Conditional and situational biometric authentication and enrollment

Information

  • Patent Grant
  • 10580243
  • Patent Number
    10,580,243
  • Date Filed
    Wednesday, April 16, 2014
    11 years ago
  • Date Issued
    Tuesday, March 3, 2020
    5 years ago
Abstract
The present invention provides a system for conditionally selecting biometric modalities for biometric authentication at authentication run time. The inventive concept uses programmatic logic to identify which biometric modalities to use for authenticating a user. The software module for selecting biometric modalities includes, a plurality of rules or conditional logic for selecting one or more biometric modalities required to authenticate a user requesting a secure action.
Description
BACKGROUND OF THE INVENTION

1. Field of Invention


This invention relates generally to identity management systems and more specifically, to techniques for conditional and situational biometric authentication and enrollment.


2. Description of Related Art


For most individuals, the need to establish personal identity occurs many times a day. A person might have to establish identity in order to gain access to physical spaces, computers, bank accounts, personal records, restricted areas, reservations, and the like. Identity is typically established by something we have (e.g., a key, driver license, bank card, credit card, etc.), something we know (e.g., computer password, PIN number, etc.), or some unique and measurable biological feature (e.g., our face recognized by a bank teller or security guard, etc.).


The most secure means of identity is a biological (or behavioral) feature that can be objectively and automatically measured, and resistant to impersonation, theft, or other forms of fraud. The use of measurements derived from human biological features, biometrics, to identify individuals is hence a rapidly emerging science.


Biometrics is a generic term for biological characteristics that can be used to distinguish one individual from another, particularly through the use of digital equipment. For example, a biometric can be a fingerprint. Trained analysts have long been able to match fingerprints in order to identify individuals. More recently, computer systems have been developed to match fingerprints automatically. Further examples of biometrics that have been used to identify, or authenticate the identity of, individuals include: 2D face image, 3D face image, hand geometry, single fingerprint, ten finger live scan, iris, palm, full hand, signature, ear, finger vein, retina, DNA and voice. Other biometrics may include characteristic gaits, lip movements and the like. Furthermore, additional biometrics are continuously being developed or discovered.


The implementation of biometric systems requires the coordination between the individual and the organization or business implementing the technology. Generally, the implementation of biometrics systems requires an initial enrollment process. This means that a sample biometric measurement is provided by the individual, along with personal identifying, demographic information, such as, for example, his/her name, address, telephone number, an identification number (e.g., a social security number), a bank account number, a credit card number, a reservation number, or some other information unique to that individual. The sample biometric is stored along with the personal identification data in a database.


Digital equipment for capturing biometrics varies from place to place or from device to device, and a person can require authentication from any of the different places or devices. Different places, devices or modalities require different conditions or adjustments for biometric authentication, where different requested actions also require specific security adjustments.


Thus, a need exists for a biometric system that handles authentication depending on the condition or situation of the person requiring authentication or the action requiring authentication.


SUMMARY OF THE INVENTION

According to an embodiment of the present invention, a multi-modal biometric system using situational and conditional authentication is disclosed. The system comprises a computing device, such as for example a personal computer or server for providing or hosting a secure action, a multi-modal biometric matching engine, a biometric data cache, a software module that include rules to manage situational and conditional authentication, and one or more devices configured to access the secure action. The system may be configured in a centralized architecture or as distributed architecture.


The system allows the conditions for biometric authentication to change dynamically according to the situation of the user or the action requested. The system includes a software component with a set of rules or programmatic logic that determines appropriate biometric modalities for authentication and appropriate thresholds for each modality depending on the type of action requested, or the location or device from which the action is requested. In another embodiment of the invention, the system selects biometric modalities to be used for authentication depending on the available biometrics enrolled for the user who requires authentication. In yet another embodiment, the system select biometric modalities to be used for authentication depending on the biometrics modalities supported by the device or place from where the action is being requested. Other embodiments of the system may adjust the number of biometric modalities to be used depending on the action being requested. The system may also adjust or select biometric modalities depending on the quality provided by the biometric capture device.


Further embodiments of the system may adjust the thresholds for the selected modalities depending on the action being requested. The system may adjust the biometric modalities required or the thresholds for the selected biometric modalities depending on historic data associated with the action being requested or the user requesting the action.


In an embodiment of the invention, a method for biometric authentication of a user comprises: identifying an action request of a user of a device; determining a security level associated with the identified action request of the user of the device; determining one or more biometric modalities supported by the device; selecting a number of biometric modalities from the determined one or more biometric modalities supported by the device based on the determined security level; requesting biometrics of the user for the selected number of biometric modalities; receiving biometrics of the user for the selected number of biometric modalities; and requesting biometric verification of the received biometrics. The step of determining a security level can also based on location of the device or type of the device. The step of requesting biometric verification of the received biometrics comprises adjusting a scoring threshold of the requested biometric verification based on the determined security level. The identified action request can involve a monetary amount and the step of determining a security level is also based on the monetary amount. The identified action request can involve access to information and the step of determining a security level is also based on type of the information. Granting or denying the action request is based on the outcome of the requested biometric verification. The step of determining a security level is also based on identity of the user.


The foregoing, and other features and advantages of the invention, will be apparent from the following, more particular description of the preferred embodiments of the invention, the accompanying drawings, and the claims.





BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present invention, the objects and advantages thereof, reference is now made to the ensuing descriptions taken in connection with the accompanying drawings briefly described as follows.



FIG. 1 illustrates a centralized system for situational and conditional biometric authentication (SSCBA) according to an embodiment of the invention;



FIG. 2 illustrates a distributed system for situational and conditional biometric authentication according to an embodiment of the invention;



FIG. 3 illustrates an authentication process according to an embodiment of the invention;



FIG. 4 illustrates an authentication process according to an embodiment of the invention;



FIG. 5 illustrates a situational biometric enrollment process according to an embodiment of the invention;



FIG. 6 illustrates a situational biometric enrollment process according to another embodiment of the invention; and



FIG. 7 illustrates a situational biometric enrollment process according to another embodiment of the invention.





DETAILED DESCRIPTION OF EMBODIMENTS

Preferred embodiments of the present invention and their advantages may be understood by referring to FIGS. 1-7, wherein like reference numerals refer to like elements. The descriptions and features disclosed herein can be applied to various interactive messaging systems, the identification and implementation of which are apparent to one of ordinary skill in the art. The features described herein are broadly applicable to any type of communications technologies and standards.


As used here, the following terms have the following definitions:


“Conditional” refers to one or more conditions that influence adjustments either on thresholds or modalities for biometric authentication.


“Situational biometrics” refers to specific biometrics that can be used depending on biometrics supported for authentication by the client device or location.


“Biometric authentication” refers to methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.


“Biometric modalities” refers to different categories and/or types of biometric identifiers.


“Biometric verification” refers to the use of biometric authentication to verify the identity of a person.


“Biometric identification” refers to the use of biometric authentication to identify a person among a biometrically enrolled population.


“Biometric probe” refers to any captured biometric that is used to compare with or match against one or more prior biometric enrollments.


“Biometric score” is any probability score that a given biometric enrollment and a given biometric probe represent the same identity.


“Biometric template” refers to any binary, numerical, alphabetical or alphanumeric representation of a single biometric generated by a biometric algorithm.


“Biometric capture” refers to using a biometric input device or system to capture biometric data in the form of images, templates, or other form.


“Biometric data” refers to data that is used to verify or identify a person based on physical traits or behaviors. Biometric data includes, but is not limited to images of fingerprints, faces, irises, and binary data generated by biometric algorithms.


“Enrolled biometrics” refers to the first biometric templates stored in a database for future comparison processes.


“Biometric thresholds” refers to a range of scores that determine the level of success of a biometric matching process.



FIG. 1 illustrates a centralized system for situational and conditional biometric authentication and/or enrollment 100 according to an embodiment of the invention. System 100 comprises a biometric data cache 102, which can be any database engine, such as commercial known database engines like Oracle, SQL Server, MySQL, and/or any database engine configured to handle biometric templates, the identification and implementation of which are apparent to one of ordinary skill in the art. System 100 comprises a multi-modal biometric matching engine 104, such as those disclosed U.S. Pat. Nos. 7,298,873; 7,362,884; 7,596,246; and 7,606,396; which are all incorporated by reference in their entireties.


System 100 comprises a plurality of biometric clients 106. Exemplary biometric clients 106 include, but are not limited to computing devices such as, but not limited to kiosks, automated teller terminals, desktop computers (e.g., personal computers), laptops, and mobile devices (e.g., smartphones, tablets, phablets, and personal digital assistants) having installed thereon a suitable operating system and biometric software. Each biometric client 106 supports at least one biometric modality.


A software module 108 is integrated in system 100 to handle situational and conditional biometric authentication and/or enrollment. Software module 108 includes software code that uses programmatic logic to establish and manage a plurality of rules or conditional logic. Software module 108 is communicatively coupled with biometric matching engine 104 and biometric clients 106 to manage biometric authentication and enrollment efforts according to the programmed conditional logic.


Each biometric client 106 supports one or more different biometric modalities. Software module 108 contains programmed logic to identify which biometric modalities are supported by each biometric client 106. In an exemplary embodiment of the invention as shown, three biometric clients 106 authenticate through software module 108 to request an action. A first biometric client 110 support iris, a second biometric client 112 supports fingerprint, and a third biometric client 114 supports voice and face.



FIG. 2 illustrates a distributed system for situational and conditional biometric authentication and/or enrollment 200 according to an embodiment of the invention. The software module 108 is integrated as part of each biometric client 106. Conditions can be applied directly at the biometric client 106 level before sending a request to the biometric matching engine 104. In another embodiment of the invention, a combination of distributed and centralized system is implemented. For example, a software module 108 exists at a server level and a second software module 108 exists at the biometric client 106 level.



FIG. 3 illustrates an authentication process 300 according to an embodiment of the invention. The process is implemented by system 100 or 200. The authentication process 300 is for conditionally selecting biometric modalities for biometric authentication at authentication run time. First, biometric client 106 requests (step 302) an action, which can be any action, such as requesting access to an application, transferring money from a bank account, requesting information and/or any other action that requires authentication. Software module 108 then identifies (step 304) which biometric client 106 is requesting action 302 in order to identify biometric modalities supported by that biometric client 106. Software module 108 identifies (step 306) enrolled biometrics for that client in biometric matching engine 104. Software module 108 then compares biometric modalities supported by biometric client 106 to enrolled biometrics for that client and selects (step 308) biometrics to be used accordingly for authentication.


Software module 108 then requests (step 310) biometrics to biometric client 106. Biometric client 106 then captures (step 312) requested biometrics and sends them to software module 108. Software module 108 then requests (step 314) biometric verification to biometric matching engine 104. Biometric matching engine 104 compares the received biometrics against previously stored biometric templates in a matching process (step 316). From the matching process, biometric scores are generated and returned to software module 108. The score returned serves as an indication that the individual authenticated is in fact who he/she claims to be. Software module 108 then analyzes the score and determines a next step (step 318) if necessary. Next step 318 can be any action programmatically determined, such as for example an access grant to an application, request verification, request another biometric, transfer money or any other action determined by the service or application requiring authentication. Biometric client 106 then receives (step 320) a success/fail confirmation.


In another embodiment of the invention, software module 108 adjusts the required biometric modalities depending on the action requiring authentication. Software module 108 contains different programmed rules that determine which biometric modalities are required for different actions. For example, biometric client 106 may wish to transfer a small amount of money from their bank account to another account for which software module 108 determines that a single biometric modality is needed to authenticate the user and allow the transfer; however, if biometric client 106 wants to transfer a larger amount of money, software module 108 determines that additional biometric modalities are required for authentication.



FIG. 4 illustrates an authentication process 400 according to an embodiment of the invention. Here, the biometric modalities to be used are determined by the requested action. First, biometric client 106 requests (step 302) an action that require authentication. Software module 108 then identifies (step 304) which biometric client 106 is requesting action in order to identify biometric modalities supported by that biometric client 106. Software module 108 identifies (step 402) requested action and selects (step 308) biometrics based on programmed rules or logic that determine the level of security required to perform action. If none of the selected biometrics are available in biometric data cache 102 for biometric client 106, biometric client 106 is denied permission for action or is requested to enroll biometrics for the selected modality.


Software module 108 then requests (step 310) biometrics to biometric client 106. Biometric client 106 then captures (step 312) requested biometrics and sends them to software module 108. Software module 108 then requests (step 314) biometric verification to biometric matching engine 104. Biometric matching engine 104 compares the received biometrics against previously stored biometric templates in matching process 316. From the matching process 316, biometric scores are generated and returned to software module 108. The score returned serves as an indication that the individual authenticated is in fact who he/she claims to be. Software module 108 then analyzes the score and determines (step 318) a next step, if necessary. Next step can be any action programmatically determined, such as for example grant access to an application, request verification, request another biometric, transfer money or any other action determined by the service or application requiring authentication. Biometric client 106 then receives (step 320) a success/fail confirmation.


In another embodiment of the invention, software module 108 adjusts the required biometric thresholds depending on the action requiring authentication. Software module 108 includes different programmed rules or logic that may adjust biometric authentication thresholds based on the action requiring authentication. Biometric thresholds can be a range of scores that determine success or failure of the authentication process from the score returned in matching process 316. For example, the biometric scoring threshold for transferring a large sum of money in a banking environment could be adjusted substantially higher, while requesting a banking statement could require a substantially lower biometric scoring threshold. Software module 108 may also include programmed rules or logic for adjusting both biometric thresholds and modalities depending on the action requiring authentication. For example, the biometric scoring threshold for transferring a large sum of money in a banking environment could be adjusted substantially higher, while requiring additional biometric modalities also.


In another embodiment of the invention, software module 108 keeps historic data from previous authentication attempts. Software module 108 includes programmed rules or logic that adjusts biometric thresholds, modalities or both depending on historic data. For example, the biometric scoring threshold for transferring a large sum of money in a banking environment could be adjusted based on the alleged identity of the user of if the user has not attempted a large transfer before. In another example, a different biometric modality is selected if a user presents a history of continuous fails using certain biometric modality.


As an example of employing the present invention, system 100 is applied to a bank. A user previously enrolls in the system 100 and different biometrics templates are stored in biometric data cache 102 for future authentications. First biometric client 110 is a branch of the bank with support for iris biometrics. Second biometric client 112 is a branch ATM machine with support for fingerprint. Third biometric client 114 is the user's smartphone with support for voice and face biometrics. The user's smartphone comprises a bank application, e.g., a software app hosted by a financial institution. The user requests access to the application from second biometric client 112. Software module 108 identifies biometric modalities 304 supported by second biometric client 112. Software module 108 then requests an iris biometric from second biometric client 112 for authentication.


In another example, the user requests access to the application from third biometric client 114 via the bank application. Software module 108 identifies biometric modalities 304 supported by third biometric client 114. Software module 108 then compares supported biometrics for third biometric client 114 with the available enrolled biometrics for that user stored in biometric data cache 102. The user may only have voice biometric templates stored in biometric data cache 102; therefore software module 108 requests a voice biometric from third biometric client 114 for authentication.


In another example, the user requests access to the application from third biometric client 114. Software module 108 identifies biometric modalities 304 supported by third biometric client 114. Software module 108 then requests a voice biometric. A subsystem of software module 108 is communicatively coupled with third biometric client 114. The subsystem determines that voice is not appropriate for authentication (e.g., the user is in a loud environment) and suggests or request another biometric modality.


In yet another example, the user accesses the application from third biometric client 114. The user requests to transfer a large amount of money from their bank account. Software module 108 identifies biometric modalities 304 supported by third biometric client 114. Software module 108 then adjusts the required biometrics modalities to allow the transaction; therefore software module 108 may request a voice biometric and face biometrics from third biometric client 114 for authentication.


In yet another example, the user accesses the application from third biometric client 114. The user requests to transfer a large amount of money from their bank account. Software module 108 identifies biometric modalities 304 supported by third biometric client 114. Current thresholds for this type of transaction are typically set low for small amounts; however high amounts require higher thresholds to ensure security. Software module 108 then adjusts the thresholds of the biometric verification. Success or failure may be determined by matching process 316 using the adjusted thresholds.



FIG. 5 illustrates a situational biometric enrollment process 500 according to an embodiment of the invention. Situational biometric enrollment process 500 can be performed by system 100 or 200. The process 500 begins when biometric client 106 requests (step 502) an enrollment. Software module 108 then identifies (step 504) which biometric client 106 is requesting enrollment in order to identify biometric modalities supported by biometric client 106. For example, if biometric client 106 is using a device like a mobile phone that supports face (by taking a picture) and voice (by providing voice input through a microphone) software module 108 identifies both these supported modalities for that mobile phone.


Software module 108 then selects (step 506) biometrics depending on the identified biometric modalities available for that biometric client 106, and subsequently requests (step 508) biometrics required for the enrollment. Software module 108 also contains a set of programmed rules that select biometrics depending on other conditions such as selecting the most appropriate biometrics for specific applications.


Continuing the situational biometric enrollment process 500, biometric client 106 then captures (step 510) requested biometrics and sends them to software module 108. Software module 108 subsequently requests (step 512) biometric enrollment. Biometric matching engine 104 then enrolls (step 514) user information and biometric templates by storing biographic/demographic data along with the user's associated biometric templates in biometric data cache 102 for future authentication processes. In another embodiment of the invention, biographic and demographic data are also stored in separate data caches from biometric templates. Biometric client 106 then receives (step 520) a success/fail confirmation.



FIG. 6 illustrates a situational biometric enrollment process 600 according to another embodiment of the invention. Here, the biometric modalities to be used for enrollment are determined depending on the biometric modalities already enrolled for that user. In another embodiment of the invention, a user may already be enrolled in an application and requests to enroll a new modality. The process begins when biometric client 106 requests (step 502). Software module 108 identifies which biometric client 106 is requesting enrollment in order to identify (step 504) biometric modalities 304 supported by biometric client 106. Software module 108 then identifies (step 602) biometric modalities enrolled for that user. Software module 108 then compares (step 604) enrolled biometrics to supported biometrics in order to determine which modalities can be enrolled.


For example, if biometric client 106 is using a device like a mobile phone that supports face (by taking a picture) and voice (by providing voice input through a microphone), software module 108 identifies both of the supported modalities for the mobile phone and compares them to the biometric modalities enrolled for that user; software module 108 then verifies that voice has already been enrolled for that user, therefore selecting face for enrollment. If no new modalities can be enrolled, the process ends (step 606). If additional modalities can be enrolled, the process continues to request (step 508) biometrics. Biometric client 106 then captures (step 510) requested biometrics and sends them to software module 108. Software module 108 then requests (step 512) biometric enrollment. Biometric matching engine 104 then enrolls (step 514) user information and biometric templates by storing biographic/demographic data along with the user's associated biometric templates in biometric data cache 102 for future authentication processes. Alternatively, biographic and demographic data is stored in separate data caches from biometric templates. Biometric client 106 then receives (step 520) a success/fail confirmation.



FIG. 7 illustrates a situational biometric enrollment process 700 according to another embodiment of the invention. Here, the biometric thresholds for the biometric modalities are adjusted depending on the quality of the biometric capture. The process begins when biometric client 106 requests (step 502) an enrollment. Software module 108 then identifies (step 502) which biometric client 106 is requesting enrollment in order to identify (step 504) biometric modalities supported by biometric client 106. Software module 108 then selects (step 506) biometrics depending on the identified biometric modalities available for that biometric client 106 and requests (step 508) biometrics required for the enrollment. Biometric client 106 then captures (step 510) requested biometrics and sends them to software module 108. Software module 108 then analyzes (step 702) captured biometrics in order to determine if the quality of the captured biometrics are within a pre-determined threshold. If the captured biometrics from biometric client 106 are not within the pre-determined quality threshold, biometric client 106 is denied enrollment at which the process ends (step 606).


In another embodiment of the invention, software module 108 also contains a set of programmed rules to adjust enrollment thresholds 504 dynamically in order to accept biometric captures that are not within the first quality established threshold. For example, a user may be trying to enroll a voice biometric modality into a system while surrounded by a noisy environment, which affects the quality of the captured voice biometric. Software module 108 then adjusts the quality threshold in order to allow the voice biometric modality to be enrolled. Biometric matching engine 104 then enrolls user information and biometric templates 314 by storing biographic/demographic data along with the user's associated biometric templates in biometric data cache 102 for future authentication processes. Biometric client 106 may then receive a success/fail 320 confirmation.


Referring back to the bank application example, a user requests to enroll into the bank application using their smartphone. Biometric client 106 in this example is the smartphone. The smartphone in this example includes capture devices for voice and face. The bank application contains a software module 108 which determines that the enrollment request comes from a smart phone and that the supported biometrics are voice and face. The bank application requests captures for voice and face to biometric client 106. After voice and face biometrics are captured, the bank application store the user's demographic and biometric information in their respective databases for future authentications. The user is then informed of a successful enrollment through a user interface in their smartphone.


In another example, the user may have been previously enrolled in the bank application at a bank branch. The user may have enrolled biometric templates for fingerprint and face at the bank branch. The user requests to enroll a new biometric modality using their smartphone. The bank application contains a software module 108 which may then determine that the enrollment request comes from a smartphone and that the supported biometrics are voice and face. Software module 108 then verifies in biometric matching engine 104 what biometric modalities have already been enrolled for that user. Software module 108 then determines that face is already enrolled for that user but that voice may be added. The bank application the requests captures for voice. After voice is captured, the bank application stores the user's voice biometric in their respective databases and associates them to the user's demographic information for future authentications. The user is informed of a successful enrollment through a user interface in their smartphone.


In yet another example, a user requests to enroll into the bank application using their smartphone. The bank application contains a software module 108 which may then determine that the enrollment request comes from a smart phone and that the supported biometrics are voice and face. The bank application requests captures for voice and face to biometric client 106. After voice and face biometrics are captured, software module 108 then analyzes the captured biometrics and compares them to a pre-established biometric quality threshold. The quality for the voice captured biometric fails to be within the pre-established biometric quality threshold due to a noisy or loud environment. Software module 108 may take this into account and lower the pre-established biometric quality threshold in order to allow the enrollment of the voice biometric. After the adjustment of the biometric quality threshold, software module 108 analyzes the captured voice biometric and compares it to the new biometric quality threshold. If the captured voice biometric is within the new quality threshold, the bank application stores the user's demographic and biometric information in their respective databases for future authentications. The user is informed of a successful enrollment through a user interface in their smartphone.


One of ordinary skill in the art appreciates that the various illustrative logical blocks, modules, units, and algorithm steps described in connection with the embodiments disclosed herein can often be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular constraints imposed on the overall system Skilled persons can implement the described functionality in varying ways for each particular system, but such implementation decisions should not be interpreted as causing a departure from the scope of the invention. In addition, the grouping of functions within a unit, module, block, or step is for ease of description. Specific functions or steps can be moved from one unit, module, or block without departing from the invention.


The various illustrative logical blocks, units, steps and modules described in connection with the embodiments disclosed herein, and those provided in the accompanying documents, can be implemented or performed with a processor, such as a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor can be a microprocessor, but in the alternative, the processor can be any processor, controller, microcontroller, or state machine. A processor can also be implemented as a combination of computing devices, for example, a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.


The steps of a method or algorithm and the processes of a block or module described in connection with the embodiments disclosed herein can be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module can reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium. An exemplary storage medium can be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium can be integral to the processor. The processor and the storage medium can reside in an ASIC. Additionally, device, blocks, or modules that are described as coupled may be coupled via intermediary device, blocks, or modules. Similarly, a first device may be described a transmitting data to (or receiving from) a second device when there are intermediary devices that couple the first and second device and also when the first device is unaware of the ultimate destination of the data.


The invention has been described herein using specific embodiments for the purposes of illustration only. It will be readily apparent to one of ordinary skill in the art, however, that the principles of the invention can be embodied in other ways. Therefore, the invention should not be regarded as being limited in scope to the specific embodiments disclosed herein.

Claims
  • 1. A method for biometric authentication of a user across a plurality of devices, the method implemented on a computer processor and comprising: identifying, at the computer processor, an action request of the user of a first device of the plurality of devices;determining, at the computer processor, a dynamic security level associated with the identified action request of the user of the first device;determining, at the computer processor, a first set of one or more access biometric modalities supported by the first device;determining, at the computer processor, a second set of one or more enrollment biometric modalities that the user has enrolled at a second device of the plurality of devices, wherein the first device and second device are different devices, and wherein the first device and the second device are each configured to capture physical biometric data directly from the user;updating, at the computer processor in real time or near-real time, the dynamic security level based on information associated with the user and information associated with the identified action request;selecting, at the computer processor, based on the determined dynamic security level, a plurality of biometric modalities common to both the determined first set of one or more access biometric modalities supported by the first device and the determined second set of one or more enrollment biometric modalities that the user has enrolled at the second device;requesting, at the computer processor, a biometrics of the user for each one of the selected plurality of biometric modalities;receiving, at the computer processor, the biometrics of the user for each one of the selected plurality of biometric modalities;generating, at the computer processor, a biometric score for each one of the received biometrics that is compared to a respective biometric scoring threshold for each of the selected plurality of biometric modalities;determining to dynamic change, at the computer processor, based on the determined dynamic security level, the respective biometric scoring threshold for each one of the selected plurality of biometric modalities; anddetermining, at the computer processor, for each one of the selected number of biometric modalities, whether the respective generated biometric score exceeds the respective determined biometric scoring threshold for each of the selected plurality of biometric modalities.
  • 2. The method of claim 1, wherein the step of determining the dynamic security level is also based on location of the first device of the plurality of devices.
  • 3. The method of claim 1, wherein the step of determining the dynamic security level is also based on type of the first device of the plurality of devices.
  • 4. The method of claim 1, wherein the identified action request involves a monetary amount and the step of determining the dynamic security level is also based on the monetary amount.
  • 5. The method of claim 1, wherein the identified action request involves remote access to information and the step of determining the dynamic security level is also based on the information's sensitivity.
  • 6. The method of claim 1, further comprising granting the action request if, for each one of the selected plurality of biometric modalities, the respective generated biometric score exceeds the respective biometric scoring threshold based on the dynamic security level.
  • 7. The method of claim 1, wherein the step of determining the dynamic security level is also based on identity of the user.
  • 8. The method of claim 1, wherein the step of updating the dynamic security level further comprises increasing the dynamic security level.
  • 9. The method of claim 1, wherein the physical biometric data captured directly from the user is associated with a physical trait selected from the group consisting of voice, face, fingerprint, and iris.
  • 10. A method for biometric authentication of a user across a plurality of devices, the method implemented on a computer processor and comprising: receiving, at the computer processor, identification of an action request of a user of a first device of the plurality of devices;determining, at the computer processor, a dynamic security level associated with the received identification of the action request;updating, at the computer processor, the dynamic security level based on information associated with the user;determining, at the computer processor, a first set of a plurality of different biometric modalities supported by the first device of the plurality of devices;determining, at the computer processor, a second set of a plurality of different biometric modalities that the user has enrolled at a second device of the plurality of devices, wherein the first device and the second device are different devices, and wherein the first device and the second device are each configured to capture physical biometric data directly from the user;determining, at the computer processor, based on the determined dynamic security level associated with the received identification of the action request, a third set of a plurality of biometric modalities required for authentication of the user, wherein the third set of the plurality of biometric modalities are common to both the determined first set of the plurality of biometric modalities supported by the first device and the determined second set of the plurality of biometric modalities that the user has enrolled at the second device;receiving, at the computer processor, biometric data, captured at the first device, for each biometric modality in the third set of the plurality of biometric modalities required for authentication of the user;generating, at the computer processor, a biometric score for the received biometric data that is compared to a respective biometric scoring threshold associated with each biometric modality in the third set of the plurality of biometric modalities;determining to dynamic change, at the computer processor, based on the determined dynamic security level, the respective biometric scoring threshold for each biometric modality in the third set of the plurality of biometric modalities; anddetermining, at the computer processor, for each biometric modality in the third set of the plurality of biometric modalities, whether the respective generated biometric score exceeds the respective determined biometric scoring threshold for each of the determined biometric modality in the third set of the plurality of biometric modalities.
  • 11. The method of claim 10, wherein the step of determining the dynamic security level is also based on location of the first device of the plurality of devices.
  • 12. The method of claim 10, wherein the step of determining the dynamic security level is also based on type of the first device of the plurality of devices.
  • 13. The method of claim 10, wherein the identified action request involves a monetary amount and the step of determining the dynamic security level is also based on the monetary amount.
  • 14. The method of claim 10, wherein the identified action request involves access to information and the step of determining the dynamic security level is also based on type of the information.
  • 15. The method of claim 10, further comprising granting the action request if, for each biometric modality in the third set of one of the selected number of biometric modalities, the respective generated biometric score exceeds the respective biometric scoring threshold.
  • 16. The method of claim 10, wherein the step of determining the dynamic security level is also based on identity of the user.
  • 17. The method of claim 10, wherein the step of updating the dynamic security level further comprises increasing the dynamic security level.
  • 18. The method of claim 10, wherein the physical biometric data captured directly from the user is associated with a physical trait selected from the group consisting of voice, face, fingerprint, and iris.
CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims priority to U.S. Provisional Patent Application No. 61/812,599, filed on Apr. 16, 2013, and entitled “System for Conditional and Situational Biometric Authentication,” and U.S. Provisional Patent Application No. 61/812,624, filed on Apr. 16, 2013, and entitled “System for Conditional and Situational Biometric Enrollment,” the disclosures of all of which are herein incorporated by reference in their entirety.

US Referenced Citations (146)
Number Name Date Kind
5704029 Wright, Jr. Dec 1997 A
5930804 Yu Jul 1999 A
5963136 O'Brien Oct 1999 A
6014427 Hanson et al. Jan 2000 A
6095985 Raymond et al. Aug 2000 A
6112049 Sonnenfeld Aug 2000 A
6138158 Boyle et al. Oct 2000 A
6219694 Lazaridis et al. Apr 2001 B1
6256666 Singhal Jul 2001 B1
6298231 Heinz Oct 2001 B1
6333973 Smith et al. Dec 2001 B1
6463462 Smith et al. Oct 2002 B1
6463464 Lazaridis et al. Oct 2002 B1
6487401 Suryanarayana et al. Nov 2002 B2
6594349 Fortman Jul 2003 B2
6610105 Martin, Jr. et al. Aug 2003 B1
6631400 DiStefano, III Oct 2003 B1
6721578 Minear et al. Apr 2004 B2
6767211 Hall et al. Jul 2004 B2
6769009 Reisman Jul 2004 B1
6807254 Guedalia et al. Oct 2004 B1
6826614 Hanmann et al. Nov 2004 B1
6873688 Aarnio Mar 2005 B1
6889054 Himmel et al. May 2005 B2
6898569 Bansal et al. May 2005 B1
6961327 Niu Nov 2005 B2
6968178 Pradhan et al. Nov 2005 B2
6978118 Vesikivi et al. Dec 2005 B2
6987945 Corn et al. Jan 2006 B2
7002476 Rapchak Feb 2006 B2
7058036 Yu et al. Jun 2006 B1
7076244 Lazaridis et al. Jul 2006 B2
7113977 Baker et al. Sep 2006 B1
7133506 Smith Nov 2006 B1
7254619 Mekata Aug 2007 B2
7287689 Tidwell Oct 2007 B2
7293019 Dumais et al. Nov 2007 B2
7512567 Bemmel Mar 2009 B2
8122259 Menczel Feb 2012 B2
8255698 Li Aug 2012 B2
8301897 Turner Oct 2012 B2
8584219 Toole Nov 2013 B1
8694315 Sheets Apr 2014 B1
8768249 Avadhanam Jul 2014 B2
8826030 White Sep 2014 B2
8887259 Harding Nov 2014 B1
9100825 Schultz Aug 2015 B2
9430629 Ziraknejad Aug 2016 B1
20010037264 Husemann et al. Nov 2001 A1
20010047294 Rothschild Nov 2001 A1
20010054108 Lincoln et al. Dec 2001 A1
20020006793 Kun-Szabo et al. Jan 2002 A1
20020006826 Hansted Jan 2002 A1
20020015403 McConnell et al. Feb 2002 A1
20020021696 Minborg Feb 2002 A1
20020032595 Hundscheidt et al. Mar 2002 A1
20020034292 Tuoriniemi et al. Mar 2002 A1
20020052198 Savilaakso May 2002 A1
20020052841 Guthrie et al. May 2002 A1
20020054090 Silva et al. May 2002 A1
20020055872 LaBrie et al. May 2002 A1
20020057678 Jiang et al. May 2002 A1
20020065097 Brockenbrough et al. May 2002 A1
20020077076 Suryanarayana et al. Jun 2002 A1
20020077080 Greene Jun 2002 A1
20020077876 O'Meara et al. Jun 2002 A1
20020083127 Agrawal Jun 2002 A1
20020087596 Lewontin Jul 2002 A1
20020087643 Parsons et al. Jul 2002 A1
20020091797 Wallenius et al. Jul 2002 A1
20020095465 Banks et al. Jul 2002 A1
20020099544 Levitt et al. Jul 2002 A1
20020099545 Levitt et al. Jul 2002 A1
20020107002 Duncan et al. Aug 2002 A1
20020107985 Hwang et al. Aug 2002 A1
20020115456 Narinen et al. Aug 2002 A1
20020119793 Hronek et al. Aug 2002 A1
20020123335 Luna et al. Sep 2002 A1
20020126708 Skog et al. Sep 2002 A1
20020128001 Shuttleworth Sep 2002 A1
20020137525 Fleischer et al. Sep 2002 A1
20020141560 Khayatan et al. Oct 2002 A1
20020142763 Kolsky Oct 2002 A1
20020145043 Challa et al. Oct 2002 A1
20020155848 Suryanarayana Oct 2002 A1
20020159569 Hasegawa Oct 2002 A1
20020169604 Damiba et al. Nov 2002 A1
20020169605 Damiba et al. Nov 2002 A1
20020169611 Guerra et al. Nov 2002 A1
20020169613 Damiba Nov 2002 A1
20020169614 Fitzpatrick et al. Nov 2002 A1
20020173961 Guerra Nov 2002 A1
20020174068 Marsot Nov 2002 A1
20020174248 Morriss Nov 2002 A1
20020176379 Wallenius et al. Nov 2002 A1
20020184033 Fitzpatrick et al. Dec 2002 A1
20020184391 Phillips Dec 2002 A1
20020186845 Dutta et al. Dec 2002 A1
20020187775 Corrigan et al. Dec 2002 A1
20020188443 Reddy et al. Dec 2002 A1
20020188451 Guerra et al. Dec 2002 A1
20020188714 Bouthors Dec 2002 A1
20020191795 Wills Dec 2002 A1
20020193997 Fitzpatrick et al. Dec 2002 A1
20020194331 Lewis et al. Dec 2002 A1
20030003898 Banerjee et al. Jan 2003 A1
20030006912 Brescia Jan 2003 A1
20030013433 alSafadi Jan 2003 A1
20030115152 Flaherty Jun 2003 A1
20030142039 Minear et al. Jul 2003 A1
20040034544 Fields et al. Feb 2004 A1
20040148526 Sands Jul 2004 A1
20040254836 Emoke Barabas et al. Dec 2004 A1
20060021003 Fisher Jan 2006 A1
20060031337 Kim Feb 2006 A1
20060075019 Donovan et al. Apr 2006 A1
20060163344 Nwosu Jul 2006 A1
20060179072 Eves et al. Aug 2006 A1
20060240851 Washburn Oct 2006 A1
20060256130 Gonzalez Nov 2006 A1
20070050636 Menczel Mar 2007 A1
20070100648 Borquez et al. May 2007 A1
20070150745 Peirce Jun 2007 A1
20080072056 Turner Mar 2008 A1
20080101658 Ahern May 2008 A1
20090289760 Murakami Nov 2009 A1
20100005518 Tirpak Jan 2010 A1
20100162386 Li Jun 2010 A1
20100174914 Shafir Jul 2010 A1
20100176916 Baucom Jul 2010 A1
20100228692 Guralnik Sep 2010 A1
20100245042 Tsubaki Sep 2010 A1
20110083173 Baghdasaryan Apr 2011 A1
20110211735 Langley Sep 2011 A1
20110231911 White Sep 2011 A1
20120268241 Hanna Oct 2012 A1
20130132091 Skerpac May 2013 A1
20130133049 Peirce May 2013 A1
20130212655 Hoyos Aug 2013 A1
20130259330 Russo Oct 2013 A1
20130267204 Schultz Oct 2013 A1
20140023246 Bolding Jan 2014 A1
20140172707 Kuntagod Jun 2014 A1
20140230033 Duncan Aug 2014 A1
20150035643 Kursun Feb 2015 A1
20150220716 Aronowitz Aug 2015 A1
Foreign Referenced Citations (2)
Number Date Country
02087267 Oct 2002 WO
03015430 Feb 2003 WO
Related Publications (1)
Number Date Country
20140313007 A1 Oct 2014 US
Provisional Applications (2)
Number Date Country
61812599 Apr 2013 US
61812624 Apr 2013 US