In-circuit security system and methods for controlling access to and use of sensitive data
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/75
H04N-021/4415
G06F-021/32
G06F-021/62
G06F-021/85
G06K-009/00
H04L-029/06
H04L-009/32
H04N-021/258
출원번호
US-0947313
(2013-07-22)
등록번호
US-9124930
(2015-09-01)
발명자
/ 주소
Johnson, Barry W.
Riemenschneider, Kristen R. O.
Russell, David C.
Tillack, Jonathan A.
출원인 / 주소
Apple Inc.
대리인 / 주소
Blakely, Sokoloff, Taylor & Zafman LLP
인용정보
피인용 횟수 :
1인용 특허 :
128
초록▼
The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secur
The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secured using industry-established mechanisms for preventing information tampering or eavesdropping, such as the addition of oxygen reactive layers. This invention also incorporates means for establishing security settings, profiles, and responses for the in-circuit security system and enrolled individuals. The in-circuit security system can be used in a variety of electronic devices, including handheld computers, secure facility keys, vehicle operation/ignition systems, and digital rights management.
대표청구항▼
1. An apparatus, comprising: a single integrated circuit having a first portion including an identity credential verification subsystem, the identity credential verification subsystem configured to identify a user based on a stored identity credential and to verify the user based on a security privi
1. An apparatus, comprising: a single integrated circuit having a first portion including an identity credential verification subsystem, the identity credential verification subsystem configured to identify a user based on a stored identity credential and to verify the user based on a security privilege associated with the stored identity credential,a second portion associated with functionality of the single integrated circuit not used during operation of the identity credential verification subsystem, the second portion configured to be enabled when the identity credential verification subsystem has identified the user based on the stored identity credential and verified the user based on the security privilege associated with the identity credential, the second portion configured to be disabled when the identity credential verification subsystem has not at least one of (1) identified the user based on the stored identity credential, or (2) verified the user based on the security privilege associated with the stored identity credential,a power source, anda real-time clock configured to generate data when the second portion of the single integrated circuit is enabled and the real-time clock is operatively connected to the power source. 2. The apparatus of claim 1, wherein the identity credential verification subsystem is configured to be in electronic communication with a cryptographic subsystem of the single integrated circuit. 3. The apparatus of claim 1, wherein the single integrated circuit includes a cryptographic subsystem operatively coupled to the real-time clock, the cryptographic subsystem configured to perform at least one of encryption, decryption, digital signing, and digital signature verification. 4. The apparatus of claim 1, wherein the stored identity credential is a biometric template, the apparatus further comprising: a biometric scanner configured to receive a biometric input from the user, the biometric scanner configured to send data associated with the received biometric input to the identity credential verification subsystem,the identity credential verification subsystem configured to determine whether the received biometric input matches the stored biometric template. 5. The apparatus of claim 1, wherein the security privilege associated with the stored identity credential includes a permission to at least one of selectively disable a component or selectively destroy a component of an electronic device that includes the single integrated circuit. 6. The apparatus of claim 1, wherein the security privilege associated with the stored identity credential includes a permission to selectively enable a disabled component. 7. The apparatus of claim 1, wherein the security privilege associated with the stored identity credential includes a permission to access stored data. 8. The apparatus of claim 1, wherein the single integrated circuit is included in an electronic device configured for electronic messaging, the security privilege associated with the stored identity credential includes a permission to encrypt an electronic message with a stored private key. 9. The apparatus of claim 8, wherein the single integrated circuit includes a processor and a cryptographic subsystem, the processor configured to receive a signal from the identity credential verification subsystem when the second portion of the single integrated circuit is enabled, the cryptographic subsystem configured to receive a signal from the processor and to encrypt the electronic message with the stored private key. 10. The apparatus of claim 1, wherein: the user is a first user,the stored identity credential is a first identity credential of a plurality of identity credentials stored within a memory of the single integrated circuit, the plurality of identity credentials including a second identity credential associated with a second user different from the first user,the security privilege associated with the first identity credential is a first security privilege of a plurality of security privileges stored within the memory of the single integrated circuit, the plurality of security privileges including a second security privilege associated with the second identity credential, the second security privilege being different from the first security privilege. 11. The apparatus of claim 1, further comprising: an electronic lock mechanism including the single integrated circuit, the single integrated circuit configured to send a signal configured to unlock the electronic lock mechanism when the second portion of the single integrated circuit is enabled and when the security privilege permits access to data or a location protected by the electronic lock mechanism. 12. The apparatus of claim 1, further comprising: an electronic lock mechanism including the single integrated circuit, the single integrated circuit configured to send a signal configured to place the electronic lock mechanism in a state such that the electronic lock mechanism cannot be unlocked unless the electronic lock mechanism is reset by a recognized authority when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period. 13. The apparatus of claim 1, further comprising: an electronic lock mechanism including the single integrated circuit,the stored identity credential being a first identity credential, the single integrated circuit configured to place the electronic lock mechanism in a state such that the identity credential verification subsystem does not accept a second identity credential when the identity credential verification subsystem denies access based on the first identity credential. 14. An electronic device, comprising: a single integrated circuit including an identity credential verification subsystem configured to authenticate a biometric input of a user based on a pre-enrolled biometric template stored in a memory of the electronic device,a power source,a real-time clock operatively connected to the power source,a processor operatively coupled to the real-time clock, the processor configured to deny access for a predetermined number of access attempts within a predetermined period of time based on failed authentication at the identity credential verification subsystem,the single integrated circuit configured to disconnect the real-time clock from the power source when the access is denied by the processor. 15. The electronic device of claim 14, wherein the single integrated circuit is configured to produce a biometric digital representation based on the biometric input of the user, the identity credential verification subsystem is configured to compare the biometric digital representation with the pre-enrolled biometric template during authentication. 16. The electronic device of claim 14, wherein the single integrated circuit includes a cryptographic subsystem and a memory storing a private key, the identity credential verification subsystem configured to send a signal to the processor indicating that the user is authorized to use the stored private key when the biometric input of the user is authentic, the processor configured to send an electronic message associated with input from the user to the cryptographic subsystem, the cryptographic subsystem configured to encrypt the electronic message based on the stored private key. 17. The electronic device of claim 14, wherein the single integrated circuit includes a cryptographic subsystem configured to (1) receive an electronic message associated with input from the user from the processor, (2) encrypt the electronic message, and (3) send the encrypted electronic message to a transmitter of the electronic device for output to a recipient. 18. The electronic device of claim 14, wherein operation of the real-time clock is halted when the real-time clock is disconnected from the power source. 19. The electronic device of claim 14, wherein the electronic device is an electronic lock mechanism, the identity credential verification subsystem configured to send a signal to place the electronic lock mechanism in a state such that the electronic lock mechanism cannot be unlocked unless the electronic lock mechanism is reset by a recognized authority, the identity credential verification subsystem configured to send the signal when the identity credential verification subsystem denies access for a predetermined number of access attempts within a predetermined time period. 20. The electronic device of claim 14, wherein the biometric input is a first biometric input, the electronic device is an electronic lock mechanism having a first state in which the identity credential verification subsystem accepts the first biometric input, and a second state in which the identity credential verification subsystem does not accept a second biometric input when the identity credential verification subsystem denies access based on the first biometric input.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (128)
Edward M. Scheidt ; Ersin L. Domangue, Access control and authorization system.
Berson William (Westport CT) Zemlok Kenneth C. (Shelton CT), Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic.
Richards, Bruce G.; Drummond, Jay Paul; Blackson, Dale; Cichon, Bob A.; Ess, Joseph C.; Moales, Mark A.; Weis, David W.; Smith, Mark D.; Church, James, Automated banking machine and system.
Green, Patrick C.; Smith, Mark; Ramachandran, Natarajan; Delaney, Daniel J.; Barker, David A.; Theriault, Franklin M.; Herrera, Elizabeth; Hill, Jeffrey A.; Douglas, Mark, Automated transaction system and method.
Bernstein Robert J. (First Options ; One Financial Plz. 440 S. LaSalle St. Chicago IL 60605), Automatic portable account controller for remotely arranging for payment of debt to a vendor.
Debelleix,Olivier, Device and method of recognizing at least one individual, the corresponding access control device and system and applications thereof.
Goudard Jean-Louis (Guyancourt FRX) Pottier Denis (L\Hay les Roses FRX) Hoppe Joseph (Les Molires FRX), Device for protecting the validity of time sensitive information.
Blandford Robert R. (1809 Paul Spring Rd. Alexandria VA 22307), Devices to (1) supply authenticated time and (2) time stamp and authenticate digital documents.
Booth, Kevin E.; Popolow, Harry N.; Ford, Richard R.; Johnson, Edward E.; Loftin, Jon S.; Osborne, Lance C.; Johnson, David W., Electronically-controlled locker system.
Johnson, Barry W.; Olvera, Kristen R.; Russell, David C.; Tillack, Jonathan A., In-circuit security system and methods for controlling access to and use of sensitive data.
Johnson, Barry W.; Olvera, Kristen R.; Russell, David C.; Tillack, Jonathan A., In-circuit security system and methods for controlling access to and use of sensitive data.
Harada Takenosuke,JPX ; Tsukidate Ryota,JPX, Interactive television system for implementing electronic polling or providing user-requested services based on identifi.
Wood, David L.; Weschler, Paul; Norton, Derk; Ferris, Chris; Wilson, Yvonne; Soley, William R., Log-on service providing credential level change without loss of session continuity.
Campbell, Bruce S.; Strauss, III, Burton M.; Dolecki, Myron C., Method and system for partitioned service-enablement gateway with utility and consumer services.
Bolle, Rudolf Maarten; Nunes, Sharon Louise; Pankanti, Sharathchandra; Ratha, Nalini Kanta; Smith, Barton Allen; Zimmerman, Thomas Guthrie, Method for biometric-based authentication in wireless communication for access control.
Lambert Howard Shelton,GBX ; Orchard James Ronald Lewis,GBX, Method for controlling access to electronically provided services and system for implementing such method.
Drummond, Jay Paul; Blackson, Dale; Cichon, Bob A.; Ess, Joseph C.; Moales, Mark A.; Weis, David W.; Smith, Mark D.; Church, James, Method of using an automated banking machine.
Gopalakrishnan, Ponani S.; Kanevsky, Dimitri; Maes, Stephane Herman, Methods and apparatus for restricting access of a user using random partial biometrics.
Johnson, Richard C., Methods and systems for carrying out directory-authenticated electronic transactions including contingency-dependent payments via secure electronic bank drafts.
Johnson, Richard C., Methods and systems for single sign-on authentication in a multi-vendor e-commerce environment and directory-authenticated bank drafts.
Puhl Larry C. (Sleepy Hollow IL) Comroe Richard A. (Dundee IL) Furtaw Robert W. (Arlington Heights IL) Cantarutti Tracey L. (Barrington IL), Portable authentification system.
Force Gordon (San Jose CA) Davis Timothy D. (Arlington TX) Duncan Richard L. (Bedford TX) Norcross Thomas M. (Arlington TX) Shay Michael J. (Arlington TX) Short Timothy A. (Duncanville TX), Programmable distributed personal security.
McClurg, George William; Brunell, David; Scott, Walter Guy, Rechargeable mobile hand-held fingerprint scanner with a data and power communication interface.
Little Wendell ; Curiger Andreas ; Grider Stephen N. ; Bunsey David A. ; Bartling James E. ; Liu Shyun ; Harrington Bradley M., Secure module with microprocessor and co-processor.
Schindler Jeffrey ; Moore Robert ; Autry Sidney D. ; Chan Rix S. ; Bennett Brian A., Self identifying remote control device having a television receiver for use in a computer.
Lapsley, Philip Dean; Lee, Jonathan Alexander; Pare, Jr., David Ferrin; Hoffman, Ned, Tokenless biometric electronic financial transactions via a third party identicator.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
Ackley H. Sprague ; Maltsev Pavel A. ; Ohanian Michael, Universal data input and processing device, such as universal point-of-sale device for inputting and processing bar code symbols, document images, and other data.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.