The present disclosure relates generally to the field of protecting biometric and other data on a memory component of a portable device to preclude use of the device in the event the device is stolen and the data is stolen and/or new biometric data is sought to be incorporated into the device to enable its use.
Smartphones are being used more and more for buying things using, for example, ApplePay™ and other systems. Smartphones are also getting more and more into biometrics, fingerprints, iris scans etc. A significant problem is that if someone loses their smartphone or it is stolen, the new possessor can substitute his/her biometrics for the original owner's biometrics and then clean them out of their money.
One solution to this problem is to store the biometric information on a remote site, but the thief can capture the owner's biometric data when it is sent to the remote site and then steal the device and input the captured data to spoof the system.
Other data may also need protection such as unique private keys of the owner which are stored on the device. If the device is stolen, then these private keys can also be stolen and used on other computing devices to allow access to information and assets which are intended only for the device owner. This permits the theft of cryptocurrency from digital wallets, for example.
One embodiment of the invention provides a system and method to protect the biometrics or other confidential information stored on a portable device with a chassis intrusion detector (CID) such that if the device is stolen or otherwise possessed by an unauthorized user, the new possessor cannot access or remove the recorded data and/or substitute new data and thereby enable use of any monetary or other value associated with the device. A method for protecting biometric data in such a memory component is also envisioned and considered part of the invention.
The following drawings are illustrative of embodiments of the system developed or adapted using the teachings of at least one of the embodiments disclosed herein and are not meant to limit the scope of the disclosure as encompassed by the claims.
Referring to the accompanying drawings wherein like reference numbers refer to the same or similar elements,
In another preferred implementation, wavy lines are used as conductors. Conductors 12, whether straight or wavy, may be spaced apart an equal distance from one another or at a variable spacing therebetween.
Conductors 12 are connected together to form a single completed transmission line where a current can pass to form a single complete circuit that totally engulfs the memory component 10. As shown in this implementation, conductors 12 are printed onto a thin film of plastic 14 which is bonded or otherwise attached to the outside of the memory component 10, e.g., the outer surface of housing 11 thereof, and protected with a protective plastic layer 18 that thus overlies conductors 12. The interior of the memory component 10 is represented at 16 in
Power providing system 19 is arranged at least partly on housing 11 to provide power to operate the circuit (similar to the power providing system shown in
Memory component 10 contains biometric or other data entered via a separate biometric data sensor, or other input device, that is configured to receive input from or related to a person authorized to use the device into which memory component 10 is inserted. For example, memory component 10 may be inserted into a smartphone having a fingerprint sensor or iris scanner (not shown) and the owner of the smartphone interacts with the fingerprint sensor or iris scanner to provide their biometric data which is provided to and stored in memory component 10.
In the illustration, the conductive lines are shown to be straight and opaque. In one preferred application, the lines are made wavy and sufficiently thin that they are transparent. The wires can be printed from a variety of conductive materials such as aluminum, copper, indium tin oxide, and carbon-based materials such as graphene. These wires are connected so as to form a continuous circuit that totally surrounds the memory component 10. If any of these wires is broken or the circuit is modified such as by shorting some of the wires, such that the circuit no longer conducts electricity or the circuit impedance is changed, then this fact is sensed by the CID circuitry (including a microprocessor) which causes memory component 10 to erase its contents and/or otherwise self-destruct. The manner for which a memory component 10 can self-destruct may be any known self-destruction method known to those skilled in this field. An example is the removal of power from a volatile memory such as RAM.
As an alternative to the wires used in
Since any attempt to break into memory component 10 will necessarily sever one of these wires or change the circuit impedance, this design provides an easily detectable method of determining an attempt to intrude into memory component 10.
A representative application of the use of a CID of this invention is to protect a smartphone as shown in
Then, the open end 23 of the CID device 22 is folded over during assembly and cemented in place yielding the final assembly 28. CID device 22 covers the entire smartphone except for the access port for connector 26 which is not covered by CID device 22. CID device 22 does not have any part that penetrates into the smartphone 20, but rather only overlies it. CID device 22 is a self-contained unit in which memory component 24 contains the data relating to value of the smartphone 20. When the conductors of the CID 22 are disturbed, the processor of the CID 22 causes the memory component 24 to erase its data and/or self-destruct. It can also cause the only manner of accessing the memory component 24 to be destroyed thereby prevent any access to memory component 24. Access to the data on memory component 24 is via usual techniques involving smartphone, e.g., NFC, as well as the providing of the data to the memory component 24 which is to be secured.
A schematic of another example of a chassis intrusion detector system for use with a smartcard is shown in
SA 36 can be a separate subassembly which is further protected by being potted with a material such that any attempt to obtain access to the wires connecting battery 40 to a microprocessor 44 therein or to RAM memory 42 would be broken during such an attempt. This is a secondary precaution since penetration to SA 36 should not be possible without breaking wire maze 38 and thus causing self-destruction of RAM memory 42. The power can be removed by microprocessor 44. It can also cause the only manner of accessing the RAM memory 42 to be destroyed thereby prevent any access to the RAM memory 42.
To summarize, any disruption of the mesh or conductive film in either of the above described examples will cause self-destruction of the contents of the memory component 10 with a chassis intrusion detector (CID) microprocessor making it impossible to decode the data sent from the smartcard issuer who will therefore deny transaction approval. After the assembly is completed, the microprocessor 44 can be powered on and the first step will be to measure the inductance, resistance, and capacitance, as appropriate, of the mesh or films. If any of these measurements significantly change, the circuit in SA 36 would remove power from RAM memory 42 thereby causing self-destruction of the contents of the RAM memory 42. Once the data has self-destructed, any value residing in the smartphone or smartcard or similar device in which the memory component 10 is situated, would not be usable. A thief could thus not use the smartphone, for example, to purchase items or to spend resident bitcoins. In the bitcoin case the bitcoin codes would need to be also stored elsewhere to prevent their irretrievable loss.
When the SA 36 is loaded with the biometric or other data during manufacture or thereafter, it can be done so through two fused links, not shown, which can be broken after the loading process has occurred and been verified. Thereafter, the biometric or other data in the memory component 10 cannot be changed or reloaded.
In this manner, battery 66 has its life extended. Bidirectional serial communication takes place through wire 54. A testing pulse is imposed on the mesh 66 through wire 60 labeled a. The returned signal comes through wire 62 labeled b. The pulse at a is shown at 72 and consists of a 20 μs burst which is repeated every second, or at some other convenient value. The signal indicated by the trace 74 illustrates the integrity of the mesh at the beginning where it responds with an attenuated 20 μs pulse. However, after the one second when the second pulse arrived and was not sensed by the microprocessor 70, b did not register a corresponding pulse indicating that the wire mesh had been severed.
Signal 76 indicates that the private key (PK) is present in the RAM (PK in RAM) and, due to the failure of the mesh at the second burst pulse, the RAM was cleared (RAM Clear). Trace 78 indicates that a message was sent to the memory component 52 indicating that intrusion had taken place.
A flowchart of this process is shown generally at 80 in
At step 86, the SA microprocessor is started, however the every one second pulses will not be initiated. This is to conserve power of the SA battery. Sensing of power from the memory component, indicated here as P equals one, is used to indicate the once per second pulses have started. This is indicated by the dashed line 92.
At step 94, the 20 μs pulse is driven onto conductor a and conductor b is tested for presence of the signal at step 96. If conductor b received the pulse indicating that integrity of the wire mesh is intact, the decision is made at step 98 to transfer control to step 100 where the one second delay occurs after which control is transferred back to step 94. If no signal was sensed on b, then step 98 transfers control to step 102 where the biometric data, private key and any other information, is erased from RAM. Control is then transferred to step 104 where a check is made as to whether power is available from the memory component and if so a message “intrusion” is sent to the memory component at 106. In either case, the process terminates at step 108 where the microprocessor is turned off.
An example of the application of the CID for use with a testing device as disclosed in WO2016028864 and illustrated in
A device constructed in accordance with the teachings of the invention of WO2016028864 is illustrated in
Housing 220 extends from a frame 222, which has head band shape. Housing 220 is substantially L-shaped with a first portion extending straight outward from an edge of the frame 222 and second portion approximately perpendicular to the first portion and positioned in front of the frame 222.
A display 212 is arranged on or in the housing 220 and pointed toward the right eye of the wearer, e.g., a test-taker, and displays test questions (although alternatively, a display can be pointed toward the left eye of the test-taker). A forward viewing camera 214, representative of one or more imaging devices, is also arranged on or in the housing 220 and monitors the field of view of the wearer outward from the device 210. Camera 214 can have a field of view of approximately 120°. A microphone 216, representative of one or more sound detectors, is also arranged on or in housing 220 and monitors talking (sounds) which can take place while the test is in progress, e.g., while test questions are displayed on display 212. A sound maker or speaker 218, representative of one or more sound generators, is arranged on or in the housing 220 and periodically provides a sound detectable by the microphone 216 so as to verify that the microphone 216 has not somehow been rendered inoperable.
Display 212 is arranged at a terminal end of the second housing portion. The forward viewing camera 214, or more generally at least one imaging device, the microphone 216 and the speaker 218 are also arranged on or in the second housing portion (see
Each of these components 212, 214, 216, 218 is connected to a processor-containing electronics package in housing 220 which is mounted to the glasses frame 222 in a manner known to those skilled in the art to which this invention pertains. A cable emanates from the electronics package in housing 220 and can contain a USB connector 224 for connecting onto an external device such as a computer.
An iris or retinal scan camera 226 is arranged on housing 220, pointing inward toward the wearer, and measures biometrics of the test-taker (see
Other aspects of the Test Device are disclosed in WO2016028864 which is included herein by reference.
The entire electronics package of the device 210 is encapsulated in a thin film 232 called a chassis intrusion detection film (similar to or the same as disclosed above). Specifically, this film can comprise an array of wires which can be printed onto a plastic film either before or after it has encapsulated the electronics package in housing 220 in such a manner that any attempt to break into the housing 220 will sever or otherwise disrupt one or more of the wires. The wires can be made from indium tin oxide and thus be transparent. The wires can be thin, such as about 0.001 inches wide, and have a similar spacing. In some cases, the wires can be made as small as 1 micron (40 microinches) and can be made of materials such as graphene, copper, silver or gold and still be transparent. Transparency is desirable since the film can extend over the camera lenses and the display.
The housing prior to attachment of the CID is illustrated at 300 in
In embodiments described above, there is a memory in the CID, or more generally a data storage component, which houses the private key or biometric information. For example, the memory may be housed in the housing 300 (or memory 24 or 42). The data storage component can be RAM which needs power or it loses its memory contents. It is called “volatile” memory for that reason. Thus, when power is no longer supplied to the RAM as a result of detection of intrusion into the housing 300, the RAM loses its memory contents (to thereby achieve objectives of the invention). The invention is not restricted to having the biometric memory in the CID memory, but it is one possible location.
Finally, all patents, patent application publications and non-patent material identified above are incorporated by reference herein. The features disclosed in this material may be used in the invention to the extent possible.
Number | Date | Country | |
---|---|---|---|
62271531 | Dec 2015 | US |