In-circuit security system and methods for controlling access to and use of sensitive data

US 9,124,930 B2
Filed: 07/22/2013
Issued: 09/01/2015
Est. Priority Date: 05/30/2003
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus, comprising:

a single integrated circuit havinga first portion including an identity credential verification subsystem, the identity credential verification subsystem configured to identify a user based on a stored identity credential and to verify the user based on a security privilege associated with the stored identity credential,a second portion associated with functionality of the single integrated circuit not used during operation of the identity credential verification subsystem, the second portion configured to be enabled when the identity credential verification subsystem has identified the user based on the stored identity credential and verified the user based on the security privilege associated with the identity credential, the second portion configured to be disabled when the identity credential verification subsystem has not at least one of (1) identified the user based on the stored identity credential, or (2) verified the user based on the security privilege associated with the stored identity credential,a power source, anda real-time clock configured to generate data when the second portion of the single integrated circuit is enabled and the real-time clock is operatively connected to the power source.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secured using industry-established mechanisms for preventing information tampering or eavesdropping, such as the addition of oxygen reactive layers. This invention also incorporates means for establishing security settings, profiles, and responses for the in-circuit security system and enrolled individuals. The in-circuit security system can be used in a variety of electronic devices, including handheld computers, secure facility keys, vehicle operation/ignition systems, and digital rights management.

Citations

20 Claims

1. An apparatus, comprising:
- a single integrated circuit havinga first portion including an identity credential verification subsystem, the identity credential verification subsystem configured to identify a user based on a stored identity credential and to verify the user based on a security privilege associated with the stored identity credential,a second portion associated with functionality of the single integrated circuit not used during operation of the identity credential verification subsystem, the second portion configured to be enabled when the identity credential verification subsystem has identified the user based on the stored identity credential and verified the user based on the security privilege associated with the identity credential, the second portion configured to be disabled when the identity credential verification subsystem has not at least one of (1) identified the user based on the stored identity credential, or (2) verified the user based on the security privilege associated with the stored identity credential,a power source, anda real-time clock configured to generate data when the second portion of the single integrated circuit is enabled and the real-time clock is operatively connected to the power source.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1, wherein the identity credential verification subsystem is configured to be in electronic communication with a cryptographic subsystem of the single integrated circuit.
  - 3. The apparatus of claim 1, wherein the single integrated circuit includes a cryptographic subsystem operatively coupled to the real-time clock, the cryptographic subsystem configured to perform at least one of encryption, decryption, digital signing, and digital signature verification.
  - 4. The apparatus of claim 1, wherein the stored identity credential is a biometric template, the apparatus further comprising:
    - a biometric scanner configured to receive a biometric input from the user, the biometric scanner configured to send data associated with the received biometric input to the identity credential verification subsystem,the identity credential verification subsystem configured to determine whether the received biometric input matches the stored biometric template.
  - 5. The apparatus of claim 1, wherein the security privilege associated with the stored identity credential includes a permission to at least one of selectively disable a component or selectively destroy a component of an electronic device that includes the single integrated circuit.
  - 6. The apparatus of claim 1, wherein the security privilege associated with the stored identity credential includes a permission to selectively enable a disabled component.
  - 7. The apparatus of claim 1, wherein the security privilege associated with the stored identity credential includes a permission to access stored data.
  - 8. The apparatus of claim 1, wherein the single integrated circuit is included in an electronic device configured for electronic messaging, the security privilege associated with the stored identity credential includes a permission to encrypt an electronic message with a stored private key.
  - 9. The apparatus of claim 8, wherein the single integrated circuit includes a processor and a cryptographic subsystem, the processor configured to receive a signal from the identity credential verification subsystem when the second portion of the single integrated circuit is enabled, the cryptographic subsystem configured to receive a signal from the processor and to encrypt the electronic message with the stored private key.
  - 10. The apparatus of claim 1, wherein:
    - the user is a first user,the stored identity credential is a first identity credential of a plurality of identity credentials stored within a memory of the single integrated circuit, the plurality of identity credentials including a second identity credential associated with a second user different from the first user,the security privilege associated with the first identity credential is a first security privilege of a plurality of security privileges stored within the memory of the single integrated circuit, the plurality of security privileges including a second security privilege associated with the second identity credential, the second security privilege being different from the first security privilege.
  - 11. The apparatus of claim 1, further comprising:
    - an electronic lock mechanism including the single integrated circuit, the single integrated circuit configured to send a signal configured to unlock the electronic lock mechanism when the second portion of the single integrated circuit is enabled and when the security privilege permits access to data or a location protected by the electronic lock mechanism.
  - 12. The apparatus of claim 1, further comprising:
    - an electronic lock mechanism including the single integrated circuit, the single integrated circuit configured to send a signal configured to place the electronic lock mechanism in a state such that the electronic lock mechanism cannot be unlocked unless the electronic lock mechanism is reset by a recognized authority when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 13. The apparatus of claim 1, further comprising:
    - an electronic lock mechanism including the single integrated circuit,the stored identity credential being a first identity credential, the single integrated circuit configured to place the electronic lock mechanism in a state such that the identity credential verification subsystem does not accept a second identity credential when the identity credential verification subsystem denies access based on the first identity credential.

14. An electronic device, comprising:
- a single integrated circuit includingan identity credential verification subsystem configured to authenticate a biometric input of a user based on a pre-enrolled biometric template stored in a memory of the electronic device,a power source,a real-time clock operatively connected to the power source,a processor operatively coupled to the real-time clock, the processor configured to deny access for a predetermined number of access attempts within a predetermined period of time based on failed authentication at the identity credential verification subsystem,the single integrated circuit configured to disconnect the real-time clock from the power source when the access is denied by the processor.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The electronic device of claim 14, wherein the single integrated circuit is configured to produce a biometric digital representation based on the biometric input of the user, the identity credential verification subsystem is configured to compare the biometric digital representation with the pre-enrolled biometric template during authentication.
  - 16. The electronic device of claim 14, wherein the single integrated circuit includes a cryptographic subsystem and a memory storing a private key, the identity credential verification subsystem configured to send a signal to the processor indicating that the user is authorized to use the stored private key when the biometric input of the user is authentic, the processor configured to send an electronic message associated with input from the user to the cryptographic subsystem, the cryptographic subsystem configured to encrypt the electronic message based on the stored private key.
  - 17. The electronic device of claim 14, wherein the single integrated circuit includes a cryptographic subsystem configured to (1) receive an electronic message associated with input from the user from the processor, (2) encrypt the electronic message, and (3) send the encrypted electronic message to a transmitter of the electronic device for output to a recipient.
  - 18. The electronic device of claim 14, wherein operation of the real-time clock is halted when the real-time clock is disconnected from the power source.
  - 19. The electronic device of claim 14, wherein the electronic device is an electronic lock mechanism, the identity credential verification subsystem configured to send a signal to place the electronic lock mechanism in a state such that the electronic lock mechanism cannot be unlocked unless the electronic lock mechanism is reset by a recognized authority, the identity credential verification subsystem configured to send the signal when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period.
  - 20. The electronic device of claim 14, wherein the biometric input is a first biometric input, the electronic device is an electronic lock mechanism having a first state in which the identity credential verification subsystem accepts the first biometric input, and a second state in which the identity credential verification subsystem does not accept a second biometric input when the identity credential verification subsystem denies access based on the first biometric input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Johnson, Barry W., Riemenschneider, Kristen R. O., Tillack, Jonathan A., Russell, David C.
Primary Examiner(s)
PEARSON, DAVID J

Application Number

US13/947,313
Publication Number

US 20130305056A1
Time in Patent Office

771 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 16/51   Indexing; Data structures t...

G06F 18/22   Matching criteria, e.g. pro...

G06F 21/1076   Revocation

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/6209   to a single file or object,...

G06F 21/72   in cryptographic circuits

G06F 21/85   interconnection devices, e....

G06V 40/13   Sensors therefor

G06V 40/1365   Matching; Classification

H04L 63/06   for supporting key manageme...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 9/3231   Biological data, e.g. finge...

H04N 21/25875   involving end-user authenti...

H04N 21/4415   using biometric characteris...

In-circuit security system and methods for controlling access to and use of sensitive data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

In-circuit security system and methods for controlling access to and use of sensitive data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links