Technologies for secure storage and use of biometric authentication information

US 9,628,478 B2
Filed: 07/29/2015
Issued: 04/18/2017
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A client device comprising:

a processor;

a memory to store a biometric reference template, the biometric reference template comprising biometric reference information of a user; and

a client authentication circuit to;

transmit a biometric authentication initiation signal (BAIS) to an authentication device, wherein the BAIS is to specify requirements of a protected environment of the authentication device which is to enforce a temporary storage of the biometric reference information;

receive an attestation signal from the authentication device, the attestation signal including attestation information that attests to characteristics of the protected environment of the authentication device;

evaluate the attestation information to determine whether the characteristics of the protected environment implemented in the authentication device meet the requirements; and

permit transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented in the authentication device meet the requirements.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

27 Citations

19 Claims

1. A client device comprising:
- a processor;
  
  a memory to store a biometric reference template, the biometric reference template comprising biometric reference information of a user; and
  
  a client authentication circuit to;
  
  transmit a biometric authentication initiation signal (BAIS) to an authentication device, wherein the BAIS is to specify requirements of a protected environment of the authentication device which is to enforce a temporary storage of the biometric reference information;
  
  receive an attestation signal from the authentication device, the attestation signal including attestation information that attests to characteristics of the protected environment of the authentication device;
  
  evaluate the attestation information to determine whether the characteristics of the protected environment implemented in the authentication device meet the requirements; and
  
  permit transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented in the authentication device meet the requirements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The client device of claim 1, wherein the client authentication circuit is further to deny transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented by the authentication device do not meet the requirements.
  - 3. The client device of claim 1, wherein the attestation information further comprises information regarding the authentication device'"'"'s ability to hold the biometric reference template in confidence, and the client authentication circuit is further to:
    - compare the attestation information to a collection of predetermined acceptable and unacceptable protected environments;
      
      permit transmission of the biometric reference template to the authentication device when the comparison establishes that the protected environment implemented by the authentication device is one or more of the predetermined acceptable protected environments; and
      
      deny transmission of the biometric reference template to the authentication device when the comparison establishes that the protected environment implemented by the authentication device is one or more of the predetermined unacceptable protected environments.
  - 4. The client device of claim 1, wherein:
    - the BAIS is further to cause the authentication device to attest, in the attestation signal, to the implementation of a temporary storage policy by the protected environment;
      
      the client authentication circuit is further to;
      
      analyze the attestation information to determine whether the temporary storage policy implemented by the protected environment is in accordance with predetermined parameters for the temporary storage and deletion of biometric reference templates from the protected environment; and
      
      permit transmission of the biometric reference template when it is determined that the temporary storage policy implemented by the protected environment meets the predetermined parameters for the temporary storage and deletion of biometric reference templates.
  - 5. The client device of claim 1, wherein the requirements comprises one or more of a type of the protected environment, processing resources of the protected environment, memory of the protected environment, input/output resources of the protected environment, or one or more combinations thereof.
  - 6. The client device of claim 1, wherein the client authentication circuit comprises programmable circuitry.
  - 7. The client device of claim 1, wherein the client device comprises a smartphone.
  - 8. The client device of claim 1, wherein the client device is to verify an authenticity of the authentication device based on an electronic signature protocol, and transmit the biometric reference template responsive to the authenticity verification.
  - 9. The client device of claim 8, wherein the client device is to transmit the biometric reference template via a close range communication network.

10. An authentication device comprising:
- a processor;
  
  a memory;
  
  at least one sensor; and
  
  an authentication device attestation circuit, wherein the authentication device attestation circuit is to;
  
  transmit, in response to receipt of a biometric authentication initiation signal (BAIS) from a client device, an attestation signal containing attestation information that attests to characteristics of a protected environment of the authentication device, wherein the attestation signal is to enable the client device to evaluate the attestation information to determine whether the characteristics of the protected environment meet requirements specified in the BAIS of a protected environment for temporary storage of a biometric reference template, the requirements comprising one or more of a type of protected environment, processing resources of the protected environment, memory of the protected environment, input/output resources of the protected environment, or one or more combinations thereof;
  
  store a biometric reference template received from the client device in the protected environment;
  
  biometrically authenticate a user with the biometric reference template stored in the protected environment;
  
  establish an authenticated session if biometric authentication of the user is successful; and
  
  delete the biometric reference template upon detection of a termination event.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The authentication device of claim 10, wherein the attestation information further comprises information about a temporary storage policy executable by the protected environment.
  - 12. The authentication device of claim 10, wherein the authentication device attestation circuit is further to perform biometric authentication using biometric test information obtained from the user via the at least one sensor.
  - 13. The authentication device of claim 10, wherein in the authenticated session, the user is permitted to access at least one resource protected by the authentication device.
  - 14. The authentication device of claim 10, further comprising a continuous authentication confidence circuit to determine a confidence level regarding whether the user is in proximity to the authentication device during the authenticated session.
  - 15. The authentication device of claim 14, wherein the continuous authentication confidence circuit is to determine the confidence level based at least in part on context information.

16. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a system to:
- transmit a biometric authentication initiation signal (BAIS) to an authentication device, wherein the BAIS is to specify requirements of a protected environment of the authentication device which is to enforce a temporary storage of the biometric reference information;
  
  receive an attestation signal from the authentication device, the attestation signal including attestation information that attests to characteristics of the protected environment of the authentication device;
  
  evaluate the attestation information to determine whether the characteristics of the protected environment implemented in the authentication device meet the requirements; and
  
  permit transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented in the authentication device meet the requirements.
- View Dependent Claims (17, 18, 19)
- - 17. The at least one non-transitory computer readable medium of claim 16, further comprising instructions that when executed enable the system to deny transmission of the biometric reference template to the authentication device when the characteristics of the protected environment implemented by the authentication device do not meet the requirements.
  - 18. The at least one non-transitory computer readable medium of claim 16, further comprising instructions that when executed enable the system to:
    - compare the attestation information to a collection of predetermined acceptable and unacceptable protected environments;
      
      permit transmission of the biometric reference template to the authentication device when the comparison establishes that the protected environment implemented by the authentication device is one or more of the predetermined acceptable protected environments; and
      
      deny transmission of the biometric reference template to the authentication device when the comparison establishes that the protected environment implemented by the authentication device is one or more of the predetermined unacceptable protected environments.
  - 19. The at least one non-transitory computer readable medium of claim 16, further comprising instructions that when executed enable the system to:
    - cause the authentication device to attest, in the attestation signal, to the implementation of a temporary storage policy by the protected environment;
      
      analyze the attestation information to determine whether the temporary storage policy implemented by the protected environment is in accordance with predetermined parameters for the temporary storage and deletion of biometric reference templates from the protected environment; and
      
      permit transmission of the biometric reference template when it is determined that the temporary storage policy implemented by the protected environment meets the predetermined parameters for the temporary storage and deletion of biometric reference templates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Smith, Ned M., Cahill, Conor P., Sheller, Micah J., Martin, Jason
Primary Examiner(s)
Traore, Fatoumata

Application Number

US14/812,514
Publication Number

US 20160006732A1
Time in Patent Office

629 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/62   Protecting access to data v...

G06F 21/78   to assure secure storage of...

H04L 63/06   for supporting key manageme...

H04L 63/0861   using biometrical features,...

Technologies for secure storage and use of biometric authentication information

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Technologies for secure storage and use of biometric authentication information

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links