IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0744831
(2007-05-05)
|
등록번호 |
US-8433919
(2013-04-30)
|
발명자
/ 주소 |
- Giobbi, John J.
- Brown, David L.
- Hirt, Fred S.
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
5 인용 특허 :
99 |
초록
▼
A system and method provide efficient, secure, and highly reliable authentication for transaction processing and/or access control applications. A Personal Digital Key stores one or more profiles (e.g., a biometric profile) in a tamper-proof memory that is acquired in a secure trusted process. Biome
A system and method provide efficient, secure, and highly reliable authentication for transaction processing and/or access control applications. A Personal Digital Key stores one or more profiles (e.g., a biometric profile) in a tamper-proof memory that is acquired in a secure trusted process. Biometric profiles comprise a representation of physical or behavioral characteristics that are uniquely associated with an individual that owns and carries the PDK. The PDK wirelessly transmits the biometric profile over a secure wireless transaction to a Reader for use in a biometric authentication process. The Reader compares the received biometric profile to a biometric input acquired at the point of transaction in order to determine if the transaction should be authorized.
대표청구항
▼
1. A method for electronic authentication comprising: retrieving a biometric profile sample comprising transformed biometric information stored in a memory of a personal digital key (PDK), wherein the biometric profile sample is associated with a biometric profile and is based on less than the entir
1. A method for electronic authentication comprising: retrieving a biometric profile sample comprising transformed biometric information stored in a memory of a personal digital key (PDK), wherein the biometric profile sample is associated with a biometric profile and is based on less than the entirety of the biometric profile, and wherein the biometric profile is uniquely associated with an individual and is stored in the memory of the PDK;receiving a biometric input;receiving data for comparing the transformed information of the biometric profile sample to the biometric input;comparing the transformed information of the biometric profile sample to the biometric input;authorizing a transaction responsive to the transformed information of the biometric profile sample matching the biometric input;establishing a secure communication channel with a remote registry;transmitting PDK information to the remote registry using the secure communication channel, wherein the PDK information is uniquely associated with the PDK;receiving a validation decision from the remote registry using the secure communication channel, the validation decision indicating whether the remote registry determines if the PDK is valid or invalid; anddetermining if a transaction should be authorized based on (a) the validation decision and (b) the comparison between the biometric profile sample and biometric input,wherein the remote registry includes a database administered by a trusted third-party organization and the PDK is registered with the registry. 2. The method of claim 1, wherein receiving a biometric input comprises obtaining a representation of physical or behavioral characteristics derived from the individual. 3. The method of claim 1, wherein receiving the biometric input comprises performing at least one of a fingerprint scan, a retinal scan, an iris scan, a facial scan, a palm scan, a DNA analysis, a signature analysis, and a voice analysis. 4. The method of claim 1, further comprising performing a device authentication to verify that the PDK is a valid device responsive to the PDK entering a proximity zone. 5. The method of claim 4, wherein performing a device authentication comprises performing a challenge-response authentication to verify the PDK is valid, wherein the PDK further verifies validity of an external device. 6. The method of claim 4, wherein performing the device authentication comprises: receiving available profile types from the PDK;comparing the available profile types to required profile types for authentication;responsive to the available profile types being sufficient, indicating that the PDK is valid; andresponsive to the available profile types not being sufficient, indicating that the PDK is not valid. 7. The method of claim 1, wherein a private registry is further coupled to the remote registry, comprising a database administered by a private controlling entity. 8. The method of claim 1, further comprising receiving purchasing information from the PDK, the purchasing information comprising at least one of bank information, credit card information, debit card information, ATM card information, and coupon information. 9. The method of claim 8, further comprising determining if the purchasing information is valid by querying a remote validation database. 10. The method of claim 1, further comprising: receiving a picture profile from the PDK comprising an image of the individual;displaying the image on a screen; andprompting an administrator to confirm or deny the identity of the individual based on the appearance of the individual and the displayed image. 11. The method of claim 1, further comprising: acquiring a personal identification number from the individual;receiving a PIN profile from the PDK; anddetermining if the acquired personal identification number matches the received PIN profile. 12. The method of claim 1, wherein comparing the biometric profile to the biometric input further comprises: computing a representation of the biometric input based on a mathematical hash of the biometric input; andcomparing the representation of the biometric input to the biometric profile. 13. An apparatus for electronic authentication comprising: a biometric reader adapted to receive a biometric input;a receiver/decoder circuit adapted to wirelessly receive a biometric profile sample from a personal digital key (PDK) over a wireless channel, wherein the biometric profile sample comprising transformed information is based on less than the entirety of a biometric profile stored in a memory of a personal digital key (PDK), wherein the biometric profile is uniquely associated with an individual;a processor coupled to the receiver/decoder circuit and the biometric reader, the processor adapted to compare the biometric profile sample to the biometric input, and indicate that a transaction should be authorized responsive to determining that the biometric profile sample matches the biometric input; anda network interface coupled to the processor and to the receiver/decoder circuit, the network interface adapted to establish the secure communication channel with a remote registry with which the PDK is registered, transmit PDK information uniquely associated with the PDK to the remote registry using the secure communication channel and receive a validation decision from the remote registry using the secure communication channel indicating whether the remote registry determines if the PDK is valid or invalid, wherein the processor determines whether to authorize the transaction using the validation decision and comparing the biometric profile sample to the biometric input. 14. The apparatus of claim 13, further comprising a credit card terminal input/output coupled to the receiver/decoder circuit, the credit card terminal input/output adapted to communicate with a credit card terminal. 15. The apparatus of claim 13, wherein the biometric reader is further adapted to obtain a representation of physical or behavioral characteristics derived from the individual. 16. The apparatus of claim 13, wherein the biometric reader comprises at least one of a fingerprint scanner, a retinal scanner, an iris scanner, a face scanner, a palm scanner, a DNA analyzer, a signature analyzer, and a voice analyzer. 17. The apparatus of claim 13, wherein the receiver/decoder circuit is further adapted to receive the biometric profile sample in an encrypted format over a secure wireless channel, and decrypt the biometric profile sample to an unencrypted format. 18. The apparatus of claim 13, wherein the receiver/decoder circuit is further adapted to detect a PDK in response to the PDK entering a proximity zone of the receiver/decoder circuit, and request the PDK to transmit the biometric profile. 19. A personal digital key (PDK) comprising: a memory adapted to store a biometric profile comprising transformed biometric information in a tamper-proof format, wherein the biometric profile is uniquely associated with an individual, adapted to store a biometric profile sample, the biometric profile sample associated with the biometric profile and based on less than the entirety of the biometric profile, and adapted to store a unique PDK ID in a tamperproof format, the PDK ID comprising information identifying the PDK among other PDKs;a transceiver coupled to the memory, the transceiver adapted to wirelessly receive over a secure wireless channel data based at least in part on a biometric input, the biometric input received from an external device and wirelessly transmit the PDK ID over a secure wireless channel to the external device; anda control logic to coordinate a comparison of data based at least in part on a biometric input to a set of transformed information comprising the biometric profile sample. 20. The apparatus of claim 19, wherein the memory further stores initialization information comprising at least one of a programmer ID, a notary ID, and a site ID associated with an initialization process. 21. The apparatus of claim 19, wherein the memory is further adapted to store at least one of purchasing information, registration information and personal information. 22. The apparatus of claim 19, further comprising a programmer interface adapted to write the biometric profile to the memory during a trusted initialization process. 23. The apparatus of claim 19, wherein the memory and transceiver are integrated into items carried or worn by the individual. 24. The apparatus of claim 19, wherein the memory and transceiver are integrated into a cell phone, a Personal Digital Assistant (PDA), an employee identification tag, clothing, or jewelry. 25. A method for secure authentication using a physical, portable key (PDK) comprising: storing a biometric profile in a tamper-proof memory, wherein the biometric profile is uniquely associated with an individual and comprises transformed biometric information;storing a biometric profile sample associated with the biometric profile and based on less that the entirety of the biometric profile;wirelessly receiving data based at least in part on a biometric input from an external; andresponsive to receiving data based at least in part on a biometric input, the external device authorizes a transaction based on (a) a comparison between the biometric profile sample and the data based at least in part on the biometric input acquired from the individual performed by the PDK and (b) a validation decision received from a remote registry using a secure communication channel, wherein the validation decision authenticates the PDK based at least in part on whether the PDK is registered with the remote registry. 26. The method of claim 25, further comprising encrypting the stored biometric profile for transmission over the secure wireless channel. 27. The method of claim 25, further comprising storing at least one of purchasing information, registration information and personal information. 28. The method of claim 25, further comprising writing the biometric profile to the tamper-proof memory during a one time trusted initialization process. 29. The method of claim 25, wherein the physical, portable key is integrated into a cell phone, a Personal Digital Assistant (PDA), an employee identification tag, clothing, or jewelry. 30. The method of claim 25, further comprising storing a unique ID in a tamperproof format. 31. The method of claim 25, further comprising performing a device authentication to verify that the external device is valid responsive to entering a proximity zone of the external device. 32. The method of claim 31, wherein performing a device authentication comprises performing a challenge-response authentication to verify validity of the external device, wherein the external device further verifies validity of a personal digital key. 33. The method of claim 25, further comprising: receiving the biometric input from the individual;computing a representation of the biometric input by performing a mathematical hash on the biometric input; andtransmitting the representation of the biometric input to the external device. 34. A method for secure electronic authentication comprising: wirelessly receiving uniquely identifying information from a personal digital key (PDK);transmitting the uniquely identifying information from the PDK to a remote registry with which the PDK is registered;receiving a validation decision from the remote registry using a secure communication channel, the validation decision indicating whether the PDK is valid based at least in a part on the uniquely identifying;receiving profile information from the PDK indicating types of profiles stored in the PDK;determining if the types of profiles are compatible with allowable authentication types;performing one or more authentication tests to determine if a profile is valid, wherein performing the one or more authentication tests includes wirelessly receiving a biometric profile sample from the PDK, wherein the biometric profile sample is associated with a biometric profile and is based on less than the entirety of the biometric profile and wherein the biometric profile is uniquely associated with an individual,acquiring a biometric input anddetermining that the profile is valid responsive to the acquired biometric input matching the received biometric profile sample; andauthorizing a transaction responsive to determining that the PDK is valid, determining that the types of profiles are compatible, and determining that the profile is valid. 35. The method of claim 34, wherein performing one or more profile authentication tests comprises: wirelessly receiving a Personal Identification Number (PIN) profile from the PDK, wherein the PIN profile is uniquely associated with an individual;acquiring a PIN input; anddetermining that the profile is valid responsive to the acquired PIN matching the received PIN profile. 36. The method of claim 34, wherein performing one or more profile authentication tests comprises: wirelessly receiving a picture profile from the PDK, wherein the picture profile is uniquely associated with an image of an individual;acquiring an image; anddetermining that the profile is valid responsive to the acquired image matching the received picture profile. 37. The method of claim 34, wherein performing one or more profile authentication tests comprises: receiving a registry profile from the PDK, wherein the registry profile is uniquely associated with an individual;establishing a secure communication channel with a remote registry;transmitting the registry profile to the remote registry;receiving status information from the remote registry; anddetermining that the profile is valid responsive to the status information indicating a valid registry entry.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.