US20020090117A1 - High security flash memory and method - Google Patents
High security flash memory and method Download PDFInfo
- Publication number
- US20020090117A1 US20020090117A1 US09/219,549 US21954998A US2002090117A1 US 20020090117 A1 US20020090117 A1 US 20020090117A1 US 21954998 A US21954998 A US 21954998A US 2002090117 A1 US2002090117 A1 US 2002090117A1
- Authority
- US
- United States
- Prior art keywords
- data
- flash memory
- fingerprint
- coupled
- computation engine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C27/00—Electric analogue stores, e.g. for storing instantaneous values
- G11C27/005—Electric analogue stores, e.g. for storing instantaneous values with non-volatile charge storage, e.g. on floating gate or MNOS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/10—Image acquisition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/12—Fingerprints or palmprints
- G06V40/13—Sensors therefor
- G06V40/1306—Sensors therefor non-optical, e.g. ultrasonic or capacitive sensing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/40—Spoof detection, e.g. liveness detection
Definitions
- the present invention relates in general to flash memories and in particular to flash memories used for secured data applications.
- Smart cards containing electronic circuitry are becoming increasingly popular as a way of transferring funds in exchange for goods or services.
- a memory integrated circuit within the smart card is credited with a balance when funds are deposited, and the balance is decremented as the card is used while a credit is given in a separate account.
- the card operates more as a debit or credit card, providing information that is then used to alter balances in two or more accounts external to the card.
- the owners of the card or the accounts or both have vested interests in the integrity of whatever system is used to safeguard the financial interests of the rightful owner of the affected funds, balances or accounts.
- the present invention is capable of providing the security of fingerprint recognition together with the convenience of smart cards as a way of enabling transactions across a variety of consumer markets, together with permitting high geographic diversity.
- the manner in which the fingerprint recognition is carried out does not permit probing of a memory storing reference fingerprint data, and the binary nature of the output data does not permit information regarding the stored reference fingerprint data to be determined from a “trial and error” approach.
- the fingerprint recognition hardware disables or destroys access to the smart card portion of the invention when a predetermined number of unsuccessful attempts to enable the card for use have been attempted. Access to the stored fingerprint data may be disabled or destroyed in addition to or as an alternative to disabling or destroying access to the smart card portion of the invention.
- FIG. 1 is a simplified block diagram of a fingerprint sensor coupled to a computation engine in a consumer instrument, in accordance with an embodiment of the present invention.
- FIG. 2 is a simplified schematic diagram of an example of a capacitance sensing array for reading of fingerprint data by the fingerprint sensor of FIG. 1, in accordance with an embodiment of the present invention.
- FIG. 3A is a simplified block diagram of the computation engine for the consumer instrument of FIG. 1, and FIG. 3B is a simplified schematic diagram of equivalent circuits for the memory cells of FIG. 3A, in accordance with an embodiment of the invention.
- FIG. 4 is a simplified side view of a floating gate FET memory cell of the flash memory processor of FIG. 3A
- FIG. 5 is a simplified schematic diagram of the floating gate FET memory cell of FIG. 4, in accordance with an embodiment of the present invention.
- FIG. 6 is a simplified schematic diagram of a neuron for the flash memory processor of FIG. 3A, in accordance with an embodiment of the present invention.
- FIG. 7 is a simplified flow chart of a method of encoding data in a programmable memory, in accordance with an embodiment of the present invention.
- FIG. 8 is a simplified flow chart of a method of controlling access to data stored in a memory, in accordance with an embodiment of the present invention.
- FIG. 1 is a simplified block diagram of a module forming a consumer instrument 20 including a fingerprint sensor 21 coupled through a filter 22 , a working memory 23 and a processor to a computation engine 25 , in accordance with an embodiment of the present invention.
- the instrument 20 also includes a controller 26 having an input coupled to an output of the computation engine 25 , a read-write memory 28 coupled to the controller 26 and I/O circuitry 30 , all powered by some form of power supply.
- the power supply may include a battery or capacitor or may rely on a physical interconnection to an external source of power through the I/O circuitry 30 .
- the user of the instrument 20 places a chosen finger atop the fingerprint sensor 21 in conjunction with execution of a transaction, such as operation of a cellular telephone or purchase of consumer or other goods.
- the fingerprint sensor 21 reads data corresponding to a fingerprint and provides output data to the computation engine 25 .
- the computation engine 25 compares the data from the fingerprint sensor 21 to previously-stored data and provides a GO or a NO GO signal to the controller 26 .
- the only information regarding the previously-stored fingerprint data available at the output of the computation engine 25 is whether it did or did not match the input data.
- exhaustive search (trying all possible input combinations) is the only way that the information available at the output of the computation engine 25 can only be used to determine the previously-stored fingerprint data.
- Exhaustive search techniques can be easily foiled by simply including a counter that determines the number of unsuccessful fingerprint reads that occur. In one embodiment, the number of unsuccessful fingerprint reads per unit time is monitored. When a predetermined threshold is exceeded, the controller 26 can initiate processes to erase all data stored in the instrument 20 , to disable the fingerprint sensor 21 or the computation engine 25 or, in at least some instances, to signal appropriate authorities.
- the instrument 20 may initiate a call to a predetermined telephone number used to track this type of unauthorized transaction.
- the I/O circuitry 30 of the instrument 20 is in data communication with some form of financial network, similar distress signals may be transmitted.
- the consumer instrument 20 is programmed with one or more desired user fingerprints by taking fingerprint data using the fingerprint scanner 21 , processing the data through the filter 22 , working memory 23 and the processor 24 .
- the processed fingerprint data are then written to nonvolatile memory (not shown in FIG. 1) within the computation engine 25 using a write circuit 32 .
- the capability of the write circuit 32 to write data to the nonvolatile memory in the computation engine is disabled or destroyed, for example by blowing one or more fuses or antifuses 34 coupled between the write circuit 32 and the computation engine 25 .
- Other techniques to disable the write circuit 32 may also be employed.
- FIG. 2 is a simplified schematic diagram of an example of a capacitance sensing array 40 for reading of fingerprint data by the fingerprint sensor 21 of FIG. 1, in accordance with an embodiment of the present invention.
- the capacitance sensing array 40 may also be equipped with other types of sensors to detect certain kinds of unauthorized transactions.
- the capacitance sensing array 40 may be equipped with temperature sensors, sensors to detect a pulse in the finger from which the fingerprint is being read or sensors to determine that the finger includes oxygenated blood (via spectral characteristics of the finger). These types of sensors can be used to try to ensure that the fingerprint that is being read is from a finger that is coupled to a living human being.
- the capacitance sensing array 40 includes a series of capacitor plates 42 arranged along row lines 44 and column lines 46 .
- the capacitor plates 42 may be addressed by enabling transistors 48 coupled between the capacitor plates 42 and a respective row line 44 and simultaneously enabling transistors 50 coupled between the capacitor plate 42 and a respective column line 46 .
- the capacitor plate 42 that is located at an intersection of the respective row line 44 and the respective column line 46 is coupled to a charge integrator 52 .
- the entire array 40 may be read, one capacitor plate 42 at a time, to provide a fingerprint image for further processing and machine recognition or rejection.
- the fingerprint sensor 21 described in this article is formed on an integrated circuit that also includes the computation engine 25 .
- the computation engine 25 is formed from a flash memory array configured to compare fingerprint data from the fingerprint sensor 21 with stored data in the flash memory array in a secure and efficient fashion.
- the fingerprint sensor 21 operates according to any known principle—e.g., optical, capacitive, piezoelectric, ultrasonic, thermal—to obtain images (test images) of, say, 512 ⁇ 512 dots (pixels).
- test images images of, say, 512 ⁇ 512 dots (pixels).
- the test images are filtered in the filter 22 of FIG. 1, depending on the operating principle of the fingerprint sensor 21 .
- the filter 22 may be a digital software filter and may be implemented within the processor 24 .
- a nonvolatile memory within the computation engine 25 stores information relative to a number of images associated with the application in question (a relatively small number of images may be sufficient if the system is used as a personal key).
- Such reference information preferably comprises reference fingerprint images comprising a number of pixels having different gray levels (like the images detected by the fingerprint sensor 21 ), as well as information derived by processing the reference fingerprint images and for direct or indirect comparison with information derived from the test image to reduce the amount of processing required each time to identify a fingerprint.
- a fingerprint includes dermatoglyphic features unique to the individual corresponding to the fingerprint and that are also readily recognizable. These dermatoglyphic features are scattered in a matrix of other dermatoglyphic features which may be equally unique but which are (at least to human interpreters) substantially less recognizable as being unique to the individual, such as an area including a number of parallel and locally straight ridges. Identification of an individual person through fingerprint recognition procedures tends to be based on identification of a predetermined number of highly recognizable dermatoglyphic features and on the spatial relationships between these features.
- a test image is acquired by the fingerprint sensor 21 and filtered by the filter 22 in a known manner to obtain as regular a gray scale image as possible.
- the filtered image stored in the working memory 23 , is processed by the processing unit 24 to define the coordinates (Xi,Yi) of significant points represented by the terminations, bifurcations and other features of the epidermal ridges, or so-called minutiae.
- Such processing to determine the significant points may be performed in any known manner, e.g., as indicated in the article “Automatic Fingerprint Identification”, 1979, by Asai, Kato, Hoshino and Kiji.
- the resulting significant points are then stored in the working memory 23 and compared by the computation engine 25 with corresponding significant points in the reference image (extracted and stored beforehand using the same significant point extraction procedure as for the test image).
- each significant point in the test image with coordinates (Xi,Yi) is compared with all the significant points in the reference image with coordinates (Xj,Yj) to establish a local similarity between the regions centered about the significant points.
- the local region similarity check procedure is described in detail in the above-referenced U.S. patent application No. 08/802,658.
- the local region similarity check process When an actual similarity is determined, the local region similarity check process generates a pair of significant points (one in the test image and one in the reference image) having a local similarity (in terms of gray tones) to the regions surrounding them, and the pairs of significant points are stored in the working memory 23 . A check is then made to determine whether the local region similarity check has been repeated for all of the significant points in the test image. If it has not, it is repeated, and, when all the significant points in the image have been checked, a list of pairs of significant points is available.
- a coordinate translation and rotation from the test image to the reference image is defined to match a second pair of significant points within a given tolerance, so that, for each two pairs of significant points, a linear rotation-translation transformation is identified on which to match the test and reference fingerprint images.
- the matching points of the other pairs of significant points are determined.
- a count is made of the significant points in the test image matching the significant points with which they are paired in the reference image. If there are fewer than a predetermined number of matching pairs of significant points, the test and reference prints do not match, and the rotation-translation definition and match count procedure is repeated for another two pairs of significant points, and so on until a rotation-translation resulting in more than the minimum required number of matches is defined or until all the possible transformations have been checked. In the latter case, the prints are definitely considered non-matching, and the test and reference image comparison is terminated with a negative match output.
- real matching of the prints is determined by appropriately comparing image segments connecting a first pair of significant points (one in the test image and one in the reference image) with all the other pairs of significant points, and by validating the first pair of significant points when a sufficient similarity is determined for at least a predetermined number of image segments as discussed above.
- a check is made to determine whether the similarity of the segments has been determined for all the matching significant points. When it has not, then the real matching described above is repeated. When it has, a check is made to determine whether the number of validated matching significant points is greater than or equal to a predetermined threshold for a given rotation-translation to be considered valid. When the chosen rotation-translation is valid, the fingerprint is considered to be identified; when it is not considered valid, another rotation-translation is chosen and the process is repeated.
- calculation of the similarity of the regions surrounding two significant points, one in the test image with coordinates (Xi,Yi), and one in the reference image with coordinates (Xj,Yj) is performed as described below.
- a region including M ⁇ M points e.g., 16 ⁇ 16
- the similarity of these regions is determined by calculating the value of the integral norm of two surfaces Si t and Sj r defined as:
- N ⁇ M ⁇ M
- Computing the above norm is particularly onerous in fingerprint recognition, which on average involves 100-150 significant points for each test and reference image, and wherein the coordinate of each significant point is definable within a tolerance of about five pixels ( ⁇ 2 in relation to the given coordinate) both horizontally and vertically.
- 25 norms have to be computed, and the similarity verification requires 25 ⁇ T ⁇ S calculations as per Eq. 4 (given T significant points in the test image and S significant points in the reference image).
- the array of analog flash cells may be used to calculate the absolute difference between two values by connecting the source and drain regions of two flash cells to each other and to an input node of a charge integrator, supplying the gate terminal of a first cell with a voltage corresponding to the first value, memorizing in the same first cell, as the threshold voltage, the second value to be subtracted from the first, supplying the gate terminal of the second cell with a voltage complementary to that supplied to the first cell, and memorizing as the threshold voltage in the second cell a value complementary to the second value to be subtracted (see FIG. 3 in the above article).
- the above norm may be computed by parallel computing all the individual differences between the gray levels of pairs of corresponding points in the test and reference images to obtain the value of the norm directly at the output.
- One example of a flash cell array for computing the norm defined in Eq. 4 is described in the above-referenced U.S. patent application No. 08/802,658.
- FIG. 3A is a simplified block diagram of a flash memory processor 60 that can fulfill the functions of the computation engine 25 in the consumer instrument 20 of FIG. 1 and FIG. 3B is a simplified schematic diagram of equivalent circuits for the memory cells 64 of FIG. 3A, in accordance with an embodiment of the invention.
- the principles of operation of the embodiment of FIGS. 3 - 6 are described in “1.5XTPS Convolver using 5b Analog Flash for Real-Time Large-Kernel Image Filtering” by A. Kramer et al., ISSCC Paper FP12.6, pp. 196-197, February 1998 (IEEE Cat. No. 0-7803-4344-1/98).
- the flash memory processor 60 of FIG. 3A includes an array 62 of flash memory cells 64 connected in interleaved rows 66 and 68 . Each of the rows 66 is coupled to a first input of a conductance-summing neuron circuit 70 , and a corresponding one of each of the rows 68 is coupled to a second input of the conductance-summing neuron circuit 70 .
- This arrangement allows flash memory cells 64 in one row 66 to represent data having a first sign (e.g., positive) and flash memory cells 64 in the other row 68 to represent data having a second sign (e.g., negative).
- 256 row pairs 66 , 68 are coupled to a corresponding 256 neuron circuits 70 , however, other numbers of rows 66 and 68 are possible.
- the rows 66 and 68 each include one thousand bits of data storage, however, other sizes are possible for the rows 66 , 68 .
- the flash memory processor 60 also includes an I/O bus 72 coupled to outputs of each of the neuron circuits 70 and to an input signal conditioner 74 that is also coupled to the flash memory cells 64 .
- the input signal conditioner 74 may be formed from shift registers 76 that allow input signals from the I/O bus 72 to be latched.
- the shift registers 76 may be dynamically reconfigurable to permit the input signals to come from, for example, the preceding shift register 76 , to allow for other input-path configurations.
- FIG. 4 is a simplified side view of one of the flash memory cells 64 in the flash memory processor 60 of FIG. 3A
- FIG. 5 is a simplified schematic diagram of the flash memory cells 64 of FIG. 4, in accordance with embodiments of the present invention.
- the flash memory cells 64 includes a source 82 , a drain 84 , a channel 86 extending from the source 82 to the drain 84 , a floating gate 88 and an externally-accessible control gate 90 , all conventionally formed on a semiconductor substrate 92 .
- the flash memory cell 64 is programmed to store a predetermined amount of charge on the floating gate 88 by application of suitable voltages to the control gate 90 , the source 82 and the drain 84 .
- Application of a positive voltage to the control gate 90 and/or the drain 84 can cause electrons to tunnel through a dielectric layer separating the floating gate 88 from the channel 86 . These electrons then charge the floating gate 88 , altering a threshold voltage V T of the flash memory cells 64 .
- the amount of charge that is stored on the floating gate 88 can later be measured by determining the threshold voltage V T of the flash memory cell 64 , or the threshold voltage V T may be compared to an input voltage applied to the control gate 90 . The more electrons that are stored on the floating gate 88 , the more positive the threshold voltage V T will be.
- Application of a suitable voltage to the control gate 90 can cause electrons stored on the floating gate 88 to tunnel out from the floating gate 88 , thus erasing the data that were stored in the flash memory cell 64 .
- a verify operation is employed at the beginning and the end of each programming operation to determine the status of the flash memory cell 64 .
- the flash memory cells 64 are initially programmed with analog values by storing charge on the floating gates 88 corresponding to a predetermined number of bits. For example, a 6-bit weight formed from 5 value bits and a sign may be programmed into a pair of flash memory cells 64 that are coupled to counterpart locations on a pair of the rows 66 , 68 that are coupled to one of the neuron circuits 70 .
- the input signal conditioner 74 applies input digital signals to the control gates 90 of the flash memory cells 64 .
- the input digital signals have one of two possible analog values, V HI and V LOW .
- the analog values V HI and V LOW can be adjusted to modify dynamic range and precision.
- the programmed analog values are chosen so that one of the flash memory cells 64 in each pair is always off (i.e., has a programmed threshold voltage V T that is greater than V HI ) and the other is only ON when the input is a logical “l” (i.e., V LOW ⁇ V T ⁇ V HI ).
- each of the flash memory cells 64 acts as a programmable conductance that is switched in or out of the conductance summing row line 66 or 68 by a digital input signal.
- the sources 82 of all of the flash memory cells 64 in one row are coupled to the associated row line 66 or 68 .
- This technique utilizes common source lines in each row line 66 or 68 for conductance summing of each of, for example, 256 pairs of computational rows 66 or 68 each having 1,000 one-bit inputs.
- the conductance summing for any one pair of row lines 66 and 68 is carried out by an associated one of the neuron circuits 70 .
- FIG. 6 is a simplified schematic diagram of the neuron circuit 70 for the flash memory processor 60 of FIG. 3A, in accordance with an embodiment of the invention.
- the neuron circuit 70 includes a conductance comparator forming a neuron 100 coupled through a buffer 102 formed from two transistors 104 and 106 .
- the buffer 102 acts to buffer synapses formed from pairs of the flash memory cells 64 coupled to each of the row lines 66 and 68 .
- the buffer 102 also includes a third transistor 108 having one current-carrying electrode coupled to ground, another current carrying electrode coupled to gates of all three of the transistors 104 , 106 and 108 to a constant current source 110 .
- the buffer 102 ensures that all of the flash memory cells 64 forming synapse devices operate in the triode region. As a result, the drain-source voltage of each of the flash memory cells is low (e.g., 100 millivolts) and the power required to operate the flash memory processor 60 of FIG. 3A is reduced accordingly. Further, because this drain-source voltage is both low and uniform, the data that are stored in the flash memory processor 60 cannot be read by conventional probing techniques.
- the neuron 100 includes cross-coupled current mirror circuits 120 and 122 each including three transistors— 124 , 126 and 128 in the current mirror 120 and 130 , 132 and 134 in the current mirror 122 . All three transistors in each of the current minors 120 and 122 have commonly coupled gates and a set of commonly connected current-carrying electrodes.
- the transistors 124 and 130 are each diode connected.
- the transistors 126 and 132 each are cross coupled to the diode-connected transistor 130 and 124 in the other current mirror 122 and 120 , respectively.
- the transistors 128 and 134 are each coupled to cross-coupled transistors 136 and 138 , respectively, to provide positive feedback.
- the conductance-summing convolver formed from the computation engine 60 described above provides several advantages as an authorization mechanism for transactions. These advantages include very rapid computation and low power consumption. The power consumption is reduced, compared to other flash-memory-based computation engines, at least in part because the conductance mode of operation uses the “triode region” of the operation of the floating gate FET memory cell, i.e., low source-drain voltages, rather than the saturation region using greater source-drain voltages. Moreover, many such cells all couple to a common conductance summing row line 66 or 68 and many will be operating in the triode region for any given input, resulting in substantially similar line voltages independent of specific input.
- the reference fingerprint data stored in the flash memory array 62 of FIG. 3A are never manifested outside of the flash memory array 62 .
- conductance mode computation engines 60 provide significant security advantages when these flash memory arrays 62 are used to carry out fingerprint identification in conjunction with authorization of financial transactions using smart cards or other types of electronic funds transfer.
- the fingerprint sensor 21 is formed on the same integrated circuit as the computation engine 25 .
- signals developed in the computation engine 25 in response to operation of the fingerprint sensor 21 are obscured from measurement because the finger providing the fingerprint to the fingerprint sensor 21 physically blocks access to the computation engine 25 .
- the technology that is used to implement the computation engine 25 is not necessarily critical from an information security perspective.
- the fingerprint sensor 21 could still be stimulated in ways that might allow some knowledge to be gained regarding stored data in the computation engine to be obtained from the computation engine 25 .
- optical stimulation of the fingerprint sensor 40 of FIG. 2 could be used to provide a pattern by turning on some but not all of the transistors 48 and 50 , and this might give some indication regarding the stored data when the computation engine 25 is one that does not operate in the conductance mode.
- the fingerprint sensor 21 is formed on a different integrated circuit as the computation engine 25 .
- conductance mode operation of the computation engine 25 provides several advantages.
- analog data are stored in the flash memory cells 64 , but the input data and the output data are digital.
- the output from any one neuron 70 of FIGS. 3 and 6 is a single bit carrying only the information that either a match was or was not achieved by that neuron circuit 70 .
- the amount of information about the stored analog data that can be learned from the digital outputs of the neurons circuits 70 is very limited.
- a first level of correlation detects significant features in the fingerprint, as discussed above with reference to Eqs. 1-4.
- the first level of correlation provides a separate correlation vector corresponding to each feature.
- the correlation vectors for all of the features are then input to a second correlation-based associative memory.
- the second associative memory determines whether or not the overall pattern of matched features corresponds to a match to stored data corresponding to an authorized fingerprint.
- the only externally observable variable in such as system is the match state of unobservable stored data including dummy features.
- the stored data representing features of authorized fingerprint data are augmented with dummy data corresponding to dummy features. Presentation of an input and monitoring the signals from the first level of correlation then does not necessarily reveal information about features of the fingerprint of the authorized user. Simply determining which features are represented by the feature data contained in the first level correlator does not provide knowledge of which of the stored data represent features that are not present in an authorized fingerprint.
- the most that can be determined external to the computation engine 25 is the match state of unobservable data corresponding to the individual features including dummy data if dummy data are present.
- the outside observer who does not have access to the actual fingerprint has no way of discriminating between the dummy data and data corresponding to actual fingerprint features.
- the overall recognition of an authorized fingerprint by the second associative memory depends on both the presence of the correct features and their relative positioning. Searching for the combination of features and relative positions with artificial inputs to the fingerprint sensor 21 of FIG. 1 is equivalent to searching for the entire fingerprint, which is computationally intensive to the point of being practically impossible.
- FIG. 7 is a simplified flow chart of a method 150 of encoding data in a programmable memory, in accordance with an embodiment of the present invention.
- the method 150 begins by setting an index variable i to one in a step 152 when an input dataset is defined in a step 154 .
- the input dataset may be defined to be a fingerprint as sensed by a sensor such as the fingerprint sensor 21 of FIG. 1.
- the input dataset may be defined to be more than one fingerprint, such as fingerprints from more than one finger of a single user or as fingerprints from multiple users who wish to share or be able to share use of the instrument 20 .
- a step 156 the input dataset is written to a nonvolatile memory such as the memory array 62 of FIG. 3A.
- a query task 158 then compares data read from the memory to the input dataset to verify that the memory has actually the input dataset with sufficient integrity.
- the query task 158 determines that the input data and the data read from the memory do not match, the index variable i is incremented in a step 160 .
- a query task 162 determines when the index variable i exceeds a predetermined threshold i MAX .
- the query task 162 determines that the index variable i exceeds the predetermined threshold i MAX , the memory is deemed defective in a step 164 and the process 150 ends.
- control passes back to the step 156 , and the steps 156 , 158 , 160 and 162 are iterated until either the memory is correctly programmed or discarded.
- capability for writing to the memory is disabled in a step 166 .
- the capability for writing data to the memory may be disabled by destroying the functionality of write circuitry associated with the memory.
- the capability for writing data to the memory may be disabled by decoupling the write circuitry from the memory, for example, by blowing a fuse or an antifuse coupled to the output of the write circuitry or to the memory, or by other techniques now known or that may be developed.
- a capability for over-writing the fingerprint data that are stored in the first flash memory or the first memory portion is disabled. This prevents someone who has a lost or stolen smart card or other secure instrument 20 from simply reprogramming the authentication portion of the secure instrument 20 with their own or an associate's authentication or fingerprint data.
- FIG. 8 is a simplified flow chart of a method 180 of controlling access to data stored in a memory, in accordance with an embodiment of the present invention.
- the method 180 begins by setting an index variable j to one in a step 182 when a user presents a financial instrument 20 (FIG. 1) in a step 184 .
- the user also presents authorization credentials in a step 186 .
- the authorization credentials are a fingerprint and are presented by placing one of the users fingertips on the fingerprint sensor 21 of the instrument 20 .
- the computation engine 25 correlates the authorization credentials from the user with data stored in the computation engine 25 to determine if the authorization credentials match the stored data.
- the instrument 20 is enabled in a step 190 , allowing transactions based on the instrument 20 or on data stored in the instrument 20 to proceed, and the process 180 ends.
- the index variable j is compared to a predetermined threshold j MAX in a query task 192 .
- the query task 192 determines that the index variable j exceeds the predetermined threshold j MAX , the read capability of the instrument 20 is disabled in a step 194 and the process 180 ends.
- the read capability of the instrument 20 may be disabled in a number of different ways.
- the fingerprint sensor 21 is disabled, disabling normal use of the instrument 20 but not destroying any financial data that may be stored in the read-write memory 28 . This allows for the possibility of recovery of the instrument 20 and restoration of any remaining finds to an account belonging to the user. This capability may be significant in systems where the instrument 20 acts as the equivalent of a virtual wallet having some amount of money stored in it, which money would be lost if the instrument 20 were lost or destroyed or if the data contained in the memory 28 were lost or destroyed.
- the read-write circuitry associated with the computation engine 25 or the read-write memory 28 or both is disabled or destroyed. This may be carried out by severing a link between the computation engine 25 or the memory 28 by blowing a fuse or antifuse or by triggering the destruction of other circuitry necessary for accessing of these elements.
- the user may prefer to have all access to any stored authorization data and/or any financial data when the instrument 20 functions in a fashion similar to a credit or debit card, i.e., identifies and triggers adjustment of accounts external to the instrument 20 in carrying out a normal transaction. The authorization and financial data are then protected from theft or misuse.
- the index variable j is incremented in a step 196 .
- An optional query task 198 determines when a time t exceeds a predetermined threshold t MAX .
- the time t is the time between initiation of a series of successive determinations by the query task 188 that the authorization credentials do not match the stored data and the present.
- the index variable j is reset to unity in the step 182 .
- the user may repeat presentation of the instrument in the step 184 .
- the steps 184 , 186 , 188 , 192 , 196 and 198 may iterate until either the instrument 20 is enabled in the step 190 , the instrument 20 is disabled in the step 194 or the user voluntarily ends the process 180 .
- a clumsy user or a user having an instrument 20 that is marginally functional is prevented from inadvertently rendering the instrument 20 useless, without necessarily compromising the security provided by the process 180 .
- a few unsuccessful attempts to use the instrument 20 may be followed by a successful attempt, with the result that the instrument 20 is stored between uses.
- a high total count of unsuccessful attempts that may not represent attempts of unauthorized use of the instrument 20 is prevented from disabling the instrument 20 .
- the frequency with which an unauthorized user would have to attempt different input sequences to the fingerprint sensor 21 is very likely to result in the instrument 20 being disabled in the step 194 , preserving the integrity of the instrument 20 .
Abstract
Description
- The present invention relates in general to flash memories and in particular to flash memories used for secured data applications.
- A number of new applications for electronic devices have emerged during the last several decades. Many of these include need for security of information stored in the electronic devices.
- Some, such as automated bank teller machines, employ encryption engines, which may be compatible with the Data Encryption Standard (“DES”) published by the U.S. Government. Others, such as secure telephone units, use a public key algorithm to exchange cipher keys that are then employed together with encryption techniques providing high enough data throughput to allow real-time voice or data communication. These technologies do not lend themselves to pocket-, purse- or wallet-portable consumer applications and may be of limited geographic use due to export restrictions.
- “Smart cards” containing electronic circuitry are becoming increasingly popular as a way of transferring funds in exchange for goods or services. In some instances, a memory integrated circuit within the smart card is credited with a balance when funds are deposited, and the balance is decremented as the card is used while a credit is given in a separate account. In other instances, the card operates more as a debit or credit card, providing information that is then used to alter balances in two or more accounts external to the card. In either case, the owners of the card or the accounts or both have vested interests in the integrity of whatever system is used to safeguard the financial interests of the rightful owner of the affected funds, balances or accounts.
- Different kinds of systems can be employed for verification of a user's identity for authentication of a transaction. In those systems where the user supplies some form of data (e.g., PIN), and the data is sufficient to provide access to something in which the user has a property interest, it is important to safeguard the data itself.
- Numerous examples of electronic theft based on unauthorized use of identification codes exist. In many cases, people have had their telephone cards numbers and PINs observed while using a public telephone. The observer then places calls using the stolen data. Sophisticated thieves have picked cellular telephone identification codes from cellular telephone transmissions and then encoded semiconductor memory integrated circuits with the stolen codes, put the memory integrated circuits into cellular telephones and sold the telephones.
- Requiring the user to enter a PIN via some publicly-accessible medium thus can present substantial security risks. Additionally, requiring the user to memorize and repeatedly provide a PIN presents noticeable nuisance value to the user. One approach to ensuring that the user of a given financial instrument is authorized to do so is to unobtrusively read an immutable or nearly-immutable physical characteristic of the user that also provides unique identification of that user contemporaneously with use of the instrument. However, data corresponding to the identifying characteristic then must be stored in some portion of the system that the instrument interacts with. When these data are read out from either the instrument or the system and then used to falsely authenticate a transaction, system security is compromised. Systems in which this can occur are likely to meet substantial marketplace challenges and are unlikely to win consumer confidence and market acceptance.
- Enablement of a high degree of user autonomy is a highly desirable characteristic in many consumer instruments. As a result, portability coupled with widespread acceptance of the consumer instrument are strongly preferred. At the same time, both real-time operation and a high degree of data security are important characteristics.
- In one aspect, the present invention is capable of providing the security of fingerprint recognition together with the convenience of smart cards as a way of enabling transactions across a variety of consumer markets, together with permitting high geographic diversity. The manner in which the fingerprint recognition is carried out does not permit probing of a memory storing reference fingerprint data, and the binary nature of the output data does not permit information regarding the stored reference fingerprint data to be determined from a “trial and error” approach. In one aspect, the fingerprint recognition hardware disables or destroys access to the smart card portion of the invention when a predetermined number of unsuccessful attempts to enable the card for use have been attempted. Access to the stored fingerprint data may be disabled or destroyed in addition to or as an alternative to disabling or destroying access to the smart card portion of the invention.
- FIG. 1 is a simplified block diagram of a fingerprint sensor coupled to a computation engine in a consumer instrument, in accordance with an embodiment of the present invention.
- FIG. 2 is a simplified schematic diagram of an example of a capacitance sensing array for reading of fingerprint data by the fingerprint sensor of FIG. 1, in accordance with an embodiment of the present invention.
- FIG. 3A is a simplified block diagram of the computation engine for the consumer instrument of FIG. 1, and FIG. 3B is a simplified schematic diagram of equivalent circuits for the memory cells of FIG. 3A, in accordance with an embodiment of the invention.
- FIG. 4 is a simplified side view of a floating gate FET memory cell of the flash memory processor of FIG. 3A, and FIG. 5 is a simplified schematic diagram of the floating gate FET memory cell of FIG. 4, in accordance with an embodiment of the present invention.
- FIG. 6 is a simplified schematic diagram of a neuron for the flash memory processor of FIG. 3A, in accordance with an embodiment of the present invention.
- FIG. 7 is a simplified flow chart of a method of encoding data in a programmable memory, in accordance with an embodiment of the present invention.
- FIG. 8 is a simplified flow chart of a method of controlling access to data stored in a memory, in accordance with an embodiment of the present invention.
- FIG. 1 is a simplified block diagram of a module forming a
consumer instrument 20 including afingerprint sensor 21 coupled through afilter 22, aworking memory 23 and a processor to acomputation engine 25, in accordance with an embodiment of the present invention. Theinstrument 20 also includes acontroller 26 having an input coupled to an output of thecomputation engine 25, a read-writememory 28 coupled to thecontroller 26 and I/O circuitry 30, all powered by some form of power supply. The power supply may include a battery or capacitor or may rely on a physical interconnection to an external source of power through the I/O circuitry 30. - The user of the
instrument 20, which may be a smart card in accordance with one embodiment of the invention, places a chosen finger atop thefingerprint sensor 21 in conjunction with execution of a transaction, such as operation of a cellular telephone or purchase of consumer or other goods. Thefingerprint sensor 21 reads data corresponding to a fingerprint and provides output data to thecomputation engine 25. Thecomputation engine 25 compares the data from thefingerprint sensor 21 to previously-stored data and provides a GO or a NO GO signal to thecontroller 26. By providing only a binary output signal from thecomputation engine 25, the only information regarding the previously-stored fingerprint data available at the output of thecomputation engine 25 is whether it did or did not match the input data. As a result, exhaustive search (trying all possible input combinations) is the only way that the information available at the output of thecomputation engine 25 can only be used to determine the previously-stored fingerprint data. - Exhaustive search techniques can be easily foiled by simply including a counter that determines the number of unsuccessful fingerprint reads that occur. In one embodiment, the number of unsuccessful fingerprint reads per unit time is monitored. When a predetermined threshold is exceeded, the
controller 26 can initiate processes to erase all data stored in theinstrument 20, to disable thefingerprint sensor 21 or thecomputation engine 25 or, in at least some instances, to signal appropriate authorities. - For example, if the I/
O circuitry 30 of theinstrument 20 is in data communication with a cellular telephone to effect an unauthorized call, theinstrument 20 may initiate a call to a predetermined telephone number used to track this type of unauthorized transaction. Similarly, if the I/O circuitry 30 of theinstrument 20 is in data communication with some form of financial network, similar distress signals may be transmitted. - In one embodiment, the
consumer instrument 20 is programmed with one or more desired user fingerprints by taking fingerprint data using thefingerprint scanner 21, processing the data through thefilter 22, workingmemory 23 and theprocessor 24. The processed fingerprint data are then written to nonvolatile memory (not shown in FIG. 1) within thecomputation engine 25 using awrite circuit 32. Following verification of the fingerprint data written to the nonvolatile memory, the capability of thewrite circuit 32 to write data to the nonvolatile memory in the computation engine is disabled or destroyed, for example by blowing one or more fuses orantifuses 34 coupled between thewrite circuit 32 and thecomputation engine 25. Other techniques to disable thewrite circuit 32 may also be employed. - FIG. 2 is a simplified schematic diagram of an example of a capacitance sensing array40 for reading of fingerprint data by the
fingerprint sensor 21 of FIG. 1, in accordance with an embodiment of the present invention. The capacitance sensing array 40 may also be equipped with other types of sensors to detect certain kinds of unauthorized transactions. For example, the capacitance sensing array 40 may be equipped with temperature sensors, sensors to detect a pulse in the finger from which the fingerprint is being read or sensors to determine that the finger includes oxygenated blood (via spectral characteristics of the finger). These types of sensors can be used to try to ensure that the fingerprint that is being read is from a finger that is coupled to a living human being. - The capacitance sensing array40 includes a series of
capacitor plates 42 arranged alongrow lines 44 and column lines 46. Thecapacitor plates 42 may be addressed by enablingtransistors 48 coupled between thecapacitor plates 42 and arespective row line 44 and simultaneously enablingtransistors 50 coupled between thecapacitor plate 42 and arespective column line 46. Thecapacitor plate 42 that is located at an intersection of therespective row line 44 and therespective column line 46 is coupled to acharge integrator 52. By scanning the row lines 44 and the column lines 46 in a predetermined pattern, the entire array 40 may be read, onecapacitor plate 42 at a time, to provide a fingerprint image for further processing and machine recognition or rejection. - An example of such a
fingerprint sensor 21 is described in “Novel Fingerprint Scanning Arrays Using Polysilicon TFT's on Glass and Polymer Substrates” by N. D. Young et al., IEEE El. Dev. Lett., Vol. 18, No. 2, January 1997, pp. 19-20. In one embodiment, thefingerprint sensor 21 described in this article is formed on an integrated circuit that also includes thecomputation engine 25. In one embodiment, thecomputation engine 25 is formed from a flash memory array configured to compare fingerprint data from thefingerprint sensor 21 with stored data in the flash memory array in a secure and efficient fashion. - Other kinds of fingerprint sensors may be used as well. For example, U.S. patent application Ser. Nos. 08/799,548, filed by M. Tartagni on Feb. 13, 1997, and 09/019,496, both entitled “Capacitance Distance Sensor, Particularly for Measuring Fingerprints” both describe suitable sensors.
- More generally, the
fingerprint sensor 21 operates according to any known principle—e.g., optical, capacitive, piezoelectric, ultrasonic, thermal—to obtain images (test images) of, say, 512×512 dots (pixels). As is described in co-pending U.S. patent application No. 08/802,658, filed on Feb. 19, 1997, the test images are filtered in thefilter 22 of FIG. 1, depending on the operating principle of thefingerprint sensor 21. In some embodiments, thefilter 22 may be a digital software filter and may be implemented within theprocessor 24. A nonvolatile memory within thecomputation engine 25 stores information relative to a number of images associated with the application in question (a relatively small number of images may be sufficient if the system is used as a personal key). Such reference information preferably comprises reference fingerprint images comprising a number of pixels having different gray levels (like the images detected by the fingerprint sensor 21), as well as information derived by processing the reference fingerprint images and for direct or indirect comparison with information derived from the test image to reduce the amount of processing required each time to identify a fingerprint. - A fingerprint includes dermatoglyphic features unique to the individual corresponding to the fingerprint and that are also readily recognizable. These dermatoglyphic features are scattered in a matrix of other dermatoglyphic features which may be equally unique but which are (at least to human interpreters) substantially less recognizable as being unique to the individual, such as an area including a number of parallel and locally straight ridges. Identification of an individual person through fingerprint recognition procedures tends to be based on identification of a predetermined number of highly recognizable dermatoglyphic features and on the spatial relationships between these features.
- To begin with, a test image is acquired by the
fingerprint sensor 21 and filtered by thefilter 22 in a known manner to obtain as regular a gray scale image as possible. The filtered image, stored in the workingmemory 23, is processed by theprocessing unit 24 to define the coordinates (Xi,Yi) of significant points represented by the terminations, bifurcations and other features of the epidermal ridges, or so-called minutiae. Such processing to determine the significant points may be performed in any known manner, e.g., as indicated in the article “Automatic Fingerprint Identification”, 1979, by Asai, Kato, Hoshino and Kiji. The resulting significant points are then stored in the workingmemory 23 and compared by thecomputation engine 25 with corresponding significant points in the reference image (extracted and stored beforehand using the same significant point extraction procedure as for the test image). In particular, each significant point in the test image with coordinates (Xi,Yi) is compared with all the significant points in the reference image with coordinates (Xj,Yj) to establish a local similarity between the regions centered about the significant points. The local region similarity check procedure is described in detail in the above-referenced U.S. patent application No. 08/802,658. - When an actual similarity is determined, the local region similarity check process generates a pair of significant points (one in the test image and one in the reference image) having a local similarity (in terms of gray tones) to the regions surrounding them, and the pairs of significant points are stored in the working
memory 23. A check is then made to determine whether the local region similarity check has been repeated for all of the significant points in the test image. If it has not, it is repeated, and, when all the significant points in the image have been checked, a list of pairs of significant points is available. - For each pair of significant points so obtained, a coordinate translation and rotation from the test image to the reference image is defined to match a second pair of significant points within a given tolerance, so that, for each two pairs of significant points, a linear rotation-translation transformation is identified on which to match the test and reference fingerprint images.
- Having identified a rotation-translation as described above, the matching points of the other pairs of significant points are determined. In other words, applying the defined rotation-translation, a count is made of the significant points in the test image matching the significant points with which they are paired in the reference image. If there are fewer than a predetermined number of matching pairs of significant points, the test and reference prints do not match, and the rotation-translation definition and match count procedure is repeated for another two pairs of significant points, and so on until a rotation-translation resulting in more than the minimum required number of matches is defined or until all the possible transformations have been checked. In the latter case, the prints are definitely considered non-matching, and the test and reference image comparison is terminated with a negative match output.
- Conversely, in the event that at least the predetermined number of matching pairs of significant points are detected in the test and reference images, real matching of the prints is determined by appropriately comparing image segments connecting a first pair of significant points (one in the test image and one in the reference image) with all the other pairs of significant points, and by validating the first pair of significant points when a sufficient similarity is determined for at least a predetermined number of image segments as discussed above.
- At this point, a check is made to determine whether the similarity of the segments has been determined for all the matching significant points. When it has not, then the real matching described above is repeated. When it has, a check is made to determine whether the number of validated matching significant points is greater than or equal to a predetermined threshold for a given rotation-translation to be considered valid. When the chosen rotation-translation is valid, the fingerprint is considered to be identified; when it is not considered valid, another rotation-translation is chosen and the process is repeated.
- In one embodiment, calculation of the similarity of the regions surrounding two significant points, one in the test image with coordinates (Xi,Yi), and one in the reference image with coordinates (Xj,Yj) is performed as described below. Using the gray values of the test and reference images, a region including M×M points (e.g., 16×16) is defined about each test and reference point being compared. According to one aspect of the present invention, the similarity of these regions is determined by calculating the value of the integral norm of two surfaces Sit and Sjr defined as:
- Si t ={x,y,z}:z=gray(x,y) (Eq. 1)
- where Xi−8≦x<Xi+8; Yi−8≦y<Yi+8 for the test image points, and
- Sj r ={x,y,z}:z=gray(x,y) (Eq. 2)
- where Xj−8≦x<Xj+8; Yj−8≦y<Yj+8 for the reference image points, and wherein gray(x,y) is the gray tone of the test or reference image at point (x,y).
- The integral norm N of two surfaces Sit and Sjr equals:
- N=∫∫ M×M |Sj r(x,y)−Si t(x,y)|dxdy (Eq. 3)
- Since, in this case, the region of M×M points and the functions Sit, Sjr which are used to compute the similarity are discrete, the double integral is converted into a double summation, and Eq. 3 becomes
- N=ΣΣ |Sj r(x−Xi+Xj,y−Yi+Yj)−Si t(x,y)| (Eq. 4)
- where Xi−8≦x<Xi+8; Yi−8≦y<Yi+8.
- Computing the above norm is particularly onerous in fingerprint recognition, which on average involves 100-150 significant points for each test and reference image, and wherein the coordinate of each significant point is definable within a tolerance of about five pixels (±2 in relation to the given coordinate) both horizontally and vertically. This means that, for each pair of significant points for comparison, 25 norms have to be computed, and the similarity verification requires 25×T×S calculations as per Eq. 4 (given T significant points in the test image and S significant points in the reference image). Even reducing the operations required for each pair of significant points to compute the norm in only 9 of the 25 coordinate tolerance points, computation time is still substantial and unacceptable in many applications.
- Rapid and efficient computation of the above norm is possible using an array of analog flash cells. An example is described in “Flash-Based Programmable Nonlinear Capacitor for Switched-Capacitor Implementations of Neural Networks” by A. Kramer et al. in IEDM Tech. Dig. p. 17.6.1-17.6.4, Dec. 1994.
- In this example, the array of analog flash cells may be used to calculate the absolute difference between two values by connecting the source and drain regions of two flash cells to each other and to an input node of a charge integrator, supplying the gate terminal of a first cell with a voltage corresponding to the first value, memorizing in the same first cell, as the threshold voltage, the second value to be subtracted from the first, supplying the gate terminal of the second cell with a voltage complementary to that supplied to the first cell, and memorizing as the threshold voltage in the second cell a value complementary to the second value to be subtracted (see FIG. 3 in the above article). It is also possible to calculate the sum of the difference between pairs of values by connecting the output nodes of different pairs of cells supplied (as threshold and input voltages) with the pairs of values to be added (see FIG. 4 in the article, relative to calculating the Manhattan distance between two vectors).
- Using the same principle, the above norm may be computed by parallel computing all the individual differences between the gray levels of pairs of corresponding points in the test and reference images to obtain the value of the norm directly at the output. One example of a flash cell array for computing the norm defined in Eq. 4 is described in the above-referenced U.S. patent application No. 08/802,658.
- FIG. 3A is a simplified block diagram of a
flash memory processor 60 that can fulfill the functions of thecomputation engine 25 in theconsumer instrument 20 of FIG. 1 and FIG. 3B is a simplified schematic diagram of equivalent circuits for thememory cells 64 of FIG. 3A, in accordance with an embodiment of the invention. The principles of operation of the embodiment of FIGS. 3-6 are described in “1.5XTPS Convolver using 5b Analog Flash for Real-Time Large-Kernel Image Filtering” by A. Kramer et al., ISSCC Paper FP12.6, pp. 196-197, February 1998 (IEEE Cat. No. 0-7803-4344-1/98). - The
flash memory processor 60 of FIG. 3A includes anarray 62 offlash memory cells 64 connected in interleavedrows rows 66 is coupled to a first input of a conductance-summingneuron circuit 70, and a corresponding one of each of therows 68 is coupled to a second input of the conductance-summingneuron circuit 70. This arrangement allowsflash memory cells 64 in onerow 66 to represent data having a first sign (e.g., positive) andflash memory cells 64 in theother row 68 to represent data having a second sign (e.g., negative). In one embodiment, 256 row pairs 66, 68 are coupled to a corresponding 256neuron circuits 70, however, other numbers ofrows rows rows - The
flash memory processor 60 also includes an I/O bus 72 coupled to outputs of each of theneuron circuits 70 and to aninput signal conditioner 74 that is also coupled to theflash memory cells 64. Theinput signal conditioner 74 may be formed fromshift registers 76 that allow input signals from the I/O bus 72 to be latched. The shift registers 76 may be dynamically reconfigurable to permit the input signals to come from, for example, the precedingshift register 76, to allow for other input-path configurations. - Conductance mode operation of
flash memory cells 64 and principles of operation of theflash memory processor 60 are discussed in “Low power, Low Voltage Conductance-Mode CMOS Analog Neuron” by V. Fabbrizio et al., pp. 111-115, and in “Array-Based Analog Computation: Principles, Advantages and Limitations” by A. Kramer, pp. 68-79, both appearing in Proc. MicroNeuro 1996 (IEEE Cat. No. 1086-1947/96). - FIG. 4 is a simplified side view of one of the
flash memory cells 64 in theflash memory processor 60 of FIG. 3A, and FIG. 5 is a simplified schematic diagram of theflash memory cells 64 of FIG. 4, in accordance with embodiments of the present invention. Theflash memory cells 64 includes asource 82, adrain 84, achannel 86 extending from thesource 82 to thedrain 84, a floatinggate 88 and an externally-accessible control gate 90, all conventionally formed on asemiconductor substrate 92. Theflash memory cell 64 is programmed to store a predetermined amount of charge on the floatinggate 88 by application of suitable voltages to thecontrol gate 90, thesource 82 and thedrain 84. - Application of a positive voltage to the
control gate 90 and/or thedrain 84 can cause electrons to tunnel through a dielectric layer separating the floatinggate 88 from thechannel 86. These electrons then charge the floatinggate 88, altering a threshold voltage VT of theflash memory cells 64. The amount of charge that is stored on the floatinggate 88 can later be measured by determining the threshold voltage VT of theflash memory cell 64, or the threshold voltage VT may be compared to an input voltage applied to thecontrol gate 90. The more electrons that are stored on the floatinggate 88, the more positive the threshold voltage VT will be. - Application of a suitable voltage to the
control gate 90 can cause electrons stored on the floatinggate 88 to tunnel out from the floatinggate 88, thus erasing the data that were stored in theflash memory cell 64. Typically, a verify operation is employed at the beginning and the end of each programming operation to determine the status of theflash memory cell 64. - In the
flash memory processor 60 of FIG. 3A, theflash memory cells 64 are initially programmed with analog values by storing charge on the floatinggates 88 corresponding to a predetermined number of bits. For example, a 6-bit weight formed from 5 value bits and a sign may be programmed into a pair offlash memory cells 64 that are coupled to counterpart locations on a pair of therows neuron circuits 70. - In operation, the
input signal conditioner 74 applies input digital signals to thecontrol gates 90 of theflash memory cells 64. The input digital signals have one of two possible analog values, VHI and VLOW. The analog values VHI and VLOW can be adjusted to modify dynamic range and precision. The programmed analog values are chosen so that one of theflash memory cells 64 in each pair is always off (i.e., has a programmed threshold voltage VT that is greater than VHI) and the other is only ON when the input is a logical “l” (i.e., VLOW<VT<VHI). As a result, because VT is programmable, each of theflash memory cells 64 acts as a programmable conductance that is switched in or out of the conductance summingrow line sources 82 of all of theflash memory cells 64 in one row are coupled to the associatedrow line - This technique utilizes common source lines in each
row line computational rows row lines neuron circuits 70. - FIG. 6 is a simplified schematic diagram of the
neuron circuit 70 for theflash memory processor 60 of FIG. 3A, in accordance with an embodiment of the invention. Theneuron circuit 70 includes a conductance comparator forming aneuron 100 coupled through abuffer 102 formed from twotransistors buffer 102 acts to buffer synapses formed from pairs of theflash memory cells 64 coupled to each of the row lines 66 and 68. - The
buffer 102 also includes athird transistor 108 having one current-carrying electrode coupled to ground, another current carrying electrode coupled to gates of all three of thetransistors current source 110. Thebuffer 102 ensures that all of theflash memory cells 64 forming synapse devices operate in the triode region. As a result, the drain-source voltage of each of the flash memory cells is low (e.g., 100 millivolts) and the power required to operate theflash memory processor 60 of FIG. 3A is reduced accordingly. Further, because this drain-source voltage is both low and uniform, the data that are stored in theflash memory processor 60 cannot be read by conventional probing techniques. - The
neuron 100 includes cross-coupledcurrent mirror circuits current mirror current mirror 122. All three transistors in each of thecurrent minors transistors transistors transistor current mirror transistors cross-coupled transistors 136 and 138, respectively, to provide positive feedback. - The conductance-summing convolver formed from the
computation engine 60 described above provides several advantages as an authorization mechanism for transactions. These advantages include very rapid computation and low power consumption. The power consumption is reduced, compared to other flash-memory-based computation engines, at least in part because the conductance mode of operation uses the “triode region” of the operation of the floating gate FET memory cell, i.e., low source-drain voltages, rather than the saturation region using greater source-drain voltages. Moreover, many such cells all couple to a common conductance summingrow line flash memory cells 64 cannot be sensed by probing techniques such as electron beam microprobes, because these voltages are too small or too similar. Further, these voltages are all substantially similar, even when different values are being presented to the conductance-summingneuron 100 of FIG. 6. - Additionally, the reference fingerprint data stored in the
flash memory array 62 of FIG. 3A are never manifested outside of theflash memory array 62. For these reasons, conductancemode computation engines 60 provide significant security advantages when theseflash memory arrays 62 are used to carry out fingerprint identification in conjunction with authorization of financial transactions using smart cards or other types of electronic funds transfer. - In one embodiment, the
fingerprint sensor 21 is formed on the same integrated circuit as thecomputation engine 25. As a result, signals developed in thecomputation engine 25 in response to operation of thefingerprint sensor 21 are obscured from measurement because the finger providing the fingerprint to thefingerprint sensor 21 physically blocks access to thecomputation engine 25. In this embodiment, the technology that is used to implement thecomputation engine 25 is not necessarily critical from an information security perspective. However, thefingerprint sensor 21 could still be stimulated in ways that might allow some knowledge to be gained regarding stored data in the computation engine to be obtained from thecomputation engine 25. For example, optical stimulation of the fingerprint sensor 40 of FIG. 2 could be used to provide a pattern by turning on some but not all of thetransistors computation engine 25 is one that does not operate in the conductance mode. - In another embodiment, the
fingerprint sensor 21 is formed on a different integrated circuit as thecomputation engine 25. In this embodiment, conductance mode operation of thecomputation engine 25 provides several advantages. In conductance mode operation of thecomputation engine 60 of FIG. 3A, analog data are stored in theflash memory cells 64, but the input data and the output data are digital. In particular, the output from any oneneuron 70 of FIGS. 3 and 6 is a single bit carrying only the information that either a match was or was not achieved by thatneuron circuit 70. As a result, the amount of information about the stored analog data that can be learned from the digital outputs of theneurons circuits 70 is very limited. - In one embodiment, a first level of correlation detects significant features in the fingerprint, as discussed above with reference to Eqs. 1-4. The first level of correlation provides a separate correlation vector corresponding to each feature. The correlation vectors for all of the features are then input to a second correlation-based associative memory. The second associative memory determines whether or not the overall pattern of matched features corresponds to a match to stored data corresponding to an authorized fingerprint. The only externally observable variable in such as system is the match state of unobservable stored data including dummy features.
- In one embodiment, the stored data representing features of authorized fingerprint data are augmented with dummy data corresponding to dummy features. Presentation of an input and monitoring the signals from the first level of correlation then does not necessarily reveal information about features of the fingerprint of the authorized user. Simply determining which features are represented by the feature data contained in the first level correlator does not provide knowledge of which of the stored data represent features that are not present in an authorized fingerprint.
- As a result, the most that can be determined external to the
computation engine 25 is the match state of unobservable data corresponding to the individual features including dummy data if dummy data are present. The outside observer who does not have access to the actual fingerprint has no way of discriminating between the dummy data and data corresponding to actual fingerprint features. Moreover, the overall recognition of an authorized fingerprint by the second associative memory depends on both the presence of the correct features and their relative positioning. Searching for the combination of features and relative positions with artificial inputs to thefingerprint sensor 21 of FIG. 1 is equivalent to searching for the entire fingerprint, which is computationally intensive to the point of being practically impossible. - FIG. 7 is a simplified flow chart of a
method 150 of encoding data in a programmable memory, in accordance with an embodiment of the present invention. Themethod 150 begins by setting an index variable i to one in astep 152 when an input dataset is defined in astep 154. In one embodiment, the input dataset may be defined to be a fingerprint as sensed by a sensor such as thefingerprint sensor 21 of FIG. 1. In another embodiment, the input dataset may be defined to be more than one fingerprint, such as fingerprints from more than one finger of a single user or as fingerprints from multiple users who wish to share or be able to share use of theinstrument 20. - A user whose fingertip was caught in a car door, thereby distorting relationships between minutia in the fingerprint, is in no mood to tolerate secondary malfunction of a primary resource such as a smart card. Accordingly, permitting more than one finger to be recognized is useful in promoting consumer acceptance of fingerprint access to resources that can be enabled using a smart card. Further, members of a mutual, common economic unit, e.g., spouses, may well find markedly greater convenience in a financial instrument that allows either of them to use it independently, and that facilitates transfer of resources between them.
- In a
step 156, the input dataset is written to a nonvolatile memory such as thememory array 62 of FIG. 3A. Aquery task 158 then compares data read from the memory to the input dataset to verify that the memory has actually the input dataset with sufficient integrity. - When the
query task 158 determines that the input data and the data read from the memory do not match, the index variable i is incremented in astep 160. Aquery task 162 then determines when the index variable i exceeds a predetermined threshold iMAX. When thequery task 162 determines that the index variable i exceeds the predetermined threshold iMAX, the memory is deemed defective in astep 164 and theprocess 150 ends. When thequery task 162 determines that the index variable i does not exceed the predetermined threshold iMAX, control passes back to thestep 156, and thesteps - When the
query task 158 determines that the stored data match the input data, capability for writing to the memory is disabled in astep 166. In one embodiment, the capability for writing data to the memory may be disabled by destroying the functionality of write circuitry associated with the memory. In another embodiment, the capability for writing data to the memory may be disabled by decoupling the write circuitry from the memory, for example, by blowing a fuse or an antifuse coupled to the output of the write circuitry or to the memory, or by other techniques now known or that may be developed. As a result, a capability for over-writing the fingerprint data that are stored in the first flash memory or the first memory portion is disabled. This prevents someone who has a lost or stolen smart card or othersecure instrument 20 from simply reprogramming the authentication portion of thesecure instrument 20 with their own or an associate's authentication or fingerprint data. - FIG. 8 is a simplified flow chart of a
method 180 of controlling access to data stored in a memory, in accordance with an embodiment of the present invention. Themethod 180 begins by setting an index variable j to one in astep 182 when a user presents a financial instrument 20 (FIG. 1) in astep 184. The user also presents authorization credentials in astep 186. In one embodiment, the authorization credentials are a fingerprint and are presented by placing one of the users fingertips on thefingerprint sensor 21 of theinstrument 20. In aquery task 188, thecomputation engine 25 correlates the authorization credentials from the user with data stored in thecomputation engine 25 to determine if the authorization credentials match the stored data. When the authorization credentials match the stored data, theinstrument 20 is enabled in astep 190, allowing transactions based on theinstrument 20 or on data stored in theinstrument 20 to proceed, and theprocess 180 ends. - When the
computation engine 25 is unable to determine a match between the authorization credentials and data stored in thecomputation engine 25, the index variable j is compared to a predetermined threshold jMAX in aquery task 192. When thequery task 192 determines that the index variable j exceeds the predetermined threshold jMAX, the read capability of theinstrument 20 is disabled in astep 194 and theprocess 180 ends. - The read capability of the
instrument 20 may be disabled in a number of different ways. In one embodiment, thefingerprint sensor 21 is disabled, disabling normal use of theinstrument 20 but not destroying any financial data that may be stored in the read-write memory 28. This allows for the possibility of recovery of theinstrument 20 and restoration of any remaining finds to an account belonging to the user. This capability may be significant in systems where theinstrument 20 acts as the equivalent of a virtual wallet having some amount of money stored in it, which money would be lost if theinstrument 20 were lost or destroyed or if the data contained in thememory 28 were lost or destroyed. - In another embodiment, the read-write circuitry associated with the
computation engine 25 or the read-write memory 28 or both is disabled or destroyed. This may be carried out by severing a link between thecomputation engine 25 or thememory 28 by blowing a fuse or antifuse or by triggering the destruction of other circuitry necessary for accessing of these elements. The user may prefer to have all access to any stored authorization data and/or any financial data when theinstrument 20 functions in a fashion similar to a credit or debit card, i.e., identifies and triggers adjustment of accounts external to theinstrument 20 in carrying out a normal transaction. The authorization and financial data are then protected from theft or misuse. - When the
query task 198 determines that the index variable j does not exceed the predetermined threshold jMAX, the index variable is incremented in astep 196. Anoptional query task 198 then determines when a time t exceeds a predetermined threshold tMAX. The time t is the time between initiation of a series of successive determinations by thequery task 188 that the authorization credentials do not match the stored data and the present. When thequery task 198 determines that the time t exceeds the predetermined threshold tMAX, the index variable j is reset to unity in thestep 182. When thequery task 198 determines that the time t does not exceed the predetermined threshold tMAX, the user may repeat presentation of the instrument in thestep 184. In either case, thesteps instrument 20 is enabled in thestep 190, theinstrument 20 is disabled in thestep 194 or the user voluntarily ends theprocess 180. - By carrying out the
optional query task 198, a clumsy user or a user having aninstrument 20 that is marginally functional is prevented from inadvertently rendering theinstrument 20 useless, without necessarily compromising the security provided by theprocess 180. In these situations, a few unsuccessful attempts to use theinstrument 20 may be followed by a successful attempt, with the result that theinstrument 20 is stored between uses. A high total count of unsuccessful attempts that may not represent attempts of unauthorized use of theinstrument 20 is prevented from disabling theinstrument 20. At the same time, the frequency with which an unauthorized user would have to attempt different input sequences to thefingerprint sensor 21 is very likely to result in theinstrument 20 being disabled in thestep 194, preserving the integrity of theinstrument 20. - From the foregoing it will be appreciated that, although specific embodiments of the invention have been described herein for purposes of illustration, various modifications may be made without deviating from the spirit and scope of the invention. Accordingly, the invention is not limited except as by the appended claims.
Claims (27)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/219,549 US6442286B1 (en) | 1998-12-22 | 1998-12-22 | High security flash memory and method |
US10/188,791 US6707935B2 (en) | 1998-12-22 | 2002-07-02 | High security flash memory and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/219,549 US6442286B1 (en) | 1998-12-22 | 1998-12-22 | High security flash memory and method |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/188,791 Division US6707935B2 (en) | 1998-12-22 | 2002-07-02 | High security flash memory and method |
Publications (2)
Publication Number | Publication Date |
---|---|
US20020090117A1 true US20020090117A1 (en) | 2002-07-11 |
US6442286B1 US6442286B1 (en) | 2002-08-27 |
Family
ID=22819716
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/219,549 Expired - Lifetime US6442286B1 (en) | 1998-12-22 | 1998-12-22 | High security flash memory and method |
US10/188,791 Expired - Lifetime US6707935B2 (en) | 1998-12-22 | 2002-07-02 | High security flash memory and method |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/188,791 Expired - Lifetime US6707935B2 (en) | 1998-12-22 | 2002-07-02 | High security flash memory and method |
Country Status (1)
Country | Link |
---|---|
US (2) | US6442286B1 (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030012417A1 (en) * | 2001-07-16 | 2003-01-16 | Laurence Hamid | Biometric imaging device compensating for non-biometric parameters |
US20040091136A1 (en) * | 2002-11-13 | 2004-05-13 | Dombrowski James Douglas | Real-time biometric data extraction and comparison for self identification |
US20040093503A1 (en) * | 2002-11-13 | 2004-05-13 | Dombrowski James Douglas | Acquisition and storage of human biometric data for self identification |
US6789166B2 (en) * | 2000-05-16 | 2004-09-07 | Sony Corporation | Methods and apparatus for facilitating data communications between a data storage device and an information-processing apparatus |
EP1643356A1 (en) * | 2003-05-23 | 2006-04-05 | Nippon Telegraph and Telephone Corporation | Parallel processing device and parallel processing method |
EP1696865A2 (en) * | 2003-12-17 | 2006-09-06 | Motorola, Inc. | Fingerprint based smartcard |
EP1751990A1 (en) * | 2004-05-17 | 2007-02-14 | Identification Technology Group Inc. | Biometrically authenticated portable access device |
US20090145972A1 (en) * | 2007-12-11 | 2009-06-11 | James Douglas Evans | Biometric authorization transaction |
ES2336983A2 (en) * | 2002-09-10 | 2010-04-19 | Ivi Smart Technologies, Inc. | Secure biometric verification of identity |
US20120075451A1 (en) * | 2010-09-28 | 2012-03-29 | Stmicroelectronics (Research & Development) Limited | Multimode optical device and associated methods |
US8694793B2 (en) | 2007-12-11 | 2014-04-08 | Visa U.S.A. Inc. | Biometric access control transactions |
US9024719B1 (en) * | 2001-07-10 | 2015-05-05 | Xatra Fund Mx, Llc | RF transaction system and method for storing user personal data |
US10282578B2 (en) | 2015-09-22 | 2019-05-07 | Egis Technology Inc. | Array sensor and sensing method thereof |
US10303623B2 (en) * | 2016-04-08 | 2019-05-28 | Cryptography Research, Inc. | Non-volatile memory for secure storage of authentication data |
US11119558B2 (en) * | 2018-10-29 | 2021-09-14 | Sony Group Corporation | Method and system for device activation |
EP3905170A1 (en) * | 2020-04-28 | 2021-11-03 | Thales Dis France Sa | Method for managing a biometric smart card |
US20220351794A1 (en) * | 2021-04-30 | 2022-11-03 | Hewlett Packard Enterprise Development Lp | Analog content addressable memory with analog input and analog output |
Families Citing this family (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1129867C (en) * | 2000-03-17 | 2003-12-03 | 杭州中正生物认证技术有限公司 | Finger print hard disc |
US6799275B1 (en) * | 2000-03-30 | 2004-09-28 | Digital Persona, Inc. | Method and apparatus for securing a secure processor |
KR20010025234A (en) * | 2000-11-09 | 2001-04-06 | 김진삼 | A certification method of credit of a financing card based on fingerprint and a certification system thereof |
US7512806B2 (en) * | 2000-11-30 | 2009-03-31 | Palmsource, Inc. | Security technique for controlling access to a network by a wireless device |
US20020073340A1 (en) * | 2000-12-12 | 2002-06-13 | Sreenath Mambakkam | Secure mass storage device with embedded biometri record that blocks access by disabling plug-and-play configuration |
US6941004B2 (en) * | 2001-12-06 | 2005-09-06 | Motorola, Inc. | Method and apparatus for asperity sensing and storage |
US20070234052A1 (en) * | 2002-06-25 | 2007-10-04 | Campisi Steven E | Electromechanical lock system |
US20070220272A1 (en) * | 2002-06-25 | 2007-09-20 | Campisi Steven E | Transaction authentication card |
US7543156B2 (en) * | 2002-06-25 | 2009-06-02 | Resilent, Llc | Transaction authentication card |
FR2850190B1 (en) * | 2003-01-21 | 2006-04-28 | Atmel Grenoble Sa | METHOD AND DEVICE FOR RECOGNIZING PERSON |
US6983882B2 (en) * | 2003-03-31 | 2006-01-10 | Kepler, Ltd. | Personal biometric authentication and authorization device |
CN100356391C (en) * | 2003-05-21 | 2007-12-19 | 皇家飞利浦电子股份有限公司 | Method and device for verifying the identity of an object |
MY138544A (en) * | 2003-06-26 | 2009-06-30 | Neuramatix Sdn Bhd | Neural networks with learning and expression capability |
US7697729B2 (en) | 2004-01-29 | 2010-04-13 | Authentec, Inc. | System for and method of finger initiated actions |
US7693313B2 (en) * | 2004-03-22 | 2010-04-06 | Raytheon Company | Personal authentication device |
US20050268116A1 (en) * | 2004-05-14 | 2005-12-01 | Jeffries James R | Electronic encryption system for mobile data (EESMD) |
US6955294B1 (en) * | 2004-08-06 | 2005-10-18 | Mark Seegar | Apparatus and method for preventing credit card fraud |
JP2006189999A (en) * | 2005-01-04 | 2006-07-20 | Fujitsu Ltd | Security management method, program, and information apparatus |
US7831070B1 (en) | 2005-02-18 | 2010-11-09 | Authentec, Inc. | Dynamic finger detection mechanism for a fingerprint sensor |
US8000502B2 (en) | 2005-03-09 | 2011-08-16 | Sandisk Technologies Inc. | Portable memory storage device with biometric identification security |
US20070093748A1 (en) * | 2005-06-23 | 2007-04-26 | Medtronic Vascular, Inc. | Methods and systems for treating injured cardiac tissue |
US20070172472A1 (en) * | 2005-06-23 | 2007-07-26 | Asha Nayak | Methods and Systems for Treating Injured Cardiac Tissue |
US20100174902A1 (en) * | 2005-12-23 | 2010-07-08 | Phison Electronics Corp. | Portable storage media with high security function |
US20080040615A1 (en) * | 2006-06-30 | 2008-02-14 | Electronic Plastics, Llc | Biometric embedded device |
US20080097924A1 (en) * | 2006-10-20 | 2008-04-24 | Electronic Plastics, Llc | Decentralized secure transaction system |
US20080257956A1 (en) * | 2007-04-19 | 2008-10-23 | At&T Knowledge Ventures, L.P. | System for fulfilling purchases |
US8866347B2 (en) | 2010-01-15 | 2014-10-21 | Idex Asa | Biometric image sensing |
US8421890B2 (en) | 2010-01-15 | 2013-04-16 | Picofield Technologies, Inc. | Electronic imager using an impedance sensor grid array and method of making |
US8791792B2 (en) | 2010-01-15 | 2014-07-29 | Idex Asa | Electronic imager using an impedance sensor grid array mounted on or about a switch and method of making |
US20130279769A1 (en) | 2012-04-10 | 2013-10-24 | Picofield Technologies Inc. | Biometric Sensing |
KR102182297B1 (en) * | 2014-01-13 | 2020-11-24 | 삼성전자 주식회사 | Method Of Finger Scan And Mobile Terminal Supporting The Same |
US10037528B2 (en) | 2015-01-14 | 2018-07-31 | Tactilis Sdn Bhd | Biometric device utilizing finger sequence for authentication |
US9607189B2 (en) | 2015-01-14 | 2017-03-28 | Tactilis Sdn Bhd | Smart card system comprising a card and a carrier |
US10395227B2 (en) | 2015-01-14 | 2019-08-27 | Tactilis Pte. Limited | System and method for reconciling electronic transaction records for enhanced security |
KR20210069480A (en) * | 2019-12-03 | 2021-06-11 | 삼성전자주식회사 | Storage device including memroy controller and non volatile memory system including and operating method thereof |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5144680A (en) * | 1985-03-01 | 1992-09-01 | Mitsubishi Denki Kabushiki Kaisha | Individual identification recognition system |
US4993068A (en) * | 1989-11-27 | 1991-02-12 | Motorola, Inc. | Unforgeable personal identification system |
US5544111A (en) * | 1991-03-14 | 1996-08-06 | Gemplus Card International | Programming process for integrated memory, particularly for a smart card |
GB9411528D0 (en) * | 1994-06-09 | 1994-08-03 | Jelm Limited | Improvements in or relating to credit cards and other types of authorisation cards |
US5815252A (en) * | 1995-09-05 | 1998-09-29 | Canon Kabushiki Kaisha | Biometric identification process and system utilizing multiple parameters scans for reduction of false negatives |
US6320394B1 (en) * | 1996-02-14 | 2001-11-20 | Stmicroelectronics S.R.L. | Capacitive distance sensor |
JP2947210B2 (en) * | 1997-02-28 | 1999-09-13 | 日本電気株式会社 | Biological identification device |
US6266647B1 (en) * | 1997-11-03 | 2001-07-24 | Xtec, Incorporated | Methods and apparatus for electronically storing and retrieving value information on a portable card |
US6028773A (en) * | 1997-11-14 | 2000-02-22 | Stmicroelectronics, Inc. | Packaging for silicon sensors |
-
1998
- 1998-12-22 US US09/219,549 patent/US6442286B1/en not_active Expired - Lifetime
-
2002
- 2002-07-02 US US10/188,791 patent/US6707935B2/en not_active Expired - Lifetime
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6789166B2 (en) * | 2000-05-16 | 2004-09-07 | Sony Corporation | Methods and apparatus for facilitating data communications between a data storage device and an information-processing apparatus |
US9024719B1 (en) * | 2001-07-10 | 2015-05-05 | Xatra Fund Mx, Llc | RF transaction system and method for storing user personal data |
US20030012417A1 (en) * | 2001-07-16 | 2003-01-16 | Laurence Hamid | Biometric imaging device compensating for non-biometric parameters |
US7272248B2 (en) * | 2001-07-16 | 2007-09-18 | Activcard Ireland Limited | Biometric imaging device compensating for non-biometric parameters |
ES2336983A2 (en) * | 2002-09-10 | 2010-04-19 | Ivi Smart Technologies, Inc. | Secure biometric verification of identity |
US20040091136A1 (en) * | 2002-11-13 | 2004-05-13 | Dombrowski James Douglas | Real-time biometric data extraction and comparison for self identification |
US20040093503A1 (en) * | 2002-11-13 | 2004-05-13 | Dombrowski James Douglas | Acquisition and storage of human biometric data for self identification |
EP1643356A1 (en) * | 2003-05-23 | 2006-04-05 | Nippon Telegraph and Telephone Corporation | Parallel processing device and parallel processing method |
EP1643356A4 (en) * | 2003-05-23 | 2009-04-01 | Nippon Telegraph & Telephone | Parallel processing device and parallel processing method |
EP1696865A2 (en) * | 2003-12-17 | 2006-09-06 | Motorola, Inc. | Fingerprint based smartcard |
EP1696865A4 (en) * | 2003-12-17 | 2008-08-20 | Motorola Inc | Fingerprint based smartcard |
EP1751990A1 (en) * | 2004-05-17 | 2007-02-14 | Identification Technology Group Inc. | Biometrically authenticated portable access device |
EP1751990A4 (en) * | 2004-05-17 | 2009-06-03 | Identification Technology Grou | Biometrically authenticated portable access device |
US20090145972A1 (en) * | 2007-12-11 | 2009-06-11 | James Douglas Evans | Biometric authorization transaction |
US8694793B2 (en) | 2007-12-11 | 2014-04-08 | Visa U.S.A. Inc. | Biometric access control transactions |
US20120075451A1 (en) * | 2010-09-28 | 2012-03-29 | Stmicroelectronics (Research & Development) Limited | Multimode optical device and associated methods |
US10282578B2 (en) | 2015-09-22 | 2019-05-07 | Egis Technology Inc. | Array sensor and sensing method thereof |
US10303623B2 (en) * | 2016-04-08 | 2019-05-28 | Cryptography Research, Inc. | Non-volatile memory for secure storage of authentication data |
US10896137B2 (en) | 2016-04-08 | 2021-01-19 | Cryptography Research, Inc. | Non-volatile memory for secure storage of authentication data |
US11119558B2 (en) * | 2018-10-29 | 2021-09-14 | Sony Group Corporation | Method and system for device activation |
EP3905170A1 (en) * | 2020-04-28 | 2021-11-03 | Thales Dis France Sa | Method for managing a biometric smart card |
WO2021219382A1 (en) * | 2020-04-28 | 2021-11-04 | Thales Dis France Sa | Method for managing a biometric smart card |
US20220351794A1 (en) * | 2021-04-30 | 2022-11-03 | Hewlett Packard Enterprise Development Lp | Analog content addressable memory with analog input and analog output |
US11735281B2 (en) * | 2021-04-30 | 2023-08-22 | Hewlett Packard Enterprise Development Lp | Analog content addressable memory with analog input and analog output |
Also Published As
Publication number | Publication date |
---|---|
US6442286B1 (en) | 2002-08-27 |
US20020164057A1 (en) | 2002-11-07 |
US6707935B2 (en) | 2004-03-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6442286B1 (en) | High security flash memory and method | |
US6454173B2 (en) | Smart card technology | |
US5991408A (en) | Identification and security using biometric measurements | |
US5351303A (en) | Infra-red imaging and pattern recognition system | |
US7278025B2 (en) | Secure biometric verification of identity | |
US20020091937A1 (en) | Random biometric authentication methods and systems | |
US20020196963A1 (en) | Biometric identification system using a magnetic stripe and associated methods | |
WO2005081871A2 (en) | System for personal identity verification | |
WO2008001373A1 (en) | System and method for traceless biometric identification | |
EP1435586A1 (en) | Fingerprint verification method and fingerprint verification device | |
US20010045458A1 (en) | Biometeric system for verifying the user of a credit/identification card by a miniature autonomous fingerprint capture and verification system | |
Lawton | Biometrics: a new era in security | |
Wu et al. | Access control by RFID and face recognition based on neural network | |
WO2007018545A2 (en) | Protometric authentication system | |
Chikkerur | Online fingerprint verification system | |
Okokpujie et al. | Integration of iris biometrics in automated teller machines for enhanced user authentication | |
Benamara et al. | Securing E-payment systems by RFID and deep facial biometry | |
Toh et al. | Combining fingerprint and hand-geometry verification decisions | |
Mainguet et al. | Fingerprint recognition based on silicon chips | |
Ferhaoui Cherifi et al. | An improved revocable fuzzy vault scheme for face recognition under unconstrained illumination conditions | |
Uchenna et al. | Overview of technologies and fingerprint scanner used for biometric capturing | |
JP2877547B2 (en) | Portable storage media | |
US11483310B1 (en) | Post-quantum biometric template protection system using smart card | |
EP3388974B1 (en) | New identification document | |
Verma et al. | System Implementing for Biometric Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: STMICROELECTRONICS, INC., TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KRAMER, ALAN;REEL/FRAME:009683/0272 Effective date: 19981221 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
FPAY | Fee payment |
Year of fee payment: 8 |
|
FPAY | Fee payment |
Year of fee payment: 12 |