Electrical computers and digital processing systems: support – System access control based on user identification by... – Using record or token
Reexamination Certificate
2000-06-27
2004-08-10
Morse, Gregory (Department: 2134)
Electrical computers and digital processing systems: support
System access control based on user identification by...
Using record or token
C713S165000, C713S182000
Reexamination Certificate
active
06775776
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention pertains generally to security systems. In particular, it pertains to an improved security device based on biometric characteristics of the user.
2. Description of the Related Art
Improvements in circuit miniaturization, radio technology, and battery power have led to widespread use of portable devices that access the resources of much larger distributed systems. An example is the use of cellular telephones, which allow subscribers to access the resources of national and global telephone systems with a device they can carry on their person. The typical cell phone allows access to these resources to anyone possessing the cell phone. With larger devices, such as desktop computers that are located in secure areas, basing security on possession is not an issue. But with small, portable devices that are easily lost or stolen, this level of security is inadequate.
A conventional way to address this problem is through the use of passwords. However, password-based security is based entirely on protecting the password. Passwords can be illicitly obtained by unauthorized persons in various ways, such as by observing a person entering the password, electronic monitoring of password entry, or intercepting a new password as it is being delivered to the intended user. Since the user still has the password, the security breach may not be detected until some time after it has been improperly used by the unauthorized person. Another problem is that passwords are sometimes forgotten by the legitimate user, leading to frustration, inconvenience, and taking steps to avoid this problem in ways that may compromise the security of the password.
Another approach is the subscriber interface module (SIM), which combines a password with an artifact such as a machine-readable plastic card containing both secure data and processing capability. Since both the card and the password are necessary for access, this provides an improved level of security over a password-only approach, but it still suffers from many of the same problems.
Problems with these conventional approaches are that passwords can be stolen or forgotten, while artifacts can be lost, stolen, copied, or forged. An improved approach to access control uses biometric data to identify a specific user without the need for passwords or artifacts. Biometric data is data that describes a unique physical characteristic of the user, and which is read directly from the user's person at the time access is requested. Some of the known biometric approaches identify users through fingerprints, retina scans, and voice prints. Each has its own strengths and weaknesses, but all are based on unique physical characteristics of the user that are difficult to duplicate and do not require the user to memorize anything. However, biometric-based security systems also have a weakness. If the biometric data can be obtained, the fingerprint, retina image, voice, etc. can be forged or duplicated and used illicitly to obtain access to the system.
FIG. 1
shows a conventional biometric security system
1
. A host system
11
contains a host processor
12
, a memory
13
, a reader interface
14
to a biometric reader
16
, and a general purpose interface
18
to other parts of the system. Memory
13
can include various types of memory, such as random access memory (RAM), read-only memory (ROM), and flash memory. The flash memory is typically used to store valid biometric data on approved users, and can be updated as users are added, removed, or need to have their data modified. This biometric data might be in raw form, such as a digitized image of a fingerprint, but is more likely in a reduced form, representing a coded ‘map’ of the image that defines the pertinent points of the image in a predefined digital format. At the time access is requested, biometric reader
16
takes the appropriate biometric inputs from the user. For example, reader
16
might be a fingerprint reader, a retina scanner, or a voice print identification device. Biometric reader
16
converts the raw biometric data into a digitized map and sends the map through reader interface
14
to host processor
12
, which compares it with the reference map in flash memory. If there is a match, processor
12
will initiate access to the requested resources, typically through general purpose interface
18
. This design has at least three major weaknesses. 1) The link between reader
16
and interface
14
can expose the biometric map to monitoring and copying. The illicitly copied map can later be presented to reader interface
14
directly, without the need to duplicate the actual biometric image or data, thereby tricking system
11
into believing it is reading valid data from an authorized user. 2) Host processor
12
typically handles non-secure functions, such as the operational functions of a cell phone. Host processor
12
is therefore subject to hacking and other invasive tampering. It can be falsely directed to provide secure user data through general purpose interface
18
, or to store false user data in the flash memory. Either act can permit an unauthorized person to later use the system in the normal manner through reader
16
. 3) Flash memory (and therefore secure data) is accessible from outside system
11
through a common bus
15
tying together processor
12
, memory
13
and interfaces
14
,
18
.
These weaknesses also expose the system to destructive tampering, whose goal is to disrupt normal operations rather than obtain unauthorized use of those operations.
REFERENCES:
patent: 5812867 (1998-09-01), Basset
patent: 6003135 (1999-12-01), Bialick et al.
patent: 6041410 (2000-03-01), Hsu et al.
patent: 6070796 (2000-06-01), Sirbu
patent: 6141756 (2000-10-01), Bright et al.
patent: WO 00/65770 (2000-11-01), None
patent: WO 02/01328 (2002-01-01), None
patent: WO 02/01328 (2002-01-01), None
Brizek John P.
Hasbun Robert N.
Vogt James R.
Blakely , Sokoloff, Taylor & Zafman LLP
Brown Christopher J.
Morse Gregory
LandOfFree
Biometric-based authentication in a nonvolatile memory device does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Biometric-based authentication in a nonvolatile memory device, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Biometric-based authentication in a nonvolatile memory device will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3282660