Two-level authentication for secure transactions

US 9,990,628 B2
Filed: 04/05/2013
Issued: 06/05/2018
Est. Priority Date: 11/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a biometric reader, a biometric input, a personal digital key (PDK) comprising the biometric reader;

generating, at the PDK, biometric data based on the biometric input;

retrieving, from a secured memory element of the PDK, a biometric profile sample comprising biometric information, wherein the biometric profile sample is associated with a biometric profile associated with an individual;

comparing, at the PDK, the information of the biometric profile sample to the biometric data based on the biometric input;

subsequent to a determination of a match between the biometric data based on the biometric input and the biometric profile sample, retrieving, from the secured memory element of the PDK, the biometric profile associated with the individual;

comparing, at the PDK, the biometric data based on the biometric input to the biometric profile;

transmitting, by the PDK via radio, purchasing means information associated with the PDK, the purchasing means information used by a first remote registry administered by a trusted third-party organization in a first validation, the first validation subsequent to determining that the biometric data based on the biometric input matches the biometric profile,wherein a transaction with a merchant is authorized based on the first validation using the purchasing means information associated with the PDK and wirelessly transmitted subsequent to the comparison between the biometric profile and the biometric data based on the biometric input.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide efficient, secure, and highly reliable authentication for transaction processing and/or access control applications. A Personal Digital Key stores one or more profiles (e.g., a biometric profile) in a tamper-proof memory that is acquired in a secure trusted process. Biometric profiles comprise a representation of physical or behavioral characteristics that are uniquely associated with an individual that owns and carries the PDK. The PDK wirelessly transmits the biometric profile over a secure wireless transaction to a Reader for use in a biometric authentication process. The Reader compares the received biometric profile to a biometric input acquired at the point of transaction in order to determine if the transaction should be authorized.

228 Citations

20 Claims

1. A method comprising:
- receiving, at a biometric reader, a biometric input, a personal digital key (PDK) comprising the biometric reader;
  
  generating, at the PDK, biometric data based on the biometric input;
  
  retrieving, from a secured memory element of the PDK, a biometric profile sample comprising biometric information, wherein the biometric profile sample is associated with a biometric profile associated with an individual;
  
  comparing, at the PDK, the information of the biometric profile sample to the biometric data based on the biometric input;
  
  subsequent to a determination of a match between the biometric data based on the biometric input and the biometric profile sample, retrieving, from the secured memory element of the PDK, the biometric profile associated with the individual;
  
  comparing, at the PDK, the biometric data based on the biometric input to the biometric profile;
  
  transmitting, by the PDK via radio, purchasing means information associated with the PDK, the purchasing means information used by a first remote registry administered by a trusted third-party organization in a first validation, the first validation subsequent to determining that the biometric data based on the biometric input matches the biometric profile,wherein a transaction with a merchant is authorized based on the first validation using the purchasing means information associated with the PDK and wirelessly transmitted subsequent to the comparison between the biometric profile and the biometric data based on the biometric input.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 further comprising:
    - establishing a secure communication channel with a second remote registry,wherein a PDK identifier is transmitted to the second remote registry using the secure communication channel,wherein a second validation is performed prior to comparing the information of the biometric sample to the biometric data and performed by the second remote registry, the second validation indicating whether the second remote registry determined the PDK is valid or invalid, andwherein the second remote registry includes a database administered by a trusted third-party organization and the PDK identifier is registered with the second remote registry.
  - 3. The method of claim 1, wherein the biometric input comprises a representation of physical or behavioral characteristics derived from the individual.
  - 4. The method of claim 1, wherein the biometric input comprises at least one of a fingerprint scan, a retinal scan, an iris scan, a facial scan, a palm scan, a DNA analysis, a signature analysis, and a voice analysis.
  - 5. The method of claim 2, wherein the PDK identifier is transmitted subsequent to the PDK entering a proximity zone.
  - 6. The method of claim 2, wherein the second validation of the PDK identifier comprises performing a challenge-response authentication to verify the PDK is valid, wherein the PDK further verifies validity of an external device.
  - 7. The method of claim 1, further comprises:
    - determining profile types available to the PDK;
      
      comparing the available profile types to profile types used to authorize the transaction.
  - 8. The method of claim 1, further comprising one or more of displaying a representation of a purchasing means associated with the purchasing means information to a user, and allowing the user to select the purchasing means for the transaction from a plurality of purchasing means.
  - 9. The method of claim 1, wherein purchasing means information is stored by the PDK and is associated with a funding source to be used to complete the transaction, wherein the transaction is a purchase.
  - 10. The method of claim 1, further comprising:
    - receiving a picture profile from the PDK comprising an image of the individual;
      
      verifying an identity of the individual based on the picture profile, the determination whether a transaction should be authorized based in part on the verification based on the picture profile.
  - 11. The method of claim 1, further comprising:
    - acquiring a personal identification number from the individual;
      
      receiving a PIN profile from the PDK; and
      
      determining if the acquired personal identification number matches the received PIN profile.
  - 12. The method of claim 1, wherein generating the biometric data based on the biometric input comprises:
    - computing a representation of the biometric input based on a mathematical hash of the biometric input.
  - 13. The method of claim 1, wherein the PDK is integrated into one of a cell phone, a Personal Digital Assistant (PDA), an employee identification tag, clothing and jewelry.
  - 14. The method of claim 1, the method further comprising:
    - authorizing the transaction at an external device based on the determination.
  - 15. The method of claim 1, wherein the secured memory element is tamper-resistant, the method further comprising writing the biometric profile to the tamper-resistant memory during a one time trusted initialization process.

16. An apparatus comprising:
- a biometric reader adapted to receive a biometric input and generate biometric data based on the biometric input;
  
  a secured memory element storing purchasing means information associated with a PDK, the purchasing means information used by a first remote registry administered by a trusted third-party organization in a first validation, a biometric profile sample comprising biometric information, wherein the biometric profile sample is associated with a biometric profile associated with an individual, and the biometric profile associated with the individual;
  
  a processor coupled to the secured memory element and the biometric reader, the processor adapted to compare the biometric profile sample to the biometric data based on the biometric input and determine that the biometric profile sample matches the biometric data based on the biometric input, and subsequent to a determination of a match between the biometric data based on the biometric input and the biometric profile sample, to compare the biometric data based on the biometric input to the biometric profile associated with the individual; and
  
  a radio communication interface coupled to the processor and to the secured memory element, the radio communication interface adapted to establish a secure communication channel, the radio communication interface adapted to transmit the purchasing means information associated with the PDK using the secure communication channel, wherein a transaction with a merchant is authorized based on the first validation of the purchasing means information associated with PDK and wirelessly transmitted, via radio, subsequent to the comparison between the biometric profile and the biometric data based on the biometric input.
- View Dependent Claims (17, 18, 19)
- - 17. The apparatus of claim 16, wherein the secure communication channel is to a second remote registry with which a PDK identifier is registered, the PDK identifier is transmitted to the second remote registry for validation.
  - 18. The apparatus of claim 16, wherein the apparatus is a cell phone.
  - 19. The apparatus of claim 16, wherein the apparatus is a watch.

20. A method comprising:
- receiving, from a personal digital key (PDK) comprising a biometric reader, purchasing means information at a first remote registry administered by a trusted third-party organization, the purchasing means information received subsequent to the PDK determining that biometric data based on a biometric input received by the biometric reader matches a biometric profile comprising biometric information stored in a secured memory element of the PDK, wherein the biometric information is associated with an individual, and wherein the biometric data based on the biometric input is compared to the biometric profile subsequent to a determination of a match between the biometric data based on the biometric input and a biometric profile sample stored in the secured memory element;
  
  validating, at the first remote registry administered by the trusted third-party organization, the purchasing means information; and
  
  authorizing a transaction based on the validation of the purchasing means information received subsequent to the match between the biometric data based on the biometric input and the biometric profile stored in a secure element of the PDK, wherein the match between the biometric data based on the biometric input and the biometric profile stored in the secure element of the PDK determined subsequent to the determination of the match between the biometric data based on the biometric input and the biometric profile sample stored in the secured memory element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proxense, LLC
Original Assignee
Proxense, LLC
Inventors
Giobbi, John J.
Primary Examiner(s)
Williams, Jeffery

Application Number

US13/857,905
Publication Number

US 20130297514A1
Time in Patent Office

1,887 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 2221/2115   Third party

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G07C 2209/12   Comprising means for protec...

G07C 9/257   electronically G07C9/26 tak...

G07C 9/26   using a biometric sensor in...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0861   using biometrical features,...

H04L 9/0866   involving user or device id...

H04L 9/3231   Biological data, e.g. finge...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

Two-level authentication for secure transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

228 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Two-level authentication for secure transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

228 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links