IN-CIRCUIT SECURITY SYSTEM AND METHODS FOR CONTROLLING ACCESS TO AND USE OF SENSITIVE DATA

US 20100005314A1
Filed: 09/08/2009
Published: 01/07/2010
Est. Priority Date: 05/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to an electronic device having an in-circuit security system, comprising:

a. requiring enrollment of a personal identity credential within an identity credential verification subsystem,b. associating the personal identity credential with at least one security privilege,c. requesting a personal identity credential sample be provided to the identity credential verification subsystem upon access request,d. comparing the personal identity credential sample to at least one enrolled personal identity credential within the identity credential verification subsystem,e. determining existence of a match between the personal identity credential sample and an enrolled personal identity credential, f. determining all security privileges associated with the personal identity credential sample,g. determining access authorization based on at least one of said determined existence of a match or said determined security privileges,h. granting or denying access based on said access authorization, andi. performing any actions required for said granting or denying of access as stipulated by security settings.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secured using industry-established mechanisms for preventing information tampering or eavesdropping, such as the addition of oxygen reactive layers. This invention also incorporates means for establishing security settings, profiles, and responses for the in-circuit security system and enrolled individuals. The in-circuit security system can be used in a variety of electronic devices, including handheld computers, secure facility keys, vehicle operation/ignition systems, and digital rights management.

Citations

20 Claims

1. A method for controlling access to an electronic device having an in-circuit security system, comprising:
- a. requiring enrollment of a personal identity credential within an identity credential verification subsystem,b. associating the personal identity credential with at least one security privilege,c. requesting a personal identity credential sample be provided to the identity credential verification subsystem upon access request,d. comparing the personal identity credential sample to at least one enrolled personal identity credential within the identity credential verification subsystem,e. determining existence of a match between the personal identity credential sample and an enrolled personal identity credential, f. determining all security privileges associated with the personal identity credential sample,g. determining access authorization based on at least one of said determined existence of a match or said determined security privileges,h. granting or denying access based on said access authorization, andi. performing any actions required for said granting or denying of access as stipulated by security settings.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the requested access is to access stored data.
  - 3. The method of claim 1 wherein the requested access is to selectively disable components.
  - 4. The method of claim 1, wherein the requested access is to selectively enable disabled components.
  - 5. The method of claim 1, wherein the requested access is to selectively destroy components.

6. A method, comprising:
- disabling a portion of a single integrated circuit of an electronic device, the portion of the single integrated circuit being associated with functionality of the single integrated circuit not used during operation of an identity credential verification subsystem of the single integrated circuit;
  
  identifying, at the identity credential verification subsystem, a user of the electronic device based on an identity credential;
  
  verifying the user of the electronic device based on a security privilege associated with the identity credential; and
  
  enabling the portion of the single integrated circuit when the user is identified based on the identity credential associated with the user and verified based on the security privilege associated with the identity credential.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, wherein the single integrated circuit includes a real-time clock, the method further comprising:
    - halting operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 8. The method of claim 6, wherein the single integrated circuit includes a power source and a real-time clock, the method further comprising:
    - disconnecting the power source from the real-time clock when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 9. The method of claim 6, wherein the electronic device is an electronic lock mechanism, the method further comprising:
    - sending a signal configured to unlock the electronic lock mechanism when the portion of the single integrated circuit is enabled and when the security privilege permits access to data or a location protected by the electronic lock mechanism.
  - 10. The method of claim 6, wherein the electronic device is an electronic lock mechanism, the method further comprising:
    - sending a signal configured to place the electronic lock mechanism in a state such that the electronic lock mechanism cannot be unlocked unless the electronic lock mechanism is reset by a recognized authority when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 11. The method of claim 6, wherein the electronic device is an electronic lock mechanism, the identity credential is a first identity credential, the method further comprising:
    - sending a signal configured to place the electronic lock mechanism in a state such that the identity credential verification subsystem does not accept a second identity credential when the identity credential verification subsystem denies access based on the first identity credential.
  - 12. The method of claim 6, wherein the identity credential is a biometric input of the user, the identifying including:
    - producing a biometric template based on the biometric input of the user; and
      
      comparing the biometric template of the user to at least one pre-enrolled biometric template stored at the electronic device, the user being identified when the biometric template matches a pre-enrolled biometric template.
  - 13. The method of claim 6, wherein the verifying includes:
    - determining the security privilege based on the identity credential; and
      
      determining access rights associated with the user based on the security privilege.

14. A method, comprising:
- producing, at a single integrated circuit of an electronic device, a biometric template based on a biometric input of a user;
  
  authenticating, at the single integrated circuit of the electronic device, the biometric template of the user based on a pre-enrolled biometric template stored at the electronic device; and
  
  disconnecting a power source of the single integrated circuit from a real-time clock of the single integrated circuit when the processor denies access for a predetermined number of access attempts within a predetermined period of time.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the single integrated circuit includes an identity credential verification subsystem, a processor and a cryptographic subsystem, the method further comprising:
    - sending a signal from the identity credential verification subsystem to the processor, the signal configured to indicate that the user is authorized to use a stored private key when the biometric template of the user is authentic;
      
      sending an electronic message associated with input from the user, from the processor to the cryptographic subsystem; and
      
      encrypting the electronic message based on the private key to produce an encrypted electronic message.
  - 16. The method of claim 14, wherein the single integrated circuit includes a processor and a cryptographic subsystem, the method further comprising:
    - sending an electronic message associated with input from the user from the processor to the cryptographic subsystem such that the cryptographic subsystem electronically signs the electronic message to produce an encrypted electronic message; and
      
      sending the encrypted electronic message from the cryptographic subsystem to a transmitter such that the encrypted electronic message is output to a recipient.
  - 17. The method of claim 14, wherein the electronic device is an electronic lock mechanism, the single integrated circuit includes an identity credential verification subsystem, the method further comprising:
    - sending an identifier associated with the user from the identity credential verification subsystem to the processor when the biometric template of the user is authentic;
      
      determining a security privilege associated with the user based on the identifier associated with the user; and
      
      sending a signal configured to unlock the electronic lock mechanism when the security privilege associated with the user permits access to data or a location protected by the electronic lock mechanism.
  - 18. The method of claim 14, wherein the disconnecting the power source from the real-time clock halts operation of the real-time clock.
  - 19. The method of claim 14, wherein the electronic device is an electronic lock mechanism, the single integrated circuit includes an identity credential verification subsystem, the method further comprising:
    - sending a signal configured to place the electronic lock mechanism in a state such that the electronic lock mechanism cannot be unlocked unless the electronic lock mechanism is reset by a recognized authority when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 20. The method of claim 14, wherein the electronic device is an electronic lock mechanism, the single integrated circuit includes an identity credential verification subsystem, the biometric input being a first biometric input, the method further comprising:
    - sending a signal configured to place the electronic lock mechanism in a state such that the identity credential verification subsystem does not accept a second biometric input when the identity credential verification subsystem denies access based on the first biometric input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Privaris, Inc.
Inventors
Tilack, Jonathan A., Johnson, Barry W., Olvera, Kristen R., Russell, David C.

Granted Patent

US 8,495,382 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 16/51   Indexing; Data structures t...

G06F 18/22   Matching criteria, e.g. pro...

G06F 21/1076   Revocation

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/6209   to a single file or object,...

G06F 21/72   in cryptographic circuits

G06F 21/85   interconnection devices, e....

G06V 40/13   Sensors therefor

G06V 40/1365   Matching; Classification

H04L 63/06   for supporting key manageme...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 9/3231   Biological data, e.g. finge...

H04N 21/25875   involving end-user authenti...

H04N 21/4415   using biometric characteris...

IN-CIRCUIT SECURITY SYSTEM AND METHODS FOR CONTROLLING ACCESS TO AND USE OF SENSITIVE DATA

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IN-CIRCUIT SECURITY SYSTEM AND METHODS FOR CONTROLLING ACCESS TO AND USE OF SENSITIVE DATA

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links