measurement of the user, retrieving the helper data for the user, generating the key from the current biometric measurement and the helper data, generating a message including the current measured physiological data and one of (a) a message authenticating code derived from the current measured physiological data and the key or (b) a signature for the current measured physiological data derived from the key, electronically transmitting the message to the remote server, and with the remote server computer processor of the remote server, authenticating the device and the user with the message and the device ID and the user ID which was transmitted during the registering step. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for authenticating a device and a user comprising:
-
a measurement apparatus configured to perform a biometric measurement of the user; a sensing device configured to measure physiological data of the user, the sensing device including an electronic memory having a device ID stored therein; a remote server; a processor apparatus configured to; during a procedure for registering the sensing device and a user with a remote server; retrieve the device ID for the sensing device from the sensing device electronic memory, receive a biometric measurement of the user from the measurement apparatus, generate a key and helper data for the user from the biometric measurement, the helper data being configured for extracting one or more keys from biometric measurements, store the helper data in a processor electronic memory, electronically transmit the device ID and a user ID to the remote server, and during a procedure for authenticating the sensing device and the user with the remote server; receiving a current biometric measurement and currently measured physiological data, obtain the device ID for the sensing device from the sensing device, retrieve the helper data for the user, generate a key from the current biometric measurement and retrieved helper data, generate a message including the current measured data and either (a) a message authenticating code derived from the currently measured data and the key or (b) a signature for the measured data derived from the key, and transmit the message to the remote service, wherein the remote server is configured to authenticate the sensing device and the user with the message and the device ID and the user ID received during the registration procedure. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A personal health record system comprising:
-
a sensing device configured to sense physiological data of a user, the sensing device having a sensing device ID; a measurement device configured to perform a biometric measurement on the user to generate biometric data; a hub device including a hub computer processor and a transmitter configured to transmit encoded physiological data over a data channel, the hub computer processor being connected with the sensing device to receive the physiological data and the sensing device ID, and with the measurement device to receive the biometric data; a remote server configured to receive the encoded physiological data from the data channel, authenticate the encoded physiological data and store the authenticated physiological data of the user in a personal health record of the user corresponding to the user in a health record system of a third party healthcare provider, the remote server including a server computer processor; the hub and server computer processors being configured to register the sensing device and the user, wherein the hub computer processor is configured to; generate from the biometric data helper data with which keys are extractable from the biometric data, store the helper data in a hub memory, cause the transmitter to transmit the helper data, the device ID, and a user ID to the sensor computer processor; and the hub and server computer processors are further configured to authenticate the physiological data, wherein the hub computer processor is further configured to; generate a key from the helper data and the biometric data, generate a message including current physiological data and one of (a) the key and a message authenticating code derived from the physiological data and (b) a signature for the current measured data derived from the key, control the transmitter to transmit the message; and wherein the server computer processor is further configured to; authenticate the sensing device and the user with the message and the device ID and the user ID receive during registration. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification