WO1997008868A1 - Method of secure communication using signature verification - Google Patents

Method of secure communication using signature verification Download PDF

Info

Publication number
WO1997008868A1
WO1997008868A1 PCT/US1996/013736 US9613736W WO9708868A1 WO 1997008868 A1 WO1997008868 A1 WO 1997008868A1 US 9613736 W US9613736 W US 9613736W WO 9708868 A1 WO9708868 A1 WO 9708868A1
Authority
WO
WIPO (PCT)
Prior art keywords
sender
receiver
key
message
server
Prior art date
Application number
PCT/US1996/013736
Other languages
French (fr)
Inventor
Chih Chan
Mohamed Ali Moussa
Original Assignee
Quintet, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Quintet, Inc. filed Critical Quintet, Inc.
Publication of WO1997008868A1 publication Critical patent/WO1997008868A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Definitions

  • One problem which has arisen in the art is the difficulty of easily and quickly authenticating the identities of users.
  • One known solution is to provide each user with a password or other key, and to require the user to enter that password for authentication.
  • this known method is subject to several drawbacks. First, the password may be forgotten or otherwise lost. This would require the user to obtain a new password or otherwise obtain authentication using another channel.
  • the first communication path 131 , the second communication path 132, and the third communication path 133 comprise communication paths in a network 130 such as a local area network (LAN), a wide area network (WAN), or a network of networks (an "intemet").
  • a network 130 such as a local area network (LAN), a wide area network (WAN), or a network of networks (an "intemet").
  • the first communication path 131, the second communication path 132, and the third communication path 133 comprise dynamically routed communication paths constructed using network media, routers, and other intermediate processors in an intemet
  • the first communication path 131, the second communication path 132, and the third communication path 133 may comprise telephone connections in a telephone network, coupled between telephones at the server 110, the sender 120, and the receiver 140.
  • methods shown in the Signature Verification Disclosures are adapted to provide one of three altemative results from the attempt to verify the test signature — (1) the test signature is considered to match the template signatures, (2) the test signature is considered to not match the template signatures, or (3) the result of the attempt to verify is considered ambiguous.
  • the server 110 and the sender 120 may conduct a supplemental attempt to authenticate the sending person, such as by requesting additional test signatures, by using other biometric data, by using memorized data such as a password, or by using physical authentication such as requiring pass key from the sending person.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)

Abstract

A method of and system for secure communication using signature verification. A message sender transmits to a trusted server a set of biometric data, such as representing the sender's handwritten signature, and a set of information about a message, such as a message identifier. The server verifies the sender's signature against a signature feature vector database, and provides the sender with a key for securely encoding the message. The sender encodes the message and transmits it to a message receiver. The receiver transmits to the server a second set of biometric data, such as representing the receiver's handwritten signature. The server verifies the receiver's signature against the signature feature vector database, and provides the receiver with the message identifier and a key for decoding the message. The biometric data represents a handwritten signature given contemporaneously by the sender or receiver, and is verified against a set of template signatures earlier given by the sender and receiver and recorded by the server, or may represent fingerprints, voiceprints, retinal images, other biometric data, or any arbitrary data which is particular to the sender or receiver and which the server is capable of verifying. The message comprises a single set of binary or text data, such as a file, or the message may comprise a stream of data and the method may be used for a virtual circuit to be created between the sender and receiver. The server may enhance the communication channel between the sender and the receiver, for example by transmitting signals to the sender representing whether the message was received.

Description

Title of the Invention
Method of Secure Communication Using Signature Verification
Background of the Invention
1. Field of the Invention
This invention relates to a method of secure communication using signature verification.
2. Description of Related Art
In some environments, communicating messages is brought with the risk that unauthorized persons may intercept the messages and read them, or may insert counterfeit messages into the message stream. Various methods have been proposed for communication in such environments; these various methods generally require message encryption and secure distribution of encryption keys.
In environments where communicating users are mobile, one problem which has arisen in the art is the difficulty of easily and quickly authenticating the identities of users. One known solution is to provide each user with a password or other key, and to require the user to enter that password for authentication. However, this known method is subject to several drawbacks. First, the password may be forgotten or otherwise lost. This would require the user to obtain a new password or otherwise obtain authentication using another channel.
Second, the password (or some transformation thereof) must be transmitted from the user's new position to some entity for authentication. This creates a point of attack for unauthorized persons to identify the password or its transformation and copy that information for their own use. Once a password has been compromised, it is easy for an unauthorized person to enter that password and obtain improper authentication.
Third, the password may simply be guessed by unauthorized persons, particularly those who are familiar with the user.
Accordingly, it would be advantageous to provide a system in which users may easily and quickly authenticate their identities and communicate with other users, and in which it is difficult for authentication means (1) to become lost, (2) to be copied by unauthorized persons, or (3) to be guessed by unauthorized persons. Summary of the Invention
The invention provides a method of and system for secure communication using signature verification. A message sender transmits to a trusted server a set of biometric data, such as representing the sender's handwritten signature, and a set of information about a message, such as a message identifier. The server verifies the sender's signature against a signature feature vector database, and provides the sender with a key for securely encoding the message. The sender encodes the message and transmits it to a message receiver. The receiver transmits to the server a second set of biometric data, such as representing the receiver's handwritten signature. The server verifies the receiver's signature against the signature feature vector database, and provides the receiver with the message identifier and a key for decoding the message.
In a preferred embodiment, the biometric data represents a handwritten signature given contemporaneously by the sender or receiver, and is verified against a set of template signatures earlier given by the sender and receiver and recorded by the server. However, in altemative embodiments, the biometric data may represent facial images, fingerprints, hand images or handprints, foot images or footprints, human genome data, retinal images, voiceprints, recorded spoken statements, or other biometric data, or any arbitrary data which is particular to the sender or receiver and which the server is capable of verifying.
In a preferred embodiment, the message comprises a single set of binary or text data, such as a file. However, in altemative embodiments, the message may comprise a stream of data and the method may be used for a virtual circuit to be created between the sender and receiver. In other altemative embodiments, the server may enhance the communication channel between the sender and the receiver, for example by transmitting signals to the sender representing whether the message was received, and if so, when.
Brief Description of the Drawings
Figure 1 shows a block diagram of a system for secure communication using signature verification.
Figure 2 shows a flow diagram of a method of secure communication using signature verification using an arrangement as shown in figure 1. Description of the Preferred Embodiment
In the following description, a preferred embodiment of the invention is described with regard to preferred process steps and data stmctures. However, those skilled in the art would recognize, after perusal of this application, that embodiments of the invention may be implemented using a set of general purpose computers operating under program control, and that modification of a set of general purpose computers to implement the process steps and data stmctures described herein would not require undue invention.
Secure Communication Using Signature Verification
Figure 1 shows a block diagram of a system for secure communication using signature verification.
A system 100 for secure communication comprises a server 110, a message sender 120, a first communication path 131 between the server 110 and the sender 120, a message receiver 140, a second communication path 132 between the server 110 and the receiver 140, and a third communication path 133 between the sender 120 and the receiver 140.
In a preferred embodiment, the first communication path 131 , the second communication path 132, and the third communication path 133 comprise communication paths in a network 130 such as a local area network (LAN), a wide area network (WAN), or a network of networks (an "intemet"). Preferably, the first communication path 131, the second communication path 132, and the third communication path 133 comprise dynamically routed communication paths constructed using network media, routers, and other intermediate processors in an intemet However, in altemative embodiments, the first communication path 131, the second communication path 132, and the third communication path 133 may comprise telephone connections in a telephone network, coupled between telephones at the server 110, the sender 120, and the receiver 140.
The server 110 comprises a database 111 of authentication information. The database 111 is preferably stored using a mass storage device such as magnetic disk, optical disk, or magnetic tape, but may altematively be stored using any technique which allows for storage and retrieval of biometric information.
In a preferred embodiment, the database 111 comprises a set of signature feature vectors 112 such as those described with a method of signature verification shown in the following disclosures: o Application Serial No.08/169,654, filed December 17, 1993, in the name of inventors
Ali Mohamed Moussa and Chih Chan, titled "Method for Automatic Signature Verification", assigned to the same assignee, and having attorney docket number ACS-001; and
o Application Serial No.08/483,942, filed June 7, 1995, in the name of inventors Ali Mohamed Moussa and Chih Chan, titled "Method for Automatic Signature Verification", assigned to the same assignee, and having attorney docket number ACS-002.
Each of these applications is hereby incorporated by reference as if fully set forth herein. There are collectively referred to herein as the Signature Verification Disclosures.
However, in altemative embodiments, the database 111 may comprise altemative sets of biometric data or other data for validating signatures from the sender 120 or the receiver 140. For example, such biometric data may comprise all or a selected part of, or an encoding of, a set of biometric information about a person, which biometric information may comprise a facial image, a fingerprint, a hand image or handprint, a foot image or footprint, a human genome or related genetic information, a retinal image, a voiceprint or other record of a spoken statement, or altematively any other biometric information which is substantially unique to a first selected individual and difficult to adapt to a second selected individual. Biometric information differs from memorized information such as a password. Authentication using biometric information differs from physical forms of authentication such as using a pass key.
The server 110 also comprises a processor 113 operating under software program control for performing the functions described herein, having memory for storing software programs and data, and having mass storage for storing all or part of the database 111.
The processor 113 includes a verifier 114 for operating on the database 111 and on signature feature vectors 112 received from the sender 120 or the receiver 140. In a preferred embodiment, the verifier 114 performs the method of signature verification shown in the Signature Verification Disclosures. However, in altemative embodiments, the verifier 114 may perform another method of signature verification or verification of other biometric data.
The sender 120 comprises a pen tablet 121 for receiving a signature from the sending person. In a preferred embodiment, the pen tablet 121 comprises one like that shown in the Signature Verification Disclosures.
The sender 120 also comprises a processor 122 coupled to the pen tablet 121, operating under software program control for performing the functions described herein, having memory for storing software programs and data, and for storing a signature feature vector 112 constructed for the sending person, and having mass storage for storing messages to be sent.
The receiver 140 comprises a pen tablet 141 for receiving a signature from the receiving person. In a preferred embodiment, the pen tablet 141 is similar to the pen tablet 121, and comprises one like that shown in the Signature Verification Disclosures.
The receiver 140 also comprises a processor 142 coupled to the pen tablet 141, operating under software program control for performing the functions described herein, having memory for storing software programs and data, and for storing a signature feature vector 112 constructed for the receiving person, and having mass storage for storing received messages.
The server 110, the sender 120, and the receiver 140 collectively perform the method shown herein.
Method Of Secure Communication
Figure 2 shows a flow diagram of a method of secure communication using signature verification using an arrangement as shown in figure 1.
At a flow point 200, the sender 120 desires to send a message to the receiver
140.
At a step 210, the sender 120 registers a set of signature feature vectors 112 for the sending person, using the first communication path 131 (between the server 110 and the sender 120). To perform this step 210, the sender 120 performs the step 211 through the step 213.
At a step 211, the sender 120 collects a set of template signatures from the sending person using the pen tablet 121.
At a step 212, the sender 120 forms a set of signature feature vectors 112 for the template signatures for the sending person, using the processor 122. The sender 120 preferably performs methods shown in the Signature Verification Disclosures.
At a step 213, the sender 120 transmits the set of signature feature vectors 112 for the template signatures for the sending person to the server 110, using the first communication path 131. In a preferred embodiment, it is not necessary that the first communication path 131 is secure against reading by unauthorized third parties, only that the first communication path 131 is secure against unauthorized third parties altering the set of signature feature vectors 112 without detection.
Once the signature feature vectors 112 for the template signatures for the sending person are registered at the server 110, the sending person may use the sender 120 to transmit a message. Although in a preferred embodiment, the signature feature vectors 112 for the template signatures for the sending person are transmitted from the sender 120 to the server 110, in altemative embodiments the sending person may deliver their signature feature vectors 112 by other means. For example, the sending person may altematively use a different physical device in place of the sender 120 for transmitting signature feature vectors 112 for their template signatures to the server 110, or may use the server 110 directly for entering their template signatures and forming signature feature vectors 112 therefor.
At a step 220, the sender 120 verifies a new signature from the sending person. To perform this step 220, the server 110 and sender 120 perform the step 221, the step 222, and the step 223.
At a step 221, the sender 120 collects a test signature from the sending person using the pen tablet 121.
At a step 222, the sender 120 forms a signature feature vector 112 for the test signature for the sending person. The sender 120 preferably performs methods shown in the Signature Verification Disclosures.
At a step 223, the server 110 receives the signature feature vector 112 for the test signature for the sending person, and attempts to verify that test signature against the set of signature feature vectors 112 template signature for the sending person, using the processor 113. The server 110 preferably performs methods shown in the Signature Verification Disclosures.
If the attempt to verify is successful (i.e., the test signature is considered to match the template signatures), the server 110 proceeds with the step 230. If the attempt to verify is unsuccessful (i.e., the test signature is considered to not match the template signatures), the server 110 transmits a message so indicating to the sender 120.
In a preferred embodiment, if the attempt to verify is unsuccessful, the server
110 and the sender 120 may conduct a set of reattempts to verify the sending person, such as by requesting an additional test signature and repeating the step 221, the step 222, and the step 223. Altematively, the server 110 and the sender 120 may attempt to verify the sending person by other means, such as by using other biometric data, by using memorized data such as a password, or by using physical authentication such as requiring pass key from the sending person.
In a preferred embodiment, methods shown in the Signature Verification Disclosures are adapted to provide one of three altemative results from the attempt to verify the test signature — (1) the test signature is considered to match the template signatures, (2) the test signature is considered to not match the template signatures, or (3) the result of the attempt to verify is considered ambiguous. In the event of the third altemative result, the server 110 and the sender 120 may conduct a supplemental attempt to authenticate the sending person, such as by requesting additional test signatures, by using other biometric data, by using memorized data such as a password, or by using physical authentication such as requiring pass key from the sending person.
At a step 230, the server 110 transmits to the sender 120 a key for encoding the message to be transmitted from the sender 120 to the receiver 140.
In a preferred embodiment, the key for encoding comprises a key for a symmetric encoding/decoding method such as the Data Encryption Standard (DES).
However, in altemative embodiments, the key for encoding may comprise a first key from a key pair used in a public key system.
At a step 240, the sender 120 encodes the message using the key for encoding, to generate an encoded message.
At a step 250, the sender 120 transmits the encoded message to the receiver 140 using the third communication path 133.
At a step 260, the receiver 140 registers a set of signature feature vectors 112 for the receiving person, using the second communication path 132 (between the server 110 and the receiver 140). To perform this step 260, the receiver 140 performs steps like the step 211 through the step 213. The receiver 140 collects a set of template signatures from the receiving person using the pen tablet 141. The receiver 140 forms a set of signature feature vectors 112 for the template signatures for the sending person, using the processor 142. The receiver 140 transmits the set of signature feature vectors 112 for the template signatures for the receiving person to the server 110, using the second communication path 132.
As was the case for the sending person, once the signature feature vectors 112 for the template signatures for the receiving person are registered at the server 110, the receiving person may use the receiver 140 to receive a message. Although in a preferred embodiment, the signature feature vectors 112 for the template signatures for the receiving person are transmitted from the receiver 140 to the server 110, in altemative embodiments the receiving person may deliver their signature feature vectors 112 by other means similar to those shown herein for the sending person.
In addition, it is not necessary for the signature feature vectors 112 for the template signatures for the receiving person to be registered at the server 110, if they have already been registered at the server 110 for the same person as a sending person. Once an individual is registered at the server 110 in one capacity, the server 110 will retrieve their signature feature vectors 112 when they use the server 110 in another capacity.
At a step 270, the receiver 140 verifies a new signature from the receiving person. To perform this step 270, the receiver 140 performs steps like the step 221 through the step 223. The receiver 140 collects a test signature from the receiving person using the pen tablet 141. The receiver 140 forms a signature feature vector 112 for the test signature for the receiving person. The server 110 receives the signature feature vector 112 for the test signature for the receiving person, and attempts to verify that test signatore against the set of signature feature vectors 112 template signature for the receiving person, using the processor 113.
If the attempt to verify is successful (i.e., the test signature is considered to match the template signatures), the server 110 proceeds with the step 280. If the attempt to verify is unsuccessful (i.e., the test signature is considered to not match the template signatures), the server 110 transmits a message so indicating to the receiver 140. If the attempt to verify is unsuccessful, the server 110 and the receiver 140 may conduct a set of reattempts to verify the receiving person, similar to processing in the step 223 for the sending person.
At a step 280, the server 110 transmits to the receiver 140 a key for decoding the encoded message that was transmitted from the sender 120 to the receiver 140.
In a preferred embodiment, the key for decoding comprises the same key as the key for encoding, for use in a symmetric encoding decoding method such as the Data Encryption Standard (DES). However, in altemative embodiments, the key for decoding may comprise a second key from a key pair used in a public key system, and corresponding to the key pair from which the key for encoding was selected.
In a preferred embodiment, server 110 generates a signal to the sender 120, indicating that the receiver 140 has received the key for decoding, and therefore that biometric data for the receiving person has been verified. The server 110 transmits this signal to the sender 120 using the first communication path 131. This signal provides the sender 120 with an indication that the receiver 140 has received the message. Preferably, the signal provides an identifier for the message (so as to distinguish between several messages transmitted from the sender 120 to the receiver 140) and a timestamp value representative of when the key for decoding was transmitted from the server 110 to the receiver 140.
At a step 290, the receiver 140 decodes the encoded message using the key for decoding, to recover the original message.
In a preferred embodiment, the message comprises a single set of binary or text data, such as a file being transferred using a file transfer protocol or other network protocol. To generate the encoded message, the entire file is encoded using the key for encoding in a block encoding technique, thus creating an encoded file. The encoded file is transferred using the file transfer protocol or other network protocol. To recover the original message, the entire encoded file is decoded using the key for decoding.
However, in altemative embodiments, the message may comprise a stream of data and the method may be used for a virtual circuit to be created between the sender and receiver. To generate the encoded message, each separate transmission is encoded using the key for encoding in a stream encoding technique, thus creating an encoded stream of transmissions from the sender 120 to the receiver 140. The encoded stream is transferred using a "telnet" protocol or other stream communication protocol. To recover the original stream of transmissions, the encoded stream is decoded using the key for decoding.
The receiver 140 may generate a response message to be transmitted to the sender 120. In this event, the receiver 140 may obtain a new key for encoding from the server 110, using the method described with regard to figure 2. Altematively, since the receiver 120 has obtained from the server 110 a verification of the biometric data for the receiving person, the method may be streamlined for response messages from the receiver 140 to the sender 120. The server 110 may simply generate a key for encoding the response message and transmit that key for encoding to the receiver 140, and generate a key for decoding the response message and transmit that key for decoding to the sender 120. In a preferred embodiment where the key for encoding and the key for decoding the original message are substantially identical, the receiver 140 may use the key for decoding the original message as a key for encoding the response message and the sender 120 may use the key for encoding the original message as a key for decoding the response message.
Alternative Embodiments
Although preferred embodiments are disclosed herein, many variations are possible which remain within the concept, scope, and spirit of the invention, and these variations would become clear to those skilled in the art after perusal of this application.

Claims

ClaimsWe claim:
1. A method for communication between a sender and a receiver, said method comprising transmitting from said sender to a server a set of biometric data for a sending person; verifying, at said server, said biometric data for said sending person; transmitting from said server to said sender a key for encoding said message; encoding a message using said key for encoding to generate an encoded message; transmitting said encoded message to said receiver; transmitting from said receiver to said server a set of biometric data for a receiving person; verifying, at said server, said biometric data for a receiving person; transmitting from said server to said receiver a key for decoding said encoded message; and decoding said encoded message at said receiver.
2. A method as in claim 1 , comprising encoding a second message using said key for encoding to generate a second encoded message; and decoding said second encoded message using said key for decoding.
3. A method as in claim 1 , comprising transmitting from said server to said receiver a key for encoding a response; encoding a response using said key for encoding to generate an encoded response; transmitting said encoded response to said sender; transmitting from said server to said sender a key for decoding said encoded response; and decoding said encoded response at said sender.
4. A method as in claim 1, comprising transmitting from said server to said sender a signal representing whether said biometric data for said receiving person was verified at said server.
5. A method as in claim 1, wherein said key for encoding said message and said key for decoding said encoded message are paired keys in a public key system.
6. A method as in claim 1 , wherein said key for encoding said message and said key for decoding said encoded message are substantially identical.
7. A method as in claim 1, wherein said biometric data for said receiving person represents at least a portion of a facial image, a fingerprint, a hand image, a handprint, a foot image, a footprint, a human genome, a retinal image, a voiceprint, or a record of a spoken statement.
8. A method as in claim 1 , wherein said biometric data for said receiving person represents a receiver's signature.
9. A method as in claim 1, wherein said step of verifying said biometric data for said receiving person comprises receiving a set of template biometric data from said sender; receiving said biometric data for said receiving person; and comparing said biometric data for said receiving person against said set of template biometric data from said sender.
10. A system for communication between a sender and a receiver, said system comprising an input device coupled to said sender, said input device disposed for receiving a set of biometric data for a sending person; a server, said server coupled to said sender and to said receiver, said server comprising a biometric data verifier and a generator of a key for encoding and a key for decoding; means, at said sender, for encoding a message using said key for encoding, to generate an encoded message; a communication path between said sender and said receiver; an input device coupled to said receiver, said input device disposed for receiving a set of biometric data for a receiving person; means, at said receiver, for decoding said encoded message using said key for decoding.
11. A system as in claim 10, comprising means, at said sender, for encoding a second message using said key for encoding to generate a second encoded message; and means, at said receiver, for decoding said second encoded message using said key for decoding.
12. A system as in claim 10, comprising means, at said receiver, for encoding a response using said key for encoding to generate an encoded response; and means, at said sender, for decoding said encoded response.
13. A system as in claim 10, comprising means, at said server, for transmitting to said sender a signal representing whether said biometric data for said receiving person was verified.
14. A system as in claim 10, wherein said key for encoding and said key for decoding are paired keys in a public key system.
15. A system as in claim 10, wherein said key for encoding and said key for decoding are substantially identical.
16. A system as in claim 10, wherein said biometric data for said receiving person represents at least a portion of a facial image, a fingerprint, a hand image, a handprint, a foot image, a footprint, a human genome, a retinal image, a voiceprint, or a record of a spoken statement.
17. A system as in claim 10, wherein said biometric data for said receiving person represents a receiver's signature.
18. A system as in claim 10, wherein said biometric data verifier comprises a set of template biometric data from a person whose biometric data is to be verified; and means for comparing biometric data for said person against said set of template biometric data.
PCT/US1996/013736 1995-08-25 1996-08-20 Method of secure communication using signature verification WO1997008868A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US51943095A 1995-08-25 1995-08-25
US08/519,430 1995-08-25

Publications (1)

Publication Number Publication Date
WO1997008868A1 true WO1997008868A1 (en) 1997-03-06

Family

ID=24068278

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1996/013736 WO1997008868A1 (en) 1995-08-25 1996-08-20 Method of secure communication using signature verification

Country Status (1)

Country Link
WO (1) WO1997008868A1 (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998057247A1 (en) * 1997-06-09 1998-12-17 Koninklijke Philips Electronics N.V. Web-based, biometric authentication system and method
US6167517A (en) * 1998-04-09 2000-12-26 Oracle Corporation Trusted biometric client authentication
WO2001028413A1 (en) * 1999-10-20 2001-04-26 Siemens Aktiengesellschaft Method for transmitting person-related data
WO2002073520A1 (en) * 2001-03-13 2002-09-19 Relatable Llc A system and method for acoustic fingerprinting
US6463418B1 (en) * 1997-08-15 2002-10-08 Sun Microsystems, Inc. Secure and stateful electronic business transaction system
US7085840B2 (en) * 2001-10-29 2006-08-01 Sun Microsystems, Inc. Enhanced quality of identification in a data communications network
US7240365B2 (en) 2002-09-13 2007-07-03 Sun Microsystems, Inc. Repositing for digital content access control
US7246244B2 (en) 1999-05-14 2007-07-17 Fusionarc, Inc. A Delaware Corporation Identity verification method using a central biometric authority
US7275260B2 (en) 2001-10-29 2007-09-25 Sun Microsystems, Inc. Enhanced privacy protection in identification in a data communications network
US7363651B2 (en) 2002-09-13 2008-04-22 Sun Microsystems, Inc. System for digital content access control
US7380280B2 (en) 2002-09-13 2008-05-27 Sun Microsystems, Inc. Rights locker for digital content access control
US7398557B2 (en) 2002-09-13 2008-07-08 Sun Microsystems, Inc. Accessing in a rights locker system for digital content access control
US7496751B2 (en) 2001-10-29 2009-02-24 Sun Microsystems, Inc. Privacy and identification in a data communications network
US7512972B2 (en) 2002-09-13 2009-03-31 Sun Microsystems, Inc. Synchronizing for digital content access control
US7549295B2 (en) 2004-02-11 2009-06-23 Sumitomo Heavy Industries, Ltd. Three track valve for cryogenic refrigerator
US20110185176A1 (en) * 2008-10-31 2011-07-28 Hitachi, Ltd. Biometric authentication method and system
US8448230B2 (en) 2008-08-22 2013-05-21 International Business Machines Corporation System and method for real world biometric analytics through the use of a multimodal biometric analytic wallet
US8893303B2 (en) 2002-09-13 2014-11-18 Oracle America, Inc. Embedded content requests in a rights locker system for digital content access control
US10679749B2 (en) 2008-08-22 2020-06-09 International Business Machines Corporation System and method for virtual world biometric analytics through the use of a multimodal biometric analytic wallet

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0281224A2 (en) * 1987-03-03 1988-09-07 Hewlett-Packard Company Secure messaging systems
US4993068A (en) * 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system
US5237614A (en) * 1991-06-07 1993-08-17 Security Dynamics Technologies, Inc. Integrated network security system
WO1995016974A1 (en) * 1993-12-17 1995-06-22 Quintet, Incorporated Method of automated signature verification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0281224A2 (en) * 1987-03-03 1988-09-07 Hewlett-Packard Company Secure messaging systems
US4993068A (en) * 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system
US5237614A (en) * 1991-06-07 1993-08-17 Security Dynamics Technologies, Inc. Integrated network security system
WO1995016974A1 (en) * 1993-12-17 1995-06-22 Quintet, Incorporated Method of automated signature verification

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998057247A1 (en) * 1997-06-09 1998-12-17 Koninklijke Philips Electronics N.V. Web-based, biometric authentication system and method
US5930804A (en) * 1997-06-09 1999-07-27 Philips Electronics North America Corporation Web-based biometric authentication system and method
US6463418B1 (en) * 1997-08-15 2002-10-08 Sun Microsystems, Inc. Secure and stateful electronic business transaction system
US6167517A (en) * 1998-04-09 2000-12-26 Oracle Corporation Trusted biometric client authentication
US7246244B2 (en) 1999-05-14 2007-07-17 Fusionarc, Inc. A Delaware Corporation Identity verification method using a central biometric authority
WO2001028413A1 (en) * 1999-10-20 2001-04-26 Siemens Aktiengesellschaft Method for transmitting person-related data
WO2002073520A1 (en) * 2001-03-13 2002-09-19 Relatable Llc A system and method for acoustic fingerprinting
US7085840B2 (en) * 2001-10-29 2006-08-01 Sun Microsystems, Inc. Enhanced quality of identification in a data communications network
US7496751B2 (en) 2001-10-29 2009-02-24 Sun Microsystems, Inc. Privacy and identification in a data communications network
US7275260B2 (en) 2001-10-29 2007-09-25 Sun Microsystems, Inc. Enhanced privacy protection in identification in a data communications network
US7398557B2 (en) 2002-09-13 2008-07-08 Sun Microsystems, Inc. Accessing in a rights locker system for digital content access control
US8893303B2 (en) 2002-09-13 2014-11-18 Oracle America, Inc. Embedded content requests in a rights locker system for digital content access control
US7363651B2 (en) 2002-09-13 2008-04-22 Sun Microsystems, Inc. System for digital content access control
US7240365B2 (en) 2002-09-13 2007-07-03 Sun Microsystems, Inc. Repositing for digital content access control
US7512972B2 (en) 2002-09-13 2009-03-31 Sun Microsystems, Inc. Synchronizing for digital content access control
US7380280B2 (en) 2002-09-13 2008-05-27 Sun Microsystems, Inc. Rights locker for digital content access control
US7549295B2 (en) 2004-02-11 2009-06-23 Sumitomo Heavy Industries, Ltd. Three track valve for cryogenic refrigerator
US10679749B2 (en) 2008-08-22 2020-06-09 International Business Machines Corporation System and method for virtual world biometric analytics through the use of a multimodal biometric analytic wallet
US8448230B2 (en) 2008-08-22 2013-05-21 International Business Machines Corporation System and method for real world biometric analytics through the use of a multimodal biometric analytic wallet
US11080377B2 (en) 2008-08-22 2021-08-03 International Business Machines Corporation System and method for virtual world biometric analytics through the use of a multimodal biometric analytic wallet
US11170083B2 (en) 2008-08-22 2021-11-09 International Business Machines Corporation System and method for virtual world biometric analytics through the use of a multimodal biometric analytic wallet
US11269979B2 (en) 2008-08-22 2022-03-08 International Business Machines Corporation System and method for virtual world biometric analytics through the use of a multimodal biometric analytic wallet
US8412940B2 (en) * 2008-10-31 2013-04-02 Hitachi, Ltd. Biometric authentication method and system
US20110185176A1 (en) * 2008-10-31 2011-07-28 Hitachi, Ltd. Biometric authentication method and system

Similar Documents

Publication Publication Date Title
WO1997008868A1 (en) Method of secure communication using signature verification
CN1792060B (en) Methd and system for authenticating physical object
CA2341784C (en) Method to deploy a pki transaction in a web browser
US6741851B1 (en) Method for protecting data stored in lost mobile terminal and recording medium therefor
KR100486062B1 (en) Biometric certificates
US6990444B2 (en) Methods, systems, and computer program products for securely transforming an audio stream to encoded text
CN1973306B (en) Renewable and private biometrics
US6263446B1 (en) Method and apparatus for secure distribution of authentication credentials to roaming users
US7028184B2 (en) Technique for digitally notarizing a collection of data streams
US6185316B1 (en) Self-authentication apparatus and method
JP2001325549A (en) Biometric personal identification service providing system
US7620213B2 (en) Authentication device using anatomical information and method thereof
US20060235729A1 (en) Application-specific biometric templates
US20020095601A1 (en) Technique for establishing provable chain of evidence
US20020095587A1 (en) Smart card with integrated biometric sensor
EP1290534A2 (en) Method for biometric encryption of e-mail
JP2000276445A (en) Authentication method and device using biometrics discrimination, authentication execution device, and recording medium recorded with authentication program
JP3569751B2 (en) User authentication system
JP2000184448A (en) Personal communication system and its communicating method
EP1131911B1 (en) Method and apparatus for secure distribution of authentication credentials to roaming users
JP2004013560A (en) Authentication system, communication terminal, and server
JP2001052181A (en) Personal authenticating method and recording medium recording personal authentication program
WO2022130528A1 (en) Recovery verification system, collation system, recovery verification method, and non-temporary computer readable medium
JP2002366527A (en) Personal identification method
JP2002032516A (en) Ic card electronic voting system and voting method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA