Secure data verification via biometric input

US 8,190,908 B2
Filed: 12/20/2006
Issued: 05/29/2012
Est. Priority Date: 12/20/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus that secures a transaction via biometric verification, comprising:

a display configured to receive first input that selects a payment application in connection with a transaction;

a biometric sensor configured to receive biometric data; and

a security processor configured to compare the biometric data against a biometric template stored in non-volatile memory and to determine whether the biometric data matches the biometric template within a defined degree of similarity;

wherein the security processor is further configured to send information to the transaction terminal authorizing completion of the transaction in response to a determination that the biometric data matches the biometric template within the defined degree of similarity and if the apparatus is placed within a defined distance from the transaction terminal; and

wherein the security processor is further configured to cancel the transaction if the apparatus is not placed within the defined distance within a defined time limit after the determination that the biometric data matches the biometric template within the defined degree of similarity.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An architecture is presented that controls access to secure data via biometric verification. The system comprises a memory module that communicates with biometric data to establish a heightened level of security for controlling access to data stored in the non-volatile memory. The memory module includes a security processor, non-volatile memory, and volatile memory. The security processor provides for concurrent processing of security protocols, provides a secure execution environment within the memory module to evaluate and store biometric data, communicates with the biometric data sensors to fetch the biometric data, and analyzes the biometric data to control access to data stored in the non-volatile memory. Specifically, biometric data is input and communicated to the security processor, then compared against the existing biometric templates stored in the non-volatile memory. If the data matches, verification is sent to the external processor and the user is granted access to the secure assets.

Citations

23 Claims

1. An apparatus that secures a transaction via biometric verification, comprising:
- a display configured to receive first input that selects a payment application in connection with a transaction;
  
  a biometric sensor configured to receive biometric data; and
  
  a security processor configured to compare the biometric data against a biometric template stored in non-volatile memory and to determine whether the biometric data matches the biometric template within a defined degree of similarity;
  
  wherein the security processor is further configured to send information to the transaction terminal authorizing completion of the transaction in response to a determination that the biometric data matches the biometric template within the defined degree of similarity and if the apparatus is placed within a defined distance from the transaction terminal; and
  
  wherein the security processor is further configured to cancel the transaction if the apparatus is not placed within the defined distance within a defined time limit after the determination that the biometric data matches the biometric template within the defined degree of similarity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14, 15)
- - 2. The apparatus of claim 1, wherein the biometric data comprises at least one of iris data, face data, fingerprint data, or deoxyribonucleic acid (DNA) data.
  - 3. The apparatus of claim 1, further comprising volatile memory configured to communicate with an external processor, and non-volatile memory configured to store secure data in at least one of a plurality of secure memory partitions having individually controllable access rights.
  - 4. The apparatus of claim 3, wherein the security processor, the external processor, and the non-volatile memory are incorporated to form a mobile device.
  - 5. The apparatus of claim 4, wherein the mobile device comprises one of a multimedia player, a Personal Digital Assistant (PDA), a cell phone, or a hand held computing device.
  - 6. The apparatus of claim 3, wherein the security processor is configured to allow access to the secure data in the at least one of the plurality of secure memory partitions of the non-volatile memory in response to a determination that the biometric data matches the biometric template within the defined degree of similarity.
  - 7. The apparatus of claim 6, wherein the security processor is configured to issue a notice of verification to the external processor in response to the determination that the biometric data matches the biometric template within the defined degree of similarity.
  - 8. The apparatus of claim 3, wherein the non-volatile memory is configured to store security software on a first of the plurality of secure memory partitions, the secure data on a second of the plurality of secure memory partitions, and the biometric data on a third of the plurality of secure memory partitions, wherein the security software includes at least a biometric validation algorithm for use by the security processor.
  - 13. The system of claim 3, wherein the security processor is configured to deny access to a subset of the plurality of secure memory partitions based on a comparison of the biometric data against the biometric template.
  - 14. The apparatus of claim 1, wherein the display is further configured to receive second input that selects an account to be used for the transaction.
  - 15. The apparatus of claim 1, wherein the security processor includes a voltage detector configured to indicate whether voltage levels of the security processor are outside an acceptable range, and an internal oscillator that provides a clock to the security processor, wherein the clock provides a clock signal employed by a separate near field communication (NFC) radio frequency (RF) chip or a biometric sensor utilized to obtain the biometric data.

9. The system of apparatus 8, wherein the security software is configured to identify points of data of the biometric data as match points, and to store the match points as a template for use by the security processor to authenticate subsequent biometric data.
- View Dependent Claims (10, 11, 12)
- - 10. The apparatus of claim 9, wherein the security processor is configured to collect the biometric data through a direct connection with a biometric sensor.
  - 11. The apparatus of claim 10, wherein the security processor and biometric sensor are configured to communicate through an encrypted channel.
  - 12. The apparatus of claim 11, wherein the encrypted channel is enabled through use of a common secret key.

16. A method of controlling access to secure data via biometric verification, comprising:
- selecting a payment application for conducting a payment transaction via a mobile device;
  
  inputting biometric data into the mobile device;
  
  converting the biometric data into specified match points;
  
  processing the match points into a numeric value;
  
  comparing the numeric value against a biometric template stored in a non-volatile memory of the mobile device; and
  
  if the comparing determines that the numerical value matches the biometric template within a defined tolerance;
  
  initiating a timer having a defined timeout value;
  
  in response to determining that the mobile device is located within a defined range of a transaction terminal before the timer has reached the defined timeout value;
  
  sending an indication from the mobile device to the transaction terminal validating the payment transaction, andin response to determining that the mobile device has not been located within the defined range before the timer has reached the defined timeout value;
  
  cancelling the payment transaction.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising:
    - identifying points of data within the biometric data as match points;
      
      storing the match points as a template; and
      
      employing the match points to subsequently received biometric data.
  - 18. The method of claim 17, further comprising:
    - storing security software on a first partition of a non-volatile memory of the mobile device, the security software comprising at least a biometric validation algorithm for performing the comparing;
      
      storing secure data on a second partition of the non-volatile memory; and
      
      storing the biometric data on a third partition of the non-volatile memory.
  - 19. The method of claim 18, further comprising preventing access to the secure data in response to determining that a voltage level associated with a security processor controlling access to the non-volatile memory falls outside an acceptable range.
  - 20. The method of claim 18, further comprising allowing access to the secure data if the comparing determines that the numerical value matches the biometric template within the defined tolerance.

21. A method of controlling access to account information via biometric data, comprising:
- selecting a payment application on a mobile device in connection with a purchase transaction;
  
  selecting an account to use for the purchase transaction, wherein information regarding the account is stored in a first secure partition of a non-volatile memory of the mobile device that is divided into multiple secure partitions;
  
  receiving biometric data at the mobile device;
  
  confirming that the biometric data matches a biometric template stored in a second secure partition of the non-volatile memory;
  
  initiating a timer in response to the confirming;
  
  determining that the mobile device has been placed within range of a transaction terminal before the timer reaches a defined timeout value;
  
  transmitting a validation output to a transaction terminal authorizing the purchase transaction in response to the determining; and
  
  cancelling the purchase transaction in response to determining that the mobile device has not been placed within range of the transaction terminal before the timer reaches the defined timeout value.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, wherein the account comprises at least one of a credit account, a debit account, or a pre-paid cash account.
  - 23. The method of claim 21, wherein the receiving the biometric data includes receiving the biometric data from at least one of an iris scanner, a fingerprint reader, a face scanner, or a deoxyribonucleic acid (DNA) scanner.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cypress Semiconductor Corporation (Infineon Technologies AG)
Original Assignee
Spansion LLC (Infineon Technologies AG)
Inventors
Jazayeri, Mehdi, Werner, Jeremy Isaac Nathaniel, Madhav, Kiran
Primary Examiner(s)
McNally, Michael S

Application Number

US11/613,627
Publication Number

US 20080155268A1
Time in Patent Office

1,987 Days
Field of Search

713/186
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/79   in semiconductor storage me...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3231   Biological data, e.g. finge...

Secure data verification via biometric input

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data verification via biometric input

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links