Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
First Claim
1. A stand-alone computing device comprising:
- a processor;
a memory;
a biometric sensor; and
software storage, wherein upon an initial device power-up, executing the software stored thereon, causes the processor to;
generate a device ID from characteristics of device hardware components;
prompt a user to submit a plurality of biometric samples and capture said plurality of biometric samples using said biometric sensor;
transform data of said captured biometric samples to a consistent angle of inclination;
biometrically enroll an identity of a device user by matching said transformed data of said captured biometric samples to each other and determining a biometric template;
obtain a PIN value by one of a) generating said PIN value from said device ID and b) capturing said PIN value after being entered on the device;
generate a one-way hashed value of said PIN;
accept a password from the user after obtaining said PIN;
obfuscate the password using said hashed value of said PIN and said device ID, and storing the obfuscated password in said memory;
generate a private encryption key using at least said obfuscated password and said hashed PIN;
encrypt said biometric template using said private encryption key and store the encrypted template in the memory; and
upon subsequent device power up, the software further causes the processor to;
capture a subsequent biometric sample from a user, using said biometric sensor;
decrypt the encrypted template using said private encryption key;
de-obfuscate the obfuscated password using said hashed value of said PIN; and
provide the de-obfuscated password for an authentication process, only if the decrypted template is correctly decrypted and said subsequent biometric sample matches said decrypted template.
1 Assignment
0 Petitions
Accused Products
Abstract
Biometric data, suitably transformed are obtained from a biometric input device contained within a stand-alone computing device and used in conjunction with a PIN to authenticate the user to the device. The biometric template and other data residing on the device are encrypted using hardware elements of the device, the PIN and Password hash. A stored obfuscated password is de-obfuscated and released to the device authentication mechanism in response to a successfully decrypted template and matching biometric sample and PIN. The de-obfuscated password is used to authenticate the user to device, the user to a remote computer, and to encrypt device data at rest on the device and in transit to and from the remote computer. This creates a trusted relationship between the stand-alone device and the remote computer. The system also eliminates the need for the user to remember and enter complex passwords on the device.
43 Citations
17 Claims
-
1. A stand-alone computing device comprising:
-
a processor; a memory; a biometric sensor; and software storage, wherein upon an initial device power-up, executing the software stored thereon, causes the processor to; generate a device ID from characteristics of device hardware components; prompt a user to submit a plurality of biometric samples and capture said plurality of biometric samples using said biometric sensor; transform data of said captured biometric samples to a consistent angle of inclination; biometrically enroll an identity of a device user by matching said transformed data of said captured biometric samples to each other and determining a biometric template; obtain a PIN value by one of a) generating said PIN value from said device ID and b) capturing said PIN value after being entered on the device; generate a one-way hashed value of said PIN; accept a password from the user after obtaining said PIN; obfuscate the password using said hashed value of said PIN and said device ID, and storing the obfuscated password in said memory; generate a private encryption key using at least said obfuscated password and said hashed PIN; encrypt said biometric template using said private encryption key and store the encrypted template in the memory; and upon subsequent device power up, the software further causes the processor to; capture a subsequent biometric sample from a user, using said biometric sensor; decrypt the encrypted template using said private encryption key; de-obfuscate the obfuscated password using said hashed value of said PIN; and provide the de-obfuscated password for an authentication process, only if the decrypted template is correctly decrypted and said subsequent biometric sample matches said decrypted template. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A stand-alone computing device comprising:
-
a processor; a memory; and a software storage, wherein execution of the software causes the processor to; biometrically enroll device users, by capturing biometric samples, wherein said biometric samples contain, at least, (X, Y) coordinate values, and each set of co-ordinate values having one of an associated explicit and inferred time stamp; extract biometric feature values from signs made on an electronic signing area of said computing device, by one of a stylus and a finger, wherein said signs are chosen by the user to be one of, a secret sign without user feedback and a signature with user feedback; verify the identity of a user by matching a new biometric sample with a previously enrolled biometric template, wherein said biometric template includes an electronic representation of said user'"'"'s authentic signature and said authentic electronic signature is released for comparison with an electronic signature stored on a second computer remote from the stand alone computing device; calculate means of biometric features and modifying the means by weights that correspond to a largest discrimination score measured between authentic and imposter samples; generate a password and password hash from a stored, de-obfuscated password and device ID, wherein the de-obfuscated password is generated following a PIN generation and biometric sample matching. - View Dependent Claims (10, 11)
-
-
12. A mobile device comprising:
-
a processor; a memory; a biometric sensor integrated into the mobile device; and software storage embodying software that when executed cause the processor to; generate a device ID from characteristics of hardware components of said device; capture a biometric sample from a device user using said biometric sensor; perform authentication with a remote computer using PKI communications and a private encryption key, wherein said private encryption key is generated as a function of a previously entered password and said device ID; said software further causing the processor to perform encryption using at least said private encryption key; said memory storing a biometric template, which is encrypted and decrypted using said private encryption key; wherein said mobile device is unlocked, in response to a good match between said biometric sample and said decrypted biometric template, and accessed by PKI communications software, without said user re-entering a PIN or password for device access or for remote computer authentication. - View Dependent Claims (13, 14)
-
-
15. A mobile device comprising:
-
a processor; a memory; a biometric sensor integrated into the mobile device; and software storage embodying software that when executed cause the processor to; generate a device ID from characteristics of hardware components of said device; capture a biometric sample from a device user using said biometric sensor; prompt the user to enter a PIN, which is subjected to a one-way hash function, wherein the hashed PIN is used in conjunction with said device ID and a previously entered password to generate a private encryption key; perform authentication with a remote computer using PKI communications and said private encryption key; said software further causing the processor to perform encryption using at least said private encryption key; said memory storing a biometric template, which is encrypted and decrypted using said private key; wherein said mobile device is unlocked, in response to a good match between said biometric sample and said decrypted biometric template, and accessed by PKI communications software, without said user re-entering a password for device access or for remote computer authentication. - View Dependent Claims (16, 17)
-
Specification