DIGITAL TRANSMISSION OF CONSTANTLY VARYING FINGERPRINT INFORMATION
Cross Reference To Related Applications
This application claims the benefit of the U.S. Provisional Application serial number 60/156,022, filed September 23, 1999 and Provisional Application serial number 60/158,624 filed October 6, 1999 and Application serial number 09/208,283 filed December 6, 1998.
Background U.S. Patent Application No. 09/208,283 describes transmission of constantly varying fingerprint and/or biometric information. In this patent application, the biometric information is sampled using a specified parameter, and only some of separated samples the biometric information is sent during any one session. In this way, a receiver of the information cannot use the received information to reconstruct a new biometric portion to be sent at a later time or to construct the whole biometric part. This also reduces the amount of information which is
sent, to thereby allow a smaller data transmission package .
At the receiving/authenticating end, the information is compared to the entire image of the biometric part, to determine if the received portions match. An identification is established only if those received portions match.
Summary The present application describes additional features for use in a constantly-varying biometric transmission system. Specifically, one aspect of the present invention establishes those parts of the biometric information that will be sent by using a random number generator. Encryption of the eventual information is carried out. The encryption process itself uses a random number generator, as is conventional. According to the present system, the same random number generator is used for both the encryption and for selecting the portion of the biometric information to be used.
The random number can be based on a time of day, and/or a credit card.
Another aspect obtains digital information indicating the fingerprint. Only portions of that digital information are sent. The digital information that is/sent is separated by gaps, based on the random number. At the receiving end, the received digital information is correlated against a stored digital image of the fingerprint. A match is established if the correlation succeeds within a preset amount.
Another aspect forms a PIN form time of day and/or credit card.
Brief Description of the Drawings
These and other aspect will be described in detail with reference to the accompanying drawings, wherein :
Figure 1 shows a block diagram of the preferred fingerprint system;
Figure 2 shows a block diagram of a fingerprint processor;
Figure 3 shows a data transfer packet; Figure 4 shows a block diagram of the system; Figure 5 shows an alternative block diagram; and Figure 6 shows a flowchart of the encryption.
Description of the Preferred Embodiments A block diagram of the fingerprint system is shown in Figure 1. A point of sale system includes a biometric obtaining device 100, e.g., a fingerprint reader, a digitizer, and a fingerprint processor.
The fingerprint is read by the fingerprint reader 100 and the image is converted to digital form by the digitizer 102. This digital image of the fingerprint is then processed by the fingerprint processor 104, and sent to the authenticating end via by modem 106. The modem can of course be any conventional method of sending data over a channel shown as 110.
At the receiving end 120, the information is received by modem 125. Information from the point of sale 99 is compared against a stored image of the actual fingerprint. The comparing is described herein. Since no two fingerprint images will be
exactly the same even when the same fingerprint is being imaged, the receiver establishes a matched fingerprint if some specified adjustable percentage of the information is correct. Moreover, as described herein, the point of sale system 99, and specifically the fingerprint processor 104, does not send the entire fingerprint. Rather, the system sends only a portion of the fingerprint. That portion of the fingerprint that is sent can be separated portions whose separation is established by a random number, generated by the random number generator in the encryption system.
The fingerprint processor 104 receives a serial stream indicative of the digitized fingerprint. This corresponds to a series of digital samples.
According to this system, a resolution of the fingerprint is established in advance. For example, the resolution could be 480 by 640 or 600 by 800. The resolution must be the same at both ends, or else there would never be a match between fingerprints.
Hence, each pixel represents a certain image size and
each digital word also represents that same image size .
As described above, the system sends only a portion of the fingerprint rather than sending the
entire fingerprint. This portion includes separated portions, which are separated by specified amounts. The entire fingerprint may be digitized. This means that the entire fingerprint becomes digital bits representing samples. The bits representing those samples are then obtained. Portions are formed by bits; the lengths of the portions and distances between those portions are random numbers which are taken from the random number generator 103. While Figure 1 shows the entire operation being digital, these can alternatively be analog portions in which specified portions of the fingerprint in the analog domain are selected and sampled digitally.
The information may be encrypted prior to sending. The encryption system used herein is preferably the Data Encryption Standard, "DES", which is well known in the art. Encryption can be done by software in the processor 104. The session key used
for encryption generates a random number for encryption. The random number can be generated in any desired way, e.g. using a random number generator 103. In this embodiment, the random number is derived from the user's particulars, specifically, the user' s credit card number and time of day as shown in Figure 2. This random number is used not only for the DES encryption, but also for determining the portion of the fingerprint information to be sent. For example, if the random number turns out to be 16, then only 1 out of every 16 samples is sent. Each sample can be, for example, 64 bits in length or its length can be set by a second random number. The random number can be fixed or can be periodically changed during the session. For example, the random number can be changed four times within one biometric transmission. (F2) An exemplary data transfer packet is shown in Figure 3. A start code 300 is a unique sequence indicating that fingerprint transmission is about to start. This is followed by another unique
transmission 302 which indicates that a random number is to follow. The random number 304 follows the code. The random number here is shown as 15 for simplicity, but usually much larger numbers would be used.
A series of digital values, herein shown in hex form, follow as 308. This series of digital values can be of any length. An end code 310 indicates that the sample is stopping. This is followed by another random number here shown as 26. Another series of values follows, here representing one of every 26 samples. According to this disclosed mode, the random number changes four times within the sequence. The date and time is added at the end of the sequence as 315. Then, the entire sequence is DES- encrypted using the same random number as one or all of the ones used above, or based on the same random seed, as the session key at 320. The encrypted stream 325 is sent. An unauthorized person receiving this sequence cannot decrypt the sequence without the decryption key for the DES. Moreover, adding the date and time
stamp prevents the DES-encrypted code from being simply reused at some later time to form a false authentication. Even if a person does succeed in decrypting the information, that person does not obtain information about the entire fingerprint.
Rather, the sequence only provides certain specified digital bits based the person's biometrics.
Even further security can be obtained by using a number related to the time and day stamp as the first number 308. In this way, one of the numbers representing the number of samples that is sent will be continuously changing and cannot be reused. Again, since an unauthorized receiver does not obtain information about the user's whole biometric sample, that unauthorized user has no way of reconstructing valid information.
A disclosed way of obtaining the random number for both the DES and the fingerprint is shown in Figure 2. The fingerprint processor 104 obtains the user's credit card shown as 101. The time of day is also appended to this string shown as 103. According to this feature, the time of day and credit card are
added to obtain a first random number at 200. A second random number is obtained by shifting either the credit card number or the time of day 1 or more bits to the left shown as 210. Another add between the digital values at 215 then produces an entirely different random number 220 different than the first random number. The two values can be shifted relative to one another by different amounts in order to obtain different random numbers at different times.
Alternately, a random seed variable can be
established and stored as conventional.
A block diagram of the electronics of the system is shown in FIG. 4. The fingerprint reader 100 produces a data output 101 representing the fingerprint. This information is stored in fingerprint data memory 400. This value is then sampled by the fingerprint data gate 405, controlled by the data gate control mechanism 410 to produce gated information 408. The gated information 408 is stored in a data buffer 415. The gated information includes separated samples of fingerprint
information. A control signal 425 is produced when the fingerprint data is obtained. This signal indicates that the fingerprint reader is in use. This also triggers the time of day clock 430. A credit card reader 435 reads -a user's credit numbers. Both the time of day clock 430 and credit card reader 435 are input to an adder 440 which adds the valves to feed the DES based random number source 445. This same information is produced as an output to the DES encipherment block 450. The DES encipherment block may also receive a start up crypto key from 455. The random numbers are used for two purposes -- both for the data gate 410 to set the location (s) to gate the biometric information, and also for the DES encipherment.
A transmission coder 460 produces the final output .
The central database receives the information from the remote terminal as shown in FIG. 5. This decodes the transmission at 500, and sends the information to a time of day reference 505. The decoded information is deciphered using a DES
decipherment tool 510. The credit card number is used as the crypto key for the two DES (DEA-1) processes. The time of day reference is compared against the time of day reference in 505. The credit card information is compared against the credit card information in 515 the input fingerprint is compared against the fingerprint information in fingerprint database 520.
The credit card database and the time of day information from 505, 515 is similarly added as in 520, and used to feed a random number source 525. This is used in the data gate control mechanism to gate the actual fingerprint from database 520. The fingerprint from 520 is deciphered using a DES decipherment tool 530, and then gated at 535. The fingerprint is compared with the reference at 540, or 545, and determined as "okay" or "not okay" at 550.
Fig. 6 shows more details about the way the random number is generated. FIG. 6 shows obtaining the time of day at 600, and the 64-bit credit card number at 602. These values are added and then input to a DES codebook. This produces a first 64-bit
number. Note also that the time of day is added with eight zeros at the end, at 600. However, certain modifications may be carried out as part of 600. These modifications can alternatively be carried out by putting eight zeros on the left; four zeros on the left, four zeros on the right; logical compliment of four zeros left, four zeros right; logical compliments of the 56-bit time of day plus eight zeros); the logical compliment of eight zeros left plus 56-bit time of day. The credit card at 602 can be the logical compliment of the credit card, for the actual credit card numbers themselves.
Additional security measures can be used at the receiving end. It would be coincidence indeed if all the random numbers in two different transmissions were always the same. Accordingly, one additional security variation determines if all of the n random numbers that are used in a session are the same as those n numbers used in any previous session. If so, then the stream is rejected and the user is asked for a new fingerprint. Asking for a new fingerprint will occur at a different time, and hence will
provide different random numbers. If the user simply sends the same random numbers, they are rejected again. By preventing the user from using the same random numbers, the fingerprint information cannot be reused. Even in a 640 by 480 pixel system, the number of random number sets that could be used is large enough to ensure that no random numbers could repeat .
Another embodiment is shown in Figure 7. In this embodiment, time of day and credit cards are used to produce a PIN. A problem with personal identification numbers is that they are never truly random. A user rarely usually uses a number they can think of, rather than a number that's random. Random numbers are often not actually random and can be easily guessed by a surreptitious guesser. Figure 7 shows an alternative. While this device is shown producing PINS, it should be understood that it can be applied more generally to producing random numbers.
The credit card and the time of day stamp 700, 702 are obtained. Both of these numbers are
converted into digital formats, e.g., 64 bit digital. The values are then added by an adder 704 which digitally adds the signals to produce a 64 bit output 706. This input is taken into a cryptologic code book such as a DES cryptologic code book. In addition, additional information may be input into the code book. The credit card number can be used again as 700, and a user organization as 708 may be added by a second adder 709 to form a session key 711. The two sets of bits are used in a cryptologic code book to form an output 715.
The 64 bit output can be split into 16 bits, chunks such as 718, 720, etc. Each 16 bit chunk is modular 10 converted by a modular 10 box 725 to output of four digit pin 730. The modular 10 boxes reduce each 16 bit number into four consecutive locks of hex numbers. If any of the hex numbers are greater than 10, then the number is reduced modules 10 to effectively form a BCD version. Although only a few embodiments have been disclosed in detail above, those of ordinary skill art will certainly understand that certain
modifications are possible in the embodiment without departing from the spirit thereof.
For example, this system can be used with images or data formed from other biometrics, e.g., retinal scan, hand scan, breath scan, eye shape, face shape and the like.
Such modifications are intended to be encompassed within the following claims in which: