Access control through multifactor authentication with multimodal biometrics

US 10,042,993 B2
Filed: 06/23/2015
Issued: 08/07/2018
Est. Priority Date: 11/02/2010
Status: Active Grant

First Claim

Patent Images

1. A method for transaction authentication involving a user of a computing device owned or possessed by the user, the method comprising:

a) storing at least one device identifier for the computing device owned or possessed by the user;

b) storing a fact known by the user;

c) storing biometric data of the user; and

d) authenticating the user for a transaction involving the computing device owned or possessed by the user by;

i) determining that at least one device identifier of the computing device owned or possessed by the user corresponds to the at least one device identifier stored in a);

ii) determining that the user exhibits knowledge of the fact stored in b);

iii) determining that the user satisfies at least one biometric challenge based upon the biometric data stored in c); and

iv) determining that the user satisfies at least one liveness challenge which involves

1) presenting a random prompt or question to the user where the random prompt or question is organized such that it can be answered by a live person and not by a machine and

2) recognizing a valid response generated by a live person in response to a random prompt or question.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided in which a person may use a Cellular (Mobile) Telephone, a PDA or any other handheld computer to make a purchase. This is an example only. The process may entail any type of transaction which requires authentication, such as any financial transaction, any access control (to account information, etc.), and any physical access scenario such as doubling for a passport or an access key to a restricted area (office, vault, etc.). It may also be used to conduct remote transactions such as those conducted on the Internet (E-Commerce, account access, etc.). In the process, a multifactor authentication is used.

Citations

44 Claims

1. A method for transaction authentication involving a user of a computing device owned or possessed by the user, the method comprising:
- a) storing at least one device identifier for the computing device owned or possessed by the user;
  
  b) storing a fact known by the user;
  
  c) storing biometric data of the user; and
  
  d) authenticating the user for a transaction involving the computing device owned or possessed by the user by;
  
  i) determining that at least one device identifier of the computing device owned or possessed by the user corresponds to the at least one device identifier stored in a);
  
  ii) determining that the user exhibits knowledge of the fact stored in b);
  
  iii) determining that the user satisfies at least one biometric challenge based upon the biometric data stored in c); and
  
  iv) determining that the user satisfies at least one liveness challenge which involves
  
  1) presenting a random prompt or question to the user where the random prompt or question is organized such that it can be answered by a live person and not by a machine and
  
  2) recognizing a valid response generated by a live person in response to a random prompt or question.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 2. The method of claim 1, wherein:
    - the at least one biometric challenge of iii) comprises a multimodal biometric challenge.
  - 3. The method of claim 1, wherein:
    - the valid response of iv) befits the random question or prompt.
  - 4. The method of claim 3, wherein:
    - the at least one device identifier stored in a) is selected from the group consisting of a unique identifier (UUID), IP address, MAC address, subscriber identifier, caller ID, radio-frequency ID (RFID), near field communication (NFC) ID, Bluetooth ID, CPU information, OS information, and a random sequence.
  - 5. The method of claim 1, wherein:
    - the fact stored in b) comprises at least one of a passcode, a PIN, and a keyword or phrase.
  - 6. The method of claim 1, wherein:
    - the biometric data of the user stored in c) comprises a biometric model of the user, and the at least one biometric challenge of iii) involves obtaining at least one biometric test sample of the user and processing the at least one biometric test sample in conjunction with the stored biometric model of the user in order to determine whether the at least one biometric test sample matches the stored biometric model of the user.
  - 7. The method of claim 6, further comprising:
    - comparing the at least one biometric test sample of the user to the stored biometric model of the user in order to determine whether the at least one biometric test sample matches the stored biometric model of the user.
  - 8. The method of claim 6, further comprising:
    - using the at least one biometric test sample of the user to derive a test biometric model, andcomparing the test biometric model to the stored biometric model of the user in order to determine whether the at least one biometric test sample matches the stored biometric model of the user.
  - 9. The method of claim 6, wherein:
    - the at least one biometric test sample of the user is also used as part of the determining of ii) and/or the determining of iv).
  - 10. The method of claim 6, wherein:
    - the biometric test sample of the user and the stored biometric model of the user involves at least one of speaker recognition, image-based or audio-based ear recognition, face recognition, fingerprint recognition, palm recognition, hand-geometry recognition, iris recognition, retinal scan, thermographic image recognition, vein recognition, signature verification, keystroke dynamics recognition, and brain wave recognition using a brain-computer interface (BCI).
  - 11. The method of claim 6, further comprising:
    - comparing distance between the at least one biometric test sample and the biometric model of the user with distance between the at least one biometric test sample and at least one competing model in order to determine whether the at least one biometric test sample matches the stored biometric model of the user.
  - 12. The method of claim 11, wherein:
    - the least one competing model comprises a plurality of biometric models of user clusters.
  - 13. The method of claim 1, wherein:
    - the valid response of iv) comprises at least one of I) an answer that befits a random question, II) speech uttered by reading a displayed random prompt, III) a facial gesture, IV) a hand gesture or handwriting that befits a random prompt, v) non-speech audio or body response (such as whistling, tapping, clapping, gait or pose) that befits a random prompt, and VI) brainwave activity that befits a random prompt.
  - 14. The method of claim 1, wherein:
    - the computing device is one of a mobile computing device and a stationary computing device.
  - 15. The method of claim 1, further comprising:
    - selectively processing the transaction of d) based on the results of the determinations of i), ii), iii) and iv).
  - 16. The method of claim 15, further comprising:
    - generating a plurality of scores for two or more of the determination of i), ii), iii) and iv);
      
      combining the plurality of scores to derive a resultant score; and
      
      comparing the resultant score to a threshold in order to authenticate the user and selectively process the transaction.
  - 17. The method of claim 15, further comprising:
    - employing the determinations of i), ii), iii) and iv) for a number of users in series in order to authenticate the number of users and selectively process the transaction for the number of users.
  - 18. The method of claim 15, wherein:
    - the processing of the transaction involves granting at least one user access to a physical location.
  - 19. The method of claim 18, wherein:
    - granting the at least one user access to a physical location includes unlocking a door.
  - 20. The method of claim 15, wherein:
    - the processing of the transaction involves granting at least one user access to data and/or applications stored locally on the computing device or data and/or applications stored remotely from the computing device.
  - 21. The method of claim 20, wherein:
    - the processing of the transaction involves granting at least one user access to data and/or applications stored locally on the computing device that includes personal records of the user stored on the computing device.
  - 22. The method of claim 21, wherein:
    - the personal records of the user include data selected from personal health data of the user and personal financial data of the user.
  - 23. The method of claim 20, wherein:
    - the processing of the transaction involves granting at least one user access to data and/or applications stored locally on the computing device that includes digital cash of the user stored on the computing device.
  - 24. The method of claim 20, wherein:
    - the processing of the transaction involves granting at least one user access to data and/or applications stored remotely from the computing device for remote home automation control.
  - 25. The method of claim 1, wherein:
    - the determinations of i)-iv) employ software stored on the computing device and at least the determination of iii) involves at least one biometric model of the user stored in encrypted form on the computing device in c), wherein authenticity of at least one of the software stored on the computing device and the at least one biometric model is verified through exchange of information with a certificate authority.
  - 26. The method of claim 25, wherein the verification of authenticity of at least one of the software stored on the computing device and the at least one biometric model involves:
    - (A) at the computing device, utilizing a predetermined hash function to generate at least one hash value Y_iand encrypting the at least one hash value Y_ito generate a corresponding at least one encrypted hash value Z_ifor communication to at least one certificate authority;
      
      (B) at the at least one certificate authority, decrypting the at least one encrypted hash value Z_ito reconstruct said at least one hash value Y_iand encrypting the at least one reconstructed hash value Y_ito generate a corresponding at least one encrypted hash value A_ifor persistent storage at the at least one certificate authority and communication back to the computing device; and
      
      (C) at the computing device, performing a validation that(1) decrypts the at least one encrypted hash value A_icommunicated from the at least one certificate authority to derive a corresponding at least one hash value Y_i^CA(2) utilizes the predetermined hash function to generate at least one hash value Y_i, and(3) compares the at least one hash values Y_i^CAderived in (C)(1) and the corresponding at least one hash value Y_iderived in (C)(2) to determine if said hash values match one another.
  - 27. The method of claim 26, wherein:
    - the at least one hash value Y1 generated by the computing device in (A) and (C)(2) are based on the software stored on the computing device, the at least one biometric model, or both.
  - 28. The method of claim 26, wherein:
    - the user and the computing device are assigned a first public key and private key pair (P_PDA, R_PDA) for use in conjunction with registration with the at least one certificate authority;
      
      the computing device uses the private key R_PDAto generate the at least one encrypted hash value Z_iin (A); and
      
      the at least one certificate authority uses the public key P_PDAto decrypt the at least one encrypted hash value Z_ito reconstruct said at least one hash value Y_iin (B).
  - 29. The method of claim 28, wherein:
    - a respective certificate authority is assigned a respective second public key and private key pair (P_CA, R_CA) for use in conjunction with registration with the user and the computing device;
      
      the respective certificate authority uses the private key R_CAto generate the at least one encrypted hash value A_iin (B); and
      
      the computing device uses the public key P_CAto decrypt the at least one encrypted hash value A_ito reconstruct said at least one hash value Y_iin (C).
  - 30. The method of claim 26, wherein:
    - the at least one hash value Y_icomprises a plurality of hash values;
      
      the at least one encrypted hash value Z_icomprises a plurality of encrypted hash values;
      
      the at least one encrypted hash value A_icomprises a plurality of encrypted hash values; and
      
      the operations of (B) are carried out over a plurality of certificate authorities that decrypt the plurality of encrypted hash values Z_i.
  - 31. The method of claim 30, wherein:
    - the operations of (B) generate the plurality of encrypted hash values A_iin a serial order over the plurality of certificate authorities; and
      
      the operations of (C)(1) decrypt the plurality of encrypted hash values A_iin a reverse serial order with respect to the serial order.
  - 32. The method of claim 31, wherein:
    - the operations of (B) generate the plurality of encrypted hash values A_iin a parallel manner over the plurality of certificate authorities; and
      
      the operations of (C)(1) decrypt the plurality of encrypted hash values A_iin a parallel manner.
  - 33. The method of claim 30, wherein:
    - the plurality of encrypted hash values A_iis persistently stored in a distributed manner over a plurality of network storage locations.
  - 34. The method of claim 33, wherein:
    - the plurality of network storage locations is maintained by the plurality of certificate authorities.
  - 35. The method of claim 1, further comprising:
    - obtaining at least one biometric test sample of the user, andusing the at least one biometric test sample of the user as part of the determining of ii) and the determining of iii).
  - 36. The method of claim 1, further comprising:
    - obtaining at least one biometric test sample of the user, andusing the at least one biometric test sample of the user as part of the determining of iii) and the determining of iv).

37. A method of controlling access to a physical location by operation of a computing device by a user whose execution provides a physical access control interface, the method comprising:
- a) storing a fact known by the user;
  
  b) storing biometric data of the user; and
  
  c) configuring the physical access control interface to selectively grant access to the physical location based on a number of operations, includingi) determining that the user exhibits knowledge of the fact stored in a);
  
  ii) determining that the user satisfies at least one biometric challenge based upon the biometric data stored in b); and
  
  iii) determining that the user satisfies at least one liveness challenge which involves
  
  1) presenting a random prompt or question to the user where the random prompt or question is organized such that it can be answered by a live person and not by a machine and
  
  2) recognizing a valid response generated by a live person in response to a random prompt or question.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The method of claim 37, further comprising:
    - determining whether the user of the physical access control interface belongs to a class of enrolled users that is permitted access to a physical location.
  - 39. The method of claim 37, wherein:
    - the at least one biometric challenge of ii) comprises a multimodal biometric challenge.
  - 40. The method of claim 37, wherein:
    - selectively granting access to the physical location involves unlocking a door.
  - 41. The method of claim 37, further comprising:
    - employing the determinations of i), ii), and iii) for a number of users in series in order to authenticate the number of users and selectively grant access to the physical location for the number of users.

42. A method of controlling access to personal health data of a user stored on a computing device, the method comprising:
- a) storing a fact known by the user;
  
  b) storing biometric data of the user; and
  
  c) selectively granting access to the personal health data stored on the computing device based on a number of operations, includingi) determining that the user exhibits knowledge of the fact stored in a);
  
  ii) determining that the user satisfies at least one biometric challenge based upon the biometric data stored in b); and
  
  iii) determining that the user satisfies at least one liveness challenge which involves
  
  1) presenting a random prompt or question to the user where the random prompt or question is organized such that it can be answered by a live person and not by a machine and
  
  2) recognizing a valid response generated by a live person in response to a random prompt or question.
- View Dependent Claims (43, 44)
- - 43. The method of claim 42, wherein:
    - the at least one biometric challenge of ii) comprises a multimodal biometric challenge.
  - 44. The method of claim 43, further comprising:
    - retrieving at least a portion of the personal health data stored on the computing device; and
      
      authorizing the release of the at least a portion of the personal health data stored on the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Homayoon Beigi
Original Assignee
Homayoon Beigi
Inventors
Beigi, Homayoon
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
KAPLAN, BENJAMIN A

Application Number

US14/747,211
Publication Number

US 20150347734A1
Time in Patent Office

1,141 Days
Field of Search

713155, 726 7, 726 28
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/6245   Protecting personal data, e...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3827   Use of message hashing

G06Q 20/409   Device specific authenticat...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0861   using biometrical features,...

H04L 9/006   involving public key infras...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04W 12/069   using certificates or pre-s...

Access control through multifactor authentication with multimodal biometrics

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Access control through multifactor authentication with multimodal biometrics

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links