EP1036372A1 - A remotely accessible private space using a fingerprint - Google Patents
A remotely accessible private space using a fingerprintInfo
- Publication number
- EP1036372A1 EP1036372A1 EP98965955A EP98965955A EP1036372A1 EP 1036372 A1 EP1036372 A1 EP 1036372A1 EP 98965955 A EP98965955 A EP 98965955A EP 98965955 A EP98965955 A EP 98965955A EP 1036372 A1 EP1036372 A1 EP 1036372A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- user
- fingerprint
- private space
- private
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Definitions
- the present invention relates to biometrics, and more specifically, to accessing remote networks using biometric verification of identity.
- a virtual private network is constructed by using public wires, such as the Internet, to connect nodes.
- These systems use encryption to ensure that only authorized users can access the network and that the data cannot be intercepted. However, encryption is only as safe as the storage of the keys.
- a private space is set up in a remote system accessible through a network.
- a user identification based on the user's fingerprint is associated with the private space.
- Fingerprint information is received from the user to access the space, and compared to the user identification stored in the remote system.
- the private space is only accessible if the fingerprint information matches the user identification.
- FIG. 1 is an illustration of the network on which the present invention may be implemented.
- Figure 2 illustrates the remote system including the private area that may be accessed.
- Figure 3 illustrates the local system that is used to access the private area.
- Figure 4 is a flowchart illustrating the process of creating the private space.
- Figure 5 is a flowchart illustrating the process of logging into the private space.
- Figure 6 is a flowchart illustrating another embodiment of the registration process.
- Figure 7 is a flowchart illustrating another embodiment of the process of logging into a private space.
- Figure 1 illustrates a network in which the present invention may be utilized.
- Sensor 130 is coupled to local system 120.
- Local system 120 is enabled to connect to a network 130, which couples a plurality of systems 140, 150, 160 together.
- the network 130 is the Internet.
- a remote system 140 contains the private area that the local system 120 is trying to connect to. Other systems 150, 160 may be accessed through the network as well. Because the network 130 is not secure, the security mechanism described below is used to restrict access to the private area.
- Figure 2 illustrates the remote system including the private area that may be accessed.
- the remote system 140 includes a system area 210, which may store the operating system, various application programs, and other files.
- the remote system 140 further includes a network access unit 220.
- the remote system 140 has a semi-permanent network connection, such as Ethernet, ISDN, Tl, or similar connection.
- the remote system 140 may be connected to the network 130 via a modem.
- the remote system 140 further may include a fingerprint recognition unit 230.
- the fingerprint recognition unit matches a template stored within the remote system 140 to a fingerprint received from a user.
- the matching may use any matching algorithm known in the art.
- no fingerprint recognition unit is included in the remote system 140.
- the remote system may further include an encryption unit 240.
- the encryption unit 240 encrypts and decrypts using public and private keys.
- the encryption unit 240 retrieves a public key stored with the user data 260, in order to verify the identity of the user by decrypting a file encrypted with the user's private key.
- the encryption unit further includes the private and public keys of the remote system 140.
- the remote system further includes an access control unit 250.
- the access control unit 250 controls access to the user data 260.
- the access control unit 250 receives indication from the fingerprint recognition unit 230 whether the template matched the fingerprint sent by the user.
- the identity verification unit 250 receives indication from the encryption unit 240 whether the public key decrypted the file sent by the user encrypted with the user's fingerprint based private key.
- the access control unit 250 only permits access to the user data 260 when a match was found.
- the user data 260 may be actual data, various application programs, or anything that the user may have access to.
- the user data 260 may include the operating system of the computer. That is, the user may remotely adjust the operation of the remote system 140.
- multiple users may have private areas within the same user data block 260. Each user is permitted access only to his or her private area.
- FIG. 3 illustrates the local system that is used to access the private area.
- the local system 110 includes a system area 310, which may store the operating system, various application programs, and other files.
- the local system 110 further includes a network access unit 320.
- the network access unit 320 provides a network connection such as Ethernet, ISDN, Tl, etc.
- the network access unit 320 may provide a network connection via a modem.
- the local system 110 may further include a scanner interface 330.
- the scanner 120 is coupled to the local system 110.
- the scanner interface 330 receives a digitized fingerprint image from the scanner.
- the scanner interface 330 may further extract a template from the digitized fingerprint image.
- the local system may further include an encryption unit 340.
- the encryption unit 340 encrypts and decrypts using public and private keys.
- the encryption unit generates the private and public keys of the user from the fingerprint data received by the scanner interface 330.
- the encryption unit 340 generates a fingerprint template from the fingerprint data received by the scanner interface 330. This fingerprint template is sent to the remote system 140.
- Figure 4 is a flowchart illustrating the process of creating the private space.
- the remote access system is set up. For one embodiment, this includes adding server software to the remote system.
- the remote system receives a fingerprint template from the user.
- the remote system receives an actual digital image of the fingerprint.
- the remote system receives a template including extracted features of the fingerprint.
- the remote system receives other data representing various characteristics of the fingerprint.
- This fingerprint template is received either locally, or remotely with validation.
- the user may set up the private space locally, for remote access.
- validation may be a digital certificate, or an encryption verification method. Since the private space at this point does not contain any data, the security of this step is not vital.
- private space is allocated to the user.
- actual space is allocated to the user.
- flexible allocation may be made, permitting the user to store varied amounts of data, and reallocating space as needed. However, this establishes an area for the user's data.
- the fingerprint template is stored within the remote system to control access to the private space.
- the template is stored in the access control unit 250 of the remote system.
- the access control unit 250 is enabled, and access to the private space is routed through the access control unit 250. At this point, the user needs to be validated in order to access the private space.
- Figure 5 is a flowchart illustrating the process of logging into the private space
- the remote system receives an access request.
- the user may request access by entering the remote system's IP address into a web browser.
- the remote system responds with a request for validation.
- the request for validation may specifically request a fingerprint.
- the user now has to place his or her finger on the fingerprint scanner 120 attached to the user's local system. This fingerprint information is transmitted to the remote system.
- the fingerprint information is received by the remote system.
- the fingerprint information is a digital image of the fingerprint.
- the fingerprint information may be a list of extracted features of the fingerprint, or other data. Some of the processing for creating this information may occur in the user's local system.
- the fingerprint information is compared with the fingerprint template associated with the private space. For one embodiment, if there are multiple private spaces within the remote system, the user requests his or her own private space by entering a handle or name. For another embodiment, the user merely attempts to access the remote system, and the matching is to all fingerprint templates within the remote system.
- the fingerprint recognition unit 230 of the remote system manipulates the data of the fingerprint image and the fingerprint template to be in the same format. If the information does not match the template, the process continues to block 560, and the user is denied access to the private space. If the information matches the template, the process continues to block 570, and the user is allowed access to the private space. For one embodiment, after the user is allowed access, a one-time session key is exchanged with the user for further verification during the access period. For another embodiment, the remote system periodically challenges the user's local system for re-verification.
- Figure 6 illustrates another embodiment of the registration process.
- the remote access system is set up.
- the remote system receives a digital certificate of the user.
- Digital certificates are known in the art. They are used to verify the identity of a user.
- the digital certificate includes the public key of the user. This public key is generated based on the fingerprint of the user.
- the public key of the user is extracted from the digital certificate. For one embodiment, this involves decrypting the digital certificate with the certifying authority's public key.
- the public key of the user is verified. For one embodiment, this is done by receiving a file encrypted with the private key that corresponds to the public key of the user. Decrypting this file with the user's public key verifies that the user is in fact associated with the public key included in the digital certificate. Because the private key is generated based on an actual fingerprint image of the user, the user's identity is also verified.
- the user's public key is stored in the system. And at block 660, space is allocated for the user.
- Figure 7 is a flowchart illustrating the process of logging into the private space.
- the remote system receives a request for access to the private space.
- the remote system sends a request for a file encrypted the user's private key.
- the private key is fingerprint based, and therefore also verifies that the actual user associated with the private key is sitting in front of the computer system.
- the remote system receives the file encrypted with the fingerprint based private key.
- the remote system retrieves the public key associated with the user, and attempts to decrypt the file sent by the user.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Human Computer Interaction (AREA)
- Bioinformatics & Computational Biology (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Collating Specific Patterns (AREA)
Abstract
A method and apparatus for remote access to a private space (140) is provided. A private space (140) is set up in a remote system (140) accessible through a network (130). A user identification based on the user's fingerprint is associated with the private space. Fingerprint information is received from the user (420) to access the space, and compared to the user identification stored in the remote system (440). The private space is only accessible if the fingerprint information matches the user identification (450).
Description
A REMOTELY ACCESSIBLE PRIVATE SPACE USING A FINGERPRINT
FIELD OF THE INVENTION
The present invention relates to biometrics, and more specifically, to accessing remote networks using biometric verification of identity.
BACKGROUND OF THE INVENTION
Remote access to networks is becoming more common as employees telecommute, travelers wish to access a home network, and users generally wish to access a non-local hard drive. One prior art method of accessing a remote hard drive is using a virtual private network. A virtual private network is constructed by using public wires, such as the Internet, to connect nodes. These systems use encryption to ensure that only authorized users can access the network and that the data cannot be intercepted. However, encryption is only as safe as the storage of the keys.
Existing password and cryptographic techniques ensure that the set of digital identification keys associated with an individual person can safely carry on electronic transactions and information exchanges. Little, however, has been done to ensure that such identification keys can only be used by their legitimate owners. This is a critical link that needs to be made secure if remote computer access is to become truly secure.
BRIEF SUMMARY OF THE INVENTION
The method and apparatus for remote access to a private space is provided. A private space is set up in a remote system accessible through a network. A user identification based on the user's fingerprint is associated with the private space. Fingerprint information is received from the user to access the space, and compared to the user identification
stored in the remote system. The private space is only accessible if the fingerprint information matches the user identification.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention is illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
Figure 1 is an illustration of the network on which the present invention may be implemented.
Figure 2 illustrates the remote system including the private area that may be accessed.
Figure 3 illustrates the local system that is used to access the private area.
Figure 4 is a flowchart illustrating the process of creating the private space.
Figure 5 is a flowchart illustrating the process of logging into the private space.
Figure 6 is a flowchart illustrating another embodiment of the registration process.
Figure 7 is a flowchart illustrating another embodiment of the process of logging into a private space.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
A method and apparatus for remote access to a private space is described. In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and
devices are shown in block diagram form in order to avoid unnecessarily obscuring the present invention.
Figure 1 illustrates a network in which the present invention may be utilized. Sensor 130 is coupled to local system 120. Local system 120 is enabled to connect to a network 130, which couples a plurality of systems 140, 150, 160 together. For one embodiment, the network 130 is the Internet.
A remote system 140 contains the private area that the local system 120 is trying to connect to. Other systems 150, 160 may be accessed through the network as well. Because the network 130 is not secure, the security mechanism described below is used to restrict access to the private area.
Figure 2 illustrates the remote system including the private area that may be accessed. The remote system 140 includes a system area 210, which may store the operating system, various application programs, and other files. The remote system 140 further includes a network access unit 220. For one embodiment, the remote system 140 has a semi-permanent network connection, such as Ethernet, ISDN, Tl, or similar connection. Alternatively, the remote system 140 may be connected to the network 130 via a modem.
The remote system 140 further may include a fingerprint recognition unit 230. The fingerprint recognition unit matches a template stored within the remote system 140 to a fingerprint received from a user. The matching may use any matching algorithm known in the art. For an alternate embodiment, no fingerprint recognition unit is included in the remote system 140.
The remote system may further include an encryption unit 240. The encryption unit 240 encrypts and decrypts using public and private
keys. For one embodiment, the encryption unit 240 retrieves a public key stored with the user data 260, in order to verify the identity of the user by decrypting a file encrypted with the user's private key. For another embodiment, the encryption unit further includes the private and public keys of the remote system 140.
The remote system further includes an access control unit 250. The access control unit 250 controls access to the user data 260. For one embodiment, the access control unit 250 receives indication from the fingerprint recognition unit 230 whether the template matched the fingerprint sent by the user. For another embodiment, the identity verification unit 250 receives indication from the encryption unit 240 whether the public key decrypted the file sent by the user encrypted with the user's fingerprint based private key. The access control unit 250 only permits access to the user data 260 when a match was found.
The user data 260 may be actual data, various application programs, or anything that the user may have access to. For one embodiment, the user data 260 may include the operating system of the computer. That is, the user may remotely adjust the operation of the remote system 140. For one embodiment, multiple users may have private areas within the same user data block 260. Each user is permitted access only to his or her private area.
Figure 3 illustrates the local system that is used to access the private area. The local system 110 includes a system area 310, which may store the operating system, various application programs, and other files. The local system 110 further includes a network access unit 320. For one embodiment, the network access unit 320 provides a network connection such as Ethernet, ISDN, Tl, etc. Alternatively, the network access unit 320 may provide a network connection via a modem.
The local system 110 may further include a scanner interface 330. The scanner 120 is coupled to the local system 110. The scanner interface 330 receives a digitized fingerprint image from the scanner. The scanner interface 330 may further extract a template from the digitized fingerprint image.
The local system may further include an encryption unit 340. The encryption unit 340 encrypts and decrypts using public and private keys. For one embodiment, the encryption unit generates the private and public keys of the user from the fingerprint data received by the scanner interface 330. For another embodiment, the encryption unit 340 generates a fingerprint template from the fingerprint data received by the scanner interface 330. This fingerprint template is sent to the remote system 140.
Figure 4 is a flowchart illustrating the process of creating the private space. At block 410, the remote access system is set up. For one embodiment, this includes adding server software to the remote system.
At block 420, the remote system receives a fingerprint template from the user. For one embodiment, the remote system receives an actual digital image of the fingerprint. For another embodiment, the remote system receives a template including extracted features of the fingerprint. For yet another embodiment, the remote system receives other data representing various characteristics of the fingerprint. This fingerprint template is received either locally, or remotely with validation. For one embodiment, the user may set up the private space locally, for remote access. For one embodiment, validation may be a digital certificate, or an encryption verification method. Since the private space at this point does not contain any data, the security of this step is not vital.
At block 430, private space is allocated to the user. For one embodiment, actual space is allocated to the user. For another
embodiment, flexible allocation may be made, permitting the user to store varied amounts of data, and reallocating space as needed. However, this establishes an area for the user's data.
At block 440, the fingerprint template is stored within the remote system to control access to the private space. For one embodiment, the template is stored in the access control unit 250 of the remote system.
At block 450, the access control unit 250 is enabled, and access to the private space is routed through the access control unit 250. At this point, the user needs to be validated in order to access the private space.
Figure 5 is a flowchart illustrating the process of logging into the private space At block 510, the remote system receives an access request. For one embodiment, the user may request access by entering the remote system's IP address into a web browser.
At block 520, the remote system responds with a request for validation. For one embodiment, the request for validation may specifically request a fingerprint. The user now has to place his or her finger on the fingerprint scanner 120 attached to the user's local system. This fingerprint information is transmitted to the remote system.
At block 530, the fingerprint information is received by the remote system. For one embodiment, the fingerprint information is a digital image of the fingerprint. Alternatively, the fingerprint information may be a list of extracted features of the fingerprint, or other data. Some of the processing for creating this information may occur in the user's local system.
At block 540, the fingerprint information is compared with the fingerprint template associated with the private space. For one embodiment, if there are multiple private spaces within the remote system, the user requests his or her own private space by entering a
handle or name. For another embodiment, the user merely attempts to access the remote system, and the matching is to all fingerprint templates within the remote system.
At block 550, it is determined whether the fingerprint information matches the fingerprint template. For one embodiment, the fingerprint recognition unit 230 of the remote system manipulates the data of the fingerprint image and the fingerprint template to be in the same format. If the information does not match the template, the process continues to block 560, and the user is denied access to the private space. If the information matches the template, the process continues to block 570, and the user is allowed access to the private space. For one embodiment, after the user is allowed access, a one-time session key is exchanged with the user for further verification during the access period. For another embodiment, the remote system periodically challenges the user's local system for re-verification.
Figure 6 illustrates another embodiment of the registration process. At block 610, the remote access system is set up.
At block 620, the remote system receives a digital certificate of the user. Digital certificates are known in the art. They are used to verify the identity of a user. The digital certificate includes the public key of the user. This public key is generated based on the fingerprint of the user. The concurrently filed application entitled "Cryptographic Key
Generation Using Biometric Data", Serial No. , filed November 14,
1997, which teaches a method of generating a cryptographic key based on a fingerprint, is incorporated herein by reference. Alternative methods of generating a cryptographic key based on the fingerprint of the user may be used.
At block 630, the public key of the user is extracted from the digital certificate. For one embodiment, this involves decrypting the digital certificate with the certifying authority's public key.
At block 640, the public key of the user is verified. For one embodiment, this is done by receiving a file encrypted with the private key that corresponds to the public key of the user. Decrypting this file with the user's public key verifies that the user is in fact associated with the public key included in the digital certificate. Because the private key is generated based on an actual fingerprint image of the user, the user's identity is also verified.
At block 650, the user's public key is stored in the system. And at block 660, space is allocated for the user.
Figure 7 is a flowchart illustrating the process of logging into the private space. At block 710, the remote system receives a request for access to the private space.
At block 720, the remote system sends a request for a file encrypted the user's private key. The private key is fingerprint based, and therefore also verifies that the actual user associated with the private key is sitting in front of the computer system.
At block 730, the remote system receives the file encrypted with the fingerprint based private key.
At block 740, the remote system retrieves the public key associated with the user, and attempts to decrypt the file sent by the user.
At block 750, it is determined whether the public key decrypts the file. If the public key decrypts the file, and therefore the user is the owner of the private space, the process continues to block 760, and the user is allowed access to the private space. If the public key does not decrypt the
file, the process continues to block 770, and the user is denied access to the private space.
In the foregoing specification, the invention has been described with reference to specific exemplary embodiments. It will, however, be evident that various modifications and changes may be made without departing from the broader spirit and scope of the invention as set forth in the claims. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.
Claims
1. A method comprising the steps of: setting up a private space in a system accessible through a network; storing a template of a fingerprint associated with the private space; requesting a fingerprint from a user to access the private space; and comparing the fingerprint to the template associated with the private space, and only allowing access to the private space if the fingerprint matches the template.
2. The method of claim 1, wherein said step of storing a template comprises: receiving a digital certificate from the user; and extracting the template of the fingerprint from the digital certificate.
3. The method of claim 2, further comprising: decrypting the digital certificate with a certifying authority's public key; extracting the user's public key from the digital certificate; verifying that the user is the owner of the certificate.
4. The method of claim 3, wherein said step of verifying that the user is the owner of the certificate comprises the steps of: receiving a file encrypted with the user's private key; decrypting the file with the user's public key extracted from the digital certificate.
5. A method comprising the steps of: setting up a private space associated with a user, the step of setting up the private space including the steps of: allocating the private space to the user; and storing an associated fingerprint template with the private space; requesting a fingerprint from the user to access the private space; permitting access to the private space only if the fingerprint of the user matches the fingerprint template associated with the private space.
6. A method comprising the step of setting up a private space associated with a user, the step of setting up the private space including the steps of: allocating the private space to the user; and storing a public key derived from a fingerprint of the user with the private space, the public key for identifying the user.
7. The method of claim 6, further comprising: receiving a digital certificate from the user; extracting the user's public key from the digital certificate.
8. The method of claim 7, further comprising verifying the ownership of the user's public key by: receiving a file encrypted with the user's private key derived from the user's fingerprint; and decrypting the file with the user's public key extracted from the digital certificate.
9. The method of claim 6 further comprising the step of accessing the private space, the step including the steps of: receiving a request for access to the private space; sending a request for a file encrypted with the fingerprint based private key that corresponds to the public key stored with the private space; receiving the file encrypted with the fingerprint based private key; and decrypting the file using the public key stored with the private space and associated with a user of the private space.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US97034197A | 1997-11-14 | 1997-11-14 | |
US970341 | 1997-11-14 | ||
PCT/US1998/023802 WO1999026188A1 (en) | 1997-11-14 | 1998-11-10 | A remotely accessible private space using a fingerprint |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1036372A1 true EP1036372A1 (en) | 2000-09-20 |
Family
ID=25516800
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP98965955A Withdrawn EP1036372A1 (en) | 1997-11-14 | 1998-11-10 | A remotely accessible private space using a fingerprint |
Country Status (6)
Country | Link |
---|---|
EP (1) | EP1036372A1 (en) |
JP (1) | JP2001523903A (en) |
KR (1) | KR20010052103A (en) |
CN (1) | CN1291313A (en) |
AU (1) | AU2196899A (en) |
WO (1) | WO1999026188A1 (en) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001216270A (en) * | 2000-01-31 | 2001-08-10 | Netmarks Inc | Authentication station, authentication system and authentication method |
US7698565B1 (en) | 2000-03-30 | 2010-04-13 | Digitalpersona, Inc. | Crypto-proxy server and method of using the same |
US7409543B1 (en) | 2000-03-30 | 2008-08-05 | Digitalpersona, Inc. | Method and apparatus for using a third party authentication server |
JP2001306524A (en) * | 2000-04-19 | 2001-11-02 | Nec Corp | System and method for sharing business terminal |
JP2002073568A (en) * | 2000-08-31 | 2002-03-12 | Sony Corp | System and method for personal identification and program supply medium |
JP4660900B2 (en) * | 2000-08-31 | 2011-03-30 | ソニー株式会社 | Personal authentication application data processing system, personal authentication application data processing method, information processing apparatus, and program providing medium |
JP4654498B2 (en) * | 2000-08-31 | 2011-03-23 | ソニー株式会社 | Personal authentication system, personal authentication method, information processing apparatus, and program providing medium |
JP4654497B2 (en) * | 2000-08-31 | 2011-03-23 | ソニー株式会社 | Personal authentication system, personal authentication method, information processing apparatus, and program providing medium |
KR100353731B1 (en) * | 2000-11-01 | 2002-09-28 | (주)니트 젠 | User authenticating system and method using one-time fingerprint template |
US7310734B2 (en) | 2001-02-01 | 2007-12-18 | 3M Innovative Properties Company | Method and system for securing a computer network and personal identification device used therein for controlling access to network components |
EP1417555A2 (en) | 2001-06-18 | 2004-05-12 | Daon Holdings Limited | An electronic data vault providing biometrically protected electronic signatures |
US7181627B2 (en) * | 2002-08-01 | 2007-02-20 | Freescale Semiconductor, Inc. | Biometric system for replacing password or pin terminals |
KR100772292B1 (en) * | 2003-09-22 | 2007-11-01 | 김형윤 | Sensors and systems for structural health monitoring |
JP4885853B2 (en) | 2004-06-25 | 2012-02-29 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Renewable and private biometrics |
FR2946209A1 (en) * | 2009-06-02 | 2010-12-03 | Alcatel Lucent | METHOD FOR PROTECTING A TELECOMMUNICATION NETWORK AND SECURE ROUTER USING SUCH A METHOD |
CN102799956A (en) * | 2011-05-23 | 2012-11-28 | 方良卫 | System for applying fingerprint analysis to talent seeking, job hunting, friend making, life planning and career planning |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE69332633T2 (en) * | 1992-07-20 | 2003-11-06 | Compaq Computer Corp | Procedure and system for discovering aliases based on certification |
US5497422A (en) * | 1993-09-30 | 1996-03-05 | Apple Computer, Inc. | Message protection mechanism and graphical user interface therefor |
US5541994A (en) * | 1994-09-07 | 1996-07-30 | Mytec Technologies Inc. | Fingerprint controlled public key cryptographic system |
US5613012A (en) * | 1994-11-28 | 1997-03-18 | Smarttouch, Llc. | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
-
1998
- 1998-11-10 WO PCT/US1998/023802 patent/WO1999026188A1/en not_active Application Discontinuation
- 1998-11-10 AU AU21968/99A patent/AU2196899A/en not_active Abandoned
- 1998-11-10 JP JP2000521477A patent/JP2001523903A/en active Pending
- 1998-11-10 KR KR1020007005234A patent/KR20010052103A/en not_active Application Discontinuation
- 1998-11-10 CN CN98812160A patent/CN1291313A/en active Pending
- 1998-11-10 EP EP98965955A patent/EP1036372A1/en not_active Withdrawn
Non-Patent Citations (1)
Title |
---|
See references of WO9926188A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO1999026188A1 (en) | 1999-05-27 |
KR20010052103A (en) | 2001-06-25 |
CN1291313A (en) | 2001-04-11 |
JP2001523903A (en) | 2001-11-27 |
AU2196899A (en) | 1999-06-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200228335A1 (en) | Authentication system for enhancing network security | |
US7698565B1 (en) | Crypto-proxy server and method of using the same | |
US7409543B1 (en) | Method and apparatus for using a third party authentication server | |
US9544297B2 (en) | Method for secured data processing | |
JP4460763B2 (en) | Encryption key generation method using biometric data | |
CA2341784C (en) | Method to deploy a pki transaction in a web browser | |
JP5470344B2 (en) | User authentication methods and related architectures based on the use of biometric identification technology | |
EP1244263A2 (en) | Access control method | |
EP1866873B1 (en) | Method, system, personal security device and computer program product for cryptographically secured biometric authentication | |
US20020178366A1 (en) | Method for performing on behalf of a registered user an operation on data stored on a publicly accessible data access server | |
US20050055552A1 (en) | Assurance system and assurance method | |
US7051209B1 (en) | System and method for creation and use of strong passwords | |
JP2012510655A (en) | Method, system, and computer program for authentication (secondary communication channel token-based client-server authentication with a primary authenticated communication channel) | |
JP2003337923A (en) | Method and system for data update | |
WO1999026188A1 (en) | A remotely accessible private space using a fingerprint | |
WO2002037403A1 (en) | User authenticating system and method using one-time fingerprint template | |
US20030115154A1 (en) | System and method for facilitating operator authentication | |
US20030076961A1 (en) | Method for issuing a certificate using biometric information in public key infrastructure-based authentication system | |
JPH11212922A (en) | Password management and recovery system | |
JPH05333775A (en) | User authentication system | |
JPH05298174A (en) | Remote file access system | |
JP4253167B2 (en) | Personal information access control method, terminal, system, and program | |
KR102070248B1 (en) | User authentication apparatus supporting secure storage of private key and operating method thereof | |
TWI606363B (en) | Key share system and method | |
KR100559152B1 (en) | Method and apparatus for maintaining the security of contents |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20000603 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): DE GB |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20020601 |