211 results about "Biometric templates" patented technology

The invention combines cryptographic key management technology with various authentication options and the use of a companion PKI system in a web-centric cryptographic key management security method and apparatus called PXa3(TM) (Precise eXtensible Authentication, Authorization and Administration). The PXa3 model uses a security profile unique to a network user and the member domain(s) he/she belongs to. A PXa3 server holds all private keys and certificates, the user's security profile, including credentials and the optional authentication enrollment data. The server maintains a security profile for each user, and administrators simply transmitted credential updates and other periodic maintenance updates to users via their PXa3 server-based member accounts. Domain and workgroup administrators also perform administrative chores via a connection to the PXa3 web site, rather than on a local workstation. A member's security profile, containing algorithm access permissions, credentials, domain and maintenance values, a file header encrypting key, optional biometric templates, and domain-specific policies is contained in one of two places: either on a removable cryptographic token (e.g., a smart card), or on a central server-based profile maintained for each member and available as a downloadable "soft token" over any Internet connection.

We provide a system for issuing identification documents to a plurality of individuals, comprising a first database, a first server, and a workstation. The first database stores a plurality of digitized images, each digitized image comprising a biometric image of an individual seeking an identification document. The first server is in operable communication with the first database and is programmed to send, at a predetermined time, one or more digitized images from the first database to a biometric recognition system, the biometric recognition system in operable communication with a second database, the second database containing biometric templates associated with individuals whose images have been previously captured, and to receive from the biometric recognition system, for each digitized image sent, an indicator, based on the biometric searching of the second database, as to whether the second database contains any images of individuals who may at least partially resemble the digitized image that was sent. The a workstation is in operable communication with the first server and is configured to permit a user to review the indicator and to make a determination as to whether the individual is authorized to be issued an identification document or to keep an identification document in the individual's possession.

The invention provides a computer-implemented method for determining whether a database contains any images that substantially match at least one image provided of an individual. A probe data set is received, the comprising first and second biometric templates associated with the individual, the first biometric template associated with a different type of biometric than the second type of biometric template. A database of biometric templates is searched using the first biometric template to retrieve a first results set. A first predetermined portion of the first results set is selected. The first predetermined portion of the first results set is searched using the second biometric template to retrieve a second results set. A second predetermined portion of the second results set is selected. The second predetermined portion of the second results is provided for comparison with the image provided of the individual.

A method and apparatus for controlling access to the data stored on a smart card for use in mobile devices. A user initializes the smart card memory by saving an authentication credential in memory. Subsequently, when various applications executed on the mobile device seek to retrieve the data stored in the smart card memory, the user must submit to an authentication process before access to the data stored in the smart card memory is granted. Embodiments utilize biometric traits and biometric templates stored in memory as authentication credentials. Biometric sensors are provided with the smart card so that a candidate biometric trait can be generated and compared with a biometric template stored in memory. If the biometric trait matches the stored biometric template, then access to the data stored in the smart card is granted.

A multi-stage verification system including a first and second identification device to verify the identity of the user and to determine if the user is under duress. When a user approaches an entrance to a building, a first identifier is detected by the first identification device, the identifier is compared to a pre-stored identifier. If there is a match, the user inputs at least one biometric input into the second identification device. The biometric input is compares with pre-stored information in two different databases, a biometric template database and a duress indicator database. If there is a match with the duress indicator database, a silent alarm signal is transmitted to a central monitoring station and the security system is disarmed. If there is a match with the biometric template database, the security system is controlled in the intended manner.

A method for secure transmission of data, like e-mail and other secure documents, over a computer network includes the use of biometrics to verify that the sender of the data is confirmed as an individual authorized for secure access transmission of data over the network and by verifying that the recipient of the data is also an individual authorized to receive data by secure access transmission over the network. The methodology comprises creating a database containing the biometric templates of all individuals authorized for secure access transmission of data over the network and connecting the database to a data processor. The transmission of counterfeit messages is prevented by confirming the identity of the sender as an individual authorized for secure access transmission over the network by scanning a predetermined biometric of the sender, and comparing the biometric of the sender with the predetermined biometric of all individuals who are authorized for secure access transmission over the network. The recipient of a secure access message is not permitted to access the message until recipient's identity has been similarly confirmed as an individual authorized to receive messages secure access transmitted over the network. Once the recipient's identity is confirmed the message may be opened. The sender will receive confirmation by return electronic mail that the message has been opened by the authorized recipient.

This invention provides a mechanism, which allows a user's personal identification number (PIN) to operate independently from a biometric authentication system. This improvement reduces the administrative burden of having to keep a user's PIN synchronized with the PIN used to access the user's smart card following successful biometric authentication. The first embodiment of the invention incorporates a cryptographic interface, which bypasses the PIN entry and allows the biometric authentication system to directly access card resources. The second embodiment of the invention provides a second system PIN having greater bit strength than the cardholder PIN. Both embodiments of the invention retrieve secrets (either a cryptographic key or system PIN) from a biometric database by comparing a processed biometric sample with known biometric templates. The biometric authentication system incorporates a client-server architecture, which facilitates multiple biometric authentications.

A biometrically authenticated portable access device, includes a biometric sensor for measuring a live biometric parameter of an unverified user, an authenticator controlling a switch that enables and disables a conventional RFID tag and a stored biometric template corresponding to a previously measured biometric parameter of an authorized user. The authenticator compares the live biometric parameter of the unverified user to the stored biometric template and enables the RFID tag when the live biometric parameter matches the stored biometric template. The RFID tag is programmable in conventional RFID tag programmers that may be proprietary permitting the portable access device to be used with existing installed systems of proprietary and non-proprietary RFID tag programmers and readers.

The invention relates to an authentication system and an authentication method based on biological features. The method comprises the steps of conducting centralized storage and biological feature comparison operation for a large quantity of user biological feature templates according to user ID identifiers stored on a memory on a limited use machine and corresponding biding ID identifiers thereof on a biological authentication device of a digital processing terminal; separating the biological feature templates from the authentication function of the limited use machine; allocating to digital processing terminals (including PCs, notebooks or mobile phones, PDAs of users)of users as biological authentication device-storing the biological feature templates with decentralization and operating and processing biological features to be authenticated with decentralization so as to conduct comparison with the biological feature templates pre-stored on the respective digital processing terminals; feeding back comparison and verification results to the limited use machines; authorizing to conduct equal authentication of the biological authentication device ID identifier on the digital processing terminal for the corresponding binding user ID identifiers by the centralized authentication of the limited use machine according to the comparison verification result data.

A system and method may comprise providing a database comprising a user list and a user device list, the user list comprising a list of user biometric identifiers, each extracted from and unique to a respective template of a user biometric of a verified user, and the user device list comprising a list of user biometric identifiers each extracted from and unique to a respective template of a user biometric of a verified user device associated with the verified user; and determining one of (1) whether a user biometric identifier of a known user biometric received from an unverified user device matches a user biometric identifier on the user device list and (2) whether a user biometric identifier extracted from and unique to a new user biometric template received from a verified user device matches a user biometric identifier in the stored user list.

A biometrically authenticated access control in which a wireless authentication signal is provided from a primary instrumentality of access, only after a dual-stage biometric verification of the user's identity is performed. In one embodiment, an accessing device includes memory for storing a device identification code and an authentication code, along with first and second biometric templates corresponding to biometric samples from a user. In another embodiment, an accessing device includes memory for storing a device identification code and more than one authentication code, for separate users, along with first and second biometric templates corresponding to biometric samples from multiple users. In order to gain access to a secured resource, a user undergoes first and second biometric sampling to generate biometric data to be compared with the first and second biometric templates. Upon authentication of the user by positive matches with said first and second biometric samples, the accessing device communicates the accessing device identification code and authentication code to a remote station controlling access to the secured resource. A central server maintains a central database of records each establishing a correlation between an enrolled accessing device's identification code and an authentication code assigned to that accessing device.

Methods and systems for securing biometric templates and generating secret keys are provided. One or more images are received. Interest points are identified based on the received images, and a plurality of obfuscating data points are generated based on the interest points. An obfuscated template based on the interest points and the obfuscating data points is created and stored. A secret key can be encoded using a subset of at least one of the obfuscating data points and the interest points in the template.

A method of text-based authentication that accounts for positional variability of biometric features between captured biometric data samples includes capturing biometric data for a desired biometric type from an individual, and processing the captured biometric data to generate a biometric image and a biometric feature template. A selected conversion algorithm is executed by superimposing a positional relationship medium on the biometric image. The positional relationship medium includes a plurality of cells textually describable with words derivable from the positional relationship medium. The positions of biometric features are permitted to vary in overlapping border regions within the positional relationship medium. The method also includes identifying the position of at least one biometric feature within the overlapping border regions and generating a plurality of words for the at least one biometric feature.

One embodiment of the invention is directed to a computer-implemented method comprising, receiving an indication that an avatar of a user has initiated a transaction in a virtual reality environment. The method further comprises obtaining a first biometric sample from the user interacting with the virtual reality hardware. The method further comprises generating a partial biometric template based at least in part on the first biometric sample. The method further comprises providing the partial biometric template and personal authentication information for the avatar to an authentication computer where the personal authentication information and the partial biometric template are used to authenticate the avatar.

Embodiments of the invention provide methods and systems for securely transmitting a biometric identifier template across a network using a transport unit formed by appending a trusted time-stamp to the biometric template, and for authenticating such templates based on the time stamp. The method is applicable to fingerprint and other biometric identifier based identification and authentication systems.

A system for controlling access at secure facilities to locations and assets contained in those locations, comprising a biometric identification device, an RFID tag and receiver, and a database for processing information from them to allow or deny access to the locations and assets. The system ties into an existing network in the facility and also includes a programming device for evaluation of the biometric template and acknowledgement of the identification, if made. The system also controls the permissible locations of assets such as laptops, desktop computers, photographic equipment, weapons such as rifles, data storage devices and the like, such that while a person may have access to a location, use of an asset or removal of the asset may not be part of that person's authorized conduct.

A biologic character template of a user and the related information of the user's identity constitute a whole data block, comprising: selecting an asymmetric key algorithm, using the private key to perform the digital signature or the digital seal, manufacturing the biologic character ID digital file of the digital signature, which is stored in the mobile phone of the user. The biologic character data of the user to be validated is collected on the site, and the digital certiuficate including the public key is sent to the user; mobile phone for storing the biologic character ID digital file in advance for verification; the mobile phone of the user uses the public key in the digital certificate to validate the digital signature of the biologic character ID digital file; the biologic character data to be certificated are inputted, to compare with the corresponding biologic character template in the biologic character ID digital file; the mobile phone of the user outputs the result data of the comparing and the validate, to display the result or output the authorization data of the further operation.

An efficient exchange of messages in a system for authenticating access to a base device is facilitated through the selection of a particular biometric template from among a plurality of biometric templates. Rather than transmitting the template to a peripheral device, an indication of a location of the particular biometric template within the plurality of biometric templates is transmitted to the peripheral device. At the peripheral device, once the indication of the location and a biometric candidate are received, the particular biometric template may be located and compared to the biometric candidate. Finally, an indication of a result of the comparing may be transmitted to the base device.

A system for controlling access at secure facilities to locations and assets contained in those locations, comprising a biometric identification device, an RFID tag and receiver, and a database for processing information from them to allow or deny access to the locations and assets. The system ties into an existing network in the facility and also includes a programming device for evaluation of the biometric template and acknowledgement of the identification, if made. The system also controls the permissible locations of assets such as laptops, desktop computers, photographic equipment, weapons such as rifles, data storage devices and the like, such that while a person may have access to a location, use of an asset or removal of the asset may not be part of that person's authorized conduct.

The invention discloses a biological identity identification and verification terminal, comprising a fingerprint vein image collection module, a facial iris image collection module, a voice collection module, a certificate reading module, a touch screen, a biological identification chip and a main chip, wherein a processor, a controller and a secure memory are built in the biological identification chip, the secure memory is used for storing a biological identification algorithm and a biological feature template, the processor can extract biological features of a user according to the biological identification algorithm stored in the secure memory and match the biological features with a preset biological feature template in the secure memory to verify the identity of the user, and the controller can control the processor to carry out biological identity identification. By adopting the biological identity identification and verification terminal disclosed by the technical scheme of the invention, the security, reliability and adaptability of identity identification of the biological identity identification and verification terminal are improved.