Biometric authentication for remote initiation of actions and services
First Claim
Patent Images
1. A method of provisioning a client computer using a secure channel and trustworthy resources, the method comprising the steps of:
- identifying all client-based components required for the client computer to obtain from the user and to transmit biometric data,verifying that the identified components are trustworthy components that have not been altered;
establishing a secure communication channel with at least one server;
using only components verified as trustworthy, obtaining a candidate set of biometric data from the user;
using only components verified as trustworthy, transmitting the biometric data over the secure communication channel to the server for authentication and to establish the user'"'"'s identity; and
based on the established user identity, receiving, over the secure communication channel and using only components verified as trustworthy, a set of provisioning modules specific to the user for execution on the client computer in order to cause transfer of information onto the client computer.
7 Assignments
0 Petitions
Accused Products
Abstract
In one aspect, the invention relates to generating a trusted communication channel with a client. An agent module is provided at the client along with a task set including one or more tasks. One or more client components needed to complete each of the tasks of the task set is determined, and it is further determined whether each of the needed client components is trustworthy. An equivalent component for components determined to be untrustworthy may be provided.
15 Citations
11 Claims
-
1. A method of provisioning a client computer using a secure channel and trustworthy resources, the method comprising the steps of:
-
identifying all client-based components required for the client computer to obtain from the user and to transmit biometric data, verifying that the identified components are trustworthy components that have not been altered; establishing a secure communication channel with at least one server; using only components verified as trustworthy, obtaining a candidate set of biometric data from the user; using only components verified as trustworthy, transmitting the biometric data over the secure communication channel to the server for authentication and to establish the user'"'"'s identity; and based on the established user identity, receiving, over the secure communication channel and using only components verified as trustworthy, a set of provisioning modules specific to the user for execution on the client computer in order to cause transfer of information onto the client computer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for provisioning a client computer using a secure channel and trustworthy resources, the system comprising:
-
an authentication device for establishing an identity of a client user based on strong authentication data, the authentication device comprising (i) one or more client-based components enabling the client to obtain from the user and to transmit biometric data and (ii) an agent for; (a) identifying all client-based components required for the client computer to obtain from the user and to transmit the biometric data; (b) verifying that the identified components are trustworthy components that have not been altered; (c) establishing a secure communication channel with at least one server; and (d) using only components verified as trustworthy, obtaining a candidate set of biometric data from the user and, using only components verified as trustworthy, transmitting the biometric data over the secure communication channel to the server for authentication to establish the user'"'"'s identity; and a server device for remotely providing to the client computer, based on the established user identity, a set of provisioning modules specific to the user for execution on the client computer, the execution of the provisioning modules causing transfer information onto the client computer, wherein the provisioning modules are received over the secure communication channel using only components verified as trustworthy. - View Dependent Claims (8, 9, 10, 11)
-
Specification