Verification of authenticity and responsiveness of biometric evidence and/or other evidence
First Claim
1. A sensor configured to acquire evidence that is to be provided for validation of the authenticity and responsiveness of the evidence without regard for whether there is direct control over the sensor, the sensor comprising:
- a sample acquisition apparatus configured to acquire one or more samples, wherein the sample acquisition apparatus is further configured to capture image information;
a non-transitory machine-readable storage medium having machine-readable instruction embodied thereon; and
one or more physical processors configured by the machine-readable instructions to;
receive a request for evidence from a server via a client computing platform that is separate and distinct from the sensor, the evidence to include one or more samples, the request for evidence including a challenge;
generate a response to the challenge;
obtain a sample acquired by the sample acquisition apparatus through capture of the image information;
perform an anti-tampering check to determine whether the sensor has been tampered with;
combine the evidence, the response to the challenge, and a result of the anti-tampering check into a signed unit of data, wherein combining at least the evidence and the response to the challenge into the signed unit of data includes;
packing the evidence and the challenge into two or more data blocks;
obtaining one or more hashes of the two or more data blocks; and
obtaining a cross-coupled data block that includes the one or more hashes of the two or more data blocks; and
transmit the signed unit of data to the server;
wherein the evidence included in the signed unit of data is validated based on a comparison between the response to the challenge included in the signed unit of data and the challenge sent with the request for evidence.
2 Assignments
0 Petitions
Accused Products
Abstract
Authenticity and responsiveness of evidence (e.g., biometric evidence) may be validated without regard for whether there is direct control over a sensor that acquired the evidence. In some implementations, only a data block containing evidence that is (1) appended with a server-generated challenge (e.g., a nonce) and (2) signed by the sensor may validate that the evidence is responsive to a current request and belongs to a current session. In some implementations, trust may be established and/or enhanced due to one or more security features (e.g., anti-spoofing, anti-tampering, and/or other security features) being collocated with the sensor at the actual sampling site.
46 Citations
22 Claims
-
1. A sensor configured to acquire evidence that is to be provided for validation of the authenticity and responsiveness of the evidence without regard for whether there is direct control over the sensor, the sensor comprising:
-
a sample acquisition apparatus configured to acquire one or more samples, wherein the sample acquisition apparatus is further configured to capture image information; a non-transitory machine-readable storage medium having machine-readable instruction embodied thereon; and one or more physical processors configured by the machine-readable instructions to; receive a request for evidence from a server via a client computing platform that is separate and distinct from the sensor, the evidence to include one or more samples, the request for evidence including a challenge; generate a response to the challenge; obtain a sample acquired by the sample acquisition apparatus through capture of the image information; perform an anti-tampering check to determine whether the sensor has been tampered with; combine the evidence, the response to the challenge, and a result of the anti-tampering check into a signed unit of data, wherein combining at least the evidence and the response to the challenge into the signed unit of data includes; packing the evidence and the challenge into two or more data blocks; obtaining one or more hashes of the two or more data blocks; and obtaining a cross-coupled data block that includes the one or more hashes of the two or more data blocks; and transmit the signed unit of data to the server; wherein the evidence included in the signed unit of data is validated based on a comparison between the response to the challenge included in the signed unit of data and the challenge sent with the request for evidence. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A sensor configured to validate the authenticity and responsiveness of evidence without regard for whether there is direct control over the sensor that acquired the evidence, the sensor comprising:
-
a sample acquisition apparatus configured to acquire one or more samples, wherein the sample acquisition apparatus is further configured to read information on a credit card; a non-transitory machine-readable storage medium having machine-readable instructions embodied thereon; and one or more physical processors configured by the machine-readable instructions to; receive a request for evidence from a server via a client computing platform that is separate and distinct from the sensor, the evidence to include the information on the credit card, the request for evidence including a challenge; generate a response to the challenge; obtain a sample acquired by the sample acquisition apparatus through reading the credit card; perform an anti-tampering check to determine whether the sensor has been tampered with; combine the evidence, the response to the challenge, and a result of the anti-tampering check into a signed unit of data, wherein combining at least the evidence and the response to the challenge into the signed unit of data includes; packing the evidence and the challenge into two or more data blocks; obtaining one or more hashes of the two or more data blocks; and obtaining a cross-coupled data block that includes the one or more hashes of the two or more data blocks; and transmit the signed unit of data to the server; wherein the evidence included in the signed unit of data is validated based on a comparison between the response to the challenge included in the signed unit of data and the challenge sent with the request for evidence. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A method for validating the authenticity and responsiveness of evidence without regard for whether there is direct control over a sensor that acquired the evidence, the method comprising:
-
receiving a request for evidence from a server via a client computing platform that is separate and distinct from the sensor, the evidence to include one or more samples, the request including a challenge; generating a response to the challenge; obtaining a sample acquired through capture of image information; performing an anti-tampering check to determine whether the sensor has been tampered with; combining the evidence, the response to the challenge, and a result of the anti-tampering check into a signed unit of data, wherein combining at least the evidence and the response to the challenge into the signed unit of data includes; packing the evidence and the challenge into two or more data blocks; obtaining one or more hashes of the two or more data blocks; and obtaining a cross-coupled data block that includes the one or more hashes of the two or more data blocks; and transmitting the signed unit of data to the server, wherein the evidence included in the signed data is validated based on a comparison between the response to the challenge included in the signed unit of data and the challenge sent with the request for evidence.
-
Specification