Methods and systems for managing network activity using biometrics
US-2016269402-A1 · Sep 15, 2016 · US
Biometric electronic signature tokens
US10277400B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-10277400-B1 |
| Application number | US-201615299308-A |
| Country | US |
| Kind code | B1 |
| Filing date | Oct 20, 2016 |
| Priority date | Oct 20, 2016 |
| Publication date | Apr 30, 2019 |
| Grant date | Apr 30, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The methods and system allow for the generation of a biometric electronic signature token using a subsequent biometric sample after an enrollment of a biometric reference value in a biometric system. The biometric electronic signature token is such that the data would be signed data, cryptographic message type, to package this signature, providing two authentication factors: the possession of the private key associated with the public/private key pair used to sign the signed data and the biometric sample of the user that could be matched against the template. The process allows a signing party to enroll in a biometric service, sign a piece of data or content using a public key, that may be tied to a trusted anchor certificate authority, and submit a biometric sample. Subsequently, the relying party may validate the information on that piece of data or content to confirm the identity of the signing party.
First claim
Opening claim text (preview).
What is claimed: 1. A method comprising: tokenizing, by a computing system, a biometric sample captured from a user to generate a tokenized biometric sample; digitally signing, by the computing system, each of a hash of a record and the tokenized biometric sample with a private key associated with the user to generate a digitally signed hash of the record and the tokenized biometric sample; generating, by the computing system, a hash on the tokenized biometric sample; and retrieving, by the computing system, a time stamp token, the time stamp token including the hash on the tokenized biometric sample cryptographically bound to a time stamp, wherein the time stamp token is subsequently validated; storing, by the computing system, the digitally signed hash of the record and the tokenized biometric sample at a location on a repository; and generating, by the computing system, a digital message, the digital message comprising the record and an attribute associated with the location of the repository, wherein authenticity and data integrity of the record can be determined by retrieving the digitally signed hash of the record and the tokenized biometric sample at the location identified in the digital message and based on each of the digitally signed record, the tokenized biometric sample, and a public key of a public/private key pair including the private key, and wherein an identity of the user may be validated by detokenizing the tokenized biometric sample and matching the detokenized tokenized biometric sample with a biometric reference template associated with the user. 2. The method of claim 1 , wherein the time stamp token is a trusted time stamp token. 3. The method of claim 1 wherein validity of the digital signature is determined by: verifying that the public key is associated with the user; verifying that the digitally signed time stamp token was signed with the public key; generating a hash on the tokenized biometric sample; and verifying that the time stamp token was generated using the hash. 4. The method of claim 3 , wherein verifying that the public key is associated with the user includes a certificate validation. 5. The method of claim 1 , wherein identity of the user is authenticated by: detokenizing the tokenized biometric sample to obtain the biometric sample; matching the biometric sample to a biometric reference template associated with a registered identity; and verifying that the registered identity matches the user. 6. The method of claim 1 , wherein digitally signing includes an extension to a certificate issued to the user, the extension including information related to the user and the public/private key pair. 7. The method of claim 1 , wherein tokenizing the data further includes: transmitting, by the computing system, the biometric sample to a tokenization service provider; and receiving, by the computing system from the tokenization service provider, the tokenized biometric sample. 8. The method of claim 6 , wherein digitally signing includes an extension identifying the tokenization service provider that generated the tokenized biometric sample. 9. The method of claim 1 , wherein digitally signing the message is accomplished using SignedData cryptographic message syntax to generate a SignedData message. 10. The method of claim 9 , wherein a bundled certificate extension includes a signed attribute bound to the SignedData message, the bundled certificate extension including a certificate issuer and a certificate identifier. 11. The method of claim 1 , further comprising: receiving, by the computing system, the tokenized biometric sample and an authentication request, wherein the authentication request is associated with the digitally signed message and has been verified using the public key; and generating, by the computing system, a confirmation verification, the confirmation verification including a match value for the biometric sample and a biometric reference of the user, the match value generating using a biometric matching process. 12. A system comprising: a storage device comprising a plurality of biometric reference templates; an authentication server system, the authentication server system comprising a processor and instructions stored in non-transitory machine-readable media, the instructions configured to cause the server system to: enroll a biometric reference template for a signer; generate a digital message, the digital message comprising a record and an attribute associated with a location of a repository; and generate an electronic signature, wherein generating the electronic signature comprises: associating the record with the electronic signature; establishing an asymmetric key pair, the asymmetric key pair including a public and private key pair; receiving a biometric sample captured from the signer; tokenizing the biometric sample to generate a tokenized biometric sample; generating, by the computing system, a hash on the tokenized biometric sample; retrieving, by the computing system, a time stamp token, the time stamp token including the hash on the tokenized biometric sample cryptographically bound to a time stamp, wherein the time stamp token is subsequently validated; digitally signing a signature message with the private key, the signature message including the tokenized biometric sample and the record, wherein authenticity and data integrity of the record can be determined by retrieving the digitally signed hash of the record and the tokenized biometric sample at the location identified in the digital message and based on each of the digitally signed record, the tokenized biometric sample, and a public key of a public/private key pair including the private key, and wherein an identity of the user may be validated by detokenizing the tokenized biometric sample and matching the detokenized tokenized biometric sample with the biometric reference template; and storing the signature message at the location on the repository. 13. The system of claim 12 , wherein the time stamp token is a trusted time stamp token. 14. The system of claim 12 , wherein the instructions are further configured to cause the server system to generate a hash of the message; and wherein digitally signing the message with the private key includes generating a digital signature using the hash of the message. 15. The system of claim 12 , wherein digitally signing includes an extension to a certificate issued to the signer, the extension including information related to the user and the record. 16. The system of claim 12 , wherein digitally signing the message is accomplished using SignedData cryptographic message syntax to generate a SignedData message. 17. The system of claim 16 , wherein a bundled certificate extension is a signed attribute bound to the SignedData message, the bundled certificate extension including a certificate issuer and a certificate identifier. 18. The system of claim 12 , wherein the instructions are further configured to cause the server system to: transmit the biometric sample to a tokenization service provider; and receive, from the tokenization service provider, the tokenized biometric sample. 19. The system of claim 12 , wherein digitally signing includes an extension identifying the tokenization service provider that generated the tokenized biometric sample. 20. The system of claim 12 , wherein the instructions are further configured to cause the server system to: receive the tokenized biometric sample and an authe
Assignees
Inventors
Classifications
involving digital signatures · CPC title
- H04L9/3231Primary
Biological data, e.g. fingerprint, voice or retina (network architectures or network communication protocols for supporting authentication of entities using biometrical features in a packet data network H04L63/0861) · CPC title
using cryptographic hash functions · CPC title
using a plurality of keys or algorithms · CPC title
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10277400B1 cover?
- The methods and system allow for the generation of a biometric electronic signature token using a subsequent biometric sample after an enrollment of a biometric reference value in a biometric system. The biometric electronic signature token is such that the data would be signed data, cryptographic message type, to package this signature, providing two authentication factors: the possession of t…
- Who is the assignee on this patent?
- Wells Fargo Bank Na
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3231. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 30 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).