Biometric authentication for remote initiation of actions and services

US 8,220,063 B2
Filed: 12/18/2008
Issued: 07/10/2012
Est. Priority Date: 05/18/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of provisioning a client computer using a secure channel and trustworthy resources, the method comprising the steps of:

identifying all client-based components required for the client computer to obtain from the user and to transmit biometric data,verifying that the identified components are trustworthy components that have not been altered;

establishing a secure communication channel with at least one server;

using only components verified as trustworthy, obtaining a candidate set of biometric data from the user;

using only components verified as trustworthy, transmitting the biometric data over the secure communication channel to the server for authentication and to establish the user'"'"'s identity; and

based on the established user identity, receiving, over the secure communication channel and using only components verified as trustworthy, a set of provisioning modules specific to the user for execution on the client computer in order to cause transfer of information onto the client computer.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one aspect, the invention relates to generating a trusted communication channel with a client. An agent module is provided at the client along with a task set including one or more tasks. One or more client components needed to complete each of the tasks of the task set is determined, and it is further determined whether each of the needed client components is trustworthy. An equivalent component for components determined to be untrustworthy may be provided.

15 Citations

View as Search Results

11 Claims

1. A method of provisioning a client computer using a secure channel and trustworthy resources, the method comprising the steps of:
- identifying all client-based components required for the client computer to obtain from the user and to transmit biometric data,verifying that the identified components are trustworthy components that have not been altered;
  
  establishing a secure communication channel with at least one server;
  
  using only components verified as trustworthy, obtaining a candidate set of biometric data from the user;
  
  using only components verified as trustworthy, transmitting the biometric data over the secure communication channel to the server for authentication and to establish the user'"'"'s identity; and
  
  based on the established user identity, receiving, over the secure communication channel and using only components verified as trustworthy, a set of provisioning modules specific to the user for execution on the client computer in order to cause transfer of information onto the client computer.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the strong authentication data consists of biometric indicia.
  - 3. The method of claim 1 wherein, if any of the identified components are not verified to be trustworthy, requesting and receiving from at least one said server trustworthy versions thereof using the secure communication channel.
  - 4. The method of claim 1 wherein the components are verified as trustworthy via communication with at least one said server using the secure communication channel.
  - 5. The method of claim 1 wherein the identifying step is performed by an agent executing on the client computer and further comprising the step of causing the agent to verify that it is itself a trustworthy component.
  - 6. The method of claim 5 wherein the agent verifies that it and the identified components are trustworth by examining at least one of digital signatures or digests thereof to verify that nothing has been altered.

7. A system for provisioning a client computer using a secure channel and trustworthy resources, the system comprising:
- an authentication device for establishing an identity of a client user based on strong authentication data, the authentication device comprising (i) one or more client-based components enabling the client to obtain from the user and to transmit biometric data and (ii) an agent for;
  
  (a) identifying all client-based components required for the client computer to obtain from the user and to transmit the biometric data;
  
  (b) verifying that the identified components are trustworthy components that have not been altered;
  
  (c) establishing a secure communication channel with at least one server; and
  
  (d) using only components verified as trustworthy, obtaining a candidate set of biometric data from the user and, using only components verified as trustworthy, transmitting the biometric data over the secure communication channel to the server for authentication to establish the user'"'"'s identity; and
  
  a server device for remotely providing to the client computer, based on the established user identity, a set of provisioning modules specific to the user for execution on the client computer, the execution of the provisioning modules causing transfer information onto the client computer, wherein the provisioning modules are received over the secure communication channel using only components verified as trustworthy.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7 wherein the strong authentication data are biometric indicia.
  - 9. The system of claim 8 wherein the client computer comprises a biometric input device for obtaining the indicia.
  - 10. The system of claim 9 wherein the client computer comprises a communication module for transmitting the indicia to the server for identity establishment.
  - 11. The system of claim 9 wherein the client computer comprises an analysis module for analyzing the indicia for identity establishment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Imprivata Incorporated
Inventors
Ting, David M. T.
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US12/338,196
Publication Number

US 20090100270A1
Time in Patent Office

1,300 Days
Field of Search

713/186, 713/176, 713/170, 726/8, 726/22, 726/28, 726/29, 726/30
US Class Current

726/29
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/57   Certifying or maintaining t...

H04L 2463/102   applying security measure f...

H04L 63/0407   wherein the identity of one...

H04L 63/0861   using biometrical features,...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 63/20   for managing network securi...

Biometric authentication for remote initiation of actions and services

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Biometric authentication for remote initiation of actions and services

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links