WO2022019895A1 - Disabling fingerprint data deletion - Google Patents

Disabling fingerprint data deletion Download PDF

Info

Publication number
WO2022019895A1
WO2022019895A1 PCT/US2020/042971 US2020042971W WO2022019895A1 WO 2022019895 A1 WO2022019895 A1 WO 2022019895A1 US 2020042971 W US2020042971 W US 2020042971W WO 2022019895 A1 WO2022019895 A1 WO 2022019895A1
Authority
WO
WIPO (PCT)
Prior art keywords
computing device
operating system
boot process
list
processor
Prior art date
Application number
PCT/US2020/042971
Other languages
French (fr)
Inventor
Meng-Hua Lin
Ping-Huan YU
Ming-Chang HUNG
Original Assignee
Hewlett-Packard Development Company, L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company, L.P. filed Critical Hewlett-Packard Development Company, L.P.
Priority to PCT/US2020/042971 priority Critical patent/WO2022019895A1/en
Publication of WO2022019895A1 publication Critical patent/WO2022019895A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • a fingerprint reader may be used to authenticate a user.
  • a fingerprint reader may be coupled to a computing device and used to authenticate a user of the computing device.
  • the fingerprint reader may include a memory to store various data such as a fingerprint template of a user, identification information of the user, and the like. In different situations, the data stored on the memory of the fingerprint reader may be deleted.
  • FIG. 1 illustrates a computing device in which deletion of fingerprint data may be disabled according to an example
  • FIG. 2 illustrates a more detailed example of a computing device in which deletion of fingerprint data may be disabled
  • FIG. 3A illustrates a list of operating systems available to a computing device during a previous boot process according to an example
  • FIG. 3B illustrates a list of operating systems available to a computing device during a current boot process according to an example
  • FIG. 4 illustrates a process of disabling fingerprint data deletion according to an example.
  • a computing device such as a personal computer (PC), a laptop computer, a tablet, a mobile terminal, or the like, may include a biometric device to authenticate a user.
  • a computing device may include a fingerprint reader as a biometric device to authenticate a user of the computing device.
  • the fingerprint reader may include a memory in which various biometric data, such as a fingerprint template, a user identification, and the like, may be stored. Because the biometric data includes private data, care should be taken in managing the data. Thus, in various situations, the data stored in the memory of the fingerprint reader may be deleted for purposes of data integrity.
  • FIG. 1 illustrates a computing device in which deletion of fingerprint data may be disabled according to an example.
  • a computing device 100 may include a processor 110 and a fingerprint reader 120.
  • the computing device 100 may be a personal computer (PC), a laptop computer, a tablet, a mobile terminal, or the like.
  • the fingerprint reader 120 may be a component that is incorporated in the computing device 100 or may be a separate component that may be selectively coupled to the computing device 100.
  • the processor 110 may control an operation of the computing device 100.
  • the processor 110 may control a booting or a launch process of the computing device 100 and may control other components included in the computing device 100 such that a desired operation is performed.
  • the processor 110 may include an arithmetic component, a logical component, etc. for controlling the computing device 100 and may be implemented as a standard processing device, a microprocessor, a microcontroller, a programmable integrated circuit, or the like. Also, the processor 110 may be implemented as multiple processors, multiple core processors, or the like.
  • the computing device 100 may have an operating system installed in a memory of the computing device 100, may have access to an operating system installed on an external memory connected to the computing device 100, or may have access to an operating system stored in an external memory remote from the computing device 100.
  • the computing device 100 may access any of the plurality of operating systems to manage hardware or software installed in the computing device 100, such as the processor 110, the fingerprint reader 120, etc.
  • the fingerprint reader 120 may be a Match-in-Sensor (MiS) type or a Match-on-Chip (MoC) type fingerprint reader.
  • the fingerprint reader 120 is to perform a fingerprint analysis function independently from the computing device 100. For example, a fingerprint analysis operation such as user enrollment, fingerprint verification, fingerprint identification, etc. is performed by the fingerprint reader 120 such that the computing device 100 receives a result of the analysis.
  • the fingerprint reader 120 may include a processor that is separate from the processor 110 of the computing device 100.
  • the processor of the fingerprint reader 120 may have cryptographic capabilities to locally perform a fingerprint matching operation in an environment that is isolated from the computing device 100.
  • the fingerprint reader 120 may include a memory to store fingerprint data such as a user identification, a fingerprint template, a user payload, etc.
  • fingerprint data such as a user identification, a fingerprint template, a user payload, etc.
  • communication between the fingerprint reader 120 and the computing device 100 as well as the fingerprint data stored in the memory of the fingerprint reader 120 may be encrypted.
  • the fingerprint data stored in the memory of the fingerprint reader 120 may be considered secure since the data does not leave the fingerprint reader 120.
  • the fingerprint data stored in the memory of the fingerprint reader 120 may be deleted based on the occurrence of a certain event.
  • the fingerprint data stored in the memory of the fingerprint reader 120 may be deleted based on a switch between operating systems, if the user resets a current operating system, if the user removes the fingerprint reader 120 from the computing device 100, and the like.
  • the fingerprint data stored in the memory of the fingerprint reader 120 may be deleted. Flowever, in certain cases, the deletion of the fingerprint data may be unnecessary.
  • the first and second operating systems may be known or trusted by the user such that the deletion of fingerprint data is unnecessary or undesirable.
  • an operating system available to the computing device 100 during a boot process is a known or a trusted operating system. In an example, it may be determined if the operating system available to the computing device 100 during the boot process is included in a list of operating systems available to the computing device 100 during a previous boot process. If the operating system available to the computing device 100 during the boot process is included in the list, the operating system may be considered a known or trusted operating system such that the deletion of the fingerprint data stored in the memory of the fingerprint reader 120 is disabled. As such, the user may continue use of the fingerprint reader 120 without needing to re-enter the fingerprint data.
  • the deletion of fingerprint data may be disabled during a boot process of the computing device 100 based on a comparison of a first list of operating systems and a second list of operating systems. For example, if the comparison of the first and second lists determines that the computing device 100 is being booted with a known or trusted operating system, then the deletion of fingerprint data stored in a memory of the fingerprint reader 120 may be disabled.
  • the first list may include a list of operating systems available to the computing device 100 during a current boot process and the second list may include a list of operating systems available to the computing device 100 during a previous boot process.
  • the comparison of the lists may determine if the first list includes an operating system that is not included on the second list.
  • FIG. 2 illustrates a more detailed example of a computing device in which deletion of fingerprint data may be disabled.
  • the computing device 100 may include the processor 110, the fingerprint reader 120, a read-only-memory (ROM) 130, a communication device 140, a storage device 150, a port 160, and a bus 170.
  • the computing device 100 may further include an input device 180, and a display device 190.
  • the input device 180 and the display device 190 are illustrated as provided externally to the computing device 100. Flowever, in other examples, the input device 180 and the display device 190 may be included in the computing device 100.
  • the computing device 100 may further include additional devices, components, or the like, such as a power source to provide power to any or all of the illustrated components.
  • the computing device 100 may be a PC, a laptop computer, a tablet, a mobile terminal, or the like. Because aspects of the processor 110 and the fingerprint reader 120 have been described above with respect to FIG. 1 , a repetitive description will not be provided for sake of brevity.
  • the fingerprint reader 120 may include a fingerprint reader memory 121.
  • the fingerprint reader memory 121 may store fingerprint data such as a user identification, a fingerprint template, a user payload, etc.
  • the ROM 130 is a non-volatile memory that is provided to store software for use when starting or booting the computing device 100.
  • the ROM 130 may be implemented as a programmable ROM (PROM), an erasable programable ROM (EPROM), an electrically erasable programable ROM (EEPROM), a non-volatile RAM (NVRAM), a flash memory, or the like.
  • the ROM 130 may include firmware 131 .
  • the firmware 131 may include a basic input/output system (BIOS).
  • BIOS refers to hardware or hardware and instructions to initialize, control, or operate the computing device 100 prior to execution of an operating system of the computing device 100.
  • Instructions included within the BIOS may be software, firmware, microcode, or other programming that defines or controls functionality or operation of the BIOS.
  • the BIOS may be implemented using instructions, such as platform firmware of the computing device 100, executable by a processor.
  • the BIOS may operate or execute prior to the execution of the operating system of the computing device 100.
  • the BIOS may initialize, control, or operate components such as hardware components of the computing device 100 and may load or boot the operating system of the computing device 100.
  • the BIOS may provide or establish an interface between hardware devices or platform firmware of the computing device 100 and an operating system of the computing device 100, via which the operating system of the computing device 100 may control or operate hardware devices or platform firmware of the computing device 100.
  • the BIOS may implement the Unified Extensible Firmware Interface (UEFI) specification or another specification or standard for initializing, controlling, or operating the computing device 100.
  • UEFI Unified Extensible Firmware Interface
  • the communication device 140 may perform wired or wireless communication with another device or a network.
  • the communication device 140 may include a communication module (e.g., a transceiver) supporting various wired or wireless communication methods.
  • the communication device 140 may be connected to an external apparatus of the computing device 100 to transmit and receive signals or data.
  • the computing device 100 may be connected to a cloud server 300 through the communication device 140.
  • the storage device 150 may include a non-volatile memory on which software, applications, programs, drivers, or the like may be stored.
  • a driver of the fingerprint reader 120 may be installed on the storage device 150.
  • the storage device 150 may be implemented as a magnetic hard disk drive (FIDD) device, a solid-state drive (SSD) device, or the like.
  • the storage device 150 may be a parallel advanced technology attachment (PATA) storage device (i.e. , an integrated drive electronics (IDE) or an enhanced IDE (EIDE) storage device), a serial ATA (SATA) storage device, a small computer system interface (SCSI) storage device, or the like.
  • PATA parallel advanced technology attachment
  • IDE integrated drive electronics
  • EIDE enhanced IDE
  • SATA serial ATA
  • SCSI small computer system interface
  • the storage device 150 may include a flash memory such as a NAND based flash memory or other semiconductor-based memory.
  • the port 160 may provide an electrical connection between the computing device 100 and an external device, such as an external memory 200.
  • the fingerprint reader 120 may be connected to the computing device 100 using the port 160.
  • the computing device 100 may be provided with a plurality of ports 160.
  • the port 160 may be implemented as a universal serial bus (USB) port, a secure digital (SD) port, a microSD port, or the like.
  • the bus 170 may provide an electrical connection between any or all of the processor 110, the fingerprint reader 120, the ROM 130, the communication device 140, the storage device 150, the port 160, the input device 180, and the display device 190.
  • the bus 170 is illustrated in FIG. 2 as a single bus, it may be implemented as a plurality of busses or other types of electrical connections.
  • the computing device 100 may include additional components or devices coupled between the bus 170 and the illustrated components.
  • the input device 180 may receive a user input and may be implemented as a keyboard, a mouse, a physical button, a touch screen, a camera, a microphone, or the like.
  • the display device 190 may display information, such as a result of executing a program, a menu for a user selection, a graphical user interface (GUI), or the like and may be implemented as a liquid crystal display (LCD), a light emitting diode (LED) display, an organic LED (OLED) display, an active matrix OLED (AMOLED) display, or the like.
  • LCD liquid crystal display
  • LED light emitting diode
  • OLED organic LED
  • AMOLED active matrix OLED
  • the input device 180 and the display device 190 may be implemented as a single touchscreen device performing the functions of both the input device 180 and the display device 190.
  • the computing device 100 may have different operating systems available for use and may be able to perform a boot process using a selected operating system.
  • the computing device 100 has available different operating systems including a first operating system OS1 151 stored in the storage device 150, a second operating system OS2 152 stored in the external memory 200, and a third operating system OS3 153 stored in the cloud server 300.
  • Each of the first, second and third operating systems OS1 151 , OS2 152, and OS3 153 may be implemented as a WindowsTM OS, a macTM OS, a LinuxTM OS, or the like.
  • any of the storage device 150, the external memory 200, or the cloud server 300 may have stored therein more than one operating system that may also be available to the computing device 100 while others of the storage device 150, the external memory 200, or the cloud server 300 do not include an operating system for use by the computing device 100.
  • the storage device 150 may include more than one operating system while the external memory 200 and the cloud server 300 do not include any operating system.
  • these described arrangements of operating systems are merely for sake of example and not to be construed as limiting.
  • a user of the computing device 100 may desire to switch to another operating system.
  • the user may desire to switch to another operating system.
  • the user may discontinue use of the first operating system OS1 151 and perform a boot process using the other operating system.
  • the other operating system may be the second operating system OS2 152 or the third operating system OS3 153.
  • the driver of the fingerprint reader 120 may detect that the operating systems have changed, and cause fingerprint data stored in the fingerprint reader memory 121 to be deleted.
  • deletion of the fingerprint data may be performed to ensure data integrity.
  • the deletion of the fingerprint data stored in the fingerprint reader memory 121 may be unnecessary and may cause an inconvenience to the user. For example, if the operating systems available to the computing device 100 are known or otherwise trusted by the user, it may be unnecessary to delete the fingerprint data when switching between the operating systems. Thus, in an example, the deletion of the fingerprint data stored in the fingerprint reader memory 121 may be disabled.
  • determining whether to disable the deletion of the fingerprint data stored in the fingerprint reader memory 121 it may be determined whether an operating system available to the computing device 100 during a boot process is included in a list of operating systems. If the operating system is included in the list, deletion of the fingerprint data stored in the fingerprint reader memory 121 may be disabled.
  • the list of operating systems may include a list of operating systems available to the computing device 100 during a previous boot process.
  • FIG. 3A illustrates a list of operating systems available to a computing device during a previous boot process according to an example.
  • a list 310 of operating systems available to the computing device 100 during a previous boot process may include a fourth operating system OS4 311 , a fifth operating system OS5 312, and a sixth operating system OS6 313.
  • the list 310 may be determined during a previous boot process of the computing device 100. For example, during the previous boot process, the computing device 100 may determine a list of operating systems available in a boot manager and record the list in the ROM 130. In that manner, the list 310 may be available during a subsequent boot process (e.g., the current boot process) for a determination of whether an operating system available to the computing device 100 is included on the list 310.
  • a subsequent boot process e.g., the current boot process
  • the fourth operating system OS4 311 may be a UEFI based operating system that is located on a storage device of the computing device 100.
  • the fourth operating system OS4 311 may be located on the storage device 150.
  • the fifth operating system OS5 312 may be a UEFI based operating system that is located on a storage device that is external to the computing device 100.
  • the fifth operating system OS5 312 may be located on an external storage device such as the external memory 200.
  • the sixth operating system OS6 313 may be a UEFI based operating system that is located on a remote storage device with which the computing device 100 communicates, such as a remote cloud server.
  • the sixth operating system OS6313 may be located on the cloud server 300.
  • the deletion of fingerprint data stored in the fingerprint reader memory 121 may be disabled based on a determination that an operating system available to the computing device 100 during a boot process is included on the list 310 of operating systems available to the computing device 100 during the previous boot process. As an example, if a user selects to boot the computing device 100 using the first operating system OS1 151 stored on the storage device 150, a determination may be made of whether the first operating system OS1 151 is included on the list 310. In more detail, it may be determined if the OS1 151 matches any of the OS4 311 , the OS5 313, or the OS6 314.
  • the determination of whether the operating systems match may be based on a comparison of a globally unique identifier (GUID) of the operating systems. Furthermore, if it is determined that the selected OS1 151 matches any of the OS4 311 , the OS5 312, or the OS6 313, the deletion of the fingerprint data stored in the fingerprint reader memory 121 may be disabled. On the contrary, if the selected OS1 151 does not match any of the operating systems included in the list 310, the fingerprint data may be deleted.
  • GUID globally unique identifier
  • FIG. 3B illustrates a list of operating systems available to a computing device during a current boot process according to an example.
  • a list 320 of operating systems available to the computing device 100 during a current boot process may include the first operating system OS1 151 , the second operating system OS2 152, and the third operating system OS3 153.
  • the list 320 may be determined during a current boot process of the computing device 100.
  • the computing device 100 may determine the list of operating systems currently available as listed in a boot manager of the computing device 100 during the current boot process.
  • the list 320 of currently available operating systems may be compared to the list 310 of operating systems available during the previous boot process.
  • the comparison of the list 310 and the list 320 may include a determination of whether both lists include the same operating systems, a determination of whether the list 320 includes an operating system that is not included on the list 310, or the like.
  • the determination of whether the operating systems match may be based on a comparison of a GUID of the operating systems.
  • the list 310 and the list 320 include the same operating systems, or the list 320 does not include an operating system that is not included on the list 310, then if may be determined that the operating systems available to the computing device 100 during the current boot process are known by the user or otherwise trustworthy. In that case, the deletion of fingerprint data stored in the fingerprint reader memory 121 may be disabled. On the other hand, if the list 320 includes an operating system that is not included on the list 310, then the fingerprint data stored in the fingerprint reader memory 121 may be deleted.
  • an indicator may be set and stored in the computing device 100. That is, the indicator may represent a status that the list of available operating systems does not include an unknown operating system.
  • the indicator may be set by a BIOS process during the booting of the computing device 100 and the indicator may be stored as a binary flag in the ROM 130. Based on the setting and the storing of the flag, the driver of the fingerprint reader 120 may determine that deletion of the fingerprint data stored in the fingerprint reader memory 121 should be disabled. That is, if the flag is stored in the ROM 130, the driver of the fingerprint reader 120 may determine that the deletion of the fingerprint data should be disabled. In that case, the setting of the flag represents that the operating system available to the computing device 100 during a boot process is a known or trusted operating system.
  • FIG. 4 illustrates a process for disabling deletion of fingerprint data according to an example.
  • the computing device 100 begins a system boot in operation 410.
  • the user of the computing device may power on the computing device 100, restart the computing device 100, or the like.
  • the computing device 100 launches software to control the boot process and deletes a flag indicating a status of an operating system list.
  • the computing device 100 may launch a BIOS boot loader to control the boot process.
  • the computing device 100 may display a list of operating systems available for a user selection and receive a user input selecting a displayed operating system for booting the computing device 100.
  • the flag indicating the status of the operating system list may indicate whether a change has been made to a list of operating systems available to the computing device 100 since a previous boot process.
  • the flag may indicate that an operating system that was not available to the computing device 100 during a previous boot process is available to the computing device 100 during a current boot process.
  • the flag is termed an OS_Change flag.
  • the OS_Change flag may be stored in the ROM 130 of the computing device 100 and may be a binary flag capable of representing two states. For example, a first state may indicate that the list of operating systems has not changed since a previous boot process and a second state may indicate that the list of operating systems includes an operating system that was not available to the computing device 100 during a previous boot process. Further, the first state may indicate that the deletion of fingerprint data from the fingerprint reader memory 121 may be disabled because an operating system available to the computing device 100 during the boot process is a known or trusted operating system.
  • the computing device 100 determines if more than one operating system is available for use by the computing device 100. For example, in the case of operating the computing device 100 using the WindowsTM operating platform, the computing device 100 may determine if there is more than one WindowsTM boot loader maintained by a boot manager of the computing device 100. If it is determined in operation 420 that there is not more than one operating system available for use by the computing device 100, the computing device 100 proceeds to operation 440. On the other hand, if it is determined in operation 420 that there is more than one operating system available for use by the computing device 100, the computing device 100 proceeds to operation 425.
  • operation 425 it is determined if the operating system being used to boot the computing device 100 is the same operating system used to boot the computing device 100 during the previous boot process.
  • the previous boot process may refer to a boot process immediately preceding the current boot process.
  • BIOS boot process of the computing device 100 may determine if the current operating system is the same as the previous operating system by comparing a GUID of the current operating system with a GUID of the previous operating system. If it is determined in operation 425 that the current operating system is the same as the previous operating system, the computing device 100 proceeds to operation 440. On the other hand, if it is determined in operation 425 that the current operating system is not the same as the previous operating system, the computing device 100 proceeds to operation 430.
  • the determination of whether the current operating system is a trusted operating system may include determining if the current operating system is included on a list of operating systems available to the computing device 100 during the previous boot process.
  • the determination of whether the current operating system is a trusted operating system may include comparing a list of operating systems available to the computing device 100 during the current boot process with a list of operating systems available to the computing device 100 during the previous boot process. Furthermore, the comparison may include determining if the lists are the same, or if the list of operating systems available to the computing device 100 during the current boot process includes an operating system that is not on the previous list.
  • the comparison may be based on a comparison of respective GUIDs of the operating systems.
  • the computing device 100 sets the OS_Change flag to indicate that the operating system selected for the current boot process is trusted.
  • the computing device 100 may set the OS_Change flag by setting a binary flag in a memory of the computing device 100, such as a ROM of the computing device 100.
  • the binary flag may be set to a value of one to indicate the result that the operating system is trusted and may be set to a value of zero to indicate that the operating system is not included on the list of operating systems available during the previous boot process.
  • the computing device 100 records the list of operating systems available to the computing device 100 during the current boot process.
  • the computing device 100 determines a list of operating systems available to the computing device 100 as listed in a boot manager of the computing device 100 and records that list in a memory of the computing device 100.
  • the computing device 100 may record the list in the ROM 130 of the computing device 100.
  • the computing device 100 may update a list of operating systems available during the previous boot process with the list of operating systems available during the current boot process by overwriting the previous list.
  • the computing device 100 boots the operating system selected for the boot process.
  • a driver of a fingerprint reader may be launched to control the fingerprint reader 120.
  • the driver of the fingerprint reader 120 may control operations of the fingerprint reader 120 and determine if data stored in the fingerprint reader memory 121 should be deleted.
  • operation 450 it is determined if the computing device 100 is booted with an operating system that is different from an operating system used during the previous boot process.
  • the driver of the fingerprint reader may compare a GUID of an operating system used during the previous boot process with a GUID of the operating system used during the current boot process.
  • the GUID of the current operating system and the GUID of the previous operating system may be obtained from a registry table stored in the storage device 150.
  • the computing device 100 proceeds to operation 465. If it is determined in operation 450 that the computing device 100 is booted with an operating system that is different from the previous boot process, that is, if it is determined that the same operating system is used during the current boot process as used in the previous boot process, the computing device 100 proceeds to operation 455. [0063] In operation 455, it is determined if the OS_Change flag is set. As an example, the driver of the fingerprint reader 120 may determine if the OS_Change flag is set to a positive value and stored in the ROM 130. The OS_Change flag, which may be set in operation 435, indicates that the operating system used during the current boot process is a trusted operating system. If it is determined in operation 455 that the OS_Change flag is set, the computing device 100 proceeds to operation 465.
  • the OS_Change flag is set.
  • the driver of the fingerprint reader 120 may determine if the OS_Change flag is set to a positive value and stored in the ROM 130.
  • the OS_Change flag which may be set
  • the driver of the fingerprint reader 120 disables the deletion of fingerprint data stored in the fingerprint reader memory 121. That is, because the same operating system was used for both the current boot process and the previous boot process as determined in operation 450, or because a different operating system was used for the current boot process but the current operating system is a trusted operating system based on the OS_Change flag being set, the fingerprint data is not deleted.
  • the computing device 100 proceeds to operation 460 and deletes fingerprint data stored in a memory of the fingerprint reader.
  • the OS_Change flag is not set, it cannot be determined that the operating system used during the boot process is a known or trusted operating system.
  • the fingerprint data stored in the fingerprint reader memory 121 is deleted.
  • the afore-described examples can also be embodied as a non- transitory machine-readable recording medium having recorded thereon machine-executable instructions and data. At least one of the instructions and data may be stored in the form of program code and may cause a program module to perform an appropriate operation when executed by a processor.
  • Examples of the non-transitory machine-readable recording medium include magnetic storage media (e.g., hard disks) and optical recording media (e.g., compact discs (CDs) or digital versatile discs (DVDs)), or memories included in a server accessible through a network.

Abstract

An example computing device includes a fingerprint reader, having fingerprint data stored, therein and a processor. The processor is to determine whether an operating system available to the computing device during a boot process is included in a list of operating systems available to the computing device during a previous boot process, and, in response to a determination that the operating system is included in the list, disable deletion of the fingerprint data.

Description

DISABLING FINGERPRINT DATA DELETION
BACKGROUND
[0001] A fingerprint reader may be used to authenticate a user. For example, a fingerprint reader may be coupled to a computing device and used to authenticate a user of the computing device. The fingerprint reader may include a memory to store various data such as a fingerprint template of a user, identification information of the user, and the like. In different situations, the data stored on the memory of the fingerprint reader may be deleted.
BRIEF DESCRIPTION OF DRAWINGS
[0002] FIG. 1 illustrates a computing device in which deletion of fingerprint data may be disabled according to an example;
[0003] FIG. 2 illustrates a more detailed example of a computing device in which deletion of fingerprint data may be disabled;
[0004] FIG. 3A illustrates a list of operating systems available to a computing device during a previous boot process according to an example; [0005] FIG. 3B illustrates a list of operating systems available to a computing device during a current boot process according to an example; and [0006] FIG. 4 illustrates a process of disabling fingerprint data deletion according to an example.
[0007] Throughout the drawings, it should be noted that like reference numbers are used to depict the same or similar elements, features, parts, components, and structures.
DESCRIPTION OF EXAMPLES
[0008] Various examples are described below with reference to the accompanying drawings. The examples described hereinafter may be modified in many different forms. [0009] Throughout the description, when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element, or can be connected or coupled to the other element with intervening elements interposed therebetween.
[0010] In the following description, a singular expression includes a plural expression, unless otherwise specified. It is also to be understood that terms such as “comprises” or “includes” are used herein to designate the presence of a characteristic, a number, a step, an operation, an element, a component, or a combination thereof, and not to preclude the presence or the possibility of adding one or more of other characteristics, numbers, steps, operations, elements, components, or a combination thereof. It is also to be understood that terms such as “first,” “second,” or the like are used to differentiate between objects having the same or similar terminology and are in no way intended to represent an order, unless where explicitly stated otherwise.
[0011] A computing device, such as a personal computer (PC), a laptop computer, a tablet, a mobile terminal, or the like, may include a biometric device to authenticate a user. For example, a computing device may include a fingerprint reader as a biometric device to authenticate a user of the computing device. The fingerprint reader may include a memory in which various biometric data, such as a fingerprint template, a user identification, and the like, may be stored. Because the biometric data includes private data, care should be taken in managing the data. Thus, in various situations, the data stored in the memory of the fingerprint reader may be deleted for purposes of data integrity.
[0012] For example, there may be a plurality of operating systems available for use by the computing device. The computing device may use any of the plurality of operating systems to manage hardware or software of the computing device. For purposes of data security, when a user switches between operating systems, the data stored in the memory of the fingerprint reader may be deleted. In that case, the user needs to re-enter the data in the fingerprint reader memory after switching between operating systems in order to access the computing device using the fingerprint reader. [0013] However, the deletion of the fingerprint data after switching between operating systems may be unnecessary. For example, each of the plurality of operating systems may be considered an operating system that is known by the user or otherwise trusted by the user. In such a situation, the deletion of the fingerprint data from the memory of the fingerprint reader results in an inconvenience for the user when the user switches between operating systems. [0014] FIG. 1 illustrates a computing device in which deletion of fingerprint data may be disabled according to an example.
[0015] Referring to FIG. 1 , a computing device 100 may include a processor 110 and a fingerprint reader 120. The computing device 100 may be a personal computer (PC), a laptop computer, a tablet, a mobile terminal, or the like. In various examples, the fingerprint reader 120 may be a component that is incorporated in the computing device 100 or may be a separate component that may be selectively coupled to the computing device 100.
[0016] The processor 110 may control an operation of the computing device 100. For example, the processor 110 may control a booting or a launch process of the computing device 100 and may control other components included in the computing device 100 such that a desired operation is performed. The processor 110 may include an arithmetic component, a logical component, etc. for controlling the computing device 100 and may be implemented as a standard processing device, a microprocessor, a microcontroller, a programmable integrated circuit, or the like. Also, the processor 110 may be implemented as multiple processors, multiple core processors, or the like.
[0017] In various examples, there may be a plurality of operating systems available for use by the computing device 100. For example, the computing device 100 may have an operating system installed in a memory of the computing device 100, may have access to an operating system installed on an external memory connected to the computing device 100, or may have access to an operating system stored in an external memory remote from the computing device 100. The computing device 100 may access any of the plurality of operating systems to manage hardware or software installed in the computing device 100, such as the processor 110, the fingerprint reader 120, etc. [0018] The fingerprint reader 120 may be a Match-in-Sensor (MiS) type or a Match-on-Chip (MoC) type fingerprint reader. In that case, the fingerprint reader 120 is to perform a fingerprint analysis function independently from the computing device 100. For example, a fingerprint analysis operation such as user enrollment, fingerprint verification, fingerprint identification, etc. is performed by the fingerprint reader 120 such that the computing device 100 receives a result of the analysis. To support these operations, the fingerprint reader 120 may include a processor that is separate from the processor 110 of the computing device 100. The processor of the fingerprint reader 120 may have cryptographic capabilities to locally perform a fingerprint matching operation in an environment that is isolated from the computing device 100.
[0019] The fingerprint reader 120 may include a memory to store fingerprint data such as a user identification, a fingerprint template, a user payload, etc. For data security, communication between the fingerprint reader 120 and the computing device 100 as well as the fingerprint data stored in the memory of the fingerprint reader 120 may be encrypted. The fingerprint data stored in the memory of the fingerprint reader 120 may be considered secure since the data does not leave the fingerprint reader 120.
[0020] To provide data security, the fingerprint data stored in the memory of the fingerprint reader 120 may be deleted based on the occurrence of a certain event. For example, the fingerprint data stored in the memory of the fingerprint reader 120 may be deleted based on a switch between operating systems, if the user resets a current operating system, if the user removes the fingerprint reader 120 from the computing device 100, and the like. As an example, if a user of the computing device 100 switches between a first operating system available to the computing device 100 and a second operating system available to the computing device 100, the fingerprint data stored in the memory of the fingerprint reader 120 may be deleted. Flowever, in certain cases, the deletion of the fingerprint data may be unnecessary. For example, the first and second operating systems may be known or trusted by the user such that the deletion of fingerprint data is unnecessary or undesirable. [0021] To disable the deletion of the fingerprint data stored in the memory of the fingerprint reader 120, it may be determined whether an operating system available to the computing device 100 during a boot process is a known or a trusted operating system. In an example, it may be determined if the operating system available to the computing device 100 during the boot process is included in a list of operating systems available to the computing device 100 during a previous boot process. If the operating system available to the computing device 100 during the boot process is included in the list, the operating system may be considered a known or trusted operating system such that the deletion of the fingerprint data stored in the memory of the fingerprint reader 120 is disabled. As such, the user may continue use of the fingerprint reader 120 without needing to re-enter the fingerprint data.
[0022] In another example, it may be determined if the deletion of fingerprint data is to be disabled during a boot process of the computing device 100 based on a comparison of a first list of operating systems and a second list of operating systems. For example, if the comparison of the first and second lists determines that the computing device 100 is being booted with a known or trusted operating system, then the deletion of fingerprint data stored in a memory of the fingerprint reader 120 may be disabled. As an example, the first list may include a list of operating systems available to the computing device 100 during a current boot process and the second list may include a list of operating systems available to the computing device 100 during a previous boot process. The comparison of the lists may determine if the first list includes an operating system that is not included on the second list. If the first list includes the operating system that is not included on the second list, then the operating system may not be a known or trusted operating system such that the fingerprint data stored in a memory of the fingerprint reader 120 is deleted. On the other hand, if the first list does not include an operating system that is not included on the second list, then the operating systems available for use during the current boot process may be considered known or trusted operating systems such that deletion of the fingerprint data stored in a memory of the fingerprint reader 120 is disabled. [0023] FIG. 2 illustrates a more detailed example of a computing device in which deletion of fingerprint data may be disabled.
[0024] Referring to FIG. 2, the computing device 100 may include the processor 110, the fingerprint reader 120, a read-only-memory (ROM) 130, a communication device 140, a storage device 150, a port 160, and a bus 170. The computing device 100 may further include an input device 180, and a display device 190. In the example of FIG. 2, the input device 180 and the display device 190 are illustrated as provided externally to the computing device 100. Flowever, in other examples, the input device 180 and the display device 190 may be included in the computing device 100. Although not shown, the computing device 100 may further include additional devices, components, or the like, such as a power source to provide power to any or all of the illustrated components. In implementation, the computing device 100 may be a PC, a laptop computer, a tablet, a mobile terminal, or the like. Because aspects of the processor 110 and the fingerprint reader 120 have been described above with respect to FIG. 1 , a repetitive description will not be provided for sake of brevity.
[0025] In the example of FIG. 2, the fingerprint reader 120 may include a fingerprint reader memory 121. The fingerprint reader memory 121 may store fingerprint data such as a user identification, a fingerprint template, a user payload, etc.
[0026] The ROM 130 is a non-volatile memory that is provided to store software for use when starting or booting the computing device 100. The ROM 130 may be implemented as a programmable ROM (PROM), an erasable programable ROM (EPROM), an electrically erasable programable ROM (EEPROM), a non-volatile RAM (NVRAM), a flash memory, or the like. The ROM 130 may include firmware 131 .
[0027] In an example, the firmware 131 may include a basic input/output system (BIOS). As used herein, BIOS refers to hardware or hardware and instructions to initialize, control, or operate the computing device 100 prior to execution of an operating system of the computing device 100. Instructions included within the BIOS may be software, firmware, microcode, or other programming that defines or controls functionality or operation of the BIOS. In one example, the BIOS may be implemented using instructions, such as platform firmware of the computing device 100, executable by a processor. The BIOS may operate or execute prior to the execution of the operating system of the computing device 100. The BIOS may initialize, control, or operate components such as hardware components of the computing device 100 and may load or boot the operating system of the computing device 100.
[0028] In some examples, the BIOS may provide or establish an interface between hardware devices or platform firmware of the computing device 100 and an operating system of the computing device 100, via which the operating system of the computing device 100 may control or operate hardware devices or platform firmware of the computing device 100. In some examples, the BIOS may implement the Unified Extensible Firmware Interface (UEFI) specification or another specification or standard for initializing, controlling, or operating the computing device 100.
[0029] The communication device 140 may perform wired or wireless communication with another device or a network. The communication device 140 may include a communication module (e.g., a transceiver) supporting various wired or wireless communication methods. The communication device 140 may be connected to an external apparatus of the computing device 100 to transmit and receive signals or data. As an example, the computing device 100 may be connected to a cloud server 300 through the communication device 140.
[0030] The storage device 150 may include a non-volatile memory on which software, applications, programs, drivers, or the like may be stored. As an example, a driver of the fingerprint reader 120 may be installed on the storage device 150. The storage device 150 may be implemented as a magnetic hard disk drive (FIDD) device, a solid-state drive (SSD) device, or the like. For example, if implemented as an HDD, the storage device 150 may be a parallel advanced technology attachment (PATA) storage device (i.e. , an integrated drive electronics (IDE) or an enhanced IDE (EIDE) storage device), a serial ATA (SATA) storage device, a small computer system interface (SCSI) storage device, or the like. As another example, if implemented as an SSD, the storage device 150 may include a flash memory such as a NAND based flash memory or other semiconductor-based memory.
[0031] The port 160 may provide an electrical connection between the computing device 100 and an external device, such as an external memory 200. In an example in which the fingerprint reader 120 is provided as a component separate from the computing device 100, the fingerprint reader 120 may be connected to the computing device 100 using the port 160. In various examples, the computing device 100 may be provided with a plurality of ports 160. The port 160 may be implemented as a universal serial bus (USB) port, a secure digital (SD) port, a microSD port, or the like.
[0032] The bus 170 may provide an electrical connection between any or all of the processor 110, the fingerprint reader 120, the ROM 130, the communication device 140, the storage device 150, the port 160, the input device 180, and the display device 190. Although the bus 170 is illustrated in FIG. 2 as a single bus, it may be implemented as a plurality of busses or other types of electrical connections. Furthermore, although not illustrated, the computing device 100 may include additional components or devices coupled between the bus 170 and the illustrated components.
[0033] The input device 180 may receive a user input and may be implemented as a keyboard, a mouse, a physical button, a touch screen, a camera, a microphone, or the like. The display device 190 may display information, such as a result of executing a program, a menu for a user selection, a graphical user interface (GUI), or the like and may be implemented as a liquid crystal display (LCD), a light emitting diode (LED) display, an organic LED (OLED) display, an active matrix OLED (AMOLED) display, or the like.
[0034] Although illustrated as separate components and devices, certain of the components and devices may be implemented as a single component or device. As an example, the input device 180 and the display device 190 may be implemented as a single touchscreen device performing the functions of both the input device 180 and the display device 190.
[0035] The computing device 100 may have different operating systems available for use and may be able to perform a boot process using a selected operating system. In the example illustrated in FIG. 2, the computing device 100 has available different operating systems including a first operating system OS1 151 stored in the storage device 150, a second operating system OS2 152 stored in the external memory 200, and a third operating system OS3 153 stored in the cloud server 300. Each of the first, second and third operating systems OS1 151 , OS2 152, and OS3 153 may be implemented as a Windows™ OS, a mac™ OS, a Linux™ OS, or the like.
[0036] In other examples, any of the storage device 150, the external memory 200, or the cloud server 300 may have stored therein more than one operating system that may also be available to the computing device 100 while others of the storage device 150, the external memory 200, or the cloud server 300 do not include an operating system for use by the computing device 100. For example, the storage device 150 may include more than one operating system while the external memory 200 and the cloud server 300 do not include any operating system. Of course, these described arrangements of operating systems are merely for sake of example and not to be construed as limiting.
[0037] After booting the computing device 100 with a selected operating system, a user of the computing device 100 may desire to switch to another operating system. As an example, after having booted the computing device 100 using the first operating system OS1 151 , the user may desire to switch to another operating system. In that case, the user may discontinue use of the first operating system OS1 151 and perform a boot process using the other operating system. In the above described example of FIG. 2, the other operating system may be the second operating system OS2 152 or the third operating system OS3 153. During the booting of the computing device 100 using the other operating system, the driver of the fingerprint reader 120 may detect that the operating systems have changed, and cause fingerprint data stored in the fingerprint reader memory 121 to be deleted. In that case, deletion of the fingerprint data may be performed to ensure data integrity. However, the deletion of the fingerprint data stored in the fingerprint reader memory 121 may be unnecessary and may cause an inconvenience to the user. For example, if the operating systems available to the computing device 100 are known or otherwise trusted by the user, it may be unnecessary to delete the fingerprint data when switching between the operating systems. Thus, in an example, the deletion of the fingerprint data stored in the fingerprint reader memory 121 may be disabled.
[0038] In an example of determining whether to disable the deletion of the fingerprint data stored in the fingerprint reader memory 121 , it may be determined whether an operating system available to the computing device 100 during a boot process is included in a list of operating systems. If the operating system is included in the list, deletion of the fingerprint data stored in the fingerprint reader memory 121 may be disabled. In an example, the list of operating systems may include a list of operating systems available to the computing device 100 during a previous boot process.
[0039] FIG. 3A illustrates a list of operating systems available to a computing device during a previous boot process according to an example. [0040] Referring to FIG. 3A, a list 310 of operating systems available to the computing device 100 during a previous boot process may include a fourth operating system OS4 311 , a fifth operating system OS5 312, and a sixth operating system OS6 313.
[0041] The list 310 may be determined during a previous boot process of the computing device 100. For example, during the previous boot process, the computing device 100 may determine a list of operating systems available in a boot manager and record the list in the ROM 130. In that manner, the list 310 may be available during a subsequent boot process (e.g., the current boot process) for a determination of whether an operating system available to the computing device 100 is included on the list 310.
[0042] In the example of FIG. 3A, the fourth operating system OS4 311 may be a UEFI based operating system that is located on a storage device of the computing device 100. For example, the fourth operating system OS4 311 may be located on the storage device 150. The fifth operating system OS5 312 may be a UEFI based operating system that is located on a storage device that is external to the computing device 100. For example, the fifth operating system OS5 312 may be located on an external storage device such as the external memory 200. The sixth operating system OS6 313 may be a UEFI based operating system that is located on a remote storage device with which the computing device 100 communicates, such as a remote cloud server. For example, the sixth operating system OS6313 may be located on the cloud server 300.
[0043] Referring again to FIG. 2, the deletion of fingerprint data stored in the fingerprint reader memory 121 may be disabled based on a determination that an operating system available to the computing device 100 during a boot process is included on the list 310 of operating systems available to the computing device 100 during the previous boot process. As an example, if a user selects to boot the computing device 100 using the first operating system OS1 151 stored on the storage device 150, a determination may be made of whether the first operating system OS1 151 is included on the list 310. In more detail, it may be determined if the OS1 151 matches any of the OS4 311 , the OS5 313, or the OS6 314. In an example, the determination of whether the operating systems match may be based on a comparison of a globally unique identifier (GUID) of the operating systems. Furthermore, if it is determined that the selected OS1 151 matches any of the OS4 311 , the OS5 312, or the OS6 313, the deletion of the fingerprint data stored in the fingerprint reader memory 121 may be disabled. On the contrary, if the selected OS1 151 does not match any of the operating systems included in the list 310, the fingerprint data may be deleted.
[0044] FIG. 3B illustrates a list of operating systems available to a computing device during a current boot process according to an example.
[0045] Referring to FIG. 3B, which illustrates a state of the computing device 100 of FIG. 2, a list 320 of operating systems available to the computing device 100 during a current boot process may include the first operating system OS1 151 , the second operating system OS2 152, and the third operating system OS3 153. The list 320 may be determined during a current boot process of the computing device 100. For example, the computing device 100 may determine the list of operating systems currently available as listed in a boot manager of the computing device 100 during the current boot process.
[0046] In an example of determining whether to disable the deletion of fingerprint data stored in the fingerprint reader memory 121 , the list 320 of currently available operating systems may be compared to the list 310 of operating systems available during the previous boot process. The comparison of the list 310 and the list 320 may include a determination of whether both lists include the same operating systems, a determination of whether the list 320 includes an operating system that is not included on the list 310, or the like. In various examples, the determination of whether the operating systems match may be based on a comparison of a GUID of the operating systems.
[0047] For example, if the list 310 and the list 320 include the same operating systems, or the list 320 does not include an operating system that is not included on the list 310, then if may be determined that the operating systems available to the computing device 100 during the current boot process are known by the user or otherwise trustworthy. In that case, the deletion of fingerprint data stored in the fingerprint reader memory 121 may be disabled. On the other hand, if the list 320 includes an operating system that is not included on the list 310, then the fingerprint data stored in the fingerprint reader memory 121 may be deleted.
[0048] Further to the above examples, if it is determined that an operating system available to the computing device 100 for a boot process is a known or trusted operating system, an indicator may be set and stored in the computing device 100. That is, the indicator may represent a status that the list of available operating systems does not include an unknown operating system.
[0049] The indicator may be set by a BIOS process during the booting of the computing device 100 and the indicator may be stored as a binary flag in the ROM 130. Based on the setting and the storing of the flag, the driver of the fingerprint reader 120 may determine that deletion of the fingerprint data stored in the fingerprint reader memory 121 should be disabled. That is, if the flag is stored in the ROM 130, the driver of the fingerprint reader 120 may determine that the deletion of the fingerprint data should be disabled. In that case, the setting of the flag represents that the operating system available to the computing device 100 during a boot process is a known or trusted operating system.
[0050] FIG. 4 illustrates a process for disabling deletion of fingerprint data according to an example. [0051] Referring to FIG. 4, the computing device 100 begins a system boot in operation 410. As an example, the user of the computing device may power on the computing device 100, restart the computing device 100, or the like.
[0052] In operation 415, the computing device 100 launches software to control the boot process and deletes a flag indicating a status of an operating system list. As an example, the computing device 100 may launch a BIOS boot loader to control the boot process. As part of the boot process, the computing device 100 may display a list of operating systems available for a user selection and receive a user input selecting a displayed operating system for booting the computing device 100.
[0053] The flag indicating the status of the operating system list may indicate whether a change has been made to a list of operating systems available to the computing device 100 since a previous boot process. For example, the flag may indicate that an operating system that was not available to the computing device 100 during a previous boot process is available to the computing device 100 during a current boot process. In the example of FIG. 4, the flag is termed an OS_Change flag. The OS_Change flag may be stored in the ROM 130 of the computing device 100 and may be a binary flag capable of representing two states. For example, a first state may indicate that the list of operating systems has not changed since a previous boot process and a second state may indicate that the list of operating systems includes an operating system that was not available to the computing device 100 during a previous boot process. Further, the first state may indicate that the deletion of fingerprint data from the fingerprint reader memory 121 may be disabled because an operating system available to the computing device 100 during the boot process is a known or trusted operating system.
[0054] In operation 420, the computing device 100 determines if more than one operating system is available for use by the computing device 100. For example, in the case of operating the computing device 100 using the Windows™ operating platform, the computing device 100 may determine if there is more than one Windows™ boot loader maintained by a boot manager of the computing device 100. If it is determined in operation 420 that there is not more than one operating system available for use by the computing device 100, the computing device 100 proceeds to operation 440. On the other hand, if it is determined in operation 420 that there is more than one operating system available for use by the computing device 100, the computing device 100 proceeds to operation 425. [0055] In operation 425, it is determined if the operating system being used to boot the computing device 100 is the same operating system used to boot the computing device 100 during the previous boot process. Here, the previous boot process may refer to a boot process immediately preceding the current boot process. As an example, BIOS boot process of the computing device 100 may determine if the current operating system is the same as the previous operating system by comparing a GUID of the current operating system with a GUID of the previous operating system. If it is determined in operation 425 that the current operating system is the same as the previous operating system, the computing device 100 proceeds to operation 440. On the other hand, if it is determined in operation 425 that the current operating system is not the same as the previous operating system, the computing device 100 proceeds to operation 430.
[0056] In operation 430, it is determined if the operating system selected for the current boot process is a trusted operating system. In an example, the determination of whether the current operating system is a trusted operating system may include determining if the current operating system is included on a list of operating systems available to the computing device 100 during the previous boot process. In another example, the determination of whether the current operating system is a trusted operating system may include comparing a list of operating systems available to the computing device 100 during the current boot process with a list of operating systems available to the computing device 100 during the previous boot process. Furthermore, the comparison may include determining if the lists are the same, or if the list of operating systems available to the computing device 100 during the current boot process includes an operating system that is not on the previous list. In various examples, the comparison may be based on a comparison of respective GUIDs of the operating systems. [0057] If it is determined in operation 430 that the operating system selected for the current boot process is a trusted operating system, the computing device 100 proceeds to operation 435. On the other hand, if it is determined in operation 430 that the operating system selected for the current boot process is not a trusted operating system, the computing device 100 proceeds to operation 440.
[0058] In operation 435, based on a determination that the current operating systems is a trusted operating system, the computing device 100 sets the OS_Change flag to indicate that the operating system selected for the current boot process is trusted. For example, the computing device 100 may set the OS_Change flag by setting a binary flag in a memory of the computing device 100, such as a ROM of the computing device 100. As an example, the binary flag may be set to a value of one to indicate the result that the operating system is trusted and may be set to a value of zero to indicate that the operating system is not included on the list of operating systems available during the previous boot process.
[0059] In operation 440, the computing device 100 records the list of operating systems available to the computing device 100 during the current boot process. As an example, the computing device 100 determines a list of operating systems available to the computing device 100 as listed in a boot manager of the computing device 100 and records that list in a memory of the computing device 100. As an example, the computing device 100 may record the list in the ROM 130 of the computing device 100. By storing the list of operating systems available to the computing device 100 during the current boot process, the computing device 100 will be able use the stored list during a subsequent boot process to determine if an operating system is a trusted operating system during the subsequent boot process. In an example, the computing device 100 may update a list of operating systems available during the previous boot process with the list of operating systems available during the current boot process by overwriting the previous list.
[0060] In operation 445, the computing device 100 boots the operating system selected for the boot process. As part of operation 445, a driver of a fingerprint reader may be launched to control the fingerprint reader 120. The driver of the fingerprint reader 120 may control operations of the fingerprint reader 120 and determine if data stored in the fingerprint reader memory 121 should be deleted.
[0061] In operation 450, it is determined if the computing device 100 is booted with an operating system that is different from an operating system used during the previous boot process. As an example, the driver of the fingerprint reader may compare a GUID of an operating system used during the previous boot process with a GUID of the operating system used during the current boot process. Here, the GUID of the current operating system and the GUID of the previous operating system may be obtained from a registry table stored in the storage device 150.
[0062] If it is determined in operation 450 that the computing device 100 is not booted with an operating system that is different from the previous boot process, that is, if it is determined that the same operating system is used during the current boot process as used in the previous boot process, the computing device 100 proceeds to operation 465. If it is determined in operation 450 that the computing device 100 is booted with an operating system that is different from the previous boot process, the computing device 100 proceeds to operation 455. [0063] In operation 455, it is determined if the OS_Change flag is set. As an example, the driver of the fingerprint reader 120 may determine if the OS_Change flag is set to a positive value and stored in the ROM 130. The OS_Change flag, which may be set in operation 435, indicates that the operating system used during the current boot process is a trusted operating system. If it is determined in operation 455 that the OS_Change flag is set, the computing device 100 proceeds to operation 465.
[0064] In operation 465, the driver of the fingerprint reader 120 disables the deletion of fingerprint data stored in the fingerprint reader memory 121. That is, because the same operating system was used for both the current boot process and the previous boot process as determined in operation 450, or because a different operating system was used for the current boot process but the current operating system is a trusted operating system based on the OS_Change flag being set, the fingerprint data is not deleted.
[0065] On the other hand, if it is determined in operation 455 that the OS_Change flag is not set, the computing device 100 proceeds to operation 460 and deletes fingerprint data stored in a memory of the fingerprint reader. In that case, because the OS_Change flag is not set, it cannot be determined that the operating system used during the boot process is a known or trusted operating system. Thus, to preserve data integrity, the fingerprint data stored in the fingerprint reader memory 121 is deleted.
[0066] The afore-described examples can also be embodied as a non- transitory machine-readable recording medium having recorded thereon machine-executable instructions and data. At least one of the instructions and data may be stored in the form of program code and may cause a program module to perform an appropriate operation when executed by a processor. Examples of the non-transitory machine-readable recording medium include magnetic storage media (e.g., hard disks) and optical recording media (e.g., compact discs (CDs) or digital versatile discs (DVDs)), or memories included in a server accessible through a network.
[0067] While the present disclosure has been shown and described with reference to various examples thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present disclosure as defined by the appended claims and their equivalents. Therefore, the scope of the present disclosure should be defined not by the described examples alone, but by the appended claims and the equivalents thereof.

Claims

WHAT IS CLAIMED IS:
1 . A computing device comprising: a fingerprint reader including fingerprint data stored therein; and a processor to: determine whether an operating system available to the computing device during a boot process is included in a list of operating systems available to the computing device during a previous boot process, and in response to a determination that the operating system is included in the list, disable deletion of the fingerprint data.
2. The computing device of claim 1 , further comprising a memory, wherein the processor is further to store an indicator in the memory in response to the determination that the operating system is included in the list.
3. The computing device of claim 2, wherein the indicator comprises a binary flag.
4. The computing device of claim 2, wherein the processor is further to delete the indicator during the boot process of the computing device.
5. The computing device of claim 1 , further comprising a memory, wherein the processor is further to store the list in the memory.
6. The computing device of claim 5, wherein the processor is further to update the list with a list of operating systems available to the computing device during the boot process.
7. The computing device of claim 1 , wherein the processor is further to, in response to a determination that the operating system is not included in the list, delete the fingerprint data.
8. The computing device of claim 1, wherein the processor is further to: determine whether an operating system selected for the boot process is different from an operating system selected for the previous boot process, and in response to a determination that the operating system selected for the boot process is not different from the operating system selected for the previous boot process, disable deletion of fingerprint data.
9. The computing device of claim 8, wherein the processor is further to determine whether the operating system selected for the boot process is different from the operating system selected for the previous boot process by comparing a globally unique identifier of the operating system selected for the boot process with a globally unique identifier of the operating system selected for the previous boot process.
10. A computing device comprising: a fingerprint reader including fingerprint data stored therein; and a processor to: perform a boot process of the computing device; and determine, during the boot process, if the fingerprint data is to be deleted based on a comparison between a first list of operating systems and a second list of operating systems.
11. The computing device of claim 10, further comprising a memory, wherein, in response to a determination that the fingerprint data is not to be deleted, the processor is further to store an indicator in the memory.
12. The computing device of claim 10, wherein the processor is further to: determine if the first list of operating systems includes an operating system that is not included in the second list of operating systems; and determine that the fingerprint data is to be deleted in response to a determination that the first list of operating systems includes the operating system.
13. A non-transitory machine-readable storage medium encoded with instructions that when executed cause a processor of a computing device to: determine, during a boot process, if a first set of operating systems in a boot manager list includes an operating system that is not included in a second set of operating systems in a boot manager list during a previous boot process; in response to a determination that the first set of operating systems does not include the operating system, store a flag in a memory; and disable deletion of fingerprint data stored in a fingerprint reader if the flag is stored in the memory.
14. The non-transitory machine-readable storage medium of claim 13, further comprising instructions that when executed cause the processor of the computing device to: delete the flag stored in the memory, and update the second set of operating systems with the first set of operating systems.
15. The non-transitory machine-readable storage medium of claim 13, further comprising instructions that when executed cause the processor of the computing device to: determine if a first operating system used during the boot process is the same as a second operating system used during the previous boot process, and in response to a determination that the first operating system is the same as the second operating system, disable deletion of the fingerprint data stored in the fingerprint reader.
PCT/US2020/042971 2020-07-22 2020-07-22 Disabling fingerprint data deletion WO2022019895A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2020/042971 WO2022019895A1 (en) 2020-07-22 2020-07-22 Disabling fingerprint data deletion

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2020/042971 WO2022019895A1 (en) 2020-07-22 2020-07-22 Disabling fingerprint data deletion

Publications (1)

Publication Number Publication Date
WO2022019895A1 true WO2022019895A1 (en) 2022-01-27

Family

ID=79729771

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2020/042971 WO2022019895A1 (en) 2020-07-22 2020-07-22 Disabling fingerprint data deletion

Country Status (1)

Country Link
WO (1) WO2022019895A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160094556A1 (en) * 2008-05-23 2016-03-31 Exacttrak Limited Command origin filtering
US20160155128A1 (en) * 2014-12-02 2016-06-02 Ca, Inc. Device identification based on deep fingerprint inspection
US20180124039A1 (en) * 2014-02-18 2018-05-03 Secureauth Corporation Device fingerprint based authentication
US20190220349A1 (en) * 2019-03-28 2019-07-18 Intel Corporation Combined secure mac and device correction using encrypted parity with multi-key domains

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160094556A1 (en) * 2008-05-23 2016-03-31 Exacttrak Limited Command origin filtering
US20180124039A1 (en) * 2014-02-18 2018-05-03 Secureauth Corporation Device fingerprint based authentication
US20160155128A1 (en) * 2014-12-02 2016-06-02 Ca, Inc. Device identification based on deep fingerprint inspection
US20190220349A1 (en) * 2019-03-28 2019-07-18 Intel Corporation Combined secure mac and device correction using encrypted parity with multi-key domains

Similar Documents

Publication Publication Date Title
TWI570592B (en) System, method and computer readable storage medium for updating computer firmware
KR101802800B1 (en) Media protection policy enforcement for multiple-operating-system environments
TWI559167B (en) A unified extensible firmware interface(uefi)-compliant computing device and a method for administering a secure boot in the uefi-compliant computing device
US20140115316A1 (en) Boot loading of secure operating system from external device
US9684518B2 (en) Option read-only memory use
US9495535B2 (en) Systems and methods for authenticated system partition access
US8819330B1 (en) System and method for updating a locally stored recovery image
WO2004017195A1 (en) Using system bios to update embedded controller firmware
TW201506788A (en) Secure boot override in a computing device equipped with unified-extensible firmware interface (UEFI)-compliant firmware
JP2015153198A (en) Method for preventing malfunction of computer, computer program and computer
JP6701398B2 (en) Firmware update by remote utility
JP2017509085A (en) User selectable operating system
US20110113227A1 (en) Electronic equipment and boot method, storage medium thereof
US20060080540A1 (en) Removable/detachable operating system
US20160048389A1 (en) System and method for supporting part replacement
US9003172B2 (en) Intelligently controlling loading of legacy option ROMs in a computing system
US20060080518A1 (en) Method for securing computers from malicious code attacks
US20230214471A1 (en) Storage device, nonvolatile memory system including memory controller, and operating method of the storage device
WO2022019895A1 (en) Disabling fingerprint data deletion
TWI754221B (en) Disabling software persistence
US11340882B2 (en) Systems and methods for enforcing update policies while applying updates from bootable image file
US20070067566A1 (en) External storage device for controlling computer and method thereof
US11429396B1 (en) Validating and enumerating device partitions in a computing environment
US11507388B2 (en) Storage device enumeration in information handling systems
US20140095788A1 (en) Method for virtualizing raid of computer system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20946228

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20946228

Country of ref document: EP

Kind code of ref document: A1