Method and system for secure FIDO development kit with embedded hardware
First Claim
1. A method for use of a biometric template to perform authentication through biometric data using three distinct application programs and a trusted execution environment in a computing device, comprising:
- storing, in a first memory of a computing device, a biometric application program including a biometric module, a third party application program, and a verification application program, where the biometric application program is in compliance with the Fast IDentity Online (FIDO) alliance;
receiving, by an input device of the computing device, first biometric data of a user;
generating, by the biometric module of the computing device, a first template based on the first biometric data;
generating, by a generation module of the computing device, a cryptographic key pair comprised of a private key and a corresponding public key using an encryption algorithm;
encrypting, by an encryption module of the computing device, the first template using the public key;
storing, in a second memory of the computing device, the private key, wherein the second memory is a trusted execution environment;
storing, in the computing device, the encrypted first template;
receiving, by the biometric application program, a biometric request submitted by the third party application program;
receiving, by the input device of the computing device, second biometric data of the user;
generating, by the biometric module of the computing device, a second template based on the second biometric data;
receiving, by the verification application program, the second template transmitted by the biometric application program;
decrypting, by the verification application program, the encrypted first template using the private key stored in the second memory of the computing device;
verifying, by the verification application program, the second template based on the decrypted first template; and
receiving, by the third party application program, a result of the verification, whereinthe biometric application program and the third party application program are prevented from accessing the trusted execution environment or decrypted first template,the verification application program is prevented from accessing the first biometric data and the second biometric data, andthe third party application program receives the result of the verification without receiving the first biometric data, the second biometric data, the second template, or the private key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for registration of a biometric template in a computing device includes: storing, in a first memory of a computing device, a biometric module; receiving, by an input device of the computing device, biometric data of a user; generating, by the biometric module of the computing device, a template based on the biometric data; generating, by a generation module of the computing device, a cryptographic key pair comprised of a private key and a corresponding public key using an encryption algorithm; encrypting, by an encryption module of the computing device, the generated template using the private key; storing, in a second memory of the computing device, the private key, wherein the second memory is a trusted execution environment; and storing, in the computing device, the encrypted template.
25 Citations
20 Claims
-
1. A method for use of a biometric template to perform authentication through biometric data using three distinct application programs and a trusted execution environment in a computing device, comprising:
-
storing, in a first memory of a computing device, a biometric application program including a biometric module, a third party application program, and a verification application program, where the biometric application program is in compliance with the Fast IDentity Online (FIDO) alliance; receiving, by an input device of the computing device, first biometric data of a user; generating, by the biometric module of the computing device, a first template based on the first biometric data; generating, by a generation module of the computing device, a cryptographic key pair comprised of a private key and a corresponding public key using an encryption algorithm; encrypting, by an encryption module of the computing device, the first template using the public key; storing, in a second memory of the computing device, the private key, wherein the second memory is a trusted execution environment; storing, in the computing device, the encrypted first template; receiving, by the biometric application program, a biometric request submitted by the third party application program; receiving, by the input device of the computing device, second biometric data of the user; generating, by the biometric module of the computing device, a second template based on the second biometric data; receiving, by the verification application program, the second template transmitted by the biometric application program; decrypting, by the verification application program, the encrypted first template using the private key stored in the second memory of the computing device; verifying, by the verification application program, the second template based on the decrypted first template; and receiving, by the third party application program, a result of the verification, wherein the biometric application program and the third party application program are prevented from accessing the trusted execution environment or decrypted first template, the verification application program is prevented from accessing the first biometric data and the second biometric data, and the third party application program receives the result of the verification without receiving the first biometric data, the second biometric data, the second template, or the private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for use of a biometric template to perform authentication through biometric data using three distinct application programs and a trusted execution environment in a computing device, comprising:
-
an input device of a computing device configured to receive first biometric data of a user; a first memory of the computing device configured to store a biometric application program including a biometric module configured to generate a first template based on the first biometric data, a third party application program, and a verification application program, where the biometric application program is in compliance with the Fast IDentity Online (FIDO) alliance; a generation module of the computing device configured to generate a cryptographic key pair comprised of a private key and a corresponding public key using an encryption algorithm; an encryption module of the computing device configured to encrypt the generated first template using the public key, wherein the encrypted template is stored in the computing device; and a second memory of the computing device configured to store the private key, wherein the second memory is a trusted execution environment, wherein the biometric application program is configured to receive a biometric request submitted by the third party application program; the input device of the computing device is further configured to receive a second biometric data of the user; the verification application program is configured to receive the second template transmitted by the biometric application program, decrypt the encrypted first template using the private key stored in the second memory of the computing device, and verify the second template based on the decrypted first template; the third party application program is configured to receive a result of the verification; the biometric application program and the third party application program are prevented from accessing the trusted execution environment or decrypted first template; the verification application program is prevented from accessing the first biometric data and the second biometric data; and the third party application program receives the result of the verification without receiving the first biometric data, the second biometric data, the second template, or the private key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification