US20030115475A1 - Biometrically enhanced digital certificates and system and method for making and using - Google Patents

Biometrically enhanced digital certificates and system and method for making and using Download PDF

Info

Publication number
US20030115475A1
US20030115475A1 US10/194,444 US19444402A US2003115475A1 US 20030115475 A1 US20030115475 A1 US 20030115475A1 US 19444402 A US19444402 A US 19444402A US 2003115475 A1 US2003115475 A1 US 2003115475A1
Authority
US
United States
Prior art keywords
certificate
biometric
biometric data
public key
data sample
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/194,444
Inventor
Anthony Russo
Mark Howell
Thorsten Roske
Peter McCoy
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
I-CONTROL SECURITY Inc
Original Assignee
I-CONTROL SECURITY Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/099,558 external-priority patent/US20030021495A1/en
Application filed by I-CONTROL SECURITY Inc filed Critical I-CONTROL SECURITY Inc
Priority to US10/194,444 priority Critical patent/US20030115475A1/en
Assigned to I-CONTROL SECURITY, INC. reassignment I-CONTROL SECURITY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ROSKE, THORSTEN, MCCOY, PETER A., HOWELL, MARK J., RUSSO, ANTHONY P.
Publication of US20030115475A1 publication Critical patent/US20030115475A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/02Reservations, e.g. for tickets, services or events
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1335Combining adjacent partial images (e.g. slices) to create a composite input or reference pattern; Tracking a sweeping finger movement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • authentication methods are grouped into three categories, also called authentication factors, see for example Smith, Richard E., “Authentication: from Passwords to Public Keys” Addison-Wesley, 2002, p. 29, incorporated herein by reference in its entirety.
  • the three categories are generally: 1) something you know—a secret such as a password or a PIN or other information; 2) something you have—such as a smartcard, the key to a mechanical lock, an ID badge, or other physical object; and 3) something you are—a measure of a person such as a fingerprint or voiceprint.
  • Each method has advantages and disadvantages including those relating to ways that a system may be fooled into accepting a normally unauthorized user in cases where, for example, a password has been guessed or a key has been stolen.
  • Biometric identification is used to verify the identity of a person by measuring selected features of some physical characteristic and comparing those measurements with those filed for the person in a reference database or stored in a token (such as a smartcard) carried by the person.
  • Physical characteristics that are used today include fingerprints, voiceprints, hand geometry, the pattern of blood vessels on the wrist or on the retina of the eye, the topography of the iris of the eye, facial patterns, and the dynamics of writing a signature or typing on a keyboard.
  • Biometric identification methods are widely used today for securing physical access to buildings and securing data networks and personal computers.
  • the security and integrity of information systems also depend on keeping data confidential so that only authorized users may see or act against the data, and assuring the integrity of data so that the data cannot be changed or tampered with undetected.
  • the field of cryptography provides tools for assuring confidentiality and integrity using encryption techniques such as ciphers and hash algorithms.
  • PKI Public Key Infrastructure
  • PKI gets its name from its use of a class of cryptographic algorithm called a public key algorithm.
  • a public key algorithm is a cryptographic algorithm that operates using two different but mathematically-related keys, a public key that may be shared with any party and a private key which must be kept secret, such that (for must such algorithms) data encrypted with the public key may only be decrypted with the private key, and vice-versa.
  • PKI standards provide powerful mechanisms for safe and private storage and transmission of confidential data so that it remains hidden from unauthorized parties.
  • the standards provide for digital signatures, which provide the receiving party of some data with an assurance of the identity of the transmitting party.
  • PKI standards further provide for digital certificates, which provide a tamper-resistant, portable record of the association of a public key with a person's or organization's name, attested to and signed by a trusted party, thus presenting a form of unique, irrefutable digital identity or credential for that person or organization.
  • PKI standards also provide other useful and powerful mechanisms that can contribute to the security and integrity of information systems.
  • On example of a certificate for use in a PKI system is an X.509 certificate.
  • FIG. 1 schematically depicts a standard X.509 certificate 101 , herein referred to as an ‘identity certificate’, containing fields for Version 102 , Certificate Serial Number 103 , Signature Algorithm Identifier 104 , Issuer Name 105 , Validity Period 106 , Subject Name 107 , Subject Public Key Info 108 , Issuer Unique Identifier 109 , and Subject Unique Identifier 110 .
  • This general structure is known in the art. Contents of the certificate are signed by the issuing certificate authority (CA), and the signature is found in the CA Signature field 112 .
  • CA issuing certificate authority
  • PKI is widely used in commercial and non-commercial systems, both over the Internet and in more closed or local applications.
  • Most web browsers for example, use PKI and PKI-based standards to interoperate with web servers when high security is desired, as when a user specifies a credit card number for payment while placing an online order.
  • the proliferation of electronic commerce has led many jurisdictions around the world to begin to develop legal standards with the intended result that a correctly constituted digital signature would be every bit as legally binding as a handwritten signature is today.
  • PKI provides powerful mechanisms, but it has weaknesses.
  • digital certificates are issued to persons or organizations by a Certificate Authority (CA), usually a trusted third party in the business of providing a measured degree of assurance that the digital identity embodied in the certificate is valid and genuine. With such an assurance, a party may be confident that someone who claims a certain identity and presents a digital certificate is in fact that person or organization and not an impostor.
  • CA Certificate Authority
  • Certificate Authority The assurance of a third-party Certificate Authority can be compromised, as it is based on assumptions that may turn out to be invalid. For example, if a CA issues a certificate to an imposter, that would invalidate the assumption that the CA has successfully and correctly verified the party to whom it is issuing the certificate.
  • certificates refer to a person by name, and may include other information such as an address.
  • One's name has a meaning by social convention and in legal terms, but a name is not an intrinsic property of a physical person. Persons can assume names or change names, for example, creating a vulnerability in certificates utilizing names. Nor are names guaranteed to be unique; many people have names that are the same as those of other people. Linking a digital identity of a party to a name, address, or other ambiguous, extrinsic, or easily assumed or changed attribute of the party can present opportunities for impostors in PKI systems.
  • the present invention provides a digital certificate for use in a public key infrastructure, said certificate comprising a public key field comprising a public key; and a biometric certificate field comprising biometric data; wherein said public key and said biometric data are associated with a same entity.
  • said biometric data comprises processed biometric data.
  • the processed biometric data may include a biometric template.
  • said biometric data may comprise a hash value in some embodiments of the invention.
  • said biometric data comprises a raw biometric data sample.
  • said certificate is an X.509 certificate comprising private extensions, wherein said private extensions comprise said biometric information.
  • said biometric information comprises a biometric template. In other embodiments, said biometric information comprises a hash value.
  • said certificate is an X.509 certificate associated with an X.509attribute certificate containing said biometric information.
  • said biometric information comprises a biometric template. In other embodiments, said biometric information comprises a hash value.
  • said biometric data is based on a biometric data sample.
  • the biometric data sample may comprise a fingerprint scan, a facial image, an iris scan, a voice recording, or combinations thereof.
  • a method for generating a biometrically enhanced certificate comprising obtaining a biometric data sample, processing said biometric data sample to yield processed biometric information, generating biometric certificate fields utilizing said compressed biometric information, and submitting certificate information including said biometric certificate fields to at least one third-party authority.
  • Some embodiments of the method further comprise generating a public/private key pair. Other embodiments further comprise receiving a signed certificate.
  • processing a biometric data sample comprises applying a hash function to said biometric data sample and said processed biometric data comprises a hash value.
  • said processing comprises extracting a biometric template from said biometric data sample.
  • said processing further comprises encrypting said biometric template with said public key.
  • generating biometric certificate fields comprises generating private extensions for an X.509 identity certificate, wherein said private extensions comprise processed biometric data.
  • said generating biometric certificate fields comprises generating an attribute certificate corresponding to an X.509 base certificate, wherein said attribute certificate comprises processed biometric data.
  • the certificate provided by the method is a digital biometrically enhanced certificate comprising a public key field comprising a public key, a biometric certificate field comprising scan sampled biometric data including processed biometric data, a biometric template, and a hash value; wherein said public key and said biometric data are associated with a same entity, said certificate is an X.509 certificate comprising private extensions, said private extensions comprise said biometric information, and said biometric data sample comprises a biometric data sample selected from the group consisting of a fingerprint scan, a facial image, an iris scan, a retinal scan, a voice recording, a DNA sample, a saliva sample, and combinations thereof.
  • a computer program product for use in conjunction with a computer system having at least one processor and a memory coupled to the processor
  • the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism, comprising a program module that directs the computer to function in a specified manner to generate a biometrically enhanced certificate, the program module including instructions for obtaining a biometric data sample, processing said biometric data sample to yield processed biometric information, generating biometric certificate fields utilizing said compressed biometric information, submitting certificate information including said biometric certificate fields to at least one third-party authority, and receiving a signed certificate.
  • the program module further includes instructions for generating a public/private key pair.
  • the program module further includes instructions for applying a hash function to said biometric data sample and said processed biometric data comprises a hash value.
  • the program module further includes instructions for extracting a biometric template from said biometric data sample.
  • the program module further including instructions for encrypting said biometric template with said public key.
  • the instructions for generating biometric certificate fields comprise instructions for generating private extensions for an X.509 base certificate, wherein said private extensions comprise processed biometric data.
  • said instructions for generating biometric certificate fields comprise instructions for generating an attribute certificate corresponding to an X.509 base certificate, wherein said attribute certificate comprises processed biometric data.
  • a digital certificate for use in a public key infrastructure comprising a public key field comprising a public key, a biometric certificate field comprising scan sampled biometric data including processed biometric data, a biometric template, and a hash value, wherein said public key and said biometric data are associated with a same entity, said certificate is an X.509 certificate comprising private extensions, and wherein said private extensions comprise said biometric information, and said biometric data sample comprises a biometric data sample selected from the group consisting of a fingerprint scan, a facial image, an iris scan, a retinal scan, a voice recording, a DNA sample, a saliva sample, and combinations thereof.
  • FIG. 1 is a schematic depiction of a general structure for an embodiment of a standard X.509 certificate.
  • FIG. 2 is a schematic depiction of an embodiment of a biometrically enhanced certificate according to the present invention comprising an X.509 identity certificate having private extensions comprising biometric certificate fields.
  • FIG. 3 is a schematic depiction of an embodiment of a biometrically enhanced certificate according to the present invention comprising an X.509 attribute certificate.
  • FIG. 4 is a schematic overview of a method for creating a biometrically enhanced certificate, according to an embodiment of the present invention.
  • FIG. 5 is a schematic illustration of a method for creating a biometrically enhanced certificate embodied as an X.509 identity certificate comprising private extensions comprising biometric certificate fields, according to an embodiment of the present invention.
  • FIG. 6 is a schematic illustration of a method for creating a biometrically enhanced certificate comprising an X.509 attribute certificate, according to an embodiment of the present invention.
  • the present invention provides certificates or other data structure or data item for use in public key infrastructures. It also provides methods for making and using such certificates as well as computer program and computer program product for making and using such certificates.
  • public key infrastructure generally any security system employing public key algorithms—with X.509 being one specific embodiment of a PKI.
  • Public key algorithms generally refers to any algorithm utilizing a public-private key pair wherein two keys are stored in separate locations. That is, generally, in a transaction involving a receiving party and a transmitting party, a private key is known to the transmitting party but not the receiving party, while a public key is known to both parties.
  • key herein is meant data—typically in the form of a code, or string of digits—utilized in a cryptographic procedure.
  • some embodiments of the present invention are intended for use in a PKI system where a private key (known only to a transmitting party), is utilized to encrypt a message, and a corresponding public key (known to both parties), is utilized to decrypt the message.
  • a private key is used to decrypt while a public key is used to encrypt a message.
  • the present invention utilizes a combination of biometrics and PKI to address the known weaknesses of existing authentication systems, bridging the “last meter” between secured systems and their users. Accordingly, the present invention provides biometrically enhanced certificates or other data structure or data item containing biometric information, by adding fields containing biometric information derived from a user to a conventional Public Key Certificate (also referred to herein as an ‘ID Certificate’ or ‘Identity Certificate’). Requirements for a suitable identity certificate are generally only that the identity certificate contain a public key usable in a public key infrastructure. The identity certificate generally links a key pair with an identity—for example, a name, address, corporate identification, organization identifier, or the like.
  • an identity certificate will be determined by the particular protocol and system used.
  • One example of an embodiment of an X.509 identity certificate is shown in FIG. 1 and is discussed above.
  • a biometrically enhanced certificate therefore, provides a digital identity that is superior to a typical digital certificate because it binds a public key not just to a name, but to a physical property or properties of the person who is the subject of the certificate.
  • Biometrically enhanced certificates comprise biometric information derived or obtained from a raw biometric data sample.
  • a raw biometric data sample refers to a set of data generated by a sampling event or other acquisition. The type and structure of a raw biometric data sample will generally be dependent on the type of biometric sensor or acquisition device used to take the biometric data sample, and the data collection mechanisms. Suitable raw biometric data samples include fingerprint scans, voice samples, facial images, signature images, iris scans, and retinal scans. Generally, any dataset that provides a unique ‘who you are’ measure of a user can be used—including all or portions of a genetic sequence, for example.
  • a wide array of technologies are available to provide biometric data verification including fingerprint, voice, face, signature, iris, retina verification, and other biometric technologies.
  • biometrically enhanced certificate more than one kind of biometric within one biometrically enhanced certificate (a fingerprint scan as well as a voice sample, for example) is sampled.
  • a plurality of biometrics are sampled (either two types of biometric, or two samples of a same biometric, such as two fingerprint scans)
  • a plurality of biometric certificate fields may be generated, as described further below.
  • biometric fields may be combined with conventional fields containing biographical information such as name, address, and the like.
  • a raw biometric data sample itself may be utilized in a biometric certificate field.
  • biometric data samples can be processed, yielding processed biometric information, or processed biometric data, as used herein.
  • This processed biometric data may also referred to in the art as a ‘biometric template’, discussed further below.
  • Processed biometric information generally refers to biometric data derived from one or more raw biometric data samples.
  • processed biometric information is generally more compact than a raw biometric data sample.
  • processed biometric information refers to a unique identifier of a biometric data sample that cannot be utilized to reconstruct the biometric data sample.
  • processed biometric information is both more compact than the original sample and uniquely identifies the sample while it cannot be used to reconstruct the sample.
  • processed biometric information is encrypted raw biometric data.
  • processed biometric information utilized in a biometric certificate field includes a biometric template, which generally refers to a distillation of unique characteristics of a biometric data sample, produced by a known biometric algorithm.
  • a fingerprint template may contain a list of minutiae points detected in a fingerprint image.
  • Other template-generating algorithms are known in the art for fingerprint templates, and for other biometrics, as is described, for example, in A. K. Jain, L. Hong, S. Pankanti and R. Bolle, “An Identity Authentication System Using Fingerprints”, Proc. IEEE Vol. 85, No. 9, pp. 1365-1388, 1997; and D. Maio, D.
  • Templates are advantageously but optionally encrypted—using either a public or private key—prior to their inclusion in a biometrically enhanced certificate.
  • the biometric template is encrypted with the user's public key and put in a certificate Encrypted Template field. Since an encrypted template field is encrypted with the user's public key, it can only be decrypted with the user's corresponding private key, thus making it only accessible by or on behalf of the user.
  • a biometric template is encrypted with a trusted server's public key and put in a certificate's Encrypted Template field. Since this field is encrypted with the server's public key, it can only be decrypted with the server's corresponding private key, thus making it only accessible by the trusted server.
  • two biometric certificate fields are created from one raw biometric data sample—one comprising a biometric template encrypted with a user's public key, and another comprising a biometric template encrypted with a server's public key.
  • processed biometric information utilized in a biometric certificate field include a hash value, computed by a hash function.
  • a biometric sample is acquired and processed by a hash function such as MD5, discussed in Rivest, R., “The MD5 Message-Digest Algorithm,” RFC 1321, April 1992, hereby incorporated by reference, or SHA-1, defined in “Secure Hash Standard,” Federal Information Processing Standards Publication 180-1, April 1995, hereby incorporated by reference.
  • the hash function computes a hash value of the user's biometric sample, which is put in the certificate's Biometric Hash Value field.
  • a preferred embodiment utilizes SHA-1 to compute biometric hash values.
  • the original, raw, biometric data sample is stored in a secure reference database, but this is not required.
  • a hash value cannot be utilized to reconstruct the original biometric data sample, but is unique to the sample; therefore, the hash value can be made public, such as by embedding within a digital certificate. If a biometric sample is successfully matched against the original biometric sample stored in a secure reference database, and the hash value of this original sample is identical with the value of this field, it is proven that the biometrically enhanced certificate was indeed created for that user. That is, in order to later prove (as in the case of repudiation of a transaction, described further below), that a particular biometric data sample was in fact utilized to generate a certain biometrically enhanced certificate, a hash value for that biometric data sample is generated and compared with the hash value contained in the biometrically enhanced certificate.
  • the hash values will match if the biometric data sample in question was used in preparation of the biometrically enhanced certificate. Matching a subsequent biometric data sample taken from a user to the stored biometric sample utilized to generate the biometrically enhanced certificate verifies that the biometrically enhanced certificate was created for the user whose subsequent biometric data sample was taken.
  • biometrically enhanced certificates comprising a hash value and a biometric template.
  • servers or other devices receiving a biometrically enhanced certificate
  • the enrollment field allows recipients of the biometrically enhanced certificate to allow access or authenticate users based on not only a biometric data match, but also a biometric data match made at or above a certain trust level. While ascertaining and acting on a trust level in an enrollment process is discussed here, related methods and systems for determining confidence or trust levels in a transaction are discussed in U.S. application Ser. No. 10/___,___, filed ______, entitled “Method And System For Determining Confidence in a Digital Transaction” (Attorney Docket No. A-70779/RMA/JML), hereby incorporated by reference.
  • enrollment field refers to a certificate field containing information on how a user was enrolled.
  • a measure of the overall reliability and trustworthiness of the biometrically enhanced certificate is provided by the enrollment method.
  • an enrollment field contains information on how the user was enrolled.
  • the enrollment method is generally represented as a symbolic value within the field corresponding to the actual enrollment method used. The following is a subset of possible enrollment methods:
  • a user enrolls using a computer which is wireline connected to the Internet, or with his wireless device (such as a personal digital assistant (PDA) or cellular phone) with a wireless Internet connection or wireless PC connection, such as 802.11.
  • PDA personal digital assistant
  • 802.11 wireless personal digital assistant
  • Smart cards or SIM cards Self-enrollment using smart cards or SIM cards.
  • a user enrolls using a device connected via a wireline or wireless Internet or PC connection to the Internet or server device.
  • a pre-configured smart card or SIM card is used to establish additional trust in the enrollment process and the data provided by the user.
  • this ‘smart card’ method would receive a higher level of trust than methods in the subset discussed above, but a lower level than methods discussed below.
  • the smart card or SIM card may advantageously comprise a write-only memory where the required enrollment data is stored, increasing the trust level of this method.
  • Face-to-face enrollment In this method, enrollment is performed by a trusted human representative such as an employee in a bank branch, notary public, government official, or other trusted person. The user's documentation is reviewed and verified. This is the strongest level of trust presented in this subset, and would receive the highest trust value of the subset.
  • a trusted human representative such as an employee in a bank branch, notary public, government official, or other trusted person.
  • the user's documentation is reviewed and verified. This is the strongest level of trust presented in this subset, and would receive the highest trust value of the subset.
  • Specific trust level values depend on the system deployed. In some cases, it may be advantageous to have one or more enrollment methods receive the same trust level—even if one is theoretically more or less secure than another. For example, in one embodiment, a smart card enrollment process, a ‘secret’ enrollment process, and a basic self-enrollment process receive a first base trust level, and face-to-face enrollment receives a higher trust level. In this manner, a system can support many enrollment procedures, but a simplified trust tier. In other embodiments, a higher trust level may be given to enrollment processes which are theoretically less secure than those given a lower trust level—for example if an institution wants to encourage use of a particular enrollment process despite its lower security level.
  • biometrically enhanced certificates are discussed below with regard to an X.509 standard.
  • the X.509 standard is utilized here to illustrate and exemplify the invention, and is not intended to limit the practice of the invention to a single protocol.
  • a preferred embodiment of a biometrically enhanced certificate builds on X.509 digital certificates (see Housley, R., “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” RFC 2459, January 1999, and ITU-T Recommendation X.509 (1997 E): Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, June 1997, both of which are hereby incorporated by reference), and can be understood generally as having two components: (1) standard fields of an X.509 Identity Certificate or Attribute Certificate depending on the chosen method of implementation; and (2) additional biometric certificate fields which link the certificate to its human referent by the biometric information contained in those fields.
  • biometric-related information can take the form of X.509 private extensions, or an X.509 Attribute Certificate.
  • biometric-related information would be added to the certificate in a manner compatible with the chosen PKI system.
  • FIG. 1 represents one embodiment of an identity certificate including some optional fields. In some embodiments, not all fields shown in FIG. 1 are present in the identity certificate. In other embodiments, other fields not shown in FIG. 1 are present.
  • biometrically enhanced certificates according to preferred X.509 embodiments of the present invention generally fall into two groups: X.509 certificates with private extensions and X.509certificates with attribute certificates. These groups are intended to demonstrate two potential embodiments of the present invention. Those skilled in the art will readily recognize that biometric data may similarly be incorporated into certificates according to other protocols. Further, in some cases a certificate may have attributes of both the groups described below that is comprise both private extensions and attribute certificates.
  • one embodiment of the present invention provides biometrically enhanced certificates comprising an X.509 certificate with private extensions.
  • the ability to add data elements to an X.509 certificate is described in ITU-T Recommendation X.509 (1997E): Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, June 1997, incorporated herein by reference.
  • These added data elements, called private extensions can be identified as critical or non-critical depending on whether applications are required to work with the extensions or if they may be allowed to ignore the extensions.
  • biometric certificate fields are identified as critical. In other preferred embodiments, some or all biometric certificate fields are identified as non-critical.
  • FIG. 2 depicts a schematic illustration of biometrically enhanced certificate 113 that comprises private extensions 111 that add biometric information to a standard X.509 identity certificate.
  • private extensions 111 may include biometric hash value field 115 , one or more encrypted biometric template fields, such as encrypted template fields 116 and 117 (where template field 116 comprises template data encrypted with a user's public key, and template field 117 comprises template data encrypted with a server's public key, as discussed above), and an enrollment type field 118 , which indicates a trust level for the enrollment of biometric information.
  • Hash values templates, and enrollment types are discussed further above.
  • the collection of biometric certificate fields shown in FIG. 2 is one embodiment of such a collection of fields.
  • biometric related fields added as private extensions may be marked as critical or non-critical depending on the specific requirements envisaged for a biometrically enhanced certificate system.
  • all fields containing biometric information are identified as critical.
  • biometric information is provided as an X.509 attribute certificate.
  • an Attribute Certificate is very similar to a standard identity certificate with the main difference that an Attribute Certificate does not include the public key of the owner (as identity certificates do). Instead, an Attribute Certificate is uniquely linked to an identity certificate, which is then referred to as a base certificate.
  • an Attribute Certificate is signed by an Attribute Authority that does not need to be the same entity as the Certificate Authority that signed the base certificate.
  • FIG. 3 schematically depicts Attribute Certificate 114 containing biometric related fields—such as biometric hash value field 115 , encrypted template fields 116 and 117 , and enrollment field 118 .
  • Attribute certificate 114 further may include a variety of other fields—including version field 102 , holder field 123 , certificate issuer field 105 , algorithm identifier field 104 , and certificate serial number field 103 .
  • FIG. 3 also depicts base certificate 101 with which Attribute Certificate 114 is associated.
  • the base and attribute certificates are associated through one or more fields.
  • the base and attribute certificates are associated, as defined in X.509, by the attribute certificate's Holder field 123 which contains either the issuer and serial number 103 or entity name 107 of the base certificate 101 , or both.
  • a single biometrically enhanced certificate represents a plurality of identities, or users. That is, a single biometrically enhanced certificate may include biometric data associated with more than one person or entity. In these embodiments biometric fields 115 - 118 are repeated for each shared owner of the biometrically enhanced certificate, as appropriate. An additional Number field may be included indicating the number of shared owners.
  • a biometrically enhanced certificate may have, but is not required to have, all fields discussed above. Additionally, those skilled in the art will readily identify other potential field types containing biometric data. Any one or more of the above described fields added to a certificate constitutes a biometrically enhanced certificate.
  • the present invention further provides methods for creating biometrically enhanced certificates.
  • the methods are generally similar to those for creating a normal digital certificate with additional steps for acquiring and handling biometric information.
  • the specific process is dependent on the chosen implementation of the biometrically enhanced certificate, such as X.509.
  • FIG. 4 generally depicts methods for creating biometrically enhanced certificates as provided by embodiments of the present invention.
  • the fields for a standard identity certificate are generated in step 500 .
  • an identity certificate is generally any certificate suitable for use in a PKI system, and comprises a public key.
  • identity certificate 500 comprises standard certificate fields 510 and a public key field 520 .
  • a raw biometric data sample is obtained in step 530 .
  • the biometric data sample is obtained through any of a wide variety of biometric sensors—including a fingerprint sensor, a camera for facial imaging, a microphone for voice records, etc. In some embodiments, all or portions of the raw biometric data are included in a biometric certificate field.
  • the raw biometric data sample may then processed for use in a biometric certificate field.
  • the processing comprises hashing the sample, as in step 540 , or extracting one or more biometric templates, as in step 550 .
  • a hash function is used to process the data sample and one or more templates are extracted from the sample. Further, in some embodiments, a plurality of samples are obtained and processed.
  • Biometric templates may then be encrypted for use in a biometric certificate field, in step 560 .
  • Preferred embodiments of this encrypting step utilize public key 520 to encrypt the biometric template.
  • a different key or procedure is used to encrypt the biometric template.
  • a template may be encrypted a plurality of times—each with a different key—for use in a plurality of biometric certificate fields.
  • the hashed biometric is then included in hashed biometric certificate field 570 .
  • An encrypted template is included in encrypted biometric template certificate field 580 .
  • Other extensions 590 may be included in final biometrically enhanced certificate 595 .
  • a method for creating a biometrically enhanced certificate embodied as an X.509 Certificate with Private Extensions is provided. Such a method is schematically illustrated in FIG. 5.
  • An enrollment station 119 such as a PDA, mobile phone, personal computer, or other computing device with an associated biometric sensor, such as a microphone or fingerprint sensor, executes a program which collects a raw biometric data sample in step 200 .
  • a potential user may swipe a finger across a fingerprint sensor, have an image of the user's face recorded, or the like, as discussed above.
  • the raw biometric data sample is then processed with a biometric algorithm specific to the type of biometric sensor used and a biometric template is generated in step 201 .
  • the sensor is a fingerprint sensor and the algorithm is a fingerprint minutiae extraction algorithm.
  • a hash function could be applied to the biometric data sample in step 201 , generating a has value for use in a biometric certificate field.
  • step 202 the program collects any required additional user information such as user name, for entry into field 107 of identity certificate 101 . In other embodiments, further user information may be collected at this step. In still other embodiments, step 202 is not required if no further information is needed.
  • a public/private key pair is generated in step 203 . In a preferred embodiment, the key pair is generated using the RSA public-key cipher, defined in U.S. Pat. No.
  • the biometric certificate fields are then prepared in step 204 from one or more biometric samples and any biometric templates according to the above definitions of those fields.
  • the collected information including biometric and non-biometric user information, is sent in step 205 along with the generated public key to Registration Authority (RA) 120 .
  • the RA assembles the biometric and non-biometric user information into a certificate request, as known in the art.
  • the certificate request is in the PKCS#10 format defined in Nystrom, M. and Kaliski, B., “PKCS #10: Certification Request Syntax Specification Version 1.7,” RFC 2986, November 2000, hereby incorporated by reference.
  • RA 120 submits the certificate request to certificate authority (CA) 121 for signature.
  • CA 121 signs the certificate in step 208 and returns an X.509 certificate with biometric fields (a biometrically enhanced certificate) having a structure generally known in the art—see, for example, ITU-T Recommendation X.509 (1997 E): Information Technology Open Systems Interconnection—The Directory: Authentication Framework, June 1997, hereby incorporated by reference.
  • CA 121 returns the certificate to RA 120 in step 209 .
  • CA 121 may also store a copy of the certificate, or transmit copies to other entities, but does not do so in a preferred embodiment.
  • RA 120 returns the certificate to the enrollment station in step 210 .
  • RA 120 may also store a copy of the certificate, or transmit copies to other entities.
  • RA 120 stores the certificates in a database.
  • Enrollment station 119 stores the certificate with the public/private key pair, in step 211 leaving a biometrically enhanced certificate within station 119 .
  • methods are provided for creating a biometrically enhanced certificate based on a base identity certificate and at least one attribute certificate.
  • a base identity certificate and at least one attribute certificate In the below described embodiment, it is assumed that the user already has an X.509 identity certificate and associated public/private key pair, as discussed above.
  • an enrollment station 119 such as a PDA, mobile phone, personal computer, or other computing device with an associated biometric sensor, such as a microphone or fingerprint sensor, executes a program, as above, which collects a biometric sample from a user in step 250 .
  • the biometric sample is then processed with the biometric algorithm, as above, specific to the type of biometric sensor used and a biometric template is generated in step 251 .
  • the sensor is a fingerprint sensor and the algorithm is a fingerprint minutiae extraction algorithm.
  • the biometric-related fields are then prepared in step 252 from the raw biometric sample and biometric template according to the above definitions of those fields.
  • the type of enrollment is known by the enrollment station and is readily available for inclusion in an enrollment field.
  • the collected biometric information is put in an attribute certificate request, an appropriately-specified data structure such as an extensible markup language (XML) structure, in step 253 .
  • XML extensible markup language
  • Also included is the content of the “Certificate Serial Number” 103 and/or the “Subject Name” 107 fields from the user's existing base certificate. In other embodiments, other or different linking fields from the base certificate are included.
  • the attribute certificate request structure is signed in step 254 with the user's private key associated with the base certificate.
  • the signed attribute certificate request is sent in step 255 to an Attribute Authority (AA) for signature.
  • AA signs the attribute certificate in step 256 and returns the certificate to the enrollment station in step 257 .
  • the RA may also store a copy of the certificate, or transmit copies to other entities.
  • the RA stores the certificates in a database.
  • the enrollment station stores the certificate with the base certificate in step 258 , thus completing the process of creating a biometrically enhanced certificate.
  • biometrically enhanced certificates find use in a variety of applications.
  • a first general use of biometrically enhanced certificates is that of authentication. That is, a biometrically enhanced certificate may be used to assert and prove an identity.
  • a biometrically enhanced certificate includes template 117 encrypted with the public key of a server
  • that server may decrypt template 117 with its private key and compare it to a template extracted from biometric sample data collected from a user requesting authentication, thus enabling that user to, for example, log in to a secure web site or other system.
  • a biometrically enhanced certificate includes template 116 encrypted with the public key of a user
  • the system may require the user to provide a password releasing his private key, which would then be used to decrypt the template for comparison to a template extracted from biometric sample data collected from the user, thus enabling a two-factor “what you know” and “what you are” authentication, which might allow a user to, for example, sign a purchase order.
  • Biometrically enhanced certificates may also be used for authorization—that is, determining what a particular user is allowed to do or see. That is, a server or other device receiving a biometrically enhanced certificate may correlate the biometrically enhanced certificate information with specific information that someone sending that biometrically enhanced certificate may access—including, but not limited to—financial information including bank accounts, balances, credit histories, stock information; purchase information including prices, inventories, transactions, histories; a vote; or a document request.
  • Biometrically enhanced certificates may further be used for non-repudiation—that is, creating a record of an activity that will not later be refuted or altered.
  • a biometrically enhanced certificate includes biometric hash value 115
  • the hash value of the original biometric sample or template taken at the time of enrollment and creation of the biometrically enhanced certificate may be used to prove the authenticity of a purported biometric sample when that biometric sample is compared to a biometric sample or template collected at the time of a particular transaction being repudiated, in order to prove that the person who enrolled is the same person who was authenticated for the transaction being repudiated.
  • the invention may advantageously implement the methods and procedures described herein on a general purpose or special purpose computing device, such as a device having a processor for executing computer program code instructions and a memory coupled to the processor for storing data and/or commands.
  • a general purpose or special purpose computing device such as a device having a processor for executing computer program code instructions and a memory coupled to the processor for storing data and/or commands.
  • the computing device may be a single computer or a plurality of networked computers and that the several procedures associated with implementing the methods and procedures described herein may be implemented on one or a plurality of computing devices.
  • inventive procedures and methods are implemented on standard server-client network infrastructures with the inventive features added on top of such infrastructure or compatible therewith.

Abstract

The present invention provides biometrically enhanced certificates or other data structure or data item containing biometric information, by adding fields containing biometric information derived from a user to a conventional Public Key Certificate. A biometrically enhanced certificate, therefore, provides a digital identity that binds a public key not just to a name, but to a physical property or properties of the person or entity who is the subject of the certificate. In one embodiment, biometric certificate fields comprising biometric data are incorporated into private extensions of an X.509 identity certificate. In another embodiment, biometric certificate fields comprising biometric data are incorporated into an X.509 attribute certificate.

Description

    BACKGROUND OF THE INVENTION
  • The security and integrity of information systems depends in part on authentication of individual users—accurately and reliably confirming or authenticating the identity of a user attempting to use the system. Once a user is authenticated, a system is then able to authorize the user to retrieve certain information or perform certain actions appropriate to the system's understanding of the user's identity. Examples of such actions include downloading a document, completing a financial transaction, or digitally signing a purchase. [0001]
  • Numerous methods have been developed for authenticating users. Generally, as will be understood by those skilled in the art, authentication methods are grouped into three categories, also called authentication factors, see for example Smith, Richard E., “Authentication: from Passwords to Public Keys” Addison-Wesley, 2002, p. 29, incorporated herein by reference in its entirety. The three categories are generally: 1) something you know—a secret such as a password or a PIN or other information; 2) something you have—such as a smartcard, the key to a mechanical lock, an ID badge, or other physical object; and 3) something you are—a measure of a person such as a fingerprint or voiceprint. Each method has advantages and disadvantages including those relating to ways that a system may be fooled into accepting a normally unauthorized user in cases where, for example, a password has been guessed or a key has been stolen. [0002]
  • The third category above—referred to herein as ‘something you are’ authentication methods—are the subject of the biometrics field. Biometric identification is used to verify the identity of a person by measuring selected features of some physical characteristic and comparing those measurements with those filed for the person in a reference database or stored in a token (such as a smartcard) carried by the person. Physical characteristics that are used today include fingerprints, voiceprints, hand geometry, the pattern of blood vessels on the wrist or on the retina of the eye, the topography of the iris of the eye, facial patterns, and the dynamics of writing a signature or typing on a keyboard. Biometric identification methods are widely used today for securing physical access to buildings and securing data networks and personal computers. [0003]
  • The security and integrity of information systems also depend on keeping data confidential so that only authorized users may see or act against the data, and assuring the integrity of data so that the data cannot be changed or tampered with undetected. The field of cryptography provides tools for assuring confidentiality and integrity using encryption techniques such as ciphers and hash algorithms. [0004]
  • One widely known and implemented body of these tools, and procedures and practices for their use, is called Public Key Infrastructure (PKI). PKI gets its name from its use of a class of cryptographic algorithm called a public key algorithm. As is widely known to those versed in the cryptographic field, a public key algorithm is a cryptographic algorithm that operates using two different but mathematically-related keys, a public key that may be shared with any party and a private key which must be kept secret, such that (for must such algorithms) data encrypted with the public key may only be decrypted with the private key, and vice-versa. PKI standards are well known, X.509 for example, described in Housley, R., “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” RFC 2459, January 1999, and ITU-T Recommendation X.509 (1997 E): Information Technology—Open System Interconnection—The Directory: Authentication Framework, June 1997, both of which are hereby incorporated by reference. [0005]
  • These standards provide powerful mechanisms for safe and private storage and transmission of confidential data so that it remains hidden from unauthorized parties. The standards provide for digital signatures, which provide the receiving party of some data with an assurance of the identity of the transmitting party. PKI standards further provide for digital certificates, which provide a tamper-resistant, portable record of the association of a public key with a person's or organization's name, attested to and signed by a trusted party, thus presenting a form of unique, irrefutable digital identity or credential for that person or organization. PKI standards also provide other useful and powerful mechanisms that can contribute to the security and integrity of information systems. On example of a certificate for use in a PKI system is an X.509 certificate. [0006]
  • FIG. 1 schematically depicts a standard X.509 [0007] certificate 101, herein referred to as an ‘identity certificate’, containing fields for Version 102, Certificate Serial Number 103, Signature Algorithm Identifier 104, Issuer Name 105, Validity Period 106, Subject Name 107, Subject Public Key Info 108, Issuer Unique Identifier 109, and Subject Unique Identifier 110. This general structure is known in the art. Contents of the certificate are signed by the issuing certificate authority (CA), and the signature is found in the CA Signature field 112. This figure is for reference and is not intended to provide a complete or authoritative definition of the structure or contents of an X.509 certificate.
  • PKI is widely used in commercial and non-commercial systems, both over the Internet and in more closed or local applications. Most web browsers, for example, use PKI and PKI-based standards to interoperate with web servers when high security is desired, as when a user specifies a credit card number for payment while placing an online order. The proliferation of electronic commerce has led many jurisdictions around the world to begin to develop legal standards with the intended result that a correctly constituted digital signature would be every bit as legally binding as a handwritten signature is today. [0008]
  • PKI provides powerful mechanisms, but it has weaknesses. In practice, digital certificates are issued to persons or organizations by a Certificate Authority (CA), usually a trusted third party in the business of providing a measured degree of assurance that the digital identity embodied in the certificate is valid and genuine. With such an assurance, a party may be confident that someone who claims a certain identity and presents a digital certificate is in fact that person or organization and not an impostor. [0009]
  • The assurance of a third-party Certificate Authority can be compromised, as it is based on assumptions that may turn out to be invalid. For example, if a CA issues a certificate to an imposter, that would invalidate the assumption that the CA has successfully and correctly verified the party to whom it is issuing the certificate. Often, certificates refer to a person by name, and may include other information such as an address. One's name has a meaning by social convention and in legal terms, but a name is not an intrinsic property of a physical person. Persons can assume names or change names, for example, creating a vulnerability in certificates utilizing names. Nor are names guaranteed to be unique; many people have names that are the same as those of other people. Linking a digital identity of a party to a name, address, or other ambiguous, extrinsic, or easily assumed or changed attribute of the party can present opportunities for impostors in PKI systems. [0010]
  • Another way for digital identities to be compromised is for an impostor to somehow get a copy of the private key that is associated with the public key embedded in a certificate, thus invalidating an assumption that only the person or organization to which the certificate is issued has access to the (secret) private key. Anyone with both the certificate (which is meant to be public information, freely exchanged with anyone) and the associated private key (which is meant to be secret) can impersonate someone else and compromise the security and integrity of an information system dependent on the valid use of a certificate and associated private key. [0011]
  • Most systems, therefore, secure the private key such that the user must authenticate before the private key can be used for any task. Many such systems require a password (“something you know”) or a smartcard (“something you have”) or both. Some systems provide additional security by putting the private key on a smartcard that is resistant to tampering or copying. However, smart cards may be lost, damaged, or stolen. Passwords may be forgotten or guessed. These concerns are part of what is called in the field “the last-meter problem”, the problem of making sure that an otherwise secure system isn't compromised by a failure to correctly authenticate the person using (and usually physically adjacent to) some part of the system. The last-meter problem can present opportunities for impostors in PKI systems. [0012]
  • Accordingly, there is a need in the art for a system offering improved security for the certification process. Such a system would preferably be compatible with PKI systems. [0013]
  • SUMMARY OF THE INVENTION
  • In a first aspect, the present invention provides a digital certificate for use in a public key infrastructure, said certificate comprising a public key field comprising a public key; and a biometric certificate field comprising biometric data; wherein said public key and said biometric data are associated with a same entity. [0014]
  • In some embodiments, said biometric data comprises processed biometric data. The processed biometric data may include a biometric template. Alternatively, or in addition, said biometric data may comprise a hash value in some embodiments of the invention. [0015]
  • In other embodiments, said biometric data comprises a raw biometric data sample. [0016]
  • In one embodiment, said certificate is an X.509 certificate comprising private extensions, wherein said private extensions comprise said biometric information. In one embodiment, said biometric information comprises a biometric template. In other embodiments, said biometric information comprises a hash value. [0017]
  • In another embodiment, said certificate is an X.509 certificate associated with an X.509attribute certificate containing said biometric information. In one embodiment, said biometric information comprises a biometric template. In other embodiments, said biometric information comprises a hash value. [0018]
  • In some embodiments, said biometric data is based on a biometric data sample. The biometric data sample may comprise a fingerprint scan, a facial image, an iris scan, a voice recording, or combinations thereof. [0019]
  • In another aspect of the present invention, a method is provided for generating a biometrically enhanced certificate comprising obtaining a biometric data sample, processing said biometric data sample to yield processed biometric information, generating biometric certificate fields utilizing said compressed biometric information, and submitting certificate information including said biometric certificate fields to at least one third-party authority. [0020]
  • Some embodiments of the method further comprise generating a public/private key pair. Other embodiments further comprise receiving a signed certificate. [0021]
  • In some embodiments, processing a biometric data sample comprises applying a hash function to said biometric data sample and said processed biometric data comprises a hash value. In other embodiments, said processing comprises extracting a biometric template from said biometric data sample. In still other embodiments, said processing further comprises encrypting said biometric template with said public key. [0022]
  • In some embodiments, generating biometric certificate fields comprises generating private extensions for an X.509 identity certificate, wherein said private extensions comprise processed biometric data. In other embodiments, said generating biometric certificate fields comprises generating an attribute certificate corresponding to an X.509 base certificate, wherein said attribute certificate comprises processed biometric data. [0023]
  • In still more embodiments, the certificate provided by the method is a digital biometrically enhanced certificate comprising a public key field comprising a public key, a biometric certificate field comprising scan sampled biometric data including processed biometric data, a biometric template, and a hash value; wherein said public key and said biometric data are associated with a same entity, said certificate is an X.509 certificate comprising private extensions, said private extensions comprise said biometric information, and said biometric data sample comprises a biometric data sample selected from the group consisting of a fingerprint scan, a facial image, an iris scan, a retinal scan, a voice recording, a DNA sample, a saliva sample, and combinations thereof. [0024]
  • In yet another aspect of the present invention, a computer program product for use in conjunction with a computer system having at least one processor and a memory coupled to the processor is provided, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism, comprising a program module that directs the computer to function in a specified manner to generate a biometrically enhanced certificate, the program module including instructions for obtaining a biometric data sample, processing said biometric data sample to yield processed biometric information, generating biometric certificate fields utilizing said compressed biometric information, submitting certificate information including said biometric certificate fields to at least one third-party authority, and receiving a signed certificate. [0025]
  • In some embodiments, the program module further includes instructions for generating a public/private key pair. [0026]
  • In other embodiments, the program module further includes instructions for applying a hash function to said biometric data sample and said processed biometric data comprises a hash value. In still other embodiments, the program module further includes instructions for extracting a biometric template from said biometric data sample. In yet other embodiments, the program module further including instructions for encrypting said biometric template with said public key. [0027]
  • In some embodiments, the instructions for generating biometric certificate fields comprise instructions for generating private extensions for an X.509 base certificate, wherein said private extensions comprise processed biometric data. In other embodiments, said instructions for generating biometric certificate fields comprise instructions for generating an attribute certificate corresponding to an X.509 base certificate, wherein said attribute certificate comprises processed biometric data. [0028]
  • In yet another aspect of the present invention, a digital certificate for use in a public key infrastructure is provided, said certificate comprising a public key field comprising a public key, a biometric certificate field comprising scan sampled biometric data including processed biometric data, a biometric template, and a hash value, wherein said public key and said biometric data are associated with a same entity, said certificate is an X.509 certificate comprising private extensions, and wherein said private extensions comprise said biometric information, and said biometric data sample comprises a biometric data sample selected from the group consisting of a fingerprint scan, a facial image, an iris scan, a retinal scan, a voice recording, a DNA sample, a saliva sample, and combinations thereof.[0029]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention may be better understood, and its features and advantages made apparent to those skilled in the art by referencing the accompanying drawings. [0030]
  • FIG. 1 is a schematic depiction of a general structure for an embodiment of a standard X.509 certificate. [0031]
  • FIG. 2 is a schematic depiction of an embodiment of a biometrically enhanced certificate according to the present invention comprising an X.509 identity certificate having private extensions comprising biometric certificate fields. [0032]
  • FIG. 3 is a schematic depiction of an embodiment of a biometrically enhanced certificate according to the present invention comprising an X.509 attribute certificate. [0033]
  • FIG. 4 is a schematic overview of a method for creating a biometrically enhanced certificate, according to an embodiment of the present invention. [0034]
  • FIG. 5 is a schematic illustration of a method for creating a biometrically enhanced certificate embodied as an X.509 identity certificate comprising private extensions comprising biometric certificate fields, according to an embodiment of the present invention. [0035]
  • FIG. 6 is a schematic illustration of a method for creating a biometrically enhanced certificate comprising an X.509 attribute certificate, according to an embodiment of the present invention.[0036]
  • DETAILED DESCRIPTION OF THE EMBODIMENTS
  • The present invention provides certificates or other data structure or data item for use in public key infrastructures. It also provides methods for making and using such certificates as well as computer program and computer program product for making and using such certificates. [0037]
  • By ‘public key infrastructure’ (PKI), herein is meant generally any security system employing public key algorithms—with X.509 being one specific embodiment of a PKI. Public key algorithms, as used herein, generally refers to any algorithm utilizing a public-private key pair wherein two keys are stored in separate locations. That is, generally, in a transaction involving a receiving party and a transmitting party, a private key is known to the transmitting party but not the receiving party, while a public key is known to both parties. By ‘key’ herein is meant data—typically in the form of a code, or string of digits—utilized in a cryptographic procedure. Thus, some embodiments of the present invention are intended for use in a PKI system where a private key (known only to a transmitting party), is utilized to encrypt a message, and a corresponding public key (known to both parties), is utilized to decrypt the message. In other embodiments, a private key is used to decrypt while a public key is used to encrypt a message. [0038]
  • Briefly, the present invention utilizes a combination of biometrics and PKI to address the known weaknesses of existing authentication systems, bridging the “last meter” between secured systems and their users. Accordingly, the present invention provides biometrically enhanced certificates or other data structure or data item containing biometric information, by adding fields containing biometric information derived from a user to a conventional Public Key Certificate (also referred to herein as an ‘ID Certificate’ or ‘Identity Certificate’). Requirements for a suitable identity certificate are generally only that the identity certificate contain a public key usable in a public key infrastructure. The identity certificate generally links a key pair with an identity—for example, a name, address, corporate identification, organization identifier, or the like. Other fields in an identity certificate will be determined by the particular protocol and system used. One example of an embodiment of an X.509 identity certificate is shown in FIG. 1 and is discussed above. A biometrically enhanced certificate, therefore, provides a digital identity that is superior to a typical digital certificate because it binds a public key not just to a name, but to a physical property or properties of the person who is the subject of the certificate. [0039]
  • Biometrically enhanced certificates, then, comprise biometric information derived or obtained from a raw biometric data sample. A raw biometric data sample refers to a set of data generated by a sampling event or other acquisition. The type and structure of a raw biometric data sample will generally be dependent on the type of biometric sensor or acquisition device used to take the biometric data sample, and the data collection mechanisms. Suitable raw biometric data samples include fingerprint scans, voice samples, facial images, signature images, iris scans, and retinal scans. Generally, any dataset that provides a unique ‘who you are’ measure of a user can be used—including all or portions of a genetic sequence, for example. A wide array of technologies are available to provide biometric data verification including fingerprint, voice, face, signature, iris, retina verification, and other biometric technologies. [0040]
  • In some embodiments of the invention, more than one kind of biometric within one biometrically enhanced certificate (a fingerprint scan as well as a voice sample, for example) is sampled. In embodiments where a plurality of biometrics are sampled (either two types of biometric, or two samples of a same biometric, such as two fingerprint scans), a plurality of biometric certificate fields may be generated, as described further below. Further, biometric fields may be combined with conventional fields containing biographical information such as name, address, and the like. [0041]
  • In embodiments of the present invention, a raw biometric data sample itself may be utilized in a biometric certificate field. However, it is undesirable to make a biometric data sample public—or to allow insecure access, or increase a risk of insecure access, to a biometric data sample. Accordingly, biometric data samples can be processed, yielding processed biometric information, or processed biometric data, as used herein. This processed biometric data may also referred to in the art as a ‘biometric template’, discussed further below. [0042]
  • Processed biometric information generally refers to biometric data derived from one or more raw biometric data samples. In one embodiment, processed biometric information is generally more compact than a raw biometric data sample. In other embodiments, processed biometric information refers to a unique identifier of a biometric data sample that cannot be utilized to reconstruct the biometric data sample. In still other embodiments, processed biometric information is both more compact than the original sample and uniquely identifies the sample while it cannot be used to reconstruct the sample. In other embodiments, processed biometric information is encrypted raw biometric data. [0043]
  • Accordingly, in preferred embodiments of the present invention, processed biometric information utilized in a biometric certificate field includes a biometric template, which generally refers to a distillation of unique characteristics of a biometric data sample, produced by a known biometric algorithm. For example, a fingerprint template may contain a list of minutiae points detected in a fingerprint image. Other template-generating algorithms are known in the art for fingerprint templates, and for other biometrics, as is described, for example, in A. K. Jain, L. Hong, S. Pankanti and R. Bolle, “An Identity Authentication System Using Fingerprints”, Proc. IEEE Vol. 85, No. 9, pp. 1365-1388, 1997; and D. Maio, D. Maltoni, “Direct Gray-scale Minutiae Detection in Fingerprints”,IEEE Trans. On Pattern Analysis and Machine Intelligence, Vol. 19, No. 1, pp. 27-40, 1997, both of which are hereby incorporated by reference. Templates are advantageously but optionally encrypted—using either a public or private key—prior to their inclusion in a biometrically enhanced certificate. In some embodiments, the biometric template is encrypted with the user's public key and put in a certificate Encrypted Template field. Since an encrypted template field is encrypted with the user's public key, it can only be decrypted with the user's corresponding private key, thus making it only accessible by or on behalf of the user. In other embodiments, a biometric template is encrypted with a trusted server's public key and put in a certificate's Encrypted Template field. Since this field is encrypted with the server's public key, it can only be decrypted with the server's corresponding private key, thus making it only accessible by the trusted server. In another embodiment, two biometric certificate fields are created from one raw biometric data sample—one comprising a biometric template encrypted with a user's public key, and another comprising a biometric template encrypted with a server's public key. [0044]
  • In other preferred embodiments of the present invention, processed biometric information utilized in a biometric certificate field include a hash value, computed by a hash function. In these embodiments, a biometric sample is acquired and processed by a hash function such as MD5, discussed in Rivest, R., “The MD5 Message-Digest Algorithm,” RFC 1321, April 1992, hereby incorporated by reference, or SHA-1, defined in “Secure Hash Standard,” Federal Information Processing Standards Publication 180-1, April 1995, hereby incorporated by reference. The hash function computes a hash value of the user's biometric sample, which is put in the certificate's Biometric Hash Value field. A preferred embodiment utilizes SHA-1 to compute biometric hash values. In preferred embodiments, the original, raw, biometric data sample is stored in a secure reference database, but this is not required. [0045]
  • A hash value cannot be utilized to reconstruct the original biometric data sample, but is unique to the sample; therefore, the hash value can be made public, such as by embedding within a digital certificate. If a biometric sample is successfully matched against the original biometric sample stored in a secure reference database, and the hash value of this original sample is identical with the value of this field, it is proven that the biometrically enhanced certificate was indeed created for that user. That is, in order to later prove (as in the case of repudiation of a transaction, described further below), that a particular biometric data sample was in fact utilized to generate a certain biometrically enhanced certificate, a hash value for that biometric data sample is generated and compared with the hash value contained in the biometrically enhanced certificate. The hash values will match if the biometric data sample in question was used in preparation of the biometrically enhanced certificate. Matching a subsequent biometric data sample taken from a user to the stored biometric sample utilized to generate the biometrically enhanced certificate verifies that the biometrically enhanced certificate was created for the user whose subsequent biometric data sample was taken. [0046]
  • Other embodiments of the invention provide biometrically enhanced certificates comprising a hash value and a biometric template. [0047]
  • Further, it is desirable for servers (or other devices receiving a biometrically enhanced certificate) to receive an indication of a trust level for an original enrollment of biometric data. Under certain circumstances, it may be possible for imposters during enrollment to substitute their own biometric data for that of the certificate's intended owner, thereby causing a breach in the integrity of the biometrically enhanced certificate. Therefore, it is advantageous for embodiments of the present invention to provide biometrically enhanced certificates with an optional enrollment field providing an indication of the trustworthiness of a particular enrollment process. That is, biometric data that was enrolled in a less secure manner will generally receive a lower trust level, while more secure enrollment procedures will receive a higher trust level. The enrollment field, then, allows recipients of the biometrically enhanced certificate to allow access or authenticate users based on not only a biometric data match, but also a biometric data match made at or above a certain trust level. While ascertaining and acting on a trust level in an enrollment process is discussed here, related methods and systems for determining confidence or trust levels in a transaction are discussed in U.S. application Ser. No. 10/___,___, filed ______, entitled “Method And System For Determining Confidence in a Digital Transaction” (Attorney Docket No. A-70779/RMA/JML), hereby incorporated by reference. [0048]
  • Accordingly, enrollment field, as used herein, refers to a certificate field containing information on how a user was enrolled. A measure of the overall reliability and trustworthiness of the biometrically enhanced certificate is provided by the enrollment method. Hence to be able to judge the trustworthiness of the biometrically enhanced certificate, an enrollment field contains information on how the user was enrolled. The enrollment method is generally represented as a symbolic value within the field corresponding to the actual enrollment method used. The following is a subset of possible enrollment methods: [0049]
  • Self-enrollment. A user enrolls using a computer which is wireline connected to the Internet, or with his wireless device (such as a personal digital assistant (PDA) or cellular phone) with a wireless Internet connection or wireless PC connection, such as 802.11. This represents the least secure method of this subset, and would receive the ‘lowest’trust value. [0050]
  • Self-enrollment using an enrollment secret. In this case, as above, a user enrolls using a device connected via a wireline or wireless Internet or PC connection to the Internet. However, in order to successfully complete the enrollment process the user has received a secret (e.g. a PIN, password, or other secret information) from a trusted source (for example from the user's bank) over a different channel (for example, via postal mail, e-mail, or the like). This is a basic method of enrollment for ensuring a level of trust and confirms the enrollment secret was received. Accordingly, this ‘secret’ enrollment method would receive a higher trust level than basic self-enrollment above, but a lower trust level than methods in this subset discussed below. [0051]
  • Self-enrollment using smart cards or SIM cards. In this case, as above, a user enrolls using a device connected via a wireline or wireless Internet or PC connection to the Internet or server device. However, in this case a pre-configured smart card or SIM card is used to establish additional trust in the enrollment process and the data provided by the user. Accordingly, this ‘smart card’ method would receive a higher level of trust than methods in the subset discussed above, but a lower level than methods discussed below. The smart card or SIM card may advantageously comprise a write-only memory where the required enrollment data is stored, increasing the trust level of this method. [0052]
  • Face-to-face enrollment. In this method, enrollment is performed by a trusted human representative such as an employee in a bank branch, notary public, government official, or other trusted person. The user's documentation is reviewed and verified. This is the strongest level of trust presented in this subset, and would receive the highest trust value of the subset. [0053]
  • Specific trust level values depend on the system deployed. In some cases, it may be advantageous to have one or more enrollment methods receive the same trust level—even if one is theoretically more or less secure than another. For example, in one embodiment, a smart card enrollment process, a ‘secret’ enrollment process, and a basic self-enrollment process receive a first base trust level, and face-to-face enrollment receives a higher trust level. In this manner, a system can support many enrollment procedures, but a simplified trust tier. In other embodiments, a higher trust level may be given to enrollment processes which are theoretically less secure than those given a lower trust level—for example if an institution wants to encourage use of a particular enrollment process despite its lower security level. [0054]
  • Specific embodiments of biometrically enhanced certificates are discussed below with regard to an X.509 standard. The X.509 standard is utilized here to illustrate and exemplify the invention, and is not intended to limit the practice of the invention to a single protocol. [0055]
  • A preferred embodiment of a biometrically enhanced certificate builds on X.509 digital certificates (see Housley, R., “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” RFC 2459, January 1999, and ITU-T Recommendation X.509 (1997 E): Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, June 1997, both of which are hereby incorporated by reference), and can be understood generally as having two components: (1) standard fields of an X.509 Identity Certificate or Attribute Certificate depending on the chosen method of implementation; and (2) additional biometric certificate fields which link the certificate to its human referent by the biometric information contained in those fields. [0056]
  • The implementation of additional biometric-related information can take the form of X.509 private extensions, or an X.509 Attribute Certificate. In other embodiments where X.509 is not the chosen PKI system, biometric-related information would be added to the certificate in a manner compatible with the chosen PKI system. [0057]
  • A standard X.509 certificate, or ‘identity certificate’, is discussed above with reference to FIG. 1. It is noted that FIG. 1 represents one embodiment of an identity certificate including some optional fields. In some embodiments, not all fields shown in FIG. 1 are present in the identity certificate. In other embodiments, other fields not shown in FIG. 1 are present. biometrically enhanced certificates according to preferred X.509 embodiments of the present invention generally fall into two groups: X.509 certificates with private extensions and X.509certificates with attribute certificates. These groups are intended to demonstrate two potential embodiments of the present invention. Those skilled in the art will readily recognize that biometric data may similarly be incorporated into certificates according to other protocols. Further, in some cases a certificate may have attributes of both the groups described below that is comprise both private extensions and attribute certificates. [0058]
  • Accordingly, one embodiment of the present invention provides biometrically enhanced certificates comprising an X.509 certificate with private extensions. The ability to add data elements to an X.509 certificate is described in ITU-T Recommendation X.509 (1997E): Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, June 1997, incorporated herein by reference. These added data elements, called private extensions, can be identified as critical or non-critical depending on whether applications are required to work with the extensions or if they may be allowed to ignore the extensions. In some preferred embodiments of the present invention, biometric certificate fields are identified as critical. In other preferred embodiments, some or all biometric certificate fields are identified as non-critical. [0059]
  • FIG. 2 depicts a schematic illustration of biometrically enhanced [0060] certificate 113 that comprises private extensions 111 that add biometric information to a standard X.509 identity certificate. For example, private extensions 111 may include biometric hash value field 115, one or more encrypted biometric template fields, such as encrypted template fields 116 and 117 (where template field 116 comprises template data encrypted with a user's public key, and template field 117 comprises template data encrypted with a server's public key, as discussed above), and an enrollment type field 118, which indicates a trust level for the enrollment of biometric information. Hash values templates, and enrollment types are discussed further above. The collection of biometric certificate fields shown in FIG. 2 is one embodiment of such a collection of fields. Some or all of the fields may be unnecessary in other embodiments. The biometric related fields added as private extensions may be marked as critical or non-critical depending on the specific requirements envisaged for a biometrically enhanced certificate system. In a preferred embodiment, all fields containing biometric information (either the raw biometric data or the biometric template) are identified as critical.
  • In another embodiment of the present invention, biometric information is provided as an X.509 attribute certificate. As defined in the relevant standards, an Attribute Certificate is very similar to a standard identity certificate with the main difference that an Attribute Certificate does not include the public key of the owner (as identity certificates do). Instead, an Attribute Certificate is uniquely linked to an identity certificate, which is then referred to as a base certificate. In addition, an Attribute Certificate is signed by an Attribute Authority that does not need to be the same entity as the Certificate Authority that signed the base certificate. FIG. 3 schematically depicts [0061] Attribute Certificate 114 containing biometric related fields—such as biometric hash value field 115, encrypted template fields 116 and 117, and enrollment field 118. Attribute certificate 114 further may include a variety of other fields—including version field 102, holder field 123, certificate issuer field 105, algorithm identifier field 104, and certificate serial number field 103. FIG. 3 also depicts base certificate 101 with which Attribute Certificate 114 is associated. The base and attribute certificates are associated through one or more fields. In a preferred embodiment the base and attribute certificates are associated, as defined in X.509, by the attribute certificate's Holder field 123 which contains either the issuer and serial number 103 or entity name 107 of the base certificate 101, or both.
  • In some embodiments, a single biometrically enhanced certificate represents a plurality of identities, or users. That is, a single biometrically enhanced certificate may include biometric data associated with more than one person or entity. In these embodiments biometric fields [0062] 115-118 are repeated for each shared owner of the biometrically enhanced certificate, as appropriate. An additional Number field may be included indicating the number of shared owners.
  • A biometrically enhanced certificate may have, but is not required to have, all fields discussed above. Additionally, those skilled in the art will readily identify other potential field types containing biometric data. Any one or more of the above described fields added to a certificate constitutes a biometrically enhanced certificate. [0063]
  • The present invention further provides methods for creating biometrically enhanced certificates. The methods are generally similar to those for creating a normal digital certificate with additional steps for acquiring and handling biometric information. The specific process is dependent on the chosen implementation of the biometrically enhanced certificate, such as X.509. [0064]
  • FIG. 4 generally depicts methods for creating biometrically enhanced certificates as provided by embodiments of the present invention. Briefly, the fields for a standard identity certificate are generated in step [0065] 500. As discussed above, an identity certificate is generally any certificate suitable for use in a PKI system, and comprises a public key. Accordingly, identity certificate 500 comprises standard certificate fields 510 and a public key field 520. A raw biometric data sample is obtained in step 530. As discussed above, the biometric data sample is obtained through any of a wide variety of biometric sensors—including a fingerprint sensor, a camera for facial imaging, a microphone for voice records, etc. In some embodiments, all or portions of the raw biometric data are included in a biometric certificate field. The raw biometric data sample may then processed for use in a biometric certificate field. In preferred embodiments, the processing comprises hashing the sample, as in step 540, or extracting one or more biometric templates, as in step 550. As discussed above, in some embodiments of the present invention a hash function is used to process the data sample and one or more templates are extracted from the sample. Further, in some embodiments, a plurality of samples are obtained and processed.
  • Biometric templates may then be encrypted for use in a biometric certificate field, in [0066] step 560. Preferred embodiments of this encrypting step utilize public key 520 to encrypt the biometric template. In other embodiments, a different key or procedure is used to encrypt the biometric template. Further, a template may be encrypted a plurality of times—each with a different key—for use in a plurality of biometric certificate fields. The hashed biometric is then included in hashed biometric certificate field 570. An encrypted template is included in encrypted biometric template certificate field 580. Other extensions 590 may be included in final biometrically enhanced certificate 595.
  • In one embodiment, a method for creating a biometrically enhanced certificate embodied as an X.509 Certificate with Private Extensions is provided. Such a method is schematically illustrated in FIG. 5. An [0067] enrollment station 119, such as a PDA, mobile phone, personal computer, or other computing device with an associated biometric sensor, such as a microphone or fingerprint sensor, executes a program which collects a raw biometric data sample in step 200. For example, in this step, a potential user may swipe a finger across a fingerprint sensor, have an image of the user's face recorded, or the like, as discussed above.
  • The raw biometric data sample is then processed with a biometric algorithm specific to the type of biometric sensor used and a biometric template is generated in [0068] step 201. In a preferred embodiment, the sensor is a fingerprint sensor and the algorithm is a fingerprint minutiae extraction algorithm. Alternatively or in addition, a hash function could be applied to the biometric data sample in step 201, generating a has value for use in a biometric certificate field.
  • In step [0069] 202, the program collects any required additional user information such as user name, for entry into field 107 of identity certificate 101. In other embodiments, further user information may be collected at this step. In still other embodiments, step 202 is not required if no further information is needed. A public/private key pair is generated in step 203. In a preferred embodiment, the key pair is generated using the RSA public-key cipher, defined in U.S. Pat. No. 4,405,829 “Cryptographic Communications System and Method (‘RSA’)”, hereby incorporated by reference, but others methods such as elliptic curve ciphers may also be used, such as is set forth in Menezes, A., Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, 1993, hereby incorporated by reference.
  • The biometric certificate fields ([0070] 115-118) are then prepared in step 204 from one or more biometric samples and any biometric templates according to the above definitions of those fields. The collected information, including biometric and non-biometric user information, is sent in step 205 along with the generated public key to Registration Authority (RA) 120. The RA assembles the biometric and non-biometric user information into a certificate request, as known in the art. In a preferred embodiment the certificate request is in the PKCS#10 format defined in Nystrom, M. and Kaliski, B., “PKCS #10: Certification Request Syntax Specification Version 1.7,” RFC 2986, November 2000, hereby incorporated by reference.
  • In [0071] step 207, RA 120 submits the certificate request to certificate authority (CA) 121 for signature. CA 121 signs the certificate in step 208 and returns an X.509 certificate with biometric fields (a biometrically enhanced certificate) having a structure generally known in the art—see, for example, ITU-T Recommendation X.509 (1997 E): Information Technology Open Systems Interconnection—The Directory: Authentication Framework, June 1997, hereby incorporated by reference.
  • [0072] CA 121 returns the certificate to RA 120 in step 209. CA 121 may also store a copy of the certificate, or transmit copies to other entities, but does not do so in a preferred embodiment. RA 120 returns the certificate to the enrollment station in step 210. RA 120 may also store a copy of the certificate, or transmit copies to other entities. In a preferred embodiment, RA 120 stores the certificates in a database.
  • [0073] Enrollment station 119 stores the certificate with the public/private key pair, in step 211 leaving a biometrically enhanced certificate within station 119.
  • In other embodiments of the present invention, methods are provided for creating a biometrically enhanced certificate based on a base identity certificate and at least one attribute certificate. In the below described embodiment, it is assumed that the user already has an X.509 identity certificate and associated public/private key pair, as discussed above. [0074]
  • Referring to FIG. 6, which schematically depicts a process for creating a biometrically enhanced certificate comprising a base certificate and an attribute certificate, an [0075] enrollment station 119, such as a PDA, mobile phone, personal computer, or other computing device with an associated biometric sensor, such as a microphone or fingerprint sensor, executes a program, as above, which collects a biometric sample from a user in step 250.
  • The biometric sample is then processed with the biometric algorithm, as above, specific to the type of biometric sensor used and a biometric template is generated in [0076] step 251. In a preferred embodiment, the sensor is a fingerprint sensor and the algorithm is a fingerprint minutiae extraction algorithm.
  • The biometric-related fields ([0077] 115-118) are then prepared in step 252 from the raw biometric sample and biometric template according to the above definitions of those fields. The type of enrollment is known by the enrollment station and is readily available for inclusion in an enrollment field. The collected biometric information is put in an attribute certificate request, an appropriately-specified data structure such as an extensible markup language (XML) structure, in step 253. Also included is the content of the “Certificate Serial Number” 103 and/or the “Subject Name” 107 fields from the user's existing base certificate. In other embodiments, other or different linking fields from the base certificate are included.
  • The attribute certificate request structure is signed in [0078] step 254 with the user's private key associated with the base certificate. The signed attribute certificate request is sent in step 255 to an Attribute Authority (AA) for signature. The AA signs the attribute certificate in step 256 and returns the certificate to the enrollment station in step 257. The RA may also store a copy of the certificate, or transmit copies to other entities. In a preferred embodiment, the RA stores the certificates in a database.
  • The enrollment station stores the certificate with the base certificate in [0079] step 258, thus completing the process of creating a biometrically enhanced certificate.
  • The methods, certificates, and systems of the present invention find use in a variety of applications. A first general use of biometrically enhanced certificates is that of authentication. That is, a biometrically enhanced certificate may be used to assert and prove an identity. For example, in an embodiment in which a biometrically enhanced certificate includes [0080] template 117 encrypted with the public key of a server, that server may decrypt template 117 with its private key and compare it to a template extracted from biometric sample data collected from a user requesting authentication, thus enabling that user to, for example, log in to a secure web site or other system.
  • In an embodiment in which a biometrically enhanced certificate includes template [0081] 116 encrypted with the public key of a user, the system may require the user to provide a password releasing his private key, which would then be used to decrypt the template for comparison to a template extracted from biometric sample data collected from the user, thus enabling a two-factor “what you know” and “what you are” authentication, which might allow a user to, for example, sign a purchase order.
  • Biometrically enhanced certificates may also be used for authorization—that is, determining what a particular user is allowed to do or see. That is, a server or other device receiving a biometrically enhanced certificate may correlate the biometrically enhanced certificate information with specific information that someone sending that biometrically enhanced certificate may access—including, but not limited to—financial information including bank accounts, balances, credit histories, stock information; purchase information including prices, inventories, transactions, histories; a vote; or a document request. [0082]
  • Biometrically enhanced certificates may further be used for non-repudiation—that is, creating a record of an activity that will not later be refuted or altered. For example, in an embodiment in which a biometrically enhanced certificate includes [0083] biometric hash value 115, the hash value of the original biometric sample or template taken at the time of enrollment and creation of the biometrically enhanced certificate may be used to prove the authenticity of a purported biometric sample when that biometric sample is compared to a biometric sample or template collected at the time of a particular transaction being repudiated, in order to prove that the person who enrolled is the same person who was authenticated for the transaction being repudiated.
  • The invention may advantageously implement the methods and procedures described herein on a general purpose or special purpose computing device, such as a device having a processor for executing computer program code instructions and a memory coupled to the processor for storing data and/or commands. It will be appreciated that the computing device may be a single computer or a plurality of networked computers and that the several procedures associated with implementing the methods and procedures described herein may be implemented on one or a plurality of computing devices. In some embodiments the inventive procedures and methods are implemented on standard server-client network infrastructures with the inventive features added on top of such infrastructure or compatible therewith. [0084]
  • The foregoing descriptions of specific embodiments and best mode of the present invention have been presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed, and obviously many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application, to thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the claims appended hereto and their equivalents. [0085]

Claims (33)

We claim:
1. A digital certificate for use in a public key infrastructure, said certificate comprising:
a public key field comprising a public key; and
a biometric certificate field comprising biometric data; wherein said public key and said biometric data are associated with a same entity.
2. A certificate according to claim 1, wherein said biometric data comprises processed biometric data.
3. A certificate according to claim 2, wherein said biometric data comprises a biometric template.
4. A certificate according to claim 2, wherein said biometric data comprises a hash value.
5. A certificate according to claim 1, wherein said biometric data comprises a raw biometric data sample.
6. A certificate according to claim 1, wherein said certificate is an X.509 certificate comprising private extensions, and wherein said private extensions comprise said biometric information.
7. A certificate according to claim 1, wherein said certificate is an X.509 certificate associated with an X.509 attribute certificate containing said biometric information.
8. A certificate according to claim 6, wherein said biometric information comprises a biometric template.
9. A certificate according claim 7, wherein said biometric information comprises a biometric template.
10. A certificate according to claim 6, wherein said biometric information comprises a hash value.
11. A certificate according to claim 7, wherein said biometric information comprises a hash value.
12. A certificate according to claim 1, wherein said biometric data is based on a biometric data sample.
13. A certificate according to claim 12, wherein said biometric data sample comprises a fingerprint scan.
14. A certificate according to claim 12, wherein said biometric data sample comprises a facial image.
15. A certificate according to claim 12, wherein said biometric data sample comprises an iris scan.
16. A certificate according to claim 12, wherein said biometric data sample comprises a voice recording.
17. A method for generating a biometrically enhanced certificate comprising:
obtaining a biometric data sample;
processing said biometric data sample to yield processed biometric information;
generating biometric certificate fields utilizing said compressed biometric information; and
submitting certificate information including said biometric certificate fields to at least one third-party authority.
18. A method according to claim 17, further comprising:
generating a public/private key pair.
19. A method according to claim 17, wherein said processing comprises applying a hash function to said biometric data sample and said processed biometric data comprises a hash value.
20. A method according to claim 17, wherein said processing comprises extracting a biometric template from said biometric data sample.
21. A method according to claim 20, wherein said processing further comprises encrypting said biometric template with said public key.
22. A method according to claim 17, wherein said generating biometric certificate fields comprises generating private extensions for an X.509 identity certificate, wherein said private extensions comprise processed biometric data.
23. A method according to claim 17, wherein said generating biometric certificate fields comprises generating an attribute certificate corresponding to an X.509 base certificate, wherein said attribute certificate comprises processed biometric data.
24. A method according to claim 17, further comprising receiving a signed certificate.
25. A computer program product for use in conjunction with a computer system having at least one processor and a memory coupled to the processor, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism, comprising:
a program module that directs the computer to function in a specified manner to generate a biometrically enhanced certificate, the program module including instructions for:
obtaining a biometric data sample;
processing said biometric data sample to yield processed biometric information;
generating biometric certificate fields utilizing said compressed biometric information;
submitting certificate information including said biometric certificate fields to at least one third-party authority; and
receiving a signed certificate.
26. A computer program product according to claim 25, wherein the program module further including instructions for:
generating a public/private key pair.
27. A computer program product according to claim 25, wherein the program module further including instructions for applying a hash function to said biometric data sample and said processed biometric data comprises a hash value.
28. A computer program product according to claim 25, wherein the program module further including instructions for extracting a biometric template from said biometric data sample.
29. A computer program product according to claim 25, wherein the program module further including instructions for encrypting said biometric template with said public key.
30. A computer program product according to claim 25, wherein the instructions for generating biometric certificate fields comprises instructions for generating private extensions for an X.509 base certificate, wherein said private extensions comprise processed biometric data.
31. A computer program product according to claim 25, wherein said instructions for generating biometric certificate fields comprises instructions for generating an attribute certificate corresponding to an X.509 base certificate, wherein said attribute certificate comprises processed biometric data.
32. A digital certificate for use in a public key infrastructure, said certificate comprising:
a public key field comprising a public key;
a biometric certificate field comprising scan sampled biometric data including processed biometric data, a biometric template, and a hash value; wherein said public key and said biometric data are associated with a same entity;
said certificate is an X.509 certificate comprising private extensions, and wherein said private extensions comprise said biometric information; and
said biometric data sample comprises a biometric data sample selected from the group consisting of a fingerprint scan, a facial image, an iris scan, a retinal scan, a voice recording, a DNA sample, a saliva sample, and combinations thereof.
33. A method for generating a biometrically enhanced certificate according to claim 17, wherein the biometrically enhanced certificate comprises a digital biometrically enhanced certificate for use in a public key infrastructure comprising:
a public key field comprising a public key;
a biometric certificate field comprising scan sampled biometric data including processed biometric data, a biometric template, and a hash value; wherein said public key and said biometric data are associated with a same entity;
said certificate is an X.509 certificate comprising private extensions, and wherein said private extensions comprise said biometric information; and
said biometric data sample comprises a biometric data sample selected from the group consisting of a fingerprint scan, a facial image, an iris scan, a retinal scan, a voice recording, a DNA sample, a saliva sample, and combinations thereof.
US10/194,444 2001-07-12 2002-07-12 Biometrically enhanced digital certificates and system and method for making and using Abandoned US20030115475A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/194,444 US20030115475A1 (en) 2001-07-12 2002-07-12 Biometrically enhanced digital certificates and system and method for making and using

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US30512001P 2001-07-12 2001-07-12
US9955402A 2002-03-13 2002-03-13
US10/099,558 US20030021495A1 (en) 2001-07-12 2002-03-13 Fingerprint biometric capture device and method with integrated on-chip data buffering
US10/194,444 US20030115475A1 (en) 2001-07-12 2002-07-12 Biometrically enhanced digital certificates and system and method for making and using

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
US9955402A Continuation-In-Part 2001-07-12 2002-03-13
US10/099,558 Continuation-In-Part US20030021495A1 (en) 2001-07-12 2002-03-13 Fingerprint biometric capture device and method with integrated on-chip data buffering

Publications (1)

Publication Number Publication Date
US20030115475A1 true US20030115475A1 (en) 2003-06-19

Family

ID=27378853

Family Applications (5)

Application Number Title Priority Date Filing Date
US10/194,959 Abandoned US20030101348A1 (en) 2001-07-12 2002-07-12 Method and system for determining confidence in a digital transaction
US10/194,994 Active 2024-09-28 US7197168B2 (en) 2001-07-12 2002-07-12 Method and system for biometric image assembly from multiple partial biometric frame scans
US10/194,444 Abandoned US20030115475A1 (en) 2001-07-12 2002-07-12 Biometrically enhanced digital certificates and system and method for making and using
US10/194,949 Abandoned US20030115490A1 (en) 2001-07-12 2002-07-12 Secure network and networked devices using biometrics
US11/707,624 Expired - Fee Related US7751595B2 (en) 2001-07-12 2007-02-16 Method and system for biometric image assembly from multiple partial biometric frame scans

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US10/194,959 Abandoned US20030101348A1 (en) 2001-07-12 2002-07-12 Method and system for determining confidence in a digital transaction
US10/194,994 Active 2024-09-28 US7197168B2 (en) 2001-07-12 2002-07-12 Method and system for biometric image assembly from multiple partial biometric frame scans

Family Applications After (2)

Application Number Title Priority Date Filing Date
US10/194,949 Abandoned US20030115490A1 (en) 2001-07-12 2002-07-12 Secure network and networked devices using biometrics
US11/707,624 Expired - Fee Related US7751595B2 (en) 2001-07-12 2007-02-16 Method and system for biometric image assembly from multiple partial biometric frame scans

Country Status (5)

Country Link
US (5) US20030101348A1 (en)
EP (1) EP1573426A4 (en)
JP (1) JP2005531935A (en)
AU (3) AU2002346107A1 (en)
WO (3) WO2003007127A2 (en)

Cited By (107)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030101348A1 (en) * 2001-07-12 2003-05-29 Russo Anthony P. Method and system for determining confidence in a digital transaction
US20030178320A1 (en) * 2001-03-14 2003-09-25 Applied Materials, Inc. Method and composition for polishing a substrate
US20030216045A1 (en) * 2001-12-21 2003-11-20 Applied Materials, Inc. Hydrogen bubble reduction on the cathode using double-cell designs
US20030223624A1 (en) * 2002-05-30 2003-12-04 Laurence Hamid Method and apparatus for hashing data
US20030234184A1 (en) * 2001-03-14 2003-12-25 Applied Materials, Inc. Method and composition for polishing a substrate
US20040054913A1 (en) * 2002-02-28 2004-03-18 West Mark Brian System and method for attaching un-forgeable biometric data to digital identity tokens and certificates, and validating the attached biometric data while validating digital identity tokens and certificates
US20040053499A1 (en) * 2001-03-14 2004-03-18 Applied Materials, Inc. Method and composition for polishing a substrate
US20040128502A1 (en) * 2002-12-30 2004-07-01 American Express Travel Related Services Company, Inc. Methods and apparatus for credential validation
US20040139329A1 (en) * 2002-08-06 2004-07-15 Abdallah David S. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US20040210763A1 (en) * 2002-11-06 2004-10-21 Systems Research & Development Confidential data sharing and anonymous entity resolution
US20050039016A1 (en) * 2003-08-12 2005-02-17 Selim Aissi Method for using trusted, hardware-based identity credentials in runtime package signature to secure mobile communications and high-value transaction execution
US20050044388A1 (en) * 2003-08-19 2005-02-24 Brant Gary E. Reprise encryption system for digital data
US20050056537A1 (en) * 2001-03-14 2005-03-17 Liang-Yuh Chen Planarization of substrates using electrochemical mechanical polishing
US20050218010A1 (en) * 2001-03-14 2005-10-06 Zhihong Wang Process and composition for conductive material removal by electrochemical mechanical polishing
US20050246763A1 (en) * 2004-03-25 2005-11-03 National University Of Ireland Secure digital content reproduction using biometrically derived hybrid encryption techniques
US20060006074A1 (en) * 2001-03-14 2006-01-12 Liu Feng Q Method and composition for polishing a substrate
US20060041507A1 (en) * 2004-08-13 2006-02-23 Sbc Knowledge Ventures L.P. Pluggable authentication for transaction tool management services
US20060095404A1 (en) * 2004-10-29 2006-05-04 The Go Daddy Group, Inc Presenting search engine results based on domain name related reputation
US20060095459A1 (en) * 2004-10-29 2006-05-04 Warren Adelman Publishing domain name related reputation in whois records
US20060102872A1 (en) * 2003-06-06 2006-05-18 Applied Materials, Inc. Method and composition for electrochemical mechanical polishing processing
US20060169597A1 (en) * 2001-03-14 2006-08-03 Applied Materials, Inc. Method and composition for polishing a substrate
US20060200487A1 (en) * 2004-10-29 2006-09-07 The Go Daddy Group, Inc. Domain name related reputation and secure certificates
US20060249394A1 (en) * 2005-05-05 2006-11-09 Applied Materials, Inc. Process and composition for electrochemical mechanical polishing
US20060249395A1 (en) * 2005-05-05 2006-11-09 Applied Material, Inc. Process and composition for electrochemical mechanical polishing
US20060282680A1 (en) * 2005-06-14 2006-12-14 Kuhlman Douglas A Method and apparatus for accessing digital data using biometric information
US20060282671A1 (en) * 2003-05-19 2006-12-14 Intellirad Solutions Pty Ltd Multi-parameter biometric authentication
US20070080778A1 (en) * 2005-10-11 2007-04-12 Newfrey Llc Door lock with protected biometric sensor
EP1777636A1 (en) * 2005-10-21 2007-04-25 Hewlett-Packard Development Company, L.P. A digital certificate that indicates a parameter of an associated cryptographic token
US20070198832A1 (en) * 2006-02-13 2007-08-23 Novack Brian M Methods and apparatus to certify digital signatures
US20070208869A1 (en) * 2004-10-29 2007-09-06 The Go Daddy Group, Inc. Digital identity registration
US20070208940A1 (en) * 2004-10-29 2007-09-06 The Go Daddy Group, Inc. Digital identity related reputation tracking and publishing
US20070226787A1 (en) * 2006-03-24 2007-09-27 Atmel Corporation Method and system for secure external TPM password generation and use
US20070226514A1 (en) * 2006-03-24 2007-09-27 Atmel Corporation Secure biometric processing system and method of use
WO2007112023A2 (en) * 2006-03-24 2007-10-04 Atmel Corporation Secure biometric processing system and method of use
US20070254485A1 (en) * 2006-04-28 2007-11-01 Daxin Mao Abrasive composition for electrochemical mechanical polishing
US20070294431A1 (en) * 2004-10-29 2007-12-20 The Go Daddy Group, Inc. Digital identity validation
US20070295611A1 (en) * 2001-12-21 2007-12-27 Liu Feng Q Method and composition for polishing a substrate
US20080022013A1 (en) * 2004-10-29 2008-01-24 The Go Daddy Group, Inc. Publishing domain name related reputation in whois records
US20080028443A1 (en) * 2004-10-29 2008-01-31 The Go Daddy Group, Inc. Domain name related reputation and secure certificates
US20080028100A1 (en) * 2004-10-29 2008-01-31 The Go Daddy Group, Inc. Tracking domain name related reputation
US20080065895A1 (en) * 2006-04-07 2008-03-13 Huawei Technologies Co., Ltd. Method and System for Implementing Authentication on Information Security
US20080114991A1 (en) * 2006-11-13 2008-05-15 International Business Machines Corporation Post-anonymous fuzzy comparisons without the use of pre-anonymization variants
US20080162943A1 (en) * 2006-12-28 2008-07-03 Ali Valiuddin Y Biometric security system and method
WO2008100757A3 (en) * 2007-02-16 2008-11-06 Tibco Software Inc Systems and methods for automating certification authority practices
US20080288291A1 (en) * 2007-05-16 2008-11-20 Silver Springs - Martin Luther School Digital Signature, Electronic Record Software and Method
US20090013191A1 (en) * 2007-07-05 2009-01-08 Honeywell International, Inc. Multisystem biometric token
US20090021349A1 (en) * 2007-07-19 2009-01-22 Stephen Errico Method to record and authenticate a participant's biometric identification of an event via a network
US20090164796A1 (en) * 2007-12-21 2009-06-25 Daon Holdings Limited Anonymous biometric tokens
US20090216904A1 (en) * 2004-10-29 2009-08-27 The Go Daddy Group, Inc. Method for Accessing Domain Name Related Reputation
US20090248623A1 (en) * 2007-05-09 2009-10-01 The Go Daddy Group, Inc. Accessing digital identity related reputation data
US7690032B1 (en) 2009-05-22 2010-03-30 Daon Holdings Limited Method and system for confirming the identity of a user
US20100100728A1 (en) * 2008-10-22 2010-04-22 Research In Motion Limited Method of handling a certification request
EP2180634A1 (en) 2008-10-22 2010-04-28 Research In Motion Limited Method of handling a certification request
US20100153722A1 (en) * 2008-12-11 2010-06-17 International Business Machines Corporation Method and system to prove identity of owner of an avatar in virtual world
US20100161664A1 (en) * 2008-12-22 2010-06-24 General Instrument Corporation Method and System of Authenticating the Identity of a User of a Public Computer Terminal
US20100241851A1 (en) * 2009-03-17 2010-09-23 Research In Motion Limited System and method for validating certificate issuance notification messages
US20100250953A1 (en) * 2006-08-17 2010-09-30 Hieronymus Watse Wiersma System And Method For Generating A Signature
US20100310070A1 (en) * 2007-12-21 2010-12-09 Morpho Generation and Use of a Biometric Key
US20110126024A1 (en) * 2004-06-14 2011-05-26 Rodney Beatson Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
CN102187352A (en) * 2008-10-27 2011-09-14 德国捷德有限公司 Method and system for personalizing a portable data storage device
US20120144204A1 (en) * 2010-12-01 2012-06-07 Lumidigm, Inc. Updates of biometric access systems
US20120272066A1 (en) * 2006-10-27 2012-10-25 International Business Machines Corporation System, Apparatus, Method, And Program Product For Authenticating Communication Partner Using Electronic Certificate Containing Personal Information
US8421890B2 (en) 2010-01-15 2013-04-16 Picofield Technologies, Inc. Electronic imager using an impedance sensor grid array and method of making
US20130197946A1 (en) * 2011-12-07 2013-08-01 Simon Hurry Multi purpose device
US20130268444A1 (en) * 2010-05-28 2013-10-10 Jong Namgoong Three-factor user authentication method for generating otp using iris information and secure mutual authentication system using otp authentication module of wireless communication terminal
US8700486B2 (en) 2008-02-19 2014-04-15 Go Daddy Operating Company, LLC Rating e-commerce transactions
US8791792B2 (en) 2010-01-15 2014-07-29 Idex Asa Electronic imager using an impedance sensor grid array mounted on or about a switch and method of making
US8866347B2 (en) 2010-01-15 2014-10-21 Idex Asa Biometric image sensing
US9015263B2 (en) 2004-10-29 2015-04-21 Go Daddy Operating Company, LLC Domain name searching with reputation rating
US9086847B2 (en) * 2012-09-25 2015-07-21 Micro Mobio Corporation Personal cloud case cover with a plurality of modular capabilities
US20150279372A1 (en) * 2014-03-26 2015-10-01 Educational Testing Service Systems and Methods for Detecting Fraud in Spoken Tests Using Voice Biometrics
US20150312041A1 (en) * 2009-11-17 2015-10-29 Unho Choi Authentication in ubiquitous environment
US9178888B2 (en) 2013-06-14 2015-11-03 Go Daddy Operating Company, LLC Method for domain control validation
US20150317466A1 (en) * 2014-05-02 2015-11-05 Verificient Technologies, Inc. Certificate verification system and methods of performing the same
US20150363586A1 (en) * 2011-08-26 2015-12-17 Life Technologies Corporation Systems and methods for identifying an individual
US9225511B1 (en) 2010-08-17 2015-12-29 Go Daddy Operating Company, LLC Systems for determining website secure certificate status via partner browser plugin
US9225510B1 (en) 2010-08-17 2015-12-29 Go Daddy Operating Company, LLC Website secure certificate status determination via partner browser plugin
US20160028545A1 (en) * 2011-08-26 2016-01-28 Life Technologies Corporation Systems and methods for identifying an individual
US9264902B1 (en) * 2007-03-02 2016-02-16 Citigroup Global Markets Inc. Systems and methods for remote authorization of financial transactions using public key infrastructure (PKI)
US20160117492A1 (en) * 2014-10-28 2016-04-28 Morpho Method of authenticating a user holding a biometric certificate
WO2016171295A1 (en) * 2015-04-23 2016-10-27 최운호 Authentication in ubiquitous environment
US20160359851A1 (en) * 2013-03-15 2016-12-08 Airwatch, Llc Facial capture managing access to resources by a device
US9521138B2 (en) 2013-06-14 2016-12-13 Go Daddy Operating Company, LLC System for domain control validation
US9665704B2 (en) 2004-06-14 2017-05-30 Rodney Beatson Method and system for providing password-free, hardware-rooted, ASIC-based, authentication of human to a stand-alone computing device using biometrics with a protected local template to release trusted credentials to relying parties
US9798917B2 (en) 2012-04-10 2017-10-24 Idex Asa Biometric sensing
US20180167388A1 (en) * 2016-09-29 2018-06-14 International Business Machines Corporation Distributed storage of authentication data
US10114939B1 (en) * 2014-09-22 2018-10-30 Symantec Corporation Systems and methods for secure communications between devices
EP2909963B1 (en) * 2012-10-11 2019-07-31 Idemia Identity & Security France Electronic signature method with ephemeral signature
US10404464B2 (en) 2016-08-22 2019-09-03 Mastercard International Incorporated Method and system for secure FIDO development kit with embedded hardware
US10437295B1 (en) 2012-09-25 2019-10-08 Micro Mobio Corporation Personal cloud case cover with a plurality of modular capabilities
US10530577B1 (en) * 2019-02-08 2020-01-07 Talenting, Inc. Systems and methods for biometric key generation in data access control, data verification, and path selection in block chain-linked workforce data management
US10575785B2 (en) 2015-02-05 2020-03-03 Samsung Electronics Co., Ltd. Method and apparatus for obtaining biometric information
US10868672B1 (en) 2015-06-05 2020-12-15 Apple Inc. Establishing and verifying identity using biometrics while protecting user privacy
US20210012350A1 (en) * 2018-02-22 2021-01-14 Oh Stephen Sang Geun Electronic approval system and method and program using biometric authentication
US11036870B2 (en) * 2016-08-22 2021-06-15 Mastercard International Incorporated Method and system for secure device based biometric authentication scheme
US11058326B1 (en) 2012-09-25 2021-07-13 Micro Mobio Corporation Cloud communication antenna panel system and method
US11140171B1 (en) 2015-06-05 2021-10-05 Apple Inc. Establishing and verifying identity using action sequences while protecting user privacy
US20220114542A1 (en) * 2020-10-09 2022-04-14 Unho Choi Chain of authentication using public key infrastructure
US11335440B1 (en) * 2020-06-12 2022-05-17 Tensorx, Inc. Health status system, platform, and method
US11418347B1 (en) * 2016-10-20 2022-08-16 Wells Fargo Bank, N.A. Biometric electronic signature tokens
US11477011B1 (en) * 2005-03-30 2022-10-18 Wells Fargo Bank, N.A. Distributed cryptographic management for computer systems
US11502849B2 (en) 2018-02-28 2022-11-15 Motorola Solutions, Inc. Method of utilizing a trusted secret package for certificate enrollment
US11553857B1 (en) 2012-09-25 2023-01-17 Micro Mobio Corporation System and method for through window personal cloud transmission
US11642045B1 (en) 2012-09-25 2023-05-09 Micro Mobio Corporation Personal health and environmental monitoring device and method
US11786146B1 (en) 2012-09-25 2023-10-17 Micro Mobio Corporation Wireless hub system and method
US11877842B1 (en) 2012-09-25 2024-01-23 Micro Mobio Corporation Personal cloud with a plurality of modular capabilities
WO2024038630A1 (en) * 2022-08-16 2024-02-22 株式会社日立製作所 Authentication system and authentication method

Families Citing this family (335)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7054470B2 (en) * 1999-12-02 2006-05-30 International Business Machines Corporation System and method for distortion characterization in fingerprint and palm-print image sequences and using this distortion as a behavioral biometrics
US7237117B2 (en) * 2001-03-16 2007-06-26 Kenneth P. Weiss Universal secure registry
US7203347B2 (en) * 2001-06-27 2007-04-10 Activcard Ireland Limited Method and system for extracting an area of interest from within a swipe image of a biological surface
EP1293874A3 (en) * 2001-09-06 2006-08-02 Nippon Telegraph and Telephone Corporation Authentication method, authentication system, and authentication token
US8200980B1 (en) * 2001-09-21 2012-06-12 Open Invention Network, Llc System and method for enrolling in a biometric system
JP2003173430A (en) * 2001-09-28 2003-06-20 Sharp Corp Ic card, scramble releasing device, server device, physical characteristic reader, permitter determining method, permitter registering method, frequency managing method, permitter determining program, permittter registering program, and frequency managing program
JP4169185B2 (en) * 2002-02-25 2008-10-22 富士通株式会社 Image linking method, program, and apparatus
JP4187451B2 (en) * 2002-03-15 2008-11-26 松下電器産業株式会社 Personal authentication device and mobile terminal
JP2003346149A (en) * 2002-05-24 2003-12-05 Omron Corp Face collating device and bioinformation collating device
JP4563662B2 (en) * 2002-07-17 2010-10-13 パナソニック株式会社 System for preventing unauthorized use of recording media
US7334130B2 (en) * 2002-07-19 2008-02-19 Bowers Charles R Method and apparatus for managing confidential information
US9218507B2 (en) * 2002-07-19 2015-12-22 Charles R. Bowers Method and apparatus for managing confidential information
US20040034784A1 (en) * 2002-08-15 2004-02-19 Fedronic Dominique Louis Joseph System and method to facilitate separate cardholder and system access to resources controlled by a smart card
US7574734B2 (en) 2002-08-15 2009-08-11 Dominique Louis Joseph Fedronic System and method for sequentially processing a biometric sample
US20040104807A1 (en) * 2002-10-16 2004-06-03 Frank Ko Networked fingerprint authentication system and method
DE10249801B3 (en) * 2002-10-24 2004-05-06 Giesecke & Devrient Gmbh Method of performing a secure electronic transaction using a portable data carrier
US7046234B2 (en) * 2002-11-21 2006-05-16 Bloomberg Lp Computer keyboard with processor for audio and telephony functions
US7228011B1 (en) * 2003-02-28 2007-06-05 L-I Identity Solutions, Inc. System and method for issuing a security unit after determining eligibility by image recognition
US20050008148A1 (en) * 2003-04-02 2005-01-13 Dov Jacobson Mouse performance identification
WO2004097741A1 (en) * 2003-04-25 2004-11-11 Fujitsu Limited Fingerprint matching device, fingerprint matching method, and fingerprint matching program
JP2005004718A (en) * 2003-05-16 2005-01-06 Canon Inc Signal processor and controlling method
US7200250B2 (en) * 2003-05-20 2007-04-03 Lightuning Tech, Inc. Sweep-type fingerprint sensor module
US8185747B2 (en) * 2003-05-22 2012-05-22 Access Security Protection, Llc Methods of registration for programs using verification processes with biometrics for fraud management and enhanced security protection
WO2004109455A2 (en) 2003-05-30 2004-12-16 Privaris, Inc. An in-circuit security system and methods for controlling access to and use of sensitive data
CN1820279B (en) * 2003-06-16 2012-01-25 Uru科技公司 Method and system for creating and operating biometrically enabled multi-purpose credential management devices
US7474772B2 (en) * 2003-06-25 2009-01-06 Atrua Technologies, Inc. System and method for a miniature user input device
US7587072B2 (en) * 2003-08-22 2009-09-08 Authentec, Inc. System for and method of generating rotational inputs
US20050047631A1 (en) * 2003-08-26 2005-03-03 Cross Match Technologies, Inc. Method and apparatus for rolled fingerprint image capture with variable blending
DE10339743B4 (en) * 2003-08-28 2007-08-02 Infineon Technologies Ag A method of comparing a test fingerprint with a stored reference fingerprint and apparatus suitable for performing the method
US7351974B2 (en) * 2003-09-05 2008-04-01 Authentec, Inc. Integrated circuit infrared sensor and associated methods
US7915601B2 (en) * 2003-09-05 2011-03-29 Authentec, Inc. Electronic device including optical dispersion finger sensor and associated methods
US7616786B2 (en) * 2003-09-24 2009-11-10 Authentec, Inc. Finger biometric sensor with sensor electronics distributed over thin film and monocrystalline substrates and related methods
US7787667B2 (en) * 2003-10-01 2010-08-31 Authentec, Inc. Spot-based finger biometric processing method and associated sensor
WO2005034021A1 (en) * 2003-10-01 2005-04-14 Authentec, Inc. Methods for finger biometric processing and associated finger biometric sensors
US7599530B2 (en) * 2003-10-01 2009-10-06 Authentec, Inc. Methods for matching ridge orientation characteristic maps and associated finger biometric sensor
SG113483A1 (en) * 2003-10-30 2005-08-29 Ritronics Components S Pte Ltd A biometrics parameters protected usb interface portable data storage device with usb interface accessible biometrics processor
JP3924558B2 (en) * 2003-11-17 2007-06-06 富士通株式会社 Biological information collection device
US7403644B2 (en) * 2003-11-26 2008-07-22 Microsoft Corporation Fingerprint scanner with translating platen
US7526109B2 (en) * 2003-11-26 2009-04-28 Microsoft Corporation Fingerprint scanner with translating scan head
US7447911B2 (en) * 2003-11-28 2008-11-04 Lightuning Tech. Inc. Electronic identification key with portable application programs and identified by biometrics authentication
TWI282940B (en) * 2003-12-02 2007-06-21 Aimgene Technology Co Ltd Memory storage device with a fingerprint sensor and method for protecting the data therein
FR2864289B1 (en) * 2003-12-17 2007-02-02 Bouygues Telecom Sa BIOMETRIC ACCESS CONTROL USING A MOBILE TELEPHONY TERMINAL
US7697729B2 (en) * 2004-01-29 2010-04-13 Authentec, Inc. System for and method of finger initiated actions
US20050179657A1 (en) * 2004-02-12 2005-08-18 Atrua Technologies, Inc. System and method of emulating mouse operations using finger image sensors
JP4454335B2 (en) * 2004-02-12 2010-04-21 Necインフロンティア株式会社 Fingerprint input device
US7548981B1 (en) * 2004-03-03 2009-06-16 Sprint Spectrum L.P. Biometric authentication over wireless wide-area networks
US7336841B2 (en) * 2004-03-25 2008-02-26 Intel Corporation Fingerprinting digital video for rights management in networks
JP4462988B2 (en) * 2004-04-13 2010-05-12 Necインフロンティア株式会社 Fingerprint reading method and fingerprint reading system
US8175345B2 (en) 2004-04-16 2012-05-08 Validity Sensors, Inc. Unitized ergonomic two-dimensional fingerprint motion tracking device and method
US7751601B2 (en) 2004-10-04 2010-07-06 Validity Sensors, Inc. Fingerprint sensing assemblies and methods of making
US8165355B2 (en) * 2006-09-11 2012-04-24 Validity Sensors, Inc. Method and apparatus for fingerprint motion tracking using an in-line array for use in navigation applications
US8358815B2 (en) * 2004-04-16 2013-01-22 Validity Sensors, Inc. Method and apparatus for two-dimensional finger motion tracking and control
US8131026B2 (en) 2004-04-16 2012-03-06 Validity Sensors, Inc. Method and apparatus for fingerprint image reconstruction
US8229184B2 (en) * 2004-04-16 2012-07-24 Validity Sensors, Inc. Method and algorithm for accurate finger motion tracking
US8447077B2 (en) 2006-09-11 2013-05-21 Validity Sensors, Inc. Method and apparatus for fingerprint motion tracking using an in-line array
EP1747525A2 (en) 2004-04-23 2007-01-31 Validity Sensors Inc. Methods and apparatus for acquiring a swiped fingerprint image
WO2005109320A1 (en) * 2004-04-23 2005-11-17 Sony Corporation Fingerprint image reconstruction based on motion estimate across a narrow fingerprint sensor
US7212658B2 (en) * 2004-04-23 2007-05-01 Sony Corporation System for fingerprint image reconstruction based on motion estimate across a narrow fingerprint sensor
US7194116B2 (en) * 2004-04-23 2007-03-20 Sony Corporation Fingerprint image reconstruction based on motion estimate across a narrow fingerprint sensor
US7542590B1 (en) 2004-05-07 2009-06-02 Yt Acquisition Corporation System and method for upgrading biometric data
US20050249388A1 (en) * 2004-05-07 2005-11-10 Linares Miguel A Three-dimensional fingerprint identification system
US20050255840A1 (en) * 2004-05-13 2005-11-17 Markham Thomas R Authenticating wireless phone system
US8156548B2 (en) * 2004-05-20 2012-04-10 Future Internet Security Ip Pty Ltd. Identification and authentication system and method
WO2005114886A2 (en) * 2004-05-21 2005-12-01 Rsa Security Inc. System and method of fraud reduction
US20050276454A1 (en) * 2004-06-14 2005-12-15 Rodney Beatson System and methods for transforming biometric image data to a consistent angle of inclination
US20080201299A1 (en) * 2004-06-30 2008-08-21 Nokia Corporation Method and System for Managing Metadata
JP4411152B2 (en) * 2004-07-05 2010-02-10 Necインフロンティア株式会社 Fingerprint reading method, fingerprint reading system and program
US20060034497A1 (en) * 2004-08-15 2006-02-16 Michael Manansala Protometric authentication system
US8380125B2 (en) * 2004-09-01 2013-02-19 Kyocera Corporation Systems and methods for bluetooth resource conservation
JP4553379B2 (en) * 2004-09-10 2010-09-29 キヤノン株式会社 Data reproduction apparatus, control method therefor, and computer program
US20060078178A1 (en) * 2004-09-18 2006-04-13 Will Shatford Swipe sensor
DE102004046153B4 (en) * 2004-09-23 2006-10-12 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Method and network system for determining the digital reputation
JP4339221B2 (en) * 2004-09-30 2009-10-07 Necインフロンティア株式会社 Image construction method, fingerprint image construction apparatus and program
US7280679B2 (en) 2004-10-08 2007-10-09 Atrua Technologies, Inc. System for and method of determining pressure on a finger sensor
JP4340618B2 (en) * 2004-10-08 2009-10-07 富士通株式会社 Biometric information authentication apparatus and method, biometric information authentication program, and computer-readable recording medium recording the biometric information authentication program
WO2006044815A1 (en) * 2004-10-13 2006-04-27 Authentec, Inc. Finger sensing device for navigation and related methods
US20060104484A1 (en) * 2004-11-16 2006-05-18 Bolle Rudolf M Fingerprint biometric machine representations based on triangles
FR2878632B1 (en) * 2004-12-01 2007-02-09 Sagem METHOD FOR IDENTIFYING AN INDIVIDUAL FROM IMAGE FRAGMENTS
JP2006189999A (en) * 2005-01-04 2006-07-20 Fujitsu Ltd Security management method, program, and information apparatus
TWI296787B (en) * 2005-01-19 2008-05-11 Lightuning Tech Inc Storage device and method for protecting data stored therein
US20060181521A1 (en) * 2005-02-14 2006-08-17 Atrua Technologies, Inc. Systems for dynamically illuminating touch sensors
US7831070B1 (en) 2005-02-18 2010-11-09 Authentec, Inc. Dynamic finger detection mechanism for a fingerprint sensor
US7899216B2 (en) * 2005-03-18 2011-03-01 Sanyo Electric Co., Ltd. Biometric information processing apparatus and biometric information processing method
CA2592749C (en) 2005-03-24 2015-02-24 Privaris, Inc. Biometric identification device with smartcard capabilities
DE102005014794B4 (en) * 2005-03-31 2009-01-15 Advanced Micro Devices, Inc., Sunnyvale A method of testing a multi-sample semiconductor sample
US8231056B2 (en) 2005-04-08 2012-07-31 Authentec, Inc. System for and method of protecting an integrated circuit from over currents
US7530110B2 (en) * 2005-05-06 2009-05-05 International Business Machines Corporation System and method for fuzzy multi-level security
CN1332346C (en) * 2005-05-26 2007-08-15 上海交通大学 Sliding fingerprint sequence seamless joint method of extension phase correlated
US7386105B2 (en) * 2005-05-27 2008-06-10 Nice Systems Ltd Method and apparatus for fraud detection
WO2006129240A2 (en) * 2005-06-01 2006-12-07 Koninklijke Philips Electronics N.V. Compensating for acquisition noise in helper data systems
US20060277092A1 (en) * 2005-06-03 2006-12-07 Credigy Technologies, Inc. System and method for a peer to peer exchange of consumer information
TWI262696B (en) * 2005-06-17 2006-09-21 Lightuning Tech Inc Storage device and method for protecting data stored therein
US7730546B2 (en) * 2005-07-01 2010-06-01 Time Warner, Inc. Method and apparatus for authenticating usage of an application
US7505613B2 (en) 2005-07-12 2009-03-17 Atrua Technologies, Inc. System for and method of securing fingerprint biometric systems against fake-finger spoofing
US8049731B2 (en) * 2005-07-29 2011-11-01 Interlink Electronics, Inc. System and method for implementing a control function via a sensor having a touch sensitive control input surface
US20070061126A1 (en) * 2005-09-01 2007-03-15 Anthony Russo System for and method of emulating electronic input devices
JP4351201B2 (en) * 2005-09-16 2009-10-28 富士通株式会社 Portable device with fingerprint sensor
JP4771528B2 (en) * 2005-10-26 2011-09-14 キヤノン株式会社 Distributed processing system and distributed processing method
US7940249B2 (en) * 2005-11-01 2011-05-10 Authentec, Inc. Devices using a metal layer with an array of vias to reduce degradation
US7809211B2 (en) * 2005-11-17 2010-10-05 Upek, Inc. Image normalization for computed image construction
US8560456B2 (en) * 2005-12-02 2013-10-15 Credigy Technologies, Inc. System and method for an anonymous exchange of private data
TW200745970A (en) 2005-12-21 2007-12-16 Koninkl Philips Electronics Nv Biometric information detection using sweep-type imager
US7657849B2 (en) 2005-12-23 2010-02-02 Apple Inc. Unlocking a device by performing gestures on an unlock image
US20070162377A1 (en) * 2005-12-23 2007-07-12 Credigy Technologies, Inc. System and method for an online exchange of private data
CN100367296C (en) * 2006-01-18 2008-02-06 北京飞天诚信科技有限公司 Fingerprint image acquisition and imaging method and its apparatus
CN100375107C (en) * 2006-01-18 2008-03-12 北京飞天诚信科技有限公司 Fingerprint image fragment splicing method
US8224034B2 (en) * 2006-02-02 2012-07-17 NL Giken Incorporated Biometrics system, biologic information storage, and portable device
JP4547629B2 (en) * 2006-02-10 2010-09-22 ソニー株式会社 Registration device, registration method, and registration program
US8234220B2 (en) * 2007-02-21 2012-07-31 Weiss Kenneth P Universal secure registry
WO2007145687A1 (en) * 2006-02-21 2007-12-21 Weiss Kenneth P Method and apparatus for secure access payment and identification
US11227676B2 (en) 2006-02-21 2022-01-18 Universal Secure Registry, Llc Universal secure registry
US7787697B2 (en) * 2006-06-09 2010-08-31 Sony Ericsson Mobile Communications Ab Identification of an object in media and of related media objects
US8081805B2 (en) * 2006-06-19 2011-12-20 Authentec, Inc. Finger sensing device with multiple correlators and associated methods
US8180118B2 (en) * 2006-06-19 2012-05-15 Authentec, Inc. Finger sensing device with spoof reduction features and associated methods
US7885436B2 (en) * 2006-07-13 2011-02-08 Authentec, Inc. System for and method of assigning confidence values to fingerprint minutiae points
US7978884B1 (en) * 2006-08-08 2011-07-12 Smsc Holdings S.A.R.L. Fingerprint sensor and interface
US11762972B1 (en) * 2006-08-13 2023-09-19 Tara Chand Singhal System and methods for a multi-factor remote user authentication
US7916908B1 (en) 2006-09-06 2011-03-29 SMSC Holdings S.à.r.l Fingerprint sensor and method of transmitting a sensor image to reduce data size and data rate
DE102007015320B4 (en) * 2006-11-03 2008-10-23 Basler Ag Camera for analyzing objects
US8955083B2 (en) 2006-12-19 2015-02-10 Telecom Italia S.P.A. Method and arrangement for secure user authentication based on a biometric data detection device
US8190908B2 (en) * 2006-12-20 2012-05-29 Spansion Llc Secure data verification via biometric input
EP2127311B1 (en) 2007-02-02 2013-10-09 Websense, Inc. System and method for adding context to prevent data leakage over a computer network
CN101790717B (en) * 2007-04-13 2014-07-16 阿维萨瑞公司 Machine vision system for enterprise management
EP1986161A1 (en) * 2007-04-27 2008-10-29 Italdata Ingegneria Dell'Idea S.p.A. Data survey device, integrated with a communication system, and related method
US8107212B2 (en) * 2007-04-30 2012-01-31 Validity Sensors, Inc. Apparatus and method for protecting fingerprint sensing circuitry from electrostatic discharge
US8290150B2 (en) * 2007-05-11 2012-10-16 Validity Sensors, Inc. Method and system for electronically securing an electronic device using physically unclonable functions
US20110002461A1 (en) * 2007-05-11 2011-01-06 Validity Sensors, Inc. Method and System for Electronically Securing an Electronic Biometric Device Using Physically Unclonable Functions
ATE508428T1 (en) * 2007-05-16 2011-05-15 Precise Biometrics Ab SEQUENTIAL IMAGE ALIGNMENT
US20090037742A1 (en) * 2007-07-31 2009-02-05 International Business Machines Corporation Biometric authentication device, system and method of biometric authentication
US8181031B2 (en) * 2007-08-01 2012-05-15 International Business Machines Corporation Biometric authentication device and system
CA2698086C (en) * 2007-08-31 2017-05-23 Homeatm Epayment Solutions Apparatus and method for conducting secure financial transactions
EP3882797A1 (en) 2007-09-24 2021-09-22 Apple Inc. Embedded authentication systems in an electronic device
JP4466707B2 (en) * 2007-09-27 2010-05-26 ミツミ電機株式会社 Finger separation detection device, finger separation detection method, fingerprint reading device using the same, and fingerprint reading method
EP2206277A4 (en) * 2007-10-22 2013-02-13 Microlatch Pty Ltd A transmitter for transmitting a secure access signal
US8204281B2 (en) * 2007-12-14 2012-06-19 Validity Sensors, Inc. System and method to remove artifacts from fingerprint sensor scans
US8276816B2 (en) * 2007-12-14 2012-10-02 Validity Sensors, Inc. Smart card system with ergonomic fingerprint sensor and method of using
JP2009146266A (en) * 2007-12-17 2009-07-02 Fujitsu Ltd Electronic apparatus
US9361440B2 (en) 2007-12-21 2016-06-07 Apple Inc. Secure off-chip processing such as for biometric data
WO2009080089A1 (en) 2007-12-24 2009-07-02 Telecom Italia S.P.A. Biometrics based identification
TWI359381B (en) * 2007-12-25 2012-03-01 Htc Corp Method for unlocking a locked computing device and
US8600120B2 (en) 2008-01-03 2013-12-03 Apple Inc. Personal computing device control using face detection and recognition
US8621561B2 (en) * 2008-01-04 2013-12-31 Microsoft Corporation Selective authorization based on authentication input attributes
US9785330B1 (en) 2008-02-13 2017-10-10 Apple Inc. Systems for and methods of providing inertial scrolling and navigation using a fingerprint sensor calculating swiping speed and length
KR101464951B1 (en) * 2008-03-18 2014-11-25 알카텔-루센트 유에스에이 인코포레이티드 Method and apparatus for automatically handling missed calls in a communication terminal
US9130986B2 (en) * 2008-03-19 2015-09-08 Websense, Inc. Method and system for protection against information stealing software
US9015842B2 (en) 2008-03-19 2015-04-21 Websense, Inc. Method and system for protection against information stealing software
US20090243794A1 (en) * 2008-03-24 2009-10-01 Neil Morrow Camera modules communicating with computer systems
US8005276B2 (en) 2008-04-04 2011-08-23 Validity Sensors, Inc. Apparatus and method for reducing parasitic capacitive coupling and noise in fingerprint sensing circuits
US8116540B2 (en) * 2008-04-04 2012-02-14 Validity Sensors, Inc. Apparatus and method for reducing noise in fingerprint sensing circuits
KR101189712B1 (en) * 2008-04-24 2012-10-10 교세라 가부시키가이샤 Mobile electronic device
US20090279745A1 (en) * 2008-05-08 2009-11-12 Sonavation, Inc. Method and System for Image Resolution Improvement of Biometric Digit Imprint Sensors Using Staggered Rows
US8503740B2 (en) * 2008-05-12 2013-08-06 Sonavation, Inc. Methods and apparatus for digit swipe sensor data streaming
EP2313870B1 (en) * 2008-06-30 2013-12-04 Telecom Italia S.p.A. Method and system for communicating access authorization requests based on user personal identification as well as method and system for determining access authorizations
EP2291795A1 (en) * 2008-07-02 2011-03-09 C-True Ltd. Face recognition system and method
JP5040835B2 (en) * 2008-07-04 2012-10-03 富士通株式会社 Biological information reader, biological information reading method, and biological information reading program
US10146926B2 (en) * 2008-07-18 2018-12-04 Microsoft Technology Licensing, Llc Differentiated authentication for compartmentalized computing resources
US8698594B2 (en) * 2008-07-22 2014-04-15 Synaptics Incorporated System, device and method for securing a user device component by authenticating the user of a biometric sensor by performance of a replication of a portion of an authentication process performed at a remote computing device
JP5247295B2 (en) * 2008-08-13 2013-07-24 ラピスセミコンダクタ株式会社 Image processing method and image processing apparatus
JP5206218B2 (en) * 2008-08-20 2013-06-12 富士通株式会社 Fingerprint image acquisition device, fingerprint authentication device, fingerprint image acquisition method, and fingerprint authentication method
US8471679B2 (en) * 2008-10-28 2013-06-25 Authentec, Inc. Electronic device including finger movement based musical tone generation and related methods
US20110187496A1 (en) * 2008-10-30 2011-08-04 Denison William D Electronic Access Control Device and Management System
US8391568B2 (en) * 2008-11-10 2013-03-05 Validity Sensors, Inc. System and method for improved scanning of fingerprint edges
US8074880B2 (en) * 2008-12-01 2011-12-13 Research In Motion Limited Method, system and mobile device employing enhanced fingerprint authentication
US20100161488A1 (en) * 2008-12-22 2010-06-24 Paul Michael Evans Methods and systems for biometric verification
KR101390045B1 (en) * 2008-12-24 2014-04-30 에릭슨엘지엔터프라이즈 주식회사 Communication apparatus and controlling device thereof
CA2748695C (en) * 2008-12-31 2017-11-07 Bce Inc. System and method for unlocking a device
US20100176892A1 (en) * 2009-01-15 2010-07-15 Validity Sensors, Inc. Ultra Low Power Oscillator
US20100180136A1 (en) * 2009-01-15 2010-07-15 Validity Sensors, Inc. Ultra Low Power Wake-On-Event Mode For Biometric Systems
US8278946B2 (en) * 2009-01-15 2012-10-02 Validity Sensors, Inc. Apparatus and method for detecting finger activity on a fingerprint sensor
US8600122B2 (en) * 2009-01-15 2013-12-03 Validity Sensors, Inc. Apparatus and method for culling substantially redundant data in fingerprint sensing circuits
US8374407B2 (en) 2009-01-28 2013-02-12 Validity Sensors, Inc. Live finger detection
US9298902B2 (en) * 2009-02-12 2016-03-29 International Business Machines Corporation System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US8327134B2 (en) 2009-02-12 2012-12-04 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template
US8301902B2 (en) * 2009-02-12 2012-10-30 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a biometric reference template
US8289135B2 (en) 2009-02-12 2012-10-16 International Business Machines Corporation System, method and program product for associating a biometric reference template with a radio frequency identification tag
US8242892B2 (en) * 2009-02-12 2012-08-14 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object
US8359475B2 (en) * 2009-02-12 2013-01-22 International Business Machines Corporation System, method and program product for generating a cancelable biometric reference template on demand
US20100208953A1 (en) * 2009-02-17 2010-08-19 Validity Sensors, Inc. Illuminated Fingerprint Sensor and Method
US8631486B1 (en) * 2009-03-31 2014-01-14 Emc Corporation Adaptive identity classification
US9336428B2 (en) 2009-10-30 2016-05-10 Synaptics Incorporated Integrated fingerprint sensor and display
US9400911B2 (en) 2009-10-30 2016-07-26 Synaptics Incorporated Fingerprint sensor and integratable electronic display
US9274553B2 (en) 2009-10-30 2016-03-01 Synaptics Incorporated Fingerprint sensor and integratable electronic display
KR101088029B1 (en) * 2009-11-19 2011-11-29 최운호 System for Authentication of Electronic Cash Using Smart Card and Communication Terminal
US9666635B2 (en) 2010-02-19 2017-05-30 Synaptics Incorporated Fingerprint sensing circuit
US8716613B2 (en) * 2010-03-02 2014-05-06 Synaptics Incoporated Apparatus and method for electrostatic discharge protection
EP2386998B1 (en) * 2010-05-14 2018-07-11 Honda Research Institute Europe GmbH A Two-Stage Correlation Method for Correspondence Search
US9001040B2 (en) 2010-06-02 2015-04-07 Synaptics Incorporated Integrated fingerprint sensor and navigation device
EP2593903A4 (en) * 2010-07-12 2014-04-02 Fingerprint Cards Ab Biometric verification device and method
US8528072B2 (en) 2010-07-23 2013-09-03 Apple Inc. Method, apparatus and system for access mode control of a device
US8331096B2 (en) 2010-08-20 2012-12-11 Validity Sensors, Inc. Fingerprint acquisition expansion card apparatus
US8613052B2 (en) 2010-09-17 2013-12-17 Universal Secure Registry, Llc Apparatus, system and method employing a wireless user-device
US20120092294A1 (en) 2010-10-18 2012-04-19 Qualcomm Mems Technologies, Inc. Combination touch, handwriting and fingerprint sensor
KR101574968B1 (en) * 2010-11-01 2015-12-08 한국전자통신연구원 Portable sensor apparatus, and service system based on biometric Authentication including the same
US9972146B1 (en) * 2010-11-17 2018-05-15 Cypress Semiconductor Corporation Security system with a wireless security device
US8996879B2 (en) * 2010-12-23 2015-03-31 Intel Corporation User identity attestation in mobile commerce
RU2453921C1 (en) * 2010-12-28 2012-06-20 Валерий Александрович Гуров System for remote control of transactions
CN103238311A (en) * 2011-01-13 2013-08-07 株式会社尼康 Electronic device and electronic device control program
US8538097B2 (en) 2011-01-26 2013-09-17 Validity Sensors, Inc. User input utilizing dual line scanner apparatus and method
US8594393B2 (en) 2011-01-26 2013-11-26 Validity Sensors System for and method of image reconstruction with dual line scanner using line counts
US9129107B2 (en) * 2011-02-10 2015-09-08 SecurenCrypt, LLC Document encryption and decryption
GB2489100A (en) 2011-03-16 2012-09-19 Validity Sensors Inc Wafer-level packaging for a fingerprint sensor
US8638994B2 (en) 2011-04-21 2014-01-28 Authentec, Inc. Electronic device for collecting finger data and displaying a finger movement trace and related methods
US8527360B2 (en) 2011-04-29 2013-09-03 Daon Holdings Limited Methods and systems for conducting payment transactions
US20140089672A1 (en) * 2012-09-25 2014-03-27 Aliphcom Wearable device and method to generate biometric identifier for authentication using near-field communications
KR101284481B1 (en) * 2011-07-15 2013-07-16 아이리텍 잉크 Authentication method and device using OTP including biometric data
US8726361B2 (en) * 2011-08-15 2014-05-13 Bank Of America Corporation Method and apparatus for token-based attribute abstraction
US8752124B2 (en) 2011-08-15 2014-06-10 Bank Of America Corporation Apparatus and method for performing real-time authentication using subject token combinations
US8806602B2 (en) 2011-08-15 2014-08-12 Bank Of America Corporation Apparatus and method for performing end-to-end encryption
US9253197B2 (en) 2011-08-15 2016-02-02 Bank Of America Corporation Method and apparatus for token-based real-time risk updating
US8572689B2 (en) 2011-08-15 2013-10-29 Bank Of America Corporation Apparatus and method for making access decision using exceptions
US8584202B2 (en) 2011-08-15 2013-11-12 Bank Of America Corporation Apparatus and method for determining environment integrity levels
US8789143B2 (en) * 2011-08-15 2014-07-22 Bank Of America Corporation Method and apparatus for token-based conditioning
US8572683B2 (en) 2011-08-15 2013-10-29 Bank Of America Corporation Method and apparatus for token-based re-authentication
US8850515B2 (en) 2011-08-15 2014-09-30 Bank Of America Corporation Method and apparatus for subject recognition session validation
US8726341B2 (en) * 2011-08-15 2014-05-13 Bank Of America Corporation Apparatus and method for determining resource trust levels
US9159065B2 (en) * 2011-08-15 2015-10-13 Bank Of America Corporation Method and apparatus for object security session validation
US8713672B2 (en) * 2011-08-15 2014-04-29 Bank Of America Corporation Method and apparatus for token-based context caching
US8539558B2 (en) 2011-08-15 2013-09-17 Bank Of America Corporation Method and apparatus for token-based token termination
US8752143B2 (en) * 2011-08-15 2014-06-10 Bank Of America Corporation Method and apparatus for token-based reassignment of privileges
US8726340B2 (en) * 2011-08-15 2014-05-13 Bank Of America Corporation Apparatus and method for expert decisioning
US8950002B2 (en) * 2011-08-15 2015-02-03 Bank Of America Corporation Method and apparatus for token-based access of related resources
US8910290B2 (en) * 2011-08-15 2014-12-09 Bank Of America Corporation Method and apparatus for token-based transaction tagging
US8572714B2 (en) * 2011-08-15 2013-10-29 Bank Of America Corporation Apparatus and method for determining subject assurance level
US9055053B2 (en) 2011-08-15 2015-06-09 Bank Of America Corporation Method and apparatus for token-based combining of risk ratings
US8726339B2 (en) 2011-08-15 2014-05-13 Bank Of America Corporation Method and apparatus for emergency session validation
US8752157B2 (en) 2011-08-15 2014-06-10 Bank Of America Corporation Method and apparatus for third party session validation
US8789162B2 (en) * 2011-08-15 2014-07-22 Bank Of America Corporation Method and apparatus for making token-based access decisions
US9002322B2 (en) 2011-09-29 2015-04-07 Apple Inc. Authentication with secondary approver
US8769624B2 (en) 2011-09-29 2014-07-01 Apple Inc. Access control utilizing indirect authentication
US8965069B2 (en) * 2011-09-30 2015-02-24 University Of Louisville Research Foundation, Inc. Three dimensional minutiae extraction in three dimensional scans
KR101160681B1 (en) 2011-10-19 2012-06-28 배경덕 Method, mobile communication terminal and computer-readable recording medium for operating specific function when activaing of mobile communication terminal
US10043052B2 (en) 2011-10-27 2018-08-07 Synaptics Incorporated Electronic device packages and methods
US20140214673A1 (en) * 2011-12-21 2014-07-31 Jim S. Baca Method for authentication using biometric data for mobile device e-commerce transactions
US9195877B2 (en) 2011-12-23 2015-11-24 Synaptics Incorporated Methods and devices for capacitive image sensing
US9785299B2 (en) 2012-01-03 2017-10-10 Synaptics Incorporated Structures and manufacturing methods for glass covered electronic devices
KR101443960B1 (en) * 2012-02-22 2014-11-03 주식회사 팬택 Electronic device and method for user identification
US9137438B2 (en) 2012-03-27 2015-09-15 Synaptics Incorporated Biometric object sensor and method
US9251329B2 (en) 2012-03-27 2016-02-02 Synaptics Incorporated Button depress wakeup and wakeup strategy
US9268991B2 (en) 2012-03-27 2016-02-23 Synaptics Incorporated Method of and system for enrolling and matching biometric data
US9600709B2 (en) * 2012-03-28 2017-03-21 Synaptics Incorporated Methods and systems for enrolling biometric data
US9152838B2 (en) 2012-03-29 2015-10-06 Synaptics Incorporated Fingerprint sensor packagings and methods
US9024910B2 (en) 2012-04-23 2015-05-05 Qualcomm Mems Technologies, Inc. Touchscreen with bridged force-sensitive resistors
KR101710771B1 (en) 2012-05-18 2017-02-27 애플 인크. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US9203818B1 (en) 2012-08-23 2015-12-01 Amazon Technologies, Inc. Adaptive timeouts for security credentials
US8996860B1 (en) * 2012-08-23 2015-03-31 Amazon Technologies, Inc. Tolerance factor-based secret decay
US9038148B1 (en) 2012-08-23 2015-05-19 Amazon Technologies, Inc. Secret variation for network sessions
GB2507540A (en) 2012-11-02 2014-05-07 Zwipe As Enrolling fingerprints by combining image strips to obtain sufficient width
GB2507539A (en) 2012-11-02 2014-05-07 Zwipe As Matching sets of minutiae using local neighbourhoods
US9241259B2 (en) 2012-11-30 2016-01-19 Websense, Inc. Method and apparatus for managing the transfer of sensitive information to mobile devices
US9672339B2 (en) * 2012-12-12 2017-06-06 Intel Corporation Electro-biometric authentication
US9665762B2 (en) 2013-01-11 2017-05-30 Synaptics Incorporated Tiered wakeup strategy
US10121049B2 (en) 2013-04-01 2018-11-06 AMI Research & Development, LLC Fingerprint based smart phone user verification
US9754149B2 (en) 2013-04-01 2017-09-05 AMI Research & Development, LLC Fingerprint based smart phone user verification
US9189612B2 (en) * 2013-05-13 2015-11-17 Ira Konvalinka Biometric verification with improved privacy and network performance in client-server networks
US9262003B2 (en) 2013-11-04 2016-02-16 Qualcomm Incorporated Piezoelectric force sensing array
US9323393B2 (en) 2013-06-03 2016-04-26 Qualcomm Incorporated Display with peripherally configured ultrasonic biometric sensor
AU2014292980A1 (en) * 2013-07-24 2016-02-04 Visa International Service Association Systems and methods for interoperable network token processing
US10460322B2 (en) * 2013-08-30 2019-10-29 Mastercard International Incorporated Methods and systems for verifying cardholder authenticity when provisioning a token
US9898642B2 (en) 2013-09-09 2018-02-20 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
GB2519076A (en) * 2013-10-08 2015-04-15 A Men Technology Corp Point transaction system and method for mobile communication device
EP3078156A4 (en) 2013-10-11 2017-07-12 Visa International Service Association Network token system
CN104545842B (en) * 2013-10-16 2017-09-26 原相科技股份有限公司 Slim physiological characteristic detection module
TWI514286B (en) * 2013-10-16 2015-12-21 Pixart Imaging Inc Thin biometric detection module
KR101869624B1 (en) 2013-11-22 2018-06-21 선전 구딕스 테크놀로지 컴퍼니, 리미티드 Secure human fingerprint sensor
WO2015081326A1 (en) 2013-11-27 2015-06-04 Shenzhen Huiding Technology Co., Ltd. Wearable communication devices for secured transaction and communication
US9836637B2 (en) 2014-01-15 2017-12-05 Google Llc Finger print state integration with non-application processor functions for power savings in an electronic device
TWI517057B (en) * 2014-03-07 2016-01-11 神盾股份有限公司 Fingerprint recognition method and device
US10713466B2 (en) 2014-03-07 2020-07-14 Egis Technology Inc. Fingerprint recognition method and electronic device using the same
US10296778B2 (en) 2014-05-08 2019-05-21 Northrop Grumman Systems Corporation Methods, devices, and computer-readable media for biometric collection, quality checking, and matching
NO20140653A1 (en) 2014-05-27 2015-11-30 Idex Asa Biometric sensor
US9483763B2 (en) 2014-05-29 2016-11-01 Apple Inc. User interface for payments
US9230152B2 (en) * 2014-06-03 2016-01-05 Apple Inc. Electronic device for processing composite finger matching biometric data and related methods
US11023890B2 (en) 2014-06-05 2021-06-01 Visa International Service Association Identification and verification for provisioning mobile application
US11237525B2 (en) 2014-07-07 2022-02-01 Shenzhen GOODIX Technology Co., Ltd. Smart watch
US9519819B2 (en) * 2014-07-14 2016-12-13 Fingerprint Cards Ab Method and electronic device for noise mitigation
EP3122243B1 (en) 2014-07-23 2019-06-26 Shenzhen Goodix Technology Co., Ltd. Optical heart rate sensor
KR20160016583A (en) * 2014-07-31 2016-02-15 에지스 테크놀러지 인코포레이티드 Fingerprint recognition methods and devices
US10282535B2 (en) * 2014-09-02 2019-05-07 NXT-ID, Inc. Method and system to validate identity without putting privacy at risk
WO2016036456A1 (en) * 2014-09-06 2016-03-10 Goodix Technology Inc. Swipe motion registration on a fingerprint sensor
US9760755B1 (en) * 2014-10-03 2017-09-12 Egis Technology Inc. Fingerprint matching methods and device
US10732771B2 (en) 2014-11-12 2020-08-04 Shenzhen GOODIX Technology Co., Ltd. Fingerprint sensors having in-pixel optical sensors
CN105447436B (en) 2014-12-19 2017-08-04 比亚迪股份有限公司 Fingerprint recognition system and fingerprint identification method and electronic equipment
WO2016172713A1 (en) 2015-04-23 2016-10-27 Shenzhen Huiding Technology Co., Ltd. Multifunction fingerprint sensor
TWI541731B (en) * 2015-04-27 2016-07-11 瑞鼎科技股份有限公司 Capacitive fingerprint sensing apparatus and capacitive fingerprint sensing method
US10740732B2 (en) 2015-05-20 2020-08-11 Ripple Luxembourg S.A. Resource transfer system
US11481771B2 (en) * 2015-05-20 2022-10-25 Ripple Luxembourg S.A. One way functions in a resource transfer system
SE1550689A1 (en) 2015-05-28 2016-11-29 Fingerprint Cards Ab Method and fingerprint sensing system for forming a fingerprint representation
KR101928319B1 (en) 2015-06-18 2018-12-12 선전 구딕스 테크놀로지 컴퍼니, 리미티드 Multifunction fingerprint sensor with photo sensing capability
US10410033B2 (en) 2015-06-18 2019-09-10 Shenzhen GOODIX Technology Co., Ltd. Under-LCD screen optical sensor module for on-screen fingerprint sensing
US10410037B2 (en) 2015-06-18 2019-09-10 Shenzhen GOODIX Technology Co., Ltd. Under-screen optical sensor module for on-screen fingerprint sensing implementing imaging lens, extra illumination or optical collimator array
US10437974B2 (en) 2015-06-18 2019-10-08 Shenzhen GOODIX Technology Co., Ltd. Optical sensing performance of under-screen optical sensor module for on-screen fingerprint sensing
CN107004130B (en) 2015-06-18 2020-08-28 深圳市汇顶科技股份有限公司 Optical sensor module under screen for sensing fingerprint on screen
WO2016205938A1 (en) 2015-06-22 2016-12-29 Appetite Lab Inc. Devices and methods for locating and visualizing underwater objects
US10339178B2 (en) * 2015-06-30 2019-07-02 Samsung Electronics Co., Ltd. Fingerprint recognition method and apparatus
US9946375B2 (en) * 2015-06-30 2018-04-17 Synaptics Incorporated Active matrix capacitive fingerprint sensor with 2-TFT pixel architecture for display integration
US10628569B2 (en) * 2015-06-30 2020-04-21 Huawei Technologies Co., Ltd Method for unlocking screen by using fingerprint and terminal
US10095948B2 (en) * 2015-06-30 2018-10-09 Synaptics Incorporated Modulation scheme for fingerprint sensing
US10331936B2 (en) * 2015-07-14 2019-06-25 Idex Asa Duplicate pattern reconstructions
US10578706B2 (en) * 2015-08-06 2020-03-03 Navico Holding As Wireless sonar receiver
US9881184B2 (en) * 2015-10-30 2018-01-30 Intel Corporation Authenticity-assured data gathering apparatus and method
US20170140233A1 (en) * 2015-11-13 2017-05-18 Fingerprint Cards Ab Method and system for calibration of a fingerprint sensing device
US10325134B2 (en) * 2015-11-13 2019-06-18 Fingerprint Cards Ab Method and system for calibration of an optical fingerprint sensing device
WO2017139537A1 (en) * 2016-02-11 2017-08-17 AMI Research & Development, LLC Fingerprint based smart phone user verification
CN105825098B (en) 2016-03-16 2018-03-27 广东欧珀移动通信有限公司 Unlocking screen method, image-pickup method and the device of a kind of electric terminal
US11108767B2 (en) * 2016-04-21 2021-08-31 Tharmalingam Satkunarajah Apparatus and system for obtaining and encrypting documentary materials
DK179186B1 (en) 2016-05-19 2018-01-15 Apple Inc REMOTE AUTHORIZATION TO CONTINUE WITH AN ACTION
BR112019004922A2 (en) * 2016-09-27 2019-06-04 Visa Int Service Ass server appliance and method.
US10719077B2 (en) 2016-10-13 2020-07-21 Navico Holding As Castable sonar devices and operations in a marine environment
US10430638B2 (en) * 2016-11-10 2019-10-01 Synaptics Incorporated Systems and methods for spoof detection relative to a template instead of on an absolute scale
EP3542307A4 (en) * 2016-11-15 2020-06-10 Fingerprint Cards AB Method and electronic device for fingerprint enrollment
US10506926B2 (en) 2017-02-18 2019-12-17 Arc Devices Limited Multi-vital sign detector in an electronic medical records system
US10492684B2 (en) 2017-02-21 2019-12-03 Arc Devices Limited Multi-vital-sign smartphone system in an electronic medical records system
US10614283B2 (en) 2017-03-07 2020-04-07 Shenzhen GOODIX Technology Co., Ltd. Devices with peripheral task bar display zone and under-LCD screen optical sensor module for on-screen fingerprint sensing
EP3449419B1 (en) 2017-05-01 2021-12-22 Shenzhen Goodix Technology Co., Ltd. Ultrasound fingerprint sensing and sensor fabrication
US10602548B2 (en) 2017-06-22 2020-03-24 Infineon Technologies Ag System and method for gesture sensing
US10331939B2 (en) 2017-07-06 2019-06-25 Shenzhen GOODIX Technology Co., Ltd. Multi-layer optical designs of under-screen optical sensor module having spaced optical collimator array and optical sensor array for on-screen fingerprint sensing
US10318791B2 (en) 2017-07-18 2019-06-11 Shenzhen GOODIX Technology Co., Ltd. Anti-spoofing sensing for rejecting fake fingerprint patterns in under-screen optical sensor module for on-screen fingerprint sensing
US10602987B2 (en) 2017-08-10 2020-03-31 Arc Devices Limited Multi-vital-sign smartphone system in an electronic medical records system
KR102399539B1 (en) * 2017-08-28 2022-05-19 삼성전자주식회사 Method and apparatus for identifying an object
EP4155988A1 (en) 2017-09-09 2023-03-29 Apple Inc. Implementation of biometric authentication for performing a respective function
KR102185854B1 (en) 2017-09-09 2020-12-02 애플 인크. Implementation of biometric authentication
US10460458B1 (en) * 2017-09-14 2019-10-29 United States Of America As Represented By The Secretary Of The Air Force Method for registration of partially-overlapped aerial imagery using a reduced search space methodology with hybrid similarity measures
US10970516B2 (en) 2017-10-25 2021-04-06 Synaptics Incorporated Systems and methods for biometric recognition
US10984213B2 (en) 2018-03-27 2021-04-20 Shenzhen GOODIX Technology Co., Ltd. 3-dimensional optical topographical sensing of fingerprints using under-screen optical sensor module
US10320962B1 (en) * 2018-04-20 2019-06-11 Zte Corporation Dual screen smartphone and portable devices with a full display screen
US10485431B1 (en) 2018-05-21 2019-11-26 ARC Devices Ltd. Glucose multi-vital-sign system in an electronic medical records system
US11170085B2 (en) 2018-06-03 2021-11-09 Apple Inc. Implementation of biometric authentication
US10860096B2 (en) 2018-09-28 2020-12-08 Apple Inc. Device control using gaze information
US11100349B2 (en) 2018-09-28 2021-08-24 Apple Inc. Audio assisted enrollment
US10742786B2 (en) * 2018-11-15 2020-08-11 Osram Opto Semiconductors Gmbh Mobile device with side-looking biometric sensor
WO2020113429A1 (en) * 2018-12-04 2020-06-11 深圳市汇顶科技股份有限公司 Fingerprint registration method, terminal and computer-readable storage medium
KR20200100481A (en) * 2019-02-18 2020-08-26 삼성전자주식회사 Electronic device for authenticating biometric information and operating method thereof
CN113454642A (en) * 2019-02-21 2021-09-28 奈克斯特生物测定学集团公司 Method for detecting replay attacks in a fingerprint sensor system
GB2587404A (en) * 2019-09-27 2021-03-31 Airbus Defence & Space Ltd Encryption and verification method
WO2021247300A1 (en) 2020-06-01 2021-12-09 Arc Devices Limited Apparatus and methods for measuring blood pressure and other vital signs via a finger

Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4222076A (en) * 1978-09-15 1980-09-09 Bell Telephone Laboratories, Incorporated Progressive image transmission
US4405829A (en) * 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US4558372A (en) * 1984-01-19 1985-12-10 Tektronix, Inc. Scanning method and apparatus
US4654876A (en) * 1984-12-19 1987-03-31 Itek Corporation Digital image motion correction method
US5144448A (en) * 1990-07-31 1992-09-01 Vidar Systems Corporation Scanning apparatus using multiple CCD arrays and related method
US5155597A (en) * 1990-11-28 1992-10-13 Recon/Optical, Inc. Electro-optical imaging array with motion compensation
US5227839A (en) * 1991-06-24 1993-07-13 Etec Systems, Inc. Small field scanner
US5444478A (en) * 1992-12-29 1995-08-22 U.S. Philips Corporation Image processing method and device for constructing an image from adjacent images
US5453777A (en) * 1993-04-12 1995-09-26 Presstek, Inc. Method and apparatus for correcting and adjusting digital image output
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system
US5768439A (en) * 1994-03-23 1998-06-16 Hitachi Software Engineering Co., Ltd. Image compounding method and device for connecting a plurality of adjacent images on a map without performing positional displacement at their connections boundaries
US5812704A (en) * 1994-11-29 1998-09-22 Focus Automation Systems Inc. Method and apparatus for image overlap processing
US6003135A (en) * 1997-06-04 1999-12-14 Spyrus, Inc. Modular security device
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US6047268A (en) * 1997-11-04 2000-04-04 A.T.&T. Corporation Method and apparatus for billing for transactions conducted over the internet
US6097418A (en) * 1998-03-24 2000-08-01 Agfa Corporation Method and apparatus for combining a plurality of images without incurring a visible seam
US6175922B1 (en) * 1996-12-04 2001-01-16 Esign, Inc. Electronic transaction systems and methods therefor
US6195471B1 (en) * 1998-03-24 2001-02-27 Agfa Corporation Method and apparatus for combining a plurality of images at random stitch points without incurring a visible seam
US6219793B1 (en) * 1996-09-11 2001-04-17 Hush, Inc. Method of using fingerprints to authenticate wireless communications
US6256737B1 (en) * 1999-03-09 2001-07-03 Bionetrix Systems Corporation System, method and computer program product for allowing access to enterprise resources using biometric devices
US6289114B1 (en) * 1996-06-14 2001-09-11 Thomson-Csf Fingerprint-reading system
US6333989B1 (en) * 1999-03-29 2001-12-25 Dew Engineering And Development Limited Contact imaging device
US20020060243A1 (en) * 2000-11-13 2002-05-23 Janiak Martin J. Biometric authentication device for use in mobile telecommunications

Family Cites Families (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4868877A (en) * 1988-02-12 1989-09-19 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US4993068A (en) * 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system
BR9001916A (en) * 1990-04-20 1991-11-12 Metal Leve Sa PROCESS OF OBTAINING REFRIGERATED PUMP AND REFRIGERATED PUMP
US5293323A (en) 1991-10-24 1994-03-08 General Electric Company Method for fault diagnosis by assessment of confidence measure
TW335241U (en) * 1992-11-30 1998-06-21 Thomson Consumer Electronics A video display system
US5456256A (en) 1993-11-04 1995-10-10 Ultra-Scan Corporation High resolution ultrasonic imaging apparatus and method
US20020013898A1 (en) 1997-06-04 2002-01-31 Sudia Frank W. Method and apparatus for roaming use of cryptographic values
US5623552A (en) * 1994-01-21 1997-04-22 Cardguard International, Inc. Self-authenticating identification card with fingerprint identification
TW299410B (en) * 1994-04-04 1997-03-01 At & T Corp
US5458256A (en) * 1994-04-19 1995-10-17 May-Wes Manufacturing, Inc. Slide lid
US5673123A (en) * 1994-06-30 1997-09-30 Lucent Technologies Inc. Methods and means for processing images
US5631704A (en) * 1994-10-14 1997-05-20 Lucent Technologies, Inc. Active pixel sensor and imaging system having differential mode
US5576763A (en) 1994-11-22 1996-11-19 Lucent Technologies Inc. Single-polysilicon CMOS active pixel
US6366682B1 (en) * 1994-11-28 2002-04-02 Indivos Corporation Tokenless electronic transaction system
US6230148B1 (en) * 1994-11-28 2001-05-08 Veristar Corporation Tokenless biometric electric check transaction
US6192142B1 (en) * 1994-11-28 2001-02-20 Smarttouch, Inc. Tokenless biometric electronic stored value transactions
KR960028217A (en) 1994-12-22 1996-07-22 엘리 웨이스 Motion Detection Camera System and Method
US5825907A (en) * 1994-12-28 1998-10-20 Lucent Technologies Inc. Neural network system for classifying fingerprints
US5774525A (en) 1995-01-23 1998-06-30 International Business Machines Corporation Method and apparatus utilizing dynamic questioning to provide secure access control
US5668874A (en) 1995-02-28 1997-09-16 Lucent Technologies Inc. Identification card verification system and method
US5625304A (en) * 1995-04-21 1997-04-29 Lucent Technologies Inc. Voltage comparator requiring no compensating offset voltage
US5577120A (en) * 1995-05-01 1996-11-19 Lucent Technologies Inc. Method and apparatus for restrospectively identifying an individual who had engaged in a commercial or retail transaction or the like
US6973477B1 (en) * 1995-05-19 2005-12-06 Cyberfone Technologies, Inc. System for securely communicating amongst client computer systems
US5739562A (en) 1995-08-01 1998-04-14 Lucent Technologies Inc. Combined photogate and photodiode active pixel image sensor
US5671279A (en) * 1995-11-13 1997-09-23 Netscape Communications Corporation Electronic commerce using a secure courier system
US6016355A (en) * 1995-12-15 2000-01-18 Veridicom, Inc. Capacitive fingerprint acquisition sensor
US6049620A (en) * 1995-12-15 2000-04-11 Veridicom, Inc. Capacitive fingerprint sensor with adjustable gain
GB9600804D0 (en) * 1996-01-17 1996-03-20 Robb Garry D Multiphone
US5963679A (en) * 1996-01-26 1999-10-05 Harris Corporation Electric field fingerprint sensor apparatus and related methods
US6075905A (en) * 1996-07-17 2000-06-13 Sarnoff Corporation Method and apparatus for mosaic image construction
US6230235B1 (en) * 1996-08-08 2001-05-08 Apache Systems, Inc. Address lookup DRAM aging
US5987156A (en) * 1996-11-25 1999-11-16 Lucent Technologies Apparatus for correcting fixed column noise in images acquired by a fingerprint sensor
EP0980559A4 (en) 1997-05-09 2004-11-03 Gte Service Corp Biometric certificates
US6202151B1 (en) 1997-05-09 2001-03-13 Gte Service Corporation System and method for authenticating electronic transactions using biometric certificates
US5903225A (en) * 1997-05-16 1999-05-11 Harris Corporation Access control system including fingerprint sensor enrollment and associated methods
US5991408A (en) * 1997-05-16 1999-11-23 Veridicom, Inc. Identification and security using biometric measurements
US5920640A (en) * 1997-05-16 1999-07-06 Harris Corporation Fingerprint sensor and token reader and associated methods
US5864296A (en) * 1997-05-19 1999-01-26 Trw Inc. Fingerprint detector using ridge resistance sensor
US6208264B1 (en) * 1997-05-23 2001-03-27 Automated Identification Service, Inc. Personal verification in a commercial transaction system
US6330345B1 (en) * 1997-11-17 2001-12-11 Veridicom, Inc. Automatic adjustment processing for sensor devices
US6501846B1 (en) * 1997-11-25 2002-12-31 Ethentica, Inc. Method and system for computer access and cursor control using a relief object image generator
DE29722222U1 (en) * 1997-12-16 1998-06-25 Siemens Ag Radio-operated communication terminal with navigation key
US6038666A (en) * 1997-12-22 2000-03-14 Trw Inc. Remote identity verification technique using a personal identification device
US6195447B1 (en) * 1998-01-16 2001-02-27 Lucent Technologies Inc. System and method for fingerprint data verification
US6260300B1 (en) * 1999-04-21 2001-07-17 Smith & Wesson Corp. Biometrically activated lock and enablement system
US6535622B1 (en) * 1999-04-26 2003-03-18 Veridicom, Inc. Method for imaging fingerprints and concealing latent fingerprints
US6681034B1 (en) 1999-07-15 2004-01-20 Precise Biometrics Method and system for fingerprint template matching
US6546122B1 (en) 1999-07-29 2003-04-08 Veridicom, Inc. Method for combining fingerprint templates representing various sensed areas of a fingerprint to derive one fingerprint template representing the fingerprint
US6853988B1 (en) * 1999-09-20 2005-02-08 Security First Corporation Cryptographic server with provisions for interoperability between cryptographic systems
JP3743246B2 (en) * 2000-02-03 2006-02-08 日本電気株式会社 Biometric input device and biometric verification device
JP4426733B2 (en) * 2000-03-31 2010-03-03 富士通株式会社 Fingerprint data synthesizing method, fingerprint data synthesizing device, fingerprint data synthesizing program, and computer-readable recording medium recording the program
AU2000244476A1 (en) * 2000-04-13 2001-10-30 Nanyang Technological University Method and device for determining a total minutiae template from a plurality of partial minutiae templates
US6518560B1 (en) * 2000-04-27 2003-02-11 Veridicom, Inc. Automatic gain amplifier for biometric sensor device
SE515239C2 (en) * 2000-05-15 2001-07-02 Ericsson Telefon Ab L M Method for generating a composite image and apparatus for detecting fingerprints
US6542740B1 (en) * 2000-10-24 2003-04-01 Litepoint, Corp. System, method and article of manufacture for utilizing a wireless link in an interface roaming network framework
US20020078347A1 (en) * 2000-12-20 2002-06-20 International Business Machines Corporation Method and system for using with confidence certificates issued from certificate authorities
US7103234B2 (en) * 2001-03-30 2006-09-05 Nec Laboratories America, Inc. Method for blind cross-spectral image registration
US7043061B2 (en) * 2001-06-27 2006-05-09 Laurence Hamid Swipe imager with multiple sensing arrays
US7203347B2 (en) * 2001-06-27 2007-04-10 Activcard Ireland Limited Method and system for extracting an area of interest from within a swipe image of a biological surface
US20030101348A1 (en) 2001-07-12 2003-05-29 Russo Anthony P. Method and system for determining confidence in a digital transaction
US20030021495A1 (en) * 2001-07-12 2003-01-30 Ericson Cheng Fingerprint biometric capture device and method with integrated on-chip data buffering

Patent Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4405829A (en) * 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US4222076A (en) * 1978-09-15 1980-09-09 Bell Telephone Laboratories, Incorporated Progressive image transmission
US4558372A (en) * 1984-01-19 1985-12-10 Tektronix, Inc. Scanning method and apparatus
US4654876A (en) * 1984-12-19 1987-03-31 Itek Corporation Digital image motion correction method
US5144448A (en) * 1990-07-31 1992-09-01 Vidar Systems Corporation Scanning apparatus using multiple CCD arrays and related method
US5155597A (en) * 1990-11-28 1992-10-13 Recon/Optical, Inc. Electro-optical imaging array with motion compensation
US5227839A (en) * 1991-06-24 1993-07-13 Etec Systems, Inc. Small field scanner
US5444478A (en) * 1992-12-29 1995-08-22 U.S. Philips Corporation Image processing method and device for constructing an image from adjacent images
US5453777A (en) * 1993-04-12 1995-09-26 Presstek, Inc. Method and apparatus for correcting and adjusting digital image output
US5768439A (en) * 1994-03-23 1998-06-16 Hitachi Software Engineering Co., Ltd. Image compounding method and device for connecting a plurality of adjacent images on a map without performing positional displacement at their connections boundaries
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system
US5812704A (en) * 1994-11-29 1998-09-22 Focus Automation Systems Inc. Method and apparatus for image overlap processing
US6289114B1 (en) * 1996-06-14 2001-09-11 Thomson-Csf Fingerprint-reading system
US6219793B1 (en) * 1996-09-11 2001-04-17 Hush, Inc. Method of using fingerprints to authenticate wireless communications
US6175922B1 (en) * 1996-12-04 2001-01-16 Esign, Inc. Electronic transaction systems and methods therefor
US6003135A (en) * 1997-06-04 1999-12-14 Spyrus, Inc. Modular security device
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US6047268A (en) * 1997-11-04 2000-04-04 A.T.&T. Corporation Method and apparatus for billing for transactions conducted over the internet
US6195471B1 (en) * 1998-03-24 2001-02-27 Agfa Corporation Method and apparatus for combining a plurality of images at random stitch points without incurring a visible seam
US6097418A (en) * 1998-03-24 2000-08-01 Agfa Corporation Method and apparatus for combining a plurality of images without incurring a visible seam
US6256737B1 (en) * 1999-03-09 2001-07-03 Bionetrix Systems Corporation System, method and computer program product for allowing access to enterprise resources using biometric devices
US6333989B1 (en) * 1999-03-29 2001-12-25 Dew Engineering And Development Limited Contact imaging device
US20020060243A1 (en) * 2000-11-13 2002-05-23 Janiak Martin J. Biometric authentication device for use in mobile telecommunications

Cited By (213)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050218010A1 (en) * 2001-03-14 2005-10-06 Zhihong Wang Process and composition for conductive material removal by electrochemical mechanical polishing
US20060006074A1 (en) * 2001-03-14 2006-01-12 Liu Feng Q Method and composition for polishing a substrate
US20030178320A1 (en) * 2001-03-14 2003-09-25 Applied Materials, Inc. Method and composition for polishing a substrate
US20050056537A1 (en) * 2001-03-14 2005-03-17 Liang-Yuh Chen Planarization of substrates using electrochemical mechanical polishing
US20060169597A1 (en) * 2001-03-14 2006-08-03 Applied Materials, Inc. Method and composition for polishing a substrate
US20030234184A1 (en) * 2001-03-14 2003-12-25 Applied Materials, Inc. Method and composition for polishing a substrate
US20040053499A1 (en) * 2001-03-14 2004-03-18 Applied Materials, Inc. Method and composition for polishing a substrate
US20070274575A1 (en) * 2001-07-12 2007-11-29 Russo Anthony P Method and system for biometric image assembly from multiple partial biometric frame scans
US20030115490A1 (en) * 2001-07-12 2003-06-19 Russo Anthony P. Secure network and networked devices using biometrics
US7751595B2 (en) 2001-07-12 2010-07-06 Authentec, Inc. Method and system for biometric image assembly from multiple partial biometric frame scans
US7197168B2 (en) 2001-07-12 2007-03-27 Atrua Technologies, Inc. Method and system for biometric image assembly from multiple partial biometric frame scans
US20030101348A1 (en) * 2001-07-12 2003-05-29 Russo Anthony P. Method and system for determining confidence in a digital transaction
US20070295611A1 (en) * 2001-12-21 2007-12-27 Liu Feng Q Method and composition for polishing a substrate
US20050145507A1 (en) * 2001-12-21 2005-07-07 Applied Materials, Inc. Electrolyte with good planarization capability, high removal rate and smooth surface finish for electrochemically controlled copper CMP
US20030216045A1 (en) * 2001-12-21 2003-11-20 Applied Materials, Inc. Hydrogen bubble reduction on the cathode using double-cell designs
US20040054913A1 (en) * 2002-02-28 2004-03-18 West Mark Brian System and method for attaching un-forgeable biometric data to digital identity tokens and certificates, and validating the attached biometric data while validating digital identity tokens and certificates
US20030223624A1 (en) * 2002-05-30 2003-12-04 Laurence Hamid Method and apparatus for hashing data
US7274804B2 (en) * 2002-05-30 2007-09-25 Activcard Ireland Limited Method and apparatus for hashing data
US20100005315A1 (en) * 2002-08-06 2010-01-07 Abdallah David S Methods for secure enrollment and backup of personal identity credentials into electronic devices
US7590861B2 (en) * 2002-08-06 2009-09-15 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US20160065373A1 (en) * 2002-08-06 2016-03-03 Apple Inc. Methods for secure restoration of personal identity credentials into electronic devices
US8055906B2 (en) * 2002-08-06 2011-11-08 Privaris, Inc. Methods for secure restoration of personal identity credentials into electronic devices
US20090037745A1 (en) * 2002-08-06 2009-02-05 Abdallah David S Methods for secure backup of personal identity credentials into electronic devices
US9716698B2 (en) 2002-08-06 2017-07-25 Apple Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US9979709B2 (en) * 2002-08-06 2018-05-22 Apple Inc. Methods for secure restoration of personal identity credentials into electronic devices
US20090037746A1 (en) * 2002-08-06 2009-02-05 Abdallah David S Methods for secure restoration of personal identity credentials into electronic devices
US8127143B2 (en) * 2002-08-06 2012-02-28 Privaris, Inc. Methods for secure enrollment of personal identity credentials into electronic devices
US8001372B2 (en) * 2002-08-06 2011-08-16 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US8826031B2 (en) * 2002-08-06 2014-09-02 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US9270464B2 (en) 2002-08-06 2016-02-23 Apple Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US20130290726A1 (en) * 2002-08-06 2013-10-31 Privaris, Inc. Methods for secure restoration of personal identity credentials into electronic devices
US20090031140A1 (en) * 2002-08-06 2009-01-29 Abdallah David S Methods for secure enrollment of personal identity credentials into electronic devices
US20040139329A1 (en) * 2002-08-06 2004-07-15 Abdallah David S. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US8407480B2 (en) 2002-08-06 2013-03-26 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US9160537B2 (en) * 2002-08-06 2015-10-13 Apple Inc. Methods for secure restoration of personal identity credentials into electronic devices
US8478992B2 (en) 2002-08-06 2013-07-02 Privaris, Inc. Methods for secure restoration of personal identity credentials into electronic devices
US7788501B2 (en) * 2002-08-06 2010-08-31 Privaris, Inc. Methods for secure backup of personal identity credentials into electronic devices
US20130227299A1 (en) * 2002-08-06 2013-08-29 Privaris, Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US7900052B2 (en) * 2002-11-06 2011-03-01 International Business Machines Corporation Confidential data sharing and anonymous entity resolution
US20040210763A1 (en) * 2002-11-06 2004-10-21 Systems Research & Development Confidential data sharing and anonymous entity resolution
US8474025B2 (en) * 2002-12-30 2013-06-25 American Express Travel Related Services Company, Inc. Methods and apparatus for credential validation
US7571472B2 (en) * 2002-12-30 2009-08-04 American Express Travel Related Services Company, Inc. Methods and apparatus for credential validation
US20040128502A1 (en) * 2002-12-30 2004-07-01 American Express Travel Related Services Company, Inc. Methods and apparatus for credential validation
US20090265555A1 (en) * 2002-12-30 2009-10-22 American Express Travel Related Services Company, Inc. Methods and apparatus for credential validation
US7925887B2 (en) * 2003-05-19 2011-04-12 Intellirad Solutions Pty Ltd. Multi-parameter biometric authentication
US20060282671A1 (en) * 2003-05-19 2006-12-14 Intellirad Solutions Pty Ltd Multi-parameter biometric authentication
US20110228989A1 (en) * 2003-05-19 2011-09-22 David Burton Multi-parameter biometric authentication
US20060102872A1 (en) * 2003-06-06 2006-05-18 Applied Materials, Inc. Method and composition for electrochemical mechanical polishing processing
US20040248412A1 (en) * 2003-06-06 2004-12-09 Liu Feng Q. Method and composition for fine copper slurry for low dishing in ECMP
US20050039016A1 (en) * 2003-08-12 2005-02-17 Selim Aissi Method for using trusted, hardware-based identity credentials in runtime package signature to secure mobile communications and high-value transaction execution
WO2005020542A1 (en) * 2003-08-12 2005-03-03 Intel Corporation Method for using trusted, hardware-based identity credentials in runtime package signature to secure mobile communications and high-value transaction execution
GB2422077A (en) * 2003-08-12 2006-07-12 Intel Corp Method for using trusted,hardware-based identity credentials in runtime package signature to secure mobile communication and high-value transaction execution
GB2422077B (en) * 2003-08-12 2007-10-10 Intel Corp Method for using trusted,hardware-based identity credentials in runtime package signature to secure mobile communication and high-value trans action execution
US20050044388A1 (en) * 2003-08-19 2005-02-24 Brant Gary E. Reprise encryption system for digital data
US20050246763A1 (en) * 2004-03-25 2005-11-03 National University Of Ireland Secure digital content reproduction using biometrically derived hybrid encryption techniques
US11803633B1 (en) 2004-06-14 2023-10-31 Biocrypt Access Llc Method and system for securing user access, data at rest and sensitive transactions using biometrics for mobile devices with protected, local templates
US20110126024A1 (en) * 2004-06-14 2011-05-26 Rodney Beatson Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
US9940453B2 (en) 2004-06-14 2018-04-10 Biocrypt Access, Llc Method and system for securing user access, data at rest and sensitive transactions using biometrics for mobile devices with protected, local templates
US8842887B2 (en) 2004-06-14 2014-09-23 Rodney Beatson Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
US9665704B2 (en) 2004-06-14 2017-05-30 Rodney Beatson Method and system for providing password-free, hardware-rooted, ASIC-based, authentication of human to a stand-alone computing device using biometrics with a protected local template to release trusted credentials to relying parties
US20060041507A1 (en) * 2004-08-13 2006-02-23 Sbc Knowledge Ventures L.P. Pluggable authentication for transaction tool management services
US20070294431A1 (en) * 2004-10-29 2007-12-20 The Go Daddy Group, Inc. Digital identity validation
US8904040B2 (en) * 2004-10-29 2014-12-02 Go Daddy Operating Company, LLC Digital identity validation
US20100223251A1 (en) * 2004-10-29 2010-09-02 The Go Daddy Group, Inc. Digital identity registration
US20070208869A1 (en) * 2004-10-29 2007-09-06 The Go Daddy Group, Inc. Digital identity registration
US20060095404A1 (en) * 2004-10-29 2006-05-04 The Go Daddy Group, Inc Presenting search engine results based on domain name related reputation
US20080028100A1 (en) * 2004-10-29 2008-01-31 The Go Daddy Group, Inc. Tracking domain name related reputation
US20090216904A1 (en) * 2004-10-29 2009-08-27 The Go Daddy Group, Inc. Method for Accessing Domain Name Related Reputation
US20080028443A1 (en) * 2004-10-29 2008-01-31 The Go Daddy Group, Inc. Domain name related reputation and secure certificates
US20080022013A1 (en) * 2004-10-29 2008-01-24 The Go Daddy Group, Inc. Publishing domain name related reputation in whois records
US20070208940A1 (en) * 2004-10-29 2007-09-06 The Go Daddy Group, Inc. Digital identity related reputation tracking and publishing
US9015263B2 (en) 2004-10-29 2015-04-21 Go Daddy Operating Company, LLC Domain name searching with reputation rating
US20060095459A1 (en) * 2004-10-29 2006-05-04 Warren Adelman Publishing domain name related reputation in whois records
US20100174795A1 (en) * 2004-10-29 2010-07-08 The Go Daddy Group, Inc. Tracking domain name related reputation
US7996512B2 (en) 2004-10-29 2011-08-09 The Go Daddy Group, Inc. Digital identity registration
US20060200487A1 (en) * 2004-10-29 2006-09-07 The Go Daddy Group, Inc. Domain name related reputation and secure certificates
US11477011B1 (en) * 2005-03-30 2022-10-18 Wells Fargo Bank, N.A. Distributed cryptographic management for computer systems
US20060249394A1 (en) * 2005-05-05 2006-11-09 Applied Materials, Inc. Process and composition for electrochemical mechanical polishing
US20060249395A1 (en) * 2005-05-05 2006-11-09 Applied Material, Inc. Process and composition for electrochemical mechanical polishing
US20060282680A1 (en) * 2005-06-14 2006-12-14 Kuhlman Douglas A Method and apparatus for accessing digital data using biometric information
US7525411B2 (en) 2005-10-11 2009-04-28 Newfrey Llc Door lock with protected biometric sensor
US20070080778A1 (en) * 2005-10-11 2007-04-12 Newfrey Llc Door lock with protected biometric sensor
US8090939B2 (en) * 2005-10-21 2012-01-03 Hewlett-Packard Development Company, L.P. Digital certificate that indicates a parameter of an associated cryptographic token
US20070094493A1 (en) * 2005-10-21 2007-04-26 Ali Valiuddin Y Digital certificate that indicates a parameter of an associated cryptographic token
EP1777636A1 (en) * 2005-10-21 2007-04-25 Hewlett-Packard Development Company, L.P. A digital certificate that indicates a parameter of an associated cryptographic token
US8972735B2 (en) 2006-02-13 2015-03-03 At&T Intellectual Property I, L.P. Methods and apparatus to certify digital signatures
US9531546B2 (en) 2006-02-13 2016-12-27 At&T Intellectual Property I, L.P. Methods and apparatus to certify digital signatures
US20070198832A1 (en) * 2006-02-13 2007-08-23 Novack Brian M Methods and apparatus to certify digital signatures
US8700902B2 (en) 2006-02-13 2014-04-15 At&T Intellectual Property I, L.P. Methods and apparatus to certify digital signatures
US20070226514A1 (en) * 2006-03-24 2007-09-27 Atmel Corporation Secure biometric processing system and method of use
US8261072B2 (en) 2006-03-24 2012-09-04 Atmel Corporation Method and system for secure external TPM password generation and use
US7849312B2 (en) 2006-03-24 2010-12-07 Atmel Corporation Method and system for secure external TPM password generation and use
US20070226787A1 (en) * 2006-03-24 2007-09-27 Atmel Corporation Method and system for secure external TPM password generation and use
US20070226496A1 (en) * 2006-03-24 2007-09-27 Atmel Corporation Method and system for secure external TPM password generation and use
WO2007112023A2 (en) * 2006-03-24 2007-10-04 Atmel Corporation Secure biometric processing system and method of use
US20070237366A1 (en) * 2006-03-24 2007-10-11 Atmel Corporation Secure biometric processing system and method of use
WO2007112023A3 (en) * 2006-03-24 2008-03-06 Atmel Corp Secure biometric processing system and method of use
US20080065895A1 (en) * 2006-04-07 2008-03-13 Huawei Technologies Co., Ltd. Method and System for Implementing Authentication on Information Security
EP2009839A4 (en) * 2006-04-07 2010-03-10 Huawei Tech Co Ltd A method and system for information security authentication
EP2214342A2 (en) 2006-04-07 2010-08-04 Huawei Technologies Co., Ltd. Method and system for implementing authentication on information security
EP2214342A3 (en) * 2006-04-07 2011-03-09 Huawei Technologies Co., Ltd. Method and system for implementing authentication on information security
EP2009839A1 (en) * 2006-04-07 2008-12-31 Huawei Technologies Co Ltd A method and system for information security authentication
US20070254485A1 (en) * 2006-04-28 2007-11-01 Daxin Mao Abrasive composition for electrochemical mechanical polishing
US8359471B2 (en) * 2006-08-17 2013-01-22 Hieronymus Watse Wiersma System and method for generating a signature
US20100250953A1 (en) * 2006-08-17 2010-09-30 Hieronymus Watse Wiersma System And Method For Generating A Signature
EP2086162A4 (en) * 2006-10-27 2017-05-17 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. System, device, method and program for authenticating communication partner by means of electronic certificate including personal information
US20120272066A1 (en) * 2006-10-27 2012-10-25 International Business Machines Corporation System, Apparatus, Method, And Program Product For Authenticating Communication Partner Using Electronic Certificate Containing Personal Information
US8578167B2 (en) * 2006-10-27 2013-11-05 International Business Machines Corporation System, apparatus, method, and program product for authenticating communication partner using electronic certificate containing personal information
US8204831B2 (en) 2006-11-13 2012-06-19 International Business Machines Corporation Post-anonymous fuzzy comparisons without the use of pre-anonymization variants
US20080114991A1 (en) * 2006-11-13 2008-05-15 International Business Machines Corporation Post-anonymous fuzzy comparisons without the use of pre-anonymization variants
US20080162943A1 (en) * 2006-12-28 2008-07-03 Ali Valiuddin Y Biometric security system and method
WO2008100757A3 (en) * 2007-02-16 2008-11-06 Tibco Software Inc Systems and methods for automating certification authority practices
US8984280B2 (en) 2007-02-16 2015-03-17 Tibco Software Inc. Systems and methods for automating certification authority practices
US9264902B1 (en) * 2007-03-02 2016-02-16 Citigroup Global Markets Inc. Systems and methods for remote authorization of financial transactions using public key infrastructure (PKI)
US20090271428A1 (en) * 2007-05-09 2009-10-29 The Go Daddy Group, Inc. Tracking digital identity related reputation data
US20090248623A1 (en) * 2007-05-09 2009-10-01 The Go Daddy Group, Inc. Accessing digital identity related reputation data
US20080288291A1 (en) * 2007-05-16 2008-11-20 Silver Springs - Martin Luther School Digital Signature, Electronic Record Software and Method
US20090013191A1 (en) * 2007-07-05 2009-01-08 Honeywell International, Inc. Multisystem biometric token
US9237018B2 (en) * 2007-07-05 2016-01-12 Honeywell International Inc. Multisystem biometric token
US20090021349A1 (en) * 2007-07-19 2009-01-22 Stephen Errico Method to record and authenticate a participant's biometric identification of an event via a network
US20090164796A1 (en) * 2007-12-21 2009-06-25 Daon Holdings Limited Anonymous biometric tokens
US8670562B2 (en) * 2007-12-21 2014-03-11 Morpho Generation and use of a biometric key
US20100310070A1 (en) * 2007-12-21 2010-12-09 Morpho Generation and Use of a Biometric Key
US8700486B2 (en) 2008-02-19 2014-04-15 Go Daddy Operating Company, LLC Rating e-commerce transactions
US8826009B2 (en) 2008-10-22 2014-09-02 Blackberry Limited Method of handling a certification request
EP2180634A1 (en) 2008-10-22 2010-04-28 Research In Motion Limited Method of handling a certification request
US20100100728A1 (en) * 2008-10-22 2010-04-22 Research In Motion Limited Method of handling a certification request
US9300654B2 (en) 2008-10-22 2016-03-29 Blackberry Limited Method of handling a certification request
US8296563B2 (en) 2008-10-22 2012-10-23 Research In Motion Limited Method of handling a certification request
CN102187352A (en) * 2008-10-27 2011-09-14 德国捷德有限公司 Method and system for personalizing a portable data storage device
US20100153722A1 (en) * 2008-12-11 2010-06-17 International Business Machines Corporation Method and system to prove identity of owner of an avatar in virtual world
US9071440B2 (en) 2008-12-22 2015-06-30 Google Technology Holdings LLC Method and system of authenticating the identity of a user of a public computer terminal
US20100161664A1 (en) * 2008-12-22 2010-06-24 General Instrument Corporation Method and System of Authenticating the Identity of a User of a Public Computer Terminal
US20100241851A1 (en) * 2009-03-17 2010-09-23 Research In Motion Limited System and method for validating certificate issuance notification messages
US8255685B2 (en) 2009-03-17 2012-08-28 Research In Motion Limited System and method for validating certificate issuance notification messages
US8826007B2 (en) 2009-03-17 2014-09-02 Blackberry Limited System and method for validating certificate issuance notification messages
US7690032B1 (en) 2009-05-22 2010-03-30 Daon Holdings Limited Method and system for confirming the identity of a user
US20150312041A1 (en) * 2009-11-17 2015-10-29 Unho Choi Authentication in ubiquitous environment
US20210226798A1 (en) * 2009-11-17 2021-07-22 Unho Choi Authentication in ubiquitous environment
US9832019B2 (en) * 2009-11-17 2017-11-28 Unho Choi Authentication in ubiquitous environment
US20170359180A1 (en) * 2009-11-17 2017-12-14 Unho Choi Authentication in ubiquitous environment
US20210226797A1 (en) * 2009-11-17 2021-07-22 Unho Choi Authentication in ubiquitous environment
US11005660B2 (en) * 2009-11-17 2021-05-11 Unho Choi Authentication in ubiquitous environment
US11664996B2 (en) * 2009-11-17 2023-05-30 Unho Choi Authentication in ubiquitous environment
US11664997B2 (en) * 2009-11-17 2023-05-30 Unho Choi Authentication in ubiquitous environment
US8791792B2 (en) 2010-01-15 2014-07-29 Idex Asa Electronic imager using an impedance sensor grid array mounted on or about a switch and method of making
US9600704B2 (en) 2010-01-15 2017-03-21 Idex Asa Electronic imager using an impedance sensor grid array and method of making
US8421890B2 (en) 2010-01-15 2013-04-16 Picofield Technologies, Inc. Electronic imager using an impedance sensor grid array and method of making
US9268988B2 (en) 2010-01-15 2016-02-23 Idex Asa Biometric image sensing
US11080504B2 (en) 2010-01-15 2021-08-03 Idex Biometrics Asa Biometric image sensing
US8866347B2 (en) 2010-01-15 2014-10-21 Idex Asa Biometric image sensing
US10115001B2 (en) 2010-01-15 2018-10-30 Idex Asa Biometric image sensing
US9659208B2 (en) 2010-01-15 2017-05-23 Idex Asa Biometric image sensing
US10592719B2 (en) 2010-01-15 2020-03-17 Idex Biometrics Asa Biometric image sensing
US20130268444A1 (en) * 2010-05-28 2013-10-10 Jong Namgoong Three-factor user authentication method for generating otp using iris information and secure mutual authentication system using otp authentication module of wireless communication terminal
US9225510B1 (en) 2010-08-17 2015-12-29 Go Daddy Operating Company, LLC Website secure certificate status determination via partner browser plugin
US9225511B1 (en) 2010-08-17 2015-12-29 Go Daddy Operating Company, LLC Systems for determining website secure certificate status via partner browser plugin
US20120144204A1 (en) * 2010-12-01 2012-06-07 Lumidigm, Inc. Updates of biometric access systems
US9122856B2 (en) * 2010-12-01 2015-09-01 Hid Global Corporation Updates of biometric access systems
US20160028545A1 (en) * 2011-08-26 2016-01-28 Life Technologies Corporation Systems and methods for identifying an individual
US11636190B2 (en) 2011-08-26 2023-04-25 Life Technologies Corporation Systems and methods for identifying an individual
US10733277B2 (en) 2011-08-26 2020-08-04 Life Technologies Corporation Systems and methods for identifying an individual
US9520999B2 (en) * 2011-08-26 2016-12-13 Life Technologies Corporation Systems and methods for identifying an individual
US20150363586A1 (en) * 2011-08-26 2015-12-17 Life Technologies Corporation Systems and methods for identifying an individual
US11354751B2 (en) 2011-12-07 2022-06-07 Visa International Service Association Multi-purpose device having multiple certificates including member certificate
US9959576B2 (en) * 2011-12-07 2018-05-01 Visa International Service Association Multi-purpose device having multiple certificates including member certificate
US10817954B2 (en) 2011-12-07 2020-10-27 Visa International Service Association Multi-purpose device having multiple certificates including member certificate
US20130197946A1 (en) * 2011-12-07 2013-08-01 Simon Hurry Multi purpose device
US11823282B2 (en) 2011-12-07 2023-11-21 Visa International Service Association Multi-purpose device having multiple certificates including member certificate
US9798917B2 (en) 2012-04-10 2017-10-24 Idex Asa Biometric sensing
US10088939B2 (en) 2012-04-10 2018-10-02 Idex Asa Biometric sensing
US10101851B2 (en) 2012-04-10 2018-10-16 Idex Asa Display with integrated touch screen and fingerprint sensor
US10114497B2 (en) 2012-04-10 2018-10-30 Idex Asa Biometric sensing
US9554751B2 (en) 2012-09-25 2017-01-31 Micro Mobio Corporation Personal cloud with a plurality of modular capabilities
US11642045B1 (en) 2012-09-25 2023-05-09 Micro Mobio Corporation Personal health and environmental monitoring device and method
US11877842B1 (en) 2012-09-25 2024-01-23 Micro Mobio Corporation Personal cloud with a plurality of modular capabilities
US9086847B2 (en) * 2012-09-25 2015-07-21 Micro Mobio Corporation Personal cloud case cover with a plurality of modular capabilities
US10159430B1 (en) 2012-09-25 2018-12-25 Micro Mobio Corporation Personal cloud with a plurality of modular capabilities
US11058326B1 (en) 2012-09-25 2021-07-13 Micro Mobio Corporation Cloud communication antenna panel system and method
US10437295B1 (en) 2012-09-25 2019-10-08 Micro Mobio Corporation Personal cloud case cover with a plurality of modular capabilities
US11786146B1 (en) 2012-09-25 2023-10-17 Micro Mobio Corporation Wireless hub system and method
US11553857B1 (en) 2012-09-25 2023-01-17 Micro Mobio Corporation System and method for through window personal cloud transmission
EP2909963B1 (en) * 2012-10-11 2019-07-31 Idemia Identity & Security France Electronic signature method with ephemeral signature
US10412081B2 (en) * 2013-03-15 2019-09-10 Airwatch, Llc Facial capture managing access to resources by a device
US11069168B2 (en) 2013-03-15 2021-07-20 Airwatch, Llc Facial capture managing access to resources by a device
US20160359851A1 (en) * 2013-03-15 2016-12-08 Airwatch, Llc Facial capture managing access to resources by a device
US9178888B2 (en) 2013-06-14 2015-11-03 Go Daddy Operating Company, LLC Method for domain control validation
US9521138B2 (en) 2013-06-14 2016-12-13 Go Daddy Operating Company, LLC System for domain control validation
US9472195B2 (en) * 2014-03-26 2016-10-18 Educational Testing Service Systems and methods for detecting fraud in spoken tests using voice biometrics
US20150279372A1 (en) * 2014-03-26 2015-10-01 Educational Testing Service Systems and Methods for Detecting Fraud in Spoken Tests Using Voice Biometrics
US20150317466A1 (en) * 2014-05-02 2015-11-05 Verificient Technologies, Inc. Certificate verification system and methods of performing the same
US10114939B1 (en) * 2014-09-22 2018-10-30 Symantec Corporation Systems and methods for secure communications between devices
US20160117492A1 (en) * 2014-10-28 2016-04-28 Morpho Method of authenticating a user holding a biometric certificate
US9984220B2 (en) * 2014-10-28 2018-05-29 Morpho Method of authenticating a user holding a biometric certificate
US10575785B2 (en) 2015-02-05 2020-03-03 Samsung Electronics Co., Ltd. Method and apparatus for obtaining biometric information
CN106576044A (en) * 2015-04-23 2017-04-19 崔云虎 Authentication in ubiquitous environment
WO2016171295A1 (en) * 2015-04-23 2016-10-27 최운호 Authentication in ubiquitous environment
EP3288214A4 (en) * 2015-04-23 2018-12-05 Unho Choi Authentication in ubiquitous environment
US10868672B1 (en) 2015-06-05 2020-12-15 Apple Inc. Establishing and verifying identity using biometrics while protecting user privacy
US11140171B1 (en) 2015-06-05 2021-10-05 Apple Inc. Establishing and verifying identity using action sequences while protecting user privacy
US10404464B2 (en) 2016-08-22 2019-09-03 Mastercard International Incorporated Method and system for secure FIDO development kit with embedded hardware
US11036870B2 (en) * 2016-08-22 2021-06-15 Mastercard International Incorporated Method and system for secure device based biometric authentication scheme
US20180167388A1 (en) * 2016-09-29 2018-06-14 International Business Machines Corporation Distributed storage of authentication data
US10237270B2 (en) * 2016-09-29 2019-03-19 International Business Machines Corporation Distributed storage of authentication data
US10205723B2 (en) * 2016-09-29 2019-02-12 International Business Machines Corporation Distributed storage of authentication data
US11418347B1 (en) * 2016-10-20 2022-08-16 Wells Fargo Bank, N.A. Biometric electronic signature tokens
US11895239B1 (en) * 2016-10-20 2024-02-06 Wells Fargo Bank, N.A. Biometric electronic signature tokens
US20210012350A1 (en) * 2018-02-22 2021-01-14 Oh Stephen Sang Geun Electronic approval system and method and program using biometric authentication
US11502849B2 (en) 2018-02-28 2022-11-15 Motorola Solutions, Inc. Method of utilizing a trusted secret package for certificate enrollment
US10530577B1 (en) * 2019-02-08 2020-01-07 Talenting, Inc. Systems and methods for biometric key generation in data access control, data verification, and path selection in block chain-linked workforce data management
US11335440B1 (en) * 2020-06-12 2022-05-17 Tensorx, Inc. Health status system, platform, and method
US20220114542A1 (en) * 2020-10-09 2022-04-14 Unho Choi Chain of authentication using public key infrastructure
WO2024038630A1 (en) * 2022-08-16 2024-02-22 株式会社日立製作所 Authentication system and authentication method

Also Published As

Publication number Publication date
WO2003007125A9 (en) 2003-09-12
US20070274575A1 (en) 2007-11-29
JP2005531935A (en) 2005-10-20
WO2003007127A2 (en) 2003-01-23
WO2003007125A2 (en) 2003-01-23
US20030126448A1 (en) 2003-07-03
EP1573426A2 (en) 2005-09-14
WO2003007121A3 (en) 2003-06-05
WO2003007127A9 (en) 2003-03-27
WO2003007125A3 (en) 2003-06-12
EP1573426A4 (en) 2009-11-25
AU2002316679A1 (en) 2003-01-29
US20030101348A1 (en) 2003-05-29
US20030115490A1 (en) 2003-06-19
AU2002332414A1 (en) 2003-01-29
AU2002346107A1 (en) 2003-01-29
US7197168B2 (en) 2007-03-27
WO2003007127A3 (en) 2008-11-20
AU2002316679A8 (en) 2008-12-18
WO2003007121B1 (en) 2003-08-07
WO2003007121A2 (en) 2003-01-23
US7751595B2 (en) 2010-07-06

Similar Documents

Publication Publication Date Title
US20030115475A1 (en) Biometrically enhanced digital certificates and system and method for making and using
WO2003007527A2 (en) Biometrically enhanced digital certificates and system and method for making and using
US10824714B2 (en) Method and system for securing user access, data at rest, and sensitive transactions using biometrics for mobile devices with protected local templates
US4993068A (en) Unforgeable personal identification system
KR100486062B1 (en) Biometric certificates
TWI237978B (en) Method and apparatus for the trust and authentication of network communications and transactions, and authentication infrastructure
US8447991B2 (en) Card authentication system
US6311272B1 (en) Biometric system and techniques suitable therefor
US7269277B2 (en) Perfectly secure authorization and passive identification with an error tolerant biometric system
US6202151B1 (en) System and method for authenticating electronic transactions using biometric certificates
US20030012374A1 (en) Electronic signing of documents
US20110126024A1 (en) Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
US20070118758A1 (en) Processing device, helper data generating device, terminal device, authentication device and biometrics authentication system
US20090293111A1 (en) Third party system for biometric authentication
US11736291B2 (en) Digital notarization using a biometric identification service
US20100174914A1 (en) System and method for traceless biometric identification with user selection
US20040128520A1 (en) Trusted biometric device
JP2000276445A (en) Authentication method and device using biometrics discrimination, authentication execution device, and recording medium recorded with authentication program
US20030217276A1 (en) Match template protection within biometric security systems
US20050021954A1 (en) Personal authentication device and system and method thereof
EP1280098A1 (en) Electronic signing of documents
GB2386803A (en) Protecting a digital certificate stored on a physical token using biometric authentication
Bosworth et al. Entities, identities, identifiers and credentials—what does it all mean?
US20200204377A1 (en) Digital notarization station that uses a biometric identification service
Chandramouli A New Taxonomy for Analyzing Authentication Processes in Smart Card Usage Profiles

Legal Events

Date Code Title Description
AS Assignment

Owner name: I-CONTROL SECURITY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ROSKE, THORSTEN;RUSSO, ANTHONY P.;HOWELL, MARK J.;AND OTHERS;REEL/FRAME:013796/0814;SIGNING DATES FROM 20021205 TO 20030207

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION