Verification of authenticity and responsiveness of biometric evidence and/or other evidence

US 9,832,023 B2
Filed: 10/31/2011
Issued: 11/28/2017
Est. Priority Date: 10/31/2011
Status: Active Grant

First Claim

Patent Images

1. A sensor configured to acquire evidence that is to be provided for validation of the authenticity and responsiveness of the evidence without regard for whether there is direct control over the sensor, the sensor comprising:

a sample acquisition apparatus configured to acquire one or more samples, wherein the sample acquisition apparatus is further configured to capture image information;

a non-transitory machine-readable storage medium having machine-readable instruction embodied thereon; and

one or more physical processors configured by the machine-readable instructions to;

receive a request for evidence from a server via a client computing platform that is separate and distinct from the sensor, the evidence to include one or more samples, the request for evidence including a challenge;

generate a response to the challenge;

obtain a sample acquired by the sample acquisition apparatus through capture of the image information;

perform an anti-tampering check to determine whether the sensor has been tampered with;

combine the evidence, the response to the challenge, and a result of the anti-tampering check into a signed unit of data, wherein combining at least the evidence and the response to the challenge into the signed unit of data includes;

packing the evidence and the challenge into two or more data blocks;

obtaining one or more hashes of the two or more data blocks; and

obtaining a cross-coupled data block that includes the one or more hashes of the two or more data blocks; and

transmit the signed unit of data to the server;

wherein the evidence included in the signed unit of data is validated based on a comparison between the response to the challenge included in the signed unit of data and the challenge sent with the request for evidence.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authenticity and responsiveness of evidence (e.g., biometric evidence) may be validated without regard for whether there is direct control over a sensor that acquired the evidence. In some implementations, only a data block containing evidence that is (1) appended with a server-generated challenge (e.g., a nonce) and (2) signed by the sensor may validate that the evidence is responsive to a current request and belongs to a current session. In some implementations, trust may be established and/or enhanced due to one or more security features (e.g., anti-spoofing, anti-tampering, and/or other security features) being collocated with the sensor at the actual sampling site.

46 Citations

View as Search Results

22 Claims

1. A sensor configured to acquire evidence that is to be provided for validation of the authenticity and responsiveness of the evidence without regard for whether there is direct control over the sensor, the sensor comprising:
- a sample acquisition apparatus configured to acquire one or more samples, wherein the sample acquisition apparatus is further configured to capture image information;
  
  a non-transitory machine-readable storage medium having machine-readable instruction embodied thereon; and
  
  one or more physical processors configured by the machine-readable instructions to;
  
  receive a request for evidence from a server via a client computing platform that is separate and distinct from the sensor, the evidence to include one or more samples, the request for evidence including a challenge;
  
  generate a response to the challenge;
  
  obtain a sample acquired by the sample acquisition apparatus through capture of the image information;
  
  perform an anti-tampering check to determine whether the sensor has been tampered with;
  
  combine the evidence, the response to the challenge, and a result of the anti-tampering check into a signed unit of data, wherein combining at least the evidence and the response to the challenge into the signed unit of data includes;
  
  packing the evidence and the challenge into two or more data blocks;
  
  obtaining one or more hashes of the two or more data blocks; and
  
  obtaining a cross-coupled data block that includes the one or more hashes of the two or more data blocks; and
  
  transmit the signed unit of data to the server;
  
  wherein the evidence included in the signed unit of data is validated based on a comparison between the response to the challenge included in the signed unit of data and the challenge sent with the request for evidence.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The sensor of claim 1, wherein the challenge includes a nonce, the nonce including a random number generated by a given processor, the random number being indiscernible prior to its generation except by the given processor.
  - 3. The sensor of claim 1, wherein the anti-tampering check includes a measurement of an electrical resistance within the sensor.
  - 4. The sensor of claim 1, wherein the anti-tampering check includes a measurement of conductivity of a foil strip within the sensor.
  - 5. The sensor of claim 1, wherein the one or more physical processors are further configured by the machine-readable instructions to record an indication that the sensor has been tampered with responsive to the anti-tampering check resulting in a positive determination.
  - 6. The sensor of claim 1, wherein individual ones or the one or more samples acquired by the sample acquisition apparatus are obtained for one or more of authentication, identification, verification, or enrollment.
  - 7. The sensor of claim 1, wherein the one or more physical processors are further configured by the machine-readable instructions to perform the anti-tampering check to determine whether a breach of integrity has corrupted the sample acquisition apparatus.
  - 8. The sensor of claim 1, wherein the sample acquisition apparatus is a video camera, and wherein the sensor is used as a security camera that transmits information to the server that is verified to be contemporaneous and valid by virtue of the response to the challenge and the result of the anti-tampering check.
  - 9. The sensor of claim 1, wherein the one or more physical processors are further configured by the machine-readable instructions to capture and transmit a live video feed.
  - 10. The sensor of claim 9, wherein the live video feed is authenticated by virtue of the response to the challenge and the result of the anti-tampering check.
  - 11. The sensor of claim 1, wherein combining at least the evidence and the response to the challenge into the signed unit of data includes packing the evidence and the response to the challenge into a single data block.
  - 12. The sensor of claim 1, wherein the one or more physical processors are further configured by the machine-readable instructions to provide a digital signature for the signed unit of data.
  - 13. The sensor of claim 12, wherein the digital signature is associated with a private key stored at the sensor.
  - 14. The sensor of claim 13, wherein the private key is associated with a public key infrastructure certificate, the public key infrastructure certificate identifying one or more of a manufacturer of the sensor, a vendor of the sensor, a sensor type, a sensor model, a serial number, a security feature, or a security level.
  - 15. The sensor of claim 1, further comprising a display apparatus configured to present a transaction identifier to a user.
  - 16. The sensor of claim 15, wherein the transaction identifier is presented as one or more of an image, an icon, or text.

17. A sensor configured to validate the authenticity and responsiveness of evidence without regard for whether there is direct control over the sensor that acquired the evidence, the sensor comprising:
- a sample acquisition apparatus configured to acquire one or more samples, wherein the sample acquisition apparatus is further configured to read information on a credit card;
  
  a non-transitory machine-readable storage medium having machine-readable instructions embodied thereon; and
  
  one or more physical processors configured by the machine-readable instructions to;
  
  receive a request for evidence from a server via a client computing platform that is separate and distinct from the sensor, the evidence to include the information on the credit card, the request for evidence including a challenge;
  
  generate a response to the challenge;
  
  obtain a sample acquired by the sample acquisition apparatus through reading the credit card;
  
  perform an anti-tampering check to determine whether the sensor has been tampered with;
  
  combine the evidence, the response to the challenge, and a result of the anti-tampering check into a signed unit of data, wherein combining at least the evidence and the response to the challenge into the signed unit of data includes;
  
  packing the evidence and the challenge into two or more data blocks;
  
  obtaining one or more hashes of the two or more data blocks; and
  
  obtaining a cross-coupled data block that includes the one or more hashes of the two or more data blocks; and
  
  transmit the signed unit of data to the server;
  
  wherein the evidence included in the signed unit of data is validated based on a comparison between the response to the challenge included in the signed unit of data and the challenge sent with the request for evidence.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The system of claim 17, the one or more physical processors are further configured by the machine-readable instructions to validate the signed unit of data based on the digital signature of the unit of data.
  - 19. The system of claim 17, wherein the challenge includes a nonce, the nonce including a random number generated by a given processor, the random number being indiscernible prior to its generation except by the given processor.
  - 20. The system of claim 17, wherein the signed unit of data is transmitted via a browser running on a client computing platform.
  - 21. The system of claim 17, wherein the sample acquisition apparatus is a credit card reader, and wherein the sensor is used to conduct online credit card transactions that are authenticated by virtue of the response to the challenge and the result of the anti-tampering check.

22. A method for validating the authenticity and responsiveness of evidence without regard for whether there is direct control over a sensor that acquired the evidence, the method comprising:
- receiving a request for evidence from a server via a client computing platform that is separate and distinct from the sensor, the evidence to include one or more samples, the request including a challenge;
  
  generating a response to the challenge;
  
  obtaining a sample acquired through capture of image information;
  
  performing an anti-tampering check to determine whether the sensor has been tampered with;
  
  combining the evidence, the response to the challenge, and a result of the anti-tampering check into a signed unit of data, wherein combining at least the evidence and the response to the challenge into the signed unit of data includes;
  
  packing the evidence and the challenge into two or more data blocks;
  
  obtaining one or more hashes of the two or more data blocks; and
  
  obtaining a cross-coupled data block that includes the one or more hashes of the two or more data blocks; and
  
  transmitting the signed unit of data to the server,wherein the evidence included in the signed data is validated based on a comparison between the response to the challenge included in the signed unit of data and the challenge sent with the request for evidence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biobex, LLC
Original Assignee
Biobex, LLC
Inventors
Joyce, III, Arthur W.
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Le, Canh

Application Number

US13/286,119
Publication Number

US 20130111222A1
Time in Patent Office

2,220 Days
Field of Search

713194
US Class Current
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Verification of authenticity and responsiveness of biometric evidence and/or other evidence

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Verification of authenticity and responsiveness of biometric evidence and/or other evidence

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links