User authenticating system and method using one-time fingerprint template

US 20030152254A1
Filed: 01/17/2003
Published: 08/14/2003
Est. Priority Date: 11/01/2000
Status: Active Grant

First Claim

Patent Images

1. A user authenticating system including a user'"'"'s PC which is a client desiring a user authentication, and an authenticating server for performing authentication in accordance with a request for authentication by the user transferred from the client through connection between the client and a network, characterized in that the client comprises:

a communication interface means for communicating with the authenticating server;

a fingerprint input means for reading-in the user'"'"'s fingerprint to obtain authentication from the authenticating server;

a fingerprint feature data extracting means for extracting fingerprint feature data from an inputted fingerprint;

an OTT key request means for requesting the authenticating server a transfer of a one-time template (OTT) key;

an OTT key receiving means for receiving the OTT key transferred from the authenticating server;

an OTT generation means for generating an OTT by combining the received OTT key with the fingerprint feature data; and

an OTT encrypting means for encrypting the OTT in a predetermined manner, and the authenticating server comprises;

a communication interface for communicating with the authenticating server;

an OTT generation means for generating an OTT key upon request of the OTT key from the client;

an OTT key storing means for storing the generated OTT key;

an OTT key transfer means for transmitting the generated OTT key to the client;

an OTT receiving means for receiving the encrypted OTT transferred from the client;

an OTT decrypting means for restoring the original OTT by decrypting the encrypted and received OTT;

an OTT key extracting means for extracting an OTT key from the restored OTT;

an OTT key validity determination means for determining validity of the OTT key by comparing the OTT key stored in the OTT storing means and the OTT key extracted by the OTT key extracting means;

a fingerprint authentication means for authenticating an access of the user based on the fingerprint thereof by comparing registered fingerprint feature data with the inputted fingerprint feature data, if the OTT key is determined to be valid, and refusing authentication if the OTT key is determined to be invalid or the fingerprint feature data do not coincide with each other as a result of comparison; and

an OTT key deletion means for deleting the OTT key used for determining validity of the OTT key upon completion of the authenticating process by the fingerprint authentication means so that another OTT key newly generated by the OTT generation means can be used for a next user authentication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to a user authenticating system and a method using aone-time fingerprint template. The system and the method according to the invention are improvements of the conventional user authentication based on the manner of comparing the fingerprint feature data only, for the purpose of preventing a false authentication by misusing fingerprint feature data, if exposed in the course of transfer thereof. In the system and the method according to the invention, fingerprint feature data of a user are combined with an OTT key transferred from a server. The combined result is encoded and transferred to an authenticating server. The authenticating server then confirms validity of the OTT key and authenticates the user based on the fingerprint. Thus, the present invention has an advantage of preventing a false authentication through hacking, etc., even if the OTT key is exposed to a network, because the OTT key is used only once for authentication.

Citations

22 Claims

1. A user authenticating system including a user'"'"'s PC which is a client desiring a user authentication, and an authenticating server for performing authentication in accordance with a request for authentication by the user transferred from the client through connection between the client and a network, characterized in that the client comprises:
- a communication interface means for communicating with the authenticating server;
  
  a fingerprint input means for reading-in the user'"'"'s fingerprint to obtain authentication from the authenticating server;
  
  a fingerprint feature data extracting means for extracting fingerprint feature data from an inputted fingerprint;
  
  an OTT key request means for requesting the authenticating server a transfer of a one-time template (OTT) key;
  
  an OTT key receiving means for receiving the OTT key transferred from the authenticating server;
  
  an OTT generation means for generating an OTT by combining the received OTT key with the fingerprint feature data; and
  
  an OTT encrypting means for encrypting the OTT in a predetermined manner, and the authenticating server comprises;
  
  a communication interface for communicating with the authenticating server;
  
  an OTT generation means for generating an OTT key upon request of the OTT key from the client;
  
  an OTT key storing means for storing the generated OTT key;
  
  an OTT key transfer means for transmitting the generated OTT key to the client;
  
  an OTT receiving means for receiving the encrypted OTT transferred from the client;
  
  an OTT decrypting means for restoring the original OTT by decrypting the encrypted and received OTT;
  
  an OTT key extracting means for extracting an OTT key from the restored OTT;
  
  an OTT key validity determination means for determining validity of the OTT key by comparing the OTT key stored in the OTT storing means and the OTT key extracted by the OTT key extracting means;
  
  a fingerprint authentication means for authenticating an access of the user based on the fingerprint thereof by comparing registered fingerprint feature data with the inputted fingerprint feature data, if the OTT key is determined to be valid, and refusing authentication if the OTT key is determined to be invalid or the fingerprint feature data do not coincide with each other as a result of comparison; and
  
  an OTT key deletion means for deleting the OTT key used for determining validity of the OTT key upon completion of the authenticating process by the fingerprint authentication means so that another OTT key newly generated by the OTT generation means can be used for a next user authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The user authenticating system of claim 1, wherein the OTT key comprises indices representing serial numbers, and a GUID appended to each index in a predetermined length to represent a random value.
  - 3. The user authenticating system of claim 1 or 2, wherein the request for the OTT key by the OTT key request means of the client and the transfer of the OTT key by the OTT key transfer means of the authenticating server are performed by HTTP.
  - 4. The user authenticating system of claim 1 or 2, wherein the OTT encrypting means of the client performs encrypting by using a public key, and the OTT decrypting means of the authenticating server performs decrypting by using a private key.
  - 5. The user authenticating system of claim 1 or 2, wherein the OTT encrypting means of the client and the OTT decrypting means of the authenticating server perform encrypting or decrypting by using a symmetrical key.
  - 6. A user authenticating method used in a system of claim 1 or 2, comprising the steps of:
    - extracting fingerprint feature data from the user'"'"'s fingerprint data inputted to the fingerprint input means of the client through the fingerprint feature data extracting means;
      
      requesting the authenticating server a transfer of the OTT key through the OTT request means of the client;
      
      generating and storing an OTT key through the OTT key generation means of the authenticating server;
      
      transmitting the OTT Key to the client through the OTT key transfer means of the authenticating server;
      
      generating an OTT by combining the OTT key with the fingerprint feature data received from the OTT receiving means of the client through the OTT generation means;
      
      requesting the authenticating server an authentication by transmitting the OTT encrypted by the OTT encrypting means of the client to the authenticating server;
      
      restoring the original OTT by receiving the OTT encrypted by the OTT receiving means of the authenticating server, and decrypting the same through the OTT decrypting means;
      
      extracting an OTT key through the OTT key extracting means of the authenticating server;
      
      determining validity of the OTT key by comparing the extracted OTT key with the OTT key stored in the OTT key storing means;
      
      authenticating the fingerprint by determining the coincidence of the fingerprints if the OTT key determined to be valid; and
      
      deleting the OTT key used for the authentication so that another OTT key newly generated in the OTT key generating step can be used for a next user authentication.
  - 7. The user authenticating method of claim 6, wherein the OTT key comprises indices representing serial numbers, and a GUID appended to each index in a predetermined length to represent a random value.
  - 8. The user authenticating method of claim 6 or 7, wherein the step of requesting the OTT key by the OTT key request means of the client and the step of transmitting the OTT key by the OTT key transfer means of the authenticating server are performed by HTTP.
  - 9. The user authenticating method of claim 6 or 7, wherein the encrypting of the OTT by the client is performed by using a public key, and the decrypting of the OTT by the authenticating server is performed by using a private key.
  - 10. The user authenticating method of claim 6 or 7, wherein the encrypting of the OTT by the client and the decrypting of the OTT by the authenticating server are performed by using a symmetrical key.

11. A user authenticating system including a web server for providing web services, a user'"'"'s PC, which is a client desiring a user authentication, for access to the web server through network, and an authenticating server for performing authentication upon request thereof by the user transferred from the client through the web server through connection to the web server, characterized in that the client comprises:
- a communication interface for communication with the client;
  
  a fingerprint input means for reading-in a user'"'"'s fingerprint for obtaining authentication from the authenticating server;
  
  a fingerprint feature data extracting means for extracting fingerprint feature data from the inputted fingerprint;
  
  an OTT key request means for requesting the authenticating server a transfer of a one-time template (OTT) key;
  
  an OTT key receiving means for receiving the OTT key transferred from the authenticating server;
  
  an OTT generation means for generating an OTT by combining the received OTT key with the fingerprint feature data; and
  
  an OTT encrypting means for encrypting the OTT in a predetermined manner, and the web server, which provides a web page to be actually used by the user, comprises;
  
  a first communication interface for communication with the authenticating server;
  
  a second communication interface for communication with the authenticating server;
  
  a data interchange means for interchanging data between the client and the authenticating server; and
  
  an authentication result receiving means for receiving an authentication result transferred from the authenticating server, and transmitting the web page to the client, whereas the authenticating server comprises;
  
  a communication interface for communicating with the web server;
  
  an OTT generation means for generating an OTT key upon request of the OTT key from the client;
  
  an OTT key storing means for storing the generated OTT key;
  
  an OTT key transfer means for transmitting the generated OTT key to the client;
  
  an OTT receiving means for receiving the encrypted OTT transferred from the client;
  
  an OTT decrypting means for restoring the original OTT by decrypting the encrypted and received OTT;
  
  an OTT key extracting means for extracting an OTT key from the restored OTT;
  
  an OTT key validity determination means for determining validity of the OTT key by comparing the OTT key stored in the OTT storing means and the OTT key extracted by the OTT key extracting means;
  
  a fingerprint authentication means for authenticating an access of the user based on the fingerprint thereof by comparing registered fingerprint feature data with the inputted fingerprint feature data, if the OTT key is determined to be valid, and refusing authentication if the OTT key is determined to be invalid or the fingerprint feature data do not coincide with each other as a result of comparison; and
  
  an OTT key deletion means for deleting the OTT key used for determining validity of the OTT key upon completion of the authenticating process by the fingerprint authentication means so that another OTT key newly generated by the OTT generation means can be used for a next user authentication, whereby the authentication result receiving means provides the web page to the client upon receipt of the authentication allowing result through the web server transferred from the fingerprint authenticating means of the authenticating server, and denies the user'"'"'s log-in upon receipt of the authentication refusing result through the web server transferred from the fingerprint authenticating means of the authenticating server.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. The user authenticating system of claim 11, wherein the OTT key comprises indices representing serial numbers, and a GUID appended to each index in a predetermined length to represent a random value.
  - 13. The user authenticating system of claim 11 or 12, wherein the request for the OTT key by the OTT key request means of the client and the transfer of the OTT key by the OTT key transfer means of the authenticating server are performed by HTTP.
  - 14. The user authenticating system of claim 11 or 12, wherein the OTT encrypting means of the client performs encrypting by using a public key, and the OTT decrypting means of the authenticating server performs decrypting by using a private key.
  - 15. The user authenticating system of claim 11 or 12, wherein the OTT encrypting means of the client and the OTT decrypting means of the authenticating server perform encrypting or decrypting by using a symmetrical key.
  - 16. The user authenticating system of claim 11 or 12, wherein the authentication is performed by a single authenticating server connected to a plurality of web servers.
  - 17. A user authenticating method used in the system of claim 11 or 12, comprising the steps of:
    - extracting fingerprint feature data from the user'"'"'s fingerprint data inputted to the fingerprint input means of the client through the fingerprint feature data extracting means;
      
      requesting the authenticating server a transfer of the OTT key through the OTT request means of the client;
      
      generating and storing an OTT key through the OTT key generation means of the authenticating server;
      
      transmitting the OTT key to the client through the OTT key transfer means of the authenticating server;
      
      generating an OTT by combining the OTT key with the fingerprint feature data received from the OTT receiving means of the client through the OTT generation means;
      
      requesting the authenticating server an authentication by transmitting the OTT encrypted by the OTT encrypting means of the client to the authenticating server;
      
      restoring the original OTT by receiving the OTT encrypted and transferred by the web server through the OTT receiving means, and by decrypting the same through the OTT decrypting means;
      
      extracting an OTT key through the OTT key extracting means of the authenticating server;
      
      determining validity of the OTT key by comparing the extracted OTT key with the OTT key stored in the OTT key storing means;
      
      allowing authentication of the fingerprint if the OTT key is determined to be valid, refusing authentication of the fingerprint if the OTT key is determined to be invalid, and transmitting the authentication result to the web server;
      
      providing the web page to the client upon receipt of the result allowing an authentication from the authenticating server, and refusing log-in of the user upon receipt of the result refusing the authentication from the authenticating server; and
      
      deleting the OTT key used for the authentication so that another OTT key newly generated in the OTT key generating step can be used for a next user authentication.
  - 18. The user authenticating method of claim 17, wherein the OTT key comprises indices representing serial numbers, and a GUID appended to each index in a predetermined length to represent a random value.
  - 19. The user authenticating system of claim 17 or 18, wherein the request for the OTT key by the OTT key request means of the client and the transfer of the OTT key by the OTT key transfer means of the authenticating server are performed by HTTP.
  - 20. The user authenticating system of claim 17 or 18, wherein the OTT encrypting means of the client performs encrypting by using a public key, and the OTT decrypting means of the authenticating server performs decrypting by using a private key.
  - 21. The user authenticating system of claim 17 or 18, wherein the OTT encrypting means of the client and the OTT decrypting means of the authenticating server perform encrypting or decrypting by using a symmetrical key.
  - 22. The user authenticating system of claim 17 or 18, wherein the authentication is performed by a single authenticating server connected to a plurality of web servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecuGen Corporation (Pivotec Corp.)
Original Assignee
SecuGen Corporation (Pivotec Corp.)
Inventors
Lee, Dong-Won, Chang, Woo-Seok, Kang, Young-Mi, Ha, Tai-Dong, Jun, Jae-Hyun

Granted Patent

US 7,035,442 B2
Time in Patent Office

Days
Field of Search
US Class Current

382/124
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/0861   using biometrical features,...

User authenticating system and method using one-time fingerprint template

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

User authenticating system and method using one-time fingerprint template

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links