In-circuit security system and methods for controlling access to and use of sensitive data

US 7,587,611 B2
Filed: 06/01/2004
Issued: 09/08/2009
Est. Priority Date: 05/30/2003
Status: Expired due to Fees

First Claim

Patent Images

1. An in-circuit security system for electronic devices, comprising:

a processor;

a memory, coupled to the processor;

a real-time clock, coupled to the processor;

a cryptographic subsystem, coupled to the processor and the real-time clock;

a random number generator, coupled to the cryptographic subsystem;

an identity credential verification subsystem, coupled to the processor, the processor is configured to halt operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number within a predetermined period of time;

a power source, coupled to the real-time clock;

at least three input/output interfaces;

wherein, said processor provides means for load and execution of instructions and associated data;

wherein, said memory provides means for storage of instructions and data, including security settings and profiles;

wherein, said real-time clock provides means for generating an accurate time;

wherein, the power source is configured to provide power to the real-time clock;

wherein, said cryptographic subsystem provides means for performing encryption, decryption, digital signing, and digital signature verification;

wherein, said random number generator provides means for randomly producing a number with statistical randomness sufficient to meet a pre-determined level;

wherein, said identity credential verification subsystem provides means for identity credential acquisition, analysis, storage and matching,the in-circuit security system excluding the identity credential verification subsystem is disabled until a user is matched based on an acquired identity credential from the user and verified based on the security settings and the profiles for that user;

wherein, a first input/output interface is used for connection between the identity credential verification subsystem and an external identity credential sensor;

wherein, a second input/output interface is used for transmission and receipt of data to and from a remote connection device; and

wherein, a third input/output line is used for connection to at least one peripheral device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secured using industry-established mechanisms for preventing information tampering or eavesdropping, such as the addition of oxygen reactive layers. This invention also incorporates means for establishing security settings, profiles, and responses for the in-circuit security system and enrolled individuals. The in-circuit security system can be used in a variety of electronic devices, including handheld computers, secure facility keys, vehicle operation/ignition systems, and digital rights management.

186 Citations

27 Claims

1. An in-circuit security system for electronic devices, comprising:
- a processor;
  
  a memory, coupled to the processor;
  
  a real-time clock, coupled to the processor;
  
  a cryptographic subsystem, coupled to the processor and the real-time clock;
  
  a random number generator, coupled to the cryptographic subsystem;
  
  an identity credential verification subsystem, coupled to the processor, the processor is configured to halt operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number within a predetermined period of time;
  
  a power source, coupled to the real-time clock;
  
  at least three input/output interfaces;
  
  wherein, said processor provides means for load and execution of instructions and associated data;
  
  wherein, said memory provides means for storage of instructions and data, including security settings and profiles;
  
  wherein, said real-time clock provides means for generating an accurate time;
  
  wherein, the power source is configured to provide power to the real-time clock;
  
  wherein, said cryptographic subsystem provides means for performing encryption, decryption, digital signing, and digital signature verification;
  
  wherein, said random number generator provides means for randomly producing a number with statistical randomness sufficient to meet a pre-determined level;
  
  wherein, said identity credential verification subsystem provides means for identity credential acquisition, analysis, storage and matching,the in-circuit security system excluding the identity credential verification subsystem is disabled until a user is matched based on an acquired identity credential from the user and verified based on the security settings and the profiles for that user;
  
  wherein, a first input/output interface is used for connection between the identity credential verification subsystem and an external identity credential sensor;
  
  wherein, a second input/output interface is used for transmission and receipt of data to and from a remote connection device; and
  
  wherein, a third input/output line is used for connection to at least one peripheral device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 23)
- - 2. The in-circuit security system of claim 1, wherein the input/output interface for transmission and receipt of data to and from a remote connection device connects the processor to a transceiver.
  - 3. The in-circuit security system of claim 2, wherein said transceiver is a wireless communications transceiver.
  - 4. The in-circuit security system of claim 2, further comprising a connection from said transceiver to an antenna.
  - 5. The in-circuit security system of claim 2, wherein the transceiver is used for RFID communication.
  - 6. The in-circuit security system of claim 2, wherein the transceiver is used for Bluetooth communication.
  - 7. The in-circuit security system of claim 2, wherein the transceiver is used for infrared communication.
  - 8. The in-circuit security system of claim 1, wherein the input/output interface for transmission and receipt of data to and from a remote connection device connects the processor to a transceiver used for wired communication.
  - 9. The in-circuit security system of claim 8, wherein the transceiver is used for serial communication.
  - 10. The in-circuit security system of claim 8, wherein the transceiver is used for USB communication.
  - 11. The in-circuit security system of claim 1, wherein the identity credential verification subsystem uses biometric authentication.
  - 23. The apparatus of claim 1, wherein the processor is configured to monitor clock frequency and reset clock frequency.

12. An apparatus, comprising:
- a single integrated circuit havinga processor;
  
  a real-time clock coupled to the processor;
  
  a memory coupled to the processor and configured to store an identity credential and a security data associated with the identity credential;
  
  an identity credential verification subsystem coupled to the processor and configured to identify a user based on an identity credential; and
  
  a cryptographic subsystem coupled to the processor and configured to encrypt the security data associated with the identity credential to produce encrypted security data when the identity credential verification subsystem verifies the user,the processor being configured to halt operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number within a predetermined period of time,the single integrated circuit having a first portion associated with a functionality of the identity credential verification subsystem, the single integrated circuit having a second portion not associated with the functionality of the identity credential verification subsystem, the second portion of the single integrated circuit being disabled until the user is identified based on the identity credential and verified based on the security data associated with the identity credential.
- View Dependent Claims (13, 14, 15, 16, 17, 24, 25)
- - 13. The apparatus of claim 12, wherein the single integrated circuit further has a random number generator coupled to the cryptographic subsystem and configured to seed a cryptographic algorithm associated with the cryptographic subsystem.
  - 14. The apparatus of claim 12, wherein the cryptographic subsystem is configured to produce a digital signature based on the security data associated with the identity credential.
  - 15. The apparatus of claim 12, further comprising:
    - a biometric sensor operably coupled to the single integrated circuit, the biometric sensor configured to send biometric data associated with the user to the single integrated circuit,the identity credential verification subsystem configured to identify the user based on the identity credential and the biometric data.
  - 16. The apparatus of claim 12, further comprising:
    - a transmitter operably coupled to the single integrated circuit, the transmitter configured to receive the encrypted security data, the transmitter configured to send an authorization signal based on the encrypted security data to a remote device.
  - 17. The apparatus of claim 12, wherein the memory is configured to erase the identity credential and the security data associated with the identity credential when the single integrated circuit is tampered with.
  - 24. The apparatus of claim 12, wherein the single integrated circuit includes a power source coupled to the real-time clock, the power source being configured to provide power to the real-time clock.
  - 25. The apparatus of claim 12, wherein the processor is configured to monitor clock frequency and reset clock frequency.

18. An apparatus, comprising:
- a single integrated circuit havingan identity credential verification subsystem configured to identify a user based on an identity credential and user data;
  
  a processor;
  
  a real-time clock coupled to the processor, the processor is configured to halt operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number within a predetermined period of time;
  
  a cryptographic subsystem configured to encrypt a security data associated with the identity credential to produce encrypted security data when the identity credential verification subsystem verifies the user;
  
  an input/output interface configured to send the encrypted security data from the single integrated circuit; and
  
  a memory configured to erase the identity credential and the security data associated with the identity credential when the single integrated circuit is tampered with,functionality of the single integrated circuit not used during operation of the identity credential verification subsystem being disabled until the user is identified by the identity credential verification subsystem based on the identity credential.
- View Dependent Claims (19, 20, 21, 22, 26, 27)
- - 19. The apparatus of claim 18, wherein the single integrated circuit further has a random number generator coupled to the cryptographic subsystem and configured to seed a cryptographic algorithm associated with the cryptographic subsystem.
  - 20. The apparatus of claim 18, wherein the cryptographic subsystem is configured to produce a digital signature based on the security data associated with the identity credential.
  - 21. The apparatus of claim 18, wherein the user data is biometric data received from a biometric sensor operatively coupled to the single integrated circuit.
  - 22. The apparatus of claim 18, further comprising:
    - a transmitter operably coupled to the single integrated circuit, the transmitter configured to receive the encrypted security data, the transmitter configured to send an authorization signal based on the encrypted security data to a remote device.
  - 26. The apparatus of claim 18, wherein the single integrated circuit includes a power source,the real-time clock being configured to produce time,the power source being coupled to the real-time clock, the power source being configured to provide power to the real-time clock such that the time is constantly maintained by the real-time clock.
  - 27. The apparatus of claim 18, wherein the single integrated circuit is configured to monitor clock frequency and reset clock frequency.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Privaris, Inc.
Inventors
Johnson, Barry W., Olvera, Kristen R., Russell, David C., Tillack, Jonathan A.
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Pearson; David J

Application Number

US10/858,287
Publication Number

US 20050081040A1
Time in Patent Office

1,925 Days
Field of Search

None
US Class Current

713/186
CPC Class Codes

G06F 16/51   Indexing; Data structures t...

G06F 18/22   Matching criteria, e.g. pro...

G06F 21/1076   Revocation

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/6209   to a single file or object,...

G06F 21/72   in cryptographic circuits

G06F 21/85   interconnection devices, e....

G06V 40/13   Sensors therefor

G06V 40/1365   Matching; Classification

H04L 63/06   for supporting key manageme...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 9/3231   Biological data, e.g. finge...

H04N 21/25875   involving end-user authenti...

H04N 21/4415   using biometric characteris...

In-circuit security system and methods for controlling access to and use of sensitive data

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

186 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

In-circuit security system and methods for controlling access to and use of sensitive data

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links