WO2001043338A1 - Method and apparatus for secure e-commerce transactions - Google Patents

Method and apparatus for secure e-commerce transactions Download PDF

Info

Publication number
WO2001043338A1
WO2001043338A1 PCT/CA1999/001164 CA9901164W WO0143338A1 WO 2001043338 A1 WO2001043338 A1 WO 2001043338A1 CA 9901164 W CA9901164 W CA 9901164W WO 0143338 A1 WO0143338 A1 WO 0143338A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
communication
user
biometric data
biometric
Prior art date
Application number
PCT/CA1999/001164
Other languages
French (fr)
Inventor
Donald Lloyd Williams
Ali Reza Bazargan
Original Assignee
Milinx Business Group Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Milinx Business Group Inc. filed Critical Milinx Business Group Inc.
Priority to AU15417/00A priority Critical patent/AU1541700A/en
Priority to PCT/CA1999/001164 priority patent/WO2001043338A1/en
Publication of WO2001043338A1 publication Critical patent/WO2001043338A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • This invention relates to the encryption of data and the authentication of the identity of participants in electronic commerce transactions and communications.
  • this invention relates to methods for authenticating the identity of participants and for securely encrypting said transactions and communications and apparatus therefor.
  • the authentication of the identity of participants is a key requirement of most electronic commerce transactions.
  • the security of the information being transmitted is also a concern, particularly where such information represents confidential data of the participant.
  • U.S. Patent No. 5,872,834 to Teitlebaum discloses a system involving a biometric input sensor to capture biometric data that is then encrypted and transmitted.
  • the patent notes that the system is useful in electronic commerce applications to authorize payments, in billing applications, for credit authorization and for other electronic commerce purposes.
  • the patent discusses the use of biometric input devices associated with telephones or cellular telephones.
  • An authentication center may be used to provide third party authentication. Teitlebaum points out that such a system enables reliable
  • U.S. Patent 5,956,409 to Chan et al. describes a method for the secure application of seals.
  • An optical image of a seal is recorded by a computer and encrypted using a key for encryption generated in response to template biometric data from authorized persons.
  • test biometric data is input from that person and used to generate a key for decryption. If the test biometric data matches the template biometric data, the key for decryption will be useful for decrypting the encrypted seal, and the person seeking access to the seal.
  • the test biometric data represents a handwritten signature given contemporaneously by the person seeking access, and is verified against a set of template signatures earlier given by at least one authorized person.
  • Specific signature features are determined in response to the template signatures and used for generating one or more keys for encrypting the seal. Similarly, specific signature features are determined in response to the test signature and used for generating keys for decrypting the seal.
  • US Patent No. 5,412,738 to Brunelli et al. US Patent No. 5,719,950 to Osten et al. and US Patent No. 5,930,804 to Yu et al. each discuss the use of at least two biometric features to authenticate the identify of a speaker. Yu et al. further discuss means to prevent biometric data forgery by sensing the temperature of the user's finger when capturing fingerprint data.
  • Authorized subscriber terminals are provided with memories and decryption keys are downloaded.
  • the bit packets are assembled with a global bit packet encrypted with a global encryption key and subsequent individually addressed bit packets encrypted with address keys.
  • the address keys and terminal addresses are permanently stored in the subscriber terminal memories.
  • the global encryption keys are changed periodically.
  • Means are provided in each subscriber terminal for storing a number of global decryption keys, which are cycled through in attempts to decrypt the global packets.
  • One of the global decryption keys is a permanent default key associated with the subscriber terminal to assure that communication with that terminal is possible despite a lack of knowledge of the terminal address or the other global decryption keys in its memory.
  • U.S. Patent 5,805,705 to Gray et al. discloses a system for synchronizing encryption/decryption keys in a data communication network.
  • the keys are changed periodically at the source and destination nodes for an established connection.
  • a destination node must know not only the value of any new key but also when to begin using that key to decrypt received data packets.
  • Synchronization (making sure a data packet is decrypted using a decryption key correlated with the encryption key used to encrypt the same packet) is achieved by defining a single bit in each packet header as a key synchronization bit. As long as key synchronization bit value remains unchanged from one received packet to the next, a receiving node will continue to use the same decryption key it has been using.
  • U.S. Patent 5,887,065 to Audebert describes a system and method for user authentication having clock synchronization.
  • the system includes a first unit adapted to communicate with a second unit.
  • the second unit grants conditional access to a function or service in accordance with an authentication operation.
  • Both units are capable of running software for generating passwords by means of encryption of several dynamic variables as for example a time dependent variable and/or a variable representing the
  • the encryption may be performed using a dynamic key.
  • U.S. Patent 5,937,068 to Audebert describes a system and method for user authentication employing dynamic encryption variables.
  • the system includes a first cardlike unit adapted to communicate with a second unit giving only conditionally access to a function. Both units are capable of running software for generating a password by means of encryption of a plurality of dynamic variables produced separately but in concert (so as to have a predetermined relationship, such as identity, with one another) in the units.
  • the encryption is carried out in each unit by a public algorithm using a dynamically varying encryption key. Each time an access request is issued by a card user, the key is modified as a function of the number of access requests previously formulated by the card user.
  • the invention provides a means for securely authenticating the identity of a user without requiring the use of any particular communication device in order to do so.
  • a user's biometric data is retained in a database at an authentication center.
  • a number of biometric encryption devices are also enabled for use with the secure system.
  • a registered user may use any biometric encryption device enabled by the system to establish a secure communication.
  • the biometric encryption device may be used in association with a variety of standard communication devices.
  • the user's biometric data is collected by and transmitted in encrypted form to the authentication center. This phase is known as the initial authentication phase.
  • the user's biometric data continues to be used as an integral component of the encryption process itself during the secure session phase of the communication.
  • the user's biometric data is encrypted using a combination of a device-specific encryption key programmed into the device as well as a time-specific encryption key broadcast from time to time from the authentication center to the device.
  • session information is transmitted in composite data packets comprising varying sequences of encrypted session data, encrypted biometric data and encrypted device-specific reference data.
  • Each of the components is encrypted using different keys and all components are encrypted using a
  • Fig. 1 is a diagram showing participants in a typical electronic commerce transaction according to the invention
  • Fig. 2 is a block diagram illustrating the principal operational components of a biometric encryption device according to the invention
  • Fig. 3 is a diagram illustrating the downloading of default keys and algorithms and a schedule therefor;
  • Fig. 4 is a flowchart of the steps in the initial authentication phase from the point of view of the biometric encryption device according to the invention.
  • Fig. 5 is a diagrammatic representation of the structure of a transmission packet from the device in the initial authentication phase
  • Fig. 6 is a general flowchart of the steps in the initial authentication phase from the point of view of the authentication center;
  • Fig. 7 is a general flowchart of the steps in the secure mode phase from the point of view of the biometric encryption device
  • Fig. 8 is a general flowchart of the steps in the secure mode phase from the point of view of the authentication center.
  • Fig. 9 is a diagrammatic representation of the transmission packet structure in the secure mode according to the invention.
  • Fig. 1 illustrates the principal elements of a secure communication according to the invention.
  • a first participant PI desires to conduct a secure electronic commerce transaction with a second participant P2.
  • participant P2 may be a bank and participant PI may be a consumer who wishes to have bank P2 transfer funds to a third party (not shown) to complete the consumer's purchase of product from the third party using a point of sale device.
  • the transaction is conducted by means of communication devices 10 and 12 which may be any form of communication device.
  • the device is a telephone, but in other cases it may be a cellular phone, PDA, radio, modem or other communication device. Communication may involve any communication medium such as the Internet, one or more public switched telephone networks, a private network, etc.
  • Participants PI and P2 may have their identities authenticated and their transmissions encrypted by means of biometric encryption devices 14, 16 according to the invention.
  • participant PI When participant PI wishes to establish secure communication with participant P2, communication is enabled between device 14 and communication device 10.
  • communication is then established between communication device 10 and communication device 12 which is associated with participant P2.
  • communication between PI and P2 is established, one or both of PI and P2 will formulate a request for secure communication facilities and will transmit the request to authentication center 20.
  • Authentication center 20 will open a communication channel to each of PI and P2 and will proceed to verify the identity of PI and P2 in accordance with the method of the invention described below. Assuming the identities of PI and P2 are verified, authentication center 20 authorizes the establishment of a secure channel between PI and P2, with authentication center 20 acting as a go-between for the secure communication session.
  • PI first establishes communication with authentication center 20 and undergoes authentication of Pi 's identity.
  • Authentication center 20 receives Pi 's request for secure communication with P2.
  • Authentication center 20 then communicates with P2, verifies P2's identity, and authorizes a secure channel between PI and P2, with authentication center again acting as a go-between.
  • the authentication center may simply authenticate the identity of a participant and transmit a message to a third party confirming the authentication.
  • participant in the system are pre-registered with authentication center 20.
  • the participant provides samples of the participant's unique biometric traits, as well as a participant-selected passphrase.
  • PIN number may also be provided depending on the level of security desired. However the preferred embodiment described herein does not rely on use of a PIN number.
  • the user-supplied passphrase is used by the center to derive an encryption key known as the personal identification key (PIK).
  • PIK personal identification key
  • the PIK is used in the encryption process as described below.
  • Some registered participants may elect to obtain a biometric encryption device which may be portable or intended to be permanently retrofitted into an existing communication device.
  • a biometric encryption device which may be portable or intended to be permanently retrofitted into an existing communication device.
  • such device can be enabled upon registration of the participant.
  • Biometric encryption devices can also be registered or enabled independently of the registration of participants. At the time of registration or enablement of biometric encryption devices, the center will provide the device with device-specific reference data for eventual use in conducting secure communication.
  • Biometric encryption device 14 may take a variety of different forms including: • a stand alone unit, such as a point of sale device which may be selectively associated with a communications device
  • Fig. 2 illustrates the principal functional elements of biometric encryption device 14 according to the invention.
  • Memory means 22 stores encryption keys and algorithms as well as key and algorithm scheduling information as described in more detail below.
  • Memory 22 includes at least one device-specific key (K M ) and at least one device-specific algorithm (A M ) for use in encryption as described below.
  • K M and A M are known to the center 20.
  • Clock 24 is used to determine the precise time at which a request for authentication will be dispatched for the purposes of selecting the appropriate time-dependent key (K B ) and algorithm (A B ) to be used to encrypt the request and related data.
  • K B time-dependent key
  • a B algorithm
  • Biometric input sensors 26 comprises means for capturing biometric data, for example fingerprints, pulse data and voice print. It also analyzes the raw biometric data to extract features which uniquely characterize an individual user, and converts the extracted features into a format which is consistent with the authentication center's protocol for such data.
  • Encryption/decryption engine 28 operates to encrypt and decrypt messages or data according to encryption keys and algorithms stored in memory 22.
  • a communications manager 30 provides an interface for inputs to the device 14 and for outputs from device 14 either directly to a communication channel or to the communication device for transmission by the communication device. It will be appreciated that the physical form of the interface take a variety of forms including a port connecting to a communication device port, a hard wired connection in the case of a biometric encryption device which is built into a communication device, or other suitable interface means.
  • Inputs to device 14 include notably data to be encrypted, information downloaded from time to time from authentication center 20 such as encryption keys, algorithms and algorithm sequencing and scheduling information (described below), and participant data required for the authentication process such as participant's name, identification of the other participant, etc.
  • Communications manager 30 may also act to monitor the communication otherwise being conducted through the communication device so as to divert and encrypt only a limited selection of information, such as a credit authorization or funds transfer request, as opposed to encrypting an entire communication session.
  • User interface 32 may comprise any suitable user interface means enabling device 14 and the user to exchange instructions and responses. It will be appreciated that depending on the selection of the type of biometric inputs to be used in the authentication process, and the functionality which the biometric input sensor 26 is given, some or all of the user interface functions or the data input functions may be provided by biometric input sensor 26 itself.
  • a CPU 34 coordinates the various functions of the device. Broadcast Keys. Algorithms. Sequences and Schedules
  • authentication center 20 transmits to biometric encryption device 14 updated encryption keys, algorithms, an algorithm sequence and a schedule for their use.
  • updated information is stored in device memory 22.
  • the updated information is broadcast to all enabled devices at unpredictable times.
  • a B , K B and S B are algorithms, keys and sequences and schedules specific to groups of biometric encryption devices or to individual devices. Such grouping may be preferred to minimize the time required to broadcast the information compared to broadcasting such information for each individual device in use in the system.
  • the use of different keys, algorithms and sequences and schedules for at least different groups of devices minimizes the possibility of unauthorized interception.
  • a transmission from the authentication center comprises a bundle of keys, algorithms and schedules such that a person obtaining possession of the device 14 and monitoring the update will not be able to easily determine which of them are intended for the specific device.
  • the broadcast keys, algorithms and sequences and schedules A B , K B and S B are stored in memory 22 for later use in the initial authentication phase of a secure communication.
  • Fig. 4 is a flowchart of the initial step in establishing a secure communication to cover the transaction.
  • initial authentication of the participant/user is performed.
  • the device 14 prompts the user to enter his or her name.
  • the user is then prompted (40) to input biometric data.
  • biometric data may comprise any number of biometric traits, but the preferred embodiment of the invention captures biometric data for at least two traits to maximize the reliability of the authentication and to render the process relatively more independent of the use of specific communication devices.
  • the biometric data is read (42) by sensor 26 which then extracts (44) the distinctive features from the raw biometric data and formats (46) them according to the biometric data formatting protocol used by the authentication center 20.
  • CPU 34 first determines (48) the current time by reference to clock 24.
  • CPU 34 then retrieves (50) S B from memory 22 (S B was previously received from authentication center 20 in a broadcast or at powering up of the communication device as described above). S B determines which specific key and algorithm are to be used for communications initiated at the specific time determined by reference to clock 24 and these are retrieved (52). The time-specific key and algorithm are designated as K ⁇ and A ⁇ .
  • a M and K M are also retrieved (54)).
  • a ⁇ and A M are then combined (56) to form a device-specific encryption algorithm, while K T and K M are combined to form a device-specific encryption key.
  • the resulting algorithm and key are therefore unique to that particular device at that particular time. They are then delivered (58) to the encryption/decryption engine 28.
  • biometric features which have previously (46) been formatted according to the required biometric data formatting protocol are then encrypted (60) by the encryption/decryption engine 28. Similarly the engine 28 encrypts (64) the user's name. A device-specific permanent ID number is then retrieved (66) from memory 22 and is encrypted using A ⁇ and K ⁇ only.
  • a transmission packet for requesting initial authentication is then formulated (66) comprising:
  • the device-specific ID number is encrypted only at a system level since the authentication center 20 must be able to identify the alleged identity of the biometric encryption device 14 in order to know how to formulate a decryption key and algorithm.
  • the device ID is encrypted according to an encryption algorithm and key which are common to all devices within the system and that are of the same type (e.g. a portable biometric encryption device, a device permanently associated with a cellular telephone, etc.).
  • Such encryption may for example be done using device-type specific A ⁇ and K T .
  • the authentication center formulates the decryption key and algorithm using the same information used to encrypt the data in device 14, all such information having been either broadcast from the center 20 itself, including A B (and therefore A T ), and K B (and therefore K ⁇ ), or are known to the center at the outset (A M and K M ).
  • the biometric data is compared to that stored by authentication center 20 for verification.
  • Verification is then communicated (70) by center 20 to device 14 and secure mode communication is enabled (78).
  • the verification message transmitted from center 20 to device 14 includes the personal identification key (PIK) of the user.
  • PKI personal identification key
  • the biometric data is used to create one or more biometrically derived encryption keys which are used to encrypt all or a portion of the transaction data or the communication itself as the case may be.
  • the use of an encryption key derived from the user's biometric data ensures a high level of security for the transaction or communication and a high level of confidence in the identity of the user.
  • biometrically derived encryption with encryption parameters which include device dependent parameters, broadcast dependent parameters and dynamic varying of not only the keys and algorithms involved, but of the structure of the transmission packets themselves.
  • biometric data may be collected from time to time to periodically authenticate the identity of the user and to avoid interception and overriding of an on-going communication.
  • the components of a transmission packet in the secure mode are:
  • the packet may also include periodic security checks which are also encrypted.
  • This component of the transmission packet comprises the biometric data which has been collected from the user.
  • biometric data is collected from time to time during the communication for the purpose of ensuring periodic authentication of the user.
  • the authentication center re-authenticates the user's identity.
  • the biometric data portion of the transmission packet is encrypted using a key derived from a combination the device-specific key K M and the personal identification key PIK.
  • This comprises the electronic commerce transaction or financial data or the communication itself, as the case may be.
  • This data is encrypted using a key derived from a combination of the user's biometric information and the personal identification key PIK.
  • the transaction or communication data is encrypted in a highly secure and user-specific manner in that the user's unique biometric data is used as a part of the encryption key.
  • the incorporation of the user's personal identification key PIK (which was derived from the passphrase selected by the user and which is known only to the center 20) minimizes the risk of successful interception of the communication.
  • This comprises device specific data (e.g. a page of text or images) which is programmed into the device 14 at the time of registration and which is known to the center 20. While this reference data may be changed from time to time, in the preferred embodiment it remains the same for the course of a given secure communication.
  • the key used to encrypt the device reference data is derived from a combination of the biometric data of the user and the device-specific key K M .
  • the algorithm used to encrypt the packets changes or rotates throughout the transmission as algorithm- 1, algorithm-2 ... algorithm-n.
  • the number of packets which have been transmitted determines each transition from one algorithm to the next.
  • Fig. 9 the sequence of successive packets and the algorithms used to encrypt their components is shown in the horizontal dimension.
  • the algorithms and their sequence are included as part of the broadcast referred to above. Depending on the time at which a secure communication is enabled, a certain one of the broadcast algorithms will be used as the starting algorithm for the encryption of the secure mode communication. Successive algorithms may follow the sequence dictated by the broadcast.
  • the above identified components of a transmission packet namely the encrypted biometric data, the encrypted transaction or communication data and the encrypted device reference data, are arranged in a given packet in a varying sequence.
  • the sequence of types of data in a given packet is illustrated in the vertical dimension in Fig. 9.
  • the sequence is a varying one which changes each time the algorithm changes (but which may change for any given algorithm as well).
  • the system according to the invention also provides device independence for a user. Although each device used is enabled for use with the system, a registered user may choose any enabled device to complete a transaction or communication. Such device independence gives the user flexibility in effecting secure transactions, and allows the system to track activity by a specific user, for example for billing purposes.

Abstract

A method of authenticating the identity of a user of a communication device and providing a securely encrypted communication channel, comprises first authenticating the identity of the user using biometric information collected and encrypted using apparatus which interfaces with a communication device. After authentication is complete the communication is encrypted using a series of different algorithms which include an encryption key derived from the user's biometric data as well as device-specific algorithms broadcast from time to time to the device, and an algorithm programmed into the device. The encrypted data packets include several separately encrypted components, the arrangement of which varies in successive data packets. The invention provides a means for securely authenticating the identity of a user without requiring the use of any particular communication device in order to do so.

Description

TITLE OF THE INVENTION
METHOD AND APPARATUS FOR SECURE E-COMMERCE TRANSACTIONS
FIELD OF THE INVENTION
This invention relates to the encryption of data and the authentication of the identity of participants in electronic commerce transactions and communications. In particular this invention relates to methods for authenticating the identity of participants and for securely encrypting said transactions and communications and apparatus therefor.
BACKGROUND OF THE INVENTION
The authentication of the identity of participants is a key requirement of most electronic commerce transactions. The security of the information being transmitted is also a concern, particularly where such information represents confidential data of the participant.
It is known in the prior art to provide authentication of a participant by collecting and verifying the participant's biometric data. It is also known to encrypt the biometric data when transmitting it for authentication purposes.
U.S. Patent No. 5,872,834 to Teitlebaum discloses a system involving a biometric input sensor to capture biometric data that is then encrypted and transmitted. The patent notes that the system is useful in electronic commerce applications to authorize payments, in billing applications, for credit authorization and for other electronic commerce purposes. The patent discusses the use of biometric input devices associated with telephones or cellular telephones. An authentication center may be used to provide third party authentication. Teitlebaum points out that such a system enables reliable
identification of the user of a communication device without being dependent on that particular communication device.
U.S. Patent 5,956,409 to Chan et al. describes a method for the secure application of seals. An optical image of a seal is recorded by a computer and encrypted using a key for encryption generated in response to template biometric data from authorized persons. When a person seeks to use the seal, for example to apply the seal to a document, test biometric data is input from that person and used to generate a key for decryption. If the test biometric data matches the template biometric data, the key for decryption will be useful for decrypting the encrypted seal, and the person seeking access to the seal. The test biometric data represents a handwritten signature given contemporaneously by the person seeking access, and is verified against a set of template signatures earlier given by at least one authorized person. Specific signature features are determined in response to the template signatures and used for generating one or more keys for encrypting the seal. Similarly, specific signature features are determined in response to the test signature and used for generating keys for decrypting the seal.
The use of more than one type of biometric parameter to more reliably identify individuals is well known. US Patent No. 5,412,738 to Brunelli et al., US Patent No. 5,719,950 to Osten et al. and US Patent No. 5,930,804 to Yu et al. each discuss the use of at least two biometric features to authenticate the identify of a speaker. Yu et al. further discuss means to prevent biometric data forgery by sensing the temperature of the user's finger when capturing fingerprint data.
The use of dynamic encryption keys which are periodically downloaded to an encryption device and further using keys permanently stored in the device is also known. U.S. Patent No. 4,944,006 to Citta et al. describes a secure data packet transmission system and method which includes a head-end having a software implemented 16 bit shift register which encrypts a bit packet. Dynamic encryption is provided by utilizing an initial preset for the software corresponding to a preset
encryption key for the shift register. Authorized subscriber terminals are provided with memories and decryption keys are downloaded. The bit packets are assembled with a global bit packet encrypted with a global encryption key and subsequent individually addressed bit packets encrypted with address keys. The address keys and terminal addresses are permanently stored in the subscriber terminal memories. The global encryption keys are changed periodically. Means are provided in each subscriber terminal for storing a number of global decryption keys, which are cycled through in attempts to decrypt the global packets. One of the global decryption keys is a permanent default key associated with the subscriber terminal to assure that communication with that terminal is possible despite a lack of knowledge of the terminal address or the other global decryption keys in its memory.
U.S. Patent 5,805,705 to Gray et al. discloses a system for synchronizing encryption/decryption keys in a data communication network. The keys are changed periodically at the source and destination nodes for an established connection. A destination node must know not only the value of any new key but also when to begin using that key to decrypt received data packets. Synchronization (making sure a data packet is decrypted using a decryption key correlated with the encryption key used to encrypt the same packet) is achieved by defining a single bit in each packet header as a key synchronization bit. As long as key synchronization bit value remains unchanged from one received packet to the next, a receiving node will continue to use the same decryption key it has been using. When a change in the key synchronization bit value is detected, the receiving node will begin using a previously received, new decryption key. U.S. Patent 5,887,065 to Audebert describes a system and method for user authentication having clock synchronization. The system includes a first unit adapted to communicate with a second unit. The second unit grants conditional access to a function or service in accordance with an authentication operation. Both units are capable of running software for generating passwords by means of encryption of several dynamic variables as for example a time dependent variable and/or a variable representing the
number of formulated authentication requests. The encryption may be performed using a dynamic key.
U.S. Patent 5,937,068 to Audebert describes a system and method for user authentication employing dynamic encryption variables. The system includes a first cardlike unit adapted to communicate with a second unit giving only conditionally access to a function. Both units are capable of running software for generating a password by means of encryption of a plurality of dynamic variables produced separately but in concert (so as to have a predetermined relationship, such as identity, with one another) in the units. The encryption is carried out in each unit by a public algorithm using a dynamically varying encryption key. Each time an access request is issued by a card user, the key is modified as a function of the number of access requests previously formulated by the card user.
It is an object of this invention to provide a secure means of conducting electronic commerce transactions and other communications wherein authentication of participants is highly reliable.
It is a further object of this invention to provide a secure means of conducting electronic commerce transactions and other communications, wherein reliable participant authentication may be achieved regardless of the specific communication device being used by a participant. It is yet a further object of this invention to provide a high degree of inherent encryption security.
It is a further object of the invention to incorporate biometric data in the encryption process in a manner that minimizes the effective use of biometric forgery.
These and other objects of the invention will be better understood by reference to the following disclosure.
SUMMARY OF THE INVENTION
The invention provides a means for securely authenticating the identity of a user without requiring the use of any particular communication device in order to do so.
A user's biometric data is retained in a database at an authentication center. A number of biometric encryption devices are also enabled for use with the secure system.
A registered user may use any biometric encryption device enabled by the system to establish a secure communication. The biometric encryption device may be used in association with a variety of standard communication devices.
When a user wishes to authenticate his or her identity, for example in connection with an electronic commerce transaction, the user's biometric data is collected by and transmitted in encrypted form to the authentication center. This phase is known as the initial authentication phase.
After the user's identity has been authenticated, the user's biometric data continues to be used as an integral component of the encryption process itself during the secure session phase of the communication. In the initial authentication phase, the user's biometric data is encrypted using a combination of a device-specific encryption key programmed into the device as well as a time-specific encryption key broadcast from time to time from the authentication center to the device.
In the secure session phase of the communication, session information is transmitted in composite data packets comprising varying sequences of encrypted session data, encrypted biometric data and encrypted device-specific reference data. Each of the components is encrypted using different keys and all components are encrypted using a
sequence of different encryption time-specific algorithms which have been previously broadcast from the authentication center to the device. The relative positions of the components in the data packets are also changed throughout the transmission.
The various aspects of the invention will be more specifically appreciated by reference to the following detailed description of the preferred embodiment and by reference to the claims.
BRIEF DESCRIPTION OF THE DRAWINGS
The preferred embodiment of the invention will be described by reference to the drawings in which:
Fig. 1 is a diagram showing participants in a typical electronic commerce transaction according to the invention;
Fig. 2 is a block diagram illustrating the principal operational components of a biometric encryption device according to the invention; Fig. 3 is a diagram illustrating the downloading of default keys and algorithms and a schedule therefor;
Fig. 4 is a flowchart of the steps in the initial authentication phase from the point of view of the biometric encryption device according to the invention;
Fig. 5 is a diagrammatic representation of the structure of a transmission packet from the device in the initial authentication phase;
Fig. 6 is a general flowchart of the steps in the initial authentication phase from the point of view of the authentication center;
Fig. 7 is a general flowchart of the steps in the secure mode phase from the point of view of the biometric encryption device;
Fig. 8 is a general flowchart of the steps in the secure mode phase from the point of view of the authentication center; and,
Fig. 9 is a diagrammatic representation of the transmission packet structure in the secure mode according to the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Fig. 1 illustrates the principal elements of a secure communication according to the invention. In the illustrated example, a first participant PI desires to conduct a secure electronic commerce transaction with a second participant P2. For example, participant P2 may be a bank and participant PI may be a consumer who wishes to have bank P2 transfer funds to a third party (not shown) to complete the consumer's purchase of product from the third party using a point of sale device. The transaction is conducted by means of communication devices 10 and 12 which may be any form of communication device. In the illustrated example, the device is a telephone, but in other cases it may be a cellular phone, PDA, radio, modem or other communication device. Communication may involve any communication medium such as the Internet, one or more public switched telephone networks, a private network, etc.
Participants PI and P2 may have their identities authenticated and their transmissions encrypted by means of biometric encryption devices 14, 16 according to the invention.
When participant PI wishes to establish secure communication with participant P2, communication is enabled between device 14 and communication device 10.
In one embodiment, communication is then established between communication device 10 and communication device 12 which is associated with participant P2. Once communication between PI and P2 is established, one or both of PI and P2 will formulate a request for secure communication facilities and will transmit the request to authentication center 20. Authentication center 20 will open a communication channel to each of PI and P2 and will proceed to verify the identity of PI and P2 in accordance with the method of the invention described below. Assuming the identities of PI and P2 are verified, authentication center 20 authorizes the establishment of a secure channel between PI and P2, with authentication center 20 acting as a go-between for the secure communication session.
In another embodiment, PI first establishes communication with authentication center 20 and undergoes authentication of Pi 's identity. Authentication center 20 then receives Pi 's request for secure communication with P2. Authentication center 20 then communicates with P2, verifies P2's identity, and authorizes a secure channel between PI and P2, with authentication center again acting as a go-between. In yet another embodiment, the authentication center may simply authenticate the identity of a participant and transmit a message to a third party confirming the authentication.
Participant and device registration
According to the invention, participants in the system are pre-registered with authentication center 20. In the registration process, the participant provides samples of the participant's unique biometric traits, as well as a participant-selected passphrase. A
PIN number may also be provided depending on the level of security desired. However the preferred embodiment described herein does not rely on use of a PIN number.
The user-supplied passphrase is used by the center to derive an encryption key known as the personal identification key (PIK). The PIK is used in the encryption process as described below.
Some registered participants may elect to obtain a biometric encryption device which may be portable or intended to be permanently retrofitted into an existing communication device. In the event that a new participant owns a communication device that has built-in biometric encryption device according to the invention, such device can be enabled upon registration of the participant.
Biometric encryption devices can also be registered or enabled independently of the registration of participants. At the time of registration or enablement of biometric encryption devices, the center will provide the device with device-specific reference data for eventual use in conducting secure communication.
Biometric Encryption Device
Biometric encryption device 14 may take a variety of different forms including: • a stand alone unit, such as a point of sale device which may be selectively associated with a communications device
• an integral sub-assembly of a communication device
• a portable plug-in (e.g. into a PC Card slot) for a communication enabled device
• a retrofittable component to an existing communication device, such as a replacement handset for a telephone
• a chip embedded in the communication device which provides the processing, encryption/decryption and memory functions, and which is used in conjunction with biometric input sensors associated with a communication device.
Fig. 2 illustrates the principal functional elements of biometric encryption device 14 according to the invention.
Memory means 22 stores encryption keys and algorithms as well as key and algorithm scheduling information as described in more detail below. Memory 22 includes at least one device-specific key (KM) and at least one device-specific algorithm (AM) for use in encryption as described below. KM and AM are known to the center 20.
Clock 24 is used to determine the precise time at which a request for authentication will be dispatched for the purposes of selecting the appropriate time-dependent key (KB) and algorithm (AB) to be used to encrypt the request and related data. The time- dependent key and algorithm KB and AB are discussed below.
Biometric input sensors 26 comprises means for capturing biometric data, for example fingerprints, pulse data and voice print. It also analyzes the raw biometric data to extract features which uniquely characterize an individual user, and converts the extracted features into a format which is consistent with the authentication center's protocol for such data.
Encryption/decryption engine 28 operates to encrypt and decrypt messages or data according to encryption keys and algorithms stored in memory 22.
A communications manager 30 provides an interface for inputs to the device 14 and for outputs from device 14 either directly to a communication channel or to the communication device for transmission by the communication device. It will be appreciated that the physical form of the interface take a variety of forms including a port connecting to a communication device port, a hard wired connection in the case of a biometric encryption device which is built into a communication device, or other suitable interface means. Inputs to device 14 include notably data to be encrypted, information downloaded from time to time from authentication center 20 such as encryption keys, algorithms and algorithm sequencing and scheduling information (described below), and participant data required for the authentication process such as participant's name, identification of the other participant, etc. Communications manager 30 may also act to monitor the communication otherwise being conducted through the communication device so as to divert and encrypt only a limited selection of information, such as a credit authorization or funds transfer request, as opposed to encrypting an entire communication session.
User interface 32 may comprise any suitable user interface means enabling device 14 and the user to exchange instructions and responses. It will be appreciated that depending on the selection of the type of biometric inputs to be used in the authentication process, and the functionality which the biometric input sensor 26 is given, some or all of the user interface functions or the data input functions may be provided by biometric input sensor 26 itself.
A CPU 34 coordinates the various functions of the device. Broadcast Keys. Algorithms. Sequences and Schedules
From time to time, authentication center 20 transmits to biometric encryption device 14 updated encryption keys, algorithms, an algorithm sequence and a schedule for their use. Such updated information is stored in device memory 22. The updated information is broadcast to all enabled devices at unpredictable times. This process is illustrated in Fig. 3 wherein AB, KB and SB are algorithms, keys and sequences and schedules specific to groups of biometric encryption devices or to individual devices. Such grouping may be preferred to minimize the time required to broadcast the information compared to broadcasting such information for each individual device in use in the system. However, the use of different keys, algorithms and sequences and schedules for at least different groups of devices minimizes the possibility of unauthorized interception.
In addition, any time a user powers up a communication device associated with an enabled biometric encryption device 14, contact with the authentication center 20 is made and current keys, algorithms and sequences and schedules applicable to that device are retrieved from the authentication center. Preferably such transmission from the authentication center comprises a bundle of keys, algorithms and schedules such that a person obtaining possession of the device 14 and monitoring the update will not be able to easily determine which of them are intended for the specific device.
The broadcast keys, algorithms and sequences and schedules AB, KB and SB are stored in memory 22 for later use in the initial authentication phase of a secure communication.
Initial Authentication Phase
Fig. 4 is a flowchart of the initial step in establishing a secure communication to cover the transaction. In this phase of the process initial authentication of the participant/user is performed. The device 14 prompts the user to enter his or her name. The user is then prompted (40) to input biometric data. Such biometric data may comprise any number of biometric traits, but the preferred embodiment of the invention captures biometric data for at least two traits to maximize the reliability of the authentication and to render the process relatively more independent of the use of specific communication devices. The biometric data is read (42) by sensor 26 which then extracts (44) the distinctive features from the raw biometric data and formats (46) them according to the biometric data formatting protocol used by the authentication center 20.
In order to effect encryption, CPU 34 first determines (48) the current time by reference to clock 24.
CPU 34 then retrieves (50) SB from memory 22 (SB was previously received from authentication center 20 in a broadcast or at powering up of the communication device as described above). SB determines which specific key and algorithm are to be used for communications initiated at the specific time determined by reference to clock 24 and these are retrieved (52). The time-specific key and algorithm are designated as Kτ and Aτ.
AM and KM are also retrieved (54)).
Aτ and AM are then combined (56) to form a device-specific encryption algorithm, while KT and KM are combined to form a device-specific encryption key. The resulting algorithm and key are therefore unique to that particular device at that particular time. They are then delivered (58) to the encryption/decryption engine 28.
The biometric features which have previously (46) been formatted according to the required biometric data formatting protocol are then encrypted (60) by the encryption/decryption engine 28. Similarly the engine 28 encrypts (64) the user's name. A device-specific permanent ID number is then retrieved (66) from memory 22 and is encrypted using Aτ and Kτ only.
A transmission packet for requesting initial authentication is then formulated (66) comprising:
• the encrypted biometric information
• the encrypted user name • an encrypted device-specific ID number
The device-specific ID number is encrypted only at a system level since the authentication center 20 must be able to identify the alleged identity of the biometric encryption device 14 in order to know how to formulate a decryption key and algorithm. Thus the device ID is encrypted according to an encryption algorithm and key which are common to all devices within the system and that are of the same type (e.g. a portable biometric encryption device, a device permanently associated with a cellular telephone, etc.). Such encryption may for example be done using device-type specific Aτ and KT .
Once the device is identified, the authentication center formulates the decryption key and algorithm using the same information used to encrypt the data in device 14, all such information having been either broadcast from the center 20 itself, including AB (and therefore AT), and KB (and therefore Kτ), or are known to the center at the outset (AM and KM). Once the message is decrypted, the biometric data is compared to that stored by authentication center 20 for verification.
Verification is then communicated (70) by center 20 to device 14 and secure mode communication is enabled (78). The verification message transmitted from center 20 to device 14 includes the personal identification key (PIK) of the user. Secure Session Phase
In the secure session mode, the biometric data is used to create one or more biometrically derived encryption keys which are used to encrypt all or a portion of the transaction data or the communication itself as the case may be. The use of an encryption key derived from the user's biometric data ensures a high level of security for the transaction or communication and a high level of confidence in the identity of the user.
The risk of biometric data forgery is minimized by combining biometrically derived encryption with encryption parameters which include device dependent parameters, broadcast dependent parameters and dynamic varying of not only the keys and algorithms involved, but of the structure of the transmission packets themselves.
Throughout the secure session, further biometric data may be collected from time to time to periodically authenticate the identity of the user and to avoid interception and overriding of an on-going communication.
The components of a transmission packet in the secure mode are:
• encrypted biometric data
• encrypted transaction or communication data
• encrypted device reference data
• continuity check information
The packet may also include periodic security checks which are also encrypted.
Encrypted Biometric Data
This component of the transmission packet comprises the biometric data which has been collected from the user. In the preferred embodiment, such biometric data is collected from time to time during the communication for the purpose of ensuring periodic authentication of the user. Each time a new collection is taken and transmitted, the authentication center re-authenticates the user's identity.
The biometric data portion of the transmission packet is encrypted using a key derived from a combination the device-specific key KM and the personal identification key PIK.
Encrypted transaction or communication data
This comprises the electronic commerce transaction or financial data or the communication itself, as the case may be. This data is encrypted using a key derived from a combination of the user's biometric information and the personal identification key PIK.
Thus it will be appreciated that the transaction or communication data is encrypted in a highly secure and user-specific manner in that the user's unique biometric data is used as a part of the encryption key. In addition, the incorporation of the user's personal identification key PIK (which was derived from the passphrase selected by the user and which is known only to the center 20) minimizes the risk of successful interception of the communication.
Encrypted device reference data
This comprises device specific data (e.g. a page of text or images) which is programmed into the device 14 at the time of registration and which is known to the center 20. While this reference data may be changed from time to time, in the preferred embodiment it remains the same for the course of a given secure communication. The key used to encrypt the device reference data is derived from a combination of the biometric data of the user and the device-specific key KM.
Algorithm
The algorithm used to encrypt the packets changes or rotates throughout the transmission as algorithm- 1, algorithm-2 ... algorithm-n. In the preferred embodiment the number of packets which have been transmitted determines each transition from one algorithm to the next. In Fig. 9 the sequence of successive packets and the algorithms used to encrypt their components is shown in the horizontal dimension.
The algorithms and their sequence are included as part of the broadcast referred to above. Depending on the time at which a secure communication is enabled, a certain one of the broadcast algorithms will be used as the starting algorithm for the encryption of the secure mode communication. Successive algorithms may follow the sequence dictated by the broadcast.
Packet organization
The above identified components of a transmission packet, namely the encrypted biometric data, the encrypted transaction or communication data and the encrypted device reference data, are arranged in a given packet in a varying sequence. The sequence of types of data in a given packet is illustrated in the vertical dimension in Fig. 9. The sequence is a varying one which changes each time the algorithm changes (but which may change for any given algorithm as well).
The specific arrangements of types of data for each packet and/or for each algorithm are communicated to device 14 by the broadcast. Thus Aτ is used to govern the arrangements. The key used for this purpose is the user specific key, PIK. Thus is will be appreciated that the invention provides a highly encrypted communication which is a function of keys derived from the following sources:
• The biometric traits of the specific user
• The device itself (AM, KM)
• Arbitrary choice by the user (the PIK)
• The center (the device reference data)
The system according to the invention also provides device independence for a user. Although each device used is enabled for use with the system, a registered user may choose any enabled device to complete a transaction or communication. Such device independence gives the user flexibility in effecting secure transactions, and allows the system to track activity by a specific user, for example for billing purposes.
It will be appreciated that although the preferred embodiment of the invention has been described in relation to an electronic commerce transaction, the encryption method and apparatus may equally be applied to any communication, whether it is of a financial nature or not.
It will also be appreciated by those skilled in the art that while the preferred embodiment of the invention has been described in detail, variations to the preferred embodiment may be practised without thereby departing from the scope of the invention, which scope is reflected in the principles of operation and structure reflected in the foregoing disclosure and in the following claims.

Claims

1. A method of authenticating the identity of a user of a communication device comprising the steps of:
determining the alleged identity of said user;
collecting biometric data from the user;
encrypting said biometric data;
delivering said encrypted biometric data to a communication device;
transmitting said encrypted biometric data to an authentication center; and,
comparing the biometric data to recorded biometric data for the user.
2. A method as in claim 1 wherein at least two types of biometric data are collected from the user.
3. A method as in claim 2 wherein one of said types comprises pulse data.
4. A method for authenticating the identity of a user of a communication device comprising the steps of:
providing apparatus having memory means, a biometric input sensor, an encryption engine and a communication interface for communicating information to said communication device; operatively connecting said apparatus to said communication device by means of said interface;
requiring said user to input biometric data into said biometric input sensor;
using said apparatus to encrypt said biometric data; and,
using said communication device to dispatch said encrypted biometric data to an authentication center.
5. A method for authenticating the identity of a user of a communication device comprising the steps of:
providing apparatus having memory means, a biometric input sensor, an encryption engine and a communication interface for communicating information to said communication device, said apparatus being operatively connecting to said communication device by means of said interface;
requiring said user to input biometric data into said biometric input sensor;
using said apparatus to encrypt said biometric data; and,
using said communication device to dispatch said encrypted biometric data to an authentication center.
6. A method as in claim 5 further comprising the step of enabling said apparatus for biometric encryption through said authentication center.
7. A method as in claim 6 wherein said enabling step comprises further comprising the step of recording in said memory means encryption parameters supplied by said authentication center.
8. A method as in claim 7 wherein said encryption parameters are specific to said apparatus.
9. A method as in claim 8 wherein said encryption parameters comprise an encryption key and an encryption algorithm specific to said apparatus.
10. A method as in claim 7 or 8 wherein said encryption parameters comprise reference data unique to said apparatus.
11. A method as in claim 5 or 9 further comprising the step of downloading a plurality of encryption keys and encryption algorithms from said authentication center to said memory means.
12. A method of encrypting a communication session comprising the steps of:
performing the steps of claim 9;
downloading a plurality of encryption keys and encryption algorithms from said authentication center to said memory means;
receiving a message from said authentication center confirming the identity of said user; and,
encrypting the balance of the communication session using at least one of said downloaded encryption algorithms.
13. A method as in claim 12 wherein said step of encrypting the balance of said communication session comprises using encryption keys which include at least one encryption key derived from said biometric data.
14. A method as in claim 12 wherein said step of encrypting the balance of said communication session comprises using a plurality of said downloaded encryption algorithms in succession.
15. A method as in claim 12 further comprising the step of using said biometric data in the encryption process.
16. A method as in claim 15 wherein the step of encrypting the balance of said communication session comprises using at least one encryption key derived from said biometric data and at least one key not derived from said biometric data.
17. A method as in claim 16 wherein the biometrically derived key and said key not derived from biometric data are sequentially used in the encryption process and said sequence is varied throughout the communication session.
18. A method for authenticating the identity of users of communication devices comprising:
recording the identity and biometric data of a plurality of users in a database;
configuring a plurality of apparatus for encrypting biometric data and for providing such encrypted biometric data for transmission by a communication device; receiving a communication from a communication device associated with one of said plurality of apparatus, said communication comprising encrypted biometric data of a user of said communication device;
decrypting said communication and authenticating the identity of the user; and,
transmitting the results of said step of authenticating.
19. A method as in claim 18 wherein said step of transmitting the results comprises transmitting the results to a third party.
20. A method as in claim 18 wherein said step of configuring comprises assigning to said apparatus device-specific encryption parameters.
21. A method as in claim 20 wherein said device-specific encryption parameters include an encryption key and an encryption algorithm.
22. A method as in claim 21 wherein said parameters further include device-specific reference data.
23. A method as in claim 22 further comprising the step of from time to time downloading to said plurality of apparatus at least one encryption algorithm.
24. A method as in claim 23 wherein a plurality of encryption algorithms are downloaded from time to time.
25. A method as in claim 24 further comprising the step of: once the identity of said user has been authenticated, selecting at least one of said downloaded encryption algorithms to be used in decrypting the balance of the communication session.
26. A method as in claim 25 wherein a plurality of said downloaded encryption algorithms are used in decrypting the balance of the communication session.
27. A method as in claim 25 further comprising the step of transmitting to said apparatus an encryption key derived from information previously provided to said authentication center by said user.
28. A method of establishing an encrypted communication with a user whose identity has been authenticated, comprising the steps of:
authenticating the identity of the user using the user's biometric data by transmitting said biometric data to an authentication center, said biometric data being encrypted according to a first encryption algorithm;
once said identity has been authenticated, encrypting said communication according to at least one second encryption algorithm which is different from said first encryption algorithm.
29. A method as in claim 28 wherein the user's biometric data is used to generate the encryption key to be used in connection with said second encryption algorithm.
30. A method as in claim 28 wherein said at least one second encryption algorithm comprises a plurality of algorithms each of which is used at different stages of the communication session.
31. A method as in claim 30 wherein the user's biometric data is used to generate the encryption key to be used in connection with said second encryption algorithm.
32. A method as in claim 29 wherein said encrypted communication comprises generating data packets having a plurality of components, one of said components comprising session information supplied by said user (such as financial transaction data or spoken messages), the other of said components not comprising such session information.
33. A method as in claim 32 wherein said components of said data packets are given varying relative positions in the course of the communication session.
34. A method as in claim 32 wherein said other components comprise biometric data.
35. A method as in claim 32 wherein said other components comprise reference data specific to a device being used to conduct said encryption.
36. A method as in claim 32 wherein each of said components is encrypted using a different encryption algorithm and a different encryption key.
37. A method as in claim 30 wherein successive algorithms to be used at said different stages have previously been transmitted from said authentication center and have been stored in memory means.
38. A method as in claim 37 wherein said second encryption algorithm is retrieved from said memory means and is selected from a plurality of algorithms in said memory means according to the time said second encryption is undertaken.
39. A method as in claim 28 further comprising the step of transmitting, to apparatus being used by said user to encrypt the user end of said communication, an encryption key derived from information previously provided by said user to said authentication center, and using said encryption key in subsequent decryption of said communication.
40. A method of encrypting a communication from a user using an encryption algorithm and an encryption key comprising the steps of:
collecting from said user biometric data which uniquely identifies said user; and,
using said biometric data as a component of said encryption key.
41. Apparatus for enabling the authentication of the user of a communication device and for encrypting a communication session comprising:
memory means for storing encryption keys and algorithms;
at least one biometric input sensor means;
an encryption engine;
a user interface; and,
processing means.
42. Apparatus as in claim 41 further comprising means for managing communications between said apparatus and a communication device.
43. Apparatus as in claim 42 wherein said user interface is incorporated into said biometric input sensor.
44. Apparatus as in claim 41 wherein said biometric input sensor means are adapted to collect data regarding at least two biometric traits.
45. Apparatus as in claim 44 wherein said biometric traits include fingerprint, voice print and pulse data.
46. Apparatus as in claim 41 or 42 further comprising a clock for determining current time.
47. Apparatus as in claim 41 or 42 wherein at least one device-specific encryption key and at least one device-specific encryption algorithm are recorded in said memory means.
48. A method of encrypting a communication session comprising the steps of:
authenticating the identity of a participant in the communication session by verifying the participant's biometric data;
previously downloading a plurality of encryption keys and encryption algorithms from said an authentication center to memory means in apparatus used to encrypt the participant's end of the communication;
encrypting the balance of the communication session using at least one of said downloaded encryption algorithms.
49. A method as in claim 48 wherein said step of encrypting the balance of said communication session comprises using encryption keys which include at least one encryption key derived from said biometric data.
50. A method as in claim 48 wherein said step of encrypting the balance of said communication session comprises using a plurality of said downloaded encryption algorithms in succession.
51. A method as in claim 48 further comprising the step of using said biometric data in the encryption process.
52. A method as in claim 51 wherein the step of encrypting the balance of said communication session comprises using at least one encryption key derived from said biometric data and at least one key not derived from said biometric data.
53. A method as in claim 52 wherein the biometrically derived key and said key not derived from biometric data are sequentially used in the encryption process and said sequence is varied throughout the communication session.
54.. A method of encrypting a communication session following authentication of the identity of a participant in said communication, said encryption using a plurality of encryption keys which collectively are a function all of the following:
the biometric traits of said participant;
a key specific to the apparatus used to encrypt the participant's end of the communication;
information provided by said participant; and,
reference data specific to the apparatus and assigned by an authentication center.
55. A method of encrypting a communication session following authentication of the identity of a participant in said communication, comprising the step of generating a plurality of data packets comprising at least two of the following components in each data packet:
encrypted biometric data;
encrypted transaction or communication data;
encrypted device reference data;
continuity check information.
56. A method as in claim 55 wherein the arrangement of said components in said data packets varies throughout the communication session
PCT/CA1999/001164 1999-12-09 1999-12-09 Method and apparatus for secure e-commerce transactions WO2001043338A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU15417/00A AU1541700A (en) 1999-12-09 1999-12-09 Method and apparatus for secure e-commerce transactions
PCT/CA1999/001164 WO2001043338A1 (en) 1999-12-09 1999-12-09 Method and apparatus for secure e-commerce transactions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA1999/001164 WO2001043338A1 (en) 1999-12-09 1999-12-09 Method and apparatus for secure e-commerce transactions

Publications (1)

Publication Number Publication Date
WO2001043338A1 true WO2001043338A1 (en) 2001-06-14

Family

ID=4173402

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA1999/001164 WO2001043338A1 (en) 1999-12-09 1999-12-09 Method and apparatus for secure e-commerce transactions

Country Status (2)

Country Link
AU (1) AU1541700A (en)
WO (1) WO2001043338A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1672553A1 (en) * 2004-12-16 2006-06-21 Xerox Corporation Method of authentication of memory device and device therefor
US7171680B2 (en) * 2002-07-29 2007-01-30 Idesia Ltd. Method and apparatus for electro-biometric identity recognition
WO2008117190A1 (en) * 2007-03-23 2008-10-02 Ipico South Africa (Proprietary) Limited Communicating information from electronic tags
US7725733B2 (en) * 2004-10-08 2010-05-25 Fujitsu Limited Biometrics authentication method and biometrics authentication device
US7861092B2 (en) 2004-05-10 2010-12-28 Koninklijke Philips Electronics N.V. Personal communication apparatus capable of recording transactions secured with biometric data
EP3190543A1 (en) * 2015-01-07 2017-07-12 eMemory Technology Inc. Method of dynamically encrypting fingerprint data and related fingerprint sensor
US10621584B2 (en) 2016-03-16 2020-04-14 Clover Network, Inc. Network of biometrically secure devices with enhanced privacy protection
US10831923B2 (en) 2018-06-08 2020-11-10 The Toronto-Dominion Bank System, device and method for enforcing privacy during a communication session with a voice assistant
US10839811B2 (en) 2018-06-08 2020-11-17 The Toronto-Dominion Bank System, device and method for enforcing privacy during a communication session with a voice assistant
US10978063B2 (en) 2018-09-27 2021-04-13 The Toronto-Dominion Bank Systems, devices and methods for delivering audible alerts
US11023200B2 (en) 2018-09-27 2021-06-01 The Toronto-Dominion Bank Systems, devices and methods for delivering audible alerts
US11240666B2 (en) 2017-04-27 2022-02-01 Huawei Technologies Co., Ltd. Authentication method for accessing network, authentication device, and user device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4243908A1 (en) * 1992-12-23 1994-06-30 Gao Ges Automation Org Digital signature signal generation
DE4420970A1 (en) * 1994-06-16 1995-12-21 Esd Vermoegensverwaltungsgesel Decryption device for decryption algorithms and method for performing the encryption and decryption thereof
WO1997025800A1 (en) * 1996-01-08 1997-07-17 Mytec Technologies Inc. Method for secure data transmission between remote stations
WO1997045979A2 (en) * 1996-05-17 1997-12-04 Visa International Service Association Method and apparatus for initialization of cryptographic terminal
US5719950A (en) * 1994-03-24 1998-02-17 Minnesota Mining And Manufacturing Company Biometric, personal authentication system
EP0876026A2 (en) * 1997-04-30 1998-11-04 Motorola, Inc. Programmable crypto processing system and method
US5930804A (en) * 1997-06-09 1999-07-27 Philips Electronics North America Corporation Web-based biometric authentication system and method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4243908A1 (en) * 1992-12-23 1994-06-30 Gao Ges Automation Org Digital signature signal generation
US5719950A (en) * 1994-03-24 1998-02-17 Minnesota Mining And Manufacturing Company Biometric, personal authentication system
DE4420970A1 (en) * 1994-06-16 1995-12-21 Esd Vermoegensverwaltungsgesel Decryption device for decryption algorithms and method for performing the encryption and decryption thereof
WO1997025800A1 (en) * 1996-01-08 1997-07-17 Mytec Technologies Inc. Method for secure data transmission between remote stations
WO1997045979A2 (en) * 1996-05-17 1997-12-04 Visa International Service Association Method and apparatus for initialization of cryptographic terminal
EP0876026A2 (en) * 1997-04-30 1998-11-04 Motorola, Inc. Programmable crypto processing system and method
US5930804A (en) * 1997-06-09 1999-07-27 Philips Electronics North America Corporation Web-based biometric authentication system and method

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7171680B2 (en) * 2002-07-29 2007-01-30 Idesia Ltd. Method and apparatus for electro-biometric identity recognition
US7861092B2 (en) 2004-05-10 2010-12-28 Koninklijke Philips Electronics N.V. Personal communication apparatus capable of recording transactions secured with biometric data
US7725733B2 (en) * 2004-10-08 2010-05-25 Fujitsu Limited Biometrics authentication method and biometrics authentication device
EP1672553A1 (en) * 2004-12-16 2006-06-21 Xerox Corporation Method of authentication of memory device and device therefor
US7401222B2 (en) 2004-12-16 2008-07-15 Xerox Corporation Method of authentication of memory device and device therefor
WO2008117190A1 (en) * 2007-03-23 2008-10-02 Ipico South Africa (Proprietary) Limited Communicating information from electronic tags
EP3190543A1 (en) * 2015-01-07 2017-07-12 eMemory Technology Inc. Method of dynamically encrypting fingerprint data and related fingerprint sensor
CN106953724A (en) * 2015-01-07 2017-07-14 力旺电子股份有限公司 The method of dynamic encryption formula fingerprint sensor and dynamic encryption finger print data
US10621584B2 (en) 2016-03-16 2020-04-14 Clover Network, Inc. Network of biometrically secure devices with enhanced privacy protection
US11240666B2 (en) 2017-04-27 2022-02-01 Huawei Technologies Co., Ltd. Authentication method for accessing network, authentication device, and user device
EP3595258B1 (en) * 2017-04-27 2022-05-11 Huawei Technologies Co., Ltd. Authentication method for realising access network, authentication device and user equipment
US10831923B2 (en) 2018-06-08 2020-11-10 The Toronto-Dominion Bank System, device and method for enforcing privacy during a communication session with a voice assistant
US10839811B2 (en) 2018-06-08 2020-11-17 The Toronto-Dominion Bank System, device and method for enforcing privacy during a communication session with a voice assistant
US11508382B2 (en) 2018-06-08 2022-11-22 The Toronto-Dominion Bank System, device and method for enforcing privacy during a communication session with a voice assistant
US11651100B2 (en) 2018-06-08 2023-05-16 The Toronto-Dominion Bank System, device and method for enforcing privacy during a communication session with a voice assistant
US10978063B2 (en) 2018-09-27 2021-04-13 The Toronto-Dominion Bank Systems, devices and methods for delivering audible alerts
US11023200B2 (en) 2018-09-27 2021-06-01 The Toronto-Dominion Bank Systems, devices and methods for delivering audible alerts
US11935528B2 (en) 2018-09-27 2024-03-19 The Toronto-Dominion Bank Systems, devices and methods for delivering audible alerts

Also Published As

Publication number Publication date
AU1541700A (en) 2001-06-18

Similar Documents

Publication Publication Date Title
AU732576C (en) Conditional access system for set-top boxes
US7363494B2 (en) Method and apparatus for performing enhanced time-based authentication
US7188362B2 (en) System and method of user and data verification
EP1349034B1 (en) Service providing system in which services are provided from service provider apparatus to service user apparatus via network
US7366904B2 (en) Method for modifying validity of a certificate using biometric information in public key infrastructure-based authentication system
US20140344160A1 (en) Universal Authentication Token
CN101517562A (en) Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded
US20030140235A1 (en) Method for biometric encryption of email
US20060256961A1 (en) System and method for authentication seed distribution
US20040172536A1 (en) Method for authentication between a portable telecommunication object and a public access terminal
JPWO2007094165A1 (en) Identification system and program, and identification method
GB2317983A (en) Authenticating user
WO2005011192A1 (en) Authentication system based on address, device thereof, and program
JP2001325549A (en) Biometric personal identification service providing system
JP2009510644A (en) Method and configuration for secure authentication
JP2002026899A (en) Verification system for ad hoc wireless communication
IL137099A (en) Method for carrying out secure digital signature and a system therefor
JP2008526078A (en) Method and apparatus for key generation and authentication approval
JP3362780B2 (en) Authentication method in communication system, center device, recording medium storing authentication program
WO2014141263A1 (en) Asymmetric otp authentication system
JPH118619A (en) Electronic certificate publication method and system therefor
WO2001043338A1 (en) Method and apparatus for secure e-commerce transactions
JP4426030B2 (en) Authentication apparatus and method using biometric information
JP2001318897A (en) User authentication method, network system to be used for the method, and recording medium recorded with its control program
JP2003338816A (en) Service providing system for verifying personal information

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref country code: AU

Ref document number: 2000 15417

Kind code of ref document: A

Format of ref document f/p: F

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase