Network of biometrically secure devices with enhanced privacy protection
US-9619804-B1 · Apr 11, 2017 · US
Protection and verification of user authentication credentials against server compromise
US10277591B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10277591-B2 |
| Application number | US-201816019114-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 26, 2018 |
| Priority date | Jun 1, 2016 |
| Publication date | Apr 30, 2019 |
| Grant date | Apr 30, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Authenticating a user is provided. A decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device is received during authentication. Encrypted authentication credential data corresponding to the user is decrypted using the received decryption key corresponding to the authentication account of the user. The decrypted authentication credential data is compared with the received authentication credential data to authenticate the user of the client device.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for authenticating a user, the computer-implemented method comprising: processing, by a computer, an authentication credential data to generate a biometric template in response to the authentication credential data being a biometric sample obtained from the user by a client device; encrypting, by the computer, the authentication credential data using a data encryption key generated by the client device; storing, by the computer, the encrypted authentication credential data as a credential blob in a user authentication account corresponding to the user; receiving, by the computer, a data decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device during authentication; decrypting, by the computer, the encrypted authentication credential data corresponding to the user using the received data decryption key; comparing, by the computer, the decrypted authentication credential data with the received authentication credential data to authenticate the user of the client device; and deleting, by the computer, the received data decryption key, the received authentication credential data, and any unencrypted credential data corresponding to the authentication account of the user. 2. The computer-implemented method of claim 1 , wherein the data decryption key and the authentication credential data are received from the client device, and further comprising: determining, by the computer, whether the decrypted authentication credential data received by the client device matches the received authentication credential data. 3. The computer-implemented method of claim 2 further comprising: responsive to the computer determining that the decrypted authentication credential data does match the received authentication credential data, verifying, by the computer, the user as authentic; and allowing, by the computer, the authentication of the verified user. 4. The computer-implemented method of claim 2 further comprising: responsive to the computer determining that the decrypted authentication credential data does not match the received authentication credential data, rejecting, by the computer, the user as non-authentic; and denying, by the computer, the authentication of the rejected user. 5. The computer-implemented method of claim 1 , wherein the credential blob includes an expiry date, and wherein the expiry date is a time when information contained in the credential blob expires such that the credential blob includes both encrypted and unencrypted data. 6. The computer-implemented method of claim 1 further comprising: receiving, by the computer, a request from the client device to delete the authentication account of the user; and deleting, by the computer, the authentication account from a storage device of the computer. 7. The computer-implemented method of claim 1 further comprising: receiving, by the computer, an encrypted decryption key from a first client device to transfer the encrypted encryption key to a second client device; receiving, by the computer, a request from the second client device for the encrypted decryption key corresponding to the first client device; and sending, by the computer, the encrypted decryption key corresponding to the first client device to the second client device, wherein the second client device decrypts the encrypted decryption key corresponding to the first client device using a private key corresponding to a public key of the second client device used to encrypt the encrypted decryption key on the first client device. 8. The computer-implemented method of claim 1 , wherein the authentication credential data obtained from the user during the authentication comprises a password and a biometric sample of the user. 9. A computer system for authenticating a user, the computer system comprising: a bus system; a storage device connected to the bus system, wherein the storage device stores program instructions; and a processor connected to the bus system, wherein the processor executes the program instructions to: process an authentication credential data to generate a biometric template in response to the authentication credential data being a biometric sample obtained from the user by a client device; encrypt the authentication credential data using a data encryption key generated by the client device; store the encrypted authentication credential data as a credential blob in a user authentication account corresponding to the user; receive a data decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device during authentication; decrypt encrypted authentication credential data corresponding to the user using the received data decryption key; compare the decrypted authentication credential data with the received authentication credential data to authenticate the user of the client device; and delete, by the computer, the received data decryption key, the received authentication credential data, and any unencrypted credential data corresponding to the authentication account of the user. 10. The computer system of claim 9 , wherein the data decryption key and the authentication credential data are received from the client device, and wherein the processor further executes the program instructions to: determine whether the decrypted authentication credential data received by the client device matches the received authentication credential data. 11. The computer system of claim 10 , wherein the processor further executes the program instructions to: verify the user as authentic in response to determining that the decrypted authentication credential data does match the received authentication credential data; and allow the authentication of the verified user. 12. The computer system of claim 10 , wherein the processor further executes the program instructions to: reject the user as non-authentic in response to determining that the decrypted authentication credential data does not match the received authentication credential data; and deny the authentication of the rejected user. 13. A computer program product for authenticating a user, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising: processing, by the computer, an authentication credential data to generate a biometric template in response to the authentication credential data being a biometric sample obtained from the user by a client device; encrypting, by the computer, the authentication credential data using a data encryption key generated by the client device; storing, by the computer, the encrypted authentication credential data as a credential blob in a user authentication account corresponding to the user; receiving, by the computer, a data decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device during authentication; decrypting, by the computer, the encrypted authentication credential data corresponding to the user using the received data decryption key; comparing, by the computer, the decrypted authentication credential data with the received authentication credential data to authenticate the user of the client device; and deleting, by the computer, the received
Assignees
Inventors
Classifications
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
- H04L63/0861Primary
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption (cryptographic mechanisms or cryptographic arrangements using a plurality of keys or algorithms H04L9/14) · CPC title
on a serial bus, e.g. I2C bus, SPI bus (on daisy chain buses G06F13/4247) · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10277591B2 cover?
- Authenticating a user is provided. A decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device is received during authentication. Encrypted authentication credential data corresponding to the user is decrypted using the received decryption key corresponding to the authentication account…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0861. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 30 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).