Methods and systems for managing network activity using biometrics

US 9,509,690 B2
Filed: 03/11/2016
Issued: 11/29/2016
Est. Priority Date: 03/12/2015
Status: Active Grant

First Claim

Patent Images

1. A method of managing network traffic using biometrics, the method comprising:

storing, by a server, a first value N, and a primitive root modulo N, wherein N is selected during enrollment of a user;

storing, by the server, a plurality of verification codes, wherein each of the plurality of verification codes is generated using the primitive root modulo N to the power of a hash function result of a respective portion of a first biometric template acquired from the user during the enrollment, and each portion of the biometric template is identified by a corresponding offset identifier;

receiving, by the server, a request to connect to the server, the request from a client operated by the user;

transmitting, by the server, a first offset identifier to the client, wherein the client uses the first offset identifier to identify a first portion of a second biometric template acquired from the user in association with the request, and to generate a first value corresponding to a common exponentiation function using the identified first portion of the second biometric template, wherein the common exponentiation function has the primitive root modulo N as a base;

generating, at the server according to the first offset identifier, a second value corresponding to the common exponentiation function; and

determining, by the server, that the user is authenticated when the first value from the client matches the second value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes systems and methods for managing network traffic using biometrics. A server may store a first value N, a primitive root modulo N, and a plurality of verification codes generated using the primitive root modulo N to the power of a hash function result of a respective portion of a first biometric template acquired from the user during enrollment. The sever may receive a request to connect to the server, from a client operated by the user. The client may use a first offset identifier from the server to identify a first portion of a second biometric template acquired from the user, and generate a first value corresponding to a common exponentiation function. The server may generate a second value corresponding to the common exponentiation function. The server may determine that the user is authenticated if the first value from the client matches the second value.

Citations

20 Claims

1. A method of managing network traffic using biometrics, the method comprising:
- storing, by a server, a first value N, and a primitive root modulo N, wherein N is selected during enrollment of a user;
  
  storing, by the server, a plurality of verification codes, wherein each of the plurality of verification codes is generated using the primitive root modulo N to the power of a hash function result of a respective portion of a first biometric template acquired from the user during the enrollment, and each portion of the biometric template is identified by a corresponding offset identifier;
  
  receiving, by the server, a request to connect to the server, the request from a client operated by the user;
  
  transmitting, by the server, a first offset identifier to the client, wherein the client uses the first offset identifier to identify a first portion of a second biometric template acquired from the user in association with the request, and to generate a first value corresponding to a common exponentiation function using the identified first portion of the second biometric template, wherein the common exponentiation function has the primitive root modulo N as a base;
  
  generating, at the server according to the first offset identifier, a second value corresponding to the common exponentiation function; and
  
  determining, by the server, that the user is authenticated when the first value from the client matches the second value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first value N comprises one of a prime number, a discrete logarithm element, or an elliptic curve element.
  - 3. The method of claim 1, wherein each of the plurality of verification codes is generated using the primitive root modulo N to the power of a hash function result of a respective value, the respective value generated using a random number and a respective portion of the first biometric template acquired from the user during the enrollment.
  - 4. The method of claim 3, wherein the random number comprises one of:
    - a random number separate from random numbers used to generate other respective values, or comprises a common random number used to generate other respective values.
  - 5. The method of claim 1, further comprising receiving, by the server, an identifier of the user in the request, and retrieving a first portion of the biometric template stored by the server according to the identifier of the user and the first offset identifier.
  - 6. The method of claim 1, further comprising generating, by the server, a random number z and computing a public key for the server as comprising the sum of:
    - the primitive root modulo N to the power of z, and a first verification code from the plurality of verification codes that corresponds to the first offset identifier.
  - 7. The method of claim 1, further comprising sending, by the server, the public key for the server to the client for use in generating the first value corresponding to the common exponentiation function.
  - 8. The method of claim 1, further comprising generating, by the server, a random parameter, and sending the random parameter to the client for use in generating the first value corresponding to the common exponentiation function.
  - 9. The method of claim 1, wherein the client generates a long term private key for the client using the first offset identifier.
  - 10. The method of claim 1, wherein the client uses a random number y to generate a short term public key for the client, the short term public key comprising the primitive root modulo N to the power of y.

11. A system of managing network traffic using biometrics, the system comprising:
- a server in communication with a client operated by a user, the server comprising;
  
  memory configured to store a first value N, and a primitive root modulo N, wherein N is selected during enrollment of the user, and to store a plurality of verification codes, wherein each of the plurality of verification codes is generated using the primitive root modulo N to the power of a hash function result of a respective portion of a first biometric template acquired from the user during the enrollment, and each portion of the biometric template is identified by a corresponding offset identifier;
  
  a transceiver configured to receive a request from the client to connect to the server, and to transmit a first offset identifier to the client, wherein the client uses the first offset identifier to identify a first portion of a second biometric template acquired from the user in association with the request, and to generate a first value corresponding to a common exponentiation function using the identified first portion of the second biometric template, wherein the common exponentiation function has the primitive root modulo N as a base; and
  
  one or more processors configured to generate, according to the first offset identifier, a second value corresponding to the common exponentiation function, and to determine that the user is authenticated when the first value from the client matches the second value.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the first value N comprises one of a prime number, a discrete logarithm element, or an elliptic curve element.
  - 13. The system of claim 11, wherein each of the plurality of verification codes is generated using the primitive root modulo N to the power of a hash function result of a respective value, the respective value generated using a random number and a respective portion of the first biometric template acquired from the user during the enrollment.
  - 14. The system of claim 13, wherein the random number comprises one of:
    - a random number separate from random numbers used to generate other respective values, or comprises a common random number used to generate other respective values.
  - 15. The system of claim 11, wherein the transceiver is further configured to receive an identifier of the user in the request, and the one or more processors is further configured to retrieve a first portion of the biometric template stored by the server according to the identifier of the user and the first offset identifier.
  - 16. The system of claim 11, wherein the one or more processors is further configured to generate a random number z and to compute a public key for the server as comprising the sum of:
    - the primitive root modulo N to the power of z, and a first verification code from the plurality of verification codes that corresponds to the first offset identifier.
  - 17. The system of claim 11, wherein the transceiver is further configured to send the public key for the server to the client for use in generating the first value corresponding to the common exponentiation function.
  - 18. The system of claim 11, wherein the one or more processors is further configured to generate a random parameter, and the transceiver is further configured to send the random parameter to the client for use in generating the first value corresponding to the common exponentiation function.
  - 19. The system of claim 11, wherein the client generates a long term private key for the client using the first offset identifier.
  - 20. The system of claim 11, wherein the client uses a random number y to generate a short term public key for the client, the short term public key comprising the primitive root modulo N to the power of y.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EyeLock LLC (VOXX International Corporation)
Original Assignee
EyeLock LLC (VOXX International Corporation)
Inventors
Carter, Samuel J., Ream, Christopher L., Makthal, Sarvesh, Gerber, Stephen Charles
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/067,696
Publication Number

US 20160269402A1
Time in Patent Office

263 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0861   using biometrical features,...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3013   involving the discrete loga...

H04L 9/3033   details relating to pseudo-...

H04L 9/3066   involving algebraic varieti...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3271   using challenge-response

Methods and systems for managing network activity using biometrics

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for managing network activity using biometrics

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links