Biometric authentication of mobile financial transactions by trusted service managers

US 9,858,566 B2
Filed: 10/31/2014
Issued: 01/02/2018
Est. Priority Date: 06/06/2008
Status: Active Grant

First Claim

Patent Images

1. A user device unlocking system, comprising:

a processing system that is located in a user device;

a non-transitory memory system that is located in the user device and that stores instructions that, when executed by the processing system, provide an operating system;

a biometric trait data input device that is located on the user device;

tunnel circuitry that is coupled to the biometric trait data input device and configured to prevent access to biometric trait data captured by the biometric trait data input device and transmitted through the tunnel circuitry by non-authorized subsystems in the user device; and

a secure element that is located in the user device, that is coupled to the biometric trait data input device through the tunnel circuitry, and that stores biometric trait authentication data, wherein the secure element is configured to receive biometric trait data of a user directly from the biometric trait data input device through the tunnel circuitry and prevent capture of the biometric trait data by an application on the user device, verify the biometric trait data using the biometric trait authentication data and, in response to the verification of the biometric trait data, unlock the user device to provide access to the operating system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method comprises storing a biometric trait of a user in a data communication device of the user, comparing a biometric trait input into the device with the biometric trait stored in the device, generating a certificate authenticating the user within the device if the biometric trait input into the device matches the biometric trait stored in the device, and facilitating a financial transaction of the user using the certificate.

67 Citations

View as Search Results

20 Claims

1. A user device unlocking system, comprising:
- a processing system that is located in a user device;
  
  a non-transitory memory system that is located in the user device and that stores instructions that, when executed by the processing system, provide an operating system;
  
  a biometric trait data input device that is located on the user device;
  
  tunnel circuitry that is coupled to the biometric trait data input device and configured to prevent access to biometric trait data captured by the biometric trait data input device and transmitted through the tunnel circuitry by non-authorized subsystems in the user device; and
  
  a secure element that is located in the user device, that is coupled to the biometric trait data input device through the tunnel circuitry, and that stores biometric trait authentication data, wherein the secure element is configured to receive biometric trait data of a user directly from the biometric trait data input device through the tunnel circuitry and prevent capture of the biometric trait data by an application on the user device, verify the biometric trait data using the biometric trait authentication data and, in response to the verification of the biometric trait data, unlock the user device to provide access to the operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the tunnel circuitry is FIPS 140-2 level 3 compliant.
  - 3. The system of claim 1, wherein the tunnel circuitry provides for encryption of the biometric trait data.
  - 4. The system of claim 1, further comprising:
    - a communication module that is located in the user device and that is coupled to the processing system, wherein the communication module is configured to provide for communications over a network.
  - 5. The system of claim 4, wherein the communication module is at least one of a Near Field Communication (NFC) communication module, a Bluetooth communication module, and an infrared communication module.
  - 6. The system of claim 1, wherein the secure element verifying the biometric trait data using the biometric trait authentication data and unlocking the user device to provide access to the operating system includes the secure element generating a certificate that authenticates the user and providing the certificate to the processing system.
  - 7. The system of claim 1, wherein the secure element is a first secure element, and wherein the authentication system further comprises:
    - a second secure element that is located in the user device and that includes the application, wherein the unlocking of the user device provides access to the application.

8. A method for unlocking a secure system, comprising:
- reading, by a biometric reader that is coupled to a secured system, biometric data;
  
  transmitting, to a secure portion of a secured system from the biometric reader and through tunnel circuitry that is configured to prevent capture of the biometric data captured by an application on a device, the biometric data;
  
  authenticating, using biometric authentication data that is stored in the secure portion of the secured system, the biometric data;
  
  transmitting, from the secure portion of the secured system to an unlocking subsystem of the secured system, an authentication confirmation in response to authenticating the biometric data; and
  
  unlocking, by the unlocking subsystem of the secured system in response to receiving the authentication confirmation, the secured system to provide access to functionality provided by the secured system.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the tunnel circuitry is FIPS 140-2 level 3 compliant.
  - 10. The method of claim 9, further comprising:
    - encrypting, using the tunnel circuitry, the biometric data.
  - 11. The method of claim 8, further comprising:
    - communicating, using a communication device coupled to the secured system, information over a network subsequent to providing access to the functionality provided by the secured system.
  - 12. The method of claim 11, wherein the communication device is at least one of a Near Field Communication (NFC) communication device, a Bluetooth communication device, and an infrared communication device.
  - 13. The method of claim 8, wherein the authenticating the biometric data and providing access to the functionality provided by the secured system further comprises:
    - generating, by the secure portion of the secured system, an authentication certificate and providing the authentication certificate to the unlocking subsystem of the secured system.
  - 14. The method of claim 8, wherein the providing access to the functionality provided by the secured system further comprises:
    - providing access to the application included on a second secure portion of the secured system.

15. A non-transitory computer readable medium having stored thereon computer-readable instructions executable to cause a machine to perform operations comprising:
- configuring a secure element in a lockable computer to receive and store biometric verification data;
  
  configuring a biometric input system on the lockable computer to receive a biometric input and provide the biometric input to the secure element through tunnel circuitry that is configured to prevent capture of the biometric input captured by the biometric input system by an application on the lockable computer;
  
  configuring the secure element to compare the biometric input to the biometric verification data to determine a match and provide an unlock instruction to the lockable computer in response to determining the match;
  
  configuring the lockable computer to unlock in response to receiving the unlock instruction; and
  
  configuring the lockable computer to provide access to an operating system in response to unlocking.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable medium of claim 15, wherein the tunnel circuitry is FIPS 140-2 level 3 compliant.
  - 17. The non-transitory computer readable medium of claim 15, wherein the operations further comprise:
    - configuring the tunnel circuitry to encrypt the biometric input.
  - 18. The non-transitory computer readable medium of claim 15, wherein the operations further comprise:
    - configuring a communication system in the lockable computer to communicate information over a network subsequent to the unlocking of the lockable computer.
  - 19. The non-transitory computer readable medium of claim 15, wherein the operations further comprise:
    - configuring the secure element to generate a certificate and provide the certificate to the lockable computer as part of the unlock instruction.
  - 20. The non-transitory computer readable medium of claim 15, wherein the secure element is a first secure element, and wherein the operations further comprise:
    - configuring a second secure element in the lockable computer to provide access to the application included on the second secure element in response to the unlocking of the lockable computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Mardikar, Upendra S., Duprat, Eric
Primary Examiner(s)
Shaawat, Mussa A
Assistant Examiner(s)
KERRIGAN, MICHAEL V

Application Number

US14/529,692
Publication Number

US 20150056957A1
Time in Patent Office

1,159 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/1085   involving automatic teller ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/204   comprising interface for re...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3227   using secure elements embed...

G06Q 20/3265   characterised by personalis...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40145   Biometric identity checks

G06Q 40/00   Finance; Insurance; Tax str...

G07C 9/257   electronically G07C9/26 tak...

G07F 7/0826   Embedded security module

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0823 : using certificates cryptogr...

H04L 63/0861 : using biometrical features,...

H04L 9/3231 : Biological data, e.g. finge...

H04W 12/069 : using certificates or pre-s...

H04W 4/80 : Services using short range ...

View All

Biometric authentication of mobile financial transactions by trusted service managers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Biometric authentication of mobile financial transactions by trusted service managers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others