Access control apparatus and method for electronic device

Abstract

A switch for power gating is disposed between an electronic device and its power source. The switch is controlled from a biometric reader that asserts a signal to the switch when a biometric profile matches a stored biometric signature. The gating of the power may thereby activate the electronic device. As the electronic device is isolated from its power source pending a successful biometric verification, it is not possible to circumvent the access control feature using the resources of the electronic device. Until the biometric reader verifies a biometric profile, the electronic device remains in an unpowered state.

Claims

What is claimed is: 1 . An access control system, comprising: an electronic device adapted for operation using power from a power source, said power source energizing a circuit of said electronic device for enabling a startup procedure of said electronic device; a switch, coupled between said power source and said processor, for enabling said energizing of said circuit responsive to an assertion of an activation signal; and a biometric reader coupled to said switch, comprising: a memory for storing a biometric signature; a biometric sensor, coupled to said memory, for discerning a biometric profile; and a verifier, coupled to said biometric sensor and to said memory, for asserting said activation signal when said biometric profile matches said biometric signature. 2 . A method for controlling access to an electronic device, comprising: discerning a biometric profile of a prospective user of the electronic device; comparing said biometric profile to a stored biometric signature of an authorized user of the electronic device; thereafter asserting an activation signal to a switch when said prospective user is an authorized user, said switch interposed between a power source of the electronic device and a circuit of the electronic device for enabling a startup procedure of said electronic device such that said switch interrupts power to said circuit when said activation signal is not asserted.
BACKGROUND [0001] This invention relates generally to access control for electrically powered electronic devices, and more particularly to biometric access control of power gating provided to operating components of the electronic device. [0002] Access control for electronic devices is known in the prior art. For example, access control includes physical control, in which the electronic device is protected from unauthorized access via physical access constraints. When the electronic device is a computing system, it is common to provide access control through applications or processes executing on the computing system. These applications or processes may, in some cases, be initiated by a boot sequence executed after power is applied to the computing system. An authorized user successfully interacts with the application or process to permit the electronic device to successfully boot or to otherwise direct the application or process to permit the user to access resources of the electronic device. Further, it is known to use biometric profiles to interact with the application or process to identify authorized users. [0003] It is one disadvantage of these prior art solutions that the electronic device participates in the evaluation of a user's access status. Such participation is possible only when the electronic device is partially or wholly active. Many electronic devices have provision for redirecting boot-up control to an alternate instruction source. For example, if the electronic device is an IBM-compatible personal computer, boot-up control may be redirected by code contained on a floppy disk inserted in a floppy drive of the device, or by code contained on a CD-ROM, or special devices attached to various I/O (input/output) ports of the device. This alternate instruction source may include initiation instructions that disable, bypass, or otherwise defeat or thwart the access control protocol established for the electronic device. [0004] Some prior art access control solutions tether a biometric sensor to a serial port of the electronic device. The electronic device must sufficiently activate itself to initiate the hardware port interface routines. In addition, it must activate and support any processes necessary to interact with the sensor and to make appropriate decisions regarding access. [0005] It is one source of failure for the access control of such electronic devices when the alternate instruction source does not properly implement or initialize the access control features. In such cases, the access control for the electronic device may be defeated. SUMMARY OF THE INVENTION [0006] The present invention is a simple, cost-effective electronic device access control solution. A preferred embodiment provides a switch for power gating disposed between an electronic device and its power source. The switch is controlled from a biometric reader that asserts a signal to the switch when a biometric profile of a prospective user matches a stored biometric signature. The gating of the power may thereby activate the electronic device. As the electronic device is isolated from its power source pending a successful biometric verification, it is not possible to circumvent the access control feature using the resources of the electronic device. Until the biometric reader verifies a biometric profile, the electronic device remains in an unpowered state. [0007] A preferred embodiment of the invention is an access control system. The access control system includes an electronic device adapted for operation using power from a power source, the power source energizing a circuit of the electronic device for enabling a startup procedure of the electronic device; a switch, coupled between the power source and the processor, for enabling the energizing of said circuit responsive to an assertion of an activation signal; and a biometric reader coupled to the switch. The biometric reader including a memory for storing a biometric signature; a biometric sensor, coupled to the memory, for discerning a biometric profile; and a verifier, coupled to the biometric sensor and to the memory, for asserting the activation signal when the biometric profile matches the biometric signature. [0008] An alternate preferred embodiment of the invention is a method for controlling access to an electronic device. The method includes discerning a biometric profile of a prospective user of the electronic device; comparing the biometric profile to a stored biometric signature of an authorized user of the electronic device; and thereafter asserting an activation signal to a switch when the prospective user is an authorized user, the switch interposed between a power source of the electronic device and a circuit of the electronic device for enabling a startup procedure of the electronic device such that the switch interrupts power to the circuit when the activation signal is not asserted. [0009] It is another preferred embodiment of the present invention to provide for a process/device that uses a self contained embedded fingerprint identification system that is built into a electronic device, such as a laptop computer, PDA, PC, cell phone, or wireless or cordless telephone or other communication device. It protects the electronic device from being operated by anyone except the intended user. This preferred embodiment addressees the protection of laptop computers using fingerprint recognition, but it is understood that most any electronic device that requires power for its operation is a candidate for this solution and could use any biometric parameter or combination of parameters. [0010] The access control is similar to the code protection on automobile radios whereby if the radio is stolen, and power is cut off to the radio (to remove it from the car), the radio will not work unless the proper code is input. Essentially, the embedded fingerprint “module” gates the power to the computer, preventing the computer from powering up without proper identification. By gating, it is meant that the device is placed between the power supply (either battery or corded to the wall plug). It will not allow power to flow to the device's initiation circuit (e.g., computer mother board) unless a correct identification is acknowledged by the biometric device (e.g., fingerprint device). Then, and only then will the fingerprint device switch the power on to the mother board allowing access to the PC. [0011] This is different from a fingerprint device that would be attached to the computer (tethered) which operates under the computer's control. A tethered device runs off the computer's operating system with all the software and identification information accessible only through the computer system. The tethered device allows access to the computer, but disallows access to certain portions of the disk or files. If a computer is misappropriated, a tethered device offers no protection from theft, since the unauthorized user is able to circumvent the protection. When the existing data on the computer is not needed, the unauthorized user may simply reformat the boot drive, producing what is essentially a new computer. With the embedded fingerprint device, the unauthorized user cannot access the mother board and hence the operating system of the computer, and cannot turn it on without complete disassembly and damage to the computer. [0012] There are alternate preferred embodiments to this invention. For example, as long as electronic devices require an initialization of the device using a BIOS or similar code, the biometric reader may be configured to provide an operation signal to the BIOS to inhibit operation at the BIOS level. Further, other physical parameter measuring devices may be used in lieu or in addition to the fingerprint module. For example, optical devices that scan a prospective user's retina, or audio devices that compare vocal signatures, or handwriting recognition systems for identification through dynamic handwriting parameters, or even other physical attributes. [0013] Further, one or more biometric readers may be networked together or otherwise connected to a biometric signature server. It is possible that the access control could be used to provide differing levels of user access, depending upon access permissions associated with a biometric signature. This application could be further tailored to provide differing access based upon a particular electronic device. In some applications, the biometric reader could be used to automatically log a user on to the electronic device or to a network coupled to the electronic device. [0014] Another alternate preferred embodiment provides an embedded system, inclusive of the processor, matching algorithms and stored identification information for the authorized users. The preferred embodiment would be an application for consumer and industrial safes. The advantage in this type of system is that the information regarding individual biometric signatures is stored along with the embedded module inside the safe, or in the case of most consumer products, behind substantial cover, thereby limiting access. Other fingerprint devices used in this application are stored on computers that are remote to the safe, which are intrinsically insecure because of their physical location. [0015] Again, alternate physical parameters may be keyed and measured for use in conjunction with this preferred embodiment. [0016] Other features and advantages of the present invention will be understood upon reading and understanding the detailed description of the preferred exemplary embodiments, found hereinbelow, in conjunction with reference to the drawings, in which like numerals represent like elements. BRIEF DESCRIPTION OF THE FIGURES [0017] [0017]FIG. 1 is a schematic diagram of an access control system. DESCRIPTION OF THE SPECIFIC EMBODIMENTS [0018] [0018]FIG. 1 is a schematic diagram of an access control system 100 . Access control system 100 includes electronic device 110 , a power source 120 , a switch 130 and a biometric reader 140 . Electronic device 110 may be a portable device, such as for example, a laptop computer or personal data assistant (PDA) or a personal computer or other device or apparatus to which a prospective user may desire access. [0019] Electronic device 110 initiates and/or operates from power source 120 which provides electrical power. Power source 120 may be a battery, power supply or a direct power in connection. Switch 130 is interposed between electronic device 110 and power source 120 . Switch 130 is responsive to an activation signal to gate power source 120 to provide initiation/operation power to electronic device 110 . [0020] Depending upon the specific application, switch 130 may be integrated into electronic device 110 , power source 120 , biometric reader 140 , or provided as a discrete component. [0021] Biometric reader 140 includes a memory, a biometric sensor and a biometric verifier for discern biometric parameters from a prospective user. The particular parameters discerned are dependent upon the type of biometric reader 140 that is used. In the preferred embodiment, biometric reader is adapted for use with fingerprints. Other biometric parameters, such as for example retinal patterns, vocal characteristics, dynamic handwriting indicia, or combinations of two or more parameters, may be used. [0022] The memory of biometric reader 140 stores one or more appropriate biometric signatures of authorized users of electronic device 110 . The biometric sensor discerns the appropriate biometric parameters and produces a biometric profile of the appropriate biometric parameters for a prospective user of electronic device 110 . The verifier compares the biometric profile to the stored biometric signatures and asserts the activation signal to switch 130 upon a match. [0023] Biometric reader 140 may be integrated into electronic device 110 , power source 120 , switch 130 , or provided as a discrete component. Further, biometric reader 140 may be implemented in a client/server configuration in which the sensor is physically separate from the memory and verifier. [0024] In operation, electronic device 110 is in the power-down or off state. A prospective user operates biometric reader 140 , such as by, for example, pressing her finger against a sensor to establish a biometric profile including her fingerprint details. [0025] Biometric reader 140 compares the biometric profile to the biometric signature stored in its memory. If the verifier determines that the profile matches the signature within a close enough margin, the verifier asserts the activation signal to switch 130 . [0026] Switch 130 , in response to the activation signal, gates power source 120 to electronic device 110 , thereby permitting electronic device 110 to operate or to be initiated in preparation for operation (e.g., boot sequence for a laptop computer). [0027] A failure of the verifier to match the biometric profile to a stored biometric signature results in a non-assertion of the activation signal to switch 130 , maintaining electronic device 110 in a power-down or off state. [0028] Switch 130 is a state device in that it stores an operational state that is influenced by electronic device 110 , power source 120 and biometric reader 140 . Once biometric reader 140 successfully verifies a biometric profile and asserts the activation signal, the prospective user (now an authorized user) does not need to maintain her finger on the fingerprint sensor of biometric reader 140 (when using fingerprints). Further, when electronic device 110 is turned off after having been successfully activated, switch 130 is reset, requiring a subsequent successful verification of a biometric profile. Switch 130 is also reset when the biometric profile is incomplete or the verification has not been completed prior to removal of the prospective user's biometric input. [0029] In an alternate preferred embodiment, switch 130 may selectively activate various BIOS routines, dependent upon information provided from biometric reader 140 regarding the authorized user's identity or classification, or other information associated with the user. Further, switch 130 may be used to log an authorized user into resources of electronic device 110 , or coupled to electronic device 110 through a network. [0030] From the foregoing description it is believed that the preferred embodiment achieves the objects of the present invention. Alternative embodiments and various modifications such as discussed herein and apparent to those skilled in the art, are considered to be within the spirit and scope of the present invention. The present invention is not limited by the foregoing description, but rather as defined as by the appended claims.

Description

Topics

Download Full PDF Version (Non-Commercial Use)

Patent Citations (27)

    Publication numberPublication dateAssigneeTitle
    US-5153918-AOctober 06, 1992Vorec CorporationSecurity system for data communications
    US-5291560-AMarch 01, 1994Iri Scan IncorporatedBiometric personal identification system based on iris analysis
    US-5351303-ASeptember 27, 1994Willmore Michael RInfra-red imaging and pattern recognition system
    US-5377269-ADecember 27, 1994Intelligent Security Systems, Inc.Security access and monitoring system for personal computer
    US-5668878-ASeptember 16, 1997Brands; Stefanus AlfonsusSecure cryptographic methods for electronic transfer of information
    US-5751950-AMay 12, 1998Compaq Computer CorporationSecure power supply for protecting the shutdown of a computer system
    US-5848231-ADecember 08, 1998Teitelbaum; Neil, Freedman; Gordon Sean, Borza; Stephen J., Borza; Michael A.System configuration contingent upon secure input
    US-5872834-AFebruary 16, 1999Dew Engineering And Development LimitedTelephone with biometric sensing device
    US-5878142-AMarch 02, 1999Information Resource Engineering, Inc.Pocket encrypting and authenticating communications device
    US-5887140-AMarch 23, 1999Kabushiki Kaisha ToshibaComputer network system and personal identification system adapted for use in the same
    US-5892838-AApril 06, 1999Minnesota Mining And Manufacturing CompanyBiometric recognition using a classification neural network
    US-5905446-AMay 18, 1999Diebold, IncorporatedElectronic key system
    US-5973731-AOctober 26, 1999Schwab; Barry H.Secure identification system
    US-6181803-B1January 30, 2001Intel CorporationApparatus and method for securely processing biometric information to control access to a node
    US-6219439-B1April 17, 2001Paul M. BurgerBiometric authentication system
    US-6237100-B1May 22, 2001International Business Machines CorporationPower passwords within a data processing system for controlling a supply of system power
    US-6282304-B1August 28, 2001Biolink Technologies International, Inc.Biometric system for biometric input, comparison, authentication and access control and method therefor
    US-6317544-B1November 13, 2001Raytheon CompanyDistributed mobile biometric identification system with a centralized server and mobile workstations
    US-6320974-B1November 20, 2001Raytheon CompanyStand-alone biometric identification system
    US-6356965-B1March 12, 2002Compaq Computer CorporationHotkey for network service boot
    US-6367017-B1April 02, 2002Litronic Inc.Apparatus and method for providing and authentication system
    US-6487662-B1November 26, 2002Jurij Jakovlevich Kharon, Roman RozenbergBiometric system for biometric input, comparison, authentication and access control and method therefor
    US-6498957-B1December 24, 2002Nec CorporationPower supply control in portable data terminal
    US-6539101-B1March 25, 2003Gerald R. BlackMethod for identity verification
    US-6615356-B1September 02, 2003Samsung Electronics Co., Ltd.System and method for controlling a system power supply using a password
    US-6618806-B1September 09, 2003Saflink CorporationSystem and method for authenticating users in a computer network
    US-6625738-B1September 23, 2003Alps Electric Co., Ltd.USB apparatus that turns on computer power supply using signals substantially longer than information conveying pulse widths when predetermined operation is performed on input device

NO-Patent Citations (0)

    Title

Cited By (33)

    Publication numberPublication dateAssigneeTitle
    CN-102348009-AFebruary 08, 2012鸿富锦精密工业(深圳)有限公司, 鸿海精密工业股份有限公司Mobile phone with fingerprint identification function
    CN-103635862-AMarch 12, 2014Actatek私人有限公司A system and method for controlling electrical appliances
    GB-2482625-BJune 17, 2015Hewlett Packard Development CoFingerprint scanner
    US-2001023375-A1September 20, 2001Miaxis Biometrics Co.Fingerprint hard disk
    US-2005204156-A1September 15, 2005Giga-Byte Technology Co., Ltd.Method for computer booting via using a motherboard combined with fingerprint recognition module and apparatus for the same
    US-2006061456-A1March 23, 2006Denso CorporationRadio communication module to be installed on vehicular license plate
    US-2006129826-A1June 15, 2006Kabushiki Kaisha ToshibaElectronic apparatus and method of reinforcing security thereof
    US-2006219776-A1October 05, 2006Dpd Patent TrustRfid reader with multiple interfaces
    US-2006226951-A1October 12, 2006Aull Kenneth W, Bowman Erik JMethod and system for providing fingerprint enabled wireless add-on for personal identification number (PIN) accessible smartcards
    US-2007267504-A1November 22, 2007First Data CorporationRf presentation instrument with sensor control
    US-2007290791-A1December 20, 2007Intelleflex CorporationRfid-based security systems and methods
    US-2009094448-A1April 09, 2009Chih-Yuan HsiehElectronic Device and Related Method for Enhancing Convenience of a Computer System
    US-2009249079-A1October 01, 2009Fujitsu LimitedInformation processing apparatus and start-up method
    US-2010085153-A1April 08, 2010Smith Gaylan SBiometric Control System and Method For Machinery
    US-2011109431-A1May 12, 2011Andrea Bragagnini, Sara Della Luna, Stefano Nocentini, Maura SantinaMethod and system for communicating access authorization requests based on user personal identification as well as method and system for determining access authorizations
    US-2012019356-A1January 26, 2012Eric Gagneraud, Alexis AimardFingerprint scanner
    US-2012034901-A1February 09, 2012Hon Hai Precision Industry Co., Ltd., Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd.Mobile phone
    US-2013027179-A1January 31, 2013Hon Hai Precision Industry Co., Ltd.Computer system with security apparatus
    US-2014344921-A1November 20, 2014Dell Products L.P.Apparatus and Method for Enabling Fingerprint-Based Secure Access to a User-Authenticated Operational State of an Information Handling System
    US-2016085951-A1March 24, 2016Dell Products L.P.Apparatus and method for enabling fingerprint-based secure access to a user-authenticated operational state of an information handling system
    US-2017132400-A1May 11, 2017Dell Products, L.P.Apparatus and method for enabling fingerprint-based secure access to a user-authenticated operational state of an information handling system
    US-7302089-B1November 27, 2007National Semiconductor CorporationAutonomous optical wake-up intelligent sensor circuit
    US-7535342-B2May 19, 2009Denso CorporationRadio communication module to be installed on vehicular license plate
    US-7597250-B2October 06, 2009Dpd Patent Trust Ltd.RFID reader with multiple interfaces
    US-7697737-B2April 13, 2010Northrop Grumman Systems CorporationMethod and system for providing fingerprint enabled wireless add-on for personal identification number (PIN) accessible smartcards
    US-8249557-B2August 21, 2012Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd., Hon Hai Precision Industry Co., Ltd.Mobile phone
    US-8489869-B2July 16, 2013Wistron CorporationElectronic device and related method for enhancing convenience of a computer system
    US-8633798-B2January 21, 2014Hon Hai Precision Industry Co., Ltd.Computer system with security apparatus
    US-8665062-B2March 04, 2014Telecom Italia S.P.A.Method and system for communicating access authorization requests based on user personal identification as well as method and system for determining access authorizations
    US-8902044-B2December 02, 2014Gaylon SmithBiometric control system and method for machinery
    US-9230082-B2January 05, 2016Dell Products, L.P.Apparatus and method for enabling fingerprint-based secure access to a user-authenticated operational state of an information handling system
    US-9589121-B2March 07, 2017Dell Products, L.P.Apparatus and method for enabling fingerprint-based secure access to a user-authenticated operational state of an information handling system
    WO-2012108834-A1August 16, 2012Actatek Pte LtdA system and method for controlling electrical appliances