Methods and systems for secure encryption of data

US 8,489,901 B2
Filed: 05/05/2008
Issued: 07/16/2013
Est. Priority Date: 05/05/2008
Status: Active Grant

First Claim

Patent Images

1. A sensor data acquisition module for use in a system for identifying a person, comprising:

a sensor for obtaining information representing an identification characteristic of a person, and wherein said identification characteristic includes a fingerprint;

a first memory;

a key module comprising a one-time programmable (OTP) memory, being a second memory, for storing information representing a key, and wherein said key has a value that is cryptographically random; and

an encryption module configured for employing said key for encrypting said information representing said identification characteristic of a person prior to storing said information into said first memory; and

wherein said storing of said key is preserved by circuitry including a first plurality of fuses, and wherein at least a subset of said first plurality of fuses, being a second plurality of fuses, are at least partially blown during manufacture of said key module; and

wherein each of said second plurality of fuses retains an amount of charge to maintain integrity of said information storing said key prior to a package containing the second memory being breached after manufacture, and wherein upon said package being breached after manufacture, said information storing said key is at least partially destroyed.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a data acquisition module. The data acquisition module includes a memory and a controller. The controller includes an encryption module configured to encrypt information written to the memory using a key included in the controller. The key is unique to the controller.

Also provided is a method for processing identification information. The method includes encrypting information with a key included in a controller and storing the encrypted information. The key is unique to the controller.

Citations

20 Claims

1. A sensor data acquisition module for use in a system for identifying a person, comprising:
- a sensor for obtaining information representing an identification characteristic of a person, and wherein said identification characteristic includes a fingerprint;
  
  a first memory;
  
  a key module comprising a one-time programmable (OTP) memory, being a second memory, for storing information representing a key, and wherein said key has a value that is cryptographically random; and
  
  an encryption module configured for employing said key for encrypting said information representing said identification characteristic of a person prior to storing said information into said first memory; and
  
  wherein said storing of said key is preserved by circuitry including a first plurality of fuses, and wherein at least a subset of said first plurality of fuses, being a second plurality of fuses, are at least partially blown during manufacture of said key module; and
  
  wherein each of said second plurality of fuses retains an amount of charge to maintain integrity of said information storing said key prior to a package containing the second memory being breached after manufacture, and wherein upon said package being breached after manufacture, said information storing said key is at least partially destroyed.
- View Dependent Claims (2, 4, 5, 6, 7)
- - 2. The sensor data acquisition module of claim 1 wherein the second memory is shielded from electromagnetic scanning.
  - 4. The sensor data acquisition module of claim 1, wherein the encryption module is configured to generate a session key from a host key stored in the second memory in accordance with a Diffie-Helman of a Secure hash algorithm.
  - 5. The sensor data acquisition module of claim 1 wherein information representing an identification characteristic of a known person is stored into said first memory.
  - 6. The sensor data acquisition module of claim 5 including a comparison module to compare information representing an identification characteristic of an unknown person with that of said known person.
  - 7. The sensor data acquisition module of claim 1 including an authorization module configured to determine privileges to be granted to a person based upon a determined identity of said person.

3. The sensor data acquisition module of claim I wherein said key is not recorded during manufacture of the data acquisition unit.

8. An identification and authorizing system, comprising:
- a sensor for obtaining information representing an identification characteristic of a person, and wherein said identification characteristic includes a fingerprint;
  
  a first memory;
  
  a key module comprising a one-time programmable (OTP) memory, being a second memory, for storing information representing a key, and wherein said key has a value that is cryptographically random; and
  
  an encryption module configured for employing said key for encrypting said information representing said identification characteristic of a person prior to storing said information into said first memory; and
  
  wherein said storing of said key is preserved by circuitry including a first plurality of fuses, and wherein at least a subset of said first plurality of fuses, being a second plurality of fuses, are at least partially blown during manufacture of said key module; and
  
  wherein each of said second plurality of fuses retains an amount of charge to maintain integrity of said information storing said key prior to a package containing the second memory being breached after manufacture, and wherein upon said package being breached after manufacture, said information storing said key is at least partially destroyed.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8 wherein the second memory is shielded from electromagnetic scanning.
  - 10. The system of claim 8 wherein said key is not recorded during manufacture of the data acquisition unit.
  - 11. The system of claim 8 wherein the encryption module is configured to generate a session key from a host key stored in the second memory in accordance with a Diffie-Helman of a Secure hash algorithm.
  - 12. The system of claim 8 wherein information representing an identification characteristic of a known person is stored into said first memory.
  - 13. The system of claim 8 including an authorization module configured to determine privileges to be granted to a person based upon a determined identity of said person.
  - 14. The system of claim 12 including a comparison module to compare information representing an identification characteristic of an unknown person with that of said known person.

15. A method for processing sensor data for identifying a person, comprising the steps of:
- providing a sensor for obtaining information representing an identification characteristic of a person, and wherein said identification characteristic includes a fingerprint;
  
  providing a first memory;
  
  providing a key module comprising a one-time programmable (OTP) memory, being a second memory, for storing information representing a key, and wherein said key has a value that is cryptographically random; and
  
  providing an encryption module configured for employing said key for encrypting said information representing said identification characteristic of a person prior to storing said information into said first memory; and
  
  wherein said storing of said key is preserved by circuitry including a first plurality of fuses, and wherein at least a subset of said first plurality of fuses, being a second plurality of fuses, are at least partially blown during manufacture of said key module; and
  
  wherein each of said second plurality of fuses retains an amount of charge to maintain integrity of said information storing said key prior to a package containing the second memory being breached after manufacture, and wherein upon said package being breached after manufacture, said information storing said key is at least partially destroyed.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 wherein the second memory is shielded from electromagnetic scanning.
  - 17. The method of claim 15 wherein the encryption module is configured to generate a session key from a host key stored in the second memory in accordance with a Diffie-Helman of a Secure hash algorithm.
  - 18. The method of claim 15 wherein information representing an identification characteristic of a known person is stored into said first memory.
  - 19. The method of claim 15 including an authorization module configured to determine privileges to be granted to a person based upon a determined identity of said person.
  - 20. The method of claim 18 including a comparison module to compare information representing an identification characteristic of an unknown person with that of said known person.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brazos Capital Management LLC
Original Assignee
Sonavation, Inc.
Inventors
Boudreaux, John
Primary Examiner(s)
Truong, Thanhnga B
Assistant Examiner(s)
HOLMES, ANGELA R

Application Number

US12/115,390
Publication Number

US 20090327762A1
Time in Patent Office

1,898 Days
Field of Search

713/194, 713/189, 380 44- 46, 380/277, 380/259, 326/8, 326/37
US Class Current

713/194
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/602   Providing cryptographic fac...

G06F 21/78   to assure secure storage of...

H04L 2209/60   Digital content management,...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0897   involving additional device...

Methods and systems for secure encryption of data

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for secure encryption of data

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links