(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2004/0117636A1
`Cheng
`(43) Pub. Date:
`Jun. 17, 2004
`
`US 2004O11.7636A1
`
`(54) SYSTEM, METHOD AND APPARATUS FOR
`SECURE TWO-TIER BACKUP AND
`RETRIEVAL OF AUTHENTICATION
`INFORMATION
`(76) Inventor: David Cheng, Degany (GB)
`Correspondence Address:
`LUMEN INTELLECTUAL PROPERTY
`SERVICES, INC.
`2345 YALE STREET, 2ND FLOOR
`PALO ALTO, CA 94.306 (US)
`(21) Appl. No.:
`10/670,755
`
`(22) Filed:
`
`Sep. 24, 2003
`O
`O
`Related U.S. Application Data
`(60) Provisional application No. 60/413,897, filed on Sep.
`25, 2002.
`
`Publication Classification
`
`(51) Int. Cl. .................................................... H04L 9/00
`
`(52) U.S. Cl. .............................................................. 713/185
`
`(57)
`
`ABSTRACT
`
`The present invention provides new ways to Securely backup
`and restore a user's portable biometrics-based authentication
`device without compromising the Secrecy thereof. A two-tier
`backup encryption Structure allows the decryption of lower
`tier data only when upper tier data has been decrypted and
`validated. The Structure can be expressed as:
`Baptists attany validation scripts/keys/
`
`where
`() represents the lower tier encryption; and
`{} represents the upper tier encryption.
`The lower tier data contain encrypted electronic identity of
`a user and authentication information associated there with
`Such as private keys and corresponding certificates. The
`upper tier data contain the encrypted lower tier data and the
`user's biometrics information.
`
`
`
`Biometrics Enrollment, Processing and
`Feature Comparison 201
`
`User
`Interface
`203
`
`Encryption/Decryption Engine 202
`
`Memory 204
`
`APPL-1008
`APPLE INC. / Page 1 of 13
`
`

`

`Patent Application Publication Jun. 17, 2004 Sheet 1 of 7
`
`US 2004/0117636A1
`
`Upper
`Tier
`Data
`
`Restore Validation
`Scripts/Values/Keys
`
`Lower Tier Data
`O
`-N-
`Private Keys
`Certificates
`
`FIG. 1
`
`
`
`200
`
`Biometrics Enrollment, Processing and
`Feature Comparison 201
`
`User
`Interface
`203
`
`Encryption/Decryption Engine 202
`
`Memory 204
`
`FIG. 2
`
`APPL-1008
`APPLE INC. / Page 2 of 13
`
`

`

`Patent Application Publication Jun. 17, 2004 Sheet 2 of 7
`
`US 2004/0117636A1
`
`GUI
`
`
`
`Biometrics-based
`Authentication Device
`
`recuest for device backup O {
`all-n-r- Start device backup()
`--------> request tower tier backup keys
`--------->
`---
`
`:
`
`:
`
`i
`
`Verify user and deviceO
`
`Reconfirm restore authority)
`a- - - - - - - - - - . .
`. - -- u - - -
`
`Return lower tier encryption key
`| confirm restore authority detail :
`-
`e - - - - - - - - - - - - - - - - - -
`
`
`
`set restore ideratification detail)
`-—s
`update restore identification detail)
`--- —-b
`i
`
`f
`
`t
`
`i
`f
`
`. ---> Create testore identification script)
`
`doned
`
`- s create tower tier backup file
`
`is Doned
`
`k - - -
`Request upper tier backup keyO
`---------
`
`Verify user and deviceO
`
`return upper tier encryption key()
`
`
`
`to FIG. 3B
`
`FIG. 3A
`
`APPL-1008
`APPLE INC. / Page 3 of 13
`
`

`

`Patent Application Publication Jun. 17, 2004 Sheet 3 of 7
`
`US 2004/0117636A1
`
`from FIG. 3A
`
`ra-
`
`Backup completed)
`g- - - - - - - - - - - - - - - - - - - - -
`
`i
`t
`:
`backup confirmation()
`:
`e- - - - - - - - - - - - - - - - - - - - - -
`
`:
`Copy encrypted files to storageO
`-->
`f
`
`File CopyO
`
`{
`:
`p
`
`:
`
`File Copy()
`
`backup file car be stored in
`any media. Storage at online
`server is only one of the
`options
`
`
`
`- - - -
`é - - -
`Backup files copyO
`- - - - - - - - - - - - - - -
`- - - - - - -:
`
`Y Done()
`
`backup file to storage()
`
`File storage confirmed)
`
`APPL-1008
`APPLE INC. / Page 4 of 13
`
`

`

`Patent Application Publication Jun. 17, 2004 Sheet 4 of 7
`
`US 2004/0117636A1
`
`GUI
`
`
`
`Biometrics-based
`Authentication Device
`
`initialize device
`
`device status check)
`
`nintialization requirement)
`
`is Requirement()
`
`e---
`
`- - - - - - - - - - - - - - - - - - - - -
`
`Update user detail)
`
`t
`
`:
`:
`h
`
`Prepare registration()
`
`Registration record()
`
`online registration werification)
`
`> verify registration detailt)
`
`k Recuest user registration
`
`- - - v- - - - - - - - - - - - - - - - -
`
`efter user details)
`
`:
`
`i
`
`i
`
`:
`t
`
`to FIG. 4B
`
`FIG. 4A
`
`APPL-1008
`APPLE INC. / Page 5 of 13
`
`

`

`Patent Application Publication Jun. 17, 2004 Sheet 5 of 7
`
`US 2004/0117636A1
`
`from FIG. 4A
`
`Analyse restore script()
`
`--
`
`al
`
`done()
`
`request digits)
`
`request digits()
`
`Vaidate fingerprint)
`
`- a. oko
`
`-
`
`-
`
`-s. O Restore upper tier data.()
`
`- m
`
`w. done
`
`-
`
`k
`i
`Sign the challenge()
`
`Verify accuracy of the
`restored upper tier data
`using PKI. Validate if
`the restored data have
`not been tampered.
`
`k - -
`
`- sa done()
`Confirm upper tier restored
`--rr--- - - - - -
`
`Ec challenge verified
`
`return lower tier key
`
`boneo
`
`:
`
`f
`
`t
`
`t
`
`to FIG. 4C
`
`FIG. 4B
`
`APPL-1008
`APPLE INC. / Page 6 of 13
`
`

`

`Patent Application Publication
`
`Jun. 17, 2004 Sheet 6 of 7
`
`US 2004/0117636 A1
`
`from FIG. 4B
`
`''1'v11
`i14i)''\
`
`1 i
`
`New task menu({)
`~~~ - =~ = -- =~ ------
`c'
`
`> Auto-refresh task menu()
`
`iT1
`
`rJi''i'
`
`Acknowlege restore completed({)
`K-------—-— ~~ -- + ~~
`
`1
`
`-
`
`'t'i'I\i!tt''I1‘':I\'t1!'11'1I
`I':I1t1II'
`|'!'14!t1!|1i!'|11
`
`1i1!t1
`'111'\
`
`
`
`FIG. 4C
`
`APPL-1008
`APPLEINC./ Page 7 of 13
`
`APPL-1008
`APPLE INC. / Page 7 of 13
`
`

`

`Patent Application Publication Jun. 17, 2004 Sheet 7 of 7
`
`US 2004/0117636A1
`
`
`
`Select one of the following restore options:
`
`Option 1 - All digits must match
`
`Option 2 -n out of 10 digits must match (replace n with a value between 1 to 9)
`
`Option 3 - The selected finger(s) below must match
`Right hand
`Left hand
`
`Thumb
`Index finger
`Middle finger
`Ring finger
`Little finger
`
`Select if password also required
`Password
`Confirm
`
`FIG. 5
`
`APPL-1008
`APPLE INC. / Page 8 of 13
`
`

`

`US 2004/01 17636A1
`
`Jun. 17, 2004
`
`SYSTEM, METHOD AND APPARATUS FOR
`SECURE TWO-TIER BACKUP AND RETREVAL
`OF AUTHENTICATION INFORMATION
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`0001. This application claims the benefit of a provisional
`patent application No. 60/413,897, filed Sep. 25, 2002, the
`entire content and appendices of which are hereby incorpo
`rated by reference.
`
`FIELD OF THE INVENTION
`0002 The present invention relates generally to portable
`authentication devices. More particularly, it relates to a new
`and useful System, method, and apparatus for generating
`Secure back up of authentication information of a user and
`for restoring the authentication information back onto a
`portable authentication device.
`
`DESCRIPTION OF THE RELATED ART
`0003. With the rapid growth of computers, electronics,
`communications, networks, and the Internet, access control
`in general and network Security in particular have become
`increasingly important for obvious reasons. Data, property
`interests, personal identity as well as personal Safety could
`be at risk if security is breached. To satisfy different security
`needs, various authentication Systems, methods, and devices
`exist today and new ones are continually being developed.
`In general, authentication involves the verification of one or
`more elements, factors, or parameters to grant acceSS or to
`certify the validity of an identity, account, object, and So on.
`In the most basic form, this could relate to the possession of
`a key that matches the keyhole to open a door. It could also
`relate to the possession of a Seal or a Stamp that could be
`applied to a document to establish or prove authority or
`ownership. An authentication device that holds the elec
`tronic identity of the user is essential in preventing identity
`theft and/or unwanted intruders. Instead of having posses
`Sion of an authentication device, one could also have knowl
`edge of a particular password or code Such as a personal
`identification number (PIN) in combination with the use of
`a bankcard. Unfortunately, with advances in technologies,
`these traditional authentication Systems, methods and
`devices have become relatively easy to breach or bypass and
`therefore are quite Vulnerable to trespassers and various
`Security attackS.
`0004 Biometrics-based authentication is emerging as a
`reliable method that offers better security than traditional
`authentication including automated personal identification
`technologies. Biometrics technologies enable the use of
`physiological and/or behavioral characteristics of a person to
`establish his/her identity or to authenticate his/her claim to
`a certain identity. Examples of Such personal characteristics
`are numerous, including fingerprints, palm prints, handwrit
`ings, signatures, iris patterns, retina Scans, Voice prints,
`facial recognition, personal geometry, DNA, etc.
`0005 The combination of biometrics and traditional
`authentication is known in the art. For example, U.S. Pat.
`No. 5,815,252, entitled “BIOMETRIC IDENTIFICATION
`PROCESS AND SYSTEM UTILIZING MULTIPLE
`PARAMETERS SCANS FOR REDUCTION OF FALSE
`NEGATIVES', issued to Price-Francis and assigned to
`
`Canon, utilizes the combination of a fingerprint and a PIN to
`overcome problems with false positive and false negative
`responses. For other exemplary teachings on biometric
`based authentication Systems and devices including portable
`ones, readers are referred to U.S. Pat. No. 6,213,391 “POR
`TABLE SYSTEM FOR PERSONAL IDENTIFICATION
`BASED UPON DISTINCTIVE CHARACTERISTICS OF
`THE USER issued to Lewis; U.S. Pat. No. 6,219,439
`“BIOMETRIC AUTHENTICATION SYSTEM SSled to
`Burger; U.S. Pat. No. 6,325,285 “SMART CARD WITH
`INTEGRATED FINGERPRINT READER issued to Bara
`telli and assigned to AT&T; and U.S. Pat. No. 6,353,889
`“PORTABLEDEVICE AND METHOD FOR ACCESSING
`DATA KEY ACTUATED DEVICES” issued to Hollings
`head and assigned to Mytec.
`0006. A method commonly utilized by portable authen
`tication devices including biometrics-based authentication
`devices Such as Smart cards is to have a Secret key generated
`and stored within the portable device. The secret key so
`generated cannot be revealed outside of or retrieved from the
`device. In the event of loSS, damage, or destruction of the
`device, the user's authentication information, electronic
`identity and any data associated there with would be lost
`forever. Indeed, to prevent or at least to minimize the
`possibility of compromising the Secrecy of the electronic
`identity and the authentication information, when a portable
`authentication device is reported loSS or Stolen, the general
`practice is to first deactivate or erase completely from the
`authentication System or Secure network the electronic iden
`tity and authentication information associated with the lost/
`Stolen authentication device and then create and register new
`ones from Scratch. A new or replacement authentication
`device is then programmed and issued. Despite cost and
`inconvenience, Such extreme precaution is necessary
`because currently there are no reliable and Secure ways to
`backup and restore authentication information and elec
`tronic identities generated and Stored on portable authenti
`cation devices.
`
`SUMMARY
`0007. The present invention provides new ways to
`Securely backup and restore a user's authentication infor
`mation, electronic identity and any data associated there
`with, without compromising the Secrecy thereof. In particu
`lar, the present invention provides new ways to backup and
`restore data generated and Stored on portable biometrics
`based authentication devices. Enabling technologies include
`biometrics, authentication, cryptography, and encryption/
`decryption. A foundational aspect of the present invention is
`the concept of a two-tier backup encryption Structure having
`a first encryption means for enciphering lower tier data and
`a Second encryption means for enciphering upper tier data.
`0008. The lower tier data contain encrypted electronic
`identity Such as private keys and associated certificates. The
`upper tier data contain the encrypted lower tier data, restore
`validation Script, and biometrics data. To backup a device,
`the lower tier data are first enciphered using the first encryp
`tion means. The upper tier data are then enciphered using the
`Second encryption means. In an embodiment, the encryption
`keys for both the upper and lower tiers are separately
`generated within the device. In a preferred embodiment, the
`device obtains a first encryption key from a first user Service
`bureau. The lower tier data is encrypted with this first
`
`APPL-1008
`APPLE INC. / Page 9 of 13
`
`

`

`US 2004/01 17636A1
`
`Jun. 17, 2004
`
`encryption key. Then, the device obtains a Second encryp
`tion key from a Second user Service bureau, which may or
`may not be the same as the first user Service bureau, and the
`upper tier data are further encrypted using the Second
`encryption key, generating a multiple-encrypted backup file.
`The multiple-encrypted backup file is then copied to a
`Storage medium of user's choice.
`0009. To restore the multiple-encrypted backup data onto
`a new biometrics-based authentication device, the user first
`needs to enroll the relevant biometrics in the new device and
`upload the multiple-encrypted backup data onto the device,
`then contact the corresponding user Service bureau to obtain
`an access clearance to the encrypted lower and upper tier
`encryption keys. The access clearance enables the device to
`establish a Secure connection with the user Service bureau
`Service. Upon establishing the Secure connection, the restore
`proceSS begins automatically. The device first requests the
`upper tier data decryption key from the user Service bureau
`Server to decipher the encrypted upper tier data. The device
`then compares the decrypted backup biometrics data with
`the newly enrolled biometrics data. If they match, then the
`newly enrolled biometricS data are replaced with the
`decrypted backup biometricS data. Only then, will the SyS
`tem confirm the match to the user Service bureau Server and
`request the lower tier decryption key. Once the lower tier
`decryption key is received, the lower tier data is deciphered
`and Stored in the device. This completes the restore process.
`If they do not match, the restore process is terminated. When
`the restore process is complete or otherwise terminated, the
`device automatically disconnects from the user Service
`bureau and communicates the results to the user.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`0.010
`FIG. 1 illustrates a two-tier backup encryption
`Structure according to the principles of the present invention.
`0.011
`FIG. 2 schematically shows an exemplary portable
`biometrics-based authentication device configuration imple
`menting the present invention.
`0012 FIGS. 3A-3B demonstrate an exemplary backup
`process according to an aspect of the invention.
`0013 FIGS. 4A-4C show an exemplary restore process
`according to an aspect of the invention.
`0.014
`FIG. 5 illustrates restore options offered during the
`back-up process of a device configured to implement the
`present invention.
`
`DETAILED DESCRIPTION
`FIG. 1 shows a two-tier backup encryption struc
`0.015
`ture that allows the decryption of lower tier data only when
`upper tier data has been decrypted and validated. The
`Structure can be expressed as:
`Backup={biometrics data+any validation scripts/keys/
`values+(associated authentication data such as elec
`tronic identity, private keys, certificates, and the like),
`where
`0016 () represents the lower tier data encrypted
`with a lower tier encryption; and
`0017 {} represents the upper tier data encrypted
`with an upper tier encryption, the upper tier data
`encompasses the encrypted lower tier data.
`
`0018. The Backup in one embodiment is realized in one
`physical file where the lower tier and upper tier data are
`combined as one file. Alternatively, each tier is backed up in
`one or more physical files. For example,
`0019
`Backup 1=encrypted upper tier data; and
`0020 Backup 2=encrypted lower tier data, where
`0021
`Backup 1 is encrypted with an upper tier
`encryption key and Backup 2 is encrypted with a
`lower tier encryption key. Preferably, as discussed
`herein, these two keys are separately obtained from
`a Web-based user service bureau that adheres to the
`highest possible Security level according to the Inter
`net protocol.
`0022 FIG. 2 shows an exemplary portable biometrics
`based authentication device configuration implementing the
`present invention. The portable device 200 has a user
`interface means 203 which could be text-based or graphical
`and a data Storage or memory means 204 that is tamper
`resistant and protected from corruption. An encryption/
`decryption engine 202 enciphers and deciphers data received
`and/or stored in the memory means 204. The portable device
`200 includes a biometrics processing means 201 for enroll
`ing, processing and comparing biometrics information Such
`as fingerprints, palm prints, handwritings, Signatures, iris
`patterns, retina Scans, Voice prints, facial recognition, per
`Sonal geometry, DNA, etc. Onboard microprocessor and
`communication means (not shown) handle communication,
`interact with a graphic user interface (GUI), e.g., of a
`personal computer or computing device, and other process
`ing needs Such as establishing a Secure connection with a
`remote Service bureau, requesting and returning encryption/
`decryption keys, creating and copying lower tier and upper
`tier backup files, and terminating the connection. Other
`biometrics-based authentication devices can also be config
`ured and/or programmed to perform the methods of this
`invention, and to the extent that a particular configuration is
`capable of performing the methods of this invention, it is
`equivalent to the exemplary portable biometrics-based
`authentication device of FIG. 2, and within the scope and
`Spirit of the present invention. Once they are programmed
`and/or configured to perform particular functions pursuant to
`the computer-executable instructions from computer pro
`gram Software that implements the methods of this inven
`tion, Such biometrics-based authentication devices in effect
`become Special-purpose apparatuses particular to the meth
`ods disclosed herein. The techniques necessary to realize
`Such programming and/or configuring are well known to
`those skilled in the art and thus are not further described
`here.
`0023. According to an aspect of the invention, a method
`for creating a Secure backup of a portable biometrics-based
`authentication device includes the following Steps:
`0024 (a) obtaining a lower tier encryption key from
`a user Service bureau;
`0025 (b) enciphering lower tier authentication data
`using the lower tier encryption key, thereby creating
`an encrypted lower tier backup file;
`0026 (c) obtaining an upper tier encryption key
`from the user Service bureau,
`
`APPL-1008
`APPLE INC. / Page 10 of 13
`
`

`

`US 2004/01 17636A1
`
`Jun. 17, 2004
`
`0027 (d) enciphering upper tier authentication data
`using the upper tier encryption key, thereby creating
`an encrypted upper tier backup file, and
`0028 (e) storing the encrypted lower tier backup file
`and the encrypted upper tier backup file on a storage
`CS.
`0029. An exemplary backup process is illustrated in
`FIGS. 3A-3B. The storage means could be, for instance, an
`online proprietary or Internet-based Storage Service, a
`remote Server, a floppy disk, a hard drive, a data drive, a
`CD-ROM, an optical Storage means, a removable disk, a
`Smart card, a memory Storage device or any other Storage
`media capable of Storing data. The user Service bureau could
`be proprietary or Internet-based and could also provide the
`Storage Service. It is important that a Secure communication
`between the user Service bureau and the portable biometrics
`based authentication device can be established. Preferably,
`the user Service bureau utilizes public networkS Such as the
`Internet and adopts the highest possible level of Secure
`communication available via the Internet protocol.
`0.030. In a preferred embodiment, the lower tier authen
`tication data include private keys, certificates, and other data
`held within the device. In this embodiment, the upper tier
`authentication data include the user's biometrics informa
`tion. The upper tier authentication data could also include a
`restore authentication Script for guiding the authentication
`device during a restore biometric matching processing (e.g.,
`not all 10-digit match will be required during the restore
`process) as well as validation data required by the user
`Service bureau during a restore process Such as one illus
`trated in FIGS. 4A-4C.
`0031. According to an aspect of the invention, a method
`for restoring a portable biometrics-based authentication
`device utilizes the concept of the two-tier backup structure
`disclosed above. Thus, it is assumed that the authentication
`information is Stored in a lower tier backup file and an upper
`tier backup file on a Storage device. It is also assumed that
`the upper tier backup file includes the user's biometrics
`information. The method of restoring authentication infor
`mation of a user includes the following Steps:
`0032 (a) verifying registration information of the
`user with a user Service bureau,
`0033) (b) downloading an upper tier encryption key
`from the user service bureau to the portable biomet
`rics-based authentication device;
`0034) (c) deciphering the encrypted upper tier
`backup file using the upper tier encryption key;
`0035 (d) restoring onto the portable biometrics
`based authentication device the upper tier authenti
`cation data from the decrypted upper tier backup file
`which includes the user's backup biometricS data and
`any validation Scripts, keys, and/or values,
`0036 (e) validating newly enrolled biometrics data
`with the backup biometrics databased on the restore
`authentication Script or preset requirements,
`0037 (f) downloading a lower tier encryption key
`from the user Service when the validation is Success
`ful;
`
`0038 (g) deciphering the lower tier backup file
`using the lower tier encryption key; and
`0039) (h) restoring onto the portable biometrics
`based authentication device the lower tier authenti
`cation data from the decrypted lower tier backup file.
`0040. In some embodiments, a restore validation script is
`executed during the restore process for Selective validation.
`This is useful in cases where a user does not have all the
`biometricS data available due to Sickness, accident, etc. For
`example, the user might have only nine fingers. The restore
`authentication Script describing customized, Selective
`restore requirements can be an option as the device could
`always have predefined (default) restore requirements. The
`following illustrates an exemplary restore validation Script
`and its usage.
`0041 FIG. 5 shows a representative screen of a GUI 500.
`The Screen displayS restore options offered by a biometrics
`based authentication device during a backup process. For
`example, the biometrics-based authentication device may
`contain ten biometric factorS Such as ten digits of a user.
`During the backup process, the user can choose how many
`digits must match during a restore proceSS. Preferably, all ten
`newly enrolled digits are required to match the ten backup
`ones. Alternatively, the user can Select what fingers of which
`hand must match during the restore process. In addition, the
`user can require that a correct password be entered during
`the restore process. One skilled in the art would appreciate
`that the restore options shown in FIG. 5 are for illustration
`purposes only and can be tailored to accommodate different
`designs, needs, and So on, e.g., different types of biometrics
`utilized by the biometrics-based authentication device.
`0042. After the user selects a restore option, the restore
`validation data is Stored and a restore validation Script is
`created. The following is an exemplary restore validation
`Script, assuming that Option 3 is Selected, index finger of
`right hand and thumb of left hand are marked, and a
`password is required.
`
`START
`REOUEST PASSWORD
`
`IFPASSWORD NOT MATCH
`GO TO ERROR RETURN
`END-IF
`VERIFY RIGHT HAND INDEX
`FINGER
`IF NOT MATCH
`GO TO ERROR RETURN
`END-IF
`VERIFY LEFT HAND THUMB
`
`IF NOT MATCH
`GO TO ERROR RETURN
`END-IF
`GO TO OK RETURN
`ERROR RETURN
`
`*** User enter password
`via GUI
`
`***Match enrollment
`with restored data
`
`*Match enrollment with
`restored data
`
`OK RETURN
`
`END
`
`APPL-1008
`APPLE INC. / Page 11 of 13
`
`

`

`US 2004/01 17636A1
`
`Jun. 17, 2004
`
`0043. During the restore process the above restore vali
`dation Script is executed for Selective validation. One skilled
`in the art would appreciate that different restore validation
`Scripts can be created that correspond to different options
`Selected. Alternatively, as discussed herein, Such a restore
`validation Script can be optional Since the biometrics-based
`authentication device could have predefined restore require
`mentS.
`0044) The present invention can be implemented in
`essentially any and all types of biometrics-based authenti
`cation devices especially portable ones including Smart
`cards, acceSS cards, identification cards, credit cards, bank
`cards, and the like. An exemplary application of the present
`invention is as follows:
`
`0045 1. A user's biometrics-based authentication
`device becomes unavailable due to loss, damage,
`destruction, theft, etc.
`0046 2. The user obtains a new biometrics-based
`authentication device. There is no need to report the
`unavailability of the old one since it is substantially
`difficult if not impossible to replicate the user's bio
`metrics information due to the nature of each individu
`als uniqueness.
`0047 3. The user enrolls the new biometrics-based
`authentication device with an enrollment Service/user
`Service bureau, i.e., enrolling new biometrics data onto
`the authentication device.
`
`0048 4. The new biometrics-based authentication
`device establishes a Secure connection with a user
`Service bureau, begins the restore proceSS and down
`loads backup data from Storage.
`0049) 5. The new biometrics-based authentication
`device is validated and the backup (original) enrollment
`is restored onto the new authentication device.
`
`0050. 6. The new biometrics-based authentication
`device is available for use.
`0051 Although the present invention and its advantages
`have been described in detail, it should be understood that
`the present invention is not limited to or defined by what is
`shown or described herein. Known methods, Systems, or
`components may be discussed without giving details, So to
`avoid obscuring the principles of the invention. For
`example, the techniques necessary to establish a Secure
`connection and upload or download data are well known in
`the art and thus are not further described herein. As it will
`be appreciated by one of ordinary skill in the art, various
`changes, Substitutions, and alterations could be made or
`otherwise implemented without departing from the prin
`ciples of the present invention. Thus, examples and draw
`ings disclosed herein are for purposes of illustrating a
`preferred embodiment(s) of the present invention and are not
`to be construed as limiting the present invention. Accord
`ingly, the Scope of the invention should be determined by the
`following claims and their legal equivalents.
`
`What is claimed is:
`1. A method for backing up a biometrics-based authenti
`cation device comprising the Steps of:
`obtaining a first encryption key;
`enciphering lower tier data with Said first encryption key
`to generate an encrypted lower tier backup file;
`obtaining a Second encryption key; and
`enciphering upper tier data with Said Second encryption
`key to generate an encrypted upper tier backup file,
`wherein Said lower tier data contain encrypted identi
`fication of a user and authentication information asso
`ciated there with and wherein Said upper tier data con
`tain biometricS data of Said user and Said lower tier data
`encrypted with Said first encryption key.
`2. The method according to claim 1, wherein
`Said authentication information comprises private keys
`and corresponding certificates.
`3. The method according to claim 1, further comprising
`the step of:
`generating a restore validation Script for establishing
`restore requirements of Said upper tier data.
`4. The method according to claim 3, wherein
`Said upper tier data further contain Said restore validation
`Script.
`5. The method according to claim 1, further comprising
`the step of:
`establishing a Secure connection with a Service bureau.
`6. The method according to claim 5, further comprising
`the step of:
`obtaining Said first and Said Second encryption keys from
`Said Service bureau.
`7. The method according to claim 1, further comprising
`the step of:
`Storing Said encrypted lower tier backup file and Said
`encrypted upper tier backup file as one or more physi
`cal files.
`8. A method for restoring onto a new biometrics-based
`authentication device Said lower tier data and Said upper tier
`data according to claim 1, comprising the Steps of:
`enrolling new biometricS data of Said user onto Said new
`biometrics-based authentication device;
`obtaining an upper tier data decryption key;
`deciphering Said encrypted upper tier backup file with
`Said upper tier data decryption key to generate
`decrypted upper tier data including decrypted biomet
`ricS data;
`determining, based on Said decrypted biometricS data,
`whether Said new biometrics data are valid;
`obtaining a lower tier data decryption key when Said new
`biometricS data are valid;
`deciphering Said encrypted lower tier data with Said lower
`tier data decryption key to generate decrypted lower
`tier data; and
`Storing Said decrypted lower tier data onto Said new
`biometrics-based authentication device.
`9. The method according to claim 8, further comprising
`the Steps of:
`uploading Said encrypted lower tier backup file and Said
`encrypted upper tier backup file onto Said new biomet
`rics-based authentication device;
`
`APPL-1008
`APPLE INC. / Page 12 of 13
`
`

`

`US 2004/01 17636A1
`
`Jun. 17, 2004
`
`obtaining an access clearance from a Service bureau, and
`establishing a Secure connection with Said Service bureau
`using Said access clearance.
`10. The method according to claim 9, further comprising
`the step of:
`obtaining Said upper tier data decryption key and Said
`lower tier data decryption key from Said Service bureau.
`11. The method according to claim 8, further comprising
`the step of:
`Verifying that Said decrypted upper tier data have not been
`tampered or altered.
`
`12. An apparatus for implementing the method according
`to claim 1 or 8, wherein
`Said apparatus is configured to perform the Steps of claim
`1 or 8.
`13. An article of manufacture for implementing the
`method according to claim 1 or 8,
`wherein Said article of manufacture comprising a com
`puter readable medium carrying computer-executable
`instructions implementing the Steps of claim 1 or 8.
`
`APPL-1008
`APPLE INC. / Page 13 of 13
`
`