US2022337419A1PendingUtilityA1

Systems, apparatus and methods for secure electrical communication of biometric personal identification information to validate the identity of an individual

74
Assignee: PING IDENTITY CORPPriority: May 5, 2015Filed: Mar 10, 2022Published: Oct 20, 2022
Est. expiryMay 5, 2035(~8.8 yrs left)· nominal 20-yr term from priority
Inventors:Armin Ebrahimi
H04L 63/0861G06F 21/33G06F 21/32G06K 19/06037H04W 12/06H04L 9/50H04L 9/30H04W 12/04H04L 9/0637H04L 9/302H04L 9/3252G06Q 20/02G06F 21/64G06Q 20/3827H04L 9/3236G06Q 20/3276G06K 19/06028H04W 12/77H04L 9/3247H04L 9/14G06Q 2220/00H04L 9/3066G06Q 20/3825G06F 21/34G06F 21/645G06F 21/31H04L 9/3231G06Q 20/065H04L 9/3239G06Q 20/4014H04L 9/0643H04L 9/3268H04L 9/3249H04L 2209/38
74
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

An apparatus for validating an identity of an individual based on biometrics includes a memory and a processor operatively coupled to a distributed database and the memory. The processor is configured to provide biometric data as an input to a predefined hash function to obtain a first biometric hash value. The processor is configured to obtain, using a first pointer to the distributed database, a signed second biometric hash value. The processor is configured to define a certification of the biometric data in response to verifying that a signature of the signed second biometric hash value is associated with the compute device and verifying that the first biometric hash value corresponds with the second biometric hash value. The processor is configured to digitally sign the certification using a private key associated with the processor to produce a signed biometric certification and store the signed biometric certification in the distributed database.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . An apparatus, comprising:
 a memory; and   a processor operatively coupled to a distributed database and the memory, the processor configured to:
 receive encrypted biometric data associated with a compute device; 
 decrypt the biometric data using a private key associated with the processor to obtain biometric data; 
 provide the biometric data as an input to a predefined hash function to obtain a first biometric hash value; 
 receive a first pointer to a record in the distributed database, the record including a signed second biometric hash value; 
 obtain, using the first pointer, the signed second biometric hash value from the distributed database; 
 validate an identity of a user of the compute device in response to:
 verifying that a signature of the signed second biometric hash value is associated with the compute device using a public key of the compute device; and 
 verifying that the first biometric hash value corresponds with the second biometric hash value; 
 
 define a certification based on the validating; 
 digitally sign the certification using a private key associated with the processor to produce a signed biometric certification; 
 store the signed biometric certification in the distributed database; and 
 provide, to the compute device, a second pointer to the signed biometric certification in the distributed database such that the compute device can provide the second pointer to a relying entity. 
   
     
     
         2 . The apparatus of  claim 1 , wherein the biometric data includes at least one of: a fingerprint, a facial image, an iris-scan, a voice print or DNA data. 
     
     
         3 . The apparatus of  claim 1 , wherein the signed second biometric hash value is signed using a private key associated with the compute device. 
     
     
         4 . The apparatus of  claim 1 , wherein the processor is configured to provide the second pointer to the compute device such that the compute device can provide the first pointer, the second pointer, the biometric data and the public key to the relying entity. 
     
     
         5 . The apparatus of  claim 1 , wherein the distributed database is a blockchain. 
     
     
         6 . The apparatus of  claim 3 , wherein the private key associated with the compute device is paired with the public key associated with the compute device. 
     
     
         7 . The apparatus of  claim 1 , wherein the encrypted biometric data is encrypted using at least one of Rivest-Shamir-Adleman (RSA) encryption algorithm or Elliptic Curve Digital Signature Algorithm (ECDSA). 
     
     
         8 . A method, comprising:
 receiving, at a processor, encrypted biometric data associated with a compute device;   decrypting the encrypted biometric data using a private key associated with the processor to obtain biometric data;   providing the biometric data as an input to a predefined hash function to obtain a first biometric hash value;   receiving a first pointer to a first record in a distributed database, the first record including a second biometric hash value;   obtaining, using the first pointer, the second biometric hash value from the distributed database;   validating an identity of a user of the compute device in response to:
 verifying that a signature of the second biometric hash value is associated with the compute device using the public key of the compute device; and 
 verifying that the first biometric hash value corresponds with the second biometric hash value; and 
   receiving, a second pointer to a second record in the distributed database based on the validating.   
     
     
         9 . The method of  claim 8 , wherein the second record includes a signed biometric certification, the method further comprising:
 obtaining, using the second pointer, the signed biometric certification from the distributed database; and   validating, based on the signed biometric certification, that the identity of the user of the compute device has been certified.   
     
     
         10 . The method of  claim 8 , wherein the second record includes a signed biometric certification, the method further comprising:
 obtaining, using the second pointer, the signed biometric certification from the distributed database; and   validating, that the identity of the user of the compute device has been certified in response to:
 verifying that a signature of the signed biometric certification is associated with a relying entity device using a public key of the relying entity device; and 
 verifying that the signed biometric certification is associated with the second biometric hash value. 
   
     
     
         11 . The method of  claim 8 , wherein the biometric data includes at least one of: a fingerprint, a facial image, an iris-scan, a voice print or DNA data. 
     
     
         12 . The method of  claim 8 , wherein the second biometric hash value is signed using a private key associated with the compute device. 
     
     
         13 . The method of  claim 8 , wherein the distributed database is a blockchain. 
     
     
         14 . The method of  claim 12 , wherein the private key associated with the compute device is paired with the public key associated with the compute device. 
     
     
         15 . The method of  claim 8 , wherein the encrypted biometric data is encrypted using Rivest-Shamir-Adleman (RSA) encryption algorithm or Elliptic Curve Digital Signature Algorithm (ECDSA). 
     
     
         16 . An apparatus, comprising:
 a memory; and   a processor operatively coupled to the memory, the processor configured to:
 define a data block including data to be sent to a compute device; 
 digitally sign the data block to produce an envelope signature; 
 generate envelope content including the data block and the envelope signature; 
 encrypt the envelope content using a public key of the compute device to produce a secure envelope; 
 store the secure envelope at a server; and 
 provide, to the compute device, an identifier to the secure envelope at the server such that the compute device can obtain the secure envelope from the server using the identifier. 
   
     
     
         17 . The apparatus of  claim 16 , wherein the data block further includes: a seal identifier of the processor, a seal identifier of the compute device, a timestamp, a session identifier, and a public key associated with the processor. 
     
     
         18 . The apparatus of  claim 16 , wherein the data block is signed using a private key associated with the processor to produce the envelope signature. 
     
     
         19 . The apparatus of  claim 16 , wherein the public key associated with the compute device is paired with a private key associated with the compute device such that the compute device can use the private key associated with the compute device to decrypt the secure envelope. 
     
     
         20 . The apparatus of  claim 16 , wherein the processor is configured to provide the identifier to the compute device via at least one of an email, a text message, or Near-field communication (NFC). 
     
     
         21 . The apparatus of  claim 16 , wherein the envelope content is encrypted using at least one of Rivest-Shamir-Adleman (RSA) encryption algorithm or Elliptic Curve Digital Signature Algorithm (ECDSA) to produce the secure envelope. 
     
     
         22 . The apparatus of  claim 16 , wherein the identifier further includes an address of the server. 
     
     
         23 . The apparatus of  claim 16 , wherein the identifier is at least one of a bar code, a QR code, or a pdf-417-code.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.