US2011138450A1PendingUtilityA1

Secure Transaction Systems and Methods using User Authenticating Biometric Information

56
Assignee: VALIDITY SENSORS INCPriority: Oct 6, 2009Filed: Jun 3, 2010Published: Jun 9, 2011
Est. expiryOct 6, 2029(~3.2 yrs left)· nominal 20-yr term from priority
G06Q 20/40G06Q 20/40145G06Q 20/10
56
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A user transaction request is received at a client device. A web browser plug-in communicates the user transaction request to a server that determines whether the user transaction request is a secure transaction. Transaction data is received from the server via the web browser plug-in. If the received transaction data indicates a secure transaction, the user is prompted to provide biometric data from a user using a biometric device and related security protocols. The web browser plug-in then communicates a transaction confirmation to the server.

Claims

exact text as granted — not AI-modified
1 . An apparatus configured to perform a secured transaction, comprising:
 a biometric sensor configured to identify biometric information associated with a user;   a storage device coupled to the biometric sensor and configured to store user information;   a biometric service coupled to the biometric sensor and configured to communicate with the biometric sensor; and   a web browser application configured in software code and stored on a client device and configured to be executed by a client processor on the apparatus, wherein the web browser application includes a biometric extension configured to communicate with the biometric sensor via the biometric service, and wherein the biometric extension is further configured to communicate with a plurality of web servers with which to perform a secured transaction, the web browser application configured to perform the following functions when executed by the client processor   receiving a user transaction request at a client device;   communicating the user transaction request to a server, wherein the server determines whether the user transaction request is a secure transaction;   receiving transaction data from the server via the web browser application;   if the received transaction data from the server indicates a secure transaction:
 prompting the user to provide biometric data; 
 receiving biometric data from the user; and 
 communicating a transaction confirmation to the server with the web browser application. 
   
     
     
         2 . The apparatus of  claim 1 , wherein the web browser application is further configured to receive user credentials associated with the user. 
     
     
         3 . The apparatus of  claim 1 , wherein the web browser application is further configured to receive user credentials associated with the user from one of the plurality of web servers. 
     
     
         4 . The apparatus of  claim 1 , wherein the storage device is configured to store a secret key associated with the user. 
     
     
         5 . The apparatus of  claim 1 , further comprising an encryption key embedded within the biometric sensor. 
     
     
         6 . The apparatus of  claim 1 , wherein the biometric extension has an associated digital signature. 
     
     
         7 . The apparatus of  claim 1 , wherein the biometric sensor is further configured to release an authentication token to the biometric service upon authentication of the user. 
     
     
         8 . The apparatus of  claim 7 , wherein the authentication token is a secret key. 
     
     
         9 . The apparatus of  claim 7 , wherein the authentication token is a one time password. 
     
     
         10 . The apparatus of  claim 7 , wherein the authentication token is an RSA signature. 
     
     
         11 . The apparatus of  claim 1 , wherein the biometric sensor is a fingerprint sensor. 
     
     
         12 . The apparatus of  claim 11 , wherein the fingerprint sensor is a placement fingerprint sensor. 
     
     
         13 . The apparatus of  claim 11 , wherein the fingerprint sensor is a swipe fingerprint sensor. 
     
     
         14 . A method comprising:
 identifying a biometric sensor associated with a client device, wherein the biometric sensor is identified by a biometric extension associated with a web browser application;   receiving a token and a user transaction request from the biometric sensor in response to a valid user activation of the biometric sensor;   transmitting the token to a web server using the biometric extension, wherein the server determines whether the user transaction request is a secure transaction;   transmitting a user identifier associated with the user to the web server, wherein the user identifier is communicated by the biometric extension at the client device; and   transmitting a biometric sensor identifier associated with the biometric sensor to the web server using the biometric extension   transmitting a transaction confirmation to the server with the web browser application.   
     
     
         15 . The method of  claim 14 , further comprising generating a request to authenticate the user of the biometric sensor. 
     
     
         16 . The method of  claim 14 , wherein the method is initiated in response to the web browser application accessing a web site that supports biometric authentication. 
     
     
         17 . The method of  claim 16 , further comprising determining whether the user is enrolled with the web site being accessed. 
     
     
         18 . The method of  claim 14 , further comprising creating a secure communication link between the biometric extension and the web server. 
     
     
         19 . The method of  claim 14 , further comprising receiving a session identifier from the web server using the biometric extension. 
     
     
         20 . The method of  claim 14 , wherein the token is one of a secret key, a one time password, and an RSA signature.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.