Technologies for secure storage and use of biometric authentication information
First Claim
1. A client device, comprising:
- a processor;
a memory configured to store a biometric reference template, the biometric reference template comprising biometric reference information of a human; and
a client authentication module (CAM) configured to;
transmit a biometric authentication initiation signal (BAIS) to an authentication device, wherein the BAIS;
specifies requirements of a protected environment that is required by the client device for the temporary storage of a biometric template, said requirements comprising one or more of a type of protected environment, processing resources of a protected environment, memory of a protected environment, input/output resources of a protected environment, or one or more combinations thereof; and
is configured to cause the authentication device to transmit an attestation signal to the client device, the attestation signal including attestation information that attests to characteristics of a protected environment implemented by the authentication device;
evaluate said attestation information in said attestation signal to determine whether the characteristics of the protected environment implemented in the authentication device meet the requirements specified in said BAIS; and
the CAM is further configured to permit transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented in the authentication device meets the requirements specified in the BAIS.
1 Assignment
0 Petitions
Accused Products
Abstract
Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.
53 Citations
24 Claims
-
1. A client device, comprising:
-
a processor; a memory configured to store a biometric reference template, the biometric reference template comprising biometric reference information of a human; and a client authentication module (CAM) configured to; transmit a biometric authentication initiation signal (BAIS) to an authentication device, wherein the BAIS; specifies requirements of a protected environment that is required by the client device for the temporary storage of a biometric template, said requirements comprising one or more of a type of protected environment, processing resources of a protected environment, memory of a protected environment, input/output resources of a protected environment, or one or more combinations thereof; and is configured to cause the authentication device to transmit an attestation signal to the client device, the attestation signal including attestation information that attests to characteristics of a protected environment implemented by the authentication device; evaluate said attestation information in said attestation signal to determine whether the characteristics of the protected environment implemented in the authentication device meet the requirements specified in said BAIS; and the CAM is further configured to permit transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented in the authentication device meets the requirements specified in the BAIS. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An authentication device, comprising:
-
a processor; a memory; a protected environment; and an authentication device attestation module (ADAM), wherein the ADAM is configured to; transmit, in response to receipt of a biometric authentication initiation signal (BAIS) from a client device, an attestation signal containing attestation information attesting to the characteristics of a protected environment executable by the authentication device, wherein the attestation signal is configured to cause the client device to evaluate said attestation information to determine whether the characteristics of the protected environment meet requirements specified in the BAIS of a protected environment for the temporary storage of a biometric template, the requirements comprising one or more of a type of protected environment, processing resources of a protected environment, memory of a protected environment, input/output resources of a protected environment, or one or more combinations thereof; wherein when said attestation information establishes that the characteristics of the protected environment executable on the authentication device meet the requirements specified in the BAIS, the ADAM is further configured to; store a biometric reference template received from a client device in the protected environment; biometrically authenticate a human with the biometric reference template stored in the protected environment; establish an authenticated session if biometric authentication of the human is successful; and delete the biometric reference template upon the detection of a termination event. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method of transferring a biometric template with a client device, comprising:
-
transmitting a biometric authentication initiation signal (BAIS) to an authentication device, wherein the BAIS; specifies requirements of a protected environment that is required by the client device for the temporary storage of a biometric template, said requirements comprising one or more of a type of protected environment, processing resources of a protected environment, memory of a protected environment, input/output resource of a protected environment, or one or more combinations thereof; and is configured to cause the authentication device to transmit an attestation signal to the client device, the attestation signal including attestation information that attests to characteristics of a protected environment implemented by the authentication device; evaluating said attestation information in said attestation signal to determine whether the characteristics of the protected environment implemented in the authentication device meets the requirements specified in said BAIS; and permitting the transmission of the biometric reference template from the client device to the authentication device when the characteristics of the protected environment implemented in the authentication device meets the requirements specified in the BAIS. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method of performing biometric authentication with an authentication device, comprising:
-
transmitting, in response to receipt of a biometric authentication initiation signal (BAIS) from a client device, an attestation signal containing attestation information attesting to the characteristics of a protected environment executable by the authentication device, wherein the attestation signal is configured to cause the client device to evaluate said attestation information to determine whether the characteristics of the protected environment meet requirements specified in the BAIS of a protected environment for the temporary storage of a biometric template, the requirements comprising one or more of a type of protected environment, processing resources of a protected environment, memory of a protected environment, input/output resources of a protected environment, or one or more combinations thereof; wherein when said attestation information establishes that the characteristics of the protected environment executable on the authentication device meet the requirements specified in the BAIS, the method further comprises; storing a biometric reference template received from a client device in a protected environment of the authentication device; biometrically authenticating a human with the biometric reference template stored in the protected environment; establishing an authenticated session if biometric authentication of the human is successful; and deleting the biometric reference template upon the detection of a termination event. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification