WO2003023694A1 - Method, apparatus and system for providing security in storing information, and limited and secure access to stored data and stored information - Google Patents

Method, apparatus and system for providing security in storing information, and limited and secure access to stored data and stored information Download PDF

Info

Publication number
WO2003023694A1
WO2003023694A1 PCT/US2002/028857 US0228857W WO03023694A1 WO 2003023694 A1 WO2003023694 A1 WO 2003023694A1 US 0228857 W US0228857 W US 0228857W WO 03023694 A1 WO03023694 A1 WO 03023694A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
information
data
individual
stored
Prior art date
Application number
PCT/US2002/028857
Other languages
French (fr)
Inventor
Robert Barra
Michael Vitale
James Christopher Lalos
Original Assignee
Cryptometrics, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cryptometrics, Inc. filed Critical Cryptometrics, Inc.
Publication of WO2003023694A1 publication Critical patent/WO2003023694A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Definitions

  • This invention is concerned with a method, apparatus and system for providing security for
  • the invention is concerned with an arrangement in which use is made of
  • One purpose of the present invention is to provide an individual with rapid access to the
  • a primary feature of the present invention is to provide a Personal Individual
  • PIRIS Recognition and Information Store
  • PIRIS information on the PIRIS and provide sole individual access to such information stored by the PIRIS, which only recognizes the individual(s) that the PIRIS is programmed to recognize.
  • the PIRIS may be programmed to recognize a
  • a physical characteristic is a fingerprint recognition device. It is generally understood
  • the biometric identifier is a unique identifier that creates a
  • biometric identifier is
  • the present invention proposes the provision of a computer application that can be placed or entered into any present-day conventional computer.
  • the application contains all of the
  • biometrics / fingerprint template biometrics / fingerprint template
  • an authentication / security system is provided in
  • e-mail is the intended recipient and not a third person who happens to have access to the terminal.
  • system according to the present invention provides substantially a 100% assurance
  • the e-mails can be maintained at the highest level of
  • Fig. 1 is a schematic representation of the method, apparatus and system for enrollment and
  • Fig. 2 is a schematic representation of the method, apparatus and system for data
  • Fig. 3 is an example of a prior art device that can store and release data in response to a
  • Fig. 1 illustrates the relationship between an end user 10, the PIRIS 20 and a user
  • client-side computer 30 which is used to enroll the user's data and / or to
  • This data can be anything, but is assumed to be some sort of confidential data -
  • client-side computer is not connected to any other computers or
  • the client computer can be connector to a network. It is also possible for the client computer to be connector to a network. It is also possible for the client computer to be connector to a network. It is also possible for the client computer to be connector to a network. It is also possible for the client computer to be connector to a network. It is also possible for the client computer to be connector to a network. It is also possible for the client computer to be connector to a network. It is also possible for the client computer to be connector to a network. It is also possible for the client
  • the client computer does not actually save any data locally, or record any data onto the
  • PIRIS contains a fingerprint recognition device and software to recognize an individual
  • the session begins with PIRIS 20 being activated by the fingerprint.
  • User application 10 is
  • An enrollment application is entered into computer 30 by the individual user 10, and
  • connector 12 between user 10 and computer 30 illustrates this step. Either before or after PIRIS
  • PIRIS 20 is rendered operational by the finger, and the fingerprint is recognized, PIRIS 20 is ready to
  • PIRIS 20 is able to read the this information and store it on the PIRIS memory.
  • PIRIS can access the information.
  • the information that is stored is not limited to passwords and
  • the PIRIS is not in control. Instead, it is the user application that prompts the PIRS to
  • the client application has the PIRIS log the user into the computer by means of the
  • the client application asks the user to submit and/or edit the data that the user wishes to have
  • This data may be restricted to a few pieces of data - perhaps even one piece
  • time-out feature or any other feature
  • the client application can either have such features or
  • FIG. 2 this figure is generally similar to Fig. 1 showing
  • the client application may be connected to a network 240, and may connect with
  • set-up is suitable for stand-alone client applications, such as on a
  • Figs. 1 and 2 are generally similar to each other, and like parts and elements in Fig. 2 are
  • the client application when it requires the data from the PIRIS, requires that the user
  • the PIRIS can be
  • IT Information Technology
  • security staff configured with user information by the corporate Information Technology ("IT) or security staff,
  • Intranet by using the PIRIS to provide authentication data to the corporate Intranet's servers.
  • This client application can either have such features or not have them, without
  • PIRIS 10 or 210 used as the PIRIS 10 or 210 that has the capability to store data and to permit retrieval of the data
  • biometric device or sensor which provides for an identification of a user in response to the
  • the PIRIS 10, 210 uses the prior art device shown in Fig. 3 in conjunction with the
  • the prior art device is not only a fingerprint verification unit, but also a storage and
  • the CPU controls all the processing such as fingerprint verification, encryption / decryption,
  • a fingerprint image is scanned from a sensor.
  • a silicon-based capacitance sensor is used in
  • the captured image is converted to monochrome data or template data and stored in a
  • DRAM buffer as a file.
  • a file is created after the gray-scale data is converted to monochrome data
  • the template file can be stored in flash memory as an authentication file.
  • the finger is verified by dedicated LSI.
  • RSA encryption calculation is done by the Exponent Processor.
  • DRAM can be used not only for a work area within the device, but also for the storage of
  • Flash Memory can store the following data in the form of files.
  • USB Controller RS-232C Driver
  • Communication to the PC is through a USB port or a serial port.
  • Online banking transactions including but not limited to credit / debit card transactions,

Abstract

Apparatus, method and system for providing security for confidential data and/or information that an individual (10) desires to store and to provide limited and secure access to the stored data and/or stored information. An authentication/security device (20) authenticates an individual sender or an individual recipient, or both, which also verifies an individual sender or an individual receiver, or both. A computer (30) does not store or save any data on its local hard drive and the device (20) removes all of the information from the computer (30), the device (20) renders the computer ready to receive data in response to the device recognizing the individual user (10), and enters data onto an application in the computer (30) by the individual user (10) and the device (20) and computer (30) cooperating for the device (20) to receive data entered into the computer (30) for storage in the device (20) in response to recognition of the individual user (10).

Description

METHOD, APPARATUS AND SYSTEM FOR PROVIDING SECURITY
IN STORING INFORMATION, AND LIMITED AND SECURE ACCESS
TO STORED DATA AND STORED INFORMATION
BACKGROUND OF THE INVENTION
Field of the Invention.
This invention is concerned with a method, apparatus and system for providing security for
data and/or information that an individual desires to store and to provide limited and secure access
to the stored data and/or the stored information.
More particularly, the invention is concerned with an arrangement in which use is made of
computer technology, biometric technology and user recognition technology, and provides for a
program that limits access to at least one and in some instances only one individual and/or agent,
and for certain purposes to more than one individual and/or agent who have access for particular,
specific and/or unique purposes. Different ranges of access are provided to extend the versatility of
the invention in today's society.
As is well known, individuals today are encumbered with lengthy lists of telephone numbers,
personal passwords, personal identification codes to access bank funds and personal and private
information, as well as computer information, among many different types and levels of information.
One purpose of the present invention is to provide an individual with rapid access to the
various identification indicia while maintaining such information at a high level of secrecy and while
prevent all others from obtaining access to such information.
Accordingly, a primary feature of the present invention is to provide a Personal Individual
Recognition and Information Store, hereinafter "PIRIS". With a PIRIS according to the invention,
an individual using a program provided according to the teaching of this invention can store
information on the PIRIS and provide sole individual access to such information stored by the PIRIS, which only recognizes the individual(s) that the PIRIS is programmed to recognize.
The PIRIS according to the teachings of this invention may be programmed to recognize a
single individual. However, it is clearly desirable to provide access to the PIRIS for business or
security purposes to one or more other individuals who may or may not generally be designated as
security officers for situations in which the primary individual is no longer capable of acting to obtain
access to the PIRIS. In such a situation, there may be one or more security-type individuals who
would have the authority to obtain access to the information stored in the PIRIS.
It is also well known that there are Biometric Services, hereinafter "BD", which can
individualize an individual agent on the basis of physical characteristics. One example of a BD that
can recognize a physical characteristic is a fingerprint recognition device. It is generally understood
that a fingerprint is unique to each individual. For the purposes of explaining the advantages and
utility of this invention, a BD that encompasses fingerprint recognition will be used.
To provide a further safeguard with respect to information to be stored and maintained in
secrecy, this information is never entered onto the hard drive of any computer, even though
computer technology is used to carry out this invention.
Clearly, in order to obtain access to the information, it is necessary to have the biometric
identifier and the necessary software. The biometric identifier is a unique identifier that creates a
person's own personal password that cannot be duplicated because the biometric identifier is
unique to each individual. With the use of the program according to the invention, all data -
whether previously stored on the hard drive or added to the application - subsequently can only be
accessed by the biometric device on the PIRIS.
The present invention proposes the provision of a computer application that can be placed or entered into any present-day conventional computer. The application contains all of the
information and software capability to read information that is to be stored and maintained in
secrecy.
Description of the Prior Art
Systems that have been used to date have defects that render them seriously flawed and
permit a "hacker" to gain access to the private data base. A 100%-percent safe, foolproof and
tamper-resistant solution lies in the technology of the present invention, where authentication /
verification of individual agents - as they seek to identify themselves, transmit information or store
data - guarantees with complete reassurance that all parties associated with the transaction are the
intended parties. Additionally, the technology prevents the intrusion of any unintended party from
gaining access to any financial / personal data. All private information is self-contained on the
security device (biometrics / fingerprint template) and not stored on a hard drive as with other
software / security systems that are vulnerable to outside, unauthorized intrusion.
In accordance with the present invention, an authentication / security system is provided in
which users can authenticate the sender, recipient or both by use of digital signature or biometrics
(e.g., fingerprint analysis). The software program with digital signature verification or its highest
level of biometrics via the PIRIS comprise the security safeguards that ensure that sent e-mail
messages are not opened until the security software verified that the person opening and reading the
e-mail is the intended recipient and not a third person who happens to have access to the terminal.
In addition, the system according to the present invention provides substantially a 100% assurance
that e-mails cannot be intercepted by unintended parties. This degree of safety and effectiveness is
not available on any other system in today's market. This higher level of security is also available in the Signature Verification System as well. It is important to keep in mind that traditional e-mail is
very similar, in the Internet / Intranet systems, to sending a postcard via the postal system. Just as
anyone who touches the postcard en route to its destination has access to its message, so anyone
with access to a computer terminal with e-mail on it has access to that mail. However, if e-mail is
used, and each user is using the PIRIS system, the e-mails can be maintained at the highest level of
security - because only those having access to their own PIRIS can obtain access to these e-mails.
BRIEF DESCRIPTION OF THE DRAWINGS
The features and advantages of the present invention will become apparent from the
following description of the invention, taken together with the accompanying drawings, in which:
Fig. 1 is a schematic representation of the method, apparatus and system for enrollment and
editing of data.
Fig. 2 is a schematic representation of the method, apparatus and system for data
presentation based on data stored in a device separate from a computer that provides for storing of
data and release of data in accordance with a biometric control.
Fig. 3 is an example of a prior art device that can store and release data in response to a
biometric control.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Referring now more particularly to the drawings, reference is made to Fig. 1, which details
the method steps, apparatus and system for recording data into PIRIS. Fig. 1 illustrates the relationship between an end user 10, the PIRIS 20 and a user
application, including a client-side computer 30, which is used to enroll the user's data and / or to
modify such data. This data can be anything, but is assumed to be some sort of confidential data -
credit card numbers, passwords, etc.
It should be noted that the client-side computer is not connected to any other computers or
user's computer, and is a stand-alone computer. It is not a client-server operation. It is certainly
possible for the client computer to be connector to a network. It is also possible for the client
application to originate on another machine. However, during the life of the program, the client will
not be talking to any other computers.
The client computer does not actually save any data locally, or record any data onto the
hard drive. All data are read from and written to the PIRIS 20.
PIRIS contains a fingerprint recognition device and software to recognize an individual
user's fingerprint. This is logged into PIRIS 20 and stored there. Accessibility is gained by
activating PIRIS 20 upon recognition of an individual's fingerprint.
The session begins with PIRIS 20 being activated by the fingerprint. User application 10 is
then activated to start to store information.
An enrollment application is entered into computer 30 by the individual user 10, and
connector 12 between user 10 and computer 30 illustrates this step. Either before or after PIRIS
20 is rendered operational by the finger, and the fingerprint is recognized, PIRIS 20 is ready to
receive data; this step is indicated by connector 14.
Data is entered into computer 30, onto the application in the computer, and then the
information is transmitted from the computer 30 to PIRIS 20 through the connector 10 and stored solely in PIRIS 20 through line 16. After the information is entered into PIRIS 20, the data is
removed from the application in computer 30. Once removed from the application in computer 30,
it no longer is in the application and resides solely in PIRIS 20. It should also be noted that all types
of data and information can be read by the application on the computer can stored on the computer.
Then PIRIS 20 is able to read the this information and store it on the PIRIS memory.
Once the information is stored on the PIRIS memory, only those who have access to the
PIRIS can access the information. The information that is stored is not limited to passwords and
telephone numbers, but can include an entire book, for example, or any other piece of extended
material, depending on the storage capacity of the memory.
In the block diagrams contained in this application, a bidirectional arrow defines connector
14 between PIRIS 20 and the end user 10 is used to represent the end user submitting
authentication data. Although it is true that the user will physically interact with the PIRIS to submit
these data, the PIRIS is not in control. Instead, it is the user application that prompts the PIRS to
enter "accept data" mode, and it is the user application that prompts the user to submit data (e.g.,
by putting his or her finger on the PIRIS window).
The operation of such a program is simple.
First, the client application has the PIRIS log the user into the computer by means of the
user's fingerprints or other biometric device with biometric capabilities. Once the user has logged
in, the client application asks the user to submit and/or edit the data that the user wishes to have
stored on the PIRIS. This data may be restricted to a few pieces of data - perhaps even one piece
of data - as would befit an application specific to a particular product or service. But the user
would have complete control as to how much data he or she would save on the PIRIS, as would befit a product or service with the purpose of facilitating the user's interaction with his or her PIRIS.
It is generally useful to include some sort of "time-out" feature, where, after a certain
amount of time has elapsed - either generally or limited to time in which the computer is inactive -
the user must log in again. This can prevent PIRIS misuse that could arise when a legitimate user
logs in, and then another user begins to use the client application, either with or without the original
user's knowledge and consent. However, such a time-out feature, or any other feature
implemented in the client application to prevent such misuse or other forms of misuse, are entirely
within the purview of the client application. The client application can either have such features or
not have them, without affecting the applicability or legitimacy of the design at issue.
Referring now more particularly to Fig. 2, this figure is generally similar to Fig. 1 showing
the various steps involved in retrieving information. Specifically, this drawing is used to explain the
relationship between the end user 210, the PIRIS 220 and a client application contained on client-
side computer 230 that uses the PIRIS to retrieve the data necessary for the client's operation.
These data can be anything, but is assumed to be some sort of confidential data: credit card
numbers, passwords, etc., which were previously entered into the memory and stored in the PIRIS.
First, the client application may be connected to a network 240, and may connect with
other computers during its operation. This is not necessary, but it is not precluded by the design or
intended use. This means that the set-up is suitable for stand-alone client applications, such as on a
corporate work station, or for client-server or other server-based applications, such as corporate
Intranet applications or online services.
Figs. 1 and 2 are generally similar to each other, and like parts and elements in Fig. 2 are
raised by the prefix "2" to indicate similar elements in Fig. 1. Second, the client computer does not actually save any data locally, on the hard drive. All
data is read from and written to the PIRIS. In accordance with program operation, the following
steps take place.
(1) The client application, when it requires the data from the PIRIS, requires that the user
log in to the PIRIS using his or her fingerprint. This does not necessarily take place at the beginning
of the client application; it could well take place at some point in the middle of the application,
whenever the client demands a service that requires data from the PIRIS.
(2) After the user has successfully logged in, the client application will obtain any data it
needs from the PIRIS. These data may or may not be displayed to the user. It is certainly possible
to envision applications in which the user never even knows the data stored on his or her PIRIS,
and / or in which the user is not even allowed to do so. One example would be a laptop computer
used for remote connection to a corporation Intranet, via a VPN. In such a case, the PIRIS can be
configured with user information by the corporate Information Technology ("IT") or security staff,
and then given to the desired user. The desired user would be able to connect to the corporate
Intranet by using the PIRIS to provide authentication data to the corporate Intranet's servers. The
user, however, will never have access to these data, but can only retrieve what he or she is
authorized to retrieve.
(3) As a further step, it is desirable to include some sort of "time-out" feature, where, after a
certain amount of time has elapsed, either in general or limited to a period of inactivity, the user is
forced to log in again. This can prevent PIRIS misuse that could occur when a legitimately user logs
in, and then another user uses the client application, either with or without the original user's
knowledge or consent. Such a time-out feature, however, or any feature implemented in the client application to prevent this misuse or other forms of misuse, are entirely within the purview of the
client application. This client application can either have such features or not have them, without
affecting the applicability or legitimacy of the design at issue.
Referring to Figure 3, which shows a heretofore known apparatus of the type that can be
used as the PIRIS 10 or 210 that has the capability to store data and to permit retrieval of the data
and a biometric device or sensor, which provides for an identification of a user in response to the
uniqueness of the fingerprint of the user.
The PIRIS 10, 210 uses the prior art device shown in Fig. 3 in conjunction with the
application which is placed onto the computer to read the information in the PIRIS or to supply the
secret information to the PIRIS.
The prior art device is not only a fingerprint verification unit, but also a storage and
cryptographic device with authentication capabilities. Specifically, it has built-in PKCS#11
(Cryptoki) support.
The prior art devices shown in Fig. 3 has the following capabilities:
* It can scan a fingerprint image from the sensor and create templates.
* It can verify fingerprint data with reference templates.
* It can authenticate a user by fingerprints, password or PKI.
* It can store files securely.
* It can encrypt and decrypt data using PKI (RSA) or Symmetric Key (DES).
* It can generate true random numbers.
* It can generate PKI key pairs (RSA: n = max. 1024-bit).
A more detailed explanation of the prior art device shown in Fig. 3 is as follows: CPU
The CPU controls all the processing such as fingerprint verification, encryption / decryption,
communication with PC, etc.
Sensor
A fingerprint image is scanned from a sensor. A silicon-based capacitance sensor is used in
FIU-710. The captured image is converted to monochrome data or template data and stored in a
DRAM buffer as a file. A file is created after the gray-scale data is converted to monochrome data
or template data. The template file can be stored in flash memory as an authentication file.
Verification LSI
The finger is verified by dedicated LSI.
Exponent Processor
RSA encryption calculation is done by the Exponent Processor.
DRAM
DRAM can be used not only for a work area within the device, but also for the storage of
monochrome fingerprint data file, template file and session keys. However, when FIU-710 device
goes to the sleep mode or is powered-off, all the data in DRAM are cleared. Also, if a session is
closed, the data stored in DRAM during the session is cleared.
Flash Memory
Flash Memory can store the following data in the form of files.
* Fingerprint templates for authentication
* Passwords for authentication
* RSA public keys for authentication * Symmetric keys
* General data.
Files that are created in flash memory are not cleared when FIU-710 is powered-off.
USB Controller: RS-232C Driver
Communication to the PC is through a USB port or a serial port.
It is evident, and it will be readily understood by those skilled in the art, that the PIRIS
device has fingerprint recognition capability as well as information storage capacity. Data can only
be entered into or retrieved from the PIRIS by those who has the required security access, and
these data are never entered into or received by the computer hard drive.
The markets for this application's unique software application systems cover a wide
spectrum of industries. In particularly, banking and other financial institutions can greatly benefit
from this application's system both from the standpoint of security and from the standpoint of
finance, with respect to the issues outlined below.
Online banking transactions - including but not limited to credit / debit card transactions,
bill paying, cash withdrawals and deposits, balance inquiries and transfers - are all vulnerable to a
host of problems. In particular, Internet fraud has been a major concern in the banking and other
financial industries. This problem is so pronounced that it now totals billions of dollars lost annually
to "hackers" and other unscrupulous criminal elements. Other customers that are targeted include
online security trading, auction and gaming transactions, insurance company transactions, and the
transactions of medical and health-care facility, pharmacies, Fortune 100 corporations and other
related business.
All these institutions are desperately seeking protection from such fraud. While that which has been shown and described herein is considered to be the presently
preferred embodiments, it will be evident to those skilled in the art that various changes and
modifications may be made without departure from the scope of the invention.

Claims

CLAIMS:
1. Apparatus for providing security for confidential data and/or information that an individual desires to store and to provide limited and secure access to the stored data and/or stored information comprising: a conventional computer; a computer application that can be entered into said conventional computer; and an authentication/security device for authenticating an individual sender or an individual recipient or both; said authentic/security device also verifying an individual sender or an individual recipient or both.
2. The apparatus according to Claim 1, wherein said application contains all of the information and software capability to read information that is to be stored and maintained in secrecy.
3. The apparatus according to Claim 1, wherein said authentication/security device includes capability of selecting a digital signature, identifying an individual through biometrics, fingerprint analysis, or signature verification.
4. The apparatus according to Claim 1, wherein the separate recognition and storage device is connected to the conventional computer for having data written thereto removed by said storage device and stored therein and read from the device by another conventional computer provided with said application, said one or said other conventional computer does not store or save any data on its local hard drive;
5. The apparatus according to Claim, 1 wherein the separate recognition and storage device recognizes the individual user and upon recognition is activated to receive data from the computer application.
6. The apparatus according to Claim, 1 wherein the separate recognition and storage device recognizes the individual user and upon recognition is activated to discharge data from the device to the individual users designated computer.
7. The apparatus according to Claim 1, wherein said computer prompts the device to discharge information from said device or the receipt of information from the recognition and storage device, and once the information is stored on the recognition and storage device, it is completely removed from the computer.
8. The apparatus according to Claim 1, including a safety to prevent misuse and providing for a time out.
9. Method for providing security for data and/or information that an individual user desires to store and to provide limited and secure access to the stored data and/or stored information comprising the steps of: providing a recognition and storage device for authentication/security information for authenticating and assuring security for an individual sender or an individual recipient or both; entering data onto a computer through an application for use with a conventional computer; connecting the separate recognition and storage device to the conventional computer for having data written into the conventional computer and stored therein for reading the information and transferring the information to the device, said computer does not store or save any data on its local hard drive and said device removing all of the information from the computer; entering authentication/security information for authenticating the individual into said computer so as to render it ready to receive data in response to said device recognizing the individual user; and entering data onto the application in the computer and by said individual user and said device and computer cooperating for the device to receive data entered into the computer for storage in the device in response to recognition by said individual user, and once entered into and stored in the device the data is removed from the computer, and it is stored in the memory of the device.
10. Method according to Claim 9, wherein the recognition and storage device recognizes the individual user and upon recognition is activated to receive data from the computer application.
11. Method according to Claim 9, wherein said authentication/security is selected from a digital signature, biometrics, fingerprint analysis, or signature verification.
12. Method according to Claim 9, wherein the separate recognition and storage device recognizes the individual user and upon recognition is activated to discharge data from the device to the individual users designated computer.
13. Method according to Claim 9, including the prompting of said recognition and storage device for receiving information from the computer or discharging information to the computer.
14. Method according to Claim 9, wherein said computer controls the discharge or information therefrom or the receipt of information from the recognition and storage device, and once the information is stored on the recognition and storage device, it is completely removed from the computer.
15. Method according to Claim 9, including a safety to prevent misuse and providing for a time out.
16. Method according to Claim 9, wherein said application contains all the information and software capable for reading information that is to be stored and maintained in secrecy.
17. System for providing security for data and/or information that an individual desires to store and to provide limited and secure access to the stored data and/or stored information comprising: a computer application that can be entered into said conventional computer; an authentication/security device for authenticating and answering security for an individual sender or an individual recipient or both; and data is entered through the computer application onto the computer but does not stay on the computer and is removed from the computer by said device so that the data is never accessible to anyone from the computer.
18. The system according to Claim 17, wherein said application contains all of the information and software capability to read information that is to be stored and maintained in secrecy.
19. The system according to Claim 17, wherein said authentication/security device selects a digital signature identifying an individual through biometrics, fingerprint analysis, or signature verification.
20. The system according to Claim 17, wherein said device and computer cooperate so that the data entered into the computer is stored in the memory of the device and the data is completely removed from the computer.
PCT/US2002/028857 2001-09-12 2002-09-12 Method, apparatus and system for providing security in storing information, and limited and secure access to stored data and stored information WO2003023694A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US31866301P 2001-09-12 2001-09-12
US60/318,663 2001-09-12

Publications (1)

Publication Number Publication Date
WO2003023694A1 true WO2003023694A1 (en) 2003-03-20

Family

ID=23239095

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/028857 WO2003023694A1 (en) 2001-09-12 2002-09-12 Method, apparatus and system for providing security in storing information, and limited and secure access to stored data and stored information

Country Status (1)

Country Link
WO (1) WO2003023694A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6011858A (en) * 1996-05-10 2000-01-04 Biometric Tracking, L.L.C. Memory card having a biometric template stored thereon and system for using same
US6044349A (en) * 1998-06-19 2000-03-28 Intel Corporation Secure and convenient information storage and retrieval method and apparatus
US6219439B1 (en) * 1998-07-09 2001-04-17 Paul M. Burger Biometric authentication system
US20020077992A1 (en) * 2000-12-08 2002-06-20 Tobin Christopher M. Personal transaction device with secure storage on a removable memory device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6011858A (en) * 1996-05-10 2000-01-04 Biometric Tracking, L.L.C. Memory card having a biometric template stored thereon and system for using same
US6044349A (en) * 1998-06-19 2000-03-28 Intel Corporation Secure and convenient information storage and retrieval method and apparatus
US6219439B1 (en) * 1998-07-09 2001-04-17 Paul M. Burger Biometric authentication system
US20020077992A1 (en) * 2000-12-08 2002-06-20 Tobin Christopher M. Personal transaction device with secure storage on a removable memory device

Similar Documents

Publication Publication Date Title
JP2950307B2 (en) Personal authentication device and personal authentication method
US4993068A (en) Unforgeable personal identification system
JP4097040B2 (en) Tokenless identification system for approval of electronic transactions and electronic transmissions
CN100495430C (en) Biometric authentication apparatus, terminal device and automatic transaction machine
US6594759B1 (en) Authorization firmware for conducting transactions with an electronic transaction system and methods therefor
JP4578244B2 (en) Method for performing secure electronic transactions using portable data storage media
CA2417901C (en) Entity authentication in electronic communications by providing verification status of device
US7558965B2 (en) Entity authentication in electronic communications by providing verification status of device
US9338006B2 (en) Multi-channel multi-factor authentication
US20120221470A1 (en) User authentication and secure transaction system
CN1956016B (en) Storage media issuing method
US20100042835A1 (en) System and method for permission confirmation by transmitting a secure request through a central server to a mobile biometric device
US20080019573A1 (en) User Authentication Method Based On The Utilization Of Biometric Identification Techniques And Related Architecture
US20030101348A1 (en) Method and system for determining confidence in a digital transaction
US20050044377A1 (en) Method of authenticating user access to network stations
Matyas Jr et al. A biometric standard for information management and security
IL137099A (en) Method for carrying out secure digital signature and a system therefor
US20140258718A1 (en) Method and system for secure transmission of biometric data
US20120095919A1 (en) Systems and methods for authenticating aspects of an online transaction using a secure peripheral device having a message display and/or user input
JP2008197710A (en) Authentication method and system, portable device, authentication server, and authentication requesting terminal
US7565545B2 (en) Method, system and program product for auditing electronic transactions based on biometric readings
JP4760124B2 (en) Authentication device, registration device, registration method, and authentication method
WO2003023694A1 (en) Method, apparatus and system for providing security in storing information, and limited and secure access to stored data and stored information
Srivastava Is internet security a major issue with respect to the slow acceptance rate of digital signatures?
AU2008203481B2 (en) Entity authentication in electronic communications by providing verification status of device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP