Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
First Claim
1. A stand-alone computing device incorporating;
- a processor, memory and software;
a password authentication process;
a method of generating a device ID from characteristics of device hardware components;
a method of obtaining a PIN value by one of a) generating said PIN value from said device ID and b) a method of entering said PIN value on the device;
a method of generating a one-way hashed value of said PIN;
a method of obfuscating and de-obfuscating a password using said hashed value of said PIN and said Device ID;
a method of storing said obfuscated password in said memory;
a biometric sensor capability;
said software capable of transforming biometric sample data to a consistent angle of inclination, biometrically enrolling and verifying the identity of device users by matching the biometric samples captured from said biometric sensor with at least one biometric template stored in encrypted form in the device memory;
a method of generating a template encryption key using at least said obfuscated password and said hashed PIN;
a method of encrypting and decrypting said biometric template using said encryption key;
a method of de-obfuscating said password and submitting it to said authentication process in response to the successful decryption of the said biometric template and the successful matching of said biometric sample to said biometric template.
3 Assignments
0 Petitions
Accused Products
Abstract
Biometric data, suitably transformed are obtained from a biometric input device contained within a stand-alone computing device and used in conjunction with a PIN to authenticate the user to the device. The biometric template and other data residing on the device are encrypted using hardware elements of the device, the PIN and Password hash. A stored obfuscated password is de-obfuscated and released to the device authentication mechanism in response to a successfully decrypted template and matching biometric sample and PIN. The de-obfuscated password is used to authenticate the user to device, the user to a remote computer, and to encrypt device data at rest on the device and in transit to and from the remote computer. This creates a trusted relationship between the stand-alone device and the remote computer. The system also eliminates the need for the user to remember and enter complex passwords on the device.
-
Citations
16 Claims
-
1. A stand-alone computing device incorporating;
- a processor, memory and software;
a password authentication process;
a method of generating a device ID from characteristics of device hardware components;
a method of obtaining a PIN value by one of a) generating said PIN value from said device ID and b) a method of entering said PIN value on the device;
a method of generating a one-way hashed value of said PIN;
a method of obfuscating and de-obfuscating a password using said hashed value of said PIN and said Device ID;
a method of storing said obfuscated password in said memory;
a biometric sensor capability;
said software capable of transforming biometric sample data to a consistent angle of inclination, biometrically enrolling and verifying the identity of device users by matching the biometric samples captured from said biometric sensor with at least one biometric template stored in encrypted form in the device memory;
a method of generating a template encryption key using at least said obfuscated password and said hashed PIN;
a method of encrypting and decrypting said biometric template using said encryption key;
a method of de-obfuscating said password and submitting it to said authentication process in response to the successful decryption of the said biometric template and the successful matching of said biometric sample to said biometric template. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- a processor, memory and software;
-
9. A stand-alone computing device incorporating;
- a processor, memory and software capable of biometrically enrolling device users, by capturing biometric samples and extracting biometric feature values from signs made on an electronic signing area of said computing device, by one of a stylus and a finger;
verifying the identity of a user by matching a new biometric sample with a previously enrolled biometric template;
said signs to be chosen by the user, entered on said electronic signing area of said stand-alone computing device and to be one of, a secret sign without user feedback and a signature with user feedback;
said biometric samples to contain, at least, said (X,Y) coordinate values, each set of co-ordinate values having one of an associated explicit and inferred time stamp;
said biometric feature means modified by discriminating weights chosen to offer powerful discrimination between authentic and impostor samples;
said biometric template to further include an electronic representation of said user'"'"'s authentic signature;
said authentic electronic signature to be released for comparison with the same electronic signature stored on a second computer remote from the stand alone computing device;
said software also capable of generating a password and password hash from a stored, de-obfuscated password, generated following PIN and biometric match, and said device ID. - View Dependent Claims (10, 11)
- a processor, memory and software capable of biometrically enrolling device users, by capturing biometric samples and extracting biometric feature values from signs made on an electronic signing area of said computing device, by one of a stylus and a finger;
-
12. A stand-alone computing device incorporating;
- a processor, memory and software;
a password authentication process;
a method of generating a device ID from characteristics of device hardware components;
a method of obtaining a PIN value by one of a) generating a PIN value from said device ID and b) a method of entering a PIN value on the device screen;
a method of generating a one-way hashed value of said PIN;
a method of obfuscating and de-obfuscating a password using said hashed value of said PIN and said Device ID;
a biometric sensor capability;
said software, biometrically enrolling and verifying the identity of device users by matching biometric samples captured from said biometric sensor with at least one biometric template stored in encrypted form in the device memory;
a method of generating a template encryption key using at least said obfuscated password and said hashed PIN;
a method of encrypting and decrypting said biometric template using said encryption key;
a method of submitting said de-obfuscated password and submitting it to said authentication process in response to the successful decryption of the said biometric template and the successful matching of said biometric sample to said biometric template. - View Dependent Claims (13, 14, 15, 16)
- a processor, memory and software;
Specification