US20060206725A1 - System and method for platform-independent biometrically verified secure information transfer and access control - Google Patents
System and method for platform-independent biometrically verified secure information transfer and access control Download PDFInfo
- Publication number
- US20060206725A1 US20060206725A1 US11/430,130 US43013006A US2006206725A1 US 20060206725 A1 US20060206725 A1 US 20060206725A1 US 43013006 A US43013006 A US 43013006A US 2006206725 A1 US2006206725 A1 US 2006206725A1
- Authority
- US
- United States
- Prior art keywords
- party
- biometric
- information
- data processing
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Definitions
- the present invention relates generally to a system and method for biometrically verifying and securing transfer of information between two or more parties, and more particularly to a system and method for providing various advantageous biometrically-enhanced platform-independent features to the process of information transfer between two or more parties.
- Biometrics is a field of technology aimed at utilizing one or more unique personal characteristics of an individual, ranging, for example from their fingerprints to their hand vein pattern, odor, iris image, or their DNA, to authenticate their identity.
- Biometric technologies are typically of two types—passive and active. Passive biometrics either do not require the individual who's identity is being verified to do anything other than to enable a certain biometric characteristic to be acquired by the system (e.g., by placing a finger on a fingerprint scanner, by looking into a retinal scanner, or by looking in the direction of a facial scanner).
- biometrics require the individual who's identity is being verified to perform one or more predetermined actions in order to enable the system to acquire the representation of one or more appropriate biometric characteristics (e.g., by providing a signature, by speaking, by squeezing a certain object, etc.).
- Certain types of biometric systems may incorporate a combination of active and passive biometric approaches. The various types of biometric systems are discussed in greater detail in the commonly assigned co-pending U.S. patent application Ser. No. 11/332,017 entitled “MULTIPLATFORM INDEPENDENT BIOMETRIC IDENTIFICATION SYSTEM”, which is hereby incorporated by reference herein in its entirety.
- biometric access control systems While certainly appearing to address one of the key challenges of securing information transfer, biometric access control systems suffer from a number of serious disadvantages that have prevented their widespread use, and that have effectively stunted their growth in most areas outside of physical access control and local computer access control applications. To understand these disadvantages, it is useful to provide an overview of previously known biometric access control system operations.
- a biometric access control system typically includes two main components—a physical device of some sort to actively, and/or passively, acquire predetermined biometric information, and program instructions (such as a software application, embedded in the device, installed on the computer connected to the device, or a combination of both), for managing the operation of the device, and for providing biometric recognition technology that enables utilization of the device to authenticate the identity of one or more individuals previously “enrolled” in the system when the individual presents the appropriate biometric information to the device.
- program instructions such as a software application, embedded in the device, installed on the computer connected to the device, or a combination of both
- Each individual authorized to use a biometric access control system is first “enrolled” (i.e., registered) in the system, so that the system can acquire particular biometric information from the individual in accordance with a predetermined enrollment protocol (for example, requiring the individual to provide the same, or similar, biometric information several times, etc.).
- the acquired biometric enrollment information is then transformed, in accordance with one or more proprietary technologies, into a “recognition template” (or equivalent logical data structure), representative of the acquired biometric information, and then optionally optimized for use with the appropriate biometric recognition algorithms.
- biometric information of the same specific type as was originally enrolled (e.g., left index finger fingerprint, right iris, etc.), is presented to the biometric device, then acquired and transformed into a template, and finally compared to the enrolled stored recognition template, to determine a match, in accordance with one or more recognition criteria (for example a “recognition threshold”, representative of the allowable degree of difference between the enrolled template, and the presented template, for successful authentication thereof), and therefore to authenticate the identity of the presenting individual.
- recognition criteria for example a “recognition threshold”, representative of the allowable degree of difference between the enrolled template, and the presented template, for successful authentication thereof.
- the enrollment recognition template may be stored in the biometric device, in the computer to which the device is connected, in a different computer connected thereto, or in one or more of the above, depending on the device model.
- the enrolled individual must always utilize the specific type and model of biometric device and the specific computer (or computer network) where they originally enrolled.
- biometrics Similar issues exist with respect to use of biometrics to control access to content—all involved parties must use a biometric device that is compatible with the system providing biometric access control to the content, and similarly are limited to using the same type and model of biometric device, and only at the computers (or computer networks) where they previously enrolled.
- biometric security approaches enable parties to verify and secure the transfer of information therebetween, utilizing any biometric identity verification system available to each party, without regard to the biometric identity verification system (or systems) utilized by the other party or parties.
- FIG. 1A shows a block diagram of a first exemplary embodiment of the inventive secure information transfer management (SITM) system, that enables verifying and securing information transfer between parties, through platform-independent identity verification;
- SITM secure information transfer management
- FIG. 1B shows a block diagram of an alternate exemplary embodiment of the inventive SITM system of FIG. 1 ;
- FIG. 2 shows a block diagram of a second exemplary embodiment of the inventive SITM system, that enables verifying and securing information transfer between parties, through platform-independent identity verification;
- FIG. 3 shows a block diagram of a third exemplary embodiment of the inventive SITM system, that enables verifying and securing information transfer between parties, through platform-independent identity verification;
- FIG. 4 shows a block diagram of an exemplary embodiment of the inventive SITM system; that enables verifying and securing information transfer between parties, through platform-independent identity verification;
- FIG. 5 shows a logic flow diagram of an exemplary embodiment of a process of implementing and utilizing the SITM system of FIGS. 1A-3 ;
- FIG. 6 shows a logic flow diagram of an exemplary embodiment of a process of implementing and utilizing the SITM system of FIG. 4 .
- the inventive data processing system and method enable secure transfer of information between two or more parties, each having access to at least one identity verification system, utilizing a platform-independent architecture to enable the sending and receiving parties to verify transmission and receipt of secured (e.g., encrypted) information, and/or to control access by one party to information secured by another party, regardless of the type, model, ownership, and/or quantity of biometric identity verification (BIV) systems being utilized by each party.
- secured e.g., encrypted
- parties desiring to securely transfer information between one another register at a central independent biometric security management (IBSM) system, and each provide one or more biometric enrollments that are stored by the IBSM system in their unique record.
- IBSM independent biometric security management
- the inventive system also enables any registered party to send biometrically (and otherwise) secured information to the other party utilizing any available BIV system (or systems) that is compatible with one or more of their registered biometric enrollments stored in their IBSM system record, regardless of BIV system ownership, and without requiring local enrollment.
- registered users can advantageously utilize a compatible BIV system of any information transfer device capable of communication with the IBSM system.
- a party registered with the IBSM system that owns certain secured content, is able to selectively designate identities of one or more registered parties that are authorized to access the secured content and/or a portion thereof, upon verification of their identity, and, optionally, provide one or more rules of varying complexity to the IBSM system governing such access.
- the system and method of the present invention remedy the disadvantages of previously known biometric solutions directed at verifying and securing information transfer between parties, by providing a platform-independent biometric security management system architecture that enables registered parties to securely transfer information therebetween, and verify the identities of the party enabling the transfer (e.g., by transmission of information, or by enabling secured access to stored information), and/or of the recipient party gaining access to the information (e.g., by receiving the information, and/or by accessing secured stored information), utilizing any biometric identity verification system available, regardless of the type, model, and/or ownership, as long as the utilized biometric system is compatible with one or more of their previously registered biometric enrollments.
- the inventive system and method achieve the above, and other objectives, by enabling prospective users to register with a centralized independent biometric security management (IBSM) system, and, during the registration process, in addition to providing identifying information (name, contact information, etc.), to also supply one or more biometric enrollments, utilizing one or more biometric identity verification systems available to them. Any registered user is also able to add additional biometric enrollments, from any other biometric identity verification system, at a later time to expand their ability to utilize the inventive system utilizing many different biometric devices.
- IBSM independent biometric security management
- the novel IBSM system stores the above information in unique records assigned to each individual registered user, and further enables additional information to be stored in the records.
- the IBSM system advantageously enables a registered user to define preferences for sending secured information to other registered users (such as a selectable list of potential recipients, the need for receipt and/or viewing verification, etc.), as well as to define one or more rules of varying complexity, governing the recipient's access to the transmitted secured information.
- the sending user can specify a rule, that a particular transmission of information (e.g., electronic mail message with attachment), may only be opened by the intended recipient, if that recipient successfully passes identity verification from two (or more) different biometric identity verification systems (e.g., a fingerprint scanner and a facial scanner), or that two separate recipients must both verify their identity with the IBSM system, in order to access the content of the transmission.
- a particular transmission of information e.g., electronic mail message with attachment
- biometric identity verification systems e.g., a fingerprint scanner and a facial scanner
- inventive system and method are described below in connection with certain drawing figures in exemplary embodiments, as being advantageously configured for use with transfer of electronic information over a communication network (e.g., the Internet or other telecommunications network), it should be understood to one skilled in the art, that the inventive system and method may be readily and advantageously utilized for enabling secured information transfer of any type (audio (e.g., voice), video, sensor information, machine-readable data, etc.), without departing from the spirit of the invention, as a matter of necessity or design choice.
- a communication network e.g., the Internet or other telecommunications network
- any computer used in conjunction with the present invention will include the typical components necessary for its operation, e.g., one or more CPUs, memory, long term data storage, and, in cases of computers typically utilized by users, one or more input devices, a display, and so on.
- Table 1 also provides the definitions of all abbreviated terms used herein. TABLE 1 (Definitions/Terminology) # Term Definition 1 User/USER A user, for the purposes of the present invention, is defined as: 1.
- users may range from private individuals, to members of groups of any type and with any amount of hierarchical levels and subgroups and that may be readily overlap with other groups (e.g., groups of friends, family members, employees of a corporation, government employees and/or officials of varying ranks in one or more agencies, students of a particular university, etc.) 2 InfoTr System Information transfer system.
- an information transfer (InfoTr) system is defined as any system having at least some of the following characteristics: 1. capability for transmitting information to at least one other InfoTr system; 2. capability for receiving information from at least one other InfoTr system; 3.
- InfoTr system can also refer to a collection of two or more interconnected InfoTr systems (e.g., a local area network) having the above capabilities individually, and/or jointly.
- the InfoTr system preferably includes an operating environment, and one or more instruction sets (e.g., program applications), that provide it with the ability to execute functions relating to sending and/ or receiving information.
- instruction sets e.g., program applications
- the operating environment may be an appropriate operating system
- an exemplary information transfer instruction set may be an electronic mail program.
- computers ranging from pocket-sized personal digital assistants (PDAs), and smart telephones to personal desktop or notebook computers, to high power servers and server networks, are the most common exemplary implementations of InfoTr systems, and, in most cases, readily possess all the capabilities necessary for operation as components of various embodiments of the inventive system and method.
- the InfoTr systems shown in various embodiments of the present invention are preferably computers or advanced communication devices with appropriate similar functionality (e.g., wireless/cellular/ satellite telephone, military communicator, radio transmitter, etc.), with the specific type, capabilities, and configuration thereof, being determined as a matter of necessity and/or design choice.
- any system even if falling outside the conventional definition of a “computer” or communication device, may be utilized as a InfoTr system in accordance with the present invention, without departing from the spirit of the invention, as long as such a system posses the necessary capabilities selected from (1) to (6) above.
- 3 BIVS Biometric identity verification system See FIG. 1A and accompanying description
- 4 BIVD Biometric identity verification device See FIG.
- an EDA is a set of instructions, for example embodied in a program application executable by an InfoTr system, and/or by the IBSM system, or as a module to another application (e.g., the application responsible for transmission of information), capable of encrypting and/or decrypting electronic information in any form.
- an EDA is a set of instructions, for example embodied in a program application executable by an InfoTr system, and/or by the IBSM system, or as a module to another application (e.g., the application responsible for transmission of information), capable of encrypting and/or decrypting electronic information in any form.
- any type of EDA may be readily in conjunction with the inventive system and method without departing from the spirit of the invention.
- the EDA during encryption of information to be transmitted, utilizes at least a portion of the UBIV_Element (see definition below) of the user of the InfoTr system sending the transmission.
- information may include, but is not limited to, one or more of the following: text, images, audio, video, transactional information, instrument or sensor readings (e.g., medical, scientific, military), links to other data, executable programs and supporting files, etc.
- data may be static, interactive, or a combination of both. While it may be used interchangeably with “information” or “data”, the term “content”preferably represents certain desirable information that is of interest to one or more parties, access to which is controlled by one or more parties.
- SITM system Secure information transfer management system the system of the present invention, at a minimum including two InfoTr systems, each accessed by a user, and each capable of communication with an inventive IBSM system, and optionally of communication between one another, that, in at least one inventive embodiment, can be utilized by users to securely transfer information between one another, and to verify identity of transmitting user, as well as to verify the identity of the user receiving and accessing the information.
- 11 Communication Link As defined herein, a communication link is preferably any form of a communication connection between the various components of the inventive SITM system (e.g., InfoTr systems, the IBSM system, etc.), that enables data transmission of the appropriate types of information therebetween.
- each communication link may include, but is not limited to, one or more of the following, in any combination: direct telecommunication line(s), wireless link(s) (e.g., satellite uplink, radio, cellular, wi-fi, etc.), and communication network(s) (such as a LAN (local area network), a WAN (wide area network), or the Internet).
- wireless link(s) e.g., satellite uplink, radio, cellular, wi-fi, etc.
- communication network(s) such as a LAN (local area network), a WAN (wide area network), or the Internet).
- 12 USER_Record Record stored in IBSM System representative of the user's UBIV_Element and additional information.
- 13 UBIV_Element User biometric identity verification element.
- SIT_Profile Secured information transfer profile. See FIG. 1A and accompanying description
- inventive secure information transfer management (SITM) system is completely scalable, it may be used in configurations ranging from as few as two users, to as many as practically possible, as a matter of design choice or convenience, without departing from the spirit of the invention.
- SITM secure information transfer management
- the SITM system 10 enables secure and verifiable transfer of information between at least two users 20 and 30 (see Table 1, definition #1).
- Each of the users 20 , 30 preferably operates a corresponding information transfer (InfoTr) system 22 , 32 (for example a computer or mobile communication device), capable of transmitting information to other InfoTr systems of the same, or of different type and/or configuration.
- InfoTr information transfer
- each of the InfoTr systems 22 and 32 may be of a different type—InfoTr system 22 may be a personal computer, while InfoTr system 32 may be a smart mobile communication device.
- Each of the InfoTr systems 22 , 32 preferably includes a corresponding encryption/decryption application (EDA) 24 , 34 , respectively (see Table 1, definition #6), for enabling each of the users 20 , 30 to secure and verify information transferred therebetween (for example by encrypting it at for transmission and then decrypting it when received and accessed, upon recipient identity verification).
- EDA encryption/decryption application
- Each of the InfoTr systems 22 , 32 includes, or has ready access to, a corresponding biometric identity verification system (BIVS) 26 , 36 .
- a BIVS utilizes one or more unique personal characteristics of a user registered therewith, to verify their identity.
- a BIVS typically includes a biometric identity verification device (BIVD) for acquiring biometric information from a user, and a corresponding biometric identity verification application (BIVA) for controlling the operation of the BIVD, and for enabling the acquired biometric characteristics to be used for identity verification.
- BIVD biometric identity verification device
- BIVA biometric identity verification application
- each of the BIVS 26 , 36 may be any type of BIVS whatsoever.
- the BIVS 26 may be a fingerprint scanner, while the BIVS 36 may be a facial recognition system.
- each BIVS 26 , 36 is capable of “enrolling” (i.e., registering) one or more users (e.g. users 20 , 30 ), and generating a corresponding user biometric identity verification element (UBIV_Element), representative of the biometric information acquired by the BIVD and processed for use in future user identity verification (e.g., by creating a recognition template, or otherwise).
- a user's UBIV_Element is typically stored in one or more of the BIVS, the InfoTr system connected thereto, or, in client-server configurations, on a separate central InfoTr system.
- the SITM system 10 also includes an independent biometric security management (IBSM) system 60 , which is the key component of the present invention.
- IBSM system 60 is preferably an data processing system (such as one or more computers (e.g. a server, or network of servers)), capable of communicating and interacting with as many different InfoTr, and BIVS types, models and configurations as is practicable or, at a minimum, as many as is required by the desired SITM system 10 configuration, capacity, and intended use.
- IBSM independent biometric security management
- the SITM system 10 also includes a communication link 40 , for enabling communication between the InfoTr system 22 and the InfoTr system 32 , a communication link 42 for enabling communication between the InfoTr system 22 and the IBSM system 60 , and a communication link 44 for enabling communication between the InfoTr system 32 and the IBSM system 60 (see Table 1, definition #11).
- One or more of the communication links 40 , 42 , 44 may be different from one another, or they may all be the same.
- the communication link 40 may be a wireless voice telecommunication link
- communication link 44 is a broadband land telecommunication line and the communication link 44 is a wireless data communication link.
- all of the communication links 40 , 42 , 44 may be the Internet.
- each user desiring to take advantage of the advantageous SITM system 10 functionality e.g. each of the users 20 , 30 , performs a registration process, that, at a minimum, involves the following:
- the IBSM system 60 stores an individual unique USER_Record 62 , that includes that user's verified identifying information, as well as at least one of their corresponding UBIV_Element(s) 64 .
- any user can generate additional UBIV_Elements for their USER_Record, utilizing BIVS of different types, models, and/or configurations, such that their USER_Record stores UBIV_Elements for a variety of BIVSs.
- This is a crucial advantageous feature of the present invention—because any user registered with the IBSM system 60 is able to verify their identity through any BIVS, even one which they never used, or one that is part of another user's InfoTr system, if it is capable of utilizing any of the UBIV_Elements stored in the USER_Record.
- This feature enables the IBSM system 60 to be truly “platform-independent” with respect to compatibility with various InfoTr and BIVS types, models, and configurations.
- a user 50 previously registered with the IBSM system 60 , and having a UBIV_Element compatible with the BIVS 36 stored in their USER_Record, is able to utilize the InfoTr System 32 and the BIVS 36 of the user 30 , to verifiably exchange secured information with other registered users, for example, with another user 46 , that may have access to the InfoTr system 22 .
- the IBSM system 60 may be scaled to any necessary capacity, and provided with all necessary components (hardware and/or software), to enable it to readily communicate, and interact with, the various InfoTr systems, BIVS, and other components of the inventive SITM system (as illustrated, by way of example, for SITM systems 10 of FIG. 1A, 70 of FIG. 1B, 100 , of FIG. 2, 200 of FIG. 3 , and 300 of FIG. 4 ).
- the “Independent Biometric Security Server” disclosed in the above-incorporated U.S. patent application Ser. No. '017 may be readily and advantageously configured for use as a IBSM system 60 .
- any other data processing system capable of similar or equivalent biometric platform-independent functionality to the “Independent Biometric Security Server” may be readily utilized as the IBSM system 60 , as a matter of design choice, without departing from the spirit of the invention.
- any user can readily utilize another user's InfoTr system and BIVS to register, as long as independent verification of the user's identity is available to finalize registration.
- the users 20 , 30 utilize the IBSM system 60 during transfer of a secured information transmission (SIT) 52 , between InfoTr systems 22 and 32 , over the communication link 40 , to verify identities of the sending user (e.g., user 20 ), as well as the identity of the user receiving and accessing the SIT 52 (e.g., user 30 ).
- the IBSM system 60 may be advantageously utilized as part of the SIT 52 generation process (e.g. when the information to be transferred is encrypted or otherwise secured) by the EDA 24 , and then accessed (e.g., decrypted) by the EDA 34 .
- the IBSM system 60 may include an optional EDA 68 , that performs all, or some, of the tasks necessary for generating and accessing the SIT 52 . Additionally, rather than being transferred through the communication link 40 , in yet another alternate embodiment of the invention, the SIT 52 may be readily transmitted between InfoTr systems 22 and 32 through the IBSM system 60 via the communication links 42 , 44 .
- the inventive SITM system 10 operates as follows: the user 20 , desiring to transmit certain information to the user 30 , indicates, to the IBSM system 60 , themselves as the sender, and the user 30 as the intended recipient.
- the user 20 then provides biometric information to the IBSM system 60 through their BIVS 24 , which is processed and compared to a compatible UBIV_Element stored in their USER_Record, to verify the identity of the user 20 .
- the information to be transferred is then encrypted to generate the SIT 52 (optionally utilizing at least a portion of one or both of the UBIV_Element of the sending user 20 , and the UBIV_Element of the receiving user 30 ).
- the SIT 52 is then transmitted to the user 30 , and upon receipt by the InfoTr system 32 , to access the information in the SIT 52 , the user 30 must verify their identity to the IBSM system 60 , by providing biometric information thereto through the BIVS 36 , that, when processed, is successfully matched to a compatible UBIV_Element stored in the USER_Record of the user 30 (optionally in accordance with predetermined biometric recognition criteria (e.g., threshold, etc.), that may have been present in the IBSM system 60 , or that may have been specified by the sending user 20 to the IBSM system 60 , for the SIT 52 , or for all of user 20 data transfers).
- predetermined biometric recognition criteria e.g., threshold, etc.
- the IBSM system 60 When the identity of the user 30 is verified as the intended recipient, the IBSM system 60 enables the EDA 34 to decrypt the SIT 52 thus allowing the user 30 to access the transferred information, while optionally recording the access event, and optionally notifying user 20 of the verification of the access by the designated recipient (user 30 ).
- An exemplary detailed embodiment of a process for the operation of the SITM system 10 for secured and verified information transmission is shown in FIG. 5 , and described in detail below in connection therewith.
- the sending user may be given the ability to have significant control over the manner in which their transferred secured information is accessed by the recipient, for example, defining one or more criteria (e.g., in form of rules), that must be met for the recipient user to gain access to the information.
- the user 20 can specify that in order to access information in SIT 52 , both the user 30 , and another user 48 , must verify their identities to the IBSM system 60 , (e.g., both through the BIVS 36 , or with each user utilizing their own BIVS).
- the user 20 can specify that the user 30 must utilize two separate BIVS of different types, or to utilize their BIVS 36 in conjunction with another from of security, such as a password or a PIN code.
- the user 20 can set their SIT 52 to expire, or otherwise be erased, if the user 30 does not access it during a specified period of time.
- a user can specify the amount and detail level of information, about the events relating to the secured data to be tracked and/or recorded by the IBSM system 60 .
- the user 20 can specify that they want notification of delivery of SIT 52 , notification of user 30 acknowledging receipt of SIT 52 , and notification when user 30 accesses the information therein (as well as notification of any failed attempts to access the information).
- each user's preferences relating to transfer of secured information, and for tracking events related thereto can be stored in their USER_Record, for example as secured information transmission profile (SIT_Profile) (shown as optional SIT_Profile 66 a in FIG. 1A ) for storing information relating to the user's preferences relating to transfer of secured information, and/or as secured information transmission log (SIT_Log) (shown as optional SIT_Log 66 b in FIG. 1A ), for storing information indicative of the user's preferences relating to tracking events related to secured information transfers.
- SIT_Profile secured information transmission profile
- SIT_Log secured information transmission log
- SIT_Log secured information transmission log
- both SIT_Profile and SIT_Log may be presented in a unified format.
- the interface for necessary interaction with the various components of the SITM system 10 , and especially with the IBSM system 60 may be implemented as a separate program application, or function, of a user's InfoTr system, or as a communication portal accessible by the users' InfoTr system (for example, a secure website).
- the SITM system 10 and its components, may be implemented transparently in the background, for example, as components, modules or “plug-ins” for existing applications/functions of the user's InfoTr system, such that a user can continue to utilize their preferred information transfer applications/functionality, while gaining the full benefit of the SITM system 10 .
- the registered users may gain access to IBSM system functionality through an appropriate identity verification or “login” procedure, that may optionally be integrated into the process of initiating secure information transmission or information access.
- each InfoTr system can perform User identity verification locally, and, rather than transmitting newly acquired UBIV_Elements to the IBSM system 60 for centralized identity verification, each InfoTr system can simply indicate the status of the local verification to the IBSM system 60 .
- FIG. 5 an exemplary embodiment of a process 400 for secured transmission of information utilizing the inventive SITM system (for example, the SITM system 10 of FIG. 1A ) is shown.
- the various steps of this process may be executed by different components of the various embodiments of the inventive SITM system shown in FIGS. 1A to 3 .
- the process 400 begins at a step 402 , where a sending user (hereinafter “Sender”), registered with the IBSM system component of the inventive SITM system, decides to transmit secured information to one or more other registered users of the SITM system (hereinafter “Recipient”).
- the Sender generates Recipient_INFO, to identify the Recipient selected at step 402 , and that may optionally include one or more rules, for example, from a Sender SIT_Profile, relating to requirements that must be met by the Recipient to gain access to the secured information, but at a minimum requiring biometric verification of the Recipient's identity.
- the Recipient_INFO is transmitted to the IBSM system (or simply passed to the appropriate component thereof, if step 404 was being performed at the IBSM system), optionally, along with Sender_BIVE (Sender biometric identity verification element, representative of biometric information provided by the Sender), that enables the IBSM system 60 to verify the identity of the Sender, both for internal security purposes, and optionally for provision of that verified information to the Recipient.
- Sender_BIVE Send biometric identity verification element, representative of biometric information provided by the Sender
- the process 400 verifies the Sender_BIVE (and optionally updates the Sender SIT_Log, if any), at a step 410 , generates a SIT (e.g., by encrypting information to be transmitted), and at a step 412 , transmits the SIT to the Recipient.
- the process 400 requests the Recipient to verify their identity, in accordance with the requirements sent forth by the Sender in Recipient_INFO (e.g., by presenting their BIVS with biometric information to enable it to generate a corresponding Recipient_BIVE—Recipient biometric identity verification element, representative of biometric information provided by the Recipient).
- the Recipient_BIVE is then transmitted, at a step 416 , to the IBSM system, and verified against the Recipient's UBIV_Element (in addition to any other verifications that may have been required by the Recipient_INFO).
- the SIT is decrypted and the Recipient is given access to information therein.
- the process 400 optionally verifies to Sender that Recipient has received and accessed the SIT, and optionally updates the Sender's SIT_Log and/or the Recipient's SIT_Log, with the results of one or more of the previously performed steps.
- FIG. 1B an alternate embodiment of the inventive SITM system is shown as a SITM system 70 .
- the SITM system 70 operates substantially similarly to the SITM system 10 of FIG. 1A , with the various components thereof having like reference characters, except that the functionality of the BIVS 26 and 36 , is implemented in a different manner.
- BIVS biometric identity verification device
- Each BIVD 72 , 74 serves as the physical device responsible for acquiring one or more specific biometric characteristics of the user. Examples of a BIVD include, but are not limited to: a fingerprint scanner, palm scanner, vein scanner, facial recognition scanner, iris scanner, retinal scanner, signature acquisition device, voice acquisition device, etc.
- the IBSM system 60 as implemented in the SITM system 70 , is supplied with a centralized biometric identity verification application (BIVA) 76 that performs all necessary functions necessary to generate UBIV_Elements from information received from BIVDs 72 , 74 , and appropriate functionality to perform necessary biometric identity verification, and any other required security measures.
- BIVA biometric identity verification application
- the SITM system 70 operates in a manner similar to the SITM system 10 of FIG. 1A .
- FIGS. 2 and 3 exemplary embodiments of the novel SITM system, having more complex implementations that shown in FIG. 1A , but operating on the same novel principles, are shown.
- a SITM system 100 is shown, that includes all of the components of the SITM system 10 shown in FIG. 1 and described in connection therewith, but that also includes an additional BIVS 102 provided to the InfoTr system 32 , and optionally yet another standalone separate BIVS 104 , that may also be provided thereto, shown as an example to illustrate that the user 30 may register all three BIVS 36 , 102 , 104 with the IBSM system 60 and then utilize any of the registered BIVS for necessary identity verification therewith.
- a user 112 having an InfoTr system 114 , may be provided with a separate BIVS/EDA standalone security device 116 , capable of performing the functions of a BIVS 120 and of an EDA 118 , which may be local to the user 112 , or which the user 112 may utilize through a communication link 122 (for example, if the device 116 is a voice recognition based device, the user 112 may contact the device 116 though their InfoTr system 114 and provide the necessary voice sample).
- the user 20 may transfer the SIT 52 to the user 30 with one set of Recipient_INFO (see Process 400 , FIG. 5 ), and also send the same SIT 52 to the user 112 , with a different Recipient_INFO.
- a SITM system 200 is shown, that includes all of the components of the SITM systems 10 ( FIG. 1 ) and 100 ( FIG. 2 ), but that also includes an additional group of users, shown as a private network 202 .
- the private network 202 may include an InfoTr server 204 (e.g. a robust computer, such as a server, or group of servers) equipped with an EDA 206 , and additional users 208 , 214 having corresponding InfoTr systems 210 , 122 , supplied with corresponding BIVSs 212 , 218 , and optional EDAs 220 , 222 .
- InfoTr server 204 e.g. a robust computer, such as a server, or group of servers
- EDA 206 additional users 208 , 214 having corresponding InfoTr systems 210 , 122 , supplied with corresponding BIVSs 212 , 218 , and optional EDAs 220 , 222 .
- the InfoTr server 204 may utilize a powerful EDA 206 to perform all decryption operations (upon successful recipient identity verification) on a SIT 232 , sent by the user 112 , arriving to the private network 202 via a communication link 230 , and designated for one, or both, of the users 208 , 214 , and/or also perform the encryption operations on a SIT 228 , sent, from the private network 202 via a communication link 226 , to the user 20 by one of the users 208 , 214 .
- decryption operations upon successful recipient identity verification
- FIG. 4 an alternate embodiment of the inventive SITM system of FIG. 1 that enables registered users to control and verify access to stored content by other parties by specifying one or more other registered users, and optionally by specifying one or more criteria for accessing certain content (similarly to as described above in connection with access to information in the SITs).
- the users 20 and 30 as well as their respective InfoTr systems 22 , 32 , EDAs 24 , 34 , and BIVSs 26 , 36 , are as described above in connection with FIG. 1A .
- the additional users 330 and 340 shown by way of example have access to their respective InfoTr systems 332 , 342 , EDAs 334 , 344 , and BIVSs 336 , 346 , and may communicate with the IBSM system 60 via respective communication links 350 , 352 .
- All of the InfoTr systems 22 , 32 , 332 , 324 are able to communicate with a content system 302 via respective communication links 354 , 356 , 358 and 360 .
- the various communication links shown in FIG. 4 may be similar to at least some of the other links, or may be all of the same configuration (e.g., the Internet).
- the content system 302 preferably includes at least one item of content (see Table 1, definition #7), with three content items 304 , 306 , and 308 , being shown by way of example.
- a particular user who owns, or is authorized to control access to, a particular content item or items creates a secure content access profile (SCA_Profile) that may be stored with the content item, or at the IBSM system 60 , and that provides criteria for accessing the content item, that may be as simple or as complex as the user chooses.
- SCA_Profile secure content access profile
- the user 20 may specify in a SCA_Profile 310 that only users 30 and 344 may access the content item 304 upon successful identity verification by the IBSM system 60 , and that the access granted to the user 330 expires after 10 days of being granted.
- a content item may include an unlimited number of other content items in a flat or a hierarchical architecture
- the user 30 defining separate SCA_Profiles 316 , 318 therefor, or defining different access rules for each separate content item 312 , 314 in one SCA_Profile.
- the user 330 may define multiple SCA_Profiles 320 for content item 308 , for example, based on time, specific authorized access users, and/or on other criteria.
- content item 308 (and of course any other content item), may include an optional content access record (CA_Record) 322 , that includes information related to access to the content item, and optionally, related to failed access attempts.
- CA_Record optional content access record
- the IBSM system 60 and the content system 302 may be implemented as a single system 364 .
- This may be advantageous in applications where a large amount of content items are to be managed, and/or where there is a large quantity of complex SCA_Profiles, and/or when content items are encrypted—i.e. in situations that may require an IBSM system 60 dedicated to supporting the content system.
- the content system 302 may be implemented in a particular user's own InfoTr system.
- the functionality described in connection with the SITM system 300 may be readily combined with SITM systems 10 , 70 , 100 , and 200 , described above in connection with FIGS. 1A, 1B , 2 , and 3 , respectively, because any embodiment of the novel SITM system can readily support both functionality related to verified secure information transmission, as well as to secured access control.
- SITM system 300 may be readily extended to include physical access control, whether location based (e.g., door), or item based (e.g., a safe, a computer).
- location based e.g., door
- item based e.g., a safe, a computer
- FIG. 6 an exemplary embodiment of a process 500 for demonstrating the process of secured content access utilizing the inventive SITM system (for example, the SITM system 300 of FIG. 4 ) is shown.
- the various steps of this process may be executed by different components of the inventive SITM system 300 of FIG. 4 .
- the process 500 may begin at an optional step 502 , where user may provide one or more content items to a content system to be secured. If the content item (or items) to be secured is already present on the content system, the process 500 beings at a step 504 , where the user creates a SCA_Profile that provides criteria for accessing the content item by one or more other parties, registered with the IBSM system component of the inventive SITM system. At an optional step 506 , the process 500 encrypts the user's content item (this step is optional because it is possible to control access to content without encrypting it).
- a different user attempts to access secured content, and at a step 510 , transmits, biometric information acquired through their BIVS in form of a User_BIVE to the IBSM system (along with any other information that may be required by the SCA_Profile), whereupon, the IBSM system verifies the supplied User_BIVE (and other information, if any), against the UBIV_Element of the user.
- the user Upon successful verification, at a step 512 , the user is granted access to the content item in accordance with the rules specified in the SCA_Profile for that content item (if any were defined).
- the process 500 records events relating to various steps thereof in the CA_Record of the content item.
- inventive system and method may also be readily utilized for sender and/or recipient identity verification only, without the transferred information being secured in any way.
- This alternate embodiment of the inventive system and method may be advantageous for applications where security and control of access to transferred data is not important, but where verification of identity of the sender and/or of the recipient accessing the information, is necessary and/or desired.
Abstract
The inventive data processing system and method enable verifiable secure transfer of information between two or more parties, each having access to at least one identity verification system, utilizing a platform-independent architecture to enable verification of identities of parties sending and receiving secured (e.g., encrypted) information, and ensuring that only an authorized receiving party gains access to the secured information, regardless of the type, model, ownership and/or quantity of biometric identity verification (BIV) systems being utilized by each party. In one embodiment of the inventive system and method, parties desiring to securely transfer information between one another register at a central security management system, and each provide one or more biometric enrollments. Thereafter, the inventive system also enables any registered party to send biometrically (and otherwise) secured information to the other party utilizing any available BIV system (or systems) that is compatible with one or more of their registered biometric enrollments, regardless of BIV system ownership, and without requiring local enrollment. In another embodiment of the inventive system and method, a party registered with the system that owns certain secured content is able to selectively designate identities of one or more registered parties that are authorized to access the secured content and/or a portion thereof, upon verification of identity, and optionally provide one or more rules of varying complexity governing such access.
Description
- The present patent application is a continuation-in-part of, and claims priority from, the commonly assigned co-pending U.S. patent application Ser. No. 11/332,017 entitled “MULTIPLATFORM INDEPENDENT BIOMETRIC IDENTIFICATION SYSTEM” filed Jan. 11, 2006, which in turn is a continuation-in-part of, and claims priority from, the commonly assigned U.S. Pat. No. 6,993,659 entitled “INDEPENDENT BIOMETRIC IDENTIFICATION SYSTEM” filed Apr. 23, 2002. The present patent application additionally claims priority from the commonly assigned co-pending U.S. Provisional Patent Application Ser. No. 60/792,365, entitled “SYSTEM AND METHOD FOR PLATFORM-INDEPENDENT BIOMETRICALLY SECURE INFORMATION TRANSFER”, filed Apr. 14, 2006.
- The present invention relates generally to a system and method for biometrically verifying and securing transfer of information between two or more parties, and more particularly to a system and method for providing various advantageous biometrically-enhanced platform-independent features to the process of information transfer between two or more parties.
- In the last decade, the rapidly decreasing cost of computers, coupled with simultaneous performance gains, as well as the growing availability of inexpensive access to high speed telecommunications, have resulted in a dramatic jump in the installed base of computers and broadband telecommunication connections both in consumer and commercial areas.
- The proliferation of computers and low-cost high-speed telecommunications, also led to an ever-growing increase in the amount of information exchanged between various parties, within and between circles of individuals ranging from social groups (friends, family), to government, educational and corporate organizations.
- In addition, the explosive growth of versatile personal communication devices (such as, for example, cellular telephones equipped with a myriad of functions) has arguably eclipsed the above-noted rise in availability of computers with high speed telecommunication connections. With each month, new personal communication options become available to consumer and organizational users, most often embodied in mobile telephones that are smaller, more powerful, and with a more impressive list of features, than comparable models released mere weeks ago.
- Not surprisingly, these trends have led to an unprecedented escalation in demand for solutions related to secure transmission of information between various parties (e.g., electronic data transmissions, voice communications, etc.), and also for solutions related to controlling access to secured stored content (e.g., ranging from personal information, such as photographs, to content generated and owned by corporate, government and educational organizations).
- For decades, and continuing to present day, the primary solution to securing transmission of information between parties using electronic devices, has been to enable the sending party to encrypt transmitted information, and, at the same time, provide the receiving party with the ability to decrypt and access the sent information. One popular approach to securing electronic data, transmission involves the use of PGP (or “pretty good privacy”) encryption, with appropriate PGP keys being exchanged between the parties prior to data transmission, and later used to achieve encryption, and subsequent decryption, of transmitted data. Similar security measures have also been the typical approach taken to secure access to stored content, where the access to content (encrypted or otherwise) is controlled by a password, or other form of access code, provided to the party authorized to gain access thereto.
- However, the above solutions have significant drawbacks. First, and most important, is the fact that none of the previously known encryption techniques enabled the parties involved in information transfer therebetween, to authenticate the identity of the party sending the information, as the source of the transmission, and also to authenticate the identity of the recipient, to confirm that the transmitted information was accessed by the specific identified party to which it was addressed, rather that by anyone having access to the receiving party's communication device and/or access code (e.g., username/password).
- The same challenge is present in the field of content access control, where anyone can use a stolen, or otherwise misappropriated, access code (e.g., username/password) to gain unauthorized access to secured content. Additionally, the process of exchange, and/or provision, of PGP key information, is complex and cumbersome—a deterrent to the use of conventional encryption/decryption technologies for most parties outside government and corporate sectors.
- One attempt to address the above challenges was the proposed utilization of biometric access control systems by the sending and receiving party to authenticate the identity of the sending and receiving party. The use of biometric technologies has previously gained some acceptance in the field of content access control, and so, application of such technologies to the goal of securing data transmission was a reasonable approach.
- Biometrics is a field of technology aimed at utilizing one or more unique personal characteristics of an individual, ranging, for example from their fingerprints to their hand vein pattern, odor, iris image, or their DNA, to authenticate their identity. Biometric technologies are typically of two types—passive and active. Passive biometrics either do not require the individual who's identity is being verified to do anything other than to enable a certain biometric characteristic to be acquired by the system (e.g., by placing a finger on a fingerprint scanner, by looking into a retinal scanner, or by looking in the direction of a facial scanner). Active biometrics require the individual who's identity is being verified to perform one or more predetermined actions in order to enable the system to acquire the representation of one or more appropriate biometric characteristics (e.g., by providing a signature, by speaking, by squeezing a certain object, etc.). Certain types of biometric systems may incorporate a combination of active and passive biometric approaches. The various types of biometric systems are discussed in greater detail in the commonly assigned co-pending U.S. patent application Ser. No. 11/332,017 entitled “MULTIPLATFORM INDEPENDENT BIOMETRIC IDENTIFICATION SYSTEM”, which is hereby incorporated by reference herein in its entirety.
- While certainly appearing to address one of the key challenges of securing information transfer, biometric access control systems suffer from a number of serious disadvantages that have prevented their widespread use, and that have effectively stunted their growth in most areas outside of physical access control and local computer access control applications. To understand these disadvantages, it is useful to provide an overview of previously known biometric access control system operations.
- A biometric access control system (also interchangeably referred to herein as “biometric identity verification system”), typically includes two main components—a physical device of some sort to actively, and/or passively, acquire predetermined biometric information, and program instructions (such as a software application, embedded in the device, installed on the computer connected to the device, or a combination of both), for managing the operation of the device, and for providing biometric recognition technology that enables utilization of the device to authenticate the identity of one or more individuals previously “enrolled” in the system when the individual presents the appropriate biometric information to the device.
- Each individual authorized to use a biometric access control system, is first “enrolled” (i.e., registered) in the system, so that the system can acquire particular biometric information from the individual in accordance with a predetermined enrollment protocol (for example, requiring the individual to provide the same, or similar, biometric information several times, etc.). The acquired biometric enrollment information is then transformed, in accordance with one or more proprietary technologies, into a “recognition template” (or equivalent logical data structure), representative of the acquired biometric information, and then optionally optimized for use with the appropriate biometric recognition algorithms.
- During a later authentication attempt, biometric information, of the same specific type as was originally enrolled (e.g., left index finger fingerprint, right iris, etc.), is presented to the biometric device, then acquired and transformed into a template, and finally compared to the enrolled stored recognition template, to determine a match, in accordance with one or more recognition criteria (for example a “recognition threshold”, representative of the allowable degree of difference between the enrolled template, and the presented template, for successful authentication thereof), and therefore to authenticate the identity of the presenting individual. The two main reasons for using stored recognition templates are: (1) as a requirement for using biometric recognition algorithms during the authentication process; and (2) to ensure that actual acquired biometric information is never stored for security purposes.
- The key disadvantage, crippling the use of biometrics as a broad scalable secure information transfer and access control solution, has been the combination of (1) availability of several hundred different biometric devices of various types flooding the market (with the amount of devices growing each year) and (2) the fact that in a vast majority of cases, the available biometric devices, even of the same type (e.g., fingerprint scanners) are incompatible with one another. Each of these devices uses their own biometric software (although several device manufacturers share a similar core biometric information acquisition device and biometric recognition algorithms), and during enrollment creates a biometric recognition template specific to the device. In addition, the enrollment recognition template may be stored in the biometric device, in the computer to which the device is connected, in a different computer connected thereto, or in one or more of the above, depending on the device model. As a result, the enrolled individual must always utilize the specific type and model of biometric device and the specific computer (or computer network) where they originally enrolled.
- Another devastating shortcoming of previously known biometric systems, flowing from general incompatibility of biometric devices, from different manufacturers, is the fact without any clear unifying standard, the only way for parties to truly use a biometric technology solution for verifying the identity of the sending and/or receiving party, and for securing information transfer therebetween (as opposed to using biometrics as a password replacement supplement to conventional security measures), is for all parties to acquire and use the same compatible model and type of biometric device. This is a serious drawback, because commitment to utilization of a specific type and brand of biometric identity verification device, requires a significant degree of collusion and common agreement between many individuals that intend to use the system.
- In addition, the issue of compatibility and uniformity is particularly problematic for any large scale implementation of a system for verifying and securing information transfer. The requirement that all parties in a large organization involved in developing and, more importantly, using the system, to cooperate and coordinate biometric device acquisition and uniform installation, to ensure that everyone involved is using the same biometric devices equipped with compatible biometric recognition software, is very burdensome and a significant barrier to implementation of such systems.
- And, if a particular biometric device in such a system is later replaced with another biometric device using a biometric recognition template incompatible with the original biometric device, all of the devices in the system must be replaced to maintain compatibility therebetween, and all individuals using those devices must be re-enrolled with the new devices. As a result, the previously known approaches for using biometrics in this manner also
- Similar issues exist with respect to use of biometrics to control access to content—all involved parties must use a biometric device that is compatible with the system providing biometric access control to the content, and similarly are limited to using the same type and model of biometric device, and only at the computers (or computer networks) where they previously enrolled.
- While the above-incorporated U.S. patent application Ser. No. '017 provided a solution to interoperable utilization of different types of biometric devices in the same group of users (for example, the users of a local or wide area network), it did not specifically address all of the issues involved in applying the disclosed techniques to the purpose of using biometrics to secure and authenticate transmission and receipt of information transferred between various parties.
- Thus, none of the previously known biometric security approaches enable parties to verify and secure the transfer of information therebetween, utilizing any biometric identity verification system available to each party, without regard to the biometric identity verification system (or systems) utilized by the other party or parties.
- It would thus be desirable to provide a system and method for transferring secured information, between parties, while enabling authentication of identities of at least one of, the party sending the information, and the party, or parties, receiving and/or accessing the received information, with each party being able to utilize one or more biometric identity verification systems of their choice, independently of the other party. It would further be desirable to provide a system and method for restricting access to content to one or more specific identified individuals, where each identified individual is able to utilize one or more biometric identity verification systems of their choice, independently of the access control system being used, and independently of the biometric identity verification systems being utilized by other identified individuals (if any). It would additionally be desirable, to provide a system and method for tracking and biometrically verifying various data relating to previously conducted information transfer between parties, whether such transfer occurred through transmission of information therebetween, or by one party allowing access to secured content to one or more other, biometrically verified, parties.
- In the drawings, wherein like reference characters denote corresponding or similar elements throughout the various figures:
-
FIG. 1A shows a block diagram of a first exemplary embodiment of the inventive secure information transfer management (SITM) system, that enables verifying and securing information transfer between parties, through platform-independent identity verification; -
FIG. 1B shows a block diagram of an alternate exemplary embodiment of the inventive SITM system ofFIG. 1 ; -
FIG. 2 shows a block diagram of a second exemplary embodiment of the inventive SITM system, that enables verifying and securing information transfer between parties, through platform-independent identity verification; -
FIG. 3 shows a block diagram of a third exemplary embodiment of the inventive SITM system, that enables verifying and securing information transfer between parties, through platform-independent identity verification; -
FIG. 4 shows a block diagram of an exemplary embodiment of the inventive SITM system; that enables verifying and securing information transfer between parties, through platform-independent identity verification; -
FIG. 5 shows a logic flow diagram of an exemplary embodiment of a process of implementing and utilizing the SITM system ofFIGS. 1A-3 ; and -
FIG. 6 shows a logic flow diagram of an exemplary embodiment of a process of implementing and utilizing the SITM system ofFIG. 4 . - The inventive data processing system and method enable secure transfer of information between two or more parties, each having access to at least one identity verification system, utilizing a platform-independent architecture to enable the sending and receiving parties to verify transmission and receipt of secured (e.g., encrypted) information, and/or to control access by one party to information secured by another party, regardless of the type, model, ownership, and/or quantity of biometric identity verification (BIV) systems being utilized by each party.
- In one embodiment of the inventive system and method, parties desiring to securely transfer information between one another, register at a central independent biometric security management (IBSM) system, and each provide one or more biometric enrollments that are stored by the IBSM system in their unique record. Thereafter, the inventive system also enables any registered party to send biometrically (and otherwise) secured information to the other party utilizing any available BIV system (or systems) that is compatible with one or more of their registered biometric enrollments stored in their IBSM system record, regardless of BIV system ownership, and without requiring local enrollment. Thus, registered users can advantageously utilize a compatible BIV system of any information transfer device capable of communication with the IBSM system.
- In another embodiment of the inventive system and method, that may be readily utilized on its own, or in conjunction with the previously described embodiment, a party registered with the IBSM system, that owns certain secured content, is able to selectively designate identities of one or more registered parties that are authorized to access the secured content and/or a portion thereof, upon verification of their identity, and, optionally, provide one or more rules of varying complexity to the IBSM system governing such access.
- Other objects and features of the present invention will become apparent from the following detailed description considered in conjunction with the accompanying drawings. It is to be understood, however, that the drawings are designed solely for purposes of illustration and not as a definition of the limits of the invention, for which reference should be made to the appended claims.
- The system and method of the present invention remedy the disadvantages of previously known biometric solutions directed at verifying and securing information transfer between parties, by providing a platform-independent biometric security management system architecture that enables registered parties to securely transfer information therebetween, and verify the identities of the party enabling the transfer (e.g., by transmission of information, or by enabling secured access to stored information), and/or of the recipient party gaining access to the information (e.g., by receiving the information, and/or by accessing secured stored information), utilizing any biometric identity verification system available, regardless of the type, model, and/or ownership, as long as the utilized biometric system is compatible with one or more of their previously registered biometric enrollments.
- The inventive system and method achieve the above, and other objectives, by enabling prospective users to register with a centralized independent biometric security management (IBSM) system, and, during the registration process, in addition to providing identifying information (name, contact information, etc.), to also supply one or more biometric enrollments, utilizing one or more biometric identity verification systems available to them. Any registered user is also able to add additional biometric enrollments, from any other biometric identity verification system, at a later time to expand their ability to utilize the inventive system utilizing many different biometric devices.
- The novel IBSM system stores the above information in unique records assigned to each individual registered user, and further enables additional information to be stored in the records. For example, the IBSM system advantageously enables a registered user to define preferences for sending secured information to other registered users (such as a selectable list of potential recipients, the need for receipt and/or viewing verification, etc.), as well as to define one or more rules of varying complexity, governing the recipient's access to the transmitted secured information. For example, the sending user can specify a rule, that a particular transmission of information (e.g., electronic mail message with attachment), may only be opened by the intended recipient, if that recipient successfully passes identity verification from two (or more) different biometric identity verification systems (e.g., a fingerprint scanner and a facial scanner), or that two separate recipients must both verify their identity with the IBSM system, in order to access the content of the transmission.
- While the inventive system and method are described below in connection with certain drawing figures in exemplary embodiments, as being advantageously configured for use with transfer of electronic information over a communication network (e.g., the Internet or other telecommunications network), it should be understood to one skilled in the art, that the inventive system and method may be readily and advantageously utilized for enabling secured information transfer of any type (audio (e.g., voice), video, sensor information, machine-readable data, etc.), without departing from the spirit of the invention, as a matter of necessity or design choice.
- Similarly, while the descriptions of various embodiments of the inventive system and method, interchangeably refer to various data processing systems used in conjunction therewith as “computers”, it should be noted that any system with similar capabilities, necessary for performing the tasks required by the inventive system and method, may readily be used as a matter of necessity or design choice, without departing from the spirit of the invention. For example, it is specifically contemplated that a wireless telephone (such as a cellular telephone) with sufficient data processing capabilities may be readily utilized in accordance with the present invention.
- Before describing the various embodiments of the inventive system and method, and the components, infrastructure, and operation in greater detail, it would be helpful to provide the definitions of certain terms used in the drawing figures, and in the accompanying descriptions. Table 1 below contains summary of definitions of commonly used terms within the context of the description of the various embodiments of the present invention,
- Because the terminology that may be currently utilized to describe the various embodiments of the novel system (and its functionality), evolves and changes rapidly, for the purposes of clarity, and without departing from the spirit of the invention, the various elements, components, infrastructures, and process steps of the inventive system and method, are described in Table 1, and further below, in terms of their required or desired functionality, and/or in terms of objectives they are intended to accomplish, in accordance with the present invention, rather than as specific structural and/or process implementations, which may change in nomenclature with advances in information systems technology.
- For example, as computers of various types are well known in the art, it is presumed that any computer used in conjunction with the present invention, will include the typical components necessary for its operation, e.g., one or more CPUs, memory, long term data storage, and, in cases of computers typically utilized by users, one or more input devices, a display, and so on. In addition, because a number of abbreviated terms are used for the sake of convenience in
FIGS. 1A to 6, and further below, Table 1 also provides the definitions of all abbreviated terms used herein.TABLE 1 (Definitions/Terminology) # Term Definition 1 User/USER A user, for the purposes of the present invention, is defined as: 1. any party that desires to securely and/or verifiably transfer information to another party (or parties), whether by transmission thereto, or by granting (to the other party or parties) secured access to content that includes information, and/or 2. any party that desires to receive secured and/or verified information from another party (or parties), whether by transmission therefrom, or by accessing secured content, as permitted by the other party (or parties). Thus, in accordance with the present invention, users may range from private individuals, to members of groups of any type and with any amount of hierarchical levels and subgroups and that may be readily overlap with other groups (e.g., groups of friends, family members, employees of a corporation, government employees and/or officials of varying ranks in one or more agencies, students of a particular university, etc.) 2 InfoTr System Information transfer system. For the purposes of the present invention, an information transfer (InfoTr) system, is defined as any system having at least some of the following characteristics: 1. capability for transmitting information to at least one other InfoTr system; 2. capability for receiving information from at least one other InfoTr system; 3. capability for storing data and applications for issuing instructions, and, in response to issued instructions, performing tasks involving data stored therein or provided thereto, sufficient to enable functionality necessary for operation of the novel system and method as described blow in connection with FIGS. 1A to 6;4. capability for displaying information relevant to its operation and the performed tasks; 5. capability for communicating with the IBSM system (see definition below); and 6. capability for receiving instructions from an operator. In accordance with the present invention, the term “InfoTr system” can also refer to a collection of two or more interconnected InfoTr systems (e.g., a local area network) having the above capabilities individually, and/or jointly. The InfoTr system preferably includes an operating environment, and one or more instruction sets (e.g., program applications), that provide it with the ability to execute functions relating to sending and/ or receiving information. By way of example, for an InfoTr system implemented as a personal computer, the operating environment may be an appropriate operating system, while an exemplary information transfer instruction set, may be an electronic mail program. By way of example, computers ranging from pocket-sized personal digital assistants (PDAs), and smart telephones to personal desktop or notebook computers, to high power servers and server networks, are the most common exemplary implementations of InfoTr systems, and, in most cases, readily possess all the capabilities necessary for operation as components of various embodiments of the inventive system and method. Accordingly, the InfoTr systems shown in various embodiments of the present invention, are preferably computers or advanced communication devices with appropriate similar functionality (e.g., wireless/cellular/ satellite telephone, military communicator, radio transmitter, etc.), with the specific type, capabilities, and configuration thereof, being determined as a matter of necessity and/or design choice. However, it should be noted that any system, even if falling outside the conventional definition of a “computer” or communication device, may be utilized as a InfoTr system in accordance with the present invention, without departing from the spirit of the invention, as long as such a system posses the necessary capabilities selected from (1) to (6) above. 3 BIVS Biometric identity verification system (See FIG. 1A and accompanying description)4 BIVD Biometric identity verification device (See FIG. 1B and accompanying description)5 BIVA Biometric identity verification application (See FIG. 1B and accompanying description)6 EDA Encryption/decryption application. For the purposes of the present invention, an EDA is a set of instructions, for example embodied in a program application executable by an InfoTr system, and/or by the IBSM system, or as a module to another application (e.g., the application responsible for transmission of information), capable of encrypting and/or decrypting electronic information in any form. Advantageously, any type of EDA, whether currently available, or developed in the future, may be readily in conjunction with the inventive system and method without departing from the spirit of the invention. In one embodiment of the inventive system and method, during encryption of information to be transmitted, the EDA utilizes at least a portion of the UBIV_Element (see definition below) of the user of the InfoTr system sending the transmission. 7 Information/Data/ As defined herein, information, data, or Content content, may be of any type and in any number of formats that can be, in whole or in part, transmitted, interacted with (e.g., viewed, modified, reviewed, etc.), generated, acquired, analyzed, deleted, reviewed, and/or otherwise processed by an InfoTr system. For example, information may include, but is not limited to, one or more of the following: text, images, audio, video, transactional information, instrument or sensor readings (e.g., medical, scientific, military), links to other data, executable programs and supporting files, etc. Additionally, data may be static, interactive, or a combination of both. While it may be used interchangeably with “information” or “data”, the term “content”preferably represents certain desirable information that is of interest to one or more parties, access to which is controlled by one or more parties. 8 SIT Secured information transmission (See FIG. 1A and accompanying description) 9 IBSM System Independent biometric security management system. (See FIG. 1A and accompanyingdescription) 10 SITM system Secure information transfer management system - the system of the present invention, at a minimum including two InfoTr systems, each accessed by a user, and each capable of communication with an inventive IBSM system, and optionally of communication between one another, that, in at least one inventive embodiment, can be utilized by users to securely transfer information between one another, and to verify identity of transmitting user, as well as to verify the identity of the user receiving and accessing the information. 11 Communication Link As defined herein, a communication link is preferably any form of a communication connection between the various components of the inventive SITM system (e.g., InfoTr systems, the IBSM system, etc.), that enables data transmission of the appropriate types of information therebetween. Thus, each communication link may include, but is not limited to, one or more of the following, in any combination: direct telecommunication line(s), wireless link(s) (e.g., satellite uplink, radio, cellular, wi-fi, etc.), and communication network(s) (such as a LAN (local area network), a WAN (wide area network), or the Internet). 12 USER_Record Record stored in IBSM System representative of the user's UBIV_Element and additional information. (See FIG. 1A and accompanying description) 13 UBIV_Element User biometric identity verification element. (See FIG. 1A and accompanying description)14 SIT_Profile Secured information transfer profile. (See FIG. 1A and accompanying description)15 SIT_Log Secured information transfer log. (See FIG. 1A and accompanying description) 16 SCA_Profile Secured content access profile (See FIG. 4 and accompanying description) 17 CA_Record Content access record (See FIG. 4 andaccompanying description) 18 Recipient_INFO Information identifying the specific user (or users) as intended recipient(s) of SIT being sent by a user. (See FIG. 5 andaccompanying description) 19 Sender_BIVE Sender biometric identity verification element (See FIG. 5 and accompanyingdescription) 20 Recipient_BIVE Recipient biometric identity verification element (See FIG. 5 and accompanyingdescription) - It should be noted, that the specific numbers of users, and corresponding InfoTr systems shown in the various
FIGS. 1A to 4, are provided by way of example only. Because the inventive secure information transfer management (SITM) system is completely scalable, it may be used in configurations ranging from as few as two users, to as many as practically possible, as a matter of design choice or convenience, without departing from the spirit of the invention. - Referring now to
FIG. 1 , a first exemplary embodiment of theinventive SITM system 10 is shown. TheSITM system 10 enables secure and verifiable transfer of information between at least twousers 20 and 30 (see Table 1, definition #1). Each of theusers system 22, 32 (for example a computer or mobile communication device), capable of transmitting information to other InfoTr systems of the same, or of different type and/or configuration. Thus, for example, each of theInfoTr systems InfoTr system 22 may be a personal computer, whileInfoTr system 32 may be a smart mobile communication device. - Each of the
InfoTr systems users - Each of the
InfoTr systems FIG. 1B , a BIVS typically includes a biometric identity verification device (BIVD) for acquiring biometric information from a user, and a corresponding biometric identity verification application (BIVA) for controlling the operation of the BIVD, and for enabling the acquired biometric characteristics to be used for identity verification. - In accordance with the present invention, each of the
BIVS BIVS BIVS 26 may be a fingerprint scanner, while theBIVS 36 may be a facial recognition system. Preferably, eachBIVS users 20, 30), and generating a corresponding user biometric identity verification element (UBIV_Element), representative of the biometric information acquired by the BIVD and processed for use in future user identity verification (e.g., by creating a recognition template, or otherwise). In previously known biometric security systems, a user's UBIV_Element is typically stored in one or more of the BIVS, the InfoTr system connected thereto, or, in client-server configurations, on a separate central InfoTr system. - The
SITM system 10 also includes an independent biometric security management (IBSM)system 60, which is the key component of the present invention. TheIBSM system 60, is preferably an data processing system (such as one or more computers (e.g. a server, or network of servers)), capable of communicating and interacting with as many different InfoTr, and BIVS types, models and configurations as is practicable or, at a minimum, as many as is required by the desiredSITM system 10 configuration, capacity, and intended use. - The
SITM system 10 also includes acommunication link 40, for enabling communication between theInfoTr system 22 and theInfoTr system 32, acommunication link 42 for enabling communication between theInfoTr system 22 and theIBSM system 60, and acommunication link 44 for enabling communication between theInfoTr system 32 and the IBSM system 60 (see Table 1, definition #11). One or more of the communication links 40, 42, 44 may be different from one another, or they may all be the same. For example, thecommunication link 40 may be a wireless voice telecommunication link, while communication link 44 is a broadband land telecommunication line and thecommunication link 44 is a wireless data communication link. Or, all of the communication links 40, 42, 44 may be the Internet. - Prior to utilization of the
inventive SITM system 10, each user desiring to take advantage of theadvantageous SITM system 10 functionality (e.g. each of theusers 20, 30), performs a registration process, that, at a minimum, involves the following: -
- (1) providing certain predetermined personal identifying information (e.g. name, address, etc.);
- (2) verification of that information (by third party confirmation, in case of certain types of users (corporate or government employees, etc.), or by other well known reliable identity verification approaches;
- (3) storing the provided information (and optionally the source of verification) in a corresponding record for each user (USER_Record) in the
IBSM system 60. Optionally, if the user is already biometrically registered at their InfoTr system through the corresponding BIVS (e.g., if theuser 20 previously usedBIVS 26 to enroll on their InfoTr system 22), and theIBSM system 60 is appropriately configured by an authorized administrator, it may accept identity verification based on previous local InfoTr system biometric registration; and - (4) utilizes their respective BIVS (e.g. BIVS 26 for
user 20, andBIVS 36 for user 30) to generate a corresponding UBIV_Element and transmit it for storage via respective communication links (e.g. link 42 foruser 20, and link 46 for user 30), to the corresponding USER_Record stored in theIBSM system 60.
- Thus, for each
user IBSM system 60 stores an individualunique USER_Record 62, that includes that user's verified identifying information, as well as at least one of their corresponding UBIV_Element(s) 64. - As discussed below in connection with
FIG. 2 , any user can generate additional UBIV_Elements for their USER_Record, utilizing BIVS of different types, models, and/or configurations, such that their USER_Record stores UBIV_Elements for a variety of BIVSs. This is a crucial advantageous feature of the present invention—because any user registered with theIBSM system 60 is able to verify their identity through any BIVS, even one which they never used, or one that is part of another user's InfoTr system, if it is capable of utilizing any of the UBIV_Elements stored in the USER_Record. - This feature enables the
IBSM system 60 to be truly “platform-independent” with respect to compatibility with various InfoTr and BIVS types, models, and configurations. For example, auser 50, previously registered with theIBSM system 60, and having a UBIV_Element compatible with theBIVS 36 stored in their USER_Record, is able to utilize theInfoTr System 32 and theBIVS 36 of theuser 30, to verifiably exchange secured information with other registered users, for example, with anotheruser 46, that may have access to theInfoTr system 22. - Thus, preferably, the
IBSM system 60 may be scaled to any necessary capacity, and provided with all necessary components (hardware and/or software), to enable it to readily communicate, and interact with, the various InfoTr systems, BIVS, and other components of the inventive SITM system (as illustrated, by way of example, forSITM systems 10 ofFIG. 1A, 70 ofFIG. 1B, 100 , ofFIG. 2, 200 ofFIG. 3 , and 300 ofFIG. 4 ). - It should also be noted that, the “Independent Biometric Security Server” disclosed in the above-incorporated U.S. patent application Ser. No. '017, may be readily and advantageously configured for use as a
IBSM system 60. Optionally, any other data processing system capable of similar or equivalent biometric platform-independent functionality to the “Independent Biometric Security Server” may be readily utilized as theIBSM system 60, as a matter of design choice, without departing from the spirit of the invention. - Additionally, as long as the above-described
minimum IBSM system 60 registration steps are followed, any user can readily utilize another user's InfoTr system and BIVS to register, as long as independent verification of the user's identity is available to finalize registration. - In accordance with the present invention, the
users IBSM system 60 during transfer of a secured information transmission (SIT) 52, betweenInfoTr systems communication link 40, to verify identities of the sending user (e.g., user 20), as well as the identity of the user receiving and accessing the SIT 52 (e.g., user 30). In addition, theIBSM system 60 may be advantageously utilized as part of theSIT 52 generation process (e.g. when the information to be transferred is encrypted or otherwise secured) by theEDA 24, and then accessed (e.g., decrypted) by theEDA 34. - In an alternate embodiment of the invention, in addition to, or instead of one or both of the
EDA IBSM system 60 may include anoptional EDA 68, that performs all, or some, of the tasks necessary for generating and accessing theSIT 52. Additionally, rather than being transferred through thecommunication link 40, in yet another alternate embodiment of the invention, theSIT 52 may be readily transmitted betweenInfoTr systems IBSM system 60 via the communication links 42, 44. - In summary, in one of its simplest implementations, the
inventive SITM system 10 operates as follows: theuser 20, desiring to transmit certain information to theuser 30, indicates, to theIBSM system 60, themselves as the sender, and theuser 30 as the intended recipient. Theuser 20 then provides biometric information to theIBSM system 60 through theirBIVS 24, which is processed and compared to a compatible UBIV_Element stored in their USER_Record, to verify the identity of theuser 20. The information to be transferred is then encrypted to generate the SIT 52 (optionally utilizing at least a portion of one or both of the UBIV_Element of the sendinguser 20, and the UBIV_Element of the receiving user 30). TheSIT 52 is then transmitted to theuser 30, and upon receipt by theInfoTr system 32, to access the information in theSIT 52, theuser 30 must verify their identity to theIBSM system 60, by providing biometric information thereto through theBIVS 36, that, when processed, is successfully matched to a compatible UBIV_Element stored in the USER_Record of the user 30 (optionally in accordance with predetermined biometric recognition criteria (e.g., threshold, etc.), that may have been present in theIBSM system 60, or that may have been specified by the sendinguser 20 to theIBSM system 60, for theSIT 52, or for all ofuser 20 data transfers). - When the identity of the
user 30 is verified as the intended recipient, theIBSM system 60 enables theEDA 34 to decrypt theSIT 52 thus allowing theuser 30 to access the transferred information, while optionally recording the access event, and optionally notifyinguser 20 of the verification of the access by the designated recipient (user 30). An exemplary detailed embodiment of a process for the operation of theSITM system 10 for secured and verified information transmission is shown inFIG. 5 , and described in detail below in connection therewith. - In accordance with the present invention, the sending user may be given the ability to have significant control over the manner in which their transferred secured information is accessed by the recipient, for example, defining one or more criteria (e.g., in form of rules), that must be met for the recipient user to gain access to the information. For example, the
user 20 can specify that in order to access information inSIT 52, both theuser 30, and anotheruser 48, must verify their identities to theIBSM system 60, (e.g., both through theBIVS 36, or with each user utilizing their own BIVS). Alternately, theuser 20 can specify that theuser 30 must utilize two separate BIVS of different types, or to utilize theirBIVS 36 in conjunction with another from of security, such as a password or a PIN code. Optionally, theuser 20 can set theirSIT 52 to expire, or otherwise be erased, if theuser 30 does not access it during a specified period of time. - Additionally, a user can specify the amount and detail level of information, about the events relating to the secured data to be tracked and/or recorded by the
IBSM system 60. For example, theuser 20 can specify that they want notification of delivery ofSIT 52, notification ofuser 30 acknowledging receipt ofSIT 52, and notification whenuser 30 accesses the information therein (as well as notification of any failed attempts to access the information). - Optionally, each user's preferences relating to transfer of secured information, and for tracking events related thereto, can be stored in their USER_Record, for example as secured information transmission profile (SIT_Profile) (shown as optional SIT_Profile 66 a in
FIG. 1A ) for storing information relating to the user's preferences relating to transfer of secured information, and/or as secured information transmission log (SIT_Log) (shown asoptional SIT_Log 66 b inFIG. 1A ), for storing information indicative of the user's preferences relating to tracking events related to secured information transfers. Optionally, both SIT_Profile and SIT_Log may be presented in a unified format. - Advantageously, from the point of view of a user, the interface for necessary interaction with the various components of the
SITM system 10, and especially with theIBSM system 60, may be implemented as a separate program application, or function, of a user's InfoTr system, or as a communication portal accessible by the users' InfoTr system (for example, a secure website). Optionally, theSITM system 10, and its components, may be implemented transparently in the background, for example, as components, modules or “plug-ins” for existing applications/functions of the user's InfoTr system, such that a user can continue to utilize their preferred information transfer applications/functionality, while gaining the full benefit of theSITM system 10. In any implementation of the novel SITM system, the registered users may gain access to IBSM system functionality through an appropriate identity verification or “login” procedure, that may optionally be integrated into the process of initiating secure information transmission or information access. - In addition, while a less secure implementation than described above, in an alternate embodiment of the
SITM system 10, each InfoTr system can perform User identity verification locally, and, rather than transmitting newly acquired UBIV_Elements to theIBSM system 60 for centralized identity verification, each InfoTr system can simply indicate the status of the local verification to theIBSM system 60. - Referring now to
FIG. 5 , an exemplary embodiment of aprocess 400 for secured transmission of information utilizing the inventive SITM system (for example, theSITM system 10 ofFIG. 1A ) is shown. As noted above, as a matter of design choice, the various steps of this process may be executed by different components of the various embodiments of the inventive SITM system shown inFIGS. 1A to 3. - The
process 400 begins at astep 402, where a sending user (hereinafter “Sender”), registered with the IBSM system component of the inventive SITM system, decides to transmit secured information to one or more other registered users of the SITM system (hereinafter “Recipient”). At astep 404, the Sender generates Recipient_INFO, to identify the Recipient selected atstep 402, and that may optionally include one or more rules, for example, from a Sender SIT_Profile, relating to requirements that must be met by the Recipient to gain access to the secured information, but at a minimum requiring biometric verification of the Recipient's identity. - At a
step 406, the Recipient_INFO is transmitted to the IBSM system (or simply passed to the appropriate component thereof, ifstep 404 was being performed at the IBSM system), optionally, along with Sender_BIVE (Sender biometric identity verification element, representative of biometric information provided by the Sender), that enables theIBSM system 60 to verify the identity of the Sender, both for internal security purposes, and optionally for provision of that verified information to the Recipient. At astep 408, theprocess 400 verifies the Sender_BIVE (and optionally updates the Sender SIT_Log, if any), at astep 410, generates a SIT (e.g., by encrypting information to be transmitted), and at astep 412, transmits the SIT to the Recipient. - At a
step 414, upon receipt of the SIT, theprocess 400 requests the Recipient to verify their identity, in accordance with the requirements sent forth by the Sender in Recipient_INFO (e.g., by presenting their BIVS with biometric information to enable it to generate a corresponding Recipient_BIVE—Recipient biometric identity verification element, representative of biometric information provided by the Recipient). The Recipient_BIVE is then transmitted, at astep 416, to the IBSM system, and verified against the Recipient's UBIV_Element (in addition to any other verifications that may have been required by the Recipient_INFO). Assuming the verification criteria in the Recipient_INFO has been met, at astep 418, the SIT is decrypted and the Recipient is given access to information therein. At anoptional step 420, theprocess 400 optionally verifies to Sender that Recipient has received and accessed the SIT, and optionally updates the Sender's SIT_Log and/or the Recipient's SIT_Log, with the results of one or more of the previously performed steps. - Referring now to
FIG. 1B , an alternate embodiment of the inventive SITM system is shown as aSITM system 70. TheSITM system 70 operates substantially similarly to theSITM system 10 ofFIG. 1A , with the various components thereof having like reference characters, except that the functionality of theBIVS InfoTr system IBSM system 60. EachBIVD - The
IBSM system 60, as implemented in theSITM system 70, is supplied with a centralized biometric identity verification application (BIVA) 76 that performs all necessary functions necessary to generate UBIV_Elements from information received fromBIVDs SITM system 70 operates in a manner similar to theSITM system 10 ofFIG. 1A . - Referring now to
FIGS. 2 and 3 , exemplary embodiments of the novel SITM system, having more complex implementations that shown inFIG. 1A , but operating on the same novel principles, are shown. Referring first toFIG. 2 , aSITM system 100 is shown, that includes all of the components of theSITM system 10 shown inFIG. 1 and described in connection therewith, but that also includes anadditional BIVS 102 provided to theInfoTr system 32, and optionally yet another standaloneseparate BIVS 104, that may also be provided thereto, shown as an example to illustrate that theuser 30 may register all three BIVS 36, 102, 104 with theIBSM system 60 and then utilize any of the registered BIVS for necessary identity verification therewith. - Similarly, as another example, a
user 112, having anInfoTr system 114, may be provided with a separate BIVS/EDAstandalone security device 116, capable of performing the functions of aBIVS 120 and of anEDA 118, which may be local to theuser 112, or which theuser 112 may utilize through a communication link 122 (for example, if thedevice 116 is a voice recognition based device, theuser 112 may contact thedevice 116 though theirInfoTr system 114 and provide the necessary voice sample). In one example of utilization of theSITM system 100, theuser 20 may transfer theSIT 52 to theuser 30 with one set of Recipient_INFO (seeProcess 400,FIG. 5 ), and also send thesame SIT 52 to theuser 112, with a different Recipient_INFO. - Referring now to
FIG. 3 , a SITM system 200 is shown, that includes all of the components of the SITM systems 10 (FIG. 1 ) and 100 (FIG. 2 ), but that also includes an additional group of users, shown as a private network 202. The private network 202 may include an InfoTr server 204 (e.g. a robust computer, such as a server, or group of servers) equipped with an EDA 206, and additional users 208, 214 having correspondingInfoTr systems 210, 122, supplied with corresponding BIVSs 212, 218, and optional EDAs 220, 222. In the SITM system 200, certain functionality of the individual InfoTr systems of the users, and/or of theIBSM system 60 may be taken over by the InfoTr server 204. For example, the InfoTr server 204 may utilize a powerful EDA 206 to perform all decryption operations (upon successful recipient identity verification) on a SIT 232, sent by theuser 112, arriving to the private network 202 via a communication link 230, and designated for one, or both, of the users 208, 214, and/or also perform the encryption operations on a SIT 228, sent, from the private network 202 via a communication link 226, to theuser 20 by one of the users 208, 214. - Referring now to
FIG. 4 , an alternate embodiment of the inventive SITM system ofFIG. 1 that enables registered users to control and verify access to stored content by other parties by specifying one or more other registered users, and optionally by specifying one or more criteria for accessing certain content (similarly to as described above in connection with access to information in the SITs). Theusers respective InfoTr systems EDAs BIVSs FIG. 1A . Similarly, theadditional users respective InfoTr systems EDAs BIVSs IBSM system 60 viarespective communication links InfoTr systems content system 302 viarespective communication links FIG. 1 , the various communication links shown inFIG. 4 may be similar to at least some of the other links, or may be all of the same configuration (e.g., the Internet). - The
content system 302 preferably includes at least one item of content (see Table 1, definition #7), with threecontent items IBSM system 60, and that provides criteria for accessing the content item, that may be as simple or as complex as the user chooses. For example, if theuser 20 ownscontent 304, they may specify in aSCA_Profile 310 thatonly users content item 304 upon successful identity verification by theIBSM system 60, and that the access granted to theuser 330 expires after 10 days of being granted. - In another example, if the
user 30 controls access to thecontent item 306 which includesseparate content items 312, 314 (while two are shown by way of example, a content item may include an unlimited number of other content items in a flat or a hierarchical architecture), with theuser 30 definingseparate SCA_Profiles separate content item - In yet another example, the
user 330, may definemultiple SCA_Profiles 320 forcontent item 308, for example, based on time, specific authorized access users, and/or on other criteria. In addition, content item 308 (and of course any other content item), may include an optional content access record (CA_Record) 322, that includes information related to access to the content item, and optionally, related to failed access attempts. - Optionally, in one embodiment of the
inventive SITM system 300, theIBSM system 60 and thecontent system 302 may be implemented as asingle system 364. This may be advantageous in applications where a large amount of content items are to be managed, and/or where there is a large quantity of complex SCA_Profiles, and/or when content items are encrypted—i.e. in situations that may require anIBSM system 60 dedicated to supporting the content system. Alternately, thecontent system 302 may be implemented in a particular user's own InfoTr system. Of course, it should also be noted, that the functionality described in connection with theSITM system 300 may be readily combined withSITM systems FIGS. 1A, 1B , 2, and 3, respectively, because any embodiment of the novel SITM system can readily support both functionality related to verified secure information transmission, as well as to secured access control. - In an alternate embodiment of the invention, the same principles of
SITM system 300 implementation as are described above in their application to content access control, may be readily extended to include physical access control, whether location based (e.g., door), or item based (e.g., a safe, a computer). - Referring finally, to
FIG. 6 , an exemplary embodiment of aprocess 500 for demonstrating the process of secured content access utilizing the inventive SITM system (for example, theSITM system 300 ofFIG. 4 ) is shown. As a matter of design choice, the various steps of this process may be executed by different components of theinventive SITM system 300 ofFIG. 4 . - The
process 500 may begin at anoptional step 502, where user may provide one or more content items to a content system to be secured. If the content item (or items) to be secured is already present on the content system, theprocess 500 beings at astep 504, where the user creates a SCA_Profile that provides criteria for accessing the content item by one or more other parties, registered with the IBSM system component of the inventive SITM system. At anoptional step 506, theprocess 500 encrypts the user's content item (this step is optional because it is possible to control access to content without encrypting it). - At a
step 508, a different user attempts to access secured content, and at astep 510, transmits, biometric information acquired through their BIVS in form of a User_BIVE to the IBSM system (along with any other information that may be required by the SCA_Profile), whereupon, the IBSM system verifies the supplied User_BIVE (and other information, if any), against the UBIV_Element of the user. - Upon successful verification, at a
step 512, the user is granted access to the content item in accordance with the rules specified in the SCA_Profile for that content item (if any were defined). At anoptional step 514, theprocess 500 records events relating to various steps thereof in the CA_Record of the content item. - Finally, it should also be noted, that while the various above-described embodiments of the novel SITM system provide for securing (e.g., encrypting) the transferred information between the parties, the inventive system and method may also be readily utilized for sender and/or recipient identity verification only, without the transferred information being secured in any way. This alternate embodiment of the inventive system and method may be advantageous for applications where security and control of access to transferred data is not important, but where verification of identity of the sender and/or of the recipient accessing the information, is necessary and/or desired.
- Thus, while there have been shown and described and pointed out fundamental novel features of the invention as applied to preferred embodiments thereof, it will be understood that various omissions and substitutions and changes in the form and details of the devices and methods illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit of the invention. For example, it is expressly intended that all combinations of those elements and/or method steps which perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.
Claims (23)
1. A data processing method for biometrically verifying at least one aspect of a transfer of information between a first party and a second party, comprising the steps of:
(a) indicating, by the first party to a biometric security management system, that the second party is an intended recipient of the information;
(b) causing, by the first party utilizing a first information transfer system, operable to receive and transmit the information and comprising a first at least one biometric identity verification system, the information to be made available to the second party;
(c) accessing, by the second party utilizing a second information transfer system, operable to receive and transmit the information and comprising a second at least one biometric identity verification system, the information; and
(d) verifying, by said security management system, an identity of at least one of the first and second parties to the other party, utilizing a corresponding at least one of said at least first, and at least second biometric identity verification system.
2. The data processing method of claim 1 , wherein the information comprises at least one of: text, image, audio, video, transactional information, instrument readings, sensor readings, link to other information, biometric information, and executable program instructions.
3. The data processing method of claim 1 , wherein:
said step (b) further comprises the step of:
(e) transmitting the information, by said first information transfer system to said second information transfer system, through a communication link therebetween; and
wherein said step (c) further comprises the step of:
(f) receiving the information, by said second information transfer system from said first information transfer system, through said communication link therebetween.
4. The data processing method of claim 1 , wherein:
said step (b) further comprises the step of:
(g) storing the information, in a information storage system operable to communicate with said second information transfer system, through a communication link therebetween; and
wherein said step (c) further comprises the step of:
(h) accessing said stored information, by said second information transfer system, through said communication link therebetween.
5. The data processing method of claim 1 , further comprising the steps of:
(i) prior to said step (b), securing the information, by restricting access thereto, in accordance with at least one access criteria;
wherein said step (b) further comprises the step of: (j) providing the second party with access data indicative of at least one action necessary to meet said at least one access criteria; and
(k) prior to said step (c) and as a prerequisite for performance thereof, meeting said at least one access criteria, by the second party.
6. The data processing method of claim 1 , wherein each of said at least one first, and at least one second biometric identity verification systems are operable to verify the identity of a corresponding one of the first or second party, by acquiring at least one biometric characteristic thereof, said at least one biometric characteristic being selected from a group comprising: a human fingerprint, a human facial feature, a human voice, a human speech pattern, a human movement pattern, a human blood vessel pattern, a human retina, a human iris feature, human DNA, human hand grip dynamic, human odor, human ear structure, and a human writing style.
7. The data processing method of claim 1 , wherein each of the first, and the second parties, comprises at least one of: at least one individual, and at least one group.
8. The data processing method of claim 1 , further comprising the steps of:
(l), prior to said step (a), generating a unique identification record for each of the first and second parties, by said biometric security management system, comprising the steps of:
(m) providing, for each of the first and second parties to said biometric security management system, identification data representative of said identity thereof;
(n) providing, for each of the first and second parties to said biometric security management system, at least one baseline biometric identifier representative of that party's at least one biometric characteristic and acquired therefrom by a corresponding one of said at least one first, and at least one second biometric identity verification systems; and
(o) storing, for each of the first and second parties, said identification data and said at least one baseline biometric identifier in said unique identification record.
9. The data processing method of claim 8 , wherein said step (a) further comprises the steps of:
(p) acquiring, by at least one third biometric identity verification system from the first party, a first at least one biometric identifier;
(q) providing said first at least one biometric identifier to said biometric security management system;
(r) comparing, by said biometric security management system, said first at least one biometric identifier with said first at least one baseline biometric identifier stored in said first identification record, in accordance with first at least one predetermined identification criteria, to verify said identity of the first party; and
(s) when said identity of the first party is verified at said step (r), proceeding to said step (b), and otherwise indicating a rejection of said first at least one biometric identifier to the first party, and only proceeding to said step (b), when said identity of the first party is verified at said step (r).
10. The data processing method of claim 9 , wherein said at least one third biometric identity verification system comprises at least one of: said first at least one biometric identity verification system, said second at least one biometric identity verification system, and at least one other biometric identity verification system.
11. The data processing method of claim 9 , wherein said step (b) further comprises the step of:
(t) providing confirmation, by said biometric security management system to the second party, of said verified identity of the first party as a provider of the information, in conjunction with the information being made available to the second party.
12. The data processing method of claim 8 , further comprising the steps of:
(u) after said step (b), but prior to said step (c), acquiring, by a fourth at least one biometric identity verification system from the second party, a second at least one biometric identifier;
(v) providing said second at least one biometric identifier to said biometric security management system;
(w) comparing, by said biometric security management system, said second at least one biometric identifier with said second at least one baseline biometric identifier stored in said second identification record, in accordance with second at least one predetermined identification criteria, to verify said identity of the second party; and
(x) when said identity of the second party is verified at said step (w), proceeding to said step (c), and otherwise performing the following step:
(y) indicating a rejection of said second at least one biometric identifier to the second party, and only proceeding to said step (c) when said identity of the second party is verified at said step (w).
13. The data processing method of claim 12 , wherein said at least one fourth biometric identity verification system comprises at least one of: said first at least one biometric identity verification system, said second at least one biometric identity verification system, and at least one other biometric identity verification system.
14. The data processing method of claim 12 , wherein said step (b) further comprises the step of:
(z) after said step (c), providing confirmation, by said biometric security management system to the first party, of said verified identity of the second party and of the second party's access to the information.
15. The data processing method of claim 12 , further comprising the steps of:
(aa) prior to said step (b), securing the information, by restricting access thereto, in accordance with at least one access criteria, wherein said at least one criteria, comprises a primary access criteria of enabling access to the information by the second party only upon successful verification of said identity of the second party;
(bb) in conjunction with said step (b), providing the second party with access data indicative of at least one action necessary to meet said at least one access criteria, wherein said step (x) further comprises the step of:
(cc) when said identity of the second party is verified at said step (w), prior proceeding to said step (c), releasing access to said secured information to the second party.
16. The data processing method of claim 15 , further comprising the steps of:
(dd) prior to said step (aa), defining, by the first party for the information being made available at said step (b), said at least one access criteria, such that said at least one access criteria comprises at least one other access criteria in addition to said primary access criteria.
17. The data processing method of claim 16 , further comprising the steps of:
(ee) after step (dd) storing said at least one access criteria in said first identification record, such that said at least one access criteria may be selectively or automatically applied to all subsequent information being made available by the first party.
18. The data processing method of claim 8 , wherein said step (d) further comprises the steps of:
(ff) recording, by said biometric security management system in at least one of said first and said second identification records, data indicative of at least a portion of: actions of the first party relating to performance of said steps (a) to (d); actions of the second party relating to performance of said step (c), results of performance of all steps prior to and including said step (c).
19. The data processing method of claim 8 , wherein each of said first and second identification records, and all contents thereof, are accessible to the corresponding first, and second party.
20. The data processing method of claim 8 , comprising the steps of:
(gg) after said step (l), providing by the first party to said biometric security management system, a first at least one additional baseline biometric identifier representative of the first party's at least one additional biometric characteristic and acquired therefrom by a first at least one other biometric identity verification system; and
(hh) storing said first at least one additional baseline biometric identifier in said first at least one baseline biometric identifier.
21. The data processing method of claim 8 , comprising the steps of:
(jj) after said step (l), providing by the second party to said biometric security management system, a second at least one additional baseline biometric identifier representative of the second party's at least one additional biometric characteristic and acquired therefrom by a second at least one other biometric identity verification system; and
(kk) storing said second at least one additional baseline biometric identifier in said second at least one baseline biometric identifier.
22. The data processing method of claim 1 , wherein each of said first and said second information transfer systems is selected from a group of: at least one computer, and at least one mobile communication device.
23. A data processing system for biometrically verifying at least one aspect of a transfer of information between a first party and a second party, comprising:
a first information transfer system, operable to transmit and receive the information, comprising a first at least one biometric identity verification system,
a second information transfer system, operable to receive and transmit the information comprising a second at least one biometric identity verification system, and operable to communicate with said first information transfer system through a first at least one communication link, and
a biometric security management system, operable to communicate with said first and said second information transfer systems through a second at least one communication link, wherein said first information transfer system is further operable by the first party to: (1) indicate the second party as an intended recipient of the information, and (2) cause the information to be made available to the second party, wherein said second information transfer system is operable by the second party to accessing the information, and wherein said biometric security management system, is operable to verify an identity of at least one of the first and second parties to the other party when the second party accesses the information.
Priority Applications (12)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/430,130 US20060206725A1 (en) | 2002-04-23 | 2006-05-08 | System and method for platform-independent biometrically verified secure information transfer and access control |
PCT/US2007/068509 WO2007134083A2 (en) | 2006-05-08 | 2007-05-08 | System and method for platform-independent biometrically verified secure information transfer and access control |
US11/844,843 US8145915B2 (en) | 2002-04-23 | 2007-08-24 | System and method for platform-independent biometrically secure information transfer and access control |
US13/251,887 US20120042172A1 (en) | 2002-04-23 | 2011-10-03 | System and method for platform-independent biometrically verified secure information transfer and access control |
US14/593,671 US20150128226A1 (en) | 2002-04-23 | 2015-01-09 | Independent biometric identification system |
US15/678,676 US10104074B2 (en) | 2002-04-23 | 2017-08-16 | Independent biometric identification system |
US16/146,205 US20190036920A1 (en) | 2002-04-23 | 2018-09-28 | System and method for platform-independent biometrically verified secure information transfer and access control |
US16/354,853 US20190215322A1 (en) | 2002-04-23 | 2019-03-15 | System and method for platform-independent biometrically verified secure information transfer and access control |
US16/429,950 US20190289001A1 (en) | 2002-04-23 | 2019-06-03 | System and method for platform-independent biometrically verified secure information transfer and access control |
US16/538,306 US20190364040A1 (en) | 2002-04-23 | 2019-08-12 | System and method for platform-independent biometrically verified secure information transfer and access control |
US16/736,508 US20200145412A1 (en) | 2002-04-23 | 2020-01-07 | System and method for platform-independent biometrically verified secure information transfer and access control |
US16/834,620 US20200228526A1 (en) | 2002-04-23 | 2020-03-30 | System and method for platform-independent biometrically verified secure information transfer and access control |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/128,860 US6993659B2 (en) | 2002-04-23 | 2002-04-23 | Independent biometric identification system |
US11/332,017 US20060129840A1 (en) | 2002-04-23 | 2006-01-12 | Multiplatform independent biometric identification system |
US79236506P | 2006-04-14 | 2006-04-14 | |
US11/430,130 US20060206725A1 (en) | 2002-04-23 | 2006-05-08 | System and method for platform-independent biometrically verified secure information transfer and access control |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/332,017 Continuation-In-Part US20060129840A1 (en) | 2002-04-23 | 2006-01-12 | Multiplatform independent biometric identification system |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/844,843 Continuation US8145915B2 (en) | 2002-04-23 | 2007-08-24 | System and method for platform-independent biometrically secure information transfer and access control |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060206725A1 true US20060206725A1 (en) | 2006-09-14 |
Family
ID=38694663
Family Applications (7)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/430,130 Abandoned US20060206725A1 (en) | 2002-04-23 | 2006-05-08 | System and method for platform-independent biometrically verified secure information transfer and access control |
US11/844,843 Expired - Fee Related US8145915B2 (en) | 2002-04-23 | 2007-08-24 | System and method for platform-independent biometrically secure information transfer and access control |
US13/251,887 Abandoned US20120042172A1 (en) | 2002-04-23 | 2011-10-03 | System and method for platform-independent biometrically verified secure information transfer and access control |
US14/593,671 Abandoned US20150128226A1 (en) | 2002-04-23 | 2015-01-09 | Independent biometric identification system |
US15/678,676 Expired - Fee Related US10104074B2 (en) | 2002-04-23 | 2017-08-16 | Independent biometric identification system |
US16/146,205 Abandoned US20190036920A1 (en) | 2002-04-23 | 2018-09-28 | System and method for platform-independent biometrically verified secure information transfer and access control |
US16/354,853 Abandoned US20190215322A1 (en) | 2002-04-23 | 2019-03-15 | System and method for platform-independent biometrically verified secure information transfer and access control |
Family Applications After (6)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/844,843 Expired - Fee Related US8145915B2 (en) | 2002-04-23 | 2007-08-24 | System and method for platform-independent biometrically secure information transfer and access control |
US13/251,887 Abandoned US20120042172A1 (en) | 2002-04-23 | 2011-10-03 | System and method for platform-independent biometrically verified secure information transfer and access control |
US14/593,671 Abandoned US20150128226A1 (en) | 2002-04-23 | 2015-01-09 | Independent biometric identification system |
US15/678,676 Expired - Fee Related US10104074B2 (en) | 2002-04-23 | 2017-08-16 | Independent biometric identification system |
US16/146,205 Abandoned US20190036920A1 (en) | 2002-04-23 | 2018-09-28 | System and method for platform-independent biometrically verified secure information transfer and access control |
US16/354,853 Abandoned US20190215322A1 (en) | 2002-04-23 | 2019-03-15 | System and method for platform-independent biometrically verified secure information transfer and access control |
Country Status (2)
Country | Link |
---|---|
US (7) | US20060206725A1 (en) |
WO (1) | WO2007134083A2 (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8819793B2 (en) | 2011-09-20 | 2014-08-26 | Csidentity Corporation | Systems and methods for secure and efficient enrollment into a federation which utilizes a biometric repository |
CN104933335A (en) * | 2014-03-21 | 2015-09-23 | 三星电子株式会社 | System And Method For Executing File By Using Biometric Information |
US9235728B2 (en) | 2011-02-18 | 2016-01-12 | Csidentity Corporation | System and methods for identifying compromised personally identifiable information on the internet |
US20160373440A1 (en) * | 2014-08-26 | 2016-12-22 | Hoyos Labs Ip Ltd. | System and method for biometric protocol standards |
US10339527B1 (en) | 2014-10-31 | 2019-07-02 | Experian Information Solutions, Inc. | System and architecture for electronic fraud detection |
US10592982B2 (en) | 2013-03-14 | 2020-03-17 | Csidentity Corporation | System and method for identifying related credit inquiries |
US10699028B1 (en) | 2017-09-28 | 2020-06-30 | Csidentity Corporation | Identity security architecture systems and methods |
US10896472B1 (en) | 2017-11-14 | 2021-01-19 | Csidentity Corporation | Security and identity verification system and architecture |
US10904245B1 (en) * | 2013-08-08 | 2021-01-26 | Google Technology Holdings LLC | Adaptive method for biometrically certified communication |
US10909617B2 (en) | 2010-03-24 | 2021-02-02 | Consumerinfo.Com, Inc. | Indirect monitoring and reporting of a user's credit data |
US11030562B1 (en) | 2011-10-31 | 2021-06-08 | Consumerinfo.Com, Inc. | Pre-data breach monitoring |
US11151468B1 (en) | 2015-07-02 | 2021-10-19 | Experian Information Solutions, Inc. | Behavior analysis using distributed representations of event data |
US11329980B2 (en) | 2015-08-21 | 2022-05-10 | Veridium Ip Limited | System and method for biometric protocol standards |
US20220245230A1 (en) * | 2014-03-10 | 2022-08-04 | FaceToFace Biometrics, Inc. | Message sender security in messaging system |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7107220B2 (en) * | 2004-07-30 | 2006-09-12 | Sbc Knowledge Ventures, L.P. | Centralized biometric authentication |
US8127337B2 (en) * | 2008-03-06 | 2012-02-28 | Motorola Solutions, Inc. | Method and apparatus as pertains to a biometric template and a corresponding privacy policy |
US9928379B1 (en) * | 2008-09-08 | 2018-03-27 | Steven Miles Hoffer | Methods using mediation software for rapid health care support over a secured wireless network; methods of composition; and computer program products therefor |
US8041956B1 (en) * | 2010-08-16 | 2011-10-18 | Daon Holdings Limited | Method and system for biometric authentication |
US8886935B2 (en) * | 2010-04-30 | 2014-11-11 | Kabushiki Kaisha Toshiba | Key management device, system and method having a rekey mechanism |
GB201109311D0 (en) * | 2011-06-03 | 2011-07-20 | Avimir Ip Ltd | Method and computer program for providing authentication to control access to a computer system |
KR20140026844A (en) * | 2012-08-23 | 2014-03-06 | 삼성전자주식회사 | Method and system for authenticating transaction request from device |
EP2802122A1 (en) | 2013-05-07 | 2014-11-12 | Nagravision S.A. | A Media Player for Receiving Media Content from a Remote Server |
US9084115B2 (en) | 2013-05-13 | 2015-07-14 | Dennis Thomas Abraham | System and method for data verification using a smart phone |
US9906535B2 (en) | 2013-09-10 | 2018-02-27 | Arthur P. GOLDBERG | Methods for rapid enrollment of users of a secure, shared computer system via social networking among people on a selective list |
US9619633B1 (en) | 2014-06-18 | 2017-04-11 | United Services Automobile Association (Usaa) | Systems and methods for upgrading authentication systems |
US11615199B1 (en) | 2014-12-31 | 2023-03-28 | Idemia Identity & Security USA LLC | User authentication for digital identifications |
CN108293187B (en) * | 2016-02-10 | 2022-06-07 | 智管家(天津)科技有限公司 | Method and system for registering user by using wearable device |
US10193884B1 (en) | 2016-06-21 | 2019-01-29 | Wells Fargo Bank, N.A. | Compliance and audit using biometric tokenization |
US10142333B1 (en) * | 2016-06-21 | 2018-11-27 | Wells Fargo Bank, N.A. | Biometric reference template record |
US10572641B1 (en) | 2016-06-21 | 2020-02-25 | Wells Fargo Bank, N.A. | Dynamic enrollment using biometric tokenization |
US10731768B2 (en) * | 2016-10-12 | 2020-08-04 | Ecolab Usa Inc. | Systems and methods for manifold valves |
KR20200100481A (en) * | 2019-02-18 | 2020-08-26 | 삼성전자주식회사 | Electronic device for authenticating biometric information and operating method thereof |
CN111383378B (en) * | 2020-03-11 | 2021-07-30 | 合肥鼎方信息科技有限公司 | Access control identification system information node interconnection method based on block chain architecture |
FR3114891B3 (en) * | 2020-10-05 | 2022-09-30 | Amadeus | Biometric identification system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5613012A (en) * | 1994-11-28 | 1997-03-18 | Smarttouch, Llc. | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
US6983061B2 (en) * | 2000-04-27 | 2006-01-03 | Fujitsu Limited | Personal authentication system and method using biometrics information, and registering apparatus, authenticating apparatus and pattern information input medium for the system |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5815252A (en) * | 1995-09-05 | 1998-09-29 | Canon Kabushiki Kaisha | Biometric identification process and system utilizing multiple parameters scans for reduction of false negatives |
US6092192A (en) * | 1998-01-16 | 2000-07-18 | International Business Machines Corporation | Apparatus and methods for providing repetitive enrollment in a plurality of biometric recognition systems based on an initial enrollment |
US6618806B1 (en) * | 1998-04-01 | 2003-09-09 | Saflink Corporation | System and method for authenticating users in a computer network |
US6256737B1 (en) * | 1999-03-09 | 2001-07-03 | Bionetrix Systems Corporation | System, method and computer program product for allowing access to enterprise resources using biometric devices |
US6615191B1 (en) * | 1999-05-11 | 2003-09-02 | E. Addison Seeley | Software licensing and distribution systems and methods employing biometric sample authentication |
US6697947B1 (en) * | 1999-06-17 | 2004-02-24 | International Business Machines Corporation | Biometric based multi-party authentication |
EP1269425A2 (en) * | 2000-02-25 | 2003-01-02 | Identix Incorporated | Secure transaction system |
US7140036B2 (en) * | 2000-03-06 | 2006-11-21 | Cardinalcommerce Corporation | Centralized identity authentication for electronic communication networks |
US6970853B2 (en) * | 2000-06-06 | 2005-11-29 | Citibank, N.A. | Method and system for strong, convenient authentication of a web user |
JP2002132730A (en) * | 2000-10-20 | 2002-05-10 | Hitachi Ltd | System and method for authentication or access management based on reliability and disclosure degree of personal information |
JP2002141895A (en) * | 2000-11-01 | 2002-05-17 | Sony Corp | System and method for distributing contents |
CA2372380A1 (en) * | 2001-02-20 | 2002-08-20 | Martin D. Levine | Method for secure transmission and receipt of data over a computer network using biometrics |
KR20030097847A (en) * | 2001-05-02 | 2003-12-31 | 시큐젠 코포레이션 | Authenticating user on computer network for biometric information |
US20030149881A1 (en) * | 2002-01-31 | 2003-08-07 | Digital Security Inc. | Apparatus and method for securing information transmitted on computer networks |
US7107220B2 (en) * | 2004-07-30 | 2006-09-12 | Sbc Knowledge Ventures, L.P. | Centralized biometric authentication |
-
2006
- 2006-05-08 US US11/430,130 patent/US20060206725A1/en not_active Abandoned
-
2007
- 2007-05-08 WO PCT/US2007/068509 patent/WO2007134083A2/en active Application Filing
- 2007-08-24 US US11/844,843 patent/US8145915B2/en not_active Expired - Fee Related
-
2011
- 2011-10-03 US US13/251,887 patent/US20120042172A1/en not_active Abandoned
-
2015
- 2015-01-09 US US14/593,671 patent/US20150128226A1/en not_active Abandoned
-
2017
- 2017-08-16 US US15/678,676 patent/US10104074B2/en not_active Expired - Fee Related
-
2018
- 2018-09-28 US US16/146,205 patent/US20190036920A1/en not_active Abandoned
-
2019
- 2019-03-15 US US16/354,853 patent/US20190215322A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5613012A (en) * | 1994-11-28 | 1997-03-18 | Smarttouch, Llc. | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
US6983061B2 (en) * | 2000-04-27 | 2006-01-03 | Fujitsu Limited | Personal authentication system and method using biometrics information, and registering apparatus, authenticating apparatus and pattern information input medium for the system |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10909617B2 (en) | 2010-03-24 | 2021-02-02 | Consumerinfo.Com, Inc. | Indirect monitoring and reporting of a user's credit data |
US10593004B2 (en) | 2011-02-18 | 2020-03-17 | Csidentity Corporation | System and methods for identifying compromised personally identifiable information on the internet |
US9235728B2 (en) | 2011-02-18 | 2016-01-12 | Csidentity Corporation | System and methods for identifying compromised personally identifiable information on the internet |
US9558368B2 (en) | 2011-02-18 | 2017-01-31 | Csidentity Corporation | System and methods for identifying compromised personally identifiable information on the internet |
US9710868B2 (en) | 2011-02-18 | 2017-07-18 | Csidentity Corporation | System and methods for identifying compromised personally identifiable information on the internet |
US9237152B2 (en) | 2011-09-20 | 2016-01-12 | Csidentity Corporation | Systems and methods for secure and efficient enrollment into a federation which utilizes a biometric repository |
US8819793B2 (en) | 2011-09-20 | 2014-08-26 | Csidentity Corporation | Systems and methods for secure and efficient enrollment into a federation which utilizes a biometric repository |
US11568348B1 (en) | 2011-10-31 | 2023-01-31 | Consumerinfo.Com, Inc. | Pre-data breach monitoring |
US11030562B1 (en) | 2011-10-31 | 2021-06-08 | Consumerinfo.Com, Inc. | Pre-data breach monitoring |
US10592982B2 (en) | 2013-03-14 | 2020-03-17 | Csidentity Corporation | System and method for identifying related credit inquiries |
US10904245B1 (en) * | 2013-08-08 | 2021-01-26 | Google Technology Holdings LLC | Adaptive method for biometrically certified communication |
US10536454B2 (en) | 2013-12-31 | 2020-01-14 | Veridium Ip Limited | System and method for biometric protocol standards |
US20220245230A1 (en) * | 2014-03-10 | 2022-08-04 | FaceToFace Biometrics, Inc. | Message sender security in messaging system |
US20150269389A1 (en) * | 2014-03-21 | 2015-09-24 | Samsung Electronics Co., Ltd. | System and method for executing file by using biometric information |
US9594919B2 (en) * | 2014-03-21 | 2017-03-14 | Samunsung Electronics Co., Ltd. | System and method for executing file by using biometric information |
CN104933335A (en) * | 2014-03-21 | 2015-09-23 | 三星电子株式会社 | System And Method For Executing File By Using Biometric Information |
US9838388B2 (en) * | 2014-08-26 | 2017-12-05 | Veridium Ip Limited | System and method for biometric protocol standards |
US20160373440A1 (en) * | 2014-08-26 | 2016-12-22 | Hoyos Labs Ip Ltd. | System and method for biometric protocol standards |
US11941635B1 (en) | 2014-10-31 | 2024-03-26 | Experian Information Solutions, Inc. | System and architecture for electronic fraud detection |
US10990979B1 (en) | 2014-10-31 | 2021-04-27 | Experian Information Solutions, Inc. | System and architecture for electronic fraud detection |
US10339527B1 (en) | 2014-10-31 | 2019-07-02 | Experian Information Solutions, Inc. | System and architecture for electronic fraud detection |
US11436606B1 (en) | 2014-10-31 | 2022-09-06 | Experian Information Solutions, Inc. | System and architecture for electronic fraud detection |
US11151468B1 (en) | 2015-07-02 | 2021-10-19 | Experian Information Solutions, Inc. | Behavior analysis using distributed representations of event data |
US11329980B2 (en) | 2015-08-21 | 2022-05-10 | Veridium Ip Limited | System and method for biometric protocol standards |
US10699028B1 (en) | 2017-09-28 | 2020-06-30 | Csidentity Corporation | Identity security architecture systems and methods |
US11157650B1 (en) | 2017-09-28 | 2021-10-26 | Csidentity Corporation | Identity security architecture systems and methods |
US11580259B1 (en) | 2017-09-28 | 2023-02-14 | Csidentity Corporation | Identity security architecture systems and methods |
US10896472B1 (en) | 2017-11-14 | 2021-01-19 | Csidentity Corporation | Security and identity verification system and architecture |
Also Published As
Publication number | Publication date |
---|---|
US20070283165A1 (en) | 2007-12-06 |
US20170366542A1 (en) | 2017-12-21 |
US20150128226A1 (en) | 2015-05-07 |
WO2007134083A3 (en) | 2008-12-04 |
WO2007134083A2 (en) | 2007-11-22 |
US10104074B2 (en) | 2018-10-16 |
US8145915B2 (en) | 2012-03-27 |
US20190215322A1 (en) | 2019-07-11 |
US20120042172A1 (en) | 2012-02-16 |
US20190036920A1 (en) | 2019-01-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10104074B2 (en) | Independent biometric identification system | |
US20230129693A1 (en) | Transaction authentication and verification using text messages and a distributed ledger | |
US11196551B2 (en) | Automated task management on a blockchain based on predictive and analytical analysis | |
US10073958B2 (en) | Security system for verification of user credentials | |
US9398013B2 (en) | System, method and computer program product for an authentication management infrastructure | |
CN102609640B (en) | Secure data parser method and system | |
US10621584B2 (en) | Network of biometrically secure devices with enhanced privacy protection | |
WO2000054214A1 (en) | System, method and computer program product for allowing access to enterprise resources using biometric devices | |
AU2013204989A1 (en) | A system, method, computer program and data signal for the provision of a profile of identification | |
US11100497B2 (en) | Risk mitigation for a cryptoasset custodial system using a hardware security key | |
US20080313470A1 (en) | Multiple user authentications on a communications device | |
US20140047233A1 (en) | System and methods for automated transaction key generation and authentication | |
WO2022020384A1 (en) | Secure storage techniques utilizing consortium distributed ledgers | |
WO1999012144A1 (en) | Digital signature generating server and digital signature generating method | |
US20200228526A1 (en) | System and method for platform-independent biometrically verified secure information transfer and access control | |
US20230050280A1 (en) | Computer-implemented user identity verification method | |
US20080250245A1 (en) | Biometric-based document security | |
WO2001065375A1 (en) | System, method and computer program product for an authentication management infrastructure | |
US11741215B1 (en) | Recipient credentialing leveraging private keys on keystores read by provisioned devices | |
US20230016488A1 (en) | Document signing system for mobile devices | |
van den Broek et al. | Securely derived identity credentials on smart phones via self-enrolment | |
US11863980B1 (en) | Authentication and authorization for access to soft and hard assets | |
US20230247022A1 (en) | Unified identification verification system | |
WO2023239760A1 (en) | Computer-implemented user identity verification method | |
Sharmila et al. | A Novel Approach for Emergency Backup Authentication Using Fourth Factor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: ADVANCED BIOMETRIC SOLUTIONS, INC., NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MILGRAMM, MICHAEL;SOROKIN, ILYA;REEL/FRAME:017849/0270 Effective date: 20060505 |
|
AS | Assignment |
Owner name: INFO DATA INC., NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ADVANCED BIOMETRIC SOLUTIONS, INC.;REEL/FRAME:022614/0948 Effective date: 20090423 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |