US2016197919A1PendingUtilityA1

Real identity authentication

Assignee: MSI SECURITY LTDPriority: Oct 4, 2012Filed: Mar 11, 2016Published: Jul 7, 2016
Est. expiryOct 4, 2032(~6.2 yrs left)· nominal 20-yr term from priority
H04L 63/0807H04L 63/0861G06F 21/32H04L 63/0853H04L 9/3231
30
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A real identity biometric authentication device includes a USB thumb drive form factor, with a biometric sensor and designated device processor and stored instructions in firmware which perform authentication in a secure manner, independent of processing and storage resources on a host platform. The device and authentication process require biometric data and are secured against effects of malware or other security risks presented by applications running on the host platform. During an enrollment process, a unique encrypted enrollment biometric token is created using biometric data and uploaded securely to an authentication server. During an authentication process, the encrypted enrollment biometric token is downloaded to the real identity authentication device firmware and is decrypted on the device. The biometric data obtained from the decrypted data and is compared with live, real-time biometric data obtained from the user, for example, by a real-time fingerprint scan. If the real-time biometric data and the enrolled, decrypted biometric data match, the user is authenticated.

Claims

exact text as granted — not AI-modified
1 . A real identity authentication device comprising:
 a non-transitory, computer-readable medium for storing data and instructions;   a biometric input device for receiving user biometric information;   a processor for executing the instructions stored in the non-transitory computer-readable medium, the instructions, when executed, causing the processor to perform the steps of:   sending an authentication request to a remote server;   receiving an encrypted server biometric token from the remote server;   collecting real-time biometric attributes, based on biometric interaction of a user with the biometric input device;   creating a real-time biometric token based upon the collected real-time biometric attributes;   comparing the server biometric token and the real-time biometric token; and   authenticating a user based upon information in the server biometric token matching real time biometric token.   
     
     
         2 . The device of  claim 1 , further comprising a host platform interface for coupling the device to a host platform, wherein the processor is configured to execute instructions in the non-transitory computer-readable medium in a controlled firmware environment, isolated from the host platform and independent of processing and storage resources on the host platform. 
     
     
         3 . The real identity authentication device of  claim 1 , wherein the non-transitory computer-readable medium comprises a controlled firmware environment. 
     
     
         4 . The authentication device of  claim 1 , wherein the real-time biometric attributes include user fingerprint data. 
     
     
         5 . The authentication device of  claim 1 , further comprising the step of deleting the real time biometric attributes after matching the server biometric token and the real time biometric token. 
     
     
         6 . The authentication device of  claim 1 , further comprising the step of creating an encrypted authentication token in response to matching the server biometric token with the real-time biometric token. 
     
     
         7 . The authentication device of  claim 1 , wherein the encrypted authentication token includes information indicative of the time and information indicative of the real identity authentication device. 
     
     
         8 . The device of  claim 1 , wherein the instructions, when executed, cause the processor to perform the further steps of sending an authentication request to the remote server from a second user, and wherein the step of receiving an encrypted biometric token from the remote server includes receiving a biometric token associated with the second user. 
     
     
         9 . The device of  claim 1 , wherein the instructions, when executed, cause the processor to perform the further steps of creating an enrollment biometric token and uploading the enrollment biometric token to an authentication server. 
     
     
         10 . The device of  claim 1 , wherein the authentication token includes device identification data representing a MAC address of a host computer and application identification data. 
     
     
         11 . A process for authenticating a user comprising:
 sending an authentication request to a remote server;   receiving an encrypted server biometric token from the remote serve   creating a real-time biometric token, based on biometric interaction of a user with the biometric input device;   comparing information in the server biometric token and the real time biometric token; and   authenticating a user based upon the server biometric token matching the real time biometric token.   
     
     
         12 . The process of  claim 11 , further comprising the step of deleting real time biometric attributes after matching the server biometric token and the real time biometric token. 
     
     
         13 . The process of  claim 11 , further comprising the step of sending an authentication request to the remote server from a second user, and wherein the step of receiving an encrypted biometric token from the remote server includes receiving a biometric token associated with the second user. 
     
     
         14 . The process of  claim 11 , further comprising the steps of creating an enrollment biometric token and uploading the enrollment biometric token to an authentication server. 
     
     
         15 . The process of  claim 11 , wherein the authentication token includes device identification data representing a MAC address of a host computer and application identification data.

Join the waitlist — get patent alerts

Track US2016197919A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.