Secure biometric processing system and method of use

Information

  • Patent Application
  • 20070226515
  • Publication Number
    20070226515
  • Date Filed
    November 22, 2006
    18 years ago
  • Date Published
    September 27, 2007
    17 years ago
Abstract
A secure biometric processing system is disclosed. The system comprises a processing system for providing image acquisition and biometric comparison. The processing unit utilizes public key cryptography for handling templates securely and authenticating operations using the template. The system includes a complete biometric engine which implements image reconstruction, template extraction and matching. The secure design of the system combines complete privacy with security, while offering a flexible usage model including on-chip template storage along with encrypted and authenticated communications to the system.
Description

BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is a block diagram of a conventional system for utilizing biometric information to authenticate a user.



FIG. 2 is a block diagram of a conventional biometric engine.



FIG. 3 is a simple block diagram of a secure biometric processing unit in accordance with the present invention.



FIG. 4 is one embodiment of a system which utilizes the SBPU in accordance with the present invention.



FIG. 5 is a second embodiment of a system which includes a trusted platform module within the PC which is utilized in conjunction with the SBPU to provide secure authentication.



FIG. 6 is a third embodiment of a system which includes a TPM within the server which is utilized in conjunction with the SBPU.



FIG. 7 is a flow chart of a process for providing a secure authenticated template.



FIG. 8 is a block diagram of a secure biometric processing system in accordance with the present invention.


Claims
  • 1. A system comprising: a secure biometric processing unit (SBPU), the SBPU comprising a biometric engine for acquiring, and comparing templates, a storage mechanism coupled to the biometric engine storing the templates and a public key cryptography engine coupled to the for storage mechanism and the biometric engine;a processor coupled to the SBPU; anda server coupled to the processor by a public bus, the server for providing templates to be compared within the SBPU.
  • 2. The system of claim 1 wherein the system includes a trusted platform module (TPM) within one of the personal computer and the server.
  • 3. The system of claim 2 wherein the TPM is within a second device.
  • 4. The system of claim 3 wherein the second device comprises any of a personal computer server, PDA, cell phone, laptop, and notebook or other embedded processing unit.
  • 5. The system of claim 3 wherein a portion of the templates to be compared are stored in the device.
  • 6. The system of claim 3 wherein special hardware features are within the system to provide additional security.
  • 7. The system of claim 3 wherein the special hardware features comprise any and any combination of, a metal shield to protect the device, temperature detectors, voltage detectors, frequency detectors, light detectors, encrypted internal busses, special test modes to prevent activation, valuable execution models to minimize security attacks and attempt counters to limit the number of attacks on the device.
  • 8. The system of claim 3 wherein the templates are stored externally.
  • 9. The system of claim 1 wherein the storage mechanism comprise a cache.
  • 10. The system of claim 1 wherein the storage mechanism comprises a memory.
  • 11. The system of claim 1 wherein the public key cryptography is utilized for authenticating the biometric comparison.
  • 12. The system of claim 1 wherein an identical public key on a trusted platform module (TPM) is utilized to allow authentication of the templates for operations.
  • 13. The system of claim 1 wherein identical public keys are transferred between a trusted platform module (TPM) and the device.
  • 14. The system of claim 1 wherein public key cryptography is utilized for securely transferring templates to and from the device to another system.
  • 15. The system of claim 1 wherein utilizing public key cryptography is utilized to provide backup templates to be restored on a replacement device.
  • 16. The system of claim 1 wherein an arbitrary number of secrets can be attached to the template.
  • 17. The system of claim 16 wherein use of the secrets can be restricted individually to various specified operations.
  • 18. The system of claim 1 wherein multiple secrets are used within a single validation step to improve security and/or functionality.
  • 19. The system of claim 1 wherein secrets are utilized to authorize a TPM command.
  • 20. The system of claim 1 wherein one or more security secrets can be hashed with a separate system secret to prevent external entities from determining the value of one or more template secrets.
  • 21. The system of claim 1 wherein special hardware features are within the system to provide additional security.
  • 22. The device of claim 1 wherein the special hardware features comprise any and any combination of, a metal shield to protect the device, temperature detectors, voltage detectors, frequency detectors, light detectors, encrypted internal busses, special test modes to prevent activation, valuable execution models to minimize security attacks and attempt counters to limit the number of attacks on the device.
  • 23. A system comprising: a secure biometric processing unit (SBPU) adapted to be coupled to a sensor via a private bus; the SBPU further comprising a biometric engine for acquiring, reconstructing and comparing templates to a template received from the sensor;a storage mechanism coupled to the biometric engine for storing at least one template; a public key cryptography engine coupled to the biometric engine for authenticating the comparison made by the biometric engine;a processor coupled to the SBPU for conducting transactions thereon after authentication has occurred; anda server coupled to the processor via a public bus, the server providing a templates to the SBPU.
Provisional Applications (1)
Number Date Country
60785870 Mar 2006 US