Portable or embedded access and input devices and methods for giving access to access limited devices, apparatuses, appliances, systems or networks
First Claim
1. Portable access device for being coupled to, and for allowing only authorized users access to, an access-limited apparatus, device, network or system, e.g. a computer terminal, an internet bank or a corporate or government intranet comprising a device interface, being electronic or mechanical or both, for coupling the device to the access-limited unit, e.g. a computer terminal port, characterized by an integrated circuit (IC) (1) providing increased security by bridging the functionality of fingerprint input from a user and, upon positive authentication of the user'"'"'s fingerprint to provide secure communication with the said access-limited apparatus, device, network or system, said IC comprising:
- a processor unit (2) communicating with the other on-chip components via a high speed bus (3), a first memory interface block (6B or 6D) being connected to the high speed bus (3) for interfacing with volatile memory (6A or 6C) as thus providing working memory available to other modules on the IC (1), a second memory interface block (7B or 7D) being connected to the high speed bus (3) for interfacing with non-volatile memory (7A or 7 or 7E), for storing of program code, e.g. administrative software, tailored security output responses and fingerprint representations in the form of so-called fingerprint minutiae, a first interface block (5A) for being coupled to a fingerprint sensor (5) said first interface block (5A) is connected to an image capture and pre-processing block (5C), said image capture and pre-processing block (5C) is adapted to perform the initial heavy-duty processing of the raw fingerprint images captured from the sensor (5) into a dataset of reduced size, denoted intermediate fingerprint data, the intermediate fingerprint data being submitted as output to the central processor block (2) via the high speed bus (3) for final processing to compact fingerprint representations by so-called minutiae, on the central processor (2), encryption modules (8 or 8A, 8B and 8C) connected to the high-speed bus (3) for providing encryption information, or alternatively scrambling information, the processor unit (2) is adapted to apply the encryption information to the fingerprint data for producing secured data as an output to the high speed bus (3) and one or more second interface blocks (9A, 9B, 9C or 9D) for supplying the secured data to the external access-limited apparatus, device or system via the device interface.
0 Assignments
0 Petitions
Accused Products
Abstract
A portable or embedded access device is provided for being coupled to, and for allowing only authorized users access to, an access-limited apparatus, device, network or system, e.g. a computer terminal, an internet bank or a corporate or government intranet. The access device comprises an integrated circuit (IC) (1) providing increased security by bridging the functionality of biometrics input from a user and, upon positive authentication of the user'"'"'s fingerprint locally to provide secure communication with the said access-limited apparatus, device, network or system, whether local or remote.
A corresponding method of using the portable device or the embedded device is disclosed for providing a bridge from biometrics input to a computer locally, into secure communication protocol responses to a non-biometrics network.
An embedded access control and user input device or apparatus for being a built-in part of stand alone appliances with some form of access control, e.g. hotel safes, medicine cabinet or the like, and for providing increased security, is also provided.
Further, a method of providing secured access control and user input in stand-alone appliances having an embedded access control or user input device according to the invention is also explained.
241 Citations
23 Claims
-
1. Portable access device for being coupled to, and for allowing only authorized users access to, an access-limited apparatus, device, network or system, e.g. a computer terminal, an internet bank or a corporate or government intranet comprising
a device interface, being electronic or mechanical or both, for coupling the device to the access-limited unit, e.g. a computer terminal port, characterized by an integrated circuit (IC) (1) providing increased security by bridging the functionality of fingerprint input from a user and, upon positive authentication of the user'"'"'s fingerprint to provide secure communication with the said access-limited apparatus, device, network or system, said IC comprising: -
a processor unit (2) communicating with the other on-chip components via a high speed bus (3), a first memory interface block (6B or 6D) being connected to the high speed bus (3) for interfacing with volatile memory (6A or 6C) as thus providing working memory available to other modules on the IC (1), a second memory interface block (7B or 7D) being connected to the high speed bus (3) for interfacing with non-volatile memory (7A or 7 or 7E), for storing of program code, e.g. administrative software, tailored security output responses and fingerprint representations in the form of so-called fingerprint minutiae, a first interface block (5A) for being coupled to a fingerprint sensor (5) said first interface block (5A) is connected to an image capture and pre-processing block (5C), said image capture and pre-processing block (5C) is adapted to perform the initial heavy-duty processing of the raw fingerprint images captured from the sensor (5) into a dataset of reduced size, denoted intermediate fingerprint data, the intermediate fingerprint data being submitted as output to the central processor block (2) via the high speed bus (3) for final processing to compact fingerprint representations by so-called minutiae, on the central processor (2), encryption modules (8 or 8A, 8B and 8C) connected to the high-speed bus (3) for providing encryption information, or alternatively scrambling information, the processor unit (2) is adapted to apply the encryption information to the fingerprint data for producing secured data as an output to the high speed bus (3) and one or more second interface blocks (9A, 9B, 9C or 9D) for supplying the secured data to the external access-limited apparatus, device or system via the device interface. - View Dependent Claims (2, 3, 4, 5, 6, 10, 11, 12, 13, 14, 15, 16)
-
-
7. Embedded access device for integration into peripherals of networked computers or communication terminals, to allow only authorized users access to all types of proprietary networks (LAN, WAN, etc.) typically represented by internet banking applications, corporate and government intranets, and similar, including
a device interface, being electronic or mechanical or both, for integration by embedment in peripherals of a computer terminal like in a PC mouse, keyboard or on the computer itself whether it is a laptop PC, a PDA or in cell phone with wired or wireless access to a network, or networked devices containing a computer permanently or occasionally serving as a terminal in a network, characterized by an integrated circuit (IC) (1) providing increased security by bridging the functionality of fingerprint input from a user and fingerprint authentication to provide secure communication with the said terminal and the network it is permanently or occasionally networked to, by wire or wireless connection, said IC comprising: -
a processor unit (2) communicating with the other on-chip components via a high speed bus (3), a first memory interface block (6B or 6D) being connected to the high speed bus (3) for interfacing with volatile memory (6A or 6C) thus providing working memory available to other modules on the integrated circuit, a second memory interface block (7B or 7D) being connected to the high speed bus (3) for interfacing with non-volatile memory (7A or 7 or 7E), for storing of program code, e.g. administrative software, tailored security output responses, and fingerprint representations in the form of so-called fingerprint minutiae, a first interface block (5A) for being coupled to a fingerprint sensor (5) said first interface block (5A) is connected to an image capture and pre-processing block (5C), said sensor signal capturing and pre-processing block (5C) is adapted to perform the initial heavy-duty processing of the raw fingerprint images captured from the sensor (5) into a dataset of reduced size, denoted intermediate fingerprint data, the intermediate fingerprint data being submitted as output to the central processor block (2) via the high speed bus (3) for final processing to compact fingerprint representations by so-called minutiae, on the central processor (2), encryption modules (8 or 8A, 8B and 8C) connected to the high-speed bus (3) for providing encryption information, or alternatively scrambling information, the processor unit (2) is adapted to apply the encryption information to the fingerprint data for producing secured data as an output to the high speed bus (3) one or more second interface blocks (9A, 9B, 9C or 9D) for supplying the secured data to the external access-limited apparatus, device or system via the device interface. - View Dependent Claims (8, 9)
-
-
17. Method according to clam 16, wherein
the said secure communication parameters can only be retrieved from the embedded SmartCard block (7C) or from the external SmartCard chip (7E) upon a positive match of the captured fingerprint relative to a fingerprint representation of an authorized person, and an output signal from the chip (1) including secure communication responses are initiated in dependence upon the result of a comparison of the captured fingerprint relative with a fingerprint representation of an authorized person.
-
18. Embedded access control and user input device or apparatus for being a built-in part of stand alone appliances with some form of access control, e.g. hotel safes, medicine cabinet or the like, and for providing increased security,
characterized by an integrated circuit (IC) (1) for bridging the functionality of fingerprint input from a user to secure communication with other parts of the said stand-alone appliance, said IC comprising a processor unit (2) communicating with the other on-chip components via a high speed bus (3), a first memory interface block (6B or 6D) being connected to the high speed bus (3) for interfacing with volatile memory (6A or 6C), thus providing working memory available to other modules on the integrated circuit, a second memory interface block (7B or 7D) being connected to the high speed bus (3) for interfacing with non-volatile memory (7A or 7 or 7E), for storing of program code, e.g. administrative software, tailored security output responses, and fingerprint representations in the form of so-called fingerprint minutiae, a first interface block (5A) for being coupled to a fingerprint sensor (5) said first interface block (5A) is connected to an image capture and pre-processing block (5C), said image capture and pre-processing block (5C) is adapted to perform the initial heavy-duty processing of the raw fingerprint images captured from the sensor (5) into a dataset of reduced size, denoted intermediate fingerprint data, the intermediate fingerprint data being submitted as output to the central processor block (2) via the high speed bus (3) for final processing to compact fingerprint representations by so-called minutiae, on the central processor (2), encryption modules (8 or 8A, 8B and 8C) connected to the high-speed bus (3) for providing encryption information, or alternatively scrambling information or for performing encryption or scrambling, the processor unit (2) is adapted to apply the encryption or scrambling information to the fingerprint data for producing secured data as an output to the high speed bus (3) one or more second interface blocks (9A, 9B or 9C) for supplying the secured data to other modules of the stand-alone appliance.
Specification