SYSTEM AND METHOD FOR PLATFORM-INDEPENDENT

BtONJETRJCALLY VERFJED SECURE INFORMATION TRANSFER AND ACCESS CONTROL

FtELD OF THE JNVENTJON

5 The present invention relates generaiiy to a system and method for biometricaSly verifying and securing transfer of information between two or more parties, and more particularly to a system and method for providing various advantageous biometrically-enhancsd platform-independent features to the process of information transfer between two or more parties.

10 BACKGROUND OF THE (NVENTtON

Sn the Sast decade, the rapidiy decreasing cost of computers, coupied with simuitaneous performance gains, as wel! as the growing avaiiability of inexpensive access to high speed telecommunications, have resuited in a dramatic jump in the instailed base of computers and broadband

15 telecommunication connections both in consumer and commercial areas.

The proliferation of computers and low-cost high-speed telecommunications, also ied to an ever-growing increase in the amount of information exchanged between various parties, within and between circles of individuals ranging from social groups (friends, famiiy), to government,

20 educationa! and corporate organizations. in addition, the explosive growth of versatile personal communication devices (such as, for example, celiuiar teSephones equipped with a myriad of functions) has arguabiy eclipsed the above-noted rise in availability of

computers with high speed telecommunication connections. With each month, new persona! communication options become available to consumer and organizational users, most often embodied in mobile telephones that are smaller, more powerful, and with a more impressive list of features, than 5 comparable models released mere weeks ago.

Not surprisingly, these trends have led to an unprecedented escalation in demand for solutions related to secure transmission of information between various parties {e.g., electronic data transmissions, voice communications, etc.), and also for solutions related to controlling access to secured stored

10 content (e.g., ranging from personal information, such as photographs, to content generated and owned by corporate, government and educational organizations).

For decades, and continuing to present day, the primary solution to securing transmission of information between parties using electronic devices,

15 has been to enable the sending party to encrypt transmitted information, and, at the same time, provide the receiving party with the ability to decrypt and access the sent information. One popular approach to securing electronic data, transmission involves the use of PGP (or "pretty good privacy") encryption, with appropriate PGP keys being exchanged between the parties

20 prior to data transmission, and later used to achieve encryption, and subsequent decryption, of transmitted data. Similar security measures have also been the typical approach taken to secure access to stored content, where the access to content (encrypted or otherwise) is controlled by a password, or other form of access code, provided to the party authorized to

25 gain access thereto.

~2~

However, the above solutions have significant drawbacks. First and most important, is the fact that none of the previously known encryption techniques enabled the parties involved in information transfer therebetween, to authenticate the identity of the party sending the information, as the source 5 of the transmission, and also to authenticate the identity of the recipient, to confirm that the transmitted information was accessed by the specific identified party to which it was addressed, rather that by anyone having access to the receiving party's communication device and/or access code (e.g., usemame/password).

10 The same challenge is present in the field of content access control, where anyone can use a stolen, or otherwise misappropriated, access code {e.g., username/password) to gain unauthorized access to secured content. Additionally, the process of exchange, and/or provision, of PGP key information, is complex and cumbersome - a deterrent to the use of

15 conventional encryption/decryption technologies for most parties outside government and corporate sectors.

One attempt to address the above challenges was the proposed utilization of biometric access control systems by the sending and receiving party to authenticate the identity of the sending and receiving party. The use

20 of biometric technologies has previously gained some acceptance in the field of content access control, and so, application of such technologies to the goal of securing data transmission was a reasonable approach.

Biometrics is a field of technology aimed at utilizing one or more unique personal characteristics of an individual, ranging, for example, from their

25 fingerprints to their hand vein pattern, odor, iris image, or their DNA, to

- „ ^■ > -

authenticate their identity. Biometric technologies are typicaliy of two types ~ passive and active. Passive biometrics either do not require the individuai who's identity is being verified to do anything other than to enable a certain biometric characteristic to be acquired by the system (e.g., by placing a finger 5 on a fingerprint scanner, by iooking into a retinal scanner, or by iooking in the direction of a facial scanner). Active biometrics require the individual who's identity is being verified to perform one or more predetermined actions in order to enable the system to acquire the representation of one or more appropriate biometric characteristics (e.g., by providing a signature, by

10 speaking, by squeezing a certain object, etc.). Certain types of biometric systems may incorporate a combination of active and passive biometric approaches. The various types of biometric systems are discussed in greater detail in the commonly assigned co-pending U.S. Patent Appiication Sena! No. 1 1/332,017 entitled ^h M U LT I PLATFORM INDEPENDENT BiOMETRIC

15 IDENTiFICATiON SYSTEM", which is hereby incorporated by reference herein in its entirety.

While certainly appearing to address one of the key challenges of securing information transfer, biometric access control systems suffer from a number of serious disadvantages that have prevented their widespread use,

20 and that have effectively stunted their growth in most areas outside of physical access control and ioca! computer access control applications. To understand these disadvantages, it is useful to provide an overview of previously known biometric access control system operations.

A biometric access control system (aiso interchangeabiy referred to

25 herein as "biometric identity verification system" ¹ ), typicaiiy includes two main

-4-

components - a physical device of some sort to actively, and/or passively, acquire predetermined biometric information, and program instructions (such as a software application, embedded in the device, installed on the computer connected to the device, or a combination of both), for managing the 5 operation of the device, and for providing biometric recognition technology that enables utilization of the device to authenticate the identity of one or more individuals previously "enrolled" in the system when the individual presents the appropriate biometric information to the device.

Each individual authorized to use a biometric access control system, is

10 first "enrolled" (i.e., registered) in the system, so that the system can acquire particular biometric information from the individual in accordance with a predetermined enrollment protocol (for example, requiring the individual to provide the same, or similar, biometric information several times, etc.). The acquired biometric enrollment information is then transformed, in accordance

15 with one or more proprietary technologies, into a "recognition template" (or equivalent logical data stαicture), representative of the acquired biometric information, and then optionally optimized for use with the appropriate biometric recognition algorithms.

During a later authentication attempt, biometric information, of the

20 same specific type as was originally enrolled (e.g.. left Index finger fingerprint, right iris, etc.), is presented to the biometric device, then acquired and transformed into a template, and finally compared to the enrolled stored recognition template, to determine a match, in accordance with one or more recognition criteria (for example a "recognition threshold", representative of

25 the allowable degree of difference between the enrolled template, and the

presented template, for successful authentication thereof), and therefore to authenticate the identity of the presenting individual. The two main reasons for using stored recognition tempiates are: (1) as a requirement for using biometric recognition algorithms during the authentication process; and (2) to 5 ensure that actual acquired biometric information is never stored for security purposes.

The key disadvantage, crippling the use of biometrics as a broad scalable secure information transfer and access control solution, has been the combination of (1) availability of several hundred different biometric devices of

10 various types flooding the market (with the amount of devices growing each year) and (2) the fact that in a vast majority of cases, the available biometric devices, even of the same type (e.g., fingerprint scanners) are incompatible with one another. Each of these devices uses their own biometric software {although several device manufacturers share a similar core biometric

15 information acquisition device and biometric recognition algorithms), and during enrollment creates a biometric recognition template specific to the device. In addition, the enrollment recognition template may be stored in the biometric device, in the computer to which the device is connected, in a different computer connected thereto, or in one or more of the above,

20 depending on the device model. As a result, the enrolled individual must always utilize the specific type and model of biometric device and the specific computer (or computer network) where they originally enrolled.

Another devastating shortcoming of previously known biometric systems, fiowing from general incompatibility of biometric devices, from

25 different manufacturers, is the fact without any clear unifying standard, the

-6-

only way for parties to truly use a biometric technology solution for verifying the identity of the sending and/or receiving party, and for securing information transfer therebetween (as opposed to using biometrics as a password replacement supplement to conventional security measures), is for ail parties 5 to acquire and use the same compatible mode! and type of biometric device. This is a serious drawback, because commitment to utilization of a specific type and brand of biometric identity verification device, requires a significant degree of collusion and common agreement between many individuals that intend to use the system.

10 in addition, the issue of compatibiiity and uniformity is particularly probiematic for any large scale implementation of a system for verifying and securing information transfer. The requirement that ail parties in a iarge organization involved in developing and, more importantly, using the system, to cooperate and coordinate biometric device acquisition and uniform

15 installation, to ensure that everyone involved is using the same biometric devices equipped with compatible biometric recognition software, is very burdensome and a significant barrier to implementation of such systems.

And, if a particular biometric device in such a system is Safer repiaced with another biometric device using a biomefric recognition template

20 incompatible with the original biometric device, ail of the devices in the system must be replaced to maintain compatibiiity therebetween, and all individuals using those devices must be re-enrolled with the new devices,

Simiiar issues exist with respect to use of biometrics to control access to content - all involved parties must use a biometric device that is compatible

25 with the system providing biometric access control to the content, and

~7~

similarly are limited to using the same type and model of biometric device, and only at the computers (or computer networks) where they previously enrolled. in addition, if a previously known installed biometric security system is 5 changed to a new one that uses a different infrastructure, or is significantly upgraded, while the previously used biometric devices used are kept, then aii of the users would need to repeat the time consuming and resource intensive re-enrollment process on each biometric device to generate a new biometric enrollment database compatible with the new biometric security system,

10 Moreover, there is a growing number of security appiications and government ruies and regulations which require the use of multiple authentication factors (i.e., by simultaneous or sequential utilization of multiple biorπetric identity verification systems by a user to authenticate the identity thereof) to perform certain secure tasks,

15 While the above-incorporated U.S. Patent Application S/N: 1 1/332,017 provided a solution to interoperable utilization of different types of biometric devices in the same group of users (for example, the users of a local or wide area network), it did not specifically address all of the issues involved in applying the disclosed techniques to the purpose of using biometrics to

20 secure and authenticate transmission and receipt of information transferred between various parties.

Thus, none of the previously known biomefric security approaches enable parties to verify and secure the transfer of information therebetween, utilizing any biometric identity verification system available to each party,

25 without regard to the biometric identity verification system (or systems) utilized

~8~

by the other party or parties, nor do any previously known biometric security systems enable users to each utilize one or more different biometric identity verification devices, individually or in conjunction with one another. Furthermore, none of the previously known biometric security systems provide 5 the capability to easily add newiy developed or released biometric identity verification devices thereto, it would thus be desirable to provide a system and method for transferring secured information, between parties, while enabling authentication of identities of at ieast one of, the party sending the

10 information, and the party, or parties, receiving and/or accessing the received information, with each party being able to utilize multiple different biometric identity verification systems of their choice, independently of the biometric identity verification systems used by the other party, it wouid additionaϋy be desirabie the provide the above-described system and method also having

15 adaptive inteiligent biometric identity verification system enroiiment with the capabiiity to easiiy add newiy developed or released biometric identity verification devices thereto, transparently to the users thereof,, it would further be desirable to provide a system and method for restricting access to content to one or more specific identified individuais, where each identified individual

20 is able to utilize one or more biometric identity verification systems of their choice, independently of the access confroi system being used, and independentiy of the biometric identity verification systems being utiiized by other identified individuais (if any), it wouid additionaily be desirable, to provide a system and method for tracking and biometrically verifying various

25 data relating to previously conducted information transfer between parties,

.9.

whether such transfer occurred through transmission of information therebetween, or by one party allowing access to secured content to one or more other, biometricaily verified, parties.

-10-

BRiEF DESCRIPTION OF THE DRAWiNGS in the drawings, wherein like reference characters denote corresponding or similar elements throughout the various figures:

FSG. 1A shows a block diagram of a first exemplary embodiment of the 5 inventive secure information transfer management (SITM) system, that enables verifying and securing information transfer between parties, through platform- independent identity verification;

FiG. 1 B shows a block diagram of an alternate exemplary embodiment of the inventive SiTM system of FIG. 1A;

10 FiG. 2 shows a biock diagram of a second exemplary embodiment of the inventive SITM system, that enables verifying and securing information transfer between parties, through platform- independent identity verification;

FiG, 3 shows a block diagram of a third exempiary embodiment of the inventive SiTM system, that enables verifying and securing information 15 transfer between parties, through platform- independent identity verification;

FiG. 4 shows a biock diagram of an exemplary embodiment of the inventive SiTM system; that enables verifying and securing information transfer between parties, through platform- independent identity verification;

FiG. 5 shows a iogsc fiow diagram of an exempiary embodiment of a 20 process of implementing and utilizing the SiTM system of FiGs. 1A - 3;

FiG. 6 shows a iogsc fiow diagram of an exempiary embodiment of a process of implementing and utilizing the SiTM system of FiG. 4;

*1 i ^w

FSG. 7 shows a logic flow diagram of an exemplary embodiment of a process of initial enrollment of a user prior to utilization of the SUM system of FIGs. 1A ~ 3; aπcS

RG, 8 shows a iogic flow diagram of an exemplary embodiment of a 5 process of enrolment of an additional biomβtric identity verification system by a user of the SITM system of FIGs, 1A ~ 3.

„ J1L ^ ">.

SUMMARY OF THE INVENTtON

The inventive data processing system and method enable secure transfer of information between two or more parties, each having access to at ieast one identity verification system, utilizing a platform-independent 5 architecture to enable the sending and receiving parties to verify transmission and receipt of secured (e.g.. encrypted) information, and/or to control access by one party to information secured by another party, regardless of the type, model, ownership, and/or quantity of faiometric identity verification (8!V) systems being utilized by each party

10 In one embodiment of the inventive system and method, parties desiring to secureiy transfer information between one another, register at a centra! independent biometric security management (IBSM) system, and each provide a biometric enrollment for each biometric device (i.e., BIV system) that they wish to utilize, which are then stored by the IBSM system in their

15 unique record. Advantageousiy, each such record is configured for storing multiple BIV system enrollments for each party, such that the parties can each use one or more different BiV systems in conjunction with the inventive system. Optionaliy, if there is a pre-existing biometric security system that comprises records with biometric enroϋments for one or more users, as part of

20 the registration process the IBSM system can readiiy import existing biometric enroiiments for each user into their individuai record. In this case, the user having such previousiy obtained biometric enrollment(s) for specific BIV devices, would not need to repeat the enroϋment procedure for those devices.

-1 ϊ-

The inventive system and method also provide an adaptive enrollment feature which enables the system to function automatically and transparently with new BiV systems that have not been previously enrolled by the user, if such systems produce enrollments that are sufficiently similar to the ones

5 already stored in the user's record,

In addition, during the initial user enrollment process, a predetermined security policy is applied to the user ^' s record in the IBSM system. The security policy governs all key parameters of the user's utilization of the BlV systems to ensure compliance with the security rules and policies of the owner of the 10 security infrastructure that utilizes the inventive system and method (which may range from a singe user to an organization (e.g. a corporation a government agency, etc.)). The security policy also includes an enrollment policy that determines the requirements which must be met by the user when adding new BlV systems in the future.

15 While the security policy is preferably predetermined before user enrollment, optionally, if permitted by the owner of the security infrastαicture or another authorized party, or, if the user is the owner or authorized party, the user may modify an existing security policy or, if no security policy is present, the user may define the security policy,

20 Thereafter, the inventive system also enables any registered party to send biometrically (and otherwise) secured information to the other party utilizing any available BIV system (or systems) that is compatible with one or more of their registered biometric enrollments stored in their I BSM system record, regardless of BIV system ownership, and without requiring local

-14-

enrolment Thus, registered users can advantageously utilize a compatible BSV system of any information transfer device capable of communication with the IBSM system.

In another embodiment of the inventive system and method, that may

5 be readily utilized on its own, or in conjunction with the previously described embodiment, a party registered with the IBSM system, that owns certain secured content, is able to selectively designate identities of one or more registered parties that are authorized to access the secured content and/or a portion thereof upon verification of their identity, and, optionally, provide one

10 or more rules of varying complexity to the IBSM system governing such access.

Other objects and features of the present invention will become apparent from the following detailed description considered in conjunction with the accompanying drawings. It is to be understood, however that the 15 drawings are designed soleiy for purposes of illustration and not as a definition of the limits of the invention, for which reference should be made to the appended claims.

-15-

DETAtLED DESCRIPTtON OF PREFERRED EMBODIMENTS

The system and method of the present invention remedy the disadvantages of previously known biometnc solutions directed at verifying and securing information transfer between parties, by providing a platform- 5 independent biometric security management system architecture that enables registered parties to securely transfer information therebetween, and verify the identities of the party enabling the transfer (e.g., by transmission of information, or by enabiing secured access to stored information), and/or of the recipient party gaining access to the information (e.g., by receiving the

I O information, and/or by accessing secured stored information), utilizing any biometric identity verification system available, regardiess of the type, model, and/or ownership, as iong as the utilized biometric system is compatible with one or more of their previously registered multiple biometric enrollments.

The inventive system and method achieve the above, and other

15 objectives, by enabiing prospective users to register with a centralized independent biometric security management (IBSiVi) system, and. during the registration process, in addition to providing identifying information (name, contact information, etc.), to also supply one or more biometric enrollments, utilizing one or more biometric identity verification systems (i.e., BIV system)

20 available to them. Any registered user is also able to add additional biometric enrollments, from any other BIV system, at a later time to expand their ability to utilize the inventive system utilizing many different BIV systems.

The novel IBSM system stores the above information in unique records, each assigned to an individual registered user, and further enables

-16-

additional information to be stored in the records. Advantageously, each such record is configured for storing multiple BIV system enrollments for each user, such that each user can each utilize one or more different BiV systems in conjunction with the inventive system. This feature of the present invention is 5 particularly important for the growing number of security applications which require multiple authentication factors (i.e., by simultaneous or sequential utilization of multiple BIV systems to authenticate identity) to perform certain secure tasks.

In addition, as described in greater detaii below in connection with FIG.

10 7, during the initial user enrollment process, a predetermined security policy is applied to the user's record in the IBSIVl system. The security policy governs all key parameters of the user's utilization of the BIV systems to ensure compliance with the security rules and policies of the owner of the security infrastructure that utilizes the inventive system and method (which may range

15 from a singe user to an organization (e.g. a corporation, a government agency, etc.)). The security policy also includes an enrollment policy, as discussed in greater detail below in connection with FIG. 8, that determines the requirements which must be met by the user when adding new BIV systems in the future.

20 While the inventive system and method are described below in connection with certain drawing figures in exemplary embodiments, as being advantageously configured for use with transfer of electronic information over a communication network (e.g., the internet or other telecommunications network), it should be understood to one skilled in the art, that the inventive

25 system and method may be readily and advantageously utilized for enabling

-17-

secured information transfer of any type (audio (e.g., voice), video, sensor information, machine-readable data, etc.), without departing from the spirit of the invention, as a matter of necessity or design choice.

Similarly, while the descriptions of various embodiments of the 5 inventive system and method, interchangeably refer to various data processing systems used in conjunction therewith as "computers", it should be noted that any system with similar capabilities, necessary for performing the tasks required by the inventive system and method, may readily be used as a matter of necessity or design choice, without departing from the spirit of the

10 invention. For example, it is specifically contemplated that a wireless telephone {such as a celiuiar telephone) with sufficient data processing capabilities may be readily utilized in accordance with the present invention.

Before describing the various embodiments of the inventive system and method, and the components, infrastructure, and operation in greater detail, it

15 would be helpfui to provide the definitions of certain terms used in the drawing figures, and in the accompanying descriptions. Table 1 below contains summary of definitions of commonly used terms within the context of the description of the various embodiments of the present invention,

Because the terminology that may be currently utilized to describe the

20 various embodiments of the novel system (and its functionality), evolves and changes rapidly, for the purposes of clarify, and without departing from the spirit of the invention, the various elements, components, infrastructures, and process steps of the inventive system and method, are described in Table 1 , and further below, in terms of their required or desired functionality, and/or in

25 terms of objectives they are intended to accomplish, in accordance with the

-18-

present invention, rather than as specific structural and/or process implementations, which may change in nomenclature with advances in information systems technology.

For exampie, as computers of various types are well known in the art, it

5 is presumed that any computer used in conjunction with the present invention, wϋi include the typicai components necessary for its operation, e.g., one or more CPUs, memory, long term data storage, and, in cases of computers typically utilized by users, one or more input devices, a display, and so on. In addition, because a number of abbreviated terms are used for the sake of

10 convenience in FIGS. 1A to 6, and further below, Table 1 aiso provides the definitions of all abbreviated terms used herein.

Tabie 1 IDefmitiorts/Termirtoiogyi

-I ¹ - ⁾ -

and/or verified information from another party (or parties), whether by transmission therefrom, or by accessing secured content, as permitted by the other party (or parties).

Thus, in accordance with the present invention, users may range from private individuals, to members of groups of any type and with any amount of hierarchical levels and subgroups and that may be readily overlap with other groups (e.g., groups of friends, family members, employees of a corporation, government employees and/or officials of varying ranks in one or more agencies, students of a particular university, etc.)

fnfoTr System information transfer system. For the purposes of the present invention, an information transfer (IπfoTr) system, is defined as any system having at least some of the following characteristics;

1. capability for transmitting information to at ieast one other Infoϊr system;

2. capability for receiving information from at

.?0-

Sea st one other InfoTr system;

3. capability for storing data and applications for issuing instructions, and, tn response to issued instructions, performing tasks involving data stored therein or provided thereto, sufficient to enable functionality necessary for operation of the novei system and method as described blow in connection with FIGS. 1A to 8;

4. capability for dispiaying information relevant to its operation and the performed tasks;

5, capability for communicating with the 18SM system (see definition beiow); and

6, capability for receiving instructions from an operator,

in accordance with the present invention, the term InfoTr system" can also refer to a coliection of two or more interconnected InfoTr systems (e.g., a local area network) having the above capabilities individually, and/or jointiy. The InfoTr system preferably includes an operating environment, and one or more

_"> ] _

instruction sets (e.g., program applications), that provide it with the ability to execute functions relating to sending and/or receiving information. By way of example, for an InfoTr system implemented as a personal computer, the operating environment may be an appropriate operating system, while an exemplary information transfer instruction set, may be an electronic mail program.

By way of example, computers ranging from pocket-sized personal digital assistants (PDAs), and smart telephones to persona! desktop or notebook computers, to high power servers and server networks, are the most common exemplary implementations of InfoTr systems, and, in most cases, readily possess all the capabilities necessary for operation as components of various embodiments of the inventive system and method.

Accordingly, the InfoTr systems shown in various embodiments of the present invention, are preferably computers or advanced communication

EDA Encryption / decryption application. For the purposes of the present invention, an EDA is a set of instαsctions, for example embodied in a program application executable by an InfoTr system, and/or by the iBSM system, or as a moduie Io another application {e.g., the application responsible for transmission of information), capable of encrypting and/or decrypting electronic information in any form.

Advantageously, any type of EDA, whether currently available, or developed in the future, may be readily in conjunction with the inventive system and method without departing from the spirit of the invention, in one embodiment of the inventive system and method, dυhng encryption of information to be transmitted, the EDA utilizes at least a portion of the UBiV_Eiement (see definition below) of the user of the InfoTr system sending the transmission.

SECURITY J>oltcy The security poiicy governs ail key parameters of utilization of the BIV systems by authorized users to ensure compliance with the security ruies and policies of the owner of the security infrastructure

_">{ ^" i-

_">7.

It should be noted, that the specific numbers of users, and corresponding SnfoTr systems shown in the various FIGs. 1A to 4, are provided by way of example only. Because the inventive secure information transfer management {SiTM} system is completely scaiable, it may be used in configurations ranging from as few as two users, to as many as practically

possible, as a matter of design choice or convenience, without departing from the spirit of the invention.

Referring now to FiG. 1A ₁ a first exemplary embodiment of the inventive SITM system 10 is shown. The SITM system 10 enabies secure and 5 verifiable transfer of information between at least two users 20 and 30 (see Table 1 , definition #1), Each of the users 20, 30 preferably operates a corresponding information transfer { InfoTr) system 22, 32 (for example a computer or mobile communication device), capable of transmitting information to other infoTr systems of the same, or of different type and/or

10 configuration. Thus, for example, each of the infoTr systems 22 and 32 may be of a different type - InfoTr system 22 may be a personal computer, while InfoTr system 32 may be a smart mobile communication device.

Each of the InfoTr systems 22, 32 preferably includes a corresponding encryption / decryption application (EDA) 24, 34, respectively (see Table 1 ,

15 definition #6), for enabling each of the users 20, 30 to secure and verify information transferred therebetween (for example by encrypting it at for transmission and then decrypting it when received and accessed, upon recipient identity verification).

Each of the InfoTr systems 22, 32 includes, or has ready access to, a

20 corresponding biometric identity verification system (BIVS) 28, 36. As discussed in greater detail above, in connection with the background of the present invention, a BIVS utilizes one or more unique persona! characteristics of a user registered therewith, to verify their identity, As discussed in greater detaii below in connection with FIG, 1 B, a BIVS typically includes a biometric

25 identity verification device (BiVD) for acquiring biometric information from a

user, and a corresponding biometric identity verification application (BSVA) for controlling the operation of the BIVD, and for enabling the acquired biometric characteristics to be used for identity verification, in accordance with the present invention, each of the BIVS 26, 36 may 5 be any type of BIVS whatsoever, Advantageously, the BiVS 26, 38 do not need to be compatible with one another. Thus, the BiVS 28 may be a fingerprint scanner, while the BIVS 36 may be a faciai recognition system, it shouid be noted that in accordance with the present invention, the term BiVS may also refer to muitipie BIVDs connected to the same SnfoTr system, that

10 can provide muitipie authentication factors for certain predetermined security appiications.

Preferably, each BiVS 28, 38 is capable of "enrolling" (i.e., registering) one or more users (e.g. users 20, 30), and generating a corresponding user biometric identity verification element (UBIV_Eiement), representative of the

15 biometric information acquired by the BIVD and processed for use in future user identity verification (e.g., by creating a recognition template, or otherwise). In previously known biometric security systems, a user's UB!V_Element is typically stored in one or more of the BIVS, the InfoTr system connected thereto, or, in client-server configurations, on a separate

20 centra! InfoTr system.

The SITM system 10 also includes an independent biometric secunty management (IBSM) system 60, which is the key component of the present invention. The IBSM system 60, is preferabiy an data processing system (such as one or more computers (e.g. a server, or network of servers}},

25 capable of communicating and interacting with as many different InfoTr. and

-30-

BiVS types, models and configurations as is practicable or, at a minimum, as many as is required by the desired SITM system 10 configuration, capacity, and intended use.

The SiTM system 10 also includes a communication Sink 4O ₁ for 5 enabiing communication between the infoTr system 22 and the InfoTr system 32, a communication link 42 for enabling communication between the InfoTr system 22 and the IBSM system 60, and a communication link 44 for enabling communication between the infoTr system 32 and the SBSM system 60 (see Table 1 , definition #1 1). One or more of the communication links 40, 42, 44

10 may be different from one another, or they may all be the same. For example, the communication link 40 may be a wireiess voice telecommunication link, whiie communication link 44 is a broadband land telecommunication Sine and the communication link 44 is a wireless data communication link. Or, all of the communication links 40, 42, 44 may be the Internet

15 Prior to utilization of the inventive SITM system 10, each user desiring to take advantage of the advantageous SITM system 10 functionality (e.g. each of the users 20, 30), performs a registration or enrollment process, for example such as the exemplary initial user enrollment process 600 described below in connection with FIG. 7. Regardless of the specific initial enrollment

20 process used, such a process, at a minimum, involves the following steps:

(1 ) providing certain predetermined personal identifying information (e.g. name, address, etc);

(2) verification of that information {by third party confirmation, in case of certain types of users (corporate or government

-31-

employees, etc.), or by other weii known reliable identity verification approaches;

(3) storing, in the IBSM system 60, the provided information (and optionaiiy the source of verification) as USER_Data 64c in a

5 corresponding record {USERJRecσnd 62) for each user,

Optionaiiy, if the user is aiready biometricaliy registered at their InfoTr system through the corresponding BIVS (e.g., if the user 20 previously used BiVS 26 to enroll on their infoTr system 22), and the SBSM system 60 is appropriateiy configured by an 10 authorized administrator, it may accept identity verification based on previous local infoTr system biometric registration; and

(4) utilization of their respective BIVS (e.g. BIVS 26 for user 20, and BiVS 36 for user 30) to generate one or more corresponding

15 UBiV_Element{s) and transmit it, via respective communication

Sinks (e.g. link 42 for user 20, and link 46 for user 30), to a UBiV_Record 64, configured for storage and utilization of multiple concurrent UBIV_Elements, that is part of the corresponding USER __Record 62 stored in the 18SM system 60.

20 Optionaiiy, if there is a pre-existing biometric security system

(not shown) that comprises records with biometric enroliments for one or more users, and that can communicate with the SITM system 10, as part of the registration process, the IBSM system 60 can readiiy import existing biometric enrollments for each

25 user into the UBiV_Rβcord in their individual USER_Record. In

this case, the user having such previously obtained biometric enroSSment(s) for specific BIVS(S), would not need to repeat the enrollment procedure for those systems/devices.

Thus, for each user 20, 30, the !BSM system 60 stores the individual

5 unique USER_Record 82, that includes that user's verified identifying information USERJData 64c, as well as at least one of their corresponding

UBϊV_Element(s) 64a-64b in the UBϊV_Record 64. The USER_Record 62 also preferably includes a SECURITY_Policy 64d (defined in Table 1 above), which also includes an ENROLLJ ³ OIiCy 64e (defined in Table i above), as

10 well as one or more security proiocoS(s) 64f that define the specific security rules and parameters thereof

By way of example, the SECUR!TY_Policy 64d may include security protocols 64(f) that define the rules for sending secured information to other registered users (such as a selectable list of potential recipients, the ne&ύ for 15 receipt and/or viewing verification, etc.), as well as define one or more additional rules of varying complexity, governing the recipient's access to the transmitted secured information. For example, a sending user 20 can specify a rule, that a particular transmission of information (e.g., electronic mail message with attachment), may only be opened by the intended recipient, 20 user 30. if that recipient successfully passes identity verification from a BIVS 38 that includes two (or more) different biomefric identify verification devices (e.g., a fingerprint scanner and a facial scanner), or that two separate recipients (user 30 and user 50) must both verify their identity with the I8SIVS system 80, in order to access the content of the transmission.

-33-

As discussed beiow in connection with FIGs. 2 and 8, any user can generate additional UBIV_E!ements for their USER_Record, utilizing BiVS of different types, models, and/or configurations, such that their UBiV_Record in the USER_Record stores multiple U BIVJξ laments for a variety of BIVSs. This 5 is a crucial advantageous feature of the present invention -- because any user registered with the iBSM system 60 is able to verify their identity through any BiVS, even one which they never used, or one that is part of another user's InfoTr system, if it is capable of utilizing any of the UBIV__Elements stored in the USER_Recor& This advantageous feature of the present invention is

10 described in greater detaii beiow in connection with FiG. 8.

The above-described novel feature enables the I BSiV! system 60 to be truly "piatform-independent" with respect to compatibiiity with various InfoTr and BIVS types, models, and configurations. For example, a user 50, previously registered with the IBSIvI system 60, and having a UBIVJEiement

15 compatibie with the BiVS 38 stored in their USER_Record, is able to utilize the InfoTr System 32 and the BiVS 36 of the user 30, to verifsabSy exchange secured information with other registered users, for example, with another user 46 _« that may have access to the InfoTr system 22,

Thus, preferabSy, the 18SM system 80 may be scaied to any necessary

20 capacity, and provided with aii necessary components (hardware and/or software), to enabie it to readily communicate, and interact with, the various InfoTr systems, BiVS, and other components of the inventive SITM system (as illustrated, by way of example, for SITIVS systems 10 of FiG, 1 A, 70 of FIG. 1 B, 100, of FiG. 2, 200 of FiG, 3, and 300 of FIG, 4).

-34-

It should also be noted that, the Independent Biometric Security Server" disclosed in the above-incorporated U.S. Patent Application S/N: 11/332,017, may be readily and advantageously configured for use as an IBSM system 60. Optionally, any other data processing system capable of 5 similar or equivalent biometric platform-independent functionality to the independent Biometric Security Server" may be readily utilized as the IBSM system 60, as a matter of design choice, without departing from the spirit of the invention.

Additionally, as long as the above-described minimum SBSM system 80 10 registration steps are followed, any user can readily utilize another user's InfoTr system and BIVS to register as long as independent verification of the users identity is available to finalize registration,

In accordance with the present invention, the users 20, 30 utilize the

IBSIV5 system 60 during transfer of a secured information transmission (SIT)

15 52, between InfoTr systems 22 and 32, over the communication link 40, to verify identities of the sending user (e.g., user 20), as well as the identity of the user receiving and accessing the SIT 52 (e.g., user 30}, in addition, the

IBSM system 60 may be advantageously utilized as part of the SIT 52 generation process (e.g. when the information to be transferred is encrypted

20 or otherwise secured) by the EDA 24, and then accessed (e.g., decrypted) by the EDA 34. in an alternate embodiment of the invention, in addition to, or instead of one or both of the EDA 24, 34, the IBSM system 60 may include an optional

EDA 66, that performs ail, or some, of the tasks necessary for generating and

25 accessing the SIT 52. Additionally, rather than being transferred through the

-35-

communication link 40, in yet another alternate embodiment of the invention, the SlT 52 may be readily transmitted between InfoTr systems 22 and 32 through the IBSM system 60 via the communication links 42, 44. in summary, in one of its simplest implementations, the inventive SITM 5 system 10 operates as follows: the user 20, desiring to transmit certain information to the user 30, indicates, to the IBSM system 60, themselves as the sender, and the user 30 as the intended recipient. The user 20 then provides biometric information to the IBSM system 60 through their BiVS 24, which is processed and compared to a compatible UBIVJξSement stored in

10 their USER__Record, to verify the identity of the user 20. The information to be transferred is then encrypted to generate the SlT 52 (optionally utilizing at least a portion of one or both of the UBIV _^ Eiement of the sending user 20, and the UBIV_E!emeπt of the receiving user 30). The SiT 52 is then transmitted to the user 30, and upon receipt by the infoTr system 32, to

15 access the information in the SIT 52, the user 30 must verify their identity to the iBSM system 60, by providing biometric information thereto through the BiVS 36, that, when processed, is successfully matched to a compatible UBlV_Element stored in the USER__Record of the user 30 (optionally in accordance with predetermined biometric recognition criteria (e.g., threshold,

20 etc), that may have been present in the IBSM system 60, or that may have been specified by the sending user 20 to the IBSIvI system 60, for the SiT 52, or for all of user 20 data transfers).

When the identity of the user 30 is verified as the intended recipient, the IBSM system 60 enabies the EDA 34 to decrypt the SIT 52 thus aliowing

25 the user 30 to access the transferred information, while optionally recording

-36-

the access event and optionally notifying user 20 of the verification of the access by the designated recipient (user 30). An exemplary detaiied embodiment of a process for the operation of the SiTM system 10 for secured and verified information transmission is shown in FiG. 5, and described in 5 detai! below in connection therewith. in accordance with the present invention, the organization that owns or is subscribed to the SiTM system 10, or, optionaϋy, the sending user, may be given the abiiity to have significant control over the manner in which their transferred secured information is accessed by the recipient through

10 modification of the SECURITY_Policy 64d, for example, defining, in the security protocoi(s) 64f, one or more criteria (e.g., in form of aiies}, that must be met for the recipient user to gain access to the information. For example, the SECURSTY__Policy 64d can specify that in order to access information in SiT 52, both the user 30, and another user 48, must verify their identities to

15 the IBSM system 60, (e.g., both through the BiVS 36, or with each user utilizing their own BiVS). Alternately, the 5ECURITY__Policy 64d can specify that the user 30 must utilize two separate BIVS of different types, or to utilize their BIVS 36 in conjunction with another from of security, such as a password or a PiN code. Optionally, the SECURITY_Poficy 64d can set the user 20 SiT

20 52 to expire, or otherwise be erased, if the user 30 does not access it during a specified period of time.

Additionally, the SECURITY_Policy 64d can specify the amount and detail ievel of information, about the events relating to the secured data to be tracked and/or recorded by the IBSM system 60. For example, the

25 SECURITY_Poiicy 84d can require notification of deiivery of SIT 52,

-37-

notification of user 30 acknowledging receipt of SST 52, and notification when user 30 accesses the information therein (as well as notification of any faiiecS attempts to access the information).

Alternately, rather than defining a!i such parameters as part of a 5 SEGURITY__Policy 64c), these parameters may be defined by the user as "user preferences". Optionally, each user's preferences relating to transfer of secured information, and for tracking events related thereto, as well as event tracking information can be stored in their USER_Record, for example as secured information transmission profile (SIT_Profi!e) (shown as optional

10 SST_Profi!e 64g in FIG. 1A) for storing information relating to the user's preferences relating to transfer of secured information, and/or as secured information transmission log (SST _^ Log) (shown as optional SST _^ Log 64h in FIG. 1A), for storing information indicative of the user's preferences relating to tracking events related to secured information transfers. Optionally, both

15 S!T_Profile and SIT_Log may be presented in a unified format.

Advantageously, from the point of view of a user, the interface for necessary interaction with the various components of the SITIVS system 10, and especially with the i BSIVS system 60, may be implemented as a separate program application, or function, of a users InfoTr system, or as a

20 communication porta! accessible by the users' InfoTr system (for example, a secure website). Optionally, the SITM system 10, &nά its components, may be implemented transparently in the background, for example, as components, modules or "plug-ins" for existing applications / functions of the user's InfoTr system, such that a user can continue to utilize their preferred information

25 transfer applications / functionality, while gaining the fuS! benefit of the SITM

-38-

system 10. In any implementation of the novel SITM system, the registered users may gain access to IBSM system functionality through an appropriate identity verification or "login" procedure, that may optionally be integrated into the process of initiating secure information transmission or information 5 access. in addition, while a less secure implementation than described above, in an alternate embodiment of the SITM system 1O ₁ each InfoTr system can perform user identity verification iocaliy, and, rather than transmitting newly acquired UBIV _^ EIements to the SBSM system 60 for centralized identity

10 verification, each InfoTr system can simply indicate the status of the local verification to the IBSM system 60.

Referring now to FIG. 5, an exemplary embodiment of a process 400 for secured transmission of information utilizing the inventive SiTM system {for example, the SITM system 10 of FIG. 1A) is shown. As noted above, as a

15 matter of design choice, the various steps of this process may be executed by different components of the various embodiments of the inventive SITM system shown in FIGS. 1 A to 3.

The process 400 begins at a step 402, where a sending user (hereinafter "Sender'), registered with the IBSM system component of the

20 inventive SITM system, decides to transmit secured information to one or more other registered users of the SITM system (hereinafter "Recipient"). At a step 404, the Sender generates RecipieπtJNFO, to identify the Recipient selected at step 402. and that may optionally include one or more rules, for example, from a Sender SECURITY__Po!icy or the sender ^' s SiT__Profile,

25 relating to requirements that must be met by the Recipient to gain access to

the secured information, but at a minimum requiring biometric verification of the Recipient's identity.

At a step 406, the RecipientJNFO is transmitted to the iBSM system (or simpiy passed to the appropriate component thereof if step 404 was being 5 performed at the IBSM system), optionally, aiong with Sender__BiVE (Sender biometric identity verification element, representative of biometric information provided by the Sender), that enabies the IBSM system to verify the identity of the Sender, both for internal security purposes, and optionaily for provision of that verified information to the Recipient. At a step 408, the process 400

10 verifies the Sender_B!VE (and optionaliy updates the Sender SiT_Log, if any), at a step 410, generates a SIT (e.g., by encrypting information to be transmitted), and at a step 412, transmits the SIT to the Recipient

At a step 414, upon receipt of the SIT, the process 400 requests the Recipient to verify their identity, in accordance with the requirements sent

15 forth by the Sender in RecipientJNFO (e.g., by presenting their BIVS with biometric information to enable it to generate a corresponding Recipient_8!VE (Recipient biometric identity verification element), representative of biometric information provided by the Recipient), The Recipient_BIVE is then transmitted, at a step 418, to the !BSM system, and verified against the

20 Recipient's UBIV__Eiement (in addition to any other verifications that may have been required by the RecipientJNFQ) stored in the Recipient's USER_Record. Assuming the verification criteria in the RecipientJNFQ has been met, at a step 418, the SiT is decrypted and the Recipient is given access to information therein. At an optional step 420, the process 400

25 optionaiiy verifies to Sender that Recipient has received and accessed the

-40-

SiT ₁ and optionaiiy updates the Senders SIT_Log and/or the Recipient's SiT_Log _s with the resuits of one or more of the previousiy performed steps.

Referring now to FiG. 1 B ₁ an alternate embodiment of the inventive SiTM system is shown as a SITM system 70. The SITM system 70 operates 5 substantiaiiy similarly to the SiTM system 10 of FIG, 1A, with the various components thereof having iike reference characters, except that the functionary of the BiVS 26 and 36, is implemented in a different manner. Rather than each infoTr system 22, 32 having access to a full featured BIVS, they each include one or more respective biometric identity verification

10 devices (BSVD(S)) 72, 74 only, each with sufficient application functionality to enabie it to acquire appropriate biometric information, and provide it, preferably in encrypted form, to the IBSM system 60. Each BSVD(s) 72, 74 serves as the physicai device responsible for acquiring one or more specific biometric characteristics of the user. Examples of a BlVD include, but are not

15 iimited to: a fingerprint scanner, palm scanner, vein scanner, facial recognition scanner, iris scanner, retinai scanner, signature acquisition device, voice acquisition device, etc.

The SBSM system 80, as implemented in the SiTM system 70, is suppiied with a centraiized biometric identity verification appiication (BIVA) 76

20 that performs aii necessary functions necessary to generate U8IV_Eiernents from information received from BiVD(s) 72, 74, and appropriate functionality to perform necessary biometric identity verification, and any other required security measures. Other than as is noted above, the SiTM system 70 operates in a manner similar to the SiTM system 10 of FIG, 1A.

-41-

Referring now to FSGs. 2 and 3, exemplary embodiments of the novel SSTM system, having more complex implementations that shown in FIG. 1A _: but operating on the same novel principles, are shown. Referring first to FIG. 2, a SITM system 100 is shown, that includes ail of the components of the 5 SlTM system 10 shown in FIG, 1A and described in connection therewith, but that also includes an additional BlVS 102 provided to the lnfoTr system 32, and optionally yet another standalone separate BlVS 104 (each including a single BIVD), that may also be provided thereto, shown as an example to illustrate that the user 30 may register all three BIVS 36, 102, 104 with the

10 IBSM system 60 and then utilize any of the registered BiVS for necessary identity verification therewith.

Similarly, as another example, a user 112, having an lnfoTr system 1 14, may be provided with a separate BiVS/EDA standalone security device 116, capable of performing the functions of a BIVS 120 and of an EDA 118,

15 which may be iocai to the user 112, or which the user 1 12 may utilize through a communication link 122 (for example, if the device 116 is a voice recognition based device, the user 1 12 may contact the device 116 though their lnfoTr system 1 14 and provide the necessary voice sample), in one example of utilization of the SITM system 100, the user 20 may transfer the SIT 52 to the

20 user 30 with one set of RecipientJNFG (see Process 400, FiG, 5), and also send the same SiT 52 to the user 112, with a different Recipient J NFQ.

Referring now to FiG, 3, a SITM system 200 is shown, that includes ail of the components of the SiTM systems 10 (FiG. 1A) and 100 (FiG. 2), but that also includes an additional group of users, shown as a phvate network

25 202. The private network 202 may include an lnfoTr server 204 (e g. a robust

-42-

computer, such as a server, or group of servers), equipped with an EDA 206, and additional users 208, 214 having corresponding InfoTr systems 210, 122, supplied with corresponding BIVSs 212, 218, and optional EDAs 220, 222. In the SiTM system 200, certain functionality of the individual InfoTr systems of 5 the users, and/or of the iBSSvl system 80 may be taken over by the InfoTr server 204, For example, the InfoTr server 204 may utilize a powerful EDA 206 to perform all decryption operations (upon successful recipient identity verification} on a SIT 232, sent by the user 112, arriving to the private network 202 via a communication link 230, and designated for one, or both, of the

10 users 208, 214, and/or also perform the encryption operations on a SIT 228, sent, from the private network 202 via a communication link 226, to the user 20 by one of the users 208, 214,

Referring now to FIG. 4, an alternate embodiment of the inventive SITM system of FiG. 1A that enables registered users to control and verify

15 access to stored content by other parties by specifying one or more other registered users, and optionally by specifying one or more criteria for accessing certain content (simiSariy to as described above in connection with access to information in the SITs). The users 20 and 30, as well as their respective InfoTr systems 22, 32, EDAs 24, 34, and 8IVSs 26, 36, are as

20 described above in connection with FiG. 1A, Similarly, the additional users 330 and 340 shown by way of example, have access to their respective InfoTr systems 332, 342, EDAs 334, 344, snά BiVSs 336, 348, and may communicate with the IBSM system 60 via respective communication links 350, 352. AIi of the InfoTr systems 22, 32, 332, 324, are able to communicate

25 with a content system 302 via respective communication links 354, 356, 358

-43-

and 360, As noted above, in connection with RG. 1A, the various communication Sinks shown in FiG. 4 may be similar to at least some of the other iinks, or may be all of the same configuration (e.g., the internet).

The content system 302 preferably includes at ieast one item of 5 content (see TabSe 1 , definition #7), with three content items 304, 306, and 308, being shown by way of exampie. A particular user who owns, or is authorized to control access to, a particular content item or items, creates a secure content access profiie (SCA_Profile) that may be stored with the content item, or at the !BSM system 60, and that provides criteria for

10 accessing the content item, that may be as simple or as complex as the user chooses. For example, if the user 20 owns content 304, they may specify in a SCA_Profile 310 that oniy users 30 and 344 may access the content item 304 upon successful identity verification by the IBSM system 60, and that the access granted to the user 330 expires after 10 days of being granted.

15 In another exampie, if the user 30 controls access to the content item

306 which inciudes separate content items 312, 314 (while two are shown by way of example, a content item may include an unlimited number of other content items in a flat or a hierarchical architecture}, with the user 30 defining separate SCA_Profiies 318, 318 therefor, or defining different access ruies for

20 each separate content item 312, 314 in one SCA _^ Profϊie,

In yet another example, the user 330, may define multiple SCA__Profiles 320 for content item 308, for example, based on time, specific authorized access users, and/or on other criteria, In addition, content item 308 (and of course any other content item), may include an optional content

-44.

access record (CA_Record) 322, that includes information related to access to the content item, and optionally, related to failed access attempts.

Optionally, in one embodiment of the inventive SiTM system 300, the IBSM system 60 and the content system 302 may be implemented as a single 5 system 364. This may be advantageous in applications where a large amount of content items are to be managed, and/or where there is a large quantity of compiex SCA__Profiles, and/or when content items are encrypted - i.e. in situations that may require an IBSM system 60 dedicated to supporting the content system. Alternately, the content system 302 may be implemented in a

10 particular υsefs own infoTr system. Of course, it should also be noted, that the functionality described in connection with the SSTIV! system 300 may be readily combined with SiTM systems 10, 70, 100, and 200, described above in connection with FIGs. 1A, 1 B, 2, and 3, respectively, because any embodiment of the novel SITIVl system can readily support both functionality

15 reiated to verified secure information transmission, as well as to secured access control in an alternate embodiment of the invention, the same principles of SITM system 300 implementation, as are described above in their application to content access control, may be readily extended to include physical access

20 contra!, whether location based (e.g., door), or item based (e.g.. a safe, a computer).

Referring finally, to FiG. 8, an exemplary embodiment of a process 500 for demonstrating the process of secured content access utilizing the inventive SITM system (for example, the SITM system 300 of FiG. 4) is

-45-

shown. As a matter of design choice, the various steps of this process may be executed by different components of the inventive SSTM system 300 of FIG. 4.

The process 500 preferably includes two portions - (1 ) a configuration portion 502, which includes steps 506 to 510, and which is directed to

5 configuring the SITM system 300 for the owner thereof, and (2) a access control portion 504, which includes steps 512 to 520, and which is directed to controlling access to the content stored on the content system.

The process 500 may begin at an optional step 506, where user may provide one or more content items to a content system to be secured. If the

10 content item (or items) to be secured is already present on the content system, the process 500 beings at a step 508, where the user creates a SCA_Profile that provides criteria for accessing the content item by one or more other parties, registered with the I BSiVl system component of the inventive SSTM system, At an optional step 510, the process 500 encrypts the

15 user's content item (this step is optional because it is possible to control access to content without encrypting it) - this concludes the configuration portion 502 of the process 500,

Later, at a step 512, a different user attempts to access secured content, and at a step 514, transmits, biometric information acquired through

20 their BiVS in form of a User_BIVE to the IBSM system (along with any other information that may be required by the SCA_Profile), whereupon, the IBSIvI system verifies the supplied User_BIVE (and other information, if any), against the U8!V_ESements stored in the UBIV__Record of the USER_Record of the user.

-46-

Upon successful verification, at a step 516, the user is granted access to the content item in accordance with the rules specified in the SGA_Profile for that content item (if any were defined), and may access the content at a step 518. At an optional step 52O ₁ the process 500 records events relating to

5 various steps thereof in the CA_Record of the content item.

Referring now to FIG, 7, an exempiary embodiment of an advantageous initial user enrollment/registration process is shown as the initial user enrollment process 600. The initial user enrollment process 600 may be advantageousiy utilized in conjunction with any embodiments of the 10 inventive SITM systems 10, 70, 100, 200, and 400, described above in connection with FIGs. 1A, 1 B, 2, 3, and 4, respectively.

The process 800 starts at a step 802 when a user, or an authorized person (such as an organization's security administrator), initiates enrollment.

At a step 804, the process 600 creates a USER _m Record for the user being

J 5 registered (hereinafter the "registrant"). At a step 606, the process 600 obtains

U5ER_Data from the registrant and stores it in the corresponding

USER _^ Record created at the step 604, The USER_Data must be sufficient to identify the registrant and may optionally include certain personal information. password(s), &nά security questions and answers that may be utilized during

20 future enrollments of additional BIVS(s) (as described in greater detail below in connection with FIG, 8.

Then, at a step 808, the process 800 verifies the identity of the registrant. This may be readily done by a security administrator overseeing the process 600 in an organizational setting, or through other well known

25 identity verification means (e.g., by sending an email to the registrant's email

-47.

address with a verification code, by calling and speaking with the registrant, or even by physically mailing a verification code to the registrant's address).

At a step 610, the process 600 creates a UBiV_Record for the registrant ^' s biometric enrollments, first, at a step 612, by generating the 5 UB!V__Record configured to store and utilize multiple concurrent UBSV_e!ements generated from enrollment through multiple BIVS(s) and storing it in the USER_Record, and second, at a step 614, generating UBIV_Elements_1 through _X, by utilizing the enrolment function of each BIVS to be used by the registrant {B!VS_1 to JM) to generate corresponding

10 UB!V_Elements_1 to _X, and store them in the registrant's UBIV__Record. Optionally, if there is a pre-existing biometric security system (not shown) that comprises records with biometric enrollments for one or more users, and that can communicate with the inventive SITM system being used, as part of the registration process, the IBSM system can readily import existing biometric

15 enrollments as UBIV_E!ement(s) for each user into the UBIV_Record stored in their individual USERJRecord. In this case, the user having such previously obtained biometric enrollment(s) for specific BIVS(S). would not need to repeat the enrollment procedure for those systems/devices.

If a SECUR!TY_Policy does not already exist for the SITM system

20 being used, at an optional step 61 , the process 600 enables the registrant to generate a SECUR!TY_Policy (and to define corresponding security protoco!(s}} ₍ and enables the registrant to provide ENROLLJData that may be stored in the USER_Record and later used to verify the registrants identity remotely when enroliing additional BiVS(S) ₁ for example as described below in

25 connection with FIG. 8. At a step 818, the process 800 applies the

-48-

SECURITY _m Policy of the owner or subscriber of the SSTM system being utilized to the USER_Record (or applies the SECURSTY_Policy generated by the user at the optioπai step 616), and ends at a step 620.

Referring now to FIG. 8, a novel adaptive process for adding additional 5 BiVS enrollments to the USERJRecord of a user, is shown as an adaptive additional BIVS enrolment process 700. The process 700, advantageously relies on the capability of UBIV_Records to store and use a virtually unlimited number of UB!V__Elements for virtually any BIVS, in each USER_Record, by providing users with the ability to readily, and in certain cases transparently

10 add support for additional new BIVS to their USER_Record.

The process 700 begins at a step 702 when the user initiates the addition of support, in their USER_Record, for a new BiVS, by starting to utilize a new BIVS (BIVS_NEW) at a step 704, for example by using it in conjunction with a function of the SITM system being used {such as to

15 transmit a SIT to a recipient from an InfoTr system having a BIVS_NEW that is not enrolled in the user's USER_Record). At a step 706, the process 700 generates a BiVS output that is normally generated during ordinary use of the BiVS_NEW as UB!V_Data__NEW (such as a template or image for fingerprint recognition, or iris image capture for an iris scanner, etc.) and transmits it to

20 the IBSM system.

In a preferred embodiment of the present invention, the process 700 is adaptive and includes optional steps 708 and 710, if the process 700 is not configured to be adaptive, after step 706, it proceeds to a step 714. At the step 70S, the process 700 determines whether the UBIV_Data_NEW received

25 by the !BSM system meets a predetermined UBIVE__Threshoid of any existing

-49.

UBSV_£lement in UBIVJRecoiti. The UBIVEJThreshold (defined in Table 1) is representative of the minimum similarity between a submitted UBIV_Data_NEW and one or more currently stored UBSV _^ EIements that wouicS enable acceptable identity verification of the user by comparing the 5 submitted UB!V_Data_NEW that meets the UBIVE_Threshoϊd with the closest matching existing UBIV_E!ement stored in the UBIV_Record. The ENROLL_Policy of the USER__Record ⁵ s SECURITY_Policy preferably stores the UBIVE_JhreshoicS. If the UBiV_Data_NEW meets or exceeds the UBlVEJThreshold, then, at the step 710, the process 700 utilizes the closest

10 matching existing UB!V_ESement stored in the UBSV_Record to verify the user's identity without forcing the user to formaϋy enroll the BIVS _^ NEW in the USER_Record. This adaptive approach is advantageous because it enables users of the novel SITM system to readily utilize BiVS, which they never formally enrolled, transparently and "on-the-fly". For example, if the

15 B1VS_NEW is a new model of a fingerprint scanner, the UBiV_Data_NEW sent to the IBSM system is the captured fingerprint image and/or template, and the U8IVε_Threshoid is 75%, then the user would be able to utilize the B1VS_NEW for identity verification as long as the process 700 determines that there is at least a 75% match between the UBIV_Data_NEW and at least one

20 of the UBIV_Eiements stored in the U8IV_Record. The process 700 then ends at a step 712. if the UBIV_Data_NEW is not sufficient to meet the UBIVEJThreshold (or if the process 700 is not adaptive), the process 700 proceeds to the step 714, at which it verifies the user's identity in accordance with the

25 SECURITY_Po!icy in the USER_Record. This may be readily done by a

-50-

security administrator overseeing the process 700 in an organizational setting, by using another BiVS connected to the same system as the BIVS_NEW, or through other well known identity verification means (e.g., by sending an emaii to the registrant ^' s emaii address with a verification code, by calling and 5 speaking with the registrant, or even by physically mailing a verification code to the registrant's address). Optionally, if the user provided ENROLL_Data during process 600 of FIG. 7, the ENROLL__Data can be used to simplify the identity verification during the process 700, for example by the user answering one or more predetermined security questions.

10 At a step 716, the process 700 utilizes the standard BSVS__NEW enrollment procedure to generate a corresponding UBIV _m E!ement _m NEW, and, at a step 718, stores the UBIV_EiemenL.NEW in the UBIV_Record, thus enabling the user to readily utilize the BIVS_NEW alone or in conjunction with other previously enrolled BIVS(s).

15 Finaliy, it should also be noted, that while the various above-described embodiments of the novel SITM system provide for securing (e.g., encrypting) the transferred information between the parties, the inventive system and method may also be readily utilized for sender and/or recipient identity verification only, without the transferred information being secured in any way.

20 This alternate embodiment of the inventive system and method may be advantageous for applications where security and control of access to transferred data is not important, but where verification of identity of the sender and/or of the recipient accessing the information, is necessary and/or desired.

-51-

Thus, while there have been shown and described and pointed out fundamental novel features of the invention as applied to preferred embodiments thereof, it will be understood that various omissions and substitutions and changes in the form and details of the devices and methods

5 illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit of the invention. For example, it is expressly intended that ail combinations of those elements and/or method steps which perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. It is the if) intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.