PDA-Protect, based on Windows Mobile devices in 2002, was the first Crypto-Sign® application and it was used to release a password to the authentication system following a good biometric match with the locally stored Crypto-Sign biometric template. This was used to protect PDA data from falling into the wrong hands if the device was lost or stolen. With the advent of smart phones and Tablets, the same concept using fingerprint or any other biometric modality can be used to provide secure mobile to cloud communications, access to VPN networks, protected web sites, sensitive device applications, files and electronic documents. It removes the need for users to remember and enter complex passwords and it can be used for conducting secure electronic document-based transactions and Payment Systems from these devices.
The graphic below depicts a Mobile application in the context of US Patent 8,842,887. The biometric sample can be from any modality but the Crypto-Sign signature verification system is depicted here.
The Crypto-Sign® biometric technology is a non-invasive biometric technology, based upon the signature/sign modality using automatic sign verification but the concepts surrounding the patented methodology can use any biometric modality available to the device
Again this application could work with a locally stored template (any modality) on the device or with a server-based template. Using Crypto-Sign, with the introduction of the Electronic Signatures in Global and National Commerce Act (the "E-sign" Act) an electronic signature is essentially any sign submitted electronically by the author signifying intent. This could be achieved by the submission of a password, which might release a private key to generate a digital signature to "sign" the document. Alternatively the author might submit a biometric sample (any modality) to be identified by the system and generate a PKI-based "electronic signature". The patented technology covers a method of using any biometric sample or the Crypto-Sign® automatic dynamic sign verification to verify identity. This could then be used to:
- Grant access to the mobile device.
- Release a valid ID and electronic signature - or other credential - of the individual and attach it to an electronic document or a signature-bearing transaction
- Release a private key for encrypting a message or sensitive data on the device
- Release a complex password, to allow the individual to gain access to sensitive application, Network or Website.
The use of a PIN with the biometric sample dramatically improves security in the example below, taken from a webcast done in conjunction with AT&T in 2007.
The Mobile Device as a secure Token
Using the Crypto-Sign secret sign, the mobile device displays all three ingredients of a high security authentication system.
- The "what you own" is the device.
- The "what you know" is the Secret Sign.
- The "something about you" is the Biometric data extracted from the way the Secret Sign is submitted by you.
- Similar password release methods can be used with any biometric technology available to the device.
The Mobile Device as the secure key to Workstations.
- Device presence is constantly monitored by the workstation on an encrypted line.
- Removal of the device closes down the session.
- Log-On to the Workstation/Network requires a Crypto-Sign enabled mobile device.
- Provides strong Authentication capability.
The Mobile Device as the source of Electronic Signatures for secure electronic documents for proof of authorship and of Encryption Keys for secure PKI communications.
- Paper Systems replaced by secure Electronic Documents. - Huge economic benefits
- Secure Payment System
- Secure local, remote or cloud-based communications