Patent Issued for Federated Identity Management Based On Biometric Data (USPTO 10,396,985)
2019 SEP 11 (NewsRx) -- By a
Patent number 10,396,985 is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: “Organizations and individuals that operate and/or manage computing systems may implement various security measures to prevent unauthorized individuals and processes from accessing secured data stored on the systems, gaining control of processes executing on the systems, introducing new (e.g., malicious) processes to the systems, and/or gaining access for other purposes. Traditionally, cryptographic information such as cryptographic keys may be employed to authenticate an individual and/or verify that an individual or process is authorized to access a system. Cryptographic keys may also be employed to secure communications over a network. With increasing processing power, traditionally generated cryptographic keys may be more vulnerable to attackers who are able to recreate and employ the keys to gain unauthorized access to systems, communications, data, and/or processes. Such attackers may also employ spoofed keys to impersonate an authorized individual or process.”
In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “Implementations of the present disclosure are generally directed to identity management based at least partly on biometric data. More specifically, implementations are directed to generating a signature key for a user based at least partly on biometric data of the user, and based on the signature key generating a verification key to include in a certificate for use in verifying the user’s identity.
“In general, innovative aspects of the subject matter described in this specification can be embodied in methods that includes actions of: receiving first biometric data collected by at least one sensor, the first biometric data indicating at least one physiological characteristic of a user; generating a signature key for the user based on the first biometric data, wherein the signature key is a cryptographic key; and transmitting the signature key to a certification service and, in response, receiving a certificate generated by the certification service, the certificate including a verification key that corresponds to the signature key and that is generated by the certification service based on the signature key, the certificate being presentable to verify an identity of the user.
“Implementations can optionally include one or more of the following features: the actions further include receiving second biometric data collected by the at least one sensor; the actions further include regenerating the signature key based on the second biometric data; the actions further include providing the certificate and the regenerated signature key to enable a third party service to verify the identity of the user based on a correspondence between the regenerated signature key and the verification key included in the certificate; the signature key for the user is unique among users of the third party service; the certificate includes an expiration timestamp; the first biometric data includes one or more of a fingerprint of the user, a heartbeat waveform of the user, a voiceprint waveform of the user, a retinal pattern of the user, and a neural activity waveform of the user; the first biometric data includes at least two different types of biometric data; the signature key is not stored in persistent memory; generating the signature key includes determining a plurality of values based on the first biometric data, each value in the plurality of values determined based on a respective portion of the first biometric data, and generating the signature key based at least partly on a combination of the plurality of values; the first biometric data includes at least one fingerprint; the plurality of values are determined based on different portions of the fingerprint; each value indicates a density of traces in the corresponding portion of the fingerprint; each value indicates an arrangement of traces in the corresponding portion of the fingerprint; the first biometric data includes at least one heartbeat waveform; the plurality of values are determined based on different portions of the heartbeat waveform; and/or generating the signature key further includes accessing seed data including a seed, and hashing the combination of the plurality of values, based on the seed, to generate the signature key.
“Other implementations of any of the above aspects include corresponding systems, apparatus, and computer programs that are configured to perform the actions of the methods, encoded on computer storage devices. The present disclosure also provides a computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein. The present disclosure further provides a system for implementing the methods provided herein. The system includes one or more processors, and a computer-readable storage medium coupled to the one or more processors having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.
“Implementations of the present disclosure provide one or more of the following advantages. By employing user-specific biometric data to generate a cryptographic key associated with the user, implementations provide a cryptographic key that is specific to the user (e.g., unique among a group of users), less prone to unauthorized duplication, and thus more secure than a key generated using traditional methods. Because the key may be employed to access applications and/or data on secured systems, implementations provide a technical improvement over traditional systems in which access is granted through use of a key that may be less secure. Moreover, the use of a key generated from biometric data enables an individual to be identified and/or authenticated more reliably than traditional techniques for identifying and/or authenticating an individual. The more reliable authentication provided by implementations may lead to fewer failed authentication attempts. Accordingly, implementations may consume less processing power, memory, storage space, network capacity, and/or other computing system resources than traditional authentication systems that may require more attempts before successfully authenticating a user. Further, implementations may provide for faster and/or more efficient authentication than the use of biometric authentication without key generation, thus providing for an authentication system that may consume less memory, less processing power, less storage, and/or less network capacity than other techniques. In some implementations, the private key that is generated based on biometric data may not be stored, and may be re-generated for each use. Accordingly, the risk of the private key being compromised may be reduced and/or eliminated.
“It is appreciated that methods in accordance with the present disclosure can include any combination of the aspects and features described herein. That is, methods in accordance with the present disclosure are not limited to the combinations of aspects and features specifically described herein, but also include any combination of the aspects and features provided.
“The details of one or more implementations of the present disclosure are set forth in the accompanying drawings and the description below. Other features and advantages of the present disclosure will be apparent from the description and drawings, and from the claims.”
The claims supplied by the inventors are:
“What is claimed is:
“1. A computer-implemented method performed by at least one hardware processor, the method comprising: receiving, by the at least one hardware processor, first biometric data collected by at least one sensor at a first time, wherein the first biometric data is indicative of at least one physiological characteristic of a user; generating, by the at least one hardware processor, a signature key for the user based on the first biometric data, wherein the signature key is a cryptographic key, and wherein the signature key is a private key; transmitting, by the at least one hardware processor, the signature key to a certification service; receiving, by the at least one hardware processor, a certificate generated by the certification service, wherein the certificate includes a verification key that corresponds to the signature key and that is generated by the certification service based on the signature key, the certificate is presentable to verify an identity of the user, wherein the verification key is a public key; receiving, by the at least one hardware processor, second biometric data collected by the at least one sensor at a second time that is different than the first time; generating, by the at least one hardware processor, an additional signature key based on the second biometric data; transmitting, by the at least one hardware processor, the certificate and the additional signature key to a third party service to verify the identity of the user based on the additional signature key and the verification key included in the certificate; and receiving, by the at least one hardware processor, access to the third party service in response to the third party service determining that the additional signature key is associated with the verification key.
“2. The method of claim 1, wherein the additional signature key for the user is different than other signature keys associated with other users of the third party service.
“3. The method of claim 1, wherein the certificate includes an expiration timestamp.
“4. The method of claim 1, wherein the first biometric data includes one or more of: a fingerprint of the user; a heartbeat waveform of the user; a voiceprint waveform of the user; a retinal pattern of the user; and a neural activity waveform of the user.
“5. The method of claim 1, wherein the first biometric data includes at least two different types of biometric data.
“6. The method of claim 1, wherein the signature key is not stored in persistent memory.
“7. The method of claim 1, wherein generating the signature key includes: analyzing a plurality of portions of the first biometric data; determining a portion value for each portion of the plurality of portions to generate a plurality of portion values; combining the plurality of portion values to generate a plurality of combined portion values; and processing the plurality of combined portion values to generate the signature key.
“8. The method of claim 7, wherein: the first biometric data includes at least one fingerprint; and the plurality of portion values are determined based on different portions of the fingerprint.
“9. The method of claim 8, wherein each value indicates a density of traces in the corresponding portion of the fingerprint.
“10. The method of claim 8, wherein each value indicates an arrangement of traces in the corresponding portion of the fingerprint.
“11. The method of claim 7, wherein: the first biometric data includes at least one heartbeat waveform; and the plurality of portion values is determined based on different portions of the heartbeat waveform.
“12. The method of claim 7, wherein generating the signature key further includes: accessing seed data including a seed; and hashing the combination of the plurality of portion values based on the seed to generate the signature key.
“13. A system, comprising: at least one hardware processor; and a memory communicatively coupled to the at least one hardware processor, the memory storing instructions which, when executed by the at least one hardware processor, cause the at least one hardware processor to perform operations comprising: receiving first biometric data collected by at least one sensor at a first time, wherein the first biometric data is indicative of at least one physiological characteristic of a user; generating a signature key for the user based on the first biometric data, wherein the signature key is a cryptographic key, and wherein the signature key is a private key; transmitting the signature key to a certification service; receiving a certificate generated by the certification service, wherein the certificate includes a verification key that corresponds to the signature key and that is generated by the certification service based on the signature key, the certificate is presentable to verify an identity of the user, wherein the verification key is a public key; receiving second biometric data collected by the at least one sensor at a second time that is different than the first time; generating an additional signature key based on the second biometric data; transmitting the certificate and the additional signature key to a third party service to verify the identity of the user based on the additional signature key and the verification key included in the certificate; and receiving access to the third party service in response to the third party service determining that the additional signature key is associated with the verification key.
“14. The system of claim 13, wherein the signature key for the user is unique among users of the third party service.
“15. The system of claim 13, wherein the certificate includes an expiration timestamp.
“16. The system of claim 13, wherein the first biometric data includes one or more of: a fingerprint of the user; a heartbeat waveform of the user; a voiceprint waveform of the user; a retinal pattern of the user; and a neural activity waveform of the user.
“17. The system of claim 13, wherein the first biometric data includes at least two different types of biometric data.
“18. One or more computer-readable media storing instructions which, when executed by at least one hardware processor, cause the at least one hardware processor to perform operations comprising: receiving first biometric data collected by at least one sensor at a first time, wherein the first biometric data is indicative of at least one physiological characteristic of a user; generating a signature key for the user based on the first biometric data, wherein the signature key is a cryptographic key, and wherein the signature key is a private key; transmitting the signature key to a certification service; receiving a certificate generated by the certification service, wherein the certificate includes a verification key that corresponds to the signature key and that is generated by the certification service based on the signature key, the certificate is presentable to verify an identity of the user, wherein the verification key is a public key; receiving second biometric data collected by the at least one sensor at a second time that is different than the first time; generating an additional signature key based on the second biometric data; transmitting the certificate and the additional signature key to a third party service to verify the identity of the user based on the additional signature key and the verification key included in the certificate; and receiving access to the third party service in response to the third party service determining that the additional signature key is associated with the verification key.”
URL and more information on this patent, see: Nagelberg, Alexander B.; Mahoney, Nathan. Federated Identity Management Based On Biometric Data.
(Our reports deliver fact-based news of research and discoveries from around the world.)
New Disaster Preparedness Campaign Idea
Advisor News
- Why you should discuss insurance with HNW clients
- Trump announces health care plan outline
- House passes bill restricting ESG investments in retirement accounts
- How pre-retirees are approaching AI and tech
- Todd Buchanan named president of AmeriLife Wealth
More Advisor NewsAnnuity News
- Great-West Life & Annuity Insurance Company Trademark Application for “EMPOWER READY SELECT” Filed: Great-West Life & Annuity Insurance Company
- Retirees drive demand for pension-like income amid $4T savings gap
- Reframing lifetime income as an essential part of retirement planning
- Integrity adds further scale with blockbuster acquisition of AIMCOR
- MetLife Declares First Quarter 2026 Common Stock Dividend
More Annuity NewsHealth/Employee Benefits News
- Trump wants Congress to take up health plan
- Iowa House Democrats roll out affordability plan
- Husted took thousands from company that paid Ohio $88 million to settle Medicaid fraud allegations
- ACA subsidy expiration slams Central Pa. with more than 240% premium increases
- Kaiser affiliates will pay $556M to settle a lawsuit alleging Medicare fraudKaiser affiliates will pay $556M to settle a lawsuit alleging Medicare fraudKaiser Permanente affiliates will pay $556 million to settle a lawsuit that alleged the health care giant committed Medicare fraud and pressured doctors to list incorrect diagnoses on medical records to receive higher reimbursements
More Health/Employee Benefits NewsLife Insurance News