Verification of authenticity and responsiveness of biometric evidence and/or other evidence

US 9,455,836 B1
Filed: 09/03/2015
Issued: 09/27/2016
Est. Priority Date: 11/30/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A system configured to acquire evidence that is to be provided for validation of the authenticity and responsiveness of the evidence, the system comprising:

a sensor;

a sample acquisition apparatus communicatively coupled with the sensor and configured to acquire one or more samples; and

one or more hardware processors communicatively coupled with sensor and configured by machine-readable instructions to;

receive a request for evidence from an external client computing platform, the evidence to include one or more samples or a representation of one or more samples, the request for evidence including a challenge;

obtain individual ones of the one or more samples acquired by the sample acquisition apparatus;

combine, at the sensor, the evidence and a response to the challenge into a signed or encrypted unit of data; and

effectuate transmission of the signed or encrypted unit of data from the sensor to a server by way of a client computing platform that is communicatively coupled with the sensor;

wherein combining the evidence and the response to the challenge into the signed or encrypted unit of data includes;

packing the evidence and the response to the challenge into two or more data blocks;

obtaining hashes of the two or more data blocks; and

obtaining another data block that includes the hashes of the two or more data blocks.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authenticity and responsiveness of evidence (e.g., biometric evidence) may be validated without regard for whether there is direct control over a sensor that acquired the evidence. In some implementations, only a data block containing evidence that is (1) appended with a server-generated challenge (e.g., a nonce) and (2) signed or encrypted by the sensor may validate that the evidence is responsive to a current request and belongs to a current session. In some implementations, trust may be established and/or enhanced due to one or more security features (e.g., anti-spoofing, anti-tampering, and/or other security features) being collocated with the sensor at the actual sampling site.

Citations

35 Claims

1. A system configured to acquire evidence that is to be provided for validation of the authenticity and responsiveness of the evidence, the system comprising:
- a sensor;
  
  a sample acquisition apparatus communicatively coupled with the sensor and configured to acquire one or more samples; and
  
  one or more hardware processors communicatively coupled with sensor and configured by machine-readable instructions to;
  
  receive a request for evidence from an external client computing platform, the evidence to include one or more samples or a representation of one or more samples, the request for evidence including a challenge;
  
  obtain individual ones of the one or more samples acquired by the sample acquisition apparatus;
  
  combine, at the sensor, the evidence and a response to the challenge into a signed or encrypted unit of data; and
  
  effectuate transmission of the signed or encrypted unit of data from the sensor to a server by way of a client computing platform that is communicatively coupled with the sensor;
  
  wherein combining the evidence and the response to the challenge into the signed or encrypted unit of data includes;
  
  packing the evidence and the response to the challenge into two or more data blocks;
  
  obtaining hashes of the two or more data blocks; and
  
  obtaining another data block that includes the hashes of the two or more data blocks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, wherein the challenge includes a nonce, the nonce including a random number generated by a given hardware processor, the random number being indiscernible prior to its generation except by the given hardware processor.
  - 3. The system of claim 1, wherein the one or more hardware processors are further configured by machine-readable instructions to perform one or more anti-tampering checks to determine whether the sensor has been tampered with.
  - 4. The system of claim 3, wherein the one or more hardware processors are further configured by machine-readable instructions to effectuate transmission of an indication that the sensor has been tampered with responsive to the one or more anti-tampering checks resulting in a positive determination.
  - 5. The system of claim 3, wherein the one or more hardware processors are further configured by machine-readable instructions to record an indication that the sensor has been tampered with responsive to the one or more anti-tampering checks resulting in a positive determination.
  - 6. The system of claim 1, wherein individual ones or the one or more samples acquired by the sample acquisition apparatus include a biometric sample obtained for one or more of biometric authentication, identification, verification, or enrollment.
  - 7. The system of claim 1, wherein the one or more hardware processors are further configured by machine-readable instructions to extract a template associated with a given sample acquired by the sample acquisition apparatus, the template including measurement data from the given sample.
  - 8. The system of claim 1, wherein a given sample includes an image of a body part of a user.
  - 9. The system of claim 1, wherein the one or more hardware processors are further configured by machine-readable instructions to effectuate transmission of an indication that the given sample was obtained from one or more of a false representation of a sample acquired by the sample acquisition apparatus, a surrogate feature, or a prosthetic feature, the indication being transmitted responsive to the one or more anti-spoofing checks resulting in a positive determination.
  - 10. The system of claim 1, wherein the request for evidence is received responsive to a request to access a protected resource, the protected resource including one or both of protected information or a protected device.
  - 11. The system of claim 1, further comprising a display apparatus configured to present a transaction identifier to a user.
  - 12. The system of claim 1, wherein the one or more hardware processors are further configured by machine-readable instructions to determine a first quality metric associated with a first sample, the first quality metric including a description of one or more measurable aspects of the first sample.
  - 13. The system of claim 12, wherein the one or more measurable aspects include one or more of image resolution, sharpness, noise, contrast, distortion, vignetting, or a presence of one or more artifacts.
  - 14. The system of claim 12, wherein the one or more hardware processors are further configured by machine-readable instructions to determine a second quality metric associated with a first template, the first template being associated with the first sample and measurement data determined from the first sample.
  - 15. The system of claim 14, wherein the first sample is a biometric sample including an image of an eye, wherein the first template is associated with measurement data relating to iris features, and wherein the second quality metric determines that the first template is not of sufficient quality by virtue of iris features of the eye being occluded in the image such that measurement data relating to the iris features of the eye cannot be determined from the first sample.
  - 16. The system of claim 1, wherein the one or more hardware processors are further configured by machine-readable instructions to perform one or more anti-spoofing checks to determine whether a given sample was obtained from one or more of a false representation of a sample acquired by the sample acquisition apparatus, a surrogate, or a prosthetic.
  - 17. The system of claim 1, wherein the one or more hardware processors are further configured by machine-readable instructions to determine, whether the first sample is to be rejected for inclusion in the evidence based on the first quality metric not breaching a threshold.
  - 18. The system of claim 17, wherein the one or more hardware processors are further configured by machine-readable instructions to determine whether the first sample is to be rejected for inclusion in the evidence based on the second quality metric determining that the first template is not of sufficient quality.
  - 19. The system of claim 17, wherein the private key is associated with a public key infrastructure certificate, the public key infrastructure certificate identifying one or more of a manufacturer of the sensor, a vendor of the sensor, a sensor type, a sensor model, a serial number, a security feature, or a security level.
  - 20. The sensor of claim 1, wherein the one or more hardware processors are further configured by machine-readable instructions to provide a digital signature for the signed or encrypted unit of data, the digital signature being associated with a private key stored at the sensor.

21. A system configured to validate the authenticity and responsiveness of evidence acquired by, the system comprising:
- one or more hardware processors configured by machine-readable instructions to;
  
  effectuate transmission of a request for evidence to a sensor by way of an external client computing platform that is communicatively coupled with the sensor, the evidence to include one or more samples or a representation of one or more samples obtained via the sensor, the request for evidence including a challenge;
  
  receive a signed or encrypted unit of data, wherein the signed or encrypted unit of data represents a combination of evidence responsive to the request and a response to the challenge included in the request;
  
  determine whether the evidence represented in the signed or encrypted unit of data is valid based on a comparison between the response to the challenge represented in the signed or encrypted unit of data and the challenge sent with the request for evidence;
  
  determine whether an authenticity of the evidence represented in the signed or encrypted unit of data is verifiable against an exemplar stored remotely from the sensor; and
  
  wherein data representing the evidence and data representing the response to the challenge were combined to form the signed or encrypted unit of data at the sensor by operations including;
  
  packing the data representing the evidence and the data representing the response to the challenge into two or more data blocks;
  
  obtaining hashes of the two or more data blocks; and
  
  obtaining another data block that includes the hashes of the two or more data blocks.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The system of claim 21, wherein the one or more hardware processors are further configured by machine-readable instructions to validate the signed or encrypted unit of data based on the digital signature of the unit of data.
  - 23. The system of claim 22, wherein the transaction identifier is presented as one or more of an image, an icon, or text.
  - 24. The system of claim 21, wherein the challenge includes a nonce, the nonce including a random number generated by a given hardware processor, the random number being indiscernible prior to its generation except by the given hardware processor.
  - 25. The system of claim 21, wherein the signed or encrypted unit of data is received via a browser running on a client computing platform.
  - 26. The system of claim 21, wherein the sensor includes one or more of a security camera, a smart card reader, a credit card reader, a magnetic stripe reader, or a biometric sensor.
  - 27. The system of claim 21, wherein the signed or encrypted unit of data is received responsive to a quality metric associated with the evidence breaching a threshold, the quality metric being determined at the sensor and including a description of one or more measureable aspects of at least one of the one or more samples.
  - 28. The system of claim 21, wherein the one or more hardware processors are further configured by machine-readable instructions to receive an indication of one or more anti-spoofing checks to determine whether a given sample was obtained from one or more of a false representation of a sample acquired by the sensor, a surrogate, or a prosthetic.

29. A hardware processor-implemented method for validating the authenticity and responsiveness of evidence acquired by a sensor, the method being performed by one or more processors configured by machine-readable instructions, the method comprising:
- transmitting, using one or more processors, a request for evidence to a sensor, the evidence to include one or more samples or a representation of one or more samples obtained via the sensor, the request including a challenge;
  
  receiving, using one or more processors, a signed or encrypted unit of data, wherein the signed or encrypted unit of data represents a combination of evidence responsive to the request and a response to the challenge included in the request,determining, using one or more processors, whether the evidence represented in the signed or encrypted unit of data is valid based on a comparison between the response to the challenge represented in the signed or encrypted unit of data and the challenge sent with the request for evidence;
  
  determining, using one or more processors, whether an authenticity of the evidence included in the signed or encrypted unit of data is verifiable against an exemplar stored remotely from the sensor; and
  
  wherein the data representing the evidence and the data representing the response to the challenge were combined at the sensor by operations including;
  
  packing the data representing the evidence and the data representing the response to the challenge into two or more data blocks;
  
  obtaining hashes of the two or more data blocks; and
  
  obtaining another data block that includes the hashes of the two or more data blocks.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. The method of claim 29, wherein determining whether the evidence included in the signed or encrypted unit of data is valid is further based on validating the digital signature of the unit of data.
  - 31. The method of claim 29, wherein the challenge includes a nonce, the nonce including a random number generated by a given processor, the random number being indiscernible prior to its generation except by the given processor.
  - 32. The method of claim 29, wherein the signed or encrypted unit of data is received via a browser running on a client computing platform.
  - 33. The method of claim 29, wherein the sensor includes one or more of a security camera, a smart card reader, a credit card reader, a magnetic stripe reader, or a biometric sensor.
  - 34. The method of claim 29, wherein the unit of data is received responsive to a quality metric associated with the evidence breaching a threshold, the quality metric being determined at the sensor.
  - 35. The method of claim 29, using one or more processors, an indication of one or more anti-spoofing checks performed at the sensor to determine whether a given sample was obtained from one or more of a false representation of a sample acquired by the sensor, a surrogate, or a prosthetic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biobex, LLC
Original Assignee
Biobex, LLC
Inventors
Joyce, Arthur W. III
Primary Examiner(s)
Kim, Tae

Application Number

US14/845,172
Time in Patent Office

390 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/40145   Biometric identity checks

G07C 9/25   using biometric data, e.g. ...

G07C 9/26   using a biometric sensor in...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

Verification of authenticity and responsiveness of biometric evidence and/or other evidence

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Verification of authenticity and responsiveness of biometric evidence and/or other evidence

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links