Secure biometric processing system and method of use

Abstract

A secure biometric processing system is disclosed. The system comprises a processing system for providing image acquisition and biometric comparison. The processing unit utilizes public key cryptography for handling templates securely and authenticating operations using the template. The system includes a complete biometric engine which implements image reconstruction, template extraction and matching. The secure design of the system combines complete privacy with security, while offering a flexible usage model including on-chip template storage along with encrypted and authenticated communications to the system.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a conventional system for utilizing biometric information to authenticate a user.

FIG. 2 is a block diagram of a conventional biometric engine.

FIG. 3 is a simple block diagram of a secure biometric processing unit in accordance with the present invention.

FIG. 4 is one embodiment of a system which utilizes the SBPU in accordance with the present invention.

FIG. 5 is a second embodiment of a system which includes a trusted platform module within the PC which is utilized in conjunction with the SBPU to provide secure authentication.

FIG. 6 is a third embodiment of a system which includes a TPM within the server which is utilized in conjunction with the SBPU.

FIG. 7 is a flow chart of a process for providing a secure authenticated template.

FIG. 8 is a block diagram of a secure biometric processing system in accordance with the present invention.

Claims

1. A device comprising: a processing system for providing template acquisition, and biometric comparison; wherein the processing system utilizes public key cryptography for handling templates securely.

2. The device of claim 1 wherein template operations are authenticated, utilizing public keys.

3. The device of claim 1 wherein a portion of the templates to be compared are stored on the device.

4. The device of claim 1 wherein the processing system comprises a biometric engine for acquiring and comparing templates; a storage mechanism coupled to the biometric engine for storing the templates and a public key cryptography engine coupled to the storage mechanism and the biometric engine for providing secure transfer and usage of templates.

5. The device of claim 4 wherein the storage mechanism comprise a cache.

6. The device of claim 4 wherein the storage mechanism comprises a memory.

7. The device of claim 1 wherein the public key cryptography is utilized for authenticating the biometric comparison.

8. The device of claim 1 wherein an identical public key on a trusted platform module (TPM) is utilized to allow authentication of the templates.

9. The device of claim 1 wherein identical public keys are transferred between a trusted platform module (TPM) and the device.

10. The device of claim 1 wherein public key cryptography is utilized for securely transferring templates to and from the device to another system.

11. The device of claim 1 wherein public key cryptography is utilized to provide backup templates to be restored on a replacement device.

12. The device of claim 1 wherein an arbitrary number of secrets can be attached to the template.

13. The device of claim 12 wherein use of the secrets can be restricted individually to various specified operations.

14. The device of claim 1 wherein multiple secrets are used within a single validation step to improve security and/or functionality.

15. The device of claim 1 wherein secrets are utilized to authorize a TPM command.

16. The device of claim 1 wherein one or more security secrets can be hashed with a separate system secret to prevent external entities from determining the value of one or more template secrets.

17. The device of claim 1 wherein special hardware features are within the system to provide additional security.

18. The device of claim 17 wherein the special hardware features comprise any and any combination of, a metal shield to protect the device, temperature detectors, voltage detectors, frequency detectors, light detectors, encrypted internal busses, special test modes to prevent activation, valuable execution models to minimize security attacks and attempt counters to limit the number of attacks on the device.

19. A system comprising: a device including a processing unit for providing image acquisition and biometric comparison; wherein the processing unit utilizes public cryptography for handling templates securely; anda trusted platform module (TPM) in communication with the processing unit.

20. The system of claim 19 wherein the TPM is within a second device.

21. The system of claim 20 wherein the second device comprises any of a personal computer server, PDA, cell phone, laptop, and notebook or other embedded processing unit.

22. The system of claim 20 wherein a portion of the templates to be compared are stored on the device.

23. The system of claim 20 wherein template operations are authenticated utilizing the public keys.

24. The system of claim 20 wherein the templates are stored externally.

25. The system of claim 20 wherein the public key cryptography is utilized for authenticating the biometric comparison.

26. The system of claim 19 wherein an identical public key on a trusted platform module (TPM) is utilized to allow authentication of the templates for operations.

27. The system of claim 20 wherein identical public keys are transferred between a trusted platform module (TPM) and the device.

28. The system of claim 19 wherein public key cryptography is utilized for securely transferring templates to and from the device to another system.

29. The system of claim 19 wherein public key cryptography is utilized to provide backup templates to be restored on a replacement device.

30. The system of claim 19 wherein an arbitrary number of secrets can be attached to the template.

31. The system of claim 30 wherein use of the secrets can be restricted individually to various specified operations.

32. The system of claim 19 wherein multiple secrets are used within a single validation step to improve security and/or functionality.

33. The system of claim 19 wherein secrets are utilized to authorize a TPM command.

34. The system of claim 19 wherein one or more security secrets can be hashed with a separate system secret to prevent external entities from determining the value of one or more template secrets.

35. The device of claim 19 wherein special hardware features are within the system to provide additional security.

36. The device of claim 35 wherein the special hardware features comprise any and any combination of, a metal shield to protect the device, temperature detectors, voltage detectors, frequency detectors, light detectors, encrypted internal busses, special test modes to prevent activation, valuable execution models to minimize security attacks and attempt counters to limit the number of attacks on the device.