Method and system for securing user access, data at rest and sensitive transactions using biometrics for mobile devices with protected, local templates
First Claim
1. A mobile device comprising:
- at least one processor configured to execute software applications;
software included in at least one storage area;
at least one sensor configured to acquire biometric data, wherein the biometric data includes at least one of;
a fingerprint image, a facial image, an iris image, and a voice;
wherein said mobile device configured to;
capture an identity verification credential from the user;
biometrically enroll the identity of the user by capturing one or more biometric samples representing one or more biometric modalities, from the at least one sensor, and calculating one or more biometric templates;
securely store the one or more biometric templates in a hardware protected manner without persistent storage of the biometric template in a non-secured manner;
and;
wherein, upon subsequent mobile device enablement, responsive to a successful match of one or more subsequent biometric samples to one or more of the securely stored biometric templates release access to one or more protected function of the mobile device.
1 Assignment
0 Petitions
Accused Products
Abstract
Biometric data are obtained from biometric sensors on a stand-alone computing device, which may contain an ASIC, connected to or incorporated within it. The computing device and ASIC, in combination or individually, capture biometric samples, extract biometric features and match them to one or more locally stored, encrypted templates. The biometric matching may be enhanced by the use of an entered PIN. The biometric templates and other sensitive data at rest are encrypted using hardware elements of the computing device and ASIC, and/or a PIN hash. A stored obfuscated Password is de-obfuscated and may be released to the authentication mechanism in response to successfully decrypted templates and matching biometric samples. A different de-obfuscated password may be released to authenticate the user to a remote or local computer and to encrypt data in transit. This eliminates the need for the user to remember and enter complex passwords on the device.
43 Citations
40 Claims
-
1. A mobile device comprising:
-
at least one processor configured to execute software applications; software included in at least one storage area; at least one sensor configured to acquire biometric data, wherein the biometric data includes at least one of;
a fingerprint image, a facial image, an iris image, and a voice;wherein said mobile device configured to; capture an identity verification credential from the user; biometrically enroll the identity of the user by capturing one or more biometric samples representing one or more biometric modalities, from the at least one sensor, and calculating one or more biometric templates; securely store the one or more biometric templates in a hardware protected manner without persistent storage of the biometric template in a non-secured manner; and; wherein, upon subsequent mobile device enablement, responsive to a successful match of one or more subsequent biometric samples to one or more of the securely stored biometric templates release access to one or more protected function of the mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A mobile device comprising:
-
at least one processor; software contained in at least one storage area; at least one sensor configured to acquire biometric data, wherein the biometric data includes at least one of;
a fingerprint image, a facial image, an iris image, and a voice;wherein, said mobile device configured to implement biometric template security and acquisition functions including; capture an identity verification credential from the user; biometrically enroll the identity of the user by capturing one or more biometric samples representing one or more biometric modalities, from the at least one sensor, and calculating one or more biometric templates; securely store the one or more biometric templates in a hardware-secured portion of the mobile device memory without persistent storage of the biometric template in a non-secured manner; and wherein, upon subsequent mobile device enablement, responsive to a successful match of one or more subsequent biometric samples to one or more of the securely stored biometric templates release access to a protected function of the mobile device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method for allowing access to a computing device comprising:
-
providing a mobile device with at least one processor; providing at least one storage area within the mobile device; using at least one biometric sensor, wherein the at least one biometric sensor include at least one of;
a fingerprint image sensor, a facial image sensor, an iris image sensor, and a voice print sensor;using at least one processor, and software contained within the one or more storage areas, wherein, upon enablement of said computing device, and prior to executing at least some of the software, the software causes said processor to; capture an identity verification credential from the user; biometrically enroll the identity of the user by capturing one or more biometric samples representing one or more biometric modalities, from one or more of the biometric sensors, and calculating one or more biometric templates; encrypt the biometric templates using an algorithm and a hardware rooted key; store the one or more biometric templates in a secure portion of computing device memory; and wherein, upon subsequent device enablement, commencing processing, responsive to one or both of a successful match of an identity verification credential entered by the user to the previously captured user identity verification credential, and the successful match of one or more subsequent biometric samples to one or more of the biometric templates. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification