Browse Prior Art Database

Biometric Access Control in a Personal Computer System

IP.com Disclosure Number: IPCOM000122977D
Original Publication Date: 1998-Jan-01
Included in the Prior Art Database: 2005-Apr-04
Document File: 4 page(s) / 215K

Publishing Venue

IBM

Related People

Dayan, RA: AUTHOR

Abstract

Disclosed are several methods to incorporate biometrics as an integral part of a Personal Computer (PC) System. For example, a fingerprint scanner may be incorporated into a mobile PC such as an IBM* Thinkpad* to be used to authenticate a user. The scanner may be used as a password substitute or in conjunction with a password.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 26% of the total text.

Biometric Access Control in a Personal Computer System

      Disclosed are several methods to incorporate biometrics as an
integral part of a Personal Computer (PC) System.   For example, a
fingerprint scanner may be incorporated into a mobile PC such as an
IBM* Thinkpad* to be used to authenticate a user.  The scanner may be
used as a password substitute or in conjunction with a password.

      At power-up and prior to booting the operating system, a PC
system is capable of prompting for the entry of a password.  If the
system owner has configured the system for use of a biometric scanner
as a substitute for keyboard entry of a password, Power-On Self Tests
(POST) will enable the scanner and will not proceed until a
recognized fingerprint is scanned.  If an authorized fingerprint is
not recognized  after three attempts, POST renders the computer
system non-operational  by activating the tamper evident mechanism
and refuses to boot the Operating System (OS) or configuration
utilities.  Any further attempts  at booting the OS would require
correct entry of the Privileged-Access  Password (PAP) or recognition
of a privileged fingerprint, similar in function to the PAP.  The
protected system must be powered off and then  powered on in order to
make further attempts at accessing its software  or data.  The system
can only be activated by correctly entering the PAP, or the PAP-level
authorized biometric signature, or both depending  on the system's
configuration.

      A fingerprint scanner can be embedded in the system unit,
keyboard or in the display unit.  It is recommended that when used in
an attached display or keyboard, that the fingerprint scanner also be
protected in its mechanical envelope by a tamper evident mechanism.
An example of such a scanning device is made by Harris Semiconductor.
It is known as FingerLoc** System and Fingerloc contains a
fingerprint scanning device which can be incorporated into other
devices such as a  PC.  The fingerprint scanner is electrically
coupled to the PC System's  microprocessor via the Input/Output (I/O)
Address Space of the microprocessor.  POST interrogates the scanner
during power up in order  to help take the appropriate actions
depending on the current state of the scanner and the system's
configuration.  The scanner is also protected by design from
malicious tampering intended to defeat it via  the system's access
openings.  For example, cooling slots, device bays,  etc.

      There are several modes of operation for this security
feature.  Some modes require that the PAP be installed.  One mode of
operation is using the scanner as a replacement for the PAP.  Another
mode of operation uses the scanner in addition to the PAP, at the
same level of security protection.  Similarly, there are the same two
modes of operation for the use of the scanner with respect to the
POP. Also,  there are two modes of operation where the only
authorized access to...