HK1129175A - A method and system for safe communication - Google Patents

Description

Secure communication method and system

Technical Field

Some embodiments of the invention relate to secure communications. More particularly, some embodiments of the invention relate to methods and systems for creating secure network links using user biometric identity information in network components.

Background

Wireless communication technology has evolved rapidly over the last several years. In today's society, most people own their own mobile devices, such as mobile phones, palm top computers, notebook computers, etc., for business or private use. Furthermore, people can obtain various information according to own selection. For example, a person may select music or video from an electronic media space and play it on a portable device based on their own selection. In addition, the internet allows people to see news messages at any time other than during fixed air-times. In addition, a large number of mobile communication solutions are emerging and are incorporated into people's daily lives.

For example, among many applications, Wireless Personal Area Networks (WPANs) are becoming increasingly popular because the connections that such networks can provide are very flexible and convenient to use. WPAN systems replace bulky cables and wires, since conventional cables and wires can only connect devices and mobile terminals in a certain area using short-distance (typically 10 m) connections. The WPAN may be built based on already standardized technologies, such as class 2 Bluetooth (BT) technology. While some applications may benefit from WPANs, other applications may require a larger service area and/or capacity.

To meet this need, technicians have developed other techniques to provide better wireless service. For example, a Wireless Local Area Network (WLAN) system may operate within a 100 meter range. In contrast to WPAN systems, WLANs are capable of providing connectivity to devices within a larger geographic area, such as an area within a building or campus, for example. WLAN systems are typically based on a particular standard, such as the IEEE 802.11 standard specification, and typically operate within a 100 meter range, typically to supplement communication capacity for a conventional wired Local Area Network (LAN) within the same geographic area.

Other types of wireless solutions have evolved from conventional terrestrial communication technologies. Such as cellular telephones, have become a necessity in daily life in today's world. Although cellular technology was originally aimed only at providing mobility to the services of the traditional technology, it has evolved beyond its original purpose. Many modern cellular technologies add substantial data capabilities, including GSM/GPRS/EDGE, UMTS, and CDMA 2000. Most of today's cellular services include such feature services as text messaging, audio/video streaming, and web browsing.

Some mobile devices may employ one or more wireless communication technologies. For example, a WLAN system may be used in combination with a WPAN system to provide better overall functionality to the user. For example, bluetooth technology may be used to connect laptop computers or handheld wireless terminals to peripheral devices such as keyboards, mice, headsets and/or printers, which in turn are connected to a campus wide WLAN network through an Access Point (AP) in a building. Likewise, cellular technology also allows mobile phones to be used as wireless modems, which allows notebook computers to be connected to the internet through a cellular network.

In short, there are wireless networks that can support handheld wireless communication devices. However, as handheld wireless communication devices become increasingly complex in function and construction, these devices still suffer from a number of limitations, particularly inherent and electrical limitations.

Wireless communication devices, like other electronic devices, have also made great improvements in operational capabilities and operational speeds. As such, mobile communication technology is attempting to enter into other fields than providing mobile phone services to users. Such fields include microcomputers, multimedia players, GPS devices, and other applications.

Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.

Disclosure of Invention

A system and/or method is provided for creating a secure link using a biometric identity of a user in a network component, substantially as shown in and/or described in connection with at least one of the figures, as set forth more completely in the claims.

According to one aspect of the present invention, there is provided a method for implementing secure communication, the method comprising:

establishing a peer-to-peer network between a Handheld Wireless Communication Device (HWCD) and one or more network resources by utilizing biometric identity information of a user of the HWCD to select and enable communication between the HWCD and the one or more network resources.

Preferably, the method further comprises enabling secure communication between the HWCD and the one or more network resources based on the biometric identity information.

Preferably, the method further comprises obtaining the biometric identity information of the HWCD and a user of the one or more network resources.

Preferably, the method further comprises comparing, on the HWCD, the biometric identity information of the user of the HWCD with a pre-stored template of biometric identity information of the user.

Preferably, the biometric identity information of the user of the HWCD is obtained via the one or more network resources.

Preferably, the method further comprises signing, by each of the one or more network resources, the obtained biometric identity information of the user of the HWCD using a private key that is unique and unique to each of the network resources.

Preferably, the method further comprises receiving, on the HWCD, biometric identity information of a user of the HWCD signed from each of the network resources.

Preferably, the method further comprises receiving a public key from each of the network resources on the HWCD.

Preferably, the method further comprises verifying, on the HWCD, a signature of the signed HWCD user's biometric identity information received from each of the network resources using the received public key.

Preferably, the method further comprises comparing, on the HWCD, the signed HWCD user's biometric identity information received from each of the network resources with pre-stored biometric identity information of the user.

According to one aspect of the present invention, there is provided a system for implementing secure communications, the system comprising:

one or more processors for use in a hand-Held Wireless Communication Device (HWCD) for causing the HWCD to establish a peer-to-peer network between the HWCD and one or more network resources by utilizing biometric identity information of a user of the HWCD to select and enable communication between the HWCD and the one or more network resources.

Preferably, the one or more processors configured within the HWCD enable secure communication between the HWCD and the one or more network resources based on the biometric identity information.

Preferably, the one or more processors configured within the HWCD are configured to obtain the biometric identity information of the HWCD and a user of the one or more network resources.

Preferably, the one or more processors for use within the HWCD compare the biometric identity information of the user of the HWCD to a pre-stored template of biometric identity information of the user on the HWCD.

Preferably, the biometric identity information of the user of the HWCD is obtained via the one or more network resources.

Preferably, the one or more processors cause each of the one or more network resources to sign the obtained biometric identity information of the user of the HWCD using a private key that is unique and unique to each of the network resources.

Preferably, the one or more processors for use within the HWCD receive biometric identity information of a user of the HWCD signed from each of the network resources.

Preferably, the one or more processors used within the HWCD receive a public key from each of the network resources.

Preferably, the one or more processors configured within the HWCD verify a signature of the signed HWCD user's biometric identity information received from each of the network resources using the received public key.

Preferably, the one or more processors for use within the HWCD compare the signed HWCD user's biometric identity information received from each of the network resources with pre-stored biometric identity information of the user.

According to one aspect of the invention, there is provided a machine-readable storage, having stored thereon, a computer program comprising at least one piece of code for secure communication, the at least one piece of code being executable by a machine for causing the machine to perform the steps of:

establishing a peer-to-peer network between a Handheld Wireless Communication Device (HWCD) and one or more network resources by utilizing biometric identity information of a user of the HWCD to select and enable communication between the HWCD and the one or more network resources.

Preferably, the at least one piece of code includes code for enabling secure communication between the HWCD and the one or more network resources based on the biometric identity information.

Preferably, the at least one piece of code includes code for obtaining the biometric identity information of the HWCD and a user of the one or more network resources.

Preferably, the at least one piece of code comprises code for comparing, on the HWCD, the biometric identity information of the user of the HWCD with a pre-stored template of biometric identity information of the user.

Preferably, the biometric identity information of the user of the HWCD is obtained via the one or more network resources.

Preferably, the at least one piece of code comprises code for signing, by each of the one or more network resources, the obtained biometric identity information of the user of the HWCD using a private key that is unique and unique to each of the network resources.

Preferably, the at least one piece of code includes code for receiving, on the HWCD, biometric identity information of a user of the HWCD from each of the network resources that is signed.

Preferably, the at least one piece of code includes code for receiving a public key from each of the network resources on the HWCD.

Preferably, the at least one piece of code includes code for verifying a signature of biometric identity information of the signed HWCD user received from each of the network resources using the received public key on the HWCD.

Preferably, the at least one piece of code comprises code for comparing, on the HWCD, the signed HWCD user's biometric identity information received from each of the network resources with pre-stored biometric identity information of the user.

Various advantages, aspects and novel features of the invention, as well as details of an illustrated embodiment thereof, will be more fully described with reference to the following description and drawings.

Drawings

The invention will be further described with reference to the accompanying drawings and examples, in which:

FIG. 1a is a schematic diagram of a communication network including point-to-point links between HWCDs and network resources, according to a preferred embodiment of the present invention;

FIG. 1b is a schematic diagram of a communication network including a link between a HWCD and a network resource via an access point, according to a preferred embodiment of the present invention;

FIG. 1c is a diagram illustrating communication between a Handheld Wireless Communication Device (HWCD) and a plurality of network resources via point-to-point links and via intermediate devices, in accordance with a preferred embodiment of the present invention;

FIG. 2 is a diagram of a plurality of Handheld Wireless Communication Devices (HWCDs) and a plurality of network resources according to a preferred embodiment of the present invention;

FIG. 3 is a diagram of the functional blocks inside the HWCD according to a preferred embodiment of the present invention;

FIG. 4 is a flowchart of the steps for establishing a network link at a network component using a user's biometric identity information, in accordance with a preferred embodiment of the present invention;

fig. 5 is a schematic diagram of a usage scenario including one user, one HWCD, and three network resources.

Detailed Description

Some embodiments of the invention relate to methods and systems for establishing a secure network link using biometric information of a user at a network component. The network components include a Handheld Wireless Communication Device (HWCD), one or more network resources, and one or more network communication links. The HWCD may be a portable or handheld device capable of wireless and/or wired communication and capable of establishing a secure network link between available local network resources. The present invention is not limited to any particular communication technology and/or signaling protocol and may include any available form. In this regard, signaling and/or control may occur in-band or out-of-band. Network resources may perform such functional tasks as information processing, information storage, and information rendering. This function may be activated on one or more network resources by control of the HWCD and/or according to particular user requirements. The security operation can be implemented by biometric identity information within the established secure network. One or more network components may have biometric identity information sensing and processing functionality that enables a user to select an active network resource by providing biometric identity information. In addition, the biometric identity information enables the network component to verify and/or process the received data.

Fig. 1a is a schematic diagram of a communication network including point-to-point links between HWCDs and network resources according to a preferred embodiment of the present invention. As shown in fig. 1a, the communication network includes network resources 110, network links 120, and HWCD _ 130.

The network resources 110 may comprise suitable logic, circuitry, and/or code that may enable direct communication with the HWCD _130 via wired and/or wireless links. In this regard, the network resource 110 can manage communications with other devices without the need for other intermediate devices. For example, the network resource 110 may include Bluetooth transceiver technology or other suitable communication technology. In this regard, the network resources 110 may comprise suitable logic, circuitry and/or code including transmitters, receivers and/or transceivers to provide for the transmission and/or reception of signals utilizing a variety of wireless and/or wired technologies. Additionally, the network resource 110 may have biometric identity information retrieval and/or processing functionality to identify a particular user and allow the user to select the network resource 110 for communication with the HWCD _ 130. Further, the network resource 110 may comprise suitable logic, circuitry and/or code that may enable storage, processing and/or presentation of electronic media content.

The HWCD _130 may be a handheld or portable wireless device that includes suitable logic, circuitry, and/or code to communicate with the network resource 110 via a wireless and/or wired link connection. In this regard, the network resources may manage communications with other devices without the need for other intermediate devices. The HWCD may handle one or more transmission and/or reception technologies, e.g., bluetooth, WLAN and/or any cellular or any other suitable communication technology. Additionally, the network HWCD _130 may have biometric identity retrieval and/or processing functionality for identifying a particular user attempting to utilize the HWCD _130 and for providing secure communications with the network resource 110. Further, the HWCD _130 may comprise suitable logic, circuitry, and/or code that may be operable to store, process, and/or render electronic media content.

The network link 120 may be a wireless and/or wired transmission channel between the HWCD _130 and the network resource 110. For example, suitable wireless technologies may include bluetooth, cellular, and/or infrared. Network link 120 is not limited to any particular network technology and/or communication protocol and may include any suitable available form.

In operation, the network resource 110 and the HWCD _130 may be located within a close vicinity, for example, within 10 meters. A particular user is associated with HWCD 130 via biometric identity information. The user may initiate a network connection between the HWCD _130 and the network resource 110 and the identity of the particular user is determined by the HWCD _130 through biometric identity information retrieval and processing. Biometric identity information may include physiological and/or behavioral information. In addition, the user may select a network resource 110 included within the local network established through the HWCD _ 130. The HWCD _130 may provide a secure direct communication link to the network resource 110. For example, the direct secure link may comprise a Personal Area Network (PAN) utilizing bluetooth technology. The range of distances between the HWCD _130 and the network resource 110 and the type of technology used for the network connection are wide and not limited to those mentioned here.

FIG. 1b is a diagram of a communication network including two network devices communicating via an intermediary device according to a preferred embodiment of the present invention. As shown in fig. 1b, the communication network may include network resources 110, one or more network links 120, HWCD _130, and Access Points (APs) 140.

The network resource 110 is the same or similar to the network resource described in fig. 1 a. The network resource 110 may comprise suitable logic, circuitry, and/or code that may enable communication with the HWCD 130 via an intermediate device, such as an Access Point (AP)140, via a wireless and/or wired link. In this regard, communication with other devices may be achieved via an Access Point (AP) 140. For example, the network resources 110 may include a Wireless Local Area Network (WLAN) transceiver and/or an IEEE 802.11 standard protocol or other suitable communication technology. Additionally, the network resource 110 may have biometric identity information acquisition and/or processing functionality to identify a particular user attempting to access the network resource 110. In addition, the network resource 110 may comprise suitable logic, circuitry and/or code that may enable storage, processing and/or rendering of electronic media content.

The HWCD _130 in fig. 1b is the same or similar to the HWCD _130 in fig. 1 a. The HWCD _130 may be a handheld or portable wireless device that contains suitable logic, circuitry, and/or code to communicate with the network resource 110 via an intermediate device, such as an Access Point (AP), via a wireless and/or wired link. In this regard, communication with other devices may also be achieved via the AP. For example, the network resources 110 may include a Wireless Local Area Network (WLAN) transceiver and/or an IEEE 802.11 standard protocol or other suitable communication technology. Additionally, the HWCD _130 may have biometric identity retrieval and/or processing functionality to identify a particular user attempting to access the HWCD _ 130. Further, the HWCD _130 may comprise suitable logic, circuitry, and/or code that may enable storage, processing, and/or rendering of electronic media content.

Network link 120 is the same or similar to the network connection in fig. 1 a. The network link 120 may include wireless and/or wired transmission channels between the HWCD _130 and the AP 140 and between the AP 140 and the network resource 110. For example, suitable wireless technologies may include WLANs that support 802.11 standard protocols. Network link 120 is not limited to any particular network technology and/or communication protocol and may include any available form.

The Access Point (AP)140 may comprise suitable logic, circuitry and/or code that may enable intermediary devices between two or more communication devices. Access point 140 may include wireless and/or wired connections. For example, the access point 140 may manage information communicated between the HWCD _130 and the network resource 110 over the network link 120, where the network link 120 supports WLAN as well as 802.11 standard protocols. In addition, AP 140 may include communication links to other networks via gateways. Network link 120 is not limited to any particular network technology and/or communication protocol and may include any suitable available form.

In an embodiment of the invention, the network resource 110 and the HWCD _130 may be located at a moderate distance, e.g., within 100 meters, and a Wireless Local Area Network (WLAN) may be established via an intermediary device, e.g., the AP 140. The distances between network components and the types of communication technologies used are wide and not limited to those mentioned herein.

Fig. 1c is a block diagram of a Handheld Wireless Communication Device (HWCD) and a plurality of network resources communicating via an intermediate device via a peer-to-peer link according to a preferred embodiment of the present invention. As shown in fig. 1c, the communication network may include a plurality of network resources 110, a plurality of network links 120, and Access Points (APs) 140 and HWCD _ 130.

The network resource 110 is the same or similar to the network resources described in fig. 1a and 1 b. The network resource 110 may comprise suitable logic, circuitry, and/or code that may be operable to provide communication with the HWCD _130 via a point-to-point connection and/or via an intermediate device, such as an Access Point (AP)140, via a wireless and/or wired link. Additionally, the network resource 110 may have biometric identity information acquisition and/or processing capabilities to identify a particular user attempting to access the network resource 110. In addition, the network resource 110 may comprise suitable logic, circuitry and/or code that may enable storage, processing and/or rendering of electronic media content.

The HWCD _130 shown in fig. 1c is the same or similar to the HWCD described in fig. 1a and 1 b. The HWCD _130 may be a handheld or portable wireless device that includes suitable logic, circuitry, and/or code to communicate directly with the network resource 110 over a wireless and/or wired link and/or via an intermediate device such as an Access Point (AP) 140. In this regard, communication with other devices may also be achieved via AP 140. For example, HWCD _130 may include a Wireless Local Area Network (WLAN) transceiver and, for example, a bluetooth transceiver, and may employ different communication technologies for different communication links. Additionally, the network HWCD _130 may have biometric identity retrieval and/or processing functionality to identify a particular user attempting to utilize the HWCD _ 130. Further, the HWCD _130 may comprise suitable logic, circuitry, and/or code that may enable storage, processing, and/or rendering of electronic media content.

Network link 120 is the same as or similar to the network links described in fig. 1a and 1 b. The network link 120 may include wireless and/or wired transmission channels between the HWCD _130 and the one or more network resources 110 and between the AP 140 and the one or more HWCD _130 and network resources 110. Network link 120 is not limited to any particular network technology and/or communication protocol and may include any suitable available form.

The Access Point (AP)140 is the same as or similar to the access point shown in fig. 1 b. AP 140 may comprise suitable logic, circuitry, and/or code that may enable intermediary devices between two or more communication devices. Access point 140 may include wireless and/or wired connections. For example, the access point 140 may manage information communicated between the HWCD _130 and the network resource 110 via the network link 120 supporting the WLAN and 802.11 standard protocols. In many embodiments of the present invention, access point 140 may have gateway and/or routing functionality. In addition, access point 140 may include communication links to other networks via gateways. Network link 120 is not limited to any particular network technology and/or communication protocol and may include any suitable available form.

In operation, the network resources 110 and HWCD _130 may be placed within a short or medium range of each other, e.g., 10 meters or 100 meters, and may establish communication links directly or via an intermediate device, such as access point 140. The distances between the network components and the types of communication technologies used are wide and not limited to the embodiment. HWCD _130 may be used to establish a local network between multiple network resources. In this regard, the HWCD _130 may function as a point-to-point Access Point (AP) or intermediary device that enables communication between two or more network components 110.

FIG. 2 is a diagram of a plurality of Handheld Wireless Communication Devices (HWCDs) and a plurality of network resources according to a preferred embodiment of the present invention. As shown in fig. 2, the components of the network resource 110 in the block 210 include an audio device 210a, a digital media recorder 210b, a video device 210c with high-definition or standard-definition video display, a digital video camera 210d, a digital camera 210e, a scanner 210f, a printer 210g, a digital media projector 210h, a personal computer 210i, and a notebook computer 210 j. The components of HWCD _130 in block 230 include a personal digital assistant 230a, a laptop or palmtop computer 230b, a cellular phone 230c, a smart phone 230d, and an electronic media player 230 e. The network resources 110 shown in block 210 and the components of HWCD _130 shown in block 230 are not limited to these examples in this figure and may include any suitable devices shown in fig. 1a, 1b, and 1 c.

The elements of the network resource 110 shown in block 210 may comprise suitable logic, circuitry and/or code that may be adapted to provide secure network communication operations such as the receipt and/or transmission, storage, processing and/or rendering of information. The network resource 110 in block 210 has circuitry, logic, and/or code for obtaining biometric identity information to determine and identify a user of the HWCD _130 and/or to select a network component that is part of a peer-to-peer network. Additionally, the network resources 110 can include general and/or special purpose processors and/or converters to enable the use of electronic media content. For example, audio content may be processed and played on speakers of the personal computer 210i, the laptop computer 210j, and/or the audio player 210 a. In another embodiment of the present invention, the video content may be processed and displayed on the video display 210c, the personal computer 210i, the notebook computer 210j, and the digital projector 210 h. In another embodiment of the present invention, the network resource 110, including the digital video camera 210d, the digital still camera 210e, the scanner 210f, the personal computer 210i, and the notebook computer 210j, may provide the electronic media content to the HWCD _130 in block 230 and/or to the other network devices 110 in block 210 via the HWCD _130 in block 230.

The components of the HWCD _130 in block 230 may comprise suitable logic, circuitry and/or code that may be adapted to implement secure network communication operations, such as receiving and/or transmitting information, storing information, processing and/or rendering information for a particular user. Additionally, the components of block 230 may be portable and/or mobile and may be used to provide communication services to specific and/or identified users. These devices may continue to transmit or receive data while handing over from one or more base stations to one or more other base stations. The HWCD _130 in block 230 may have a biometric identity acquisition technique to identify the particular user and the network component 110 selected by the particular user to provide secure network communications. In addition, the constituent elements in block 230 may also provide multi-functional features. For example, the personal digital assistant PDA 230a may combine organization applications (organizational applications) with web browsing and the functions of the HWCD _130 described in fig. 1a, 1b, and 1 c. In another embodiment of the present invention, the palm PC 230 may have PC features, voice communication and HWCD _130 functions. Additionally, cellular phone 230c and/or smartphone 230d may have voice features as well as the functionality of HWCD _ 130. In addition, the electronic media player 230e may play audio and video content and may also provide wireless communication features including HWCD _130 functionality.

In operation, a particular user may be associated with the HWCD in block 230 via biometric identity information stored on HWCD _ 130. The particular user may utilize the HWCD _130 associated in block 230 to establish a communication link with one or more local network resources 110 in block 210. The particular user may initiate a network connection by providing the biometric identity information to the HWCD _130 and the one or more selected network resources 110 as indicated in block 230, thereby establishing a secure network between the HWCD _130 and the selected one or more network resources.

Fig. 3 is a schematic diagram of a Handheld Wireless Communication Device (HWCD)130 for establishing secure network communication using biometric identity information, which is depicted in fig. 1a, 1b and 1c, according to a preferred embodiment of the present invention. As shown in fig. 3, HWCD _130 includes an antenna 330a, a transceiver 330b, a user interface 330c, a processor 330d, a memory 30e, and a biometric identity acquisition system 330f disposed on a single chip or on multiple chips.

The HWCD _130 may be a multifunction device having various communication features as described in fig. 1a, 1b and 1 c. Additionally, HWCD _130 has similar components as shown in block 230 of fig. 2. The HWCD _130 may be communicatively coupled to one or more of the plurality of network resources 110 described in fig. 1a, 1b, and 1 c.

Antenna 330a may be used to transmit and/or receive signals for one or more wireless technologies and/or one or more frequency bands. In addition, the HWCD _130 may employ one or more antennas 330 a. In some embodiments of the present invention, wired communication may be used instead of or in addition to wireless communication. The antenna 330a is communicatively coupled to the transceiver 330 b.

The coupler 330g is communicatively coupled to the antenna 330a and the transceiver 330 b. The coupler 330g may regulate the radio frequency energy between the antenna and the transceiver. For example, the coupler 330g may be used for impedance matching between the antenna and the transceiver. In another embodiment of the present invention, coupler 330g may provide duplex forward and reverse signals and/or diplex dual band signals. In addition, the coupler may filter out unwanted out-of-band signals.

The transceiver module 330b may comprise suitable logic, circuitry, and/or code that may enable one or more transceiver technologies depending on the functional characteristics of the HWCD _ 130. For example, transceiver module 330b may include a bluetooth, cellular, frequency modulation FM, and/or WLAN transmitter and/or receiver. The HWCD _130 is not limited to these particular transceiver technologies and may employ any suitable wireless technology and/or signal protocol. In addition, transceiver 330b may employ one or more frequency bands depending on the wireless technology used and local government regulations. In addition, transceiver 330b may implement transmitter modulation and/or receiver demodulation in the digital domain and/or the analog domain. The transceiver 330b is communicatively coupled to the antenna 330a, the processor 330d, and/or the memory 330 e.

The user interface 330c may comprise suitable logic, circuitry, and/or code that may be enabled to process a variety of user inputs and/or input techniques. For example, a user may enter information into HWCD _130 via voice commands or audio input, keyboard and/or keypad commands, scrolling selection systems, still or video images, and/or using a stylus and touchpad or other forms of input. Additionally, the user interface 330c may communicate output information to the user through, for example, a video display, a speaker, and/or a vibration pattern. The user interface 330c is communicatively coupled to the processor 330d, the memory 330e, and/or the biometric identity information acquisition module 330 f.

The processor 330d may comprise suitable logic, circuitry, and/or code that may be adapted to function as one or more general-purpose processors and/or special-purpose processors. In addition to supporting communication, signal processing, and/or electronic media rendering operations, the processor 330d may manage the establishment of network connections and the exchange of data with one or more network resources 110. In addition, the processor 330d may support processing of the biometric identity information, including extracting important features from the obtained biometric identity information and generating a template in the form of a binary code containing the important features. In this regard, the processor 330d may store the biometric identity information template in the memory 330e for comparison with subsequently obtained biometric identity information of the user for user authentication. The processor 330d is communicatively coupled to the memory 330e, the transceiver 330b, the user interface 330c, and the biometric identity information acquisition module 330 f.

The memory 330e may comprise suitable logic, circuitry, and/or code that may enable the HWCD _130 to store and retrieve data. In addition to supporting communication, signal processing, and electronic media content storage, memory 330e also stores biometric identity information templates. The memory 330e is communicatively coupled to the processor 330d, the biometric identity information acquisition module 330f, the transceiver 330b, and the user interface 330 c.

The biometric identity information acquisition system 330f may comprise suitable logic, circuitry and/or code that may be adapted to sense or detect one or more forms of biometric identity information. The biometric identity information may be physiological and behavioral. For example, the physiological information may include a fingerprint, an EKG, and/or a face, hand, or iris. The behavioral information may include voice, signature, and/or key-click actions. The biometric identity information acquisition system is communicatively coupled to the processor 330d, the memory 330e, and/or the user interface 330 c.

In operation, a user may create an association with HWCD _130 via user biometric identity information obtained within HWCD _ 130. At this point, the user may submit biometric identity information to the biometric identity information acquisition system 310 f. For example, the user may complete the submission by touching a fingerprint scanner and/or EKG sensor on HWCD _ 130. The significant features in the biometric identity information may be extracted by the processor 310d and represented in a corresponding binary code template. The template may be stored in the memory 310 e. Subsequently, the user may authenticate and access the HWCD _130 by again providing the biometric identity information to the biometric identity information acquisition system 310 f. The processor 310d may extract important features from the newly obtained biometric identity information. The extracted features are compared with the pre-stored template and if the two match, the user is granted access.

A legitimate user may utilize HWCD _130 to establish a secure peer-to-peer network with one or more network resources 110. In this regard, biometric identity information of a legitimate user may be used to access the HWCD 130 and select one or more network resources 110 to participate in the peer-to-peer network. The user may submit biometric identity information to one or more selected network resources 110. The one or more network resources 110 may sign a private key for the biometric identity information and send the signed biometric identity information and a public key to verify the signature on the biometric identity information to the HWCD _ 130.

Fig. 4 is a flow chart illustrating steps for establishing a network link at a network component using biometric identity information of a user in accordance with a preferred embodiment of the present invention. As shown in fig. 4, the process begins at step 410, where the user confirms the identity to the HWCD _130 at step 412, and then the user's biometric identity information is represented in the HWCD _130 in the form of a template. In step 414, the user inputs the biometric identity information into one or more network resources 110 by, for example, a fingerprint scan, to select the one or more network resources to establish a peer-to-peer network with HWCD _ 130. In step 416, the selected network resource 110 can sign a private key for the biometric identity information. In step 418, the selected one or more network resources 110 may send the signed biometric identity information and the respective corresponding public key to the HWCD _ 130. In step 420, the HWCD _130 may verify the signature on the biometric identity information using the received public key. In step 422, the HWCD _130 compares the received biometric identity information with a biometric identity information template pre-stored by the user. In step 424, if the received biometric identity information matches the pre-stored biometric identity information template, the HWCD establishes a network link with the selected one or more network components. In step 426, the data may be transmitted and used on the HWCD _130 and the selected one or more network resources 110. Finally the process ends in step 428.

Fig. 5 is a schematic diagram of a usage scenario involving one user, one HWCD, and three network resources. As shown in fig. 5, the peer-to-peer network may include a HWCD represented by a smartphone 230d, a personal computer 210i, a video display 210c, and a speaker system 210 a. In addition, module 410 represents a user.

The HWCD230d in the form of a smartphone is the same or similar to the smartphone 230d described in fig. 2. The HWCD230d may comprise suitable logic, circuitry and/or code that may be adapted to establish a secure peer-to-peer network with the personal computer 210i, the video display 210a and the speaker system 230 d. HWCD230d may be used to sense and process biometric identity information of user 410. For example, the HWCD230d may include a fingerprint scanner. The HWCD230d is communicatively coupled to the personal computer 210i, the video display 210c, the speaker system 210a, and the user 410.

The personal computer 210i is the same as or similar to the personal computer 210i described in FIG. 2. The personal computer 210i may comprise suitable logic, circuitry and/or code that may be operable to store and process electronic media content. In addition, the personal computer 210i may participate in a secure peer-to-peer network in accordance with embodiments of the present invention. In addition, the personal computer 210i may be used to sense and process biometric identity information of the user 410. For example, the personal computer 210i may include a fingerprint scanner. The personal computer 210i is communicatively coupled to the HWCD230d, the video display 210c, the speaker system 210a, and the user 410.

The video display 210c is the same as or similar to the video display 210c shown in fig. 2. The video display 210c may comprise suitable logic, circuitry and/or code that may be operable to display electronic media content. Additionally, the video display 210c may participate in the secure peer-to-peer network in accordance with embodiments of the present invention. In addition, the video display 210c may be used to sense and process biometric identity information of the user 410. For example, the video display 210c may include a fingerprint scanner. The video display 210c may be communicatively coupled to the HWCD230d, the personal computer 210i, the speaker system 210a, and the user 410.

The speaker system 210a is the same as or similar to the speaker system 210a shown in fig. 2. The speaker system 210a may comprise suitable logic, circuitry, and/or code that may be enabled to render audio content. Additionally, speaker system 210a may participate in the secure peer-to-peer network in accordance with embodiments of the present invention. In addition, speaker system 210a may be used to sense and process biometric identity information of user 410. For example, the speaker system may include a fingerprint scanner. The speaker system may be communicatively coupled to the HWCD230d, the video display 210c, the personal computer 210i, and the user 410.

User 410 may establish a secure peer-to-peer network using HWCD230 d. The user may wish to establish a peer-to-peer network with local network resources including a personal computer 210i, a video display 210c, and a speaker system 210 a. The user may wish to obtain one or more electronic media files from the personal computer 210i and play the electronic media content on the video display 210c and the speaker system 210 a.

In operation, the user 410 may scan a finger by touching a fingerprint scanner on the HWCD230d to verify its identity on the HWCD230 d. Alternatively, the user may select a network component to use to establish the peer-to-peer network by scanning his or her fingerprint onto the fingerprint scanners of the personal computer 210i, the video display 210c, and the speaker system 210 a.

The personal computer 210i, video display 210c, and/or speaker system 210a will sign the fingerprint scan data with their respective private keys and send the signed fingerprint data and their respective public keys to the HWCD230 d.

The HWCD230d may receive the signed fingerprint data and the public key from the personal computer 210i, the video display 210c, and/or the speaker system 210a and verify the respective signature using the corresponding public key. The HWCD230d may acknowledge the received fingerprint data. Thus, the HWCD230d may establish a secure peer-to-peer network between itself and the personal computer 210i, video display 210c, and speaker system 210 a. The electronic media content is delivered to the video display 210i and speaker system and played under the control of the HWCD230 d.

One embodiment of the present invention may utilize biometric identity information to establish a peer-to-peer network between a Handheld Wireless Communication Device (HWCD) and one or more network resources 110. The biometric identity information is associated with the user of the HWCD _ 130. Additionally, the biometric identity information may be used to select one or more network resources 110 and enable communication between the HWCD _130 and the one or more network resources 110.

The HWCD _130 may retrieve the user's biometric identity and compare it to a pre-stored template of the biometric identity of the user of the HWCD. Additionally, biometric identity information of the HWCD _130 user may be obtained through one or more network resources 110. Each of the one or more network resources 110 signs the biometric identity information with a private key and sends the signed biometric identity information and the public key to the HWCD _ 130. In this regard, the HWCD _130 may receive the signed biometric identity information from each network resource 110 and verify the respective signature based on the received corresponding public key. The HWCD _130 may compare the biometric identity information received from the one or more network resources 110 with the user's pre-stored biometric identity information.

One embodiment of the invention includes a machine-readable storage having stored thereon a computer program. The program comprises at least one piece of code for secure communication, which when executed by a machine enables the machine to perform the method steps described herein.

Accordingly, the present invention may be implemented in hardware, software, firmware, or various combinations thereof. The present invention can be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods described herein is suited. A typical combination of hardware, software and firmware may be a general purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.

One embodiment of the invention may be implemented as a board level product, as a single chip, as an Application Specific Integrated Circuit (ASIC), or as separate components integrated on a single chip with different degrees of integration with other parts of the system. The degree of integration of the system will depend primarily on speed and cost considerations. Due to the mature processor technology today, it is possible to utilize an existing commercially available processor that can be implemented external to the ASIC implementation of the present invention. Alternatively, if the processor is present as an ASIC core or logic block, then an existing commercial processor may be implemented as part of an ASIC device, with its various functions implemented in firmware.

The present invention can also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which when loaded in a computer system is able to carry out these methods. The computer program in this document refers to: any expression, in any programming language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to other languages, codes or symbols; b) reproduced in a different format. However, other meanings of computer program that can be understood by those skilled in the art are also encompassed by the present invention.

While the invention has been described with reference to several particular embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.

Claims (10)

1. A method for implementing secure communications, the method comprising:

a peer-to-peer network is established between a handheld wireless communication device and one or more network resources by utilizing biometric identity information of a user of the handheld wireless communication device to select and enable communication between the handheld wireless communication device and the one or more network resources.

2. The method of claim 1, comprising enabling secure communication between the handheld wireless communication device and the one or more network resources based on the biometric identity information.

3. The method of claim 1, comprising obtaining the biometric identity information of the handheld wireless communication device and a user of the one or more network resources.

4. A method according to claim 3, comprising comparing, on the handheld wireless communication device, the biometric identity information of a user of the handheld wireless communication device with a pre-stored template of biometric identity information of the user.

5. The method of claim 1, wherein the biometric identity information of the user of the handheld wireless communication device is obtained via the one or more network resources.

6. A system for enabling secure communications, the system comprising:

one or more processors for use within a handheld wireless communication device for causing the handheld wireless communication device to establish a peer-to-peer network between the handheld wireless communication device and one or more network resources by utilizing biometric identity information of a user of the handheld wireless communication device to select and enable communication between the handheld wireless communication device and the one or more network resources.

7. The system of claim 6, wherein the one or more processors configured to enable secure communication between the handheld wireless communication device and the one or more network resources based on the biometric identity information.

8. The system according to claim 6, wherein said one or more processors configured for use within said handheld wireless communication device are configured for obtaining said biometric identity information of a user of said handheld wireless communication device and said one or more network resources.

9. The system according to claim 8, wherein said one or more processors configured for use in said handheld wireless communication device compare said biometric identity information of a user of said handheld wireless communication device with a pre-stored template of biometric identity information of said user on said handheld wireless communication device.

10. A machine-readable storage, having stored thereon, a computer program comprising at least one piece of code for secure communications, the at least one piece of code being executable by a machine to cause the machine to perform the steps of:

a peer-to-peer network is established between a handheld wireless communication device and one or more network resources by utilizing biometric identity information of a user of the handheld wireless communication device to select and enable communication between the handheld wireless communication device and the one or more network resources.