CPC H04L 9/3231 (2013.01) [H04L 9/008 (2013.01); H04L 9/0866 (2013.01); H04L 2209/46 (2013.01)] | 14 Claims |
1. A computer-implemented method comprising:
during an enrollment process using an authentication application on a mobile device, wherein the authentication application is in direct communication with an authentication computer:
initiating, by the authentication application on the mobile device, the enrollment process for enrolling a user in an authentication program;
capturing a biometric enrollment sample of the user using the mobile device;
generating, by the authentication application, a biometric enrollment template using the biometric enrollment sample of the user;
storing the biometric enrollment template locally or at the authentication computer;
informing, by the authentication application, the authentication computer of the biometric enrollment template;
during an authentication process initiated by a resource provider application on the mobile device, wherein the mobile device interacts directly with a resource provider via the resource provider application:
confirming, by the resource provider application on the mobile device, with an authentication gateway computer that the biometric enrollment template of the user is managed by the authentication computer via the authentication application, wherein the authentication gateway computer is in communication with the authentication computer;
obtaining, by the resource provider application on the mobile device, a biometric authentication sample from the user using the mobile device;
generating, by the resource provider application, a biometric authentication template of the user from the biometric authentication sample;
obtaining, by the resource provider application, biometric matching information related to the biometric authentication template, wherein the biometric matching information comprises the biometric enrollment template;
authenticating, by the resource provider application, the user of the mobile device based on the biometric authentication template, the biometric matching information, and a cryptographic comparison protocol, the cryptographic comparison protocol including one or more of: secure multi-party computation, homomorphic encryption, or a fuzzy extractor, the fuzzy extractor being configured to:
generate two cryptographic keys from the biometric authentication template and the biometric enrollment template and
use the two cryptographic keys to authenticate the user,
wherein the cryptographic comparison protocol of the resource provider application is configured to compare a first cryptographic key representing the biometric authentication template to a second cryptographic key representing the biometric enrollment template without retrieving the biometric enrollment sample of the user; and
authorizing, by the resource provider application, access to a resource provided by the resource provider in response to the user being authenticated.
|