In-circuit security system and methods for controlling access to and use of sensitive data
First Claim
1. An in-circuit security system for electronic devices, comprising:
- a processor;
a memory, coupled to the processor;
a real-time clock, coupled to the processor;
a cryptographic subsystem, coupled to the processor and the real-time clock;
a random number generator, coupled to the cryptographic subsystem;
an identity credential verification subsystem, coupled to the processor, the processor is configured to halt operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number within a predetermined period of time;
a power source, coupled to the real-time clock;
at least three input/output interfaces;
wherein, said processor provides means for load and execution of instructions and associated data;
wherein, said memory provides means for storage of instructions and data, including security settings and profiles;
wherein, said real-time clock provides means for generating an accurate time;
wherein, the power source is configured to provide power to the real-time clock;
wherein, said cryptographic subsystem provides means for performing encryption, decryption, digital signing, and digital signature verification;
wherein, said random number generator provides means for randomly producing a number with statistical randomness sufficient to meet a pre-determined level;
wherein, said identity credential verification subsystem provides means for identity credential acquisition, analysis, storage and matching,the in-circuit security system excluding the identity credential verification subsystem is disabled until a user is matched based on an acquired identity credential from the user and verified based on the security settings and the profiles for that user;
wherein, a first input/output interface is used for connection between the identity credential verification subsystem and an external identity credential sensor;
wherein, a second input/output interface is used for transmission and receipt of data to and from a remote connection device; and
wherein, a third input/output line is used for connection to at least one peripheral device.
6 Assignments
0 Petitions
Accused Products
Abstract
The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secured using industry-established mechanisms for preventing information tampering or eavesdropping, such as the addition of oxygen reactive layers. This invention also incorporates means for establishing security settings, profiles, and responses for the in-circuit security system and enrolled individuals. The in-circuit security system can be used in a variety of electronic devices, including handheld computers, secure facility keys, vehicle operation/ignition systems, and digital rights management.
186 Citations
27 Claims
-
1. An in-circuit security system for electronic devices, comprising:
-
a processor; a memory, coupled to the processor; a real-time clock, coupled to the processor; a cryptographic subsystem, coupled to the processor and the real-time clock; a random number generator, coupled to the cryptographic subsystem; an identity credential verification subsystem, coupled to the processor, the processor is configured to halt operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number within a predetermined period of time; a power source, coupled to the real-time clock; at least three input/output interfaces; wherein, said processor provides means for load and execution of instructions and associated data; wherein, said memory provides means for storage of instructions and data, including security settings and profiles; wherein, said real-time clock provides means for generating an accurate time; wherein, the power source is configured to provide power to the real-time clock; wherein, said cryptographic subsystem provides means for performing encryption, decryption, digital signing, and digital signature verification; wherein, said random number generator provides means for randomly producing a number with statistical randomness sufficient to meet a pre-determined level; wherein, said identity credential verification subsystem provides means for identity credential acquisition, analysis, storage and matching, the in-circuit security system excluding the identity credential verification subsystem is disabled until a user is matched based on an acquired identity credential from the user and verified based on the security settings and the profiles for that user; wherein, a first input/output interface is used for connection between the identity credential verification subsystem and an external identity credential sensor; wherein, a second input/output interface is used for transmission and receipt of data to and from a remote connection device; and wherein, a third input/output line is used for connection to at least one peripheral device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 23)
-
-
12. An apparatus, comprising:
-
a single integrated circuit having a processor; a real-time clock coupled to the processor; a memory coupled to the processor and configured to store an identity credential and a security data associated with the identity credential; an identity credential verification subsystem coupled to the processor and configured to identify a user based on an identity credential; and a cryptographic subsystem coupled to the processor and configured to encrypt the security data associated with the identity credential to produce encrypted security data when the identity credential verification subsystem verifies the user, the processor being configured to halt operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number within a predetermined period of time, the single integrated circuit having a first portion associated with a functionality of the identity credential verification subsystem, the single integrated circuit having a second portion not associated with the functionality of the identity credential verification subsystem, the second portion of the single integrated circuit being disabled until the user is identified based on the identity credential and verified based on the security data associated with the identity credential. - View Dependent Claims (13, 14, 15, 16, 17, 24, 25)
-
-
18. An apparatus, comprising:
-
a single integrated circuit having an identity credential verification subsystem configured to identify a user based on an identity credential and user data; a processor; a real-time clock coupled to the processor, the processor is configured to halt operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number within a predetermined period of time; a cryptographic subsystem configured to encrypt a security data associated with the identity credential to produce encrypted security data when the identity credential verification subsystem verifies the user; an input/output interface configured to send the encrypted security data from the single integrated circuit; and a memory configured to erase the identity credential and the security data associated with the identity credential when the single integrated circuit is tampered with, functionality of the single integrated circuit not used during operation of the identity credential verification subsystem being disabled until the user is identified by the identity credential verification subsystem based on the identity credential. - View Dependent Claims (19, 20, 21, 22, 26, 27)
-
Specification