Technologies for secure storage and use of biometric authentication information
First Claim
1. A client device comprising:
- a processor;
a memory to store a biometric reference template, the biometric reference template comprising biometric reference information of a user; and
a client authentication circuit to;
transmit a biometric authentication initiation signal (BAIS) to an authentication device, wherein the BAIS is to specify requirements of a protected environment of the authentication device which is to enforce a temporary storage of the biometric reference information;
receive an attestation signal from the authentication device, the attestation signal including attestation information that attests to characteristics of the protected environment of the authentication device;
evaluate the attestation information to determine whether the characteristics of the protected environment implemented in the authentication device meet the requirements; and
permit transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented in the authentication device meet the requirements.
0 Assignments
0 Petitions
Accused Products
Abstract
Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.
27 Citations
19 Claims
-
1. A client device comprising:
-
a processor; a memory to store a biometric reference template, the biometric reference template comprising biometric reference information of a user; and a client authentication circuit to; transmit a biometric authentication initiation signal (BAIS) to an authentication device, wherein the BAIS is to specify requirements of a protected environment of the authentication device which is to enforce a temporary storage of the biometric reference information; receive an attestation signal from the authentication device, the attestation signal including attestation information that attests to characteristics of the protected environment of the authentication device; evaluate the attestation information to determine whether the characteristics of the protected environment implemented in the authentication device meet the requirements; and permit transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented in the authentication device meet the requirements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An authentication device comprising:
-
a processor; a memory; at least one sensor; and an authentication device attestation circuit, wherein the authentication device attestation circuit is to; transmit, in response to receipt of a biometric authentication initiation signal (BAIS) from a client device, an attestation signal containing attestation information that attests to characteristics of a protected environment of the authentication device, wherein the attestation signal is to enable the client device to evaluate the attestation information to determine whether the characteristics of the protected environment meet requirements specified in the BAIS of a protected environment for temporary storage of a biometric reference template, the requirements comprising one or more of a type of protected environment, processing resources of the protected environment, memory of the protected environment, input/output resources of the protected environment, or one or more combinations thereof; store a biometric reference template received from the client device in the protected environment; biometrically authenticate a user with the biometric reference template stored in the protected environment; establish an authenticated session if biometric authentication of the user is successful; and delete the biometric reference template upon detection of a termination event. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a system to:
-
transmit a biometric authentication initiation signal (BAIS) to an authentication device, wherein the BAIS is to specify requirements of a protected environment of the authentication device which is to enforce a temporary storage of the biometric reference information; receive an attestation signal from the authentication device, the attestation signal including attestation information that attests to characteristics of the protected environment of the authentication device; evaluate the attestation information to determine whether the characteristics of the protected environment implemented in the authentication device meet the requirements; and permit transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented in the authentication device meet the requirements. - View Dependent Claims (17, 18, 19)
-
Specification