CA2287857C - Biometric certificates - Google Patents
Biometric certificates Download PDFInfo
- Publication number
- CA2287857C CA2287857C CA002287857A CA2287857A CA2287857C CA 2287857 C CA2287857 C CA 2287857C CA 002287857 A CA002287857 A CA 002287857A CA 2287857 A CA2287857 A CA 2287857A CA 2287857 C CA2287857 C CA 2287857C
- Authority
- CA
- Canada
- Prior art keywords
- biometric
- transaction
- data
- user
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/10—Image acquisition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Abstract
Biometric identification is combined with digital certificates for electronic authentication as biometric certificates. The biometric certificates are managed through the use of a biometric certificate management system. Biometric certificates may be used in any electronic transaction requiring authentication of the participants. Biometric data is pre-stored in a biometric database of the biometric certificate management system by receiving data corresponding to physical characteristics of registered users through a biometric input device.
Subsequent transactions to be conducted over a network have digital signatures generated from the physical characteristics of a current user and from the electronic transaction. The electronic transactions is authenticated by comparison of hash values in the digital signature with re-created hash values. The user is authenticated by comparison against the pre-stored biometric certificates of the physical characteristics of users in the biometric database.
Subsequent transactions to be conducted over a network have digital signatures generated from the physical characteristics of a current user and from the electronic transaction. The electronic transactions is authenticated by comparison of hash values in the digital signature with re-created hash values. The user is authenticated by comparison against the pre-stored biometric certificates of the physical characteristics of users in the biometric database.
Description
BIOMETRIC CERTIFICATES
BACKGROUND OF THE INVENTION
1. FIELD OF THE INVENTION
This disclosure relates generally to the field of secure communications, and in particular to the issuance and management of certificates for authenticating messages.
BACKGROUND OF THE INVENTION
1. FIELD OF THE INVENTION
This disclosure relates generally to the field of secure communications, and in particular to the issuance and management of certificates for authenticating messages.
2. DESCRIPTION OF RELATED ART
The use of computer networks and telecommunication systems for various transactions has markedly increased in recent years. Traditional transactions such as shopping, purchasing, banking, and investment services have experienced growth in new directions due to the application of computers and telecommunications.
While traditional transactions have heretofore been conducted typically on a person-to-person basis, many telecommunication-based transactions are conducted remotely and sight-unseen; i.e. the participants in telecommunication-based transactions may never meet.
With such telecommunication-based transactions, there is an increasing need to recognize and verify the authenticity of a remote user of electronic services, including such services involving consumers of all types of electronic transactions , such as purchases over the Internet, home banking, electronic transfers of funds, and electronic brokerage services. Such electronic transactions may also involve users of remote repositories of data, for example, to access classified records, medical records, billing records, and unclassified but sensitive data, such as company records. Other relevant areas requiring adequate or even absolute security include authentication of signers of electronic documents such as contracts. In general, any electronic service of value, provided over a local network or a public network, requires authentication of the requester in order to protect the value of the service. More valuable services typically require a greater degree of authentication.
Historically, access to electronic services has been provided through identification techniques such as account names and authentication techniques such as personal identification numbers (PINs) and passwords. Such authentication techniques have not proven to be very secure since PINs and passwords are often easily guessed, hard to remember, or subject to discovery by exhaustive automated searches. Recently, digital certificates have emerged as a leading candidate for authenticating electronic transactions.
Ideally, a digital certificate, such as those defined by the X.509 and ANSI X.9 standards, allows users or buyers and sellers to authenticate electronic documents and electronic transactions in a manner analogous to the authentication of documents by a Notary Public in person-to-person transactions.
The combination of cryptographic techniques, including public key cryptography, and the use of digital certificates provides greater integrity, privacy and a degree of authentication for on-line electronic transactions which instills a greater level of confidence in the electronic services consumer.
For example, such authenticating certificates in the prior art may be generated by concatenating a message and a public key with a set 10 of data as shown in FIG. 1, which may be in a sequence and which may include a subject unique ID 12 corresponding to the subject; that is, the individual or entity such as a corporation, having the public key. As shown in FIG.
1, other fields in the set 10 of data may include a version number, a serial number for the certificate with respect to a sequence of generated certificates, the name of the issuer, a validity period to determine an expiration of validity of the certificate, a subject name identifying the user or individual sending the transaction, a issuer unique ID number, and other data extensions indicating privileges and attributes of the certificate, such as access privileges.
The subject unique ID 12 of the user may include M bits representing, for example, a social security number or a password associated with the user sending the transaction.
Typically, M= 50 bits - 6 bytes or less.
The authenticating certificate, being the concatenation of the set 10 of data with the public key and the transaction data, is then processed, for example, using a hash function such as a one-way hashing function, to generate a hashed value.
The hashed value is then signed; that is, encrypted, using the private key of the user to generate a digital signature 14.
The digital signature 14 is then appended to the authenticating certificate and the message, such as an electronic transaction, for transmission over, for example, a network.
The X.509 and ANSI X.9 standards described above incorporate a hash function to generate unique digital signatures 14 from a respective set 10 of data. Such one-way hashing functions enable the transaction data to be computationally infeasible to derive solely from the hash value.
While the use in the prior art of authenticating certificates incorporating digital certificates improves transactions employing electronic authentication, it still falls short of actually authenticating a human transactor, such as a consumer. Instead, such digital certificates in the prior art only authenticate the private cryptographic key used in the transaction or signature. Since private keys are physically
The use of computer networks and telecommunication systems for various transactions has markedly increased in recent years. Traditional transactions such as shopping, purchasing, banking, and investment services have experienced growth in new directions due to the application of computers and telecommunications.
While traditional transactions have heretofore been conducted typically on a person-to-person basis, many telecommunication-based transactions are conducted remotely and sight-unseen; i.e. the participants in telecommunication-based transactions may never meet.
With such telecommunication-based transactions, there is an increasing need to recognize and verify the authenticity of a remote user of electronic services, including such services involving consumers of all types of electronic transactions , such as purchases over the Internet, home banking, electronic transfers of funds, and electronic brokerage services. Such electronic transactions may also involve users of remote repositories of data, for example, to access classified records, medical records, billing records, and unclassified but sensitive data, such as company records. Other relevant areas requiring adequate or even absolute security include authentication of signers of electronic documents such as contracts. In general, any electronic service of value, provided over a local network or a public network, requires authentication of the requester in order to protect the value of the service. More valuable services typically require a greater degree of authentication.
Historically, access to electronic services has been provided through identification techniques such as account names and authentication techniques such as personal identification numbers (PINs) and passwords. Such authentication techniques have not proven to be very secure since PINs and passwords are often easily guessed, hard to remember, or subject to discovery by exhaustive automated searches. Recently, digital certificates have emerged as a leading candidate for authenticating electronic transactions.
Ideally, a digital certificate, such as those defined by the X.509 and ANSI X.9 standards, allows users or buyers and sellers to authenticate electronic documents and electronic transactions in a manner analogous to the authentication of documents by a Notary Public in person-to-person transactions.
The combination of cryptographic techniques, including public key cryptography, and the use of digital certificates provides greater integrity, privacy and a degree of authentication for on-line electronic transactions which instills a greater level of confidence in the electronic services consumer.
For example, such authenticating certificates in the prior art may be generated by concatenating a message and a public key with a set 10 of data as shown in FIG. 1, which may be in a sequence and which may include a subject unique ID 12 corresponding to the subject; that is, the individual or entity such as a corporation, having the public key. As shown in FIG.
1, other fields in the set 10 of data may include a version number, a serial number for the certificate with respect to a sequence of generated certificates, the name of the issuer, a validity period to determine an expiration of validity of the certificate, a subject name identifying the user or individual sending the transaction, a issuer unique ID number, and other data extensions indicating privileges and attributes of the certificate, such as access privileges.
The subject unique ID 12 of the user may include M bits representing, for example, a social security number or a password associated with the user sending the transaction.
Typically, M= 50 bits - 6 bytes or less.
The authenticating certificate, being the concatenation of the set 10 of data with the public key and the transaction data, is then processed, for example, using a hash function such as a one-way hashing function, to generate a hashed value.
The hashed value is then signed; that is, encrypted, using the private key of the user to generate a digital signature 14.
The digital signature 14 is then appended to the authenticating certificate and the message, such as an electronic transaction, for transmission over, for example, a network.
The X.509 and ANSI X.9 standards described above incorporate a hash function to generate unique digital signatures 14 from a respective set 10 of data. Such one-way hashing functions enable the transaction data to be computationally infeasible to derive solely from the hash value.
While the use in the prior art of authenticating certificates incorporating digital certificates improves transactions employing electronic authentication, it still falls short of actually authenticating a human transactor, such as a consumer. Instead, such digital certificates in the prior art only authenticate the private cryptographic key used in the transaction or signature. Since private keys are physically
-3-stored on computers and/or electronic storage devices, such private keys are not physically related to the entities associated with the private keys. For example, a private key is assigned to an entity, which may be a group of people, an organization such as a company, or even groups of organizations, and so private keys are not limited to actual human individuals.
Identification indica of individuals may be subdivided into three broad categories: indica based on the physical characteristics of the individual, that is, what the individual is; indicia based on one's knowledge, such as passwords known to the individual; and indicia based on assigned information, that is, what another individual has associated with the identified individual, or what the identified individual chooses with which to be associated. The first category having physical indicia relates to the biometric data of an individual, and includes characteristic features such as genetic composition, fingerprints, hand geometry, iris and retinal appearance, etc., which are unique to each individual, with known exceptions such as the identical genetic compositions of twins.
The second and third categories having known and/or assigned indicia includes information which the individual knows and/or is charged with memorizing and divulging for authentication, such as social security number, mother's maiden name, access codes such as long distance calling card numbers, and personal passwords. The second category also includes information and/or objects which the individual owns and/or is charged with carrying and divulging for authentication, such as driver's licenses and passports.
Private keys are assigned indicia. Accordingly, the lack of physical identification of a human transactor with a private key is a flaw in authentication techniques in the prior art using such private keys. Other authentication and security techniques in the prior art are similarly flawed, since many
Identification indica of individuals may be subdivided into three broad categories: indica based on the physical characteristics of the individual, that is, what the individual is; indicia based on one's knowledge, such as passwords known to the individual; and indicia based on assigned information, that is, what another individual has associated with the identified individual, or what the identified individual chooses with which to be associated. The first category having physical indicia relates to the biometric data of an individual, and includes characteristic features such as genetic composition, fingerprints, hand geometry, iris and retinal appearance, etc., which are unique to each individual, with known exceptions such as the identical genetic compositions of twins.
The second and third categories having known and/or assigned indicia includes information which the individual knows and/or is charged with memorizing and divulging for authentication, such as social security number, mother's maiden name, access codes such as long distance calling card numbers, and personal passwords. The second category also includes information and/or objects which the individual owns and/or is charged with carrying and divulging for authentication, such as driver's licenses and passports.
Private keys are assigned indicia. Accordingly, the lack of physical identification of a human transactor with a private key is a flaw in authentication techniques in the prior art using such private keys. Other authentication and security techniques in the prior art are similarly flawed, since many
-4-
5 PCT/US98/09770 authentication and security techniques rely on identification indicia of the second category.
Techniques are known in the art for authenticating an individual based on identification indica of the first category; that is, by physical characteristics. For example, U.S. Patent No. 4,641,349 to Flom et al. discloses a system for performing iris recognition. Typically, such physical characteristics identifying techniques require complicated computational operations for the capture and accurate classification of physical characteristics, since such physical characteristics are unique to each individual. Accordingly, the identification indicia for such physical characteristics generally requires a relatively large amount of memory to store and classify such identification indicia.
Heretofore, the relatively large computational demands of authentication techniques based on physical characteristics has prevented such authentication techniques from being implemented in electronic transactions.
SUMMARY OF THE INVENTION
It is recognized herein that biometric identification and classification in the authentication of electronic transactions provides for increased security and accuracy.
A biometric certification system and method are disclosed herein which implements an end-to-end security mechanism binding the biometric identification of consumers with digital certificates. The biometric certification system authenticates electronic transactions involving a user, and includes a biometric input device which responds to a set of physical characteristics of the user, and generates corresponding first biometric data related to the physical condition of the user.
Biometric data is pre-stored as biometric certificates in a biometric database of the biometric certificate management system by receiving data corresponding to physical characteristics of registered users through a biometric input device. Subsequent transactions to be conducted over a network have transaction biometric data generated from the physical characteristics of a current user, which is then appended to the transaction first data, and which then authenticates the user by comparison against the pre-stored biometric data of the physical characteristics of users in the biometric database.
BRIEF DESCRIPTION OF THE DRAWINGS
The features of the disclosed biometric certification system and method are readily apparent and are to be understood by referring to the following detailed description of the preferred embodiments of the present invention, taken in conjunction with the accompanying drawings, in which:
FIG. 1 illustrates an authenticating certificate in the prior art;
FIG. 2 illustrates a biometric certificate of the disclosed biometric certification system and method;
FIG. 3 illustrates a biometric certificate registration apparatus;
FIG. 4 illustrates an electronic transaction transmission section; and FIG. 5 illustrates an electronic transaction reception and processing section.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
Referring in specific detail to the drawings, with common reference numbers identifying similar or identical elements, steps, and features, as shown in FIG. 2 the present disclosure describes a biometric certification system and method for generating biometric certificates from a set 16 of data, including a subject unique ID 18 and biometric data 20. A
digital signature 22 generated using data set 16 is then appended to the data set 16 to form the biometric certificate, as shown in FIG. 2.
The disclosed biometric certification system is shown in
Techniques are known in the art for authenticating an individual based on identification indica of the first category; that is, by physical characteristics. For example, U.S. Patent No. 4,641,349 to Flom et al. discloses a system for performing iris recognition. Typically, such physical characteristics identifying techniques require complicated computational operations for the capture and accurate classification of physical characteristics, since such physical characteristics are unique to each individual. Accordingly, the identification indicia for such physical characteristics generally requires a relatively large amount of memory to store and classify such identification indicia.
Heretofore, the relatively large computational demands of authentication techniques based on physical characteristics has prevented such authentication techniques from being implemented in electronic transactions.
SUMMARY OF THE INVENTION
It is recognized herein that biometric identification and classification in the authentication of electronic transactions provides for increased security and accuracy.
A biometric certification system and method are disclosed herein which implements an end-to-end security mechanism binding the biometric identification of consumers with digital certificates. The biometric certification system authenticates electronic transactions involving a user, and includes a biometric input device which responds to a set of physical characteristics of the user, and generates corresponding first biometric data related to the physical condition of the user.
Biometric data is pre-stored as biometric certificates in a biometric database of the biometric certificate management system by receiving data corresponding to physical characteristics of registered users through a biometric input device. Subsequent transactions to be conducted over a network have transaction biometric data generated from the physical characteristics of a current user, which is then appended to the transaction first data, and which then authenticates the user by comparison against the pre-stored biometric data of the physical characteristics of users in the biometric database.
BRIEF DESCRIPTION OF THE DRAWINGS
The features of the disclosed biometric certification system and method are readily apparent and are to be understood by referring to the following detailed description of the preferred embodiments of the present invention, taken in conjunction with the accompanying drawings, in which:
FIG. 1 illustrates an authenticating certificate in the prior art;
FIG. 2 illustrates a biometric certificate of the disclosed biometric certification system and method;
FIG. 3 illustrates a biometric certificate registration apparatus;
FIG. 4 illustrates an electronic transaction transmission section; and FIG. 5 illustrates an electronic transaction reception and processing section.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
Referring in specific detail to the drawings, with common reference numbers identifying similar or identical elements, steps, and features, as shown in FIG. 2 the present disclosure describes a biometric certification system and method for generating biometric certificates from a set 16 of data, including a subject unique ID 18 and biometric data 20. A
digital signature 22 generated using data set 16 is then appended to the data set 16 to form the biometric certificate, as shown in FIG. 2.
The disclosed biometric certification system is shown in
-6-FIGS. 3-5, having biometric registration section 24 shown in FIG. 3, a transmitting section 40 shown in FIG. 4, and a receiving section 42 shown in FIG. 5. The biometric registration section 24 processes user biometrics and associated inputs to generate biometric certificates which are unique to the user, and which are stored in a memory such as a biometric database and/or a smart card memory. Once such biometric certificates are stored, a first user may conduct biometrically-secured electronic transactions sent from the transaction transmission section 40 of FIG. 4 to the transaction reception section 42 of FIG. 5, at which the electronic transaction is authenticated and processed.
Referring to FIG. 3, the registration section 24 has a set of input devices, including a registration biometric input device 26 and a user data input device 28. The biometric input device 26 generates registration biometric data from the physical characteristics of the user, such as fingerprints, hand geometry, iris and retinal appearance, and speech patterns.
The registration biometric input device 26 may include visual cameras and/or other visual readers to input fingerprints, hand geometry, iris appearance, and retinal appearance. For example, companies such as IDENTIX, FUJITSU, and AUTHENTEC provide such equipment for reading fingerprints, while RECOGNITION SYSTEMS provides equipment to read hand geometry. EYE-DENTIFY is an example of a company which provides retinal imaging devices, while IRISCAN and SENSAR are examples of companies which provide iris imaging devices.
Alternatively, the registration biometric input device 26 may be adapted to receive audio characteristics of a user. For example, a microphone in conjunction with a speech digitizer may be used to receive and digitize speech. Such companies as BBN, T-NETIX, and ALPHA-TEL provide such equipment for receiving and digitizing speech to generate corresponding biometric data.
Referring to FIG. 3, the registration section 24 has a set of input devices, including a registration biometric input device 26 and a user data input device 28. The biometric input device 26 generates registration biometric data from the physical characteristics of the user, such as fingerprints, hand geometry, iris and retinal appearance, and speech patterns.
The registration biometric input device 26 may include visual cameras and/or other visual readers to input fingerprints, hand geometry, iris appearance, and retinal appearance. For example, companies such as IDENTIX, FUJITSU, and AUTHENTEC provide such equipment for reading fingerprints, while RECOGNITION SYSTEMS provides equipment to read hand geometry. EYE-DENTIFY is an example of a company which provides retinal imaging devices, while IRISCAN and SENSAR are examples of companies which provide iris imaging devices.
Alternatively, the registration biometric input device 26 may be adapted to receive audio characteristics of a user. For example, a microphone in conjunction with a speech digitizer may be used to receive and digitize speech. Such companies as BBN, T-NETIX, and ALPHA-TEL provide such equipment for receiving and digitizing speech to generate corresponding biometric data.
-7-Biometric input devices known in the art may be used to receive other physical characteristics such as facial and body appearance via, for example, a camera, as well as the genetic composition of the user by means of genetic material gathering procedures, such as blood lancets.
The biometric certificate as shown in FIG. 2 may be generated by processing the registration biometric data from the registration biometric input device 26, processing the user input data such as a user ID from the user data input device 28, and processing the public key 30 of the user at a biometric certificate generator 32 of a registration authority 34. Such input data are processed with the private key 36 of a certifying authority to generate a digital biometric certificate 38 which is sent to the memory for storage and subsequent use to authenticate the first user and associated electronic transactions of the first user.
The registration biometric data 20 to be incorporated into the biometric certificate of FIG. 2 is obtained directly from the physical characteristics of the subject through the biometric input device 26. The subject unique ID 18 of the user may include M bits, in which typically M- 50 bits ~ 6 bytes or less, while the biometric data 20 typically includes much more data than the subject unique ID 18. Generally, the biometric data 20 has N bits in which N may be very large, such as about 500 bytes. In fact, the amount of the biometric data 20 is unlimited; for example, a fingerprint may be visually scanned to any resolution to obtain key fingerprint aspects which uniquely distinguish fingerprints, or alternatively to obtain data representing pixels of the entire fingerprint.
Accordingly, the biometric data 20 may require large amounts of memory for storage such as 2 kB or even 4 MB. Accordingly, in the preferred embodiment, N is much greater than M.
Prior to use of the disclosed biometric certification system and method, the biometric database 66 is built using, for example, a registration process in which individuals are
The biometric certificate as shown in FIG. 2 may be generated by processing the registration biometric data from the registration biometric input device 26, processing the user input data such as a user ID from the user data input device 28, and processing the public key 30 of the user at a biometric certificate generator 32 of a registration authority 34. Such input data are processed with the private key 36 of a certifying authority to generate a digital biometric certificate 38 which is sent to the memory for storage and subsequent use to authenticate the first user and associated electronic transactions of the first user.
The registration biometric data 20 to be incorporated into the biometric certificate of FIG. 2 is obtained directly from the physical characteristics of the subject through the biometric input device 26. The subject unique ID 18 of the user may include M bits, in which typically M- 50 bits ~ 6 bytes or less, while the biometric data 20 typically includes much more data than the subject unique ID 18. Generally, the biometric data 20 has N bits in which N may be very large, such as about 500 bytes. In fact, the amount of the biometric data 20 is unlimited; for example, a fingerprint may be visually scanned to any resolution to obtain key fingerprint aspects which uniquely distinguish fingerprints, or alternatively to obtain data representing pixels of the entire fingerprint.
Accordingly, the biometric data 20 may require large amounts of memory for storage such as 2 kB or even 4 MB. Accordingly, in the preferred embodiment, N is much greater than M.
Prior to use of the disclosed biometric certification system and method, the biometric database 66 is built using, for example, a registration process in which individuals are
-8-required to provide proof of identity; that is, identification information such as a birth certificate, a driver's license, current bank account data, credit card account data, etc. to be provided to a registration authority. Once the registration authority is satisfied with such proof, the identification information is entered into the registration system 24 and biometric measurements are then taken concurrently using at least one biometric input device 26, as shown in FIG. 3.
Such stored biometric measurements form the pre-stored biometric data in the biometric database 66 which corresponds to the pre-registered individuals who have undergone the registration process described above. Accordingly, pre-registered individuals may be properly authenticated, while unregistered individuals are rejected, within the cross-over error rate.
The biometric certificates 38 are then sent to be stored in a memory, such as a biometric database or a memory of a smart card, as shown as the memory 66 in FIG. 5. The registration system 24 of FIG. 3 may be located at a central registration station associated with a network, such that the corresponding biometric certificates of a user may be directly and securely stored in the memory 66, such as a central biometric database of a network or an individual memory of a smart card of the user. Accordingly, the central biometric database as the memory 66 may serve a network of users conducting transactions, such as electronic commerce (E-commerce), over the Internet and other networks.
Alternatively, a smart card of the first user having the memory 66 may pre-store the biometric certificates, such that kiosks and other devices such as terminals and automatic teller machines (ATMs) may access the memory 66 and obtain the secured biometric certificate of the first user.
Referring to FIGS. 4-5, to conduct an electronic transaction, the first user uses the transaction system 40 in FIG. 4. The first user uses a transaction biometric input
Such stored biometric measurements form the pre-stored biometric data in the biometric database 66 which corresponds to the pre-registered individuals who have undergone the registration process described above. Accordingly, pre-registered individuals may be properly authenticated, while unregistered individuals are rejected, within the cross-over error rate.
The biometric certificates 38 are then sent to be stored in a memory, such as a biometric database or a memory of a smart card, as shown as the memory 66 in FIG. 5. The registration system 24 of FIG. 3 may be located at a central registration station associated with a network, such that the corresponding biometric certificates of a user may be directly and securely stored in the memory 66, such as a central biometric database of a network or an individual memory of a smart card of the user. Accordingly, the central biometric database as the memory 66 may serve a network of users conducting transactions, such as electronic commerce (E-commerce), over the Internet and other networks.
Alternatively, a smart card of the first user having the memory 66 may pre-store the biometric certificates, such that kiosks and other devices such as terminals and automatic teller machines (ATMs) may access the memory 66 and obtain the secured biometric certificate of the first user.
Referring to FIGS. 4-5, to conduct an electronic transaction, the first user uses the transaction system 40 in FIG. 4. The first user uses a transaction biometric input
-9-device 44 to generate transaction biometric data 46 as contemporaneous biometrics associate with the first user. The first user also generates transaction first data 50 through a transaction data input device 48. For example, the transaction first data 50 may include selections of products to be purchased over the Internet, or may include electronic funds transfers through an ATM. The transaction first data 50 also includes user ID data identifying the first user and associating the first user with the remainder of the transaction first data.
Both of the transaction biometric data 46 and the transaction first data 50 are sent over the network 60 unchanged and in the clear, or optionally encrypted by additional encryption techniques known in the art, to be received by the transaction reception section 42, as shown in FIG. 5.
In addition, at the transaction transmission section 40 of FIG. 4, both of the transaction biometric data 46 and the transaction first data 50 are processed, for example, using a first hash function 52, such as a one-way hashing function, to generate a first hashed value. RSA and SHA-1 are examples of public key cryptographic methods and one-way hashing which may be used for such encryption and hashing functions. The RSA
method is described, for example, in U.S. Patent No. 4,405,829 to Rivest et al., which is incorporated herein by reference.
The SHA-i method is described, for example, in U.S. Patent No.
5,623,545 to Childs et al., which is incorporated herein by reference.
The first hashed value is then sent to a digital signature function 54, in which the hashed value is signed; that is, encrypted, using the private key 56 of the first user to generate a digital signature 58, incorporating the first hash value. The digital signature 58 is then sent to the network 60.
The set of data transmissions constituting the transaction
Both of the transaction biometric data 46 and the transaction first data 50 are sent over the network 60 unchanged and in the clear, or optionally encrypted by additional encryption techniques known in the art, to be received by the transaction reception section 42, as shown in FIG. 5.
In addition, at the transaction transmission section 40 of FIG. 4, both of the transaction biometric data 46 and the transaction first data 50 are processed, for example, using a first hash function 52, such as a one-way hashing function, to generate a first hashed value. RSA and SHA-1 are examples of public key cryptographic methods and one-way hashing which may be used for such encryption and hashing functions. The RSA
method is described, for example, in U.S. Patent No. 4,405,829 to Rivest et al., which is incorporated herein by reference.
The SHA-i method is described, for example, in U.S. Patent No.
5,623,545 to Childs et al., which is incorporated herein by reference.
The first hashed value is then sent to a digital signature function 54, in which the hashed value is signed; that is, encrypted, using the private key 56 of the first user to generate a digital signature 58, incorporating the first hash value. The digital signature 58 is then sent to the network 60.
The set of data transmissions constituting the transaction
-10-WO 98/50875 PCT/[JS98/09770 biometric data 46, the transaction first data 50, and the digital signature 58 may be sent as separate bitstreams and/or data packets, or otherwise may be sent together by appending the associated data sequences using a concatenator, such as an adder for bitwise adding of the data sequences. In addition, software may be used to append such data. The data 46, 50, and 58 may be sent to the network 60, which may include telephone networks, satellite communications, and/or the Internet.
Referring to FIG. 5, after receiving the electronic transaction from the network 60, the receiving section 42 sends the user ID data 62 from the transaction first data 50 to be sent to a biometric certificate extractor 54. The biometric certificate extractor 54 uses the user ID data 62 to access a corresponding biometric certificate stored in the memory 66, such as the biometric database or smart card memory. That is, if the first user had previously stored corresponding biometric certificates generated from biometric characteristics of the first user using the registration system 24 shown in FIG. 3, the biometric certificate of the first user may be indexed according to the user ID data, such as the social security number, of the first user.
The memory 66 may receive the user ID data 62, or otherwise may receive a command from the biometric certificate extractor 64 to retrieve any biometric certificate corresponding to the user ID data 62 of the first user. If none are available, the receiving section 42 may generate a rejection signal, for example, at the biometric certificate extractor 64, to indicate that no biometric certificate is available.
Accordingly, any user requesting authentication of an electronic transaction but failing to be registered; that is, to have a corresponding pre-stored biometric certificate stored in the memory 66, is not authenticated. The receiving section 42 may generate a corresponding message of non-authentication, and may also send such a message through the network 60 to the
Referring to FIG. 5, after receiving the electronic transaction from the network 60, the receiving section 42 sends the user ID data 62 from the transaction first data 50 to be sent to a biometric certificate extractor 54. The biometric certificate extractor 54 uses the user ID data 62 to access a corresponding biometric certificate stored in the memory 66, such as the biometric database or smart card memory. That is, if the first user had previously stored corresponding biometric certificates generated from biometric characteristics of the first user using the registration system 24 shown in FIG. 3, the biometric certificate of the first user may be indexed according to the user ID data, such as the social security number, of the first user.
The memory 66 may receive the user ID data 62, or otherwise may receive a command from the biometric certificate extractor 64 to retrieve any biometric certificate corresponding to the user ID data 62 of the first user. If none are available, the receiving section 42 may generate a rejection signal, for example, at the biometric certificate extractor 64, to indicate that no biometric certificate is available.
Accordingly, any user requesting authentication of an electronic transaction but failing to be registered; that is, to have a corresponding pre-stored biometric certificate stored in the memory 66, is not authenticated. The receiving section 42 may generate a corresponding message of non-authentication, and may also send such a message through the network 60 to the
-11-transmitting section 40 to indicate no authenticity in the transaction.
Otherwise, if a biometric certificate is available for the first user having corresponding user ID data, the biometric certificate 68 is retrieved and sent to the biometric certificate extractor 64 to decrypt the biometric certificate 68 using the public key 70 of the certifying authority. Thus, the biometric certificate extractor 64 obtain the decrypted registration biometric data 72 and the decrypted user public key 74 associated with the first user.
The decrypted user public key 74 is then sent to a decryptor to decrypt the digital signature 58 sent over the network 60 from the transmitting section 24. The decryptor 76 then extracts the first hash value which was incorporated into the digital signature 58 by the first hash function 52.
The receiving section 24 authenticates the first hash value by attempting to recreate the first hash value using a second hash function 78 which is identical to the first hash function 52 of the transmitting section 24. The second hash function 78 receives the transaction biometric data 46 and the transaction first data 50 from the network 60, which were sent from the transmitting section 24 in the clear, or optionally encrypted by additional encryption techniques known in the art.
The second hash function 78 thus generates a second hash value from the same input data applied to the first hash function 52.
The first and second hash values are then compared by a first classifier 80, such as a comparator or matching routines in software, for determining a match between the first and second hash values. A first validation signal 82 is generated to indicate whether or not both independently generated hash values match.
If both match, then the receiving section 42 thus determines that both of the transaction biometric data 46 and the transaction first data 50, in combination, are authentic and have not been modified during transmission over the network
Otherwise, if a biometric certificate is available for the first user having corresponding user ID data, the biometric certificate 68 is retrieved and sent to the biometric certificate extractor 64 to decrypt the biometric certificate 68 using the public key 70 of the certifying authority. Thus, the biometric certificate extractor 64 obtain the decrypted registration biometric data 72 and the decrypted user public key 74 associated with the first user.
The decrypted user public key 74 is then sent to a decryptor to decrypt the digital signature 58 sent over the network 60 from the transmitting section 24. The decryptor 76 then extracts the first hash value which was incorporated into the digital signature 58 by the first hash function 52.
The receiving section 24 authenticates the first hash value by attempting to recreate the first hash value using a second hash function 78 which is identical to the first hash function 52 of the transmitting section 24. The second hash function 78 receives the transaction biometric data 46 and the transaction first data 50 from the network 60, which were sent from the transmitting section 24 in the clear, or optionally encrypted by additional encryption techniques known in the art.
The second hash function 78 thus generates a second hash value from the same input data applied to the first hash function 52.
The first and second hash values are then compared by a first classifier 80, such as a comparator or matching routines in software, for determining a match between the first and second hash values. A first validation signal 82 is generated to indicate whether or not both independently generated hash values match.
If both match, then the receiving section 42 thus determines that both of the transaction biometric data 46 and the transaction first data 50, in combination, are authentic and have not been modified during transmission over the network
-12-60.
In addition, the receiving section 42 determines whether the electronic transaction is indeed from the indicated user corresponding to the transaction biometric data 46; that is, transaction biometric data 46 may not be authentic, or alternatively, the decrypted user public key 74 may be a public key 74 commonly shared by a specific group of people such as employees of a specific company.
Accordingly, the receiving section 42 compares the biometric data of the first user generated during the transaction, as the transaction biometric data 46, with the registration biometric data generated at an earlier date from the first user during a registration process using the registration system 24. The registration biometric data, which is decrypted by the biometric certificate extractor 64 to be the decrypted registration biometric data 72, is applied to a second classifier 84 to be compared to the transaction biometric data 46 which is sent over the network 60 in the clear, or optionally encrypted by additional encryption techniques known in the art.
The second classifier 84 may be a comparator, or alternatively a software routine or other hardware/software devices implementing data matching techniques, for comparing the biometric data to obtain a decision value. Alternatively, the second classifier 84 may be a trained neural network and/or a fuzzy logic classifier for classifying whether or not, within an error tolerance, the sets of biometric data 46, 72 were obtained from the same individual using biometric input devices. Such classification methods for authentication of images and data sequences using neural networks are described, for example, in U.S. Patent No. 5,619,620 to Eccles, which is incorporated herein by reference.
The second classifier 84 then generates a decision in the form of a second validation signal 86, which may be logic values corresponding to YES or NO, or TRUE or FALSE, indicating
In addition, the receiving section 42 determines whether the electronic transaction is indeed from the indicated user corresponding to the transaction biometric data 46; that is, transaction biometric data 46 may not be authentic, or alternatively, the decrypted user public key 74 may be a public key 74 commonly shared by a specific group of people such as employees of a specific company.
Accordingly, the receiving section 42 compares the biometric data of the first user generated during the transaction, as the transaction biometric data 46, with the registration biometric data generated at an earlier date from the first user during a registration process using the registration system 24. The registration biometric data, which is decrypted by the biometric certificate extractor 64 to be the decrypted registration biometric data 72, is applied to a second classifier 84 to be compared to the transaction biometric data 46 which is sent over the network 60 in the clear, or optionally encrypted by additional encryption techniques known in the art.
The second classifier 84 may be a comparator, or alternatively a software routine or other hardware/software devices implementing data matching techniques, for comparing the biometric data to obtain a decision value. Alternatively, the second classifier 84 may be a trained neural network and/or a fuzzy logic classifier for classifying whether or not, within an error tolerance, the sets of biometric data 46, 72 were obtained from the same individual using biometric input devices. Such classification methods for authentication of images and data sequences using neural networks are described, for example, in U.S. Patent No. 5,619,620 to Eccles, which is incorporated herein by reference.
The second classifier 84 then generates a decision in the form of a second validation signal 86, which may be logic values corresponding to YES or NO, or TRUE or FALSE, indicating
-13-verification of the authenticity of the user sending the electronic transaction. Alternatively, the authentication decision may be a numerical value, for example, corresponding to a percentage of confidence of authenticity. The second classifier 86 may include a predetermined threshold of, for example, 981 authenticity, to be exceeded in order to proceed with the processing of the electronic transaction.
The receiving section 42 shown in FIG. 5 may respond to the validation signals 82, 86 to process the transaction first data 50, such as an on-line purchase or an electronic funds transfer. Accordingly, transaction processing systems (not shown) may also be included in the receiving section 42.
Alternatively, the receiving section 42 of FIG. 5 may be coupled to external transaction processing systems.
In another alternative embodiment, the receiving section may include an AND circuit 88 shown in FIG. 5, such as a logic AND gate or other logic mechanisms, for generating a final validation signal 90 from the validation signals 82, 86.
Accordingly, if and only if both of the classifiers 80, 84 determine that the transaction biometric data 46 as well as the transaction first data 50 have been sufficiently securely transmitted over the network 60, then a final validation signal 90 reflecting the security of the overall transaction is generated.
Although the first classifier 80 is a perfect classifier;
that is, only an exact match of the hash values generates an authentication, the second classifier 84 may generate percentages reflecting relative authenticity and/or scaled numerical values on an authenticity scale to reflect the error tolerance of the second classifier 84 and/or the cross-over error rates associated with biometrics. Accordingly, the application of fuzzy logic may be used to generate a crisp determination of the authenticity of the transaction biometric data 46 as the second validation signal 86.
Using biometric certificates, cross-over error rates for
The receiving section 42 shown in FIG. 5 may respond to the validation signals 82, 86 to process the transaction first data 50, such as an on-line purchase or an electronic funds transfer. Accordingly, transaction processing systems (not shown) may also be included in the receiving section 42.
Alternatively, the receiving section 42 of FIG. 5 may be coupled to external transaction processing systems.
In another alternative embodiment, the receiving section may include an AND circuit 88 shown in FIG. 5, such as a logic AND gate or other logic mechanisms, for generating a final validation signal 90 from the validation signals 82, 86.
Accordingly, if and only if both of the classifiers 80, 84 determine that the transaction biometric data 46 as well as the transaction first data 50 have been sufficiently securely transmitted over the network 60, then a final validation signal 90 reflecting the security of the overall transaction is generated.
Although the first classifier 80 is a perfect classifier;
that is, only an exact match of the hash values generates an authentication, the second classifier 84 may generate percentages reflecting relative authenticity and/or scaled numerical values on an authenticity scale to reflect the error tolerance of the second classifier 84 and/or the cross-over error rates associated with biometrics. Accordingly, the application of fuzzy logic may be used to generate a crisp determination of the authenticity of the transaction biometric data 46 as the second validation signal 86.
Using biometric certificates, cross-over error rates for
-14-identification and authentication may be below about 2.0%, and may even be also low as about 0.5%. The application of more advanced biometric input devices 26, 44 and classifiers 80, 84 known in the art may obtain substantially perfect authentication of any individual from the global population.
The disclosed biometric certification system and method may include electronic transactions using a network as described in commonly assigned U.S. Patent Application No.
08/770,824, filed December 20, 1996 and entitled "VIRTUAL
CERTIFICATE AUTHORITY, which is incorporated herein by reference. Such a system can be adapted to include the use of biometric certificates as described herein for cryptographically binding the biometric data of a user with identification information to form such biometric certificates.
The use of public key technology allows the transaction/signature authentication process to be done either centrally or remotely, depending upon the needs of the transaction.
While the disclosed biometric certification system and method is particularly shown and described herein with reference to the preferred embodiments, it is to be understood that various modifications in form and detail may be made therein without departing from the scope and spirit of the present invention. Accordingly, modifications, such as any examples suggested herein, but not limited thereto, are to be considered within the scope of the present invention.
The disclosed biometric certification system and method may include electronic transactions using a network as described in commonly assigned U.S. Patent Application No.
08/770,824, filed December 20, 1996 and entitled "VIRTUAL
CERTIFICATE AUTHORITY, which is incorporated herein by reference. Such a system can be adapted to include the use of biometric certificates as described herein for cryptographically binding the biometric data of a user with identification information to form such biometric certificates.
The use of public key technology allows the transaction/signature authentication process to be done either centrally or remotely, depending upon the needs of the transaction.
While the disclosed biometric certification system and method is particularly shown and described herein with reference to the preferred embodiments, it is to be understood that various modifications in form and detail may be made therein without departing from the scope and spirit of the present invention. Accordingly, modifications, such as any examples suggested herein, but not limited thereto, are to be considered within the scope of the present invention.
-15-
Claims (10)
1. A method for authenticating an electronic transaction involving a user, comprising the steps of:
registering a user, including the steps of:
receiving a registration set of physical characteristics of the user at a biometric input device;
generating registration biometric data corresponding to the registration set of physical characteristics;
generating a biometric certificate from the registration biometric data, user input data, a public key of the user, and a digital signature; and storing the biometric certificate in a biometric database;
transmitting an electronic transaction over a network, the electronic transaction including transaction biometric data, transaction first data, and a digital signature generated from the transaction biometric data and the transaction first data, the step of transmitting including the steps of:
receiving a current set of physical characteristics of the user;
generating the transaction biometric data from the current set related to the physical condition of the user;
generating a first hash value signal from the transaction first data and the transaction biometric data;
generating the digital signature from the hash value and a private key signal of the user;
transmitting the digital signature over the network; and transmitting the transaction biometric data and the transaction first data over the network; and authenticating the electronic transaction, including the steps of receiving the digital signature, the transaction biometric data and the transaction first data from the network;
retrieving user identification (ID) data from the transaction first data;
retrieving a biometric certificate, corresponding to the user ID data, from the biometric database;
extracting the registration biometric data and the user public key from the biometric certificate;
decrypting the digital signature using the user public key to retrieve the first hash value from the digital signature;
generating a second hash value from the transaction biometric data and the transaction first data;
comparing the first hash value to the second hash value using a first classifier;
generating a first validation signal to authenticate the transmission of the transaction first data and the transaction biometric data based on the comparison by the first classifier;
comparing the registration biometric data and the transaction biometric data using a second classifier; and generating a second validation signal to authenticate the user based on the comparison by the second classifier.
registering a user, including the steps of:
receiving a registration set of physical characteristics of the user at a biometric input device;
generating registration biometric data corresponding to the registration set of physical characteristics;
generating a biometric certificate from the registration biometric data, user input data, a public key of the user, and a digital signature; and storing the biometric certificate in a biometric database;
transmitting an electronic transaction over a network, the electronic transaction including transaction biometric data, transaction first data, and a digital signature generated from the transaction biometric data and the transaction first data, the step of transmitting including the steps of:
receiving a current set of physical characteristics of the user;
generating the transaction biometric data from the current set related to the physical condition of the user;
generating a first hash value signal from the transaction first data and the transaction biometric data;
generating the digital signature from the hash value and a private key signal of the user;
transmitting the digital signature over the network; and transmitting the transaction biometric data and the transaction first data over the network; and authenticating the electronic transaction, including the steps of receiving the digital signature, the transaction biometric data and the transaction first data from the network;
retrieving user identification (ID) data from the transaction first data;
retrieving a biometric certificate, corresponding to the user ID data, from the biometric database;
extracting the registration biometric data and the user public key from the biometric certificate;
decrypting the digital signature using the user public key to retrieve the first hash value from the digital signature;
generating a second hash value from the transaction biometric data and the transaction first data;
comparing the first hash value to the second hash value using a first classifier;
generating a first validation signal to authenticate the transmission of the transaction first data and the transaction biometric data based on the comparison by the first classifier;
comparing the registration biometric data and the transaction biometric data using a second classifier; and generating a second validation signal to authenticate the user based on the comparison by the second classifier.
2. The method of claim 1, wherein the step of authenticating further comprises the step of:
ANDing the first and second validation signals.
ANDing the first and second validation signals.
3. The method of claim 1, wherein the step of receiving a registration set of physical characteristics of the user includes the step of:
receiving visual characteristics of the user using a visual reader as the biometric input device.
receiving visual characteristics of the user using a visual reader as the biometric input device.
4. The method of claim 1, wherein the step of receiving a registration set of physical characteristics of the user includes the step of:
receiving speech characteristics of the user using a speech digitizer as the biometric input device.
receiving speech characteristics of the user using a speech digitizer as the biometric input device.
5. The method of claim 1, wherein the step of generating the registration biometric data includes the step of:
generating a bit sequence greater than about 500 bytes in length as the registration blometric data.
generating a bit sequence greater than about 500 bytes in length as the registration blometric data.
6. A system for authenticating an electronic transaction involving a user, comprising:
a registration section configured to register a user by receiving a registration set of physical characteristics of the user at a biometric input device, generating registration biometric data corresponding to the registration set of physical characteristics, generating a biometric certificate from the registration biometric data, user input data, a public key of the user, and a digital signature, and storing the biometric certificate in a biometric database;
a transmission section configured to transmit an electronic transaction over a network, the electronic transaction including transaction biometric data, transaction first data, and a digital signature generated from the transaction biometric data and the transaction first data, the transmitting section receiving a current set of physical characteristics of the user, generating the transaction biometric data from the current set related to the physical condition of the user, generating a first hash value signal from the transaction first data and the transaction biometric data, generating the digital signature from the hash value and a private key signal of the user, transmitting the digital signature over the network, and transmitting the transaction biometric data and the transaction first data over the network; and an authentication section configured to authenticate the electronic transaction by receiving the digital signature, the transaction biometric data and the transaction first data from the network, retrieving user identification (ID) data from the transaction first data, retrieving a biometric certificate, corresponding to the user ID
data, from the biometric database, extracting the registration biometric data and the user public key from the biometric certificate, decrypting the digital signature using the user public key to retrieve the first hash value from the digital signature, generating a second hash value from the transaction biometric data and the transaction first data, comparing the first hash value to the second hash value using a first classifier, generating a first validation signal to authenticate the transmission of the transaction first data and the transaction biometric data based on the comparison by the first classifier, comparing the registration biometric data and the transaction biometric data using a second classifier, and generating a second validation signal to authenticate the user based on the comparison by the second classifier.
a registration section configured to register a user by receiving a registration set of physical characteristics of the user at a biometric input device, generating registration biometric data corresponding to the registration set of physical characteristics, generating a biometric certificate from the registration biometric data, user input data, a public key of the user, and a digital signature, and storing the biometric certificate in a biometric database;
a transmission section configured to transmit an electronic transaction over a network, the electronic transaction including transaction biometric data, transaction first data, and a digital signature generated from the transaction biometric data and the transaction first data, the transmitting section receiving a current set of physical characteristics of the user, generating the transaction biometric data from the current set related to the physical condition of the user, generating a first hash value signal from the transaction first data and the transaction biometric data, generating the digital signature from the hash value and a private key signal of the user, transmitting the digital signature over the network, and transmitting the transaction biometric data and the transaction first data over the network; and an authentication section configured to authenticate the electronic transaction by receiving the digital signature, the transaction biometric data and the transaction first data from the network, retrieving user identification (ID) data from the transaction first data, retrieving a biometric certificate, corresponding to the user ID
data, from the biometric database, extracting the registration biometric data and the user public key from the biometric certificate, decrypting the digital signature using the user public key to retrieve the first hash value from the digital signature, generating a second hash value from the transaction biometric data and the transaction first data, comparing the first hash value to the second hash value using a first classifier, generating a first validation signal to authenticate the transmission of the transaction first data and the transaction biometric data based on the comparison by the first classifier, comparing the registration biometric data and the transaction biometric data using a second classifier, and generating a second validation signal to authenticate the user based on the comparison by the second classifier.
7. The system of claim 6, wherein the authentication section is further configured to AND the first and second validation signals.
8. The system of claim 6, wherein the registration section is configured to receive visual characteristics of the user using a visual reader as the biometric input device.
9. The system of claim 6, wherein the registration section is configured to receive speech characteristics of the user using a speech digitizer as the biometric input device.
10. The system of claim 6, wherein the registration section is configured to generate a bit sequence greater than approximately 500 bytes in length as the registration biometric data.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US4601297P | 1997-05-09 | 1997-05-09 | |
US60/046,012 | 1997-05-09 | ||
PCT/US1998/009770 WO1998050875A2 (en) | 1997-05-09 | 1998-05-08 | Biometric certificates |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2287857A1 CA2287857A1 (en) | 1998-11-12 |
CA2287857C true CA2287857C (en) | 2008-07-29 |
Family
ID=21941088
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002287857A Expired - Fee Related CA2287857C (en) | 1997-05-09 | 1998-05-08 | Biometric certificates |
Country Status (9)
Country | Link |
---|---|
US (1) | US6310966B1 (en) |
EP (1) | EP0980559A4 (en) |
JP (1) | JP4531140B2 (en) |
KR (1) | KR100486062B1 (en) |
CN (1) | CN1139894C (en) |
AU (1) | AU7484898A (en) |
BR (1) | BR9808737A (en) |
CA (1) | CA2287857C (en) |
WO (1) | WO1998050875A2 (en) |
Families Citing this family (256)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6366682B1 (en) | 1994-11-28 | 2002-04-02 | Indivos Corporation | Tokenless electronic transaction system |
US6950810B2 (en) * | 1994-11-28 | 2005-09-27 | Indivos Corporation | Tokenless biometric electronic financial transactions via a third party identicator |
US6269348B1 (en) | 1994-11-28 | 2001-07-31 | Veristar Corporation | Tokenless biometric electronic debit and credit transactions |
US7613659B1 (en) | 1994-11-28 | 2009-11-03 | Yt Acquisition Corporation | System and method for processing tokenless biometric electronic transmissions using an electronic rule module clearinghouse |
US6397198B1 (en) | 1994-11-28 | 2002-05-28 | Indivos Corporation | Tokenless biometric electronic transactions using an audio signature to identify the transaction processor |
US7882032B1 (en) | 1994-11-28 | 2011-02-01 | Open Invention Network, Llc | System and method for tokenless biometric authorization of electronic communications |
US20040128249A1 (en) | 1994-11-28 | 2004-07-01 | Indivos Corporation, A Delaware Corporation | System and method for tokenless biometric electronic scrip |
US6154879A (en) * | 1994-11-28 | 2000-11-28 | Smarttouch, Inc. | Tokenless biometric ATM access system |
US6424249B1 (en) * | 1995-05-08 | 2002-07-23 | Image Data, Llc | Positive identity verification system and method including biometric user authentication |
US20030014629A1 (en) * | 2001-07-16 | 2003-01-16 | Zuccherato Robert J. | Root certificate management system and method |
US7319987B1 (en) | 1996-08-29 | 2008-01-15 | Indivos Corporation | Tokenless financial access system |
US5982914A (en) | 1997-07-29 | 1999-11-09 | Smarttouch, Inc. | Identification of individuals from association of finger pores and macrofeatures |
US7519558B2 (en) * | 1997-08-27 | 2009-04-14 | Ballard Claudio R | Biometrically enabled private secure information repository |
US6980670B1 (en) | 1998-02-09 | 2005-12-27 | Indivos Corporation | Biometric tokenless electronic rewards system and method |
JP3112076B2 (en) * | 1998-05-21 | 2000-11-27 | 豊 保倉 | User authentication system |
DE19844360A1 (en) * | 1998-09-28 | 2000-04-13 | Anatoli Stobbe | Access control system |
US6820202B1 (en) * | 1998-11-09 | 2004-11-16 | First Data Corporation | Account authority digital signature (AADS) system |
US20020056043A1 (en) * | 1999-01-18 | 2002-05-09 | Sensar, Inc. | Method and apparatus for securely transmitting and authenticating biometric data over a network |
US6332193B1 (en) * | 1999-01-18 | 2001-12-18 | Sensar, Inc. | Method and apparatus for securely transmitting and authenticating biometric data over a network |
US6507912B1 (en) * | 1999-01-27 | 2003-01-14 | International Business Machines Corporation | Protection of biometric data via key-dependent sampling |
US6341169B1 (en) * | 1999-02-08 | 2002-01-22 | Pulse Systems, Inc. | System and method for evaluating a document and creating a record of the evaluation process and an associated transaction |
US7305562B1 (en) | 1999-03-09 | 2007-12-04 | Citibank, N.A. | System, method and computer program product for an authentication management infrastructure |
US6256737B1 (en) | 1999-03-09 | 2001-07-03 | Bionetrix Systems Corporation | System, method and computer program product for allowing access to enterprise resources using biometric devices |
US6981151B1 (en) * | 1999-04-08 | 2005-12-27 | Battelle Energy Alliance, Llc | Digital data storage systems, computers, and data verification methods |
WO2000065871A1 (en) * | 1999-04-27 | 2000-11-02 | Siemens Aktiengesellschaft | Terminal with biometric authentification |
US7246244B2 (en) * | 1999-05-14 | 2007-07-17 | Fusionarc, Inc. A Delaware Corporation | Identity verification method using a central biometric authority |
US7079712B1 (en) * | 1999-05-25 | 2006-07-18 | Silverbrook Research Pty Ltd | Method and system for providing information in a document |
DE19940341A1 (en) | 1999-08-25 | 2001-03-01 | Kolja Vogel | Data protection procedures |
JP3490350B2 (en) * | 1999-08-30 | 2004-01-26 | 沖電気工業株式会社 | Electronic payment system |
US6938159B1 (en) * | 1999-09-23 | 2005-08-30 | Intel Corporation | Continuous verification system |
US6708049B1 (en) * | 1999-09-28 | 2004-03-16 | Nellcor Puritan Bennett Incorporated | Sensor with signature of data relating to sensor |
JP4426030B2 (en) | 1999-10-15 | 2010-03-03 | 富士通株式会社 | Authentication apparatus and method using biometric information |
US6488203B1 (en) | 1999-10-26 | 2002-12-03 | First Data Corporation | Method and system for performing money transfer transactions |
AT409238B (en) | 1999-11-05 | 2002-06-25 | Fronius Schweissmasch Prod | DETERMINING AND / OR DETERMINING USER AUTHORIZATIONS BY MEANS OF A TRANSPONDER, A FINGERPRINT IDENTIFIER OR THE LIKE |
US6505193B1 (en) | 1999-12-01 | 2003-01-07 | Iridian Technologies, Inc. | System and method of fast biometric database searching using digital certificates |
US7761715B1 (en) * | 1999-12-10 | 2010-07-20 | International Business Machines Corporation | Semiotic system and method with privacy protection |
US6904524B1 (en) * | 1999-12-21 | 2005-06-07 | American Management Systems, Inc. | Method and apparatus for providing human readable signature with digital signature |
US6460050B1 (en) * | 1999-12-22 | 2002-10-01 | Mark Raymond Pace | Distributed content identification system |
US7376587B1 (en) | 2000-07-11 | 2008-05-20 | Western Union Financial Services, Inc. | Method for enabling transfer of funds through a computer network |
KR100430471B1 (en) * | 2000-01-10 | 2004-05-10 | 김경복 | Communication information. Approval |
JP2001216270A (en) * | 2000-01-31 | 2001-08-10 | Netmarks Inc | Authentication station, authentication system and authentication method |
US20010034836A1 (en) * | 2000-01-31 | 2001-10-25 | Netmarks Inc. | System for secure certification of network |
US6453301B1 (en) | 2000-02-23 | 2002-09-17 | Sony Corporation | Method of using personal device with internal biometric in conducting transactions over a network |
US7441263B1 (en) | 2000-03-23 | 2008-10-21 | Citibank, N.A. | System, method and computer program product for providing unified authentication services for online applications |
US7698565B1 (en) * | 2000-03-30 | 2010-04-13 | Digitalpersona, Inc. | Crypto-proxy server and method of using the same |
US7409543B1 (en) * | 2000-03-30 | 2008-08-05 | Digitalpersona, Inc. | Method and apparatus for using a third party authentication server |
US6920561B1 (en) | 2000-03-31 | 2005-07-19 | International Business Machines Corporation | Method and system for enabling free seating using biometrics through a centralized authentication |
JP2001306503A (en) | 2000-04-26 | 2001-11-02 | Nec Niigata Ltd | Authentication system for individual and authentication method for individual used therefor |
EP1659758A1 (en) * | 2000-04-26 | 2006-05-24 | Semiconductor Energy Laboratory Co., Ltd. | A communication method for identifying an individual by means of biological information |
KR100771258B1 (en) | 2000-05-09 | 2007-10-29 | 가부시키가이샤 한도오따이 에네루기 켄큐쇼 | User identity authentication system and user identity authentication method and mobile telephonic device |
US20020049714A1 (en) | 2000-05-11 | 2002-04-25 | Shunpei Yamazaki | Communication system |
JP4511684B2 (en) | 2000-05-16 | 2010-07-28 | 日本電気株式会社 | Biometrics identity verification service provision system |
US9165323B1 (en) | 2000-05-31 | 2015-10-20 | Open Innovation Network, LLC | Biometric transaction system and method |
WO2001093167A1 (en) | 2000-05-31 | 2001-12-06 | Indivos Corporation | Biometric financial transaction system and method |
US7120607B2 (en) * | 2000-06-16 | 2006-10-10 | Lenovo (Singapore) Pte. Ltd. | Business system and method using a distorted biometrics |
US7024562B1 (en) * | 2000-06-29 | 2006-04-04 | Optisec Technologies Ltd. | Method for carrying out secure digital signature and a system therefor |
US7389208B1 (en) * | 2000-06-30 | 2008-06-17 | Accord Solutions, Inc. | System and method for dynamic knowledge construction |
EP1312012A4 (en) | 2000-07-11 | 2006-09-06 | First Data Corp | Wide area network person-to-person payment |
US7240036B1 (en) * | 2000-07-13 | 2007-07-03 | Gtech Global Services Corporation | Method and system for facilitation of wireless e-commerce transactions |
US7933589B1 (en) | 2000-07-13 | 2011-04-26 | Aeritas, Llc | Method and system for facilitation of wireless e-commerce transactions |
JP2004506245A (en) | 2000-08-04 | 2004-02-26 | ファースト データ コーポレイション | Linking the device's public key with information during manufacture |
JP3808297B2 (en) * | 2000-08-11 | 2006-08-09 | 株式会社日立製作所 | IC card system and IC card |
KR20020014271A (en) * | 2000-08-17 | 2002-02-25 | 김태국 | Method for certifying an entrance and exit/administration of students by using a fingerprint pattern |
AUPQ969200A0 (en) * | 2000-08-25 | 2000-09-21 | Toneguzzo Group Pty Limited, The | Biometric authentication |
JP4654498B2 (en) * | 2000-08-31 | 2011-03-23 | ソニー株式会社 | Personal authentication system, personal authentication method, information processing apparatus, and program providing medium |
JP4660900B2 (en) * | 2000-08-31 | 2011-03-30 | ソニー株式会社 | Personal authentication application data processing system, personal authentication application data processing method, information processing apparatus, and program providing medium |
JP2002073571A (en) * | 2000-08-31 | 2002-03-12 | Sony Corp | Personal identification system, personal identification method and program providing medium |
JP4556308B2 (en) * | 2000-08-31 | 2010-10-06 | ソニー株式会社 | Content distribution system, content distribution method, information processing apparatus, and program providing medium |
JP2002073568A (en) * | 2000-08-31 | 2002-03-12 | Sony Corp | System and method for personal identification and program supply medium |
JP4581200B2 (en) * | 2000-08-31 | 2010-11-17 | ソニー株式会社 | Personal authentication system, personal authentication method, information processing apparatus, and program providing medium |
JP4552294B2 (en) * | 2000-08-31 | 2010-09-29 | ソニー株式会社 | Content distribution system, content distribution method, information processing apparatus, and program providing medium |
JP4654497B2 (en) * | 2000-08-31 | 2011-03-23 | ソニー株式会社 | Personal authentication system, personal authentication method, information processing apparatus, and program providing medium |
JP4655345B2 (en) * | 2000-08-31 | 2011-03-23 | ソニー株式会社 | Information processing apparatus, information processing method, and program providing medium |
US6672505B1 (en) * | 2000-09-27 | 2004-01-06 | Diebold, Incorporated | Automated banking machine configuration system and method |
US6819219B1 (en) * | 2000-10-13 | 2004-11-16 | International Business Machines Corporation | Method for biometric-based authentication in wireless communication for access control |
JP2002158655A (en) * | 2000-11-22 | 2002-05-31 | Mitsubishi Electric Corp | Certifying device, collating device and electronic certificate system with which these devices are connected |
US7765163B2 (en) * | 2000-12-12 | 2010-07-27 | Sony Corporation | System and method for conducting secure transactions over a network |
US7266533B2 (en) | 2000-12-15 | 2007-09-04 | The Western Union Company | Electronic gift greeting |
US20020118837A1 (en) * | 2000-12-21 | 2002-08-29 | Hamilton Jon W. | Method and system for digital image authentication center |
US20020124190A1 (en) | 2001-03-01 | 2002-09-05 | Brian Siegel | Method and system for restricted biometric access to content of packaged media |
US7184989B2 (en) | 2001-03-31 | 2007-02-27 | First Data Corporation | Staged transactions systems and methods |
US9853759B1 (en) | 2001-03-31 | 2017-12-26 | First Data Corporation | Staged transaction system for mobile commerce |
US7117183B2 (en) | 2001-03-31 | 2006-10-03 | First Data Coroporation | Airline ticket payment and reservation system and methods |
CA2443220A1 (en) | 2001-03-31 | 2002-10-10 | First Data Corporation | Electronic identifier payment system and methods |
US7254711B2 (en) * | 2001-04-05 | 2007-08-07 | Nippon Telegraph And Telephone Corporation | Network authentication system, method, and program, service providing apparatus, certificate authority, and user terminal |
EP1258840A1 (en) * | 2001-05-15 | 2002-11-20 | Koninklijke KPN N.V. | Method and system for processing identification data |
EP1263164B1 (en) * | 2001-05-23 | 2006-06-07 | Daniel Büttiker | Method and token for registering users of a public-key infrastuture and registration system |
US7197168B2 (en) * | 2001-07-12 | 2007-03-27 | Atrua Technologies, Inc. | Method and system for biometric image assembly from multiple partial biometric frame scans |
US20030021495A1 (en) * | 2001-07-12 | 2003-01-30 | Ericson Cheng | Fingerprint biometric capture device and method with integrated on-chip data buffering |
SE0103022D0 (en) * | 2001-08-23 | 2001-08-23 | Hans Sjoeblom | Identification system |
JP2003085084A (en) * | 2001-09-12 | 2003-03-20 | Sony Corp | Contents delivery system and method, portable terminal, delivery server, and recording medium |
US8200980B1 (en) | 2001-09-21 | 2012-06-12 | Open Invention Network, Llc | System and method for enrolling in a biometric system |
US7464059B1 (en) | 2001-09-21 | 2008-12-09 | Yt Acquisition Corporation | System and method for purchase benefits at a point of sale |
US9189788B1 (en) | 2001-09-21 | 2015-11-17 | Open Invention Network, Llc | System and method for verifying identity |
US7437330B1 (en) | 2002-09-20 | 2008-10-14 | Yt Acquisition Corp. | System and method for categorizing transactions |
US7624073B1 (en) | 2001-09-21 | 2009-11-24 | Yt Acquisition Corporation | System and method for categorizing transactions |
US7533809B1 (en) | 2001-09-21 | 2009-05-19 | Yt Acquisition Corporation | System and method for operating a parking facility |
US7269737B2 (en) | 2001-09-21 | 2007-09-11 | Pay By Touch Checking Resources, Inc. | System and method for biometric authorization for financial transactions |
US7765164B1 (en) | 2001-09-21 | 2010-07-27 | Yt Acquisition Corporation | System and method for offering in-lane periodical subscriptions |
US7174463B2 (en) | 2001-10-04 | 2007-02-06 | Lenovo (Singapore) Pte. Ltd. | Method and system for preboot user authentication |
KR100449484B1 (en) * | 2001-10-18 | 2004-09-21 | 한국전자통신연구원 | Method for issuing a certificate of authentication using information of a bio metrics in a pki infrastructure |
US8374962B2 (en) | 2001-10-26 | 2013-02-12 | First Data Corporation | Stored value payouts |
US8244632B2 (en) | 2001-10-26 | 2012-08-14 | First Data Corporation | Automated transfer with stored value |
US20030229811A1 (en) * | 2001-10-31 | 2003-12-11 | Cross Match Technologies, Inc. | Method that provides multi-tiered authorization and identification |
GB2382006A (en) * | 2001-11-06 | 2003-05-14 | Ibm | Digital certificate containing the identity of an entity which will rely on the certificate |
GB2381916B (en) * | 2001-11-08 | 2005-03-23 | Ncr Int Inc | Biometrics template |
KR100422198B1 (en) * | 2001-12-04 | 2004-03-11 | 김영제 | Public Key Infrastructure using biometrics and digital watermark |
KR20030052194A (en) * | 2001-12-20 | 2003-06-26 | 한국전자통신연구원 | A system for user verification using biometric information, a method for registering certificates in the system and a user verification method |
KR100470732B1 (en) * | 2002-01-31 | 2005-03-08 | 한국전자통신연구원 | An Apparatus and Method of the Biometric Information Protection from Replay Attack in the Network |
DE10207056A1 (en) * | 2002-02-20 | 2003-09-04 | Giesecke & Devrient Gmbh | Procedure for proving a person's authorization to use a portable data carrier |
US20030182151A1 (en) * | 2002-02-26 | 2003-09-25 | Neal Taslitz | Method of using biometric measurements as a legal seal for authenticating real estate deeds and mortgages |
US8086867B2 (en) * | 2002-03-26 | 2011-12-27 | Northrop Grumman Systems Corporation | Secure identity and privilege system |
US6957770B1 (en) | 2002-05-10 | 2005-10-25 | Biopay, Llc | System and method for biometric authorization for check cashing |
US7753268B1 (en) | 2002-05-10 | 2010-07-13 | Phoenix Check Cashing, Inc. | System and method for negotiable instrument cashing transaction assistance procedures |
US7614550B1 (en) | 2002-05-10 | 2009-11-10 | Phoenix Check Cashing, Inc. | System and method for negotiable instrument cashing fee setup by type |
US7520422B1 (en) | 2002-05-10 | 2009-04-21 | Phoenix Check Cashing, Inc. | System and method for depositing negotiable instruments |
US6972660B1 (en) * | 2002-05-15 | 2005-12-06 | Lifecardid, Inc. | System and method for using biometric data for providing identification, security, access and access records |
US20030221105A1 (en) * | 2002-05-20 | 2003-11-27 | Autodesk, Inc. | Extensible mechanism for attaching digital signatures to different file types |
FR2840747B1 (en) * | 2002-06-11 | 2004-10-15 | Laurent Michel | ELECTRONIC SIGNATURE CONTROL METHOD FOR AUTHORIZING ACCESS TO A COMPUTER FOR THE EXECUTION OF A TRANSACTION |
WO2004006076A2 (en) * | 2002-07-03 | 2004-01-15 | Aurora Wireless Technologies, Ltd. | Biometric private key infrastructure |
KR20030068358A (en) * | 2002-07-19 | 2003-08-21 | (주)이폴랩 | system and method for managing attendance and absence |
AU2002317043A1 (en) * | 2002-07-24 | 2004-02-09 | Bqt Solutions (Australia) Pty Ltd | Biometric smartcard system |
KR20100095659A (en) * | 2002-07-29 | 2010-08-31 | 이데시아 엘티디. | Method and apparatus for electro-biometric identity recognition |
EP1429224A1 (en) * | 2002-12-10 | 2004-06-16 | Texas Instruments Incorporated | Firmware run-time authentication |
US7590861B2 (en) * | 2002-08-06 | 2009-09-15 | Privaris, Inc. | Methods for secure enrollment and backup of personal identity credentials into electronic devices |
AU2003296773A1 (en) * | 2002-09-13 | 2004-04-30 | Datatreasury Corporation | Processing of credit card transactions using internet protocol |
US7900052B2 (en) | 2002-11-06 | 2011-03-01 | International Business Machines Corporation | Confidential data sharing and anonymous entity resolution |
AU2003285161A1 (en) * | 2002-11-08 | 2004-06-03 | Data Flow / Alaska, Inc. | System for uniquely identifying subjects from a target population |
WO2004061668A1 (en) * | 2002-12-31 | 2004-07-22 | International Business Machines Corporation | Authorized anonymous authentication |
US7219236B2 (en) * | 2003-02-26 | 2007-05-15 | Electronic Data Systems Corporation | Administering a security system |
US7308581B1 (en) | 2003-03-07 | 2007-12-11 | Traffic101.Com | Systems and methods for online identity verification |
US7185015B2 (en) | 2003-03-14 | 2007-02-27 | Websense, Inc. | System and method of monitoring and controlling application files |
US7529754B2 (en) | 2003-03-14 | 2009-05-05 | Websense, Inc. | System and method of monitoring and controlling application files |
KR20040082822A (en) * | 2003-03-20 | 2004-09-30 | 엘지전자 주식회사 | User Authentication Method for Remote Control and Remote Control Apparatus |
US7058619B2 (en) * | 2003-04-21 | 2006-06-06 | International Business Machines Corporation | Method, system and computer program product for facilitating digital certificate state change notification |
GB0309182D0 (en) | 2003-04-23 | 2003-05-28 | Hewlett Packard Development Co | Security method and apparatus using biometric data |
US20040221158A1 (en) * | 2003-05-02 | 2004-11-04 | Secure Data In Motion, Inc. | Digital signature and verification system for conversational messages |
JP2007505420A (en) * | 2003-06-13 | 2007-03-08 | アーノウズ,マイケル | Network security and digital signature authentication system and method |
CA2534987A1 (en) * | 2003-07-09 | 2005-01-27 | Cross Match Technologies, Inc. | Systems and methods for facilitating transactions |
JP2005032164A (en) * | 2003-07-11 | 2005-02-03 | Matsushita Electric Ind Co Ltd | Authentication system, authentication device, server device, registration device, and terminal device |
US20050039016A1 (en) * | 2003-08-12 | 2005-02-17 | Selim Aissi | Method for using trusted, hardware-based identity credentials in runtime package signature to secure mobile communications and high-value transaction execution |
US20050119991A1 (en) * | 2003-09-03 | 2005-06-02 | David Delgrosso | Access administration system and method |
JP4585189B2 (en) * | 2003-09-19 | 2010-11-24 | 富士通株式会社 | Electronic signature assigning apparatus, electronic signature assigning method, and electronic signature assigning program |
US20050273444A1 (en) * | 2004-02-05 | 2005-12-08 | David Delgrosso | Access administration system and method for a currency compartment |
US7853790B2 (en) | 2004-03-19 | 2010-12-14 | Microsoft Corporation | Enhancement to volume license keys |
US20050246291A1 (en) * | 2004-04-14 | 2005-11-03 | David Delgrosso | System and method for creating an account using biometric information |
JP4545480B2 (en) * | 2004-04-28 | 2010-09-15 | 株式会社エヌ・ティ・ティ・ドコモ | Electronic signature generation device, web server, biometric information authentication device, and user authentication system |
US7814024B2 (en) * | 2004-05-14 | 2010-10-12 | Ching Peter N | Multi-way transactions related data exchange apparatus and methods |
US11017097B2 (en) | 2004-05-14 | 2021-05-25 | Peter N. Ching | Systems and methods for prevention of unauthorized access to resources of an information system |
US20050289079A1 (en) * | 2004-05-17 | 2005-12-29 | Shimon Systems, Inc. | Systems and methods for biometric identification |
JP2007538320A (en) * | 2004-05-18 | 2007-12-27 | シルバーブルック リサーチ ピーティワイ リミテッド | Method and computer system for tracking product items |
US20100208950A1 (en) * | 2009-02-17 | 2010-08-19 | Silvester Kelan C | Biometric identification data protection |
KR20060032888A (en) * | 2004-10-13 | 2006-04-18 | 한국전자통신연구원 | Apparatus for managing identification information via internet and method of providing service using the same |
TWI249314B (en) * | 2004-10-15 | 2006-02-11 | Ind Tech Res Inst | Biometrics-based cryptographic key generation system and method |
JP2006155196A (en) * | 2004-11-29 | 2006-06-15 | Intelligentdisc Inc | Network access system, method and storage medium |
KR100597174B1 (en) | 2004-12-27 | 2006-07-06 | (주)니트 젠 | Method of authenticating biomass with time shortened |
FR2882878B1 (en) * | 2005-03-07 | 2007-04-27 | Christophe Richard | DEVICE, METHOD AND SYSTEM FOR SECURITY FOR FINANCIAL TRANSACTIONS BASED ON THE IDENTIFICATION OF AN INDIVIDUAL THROUGH ITS BIOMETRIC PROFILE AND USING A MICROPROCESSOR CARD |
US20080298647A1 (en) * | 2005-04-08 | 2008-12-04 | Us Biometrics Corporation | System and Method for Identifying an Enrolled User Utilizing a Biometric Identifier |
US20060253358A1 (en) * | 2005-04-08 | 2006-11-09 | David Delgrosso | System and method for identifying and managing customers in a financial institution |
CN1322703C (en) * | 2005-05-16 | 2007-06-20 | 刘小鹏 | Self-determined authentication card with multiplayer ciphers, system, method and authentication telephone set |
US20070065021A1 (en) * | 2005-07-14 | 2007-03-22 | David Delgrosso | System for encoding signatures for compressed storage using a signature encoding algorithm |
KR100656355B1 (en) * | 2005-10-19 | 2006-12-11 | 한국전자통신연구원 | Method for user authentication and service authentication using splitted user authentication key and apparatus thereof |
ATE495504T1 (en) * | 2005-10-26 | 2011-01-15 | Swisscom Ag | METHOD AND COMMUNICATION SYSTEM FOR COMPARING BIOMETRIC DATA RECORDED WITH BIOMETRIC SENSORS WITH REFERENCE DATA |
US20070174916A1 (en) * | 2005-10-28 | 2007-07-26 | Ching Peter N | Method and apparatus for secure data transfer |
WO2007058520A1 (en) * | 2005-11-18 | 2007-05-24 | Corentix Technologies Sdn Bhd | Improvements in and relating to biometrics |
KR100759813B1 (en) | 2005-12-12 | 2007-09-20 | 한국전자통신연구원 | Method for authenticating user using biometrics information |
US20070256615A1 (en) * | 2006-01-17 | 2007-11-08 | David Delgrosso | System and method for unattended access to safe deposit boxes |
JP2007249556A (en) | 2006-03-15 | 2007-09-27 | Fujitsu Ltd | Individual authentication system, method and program using biological information |
EP2009839A4 (en) * | 2006-04-07 | 2010-03-10 | Huawei Tech Co Ltd | A method and system for information security authentication |
US8463000B1 (en) | 2007-07-02 | 2013-06-11 | Pinehill Technology, Llc | Content identification based on a search of a fingerprint database |
US8156132B1 (en) | 2007-07-02 | 2012-04-10 | Pinehill Technology, Llc | Systems for comparing image fingerprints |
US7840540B2 (en) | 2006-04-20 | 2010-11-23 | Datascout, Inc. | Surrogate hashing |
US8549022B1 (en) | 2007-07-02 | 2013-10-01 | Datascout, Inc. | Fingerprint generation of multimedia content based on a trigger point with the multimedia content |
US7991206B1 (en) * | 2007-07-02 | 2011-08-02 | Datascout, Inc. | Surrogate heuristic identification |
US9020964B1 (en) | 2006-04-20 | 2015-04-28 | Pinehill Technology, Llc | Generation of fingerprints for multimedia content based on vectors and histograms |
WO2007124095A2 (en) * | 2006-04-21 | 2007-11-01 | Us Biometrics Corporation | System and method for remote management and facilitating installation and registration of software |
US8151322B2 (en) | 2006-05-16 | 2012-04-03 | A10 Networks, Inc. | Systems and methods for user access authentication based on network access point |
NL1032340C2 (en) * | 2006-08-17 | 2008-02-25 | Hieronymus Watse Wiersma | System and method for digitally signing data files. |
US8312507B2 (en) | 2006-10-17 | 2012-11-13 | A10 Networks, Inc. | System and method to apply network traffic policy to an application session |
US7716378B2 (en) | 2006-10-17 | 2010-05-11 | A10 Networks, Inc. | System and method to associate a private user identity with a public user identity |
US8204831B2 (en) | 2006-11-13 | 2012-06-19 | International Business Machines Corporation | Post-anonymous fuzzy comparisons without the use of pre-anonymization variants |
CN101542971B (en) * | 2006-11-21 | 2014-07-23 | 皇家飞利浦电子股份有限公司 | Fuzzy biometrics based signatures |
US20080162943A1 (en) * | 2006-12-28 | 2008-07-03 | Ali Valiuddin Y | Biometric security system and method |
US7933835B2 (en) | 2007-01-17 | 2011-04-26 | The Western Union Company | Secure money transfer systems and methods using biometric keys associated therewith |
US8818904B2 (en) | 2007-01-17 | 2014-08-26 | The Western Union Company | Generation systems and methods for transaction identifiers having biometric keys associated therewith |
KR100868367B1 (en) * | 2007-02-28 | 2008-11-12 | 이주형 | Fingerprint-Information based User Authentication Method and System |
US8504473B2 (en) | 2007-03-28 | 2013-08-06 | The Western Union Company | Money transfer system and messaging system |
US7783571B2 (en) | 2007-05-31 | 2010-08-24 | First Data Corporation | ATM system for receiving cash deposits from non-networked clients |
CN101350811B (en) * | 2007-07-18 | 2011-05-04 | 华为技术有限公司 | Biology authentication method, equipment and system |
US8055545B2 (en) * | 2007-08-31 | 2011-11-08 | 4361423 Canada Inc. | Apparatus and method for conducting secure financial transactions |
JP2009140231A (en) * | 2007-12-06 | 2009-06-25 | Sony Corp | Communication system and communication terminal apparatus |
AT506619B1 (en) * | 2008-03-21 | 2015-07-15 | Human Bios Gmbh | PROCESS FOR THE TEMPORARY PERSONALIZATION OF A COMMUNICATION DEVICE |
JP5326527B2 (en) * | 2008-11-28 | 2013-10-30 | 富士通株式会社 | Authentication apparatus and authentication method |
US8406428B2 (en) * | 2008-12-11 | 2013-03-26 | International Business Machines Corporation | Secure method and apparatus to verify personal identity over a network |
US9246908B2 (en) * | 2009-01-08 | 2016-01-26 | Red Hat, Inc. | Adding biometric identification to the client security infrastructure for an enterprise service bus system |
US20100311482A1 (en) | 2009-05-30 | 2010-12-09 | Lange Daniel H | Electro-Biometric Methods and Apparatus |
KR101178855B1 (en) | 2010-05-03 | 2012-09-03 | 남궁종 | Method and apparatus for iris recognition and wireless communications devic security system using it |
EP2649833A1 (en) * | 2010-12-07 | 2013-10-16 | Telefonaktiebolaget LM Ericsson (PUBL) | Method and apparatus for provisioning a temporary identity module using a key-sharing scheme |
KR20160127167A (en) * | 2012-03-08 | 2016-11-02 | 인텔 코포레이션 | Multi-factor certificate authority |
RU2543956C2 (en) * | 2012-06-13 | 2015-03-10 | РОСССИЙСКАЯ ФЕДЕРАЦИЯ, от имени которой выступает ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ТЕХНИЧЕСКОМУ И ЭКСПОРТНОМУ КОНТРОЛЮ (ФСТЭК России) | Method for biometric protection of witness anonymity during court proceedings |
US9165130B2 (en) | 2012-11-21 | 2015-10-20 | Ca, Inc. | Mapping biometrics to a unique key |
US20140215586A1 (en) * | 2013-01-31 | 2014-07-31 | Catherine Jo TILTON | Methods and systems for generating and using a derived authentication credential |
US8924259B2 (en) | 2013-03-14 | 2014-12-30 | Square, Inc. | Mobile device payments |
US9787669B2 (en) | 2013-03-14 | 2017-10-10 | Comcast Cable Communications, Llc | Identity authentication using credentials |
EP2972779A4 (en) | 2013-03-15 | 2016-08-17 | Us Postal Service | System and method of identity verification |
CN103345703A (en) * | 2013-06-17 | 2013-10-09 | 上海方付通商务服务有限公司 | Banking transaction authentication method and system based on image authentication |
US9122853B2 (en) | 2013-06-24 | 2015-09-01 | A10 Networks, Inc. | Location determination for user authentication |
US9213817B2 (en) * | 2013-08-28 | 2015-12-15 | Paypal, Inc. | Motion-based credentials using magnified motion |
US11165770B1 (en) | 2013-12-06 | 2021-11-02 | A10 Networks, Inc. | Biometric verification of a human internet user |
EP2905718A1 (en) * | 2014-02-05 | 2015-08-12 | Thomson Licensing | Device and method certificate generation |
CN103841108B (en) * | 2014-03-12 | 2018-04-27 | 北京天诚盛业科技有限公司 | The authentication method and system of user biological feature |
US20150317466A1 (en) * | 2014-05-02 | 2015-11-05 | Verificient Technologies, Inc. | Certificate verification system and methods of performing the same |
US10114939B1 (en) * | 2014-09-22 | 2018-10-30 | Symantec Corporation | Systems and methods for secure communications between devices |
US9741026B1 (en) | 2014-09-30 | 2017-08-22 | Square, Inc. | Payment by use of identifier |
CN105553919B (en) * | 2014-10-28 | 2019-02-22 | 阿里巴巴集团控股有限公司 | A kind of identity identifying method and device |
US20170329948A1 (en) * | 2014-12-05 | 2017-11-16 | Giuseppe Farina | Digital signature with custom fingerprint |
KR101666374B1 (en) * | 2015-02-13 | 2016-10-14 | 크루셜텍 (주) | Method, apparatus and computer program for issuing user certificate and verifying user |
US10149159B1 (en) * | 2015-03-19 | 2018-12-04 | Proxidyne, Inc. | Trusted beacon system and method |
CA2984888A1 (en) | 2015-05-05 | 2016-11-10 | ShoCard, Inc. | Identity management service using a block chain |
US9876646B2 (en) | 2015-05-05 | 2018-01-23 | ShoCard, Inc. | User identification management system and method |
RU2610696C2 (en) * | 2015-06-05 | 2017-02-14 | Закрытое акционерное общество "Лаборатория Касперского" | System and method for user authentication using electronic digital signature of user |
US10079677B2 (en) | 2015-06-05 | 2018-09-18 | Apple Inc. | Secure circuit for encryption key generation |
US10868672B1 (en) | 2015-06-05 | 2020-12-15 | Apple Inc. | Establishing and verifying identity using biometrics while protecting user privacy |
US11140171B1 (en) | 2015-06-05 | 2021-10-05 | Apple Inc. | Establishing and verifying identity using action sequences while protecting user privacy |
KR101657005B1 (en) * | 2015-06-11 | 2016-09-12 | 전문석 | Method for electrocardiogram authentication |
WO2017004090A1 (en) | 2015-06-30 | 2017-01-05 | United States Postal Service | System and method of providing identity verificaiton services |
CN106530451B (en) * | 2015-09-15 | 2019-01-04 | 一德金属工业股份有限公司 | The control system operated using running gear |
US9519901B1 (en) * | 2015-09-16 | 2016-12-13 | Square, Inc. | Biometric payment technology |
US10652023B2 (en) | 2015-12-30 | 2020-05-12 | T-Mobile Usa, Inc. | Persona and device based certificate management |
EP4027254A3 (en) | 2016-03-04 | 2022-10-05 | Ping Identity Corporation | Method for authenticated session using static or dynamic codes |
US10007826B2 (en) | 2016-03-07 | 2018-06-26 | ShoCard, Inc. | Transferring data files using a series of visual codes |
US10509932B2 (en) | 2016-03-07 | 2019-12-17 | ShoCard, Inc. | Large data transfer using visual codes with feedback confirmation |
US10567377B2 (en) | 2016-05-23 | 2020-02-18 | Pemian & Corella, LLC | Multifactor privacy-enhanced remote identification using a rich credential |
CN106571928B (en) * | 2016-11-09 | 2018-05-01 | 北京海泰方圆科技股份有限公司 | A kind of method and device of browser administration |
GB2555817A (en) * | 2016-11-10 | 2018-05-16 | Sthaler Ltd | Biometric transaction system |
US10062074B1 (en) | 2016-11-30 | 2018-08-28 | Square, Inc. | System for improving card on file transactions |
US10498541B2 (en) | 2017-02-06 | 2019-12-03 | ShocCard, Inc. | Electronic identification verification methods and systems |
GB2561537B (en) | 2017-02-27 | 2022-10-12 | Emteq Ltd | Optical expression detection |
WO2019113552A1 (en) | 2017-12-08 | 2019-06-13 | ShoCard, Inc. | Methods and systems for recovering data using dynamic passwords |
CN108520462B (en) | 2018-03-30 | 2020-07-24 | 阿里巴巴集团控股有限公司 | Service execution method and device based on block chain and electronic equipment |
CN108900309B (en) * | 2018-05-17 | 2020-08-18 | 北京岸思信息科技有限公司 | Authentication method and authentication system |
CN108876401B (en) | 2018-05-29 | 2022-03-01 | 创新先进技术有限公司 | Commodity claim settlement method and device based on block chain and electronic equipment |
US10878402B1 (en) | 2018-08-31 | 2020-12-29 | Square, Inc. | Temporarily provisioning payment functionality to alternate payment instrument |
US10997583B1 (en) | 2018-08-31 | 2021-05-04 | Square, Inc. | Temporarily provisioning card on file payment functionality to proximate merchants |
US10979227B2 (en) | 2018-10-17 | 2021-04-13 | Ping Identity Corporation | Blockchain ID connect |
US11082221B2 (en) | 2018-10-17 | 2021-08-03 | Ping Identity Corporation | Methods and systems for creating and recovering accounts using dynamic passwords |
US11750390B2 (en) | 2019-01-31 | 2023-09-05 | Global Bionic Optics Limited | System and method for producing a unique stable biometric code for a biometric hash |
US10530577B1 (en) * | 2019-02-08 | 2020-01-07 | Talenting, Inc. | Systems and methods for biometric key generation in data access control, data verification, and path selection in block chain-linked workforce data management |
US11303452B2 (en) * | 2019-04-03 | 2022-04-12 | Keychainx Ag | Biometric digital signature generation for identity verification |
US11157626B1 (en) | 2019-05-29 | 2021-10-26 | Northrop Grumman Systems Corporation | Bi-directional chain of trust network |
US11790471B2 (en) | 2019-09-06 | 2023-10-17 | United States Postal Service | System and method of providing identity verification services |
US11397760B2 (en) * | 2019-11-25 | 2022-07-26 | International Business Machines Corporation | Managing relationships between persons and physical objects based on physical fingerprints of the physical objects |
US11798342B2 (en) * | 2019-11-25 | 2023-10-24 | International Business Machines Corporation | Managing physical objects using crypto-anchors |
CN110941861B (en) * | 2019-12-16 | 2022-04-29 | 中国南方电网有限责任公司 | File protection method and device, computer equipment and medium |
US11170130B1 (en) | 2021-04-08 | 2021-11-09 | Aster Key, LLC | Apparatus, systems and methods for storing user profile data on a distributed database for anonymous verification |
US20230142147A1 (en) * | 2021-11-10 | 2023-05-11 | Microsoft Technology Licensing, Llc | Network communication using proof of presence |
Family Cites Families (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4109237A (en) | 1977-01-17 | 1978-08-22 | Hill Robert B | Apparatus and method for identifying individuals through their retinal vasculature patterns |
US4405829A (en) | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
US4641349A (en) * | 1985-02-20 | 1987-02-03 | Leonard Flom | Iris recognition system |
US4868877A (en) * | 1988-02-12 | 1989-09-19 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
US5263097A (en) | 1991-07-24 | 1993-11-16 | Texas Instruments Incorporated | Parameter normalized features for classification procedures, systems and methods |
US5224173A (en) | 1991-10-29 | 1993-06-29 | Kuhns Roger J | Method of reducing fraud in connection with employment, public license applications, social security, food stamps, welfare or other government benefits |
US5214699A (en) | 1992-06-09 | 1993-05-25 | Audio Digital Imaging Inc. | System for decoding and displaying personalized indentification stored on memory storage device |
US5259025A (en) | 1992-06-12 | 1993-11-02 | Audio Digitalimaging, Inc. | Method of verifying fake-proof video identification data |
US5581630A (en) | 1992-12-21 | 1996-12-03 | Texas Instruments Incorporated | Personal identification |
US5677989A (en) * | 1993-04-30 | 1997-10-14 | Lucent Technologies Inc. | Speaker verification system and process |
US5428357A (en) | 1993-05-28 | 1995-06-27 | Sensar Corporation | High speed data acquisition system and method |
GB9323489D0 (en) | 1993-11-08 | 1994-01-05 | Ncr Int Inc | Self-service business system |
GB9326440D0 (en) | 1993-12-24 | 1994-02-23 | Ncr Int Inc | Neutral network for banknote recongnition and authentication |
CA2176032A1 (en) * | 1994-01-13 | 1995-07-20 | Bankers Trust Company | Cryptographic system and method with key escrow feature |
US5457747A (en) | 1994-01-14 | 1995-10-10 | Drexler Technology Corporation | Anti-fraud verification system using a data card |
US5412727A (en) | 1994-01-14 | 1995-05-02 | Drexler Technology Corporation | Anti-fraud voter registration and voting system using a data card |
JPH07302340A (en) * | 1994-05-02 | 1995-11-14 | Nippon Telegr & Teleph Corp <Ntt> | Method for certifying on-line signature and method for learning certification |
CA2194475A1 (en) * | 1994-07-19 | 1996-02-01 | Frank W. Sudia | Method for securely using digital signatures in a commercial cryptographic system |
US6154879A (en) * | 1994-11-28 | 2000-11-28 | Smarttouch, Inc. | Tokenless biometric ATM access system |
US6012039A (en) * | 1994-11-28 | 2000-01-04 | Smarttouch, Inc. | Tokenless biometric electronic rewards system |
US5870723A (en) * | 1994-11-28 | 1999-02-09 | Pare, Jr.; David Ferrin | Tokenless biometric transaction authorization method and system |
NZ306846A (en) * | 1995-06-05 | 2000-01-28 | Certco Llc | Digital signing method using partial signatures |
JPH0962596A (en) * | 1995-08-25 | 1997-03-07 | Hitachi Ltd | Electronic mail system |
US5623545A (en) * | 1995-08-31 | 1997-04-22 | National Semiconductor Corporation | Automatic data generation for self-test of cryptographic hash algorithms in personal security devices |
US5712914A (en) * | 1995-09-29 | 1998-01-27 | Intel Corporation | Digital certificates containing multimedia data extensions |
US5943423A (en) * | 1995-12-15 | 1999-08-24 | Entegrity Solutions Corporation | Smart token system for secure electronic transactions and identification |
US5872848A (en) * | 1997-02-18 | 1999-02-16 | Arcanvs | Method and apparatus for witnessed authentication of electronic documents |
US6044462A (en) * | 1997-04-02 | 2000-03-28 | Arcanvs | Method and apparatus for managing key revocation |
US6105010A (en) * | 1997-05-09 | 2000-08-15 | Gte Service Corporation | Biometric certifying authorities |
US5930804A (en) * | 1997-06-09 | 1999-07-27 | Philips Electronics North America Corporation | Web-based biometric authentication system and method |
US6148387A (en) * | 1997-10-09 | 2000-11-14 | Phoenix Technologies, Ltd. | System and method for securely utilizing basic input and output system (BIOS) services |
-
1998
- 1998-05-08 WO PCT/US1998/009770 patent/WO1998050875A2/en active IP Right Grant
- 1998-05-08 JP JP54858698A patent/JP4531140B2/en not_active Expired - Fee Related
- 1998-05-08 EP EP98922259A patent/EP0980559A4/en not_active Ceased
- 1998-05-08 AU AU74848/98A patent/AU7484898A/en not_active Abandoned
- 1998-05-08 KR KR10-1999-7009815A patent/KR100486062B1/en not_active IP Right Cessation
- 1998-05-08 BR BR9808737-1A patent/BR9808737A/en not_active Application Discontinuation
- 1998-05-08 CA CA002287857A patent/CA2287857C/en not_active Expired - Fee Related
- 1998-05-08 CN CNB988049392A patent/CN1139894C/en not_active Expired - Fee Related
- 1998-05-08 US US09/075,165 patent/US6310966B1/en not_active Expired - Lifetime
Also Published As
Publication number | Publication date |
---|---|
JP2002501700A (en) | 2002-01-15 |
EP0980559A2 (en) | 2000-02-23 |
EP0980559A4 (en) | 2004-11-03 |
CN1274448A (en) | 2000-11-22 |
KR100486062B1 (en) | 2005-04-29 |
AU7484898A (en) | 1998-11-27 |
CN1139894C (en) | 2004-02-25 |
JP4531140B2 (en) | 2010-08-25 |
KR20010020225A (en) | 2001-03-15 |
BR9808737A (en) | 2001-01-16 |
WO1998050875A3 (en) | 1999-02-11 |
CA2287857A1 (en) | 1998-11-12 |
WO1998050875A2 (en) | 1998-11-12 |
US6310966B1 (en) | 2001-10-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2287857C (en) | Biometric certificates | |
US6202151B1 (en) | System and method for authenticating electronic transactions using biometric certificates | |
US4993068A (en) | Unforgeable personal identification system | |
CA2417901C (en) | Entity authentication in electronic communications by providing verification status of device | |
US7558965B2 (en) | Entity authentication in electronic communications by providing verification status of device | |
US6851051B1 (en) | System and method for liveness authentication using an augmented challenge/response scheme | |
US7552333B2 (en) | Trusted authentication digital signature (tads) system | |
US7246244B2 (en) | Identity verification method using a central biometric authority | |
JP4097040B2 (en) | Tokenless identification system for approval of electronic transactions and electronic transmissions | |
US6836554B1 (en) | System and method for distorting a biometric for transactions with enhanced security and privacy | |
US7024562B1 (en) | Method for carrying out secure digital signature and a system therefor | |
US20030115475A1 (en) | Biometrically enhanced digital certificates and system and method for making and using | |
WO2003007527A2 (en) | Biometrically enhanced digital certificates and system and method for making and using | |
US20100174914A1 (en) | System and method for traceless biometric identification with user selection | |
JP2003525478A (en) | Biometric electronic check trading without tokens | |
GB2368951A (en) | User authentication | |
JP2002519782A (en) | Apparatus and method for end-to-end authentication using biometric data | |
AU2008203481B2 (en) | Entity authentication in electronic communications by providing verification status of device | |
WO2015093962A1 (en) | System, user device and method for an electronic transaction | |
CN113191778A (en) | Identity authentication method and identity authentication device | |
Esmaili et al. | Authentication Techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |
Effective date: 20160509 |