US 11,777,736 B2
Use of biometrics and privacy preserving methods to authenticate account holders online
Jason Blackhurst, San Francisco, CA (US); Kim Wagner, Sunnyvale, CA (US); John F. Sheets, San Francisco, CA (US); Chunxi Jiang, San Francisco, CA (US); and Sunpreet Singh Arora, San Mateo, CA (US)
Assigned to Visa International Service Association, San Francisco, CA (US)
Appl. No. 16/635,909
Filed by Visa International Service Association, San Francisco, CA (US)
PCT Filed Jul. 26, 2018, PCT No. PCT/US2018/043872
§ 371(c)(1), (2) Date Jan. 31, 2020,
PCT Pub. No. WO2019/032301, PCT Pub. Date Feb. 14, 2019.
Claims priority of provisional application 62/543,500, filed on Aug. 10, 2017.
Prior Publication US 2020/0228340 A1, Jul. 16, 2020
Int. Cl. H04L 9/32 (2006.01); H04L 9/00 (2022.01); H04L 9/08 (2006.01)
CPC H04L 9/3231 (2013.01) [H04L 9/008 (2013.01); H04L 9/0866 (2013.01); H04L 2209/46 (2013.01)] 14 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
during an enrollment process using an authentication application on a mobile device, wherein the authentication application is in direct communication with an authentication computer:
initiating, by the authentication application on the mobile device, the enrollment process for enrolling a user in an authentication program;
capturing a biometric enrollment sample of the user using the mobile device;
generating, by the authentication application, a biometric enrollment template using the biometric enrollment sample of the user;
storing the biometric enrollment template locally or at the authentication computer;
informing, by the authentication application, the authentication computer of the biometric enrollment template;
during an authentication process initiated by a resource provider application on the mobile device, wherein the mobile device interacts directly with a resource provider via the resource provider application:
confirming, by the resource provider application on the mobile device, with an authentication gateway computer that the biometric enrollment template of the user is managed by the authentication computer via the authentication application, wherein the authentication gateway computer is in communication with the authentication computer;
obtaining, by the resource provider application on the mobile device, a biometric authentication sample from the user using the mobile device;
generating, by the resource provider application, a biometric authentication template of the user from the biometric authentication sample;
obtaining, by the resource provider application, biometric matching information related to the biometric authentication template, wherein the biometric matching information comprises the biometric enrollment template;
authenticating, by the resource provider application, the user of the mobile device based on the biometric authentication template, the biometric matching information, and a cryptographic comparison protocol, the cryptographic comparison protocol including one or more of: secure multi-party computation, homomorphic encryption, or a fuzzy extractor, the fuzzy extractor being configured to:
generate two cryptographic keys from the biometric authentication template and the biometric enrollment template and
use the two cryptographic keys to authenticate the user,
wherein the cryptographic comparison protocol of the resource provider application is configured to compare a first cryptographic key representing the biometric authentication template to a second cryptographic key representing the biometric enrollment template without retrieving the biometric enrollment sample of the user; and
authorizing, by the resource provider application, access to a resource provided by the resource provider in response to the user being authenticated.