The present invention relates to secure processor, and more specifically, to method of using biometrics to secure a secure processor.
Secure processors are processors that are difficult to access. Generally, above a certain level of security, a processor is considered a secure processor. One example of a secure processor is-a processor in a smart card.
A smart card is a card similar in size to today""s plastic payment card that has a chip embedded in it. By adding a chip to the card, it becomes a smart card with the power to serve many different uses. As an access-control device, smart cards are used to make personal and business data available only to the appropriate users. Another application provides users with the ability to make a purchase or exchange value. Smart cards provide data portability, security and convenience.
Of course, access to the card should be secure. A challenge-response system is a common security technique whereby an individual is prompted (the challenge) to provide some private information (the response).
FIG. 1 illustrates a prior art security mechanism permitting access to the card. First, the smart card 110 is connected to the client 120. Then, the client 120 connects to the server 140 through a network 140. Using a challenge-response system, the server 130 sends a challenge to the client 120. A user enters a personal identification number (PIN) code (the challenge) into the smart card. If the PIN code is correct, this opens a session the use of a private key on the card. The server can send data to the card to be encrypted with the private key. The server can check the signature by using the public key of the card. Because confidential information, as well as digital cash, could be kept on a smart card, a better security system that can be certain of who is accessing a card, a smart card is advantageous.
A method and apparatus for securing a secure processor is described. A plurality of spurious points are added to a biometric template. A received biometric data is matched to the biometric template. It is determined if the plurality of spurious points are present in the received biometric data. If the received biometric data matches the biometric template and the spurious points were not present in the received biometric data, access is granted to the secure processor.