SA02230119B1 - A portable device with authentication capabilities based on vital statistics - Google Patents

Abstract

Abstract: The present invention relates to a portable device for data storage and access regulation, which has authentication capabilities based on biometrics. In a preferred embodiment, the present invention is realized using a portable device. Specifically, in one embodiment, the portable device includes a microprocessor, non-volatile memory coupled to it, and a microprocessor-controlled biometric-based authentication unit, preferably a fingerprint authentication technology. The authentication module is able to register a fingerprint on the first use of the mobile device, and store an encoded version of the fingerprint in volatile memory. Thus, the authentication module can read a person's fingerprint and reliably determine whether the fingerprint matches the registered fingerprint stored in volatile memory. If a match exists, access to a blocked resource is granted to that person, otherwise access is denied. It provides reliable, secure models for user authentication and access control that were not possible in previous art password-based authentication attempts.

Description

. Y — — A portable device with Authentication Capabilities based on vital statistics Cia ol Full Background of the invention The present invention relates to a portable device (3330) data and access organization having Authentication Capabilities Based on vital statistics, portable data storage devices have become a kind of basic peripherals that are widely used in home, school and business computers, and these devices are not always installed with special basic devices such as a computer. Alternatively, they can be conveniently removed from and connected to any computer with a suitable connection slot (eg a cascade port such as a USB port; IEEE 1394 port ("Firewire")). ¢ These portable data storage devices thus enable the user to JB 0 data between different computers which are otherwise not connected.A well-known type of portable storage device uses non-volatile solid-body memory (le) example; Flash memory as a storage medium so you don't need to move parts or a mechanical actuation mechanism to access the data. The absence of A playback enables these portable solid-state memory devices to become more compact than surface storage media Jie ve Magnetic disks and read-only memory disks (CD-ROMs).

DDS" and as portable storage devices have become more widespread in use among various computers, whether personal or used in facilities, preventing undocumented users from accessing information stored on a specific storage medium or that can be moved is one of the most important challenges in information technology at the time. For example, to secure confidential business information de personal medical and financial information or other types of sensitive data, it becomes necessary to have a security measure that is reliable, easy to use, appropriate, and provides a level of protection appropriate to the type of information to be secured. Now, most transferable storage media refer to user passwords as a security measure to protect against unauthorized access to data, while the use of AIS authenticated passwords provides some level of protection against unauthorized access, which users consider Annoying and inappropriate as a result of the need to remember the password and enter with it every time the user requests access.In many systems, the user needs to periodically change his or her password as an additional level of security. This also increases the inadequacy. Furthermore it ; Whereas the typical user generally needs access to multiple computer systems 1 and/or networks that require access organization; The user must remember many different passwords as they are not necessarily the same in different systems. Therefore, it becomes distinctive to provide an effective authentication mechanism to prevent unauthorized access to information stored on a specific storage medium or that can be moved that is not disturbing or inappropriate for the user. in addition to ; Passwords are not unique between different users and are also compromised by many skilled hobbyists. Once the password is reached, either the third party will reveal it

and intentional by an original user of an unauthorized party or intentional tampering by a genuine user of an unauthorized party or malicious tampering; Confidential data that is supposed to be password protected becomes unprotected. Indeed, unauthorized access to this data can go unnoticed for long periods of time. Intrusions usually remain unimpeded until the victim user finally realizes that the data has been accessed and/or destroyed; Or until the system administrator detects an example of suspicious activity. Subsequently ; It would also be advantageous to provide a secure access control mechanism to prevent unauthorized access to data stored in removable storage media and various computer systems that would not be easily accessed by tampering. It is preferable to provide a unique "access key" for each individual user. 0 A general description of the invention and based on it; The present invention provides a method and system that includes a highly effective authentication mechanism that encourages the user to prevent unauthorized access to information that is stored on a specific or removable storage medium. In addition, the models of the current invention also provide a mechanism for regulating access with high security to protect against unauthorized access to stored data and computer hardware resources, as well as protection from 1 unauthorized entry into buildings and their appurtenances. Aspects of the invention (lal) are described in detail herein, which uses a unique statistical tag as the basis for authenticating the identity and as an “access key” for each individual user. In particular, a preferred embodiment of the present invention provides a portable device incorporating an S135 microprocessor 3 Non-fading AL asa volatile memory has ¢ 3A agg - authentication software based on microprocessor-controlled vital statistics.From Y44¢

this -

It is preferred that the biometric technology used be a fingerprint authentication technology, and flash memory is used as a volatile memory. In this form, the “©050800©”_automatic fingerprint authentication module prompts the user to register his or her fingerprint on the portable device upon first use. In a generally preferred model; A combined, encrypted copy of the fingerprint is stored in the mobile's gall volatile memory when Lee completes enrollment. And when using next; The fingerprint verification module reads the user's fingerprint, compares it with the fingerprint registered in the volatile memory, and effectively determines whether there is a match between them. If the match is made, the authentication of the identity of the user 0 is successful, and from here the authenticated user is allowed to access the information in the volatile memory. On the other hand, if the user's fingerprint does not match with the registered fingerprint, access to the contents of the volatile memory is not possible. likewise; This model of the invention provides a system with a high level of convenience, security and effectiveness for user authentication and access regulation, which is stronger than the authentication methods based on the 1_password in the previous Gill. The present invention recognizes that fingerprints, which represent unique indications of an individual; have been generally accepted; In all cases; To verify identity for more than a hundred years where it is not forgotten by the user; As in Allah, passwords; Also, it cannot be changed, copied, or deciphered by amateurs. Likewise, fingerprint and biometric-based technologies are well suited for use as a management and/or security solution

© Documentation as embodied in the present invention.

— A" _— A BRIEF EXPLANATION OF THE DRAWINGS The merits of the invention will be stated in part in the following description and will be understood in part by those experienced in the art of that description. The accompanying drawings which are included and form part of this full description show several embodiments of the invention which are helpful to The description aspect in the explanation of the principles of the invention.. Figure Jing ....... (1) A schematic diagram illustrating functional frameworks for one of the portable device models in the present invention, and an illustrative operational figure for that. Figure (1b) ... ....represents a schematic diagram illustrating the functional frameworks of another model of the transducer device in the present invention. According to one of the embodiments of the present invention, the figure (©) ....... represents a rear perspective projection of a portable device with an integrated fingerprint software unit, which was shown in figure (1). Figure (;) ... ....represents a lower horizontal projection of a portable device with \o software unit with an integrated fingerprint, which is then displayed in the form (Y). Figure (5) .......represents a lower horizontal projection For a portable device with an integrated fingerprint J software module, which is then displayed in the form of (Y). Y44¢

VY — _ Figure (1) ....... represents an upper horizontal projection of a transducer device with an integrated fingerprint software module, which is shown in the form (CY) Figure (V) ....... Represents my hometown to the right side of a portable device with an integrated fingerprint software module which is then displayed in Figure (A). 0 Figure (A) ...... represents my hometown in front of a portable device software unit

With a fingerprint 1 of an integrated finger, which was then displayed in the form (Y). Figure (9) ....... represents my hometown behind a portable device with an integrated fingerprint software unit, which was displayed in Figure (Y). Figure (01) ....... represents a flowchart showing the steps of the process of registering / authenticating a user using

,. According to one of the embodiments of the present invention, portable device 0 The present invention will now be described in more detail with reference to the accompanying drawings; In which preferred models of the invention are presented. On the other hand, the current invention can be modeled in a number of different forms, and this should not be interpreted as limiting the invention to these models mentioned here.

2 and complete and connect the selection SLs and rather these models are provided so that this disclosure becomes \o completely for those with experience in the art. actually ; The invention aims to cover alternatives, modifications, and equivalents of these models, which will be included within the scope and essence of the invention, as specified in the appended claims. Furthermore it ; In the following detailed description of the present invention several special details are described to provide a complete understanding of the present invention. On the other hand; It will be clear

1" 54 a

M - For those experienced in the art, the present invention can be practiced without these special details. In other cases, common methods, procedures, components and circuits are not described in detail so as not to add unnecessary ambiguity to the demonstration of the present invention. Figure (1a) represents a schematic diagram illustrating the functional frameworks of one of the portable device © models of the present invention and an illustrative operational figure for that. Figure (1a) shows a portable device (V+) connected to a host device (host platform (+9). In this model, the device (34) is connected to a (A+) power supply circuit placed in a device. Portable (V+) portable device The power supply circuit (Ar) draws power from the host device (90) and acts as a power source for various components in the (V+) portable device. Referring to Figure (1a) 0, the portable device (V+) also includes an integrated circuit, (01) flash memory, and (01) volatile memory and a fingerprint module (+0). Traditionally, an integrated circuit (V+) could be implemented as a special-use integrated circuit (ASIC). The (Y+) flash memory shall have a storage capacity between lage A bytes and OY megabytes, a portion of which may be used to store one or more impressions produced according to the present invention as described later. favorite ; The instance(s) are stored in a spare area of volatile memory which is specially designated for this purpose and which is otherwise not accessed by the user. Further, as will be described

F - In detail, the following Lap: An instance is encrypted before being stored in flash memory (01) in a preferred form (Ulla), thus providing it with additional security against tampering. In one of the models, the flash memory has (V+) volatile memory Outside integrated circuit (01) z and can include either dynamic random access memory (SRAM). According to the present invention, the (V+) integrated circuit includes a microprocessor (11) microprocessor, which in one embodiment is a RISC processor. In the (V+) integrated circuit, in turn 0, the (VY) authentication engine includes an (I VY) template generator and a verification module (VY) verification module. VY template generator { Generates encrypted versions of a fingerprint image. Within the scope of the present invention this encrypted fingerprint image is referred to as a print. It must be understood that according to current biostatistics technology; A fingerprint can be uniquely identified using between A and VE 1 visible point in the raw image of the fingerprint. The fingerprint information can thus be conveniently stored in a condensed form as data belonging to the relevant data points A and 1”. A preferred embodiment of the present invention characteristically stores a fingerprint in a compressed form as a print back to the foregoing. In this form, the print size is ©11 bytes. Other models may use prints of different sizes. The other component of the (VY) authentication engine 0 and (VY) verification module is used to compare a newly produced instance with a stored instance to validate the authentication of a fingerprint taken for someone claiming to be

Y44¢

- 1. In association with (VY) authentication engine Verified User . Thus ¢ the authentication facility operates the fingerprint software module (00) which is described in more detail below to perform user authentication according to the present invention. z It is well configured with the (VY) authentication engine and it should be recognized that The authentication method has many applications within the scope of the present invention.In one of the embodiments, an authentication method 0 stored in a non-volatile memory is implemented as a built-in program (VY) authentication engine Al model Ag. (01) portable device Inside a portable device volatile memory (11) microprocessor As part of the microprocessor (VY) authentication engine The authentication engine As a processor (VY) authentication engine And still in another model ¢ an authentication method is being made. Also In another embodiment, the (VY) microprocessor device separate from the microprocessor y includes the same components and performs the same functions as described here; (VY) authentication engine Portable device documentation from the portable device (Y 9+) host platform, but it is placed on a host machine; within the scope of the present invention; it is not necessary to put the AT authentication method in the manner of (01) Yas. (V+) portable device In the portable device (VY) authentication engine, there is an opportunity to choose (VY) authentication engine, where the authentication method is placed 1 Design, thus providing flexibility in design to suit the different uses that can be used. In which the present invention, and also by reference to Figure (11), in a preferred embodiment, includes an integrated circuit that facilitates communication between (VY) bus interface also an integrated circuit (01) and other components such as flash memory (01) integrated circuit ©

11 - - 0 (01) volatile memory The integrated circuit (V+) also contains a flash controller (VE) including flash controller that controls access to (01) volatile memory. In one embodiment ¢ upon successful creation of an instance during user registration, the flash controller (V £) communicates with template generator (NY) 0 to store the newly created instance in volatile memory (01) For use in the following user documentation. Furthermore, in a currently preferred embodiment, the portable device (V+) portable device is USB-compliant and includes a universal serial port (not shown) connector. The integrated circuit (01) also contains a universal serial path control device (V0) that regulates the connection between the portable device (V+) and the host platform (32). As a personal computer compatible with the public serial path (PC) that includes a controller 0 host controller in the public serial path. (17) inside it. Z Also, with reference to Figure (1a), the integrated circuit (V+) also contains a volatile memory (Y1) and a volatile memory (VV). In Neo, a preferred embodiment, SIAN 3, is volatile memory, which is random access memory (RAM) that acts as a working memory for the microprocessor (11) while it is running. VV is volatile memory. It is a read-only memory (ROM) in this model and can be used to store built-in firmware that performs various tasks for the mobile device (Ve).Furthermore, the integrated circuit includes an optional error-checking facility © ( ECC (14) performs various error checking tasks old operating the (V+) portable device. It must be understood that the (V4) BCC method is like the authentication method

117 - - . (VY) authentication engine; It perfectly fits many applications within the scope of the present invention. For example ¢ (V9) ECC can be implemented by software Je (eg a built-in program stored in volatile memory) as part of a microprocessor (11) or as a processor module separate from the microprocessor (11). © microprocessor

Referring again to Figure (11) ¢ The fingerprint module (+0) includes a SenSOT sensor module (0) used to take a fingerprint image of the finger to be placed in it. It also includes converting the fingerprint image that was taken into electrical signals In a current preferred embodiment, the fingerprint image is converted into TE kilobytes of data by adapter 0 (4*) and sent to the volatile memory (+¥) of the mobile device (Ve). For temporary storage. In another pala, the switch (0) can output image data of different sizes. The fingerprint module also includes an optional controller (1) which in the current preferred model is microprocessor controlled ( 11) Microprocessor in the portable device (Ve) portable device, which is used to check the accuracy of the fingerprint images ve taken by the (OF) sensor to determine whether the given image is acceptable or not. As described in detail More in the following: If it is decided not to accept the quality of the image taken, the user will be asked to place his or her finger on the sensor (57) times.

another to take a new picture. Returning now to Figure (1b), which represents a schematic diagram illustrating the functional frameworks © of another model of the mobile device in the invention, Jad. In this model, the mobile device

tuck -

(171) portable device compliant with USB standards and includes a USB (VA) socket, which, as shown in Figure (1app), pairs with a host controller (197) on the host device. Optionally, it also includes the device Portable device (170) Auxiliary port (11Y) USB pairs to Socket 1158 (VIVA) and a (VY) USB die is provided as a convenient parameter that can be used to pair © device(s) with the universal serial path so that they are Compatible with it via a portable device (1770).In this model, the portable device (171) lia includes a USB controller (111) to control the connection between the mobile device (1171) the portable device and the host device via the host controller (19) with the general serial path. In one of the embodiments, a driver 0 program (1777) and an application programming interface (VAY) are placed in the host device ( API); which in turn includes a monitoring program (149) and this is connected to the host controller (147) in the universal serial path to facilitate the operation of

Portable device (176) The portable device (1171) also includes an integrated circuit (VV +), flash memory (171) and vanishing memory (1001). volatile memory 1. The integrated circuit (011) can be suitably implemented as an ASIC. In a preferred embodiment a spare area (V YY) of memory is used. (011) volatile memory to store one or more prints generated according to the present invention. Furthermore, in this embodiment, the spare area of (YY) volatile memory includes a status flag indicating Whether the © (VV) portable device was previously registered or not according to the present invention The status flag (1”1) can thus be the portable device

Y44¢

16 - - (171) of the self-executing recording process on its first use as will be described in detail below. In one embodiment the volatile memory includes (+) either DRAM or 4 which acts as the first storage area for an image A fingerprint taken according to the present invention.Referring also to Figure (1b), the integrated circuit (1011) includes a microprocessor ©111, preferably a RISC processor.It also includes the integrated circuit (VV). +) integrated circuit (VV €) flash controller to control access to (VY) volatile memory and a memory controller (VY) controller to control access to flash memory) 171( flash memory. It also includes the (V+) integrated circuit (V1) volatile memory 0 and non-volatile memory (117) volatile memory. Preferably it includes volatile memory 111) memory Random access memory (RAM) to be used as operating memory for the microprocessor (MY) while it is running; volatile memory (VVY) includes read-only memory (ROM) for storing built-in firmware It performs various tasks for the Mobile Device (VV) and in particular; in one of the models; The ROM (1117) stores the following ve built-in code: firmware (VVY) { for reading the fingerprint sensor (YOY) fingerprint sensor; dalled firmware (111c) to generate fingerprint images; firmware (111c) to generate impressions; firmware (111d) to encrypt fingerprint images and/or imprints; firmware (— =2VVY) firmware to verify the authenticity of the fingerprint.However, it should be recognized that in the interoperable model of the present invention (0) these built programs can be stored in volatile memory within the host device (Yu) of the mobile device (0) 170

And 1 - moreover; The (011) integrated circuit includes an optional error checking facility (119) (ECC) to perform various error checking tasks during the operation of the portable device (VV). It should be recognized that the (119) ECC can implement them as a program (eg a built-in program) or as components within a computer (eg a processor/processor module (within the scope of the present invention. Also by reference to Figure 1b; including a fingerprint module) +10) (YOY) sensor, (50) transformer, and (1971) optional controller. In this model, the (10Y) sensor unit is used to take a picture of the fingerprint for that finger that is placed The converter (V0£) converts the fingerprint image taken into 0 electrical signals expressing the image; and the optional controller (VO) is used to check the quality of the fingerprint image taken by the enthusiast unit sensor (YOY) to determine if the captured image is acceptable or not.It should be understood that these image processing capabilities can be implemented using software (eg; Built programs (firmware) or components inside the computer (for example, a processor / processor module) within the scope of 1 of the present invention. In a generally preferred model and as shown in Figure (1b), the microprocessor) (111) The microprocessor controls many components of the portable device (VV) including the flash controller (114) including the flash controller, the USB device controller (VY 0) and Random access memory RAM (111) 0 and read-only memory (1117) ROM (and the implementation of the code of programs built in it (1) 64

11-|- and (VV4) ECC method and (VY) memory controller controller (101) for the (Vo) fingerprint module. In this model, the device is also included portable device (VV.) aie write-protection switch (001) which, when turned on, prompts the microprocessor (111) to prevent

© access to writing in (VY) volatile memory and then by reference to the figure (¥); a frontal view of a portable device with an integrated fingerprint module is shown according to one of the embodiments of the present invention. (1) A portable device (V+) is shown with a USB connector (VA) protruding from its front end 0 and a Fingerprint module asa} (+©) is shown 0 as a structurally integrated part with the (V+) portable device in an integrated assembly; with a SAS sensor (57) placed on the upper side of the portable device (V+) and a Lad valve is shown A light-emitting diode (LED) LED positioned near the edge of the top side of the mobile device (71). In one embodiment, the YY LED flashes when data is being accessed inside the portable device. It works as an activity indicator 1. In another embodiment, the LED (VY) lights up to indicate that the Gs process is in progress. Referring to the figure (©), a rear view of the mobile device with a Fingerprint module is displayed module integrated as described in Figure (1). A portable device (V+) is again illustrated with a universal serial path (VA) connector protruding from its front _ end and a Fingerprint module (+©) shown as an architecturally integrated part with

11” - - portable device (V+) portable device in an integrated assembly; With the sensor (0) excited on its upper side. A LED (VY) placed near the edge of the handheld's upper side (0) is again displayed. The Lad is displayed again. Optional writing (40) placed at the back end of the mobile device (71).

0 by now referring to the form (;); Which displays a bottom horizontal projection of the mobile device with an integrated fingerprint module as shown in Figure (V). A physical zigzag (VV) and an optional parameter that allows the user to hold the portable device (V+) steady while connecting or disconnecting the (V+) portable device to or from the host device (+4) are also demonstrated. ( (Fig. 1a); on the lower side of the mobile device (Vr) in Fig. (4;).

,. (YA) USB connector A generic serial path connector is also displayed Ne Referring thus to © Fig. A horizontal view is depicted from the top of the mobile device with an integrated fingerprint module as shown in Fig. ? . The Fingerprint module mobile device is indicated by a finger protruding from its front end; The (YA) USB unit with the (V+) portable device connector is shown in (71) portable device ae Lily (fingerprint (+0)) where it is integrated

(V+) set on the upper side of the mobile device (OY) sensor Unitary construction with 1 sensor unit; Which is my hometown view from the left side 1 Reference is being made to the shape of . 1 Integrated as shown in the figure Fingerprint module for the mobile device with a fingerprint module; The (V+) portable device is indicated in front of the portable device. The (VA) USB connector is indicated. (71) Slightly raised from the upper side of the portable device (OF) sensor around the sensor unit

1" 64

- 1 is a view of my hometown from the right side of the mobile device with a fingerprint module 1 The next 0 form The Gly connector is integrated as shown in the ¥ figure. again ; Fingerprint module is a finger and the perimeter of the (Ve) portable device is indicated old protruding from the (YA) USB with the following back (V2) slightly raised from the top side of the portable device (©) sensor My hometown view is depicted from the front of the mobile device with a fingerprint module A to figure 0 is centrally depicted as an input terminal . 1 Integrated as shown in the figure Fingerprint module raised slightly from the (OF) side of the sensor and the USB (VA) sensor perimeter of the connector is indicated. (71) at the top of the mobile device

Reference is now made to Figure 9; Which is my hometown view back of the mobile device 0 with an integrated Fingerprint module as shown in Fig. ? . The circumference of the (°F) sensor is shown slightly raised on the top side of the portable device (7001) and an optional gap (VV) is also visible on the base side of the portable device (01).

A write protect key is shown as it is located on the back end of the mobile device (71). Referring Wl to Figure 01; a flow diagram (001) is shown showing the steps of the process of 1 user registration / authentication using The portable device 2a portable device is an integrated Fingerprint module according to one of the models of the present invention.In the following explanation, the various units and components referred to by reference to Figure 1a have previously been explained using the same reference numbers.In step (10?) When paired to a host platform, the portable device (V+) undergoes an initial marshalling procedure.

-ye-

Nowadays ; The initial marshaling procedure involves establishing a connection with the host device and ensuring that

The host device is aware that the portable device (V+) has been paired to it. In step YY the portable device (V+) determines whether a user registration is necessary eg; If a (V+) portable device is used for the first time and no volatile memory dna all is stored in memory (01), the (Vo) portable device will instruct the user to complete the registration process (steps 7760 and 778). and YEO; and YOO as described hereinafter) by a user communication (eg displaying message windows) through the host device, on first use of a portable device (V+) [eg; Immediately after purchase ] ; Preferred Model 0 initiates the self-registration process to generate the first print ("Mother Edition"). This is preferably achieved by scanning the Alls flag status (eg 111 in flash memory) memory 00 for Fig. 1b). Subsequent recording(s) may be enabled, as shown below.

By two users individually through a program on the host machine. In one embodiment ¢ a portable device (V+) is supported by more than one user. in 1 model Al; The same user may register multiple fingerprints as separate instances. In another example also; The same user's fingerprint may be registered multiple times as different prints. The (V+) portable device can thus facilitate the registration of additional user(s) and/or additional instance(s) either by periodically querying (eg on startup) whether a new user/instance needs Because it is added or at user request in © (YY) step. If an additional user/instance is to be registered it will be executed

x. Registration process. if it is determined that no new registration is necessary; It continues the (001) process with a documentation process (VY Steps 56 740–7160; as described below). It must be appreciated that within the scope of the present invention, software (for example a software driver) may need to be installed. on the host machine before the first use of the mobile device (Ve) to enable © to exploit the user interface of the host machine to communicate with the user It should be appreciated that if the host machine's operating system has built-in support for such functionality, it does not need to install additional software on it Referring to Figure 01 still The registration process is now explained In step (YV0) the registration process is initiated In one of the examples this includes informing the user that the registration process Cray fate 0 User is on his finger / her finger on the sensor (27). In step (75), the (OF) sensor is read to take a picture of the fingerprint of the user's finger that has been placed on it. In a preferred model, 0 Ulla includes step ( 735) 0 also checks that the captured image is of sufficient quality for further processing (le) eg; version generation). This is preferably done by a controller (07) as directed vo by a (YY) microprocessor. In one embodiment, the (YY) step will be repeated if the captured fingerprint image quality is not acceptable. Under Jie these conditions, the user will be prompted to place his/her finger on the (OF) sensor a second time so that a new picture can be taken. Once an acceptable fingerprint photo is taken in step (775); Process (001)© continues to Cum step (YEO) A print is generated based on the captured fingerprint image.

- Y\- z

As previously explained; in a preferred form; The captured image is converted to TE kilobytes

data ; which is then used as input to the instance generator (1a) to generate instance 501

Byte.

In step YEA; The generated instance is encoded in step (1,5). in one of the models; 0 Encoding is done by firmware (J) eg; Firmware Encoders (NY) for Figure (2)

This provides an additional level of security against tampering.

In (Yoo) step, the encrypted copy is stored in (01) flash memory; in

one of the models; upon successful generation and encoding of an instance; The controller (VE) is prompted into memory

Flash Ahad 53 volatile memory The edition generator ("1a") contains the storage of the newly generated documentation.

Reserved from flash memory (01) volatile memory which is specially allocated

To store instance(s) which otherwise would not be accessible to the user.

In (YAY) step, a signal or message is generated indicating the successful completion of the registration process. in one

Models ¢ where the portable device (V+) is used as the Gal storage device; 0 can require step Av (also authorize the portable device ¢ i.e. grant

Newly registered user (eg Je) access to read data from him and write data to him

(Vo) portable device and a detailed organization of the portable device (70) into discourse

Run in effect on the host platform (+4).

- Not still by reference to Figure 01; Adee documentation is now explained. In the Ae (YW) step, the (OY) sensor signal to take a picture of the dead finger of the user's finger on which it is placed. In a preferred embodiment 0 Ula (YY) step also includes a quality check of the image captured by the control unit (07); so that the image capture will be repeated if the quality of the captured fingerprint image is not acceptable to generate an impression. If there is Need to repeat capture; user will be prompted. Preferably the number of retry iterations conceivable by the user. In a currently preferred embodiment, step (190) also involves generating an impression based on the captured fingerprint image and storing the resulting impression in a flash memory.) 11) volatile memory 0. In (YE) step, the stored print(s) are read from flash memory (01) to be used as the basis for documenting conformity to the user whose fingerprint image was captured in (TV) step In a currently preferred embodiment, the microprocessor (11) instructs the controller (14) in volatile memory to retrieve the registered print(s) from volatile memory (01). Step (Yoo) The print edition(s) read from volatile memory is decoded, which is stored in encrypted form. The decoded instance(s) are loaded into volatile memory (11) in a template. In step 760, b is determined whether the user's fingerprint can be authenticated against the validation unit coupling (11b) Verify the voucher pending against the registered edition(s), if done

swarm - find a match; The user is allowed to retry the authentication process, otherwise the authentication fails. in one of the models; The user is allowed to re-authenticate if an initial attempt fails (eg; steps 7760; Yiu and YOu are repeated). Preferably, the number of repeated attempts is conceivable by the user and can be regulated once a user has been authenticated. 0 is authorized and granted access to it. In an embodiment, when a user fails to authenticate his/her identity as an authorized person, access to volatile memory (Y+) will be closed [ eg in a model where the launcher of a program resides In a host device (0) (4) host platform, the program operator, Jue, can prevent this entry.] In another embodiment, the microprocessor (11) 0 in the portable device (V+) will be closed. or disables the volatile memory controller (V€) when such authentication fails These actions serve as an added security measure against possible tampering and other forms of unauthorized access to data stored in volatile memory (01) and are initiated by repeated failed authentication attempts In one of the forms an optional step (770) is provided In this form the verification module (SVT) must fail and refuse to authenticate an authorized user whose fingerprint is registered lb is supplied The user has the option to bypass the fingerprint authentication and provide a password to gain Yas access from it. This form gives the user the ability to avoid a helpless situation where access to the contents of the volatile memory (01) cannot be obtained if and until the probe module (11b) is installed. If the passphrase is entered correctly, user authentication is considered © succeeds; otherwise, user authentication remains failed. It should also be estimated if additional security is required

-

0 A password requirement can be accomplished in addition to fingerprint authentication even for routine authentication

within the scope of the present invention.

in a step (180); A signal or message is generated indicating the successful completion of the registration process. in one

models; Where the portable device (V+) is used as a secure storage device; maybe

M. The (YA) step also requires authorization of the portable device ¢ in the sense of granting

The newly registered user has access (for example, reading data from it and writing data to it) to

The portable device (V+) and a detailed organization of the portable device (Ve) letter

Run in effect on the host platform (+3).

It should be appreciated that in the Cum model there is an authentication engine (VY) in host machine host platform 0 (+3); appropriate modifications are required to the previously described authentication process.

precisely; Once a satisfactory fingerprint image has been obtained in step Ae (YY).

First the image data is encoded and then sent to a Cus ¢ (4+) host platform

Execute the steps to be performed by the Documentation Engine (VY). so; Based on achievement

private application; The information sent from the portable device (Yr)ve to the host device (30) can be either a simple success notification upon successful authentication or

Image data representing a user's fingerprint that is pending authentication.

in a currently preferred form; The performance of the various steps of the process (001) is controlled by implementing

A microprocessor (11) for firmware code; which is preferably stored in

Volatile memory (VY) of the mobile device (V+).

Du -

significantly; It should be appreciated that the present invention does not foresee the use of a portable device (V+) as a secure data storage device only but Lind as an access management device. particulary ; within the scope of the present invention; A portable device (71) can act as an 'access key' to a host device host platform (0) to which the portable device is associated. More specifically, in an embodiment, for access Any resource on the host machine (34) (eg data; files; application software; peripherals) and/or any source connected to it (eg network access; network printers and storage devices; e-mail) that requires a user to successfully authenticate or not his/her identity as an authorized user using the (V+) portable device with an ALIS fingerprint module. traditional password basis.

A passage in the previous art, according to the present invention. later organizing access to various computer resources; The present invention may also be usefully used in many other applications which require a security clearance such as entry in private homes, offices, hotel rooms, bank vaults, bond deposit boxes, and so on. Jal's invention may also be usefully applied to Jad's restriction of machines; such as factory machinery and vehicles; For those who have been properly trained. in one of the models; The access control device (71) can be used as a house key for a private house or a room key for a hotel room instead of the traditional 0_0 keys In the first example; the homeowner first registers his/her fingerprint when the Ji anchor is installed On the vital stats at home, in the last example, score

for -

A hotel guest first fingerprints his/her finger on arrival and check-in at a hotel. after that ; Complete

Safely restrict access to a home or hotel room to its key holder (owner

home or hotel guest). These and other applications are a wide range of device-centric access technology

The vital statistics disclosed in this patent are intended to be entirely within the scope and spirit of the present invention.

Although the models of the invention Mall are described in this patent as using Sh

fingerprint to accomplish access regulation; It must be appreciated that the invention is not limited

current research, but instead involves the use of statistical-based documentation techniques

other bio.

One of these techniques is the iris scan technique. While other such techniques based on vital statistics are not clearly explained in this patent; Its applicability to the realizations of access regulation using a portable device is within the scope and spirit of the present disclosed invention. Furthermore it ; Whereas the preferred embodiments of the present invention are explained in this patent as

1 Flash memory is used as storage medium; It should be appreciated that other types of Jia volatile memory, FRAM or MRAM, may also be used within the scope of the present invention. in addition to ; While it has been explained in this patent that such preferred models are compatible with the USB standard; It is not intended to be restricted to the device

© Mobile device 00:8016_for the present invention thereon. Instead of that ; It is intended to include

— Y7_

The present invention on mobile devices that support other communication methods and/or connectivity standards

. IEEE 1394 ("Firewire") Standard Ju

While preferred embodiments of the present invention, a method and apparatus for accomplishing access regulation using

technology based on vital stats; It is understood that those skilled in the art; CURRENT AND FUTURE 0 - MAY MAKE DIFFERENT DEVELOPMENTS AND ENHANCEMENTS WHICH ARE WITHIN THE SCOPE OF THE FOLLOWING PROTECTIONS. ought to

These claims are construed to preserve the proper protection of the invention first disclosed in

This innocence.

Claims (1)

Except - Elements _ Hamaba 1-1 dus “portable device” includes: ¢ microprocessor Y 3 A non-volatile memory with a data storage capacity of at least A MB; It is coupled with a microprocessor ¢ 5 and a vital statistics based authentication module associated with and controlled by the microprocessor 1 7; where a user is allowed to access non-volatile memory on condition that the authentication module A is based on dynamic statistics; Authenticate the user's identity, otherwise user q is denied access to non-volatile memory ; 0 and an Integrated Universal Serial Bus (USB) male connector for connecting a portable storage device VY directly to a receiver and for exchanging data between the receiver and non-volatile memory VY after user authentication. 1 “-_portable device under security 10 where Y biometrics authentication module is fingerprint authentication module 1 ead -*1 portable portable device according to the protection element of where the fingerprint authentication module includes a fingerprint sensor element 1 - vq - 1 Udy portable device of the oF protection element where Y is the sensor element rotatable Create sensing operation 1©: to bring successive segments of the user's finger into rotating contact with a device ¢ Sensor The sensor element thus senses the successive parts of the user's fingerprint©. —o 1 Gay portable device of the safeguard? or cf where Y the fingerprint authentication module has a lid installed so that it moves between the position of pate covering the sensor element and position lh revealing the ¢ sensor element. sensor element +1 1 portable device pursuant to any of the preceding protections; Y where the male connector is an integrated universal serial bus (USB) |” type of male connector for connecting the portable storage device directly to the receiver and exchanging data between the USB controller of the portable device© and the USB controller of the receiver 1 7-_portable device according to any of the above safeguards; Vitality on sensor 1 Vital stats attached to a surface of the mobile device .portable device – oy. — gall — A 1 portable device in accordance with any of the foregoing protections; Gua non-volatile memory includes flash memory .flash memory 1 1 4- The Wy portable device of any of the above protection elements; Whereas, the microprocessor is designed such that a “pass-by” mechanism is provided for authentication after authentication failure has been identified by the authentication module based on vital statistics. lea-0-1 portable storage device; on: Y bus; 1 and a microprocessor associated with the bus; - non-volatile memory with a data storage capacity of at least A megabyte; ee associated with the bus; 1 and a documentation module that On Associated Vital Statistics (JUL) where with microprocessor control - the documentation unit based on + vital stats is designed so that (1) Lith is the first vital stats sign; (?) storage of 4 tokens first vital stats in non-volatile memory 0 ; (¥) captures a second vital stats marker; ( ;) determines whether 1 can be documented against a vital stats marker 0 The first, an AY and an integral male connector, is for connecting the portable storage device directly to a receiver with a non-volatile memory controller and for exchanging data between the receiver and the VE. v \ — — Yo when determining that the second vital statistics sign can be documented against the first - vital statistics sign. 1-11 eal portable device according to Clause 10, where the authentication module that is based on vital statistics is a fingerprint authentication module 1 Seal 17-1 Wy portable device of protection element 01 or OY where "| Lad has a universal serial bus (USB) device controller associated with the bus - and where the integral male connector is a Type A male 1153 connector; - coupled ( JUL so that the portable device can communicate © with the receiver software through connector 1153. Sead -1#1 portable device according to any of the protections from 01 to AY Y where the authentication module is integrated Which is based on structural vital statistics with the portable device in a modular design and includes a 3 vital statistics sensor placed on one of the surfaces of the portable device. Where the sensor is a sensor 7 with ay fingerprint and includes * a rotatable element during the sensing process sensor to bring successive segments of the user's finger ¢ into rotating contact with sensor 7 thus 8 sensor 0 successive segments of the fingerprint user finger. Y44¢ 10-1 Ga, portable device of protection element 1” or protection element 06 wherein the statistic-based documentation unit has a cover Y installed so that it moves between position Jf covering the sensing element sensor and a second position ¢ that detects the sensor ead -11 1 Portable device in accordance with any of the protections from 01 to Cua (Vo) non-volatile memory includes flash memory. VY portable device under any security 01 to 11" The vital stats based authentication module is also designed to encrypt the first vital stats tag before storing the vital stats ¢ in non-volatile memory 0 non-volatile memory 1 8- The Wy portable device for any of the protection elements from 01 to dus VY Y The microprocessor is designed to direct the v authentication unit that is based on vital statistics so that it captures and stores sign ; - First vital stats provided no vital stats marker has been stored before ° in non-volatile memory 1 4- The portable device according to any of the protection elements from 01 to VA, where the microprocessor is designed to allow access to non-volatile memory after confirming success Documentation by s_; - Documentation module based on vital statistics. ‎—Y. 1 a portable device for any safeguards 01 to Cua (14 Y) The microprocessor is designed to prevent access to v non-volatile memory after confirming a failure Authentication by Y Authentication module based on vital statistics 71-1 Portable device According to any of the protections from 01 to 0 Y where the microprocessor is designed to provide A side process of authentication after the authentication failure is confirmed by the vital ¢ ¢ authentication module. : Y ( ) Obtaining a first vital stats sign from a user using a vital stats sensor installed on the portable device « © The portable storage device has internal storage with a total data storage capacity of -1 of A at least MB V (b) restore a vital stats sign from the internal storage of the portable storage device A in which the vital stats marker was stored during the storage process; 4(c) comparison of the first vital statistical sign against the recorded Ye vital statistical sign; (2) Sending a signal of authentication success, provided that there is agreement in step (11). — Tv $ — 3 mentioned; 1" (e) provide access to the internal storage of the portable storage device after receiving a VY signal successfully authenticating and thereafter exchanging data between the internal storage of the portable storage device 01 and a receiver with a control device; the data exchange goes through Male Vo (USB) 0 Universal Serial Bus integrated with portable storage device. 1 “#-Authentication method based on vital statistics according to Clause 17 Y where the registered vital statistics tag is a fingerprint. 1 74-Authentication method based on vital statistics according to security element “YY” or TY where the registered vital stats tag is stored in an encrypted format. 1©7-Authorization method based on vital statistics according to For any of the malic “ - protection from YY to YE where it also includes a step to prevent the user from »- accessing internal storage provided that no compatibility is identified in the $(z) step mentioned. RE k-YT 1 Authentication based on biometrics according to any of the safeguards from TY to Cum Yo also includes the step of providing the user with a YW action side authentication provided no compliance is identified in step (c) mentioned.