Biometric-based authentication in a nonvolatile memory device

US 6,775,776 B1
Filed: 06/27/2000
Issued: 08/10/2004
Est. Priority Date: 06/27/2000
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus, comprising:

an integrated circuit including;

a first processor;

a first interface coupled to the first processor to communicate with a second processor external to the integrated circuit;

a first non-volatile memory decoupled from the first interface and coupled to the first processor to store first biometric data identifying at least one authorized user, and having contents that are unreadable external to the integrated circuit;

a second interface coupled to the first processor to input second biometric data from a biometric reader;

a third interface; and

a second non-volatile memory, coupled to the third interface and decoupled from the first processor, first interface, second interface, and first non-volatile memory, having contents that are accessible external to the apparatus through the third interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A biometric-based security circuit in which the user database, processor, and biometric map generation functions are all located on the same integrated circuit whose secure contents are inaccessible from external to the integrated circuit. Biometric data, such as a fingerprint, retina scan, or voiceprint, is taken from a user requesting access to restricted resources. The biometric data is transferred into the integrated circuit, where it is converted to a biometric map and compared with a database of biometric maps stored in a non-volatile memory in the integrated circuit. The stored maps represent pre-authorized users, and a match triggers the security circuit to send a signal to a host processor authorizing the host processor to permit the requesting user access to the restricted resources. The integrated circuit essentially serves as a write-only memory for the secure data, because the secure data and security functions in the integrated circuit are not directly accessible through any pin or port, and therefore cannot be read or monitored through a dedicated security attack. A second non-volatile memory, accessible from external to the integrated circuit, can also be provided in the integrated circuit for holding non-secure data. This second memory has its own interface port, and is isolated from the security-related functions and memory so that secure and non-secure functions are physically isolated from each other and cannot be modified to overcome that isolation.

140 Citations

25 Claims

1. An apparatus, comprising:
- an integrated circuit including;
  
  a first processor;
  
  a first interface coupled to the first processor to communicate with a second processor external to the integrated circuit;
  
  a first non-volatile memory decoupled from the first interface and coupled to the first processor to store first biometric data identifying at least one authorized user, and having contents that are unreadable external to the integrated circuit;
  
  a second interface coupled to the first processor to input second biometric data from a biometric reader;
  
  a third interface; and
  
  a second non-volatile memory, coupled to the third interface and decoupled from the first processor, first interface, second interface, and first non-volatile memory, having contents that are accessible external to the apparatus through the third interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the first non-volatile memory is a flash memory.
  - 3. The apparatus of claim 1, wherein the second non-volatile memory is a flash memory.
  - 4. The apparatus of claim 1, wherein the biometric reader is a fingerprint reader.
  - 5. The apparatus of claim 1, wherein:
6. The apparatus of claim 5, wherein the integrated circuit contains code to cause the first processor to perform a comparison between the second biometric map and the first biometric map.
7. The apparatus of claim 6, wherein:
- the integrated circuit contains includes code to cause the first processor to send a verification signal through the first interface if a match is found in the comparison; and
  
  the integrated circuit contains code to cause the first processor to send a non-verification signal through the first interface if a match is not found in the comparison.
8. The apparatus of claim 1, wherein the integrated circuit contains code to cause the first processor to authenticate a program downloaded into the integrated circuit.

9. A system, comprising:
- a host processor;
  
  a biometric reader;
  
  an integrated circuit coupled to the biometric reader and host processor including;
  
  a first processor;
  
  a first interface coupled to the first processor and the host processor;
  
  a first non-volatile memory decoupled from the first interface and coupled to the first processor to store first biometric data identifying at least one authorized user, and having contents that are unreadable external to the integrated circuit;
  
  a second interface coupled to the first processor and the biometric reader to input second biometric data;
  
  a third interface; and
  
  a second non-volatile memory, coupled to the host processor through the third interface and decoupled from the first processor, first interface, second interface, and first non-volatile memory, having contents that are accessible external to the apparatus through the third interface.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, wherein:
11. The system of claim 10, wherein the integrated circuit contains code to cause the first processor to perform a comparison between the second biometric map and the first biometric map.
12. The system of claim 10, wherein:
- the integrated circuit contains code to cause the first processor to send a verification signal through the first interface if a match is found in the comparison; and
  
  the integrated circuit contains code to cause the first processor to send a non-verification signal through the first interface if a match is not found in the comparison.
13. The system of claim 9, wherein the integrated circuit contains code to cause the first processor to authenticate a program downloaded into the integrated circuit.

14. An integrated circuit, comprising:
- a secure component to manage restricted data so that the restricted data is not accessible external to the integrated circuit; and
  
  a non-secure component to manage unrestricted data so that the unrestricted data is accessible external to the integrated circuit, the non-secure component including;
  
  a first processor, a first interface coupled to the first processor to receive biometric data;
  
  a first non-volatile memory coupled to the first interface and the first processor to store biometric data identifying at least one authorized user, and having contents that are unreadable external to the security circuit;
  
  a second interface; and
  
  a second non-volatile memory, coupled to the second interface and decoupled from the first processor, first interface, and first non-volatile memory, having contents that are accessible external to the integrated circuit through the second interface.
- View Dependent Claims (15, 16)
- - 15. The integrated circuit of claim 14, further comprising a third interface coupled to the first processor to communicate with a second processor external to the integrated circuit.
  - 16. The integrated circuit of claim 14, wherein the first nonvolatile memory and the second non-volatile memory each comprise a flash memory.

17. A system comprising:
- biometric reader; and
  
  a security circuit including;
  
  a first processor;
  
  a first interface coupled to the first processor to input biometric data;
  
  a first non-volatile memory coupled to the first processor to store second biometric data identifying at least one authorized user, and having contents that are unreadable external to the security circuit;
  
  a second interface coupled to the first processor to communicate with the second processor;
  
  a third interface coupled to the first processor; and
  
  a second non-volatile memory coupled, to the third interface and decoupled from the first processor, first interface, second interface and first non-volatile memory, having contents that are accessible external to the security circuit through the second interface and a second processor coupled to the security circuit.

18. A system comprising:
- a first processor; and
  
  a security circuit, coupled to the first processor, including;
  
  a first interface coupled to communicate with the first processor;
  
  a first non-volatile memory decoupled from the first interface to store first biometric data identifying at least one authorized user, and having contents that are unreadable external to the security circuit;
  
  a second processor coupled to the first interface and the first non-volatile memory;
  
  a second interface coupled to the second processor to input second biometric data; and
  
  a second non-volatile memory, coupled to a third interface and decoupled from the second processor, first interface, second interface, and first non-volatile memory, and having contents that are accessible external to the security circuit through the third interface.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The system of claim 18, wherein the first non-volatile memory is a flash memory.
  - 20. The system of claim 18, wherein the second nonvolatile memory is a flash memory.
  - 21. The system of claim 18, further comprising a biometric reader.
  - 22. The system of claim 18, wherein the first biometric data includes a first biometric map;
    - and the security circuit includes code to cause the second processor to convert the second biometric data to a second biometric map.
  - 23. The system of claim 18, wherein the second processor is to perform a comparison between the second biometric map and the first biometric map.
  - 24. The system of claim 23, wherein the security circuit includes code to cause the second processor to transmit a verification signal through the first interface if a match is found in the comparison, and code to cause the second processor to transmit a non-verification signal through the first interface if a match is not found in the comparison.
  - 25. The system of claim 18, wherein the security circuit includes code to cause the second processor to authenticate a program downloaded into the security circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Brizek, John P., Hasbun, Robert N., Vogt, James R.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Brown, Christopher J.

Application Number

US09/604,682
Time in Patent Office

1,505 Days
Field of Search

713/186
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/86   Secure or tamper-resistant ...

G06V 10/94   Hardware or software archit...

G07C 9/37   using biometric data, e.g. ...

Biometric-based authentication in a nonvolatile memory device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

140 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Biometric-based authentication in a nonvolatile memory device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links