US2011138450A1PendingUtilityA1
Secure Transaction Systems and Methods using User Authenticating Biometric Information
Est. expiryOct 6, 2029(~3.2 yrs left)· nominal 20-yr term from priority
G06Q 20/40G06Q 20/40145G06Q 20/10
56
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A user transaction request is received at a client device. A web browser plug-in communicates the user transaction request to a server that determines whether the user transaction request is a secure transaction. Transaction data is received from the server via the web browser plug-in. If the received transaction data indicates a secure transaction, the user is prompted to provide biometric data from a user using a biometric device and related security protocols. The web browser plug-in then communicates a transaction confirmation to the server.
Claims
exact text as granted — not AI-modified1 . An apparatus configured to perform a secured transaction, comprising:
a biometric sensor configured to identify biometric information associated with a user; a storage device coupled to the biometric sensor and configured to store user information; a biometric service coupled to the biometric sensor and configured to communicate with the biometric sensor; and a web browser application configured in software code and stored on a client device and configured to be executed by a client processor on the apparatus, wherein the web browser application includes a biometric extension configured to communicate with the biometric sensor via the biometric service, and wherein the biometric extension is further configured to communicate with a plurality of web servers with which to perform a secured transaction, the web browser application configured to perform the following functions when executed by the client processor receiving a user transaction request at a client device; communicating the user transaction request to a server, wherein the server determines whether the user transaction request is a secure transaction; receiving transaction data from the server via the web browser application; if the received transaction data from the server indicates a secure transaction:
prompting the user to provide biometric data;
receiving biometric data from the user; and
communicating a transaction confirmation to the server with the web browser application.
2 . The apparatus of claim 1 , wherein the web browser application is further configured to receive user credentials associated with the user.
3 . The apparatus of claim 1 , wherein the web browser application is further configured to receive user credentials associated with the user from one of the plurality of web servers.
4 . The apparatus of claim 1 , wherein the storage device is configured to store a secret key associated with the user.
5 . The apparatus of claim 1 , further comprising an encryption key embedded within the biometric sensor.
6 . The apparatus of claim 1 , wherein the biometric extension has an associated digital signature.
7 . The apparatus of claim 1 , wherein the biometric sensor is further configured to release an authentication token to the biometric service upon authentication of the user.
8 . The apparatus of claim 7 , wherein the authentication token is a secret key.
9 . The apparatus of claim 7 , wherein the authentication token is a one time password.
10 . The apparatus of claim 7 , wherein the authentication token is an RSA signature.
11 . The apparatus of claim 1 , wherein the biometric sensor is a fingerprint sensor.
12 . The apparatus of claim 11 , wherein the fingerprint sensor is a placement fingerprint sensor.
13 . The apparatus of claim 11 , wherein the fingerprint sensor is a swipe fingerprint sensor.
14 . A method comprising:
identifying a biometric sensor associated with a client device, wherein the biometric sensor is identified by a biometric extension associated with a web browser application; receiving a token and a user transaction request from the biometric sensor in response to a valid user activation of the biometric sensor; transmitting the token to a web server using the biometric extension, wherein the server determines whether the user transaction request is a secure transaction; transmitting a user identifier associated with the user to the web server, wherein the user identifier is communicated by the biometric extension at the client device; and transmitting a biometric sensor identifier associated with the biometric sensor to the web server using the biometric extension transmitting a transaction confirmation to the server with the web browser application.
15 . The method of claim 14 , further comprising generating a request to authenticate the user of the biometric sensor.
16 . The method of claim 14 , wherein the method is initiated in response to the web browser application accessing a web site that supports biometric authentication.
17 . The method of claim 16 , further comprising determining whether the user is enrolled with the web site being accessed.
18 . The method of claim 14 , further comprising creating a secure communication link between the biometric extension and the web server.
19 . The method of claim 14 , further comprising receiving a session identifier from the web server using the biometric extension.
20 . The method of claim 14 , wherein the token is one of a secret key, a one time password, and an RSA signature.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.