System and method for user enrollment in a secure biometric verification system
US-2024386089-A1 · Nov 21, 2024 · US
System and method for secure remote biometric authentication
US9654468B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9654468-B2 |
| Application number | US-201314137204-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 20, 2013 |
| Priority date | Apr 17, 2006 |
| Publication date | May 16, 2017 |
| Grant date | May 16, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for secure remote biometric authentication are provided. A network-based biometric authentication platform stores biometric templates for individuals which have been securely enrolled with the authentication platform. A plurality of sensor platforms separately establishes secure communications with the biometric authentication platform. The sensor platform can perform a biometric scan of an individual and generate a biometric authentication template. The sensor platform then requests biometric authentication of the individual by the biometric authentication platform via the established secure communications. The biometric authentication platform compares the generated biometric template to one or more of the enrolled biometric templates stored in memory at the biometric authentication platform. The result of the authentication is then communicated to the requesting sensor platform via the established secure communications.
First claim
Opening claim text (preview).
What is claimed is: 1. A sensor platform for performing biometric authentication, the sensor platform comprising: a memory that stores a biometric sensor application; and a secure processor configured to: securely generate a first public key and a private key within a physical security boundary of the secure processor such that the private key is maintained within the physical security boundary of the secure processor, receive a first message from a remote biometric authentication platform that includes a symmetric key that is encrypted with the first public key, decrypt the symmetric key using the private key, establish a first secure communication link with the remote biometric authentication platform using the decrypted symmetric key, communicate the first public key to a warranty server over a second secure communication link, communicate the first public key to a certification authority over a third secure communication link, receive a certificate for the sensor platform from the certification authority, store the certificate for the sensor platform in the memory, and receive the certificate for the sensor platform from the certification authority, wherein the certification authority queries the warranty server to validate the first public key is a valid public key for the server platform. 2. The sensor platform of claim 1 , wherein the secure processor is further configured to: communicate the certificate for the sensor platform to the remote biometric authentication platform. 3. The sensor platform of claim 1 , wherein the symmetric key is configured to expire at a predetermined time. 4. The sensor platform of claim 1 , wherein the memory stores the decrypted symmetric key. 5. The sensor platform of claim 1 , wherein the secure processor is further configured to: verify a signature of the first message using a second public key for the remote biometric authentication platform. 6. The sensor platform of claim 1 , wherein the secure processor is further configured to: retrieve a second public key of a certification authority that issued a certificate corresponding to the remote biometric authentication platform; validate the certificate using the second public key; and verify a signature of the first message using a third public key provided in the certificate. 7. The sensor platform of claim 1 , wherein the secure processor is further configured to: validate an identity of a user at the secure platform using a technique other than a biometric scan; perform the biometric scan on the user using the biometric sensor application; generate a biometric authentication template for the user; generate a second message including the biometric authentication template; encrypt the second message using the symmetric key; and communicate the biometric authentication template to the remote biometric authentication platform using the first secure communication link. 8. The sensor platform of claim 7 , wherein the secure processor is further configured to: receive an indication of whether the biometric authentication template was successfully enrolled at the remote biometric authentication platform. 9. The sensor platform of claim 7 , wherein the secure processor is further configured to: receive a response from the remote biometric authentication platform indicating whether the user is authenticated at the remote biometric authentication platform, wherein the response is encrypted using the symmetric key; and authorize the user to access a second application stored in the memory in response to an indication that the user is authenticated at the remote biometric authentication platform. 10. A method for performing biometric authentication at a sensor platform, the method comprising: securely generating a first public key and a private key within a physical security boundary of a secure processor at the sensor platform, such that the private key is maintained within the physical security boundary of the secure processor; receiving a first message from a remote biometric authentication platform that includes a symmetric key that is encrypted with the first public key; decrypting the symmetric key using the private key; establishing a first secure communication link with the remote biometric authentication platform using the decrypted symmetric key; communicating the first public key to a warranty server over a second secure communication link; communicating the first public key to a certification authority over a third secure communication link; receiving a certificate for the sensor platform from the certification authority; storing the certificate for the sensor platform in the memory; and receiving the certificate for the sensor platform from the certification authority, wherein the certification authority queries the warranty server to validate the first public key is a valid public key for the server platform. 11. The method of claim 10 , further comprising: verifying a signature of the first message using a second public key for the remote biometric authentication platform. 12. The method of claim 10 , further comprising: validating an identity of a user at the sensor platform using a technique other than a biometric scan; performing the biometric scan on the user using a biometric sensor application stored at the sensor platform; generating a biometric authentication template for the user; generating a second message including the biometric authentication template; encrypting the second message using the symmetric key; and communicating the biometric authentication template to the remote biometric authentication platform using the first secure communication link. 13. The method of claim 12 , further comprising: receiving an indication of whether the biometric authentication template was successfully enrolled at the remote biometric authentication platform. 14. The method of claim 12 , further comprising: receiving a response from the remote biometric authentication platform indicating whether the user is authenticated at the remote biometric authentication platform, wherein the response is encrypted using the symmetric key; and authorizing the user to access a second application in response to an indication that the user is authenticated at the remote biometric authentication platform. 15. An apparatus, comprising: a memory that stores a biometric sensor application; and a secure processor coupled to the memory, wherein the secure processor is configured to: securely generate a first public key and a private key within a physical security boundary of the secure processor, such that the private key is maintained within the physical security boundary of the secure processor, receive a first message from a remote biometric authentication platform that includes a symmetric key that is encrypted with the first public key, decrypt the symmetric key using the private key, establish a first secure communication link with the remote biometric authentication platform using the decrypted symmetric key, communicate the first public key to a warranty server over a second secure communication link, communicate the first public key to a certification authority over a third secure communication link, receive a certificate for the sensor platform from the certification authority, store the certificate for the sensor platform in the memory, and receive the certificate for the sensor platform from the certification authority, wherein the certification authority queries the warranty server to validate the first public key is a valid public key for the
Assignees
Inventors
Classifications
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor · CPC title
- H04L9/3231Primary
Biological data, e.g. fingerprint, voice or retina (network architectures or network communication protocols for supporting authentication of entities using biometrical features in a packet data network H04L63/0861) · CPC title
- H04L63/0861Primary
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9654468B2 cover?
- Systems and methods for secure remote biometric authentication are provided. A network-based biometric authentication platform stores biometric templates for individuals which have been securely enrolled with the authentication platform. A plurality of sensor platforms separately establishes secure communications with the biometric authentication platform. The sensor platform can perform a biom…
- Who is the assignee on this patent?
- Avago Technologies General Ip
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3231. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 16 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).