Portable or embedded access and input devices and methods for giving access to access limited devices, apparatuses, appliances, systems or networks
First Claim
1. A portable biometrics access device, comprising:
- a device interface, being electronic or mechanical or both, for coupling the device to an access-limited apparatus, device, network or system, andan integrated circuit (IC) providing increased security by bridging the functionality of fingerprint input from a user and, upon positive authentication of the user'"'"'s fingerprint to provide secure communication with said access-limited apparatus, device, network or system, said IC comprising;
a central processor communicating with the other on-chip components via a high speed bus,a secure internal non-volatile memory connected to the high-speed bus, wherein the non-volatile memory either stores program code, administrative software, tailored security output responses and fingerprint representations in the form of compact fingerprint minutiae securely within the IC or is capable of storing encryption seeds for sensitive data stored on an external non-volatile memory,a first memory interface block connected to the high speed bus for interfacing with volatile memory and for providing working memory available to other modules on the IC,a second memory interface block connected to the high speed bus for interfacing with non-volatile memory, for alternative storing of program code, administrative software, tailored security output responses and fingerprint representations in the form of compact fingerprint minutiae, being encrypted internally in the IC by encryption seeds from an encryption block,a first interface block coupled to a fingerprint sensor,an image capture and pre-processing block connected to the first interface block, said image capture and pre-processing block being adapted to perform the initial processing of raw fingerprint images captured from the sensor into a dataset of reduced size, denoted intermediate fingerprint data, the intermediate fingerprint data being submitted as output to the central processor via the high speed bus for final processing to compact fingerprint minutiae on the central processor,one or more encryption modules connected to the high-speed bus for providing encryption information, or alternatively scrambling information, the central processor being adapted to apply the encryption information to the fingerprint data for producing secured data as an output to the high speed bus, andone or more second interface blocks for supplying the secured data to the external access-limited apparatus, device or system via the device interface.
2 Assignments
0 Petitions
Accused Products
Abstract
A portable or embedded access device is provided for being coupled to, and for allowing only authorized users access to, an access-limited apparatus, device, network or system, e.g. a computer terminal, an internet bank or a corporate or government intranet. The access device comprises an integrated circuit (IC) providing increased security by bridging the functionality of biometrics input from a user and, upon positive authentication of the user'"'"'s fingerprint locally to provide secure communication with the said access-limited apparatus, device, network or system, whether local or remote. A corresponding method of using the portable device or the embedded device is disclosed for providing a bridge from biometrics input to a computer locally, into secure communication protocol responses to a non-biometrics network. A method of providing secured access control and user input in stand-alone appliances having an embedded access control or user input device according to the invention is also disclosed.
-
Citations
25 Claims
-
1. A portable biometrics access device, comprising:
-
a device interface, being electronic or mechanical or both, for coupling the device to an access-limited apparatus, device, network or system, and an integrated circuit (IC) providing increased security by bridging the functionality of fingerprint input from a user and, upon positive authentication of the user'"'"'s fingerprint to provide secure communication with said access-limited apparatus, device, network or system, said IC comprising; a central processor communicating with the other on-chip components via a high speed bus, a secure internal non-volatile memory connected to the high-speed bus, wherein the non-volatile memory either stores program code, administrative software, tailored security output responses and fingerprint representations in the form of compact fingerprint minutiae securely within the IC or is capable of storing encryption seeds for sensitive data stored on an external non-volatile memory, a first memory interface block connected to the high speed bus for interfacing with volatile memory and for providing working memory available to other modules on the IC, a second memory interface block connected to the high speed bus for interfacing with non-volatile memory, for alternative storing of program code, administrative software, tailored security output responses and fingerprint representations in the form of compact fingerprint minutiae, being encrypted internally in the IC by encryption seeds from an encryption block, a first interface block coupled to a fingerprint sensor, an image capture and pre-processing block connected to the first interface block, said image capture and pre-processing block being adapted to perform the initial processing of raw fingerprint images captured from the sensor into a dataset of reduced size, denoted intermediate fingerprint data, the intermediate fingerprint data being submitted as output to the central processor via the high speed bus for final processing to compact fingerprint minutiae on the central processor, one or more encryption modules connected to the high-speed bus for providing encryption information, or alternatively scrambling information, the central processor being adapted to apply the encryption information to the fingerprint data for producing secured data as an output to the high speed bus, and one or more second interface blocks for supplying the secured data to the external access-limited apparatus, device or system via the device interface. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An embedded biometrics access device, comprising:
-
a device interface, being electronic or mechanical or both, for integration by embedment in a peripheral of, or within, a computer, and an integrated circuit (IC) providing increased security by bridging the functionality of fingerprint input from a user and fingerprint authentication to provide secure communication with the computer and at least one network connected thereto, said IC comprising; a central processor communicating with the other on-chip components via a high speed bus, a secure internal non-volatile memory connected to the high-speed bus, wherein the non-volatile memory either stores all program code, administrative software, tailored security output responses and fingerprint representations in the form of compact fingerprint minutiae securely within the IC or is capable of storing encryption seeds for sensitive data stored on an external non-volatile memory, a first memory interface block connected to the high speed bus for interfacing with volatile memory and for providing working memory available to other modules on the integrated circuit, a second memory interface block connected to the high speed bus for interfacing with non-volatile memory, and for alternative storing of program code, administrative software, tailored security output responses, and fingerprint representations in the form of compact fingerprint minutiae, being encrypted internally in the IC by encryption seeds from an encryption block, a first interface block coupled to a fingerprint sensor, an image capture and pre-processing block connected to the first interface block, said image capture and pre-processing block being adapted to perform the initial processing of raw fingerprint images captured from the sensor into a dataset of reduced size, denoted intermediate fingerprint data, the intermediate fingerprint data being submitted as output to the central processor via the high speed bus for final processing to compact fingerprint minutiae on the central processor, one or more encryption modules connected to the high-speed bus for providing encryption information, or alternatively scrambling information, the central processor being adapted to apply the encryption information to the fingerprint data for producing secured data as an output to the high speed bus, and one or more second interface blocks for supplying the secured data to an external access-limited apparatus, device or system via the device interface. - View Dependent Claims (8, 9)
-
-
10. A method for providing a bridge from biometrics input to a computer into secure communication protocol responses to a non-biometrics network, comprising a single integrated circuit (IC) executing the following steps:
-
capturing an image from a fingerprint sensor via a first interface block, pre-processing the captured fingerprint image in an image capture and pre-processing block, using hardware-embedded algorithms optimized for high-speed processing of raw fingerprint image data, into a dataset of reduced size, transferring the pre-processed dataset to a central processor for extracting compact fingerprint minutiae via a high-speed bus, retrieving, by the central processor, compact fingerprint minutiae from a non-volatile storage module holding pre-stored master compact fingerprint minutiae of authorized persons, comparing, in the central processor, the compact fingerprint minutiae of the captured fingerprint with the pre-stored master compact fingerprint minutiae, producing, in dependence of the result from the said comparison, a secure output in a pre-defined format to an external unit, network or system through one of a plurality of communication interfaces. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. The method according to clam 16, wherein:
-
said secure communication parameters can only be retrieved from the embedded SmartCard block or from the external SmartCard chip upon a positive match of the captured compact fingerprint minutiae relative to compact fingerprint minutiae of an authorized person, and an output signal from the IC including secure communication responses is initiated in dependence upon the result of a comparison of the captured compact fingerprint minutiae relative with compact fingerprint minutiae of an authorized person.
-
-
18. An embedded biometric access control device, comprising:
-
a biometric access device adapted to be embedded within a stand-alone appliance that uses an integrated circuit (IC) for bridging the functionality of fingerprint input from a user to secure communication with other parts of the said stand-alone appliance, said IC comprising; a central processor communicating with the other on-chip components via a high speed bus, a secure internal non-volatile memory connected to the high-speed bus, wherein the non-volatile memory either stores all program code, administrative software, tailored security output responses and fingerprint representations in the form of compact fingerprint minutiae securely within the IC or is capable of storing encryption seeds for sensitive data stored on an external non-volatile memory, a first memory interface block connected to the high speed bus for interfacing with volatile memory and for providing working memory available to other modules on the integrated circuit, a second memory interface block connected to the high speed bus for interfacing with non-volatile memory, for alternative storing of program code, administrative software, tailored security output responses, and fingerprint representations in the form of compact fingerprint minutiae, being encrypted internally in the IC by encryption seeds from an encryption block, a first interface block coupled to a fingerprint sensor, an image capture and pre-processing block connected to said first interface block, said image capture and pre-processing block being adapted to perform the initial processing of raw fingerprint images captured from the sensor into a dataset of reduced size, denoted intermediate fingerprint data, the intermediate fingerprint data being submitted as output to the central processor via the high speed bus for final processing to compact fingerprint minutiae on the central processor, one or more encryption modules connected to the high-speed bus for providing encryption information, or alternatively scrambling information or for performing encryption or scrambling, the central processor being adapted to apply the encryption or scrambling information to the fingerprint data for producing secured data as an output to the high speed bus, and one or more second interface blocks for supplying the secured data to other modules of the stand-alone appliance. - View Dependent Claims (19, 20, 21, 23)
-
-
22. A method of secured access control and user input in stand-alone appliances having an embedded biometric access control device, the method comprising performing the following steps in an integrated circuit:
-
capturing an image from a fingerprint sensor via a first interface block, pre-processing the captured image in an image capture and pre-processing block using hardware-embedded algorithms optimized for high-speed processing of raw fingerprint image data, into a dataset of reduced size, transferring the pre-processed dataset to a central processor for extracting compact fingerprint minutiae via a high-speed bus, retrieving, by the central processor, compact fingerprint minutiae from a non-volatile storage module holding pre-stored master compact fingerprint minutiae of authorized persons, comparing, in the central processor, the captured compact fingerprint minutiae with features of the pre-stored master compact fingerprint minutiae, and producing, in dependence of the result from said comparison, a pre-defined secure output to other parts of the stand-alone appliance.
-
-
24. A biometrics security integrated circuit (IC) for biometrically authenticating individuals in a secure application comprising:
-
at least one memory interface block for interfacing with one or more external memories; a first interface block coupled to a biometrics sensor; an image capture and pre-processing block connected to the first interface block, said image capture and pre-processing block adapted to reduce raw biometric image data into a dataset of reduced size; at least one non-volatile memory block; a secure internal non-volatile memory capable of storing either program code, administrative software, tailored security output responses and fingerprint representations in the form of compact fingerprint minutiae or encryption seeds for sensitive data stored on an external non-volatile memory; at least one encryption module, said at least one encryption module operable to encrypt and decrypt biometric data, secure applications messages, and other secret information; and one or more second interface blocks; a central processor to process the reduced-size dataset, received over the high speed bus, into compact biometric characteristics, wherein the IC, under the control of the central processor executing instructions stored in the at least one non-volatile memory block and/or accessed through the at least one memory interface block, is operable to; capture, process, and store compact biometric characteristics of at least one authorized individual; capture and process compact biometric characteristics of an individual to be authenticated; compare the compact biometric characteristics of an individual to be authenticated with stored compact biometric characteristics of the at least one authorized individual; and based on the result of said comparison, generate a secure authorized or not authorized message to the secure application and transmit said message through the one or more second interface blocks; further wherein said compact biometric characteristics of the at least one authorized individual and other secret information are stored in the at least one non-volatile memory block and/or in encrypted form in an external memory where the encryption key for said encrypted form is stored only in the at least one non-volatile memory. - View Dependent Claims (25)
-
Specification