Claims
- 1. A method for authentication using biometrics, the method comprising:
associating an alias for an individual with a reference set of biometric data from the individual; storing, at a location separate from the reference set of biometric data, information associating the individual with the alias; receiving an authentication request requesting authentication of a user identified by the alias; receiving a candidate set of biometric data from the user; and if the candidate set of biometric data sufficiently matches the reference set of biometric data, confirming authentication of the user as the registered individual.
- 2. The method of claim 1 further comprising transmitting to the user a data request for the candidate set of biometric data, the data request including an identifying characteristic, wherein the confirming step comprises:
if the candidate set of biometric data includes the identifying characteristic and sufficiently matches the reference set of biometric data, confirming to the application server authentication of the user as the registered individual.
- 3. The method of claim 2 further comprising:
generating the identifying characteristic including a public key; generating a private key corresponding to the public key; and encrypting the data request using the private key.
- 4. The method of claim 2 further comprising generating the identifying characteristic having a limited validity lifetime.
- 5. The method of claim 2 further comprising generating the identifying characteristic including a random identifier.
- 6. The method of claim 2 further comprising generating the identifying characteristic including a time identifier.
- 7. The method of claim 2 further comprising destroying the identifying characteristic after completion of the confirming step.
- 8. The method of claim 1 further comprising, if authentication of the user is confirmed, updating the reference set of biometric data using the candidate set of biometric data.
- 9. The method of claim 1 further comprising transmitting, by a first server, the authentication request to a second server, wherein the second server performs the confirming step.
- 10. The method of claim 1 further comprising encrypting the reference set of biometric data using a predetermined function based at least in part on the alias.
- 11. The method of claim 9 wherein the encrypting step comprises morphing the reference set of biometric data using a predetermined function based at least in part on the alias.
- 12. The method of claim 1 further comprising, if security is compromised, encrypting the reference set of biometric data using a second function based at least in part on the alias.
- 13. The method of claim 11 wherein the encrypting step comprises, if security is compromised, morphing the reference set of biometric data using a second function based at least in part on the alias.
- 14. A system for authentication using biometrics, the system comprising:
an application server including:
an alias database module configured to store information associating an individual with an alias; and an authentication server including:
a biometric database module associating the alias for the individual with a reference set of biometric data from the individual, a transceiver module configured to i) receive an authentication request requesting authentication of a user identified by the alias and ii) to receive a candidate set of biometric data from the user, and a comparison module configured to determine if the candidate set of biometric data sufficiently matches the reference set of biometric data and, if so, to generate a confirmation of authentication of the user as the registered individual.
- 15. The application server of claim 14 further comprising a transceiver module configured to transmit an authentication request requesting authentication of a user identified by the alias, the application server being in communication with the authentication server over a network.
- 16. The authentication server of claim 14 further comprising an identifying characteristic generator module configured to generate an identifying characteristic to be transmitted with a user data request for the candidate set of biometric data, wherein the comparison module is further configured to determine if the candidate set of biometric data includes the identifying characteristic.
- 17. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to generate the identifying characteristic including a public key, to generating a private key corresponding to the public key, and to encrypt the user data request using the private key.
- 18. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to generate the identifying characteristic having a limited validity lifetime.
- 19. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to generate the identifying characteristic including a random identifier.
- 20. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to generate the identifying characteristic including a time identifier.
- 21. The authentication server of claim 16 wherein the identifying characteristic generator module is further configured to destroy the identifying characteristic after completion of the confirming step.
- 22. The authentication server of claim 14 wherein the biometric database module is further configured to update, if authentication of the user is confirmed, the reference set of biometric data using the candidate set of biometric data.
- 23. The authentication server of claim 14 wherein the biometric database module is further configured to encrypt the reference set of biometric data using a predetermined function based at least in part on the alias.
- 24. The authentication server of claim 14 wherein the biometric database module is further configured to morph the reference set of biometric data using a predetermined function based at least in part on the alias.
- 25. The authentication server of claim 14 wherein the biometric database module is further configured to encrypt, if security is compromised, the reference set of biometric data using a second function based at least in part on the alias.
- 26. The authentication server of claim 14 wherein the biometric database module is further configured to morph, if security is compromised, the reference set of biometric data using a second function based at least in part on the alias.
- 27. The system of claim 14 further configured comprising:
a client including:
a plug-in configured to receive a request for the candidate set of biometric data, to obtain the candidate set of biometric data for the user of the client and to transmit the candidate set of biometric data in response to the request.
- 28. A method of organizing authentication information within a storage space, the method comprising the steps of:
partitioning the storage space into a plurality of realms, each realm containing a set of subscriber profiles, each subscriber profile comprising an alias associated with a respective subscriber and a reference set of biometric data from that respective subscriber; storing, at a location separate from the storage space, information associating the identity of the alias with the respective subscriber; partitioning each realm into a plurality of vaults; associating each subscriber with at least one vault; partitioning each vault into at least one folder, each folder containing protected data and being accessible only to one or more subscribers associated with the vault; and according access to the vault and the folders therein only upon presentation of i) the alias of a subscriber associated with the vault and ii) a candidate set of biometric data sufficiently matching the reference set of the biometric data corresponding to the alias.
- 29. The method of claim 28 further comprising transmitting a data request for the candidate set of biometric data, the data request including an identifying characteristic, wherein the according access step comprises:
according access to the vault and the folders therein only upon presentation of i) the alias of a subscriber associated with the vault, ii) the identifying characteristic and iii) a candidate set of biometric data sufficiently matching the reference set of the biometric data corresponding to the alias.
- 30. An article of manufacture having computer-readable program portions embodied therein for authentication using biometrics, the article comprising:
a computer-readable program portion for associating an alias for an individual with a reference set of biometric data from the individual; a computer-readable program portion for storing, at a location separate from the reference set of biometric data, information associating the individual with the alias; a computer-readable program portion for receiving an authentication request requesting authentication of a user, the user identified by the alias; a computer-readable program portion for receiving a candidate set of biometric data from the user; and a computer-readable program portion for confirming authentication of the user as the registered individual if the candidate set of biometric data sufficiently matches the reference set of biometric data.
- 31. The article of claim 30 further comprising:
a computer-readable program portion for transmitting to the user a data request for the candidate set of biometric data, the data request including an identifying characteristic, and wherein the computer-readable program portion for confirming authentication comprises:
a computer-readable program portion for confirming authentication of the user as the registered individual if the candidate set of biometric data includes the identifying characteristic and sufficiently matches the reference set of biometric data.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application claims the benefit of and priority to the co-pending U.S. Provisional Application, Serial No. 60/291,900, filed May 18, 2001, entitled “Network-Based Biometric Authentication,” the entirety of which is incorporated herein by reference.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60291900 |
May 2001 |
US |