In-circuit security system and methods for controlling access to and use of sensitive data

US 8,495,382 B2
Filed: 09/08/2009
Issued: 07/23/2013
Est. Priority Date: 05/30/2003
Status: Active Grant

First Claim

Patent Images

1. A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process, the code comprising code to:

send a signal configured to prompt a user of an electronic device to provide a personal identity credential sample upon access request, the electronic device having an in-circuit security system on a single integrated circuit that includes the processor;

receive an authentication signal from an identity credential verification subsystem of the in-circuit security system when a processor of the identity credential verification subsystem matches the personal identity credential sample to at least one enrolled personal identity credential associated with the electronic device, the single integrated circuit including the processor of the identity credential verification subsystem;

identify at least one security privilege associated with the personal identity credential sample in response to the authentication signal being received, the at least one security privilege stored within a memory of the in-circuit security system; and

send a signal indicating that access is granted when the at least one security privilege provides access authorization and a security setting of the in-circuit security system allows the requested access.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secured using industry-established mechanisms for preventing information tampering or eavesdropping, such as the addition of oxygen reactive layers. This invention also incorporates means for establishing security settings, profiles, and responses for the in-circuit security system and enrolled individuals. The in-circuit security system can be used in a variety of electronic devices, including handheld computers, secure facility keys, vehicle operation/ignition systems, and digital rights management.

160 Citations

21 Claims

1. A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process, the code comprising code to:
- send a signal configured to prompt a user of an electronic device to provide a personal identity credential sample upon access request, the electronic device having an in-circuit security system on a single integrated circuit that includes the processor;
  
  receive an authentication signal from an identity credential verification subsystem of the in-circuit security system when a processor of the identity credential verification subsystem matches the personal identity credential sample to at least one enrolled personal identity credential associated with the electronic device, the single integrated circuit including the processor of the identity credential verification subsystem;
  
  identify at least one security privilege associated with the personal identity credential sample in response to the authentication signal being received, the at least one security privilege stored within a memory of the in-circuit security system; and
  
  send a signal indicating that access is granted when the at least one security privilege provides access authorization and a security setting of the in-circuit security system allows the requested access.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The processor-readable medium of claim 1, wherein the requested access is to access stored data.
  - 3. The processor-readable medium of claim 1, wherein the requested access is to selectively disable components.
  - 4. The processor-readable medium of claim 1, wherein the requested access is to selectively enable disabled components.
  - 5. The processor-readable medium of claim 1, wherein the requested access is to selectively destroy components.
  - 6. The processor-readable medium of claim 1, wherein the single integrated circuit is a component within the electronic device.

7. A method, comprising:
- disabling a portion of a single integrated circuit of an electronic device, the portion of the single integrated circuit being associated with functionality of the single integrated circuit not used during operation of an identity credential verification subsystem of the single integrated circuit;
  
  identifying, at the identity credential verification subsystem, a user of the electronic device based on an identity credential;
  
  verifying the user of the electronic device based on a security privilege associated with the identity credential;
  
  enabling the portion of the single integrated circuit when the user is identified based on the identity credential associated with the user and verified based on the security privilege associated with the identity credential; and
  
  storing data generated by a real-time clock of the single integrated circuit when the portion of the single integrated circuit is enabled and the real-time clock is connected to a power source included on the single integrated circuit.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, further comprising:
    - halting operation of the real-time clock when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 9. The method of claim 7, further comprising:
    - disconnecting the power source from the real-time clock when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 10. The method of claim 7, wherein the electronic device is an electronic lock mechanism, the method further comprising:
    - sending a signal configured to unlock the electronic lock mechanism when the portion of the single integrated circuit is enabled and when the security privilege permits access to data or a location protected by the electronic lock mechanism.
  - 11. The method of claim 7, wherein the electronic device is an electronic lock mechanism, the method further comprising:
    - sending a signal configured to place the electronic lock mechanism in a state such that the electronic lock mechanism cannot be unlocked unless the electronic lock mechanism is reset by a recognized authority when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 12. The method of claim 7, wherein the electronic device is an electronic lock mechanism, the identity credential is a first identity credential, the method further comprising:
    - sending a signal configured to place the electronic lock mechanism in a state such that the identity credential verification subsystem does not accept a second identity credential when the identity credential verification subsystem denies access based on the first identity credential.
  - 13. The method of claim 7, wherein the identity credential is a biometric input of the user, the identifying including:
    - producing a biometric template based on the biometric input of the user; and
      
      comparing the biometric template of the user to at least one pre-enrolled biometric template stored at the electronic device, the user being identified when the biometric template matches a pre-enrolled biometric template.
  - 14. The method of claim 7, wherein the verifying includes:
    - determining the security privilege based on the identity credential; and
      
      determining access rights associated with the user based on the security privilege.

15. A method, comprising:
- producing, at a single integrated circuit of an electronic device, a biometric template based on a biometric input of a user;
  
  authenticating, at an identity verification subsystem of the single integrated circuit, the biometric template of the user based on a pre-enrolled biometric template stored at the electronic device; and
  
  disconnecting a power source on the single integrated circuit from a real-time clock on the single integrated circuit when a processor of the single integrated circuit denies access for a predetermined number of access attempts within a predetermined period of time based on the authenticating at the identity verification subsystem.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, wherein the single integrated circuit includes and a cryptographic subsystem, the method further comprising:
    - sending a signal from the identity credential verification subsystem to the processor, the signal configured to indicate that the user is authorized to use a stored private key when the biometric template of the user is authentic;
      
      sending an electronic message associated with input from the user, from the processor to the cryptographic subsystem; and
      
      encrypting the electronic message based on the private key to produce an encrypted electronic message.
  - 17. The method of claim 15, wherein the single integrated circuit includes a cryptographic subsystem, the method further comprising:
    - sending an electronic message associated with input from the user from the processor to the cryptographic subsystem such that the cryptographic subsystem electronically signs the electronic message to produce an encrypted electronic message; and
      
      sending the encrypted electronic message from the cryptographic subsystem to a transmitter such that the encrypted electronic message is output to a recipient.
  - 18. The method of claim 15, wherein the electronic device is an electronic lock mechanism, the method further comprising:
    - sending an identifier associated with the user from the identity credential verification subsystem to the processor when the biometric template of the user is authentic;
      
      determining a security privilege associated with the user based on the identifier associated with the user; and
      
      sending a signal configured to unlock the electronic lock mechanism when the security privilege associated with the user permits access to data or a location protected by the electronic lock mechanism.
  - 19. The method of claim 15, wherein the disconnecting the power source from the real-time clock halts operation of the real-time clock.
  - 20. The method of claim 15, wherein the electronic device is an electronic lock mechanism, the method further comprising:
    - sending a signal configured to place the electronic lock mechanism in a state such that the electronic lock mechanism cannot be unlocked unless the electronic lock mechanism is reset by a recognized authority when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 21. The method of claim 15, wherein the electronic device is an electronic lock mechanism, the biometric input being a first biometric input, the method further comprising:
    - sending a signal configured to place the electronic lock mechanism in a state such that the identity credential verification subsystem does not accept a second biometric input when the identity credential verification subsystem denies access based on the first biometric input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Privaris, Inc.
Inventors
Johnson, Barry W., Olvera, Kristen R., Russell, David C., Tillack, Jonathan A.
Primary Examiner(s)
PEARSON, DAVID J

Application Number

US12/555,480
Publication Number

US 20100005314A1
Time in Patent Office

1,414 Days
Field of Search

None
US Class Current

713/186
CPC Class Codes

G06F 16/51   Indexing; Data structures t...

G06F 18/22   Matching criteria, e.g. pro...

G06F 21/1076   Revocation

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/6209   to a single file or object,...

G06F 21/72   in cryptographic circuits

G06F 21/85   interconnection devices, e....

G06V 40/13   Sensors therefor

G06V 40/1365   Matching; Classification

H04L 63/06   for supporting key manageme...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 9/3231   Biological data, e.g. finge...

H04N 21/25875   involving end-user authenti...

H04N 21/4415   using biometric characteris...

In-circuit security system and methods for controlling access to and use of sensitive data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

160 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

In-circuit security system and methods for controlling access to and use of sensitive data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

160 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links