US20020174344A1 - System and method for authentication using biometrics - Google Patents

System and method for authentication using biometrics Download PDF

Info

Publication number
US20020174344A1
US20020174344A1 US10/147,788 US14778802A US2002174344A1 US 20020174344 A1 US20020174344 A1 US 20020174344A1 US 14778802 A US14778802 A US 14778802A US 2002174344 A1 US2002174344 A1 US 2002174344A1
Authority
US
United States
Prior art keywords
biometric data
alias
authentication
user
identifying characteristic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/147,788
Inventor
David Ting
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Imprivata Inc
Original Assignee
Imprivata Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Imprivata Inc filed Critical Imprivata Inc
Priority to US10/147,788 priority Critical patent/US20020174344A1/en
Assigned to IMPRIVATA, INC. reassignment IMPRIVATA, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TING, DAVID M. T.
Publication of US20020174344A1 publication Critical patent/US20020174344A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the invention relates generally to biometrics. More specifically, in one embodiment, the invention relates to systems and methods for using biometric authentication over a network.
  • the Internet accords a global community of computer users access to applications and information that traditionally were highly restricted. For example, users can now undertake a wide variety of financial transactions online, or obtain access to financial and other sensitive records online. The increased accessibility of such information, while enormously convenient, jeopardizes privacy and invites tampering and electronic theft. In some known prior art systems, sensitive information that was once physically guarded can now be obtained on the Internet by anyone who can generate the correct server URL, logon and password.
  • the present invention utilizes biometric indicia to offer highly reliable authentication that creates links that cannot be repudiated for transactions initiated within the context of an authenticated session.
  • biometrics validation matches physical characteristics of the user against stored characteristics to identify the user.
  • the server unlocks and validates the user's credentials for presentation to other servers that request such authentication.
  • a user's credentials may, for example, represent an account login/password combination or X.509 certificate.
  • This biometric approach offers substantial flexibility in terms of accessibility (from computers, mobile devices, etc.) and relieves the user from responsibility for managing the integrity of such credentials.
  • Biometric scanners are inexpensive and small, and may, for example, be easily incorporated into keyboards and mobile client devices.
  • the invention relates to a method for authentication using biometrics.
  • the method comprises associating an alias for an individual with a reference set of biometric data from the individual and storing, at a location separate from the reference set of biometric data, information associating the individual with the alias.
  • the method also comprises receiving an authentication request requesting authentication of a user identified by the alias, receiving a candidate set of biometric data from the user and confirming authentication of the user as the registered individual, if the candidate set of biometric data sufficiently matches the reference set of biometric data.
  • the method further comprises transmitting to the user a data request for the candidate set of biometric data, the data request including an identifying characteristic
  • the confirming step comprises, confirming to the application server authentication of the user as the registered individual, if the candidate set of biometric data includes the identifying characteristic and sufficiently matches the reference set of biometric data.
  • the method further comprises generating the identifying characteristic including a public key, generating a private key corresponding to the public key and encrypting the data request using the private key.
  • the method further comprises generating the identifying characteristic having a limited validity lifetime.
  • the method further comprises generating the identifying characteristic including a random identifier.
  • the method further comprises generating the identifying characteristic including a time identifier.
  • the method further comprises destroying the identifying characteristic after completion of the confirming step.
  • the method further comprises updating the reference set of biometric data using the candidate set of biometric data, if authentication of the user is confirmed.
  • the method further comprises transmitting, by a first server, the authentication request to a second server, wherein the second server performs the confirming step.
  • the method further comprises encrypting the reference set of biometric data using a predetermined function based at least in part on the alias.
  • the method further comprises morphing the reference set of biometric data using a predetermined function based at least in part on the alias.
  • the method further comprises encrypting the reference set of biometric data using a second function based at least in part on the alias, if security is compromised.
  • the method further comprises morphing the reference set of biometric data using a second function based at least in part on the alias, if security is compromised.
  • the invention in another embodiment, relates to a system for authentication using biometrics.
  • the system includes an application server and an authentication server.
  • the application server includes an alias database module configured to store information associating an individual with an alias.
  • the authentication server includes a biometric database, a transceiver module and a comparison module.
  • the biometric database module associates the alias for the individual with a reference set of biometric data from the individual.
  • the transceiver module is configured to i) receive an authentication request requesting authentication of a user identified by the alias and ii) to receive a candidate set of biometric data from the user.
  • the comparison module is configured to determine if the candidate set of biometric data sufficiently matches the reference set of biometric data and, if so, to generate a confirmation of authentication of the user as the registered individual.
  • the application server further comprises a transceiver module configured to transmit an authentication request requesting authentication of a user identified by the alias, where the application server is in communication with the authentication server over a network.
  • the authentication server further comprises an identifying characteristic generator module configured to generate an identifying characteristic to be transmitted with a user data request for the candidate set of biometric data, wherein the comparison module is further configured to determine if the candidate set of biometric data includes the identifying characteristic.
  • the identifying characteristic generator module is further configured to generate the identifying characteristic including a public key, to generating a private key corresponding to the public key, and to encrypt the user data request using the private key.
  • the identifying characteristic generator module is further configured to generate the identifying characteristic having a limited validity lifetime. In another embodiment, the identifying characteristic generator module is further configured to generate the identifying characteristic including a random identifier. In another embodiment, the identifying characteristic generator module is further configured to generate the identifying characteristic including a time identifier. In another embodiment, the identifying characteristic generator module is further configured to destroy the identifying characteristic after completion of the confirming step.
  • the biometric database module is further configured to update, if authentication of the user is confirmed, the reference set of biometric data using the candidate set of biometric data.
  • the biometric database module is further configured to encrypt the reference set of biometric data using a predetermined function based at least in part on the alias.
  • the biometric database module is further configured to morph the reference set of biometric data using a predetermined function based at least in part on the alias.
  • the biometric database module is further configured to encrypt, if security is compromised, the reference set of biometric data using a second function based at least in part on the alias.
  • the biometric database module is further configured to morph, if security is compromised, the reference set of biometric data using a second function based at least in part on the alias.
  • the system further comprises a client.
  • the client includes a plug-in configured to receive a request for the candidate set of biometric data, to obtain the candidate set of biometric data for the user of the client and to transmit the candidate set of biometric data in response to the request.
  • the invention in another aspect, relates to a method of organizing authentication information within a storage space.
  • the method comprises partitioning the storage space into a plurality of realms, each realm containing a set of subscriber profiles, each subscriber profile comprising an alias associated with a respective subscriber and a reference set of biometric data from that respective subscriber and storing, at a location separate from the storage space, information associating the identity of the alias with the respective subscriber.
  • the method also includes partitioning each realm into a plurality of vaults and associating each subscriber with at least one vault.
  • the method also includes partitioning each vault into at least one folder, each folder containing protected data and being accessible only to one or more subscribers associated with the vault and according access to the vault and the folders therein only upon presentation of i) the alias of a subscriber associated with the vault and ii) a candidate set of biometric data sufficiently matching the reference set of the biometric data corresponding to the alias.
  • the method further comprises transmitting a data request for the candidate set of biometric data, the data request including an identifying characteristic, wherein the according access step comprises according access to the vault and the folders therein only upon presentation of i) the alias of a subscriber associated with the vault, ii) the identifying characteristic and iii) a candidate set of biometric data sufficiently matching the reference set of the biometric data corresponding to the alias.
  • the invention in another aspect, relates to an article of manufacture having computer-readable program portions embodied therein for authentication using biometrics.
  • the article comprises computer-readable program portions for performing the method steps as described above.
  • FIG. 1 is a block diagram of an illustrative embodiment of a system to authenticate a user using biometrics in accordance with the invention
  • FIG. 2 is a flow diagram of an illustrative embodiment of a process to authenticate a user using biometrics in accordance with the invention.
  • FIG. 3 is a block diagram of a data structure used to authenticate a user using biometrics in accordance with the invention.
  • FIG. 1 illustrates an embodiment of a system 100 to authenticate a user using biometrics in accordance with the invention.
  • the system 100 includes a first computing system (“a first server node”) 104 , a second computing system (“a second server node”) 108 and a third computing system (“a client node”) 112 , all in communication with a network 116 .
  • the first server node 104 , the second server node 108 and the client node 112 are in communication with the network using communication channels 117 .
  • an optional communication channel 118 over which the first server node 104 and the second server node 108 can communicate with each other, instead of or in addition to communicating via the network 116 .
  • the network 116 and the communication channels 117 and 118 can be part of a local-area network (LAN), such as a company Intranet, a wide area network (WAN) such as the Internet or the World Wide Web or the like.
  • the nodes 104 , 108 and 112 communicate with the network 116 through the communication channels 117 and 118 using any of a variety of connections including, for example, standard telephone lines, LAN or WAN links (e.g., T1, T3, 56 kb, X.25), broadband connections (ISDN, Frame Relay, ATM), wireless connections and the like.
  • connections can be established using a variety of communication protocols (e.g., HTTP(S), TCP/IP, SSL, IPX, SPX, NetBIOS, Ethernet, RS232, direct asynchronous connections, a proprietary protocol and the like).
  • HTTP HyperText Transfer Protocol
  • TCP/IP Transmission Control Protocol
  • SSL Secure Sockets Layer
  • IPX IPX
  • SPX NetBIOS
  • Ethernet RS232
  • direct asynchronous connections e.g., Ethernet, RS232, direct asynchronous connections, a proprietary protocol and the like.
  • Each of the server nodes 104 and 108 can be any computing device capable of providing the services requested by the other server or by the client node 112 . Particularly, this includes authenticating a user at the client node 112 using biometric data, as described in more detail below.
  • the first server node 104 also referred to as an application server 104 , includes an alias database module 120 .
  • the second server node 108 also referred to as an authentication server 108 , includes an identifying-characteristic generator module 124 and a biometric database module 128 .
  • the modules throughout the specification are implemented as a software program and/or a hardware device (e.g., ASIC, FPGA, processor, memory, storage and the like).
  • FIG. 1 depicts server node 104 as an entity separate and distinct from server node 108 and each node is in communication with the network 116 , representing that the two nodes 104 and 108 are logically independent. It is to be understood, however, that the server nodes 104 and 108 can also be implemented, for example, on a single server (e.g., as logically distinct modules), distributed on portions of several (i.e., more than two) servers, and/or as part of a single server node or server farm in communication with the network 116 through, for example, a single Web server (not shown).
  • the client node 112 can be any computing device (e.g., a personal computer, set top box, wireless mobile phone, handheld device, personal digital assistant, kiosk, etc) used to provide a user interface to access the application server 104 .
  • the client node 112 includes a plug-in module 132 and a biometric input module 136 .
  • a user also referred to as a subscriber registers that user's biometric data with the system 100 .
  • the biometric data can include, for example, data associated with the individual's fingerprint(s), facial characteristics, voice and the like.
  • the system 100 stores data identifying the user to the system (e.g., username, logon ID, employee ID and the like) in the alias database module 120 .
  • the alias database 120 associates an alias with that stored data. For example, employee #2054 may be associated with the alias 25xHy63.
  • the alias database 120 transmits this associated alias to the plug-in module 126 in the client node 112 .
  • the plug-in 132 communicates with the biometric input module 136 to obtain biometric data from a biometric device 140 , for example, a fingerprint reader associated with the client 112 .
  • the plug-in 132 transmits the stored alias (previously received from the application server 104 ) and the corresponding biometric data to the authentication server 108 , which stores the alias and reference set of biometric data in the biometric database module 128 .
  • the client 112 can belong to an administrator, with a direct, secure communication channel to the biometric database 128 ; the plug-in 132 can encrypt the alias and the biometric data independently; the plug-in 132 and the biometric database 128 can communicate with each other using SSL and/or public and private keys; and the plug-in 132 can transmit the alias and the biometric data independently to the biometric database 128 .
  • the registration process can be initiated in several different ways.
  • the administrator may initiate the registration.
  • the administrator can have the user come to the administrator's client 112 or a secure client 112 used only for registration when the employee starts work, when a customer purchases services accessible via the application server 104 , and the like.
  • the application server 104 can initiate the registration when the user first requests a service from the application server 104 requiring authentication of the user.
  • the client 112 can display a graphical user interface (“GUI”) leading the user through the registration process.
  • GUI graphical user interface
  • the level of authentication of the user at registration is based on the administrators of the system 100 and can range, for example, from a user presenting the correct password to the application server 104 to a user being present in person in front of an administrator who can check the identification of the user.
  • the system 100 creates an association between the data identifying the user to the system and the user's alias in the alias database 120 , and an association between the user's alias and the user's biometric data in the biometric database 128 .
  • Storing the two associations at locations separate from each other requires a breach in security of both the alias database 120 and the biometric database 128 to put biometric data together with some identifying data.
  • the identifying data is just another unique identifier that does not reveal identity by itself, for example an employee number
  • the security of a third database containing the association between the employee number and the identity e.g., name and address of the employee
  • a process 200 as shown in FIG. 2 may be used to authenticate a user using biometric data and a system as depicted, for example, in FIG. 1.
  • the user of the client 112 requests (step 202 ) access to a service (e.g., execution of an application program, access to a financial or medical database, access to an electronic vault with which the user is associated, download of data and/or application program and the like) provided by the application server 104 .
  • the application server 104 uses data identifying the user to the system (e.g., username, logon ID, employee ID and the like) and queries the alias database module 120 for a match.
  • the application server 104 Upon matching (step 204 ) the data, the application server 104 retrieves the associated alias and transmits (step 204 ) a request for authentication to the authentication server 108 , including the alias with the request.
  • the application server 104 can transmit this request via the network 116 or via the backend connection 118 .
  • the authentication server 108 receives the request for authentication for the retrieved alias.
  • the identifying-characteristic generator module 124 (“ID generator”) generates (step 208 ) an identifying characteristic, also referred to as a session code, to identify this particular transaction/session (e.g., response to the authentication request).
  • the identifying characteristic also prevents someone who captures the biometric data from using the captured data in a subsequent transaction. By combining the identifying characteristic with the biometric data, as described below, any captured data is rendered unusable in subsequent transactions because the ID generator 124 generates a new identifying characteristic for each transaction.
  • Generating an identifying characteristic can be accomplished in various ways to identify a particular transaction/session.
  • the identifying-characteristic generator 124 can generate a random and/or unique identifier, for example a random alphanumeric ID that is temporarily associated with the transaction; or the ID generator 124 can generate a time identifier, for example a date/time stamp; or it can generate a time limit ID, after which the ID is destroyed and deemed void. Either the time limit ID or the time identifier allows the identifying characteristic to have a limited lifetime during which the identifying characteristic is valid. Regardless of the type of identifying characteristic used, it is generally destroyed after the transaction is complete (e.g., after the authentication server 108 responds to the application server 104 with a decision regarding authentication).
  • the ID generator 124 generates a private/public key pair for use with a particular transaction.
  • the authentication server 108 will use this single-use private/public key pair to encrypt a request for a candidate set of biometric data, as described below.
  • the authentication server 108 generates the request, which includes any parameters needed by the plug-in module 132 to fulfill the request. For example, if the authentication server 108 only has fingerprint data for a single digit for the particular alias, the authentication request includes a request for that particular digit, so that the proper digit is read at the client 112 .
  • the authentication server 108 incorporates the identifying characteristic and any needed parameters into the request.
  • the authentication server 108 encrypts the request using a symmetric secret key that is understood only by the client 112 , and signs the digest for the message with the private key of the single-use private/public key pair for the particular transaction.
  • the authentication server 108 also includes with the request the public key of the single-use private/public key pair.
  • the authentication server 108 transmits (step 214 ) the request to the client 112 .
  • the authentication server 108 can transmit the request directly to the client 112 .
  • the authentication server 108 can transmit the request, for example, through the application server 104 , using the existing session created when the user requested (step 202 ) a service from the application server 104 .
  • This transmission can also include encrypting the request using a second public/private key pair established between application server 104 and the client 112 . With this further encryption, the client 112 ensures that the request has not been altered in transit and/or is from a trusted source.
  • the plug-in module 112 receives the request for a candidate set of biometric data. Using the public key received with the request, the plug-in 132 verifies that the signature of the request is authentic (i.e., that it was signed using the private key of the single-use private/public key pair generated by the ID generator 124 ). The plug-in 132 decrypts the request using its own secret key to obtain any needed parameters included therewith. In one embodiment, a portion of the request including the identifying characteristic remains encrypted and undecipherable by the plug-in 132 .
  • the client 112 simply has to retransmit the encrypted identifying characteristic back to the authentication server 108 with the candidate set of biometric data.
  • the plug-in 132 obtains (step 222 ) the biometric data from the user using the biometric data generator 140 , for example, a fingerprint scanner.
  • the plug-in 132 includes the drivers needed to directly interact with the biometric data generator 140 .
  • the plug-in 132 adds (step 230 ) the identifying characteristic, whether encrypted or not, to the biometric data and transmits (step 230 ) this combination back to the authentication server 108 .
  • the plug-in 132 encrypts the combination using the received public key.
  • the plug-in 132 generates a symmetric key to encrypt the message, encrypts the symmetric key with the public key, and sends the encrypted message to the application server 104 ; upon receiving the message, the server 104 utilizes the corresponding private key to decrypt the symmetric key, which it then uses to decrypt the message.
  • the plug-in 132 transmits (step 230 ) this combination back to the application server 104 , where the application server 104 manages all communication to and from the authentication server 108 .
  • the authentication server 108 receives the combination of the identifying characteristic and the candidate set of biometric data.
  • the authentication server 108 decrypts the received combination and extracts the identifying characteristic.
  • the authentication server 108 thereupon decrypts this portion further if needed.
  • the authentication server 108 verifies (step 236 ) that the received identifying characteristic matches the identifying characteristic previously generated by the ID generator 124 . If the identifying characteristic includes a limited lifetime validity, the authentication server 108 verifies (step 236 ) that the lifetime has not expired. If the identifying characteristic does not match or the lifetime has expired, the authentication server 108 responds to the request (step 202 ) from the application server 104 by denying (step 250 ) authentication of the alias associated with that request. In response to the rejection (step 250 ), the application server 104 denies (step 255 ) access to the user associated with the alias for the requested (step 202 ) service.
  • the authentication server 108 verifies (step 236 ) that the candidate set of biometric data received from the client 117 sufficiently matches the reference set of biometric data stored in the biometric database 128 record associated with the alias.
  • the authentication server 108 may determine the sufficiency of the match by statistically analyzing the two sets of biometric data and determining whether the probability that they come from the same individual is above a certain predetermined threshold. In one embodiment, an administrator of the system 100 sets the predetermined threshold.
  • the predetermined threshold determines both the false acceptance rate (i.e., the probability that the authentication server 108 will incorrectly authenticate a user) and the false rejection rate (i.e., the probability that the authentication server 108 will incorrectly reject authentication of the user when that user is in fact the registered individual).
  • the administrator sets the predetermined threshold such that the false acceptance rate and the false rejection rate are both acceptable to the users of the system 100 .
  • the statistical analysis can be any of the well-known analysis techniques employed by those skilled in the art (e.g., statistical pattern matching or image-registration techniques, pattern-recognition techniques involving feature extraction and classification in either the spatial domain or the frequency domain, or heuristic methods involving, e.g., neural networks).
  • the number of landmarks e.g., ridges
  • their location e.g., x, y coordinates
  • the variance between the sets of data are statistically analyzed for to calculate a probability that the candidate set of biometric data matches the reference set of biometric data.
  • the authentication server 108 responds to the request (step 202 ) from the application server 104 by denying (step 250 ) authentication of the alias associated with that request. In response to the rejection (step 250 ), the application server 104 denies (step 255 ) access to the user associated with the alias for the requested (step 202 ) service. If the identifying characteristic matches and the candidate set of biometric data does sufficiently match the reference set of biometric data, the authentication server 108 responds to the request (step 202 ) from the application server 104 by authenticating (step 260 ) the alias associated with that request. In response to the acceptance (step 260 ), the application server 104 allows (step 265 ) access to the user associated with the alias for the requested (step 202 ) service.
  • another layer of protection is added by not storing and/or transmitting the biometric data in its native format, i.e., by not storing and/or transmitting the biometric data in the same way that it is transmitted from the biometric data generator 140 (for example, a fingerprint scanner).
  • the plug-in module 132 modifies the biometric data, both at registration of a reference set of biometric data and when fulfilling a request for a candidate set of biometric data.
  • the algorithm used for the modification can use the alias as an input parameter or variable, so that the modification for each individual is different.
  • the modification can include encrypting and/or morphing (e.g., using a transformation algorithm) the biometric data.
  • morphing the captured image uses a predefined mathematical algorithm to create a distorted image, and storing features from the distorted image rather than from the source biometric image. This facilitates creation of multiple alias biometric identities from an individual's unique biometric features.
  • an individual is assigned a morphing function and parameters relating thereto. These are used to predistort the image, thereby creating distorted landmarks.
  • a candidate biometric image is subjected to the same function and parameters prior to comparison with the stored image.
  • This approach avoids storage of an individual's true biometric identity. Moreover, if an individual's biometric identity is compromised (e.g., stolen from the server), the user can simply enroll again with a different morphing function and/or parameters. Morphing can be performed either at the image level or after the features are computed through a transform that maps the (x,y) coordinates for each minutiae point to new coordinates (x′,y′) using a predefined f(x,t) and g(y,t) function for all x, y values and t.
  • the authentication server 108 and/or the client 112 employs additional techniques to process the received candidate set of biometric data and to extract the unique features that distinguish one set of biometric data (e.g., fingerprint) from another.
  • the authentication server 108 and/or the client 112 may normalize the biometric data into a format used by the authentication server 108 .
  • the normalization can include, for example, a translation algorithm, a transformation algorithm and the like.
  • the normalization allows the biometrics data to be converted into a standard image suitable for subsequent processing and preferably includes geometric processing to adjust for size differences between sensors, orientation adjustments to invert or rotate images, density adjustments to correct for number of gray levels/dynamic range and sampling adjustments to account for different sensor resolutions. This allows the client 112 to interface with different types of biometric input devices 140 without the need to re-register the user or change the format of the biometric data in the biometric database module 128 .
  • the authentication server 108 and/or the client 112 may also filter the received candidate set of biometric data.
  • the filtering can include filtering algorithms for correcting blurring of the image, for removing random noise in the image and the like. For example, all captured scans can be checked for partial or blurred prints that exhibit greater than expected amount of change between consecutive frames as well as contrast. Images that exhibit excessive blur can be rejected. Contrast issues can be resolved by asking the user to press down to make better contact with the sensor. Image processing software may be used to enhance the quality of the image and involve signal averaging, noise filtering, ridge/valley enhancement as well as gray scale equalization.
  • the filtering can also include filtering algorithms dictated by the type of the biometric device 140 or the type of user features the biometric device 140 uses.
  • the filtering can also include filtering algorithms based on the type of image (e.g., grainy, wet, fine grain and the like), the finger type and/or personal biometric characteristics (e.g., sex, age and the like).
  • the filter module 114 operates in conjunction with the biometric input device 116 to perform blur removal, finger detection and time based enhancements. For example, two or more scans may be taken to ensure the user 170 has placed a stable finger (not moving) on the sensor. A difference is then taken between subsequent scans to ensure consistency between the two scans. With noisy sensors, the filter module 144 may integrate consecutive images to reduce the noise level in the captured image.
  • the authentication server 108 and/or the client 112 may also extract the associated geometric data of features and/or minutiae from the candidate set of biometric data.
  • the extractor module 146 transmits the results to the authentication module 128 using the network 116 .
  • Biometric data for example in the case of fingerprints, can be divided into global features that are spatial in nature and local features that represent details captured in specific locations.
  • the geometric data can include, for example, the locations (e.g., x, y coordinates) of the features, the type of feature (e.g., ridge ending, bifurcation and the like), the angular data of the features, the slope of the ridge, the neighborhood ridge counts and/or the like.
  • the authentication server 108 can compare, for example, the minutiae data of the reference set of biometric data stored in the biometric database module 128 with the candidate set of biometric data to produce a goodness of fit or confidence of match by examining the local features on a minutiae by minutiae basis.
  • the authentication server 108 determines the best spatial alignment between the location of minutiae points within the reference set of biometric data and corresponding minutiae points within the candidate set of biometric data. Determining the best spatial alignment involves, for example, finding the rotation angle that produces the greatest number of matching points. This may be accomplished, for example, using a spatial correlation algorithm in which the features of the candidate set of biometric data are translated and rotated about a test alignment point and then compared against the features in the reference set. Different alignment points and rotation angles are tested to determine the lowest difference between the candidate and reference feature set. Matching can be a relative term, meaning the points are close to each other within some predefined distance.
  • the determining process can accommodate both spatial and rotational displacement between the reference set of biometric data and the candidate set of biometric data.
  • the authentication server 108 then sums the goodness of fit for local features at each of the matching minutiae points.
  • the authentication server 108 determines the sufficiency of the match by statistically analyzing the goodness of fit for local features at each of the matching minutiae points and determining whether the probability that they come from the same individual is above a certain predetermined threshold, as described above.
  • FIG. 3 illustrates a system 300 employing a data structure used to securely store user credentials.
  • the data structure is hierarchically organized into realms, vaults, and folders, as further explained below, and is useful in connection with the system 100 as well as in other authentication systems.
  • the system 300 includes a biometric database module 128 ′ and an alias database module 120 ′ that is logically or physically separate from the biometric database module 128 ′.
  • the biometric database module 128 ′ includes a first realm 305 a and a second realm 305 b , generally referred to as 305 .
  • a realm 305 is a security partition, grouping subscribers according to a scheme relevant to an application server. For example, a financial-services company might group subscribers by state or by service tier.
  • each security realm 305 corresponds to a separate set of objects assigned its own symmetric encryption key to ensure that data from one realm (e.g., 305 a ) is not usable by another realm (e.g., 305 b ).
  • the first realm 305 a includes a first vault 310 a and a first subscriber profile 320 a .
  • the first subscriber profile 320 a includes an alias associated with the subscriber and a reference set of biometric data 325 a associated with the alias.
  • the first vault 310 a includes a first folder 330 a .
  • subscriber 1 is associated with the first vault 310 a .
  • the term “subscriber” refers to an individual identified by his/her alias, which is associated with biometric data 325 .
  • the biometric data 325 represents a set of biometric characteristics that uniquely identifies the subscriber, including but not limited to finger templates, facial templates, retinal templates, and/or voice prints.
  • Each vault 310 contains one or more folders 330 , and is accessible to one or more subscribers, so that each subscriber owns one or more vaults 310 within a realm.
  • the folders 330 within each vault 310 contain assets and/or user credentials (e.g., login accounts, URL/password combinations, digital certificates and the like).
  • a folder 330 can be modified only by the owner of the vault 310 , and is associated with a list of subscribers 320 , or “folder users,” eligible for access.
  • the second realm 305 b includes a second vault 310 b and a third vault 310 c , generally referred to as 310 .
  • the second realm 305 b also includes a second subscriber profile 320 b and a third subscriber profile 320 c , generally referred to as 320 .
  • the second subscriber profile 320 b includes an alias associated with subscriber 2 and a reference set of biometric data 325 b associated with the alias.
  • the third subscriber profile 320 c includes an alias associated with subscriber 3 and a reference set of biometric data 325 c associated with the alias.
  • the second vault 310 b includes a second folder 330 b .
  • the third vault 310 c includes a third folder 330 c and a fourth folder 330 d , generally referred to as 330 .
  • subscriber 2 is associated with the second vault 310 b .
  • Subscriber 3 is associated with the second vault 310 b and the third vault 310 c . Accordingly, there need not exist a one-to-one mapping between subscribers and vaults; more than one subscriber may have access to a single vault, for example, and a single subscriber may have access to multiple vaults within a realm.
  • accessing a vault follows the same process as described in connection with FIG. 2.
  • the subscriber e.g., subscriber 2
  • requests access to the subscriber's associated folder e.g., 330 b
  • an application server can request a specific set of subscriber's credentials to access a service the subscriber requests.
  • the alias database module 120 ′ finds the associated alias (e.g., alias 2 ) of the subscriber and passes a request for the credentials to the biometric database module 128 ′.
  • the biometric database module 128 ′ verifies there is a sufficient match with the reference biometric data associated with the alias (e.g., 325 b ).
  • the subscriber is allowed access to the folder (e.g., 330 b ) or the requested credentials within the folder are transmitted to the application server.

Abstract

In one aspect the invention relates to authentication using biometrics. An alias for an individual is associated with a reference set of biometric data from the individual and, at a location separate from the reference set of biometric data, information associating the individual with the alias is stored. The invention may operate on an authentication request requesting authentication of a user identified by the alias, along with a candidate set of biometric data from the user and confirming authentication of the user as the registered individual; authentication is granted if the candidate set of biometric data sufficiently matches the reference set of biometric data.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims the benefit of and priority to the co-pending U.S. Provisional Application, Serial No. 60/291,900, filed May 18, 2001, entitled “Network-Based Biometric Authentication,” the entirety of which is incorporated herein by reference.[0001]
    • FIELD OF INVENTION
  • The invention relates generally to biometrics. More specifically, in one embodiment, the invention relates to systems and methods for using biometric authentication over a network. [0002]
    • BACKGROUND
  • The Internet accords a global community of computer users access to applications and information that traditionally were highly restricted. For example, users can now undertake a wide variety of financial transactions online, or obtain access to financial and other sensitive records online. The increased accessibility of such information, while enormously convenient, jeopardizes privacy and invites tampering and electronic theft. In some known prior art systems, sensitive information that was once physically guarded can now be obtained on the Internet by anyone who can generate the correct server URL, logon and password. [0003]
  • Indeed, the mere need for Internet users to keep track of multiple URLs, logon names, passwords and PINs in order to access different information further increases the chances of unauthorized use and loss of private information. Users may resort to using the same logon name and password combinations for all accounts, rendering them equally vulnerable if unauthorized access to a single account is obtained. On the other hand, security-conscious users who maintain different logon names and passwords for individual accounts may, to avoid confusion, write them down where they may be found or store them on easily stolen devices such as personal digital assistants—thereby undermining their own efforts. It can be argued that those who routinely change their passwords but record them on paper or in a computer file are at greater risk of being compromised than those who use a single but difficult-to-crack password. At the very least, such security-conscious individuals risk forgetting their access information, necessitating time-consuming calls to customer-support lines. [0004]
  • From the perspective of authentication, passwords and PINs cannot guarantee identity; the identification is no more reliable than the security of the password. In some known prior art systems with password authentication, the server carrying out a transaction can only prove that the correct password was entered—not that it was entered by an authorized person. A password can originate from password-cracking software just as easily as from the real user. Digital certificates improve security by authenticating an end point (i.e., that a message originated with a particular client terminal), but cannot create a non-repudiated link to support the claim that a particular user really did engage in a transaction. [0005]
    • SUMMARY OF THE INVENTION
  • The present invention utilizes biometric indicia to offer highly reliable authentication that creates links that cannot be repudiated for transactions initiated within the context of an authenticated session. Unlike passwords, which are no more than secrets vulnerable to theft, biometrics validation matches physical characteristics of the user against stored characteristics to identify the user. Once a user is positively identified, in one embodiment, the server unlocks and validates the user's credentials for presentation to other servers that request such authentication. A user's credentials may, for example, represent an account login/password combination or X.509 certificate. This biometric approach offers substantial flexibility in terms of accessibility (from computers, mobile devices, etc.) and relieves the user from responsibility for managing the integrity of such credentials. Biometric scanners are inexpensive and small, and may, for example, be easily incorporated into keyboards and mobile client devices. [0006]
  • In one aspect the invention relates to a method for authentication using biometrics. The method comprises associating an alias for an individual with a reference set of biometric data from the individual and storing, at a location separate from the reference set of biometric data, information associating the individual with the alias. The method also comprises receiving an authentication request requesting authentication of a user identified by the alias, receiving a candidate set of biometric data from the user and confirming authentication of the user as the registered individual, if the candidate set of biometric data sufficiently matches the reference set of biometric data. In one embodiment, the method further comprises transmitting to the user a data request for the candidate set of biometric data, the data request including an identifying characteristic, wherein the confirming step comprises, confirming to the application server authentication of the user as the registered individual, if the candidate set of biometric data includes the identifying characteristic and sufficiently matches the reference set of biometric data. [0007]
  • In another embodiment, the method further comprises generating the identifying characteristic including a public key, generating a private key corresponding to the public key and encrypting the data request using the private key. In another embodiment, the method further comprises generating the identifying characteristic having a limited validity lifetime. In another embodiment, the method further comprises generating the identifying characteristic including a random identifier. In another embodiment, the method further comprises generating the identifying characteristic including a time identifier. In another embodiment, the method further comprises destroying the identifying characteristic after completion of the confirming step. [0008]
  • In another embodiment, the method further comprises updating the reference set of biometric data using the candidate set of biometric data, if authentication of the user is confirmed. In another embodiment, the method further comprises transmitting, by a first server, the authentication request to a second server, wherein the second server performs the confirming step. In another embodiment, the method further comprises encrypting the reference set of biometric data using a predetermined function based at least in part on the alias. In another embodiment, the method further comprises morphing the reference set of biometric data using a predetermined function based at least in part on the alias. In another embodiment, the method further comprises encrypting the reference set of biometric data using a second function based at least in part on the alias, if security is compromised. In another embodiment, the method further comprises morphing the reference set of biometric data using a second function based at least in part on the alias, if security is compromised. [0009]
  • In another embodiment, the invention relates to a system for authentication using biometrics. The system includes an application server and an authentication server. The application server includes an alias database module configured to store information associating an individual with an alias. The authentication server includes a biometric database, a transceiver module and a comparison module. The biometric database module associates the alias for the individual with a reference set of biometric data from the individual. The transceiver module is configured to i) receive an authentication request requesting authentication of a user identified by the alias and ii) to receive a candidate set of biometric data from the user. The comparison module is configured to determine if the candidate set of biometric data sufficiently matches the reference set of biometric data and, if so, to generate a confirmation of authentication of the user as the registered individual. [0010]
  • In one embodiment, the application server further comprises a transceiver module configured to transmit an authentication request requesting authentication of a user identified by the alias, where the application server is in communication with the authentication server over a network. In another embodiment, the authentication server further comprises an identifying characteristic generator module configured to generate an identifying characteristic to be transmitted with a user data request for the candidate set of biometric data, wherein the comparison module is further configured to determine if the candidate set of biometric data includes the identifying characteristic. In another embodiment, the identifying characteristic generator module is further configured to generate the identifying characteristic including a public key, to generating a private key corresponding to the public key, and to encrypt the user data request using the private key. [0011]
  • In another embodiment, the identifying characteristic generator module is further configured to generate the identifying characteristic having a limited validity lifetime. In another embodiment, the identifying characteristic generator module is further configured to generate the identifying characteristic including a random identifier. In another embodiment, the identifying characteristic generator module is further configured to generate the identifying characteristic including a time identifier. In another embodiment, the identifying characteristic generator module is further configured to destroy the identifying characteristic after completion of the confirming step. [0012]
  • In another embodiment, the biometric database module is further configured to update, if authentication of the user is confirmed, the reference set of biometric data using the candidate set of biometric data. In another embodiment, the biometric database module is further configured to encrypt the reference set of biometric data using a predetermined function based at least in part on the alias. In another embodiment, the biometric database module is further configured to morph the reference set of biometric data using a predetermined function based at least in part on the alias. In another embodiment, the biometric database module is further configured to encrypt, if security is compromised, the reference set of biometric data using a second function based at least in part on the alias. In another embodiment, the biometric database module is further configured to morph, if security is compromised, the reference set of biometric data using a second function based at least in part on the alias. In another embodiment, the system further comprises a client. The client includes a plug-in configured to receive a request for the candidate set of biometric data, to obtain the candidate set of biometric data for the user of the client and to transmit the candidate set of biometric data in response to the request. [0013]
  • In another aspect, the invention relates to a method of organizing authentication information within a storage space. The method comprises partitioning the storage space into a plurality of realms, each realm containing a set of subscriber profiles, each subscriber profile comprising an alias associated with a respective subscriber and a reference set of biometric data from that respective subscriber and storing, at a location separate from the storage space, information associating the identity of the alias with the respective subscriber. The method also includes partitioning each realm into a plurality of vaults and associating each subscriber with at least one vault. The method also includes partitioning each vault into at least one folder, each folder containing protected data and being accessible only to one or more subscribers associated with the vault and according access to the vault and the folders therein only upon presentation of i) the alias of a subscriber associated with the vault and ii) a candidate set of biometric data sufficiently matching the reference set of the biometric data corresponding to the alias. In one embodiment, the method further comprises transmitting a data request for the candidate set of biometric data, the data request including an identifying characteristic, wherein the according access step comprises according access to the vault and the folders therein only upon presentation of i) the alias of a subscriber associated with the vault, ii) the identifying characteristic and iii) a candidate set of biometric data sufficiently matching the reference set of the biometric data corresponding to the alias. [0014]
  • In another aspect, the invention relates to an article of manufacture having computer-readable program portions embodied therein for authentication using biometrics. The article comprises computer-readable program portions for performing the method steps as described above. [0015]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The above and further advantages of the invention may be better understood by referring to the following description taken in conjunction with the accompanying drawing, in which: [0016]
  • FIG. 1 is a block diagram of an illustrative embodiment of a system to authenticate a user using biometrics in accordance with the invention; [0017]
  • FIG. 2 is a flow diagram of an illustrative embodiment of a process to authenticate a user using biometrics in accordance with the invention; and [0018]
  • FIG. 3 is a block diagram of a data structure used to authenticate a user using biometrics in accordance with the invention.[0019]
    • DETAILED DESCRIPTION
  • In broad overview, FIG. 1 illustrates an embodiment of a [0020] system 100 to authenticate a user using biometrics in accordance with the invention. The system 100 includes a first computing system (“a first server node”) 104, a second computing system (“a second server node”) 108 and a third computing system (“a client node”) 112, all in communication with a network 116. The first server node 104, the second server node 108 and the client node 112 are in communication with the network using communication channels 117. Also shown is an optional communication channel 118 over which the first server node 104 and the second server node 108 can communicate with each other, instead of or in addition to communicating via the network 116.
  • For example, the [0021] network 116 and the communication channels 117 and 118 can be part of a local-area network (LAN), such as a company Intranet, a wide area network (WAN) such as the Internet or the World Wide Web or the like. The nodes 104, 108 and 112 communicate with the network 116 through the communication channels 117 and 118 using any of a variety of connections including, for example, standard telephone lines, LAN or WAN links (e.g., T1, T3, 56 kb, X.25), broadband connections (ISDN, Frame Relay, ATM), wireless connections and the like. The connections can be established using a variety of communication protocols (e.g., HTTP(S), TCP/IP, SSL, IPX, SPX, NetBIOS, Ethernet, RS232, direct asynchronous connections, a proprietary protocol and the like). In one embodiment, the servers 104 and 108 and the client 112 encrypt all communication when communicating with each other.
  • Each of the [0022] server nodes 104 and 108 can be any computing device capable of providing the services requested by the other server or by the client node 112. Particularly, this includes authenticating a user at the client node 112 using biometric data, as described in more detail below. The first server node 104, also referred to as an application server 104, includes an alias database module 120. The second server node 108, also referred to as an authentication server 108, includes an identifying-characteristic generator module 124 and a biometric database module 128. The modules throughout the specification are implemented as a software program and/or a hardware device (e.g., ASIC, FPGA, processor, memory, storage and the like).
  • For clarity, FIG. 1 depicts [0023] server node 104 as an entity separate and distinct from server node 108 and each node is in communication with the network 116, representing that the two nodes 104 and 108 are logically independent. It is to be understood, however, that the server nodes 104 and 108 can also be implemented, for example, on a single server (e.g., as logically distinct modules), distributed on portions of several (i.e., more than two) servers, and/or as part of a single server node or server farm in communication with the network 116 through, for example, a single Web server (not shown). It should be understood that even if two logical servers are running in the same physical machine, they may be secured logically if any of the following conditions is met: (1) the servers run in different process spaces (so there is no possibility for one process to access the memory of another process); (2) the servers access different logical databases (which may be further partitioned) with different credential or entry requirements; (3) sensitive data in the server node 104 and the server node 108 are encrypted using separate encryption keys; or (4) the server applications are launched (e.g., in a Unix environment) under two different logon accounts. For heightened security, it is possible to encrypt all the data used by the server node 108 using a key maintained by the server node 104 or an external key server; this approach enhances security in that a breach of the of the sever node 108 and its database would yield only encrypted data.
  • The [0024] client node 112 can be any computing device (e.g., a personal computer, set top box, wireless mobile phone, handheld device, personal digital assistant, kiosk, etc) used to provide a user interface to access the application server 104. The client node 112 includes a plug-in module 132 and a biometric input module 136.
  • To use the [0025] system 100, a user, also referred to as a subscriber, registers that user's biometric data with the system 100. The biometric data can include, for example, data associated with the individual's fingerprint(s), facial characteristics, voice and the like. The system 100 stores data identifying the user to the system (e.g., username, logon ID, employee ID and the like) in the alias database module 120. The alias database 120 associates an alias with that stored data. For example, employee #2054 may be associated with the alias 25xHy63. The alias database 120 transmits this associated alias to the plug-in module 126 in the client node 112.
  • In the illustrated embodiment, the plug-in [0026] 132 communicates with the biometric input module 136 to obtain biometric data from a biometric device 140, for example, a fingerprint reader associated with the client 112. The plug-in 132 transmits the stored alias (previously received from the application server 104) and the corresponding biometric data to the authentication server 108, which stores the alias and reference set of biometric data in the biometric database module 128. There are security measures that the system 100 can use to ensure that a listening device does not capture this reference biometric data, or if the data is captured, that it is not usable by itself. For example, the client 112 can belong to an administrator, with a direct, secure communication channel to the biometric database 128; the plug-in 132 can encrypt the alias and the biometric data independently; the plug-in 132 and the biometric database 128 can communicate with each other using SSL and/or public and private keys; and the plug-in 132 can transmit the alias and the biometric data independently to the biometric database 128.
  • The registration process can be initiated in several different ways. The administrator may initiate the registration. The administrator can have the user come to the administrator's [0027] client 112 or a secure client 112 used only for registration when the employee starts work, when a customer purchases services accessible via the application server 104, and the like. The application server 104 can initiate the registration when the user first requests a service from the application server 104 requiring authentication of the user. The client 112 can display a graphical user interface (“GUI”) leading the user through the registration process. The level of authentication of the user at registration is based on the administrators of the system 100 and can range, for example, from a user presenting the correct password to the application server 104 to a user being present in person in front of an administrator who can check the identification of the user.
  • Once the [0028] system 100 registers an individual, the system 100 creates an association between the data identifying the user to the system and the user's alias in the alias database 120, and an association between the user's alias and the user's biometric data in the biometric database 128. Storing the two associations at locations separate from each other requires a breach in security of both the alias database 120 and the biometric database 128 to put biometric data together with some identifying data. Further, if the identifying data is just another unique identifier that does not reveal identity by itself, for example an employee number, then the security of a third database containing the association between the employee number and the identity (e.g., name and address of the employee) would have to be breached to match the identity of the user with that individual's biometric data.
  • With an individual registered (i.e., with user-identifying information, an alias, and biometric information obtained and stored), a [0029] process 200 as shown in FIG. 2 may be used to authenticate a user using biometric data and a system as depicted, for example, in FIG. 1. The user of the client 112 requests (step 202) access to a service (e.g., execution of an application program, access to a financial or medical database, access to an electronic vault with which the user is associated, download of data and/or application program and the like) provided by the application server 104. The application server 104 uses data identifying the user to the system (e.g., username, logon ID, employee ID and the like) and queries the alias database module 120 for a match. Upon matching (step 204) the data, the application server 104 retrieves the associated alias and transmits (step 204) a request for authentication to the authentication server 108, including the alias with the request. The application server 104 can transmit this request via the network 116 or via the backend connection 118. The authentication server 108 receives the request for authentication for the retrieved alias.
  • In response to the request for authentication, the identifying-characteristic generator module [0030] 124 (“ID generator”) generates (step 208) an identifying characteristic, also referred to as a session code, to identify this particular transaction/session (e.g., response to the authentication request). In addition to identifying a particular session, the identifying characteristic also prevents someone who captures the biometric data from using the captured data in a subsequent transaction. By combining the identifying characteristic with the biometric data, as described below, any captured data is rendered unusable in subsequent transactions because the ID generator 124 generates a new identifying characteristic for each transaction.
  • Generating an identifying characteristic can be accomplished in various ways to identify a particular transaction/session. For example, the identifying-[0031] characteristic generator 124 can generate a random and/or unique identifier, for example a random alphanumeric ID that is temporarily associated with the transaction; or the ID generator 124 can generate a time identifier, for example a date/time stamp; or it can generate a time limit ID, after which the ID is destroyed and deemed void. Either the time limit ID or the time identifier allows the identifying characteristic to have a limited lifetime during which the identifying characteristic is valid. Regardless of the type of identifying characteristic used, it is generally destroyed after the transaction is complete (e.g., after the authentication server 108 responds to the application server 104 with a decision regarding authentication).
  • In one embodiment, the [0032] ID generator 124 generates a private/public key pair for use with a particular transaction. The authentication server 108 will use this single-use private/public key pair to encrypt a request for a candidate set of biometric data, as described below. First, however, the authentication server 108 generates the request, which includes any parameters needed by the plug-in module 132 to fulfill the request. For example, if the authentication server 108 only has fingerprint data for a single digit for the particular alias, the authentication request includes a request for that particular digit, so that the proper digit is read at the client 112.
  • The [0033] authentication server 108 incorporates the identifying characteristic and any needed parameters into the request. The authentication server 108 encrypts the request using a symmetric secret key that is understood only by the client 112, and signs the digest for the message with the private key of the single-use private/public key pair for the particular transaction. The authentication server 108 also includes with the request the public key of the single-use private/public key pair. With the request complete, the authentication server 108 transmits (step 214) the request to the client 112. The authentication server 108 can transmit the request directly to the client 112. Alternatively, the authentication server 108 can transmit the request, for example, through the application server 104, using the existing session created when the user requested (step 202) a service from the application server 104. This transmission can also include encrypting the request using a second public/private key pair established between application server 104 and the client 112. With this further encryption, the client 112 ensures that the request has not been altered in transit and/or is from a trusted source.
  • The plug-in [0034] module 112 receives the request for a candidate set of biometric data. Using the public key received with the request, the plug-in 132 verifies that the signature of the request is authentic (i.e., that it was signed using the private key of the single-use private/public key pair generated by the ID generator 124). The plug-in 132 decrypts the request using its own secret key to obtain any needed parameters included therewith. In one embodiment, a portion of the request including the identifying characteristic remains encrypted and undecipherable by the plug-in 132. For example, in one embodiment if the session code is a random alphanumeric string and there is no reason for the client 112 to decipher this code because the client 112 does not use it, the client 112 simply has to retransmit the encrypted identifying characteristic back to the authentication server 108 with the candidate set of biometric data.
  • In response to the request, the plug-in [0035] 132 obtains (step 222) the biometric data from the user using the biometric data generator 140, for example, a fingerprint scanner. In one embodiment, the plug-in 132 includes the drivers needed to directly interact with the biometric data generator 140. The plug-in 132 adds (step 230) the identifying characteristic, whether encrypted or not, to the biometric data and transmits (step 230) this combination back to the authentication server 108. In one embodiment, the plug-in 132 encrypts the combination using the received public key. For example, in one approach, the plug-in 132 generates a symmetric key to encrypt the message, encrypts the symmetric key with the public key, and sends the encrypted message to the application server 104; upon receiving the message, the server 104 utilizes the corresponding private key to decrypt the symmetric key, which it then uses to decrypt the message. In another embodiment, the plug-in 132 transmits (step 230) this combination back to the application server 104, where the application server 104 manages all communication to and from the authentication server 108.
  • The [0036] authentication server 108 receives the combination of the identifying characteristic and the candidate set of biometric data. The authentication server 108 decrypts the received combination and extracts the identifying characteristic. The authentication server 108 thereupon decrypts this portion further if needed. The authentication server 108 verifies (step 236) that the received identifying characteristic matches the identifying characteristic previously generated by the ID generator 124. If the identifying characteristic includes a limited lifetime validity, the authentication server 108 verifies (step 236) that the lifetime has not expired. If the identifying characteristic does not match or the lifetime has expired, the authentication server 108 responds to the request (step 202) from the application server 104 by denying (step 250) authentication of the alias associated with that request. In response to the rejection (step 250), the application server 104 denies (step 255) access to the user associated with the alias for the requested (step 202) service.
  • If the identifying characteristic matches and the lifetime has not expired, the [0037] authentication server 108 verifies (step 236) that the candidate set of biometric data received from the client 117 sufficiently matches the reference set of biometric data stored in the biometric database 128 record associated with the alias. The authentication server 108 may determine the sufficiency of the match by statistically analyzing the two sets of biometric data and determining whether the probability that they come from the same individual is above a certain predetermined threshold. In one embodiment, an administrator of the system 100 sets the predetermined threshold. The predetermined threshold determines both the false acceptance rate (i.e., the probability that the authentication server 108 will incorrectly authenticate a user) and the false rejection rate (i.e., the probability that the authentication server 108 will incorrectly reject authentication of the user when that user is in fact the registered individual). The administrator sets the predetermined threshold such that the false acceptance rate and the false rejection rate are both acceptable to the users of the system 100. The statistical analysis can be any of the well-known analysis techniques employed by those skilled in the art (e.g., statistical pattern matching or image-registration techniques, pattern-recognition techniques involving feature extraction and classification in either the spatial domain or the frequency domain, or heuristic methods involving, e.g., neural networks). For example, for fingerprint comparison, the number of landmarks (e.g., ridges) and their location (e.g., x, y coordinates) and the variance between the sets of data are statistically analyzed for to calculate a probability that the candidate set of biometric data matches the reference set of biometric data.
  • If the candidate set of biometric data does not sufficiently match the reference set of biometric data, the [0038] authentication server 108 responds to the request (step 202) from the application server 104 by denying (step 250) authentication of the alias associated with that request. In response to the rejection (step 250), the application server 104 denies (step 255) access to the user associated with the alias for the requested (step 202) service. If the identifying characteristic matches and the candidate set of biometric data does sufficiently match the reference set of biometric data, the authentication server 108 responds to the request (step 202) from the application server 104 by authenticating (step 260) the alias associated with that request. In response to the acceptance (step 260), the application server 104 allows (step 265) access to the user associated with the alias for the requested (step 202) service.
  • In other embodiments, another layer of protection is added by not storing and/or transmitting the biometric data in its native format, i.e., by not storing and/or transmitting the biometric data in the same way that it is transmitted from the biometric data generator [0039] 140 (for example, a fingerprint scanner). In one embodiment, the plug-in module 132 modifies the biometric data, both at registration of a reference set of biometric data and when fulfilling a request for a candidate set of biometric data. The algorithm used for the modification can use the alias as an input parameter or variable, so that the modification for each individual is different. The modification can include encrypting and/or morphing (e.g., using a transformation algorithm) the biometric data. Even if someone captures the modified biometric data, it is unusable unless that someone also had i) the associated alias, which in one embodiment, is never transmitted along with the biometric data, and ii) the modification algorithm. If security were to be compromised, the system 100 could re-store the reference biometric data using a different modification algorithm, making any acquired biometric data unusable.
  • For example, morphing the captured image uses a predefined mathematical algorithm to create a distorted image, and storing features from the distorted image rather than from the source biometric image. This facilitates creation of multiple alias biometric identities from an individual's unique biometric features. In use, an individual is assigned a morphing function and parameters relating thereto. These are used to predistort the image, thereby creating distorted landmarks. During testing, a candidate biometric image is subjected to the same function and parameters prior to comparison with the stored image. [0040]
  • This approach avoids storage of an individual's true biometric identity. Moreover, if an individual's biometric identity is compromised (e.g., stolen from the server), the user can simply enroll again with a different morphing function and/or parameters. Morphing can be performed either at the image level or after the features are computed through a transform that maps the (x,y) coordinates for each minutiae point to new coordinates (x′,y′) using a predefined f(x,t) and g(y,t) function for all x, y values and t. [0041]
  • In yet another embodiment, the [0042] authentication server 108 and/or the client 112 employs additional techniques to process the received candidate set of biometric data and to extract the unique features that distinguish one set of biometric data (e.g., fingerprint) from another. For example, the authentication server 108 and/or the client 112 may normalize the biometric data into a format used by the authentication server 108. The normalization can include, for example, a translation algorithm, a transformation algorithm and the like. The normalization allows the biometrics data to be converted into a standard image suitable for subsequent processing and preferably includes geometric processing to adjust for size differences between sensors, orientation adjustments to invert or rotate images, density adjustments to correct for number of gray levels/dynamic range and sampling adjustments to account for different sensor resolutions. This allows the client 112 to interface with different types of biometric input devices 140 without the need to re-register the user or change the format of the biometric data in the biometric database module 128.
  • The [0043] authentication server 108 and/or the client 112 may also filter the received candidate set of biometric data. The filtering can include filtering algorithms for correcting blurring of the image, for removing random noise in the image and the like. For example, all captured scans can be checked for partial or blurred prints that exhibit greater than expected amount of change between consecutive frames as well as contrast. Images that exhibit excessive blur can be rejected. Contrast issues can be resolved by asking the user to press down to make better contact with the sensor. Image processing software may be used to enhance the quality of the image and involve signal averaging, noise filtering, ridge/valley enhancement as well as gray scale equalization. The filtering can also include filtering algorithms dictated by the type of the biometric device 140 or the type of user features the biometric device 140 uses. The filtering can also include filtering algorithms based on the type of image (e.g., grainy, wet, fine grain and the like), the finger type and/or personal biometric characteristics (e.g., sex, age and the like). In an embodiment where the filter module 144 is implemented on the client 112, the filter module 114 operates in conjunction with the biometric input device 116 to perform blur removal, finger detection and time based enhancements. For example, two or more scans may be taken to ensure the user 170 has placed a stable finger (not moving) on the sensor. A difference is then taken between subsequent scans to ensure consistency between the two scans. With noisy sensors, the filter module 144 may integrate consecutive images to reduce the noise level in the captured image.
  • The [0044] authentication server 108 and/or the client 112 may also extract the associated geometric data of features and/or minutiae from the candidate set of biometric data. In an embodiment where the extractor module 146 is implemented on the client 112, the extractor module 146 transmits the results to the authentication module 128 using the network 116. Biometric data, for example in the case of fingerprints, can be divided into global features that are spatial in nature and local features that represent details captured in specific locations. The geometric data can include, for example, the locations (e.g., x, y coordinates) of the features, the type of feature (e.g., ridge ending, bifurcation and the like), the angular data of the features, the slope of the ridge, the neighborhood ridge counts and/or the like. Once processed, the authentication server 108 can compare, for example, the minutiae data of the reference set of biometric data stored in the biometric database module 128 with the candidate set of biometric data to produce a goodness of fit or confidence of match by examining the local features on a minutiae by minutiae basis.
  • To calculate the goodness of fit, the [0045] authentication server 108 determines the best spatial alignment between the location of minutiae points within the reference set of biometric data and corresponding minutiae points within the candidate set of biometric data. Determining the best spatial alignment involves, for example, finding the rotation angle that produces the greatest number of matching points. This may be accomplished, for example, using a spatial correlation algorithm in which the features of the candidate set of biometric data are translated and rotated about a test alignment point and then compared against the features in the reference set. Different alignment points and rotation angles are tested to determine the lowest difference between the candidate and reference feature set. Matching can be a relative term, meaning the points are close to each other within some predefined distance. The determining process can accommodate both spatial and rotational displacement between the reference set of biometric data and the candidate set of biometric data. The authentication server 108 then sums the goodness of fit for local features at each of the matching minutiae points. The authentication server 108 determines the sufficiency of the match by statistically analyzing the goodness of fit for local features at each of the matching minutiae points and determining whether the probability that they come from the same individual is above a certain predetermined threshold, as described above.
  • FIG. 3 illustrates a [0046] system 300 employing a data structure used to securely store user credentials. The data structure is hierarchically organized into realms, vaults, and folders, as further explained below, and is useful in connection with the system 100 as well as in other authentication systems.
  • The [0047] system 300 includes a biometric database module 128′ and an alias database module 120′ that is logically or physically separate from the biometric database module 128′. The biometric database module 128′ includes a first realm 305 a and a second realm 305 b, generally referred to as 305. In general, a realm 305 is a security partition, grouping subscribers according to a scheme relevant to an application server. For example, a financial-services company might group subscribers by state or by service tier. In one embodiment, each security realm 305 corresponds to a separate set of objects assigned its own symmetric encryption key to ensure that data from one realm (e.g., 305 a) is not usable by another realm (e.g., 305 b).
  • The [0048] first realm 305 a includes a first vault 310 a and a first subscriber profile 320 a. The first subscriber profile 320 a includes an alias associated with the subscriber and a reference set of biometric data 325 a associated with the alias. The first vault 310 a includes a first folder 330 a. As illustrated, subscriber1 is associated with the first vault 310 a. In this context, the term “subscriber” refers to an individual identified by his/her alias, which is associated with biometric data 325. The biometric data 325 represents a set of biometric characteristics that uniquely identifies the subscriber, including but not limited to finger templates, facial templates, retinal templates, and/or voice prints. Each vault 310 contains one or more folders 330, and is accessible to one or more subscribers, so that each subscriber owns one or more vaults 310 within a realm. The folders 330 within each vault 310, in turn, contain assets and/or user credentials (e.g., login accounts, URL/password combinations, digital certificates and the like). A folder 330 can be modified only by the owner of the vault 310, and is associated with a list of subscribers 320, or “folder users,” eligible for access.
  • The [0049] second realm 305 b includes a second vault 310 b and a third vault 310 c, generally referred to as 310. The second realm 305 b also includes a second subscriber profile 320 b and a third subscriber profile 320 c, generally referred to as 320. The second subscriber profile 320 b includes an alias associated with subscriber2 and a reference set of biometric data 325 b associated with the alias. The third subscriber profile 320 c includes an alias associated with subscriber3 and a reference set of biometric data 325 c associated with the alias. The second vault 310 b includes a second folder 330 b. The third vault 310 c includes a third folder 330 c and a fourth folder 330 d, generally referred to as 330. As illustrated, subscriber2 is associated with the second vault 310 b. Subscriber3 is associated with the second vault 310 b and the third vault 310 c. Accordingly, there need not exist a one-to-one mapping between subscribers and vaults; more than one subscriber may have access to a single vault, for example, and a single subscriber may have access to multiple vaults within a realm.
  • In one embodiment, accessing a vault follows the same process as described in connection with FIG. 2. For example, the subscriber (e.g., subscriber[0050] 2) requests access to the subscriber's associated folder (e.g., 330 b), or an application server can request a specific set of subscriber's credentials to access a service the subscriber requests. The alias database module 120′ finds the associated alias (e.g., alias2) of the subscriber and passes a request for the credentials to the biometric database module 128′. After receiving the candidate biometric data, the biometric database module 128′ verifies there is a sufficient match with the reference biometric data associated with the alias (e.g., 325 b). With authentication, the subscriber is allowed access to the folder (e.g., 330 b) or the requested credentials within the folder are transmitted to the application server.
  • Equivalents [0051]
  • The invention can be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The foregoing embodiments are therefore to be considered in all respects illustrative rather than limiting on the invention described herein. Scope of the invention is thus indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. [0052]

Claims (31)

What is claimed is:
1. A method for authentication using biometrics, the method comprising:
associating an alias for an individual with a reference set of biometric data from the individual;
storing, at a location separate from the reference set of biometric data, information associating the individual with the alias;
receiving an authentication request requesting authentication of a user identified by the alias;
receiving a candidate set of biometric data from the user; and
if the candidate set of biometric data sufficiently matches the reference set of biometric data, confirming authentication of the user as the registered individual.
2. The method of claim 1 further comprising transmitting to the user a data request for the candidate set of biometric data, the data request including an identifying characteristic, wherein the confirming step comprises:
if the candidate set of biometric data includes the identifying characteristic and sufficiently matches the reference set of biometric data, confirming to the application server authentication of the user as the registered individual.
3. The method of claim 2 further comprising:
generating the identifying characteristic including a public key;
generating a private key corresponding to the public key; and
encrypting the data request using the private key.
4. The method of claim 2 further comprising generating the identifying characteristic having a limited validity lifetime.
5. The method of claim 2 further comprising generating the identifying characteristic including a random identifier.
6. The method of claim 2 further comprising generating the identifying characteristic including a time identifier.
7. The method of claim 2 further comprising destroying the identifying characteristic after completion of the confirming step.
8. The method of claim 1 further comprising, if authentication of the user is confirmed, updating the reference set of biometric data using the candidate set of biometric data.
9. The method of claim 1 further comprising transmitting, by a first server, the authentication request to a second server, wherein the second server performs the confirming step.
10. The method of claim 1 further comprising encrypting the reference set of biometric data using a predetermined function based at least in part on the alias.
11. The method of claim 9 wherein the encrypting step comprises morphing the reference set of biometric data using a predetermined function based at least in part on the alias.
12. The method of claim 1 further comprising, if security is compromised, encrypting the reference set of biometric data using a second function based at least in part on the alias.
13. The method of claim 11 wherein the encrypting step comprises, if security is compromised, morphing the reference set of biometric data using a second function based at least in part on the alias.
14. A system for authentication using biometrics, the system comprising:
an application server including:
an alias database module configured to store information associating an individual with an alias; and
an authentication server including:
a biometric database module associating the alias for the individual with a reference set of biometric data from the individual,
a transceiver module configured to i) receive an authentication request requesting authentication of a user identified by the alias and ii) to receive a candidate set of biometric data from the user, and
a comparison module configured to determine if the candidate set of biometric data sufficiently matches the reference set of biometric data and, if so, to generate a confirmation of authentication of the user as the registered individual.
15. The application server of claim 14 further comprising a transceiver module configured to transmit an authentication request requesting authentication of a user identified by the alias, the application server being in communication with the authentication server over a network.
16. The authentication server of claim 14 further comprising an identifying characteristic generator module configured to generate an identifying characteristic to be transmitted with a user data request for the candidate set of biometric data, wherein the comparison module is further configured to determine if the candidate set of biometric data includes the identifying characteristic.
17. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to generate the identifying characteristic including a public key, to generating a private key corresponding to the public key, and to encrypt the user data request using the private key.
18. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to generate the identifying characteristic having a limited validity lifetime.
19. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to generate the identifying characteristic including a random identifier.
20. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to generate the identifying characteristic including a time identifier.
21. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to destroy the identifying characteristic after completion of the confirming step.
22. The authentication server of claim 14 wherein the biometric database module is further configured to update, if authentication of the user is confirmed, the reference set of biometric data using the candidate set of biometric data.
23. The authentication server of claim 14 wherein the biometric database module is further configured to encrypt the reference set of biometric data using a predetermined function based at least in part on the alias.
24. The authentication server of claim 14 wherein the biometric database module is further configured to morph the reference set of biometric data using a predetermined function based at least in part on the alias.
25. The authentication server of claim 14 wherein the biometric database module is further configured to encrypt, if security is compromised, the reference set of biometric data using a second function based at least in part on the alias.
26. The authentication server of claim 14 wherein the biometric database module is further configured to morph, if security is compromised, the reference set of biometric data using a second function based at least in part on the alias.
27. The system of claim 14 further configured comprising:
a client including:
a plug-in configured to receive a request for the candidate set of biometric data, to obtain the candidate set of biometric data for the user of the client and to transmit the candidate set of biometric data in response to the request.
28. A method of organizing authentication information within a storage space, the method comprising the steps of:
partitioning the storage space into a plurality of realms, each realm containing a set of subscriber profiles, each subscriber profile comprising an alias associated with a respective subscriber and a reference set of biometric data from that respective subscriber;
storing, at a location separate from the storage space, information associating the identity of the alias with the respective subscriber;
partitioning each realm into a plurality of vaults;
associating each subscriber with at least one vault;
partitioning each vault into at least one folder, each folder containing protected data and being accessible only to one or more subscribers associated with the vault; and
according access to the vault and the folders therein only upon presentation of i) the alias of a subscriber associated with the vault and ii) a candidate set of biometric data sufficiently matching the reference set of the biometric data corresponding to the alias.
29. The method of claim 28 further comprising transmitting a data request for the candidate set of biometric data, the data request including an identifying characteristic, wherein the according access step comprises:
according access to the vault and the folders therein only upon presentation of i) the alias of a subscriber associated with the vault, ii) the identifying characteristic and iii) a candidate set of biometric data sufficiently matching the reference set of the biometric data corresponding to the alias.
30. An article of manufacture having computer-readable program portions embodied therein for authentication using biometrics, the article comprising:
a computer-readable program portion for associating an alias for an individual with a reference set of biometric data from the individual;
a computer-readable program portion for storing, at a location separate from the reference set of biometric data, information associating the individual with the alias;
a computer-readable program portion for receiving an authentication request requesting authentication of a user, the user identified by the alias;
a computer-readable program portion for receiving a candidate set of biometric data from the user; and
a computer-readable program portion for confirming authentication of the user as the registered individual if the candidate set of biometric data sufficiently matches the reference set of biometric data.
31. The article of claim 30 further comprising:
a computer-readable program portion for transmitting to the user a data request for the candidate set of biometric data, the data request including an identifying characteristic, and
wherein the computer-readable program portion for confirming authentication comprises:
a computer-readable program portion for confirming authentication of the user as the registered individual if the candidate set of biometric data includes the identifying characteristic and sufficiently matches the reference set of biometric data.
US10/147,788 2001-05-18 2002-05-17 System and method for authentication using biometrics Abandoned US20020174344A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/147,788 US20020174344A1 (en) 2001-05-18 2002-05-17 System and method for authentication using biometrics

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US29190001P 2001-05-18 2001-05-18
US10/147,788 US20020174344A1 (en) 2001-05-18 2002-05-17 System and method for authentication using biometrics

Publications (1)

Publication Number Publication Date
US20020174344A1 true US20020174344A1 (en) 2002-11-21

Family

ID=23122352

Family Applications (7)

Application Number Title Priority Date Filing Date
US10/147,946 Abandoned US20020174347A1 (en) 2001-05-18 2002-05-17 Authentication with variable biometric templates
US10/147,788 Abandoned US20020174344A1 (en) 2001-05-18 2002-05-17 System and method for authentication using biometrics
US10/147,947 Active 2024-07-19 US7356705B2 (en) 2001-05-18 2002-05-17 Biometric authentication for remote initiation of actions and services
US10/147,789 Active 2024-09-01 US7398549B2 (en) 2001-05-18 2002-05-17 Biometric authentication with security against eavesdropping
US11/846,882 Abandoned US20080034219A1 (en) 2001-05-18 2007-08-29 Biometric Authentication for Remote Initiation of Actions and Services
US12/338,196 Expired - Lifetime US8220063B2 (en) 2001-05-18 2008-12-18 Biometric authentication for remote initiation of actions and services
US12/412,601 Abandoned US20090228968A1 (en) 2001-05-18 2009-03-27 Authentication With Variable Biometric Templates

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/147,946 Abandoned US20020174347A1 (en) 2001-05-18 2002-05-17 Authentication with variable biometric templates

Family Applications After (5)

Application Number Title Priority Date Filing Date
US10/147,947 Active 2024-07-19 US7356705B2 (en) 2001-05-18 2002-05-17 Biometric authentication for remote initiation of actions and services
US10/147,789 Active 2024-09-01 US7398549B2 (en) 2001-05-18 2002-05-17 Biometric authentication with security against eavesdropping
US11/846,882 Abandoned US20080034219A1 (en) 2001-05-18 2007-08-29 Biometric Authentication for Remote Initiation of Actions and Services
US12/338,196 Expired - Lifetime US8220063B2 (en) 2001-05-18 2008-12-18 Biometric authentication for remote initiation of actions and services
US12/412,601 Abandoned US20090228968A1 (en) 2001-05-18 2009-03-27 Authentication With Variable Biometric Templates

Country Status (3)

Country Link
US (7) US20020174347A1 (en)
AU (3) AU2002339746A1 (en)
WO (3) WO2002095553A2 (en)

Cited By (125)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003025718A2 (en) * 2001-09-18 2003-03-27 Data Treasury Corportion Private secure information repository with biometric authentication
US20030177369A1 (en) * 2002-03-04 2003-09-18 Sony Corporation Data file processing apparatus, remote control apparatus for data file processing apparatus and control method for data file processing apparatus
US20030220095A1 (en) * 2002-05-24 2003-11-27 At&T Wireless Services, Inc. Biometric authentication of a wireless device user
US20040003139A1 (en) * 2002-06-28 2004-01-01 Microsoft Corporation Secure server plug-in architecture for digital rights management systems
US20040128520A1 (en) * 2002-07-25 2004-07-01 Bio-Key International, Inc. Trusted biometric device
US20040221165A1 (en) * 2003-02-25 2004-11-04 Thomas Birkhoelzer Method for signing data
US20050080326A1 (en) * 2003-10-08 2005-04-14 Mathew Prakash Parayil Biometrically enabled imaging system
US20050138394A1 (en) * 2003-12-17 2005-06-23 Ian Poinsenet Biometric access control using a mobile telephone terminal
US20050251856A1 (en) * 2004-03-11 2005-11-10 Aep Networks Network access using multiple authentication realms
US20060206722A1 (en) * 2004-12-06 2006-09-14 Zhang George Z Method and apparatus for networked biometric authentication
US20060271791A1 (en) * 2005-05-27 2006-11-30 Sbc Knowledge Ventures, L.P. Method and system for biometric based access control of media content presentation devices
EP1779377A2 (en) * 2004-07-30 2007-05-02 SBC Knowledge Ventures L.P. Centralized biometric authentication
US20070143225A1 (en) * 2005-12-15 2007-06-21 Hamilton Andrew R Method and system for authorizing automated teller machine access
US20070165911A1 (en) * 2005-12-23 2007-07-19 International Business Machines Corporation Method and system for biometric authentication
US20080263361A1 (en) * 2007-04-20 2008-10-23 Microsoft Corporation Cryptographically strong key derivation using password, audio-visual and mental means
US20080275819A1 (en) * 2004-10-15 2008-11-06 Paul Rifai System and Method for Transaction Payment in Multiple Languages and Currencies
US20090003588A1 (en) * 2007-06-26 2009-01-01 John Gordon Ross Counter Sealing Archives of Electronic Seals
US20090006860A1 (en) * 2007-06-26 2009-01-01 John Gordon Ross Generating multiple seals for electronic data
US20090006258A1 (en) * 2007-06-26 2009-01-01 John Gordon Ross Registration Process
US20090006842A1 (en) * 2007-06-26 2009-01-01 John Gordon Ross Sealing Electronic Data Associated With Multiple Electronic Documents
US20090158030A1 (en) * 2007-12-14 2009-06-18 Mehran Randall Rasti Doing business without SSN, EIN, and charge card numbers
US20090217366A1 (en) * 2005-05-16 2009-08-27 Lenovo (Beijing) Limited Method For Implementing Unified Authentication
US7590861B2 (en) * 2002-08-06 2009-09-15 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US20100031316A1 (en) * 2008-07-30 2010-02-04 International Business Machines Corporation System access log monitoring and reporting system
US20120123821A1 (en) * 2010-11-16 2012-05-17 Raytheon Company System and Method for Risk Assessment of an Asserted Identity
US20130031180A1 (en) * 2010-04-16 2013-01-31 Nokia Siemens Networks Oy Virtual identities
US20130279795A1 (en) * 2012-04-19 2013-10-24 Applied Materials Israel Ltd. Optimization of unknown defect rejection for automatic defect classification
WO2014004590A2 (en) * 2012-06-25 2014-01-03 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US8683562B2 (en) 2011-02-03 2014-03-25 Imprivata, Inc. Secure authentication using one-time passwords
US8712407B1 (en) 2012-04-05 2014-04-29 Sprint Communications Company L.P. Multiple secure elements in mobile electronic device with near field communication capability
US8752140B1 (en) 2012-09-11 2014-06-10 Sprint Communications Company L.P. System and methods for trusted internet domain networking
US20140289790A1 (en) * 2013-03-22 2014-09-25 Brendon Wilson System and method for adaptive application of authentication policies
US8862181B1 (en) 2012-05-29 2014-10-14 Sprint Communications Company L.P. Electronic purchase transaction trust infrastructure
US8863252B1 (en) 2012-07-25 2014-10-14 Sprint Communications Company L.P. Trusted access to third party applications systems and methods
US8881977B1 (en) 2013-03-13 2014-11-11 Sprint Communications Company L.P. Point-of-sale and automated teller machine transactions using trusted mobile access device
US20140333414A1 (en) * 2013-05-08 2014-11-13 Jpmorgan Chase Bank, N.A. Systems And Methods For High Fidelity Multi-Modal Out-Of-Band Biometric Authentication Through Vector-Based Multi-Profile Storage
US8954588B1 (en) 2012-08-25 2015-02-10 Sprint Communications Company L.P. Reservations in real-time brokering of digital content delivery
US8984592B1 (en) 2013-03-15 2015-03-17 Sprint Communications Company L.P. Enablement of a trusted security zone authentication for remote mobile device management systems and methods
US8989705B1 (en) 2009-06-18 2015-03-24 Sprint Communications Company L.P. Secure placement of centralized media controller application in mobile access terminal
US9015068B1 (en) 2012-08-25 2015-04-21 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
US9021585B1 (en) 2013-03-15 2015-04-28 Sprint Communications Company L.P. JTAG fuse vulnerability determination and protection using a trusted execution environment
US9027102B2 (en) 2012-05-11 2015-05-05 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US9049013B2 (en) 2013-03-14 2015-06-02 Sprint Communications Company L.P. Trusted security zone containers for the protection and confidentiality of trusted service manager data
US9049186B1 (en) 2013-03-14 2015-06-02 Sprint Communications Company L.P. Trusted security zone re-provisioning and re-use capability for refurbished mobile devices
US9066230B1 (en) 2012-06-27 2015-06-23 Sprint Communications Company L.P. Trusted policy and charging enforcement function
US9069952B1 (en) 2013-05-20 2015-06-30 Sprint Communications Company L.P. Method for enabling hardware assisted operating system region for safe execution of untrusted code using trusted transitional memory
US9104840B1 (en) 2013-03-05 2015-08-11 Sprint Communications Company L.P. Trusted security zone watermark
US20150227734A1 (en) * 2014-02-11 2015-08-13 Tyco International Method and Apparatus For Authenticating Security System Users and Unlocking Selected Feature Sets
US9118655B1 (en) 2014-01-24 2015-08-25 Sprint Communications Company L.P. Trusted display and transmission of digital ticket documentation
US9161227B1 (en) 2013-02-07 2015-10-13 Sprint Communications Company L.P. Trusted signaling in long term evolution (LTE) 4G wireless communication
US9161325B1 (en) 2013-11-20 2015-10-13 Sprint Communications Company L.P. Subscriber identity module virtualization
US9171243B1 (en) 2013-04-04 2015-10-27 Sprint Communications Company L.P. System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device
US9183606B1 (en) 2013-07-10 2015-11-10 Sprint Communications Company L.P. Trusted processing location within a graphics processing unit
US9185626B1 (en) 2013-10-29 2015-11-10 Sprint Communications Company L.P. Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning
US9183412B2 (en) 2012-08-10 2015-11-10 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9191388B1 (en) 2013-03-15 2015-11-17 Sprint Communications Company L.P. Trusted security zone communication addressing on an electronic device
US9191522B1 (en) 2013-11-08 2015-11-17 Sprint Communications Company L.P. Billing varied service based on tier
US9210576B1 (en) 2012-07-02 2015-12-08 Sprint Communications Company L.P. Extended trusted security zone radio modem
US9208339B1 (en) 2013-08-12 2015-12-08 Sprint Communications Company L.P. Verifying Applications in Virtual Environments Using a Trusted Security Zone
US9215180B1 (en) 2012-08-25 2015-12-15 Sprint Communications Company L.P. File retrieval in real-time brokering of digital content
US9226145B1 (en) 2014-03-28 2015-12-29 Sprint Communications Company L.P. Verification of mobile device integrity during activation
US9230085B1 (en) 2014-07-29 2016-01-05 Sprint Communications Company L.P. Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
US9268959B2 (en) 2012-07-24 2016-02-23 Sprint Communications Company L.P. Trusted security zone access to peripheral devices
US9324016B1 (en) 2013-04-04 2016-04-26 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
WO2016077032A1 (en) * 2014-10-16 2016-05-19 Andreeva Aneta Biometric authentication systems, methods, and media
US9369474B2 (en) * 2014-03-27 2016-06-14 Adobe Systems Incorporated Analytics data validation
US9374363B1 (en) 2013-03-15 2016-06-21 Sprint Communications Company L.P. Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device
EP3038317A1 (en) * 2014-12-27 2016-06-29 Xiaomi Inc. User authentication for resource transfer based on mapping of physiological characteristics
US9443088B1 (en) 2013-04-15 2016-09-13 Sprint Communications Company L.P. Protection for multimedia files pre-downloaded to a mobile device
US9454723B1 (en) 2013-04-04 2016-09-27 Sprint Communications Company L.P. Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device
US9455836B1 (en) * 2011-11-30 2016-09-27 Biobex, Llc Verification of authenticity and responsiveness of biometric evidence and/or other evidence
US9455979B2 (en) 2014-07-31 2016-09-27 Nok Nok Labs, Inc. System and method for establishing trust using secure transmission protocols
US20160292536A1 (en) * 2015-03-30 2016-10-06 Omron Corporation Individual identification device, and identification threshold setting method
US9473945B1 (en) 2015-04-07 2016-10-18 Sprint Communications Company L.P. Infrastructure for secure short message transmission
US9560519B1 (en) 2013-06-06 2017-01-31 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9578664B1 (en) 2013-02-07 2017-02-21 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9577999B1 (en) 2014-05-02 2017-02-21 Nok Nok Labs, Inc. Enhanced security for registration of authentication devices
WO2017035085A1 (en) * 2015-08-21 2017-03-02 Veridium Ip Limited System and method for biometric protocol standards
US9607233B2 (en) 2012-04-20 2017-03-28 Applied Materials Israel Ltd. Classifier readiness and maintenance in automatic defect classification
US9613208B1 (en) 2013-03-13 2017-04-04 Sprint Communications Company L.P. Trusted security zone enhanced with trusted hardware drivers
US9654469B1 (en) 2014-05-02 2017-05-16 Nok Nok Labs, Inc. Web-based user authentication techniques and applications
US9736154B2 (en) 2014-09-16 2017-08-15 Nok Nok Labs, Inc. System and method for integrating an authentication service within a network architecture
US9749131B2 (en) 2014-07-31 2017-08-29 Nok Nok Labs, Inc. System and method for implementing a one-time-password using asymmetric cryptography
US9760785B2 (en) 2013-05-08 2017-09-12 Jpmorgan Chase Bank, N.A. Systems and methods for high fidelity multi-modal out-of-band biometric authentication
US9779232B1 (en) 2015-01-14 2017-10-03 Sprint Communications Company L.P. Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
US9819679B1 (en) 2015-09-14 2017-11-14 Sprint Communications Company L.P. Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
US9817992B1 (en) 2015-11-20 2017-11-14 Sprint Communications Company Lp. System and method for secure USIM wireless network access
CN107358693A (en) * 2017-07-04 2017-11-17 安徽工程大学 A kind of smart lock and method for unlocking
US9832023B2 (en) 2011-10-31 2017-11-28 Biobex, Llc Verification of authenticity and responsiveness of biometric evidence and/or other evidence
US9838868B1 (en) 2015-01-26 2017-12-05 Sprint Communications Company L.P. Mated universal serial bus (USB) wireless dongles configured with destination addresses
US9838869B1 (en) 2013-04-10 2017-12-05 Sprint Communications Company L.P. Delivering digital content to a mobile device via a digital rights clearing house
US9838388B2 (en) 2014-08-26 2017-12-05 Veridium Ip Limited System and method for biometric protocol standards
US9846769B1 (en) * 2011-11-23 2017-12-19 Crimson Corporation Identifying a remote identity request via a biometric device
US9875347B2 (en) 2014-07-31 2018-01-23 Nok Nok Labs, Inc. System and method for performing authentication using data analytics
US9887983B2 (en) 2013-10-29 2018-02-06 Nok Nok Labs, Inc. Apparatus and method for implementing composite authenticators
US9892576B2 (en) 2013-08-02 2018-02-13 Jpmorgan Chase Bank, N.A. Biometrics identification module and personal wearable electronics network based authentication and transaction processing
US9923855B2 (en) 2013-08-01 2018-03-20 Jpmorgan Chase Bank, N.A. Systems and methods for electronic message prioritization
US9961077B2 (en) 2013-05-30 2018-05-01 Nok Nok Labs, Inc. System and method for biometric authentication with device attestation
US10043264B2 (en) 2012-04-19 2018-08-07 Applied Materials Israel Ltd. Integration of automatic and manual defect classification
US10091195B2 (en) 2016-12-31 2018-10-02 Nok Nok Labs, Inc. System and method for bootstrapping a user binding
US10114368B2 (en) 2013-07-22 2018-10-30 Applied Materials Israel Ltd. Closed-loop automatic defect inspection and classification
US10148630B2 (en) 2014-07-31 2018-12-04 Nok Nok Labs, Inc. System and method for implementing a hosted authentication service
US10237420B1 (en) * 2003-03-07 2019-03-19 Wai Wu Method and system for matching entities in an auction
US10237070B2 (en) 2016-12-31 2019-03-19 Nok Nok Labs, Inc. System and method for sharing keys across authenticators
US10235508B2 (en) 2013-05-08 2019-03-19 Jpmorgan Chase Bank, N.A. Systems and methods for high fidelity multi-modal out-of-band biometric authentication with human cross-checking
US10270748B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. Advanced authentication techniques and applications
US10282719B1 (en) 2015-11-12 2019-05-07 Sprint Communications Company L.P. Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
US20190228519A1 (en) * 2018-01-25 2019-07-25 International Business Machines Corporation Anomaly detection using image-based physical characterization
US10499249B1 (en) 2017-07-11 2019-12-03 Sprint Communications Company L.P. Data link layer trust signaling in communication network
CN110678863A (en) * 2017-03-03 2020-01-10 尤金尼奥.小伊尼翁 Access control method, system, device, terminal and computer program product using multi-mode authenticity determination
US10616233B1 (en) * 2011-09-12 2020-04-07 CSC Holdings, LLC Method for securely linking hospital patients to their service provider accounts
US10630679B2 (en) * 2016-11-02 2020-04-21 Ca, Inc. Methods providing authentication during a session using image data and related devices and computer program products
US10637853B2 (en) 2016-08-05 2020-04-28 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
US10718031B1 (en) * 2014-11-03 2020-07-21 Wai Wu Method and system for matching entities in an auction
US10769635B2 (en) 2016-08-05 2020-09-08 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
US20200334344A1 (en) * 2018-12-11 2020-10-22 Steven R. Schwartz Modern authentication
US10868672B1 (en) 2015-06-05 2020-12-15 Apple Inc. Establishing and verifying identity using biometrics while protecting user privacy
US11140171B1 (en) 2015-06-05 2021-10-05 Apple Inc. Establishing and verifying identity using action sequences while protecting user privacy
EP3857414A4 (en) * 2019-02-14 2021-12-29 Samsung Electronics Co., Ltd. Electronic device and control method thereof
US11329980B2 (en) * 2015-08-21 2022-05-10 Veridium Ip Limited System and method for biometric protocol standards
USRE49334E1 (en) 2005-10-04 2022-12-13 Hoffberg Family Trust 2 Multifactorial optimization system and method
US11792024B2 (en) 2019-03-29 2023-10-17 Nok Nok Labs, Inc. System and method for efficient challenge-response authentication
US11831409B2 (en) 2018-01-12 2023-11-28 Nok Nok Labs, Inc. System and method for binding verifiable claims
US11868995B2 (en) 2017-11-27 2024-01-09 Nok Nok Labs, Inc. Extending a secure key storage for transaction confirmation and cryptocurrency
US11876798B2 (en) * 2019-05-20 2024-01-16 Citrix Systems, Inc. Virtual delivery appliance and system with remote authentication and related methods

Families Citing this family (242)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6363164B1 (en) 1996-05-13 2002-03-26 Cummins-Allison Corp. Automated document processing system using full image scanning
US8734339B2 (en) * 1996-12-16 2014-05-27 Ip Holdings, Inc. Electronic skin patch for real time monitoring of cardiac activity and personal health management
US7796013B2 (en) * 2000-01-10 2010-09-14 Ensign Holdings Device using histological and physiological biometric marker for authentication and activation
US8049597B1 (en) 2000-01-10 2011-11-01 Ensign Holdings, Llc Systems and methods for securely monitoring an individual
US8701857B2 (en) 2000-02-11 2014-04-22 Cummins-Allison Corp. System and method for processing currency bills and tickets
KR100380250B1 (en) * 2000-02-21 2003-04-18 트렉 2000 인터네셔널 엘티디. A Portable Data Storage Device
US7536557B2 (en) * 2001-03-22 2009-05-19 Ensign Holdings Method for biometric authentication through layering biometric traits
US20030180940A1 (en) * 2000-08-23 2003-09-25 Watson Julian Mark Composting apparatus with internal transport system
US20120191052A1 (en) 2000-10-06 2012-07-26 Ip Holdings, Inc. Intelligent activated skin patch system
US8218873B2 (en) * 2000-11-06 2012-07-10 Nant Holdings Ip, Llc Object information derived from object images
US9310892B2 (en) 2000-11-06 2016-04-12 Nant Holdings Ip, Llc Object information derived from object images
US8224078B2 (en) 2000-11-06 2012-07-17 Nant Holdings Ip, Llc Image capture and identification system and process
US7565008B2 (en) 2000-11-06 2009-07-21 Evryx Technologies, Inc. Data capture and identification system and process
US7899243B2 (en) 2000-11-06 2011-03-01 Evryx Technologies, Inc. Image capture and identification system and process
US7680324B2 (en) 2000-11-06 2010-03-16 Evryx Technologies, Inc. Use of image-derived information as search criteria for internet and other search engines
US9613483B2 (en) 2000-12-27 2017-04-04 Proxense, Llc Personal digital key and receiver/decoder circuit system and method
US20040111625A1 (en) * 2001-02-14 2004-06-10 Duffy Dominic Gavan Data processing apparatus and method
GB0113255D0 (en) * 2001-05-31 2001-07-25 Scient Generics Ltd Number generator
FR2826811B1 (en) * 2001-06-27 2003-11-07 France Telecom CRYPTOGRAPHIC AUTHENTICATION PROCESS
ATE335236T1 (en) 2001-06-28 2006-08-15 Trek 2000 Int Ltd DATA TRANSFER PROCEDURES AND FACILITIES
WO2003003295A1 (en) * 2001-06-28 2003-01-09 Trek 2000 International Ltd. A portable device having biometrics-based authentication capabilities
NO316489B1 (en) * 2001-10-01 2004-01-26 Genkey As System, portable device and method for digital authentication, encryption and signing by generating volatile but consistent and repeatable crypton keys
US6896118B2 (en) 2002-01-10 2005-05-24 Cummins-Allison Corp. Coin redemption system
CN100520935C (en) * 2002-02-07 2009-07-29 特科2000国际有限公司 Portable data storage and image recording device capable of directy connecting to computer USB port
US7743902B2 (en) 2002-03-11 2010-06-29 Cummins-Allison Corp. Optical coin discrimination sensor and coin processing system using the same
US20060129840A1 (en) * 2002-04-23 2006-06-15 Michael Milgramm Multiplatform independent biometric identification system
GB0228434D0 (en) * 2002-12-05 2003-01-08 Scient Generics Ltd Error correction
DE60309176T2 (en) * 2002-05-31 2007-09-06 Scientific Generics Ltd., Harston BIOMETRIC AUTHENTICATION SYSTEM
TW588243B (en) * 2002-07-31 2004-05-21 Trek 2000 Int Ltd System and method for authentication
US7181627B2 (en) * 2002-08-01 2007-02-20 Freescale Semiconductor, Inc. Biometric system for replacing password or pin terminals
US20040034784A1 (en) * 2002-08-15 2004-02-19 Fedronic Dominique Louis Joseph System and method to facilitate separate cardholder and system access to resources controlled by a smart card
US7748039B2 (en) 2002-08-30 2010-06-29 Symantec Corporation Method and apparatus for detecting malicious code in an information handling system
US7832011B2 (en) 2002-08-30 2010-11-09 Symantec Corporation Method and apparatus for detecting malicious code in an information handling system
US7509679B2 (en) * 2002-08-30 2009-03-24 Symantec Corporation Method, system and computer program product for security in a global computer network transaction
US7331062B2 (en) 2002-08-30 2008-02-12 Symantec Corporation Method, computer software, and system for providing end to end security protection of an online transaction
US8171567B1 (en) 2002-09-04 2012-05-01 Tracer Detection Technology Corp. Authentication method and system
US7225461B2 (en) * 2002-09-04 2007-05-29 Hitachi, Ltd. Method for updating security information, client, server and management computer therefor
US7571472B2 (en) * 2002-12-30 2009-08-04 American Express Travel Related Services Company, Inc. Methods and apparatus for credential validation
US7404086B2 (en) * 2003-01-24 2008-07-22 Ac Technology, Inc. Method and apparatus for biometric authentication
US20040177258A1 (en) * 2003-03-03 2004-09-09 Ong Peng T. Secure object for convenient identification
US8393455B2 (en) 2003-03-12 2013-03-12 Cummins-Allison Corp. Coin processing device having a moveable coin receptacle station
CN1774687A (en) * 2003-04-14 2006-05-17 松下电器产业株式会社 Client end server authenticationn using challenge response principle
US8145743B2 (en) * 2003-04-17 2012-03-27 International Business Machines Corporation Administering devices in dependence upon user metric vectors
US7779114B2 (en) * 2003-04-17 2010-08-17 International Business Machines Corporation Method and system for administering devices with multiple user metric spaces
JP2004342073A (en) * 2003-04-25 2004-12-02 Nec Corp Fingerprint authentication system and method
US7406601B2 (en) * 2003-05-23 2008-07-29 Activecard Ireland, Ltd. Secure messaging for security token
US20040249825A1 (en) * 2003-06-05 2004-12-09 International Business Machines Corporation Administering devices with dynamic action lists
US7437443B2 (en) 2003-07-02 2008-10-14 International Business Machines Corporation Administering devices with domain state objects
US20050235139A1 (en) * 2003-07-10 2005-10-20 Hoghaug Robert J Multiple user desktop system
US20050050137A1 (en) * 2003-08-29 2005-03-03 International Business Machines Corporation Administering devices in dependence upon metric patterns
US20060266157A1 (en) * 2003-09-05 2006-11-30 Dai Nippon Toryo Co., Ltd. Metal fine particles, composition containing the same, and production method for producing metal fine particles
US8007839B2 (en) * 2003-10-03 2011-08-30 International Flavors & Fragrances Conjugated dienamides, methods of production thereof, compositions containing same and uses thereof
US7461143B2 (en) * 2003-10-23 2008-12-02 International Business Machines Corporation Administering devices including allowed action lists
US20090106558A1 (en) * 2004-02-05 2009-04-23 David Delgrosso System and Method for Adding Biometric Functionality to an Application and Controlling and Managing Passwords
JP4556103B2 (en) * 2004-02-24 2010-10-06 ソニー株式会社 Encryption apparatus and encryption method
JP4576132B2 (en) * 2004-02-25 2010-11-04 株式会社リコー Authentication method and authentication apparatus
US20050193201A1 (en) * 2004-02-26 2005-09-01 Mahfuzur Rahman Accessing and controlling an electronic device using session initiation protocol
US9020854B2 (en) 2004-03-08 2015-04-28 Proxense, Llc Linked account system using personal digital key (PDK-LAS)
US7836301B2 (en) * 2004-03-10 2010-11-16 Harris Steven M Computer program for securely viewing a file
US20050210247A1 (en) * 2004-03-18 2005-09-22 Ong Peng T Method of virtual challenge response authentication
US20050208803A1 (en) * 2004-03-19 2005-09-22 Ceelox, Inc. Method for real time synchronization of a computing device user-definable profile to an external storage device
US8296573B2 (en) * 2004-04-06 2012-10-23 International Business Machines Corporation System and method for remote self-enrollment in biometric databases
GB0413034D0 (en) * 2004-06-10 2004-07-14 Scient Generics Ltd Secure workflow engine
CA2471055A1 (en) * 2004-06-16 2005-12-16 Qualtech Technical Sales Inc. A network security enforcement system
US7386448B1 (en) * 2004-06-24 2008-06-10 T-Netix, Inc. Biometric voice authentication
EP1810233A4 (en) * 2004-06-30 2009-04-29 Mediatile Company Apparatus and method for distributing audiovisual content to a point of purchase location
US20060041507A1 (en) * 2004-08-13 2006-02-23 Sbc Knowledge Ventures L.P. Pluggable authentication for transaction tool management services
US8523641B2 (en) * 2004-09-15 2013-09-03 Cummins-Allison Corp. System, method and apparatus for automatically filling a coin cassette
US9934640B2 (en) 2004-09-15 2018-04-03 Cummins-Allison Corp. System, method and apparatus for repurposing currency
JP4340618B2 (en) * 2004-10-08 2009-10-07 富士通株式会社 Biometric information authentication apparatus and method, biometric information authentication program, and computer-readable recording medium recording the biometric information authentication program
EP1659473A1 (en) * 2004-11-22 2006-05-24 Swisscom Mobile AG Method and user device for the reproduction of a file
IL165586A0 (en) * 2004-12-06 2006-01-15 Daphna Palti Wasserman Multivariate dynamic biometrics system
RU2007127725A (en) 2004-12-20 2009-01-27 ПРОКСЕНС, ЭлЭлСи (US) PERSONAL DATA (PDK) AUTHENTICATION BY BIOMETRIC KEY
US8438400B2 (en) * 2005-01-11 2013-05-07 Indigo Identityware, Inc. Multiple user desktop graphical identification and authentication
US7522750B2 (en) * 2005-01-18 2009-04-21 International Biometrics Recognition Technologies Co., Ltd. Biometrics verification system and a method thereof
US8602200B2 (en) 2005-02-10 2013-12-10 Cummins-Allison Corp. Method and apparatus for varying coin-processing machine receptacle limits
US20070136581A1 (en) * 2005-02-15 2007-06-14 Sig-Tec Secure authentication facility
US8356104B2 (en) * 2005-02-15 2013-01-15 Indigo Identityware, Inc. Secure messaging facility system
EP1864239A2 (en) * 2005-03-18 2007-12-12 Koninklijke Philips Electronics N.V. Biometric protection of a protected object
US20060222210A1 (en) * 2005-03-31 2006-10-05 Hitachi, Ltd. System, method and computer program product for determining whether to accept a subject for enrollment
US7822972B2 (en) * 2005-04-05 2010-10-26 Mcafee, Inc. Remotely configurable bridge system and method for use in secure wireless networks
US7757274B2 (en) * 2005-04-05 2010-07-13 Mcafee, Inc. Methods and systems for exchanging security information via peer-to-peer wireless networks
US7606370B2 (en) * 2005-04-05 2009-10-20 Mcafee, Inc. System, method and computer program product for updating security criteria in wireless networks
US7761710B2 (en) * 2005-04-05 2010-07-20 Mcafee, Inc. Captive portal system and method for use in peer-to-peer networks
JP4466859B2 (en) * 2005-05-12 2010-05-26 横河電機株式会社 Alarm management device
CN101185281A (en) * 2005-06-01 2008-05-21 皇家飞利浦电子股份有限公司 Template renewal in helper data systems
US8646070B1 (en) * 2005-06-30 2014-02-04 Emc Corporation Verifying authenticity in data storage management systems
JP4813109B2 (en) * 2005-06-30 2011-11-09 富士通株式会社 Biometric authentication method and biometric authentication system
US8819202B1 (en) * 2005-08-01 2014-08-26 Oracle America, Inc. Service configuration and deployment engine for provisioning automation
US20080289032A1 (en) * 2005-08-04 2008-11-20 Osamu Aoki Computer Control Method and Computer Control System Using an Externally Connected Device
JP4813133B2 (en) * 2005-09-20 2011-11-09 富士通株式会社 Biometric authentication method and biometric authentication system
WO2007044570A2 (en) 2005-10-05 2007-04-19 Cummins-Allison Corp. Currency processing system with fitness detection
US8020190B2 (en) * 2005-10-14 2011-09-13 Sdc Software, Inc. Enhanced browser security
ATE495504T1 (en) * 2005-10-26 2011-01-15 Swisscom Ag METHOD AND COMMUNICATION SYSTEM FOR COMPARING BIOMETRIC DATA RECORDED WITH BIOMETRIC SENSORS WITH REFERENCE DATA
US20070140145A1 (en) * 2005-12-21 2007-06-21 Surender Kumar System, method and apparatus for authentication of nodes in an Ad Hoc network
US8219129B2 (en) 2006-01-06 2012-07-10 Proxense, Llc Dynamic real-time tiered client access
US11206664B2 (en) 2006-01-06 2021-12-21 Proxense, Llc Wireless network synchronization of cells and client devices on a network
IL173039A0 (en) * 2006-01-09 2007-07-04 Nds Ltd Authentication with a smart card and a set top box on a network
KR100729813B1 (en) * 2006-01-20 2007-06-18 (주)자이리스 Photographing appararus for iris authentication, photographing module for iris authentication and terminal having the same
US8700902B2 (en) * 2006-02-13 2014-04-15 At&T Intellectual Property I, L.P. Methods and apparatus to certify digital signatures
GB2435712B (en) * 2006-03-02 2008-05-28 Microsaic Ltd Personalised mass spectrometer
FR2898448A1 (en) * 2006-03-07 2007-09-14 France Telecom AUTHENTICATION OF A COMPUTER DEVICE AT THE USER LEVEL
US7980378B2 (en) 2006-03-23 2011-07-19 Cummins-Allison Corporation Systems, apparatus, and methods for currency processing control and redemption
DE102006019362A1 (en) * 2006-04-21 2007-10-25 Deutsche Telekom Ag Method and device for verifying the identity of a user of various telecommunications services by means of biometric features
US7904718B2 (en) 2006-05-05 2011-03-08 Proxense, Llc Personal digital key differentiation for secure transactions
US20080010482A1 (en) * 2006-06-13 2008-01-10 Microsoft Corporation Remote control of a media computing device
WO2007146437A2 (en) 2006-06-14 2007-12-21 Agent Science Technologies, Inc. User authentication system
WO2007149341A2 (en) 2006-06-14 2007-12-27 Agent Science Technologies, Inc. System to associate a demographic to a user of an electronic system
CN101529399B (en) * 2006-06-30 2014-12-03 网络通保安有限公司 Proxy server and proxy method
WO2008008473A2 (en) 2006-07-11 2008-01-17 Agent Science Technologies, Inc. Behaviormetrics application system for electronic transaction authorization
US8077933B1 (en) * 2006-09-06 2011-12-13 Fiske Software, Llc Matching prints with feature collections
US8843754B2 (en) * 2006-09-15 2014-09-23 Identity Metrics, Inc. Continuous user identification and situation analysis with identification of anonymous users through behaviormetrics
US8452978B2 (en) * 2006-09-15 2013-05-28 Identity Metrics, LLC System and method for user authentication and dynamic usability of touch-screen devices
JP2008097438A (en) * 2006-10-13 2008-04-24 Hitachi Ltd User authentication system, authentication server, terminal, and tamper-proof device
US7773779B2 (en) * 2006-10-19 2010-08-10 I.Q.S. Shalev Ltd. Biometric systems
EP2104894A4 (en) * 2006-10-30 2010-03-31 Telcordia Tech Inc Method and system to support scalable application level communication between mobile device and a centralized application server
JP2008117333A (en) * 2006-11-08 2008-05-22 Sony Corp Information processor, information processing method, individual identification device, dictionary data generating and updating method in individual identification device and dictionary data generating and updating program
US9269221B2 (en) 2006-11-13 2016-02-23 John J. Gobbi Configuration of interfaces for a location detection system and application
US20080209226A1 (en) * 2007-02-28 2008-08-28 Microsoft Corporation User Authentication Via Biometric Hashing
JP4867760B2 (en) * 2007-03-30 2012-02-01 ソニー株式会社 Information processing apparatus and method, and information processing system
US8571996B2 (en) * 2007-04-20 2013-10-29 N.P. Johnson Family Limited Partnership Apparatus and method for secured commercial transactions
US8914847B2 (en) * 2007-06-15 2014-12-16 Microsoft Corporation Multiple user authentications on a communications device
GB2451239B (en) 2007-07-23 2009-07-08 Microsaic Systems Ltd Microengineered electrode assembly
US20090070266A1 (en) * 2007-09-07 2009-03-12 Shah Rahul C System and method for physiological data authentication and bundling with delayed binding of individual identification
WO2009062194A1 (en) 2007-11-09 2009-05-14 Proxense, Llc Proximity-sensor supporting multiple application services
US8171528B1 (en) 2007-12-06 2012-05-01 Proxense, Llc Hybrid device having a personal digital key and receiver-decoder circuit and methods of use
US9251332B2 (en) 2007-12-19 2016-02-02 Proxense, Llc Security system and method for controlling access to computing resources
US8401244B2 (en) * 2007-12-21 2013-03-19 General Instrument Corporation Method and system for securely authenticating user identity information
US8621561B2 (en) * 2008-01-04 2013-12-31 Microsoft Corporation Selective authorization based on authentication input attributes
US9378346B2 (en) * 2008-01-24 2016-06-28 Blackberry Limited Optimized biometric authentication method and system
US8838989B2 (en) * 2008-01-24 2014-09-16 Blackberry Limited Optimized biometric authentication method and system
US8418170B2 (en) * 2008-01-29 2013-04-09 Flexera Software Llc Method and system for assessing deployment and un-deployment of software installations
US8508336B2 (en) 2008-02-14 2013-08-13 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
US8150108B2 (en) * 2008-03-17 2012-04-03 Ensign Holdings, Llc Systems and methods of identification based on biometric parameters
US11120449B2 (en) 2008-04-08 2021-09-14 Proxense, Llc Automated service-based order processing
US8468358B2 (en) 2010-11-09 2013-06-18 Veritrix, Inc. Methods for identifying the guarantor of an application
US8006291B2 (en) * 2008-05-13 2011-08-23 Veritrix, Inc. Multi-channel multi-factor authentication
US8516562B2 (en) 2008-05-13 2013-08-20 Veritrix, Inc. Multi-channel multi-factor authentication
US8536976B2 (en) * 2008-06-11 2013-09-17 Veritrix, Inc. Single-channel multi-factor authentication
US8156318B2 (en) * 2008-06-04 2012-04-10 Intel Corporation Storing a device management encryption key in a network interface controller
US8166297B2 (en) 2008-07-02 2012-04-24 Veritrix, Inc. Systems and methods for controlling access to encrypted data stored on a mobile device
US10146926B2 (en) * 2008-07-18 2018-12-04 Microsoft Technology Licensing, Llc Differentiated authentication for compartmentalized computing resources
US8438382B2 (en) * 2008-08-06 2013-05-07 Symantec Corporation Credential management system and method
US20100083000A1 (en) * 2008-09-16 2010-04-01 Validity Sensors, Inc. Fingerprint Sensor Device and System with Verification Token and Methods of Using
WO2010051342A1 (en) 2008-11-03 2010-05-06 Veritrix, Inc. User authentication for social networks
JP2010140467A (en) * 2008-11-13 2010-06-24 Hitachi Ltd Biometric authentication method, biometric authentication system, ic card and terminal
US8533815B1 (en) * 2009-02-03 2013-09-10 Scout Analytics, Inc. False reject mitigation using non-biometric authentication
WO2010103663A1 (en) * 2009-03-13 2010-09-16 富士通株式会社 Person authentication system and person authentication method
US7685629B1 (en) 2009-08-05 2010-03-23 Daon Holdings Limited Methods and systems for authenticating users
US8443202B2 (en) 2009-08-05 2013-05-14 Daon Holdings Limited Methods and systems for authenticating users
US7865937B1 (en) 2009-08-05 2011-01-04 Daon Holdings Limited Methods and systems for authenticating users
US20110083170A1 (en) * 2009-10-06 2011-04-07 Validity Sensors, Inc. User Enrollment via Biometric Device
US9400911B2 (en) 2009-10-30 2016-07-26 Synaptics Incorporated Fingerprint sensor and integratable electronic display
US9274553B2 (en) 2009-10-30 2016-03-01 Synaptics Incorporated Fingerprint sensor and integratable electronic display
US9336428B2 (en) 2009-10-30 2016-05-10 Synaptics Incorporated Integrated fingerprint sensor and display
US8656486B2 (en) 2010-02-12 2014-02-18 Authentec, Inc. Biometric sensor for human presence detection and associated methods
US9418205B2 (en) 2010-03-15 2016-08-16 Proxense, Llc Proximity-based system for automatic application or data access and item tracking
JP5505007B2 (en) * 2010-03-18 2014-05-28 富士通株式会社 Image processing apparatus, image processing method, and computer program for image processing
US8826030B2 (en) * 2010-03-22 2014-09-02 Daon Holdings Limited Methods and systems for authenticating users
DE102010013202A1 (en) * 2010-03-29 2011-09-29 Giesecke & Devrient Gmbh A method for securely transferring an application from a server to a reader device
US9098333B1 (en) 2010-05-07 2015-08-04 Ziften Technologies, Inc. Monitoring computer process resource usage
US10216786B2 (en) * 2010-05-13 2019-02-26 Iomniscient Pty Ltd. Automatic identity enrolment
US9319625B2 (en) * 2010-06-25 2016-04-19 Sony Corporation Content transfer system and communication terminal
US9322974B1 (en) 2010-07-15 2016-04-26 Proxense, Llc. Proximity-based system for object tracking
CN103155509B (en) * 2010-08-04 2016-10-26 黑莓有限公司 For the method and apparatus providing continuous certification based on dynamic personal information
WO2012042634A1 (en) * 2010-09-30 2012-04-05 富士通株式会社 Biometric authentication device, biometric authentication program and method
US20120117633A1 (en) * 2010-11-04 2012-05-10 International Business Machines Corporation Enhanced Security For Pervasive Devices Using A Weighting System
US8504831B2 (en) * 2010-12-07 2013-08-06 At&T Intellectual Property I, L.P. Systems, methods, and computer program products for user authentication
US8545295B2 (en) 2010-12-17 2013-10-01 Cummins-Allison Corp. Coin processing systems, methods and devices
US9265450B1 (en) 2011-02-21 2016-02-23 Proxense, Llc Proximity-based system for object tracking and automatic application initialization
US8710956B2 (en) * 2011-06-06 2014-04-29 Leonard P. Longo Fingerprinting apparatus, system, and method
US8474014B2 (en) 2011-08-16 2013-06-25 Veritrix, Inc. Methods for the secure use of one-time passwords
US8505079B2 (en) * 2011-10-23 2013-08-06 Gopal Nandakumar Authentication system and related method
US8566957B2 (en) * 2011-10-23 2013-10-22 Gopal Nandakumar Authentication system
US8533802B2 (en) * 2011-10-23 2013-09-10 Gopal Nandakumar Authentication system and related method
US8713656B2 (en) * 2011-10-23 2014-04-29 Gopal Nandakumar Authentication method
US8800014B2 (en) 2011-10-23 2014-08-05 Gopal Nandakumar Authentication method
US20130127909A1 (en) * 2011-11-23 2013-05-23 VizKinect Inc. Multiple simultaneous biometric data acquisition and display system and method of use
FR2988197B1 (en) * 2012-03-19 2015-01-02 Morpho GENERATION AND IDENTITY VERIFICATION METHOD WITH THE UNICITY OF A CARRIER-OBJECT COUPLE
US8997193B2 (en) * 2012-05-14 2015-03-31 Sap Se Single sign-on for disparate servers
EP2672672A1 (en) * 2012-06-07 2013-12-11 Alcatel-Lucent Secure data processing
US9589399B2 (en) 2012-07-02 2017-03-07 Synaptics Incorporated Credential quality assessment engine systems and methods
US9092924B1 (en) 2012-08-31 2015-07-28 Cummins-Allison Corp. Disk-type coin processing unit with angled sorting head
US9165130B2 (en) 2012-11-21 2015-10-20 Ca, Inc. Mapping biometrics to a unique key
US9306754B2 (en) 2012-12-28 2016-04-05 Nok Nok Labs, Inc. System and method for implementing transaction signing within an authentication framework
US9015482B2 (en) 2012-12-28 2015-04-21 Nok Nok Labs, Inc. System and method for efficiently enrolling, registering, and authenticating with multiple authentication devices
US9219732B2 (en) * 2012-12-28 2015-12-22 Nok Nok Labs, Inc. System and method for processing random challenges within an authentication framework
US9172687B2 (en) 2012-12-28 2015-10-27 Nok Nok Labs, Inc. Query system and method to determine authentication capabilities
US9083689B2 (en) 2012-12-28 2015-07-14 Nok Nok Labs, Inc. System and method for implementing privacy classes within an authentication framework
US20190068589A1 (en) * 2013-01-09 2019-02-28 Chris Outwater Range of Motion Tracking System
JP5966943B2 (en) * 2013-01-23 2016-08-10 富士ゼロックス株式会社 Plug-in distribution system, image processing apparatus, and plug-in distribution control method
US9203835B2 (en) * 2013-03-01 2015-12-01 Paypal, Inc. Systems and methods for authenticating a user based on a biometric model associated with the user
US9305154B2 (en) 2013-03-15 2016-04-05 Qualcomm Incorporated Method and apparatus for requesting and providing access to information associated with an image
US9286528B2 (en) * 2013-04-16 2016-03-15 Imageware Systems, Inc. Multi-modal biometric database searching methods
WO2014183106A2 (en) 2013-05-10 2014-11-13 Proxense, Llc Secure element as a digital pocket
US9246934B2 (en) * 2013-05-15 2016-01-26 Jason Allen Sabin Method and system of attack surface detection
US20140359757A1 (en) * 2013-06-03 2014-12-04 Qualcomm Incorporated User authentication biometrics in mobile devices
US9262003B2 (en) 2013-11-04 2016-02-16 Qualcomm Incorporated Piezoelectric force sensing array
US9323393B2 (en) 2013-06-03 2016-04-26 Qualcomm Incorporated Display with peripherally configured ultrasonic biometric sensor
EP3014836B1 (en) * 2013-06-24 2019-08-07 Telefonica Digital España, S.L.U. Method, communication system and computer program product for biometric authentication and authorization
ES2701613T3 (en) * 2013-06-24 2019-02-25 Telefonica Digital Espana Slu A method implemented by computer to prevent attacks against user authentication and software products thereof
DE102013219375A1 (en) * 2013-09-26 2015-03-26 Siemens Aktiengesellschaft Customize access rules for a data exchange between a first network and a second network
FR3014225B1 (en) * 2013-12-02 2015-12-25 Advanced Track & Trace METHOD AND DEVICE FOR SECURING ACCESS TO A MESSAGE
US10032008B2 (en) * 2014-02-23 2018-07-24 Qualcomm Incorporated Trust broker authentication method for mobile devices
US9344419B2 (en) 2014-02-27 2016-05-17 K.Y. Trix Ltd. Methods of authenticating users to a site
CN103942480A (en) * 2014-04-14 2014-07-23 惠州Tcl移动通信有限公司 Method and system for achieving mobile terminal screen unlocking through matching of retina information
EP3540622B1 (en) * 2014-06-09 2021-04-28 Aware, Inc. System and method for performing biometric operations in parallel
US9916713B1 (en) 2014-07-09 2018-03-13 Cummins-Allison Corp. Systems, methods and devices for processing coins utilizing normal or near-normal and/or high-angle of incidence lighting
US10685523B1 (en) 2014-07-09 2020-06-16 Cummins-Allison Corp. Systems, methods and devices for processing batches of coins utilizing coin imaging sensor assemblies
US9501885B1 (en) 2014-07-09 2016-11-22 Cummins-Allison Corp. Systems, methods and devices for processing coins utilizing near-normal and high-angle of incidence lighting
US9508208B1 (en) 2014-07-25 2016-11-29 Cummins Allison Corp. Systems, methods and devices for processing coins with linear array of coin imaging sensors
US9430893B1 (en) 2014-08-06 2016-08-30 Cummins-Allison Corp. Systems, methods and devices for managing rejected coins during coin processing
EP3186739B1 (en) * 2014-08-29 2019-07-10 Mastercard International Incorporated Secure on device cardholder authentication using biometric data
US9195879B1 (en) 2014-08-31 2015-11-24 Qualcomm Incorporated Air/object determination for biometric sensors
US9665763B2 (en) * 2014-08-31 2017-05-30 Qualcomm Incorporated Finger/non-finger determination for biometric sensors
US9582705B2 (en) 2014-08-31 2017-02-28 Qualcomm Incorporated Layered filtering for biometric sensors
US20160085420A1 (en) * 2014-09-22 2016-03-24 United Video Properties, Inc. Methods and systems for recalibrating a user device based on the age of a user
WO2016070029A1 (en) * 2014-10-31 2016-05-06 Florida Atlantic University Secure and noise-tolerant digital authentication or identification
SE1451336A1 (en) * 2014-11-07 2016-05-08 Fingerprint Cards Ab Enrolling templates for biometric authentication
US10089812B1 (en) 2014-11-11 2018-10-02 Cummins-Allison Corp. Systems, methods and devices for processing coins utilizing a multi-material coin sorting disk
US9584489B2 (en) * 2015-01-29 2017-02-28 Google Inc. Controlling access to resource functions at a control point of the resource via a user device
CN104715242A (en) * 2015-03-27 2015-06-17 刘学明 Identity authentication system and method based on two-dimensional iris codes
US9875593B1 (en) 2015-08-07 2018-01-23 Cummins-Allison Corp. Systems, methods and devices for coin processing and coin recycling
US11157905B2 (en) * 2015-08-29 2021-10-26 Mastercard International Incorporated Secure on device cardholder authentication using biometric data
US10235303B2 (en) 2015-09-10 2019-03-19 Qualcomm Incorporated Secure entry and exit for software modules protected by controlled encryption key management
KR102396249B1 (en) * 2015-10-14 2022-05-09 삼성전자주식회사 Method and apparatus for user authentication using Raman spectrum
CN105824547A (en) * 2016-03-15 2016-08-03 南京工程学院 Intelligent mobile phone unlocking method
GB2546567B (en) * 2016-06-02 2019-05-08 Univ Plymouth Method of associating a person with a digital object
GB2552721A (en) 2016-08-03 2018-02-07 Cirrus Logic Int Semiconductor Ltd Methods and apparatus for authentication in an electronic device
GB2545534B (en) 2016-08-03 2019-11-06 Cirrus Logic Int Semiconductor Ltd Methods and apparatus for authentication in an electronic device
US10679449B2 (en) 2016-10-18 2020-06-09 Cummins-Allison Corp. Coin sorting head and coin processing system using the same
US10181234B2 (en) 2016-10-18 2019-01-15 Cummins-Allison Corp. Coin sorting head and coin processing system using the same
GB2555660B (en) * 2016-11-07 2019-12-04 Cirrus Logic Int Semiconductor Ltd Methods and apparatus for authentication in an electronic device
US11074325B1 (en) * 2016-11-09 2021-07-27 Wells Fargo Bank, N.A. Systems and methods for dynamic bio-behavioral authentication
US11716331B2 (en) 2017-07-14 2023-08-01 Offpad As Authentication method, an authentication device and a system comprising the authentication device
TW201915804A (en) * 2017-09-13 2019-04-16 江國慶 Portable device with thermal sensor
US11470475B2 (en) * 2017-10-13 2022-10-11 Visa International Service Association Mitigating risk for hands-free interactions
US10861017B2 (en) * 2018-03-29 2020-12-08 Ncr Corporation Biometric index linking and processing
GB2582055B (en) 2019-01-04 2022-10-12 Cummins Allison Corp Coin pad for coin processing system
KR20200100481A (en) * 2019-02-18 2020-08-26 삼성전자주식회사 Electronic device for authenticating biometric information and operating method thereof
US11880890B2 (en) * 2021-02-08 2024-01-23 Mastercard International Incorporated Detecting money laundering activities using drift in a trained Siamese neural network
WO2022197802A1 (en) * 2021-03-17 2022-09-22 Apple Inc. Split processing of biometric data

Citations (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5499297A (en) * 1992-04-17 1996-03-12 Secure Computing Corporation System and method for trusted path communications
US5613012A (en) * 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system
US5841888A (en) * 1996-01-23 1998-11-24 Harris Corporation Method for fingerprint indexing and searching
US5857028A (en) * 1996-01-11 1999-01-05 Frieling; Edward Computer access control by finger anatomy and comprehension testing
US5892838A (en) * 1996-06-11 1999-04-06 Minnesota Mining And Manufacturing Company Biometric recognition using a classification neural network
US5930804A (en) * 1997-06-09 1999-07-27 Philips Electronics North America Corporation Web-based biometric authentication system and method
US5966705A (en) * 1997-06-30 1999-10-12 Microsoft Corporation Tracking a user across both secure and non-secure areas on the Internet, wherein the users is initially tracked using a globally unique identifier
US5982913A (en) * 1997-03-25 1999-11-09 The United States Of America As Represented By The National Security Agency Method of verification using a subset of claimant's fingerprint
US5982914A (en) * 1997-07-29 1999-11-09 Smarttouch, Inc. Identification of individuals from association of finger pores and macrofeatures
US5999637A (en) * 1995-09-28 1999-12-07 Hamamatsu Photonics K.K. Individual identification apparatus for selectively recording a reference pattern based on a correlation with comparative patterns
US6018739A (en) * 1997-05-15 2000-01-25 Raytheon Company Biometric personnel identification system
US6023723A (en) * 1997-12-22 2000-02-08 Accepted Marketing, Inc. Method and system for filtering unwanted junk e-mail utilizing a plurality of filtering mechanisms
US6035403A (en) * 1996-09-11 2000-03-07 Hush, Inc. Biometric based method for software distribution
US6047281A (en) * 1997-12-05 2000-04-04 Authentec, Inc. Method and apparatus for expandable biometric searching
US6047282A (en) * 1997-12-05 2000-04-04 Authentec, Inc. Apparatus and method for expandable biometric searching
US6070159A (en) * 1997-12-05 2000-05-30 Authentec, Inc. Method and apparatus for expandable biometric searching
US6076167A (en) * 1996-12-04 2000-06-13 Dew Engineering And Development Limited Method and system for improving security in network applications
US6167517A (en) * 1998-04-09 2000-12-26 Oracle Corporation Trusted biometric client authentication
US6178505B1 (en) * 1997-03-10 2001-01-23 Internet Dynamics, Inc. Secure delivery of information in a network
US6202159B1 (en) * 1999-06-30 2001-03-13 International Business Machines Corporation Vault controller dispatcher and methods of operation for handling interaction between browser sessions and vault processes in electronic business systems
US20010000045A1 (en) * 1998-12-09 2001-03-15 Yuan-Pin Yu Web-based, biometric authentication system and method
US6212290B1 (en) * 1989-11-02 2001-04-03 Tms, Inc. Non-minutiae automatic fingerprint identification system and methods
US6289111B1 (en) * 1992-10-27 2001-09-11 Jasper Consulting, Inc. Modifying a database using an identification form
US6292795B1 (en) * 1998-05-30 2001-09-18 International Business Machines Corporation Indexed file system and a method and a mechanism for accessing data records from such a system
US6301376B1 (en) * 1997-05-07 2001-10-09 Georgi H. Draganoff Segmented sliding yardsticks error tolerant fingerprint enrollment and verification system and method
US20010034836A1 (en) * 2000-01-31 2001-10-25 Netmarks Inc. System for secure certification of network
US20010036299A1 (en) * 1998-05-15 2001-11-01 Andrew William Senior Combined fingerprint acquisition and control device
US6317834B1 (en) * 1999-01-29 2001-11-13 International Business Machines Corporation Biometric authentication system with encrypted models
US6334124B1 (en) * 1997-10-06 2001-12-25 Ventro Corporation Techniques for improving index searches in a client-server environment
US6338066B1 (en) * 1998-09-25 2002-01-08 International Business Machines Corporation Surfaid predictor: web-based system for predicting surfer behavior
US20020024419A1 (en) * 1997-04-16 2002-02-28 Dunn Christopher S. Method of detecting authorised biometric information sensor
US20020038426A1 (en) * 2000-09-28 2002-03-28 Marcus Pettersson Method and a system for improving logon security in network applications
US20020055912A1 (en) * 2000-10-20 2002-05-09 Byron Buck Network and method for facilitating on-line privacy
US6393424B1 (en) * 1999-12-29 2002-05-21 Networks Associates, Inc. Method and apparatus for using a static metadata object to reduce database accesses
US20020066040A1 (en) * 2000-11-30 2002-05-30 Roman Rozenberg Secure computerized network access system and method
US20020101857A1 (en) * 2001-01-31 2002-08-01 Tantivy Communications, Inc. Achieving PPP mobility via the mobile IP infrastructure
US6438690B1 (en) * 1998-06-04 2002-08-20 International Business Machines Corp. Vault controller based registration application serving web based registration authorities and end users for conducting electronic commerce in secure end-to-end distributed information system
US20020184509A1 (en) * 1998-02-13 2002-12-05 Scheidt Edward M. Multiple factor-based user identification and authentication
US20030046589A1 (en) * 1997-06-11 2003-03-06 Gregg Richard L. System and method for securing transactions and computer resources with an untrusted network
US20030105966A1 (en) * 2001-05-02 2003-06-05 Eric Pu Authentication server using multiple metrics for identity verification
US6651168B1 (en) * 1999-01-29 2003-11-18 International Business Machines, Corp. Authentication framework for multiple authentication processes and mechanisms
US6678821B1 (en) * 2000-03-23 2004-01-13 E-Witness Inc. Method and system for restricting access to the private key of a user in a public key infrastructure
US6691232B1 (en) * 1999-08-05 2004-02-10 Sun Microsystems, Inc. Security architecture with environment sensitive credential sufficiency evaluation
US6711682B1 (en) * 2000-02-09 2004-03-23 Microsoft Corporation Online service registration system and method
US6728884B1 (en) * 1999-10-01 2004-04-27 Entrust, Inc. Integrating heterogeneous authentication and authorization mechanisms into an application access control system
US6751733B1 (en) * 1998-09-11 2004-06-15 Mitsubishi Denki Kabushiki Kaisha Remote authentication system
US7024562B1 (en) * 2000-06-29 2006-04-04 Optisec Technologies Ltd. Method for carrying out secure digital signature and a system therefor
US7246243B2 (en) * 2000-05-16 2007-07-17 Nec Corporation Identification system and method for authenticating user transaction requests from end terminals

Family Cites Families (106)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4993068A (en) 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system
US5263165A (en) 1990-02-15 1993-11-16 International Business Machines Corporation System for providing user access control within a distributed data processing system having multiple resource managers
US5560005A (en) 1994-02-25 1996-09-24 Actamed Corp. Methods and systems for object-based relational distributed databases
US5721906A (en) 1994-03-24 1998-02-24 Ncr Corporation Multiple repositories of computer resources, transparent to user
DE69501327T3 (en) 1994-03-24 2005-12-22 Minnesota Mining And Mfg. Co., Saint Paul Biometric personal authentication system
US5625816A (en) 1994-04-05 1997-04-29 Advanced Micro Devices, Inc. Method and system for generating product performance history
US5768577A (en) 1994-09-29 1998-06-16 International Business Machines Corporation Performance optimization in a heterogeneous, distributed database environment
US5802199A (en) 1994-11-28 1998-09-01 Smarttouch, Llc Use sensitive identification system
EP0718784B1 (en) 1994-12-20 2003-08-27 Sun Microsystems, Inc. Method and system for the retrieval of personalized information
US5694596A (en) 1995-05-25 1997-12-02 Kangaroo, Inc. On-line database updating network system and method
US5721914A (en) 1995-09-14 1998-02-24 Mci Corporation System and method for hierarchical data distribution
JP3279913B2 (en) * 1996-03-18 2002-04-30 株式会社東芝 Person authentication device, feature point extraction device, and feature point extraction method
US5857188A (en) 1996-04-29 1999-01-05 Ncr Corporation Management of client requests in a client-server environment
US6151643A (en) * 1996-06-07 2000-11-21 Networks Associates, Inc. Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer
DK0932398T3 (en) 1996-06-28 2006-09-25 Ortho Mcneil Pharm Inc Use of topiramate or derivatives thereof for the manufacture of a medicament for the treatment of manic depressive bipolar disorders
US6144962A (en) 1996-10-15 2000-11-07 Mercury Interactive Corporation Visualization of web sites and hierarchical data structures
ATE227868T1 (en) * 1996-10-15 2002-11-15 Swisscom Ag METHOD FOR VERIFYING A SPEAKER
US5844497A (en) * 1996-11-07 1998-12-01 Litronic, Inc. Apparatus and method for providing an authentication system
US6061790A (en) 1996-11-20 2000-05-09 Starfish Software, Inc. Network computer system with remote user data encipher methodology
US6498861B1 (en) * 1996-12-04 2002-12-24 Activcard Ireland Limited Biometric security encryption system
US5991429A (en) 1996-12-06 1999-11-23 Coffin; Jeffrey S. Facial recognition system for security access and identification
GB9626241D0 (en) * 1996-12-18 1997-02-05 Ncr Int Inc Secure data processing method and system
US6052730A (en) 1997-01-10 2000-04-18 The Board Of Trustees Of The Leland Stanford Junior University Method for monitoring and/or modifying web browsing sessions
GB9705469D0 (en) 1997-03-17 1997-05-07 British Telecomm Re-usable database system
US6041411A (en) 1997-03-28 2000-03-21 Wyatt; Stuart Alan Method for defining and verifying user access rights to a computer information
US6108420A (en) * 1997-04-10 2000-08-22 Channelware Inc. Method and system for networked installation of uniquely customized, authenticable, and traceable software application
US6125192A (en) * 1997-04-21 2000-09-26 Digital Persona, Inc. Fingerprint recognition system
US6208746B1 (en) * 1997-05-09 2001-03-27 Gte Service Corporation Biometric watermarks
US5991408A (en) * 1997-05-16 1999-11-23 Veridicom, Inc. Identification and security using biometric measurements
US5963945A (en) 1997-06-05 1999-10-05 Microsoft Corporation Synchronization of a client and a server in a prefetching resource allocation system
US5968136A (en) * 1997-06-05 1999-10-19 Sun Microsystems, Inc. Apparatus and method for secure device addressing
US5917928A (en) * 1997-07-14 1999-06-29 Bes Systems, Inc. System and method for automatically verifying identity of a subject
US6016476A (en) 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US6144959A (en) 1997-08-18 2000-11-07 Novell, Inc. System and method for managing user accounts in a communication network
US6314197B1 (en) * 1997-08-22 2001-11-06 International Business Machines Corporation Determining an alignment estimation between two (fingerprint) images
US6151602A (en) 1997-11-07 2000-11-21 Inprise Corporation Database system with methods providing a platform-independent self-describing data packet for transmitting information
US6185316B1 (en) * 1997-11-12 2001-02-06 Unisys Corporation Self-authentication apparatus and method
US6362836B1 (en) * 1998-04-06 2002-03-26 The Santa Cruz Operation, Inc. Universal application server for providing applications on a variety of client devices in a client/server network
IL122230A (en) * 1997-11-17 2003-12-10 Milsys Ltd Biometric system and techniques suitable therefor
US6000033A (en) * 1997-11-26 1999-12-07 International Business Machines Corporation Password control via the web
US6038666A (en) * 1997-12-22 2000-03-14 Trw Inc. Remote identity verification technique using a personal identification device
JP3561630B2 (en) 1998-04-01 2004-09-02 スカンジナビアホーム株式会社 Building
US6160903A (en) * 1998-04-24 2000-12-12 Dew Engineering And Development Limited Method of providing secure user access
US6270011B1 (en) * 1998-05-28 2001-08-07 Benenson Tal Remote credit card authentication system
US6324310B1 (en) * 1998-06-02 2001-11-27 Digital Persona, Inc. Method and apparatus for scanning a fingerprint using a linear sensor
US6336114B1 (en) 1998-09-03 2002-01-01 Westcorp Software Systems, Inc. System and method for restricting access to a data table within a database
US20010011349A1 (en) 1998-09-03 2001-08-02 Greg B. Garrison System and method for encrypting a data session between a client and a server
JP2002526830A (en) 1998-09-28 2002-08-20 アーガス システムズ グループ,インク. Compartmentalized trust computer operating system
US6327652B1 (en) 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US6829712B1 (en) 1998-10-27 2004-12-07 Sprint Communications Company L.P. Object-based security system
US6460141B1 (en) 1998-10-28 2002-10-01 Rsa Security Inc. Security and access management system for web-enabled and non-web-enabled applications and content on a computer network
US6324691B1 (en) * 1998-11-12 2001-11-27 Hewlett-Packard Company Manufacture of software distribution media packages from components resident on a remote server source
US20020056043A1 (en) 1999-01-18 2002-05-09 Sensar, Inc. Method and apparatus for securely transmitting and authenticating biometric data over a network
US6256737B1 (en) 1999-03-09 2001-07-03 Bionetrix Systems Corporation System, method and computer program product for allowing access to enterprise resources using biometric devices
US6212640B1 (en) * 1999-03-25 2001-04-03 Sun Microsystems, Inc. Resources sharing on the internet via the HTTP
US7073063B2 (en) * 1999-03-27 2006-07-04 Microsoft Corporation Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like
US20020012432A1 (en) 1999-03-27 2002-01-31 Microsoft Corporation Secure video card in computing device having digital rights management (DRM) system
US6851051B1 (en) * 1999-04-12 2005-02-01 International Business Machines Corporation System and method for liveness authentication using an augmented challenge/response scheme
US6526443B1 (en) 1999-05-12 2003-02-25 Sandia Corporation Method and apparatus for managing transactions with connected computers
US6578142B1 (en) * 1999-06-18 2003-06-10 Phoenix Technologies, Ltd. Method and apparatus for automatically installing and configuring software on a computer
US6282711B1 (en) * 1999-08-10 2001-08-28 Hewlett-Packard Company Method for more efficiently installing software components from a remote server source
US7424543B2 (en) 1999-09-08 2008-09-09 Rice Iii James L System and method of permissive data flow and application transfer
GB9923802D0 (en) 1999-10-08 1999-12-08 Hewlett Packard Co User authentication
US6826696B1 (en) 1999-10-12 2004-11-30 Webmd, Inc. System and method for enabling single sign-on for networked applications
US6859878B1 (en) * 1999-10-28 2005-02-22 International Business Machines Corporation Universal userid and password management for internet connected devices
GB2372859B (en) 1999-12-01 2004-07-21 Amicus Software Pty Ltd Method and apparatus for network access
US6757824B1 (en) * 1999-12-10 2004-06-29 Microsoft Corporation Client-side boot domains and boot rules
US6735695B1 (en) * 1999-12-20 2004-05-11 International Business Machines Corporation Methods and apparatus for restricting access of a user using random partial biometrics
US6734886B1 (en) * 1999-12-21 2004-05-11 Personalpath Systems, Inc. Method of customizing a browsing experience on a world-wide-web site
US6823332B2 (en) 1999-12-23 2004-11-23 Larry L Russell Information storage and retrieval device
AU2001231143A1 (en) 2000-01-27 2001-08-07 Cytovia, Inc. Substituted nicotinamides and analogs as activators of caspases and inducers of apoptosis and the use thereof
CA2397647A1 (en) 2000-01-27 2001-08-02 Hummingbird Ltd. A method and system for implementing an enterprise information portal
US20020016853A1 (en) 2000-01-27 2002-02-07 Bryan Ressler Method and apparatus for transferring data between computing systems
US6952780B2 (en) 2000-01-28 2005-10-04 Safecom A/S System and method for ensuring secure transfer of a document from a client of a network to a printer
JP3743246B2 (en) * 2000-02-03 2006-02-08 日本電気株式会社 Biometric input device and biometric verification device
WO2001071525A1 (en) 2000-03-23 2001-09-27 Tingo Inc. System and method for managing user-specific data
US6799275B1 (en) * 2000-03-30 2004-09-28 Digital Persona, Inc. Method and apparatus for securing a secure processor
US7308718B1 (en) * 2000-05-09 2007-12-11 Neopost Technologies Technique for secure remote configuration of a system
WO2001086593A2 (en) 2000-05-09 2001-11-15 868970 Ontario Inc. Synchronized convergence platform
US6496595B1 (en) * 2000-05-19 2002-12-17 Nextgenid, Ltd. Distributed biometric access control apparatus and method
US7133792B2 (en) * 2000-06-08 2006-11-07 Ensign Holdings, Llc Method and apparatus for calibration over time of histological and physiological biometric markers for authentication
EP1168223A1 (en) 2000-06-27 2002-01-02 YYY Net Co. Ltd. Internet advertisement system
MY134895A (en) 2000-06-29 2007-12-31 Multimedia Glory Sdn Bhd Biometric verification for electronic transactions over the web
US7162649B1 (en) 2000-06-30 2007-01-09 Internet Security Systems, Inc. Method and apparatus for network assessment and authentication
WO2002010932A1 (en) * 2000-08-02 2002-02-07 Ipass, Inc. A method and system to customize and update a network connection application for distribution to mulitple end users
CA2316003C (en) 2000-08-14 2009-02-03 Ibm Canada Limited-Ibm Canada Limitee Accessing legacy applications from the internet
US20020062452A1 (en) 2000-08-18 2002-05-23 Warwick Ford Countering credentials copying
US6883098B1 (en) 2000-09-20 2005-04-19 International Business Machines Corporation Method and computer system for controlling access by applications to this and other computer systems
US20020042883A1 (en) 2000-10-04 2002-04-11 Soundvoice Limited Method and system for controlling access by clients to servers over an internet protocol network
WO2002035395A2 (en) 2000-10-27 2002-05-02 Entigen Corporation Integrating heterogeneous data and tools
KR20010025234A (en) 2000-11-09 2001-04-06 김진삼 A certification method of credit of a financing card based on fingerprint and a certification system thereof
WO2002059770A1 (en) 2000-12-18 2002-08-01 Cora Alisuag Computer oriented record administration system
US20020091937A1 (en) * 2001-01-10 2002-07-11 Ortiz Luis M. Random biometric authentication methods and systems
US6948066B2 (en) * 2001-01-17 2005-09-20 International Business Machines Corporation Technique for establishing provable chain of evidence
US20020124190A1 (en) * 2001-03-01 2002-09-05 Brian Siegel Method and system for restricted biometric access to content of packaged media
WO2002073413A2 (en) 2001-03-12 2002-09-19 Nice Systems Limited System and method for capturing, analyzing and recording screen events
US20040148509A1 (en) * 2001-03-23 2004-07-29 Yong Dong Wu Method of using biometric information for secret generation
US7231378B2 (en) 2001-04-26 2007-06-12 General Electric Company System and method for managing user profiles
US6738933B2 (en) 2001-05-09 2004-05-18 Mercury Interactive Corporation Root cause analysis of server system performance degradations
US7181488B2 (en) 2001-06-29 2007-02-20 Claria Corporation System, method and computer program product for presenting information to a user utilizing historical information about the user
WO2003017096A1 (en) 2001-08-14 2003-02-27 Humana Inc Web-based security with controlled access to data and resources
US7728870B2 (en) 2001-09-06 2010-06-01 Nice Systems Ltd Advanced quality management and recording solutions for walk-in environments
AU2002334356A1 (en) 2001-09-06 2003-03-18 Nice Systems Ltd. Recording of interactions between a customer and a sales person at a point of sales
US7376695B2 (en) 2002-03-14 2008-05-20 Citrix Systems, Inc. Method and system for generating a graphical display for a remote terminal session
US20050021975A1 (en) 2003-06-16 2005-01-27 Gouping Liu Proxy based adaptive two factor authentication having automated enrollment
US7502797B2 (en) 2003-10-15 2009-03-10 Ascentive, Llc Supervising monitoring and controlling activities performed on a client device

Patent Citations (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6212290B1 (en) * 1989-11-02 2001-04-03 Tms, Inc. Non-minutiae automatic fingerprint identification system and methods
US5499297A (en) * 1992-04-17 1996-03-12 Secure Computing Corporation System and method for trusted path communications
US6289111B1 (en) * 1992-10-27 2001-09-11 Jasper Consulting, Inc. Modifying a database using an identification form
US5613012A (en) * 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system
US5838812A (en) * 1994-11-28 1998-11-17 Smarttouch, Llc Tokenless biometric transaction authorization system
US5999637A (en) * 1995-09-28 1999-12-07 Hamamatsu Photonics K.K. Individual identification apparatus for selectively recording a reference pattern based on a correlation with comparative patterns
US5857028A (en) * 1996-01-11 1999-01-05 Frieling; Edward Computer access control by finger anatomy and comprehension testing
US5841888A (en) * 1996-01-23 1998-11-24 Harris Corporation Method for fingerprint indexing and searching
US6021211A (en) * 1996-01-23 2000-02-01 Authentec, Inc. Method and related apparatus for fingerprint indexing and searching
US6181807B1 (en) * 1996-01-23 2001-01-30 Authentec, Inc. Methods and related apparatus for fingerprint indexing and searching
US5892838A (en) * 1996-06-11 1999-04-06 Minnesota Mining And Manufacturing Company Biometric recognition using a classification neural network
US6035403A (en) * 1996-09-11 2000-03-07 Hush, Inc. Biometric based method for software distribution
US6076167A (en) * 1996-12-04 2000-06-13 Dew Engineering And Development Limited Method and system for improving security in network applications
US6178505B1 (en) * 1997-03-10 2001-01-23 Internet Dynamics, Inc. Secure delivery of information in a network
US5982913A (en) * 1997-03-25 1999-11-09 The United States Of America As Represented By The National Security Agency Method of verification using a subset of claimant's fingerprint
US20020024419A1 (en) * 1997-04-16 2002-02-28 Dunn Christopher S. Method of detecting authorised biometric information sensor
US6301376B1 (en) * 1997-05-07 2001-10-09 Georgi H. Draganoff Segmented sliding yardsticks error tolerant fingerprint enrollment and verification system and method
US6018739A (en) * 1997-05-15 2000-01-25 Raytheon Company Biometric personnel identification system
US6182076B1 (en) * 1997-06-09 2001-01-30 Philips Electronics North America Corporation Web-based, biometric authetication system and method
US5930804A (en) * 1997-06-09 1999-07-27 Philips Electronics North America Corporation Web-based biometric authentication system and method
US20030046589A1 (en) * 1997-06-11 2003-03-06 Gregg Richard L. System and method for securing transactions and computer resources with an untrusted network
US5966705A (en) * 1997-06-30 1999-10-12 Microsoft Corporation Tracking a user across both secure and non-secure areas on the Internet, wherein the users is initially tracked using a globally unique identifier
US5982914A (en) * 1997-07-29 1999-11-09 Smarttouch, Inc. Identification of individuals from association of finger pores and macrofeatures
US6334124B1 (en) * 1997-10-06 2001-12-25 Ventro Corporation Techniques for improving index searches in a client-server environment
US6070159A (en) * 1997-12-05 2000-05-30 Authentec, Inc. Method and apparatus for expandable biometric searching
US6047282A (en) * 1997-12-05 2000-04-04 Authentec, Inc. Apparatus and method for expandable biometric searching
US6047281A (en) * 1997-12-05 2000-04-04 Authentec, Inc. Method and apparatus for expandable biometric searching
US6023723A (en) * 1997-12-22 2000-02-08 Accepted Marketing, Inc. Method and system for filtering unwanted junk e-mail utilizing a plurality of filtering mechanisms
US20020184509A1 (en) * 1998-02-13 2002-12-05 Scheidt Edward M. Multiple factor-based user identification and authentication
US6167517A (en) * 1998-04-09 2000-12-26 Oracle Corporation Trusted biometric client authentication
US20010036299A1 (en) * 1998-05-15 2001-11-01 Andrew William Senior Combined fingerprint acquisition and control device
US6292795B1 (en) * 1998-05-30 2001-09-18 International Business Machines Corporation Indexed file system and a method and a mechanism for accessing data records from such a system
US6438690B1 (en) * 1998-06-04 2002-08-20 International Business Machines Corp. Vault controller based registration application serving web based registration authorities and end users for conducting electronic commerce in secure end-to-end distributed information system
US6751733B1 (en) * 1998-09-11 2004-06-15 Mitsubishi Denki Kabushiki Kaisha Remote authentication system
US6338066B1 (en) * 1998-09-25 2002-01-08 International Business Machines Corporation Surfaid predictor: web-based system for predicting surfer behavior
US20010000045A1 (en) * 1998-12-09 2001-03-15 Yuan-Pin Yu Web-based, biometric authentication system and method
US6317834B1 (en) * 1999-01-29 2001-11-13 International Business Machines Corporation Biometric authentication system with encrypted models
US6651168B1 (en) * 1999-01-29 2003-11-18 International Business Machines, Corp. Authentication framework for multiple authentication processes and mechanisms
US6202159B1 (en) * 1999-06-30 2001-03-13 International Business Machines Corporation Vault controller dispatcher and methods of operation for handling interaction between browser sessions and vault processes in electronic business systems
US6691232B1 (en) * 1999-08-05 2004-02-10 Sun Microsystems, Inc. Security architecture with environment sensitive credential sufficiency evaluation
US6728884B1 (en) * 1999-10-01 2004-04-27 Entrust, Inc. Integrating heterogeneous authentication and authorization mechanisms into an application access control system
US6393424B1 (en) * 1999-12-29 2002-05-21 Networks Associates, Inc. Method and apparatus for using a static metadata object to reduce database accesses
US20010034836A1 (en) * 2000-01-31 2001-10-25 Netmarks Inc. System for secure certification of network
US6711682B1 (en) * 2000-02-09 2004-03-23 Microsoft Corporation Online service registration system and method
US6678821B1 (en) * 2000-03-23 2004-01-13 E-Witness Inc. Method and system for restricting access to the private key of a user in a public key infrastructure
US7246243B2 (en) * 2000-05-16 2007-07-17 Nec Corporation Identification system and method for authenticating user transaction requests from end terminals
US7024562B1 (en) * 2000-06-29 2006-04-04 Optisec Technologies Ltd. Method for carrying out secure digital signature and a system therefor
US20020038426A1 (en) * 2000-09-28 2002-03-28 Marcus Pettersson Method and a system for improving logon security in network applications
US20020055912A1 (en) * 2000-10-20 2002-05-09 Byron Buck Network and method for facilitating on-line privacy
US20020066040A1 (en) * 2000-11-30 2002-05-30 Roman Rozenberg Secure computerized network access system and method
US20020101857A1 (en) * 2001-01-31 2002-08-01 Tantivy Communications, Inc. Achieving PPP mobility via the mobile IP infrastructure
US20030105966A1 (en) * 2001-05-02 2003-06-05 Eric Pu Authentication server using multiple metrics for identity verification

Cited By (192)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003025718A2 (en) * 2001-09-18 2003-03-27 Data Treasury Corportion Private secure information repository with biometric authentication
WO2003025718A3 (en) * 2001-09-18 2004-06-24 Data Treasury Corportion Private secure information repository with biometric authentication
US20030177369A1 (en) * 2002-03-04 2003-09-18 Sony Corporation Data file processing apparatus, remote control apparatus for data file processing apparatus and control method for data file processing apparatus
US7457966B2 (en) * 2002-03-04 2008-11-25 Sony Corporation Data file processing apparatus, remote control apparatus for data file processing apparatus and control method for data file processing apparatus
US20030220095A1 (en) * 2002-05-24 2003-11-27 At&T Wireless Services, Inc. Biometric authentication of a wireless device user
US7263347B2 (en) * 2002-05-24 2007-08-28 Cingular Wireless Ii, Llc Biometric authentication of a wireless device user
US20040003139A1 (en) * 2002-06-28 2004-01-01 Microsoft Corporation Secure server plug-in architecture for digital rights management systems
US7631318B2 (en) * 2002-06-28 2009-12-08 Microsoft Corporation Secure server plug-in architecture for digital rights management systems
US20040128520A1 (en) * 2002-07-25 2004-07-01 Bio-Key International, Inc. Trusted biometric device
US7502938B2 (en) * 2002-07-25 2009-03-10 Bio-Key International, Inc. Trusted biometric device
US8055906B2 (en) 2002-08-06 2011-11-08 Privaris, Inc. Methods for secure restoration of personal identity credentials into electronic devices
US9270464B2 (en) 2002-08-06 2016-02-23 Apple Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US8826031B2 (en) 2002-08-06 2014-09-02 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US9716698B2 (en) 2002-08-06 2017-07-25 Apple Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US8478992B2 (en) 2002-08-06 2013-07-02 Privaris, Inc. Methods for secure restoration of personal identity credentials into electronic devices
US8407480B2 (en) 2002-08-06 2013-03-26 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US8127143B2 (en) 2002-08-06 2012-02-28 Privaris, Inc. Methods for secure enrollment of personal identity credentials into electronic devices
US9979709B2 (en) 2002-08-06 2018-05-22 Apple Inc. Methods for secure restoration of personal identity credentials into electronic devices
US7590861B2 (en) * 2002-08-06 2009-09-15 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US8001372B2 (en) 2002-08-06 2011-08-16 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US7788501B2 (en) 2002-08-06 2010-08-31 Privaris, Inc. Methods for secure backup of personal identity credentials into electronic devices
US9160537B2 (en) 2002-08-06 2015-10-13 Apple Inc. Methods for secure restoration of personal identity credentials into electronic devices
US20040221165A1 (en) * 2003-02-25 2004-11-04 Thomas Birkhoelzer Method for signing data
US10237420B1 (en) * 2003-03-07 2019-03-19 Wai Wu Method and system for matching entities in an auction
US8784314B2 (en) * 2003-10-08 2014-07-22 GE Medical Sytems Global Technology Company LLC Biometrically enabled imaging system
US20050080326A1 (en) * 2003-10-08 2005-04-14 Mathew Prakash Parayil Biometrically enabled imaging system
EP1564619A1 (en) * 2003-12-17 2005-08-17 Bouygues Telecom Biometric access control using a mobile telephone terminal
US20050138394A1 (en) * 2003-12-17 2005-06-23 Ian Poinsenet Biometric access control using a mobile telephone terminal
FR2864289A1 (en) * 2003-12-17 2005-06-24 Bouygues Telecom Sa Resource access controlling method, involves notifying comparison of biometric data and biometric references of user, to access terminal, by server that communicates simultaneously with terminal and access terminal
US20050251856A1 (en) * 2004-03-11 2005-11-10 Aep Networks Network access using multiple authentication realms
US8082154B2 (en) 2004-07-30 2011-12-20 At&T Intellectual Property I, L.P. Centralized biometric authentication
EP1779377A2 (en) * 2004-07-30 2007-05-02 SBC Knowledge Ventures L.P. Centralized biometric authentication
US8626513B2 (en) 2004-07-30 2014-01-07 At&T Intellectual Property I, L.P. Centralized biometric authentication
EP1779377A4 (en) * 2004-07-30 2008-09-10 Sbc Knowledge Ventures G P Centralized biometric authentication
US20080071545A1 (en) * 2004-07-30 2008-03-20 At&T Knowledge Ventures, L.P. Centralized biometric authentication
US20080275819A1 (en) * 2004-10-15 2008-11-06 Paul Rifai System and Method for Transaction Payment in Multiple Languages and Currencies
US20060206722A1 (en) * 2004-12-06 2006-09-14 Zhang George Z Method and apparatus for networked biometric authentication
US20090217366A1 (en) * 2005-05-16 2009-08-27 Lenovo (Beijing) Limited Method For Implementing Unified Authentication
US8776201B2 (en) * 2005-05-16 2014-07-08 Lenovo (Beijing) Limited Method for implementing unified authentication
US20060271791A1 (en) * 2005-05-27 2006-11-30 Sbc Knowledge Ventures, L.P. Method and system for biometric based access control of media content presentation devices
USRE49334E1 (en) 2005-10-04 2022-12-13 Hoffberg Family Trust 2 Multifactorial optimization system and method
US20070143225A1 (en) * 2005-12-15 2007-06-21 Hamilton Andrew R Method and system for authorizing automated teller machine access
US20070165911A1 (en) * 2005-12-23 2007-07-19 International Business Machines Corporation Method and system for biometric authentication
US7844082B2 (en) * 2005-12-23 2010-11-30 International Business Machines Corporation Method and system for biometric authentication
US20080263361A1 (en) * 2007-04-20 2008-10-23 Microsoft Corporation Cryptographically strong key derivation using password, audio-visual and mental means
US20090003588A1 (en) * 2007-06-26 2009-01-01 John Gordon Ross Counter Sealing Archives of Electronic Seals
US20090006842A1 (en) * 2007-06-26 2009-01-01 John Gordon Ross Sealing Electronic Data Associated With Multiple Electronic Documents
US20090006258A1 (en) * 2007-06-26 2009-01-01 John Gordon Ross Registration Process
US20090006860A1 (en) * 2007-06-26 2009-01-01 John Gordon Ross Generating multiple seals for electronic data
US8281145B2 (en) * 2007-12-14 2012-10-02 Mehran Randall Rasti Doing business without SSN, EIN, and charge card numbers
US20090158030A1 (en) * 2007-12-14 2009-06-18 Mehran Randall Rasti Doing business without SSN, EIN, and charge card numbers
US20100031316A1 (en) * 2008-07-30 2010-02-04 International Business Machines Corporation System access log monitoring and reporting system
US8989705B1 (en) 2009-06-18 2015-03-24 Sprint Communications Company L.P. Secure placement of centralized media controller application in mobile access terminal
US20130031180A1 (en) * 2010-04-16 2013-01-31 Nokia Siemens Networks Oy Virtual identities
US20120123821A1 (en) * 2010-11-16 2012-05-17 Raytheon Company System and Method for Risk Assessment of an Asserted Identity
US8683562B2 (en) 2011-02-03 2014-03-25 Imprivata, Inc. Secure authentication using one-time passwords
US10616233B1 (en) * 2011-09-12 2020-04-07 CSC Holdings, LLC Method for securely linking hospital patients to their service provider accounts
US9832023B2 (en) 2011-10-31 2017-11-28 Biobex, Llc Verification of authenticity and responsiveness of biometric evidence and/or other evidence
US9846769B1 (en) * 2011-11-23 2017-12-19 Crimson Corporation Identifying a remote identity request via a biometric device
US9673981B1 (en) * 2011-11-30 2017-06-06 Biobex, Llc Verification of authenticity and responsiveness of biometric evidence and/or other evidence
US9455836B1 (en) * 2011-11-30 2016-09-27 Biobex, Llc Verification of authenticity and responsiveness of biometric evidence and/or other evidence
US8712407B1 (en) 2012-04-05 2014-04-29 Sprint Communications Company L.P. Multiple secure elements in mobile electronic device with near field communication capability
US10043264B2 (en) 2012-04-19 2018-08-07 Applied Materials Israel Ltd. Integration of automatic and manual defect classification
US9715723B2 (en) * 2012-04-19 2017-07-25 Applied Materials Israel Ltd Optimization of unknown defect rejection for automatic defect classification
US20130279795A1 (en) * 2012-04-19 2013-10-24 Applied Materials Israel Ltd. Optimization of unknown defect rejection for automatic defect classification
US9607233B2 (en) 2012-04-20 2017-03-28 Applied Materials Israel Ltd. Classifier readiness and maintenance in automatic defect classification
US9906958B2 (en) 2012-05-11 2018-02-27 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US9027102B2 (en) 2012-05-11 2015-05-05 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US8862181B1 (en) 2012-05-29 2014-10-14 Sprint Communications Company L.P. Electronic purchase transaction trust infrastructure
WO2014004590A2 (en) * 2012-06-25 2014-01-03 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
WO2014004590A3 (en) * 2012-06-25 2014-04-03 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US10154019B2 (en) 2012-06-25 2018-12-11 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9282898B2 (en) 2012-06-25 2016-03-15 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9066230B1 (en) 2012-06-27 2015-06-23 Sprint Communications Company L.P. Trusted policy and charging enforcement function
US9210576B1 (en) 2012-07-02 2015-12-08 Sprint Communications Company L.P. Extended trusted security zone radio modem
US9268959B2 (en) 2012-07-24 2016-02-23 Sprint Communications Company L.P. Trusted security zone access to peripheral devices
US8863252B1 (en) 2012-07-25 2014-10-14 Sprint Communications Company L.P. Trusted access to third party applications systems and methods
US9183412B2 (en) 2012-08-10 2015-11-10 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9811672B2 (en) 2012-08-10 2017-11-07 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9384498B1 (en) 2012-08-25 2016-07-05 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
US8954588B1 (en) 2012-08-25 2015-02-10 Sprint Communications Company L.P. Reservations in real-time brokering of digital content delivery
US9015068B1 (en) 2012-08-25 2015-04-21 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
US9215180B1 (en) 2012-08-25 2015-12-15 Sprint Communications Company L.P. File retrieval in real-time brokering of digital content
US8752140B1 (en) 2012-09-11 2014-06-10 Sprint Communications Company L.P. System and methods for trusted internet domain networking
US9578664B1 (en) 2013-02-07 2017-02-21 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9769854B1 (en) 2013-02-07 2017-09-19 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9161227B1 (en) 2013-02-07 2015-10-13 Sprint Communications Company L.P. Trusted signaling in long term evolution (LTE) 4G wireless communication
US9104840B1 (en) 2013-03-05 2015-08-11 Sprint Communications Company L.P. Trusted security zone watermark
US8881977B1 (en) 2013-03-13 2014-11-11 Sprint Communications Company L.P. Point-of-sale and automated teller machine transactions using trusted mobile access device
US9613208B1 (en) 2013-03-13 2017-04-04 Sprint Communications Company L.P. Trusted security zone enhanced with trusted hardware drivers
US9049186B1 (en) 2013-03-14 2015-06-02 Sprint Communications Company L.P. Trusted security zone re-provisioning and re-use capability for refurbished mobile devices
US9049013B2 (en) 2013-03-14 2015-06-02 Sprint Communications Company L.P. Trusted security zone containers for the protection and confidentiality of trusted service manager data
US9021585B1 (en) 2013-03-15 2015-04-28 Sprint Communications Company L.P. JTAG fuse vulnerability determination and protection using a trusted execution environment
US8984592B1 (en) 2013-03-15 2015-03-17 Sprint Communications Company L.P. Enablement of a trusted security zone authentication for remote mobile device management systems and methods
US9374363B1 (en) 2013-03-15 2016-06-21 Sprint Communications Company L.P. Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device
US9191388B1 (en) 2013-03-15 2015-11-17 Sprint Communications Company L.P. Trusted security zone communication addressing on an electronic device
US10176310B2 (en) 2013-03-22 2019-01-08 Nok Nok Labs, Inc. System and method for privacy-enhanced data synchronization
US11929997B2 (en) 2013-03-22 2024-03-12 Nok Nok Labs, Inc. Advanced authentication techniques and applications
US9898596B2 (en) 2013-03-22 2018-02-20 Nok Nok Labs, Inc. System and method for eye tracking during authentication
US9367676B2 (en) 2013-03-22 2016-06-14 Nok Nok Labs, Inc. System and method for confirming location using supplemental sensor and/or location data
US20140289790A1 (en) * 2013-03-22 2014-09-25 Brendon Wilson System and method for adaptive application of authentication policies
US10706132B2 (en) 2013-03-22 2020-07-07 Nok Nok Labs, Inc. System and method for adaptive user authentication
US10366218B2 (en) 2013-03-22 2019-07-30 Nok Nok Labs, Inc. System and method for collecting and utilizing client data for risk assessment during authentication
US10270748B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. Advanced authentication techniques and applications
US10282533B2 (en) 2013-03-22 2019-05-07 Nok Nok Labs, Inc. System and method for eye tracking during authentication
US10762181B2 (en) 2013-03-22 2020-09-01 Nok Nok Labs, Inc. System and method for user confirmation of online transactions
US10776464B2 (en) * 2013-03-22 2020-09-15 Nok Nok Labs, Inc. System and method for adaptive application of authentication policies
US10268811B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. System and method for delegating trust to a new authenticator
US9454723B1 (en) 2013-04-04 2016-09-27 Sprint Communications Company L.P. Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device
US9324016B1 (en) 2013-04-04 2016-04-26 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9171243B1 (en) 2013-04-04 2015-10-27 Sprint Communications Company L.P. System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device
US9712999B1 (en) 2013-04-04 2017-07-18 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9838869B1 (en) 2013-04-10 2017-12-05 Sprint Communications Company L.P. Delivering digital content to a mobile device via a digital rights clearing house
US9443088B1 (en) 2013-04-15 2016-09-13 Sprint Communications Company L.P. Protection for multimedia files pre-downloaded to a mobile device
US9760785B2 (en) 2013-05-08 2017-09-12 Jpmorgan Chase Bank, N.A. Systems and methods for high fidelity multi-modal out-of-band biometric authentication
US11023754B2 (en) 2013-05-08 2021-06-01 Jpmorgan Chase Bank, N.A. Systems and methods for high fidelity multi-modal out-of-band biometric authentication
US9721175B2 (en) * 2013-05-08 2017-08-01 Jpmorgan Chase Bank, N.A. Systems and methods for high fidelity multi-modal out-of-band biometric authentication through vector-based multi-profile storage
US10628571B2 (en) 2013-05-08 2020-04-21 Jpmorgan Chase Bank, N.A. Systems and methods for high fidelity multi-modal out-of-band biometric authentication with human cross-checking
US10235508B2 (en) 2013-05-08 2019-03-19 Jpmorgan Chase Bank, N.A. Systems and methods for high fidelity multi-modal out-of-band biometric authentication with human cross-checking
US20140333414A1 (en) * 2013-05-08 2014-11-13 Jpmorgan Chase Bank, N.A. Systems And Methods For High Fidelity Multi-Modal Out-Of-Band Biometric Authentication Through Vector-Based Multi-Profile Storage
US10303964B1 (en) 2013-05-08 2019-05-28 Jpmorgan Chase Bank, N.A. Systems and methods for high fidelity multi-modal out-of-band biometric authentication through vector-based multi-profile storage
US9069952B1 (en) 2013-05-20 2015-06-30 Sprint Communications Company L.P. Method for enabling hardware assisted operating system region for safe execution of untrusted code using trusted transitional memory
US9961077B2 (en) 2013-05-30 2018-05-01 Nok Nok Labs, Inc. System and method for biometric authentication with device attestation
US9560519B1 (en) 2013-06-06 2017-01-31 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9949304B1 (en) 2013-06-06 2018-04-17 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9183606B1 (en) 2013-07-10 2015-11-10 Sprint Communications Company L.P. Trusted processing location within a graphics processing unit
US10901402B2 (en) 2013-07-22 2021-01-26 Applied Materials Israel, Ltd. Closed-loop automatic defect inspection and classification
US10114368B2 (en) 2013-07-22 2018-10-30 Applied Materials Israel Ltd. Closed-loop automatic defect inspection and classification
US10389673B2 (en) 2013-08-01 2019-08-20 Jp Morgan Chase Bank, N.A. Systems and methods for electronic message prioritization
US9923855B2 (en) 2013-08-01 2018-03-20 Jpmorgan Chase Bank, N.A. Systems and methods for electronic message prioritization
US10511560B2 (en) 2013-08-01 2019-12-17 Jpmorgan Chase Bank, N.A. Systems and methods for electronic message prioritization
US9892576B2 (en) 2013-08-02 2018-02-13 Jpmorgan Chase Bank, N.A. Biometrics identification module and personal wearable electronics network based authentication and transaction processing
US9208339B1 (en) 2013-08-12 2015-12-08 Sprint Communications Company L.P. Verifying Applications in Virtual Environments Using a Trusted Security Zone
US9887983B2 (en) 2013-10-29 2018-02-06 Nok Nok Labs, Inc. Apparatus and method for implementing composite authenticators
US10798087B2 (en) 2013-10-29 2020-10-06 Nok Nok Labs, Inc. Apparatus and method for implementing composite authenticators
US9185626B1 (en) 2013-10-29 2015-11-10 Sprint Communications Company L.P. Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning
US9191522B1 (en) 2013-11-08 2015-11-17 Sprint Communications Company L.P. Billing varied service based on tier
US9161325B1 (en) 2013-11-20 2015-10-13 Sprint Communications Company L.P. Subscriber identity module virtualization
US10536454B2 (en) 2013-12-31 2020-01-14 Veridium Ip Limited System and method for biometric protocol standards
US9118655B1 (en) 2014-01-24 2015-08-25 Sprint Communications Company L.P. Trusted display and transmission of digital ticket documentation
US10068077B2 (en) * 2014-02-11 2018-09-04 Tyco Fire & Security Gmbh False alarm avoidance
US20150227734A1 (en) * 2014-02-11 2015-08-13 Tyco International Method and Apparatus For Authenticating Security System Users and Unlocking Selected Feature Sets
US9369474B2 (en) * 2014-03-27 2016-06-14 Adobe Systems Incorporated Analytics data validation
US9226145B1 (en) 2014-03-28 2015-12-29 Sprint Communications Company L.P. Verification of mobile device integrity during activation
US10326761B2 (en) 2014-05-02 2019-06-18 Nok Nok Labs, Inc. Web-based user authentication techniques and applications
US9577999B1 (en) 2014-05-02 2017-02-21 Nok Nok Labs, Inc. Enhanced security for registration of authentication devices
US9654469B1 (en) 2014-05-02 2017-05-16 Nok Nok Labs, Inc. Web-based user authentication techniques and applications
US9230085B1 (en) 2014-07-29 2016-01-05 Sprint Communications Company L.P. Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
US9875347B2 (en) 2014-07-31 2018-01-23 Nok Nok Labs, Inc. System and method for performing authentication using data analytics
US10148630B2 (en) 2014-07-31 2018-12-04 Nok Nok Labs, Inc. System and method for implementing a hosted authentication service
US9455979B2 (en) 2014-07-31 2016-09-27 Nok Nok Labs, Inc. System and method for establishing trust using secure transmission protocols
US9749131B2 (en) 2014-07-31 2017-08-29 Nok Nok Labs, Inc. System and method for implementing a one-time-password using asymmetric cryptography
US9838388B2 (en) 2014-08-26 2017-12-05 Veridium Ip Limited System and method for biometric protocol standards
US9736154B2 (en) 2014-09-16 2017-08-15 Nok Nok Labs, Inc. System and method for integrating an authentication service within a network architecture
WO2016077032A1 (en) * 2014-10-16 2016-05-19 Andreeva Aneta Biometric authentication systems, methods, and media
US10718031B1 (en) * 2014-11-03 2020-07-21 Wai Wu Method and system for matching entities in an auction
KR101743193B1 (en) 2014-12-27 2017-06-02 시아오미 아이엔씨. Method, device, program and recording medium for transferring resources
RU2629447C2 (en) * 2014-12-27 2017-08-29 Сяоми Инк. Method and device for resource transfer
EP3038317A1 (en) * 2014-12-27 2016-06-29 Xiaomi Inc. User authentication for resource transfer based on mapping of physiological characteristics
US9779232B1 (en) 2015-01-14 2017-10-03 Sprint Communications Company L.P. Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
US9838868B1 (en) 2015-01-26 2017-12-05 Sprint Communications Company L.P. Mated universal serial bus (USB) wireless dongles configured with destination addresses
US9875425B2 (en) * 2015-03-30 2018-01-23 Omron Corporation Individual identification device, and identification threshold setting method
US20160292536A1 (en) * 2015-03-30 2016-10-06 Omron Corporation Individual identification device, and identification threshold setting method
US9473945B1 (en) 2015-04-07 2016-10-18 Sprint Communications Company L.P. Infrastructure for secure short message transmission
US10868672B1 (en) 2015-06-05 2020-12-15 Apple Inc. Establishing and verifying identity using biometrics while protecting user privacy
US11140171B1 (en) 2015-06-05 2021-10-05 Apple Inc. Establishing and verifying identity using action sequences while protecting user privacy
AU2016311166B2 (en) * 2015-08-21 2022-03-03 Veridium Ip Limited System and method for biometric protocol standards
US11329980B2 (en) * 2015-08-21 2022-05-10 Veridium Ip Limited System and method for biometric protocol standards
CN108475309A (en) * 2015-08-21 2018-08-31 维尔蒂姆知识产权有限公司 System and method for biological characteristic consensus standard
WO2017035085A1 (en) * 2015-08-21 2017-03-02 Veridium Ip Limited System and method for biometric protocol standards
US9819679B1 (en) 2015-09-14 2017-11-14 Sprint Communications Company L.P. Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
US10282719B1 (en) 2015-11-12 2019-05-07 Sprint Communications Company L.P. Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
US10311246B1 (en) 2015-11-20 2019-06-04 Sprint Communications Company L.P. System and method for secure USIM wireless network access
US9817992B1 (en) 2015-11-20 2017-11-14 Sprint Communications Company Lp. System and method for secure USIM wireless network access
US10769635B2 (en) 2016-08-05 2020-09-08 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
US10637853B2 (en) 2016-08-05 2020-04-28 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
US10630679B2 (en) * 2016-11-02 2020-04-21 Ca, Inc. Methods providing authentication during a session using image data and related devices and computer program products
US10091195B2 (en) 2016-12-31 2018-10-02 Nok Nok Labs, Inc. System and method for bootstrapping a user binding
US10237070B2 (en) 2016-12-31 2019-03-19 Nok Nok Labs, Inc. System and method for sharing keys across authenticators
CN110678863A (en) * 2017-03-03 2020-01-10 尤金尼奥.小伊尼翁 Access control method, system, device, terminal and computer program product using multi-mode authenticity determination
CN107358693A (en) * 2017-07-04 2017-11-17 安徽工程大学 A kind of smart lock and method for unlocking
US10499249B1 (en) 2017-07-11 2019-12-03 Sprint Communications Company L.P. Data link layer trust signaling in communication network
US11868995B2 (en) 2017-11-27 2024-01-09 Nok Nok Labs, Inc. Extending a secure key storage for transaction confirmation and cryptocurrency
US11831409B2 (en) 2018-01-12 2023-11-28 Nok Nok Labs, Inc. System and method for binding verifiable claims
US11282186B2 (en) 2018-01-25 2022-03-22 International Business Machines Corporation Anomaly detection using image-based physical characterization
US10664966B2 (en) * 2018-01-25 2020-05-26 International Business Machines Corporation Anomaly detection using image-based physical characterization
US20190228519A1 (en) * 2018-01-25 2019-07-25 International Business Machines Corporation Anomaly detection using image-based physical characterization
US20200334344A1 (en) * 2018-12-11 2020-10-22 Steven R. Schwartz Modern authentication
EP3857414A4 (en) * 2019-02-14 2021-12-29 Samsung Electronics Co., Ltd. Electronic device and control method thereof
US11582041B2 (en) 2019-02-14 2023-02-14 Samsung Electronics Co., Ltd. Electronic device and control method thereof
US11792024B2 (en) 2019-03-29 2023-10-17 Nok Nok Labs, Inc. System and method for efficient challenge-response authentication
US11876798B2 (en) * 2019-05-20 2024-01-16 Citrix Systems, Inc. Virtual delivery appliance and system with remote authentication and related methods

Also Published As

Publication number Publication date
AU2002339746A1 (en) 2002-12-03
AU2002259229A1 (en) 2002-12-03
US20080034219A1 (en) 2008-02-07
US20020174346A1 (en) 2002-11-21
US8220063B2 (en) 2012-07-10
WO2002095552A2 (en) 2002-11-28
US20090228968A1 (en) 2009-09-10
US20090100270A1 (en) 2009-04-16
US20020174348A1 (en) 2002-11-21
WO2002095552A3 (en) 2004-04-29
US7356705B2 (en) 2008-04-08
WO2002095554A3 (en) 2004-05-21
US20020174347A1 (en) 2002-11-21
WO2002095553A3 (en) 2003-11-06
US7398549B2 (en) 2008-07-08
WO2002095554A2 (en) 2002-11-28
WO2002095553A2 (en) 2002-11-28
AU2002316137A1 (en) 2002-12-03

Similar Documents

Publication Publication Date Title
US20020174344A1 (en) System and method for authentication using biometrics
US20220052852A1 (en) Secure biometric authentication using electronic identity
US10810290B2 (en) Robust method and an apparatus for authenticating a client in non-face-to-face online interactions based on a combination of live biometrics, biographical data, blockchain transactions and signed digital certificates
JP7421766B2 (en) Public key/private key biometric authentication system
US9544308B2 (en) Compliant authentication based on dynamically-updated credentials
US6851051B1 (en) System and method for liveness authentication using an augmented challenge/response scheme
US6202151B1 (en) System and method for authenticating electronic transactions using biometric certificates
US20160219046A1 (en) System and method for multi-modal biometric identity verification
US7519558B2 (en) Biometrically enabled private secure information repository
US8239685B2 (en) Biometric authentication method
US20070061590A1 (en) Secure biometric authentication system
US20100310070A1 (en) Generation and Use of a Biometric Key
US20030115475A1 (en) Biometrically enhanced digital certificates and system and method for making and using
US20080313707A1 (en) Token-based system and method for secure authentication to a service provider
US20030217276A1 (en) Match template protection within biometric security systems
WO2003007527A2 (en) Biometrically enhanced digital certificates and system and method for making and using
CN103679436A (en) Electronic contract security system and method based on biological information identification
JP2004537103A (en) Application specific biometric templates
KR20220123657A (en) Privacy biometric authentication
US6611916B1 (en) Method of authenticating membership for providing access to a secure environment by authenticating membership to an associated secure environment
KR102645248B1 (en) Integrated authentication system for distributed identity platforms
Nguyen et al. An approach to protect private key using fingerprint biometric encryption key in BioPKI based security system
WO2007036825A1 (en) Fingerprint matching
Mehta et al. On Aadhaar Identity Management System
CN117061235A (en) Identity authentication method, system, equipment and computer readable storage medium

Legal Events

Date Code Title Description
AS Assignment

Owner name: IMPRIVATA, INC., MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TING, DAVID M. T.;REEL/FRAME:013152/0490

Effective date: 20020523

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION