Secure off-chip processing such as for biometric data

摘要

In a biometric sensor system and method, storage of acquired biometric data and/or processing of that data may be shifted from specialized secure processing hardware to host system resources for improved speed and reduced cost of biometric sensor devices and systems. Stored data may be encrypted and/or signed by the specialized secure processing hardware and/or software. A database of authorized biometric data (e.g., patterns or key features representing all or a portion of the fingerprints of authorized users) may be stored on the host system either encrypted or non-encrypted or both. Preliminary matching against a database of many enrolled fingerprints may be accomplished by the system processor to ease the processing burden on the specialized secure processing hardware/software. Final match confirmation remains within exclusive control of the specialized secure processing hardware/software in order to prevent data tampering or other efforts to defeat the security provided by biometric identification.

主权项

1. A biometric authentication system comprising:
a host device including a host memory storing therein an encrypted database including a plurality of enrolled encrypted biometric templates and an un-encrypted database including a plurality of enrolled un-encrypted biometric templates; and a system-on-chip biometric device in communication with said host device and including
a biometric data acquisition module generating user biometric data,a biometric data encryption engine encrypting the user biometric data,a biometric data decryption engine, anda non-volatile key storage memory coupled to said biometric data encryption and decryption engines and storing a key for use by said biometric data encryption and decryption engines in encrypting and decrypting the user biometric data,the key being permanently stored in said non-volatile key storage memory, and being inaccessible outside of said system-on-chip biometric device; said system-on-chip biometric device
transferring the un-encrypted user biometric data to said host device,transferring the encrypted user biometric data to said host device, andcausing said host device to store the encrypted user biometric data on said host memory in the encrypted database; said system-on-chip biometric device cooperating with said host device to cause said host device to
operate on the un-encrypted user biometric data to generate an untrusted user biometric template,store the untrusted user biometric template in the un-encrypted database on said host memory and verify the untrusted user biometric template as trusted based upon a region of interest,compare the untrusted user biometric template to entries in the un-encrypted database, andwhen a match is not found, a user is not authenticated, and when the match is found, said system-on-chip biometric device to
recall an enrolled encrypted biometric template corresponding to the enrolled un-encrypted biometric template identified as the match and recall the stored encrypted user biometric data from said host device,decrypt the recalled enrolled encrypted biometric template and the recalled stored encrypted user biometric data using said biometric data decryption engine,after decrypting compare the decrypted user biometric data to the decrypted enrolled biometric template, andwhen a match is found, the user is authenticated.