Biometric-based system and method for enabling authentication of electronic messages sent over a network
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/00
H04N-007/16
출원번호
UP-0344162
(2001-09-05)
등록번호
US-7689832
(2010-04-23)
국제출원번호
PCT/US2001/027381
(2001-09-05)
§371/§102 date
20030210
(20030210)
국제공개번호
WO02/023796
(2002-03-21)
발명자
/ 주소
Talmor, Eli
Talmor, Rita
Talmor, Alon
출원인 / 주소
SentryCom Ltd.
인용정보
피인용 횟수 :
71인용 특허 :
17
초록▼
A network based mechanism for real time verification and authentication of data and user identities. The present invention enables a method whereby biometric elements, such as voice prints, are utilized to enhance the Public Key Infrastructure as a means to decrypt data and verify data authenticity,
A network based mechanism for real time verification and authentication of data and user identities. The present invention enables a method whereby biometric elements, such as voice prints, are utilized to enhance the Public Key Infrastructure as a means to decrypt data and verify data authenticity, such that the user's private key is authenticated remotely on a one-time basis. The present invention comprises an authentication server (25) with various software modules that enable authentication of user identity, secure user access to data, digital signatures, secure messaging and secure online transactions.
대표청구항▼
What is claimed is: 1. A system for data and user authentication using biometric means, to verify to a third party that a document purporting to be from a first party is an unaltered version of a document issued by said first party, the system comprising: a) at least one network enabled client devi
What is claimed is: 1. A system for data and user authentication using biometric means, to verify to a third party that a document purporting to be from a first party is an unaltered version of a document issued by said first party, the system comprising: a) at least one network enabled client device for sending data to a network; b) at least one biometric data input mechanism on said client device for capturing biometric data, said data input mechanism further being configured to digitally bind said captured biometric data at said client device to a document, said digital binding comprising encrypting said document using a session key generated from said biometric data, said session key being retained for subsequent decryption of said document therefrom at an instigation of said third party; and c) an authentication server configured with storage for storing said session key, said storage making said session key available for said instigation by said third party, and enabling remote data and user authentication at said authentication server side and further configured to pass a token to said client device if said user authentication is successful, said token to enable generation of said binding in association with said authentication, said binding thereby verifying the document in a current version as coming from said first party, and reversing said binding using said session key thereby verifying to said third party that a document obtained thereby is said current version from said first party, said first party identification thereby comprising biometric identification. 2. The system of claim 1, wherein said authentication server further comprises: i) a web-server component for serving HTTP requests; ii) a business logic application for matching between biometric data to be verified and stored biometric data; and iii) at least one database for storing system data. 3. The system of claim 1, wherein said authentication server includes: i) a registration module for enabling secure remote registration to the authentication server; and ii) a secure access module for enabling secure access to data stored on a network, said secure access enabling one-time user authentication, following said secure remote registration. 4. The system of claim 3, wherein said secure access module is designed and configured to verify a biometric sample, a unique device identity and a PIN. 5. The system of claim 3, wherein the secure access module comprises a digital signature module designed and configured for enabling the one-time user authentication. 6. The system of claim 5, wherein said digital signature is designed and configured to verify a biometric sample, a unique device identity and a PIN. 7. The system of claim 3, wherein the secure access module comprises a secure messaging module designed and configured to enable secure messaging between at least two network-enabled client devices. 8. The system of claim 7, wherein said secure messaging module is designed and configured to verify a biometric sample, a unique device identity and a PIN. 9. The system of claim 3, further comprising a secure transactions module for enabling secure network-based transactions between said client devices and network-based commercial entities, said transactions requiring one-time user authentication. 10. The system of claim 9, wherein said secure transactions module is designed and configured to verify a biometric sample, a unique device identity and a PIN. 11. The system of claim 1, further comprising at least one additional network-enabled client device for receiving data from first said at least one network-enabled client device and from said authentication server. 12. The system of claim 1, wherein said digital binding comprises applying one member of the group consisting of whole document encryption, whole document tagging, and whole document attachment. 13. A method for enhancing data and user authentication using a biometric mechanism to verify to third parties that a document purporting to be from a first party is an unaltered version of a document issued by said first party, comprising the steps of: a) enabling secure biometric remote registration by at least one user; b) authenticating user identity, by an authentication server, by means of a secure data access procedure implemented from a client side device, said secure data access procedure comprising digitally binding biometric data of said biometric remote registration to a document, said digital binding comprising reversibly encrypting said document using a session key generated from said biometric data, c) storing said session key for said third parties to make authentication queries on said document; d) sending a token from said authentication server to said client side device following said data and user authentication, said token enabling said binding to be generated in association with said authentications; e) subsequently decrypting said document using said session key at the instigation of one or more of said third parties, said decrypting using said session key providing said data and user authentication, said user authentication thereby comprising biometric identification. 14. The method of claim 13, further comprising accessing said authentication server from a plurality of devices, said devices selected from the group consisting of PCs, laptops, PDAs, smart phones, cellular phones, wireline phones and mobile computers. 15. The method of claim 13, further comprising c) execution of a digital signature verification procedure, by said authentication server, to authenticate a digital signature of said authenticated user. 16. The method of claim 13, wherein said authenticating said user identity includes the steps of: i) registering personal details with an authentication server, by said user; ii) registering at least one biometric characteristic with said authentication server, by said user; iii) sending a secret number to said user, by an authentication server; iv) logging in to said authentication server, using said secret number, a computer device ID and at least one biometric characteristic, by said user; and v) verifying said user, by comparing said login data with said registered information, such that said registered information includes said computer device ID and at least one said biometric characteristic. 17. The method of claim 14, wherein said accessing said authentication server from a plurality of devices includes the steps of: i) authenticating said user; ii) creating a roaming diskette for said user; and iii) performing authentication actions on a computing device that is compatible with said diskette, using said diskette; wherein said roaming diskette enables accessing said authentication server from a plurality of devices. 18. The method of claim 13, wherein said secure data access procedure includes the following steps: i) providing a memory unit for storing information including a stored voice print and an identity of each of a plurality of individuals, said stored voice print of each of said plurality of individuals being generated from corresponding voice data thereof; ii) collecting information provided by said user, said information being for verifying that said user is a specific individual from among said plurality of individuals; iii) processing temporary voice data collected from said user into a temporary voice print; iv) comparing said temporary voice print with said stored voice print of each of at least a portion of said plurality of individuals including said specific individual; and v) granting access to said user, only if said temporary voice print is similar to said stored voice print of said specific individual. 19. The method of claim 18, wherein a sender signs and sends a digitally signed message and a recipient, receiving the digitally signed message opens the message; and wherein the opening causes a notification of opening to be sent to an authentication server, the server responding by sending a transaction certificate to said recipient, said certificate including information selected from the group consisting of a sender's email, date stamp, time stamp, gender, first name, last name, service provider name, public key of said transaction, and a digital signature signed by a Business Registrar. 20. The method of claim 15, wherein said execution of a digital signature verification procedure includes the steps of: i) entering, by a sender, a location of an information source to be signed; ii) requesting said sender to enter a user PIN and entering prompted combinations; iii) obtaining an envelope for said document, such that said envelope facilitates hashing of said document; iv) encrypting said document using a hashing mechanism; v) sending said encrypted document to at least one receiver as a message; and vi) combining said encrypted document and said prompted combinations to form said user's digital signature of the message. 21. The method of claim 20, further including the steps of: vii) receiving said message, with said encrypted document as an attachment thereof; viii) opening said attachment, and starting a digital signature module (DSM) application to decrypt the received digital signature and verify sender's authenticity; and ix) comparing a voice and a hash of said hashing mechanism, and validating said received message only if the voice and the hash match, and receiving sender user/personal details from said authentication server. 22. The method of claim 20, wherein step vi further comprises storing said digital signature as user proof-of-purchase. 23. The method of claim 13 further comprising execution of a secure messaging verification procedure. 24. The method of claim 23, wherein said execution of a secure messaging verification procedure includes: i) creating a message; ii) sending the message to a receiver; iii) obtaining a voice sample of the receiver; iv) authenticating the voice sample of the message receiver receiving the message; v) matching recipient personal information with information specified by a sender; and vi) opening said message. 25. The method of claim 24, wherein authenticating a voice sample of the message receiver comprises the steps of: 1) sending a token of a request number to a message sender, by said server; 2) generating a random symmetric encryption key and sending said key to said server, by said message sender; 3) if the voice sample of the message receiver is authenticated by said server, sending said token of request number from said recipient to said server; and 4) sending said symmetric encryption key corresponding to said request, by said server. 26. The method of claim 24, wherein said sender specifies a plurality of recipients.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (17)
Cuccia David ; Epstein Michael A. ; Pasieka Michael S., Administration and utilization of secret fresh random numbers in a networked environment.
Walker Jay S. ; Schneier Bruce ; Jorasch James A., Method and apparatus for a cryptographically-assisted commercial network system designed to facilitate and support exper.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Adding information or functionality to a rendered document via association with an electronic counterpart.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Aggregate analysis of text captures performed by multiple users from rendered documents.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Association of a portable scanner with input/output and storage devices.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Association of a portable scanner with input/output and storage devices.
King, Martin T.; Stephens, Redwood; Mannby, Claes-Fredrik; Peterson, Jesse; Sanvitale, Mark; Smith, Michael J., Automatically capturing information, such as capturing information using a document-aware device.
King, Martin T.; Stephens, Redwood; Mannby, Claes-Fredrik; Peterson, Jesse; Sanvitale, Mark; Smith, Michael J.; Daley-Watson, Christopher J., Automatically providing content associated with captured information, such as information captured in real-time.
King, Martin Towle; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Quentin, Capturing text from rendered documents using supplement information.
King, Martin Towle; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Quentin, Capturing text from rendered documents using supplemental information.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Determining actions involving captured information and electronic content associated with rendered documents.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Handheld device for capturing text from both a document printed on paper and a document displayed on a dynamic display device.
King, Martin T.; Stephens, Redwood; Mannby, Claes-Fredrik; Peterson, Jesse; Sanvitale, Mark; Smith, Michael J., Identifying a document by performing spectral analysis on the contents of the document.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Methods and systems for initiating application processes by data capture from rendered documents.
Hoffer, Steven Miles, Methods using mediation software for rapid health care support over a secured wireless network; methods of composition; and computer program products therefor.
King, Martin T.; Stephens, Redwood; Mannby, Claes-Fredrik; Peterson, Jesse; Sanvitale, Mark; Smith, Michael J., Performing actions based on capturing information from rendered documents, such as documents under copyright.
King, Martin T.; Stephens, Redwood; Mannby, Claes-Fredrik; Peterson, Jesse; Sanvitale, Mark; Smith, Michael J., Performing actions based on capturing information from rendered documents, such as documents under copyright.
King, Martin Towle; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Quentin, Processing techniques for text capture from a rendered document.
King, Martin T.; Kushler, Clifford A.; Stafford-Fraser, James Q.; Grover, Dale L., Processing techniques for visual capture data from a rendered document.
Soni, Himanshu; Singh, Karanbir; Baker, Arthur H.; Bharadwaj, Vijay G.; Porter, Nelly L.; Barhudarian, Violet Anna; Wood, John D. T.; Shipman, Jeffrey E.; Viegas, Jeremy D., Resource management based on biometric data.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Search engines and systems with handheld document data capture devices.
King, Martin Towle; Stafford-Fraser, James Quentin; Kushler, Clifford A.; Grover, Dale L., System and method for information gathering utilizing form identifiers.
Kolluru, Raju Venkata; Kleinpeter, Michael Dean; Lynch, Liam Sean; Kasten, Christopher J.; Kanungo, Rajesh, System and method for pool-based identity generation and use for service access.
Warshavsky, Alex; Fiske, Aaron; Cinarkaya, Bulent; Guest, Ryan, System, method and computer program product for performing one or more actions utilizing a uniform resource locator.
Warshavsky, Alex; Fiske, Aaron; Cinarkaya, Bulent; Guest, Ryan, System, method and computer program product for performing one or more actions utilizing a uniform resource locator.
Warshavsky, Alex; Fiske, Aaron; Cinarkaya, Bulent; Guest, Ryan, System, method and computer program product for performing one or more actions utilizing a uniform resource locator.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Triggering actions in response to optically or acoustically capturing keywords from a rendered document.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Triggering actions in response to optically or acoustically capturing keywords from a rendered document.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Triggering actions in response to optically or acoustically capturing keywords from a rendered document.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Triggering actions in response to optically or acoustically capturing keywords from a rendered document.
King, Martin T.; Grover, Dale L.; Kushler, Clifford A.; Stafford-Fraser, James Q., Triggering actions in response to optically or acoustically capturing keywords from a rendered document.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.