| Method and system for biometric authentication of user feedback -> Monitor Keywords |
|
|
  Method and system for biometric authentication of user feedbackUSPTO Application #: 20060112278Title: Method and system for biometric authentication of user feedback Abstract: Embodiments of the invention provide a method and system for receiving feedback with biometric authentication by sending a Uniform Resource Locator (URL) of a web-enabled feedback form to a user, sending the form if a matching server finds a match between a first biometric template derived from the user's biometric identifier and a reference biometric template associated with the user, and accepting the form if the matching server finds a match between a second biometric template derived from the user's biometric identifier and the reference biometric template associated with the user. (end of abstract)
Agent: Pearl Cohen Zedek, LLP - New York, NY, US Inventors: Mark Sherman Cohen, Shailesh Chirputkar, Scott Stanley Allan Coby USPTO Applicaton #: 20060112278 - Class: 713186000 (USPTO) Related Patent Categories: Electrical Computers And Digital Processing Systems: Support, System Access Control Based On User Identification By Cryptography, Using Record Or Token, Biometric Acquisition The Patent Description & Claims data below is from USPTO Patent Application 20060112278. Brief Patent Description - Full Patent Description - Patent Application Claims
CROSS-REFERENCE TO RELATED APPLICATIONS [0001] This application claims priority from U.S. Provisional Patent Application Serial No. 60/629,295, filed on Nov. 19, 2004. FIELD OF THE INVENTION [0002] This invention relates to the fields of biometrics, authentication/identification, secure communication, and data management. BACKGROUND OF THE INVENTION [0003] The growth of the Internet and other networking technologies has enabled users of business and consumer applications to access these applications remotely at an ever increasing rate. To maintain the privacy of sensitive information and to avoid commercial losses from fraudulent access to these applications as well as to meet mandated government legislation, there is a need for accurate verification of a user's identity in a way that can not be imitated or stolen. Additionally, applications such as secure facility entry, banking transactions, and other commercial transactions would benefit greatly by irrefutable biometric authentication and/or identification. [0004] Email services would also benefit from a more secure means of authentication. Whether accessed through a local network or over the Internet, the vast majority of email servers today rely on simple password authentication and are, therefore, highly vulnerable to fraudulent access. [0005] Current means to prevent unauthorized access include password authentication, personal identification numbers (PINs), confirmation of various aspects of personal history (date of birth, mother's maiden name, etc.), hardware and/or software token-based access, combinations of password and token-based access, and trusted containers of secret SKI (Symmetric Key Infrastructure) keys or PKI (Public Key Infrastructure) key-pairs assigned to users, such as with smart cards, which may or may not be PIN-protected. [0006] Password and PIN based authentication are two commonly used methods for a number of applications in commercial transactions. A password or PIN can be made nominally more secure by increasing its length, forcing the user to change it frequently, and/or imposing cryptic restrictions on it. However, these complications make access more difficult because of the challenge for users to remember such passwords or PINs, leading to an increased incidence of input errors. A mole serious drawback to both is that they can be easily stolen by direct or indirect observation of a user's input or his written record of both in an accessible location, cracked through the means of brute-force combinatorial or other cracker software, or intercepted in transit to a server and potentially replayed, if not sufficiently encrypted. Recently, fraudulent emails that appear as requests for information from commercial entities such as banks have been employed to induce consumers to disclose passwords or other personal information in a process known as phishing. [0007] The requirement for disclosing personal information to gain access can partially enhance security. However, much of this information can also be obtained either fraudulently or through legal means from consumer database services as witnessed by recent intrusions into Checkpoint, HSBC, and others. [0008] Token-based systems involve the use of a unique hardware or software token for authentication. This token can range from a bank ATM card to various hardware devices that may or may not attach to a computer for authorizing access over a network to resident software for remote network users. These devices are often used in combination with a password or other personal identifier. Although token-based access is more difficult to reproduce fraudulently because access is granted only with the unique token, it still has a number of shortcomings. Highly portable tokens such as credit cards can be lost, stolen, and, in some cases, counterfeited. More sophisticated tokens, which generate either single-use or time-sensitive dynamic passwords, may be portable; however, they cannot be shared among different users without compromising their security. Furthermore, most such tokens have a limited lifespan before they require replacement or reactivation. Lastly, any of these tokens can still be used for unintended access if an unauthorized user obtains the token and associated password, PIN, etc. [0009] More recently, systems that employ images of a user's unique biometric identifiers such as fingerprints, hand geometry, retinal patterns, DNA, iris and facial scans have been used to eliminate some of these shortcomings. Biometric identifiers have the natural advantage of being unique to the individual being identified and can't be lost or stolen. With biometric authentication, an authorized user requests access using a scanner or similar device to capture an image of the biometric identifier. Depending on the algorithms employed, key features of the digital template derived from the grayscale image produced by the device are compared to a database containing digital templates of authorized users. The matching system must be able to compare properly the sample template against a database of stored (enrolled) user templates, and identify the closest match within preset parameters. The two templates will not exactly match (as in contrast to password matching), because the user will not be generating the exact same image twice. A positive match occurs when the differences between the sample template and the closest stored template are less than predetermined thresholds. In this case, the user gains access to the system or application as appropriate. Accurate evaluation of the template is essential for mission critical applications in an enterprise environment. Any significant amount of false positives could have dire consequences for a business's viability, while false negatives can degrade the credibility of the authentication system. Furthermore, broad user acceptance of biometric authentication is contingent on this accuracy. Consequently, a highly-discriminating, advanced matching system, with accuracy far beyond current standards such as the Automatic Fingerprint Identification Systems (AFIS) used in law enforcement today for identification is needed in this type of environment. [0010] Another challenge is to eliminate the risk of unauthorized copying and/or replaying of the response stream generated by a user's biometric output from a scanner. As a specific example, if the output of the biometric imaging of a fingerprint or extracted template thereof were recorded, that output could conceivably be played back at a later time as a means of attack into the system to gain unauthorized access. Thus, the problem becomes one of assuring that the image sample being submitted to the authentication system is being taken live, and the template extracted from the live image is not being replayed. [0011] The vulnerability of the Internet and other public access networks to attack creates additional challenges for insuring secure authentication for remote access to applications and systems, including email. In one representative architecture, a user at a workstation requests access to an application. That request is encrypted and transmitted over a network to a web server where the authentication of the user takes place. If the user's identity is confirmed, the user accesses an application server behind an enterprise firewall. The direct exposure of the web server to the Internet leaves it vulnerable to hacking, cracking, SQL injection, and other methods for gaining unauthorized access to any or all applications and or their private data residing behind the enterprise firewall. [0012] One alternative is to perform user authentication at the application server level. User authentication at the application server level provides an added measure of security as opposed to the web server level because of the application server's more restricted access. Because of the diverse set of hardware and software components that are utilized in an enterprise, many applications ale developed in the Java programming language because of its portability to a variety of operating systems. The biometric system should support the Java runtime environment as well as non-Java runtime environments that enable web application access including Microsoft's .Net, ADODB and others that may come into mainstream computing use. Numerous commercially available application server technologies based on Java such as IBM WebSphere, BEA WebLogic, Macromedia JRun, and JBOSS support authentication directly with lightweight directory access protocol (LDAP) directories containing the user profile data and are compatible with the diversity of hardware and software in the enterprise. These directory servers can work with token-based authentication systems, dynamic passwords, and others as available depending on the authentication method supported. However, they don't eliminate the fundamental security problem with all of these authentication methods, namely that they all use credentials that can be shared, stolen or lost. [0013] Although a number of authentication systems today allow for so-called site licenses with a fixed set of users, they seldom actually monitor and/or offer a variable maximum number of users, nor do they distinguish between classes of users for access or the number of applications using any particular authentication method. Licensing use by specific application and variable number of users would allow improved cost accounting for enterprise software managers by creating a means for attributing licensing costs directly to each application. In addition, the authentication software vendor can collect fees based on the incremental number of applications and/or users licensed, rather than strictly by site or maximum number of users. Charging for applications on an incremental basis is beneficial to enterprises because it allows them to purchase only what they need and not pay for greater capacity which they do not utilize. It also facilitates cost accounting among various divisions and departments thereby giving greater autonomy to division and department managers by controlling and limiting expenditures. SUMMARY OF THE INVENTION [0014] The above-identified problems are solved and technical advances are achieved by embodiments of the present invention. [0015] The present inventors have determined that a biometric authentication and/or identification system should also solve several key implementation challenges. First, a biometric system should be able to accommodate migration from one or more existing authentication and/or identification system(s) without risk to the enterprise in terms of down time, cost, and security. The transition should include a user-friendly, accurate enrollment system that can detect and eliminate any attempt to create multiple user identities for any person or biometric identifier. This enrollment system should also accommodate multiple imaging devices types for generating reference images. In addition, the system should have a secure means for authenticating when a biometric imaging device is temporarily unavailable. This mode of operation, known as an exception mode, should be integrated within the system and include safeguards against tampering, attacks, and/or other types of compromise. [0016] Some embodiments of the invention provide an integrated biometric authentication/identification and migration system with server side authentication and identification through the use of a four-tier architecture on a multi-platform, imaging-device-independent and imaging-device-interoperable structure. Although the exemplary embodiments herein provide a biometric identification system that may be used in authentication, it is to be under stood that authentication may be provided alone without departing from the scope of the present invention. [0017] Exemplary embodiments of some aspects of the invention include a method and apparatus for producing a biometric identification reference image based on selecting the image having the highest quality score from images received from two or more different imaging devices, alias-free enrollment on a work station containing one or more fingerprint imaging systems that includes server-based one-to-many alias checking, secure transmission of live biometric samples, a method and system for protecting access to licensed applications, a method and system for secure transmission of biometric data by time-stamping the data, web-based authentication testing resident on either a web server or a combination of web and application servers, a unique identities database in a secure facility, an in-house license generator for multiple user levels and applications that responds directly to client requests, a method and system for exception mode authentication with system operator biometric authorization, and a method and system for biometric authentication of user feedback. [0018] The term "image" in the context of this application may refer to but is not limited to a representation or likeness of a biometric identifier that captures sufficient details of or data regarding the biometric identifier so as to uniquely identify the person from which the image was taken. Examples of images may include visual representations such as those of fingerprints, retinal patterns, hand geometry, and facial geometry, as well as non-visual representations such as those of voice pattern and DNA or any other biometric identifiers as are known in the art. Moreover, imagers may employ a variety of imaging technologies to obtain images including but not limited to optical, infrared, RF electronic, mechanical force measurement, temperature measurement, ultrasound, audio recording, active capacitance sensing and others as are known in the art. [0019] Other and further aspects of the present invention will become apparent from the following detailed description of demonstrative embodiments of the invention and by reference to the attached drawings. BRIEF DESCRIPTION OF THE DRAWINGS Continue reading... Full patent description for Method and system for biometric authentication of user feedback Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Method and system for biometric authentication of user feedback patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Method and system for biometric authentication of user feedback or other areas of interest. ### Previous Patent Application: High-speed password attacking device Next Patent Application: Method and system for biometric identification and authentication having an exception mode Industry Class: Electrical computers and digital processing systems: support ### FreshPatents.com Support Thank you for viewing the Method and system for biometric authentication of user feedback patent info. IP-related news and info Results in 3.30658 seconds Other interesting Feshpatents.com categories: Daimler Chrysler , DirecTV , Exxonmobil Chemical Company , Goodyear , Intel , Kyocera Wireless , |
||
