×

Method and system for providing password-free, hardware-rooted, ASIC-based authentication of a human to a mobile device using biometrics with a protected, local template to release trusted credentials to relying parties

  • US 9,286,457 B2
  • Filed: 03/06/2014
  • Issued: 03/15/2016
  • Est. Priority Date: 06/14/2004
  • Status: Expired due to Fees
First Claim
Patent Images

1. A stand-alone computing device, which may also be a mobile device comprising:

  • a processor;

    a memory;

    a biometric sensor;

    optionally, an application specific integrated circuit (ASIC) connected to or contained within said stand-alone computing device, incorporating an ASIC processor, an ASIC memory and ASIC software storage, capable of causing code-signing, biometric authentication and encryption operations to take place;

    a software storage, wherein, upon power-up of the said stand-alone computing device, and prior to executing at least some of the software stored thereon, causes the said processor and the said ASIC processor, individually or in combination to;

    check the signed code stored on the said ASIC and the said stand-alone computing device and, responsive to a successful check;

    generate a device ID from hardware characteristics of said stand-alone computing device and said ASIC;

    prompt a user to submit a plurality of biometric samples and capture said plurality of biometric samples using said biometric sensor;

    optionally, transform data of said captured biometric samples to a consistent angle of inclination;

    biometrically enroll an identity of a device user by matching said captured biometric samples to each other and determining a biometric template;

    obtain a PIN value by one of a) generating said PIN value from hardware characteristics of the said stand-alone computer and the said ASIC and b) capturing said PIN value after being entered on said device;

    generate a one-way hashed value of said PIN;

    accept a password from the user after obtaining said PIN;

    obfuscate said password using said hashed value of said PIN and said device ID, and store the obfuscated password in one of said memory and said ASIC memory;

    generate a first private encryption key using at least said hashed PIN and, optionally, one of said device ID and said obfuscated password;

    encrypt said biometric template using said first private encryption key and store the encrypted template in one of the said memory and the said ASIC memory;

    and upon subsequent stand-alone computing device power up, the said software and the said ASIC software further cause the stand-alone computing device processor and the ASIC processor, individually or in combination to;

    a) check said signed code stored on the said ASIC and the said stand-alone computing device and, responsive to a successful check;

    b) generate said device ID from hardware characteristics of said stand-alone computing device and said ASIC;

    c) capture a subsequent biometric sample from a user, using said biometric sensor;

    d) decrypt the encrypted template using said first private encryption key;

    e) de-obfuscate the obfuscated password using at least said hashed value of said PIN and said device IDf) provide the said de-obfuscated password for an authentication process, only if the encrypted template is correctly decrypted and said subsequent biometric sample matches said decrypted template.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×