Enterprise Authentication Via Third Party Authentication Support
US-2015381621-A1 · Dec 31, 2015 · US
Network of biometrically secure devices with enhanced privacy protection
US9619804B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9619804-B1 |
| Application number | US-201615072252-A |
| Country | US |
| Kind code | B1 |
| Filing date | Mar 16, 2016 |
| Priority date | Mar 16, 2016 |
| Publication date | Apr 11, 2017 |
| Grant date | Apr 11, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various methods and devices that involve biometrically secured networked devices with enhanced privacy protection are disclosed. For example, a computer-implemented method for onboarding a first biometrically secured device to a network is disclosed. The method comprises generating an asymmetric key pair, transmitting the public key to a second device, and receiving an encrypted master encryption key from the second device. The master key is encrypted with the public key. The method also comprises decrypting the encrypted master encryption key using the private key and receiving an encrypted set of biometric data. The encrypted set of biometric data is a set of biometric data that is encrypted with the master encryption key. The method also comprises storing the set of biometric data on a memory of the first device. The set of biometric data uniquely identifies at least two users that are registered to use both the first and second devices.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for onboarding a third biometrically secured point of sale device to a network comprising: generating, using a secure execution environment on a first biometrically secured point of sale device, an asymmetric key pair, wherein the asymmetric key pair includes a private key and a public key; transmitting the public key to a second biometrically secured point of sale device; receiving an encrypted master encryption key from the second biometrically secured point of sale device, wherein the encrypted master encryption key is a master encryption key that is encrypted with the public key; decrypting, using the secure execution environment and the private key, the encrypted master encryption key; receiving an encrypted set of biometric data, wherein the encrypted set of biometric data is a set of biometric data that is encrypted with the master encryption key; storing the set of biometric data on a memory of the first biometrically secured point of sale device; receiving a second public key from a second asymmetric key pair, wherein the second asymmetric key pair includes a second private key and the second public key, and wherein the second asymmetric key pair is generated using a second secure execution environment on the third biometrically secured point of sale device; encrypting, using the secure execution environment and the second public key, the encrypted master encryption key; transmitting a second encrypted master encryption key to the third biometrically secured point of sale device, wherein the second encrypted master encryption key is the master encryption key that is encrypted with the second public key; and transmitting the encrypted set of biometric data to the third biometrically secured point of sale device, wherein the encrypted set of biometric data is a set of biometric data that is encrypted with the master encryption key; wherein the set of biometric data uniquely identifies at least two users that are registered to use the first, second and third biometrically secured point of sale devices. 2. The computer-implemented method from claim 1 , further comprising: receiving, at the first biometrically secured point of sale device, a biometric login request; comparing, using the secure execution environment, data from the biometric login request with data from the set of biometric data; and authorizing access to the first biometrically secured point of sale device based on the comparison step; wherein the first biometrically secured point of sale device includes a standard execution environment for instantiating an operating system on the first biometrically secured point of sale device; wherein the storing step includes writing the set of biometric data to the memory using the secure execution environment; and wherein the memory is only addressable by the secure execution environment and is not addressable by the standard execution environment. 3. The computer-implemented method from claim 1 , further comprising: storing, in a database, a device identifier in association with an owner challenge response; storing, in nonvolatile memory on the first biometrically secured point of sale device, the device identifier; receiving, at a server, the device identifier from the first biometrically secured point of sale device; receiving, at the server from the first biometrically secured point of sale device, the owner challenge response; receiving the owner challenge response from the first biometrically secured point of sale device; and creating a key pair for communication between the server and the first biometrically secured point of sale device after and in response to receiving the owner challenge response from the first biometrically secured point of sale device at the server. 4. The computer-implemented method from claim 1 , further comprising: receiving, at a server, the encrypted set of biometric data from the second biometrically secured point of sale device; receiving, at the server, the public key from the first biometrically secured point of sale device; transmitting, from the server, the public key to the second biometrically secured point of sale device; receiving, at the server, the encrypted master encryption key from the second biometrically secured point of sale device; transmitting, from the server, the encrypted master encryption key to the first biometrically secured point of sale device; and transmitting, from the server, the encrypted set of biometric data to the first biometrically secured point of sale device. 5. The computer-implemented method from claim 4 , further comprising: storing, in a database and using the server, the encrypted set of biometric data after receiving the encrypted set of biometric data from the second biometrically secured point of sale device; receiving, at the first biometrically secured point of sale device, a new biometric data element; encrypting, using the secure execution environment and the master encryption key, the new biometric data element to form a new encrypted biometric data element, transmitting, from the first biometrically secured point of sale device, the new encrypted biometric data element to the server; and storing, in the database and using the server, the new encrypted biometric data element with the encrypted set of biometric data. 6. The computer-implemented method from claim 5 , further comprising: pushing, using the server, the new encrypted biometric data element to the second biometrically secured point of sale device. 7. The computer-implemented method from claim 5 , wherein: the new biometric data element is received via a touch screen on the first biometrically secured point of sale devices; the encrypted set of biometric data is stored in the database in association with a merchant identifier; and the merchant identifier uniquely identifies an owner of the first and second biometrically secured point of sale devices. 8. A system for administrating access to a set of at least three biometrically secured point of sale devices comprising: a first biometrically secured point of sale device including a secure execution environment and a first memory storing instructions to generate an asymmetric key pair, wherein the asymmetric key pair includes a private key and a public key; a second biometrically secured point of sale device including a second secure execution environment and a second memory storing instructions to: (i) generate a second asymmetric key pair, wherein the second asymmetric key pair includes a second private key and a second public key; (ii) receive the public key from the first biometrically secured point of sale device; and (iii) encrypt a first master encryption key with the public key to produce a first encrypted master encryption key; a third biometrically secured point of sale device including a third memory storing instructions to: (i) receive the second public key from the second biometrically secured point of sale device; and (ii) encrypt the first master encryption key with the second public key to produce a second encrypted master encryption key; and a server that stores an encrypted set of biometric data in a database, wherein the encrypted set of biometric data is: (i) a set of biometric data that is encrypted with the first master encryption key; and (ii) received from the third biometrically secured point of sale device; wherein the first memory also stores instructions to: (i) decrypt the first encrypted master encryption key using the private key; and (ii) decrypt the encrypted set of biometric data using the first master encryption key; wherein the second memory also stores instructions to: (i) decrypt the second encrypted m
Assignees
Inventors
Classifications
Point-of-sale [POS] network systems · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
Electronic credentials · CPC title
- G06Q20/40145Primary
Biometric identity checks · CPC title
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9619804B1 cover?
- Various methods and devices that involve biometrically secured networked devices with enhanced privacy protection are disclosed. For example, a computer-implemented method for onboarding a first biometrically secured device to a network is disclosed. The method comprises generating an asymmetric key pair, transmitting the public key to a second device, and receiving an encrypted master encrypti…
- Who is the assignee on this patent?
- Clover Network Inc
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/40145. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).