System and method for authorizing access to access-controlled environments
First Claim
1. A method for securely coordinating access to an access-controlled environment for a user operating a user computing device executing a biometric authentication application for confirming the user'"'"'s identity as a function of a biometric of the user, the method comprising:
- receiving, by a trusted server from a user computing device, an application certificate that uniquely identifies a particular biometric authentication application executing on the user device, wherein the user computing device is the user'"'"'s personal mobile computing device;
verifying, by a trusted server, that the received application certificate is valid;
receiving, by the trusted server from the user computing device, a representation of the user'"'"'s identity and a representation of at least a component of the user computing device;
testing the representation of the user'"'"'s identity against a trusted set of user identification information to verify the user is authorized to access the access-controlled environment;
providing a unique identifier that is assigned for the user based on the representation of the user'"'"'s identity;
causing, by the trusted server during user enrollment, generation of a key pair comprising a private key and a corresponding public key, wherein the private key and the unique identifier is stored by the user device, and wherein the key-pair is generated as a function of verifying that the received application certificate is valid and establishing the user'"'"'s identity as a function of biometrics using the biometric authentication application,storing, by the trusted server in a storage medium, the public key in association with the assigned unique identifier thereby creating a registered instance of a user identity, wherein the identity instance is created as a function of verifying the application certificate, verifying the user identity and generation of the key pair,receiving, by the trusted server subsequent to creating the identity instance for the user, a request to access an access-controlled environment (ACE);
capturing, from the user, by the user device using an associated biometric capture device, a current biometric representation of the user'"'"'s biometric features;
confirming, by the user device using the biometric authentication application, that the current biometric representation captured by the user device matches a registered biometric representation of the user previously stored by the user device in a local storage medium;
receiving, by the trusted server from the user device, a communication including;
information asserting an identity of one or more of the user and the user device, a representation of the private key and the communication providing an indication that the user'"'"'s identity has been confirmed by the user device executing the biometric authentication application as a function of biometrics;
identifying, by the trusted server based on the identification information, the user instance;
verifying, by the trusted server based on the public key associated with the identified user instance, that the representation of the private key corresponds to the public key;
determining, by the trusted server based on the step of verifying using the public key, that the identity of the user has been confirmed by the user device executing the biometric authentication application as a function of biometrics;
based on the identifying, verifying and determining steps and the received access-control information, facilitating the user access to the access-controlled environment using the trusted server in conjunction with one or more remote computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for authorizing a user to access an access-controlled environment. The system includes a system server platform that communicates with fixed PC'"'"'s, servers and mobile devices (e.g., smartphones) operated by users. The systems and methods described herein enable a series of operations whereby a user attempting to access an access-controlled environment is prompted to biometrically authenticate using the user'"'"'s preregistered mobile device. Biometric authentication can include capturing images of the user'"'"'s biometric features, encoding the features as a biometric identifier, comparing the biometric identifier to a previously generated biometric identifier and determining liveness. In addition, the authentication system can further authorize the user and electronically grant access to the access-controlled environment. In this manner the secure authentication system can, based on biometric authentication, authorize a user'"'"'s access to devices, online services, physical locations or any networked environment that require user authorization.
-
Citations
19 Claims
-
1. A method for securely coordinating access to an access-controlled environment for a user operating a user computing device executing a biometric authentication application for confirming the user'"'"'s identity as a function of a biometric of the user, the method comprising:
-
receiving, by a trusted server from a user computing device, an application certificate that uniquely identifies a particular biometric authentication application executing on the user device, wherein the user computing device is the user'"'"'s personal mobile computing device; verifying, by a trusted server, that the received application certificate is valid; receiving, by the trusted server from the user computing device, a representation of the user'"'"'s identity and a representation of at least a component of the user computing device; testing the representation of the user'"'"'s identity against a trusted set of user identification information to verify the user is authorized to access the access-controlled environment; providing a unique identifier that is assigned for the user based on the representation of the user'"'"'s identity; causing, by the trusted server during user enrollment, generation of a key pair comprising a private key and a corresponding public key, wherein the private key and the unique identifier is stored by the user device, and wherein the key-pair is generated as a function of verifying that the received application certificate is valid and establishing the user'"'"'s identity as a function of biometrics using the biometric authentication application, storing, by the trusted server in a storage medium, the public key in association with the assigned unique identifier thereby creating a registered instance of a user identity, wherein the identity instance is created as a function of verifying the application certificate, verifying the user identity and generation of the key pair, receiving, by the trusted server subsequent to creating the identity instance for the user, a request to access an access-controlled environment (ACE); capturing, from the user, by the user device using an associated biometric capture device, a current biometric representation of the user'"'"'s biometric features; confirming, by the user device using the biometric authentication application, that the current biometric representation captured by the user device matches a registered biometric representation of the user previously stored by the user device in a local storage medium; receiving, by the trusted server from the user device, a communication including;
information asserting an identity of one or more of the user and the user device, a representation of the private key and the communication providing an indication that the user'"'"'s identity has been confirmed by the user device executing the biometric authentication application as a function of biometrics;identifying, by the trusted server based on the identification information, the user instance; verifying, by the trusted server based on the public key associated with the identified user instance, that the representation of the private key corresponds to the public key; determining, by the trusted server based on the step of verifying using the public key, that the identity of the user has been confirmed by the user device executing the biometric authentication application as a function of biometrics; based on the identifying, verifying and determining steps and the received access-control information, facilitating the user access to the access-controlled environment using the trusted server in conjunction with one or more remote computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for securely coordinating a user'"'"'s access to an access-controlled environment using a user computing device executing a biometric authentication application for confirming the user'"'"'s identity as a function of a biometric of the user and using a remote server computing device, the method comprising:
-
providing, at a user computing device having a processor that is configured by executing instructions in the form of one or more software modules including a biometric authentication application stored in a storage medium of the user device, user identification information, wherein the user identification information includes at least one of;
information identifying the user, information identifying a component of the user device, information identifying an access account used by the user to access the access-controlled environment, and wherein the user device is the user'"'"'s personal mobile computing device;verifying the identity of the user based on the user identification information, wherein verification is performed using the mobile device in conjunction with a trusted server device in communication with the mobile device over a network and having access to stored user identification information; registering, by the user device executing the biometric authentication application, a representation of the user'"'"'s biometric features that is useable to authenticate the user identity as a function of biometrics locally at the mobile device, and wherein registering the biometric representation of the user identity comprises; capturing, with the processor executing the biometric authentication application, the representation of the biometrics of the user, generating, with the processor executing the biometric authentication application, a biometric template for the user identity, and storing, by the processor in the storage medium, the biometric template; transmitting, with the user device over a network to a trusted server, a certificate asserting the authenticity of the biometric authentication application executing on the user device, and wherein the certificate is provided for verification by the trusted server, causing, by the user device, the enrollment of a user account with the trusted server, wherein enrollment includes; generating a unique identifier associated with the user account being enrolled with the trusted server and stored in a database, generating a cryptographic key-pair comprising a private key and public key, wherein the key-pair is generated specifically for the user account as a function of verification of the certificate by the trusted server, and verification of the user identity as a function of the user identification information, storing, by the user device in the storage medium, the private key in association with the unique identifier identifying the user account, and storing the public key by the trusted server in the database, wherein the public key is stored by the trusted server in association with the unique identifier; capturing, from the user, by the user device using an associated biometric capture device, a current biometric representation of the user'"'"'s biometric features; determining, by the user device using the biometric authentication application, that the current biometric representation captured by the user device matches the registered biometric representation for the user identity associated with the enrolled user account and stored in the storage medium of the user device; transmitting, by user device to the trusted server, a request to access the access controlled environment, the request including a user identifier and a representation of the private key asserting the user identity and providing confirmation that the user identity associated with the user account has been confirmed using the biometric authentication application as a function of biometrics; authorizing the user, by the trusted server based on the received request, wherein the authorizing step comprises; retrieving, by the trusted server from the database, the public key associated with the received user identifier, verifying, by the trusted server, that the representation of the private key corresponds to the public key, and determining, by the trusted server based on the step of verifying using the public key, that the identity of the user has been confirmed by the user device executing the biometric authentication application as a function of biometrics; and receiving, by the processor from the trusted server, a notification that the user has been authorized to access the access controlled environment by the trusted server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification