System and method for user identification and authentication
First Claim
Patent Images
1. A method for authenticating a user comprising:
- obtaining an indication of a biometric parameter using a secured computing device from a user, wherein the indication provides information on the identity of the user;
verifying that the obtained indication of the biometric parameter substantially matches the stored indication of the biometric parameter;
obtaining a first password from the user;
verifying that the first password matches a stored second password;
communicating the identity of the user to a remote host and requesting a salt value;
receiving from the remote host said salt value and a remote host challenge value;
calculating a device challenge value;
calculating a hash using the salt value and first password;
encrypting the remote host challenge value and the device challenge value using the hash;
receiving an unencrypted device challenge value from the remote host;
verifying that the received unencrypted device challenge value is identical to the calculated device challenge value; and
generating a session master secret;
encrypting the session master secret; and
communicating the session master secret to the remote host.
1 Assignment
0 Petitions
Accused Products
Abstract
A user identification and authentication device provides a secure computing platform and a secure computing path for communication with a secure remote host. The device is coupled to an unsecure PC but provides for secure verification of a user'"'"'s identity and authorization in participating in a transaction.
128 Citations
19 Claims
-
1. A method for authenticating a user comprising:
-
obtaining an indication of a biometric parameter using a secured computing device from a user, wherein the indication provides information on the identity of the user;
verifying that the obtained indication of the biometric parameter substantially matches the stored indication of the biometric parameter;
obtaining a first password from the user;
verifying that the first password matches a stored second password;
communicating the identity of the user to a remote host and requesting a salt value;
receiving from the remote host said salt value and a remote host challenge value;
calculating a device challenge value;
calculating a hash using the salt value and first password;
encrypting the remote host challenge value and the device challenge value using the hash;
receiving an unencrypted device challenge value from the remote host;
verifying that the received unencrypted device challenge value is identical to the calculated device challenge value; and
generating a session master secret;
encrypting the session master secret; and
communicating the session master secret to the remote host. - View Dependent Claims (2, 3, 4)
-
-
5. A method of providing authenticated and secure electronic communications over an unsecured electronic communication path comprising:
-
providing a secured device comprising at least a biometric sensor, a user input, and a display; and
wherein the secured device is configured to communicate with a secure network server;
requesting a secure communication value from the secure network server over an unsecured communication path;
receiving at the secured device the secure communication value;
displaying on the display a message;
authenticating a user'"'"'s identity using the biometric sensor;
encrypting a message using the secured device; and
communicating the encrypted message over the unsecured communication path to the secured network server. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A device for providing secure communication through an unsecured system comprising:
-
a processor configured to calculate an authentication device challenge value and use a salt value to calculate a hash of the salt and a user password entered via the input device to create an encryption key, said processor further configured to encrypt one or more challenge values using said encryption key, wherein said salt value is received from a remote host after said processor has verified said user using data from said biometric sensor;
a display in communication with the processor;
a biometric sensor in communication with the processor configured to obtain biometric information useful in identifying an individual;
an input device in communication with the processor; and
a computer interface configured to provide a communication path between an unsecured computing platform and the processor;
wherein the processor is further configured to communicate with a remote host through the unsecured computing platform, wherein the encryption key is not shared with the unsecured computing platform. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A system for authenticating a transaction comprising:
-
an unsecured device configured to initiate a transaction with a secured remote host;
a secure device connectable to the unsecured device and configured to verify a user'"'"'s identity by obtaining a biometric indication;
wherein the secure device is further configured to send and receive encrypted communications with the remote host; and
wherein the encrypted communications pass through the unsecured device without being unencrypted by the unsecured device. - View Dependent Claims (19)
-
Specification