TITLE OF THE INVENTION
METHOD AND APPARATUS FOR SECURE E-COMMERCE TRANSACTIONS
FIELD OF THE INVENTION
This invention relates to the encryption of data and the authentication of the identity of participants in electronic commerce transactions and communications. In particular this invention relates to methods for authenticating the identity of participants and for securely encrypting said transactions and communications and apparatus therefor.
BACKGROUND OF THE INVENTION
The authentication of the identity of participants is a key requirement of most electronic commerce transactions. The security of the information being transmitted is also a concern, particularly where such information represents confidential data of the participant.
It is known in the prior art to provide authentication of a participant by collecting and verifying the participant's biometric data. It is also known to encrypt the biometric data when transmitting it for authentication purposes.
U.S. Patent No. 5,872,834 to Teitlebaum discloses a system involving a biometric input sensor to capture biometric data that is then encrypted and transmitted. The patent notes that the system is useful in electronic commerce applications to authorize payments, in billing applications, for credit authorization and for other electronic commerce purposes. The patent discusses the use of biometric input devices associated with
telephones or cellular telephones. An authentication center may be used to provide third party authentication. Teitlebaum points out that such a system enables reliable
identification of the user of a communication device without being dependent on that particular communication device.
U.S. Patent 5,956,409 to Chan et al. describes a method for the secure application of seals. An optical image of a seal is recorded by a computer and encrypted using a key for encryption generated in response to template biometric data from authorized persons. When a person seeks to use the seal, for example to apply the seal to a document, test biometric data is input from that person and used to generate a key for decryption. If the test biometric data matches the template biometric data, the key for decryption will be useful for decrypting the encrypted seal, and the person seeking access to the seal. The test biometric data represents a handwritten signature given contemporaneously by the person seeking access, and is verified against a set of template signatures earlier given by at least one authorized person. Specific signature features are determined in response to the template signatures and used for generating one or more keys for encrypting the seal. Similarly, specific signature features are determined in response to the test signature and used for generating keys for decrypting the seal.
The use of more than one type of biometric parameter to more reliably identify individuals is well known. US Patent No. 5,412,738 to Brunelli et al., US Patent No. 5,719,950 to Osten et al. and US Patent No. 5,930,804 to Yu et al. each discuss the use of at least two biometric features to authenticate the identify of a speaker. Yu et al. further discuss means to prevent biometric data forgery by sensing the temperature of the user's finger when capturing fingerprint data.
The use of dynamic encryption keys which are periodically downloaded to an encryption device and further using keys permanently stored in the device is also known.
U.S. Patent No. 4,944,006 to Citta et al. describes a secure data packet transmission system and method which includes a head-end having a software implemented 16 bit shift register which encrypts a bit packet. Dynamic encryption is provided by utilizing an initial preset for the software corresponding to a preset
encryption key for the shift register. Authorized subscriber terminals are provided with memories and decryption keys are downloaded. The bit packets are assembled with a global bit packet encrypted with a global encryption key and subsequent individually addressed bit packets encrypted with address keys. The address keys and terminal addresses are permanently stored in the subscriber terminal memories. The global encryption keys are changed periodically. Means are provided in each subscriber terminal for storing a number of global decryption keys, which are cycled through in attempts to decrypt the global packets. One of the global decryption keys is a permanent default key associated with the subscriber terminal to assure that communication with that terminal is possible despite a lack of knowledge of the terminal address or the other global decryption keys in its memory.
U.S. Patent 5,805,705 to Gray et al. discloses a system for synchronizing encryption/decryption keys in a data communication network. The keys are changed periodically at the source and destination nodes for an established connection. A destination node must know not only the value of any new key but also when to begin using that key to decrypt received data packets. Synchronization (making sure a data packet is decrypted using a decryption key correlated with the encryption key used to encrypt the same packet) is achieved by defining a single bit in each packet header as a key synchronization bit. As long as key synchronization bit value remains unchanged from one received packet to the next, a receiving node will continue to use the same decryption key it has been using. When a change in the key synchronization bit value is detected, the receiving node will begin using a previously received, new decryption key.
U.S. Patent 5,887,065 to Audebert describes a system and method for user authentication having clock synchronization. The system includes a first unit adapted to communicate with a second unit. The second unit grants conditional access to a function or service in accordance with an authentication operation. Both units are capable of running software for generating passwords by means of encryption of several dynamic variables as for example a time dependent variable and/or a variable representing the
number of formulated authentication requests. The encryption may be performed using a dynamic key.
U.S. Patent 5,937,068 to Audebert describes a system and method for user authentication employing dynamic encryption variables. The system includes a first cardlike unit adapted to communicate with a second unit giving only conditionally access to a function. Both units are capable of running software for generating a password by means of encryption of a plurality of dynamic variables produced separately but in concert (so as to have a predetermined relationship, such as identity, with one another) in the units. The encryption is carried out in each unit by a public algorithm using a dynamically varying encryption key. Each time an access request is issued by a card user, the key is modified as a function of the number of access requests previously formulated by the card user.
It is an object of this invention to provide a secure means of conducting electronic commerce transactions and other communications wherein authentication of participants is highly reliable.
It is a further object of this invention to provide a secure means of conducting electronic commerce transactions and other communications, wherein reliable participant authentication may be achieved regardless of the specific communication device being used by a participant.
It is yet a further object of this invention to provide a high degree of inherent encryption security.
It is a further object of the invention to incorporate biometric data in the encryption process in a manner that minimizes the effective use of biometric forgery.
These and other objects of the invention will be better understood by reference to the following disclosure.
SUMMARY OF THE INVENTION
The invention provides a means for securely authenticating the identity of a user without requiring the use of any particular communication device in order to do so.
A user's biometric data is retained in a database at an authentication center. A number of biometric encryption devices are also enabled for use with the secure system.
A registered user may use any biometric encryption device enabled by the system to establish a secure communication. The biometric encryption device may be used in association with a variety of standard communication devices.
When a user wishes to authenticate his or her identity, for example in connection with an electronic commerce transaction, the user's biometric data is collected by and transmitted in encrypted form to the authentication center. This phase is known as the initial authentication phase.
After the user's identity has been authenticated, the user's biometric data continues to be used as an integral component of the encryption process itself during the secure session phase of the communication.
In the initial authentication phase, the user's biometric data is encrypted using a combination of a device-specific encryption key programmed into the device as well as a time-specific encryption key broadcast from time to time from the authentication center to the device.
In the secure session phase of the communication, session information is transmitted in composite data packets comprising varying sequences of encrypted session data, encrypted biometric data and encrypted device-specific reference data. Each of the components is encrypted using different keys and all components are encrypted using a
sequence of different encryption time-specific algorithms which have been previously broadcast from the authentication center to the device. The relative positions of the components in the data packets are also changed throughout the transmission.
The various aspects of the invention will be more specifically appreciated by reference to the following detailed description of the preferred embodiment and by reference to the claims.
BRIEF DESCRIPTION OF THE DRAWINGS
The preferred embodiment of the invention will be described by reference to the drawings in which:
Fig. 1 is a diagram showing participants in a typical electronic commerce transaction according to the invention;
Fig. 2 is a block diagram illustrating the principal operational components of a biometric encryption device according to the invention;
Fig. 3 is a diagram illustrating the downloading of default keys and algorithms and a schedule therefor;
Fig. 4 is a flowchart of the steps in the initial authentication phase from the point of view of the biometric encryption device according to the invention;
Fig. 5 is a diagrammatic representation of the structure of a transmission packet from the device in the initial authentication phase;
Fig. 6 is a general flowchart of the steps in the initial authentication phase from the point of view of the authentication center;
Fig. 7 is a general flowchart of the steps in the secure mode phase from the point of view of the biometric encryption device;
Fig. 8 is a general flowchart of the steps in the secure mode phase from the point of view of the authentication center; and,
Fig. 9 is a diagrammatic representation of the transmission packet structure in the secure mode according to the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Fig. 1 illustrates the principal elements of a secure communication according to the invention. In the illustrated example, a first participant PI desires to conduct a secure electronic commerce transaction with a second participant P2. For example, participant P2 may be a bank and participant PI may be a consumer who wishes to have bank P2 transfer funds to a third party (not shown) to complete the consumer's purchase of product from the third party using a point of sale device.
The transaction is conducted by means of communication devices 10 and 12 which may be any form of communication device. In the illustrated example, the device is a telephone, but in other cases it may be a cellular phone, PDA, radio, modem or other communication device. Communication may involve any communication medium such as the Internet, one or more public switched telephone networks, a private network, etc.
Participants PI and P2 may have their identities authenticated and their transmissions encrypted by means of biometric encryption devices 14, 16 according to the invention.
When participant PI wishes to establish secure communication with participant P2, communication is enabled between device 14 and communication device 10.
In one embodiment, communication is then established between communication device 10 and communication device 12 which is associated with participant P2. Once communication between PI and P2 is established, one or both of PI and P2 will formulate a request for secure communication facilities and will transmit the request to authentication center 20. Authentication center 20 will open a communication channel to each of PI and P2 and will proceed to verify the identity of PI and P2 in accordance with the method of the invention described below. Assuming the identities of PI and P2 are verified, authentication center 20 authorizes the establishment of a secure channel between PI and P2, with authentication center 20 acting as a go-between for the secure communication session.
In another embodiment, PI first establishes communication with authentication center 20 and undergoes authentication of Pi 's identity. Authentication center 20 then receives Pi 's request for secure communication with P2. Authentication center 20 then communicates with P2, verifies P2's identity, and authorizes a secure channel between PI and P2, with authentication center again acting as a go-between.
In yet another embodiment, the authentication center may simply authenticate the identity of a participant and transmit a message to a third party confirming the authentication.
Participant and device registration
According to the invention, participants in the system are pre-registered with authentication center 20. In the registration process, the participant provides samples of the participant's unique biometric traits, as well as a participant-selected passphrase. A
PIN number may also be provided depending on the level of security desired. However the preferred embodiment described herein does not rely on use of a PIN number.
The user-supplied passphrase is used by the center to derive an encryption key known as the personal identification key (PIK). The PIK is used in the encryption process as described below.
Some registered participants may elect to obtain a biometric encryption device which may be portable or intended to be permanently retrofitted into an existing communication device. In the event that a new participant owns a communication device that has built-in biometric encryption device according to the invention, such device can be enabled upon registration of the participant.
Biometric encryption devices can also be registered or enabled independently of the registration of participants. At the time of registration or enablement of biometric encryption devices, the center will provide the device with device-specific reference data for eventual use in conducting secure communication.
Biometric Encryption Device
Biometric encryption device 14 may take a variety of different forms including:
• a stand alone unit, such as a point of sale device which may be selectively associated with a communications device
• an integral sub-assembly of a communication device
• a portable plug-in (e.g. into a PC Card slot) for a communication enabled device
• a retrofittable component to an existing communication device, such as a replacement handset for a telephone
• a chip embedded in the communication device which provides the processing, encryption/decryption and memory functions, and which is used in conjunction with biometric input sensors associated with a communication device.
Fig. 2 illustrates the principal functional elements of biometric encryption device 14 according to the invention.
Memory means 22 stores encryption keys and algorithms as well as key and algorithm scheduling information as described in more detail below. Memory 22 includes at least one device-specific key (KM) and at least one device-specific algorithm (AM) for use in encryption as described below. KM and AM are known to the center 20.
Clock 24 is used to determine the precise time at which a request for authentication will be dispatched for the purposes of selecting the appropriate time-dependent key (KB) and algorithm (AB) to be used to encrypt the request and related data. The time- dependent key and algorithm KB and AB are discussed below.
Biometric input sensors 26 comprises means for capturing biometric data, for example fingerprints, pulse data and voice print. It also analyzes the raw biometric data to extract features which uniquely characterize an individual user, and converts the
extracted features into a format which is consistent with the authentication center's protocol for such data.
Encryption/decryption engine 28 operates to encrypt and decrypt messages or data according to encryption keys and algorithms stored in memory 22.
A communications manager 30 provides an interface for inputs to the device 14 and for outputs from device 14 either directly to a communication channel or to the communication device for transmission by the communication device. It will be appreciated that the physical form of the interface take a variety of forms including a port connecting to a communication device port, a hard wired connection in the case of a biometric encryption device which is built into a communication device, or other suitable interface means. Inputs to device 14 include notably data to be encrypted, information downloaded from time to time from authentication center 20 such as encryption keys, algorithms and algorithm sequencing and scheduling information (described below), and participant data required for the authentication process such as participant's name, identification of the other participant, etc. Communications manager 30 may also act to monitor the communication otherwise being conducted through the communication device so as to divert and encrypt only a limited selection of information, such as a credit authorization or funds transfer request, as opposed to encrypting an entire communication session.
User interface 32 may comprise any suitable user interface means enabling device 14 and the user to exchange instructions and responses. It will be appreciated that depending on the selection of the type of biometric inputs to be used in the authentication process, and the functionality which the biometric input sensor 26 is given, some or all of the user interface functions or the data input functions may be provided by biometric input sensor 26 itself.
A CPU 34 coordinates the various functions of the device.
Broadcast Keys. Algorithms. Sequences and Schedules
From time to time, authentication center 20 transmits to biometric encryption device 14 updated encryption keys, algorithms, an algorithm sequence and a schedule for their use. Such updated information is stored in device memory 22. The updated information is broadcast to all enabled devices at unpredictable times. This process is illustrated in Fig. 3 wherein AB, KB and SB are algorithms, keys and sequences and schedules specific to groups of biometric encryption devices or to individual devices. Such grouping may be preferred to minimize the time required to broadcast the information compared to broadcasting such information for each individual device in use in the system. However, the use of different keys, algorithms and sequences and schedules for at least different groups of devices minimizes the possibility of unauthorized interception.
In addition, any time a user powers up a communication device associated with an enabled biometric encryption device 14, contact with the authentication center 20 is made and current keys, algorithms and sequences and schedules applicable to that device are retrieved from the authentication center. Preferably such transmission from the authentication center comprises a bundle of keys, algorithms and schedules such that a person obtaining possession of the device 14 and monitoring the update will not be able to easily determine which of them are intended for the specific device.
The broadcast keys, algorithms and sequences and schedules AB, KB and SB are stored in memory 22 for later use in the initial authentication phase of a secure communication.
Initial Authentication Phase
Fig. 4 is a flowchart of the initial step in establishing a secure communication to cover the transaction. In this phase of the process initial authentication of the
participant/user is performed. The device 14 prompts the user to enter his or her name. The user is then prompted (40) to input biometric data. Such biometric data may comprise any number of biometric traits, but the preferred embodiment of the invention captures biometric data for at least two traits to maximize the reliability of the authentication and to render the process relatively more independent of the use of specific communication devices. The biometric data is read (42) by sensor 26 which then extracts (44) the distinctive features from the raw biometric data and formats (46) them according to the biometric data formatting protocol used by the authentication center 20.
In order to effect encryption, CPU 34 first determines (48) the current time by reference to clock 24.
CPU 34 then retrieves (50) SB from memory 22 (SB was previously received from authentication center 20 in a broadcast or at powering up of the communication device as described above). SB determines which specific key and algorithm are to be used for communications initiated at the specific time determined by reference to clock 24 and these are retrieved (52). The time-specific key and algorithm are designated as Kτ and Aτ.
AM and KM are also retrieved (54)).
Aτ and AM are then combined (56) to form a device-specific encryption algorithm, while KT and KM are combined to form a device-specific encryption key. The resulting algorithm and key are therefore unique to that particular device at that particular time. They are then delivered (58) to the encryption/decryption engine 28.
The biometric features which have previously (46) been formatted according to the required biometric data formatting protocol are then encrypted (60) by the encryption/decryption engine 28. Similarly the engine 28 encrypts (64) the user's name.
A device-specific permanent ID number is then retrieved (66) from memory 22 and is encrypted using Aτ and Kτ only.
A transmission packet for requesting initial authentication is then formulated (66) comprising:
• the encrypted biometric information
• the encrypted user name • an encrypted device-specific ID number
The device-specific ID number is encrypted only at a system level since the authentication center 20 must be able to identify the alleged identity of the biometric encryption device 14 in order to know how to formulate a decryption key and algorithm. Thus the device ID is encrypted according to an encryption algorithm and key which are common to all devices within the system and that are of the same type (e.g. a portable biometric encryption device, a device permanently associated with a cellular telephone, etc.). Such encryption may for example be done using device-type specific Aτ and KT .
Once the device is identified, the authentication center formulates the decryption key and algorithm using the same information used to encrypt the data in device 14, all such information having been either broadcast from the center 20 itself, including AB (and therefore AT), and KB (and therefore Kτ), or are known to the center at the outset (AM and KM). Once the message is decrypted, the biometric data is compared to that stored by authentication center 20 for verification.
Verification is then communicated (70) by center 20 to device 14 and secure mode communication is enabled (78). The verification message transmitted from center 20 to device 14 includes the personal identification key (PIK) of the user.
Secure Session Phase
In the secure session mode, the biometric data is used to create one or more biometrically derived encryption keys which are used to encrypt all or a portion of the transaction data or the communication itself as the case may be. The use of an encryption key derived from the user's biometric data ensures a high level of security for the transaction or communication and a high level of confidence in the identity of the user.
The risk of biometric data forgery is minimized by combining biometrically derived encryption with encryption parameters which include device dependent parameters, broadcast dependent parameters and dynamic varying of not only the keys and algorithms involved, but of the structure of the transmission packets themselves.
Throughout the secure session, further biometric data may be collected from time to time to periodically authenticate the identity of the user and to avoid interception and overriding of an on-going communication.
The components of a transmission packet in the secure mode are:
• encrypted biometric data
• encrypted transaction or communication data
• encrypted device reference data
• continuity check information
The packet may also include periodic security checks which are also encrypted.
Encrypted Biometric Data
This component of the transmission packet comprises the biometric data which has been collected from the user. In the preferred embodiment, such biometric data is
collected from time to time during the communication for the purpose of ensuring periodic authentication of the user. Each time a new collection is taken and transmitted, the authentication center re-authenticates the user's identity.
The biometric data portion of the transmission packet is encrypted using a key derived from a combination the device-specific key KM and the personal identification key PIK.
Encrypted transaction or communication data
This comprises the electronic commerce transaction or financial data or the communication itself, as the case may be. This data is encrypted using a key derived from a combination of the user's biometric information and the personal identification key PIK.
Thus it will be appreciated that the transaction or communication data is encrypted in a highly secure and user-specific manner in that the user's unique biometric data is used as a part of the encryption key. In addition, the incorporation of the user's personal identification key PIK (which was derived from the passphrase selected by the user and which is known only to the center 20) minimizes the risk of successful interception of the communication.
Encrypted device reference data
This comprises device specific data (e.g. a page of text or images) which is programmed into the device 14 at the time of registration and which is known to the center 20. While this reference data may be changed from time to time, in the preferred embodiment it remains the same for the course of a given secure communication.
The key used to encrypt the device reference data is derived from a combination of the biometric data of the user and the device-specific key KM.
Algorithm
The algorithm used to encrypt the packets changes or rotates throughout the transmission as algorithm- 1, algorithm-2 ... algorithm-n. In the preferred embodiment the number of packets which have been transmitted determines each transition from one algorithm to the next. In Fig. 9 the sequence of successive packets and the algorithms used to encrypt their components is shown in the horizontal dimension.
The algorithms and their sequence are included as part of the broadcast referred to above. Depending on the time at which a secure communication is enabled, a certain one of the broadcast algorithms will be used as the starting algorithm for the encryption of the secure mode communication. Successive algorithms may follow the sequence dictated by the broadcast.
Packet organization
The above identified components of a transmission packet, namely the encrypted biometric data, the encrypted transaction or communication data and the encrypted device reference data, are arranged in a given packet in a varying sequence. The sequence of types of data in a given packet is illustrated in the vertical dimension in Fig. 9. The sequence is a varying one which changes each time the algorithm changes (but which may change for any given algorithm as well).
The specific arrangements of types of data for each packet and/or for each algorithm are communicated to device 14 by the broadcast. Thus Aτ is used to govern the arrangements. The key used for this purpose is the user specific key, PIK.
Thus is will be appreciated that the invention provides a highly encrypted communication which is a function of keys derived from the following sources:
• The biometric traits of the specific user
• The device itself (AM, KM)
• Arbitrary choice by the user (the PIK)
• The center (the device reference data)
The system according to the invention also provides device independence for a user. Although each device used is enabled for use with the system, a registered user may choose any enabled device to complete a transaction or communication. Such device independence gives the user flexibility in effecting secure transactions, and allows the system to track activity by a specific user, for example for billing purposes.
It will be appreciated that although the preferred embodiment of the invention has been described in relation to an electronic commerce transaction, the encryption method and apparatus may equally be applied to any communication, whether it is of a financial nature or not.
It will also be appreciated by those skilled in the art that while the preferred embodiment of the invention has been described in detail, variations to the preferred embodiment may be practised without thereby departing from the scope of the invention, which scope is reflected in the principles of operation and structure reflected in the foregoing disclosure and in the following claims.