Method and system for providing password-free, hardware-rooted, ASIC-based, authentication of human to a stand-alone computing device using biometrics with a protected local template to release trusted credentials to relying parties
First Claim
1. A stand-alone computing device, which may also be a mobile device comprising:
- at least one processor;
at least one storage area;
at least one biometric sensor and;
ASIC logic, and software contained within the said storage areas, wherein, upon enablement of the said stand-alone computing device, and prior to executing at least some of the said software and ASIC logic, the said software and ASIC logic cause the said processors, either individually or in combination to;
capture a PIN from the user and generate a hash of the said PIN;
biometrically enroll the identity of the user by capturing a plurality of biometric samples and calculating a biometric template;
encrypt the said biometric template using a first private encryption key, whose derivation must include at least one of the said PIN hash and a device ID calculated from hardware characteristics of the said stand-alone computing device;
store the encrypted biometric template in one of the said storage areas, and;
upon subsequent device enablement, commence normal processing, responsive to a successful entry of the said PIN, and the successful match of a subsequent biometric sample to the said biometric template.
1 Assignment
0 Petitions
Accused Products
Abstract
Biometric data are obtained from a biometric sensor on a stand-alone computing device, which may contain an ASIC, connected to or incorporated within it. The computing device and ASIC, in combination or individually, capture biometric samples, extract biometric features and match them to a locally stored, encrypted template. For extra security, the biometric matching may be enhanced by the use of an entered PIN. The biometric template and other sensitive data are encrypted using hardware elements of the computing device and ASIC, together with a PIN hash. A stored obfuscated Password is de-obfuscated and may be released to the authentication mechanism in response to a successfully decrypted template and matching biometric sample. A different de-obfuscated password may be released to authenticate the user to a remote computer and to encrypt data in transit. This eliminates the need for the user to remember and enter complex passwords on the device.
37 Citations
20 Claims
-
1. A stand-alone computing device, which may also be a mobile device comprising:
-
at least one processor; at least one storage area; at least one biometric sensor and; ASIC logic, and software contained within the said storage areas, wherein, upon enablement of the said stand-alone computing device, and prior to executing at least some of the said software and ASIC logic, the said software and ASIC logic cause the said processors, either individually or in combination to; capture a PIN from the user and generate a hash of the said PIN; biometrically enroll the identity of the user by capturing a plurality of biometric samples and calculating a biometric template; encrypt the said biometric template using a first private encryption key, whose derivation must include at least one of the said PIN hash and a device ID calculated from hardware characteristics of the said stand-alone computing device; store the encrypted biometric template in one of the said storage areas, and; upon subsequent device enablement, commence normal processing, responsive to a successful entry of the said PIN, and the successful match of a subsequent biometric sample to the said biometric template. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A stand-alone computing device, which may also be a mobile device comprising:
-
at least one processor; at least one storage area; at least one biometric sensor, and; ASIC logic, and software contained within the said storage areas, which, when executed, causes the said stand-alone computing device processors, either in combination or individually to; capture a biometric sample from the device user, using one or more of the said biometric sensors, and; responsive to a good match between the said biometric sample and a decrypted biometric template stored in encrypted form in one of the said storage areas, the said ASIC logic and the said software further cause the said stand-alone computing device to communicate with a remote computer, using PKI communications without said user re-entering a password. - View Dependent Claims (18)
-
-
19. A stand-alone computing device, which may also be a mobile device comprising:
-
at least one processor; at least one storage area; at least one biometric sensor, integrated into the stand-alone computing device, and; ASIC logic, and software, contained within the said storage areas, which, when executed, causes the said stand-alone computing device processors, either in combination or individually to; capture a PIN from the device user and generate a hash of said PIN; capture a biometric sample from a device user using one or more of said biometric sensors and; responsive to a successful PIN entry and a good match between the said biometric sample and a decrypted biometric template, stored in encrypted form in one of the said storage areas, the said ASIC logic and the said software further cause—
the said stand-alone computing device to communicate with a remote computer, using PKI communications without said user re-entering a password. - View Dependent Claims (20)
-
Specification