WO2019082008A1

WO2019082008A1 - System for user verification

Info

Publication number: WO2019082008A1
Application number: PCT/IB2018/057743
Authority: WO
Inventors: Nikhilesh Manoj WANI
Original assignee: Individual
Current assignee: Individual
Priority date: 2017-10-25
Filing date: 2018-10-05
Publication date: 2019-05-02
Anticipated expiration: 2020-04-25

Abstract

A system for highly secure and easy user verification is disclosed. The system uses a plurality of biometric markers (such as, but not limited to fingerprints) in a sequence to generate an authentication PIN from a scanning device that is associated with user credentials for an asset of the user (for instance, login name and password for a website). Upon providing the same authentication PIN from the same scanning device, the user is provided access to the asset, without knowing/providing the user credentials. The system can be deployed in multiple scenarios such as point of sale (POS) systems, e-commerce websites, website login, access control and monitoring systems, security Psystems and the like.

Description

SYSTEM FOR USER VERIFICATION

FIELD OF DISCLOSURE

[0001] The present disclosure relates to user verification systems. In particular it pertains to a system for user verification that uses biometric markers.

BACKGROUND OF THE DISCLOSURE

[0002] The background description includes information that may be useful in understanding the present invention. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed invention, or that any publication specifically or implicitly referenced is prior art.

[0003] Biometric authentication/verification using biometric markers of an individual such as fingerprints, iris scans and the like are well known, and its use in monetary transactions is increasingly being accepted. However, in case an attacker gets access to such biometric markers, verification can severely be compromised with consequent risks and damages.

[0004] In the physical world, locks are used to safeguard different assets such as houses, vehicles, bank lockers etc. Many of these now deploy biometric authentication methods. However, again if biometric impression of a user gets compromised (that is, falls into hands of criminals and the like), even such assets can very easily be damaged/stolen. Further, biometric devices to generate biometric data, such as fingerprint scanners and the like, need a power supply that is usually supplied from a battery contained within the device itself. This makes the device bulkier. Also, the existing locks include sensors which need to be provided at a point of contact between the lock and the user which technically restricts the scope of the biometric authentication by specifically requiring the user to be in close proximity of the locks. Further, the existing locks having sensors are vulnerable to biometric security attacks and/or breaches since the current authentication mechanism are not full proof. Furthermore, the existing biometric authentication systems serve a dedicated purpose of authenticating a single destination. For example, a door entry system where the biometric sensor is installed at point of contact cannot be used to login to the website, or a USB biometric sensor cannot be used to open the car lock, etc.

[0005] Existing electronic verification systems use different hashing algorithms and encryption methods to store the user information such as usernames, password and other credentials. However, once the hashing/encryption has been compromised (by hacking attacks, for instance) user data is directly accessible to the attackers and can cause damage to the user in many ways. For instance the user's confidential data can be stolen/ tampered with.

[0006] Many of online password managers require a user to remember a master password as the only credential he needs to remember to gain access to the credentials of all his online accounts. While the user has to remember only one master password, it can be a serious risk issue if the same is ever compromised since then all the other passwords will be available to anyone who knows the master password.

[0007] Hence there is a need in the art for a system and method that offers highly secure verification during online as well as offline transactions, is always available, has no possibility of any failure and is very easy and economical to implement. Further, there is a dire need of the art to provide a system and method which will be easy to handle, safer than existing systems and can be used to safeguard any virtual or physical asset that has capability of connecting wired or wirelessly. Furthermore, there is also a need to provide a system and method that enables to have a single authentication for multiple facilities like opening doors of a vehicle, logging in to a website, etc., or that enables to have a multiple authentication for multiple facilities.

[0008] All publications herein are incorporated by reference to the same extent as if each individual publication or patent application were specifically and individually indicated to be incorporated by reference. Where a definition or use of a term in an incorporated reference is inconsistent or contrary to the definition of that term provided herein, the definition of that term provided herein applies and the definition of that term in the reference does not apply.

[0009] In some embodiments, the numbers expressing quantities or dimensions of items, and so forth, used to describe and claim certain embodiments of the invention are to be understood as being modified in some instances by the term "about." Accordingly, in some embodiments, the numerical parameters set forth in the written description and attached claims are approximations that can vary depending upon the desired properties sought to be obtained by a particular embodiment. In some embodiments, the numerical parameters should be construed in light of the number of reported significant digits and by applying ordinary rounding techniques. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of some embodiments of the invention are approximations, the numerical values set forth in the specific examples are reported as precisely as practicable. The numerical values presented in some embodiments of the invention may contain certain errors necessarily resulting from the standard deviation found in their respective testing measurements.

[00010] As used in the description herein and throughout the claims that follow, the meaning of "a," "an," and "the" includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of "in" includes "in" and "on" unless the context clearly dictates otherwise.

[00011] The recitation of ranges of values herein is merely intended to serve as a shorthand method of referring individually to each separate value falling within the range. Unless otherwise indicated herein, each individual value is incorporated into the specification as if it were individually recited herein. All methods described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The use of any and all examples, or exemplary language (e.g. "such as") provided with respect to certain embodiments herein is intended merely to better illuminate the invention and does not pose a limitation on the scope of the invention otherwise claimed. No language in the specification should be construed as indicating any non-claimed element essential to the practice of the invention.

[00012] Groupings of alternative elements or embodiments of the invention disclosed herein are not to be construed as limitations. Each group member can be referred to and claimed individually or in any combination with other members of the group or other elements found herein. One or more members of a group can be included in, or deleted from, a group for reasons of convenience and/or patentability. When any such inclusion or deletion occurs, the specification is herein deemed to contain the group as modified thus fulfilling the written description of all groups used in the appended claims.

OBJECTS OF THE INVENTION

[00013] Some of the objects of the present disclosure, which at least one embodiment herein satisfies are as listed herein below.

[00014] It is an object of the present disclosure to provide a user verification system that is highly secure.

[00015] It is another object of the present disclosure to provide a user verification system that uses a light and small scanning device. [00016] It is yet another object of the present disclosure to provide a user verification system that does not require the user to remember any user credentials such as username and password.

[00017] It is an object of the present disclosure to provide a user verification system that help secure even physical assets such as rooms, locks etc.

[00018] It is another object of the present disclosure to provide a user verification system that can be operated remotely.

[00019] It is yet another object of the present disclosure to provide a user verification system and method that enables to protect portable drives such as flash drives, portable hard disks, etc.

SUMMARY

[00020] This summary is provided to introduce a selection of concepts in a simplified form to be further described below in the Detailed Description. This summary is not intended to identity key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

[00021] The present disclosure relates to a system for user verification that uses biometric markers. In particular, it pertains to a system that uses a plurality of biometric markers for user verification.

[00022] In an aspect, present disclosure elaborates upon a method for user verification including: prompting, from a computing device, a user to provide a biometric scan (SDID) using a scanning device that is operatively coupled with the computing device, the prompting being done in response to the user request to verify the user with respect to an asset; receiving, at the computing device, the biometric scan (SDID) comprising a unique identifier associated with the scanning device (UDID), and a multi-factor authentication PIN (MFAPIN) that uniquely identifies the user; matching, at the computing device, the UDID and the MFAPIN in a database operatively coupled with the computing device; upon finding a match, retrieving, at the computing device, user credentials of the user pertaining to the asset corresponding to the MFAPIN; and providing access of the asset to the user based on the user credentials.

[00023] In another aspect, the scanning device can be connected with the computing device through a wired or wireless connection. [00024] In yet another aspect, the asset can be selected from any or a combination of the computing device, an application configured/installed in the computing device, a web- application accessed through the computing device, and hardware to be accessed.

[00025] In another aspect, the user credentials can be retrieved only when both the UDID and the MFAPIN find a joint match in the database.

[00026] In yet another aspect, the MFAPIN and the user credentials can be stored in an encrypted manner.

[00027] In an aspect, upon finding a match for the UDID and the MFAPIN, the computing device can enable change of user credentials at configured intervals.

[00028] In another aspect, the MFAPIN can be generated based on scanning of any or a combination of fingers, retina, voice, fingerprints, hand geometry, handwriting, iris, vein, and face, and further based on sequence of the scanning.

[00029] In yet another aspect, the scanning device can be selected from any or a combination of fingerprint scanner, iris scanner, voice scanner, and facial scanner. In yet another aspect, the scanning device can be any device capable of scanning biometrics of the user.

[00030] In an aspect, the UDID can be associated with the scanning device by manufacturer of the scanning device.

[00031] In an aspect, present disclosure elaborates upon a system for user for user verification including: a non-transitory storage device having embodied therein one or more routines; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines, wherein the one or more routines can include: a biometric scan prompt module, which when executed by the one or more processors, can prompt a user to provide a biometric scan (SDID) using a scanning device that is operatively coupled with the computing device, the prompting being done in response to the user request to verify the user with respect to an asset; a biometric scan receive module, which when executed by the one or more processors, can receive , at the computing device, the biometric scan (SDID) comprising a unique identifier associated with the scanning device (UDID), and a multi-factor authentication PIN (MFAPIN) that uniquely identifies the user; a biometric scan based matching module , which when executed by the one or more processors, can match, at the computing device, the UDID and the MFAPIN in a database operatively coupled with the computing device; a biometric scan based user credentials retrieval module, which when executed by the one or more processors, upon finding a match, can retrieve, at the computing device, biometrically translated/encrypted user credentials of the user pertaining to the asset corresponding to the MFAPIN; and a user credentials based asset access module , which when executed by the one or more processors, can provide access of the asset to the user based on the user credentials.

[00032] In an aspect, the present disclosure enables to provide a secure and improved user verification system and method that enables to protect the portable drives such as flash drives, portable hard disks, etc.

[00033] Various objects, features, aspects and advantages of the present disclosure will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like features.

BRIEF DESCRIPTION OF DRAWINGS

[00034] The accompanying drawings are included to provide a further understanding of the present disclosure, and are incorporated in and constitute a part of this specification. The drawings illustrate exemplary embodiments of the present disclosure and, together with the description, serve to explain the principles of the present disclosure. The diagrams are for illustration only, which thus is not a limitation of the present disclosure, and wherein:

[00035] FIG. 1A-1C illustrates various architectures of system proposed to illustrate its overall working, in accordance with an exemplary embodiment of the present disclosure.

[00036] FIG. 2 illustrates functional modules of system proposed, in accordance with an exemplary embodiment of the present disclosure.

[00037] FIG. 3A and FIG. 3B illustrate examples of working of the present disclosure, in accordance with an exemplary embodiment of the present disclosure.

[00038] FIG. 4 illustrates a method of working of system proposed, in accordance with an exemplary embodiment of the present disclosure.

[00039] FIG. 5 illustrates an exemplary computer system 500 in which or with which embodiments of the present invention may be utilized.

DETAILED DESCRIPTION

[00040] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. However, the amount of detail offered is not intended to limit the anticipated variations of embodiments; on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the present disclosure as defined by the appended claims.

[00041] In the following description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the present invention. It will be apparent to one skilled in the art that embodiments of the present invention may be practiced without some of these specific details.

[00042] Embodiments of the present invention include various steps, which will be described below. The steps may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special- purpose processor programmed with the instructions to perform the steps. Alternatively, steps may be performed by a combination of hardware, software, and firmware and/or by human operators.

[00043] Embodiments of the present invention may be provided as a computer program product, which may include a machine-readable storage medium tangibly embodying thereon instructions, which may be used to program a computer (or other electronic devices) to perform a process. The machine-readable medium may include, but is not limited to, fixed (hard) drives, magnetic tape, floppy diskettes, optical disks, compact disc read-only memories (CD-ROMs), and magneto-optical disks, semiconductor memories, such as ROMs, PROMs, random access memories (RAMs), programmable read-only memories (PROMs), erasable PROMs (EPROMs), electrically erasable PROMs (EEPROMs), flash memory, magnetic or optical cards, or other type of media/machine-readable medium suitable for storing electronic instructions (e.g., computer programming code, such as software or firmware).

[00044] Various methods described herein may be practiced by combining one or more machine-readable storage media containing the code according to the present invention with appropriate standard computer hardware to execute the code contained therein. An apparatus for practicing various embodiments of the present invention may involve one or more computers (or one or more processors within a single computer) and storage systems containing or having network access to computer program(s) coded in accordance with various methods described herein, and the method steps of the invention could be accomplished by modules, routines, subroutines, or subparts of a computer program product.

[00045] If the specification states a component or feature "may", "can", "could", or "might" be included or have a characteristic, that particular component or feature is not required to be included or have the characteristic.

[00046] As used in the description herein and throughout the claims that follow, the meaning of "a," "an," and "the" includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of "in" includes "in" and "on" unless the context clearly dictates otherwise.

[00047] Exemplary embodiments will now be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments are shown. These exemplary embodiments are provided only for illustrative purposes and so that this disclosure will be thorough and complete and will fully convey the scope of the invention to those of ordinary skill in the art. The invention disclosed may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Various modifications will be readily apparent to persons skilled in the art. The general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the invention. Moreover, all statements herein reciting embodiments of the invention, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future (i.e., any elements developed that perform the same function, regardless of structure). Also, the terminology and phraseology used is for the purpose of describing exemplary embodiments and should not be considered limiting. Thus, the present invention is to be accorded the widest scope encompassing numerous alternatives, modifications and equivalents consistent with the principles and features disclosed. For purpose of clarity, details relating to technical material that is known in the technical fields related to the invention have not been described in detail so as not to unnecessarily obscure the present invention.

[00048] Thus, for example, it will be appreciated by those of ordinary skill in the art that the diagrams, schematics, illustrations, and the like represent conceptual views or processes illustrating systems and methods embodying this invention. The functions of the various elements shown in the figures may be provided through the use of dedicated hardware as well as hardware capable of executing associated software. Similarly, any switches shown in the figures are conceptual only. Their function may be carried out through the operation of program logic, through dedicated logic, through the interaction of program control and dedicated logic, or even manually, the particular technique being selectable by the entity implementing this invention. Those of ordinary skill in the art further understand that the exemplary hardware, software, processes, methods, and/or operating systems described herein are for illustrative purposes and, thus, are not intended to be limited to any particular named element.

[00049] The ensuing description provides exemplary embodiments only, and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth in the appended claims.

[00050] The term "machine-readable storage medium" or "computer-readable storage medium" includes, but is not limited to, portable or non-portable storage devices, optical storage devices, and various other mediums capable of storing, containing, or carrying instruction(s) and/or data. A machine-readable medium may include a non-transitory medium in which data can be stored and that does not include carrier waves and/or transitory electronic signals propagating wirelessly or over wired connections. Examples of a non-transitory medium may include, but are not limited to, a magnetic disk or tape, optical storage media such as compact disk (CD) or digital versatile disk (DVD), flash memory, memory or memory devices. A computer-program product may include code and/or machine-executable instructions that may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or any combination of instructions, data structures, or program statements. A code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc. may be passed, forwarded, or transmitted via any suitable means including memory sharing, message passing, token passing, network transmission, etc. [00051] Furthermore, embodiments may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware or microcode, the program code or code segments to perform the necessary tasks (e.g., a computer-program product) may be stored in a machine-readable medium. A processor(s) may perform the necessary tasks.

[00052] Systems depicted in some of the figures may be provided in various configurations. In some embodiments, the systems may be configured as a distributed system where one or more components of the system are distributed across one or more networks in a cloud computing system.

[00053] In an implementation, one or more computing device(s) used herein may be any of a variety of types of computing device, including without limitation, a desktop computer system, a data entry terminal, a laptop computer, a notebook computer, a tablet computer, a handheld personal data assistant, a smartphone, a body-worn computing device incorporated into clothing, a computing device integrated into a vehicle (e.g., a car, a bicycle, etc.), a server, a cluster of servers, a server farm, etc.

[00054] In various embodiments, a computing device used herein can comprise a storage storing a control routine, a processor circuit, controls, a display, and a link interface for various uses of the proposed system including, without limitation, running application programs and communicating with various networks and devices such as the Internet and beacon devices. It is envisioned that some computing devices are likely to be relatively portable computing devices able to be carried on the person of its operator (e.g., a smartphone, a personal data assistant (PDA), a tablet computer, a watch or wearable computer, etc.). It is therefore further envisioned that the links formed between the various computing devices used herein is likely to be a wireless or a wired link.

[00055] The link may be based on any of a variety (or combination) of communications technologies by which signals may be exchanged, including without limitation, wired technologies employing electrically and/or optically conductive cabling, and wireless technologies employing infrared, radio frequency or other forms of wireless transmission. It is envisioned that one or more of these links may be implemented as channels of communication (e.g., virtual private network (VPN) channels or other forms of virtual channels) formed between computing devices through portions of the Internet. [00056] Generally, and in various embodiments, the link will use signaling and/or protocols conforming to any of a variety of industry standards, including without limitation, RS- 232C, RS-422, USB, Ethernet (IEEE-802.3) or IEEE-1394. Alternatively or additionally, where one or more portions of the link employ wireless signal transmission, one or more of the interfaces may employ signaling and/or protocols conforming to any of a variety of industry standards, including without limitation, IEEE 802.11a, 802.11b, 802.1 lg, 802.16, 802.20 (commonly referred to as "Mobile Broadband Wireless Access"); Bluetooth; ZigBee; or a cellular radiotelephone service such as GSM with General Packet Radio Service (GSM/GPRS), CDMA/lxRTT, Enhanced Data Rates for Global Evolution (EDGE), Evolution Data Only/Optimized (EV-DO), Evolution For Data and Voice (EV-DV), High Speed Downlink Packet Access (HSDPA), High Speed Uplink Packet Access (HSUPA), 4G LTE, etc.

[00057] The computing devices may store instructions to be executed by processor in storage, such as control routine. The storage may include various types of computer-readable storage media in the form of one or more higher speed memory units, such as read-only memory (ROM), random-access memory (RAM), dynamic RAM (DRAM), Double-Data-Rate DRAM (DDRAM), synchronous DRAM (SDRAM), static RAM (SRAM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, polymer memory such as ferroelectric polymer memory, ovonic memory, phase change or ferroelectric memory, silicon-oxide-nitride-oxide-silicon (SONOS) memory, magnetic or optical cards, an array of devices such as Redundant Array of Independent Disks (RAID) drives, solid state memory devices (e.g., USB memory, solid state drives (SSD) and any other type of storage media suitable for storing information. As such, and in various embodiments, storage may provide volatile and/or nonvolatile storage of data, data structures, computer-executable instructions, and so forth. For example, a number of program modules can be stored in memory units, including an operating system, and control routine.

[00058] The computing devices may execute processing operations or logic using a processing circuit in communication with control routine. The processing circuit may comprise various hardware elements, software elements, or a combination of both. Examples of hardware elements may include devices, logic devices, components, processors, microprocessors, circuits, processor circuits, circuit elements (e.g., transistors, resistors, capacitors, inductors, and so forth), integrated circuits, application specific integrated circuits (ASIC), programmable logic devices (PLD), digital signal processors (DSP), field programmable gate array (FPGA), memory units, logic gates, registers, semiconductor device, chips, microchips, chip sets, and so forth. Examples of software elements may include software components, programs, applications, computer programs, application programs, system programs, software development programs, machine programs, operating system software, middleware, firmware, software modules, routines, subroutines, functions, methods, procedures, software interfaces, application program interfaces (API), instruction sets, computing code, computer code, code segments, computer code segments, words, values, symbols, or any combination thereof. Determining whether an embodiment is implemented using hardware elements and/or software elements may vary in accordance with any number of factors, such as desired computational rate, power levels, heat tolerances, processing cycle budget, input data rates, output data rates, memory resources, data bus speeds and other design or performance constraints, as desired for a given implementation.

[00059] The processor circuit may be caused by control routine to initiate a registration process. During the registration process, a user is prompted for various pieces of personal information concerning the user such as a name, an address, contact information, account information, etc. The user may also be prompted to choose whether to opt-in, and if so, to which kinds of messages.

[00060] In various embodiments, one or more of the control routines deployed in proposed system may comprise a combination of an operating system, device drivers and/or application- level routines (e.g., so-called "software suites" provided on disc media, "applets" obtained from a remote server, etc.). Where an operating system is included, the operating system may be any of a variety of available operating systems appropriate for whatever corresponding ones of the processor circuits and, including without limitation, Windows™, OS X™, Linux®, Android OS™, iOS™, macOS™, Unix, Ubuntu, IRIX, BeO etc. etc. Where one or more device drivers are included, those device drivers may provide support for any of a variety of other components, whether hardware or software components, that comprise one or more of the computing devices.

[00061] In an aspect, the proposed system (interchangeably termed as system herein) can be operatively configured as a website accessible by any Internet enabled computing device, and can as well be configured as a mobile application that can be downloaded on a mobile device that can connect to Internet. In such manner, the proposed system can be available 24*7 to its users. Any other manner of implementation of the proposed system or a part thereof is well within the scope of the present disclosure/invention. The computing device can be a PC, a tablet, a smart phone and other like devices.

[00062] Each of the appended claims defines a separate invention, which for infringement purposes is recognized as including equivalents to the various elements or limitations specified in the claims. Depending on the context, all references below to the "invention" may in some cases refer to certain specific embodiments only. In other cases it will be recognized that references to the "invention" will refer to subject matter recited in one or more, but not necessarily all, of the claims.

[00063] All methods described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The use of any and all examples, or exemplary language (e.g., "such as") provided with respect to certain embodiments herein is intended merely to better illuminate the invention and does not pose a limitation on the scope of the invention otherwise claimed. No language in the specification should be construed as indicating any non-claimed element essential to the practice of the invention.

[00064] Various terms as used herein are shown below. To the extent a term used in a claim is not defined below, it should be given the broadest definition persons in the pertinent art have given that term as reflected in printed publications and issued patents at the time of filing.

[00065] The present disclosure relates to a system for user verification that uses biometric markers. In particular, it pertains to a system that uses a plurality of biometric markers for user verification.

[00066] In an aspect, present disclosure elaborates upon a method for user verification including: prompting, from a computing device, a user to provide a biometric scan (SDID) using a scanning device that is operatively coupled with the computing device, the prompting being done in response to the user request to verify the user with respect to an asset; receiving, at the computing device, the biometric scan (SDID) comprising a unique identifier associated with the scanning device (UDID), and a multi-factor authentication PIN (MFAPIN) that uniquely identifies the user; matching, at the computing device, the UDID and the MFAPIN in a database operatively coupled with the computing device; upon finding a match, retrieving, at the computing device, user credentials of the user pertaining to the asset corresponding to the MFAPIN; and providing access of the asset to the user based on the user credentials. [00067] In another aspect, the scanning device can be connected with the computing device through a wired or wireless connection.

[00068] In yet another aspect, the asset can be selected from any or a combination of the computing device, an application configured/installed in the computing device, a web- application accessed through the computing device, and hardware to be accessed.

[00069] In another aspect, the user credentials can be retrieved only when both the UDID and the MFAPIN find a joint match in the database.

[00070] In yet another aspect, the MFAPIN and the user credentials can be stored in an encrypted manner.

[00071] In an aspect, upon finding a match for the UDID and the MFAPIN, the computing device can enable change of user credentials at configured intervals.

[00072] In another aspect, the MFAPIN can be generated based on scanning of any or a combination of fingers, retina, voice, and face, and further based on sequence of the scanning.

[00073] In yet another aspect, the scanning device can be selected from any or a combination of fingerprint scanner, iris scanner, voice scanner, and facial scanner.

[00074] In an aspect, the UDID can be associated with the scanning device by manufacturer of the scanning device.

[00075] In an aspect, present disclosure elaborates upon a system for user for user verification including: a non-transitory storage device having embodied therein one or more routines; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines, wherein the one or more routines can include: a biometric scan prompt module, which when executed by the one or more processors, can prompt a user to provide a biometric scan (SDID) using a scanning device that is operatively coupled with the computing device, the prompting being done in response to the user request to verify the user with respect to an asset; a biometric scan receive module, which when executed by the one or more processors, can receive , at the computing device, the biometric scan (SDID) comprising a unique identifier associated with the scanning device (UDID), and a multi-factor authentication PIN (MFAPIN) that uniquely identifies the user; a biometric scan based matching module , which when executed by the one or more processors, can match, at the computing device, the UDID and the MFAPIN in a database operatively coupled with the computing device; a biometric scan based user credentials retrieval module, which when executed by the one or more processors, upon finding a match, can retrieve, at the computing device, biometrically translated/encrypted user credentials of the user pertaining to the asset corresponding to the MFAPIN; and a user credentials based asset access module , which when executed by the one or more processors, can provide access of the asset to the user based on the user credentials.

[00076] Various objects, features, aspects and advantages of the present disclosure will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like features.

[00077] FIG. 1 illustrates architecture of system proposed to illustrate its overall working, in accordance with an exemplary embodiment of the present disclosure.

[00078] In an aspect, proposed system aims to make a user authentication/verification process safe, simple and fast. It can readily be understood that the verification process enabled by proposed system can be deployed in multiple scenarios such as point of sale (POS) systems, e-commerce websites, website login, access control and monitoring systems, security systems and the like.

[00079] In an aspect, proposed system enables multi-finger authentication PIN ( interchangeably termed as MFAPIN herein) wherein the MFAPIN can have/ be associated with fingerprint data of different fingers of a user and the order in which the fingers have to be presented to an authenticating/verifying device such as a scanner ( interchangeably termed as a sub-device herein since in usual practice this device will be associated with another main device, say a mobile device ) in order to authenticate/verify the user. The authenticating device can be any device suitably configured to receive fingerprint data as a user puts his/her fingers over a designate region on the device, using procedures known in the art such as scanning the fingers and thereafter send the fingerprint data as well as sequence of scans to other components/modules of the proposed system using any suitable communication technique.

[00080] For instance, in case a user sets his/her MFAPIN as "Forefinger, Thumb, Mddle Finger and Ring Finger" then the user can authenticate himself/herself using the authentication device by scanning his/her fingers in the same sequence. Verification happens only of BOTH fingerprint data as well as sequence of scanning matches that as required by MFAPIN.

[00081] In an exemplary embodiment, proposed system can include a sub-device 104 operatively /communicatively coupled with a computing device 106. In an aspect, sub-device 104 can have a unique device ID (UDID) that can be provided to it either programmatically or as part of a manufacturing process. For instance, it can be embedded into its hardware.

[00082] In an aspect, during a registration process as illustrated in FIG. 1A, proposed system can enable a user 102 to provide an asset information and user credentials (UCs). Asset information can be that pertaining to an asset user wants secured by the proposed invention and user credentials can be any data provided by the user in order to secure the asset, upon provisioning of which at a future time the asset can be retrieved/made use of by the user as appropriate. For instance, asset information for a website can be the website URL while UCs for the website can be username and password used by the user to access/login to the website. In an exemplary embodiment, proposed system can enable necessary user interfaces on sub-device 104 for receiving such information from the user. In an alternate exemplary embodiment, such interfaces can be provided on computing device 106 itself, and user 102 can provide asset information 110 and user credentials 112 directly to computing device 106 itself (as illustrated in FIG.1A).

[00083] In another aspect, after receipt of asset information 110 and user credentials 112 for the same, proposed system can enable user 102 to provide his MFAPINreg 114 using sub- device 104. MFAPINreg 114 can be fingerprint scans of fingers of the user 102 and the order that the scans have to be provided to the proposed system during a verification process, as elaborated further. It can readily be appreciated that MFAPINreg 114 can comprise scan of only one finger (say thumb) when there will be no sequence information provided to the proposed system or expected by it at later stage.

[00084] In an exemplary embodiment, sub-device 104 can have a scanning interface to enable user 102 scan his fingers in order he wants.

[00085] In yet another aspect, sub-device 104 can associate its unique device ID (UDID) with MFAPINreg 114 so as to create a sub-device ID that can be termed as SDIDreg 116. Further, sub-device 104 can provide SDIDreg 116 to computing device 106.

[00086] In an aspect, upon receipt of information as elaborated above, computing device 106 can extract from the SDIDreg 116 the MFAPINreg 114 and the UDID. In another aspect, computing device 106 can biometrically translate/encrypt user credentials 112, the SDIDreg 116 (having the MFAPINreg 114 and the UDID) using a unique encryption and/or translation algorithm having a unique code. In yet another aspect, the unique encryption and/or translation algorithm can be pre-stored and/or automatically and/or dynamically generated in real-time. In an example, the unique encryption and/or translation algorithm having the unique code can be generated and/or utilized and/or retrieved using artificial intelligence (AI).

[00087] In an aspect, computing device 106 can biometrically translate/encrypt user credentials 112 which are then stored in encrypted form while storing at the database thereby implementing double encryption technique.

[00088] In an aspect, the unique code can be pre-stored and/or automatically and/or dynamically generated randomly in real-time and thereby allocated to said unique encryption and/or translation algorithm.

[00089] Further, in an aspect, computing device 106 can biometrically translate/encrypt the MFAPINreg 114 data and user credentials (UCs) 112. In another aspect, device 106 can associate the UDID, asset information 110, encrypted MFAPINreg 114 and encrypted user credentials 112 with a unique code.

[00090] In another aspect, the biometric translation algorithm can be selected randomly from a pre-stored set of encryption algorithms and the unique code can be associated with the biometric translation algorithm as well as its corresponding re-translation algorithm.

[00091] In an exemplary embodiment, computing device 106 can send the unique code, UDID, asset information 110, biometrically translated (encrypted) MFAPINreg 114 and encrypted user credentials 112 to database 108 as registration information 118 and all such information can be represented as a row of a table of the database, illustrated therein as row A.

[00092] It can readily be understood that database 108 can be configured within computing device 106 or at any place (for instance a remote server/cloud) as long it is communicably connected to the proposed system. Further, each combination of MFAPIN, UDID and asset information can lead to creation of a unique row in the database elaborated above, each pertaining to a different asset being registered using the proposed system by the user.

[00093] FIG. IB illustrates an asset retrieval process, in accordance with an exemplary embodiment of the present disclosure.

[00094] As can be readily understood the asset retrieval process requires asset information 110 and user credentials 112 to make use of / retrieve an asset. For instance, in case the asset is a website, the website URL (that is asset information) and user name and password (which form the user credentials) are required to make use of /login to the website. Similarly, in case the asset is a lock that is locked/unlocked using a code, asset information can pertain to, for instance, location of the lock while user credentials can be the code required to lock/unlock the code.

[00095] In an aspect, as illustrated in FIG. IB, a user (that can be same as user 102) can provide asset information 110 to computing device 106 and MFAPINnew 120 to sub-device 104 wherein the asset information is that provided earlier and MFAPINnew is the fingerprint scan information now provided by user 110. As before sub-device 104 can conjoin its UDID to MFAPINnew 120 to create an SDIDnew 122 and can further send SDIDnew 122 to computing device 106.

[00096] In another aspect, upon receipt of above information, computing device 106 can extract MFAPINnew 120 and UDID from SDIDnew 122. Further, computing device 106 can query database 108 to retrieve from database 108 information pertaining to a combination of UDID and asset information 110. As can be readily understood, database 108 can return registration information 118 as available in its row A as elaborated above since row A pertains to same combination of UDID and asset information 110. As already elaborated during the registration process, row A carries the unique code, UDID, asset information 110 , biometrically translated (encrypted) MFAPINreg 114 and biometrically translated (encrypted) user credentials 112

[00097] In yet another aspect, having received registration information 118 elaborated above, computing device 106 can determine the re-translation algorithm associated with the unique code. Using the re-translation algorithm, computing device 106 can then retranslate/decrypt encrypted MFAPINreg 114 and the encrypted user credentials 112 and hence generate MFAPINreg 114 and user credentials 112 provided by user 102 during the registration process. In an exemplary embodiment, computing device 106 can first generate MFAPINreg 114 and proceed to generating user credentials 112 only if MFAPINnew 120 matches MFAPINreg 114, else raise an alarm, as elaborated hereunder.

[00098] In another aspect, computing device 106 can compare re-translated MFAPINreg 114 with MFAPINnew 120 now provided and provide a verification output 124 based on results of the comparison. In case of an exact match, it can readily be understood that user 110 is same as user 102 that initially registered himself/herself for the asset. In such an event verification output can include user credentials 112 enabling user 102/110 to retrieve/make use of the asset. In an exemplary embodiment, verification output 124 can enable the user 102 to login to a website without providing his/her user credentials but instead providing the same MFAPIN as he/she had provided at the time of registering the website using the proposed system.

[00099] In yet another aspect, in case MFAPINnew 120 does not match MFAPINreg 114, it can readily be understood that userl lO is not the same as user 102. In such an event, verification output 124 can raise an alarm for system administrators and the asset can remain locked/irretrievable.

[000100] As can be readily understood, verification output to allow retrieval of an asset can be produced only if same combination of UDID and asset information 110 is provided as at time of registration and further present user is same as user that registered for the asset and uses his/her fingers in same manner and sequence as at time of registration (so that MFAPINnew produced matches MFAINreg). Since UDID is embedded in sub-device 104 at time of its manufacturing, the user has to use the same sub-device for registration as well as retrieval of the asset. Further, any mismatch in MFAPIN information, even if same device and same asset information is provided, can lead to verification output raising an alarm instead of providing user credentials. Hence proposed system offers multiple levels of security.

[000101] Further, proposed system decrypts translated user credentials data, having MFAPIN and UDID, only when required and hence enables a very high level of security.

[000102] In another aspect, proposed system can enable an automatic user credentials/ password change at pre-determined intervals, as elaborated in FIG. 1C.

[000103] In an aspect, proposed system can keep track of time when a registration process was performed by a user and, after a pre-determined time, send a notification to the user asking him/her to renew/change any or a combination of MFAPINreg and user credentials data. For the purpose firstly the system can authenticate the user based upon provided MFAPINnew and SDIDnew and retrieve the asset as elaborated above. Thereafter by appropriate user interfaces on sub-device 104, computing device 106 (that could be the user's mobile device as well for instance), or any combination of these, or any other computing device of the user configured to operatively communicate with the proposed system the proposed system can accept any or a combination of revised MFAPINreg and user credentials data and update the same for retrieval of the asset. [000104] In another aspect, proposed system need not ask the user for changed user credentials but instead can generate them on its own and associate the same with MFAPIN as provided by the user.

[000105] In an exemplary embodiment, the proposed system can periodically generate and update password for a website (and similarly for a plurality of websites) the user has registered for. At a pre-determined time after last password updation, the system can notify the user on his computing device/mobile device integrated with the sub-device as elaborated above. As before, system can receive MFAPINnew and SDIDnew in order to authenticate the user. Once authenticated, the system can use the user credentials to automatically gain access via a browser to the change password page of the website. Once there the system can generate revised user credentials (for instance user name or password or a combination) and update the user credentials at the website accordingly, using techniques well known.

[000106] Thereafter the system can associate the revised user credentials with current MFAPINreg and SDIDreg. Further, the system can biometrically translate/encrypt the MFAPINreg data and revised user credentials.

[000107] In another aspect, proposed system can associate the UDID ( extracted from SDIDreg), asset information, encrypted MFAPINreg and encrypted revised user credentials with a unique code and provide all this information as revised registration information to a database, as already elaborated, thereby changing the user credentials in such a manner that even the user may not know the revised user credentials. Thereafter, asset/website retrieval/login process may be same as already elaborated.

[000108] Tasks as above can be accomplished by sub-device 104 and computing device 106, revised registration information 118 can accordingly be generated and stored in database 108 and further retrieved as and when needed, as already elaborated above.

[000109] In a similar manner, MFAPINreg can as well be updated.

[000110] It can readily be appreciated that updating can be performed at pre-determined intervals or at the option of the user, as and when required.

[000111] As illustrated in FIG. 1C, at a pre-determined time after last password updation, system 100 can send update MFAPIN / User Credentials Notification 152 to user 102. The notification 152 can include asset information 110 (for instance, website 160 for which password need to be updated). [000112] Based upon above, user 102 can send MFAPINnew 120 and SDIDnew 122 to system 100 for website 160. After verification as elaborated above, system 100 can send user credentials 112 to the website 160 and so access the website 160's user credentials change page. Thereafter system 100 can generate and send revised user credentials 154 (for instance, revised password) to update the user credentials at website 160. Further, system 100 can use revised user credentials to update and store revised registration information 156 for further use as required.

[000113] As can be readily understood, proposed system avoids problems related with data entry of passwords as is used in present systems using keyboards, computers etc. In this manner, proposed system avoids at the client side ( in a server -client system wherein the server can be computing device 106 as elaborated above and the client can be configured to be in operative communication with sub-device 104 to receive MFAPIN data as required) issues such as phishing, key-logging, brute forcing, etc. Besides, a user does not need to remember/store somewhere any passwords since user's biometric data( for instance fingerprints) themselves can form a highly secure and non-tamperable password

[000114] Further, as can be appreciated, database 108 keeps registration information 118 in an encrypted format. Only when required is this encrypted registration information 118 retrieved from database 108 and then unencrypted (retranslated) by computing device 106 ( that can be server storing/accessing a website for example ) to generate user credentials for accessing the website after verification of the user, as elaborated above. Transmission of only biometrically translated (encrypted) data avoids 'man in the middle' attacks. Hence, in this manner, proposed system grants strong security at server side as well for client- server architecture.

[000115] FIG. 2 illustrates functional modules of system proposed, in accordance with an exemplary embodiment of the present disclosure.

[000116] In one embodiment, the proposed system may include at least one processor (not shown), an input/output (I/O) interface (not shown), and a memory (not shown). The processor may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the at least one processor is configured to fetch and execute computer-readable instructions stored in the memory. The I/O interface may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface may allow the system to interact with a user directly, and to communicate other computing devices, such as web servers and external data servers (not shown). The I/O interface can facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, LAN, cable, etc., and wireless networks, such as WLAN, cellular, or satellite. The I/O interface may include one or more ports for connecting a number of devices to one another or to another server. The memory may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. The memory may include modules and data.)

[000117] In an aspect, the proposed system (interchangeably termed as system herein) can be operatively configured as a client-server architecture in operative communication using Internet. Relevant modules of proposed system can as well be configured as part of a mobile application that can be downloaded on a mobile device that can connect to Internet. In such manner, the proposed system can be available 24*7 to its users. Any other manner of implementation of the proposed system or a part thereof is well within the scope of the present disclosure/invention. The computing device can be a PC, a tablet, a smart phone and other like devices.

[000118] In an exemplary embodiment, proposed system can include a biometric scan prompt module 202, a biometric scan receive module 204, a biometric scan based matching module 206, a biometric scan based user credentials retrieval module 208, and a user credentials based asset access module 210.

Biometric scan prompt module 202

[000119] In an aspect, module 202 can prompt a user to provide a biometric scan (that can be same as SDID elaborated above), using a scanning device that can be operatively coupled with it when the user makes a request to verify the user with respect to an asset.

[000120] For instance, when the user wants to access a website using the biometric verification methods proposed by the present system, proposed system can present appropriate interfaces on the scanning device asking the user to provide his/her biometric scan in the same sequence as earlier provided by the user during a registration process. [000121] In an aspect, the scanning device (such as device 104 as elaborated in FIG. l) can be connected to module 202 through a wired or wireless connection.

[000122] As already elaborated, the asset can be selected from any or a combination of the computing device, an application configured/installed in the computing device, a web- application accessed through the computing device, and hardware to be accessed.

[000123] In an exemplary embodiment, even physical assets, such as locks with codes can be unlocked using proposed system as their code (that is, user credential) can be provided on a display device upon verification of the user as elaborated herein.

[000124] As can be readily understood, all biometric markers of a person can be scanned using any or a combination of appropriately configured scanners.

[000125] In an aspect, module 202 can enable a user to provide an asset information and user credentials (UCs) during a registration process, and only asset information during a user verification/asset retrieval process. Asset information can be that pertaining to an asset a user (such as user 102 in FIG. 1A) wants secured by the proposed invention and user credentials can be any data provided by the user in order to secure the asset, upon provisioning of which at a future time the asset can be retrieved/made use of by him/her as appropriate. For instance, asset information for a website can be the website URL while UCs for the website can be username and password used by the user to access/login to the website. In an exemplary embodiment, proposed system can enable necessary user interfaces on sub-device 104 for receiving such information from the user. In an alternate exemplary embodiment, such interfaces can be provided on computing device 106 itself, and user 102 can provide asset information 110 and user credentials 112 directly to computing device 106 itself, as illustrated at FIG.1 A.

[000126] In an aspect, module 202 can be part of device 104. Device 104 can be interchangeably termed as a sub-device since under a usual operation it can be mounted on /be operatively coupled to a main device that can be a mobile device or a computing device carrying other functional modules of the proposed system.

[000127] It can be appreciated that device 104 can be a standalone device as well in communication with a computing device 106. Device 104 can provide MFAPIN and UDID (as elaborated herein) while rest of the processing can be done by device 106 using modules elaborated herein. Device 104 can be in wired or wireless communication with device 106. [000128] In another aspect, device 104 can receive one or a combination of biometric inputs such as finger print scans, iris scans and the like, as well as the sequence in which the scanning takes place to generate a multi-factor authentication personal identification (interchangeably termed as MFAPIN herein) that can be used for registration/verification of a user (for instance user 102 as illustrated in FIG. 1A) with the proposed system as further elaborated.

[000129] While the invention is elaborated herein taking an example of fingerprints being scanned in a sequence, that is not to be construed as a limitation and MFAPIN can as well include two or more different biometric inputs for instance, scan of right hand thumb followed by iris scan of left eye, finger scan of left index finger and iris scan of right eye, and in that order.

[000130] In yet another aspect, device 104 can have an embedded system, a communication module and a processor. It can be in operative communication with computing device 106 (FIG. l) or any of the modules elaborated therein as required using any well known communication technique wired or wireless. In an exemplary embodiment, device 104 can be in wireless communication with computing device 106 so that the proposed system can be used for remote verification as well.

[000131] In an aspect, sub-device 104 can have a unique device identification (interchangeably termed as UDID herein) that can be imparted to it programmatically or during its manufacturing process itself, as part of its embedded hardware. In this manner, each sub- device 104 can have its own corresponding UDID.

[000132] In another aspect, module 202 that may be configured in device 104 can conjoin MFAPIN data provided by a user with the UDID of the device 104 to create a sub-device ID (SDID), and further, provide this SDID to module 204 as elaborated hereunder. As can be appreciated, SDK) can be unique as it combines two unique parameters in turn.

[000133] In an aspect, during a registration process, module 202 can receive MFAPINreg from a user through device 104; conjoin it with UDID (using module 202) to create SDIDreg. Likewise during a retrieval process, module 202 can receive MFAPINnew and conjoin it with to create SDIDnew.

[000134] In an exemplary embodiment, during an initial registration process, proposed system can enable necessary user interfaces on sub-device 104 enabling the user to provide his/her MFAPIN for registering using proposed system by providing the asset information and

MFAPIN to device 104.

Biometric scan receive module 204

[000135] In an aspect, module 204 can receive from module 202 the SDID information. As already advised, SDID includes a unique identifier associated with the scanning device ( such as the UDID elaborated above ) and a multi-factor authentication PIN (MFAPIN) that uniquely identifies the user. Further, an MFAPIN includes various biometric information of a user as well as sequence in which the information has been provided to the proposed system.

[000136] As already elaborated, a combination of any one or more biometric markers of a user can be used to generate the MFAPIN, using appropriately configured scanning devices.

[000137] In an exemplary embodiment, the MFAPIN can be generated based on scanning of any or a combination of fingers, retina, voice, and face, and further based on sequence of the scanning, using scanning device selected from any or a combination of fingerprint scanner, iris scanner, voice scanner, and facial scanner.

[000138] In an aspect, during registration, module 204 can receive SDIDreg, asset information and UCs from module 202, can segregate MFAPINreg and UDID information from

SDID, and pass MFAPINreg, UDID, asset information and UCs to module 206.

[000139] In another aspect, during retrieval of an asset, module 204 can receive SDIDnew and asset information from module 202, can segregate MFAPINnew and UDID information from SDID, and pass MFAPINnew, UDID and asset information to module 206.

Biometric scan based matching module 206

[000140] In an aspect, module 206 can match the UDID and the MFAPIN in a database operatively coupled with it. This database can be, for instance, database 108 as elaborated in FIG. l.

[000141] As already elaborated, for the same asset (for instance, a website), proposed system aims to find a match between MFAPINnew now being provided and MFAPINreg earlier stored during registration, using the same UDID. Module 206 can enable finding such match and can provide a signal accordingly to module 208 as under.

[000142] In an aspect, module 206 can receive MFAPINreg, UDID, asset information and UCs from module 204. Further, module 206 can biometrically translate/ encrypt MFAPINreg and UCs using a unique translation algorithm. [000143] In another aspect, module 206 can create a unique code and associate with this code above information viz encrypted MFAPINreg, encrypted UCs, UDID, and asset information. Further module 206 can send this code and associated information as elaborated above as registration information 118 to a database (for instance database 108, as illustrated in FIG. 1A) Module 206 can further associate with the unique code corresponding retranslation algorithm.

[000144] In an aspect, during retrieval, module 206 can receive MFAPINnew, UDID and asset information from module 204. Using UDID and asset information, module 206 can query database 108 and get from database 108 the unique code, encrypted MFAPINreg and encrypted UCs corresponding. Having received the unique code, module 206 can determine corresponding retranslation algorithm and can retranslate/decrypt encrypted MFAPINreg and encrypted UCs.

[000145] Next, Module 206 can compare MFAPINnew and MFAPINreg and provide a verification output (as illustrated by 124 in FIG. 1 A) accordingly.

[000146] In case of an exact match of MFAPINnew and MFAPINreg, verification output can be provided to module 208 as a signal for further use as elaborated therein under.

[000147] In yet another aspect, in case if MFAPINnew does not match MFAPINreg, it can readily be understood that the present user (such as user 110 in FIG. IB) is not the same as the user who registered the asset (such as user 102 in FIG. 1A). In such an event, verification output 124 can raise an alarm for system administrators and the asset can remain locked / irretrievable.

[000148] As can be readily understood, verification output to allow retrieval of an asset can be produced only if same combination of UDID and asset information is provided as at time of registration and further present user is same as registered user and uses his/her fingers/biomarkers in same manner and sequence as at time of registration ( so that MFAPINnew produced matches MFAINreg) Since UDID is embedded in sub-device 104 at time of its manufacturing, the user has to use the same sub-device for registration as well as retrieval of the asset. Further, any mismatch in MFAPIN information, even if same device and same asset information is provided, can lead to verification output raising an alarm instead of providing user credentials. Hence proposed system offers multiple levels of security.

Biometric scan based user credentials retrieval module 208

[000149] In an aspect, module 208 can, upon receipt of signal upon matching as elaborated above, provide user credentials of the user pertaining to the asset corresponding to the MFAPIN. [000150] As can be readily understood, the user credentials can be retrieved only when both the UDK) and the MFAPIN find a joint match in the database.

User credentials based asset access module 210

[000151] In an aspect, upon receipt of user credentials, module 210 can provide access to the asset as initially requested by the user.

[000152] In an exemplary embodiment, the user credentials can enable the user to login to a website.

[000153] In such a manner, proposed system can enable the user to retrieve an asset (such as login to a website ) without providing his/her user credentials but instead providing the same MFAPIN as he/she had provided at the time of registering the website using the proposed system.

[000154] Further, proposed system can enable the computing device to enable a change of user credentials at configured intervals, upon finding a match for the UDID and the MFAPIN.

[000155] In an aspect, the change of user credentials can be as elaborated in FIG.1C.

[000156] It would be appreciated that modules elaborated herein are only exemplary modules and any other module or sub-module can be included as part of the proposed system. These modules too can be merged or divided into super-modules or sub-modules as may be configured, and can be configured across different devices/server/cloud as required and remain in operative communication with other modules as required using well known communication technologies. For instance, module 202 and module 204 can as well be configured along with in sub-device 104. Likewise, modules 204, 206, 208 and 210 can be configured in computing device 106/server that can as well contain database 108 or be in operative communication with database 108.

[000157] Further the modules can be configured in any sequence to achieve objectives elaborated. Also, it can be appreciated that proposed system can be configured in a computing device or across a plurality of computing devices operatively connected with each other, wherein the computing devices can be any of a computer, a laptop, a smart phone, an Internet enabled mobile device and the like. Therefore, all possible modifications, implementations and embodiments of where and how the proposed system is configured are well within the scope of the present invention. [000158] FIG. 3A and FIG. 3B illustrate examples of working of the present disclosure, in accordance with an exemplary embodiment of the present disclosure.

[000159] During a registration process, a user can provide website information and his/her user credentials such as name and password. The user can further provide his MFAPINreg. The system can biometrically translate/encrypt the MFAPINreg, name and password and generate a unique code associated with the corresponding retranslation/decryption algorithm. Further, as illustrated in FIG. 3 A the system can store in a database the website information as illustrated at 302, encrypted name at 304, encrypted password at 306, encrypted MFAPINreg at 308, UDID at 310 and unique code at 312.

[000160] During a verification/retrieval process, as shown in FIG 3B, the user can provide website information as illustrated at 352 and MFAPINnew as illustrated at 354. The MFAPINnew can be provided on the same scanning device with the same UDID, as illustrated at 356. Using common website and UDID information, proposed system can determine unique code (312) and thereby retranslate/decrypt MFAPINreg. Further, as illustrated at 358, proposed system can compare MFAPINreg with MFAPINnew. In case they are same, as illustrated at 360, proposed system can provide name and password to login system of the website and further automatically login the user using the name and password on the website, as illustrated at 362.

[000161] In another aspect, in case MFAINnew is not the same as MFAPINreg, proposed system can raise an alarm, as shown at 364.

[000162] In an exemplary embodiment, proposed system can enable a user to register on a website by providing his MFAPIN and UCs during registration process, and thereafter user only his MFAPIN to login to the website, as elaborated herein.

[000163] During registration, the user can start his computer system or mobile phone and can also switch on scanner/sub-device operatively connected to the proposed system. Thereafter, the proposed system can ask the user the website information ( such as website URL) and his current user credentials (UCs) for logging into the website that the user can provide using appropriate interfaces on his mobile device/ computing device, and can further ask if the user wants to setup Multi-Finger Authentication PIN for the website.

[000164] Upon the user confirming he wants to setup Multi-Finger Authentication PIN for the website, the proposed system can prompt the user to generate his MFAPIN by providing his fingerprints in a sequence on the scanning device. The scanning device can send MFAPIN with the UDID to the proposed system and thereafter confirm to the user that the registration process is complete.

[000165] During a future login process to the same website, proposed system asks the user to login using his MFAPIN. It may be appreciated that if the user has registered MFAPIN for the website, then he has to compulsorily scan MFAPIN, he has no choice of opting for a single factor authentication. The proposed system can prompt the user to provide his MFAPIN on the same scanning device that can be operatively connected to the proposed system. Upon the users so doing, proposed system can determine the user credentials for the website as elaborated above and can provide such credentials to the website login page, thereby enabling the user to login to the website.

[000166] In another exemplary embodiment, proposed system can keep track of password change at a website and can enable the user to set a pre-determined period for password change. At expiry of such period, the system can notify the user on his mobile phone asking him to provide his MFAPIN again on the same scanning device. Upon so doing, the system can automatically generate a strong new password for the website, open password change page of the website, change the password therein and associate the new password with the MFAPIN of the user so that upon next authentication/verification of the user, the new password is provided as user credential.

[000167] FIG. 4 illustrates a method of working of system proposed, in accordance with an exemplary embodiment of the present disclosure.

[000168] In an aspect, the proposed method can be described in general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. The method can also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, computer executable instructions may be located in both local and remote computer storage media, including memory storage devices.

[000169] The order in which the method as described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method or alternate methods. Additionally, individual blocks may be deleted from the method without departing from the spirit and scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof. However, for ease of explanation, in the embodiments described below, the method may be considered to be implemented in the above described system.

[000170] In an aspect present disclosure elaborates upon a method for user verification including , at step 402, prompting, from a computing device, a user to provide a biometric scan (SDID) using a scanning device that is operatively coupled with the computing device, the prompting being done in response to the user request to verify the user with respect to an asset.

[000171] In another aspect the method includes, at step 404, receiving, at the computing device, the biometric scan (SDID) comprising a unique identifier associated with the scanning device (UDID), and a multi-factor authentication PIN (MFAPIN) that uniquely identifies the user.

[000172] In yet another aspect the method includes, at step 406, matching, at the computing device, the UDID and the MFAPIN in a database operatively coupled with the computing device.

[000173] In an aspect the method includes, at step 408, upon finding a match, retrieving, at the computing device, user credentials of the user pertaining to the asset corresponding to the MFAPIN.

[000174] In another aspect the method includes, at step 410, providing access of the asset to the user based on the user credentials.

[000175] FIG. 5 illustrates an exemplary computer system 500 in which or with which embodiments of the present invention may be utilized.

[000176] Embodiments of the present disclosure include various steps, which have been described above. A variety of these steps may be performed by hardware components or may be tangibly embodied on a computer-readable storage medium in the form of machine-executable instructions, which may be used to cause a general-purpose or special-purpose processor programmed with instructions to perform these steps. Alternatively, the steps may be performed by a combination of hardware, software, and/or firmware. As shown in the figure, computer system 500 includes an external storage device 510, a bus 520, a main memory 530, a read only memory 540, a mass storage device 550, communication port 560, and a processor 570. A person skilled in the art will appreciate that computer system 500 may include more than one processor and communication ports. Examples of processor 570 include, but are not limited to, an Intel® Itanium® or Itanium 2 processor(s), or AMD® Opteron® or Athlon MP® processor(s), Motorola® lines of processors, FortiSOC™ system on a chip processors or other future processors. Processor 570 may include various modules associated with embodiments of the present invention. Communication port 560 can be any of an RS-232 port for use with a modem based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. Communication port 560 may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which computer system 500 connects. Memory 530 can be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art. Read only memory 540 can be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or BIOS instructions for processor 570. SANs and VSANs may also be deployed. Mass storage 550 may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage solutions include, but are not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces), e.g. those available from Seagate (e.g., the Seagate Barracuda 7200 family) or Hitachi (e.g., the Hitachi Deskstar 7K1000), one or more optical discs, Redundant Array of Independent Disks (RAID) storage, e.g. an array of disks (e.g., SATA arrays), available from various vendors including Dot Hill Systems Corp., LaCie, Nexsan Technologies, Inc. and Enhance Technology, Inc. Bus 520 communicatively couples processor(s) 570 with the other memory, storage and communication blocks. Bus 520 can be, e.g. a Peripheral Component Interconnect (PCI) / PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), USB or the like, for connecting expansion cards, drives and other subsystems as well as other buses, such a front side bus (FSB), which connects processor 570 to software system. Optionally, operator and administrative interfaces, e.g. a display, keyboard, and a cursor control device, may also be coupled to bus 520 to support direct operator interaction with computer system 500. Other operator and administrative interfaces can be provided through network connections connected through communication port 560. External storage device 510 can be any kind of external hard-drives, floppy drives, IOMEGA® Zip Drives, Compact Disc - Read Only Memory (CD-ROM), Compact Disc - Re-Writable (CD-RW), Digital Video Disk - Read Only Memory (DVD-ROM). Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system limit the scope of the present disclosure.

[000177] As can be readily understood, proposed system is highly secure. It employs Multi- Finger Authentication PIN and device ID in combination wherein the user has to scan the fingerprints in a pre-determined sequence on a device for registration and then on the same device for access/retrieval to the asset. Even in case of theft of fingerprint data, the thief will not be able to access/retrieve the asset being protected unless he has the device owned by user as well as sequence in which fingerprint data is to be used. Further, proposed system uses secure algorithms to biometrically translate the MFAPIN and thereby hashes and encrypts this information before storing it in a database. Even if such data is revealed to a hacker and he is somehow able to decrypt MFAPIN data he will not be able to use it unless he has access to the same sub-device that was used to receive MFAPIN data at time of registration as verification requires the same sub-device to be used, as already elaborated.

[000178] In another aspect, the scanning device of proposed system can be mounted on a main device (such as a mobile phone) and can draw its battery power from the mobile device itself, making it light and small.

[000179] In yet another aspect, proposed system does not require the user to remember any user credentials such as username and password. As biometric data is being used in proposed system the user is not required to remember any password etc. since user's biometric data can be used instead.

[000180] In an aspect, proposed system can help secure even physical assets such as rooms, locks etc. Proposed system enables securing even physical assets such as locks, rooms using highly secure biometric inputs. Proposed system can as well be used with existing security systems to provide for an additional layer of security using biometric data, thereby making them safer.

[000181] In another aspect, proposed system can enable receipt of biometric data for registration as well as verification purposes remotely (using, for instance, sub-devices configured to communicate with a central computing device using wireless technologies) and hence can enable remote operation. [000182] As used herein, and unless the context dictates otherwise, the term "coupled to" is intended to include both direct coupling (in which two elements that are coupled to each other or in contact each other) and indirect coupling (in which at least one additional element is located between the two elements). Therefore, the terms "coupled to" and "coupled with" are used synonymously. Within the context of this document terms "coupled to" and "coupled with" are also used euphemistically to mean "communicatively coupled with" over a network, where two or more devices are able to exchange data with each other over the network, possibly via one or more intermediary device.

[000183] Moreover, in interpreting both the specification and the claims, all terms should be interpreted in the broadest possible manner consistent with the context. In particular, the terms "comprises" and "comprising" should be interpreted as referring to elements, components, or steps in a non-exclusive manner, indicating that the referenced elements, components, or steps may be present, or utilized, or combined with other elements, components, or steps that are not expressly referenced. Where the specification claims refers to at least one of something selected from the group consisting of A, B, C ... .and N, the text should be interpreted as requiring only one element from the group, not A plus N, or B plus N, etc.

[000184] While some embodiments of the present disclosure have been illustrated and described, those are completely exemplary in nature. The disclosure is not limited to the embodiments as elaborated herein only and it would be apparent to those skilled in the art that numerous modifications besides those already described are possible without departing from the inventive concepts herein. All such modifications, changes, variations, substitutions, and equivalents are completely within the scope of the present disclosure. The inventive subject matter, therefore, is not to be restricted except in the spirit of the appended claims.

ADVANTAGES OF THE INVENTION

[000185] The present disclosure provides a user verification system that is highly secure.

[000186] The present disclosure provides a user verification system that uses a light and small scanning device.

[000187] The present disclosure provides a user verification system that does not require the user to remember any user credentials such as username and password. [000188] The present disclosure provides a user verification system that help secure even physical assets such as rooms, locks etc.

[000189] The present disclosure provides a user verification system that can be operated remotely.

Claims

I Claim:

1. A method for user verification comprising:

prompting, from a computing device, a user to provide a biometric scan (SDID) using a scanning device that is operatively coupled with the computing device, said prompting being done in response to the user request to verify the user with respect to an asset;

receiving, at the computing device, the biometric scan (SDID) comprising a unique identifier associated with the scanning device (UDID), and a multi-factor authentication PIN (MFAPIN) that uniquely identifies the user;

matching, at the computing device, the UDID and the MFAPIN in a database operatively coupled with the computing device;

upon finding a match, retrieving, at the computing device, user credentials of the user pertaining to the asset corresponding to the MFAPIN; and

providing access of the asset to the user based on the user credentials.

2. The method of claim 1, wherein the scanning device is connected with the computing device through a wired or wireless connection, and wherein the scanning device is adapted to receive power from any or combination of the computing device, a rechargeable battery and a replaceable battery.

3. The method of claim 1, wherein the asset is selected from any or a combination of the computing device, an application configured/installed in the computing device, a web- application accessed through the computing device, and a hardware to be accessed.

4. The method of claim 1, wherein the user credentials are retrieved only when both the UDID and the MFAPIN find a joint match in the database.

5. The method of claim 1, wherein the biometric scan (SDID) and a biometrically translated/encrypted user credentials are stored in an encrypted database.

6. The method of claim 1 , wherein upon finding a match for the UDID and the MFAPIN, said computing device enables change of user credentials at configured intervals.

7. The method of claim 1, wherein the MFAPIN is generated based on scanning of any or a combination of fingers, retina, voice, and face, and further based on sequence of said scanning.

8. The method of claim 1, wherein the scanning device is selected from any or a combination of fingerprint scanner, iris scanner, voice scanner, and facial scanner.

9. The method of claim 1, wherein the UDID is associated with the scanning device by manufacturer of the scanning device.

10. A system for user verification comprising:

a non-transitory storage device having embodied therein one or more routines; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines, wherein the one or more routines include:

a biometric scan prompt module, which when executed by the one or more processors, prompts a user to provide a biometric scan (SDID) using a scanning device that is operatively coupled with the computing device, said prompting being done in response to the user request to verify the user with respect to an asset;

a biometric scan receive module, which when executed by the one or more processors, receives, at the computing device, the biometric scan (SDID) comprising a unique identifier associated with the scanning device (UDID), and a multi-factor authentication PIN (MFAPIN) that uniquely identifies the user;

a biometric scan based matching module, which when executed by the one or more processors, matches, at the computing device, the UDID and the MFAPIN in a database operatively coupled with the computing device;

a biometric scan based user credentials retrieval module, which when executed by the one or more processors, upon finding a match, retrieves, at the computing device, biometrically translated/encrypted user credentials of the user pertaining to the asset corresponding to the MFAPIN; and

a user credentials based asset access module, which when executed by the one or more processors, provides access of the asset to the user based on the user credentials.