WO2001071462A2 - System and method for secure biometric identification - Google Patents

System and method for secure biometric identification Download PDF

Info

Publication number
WO2001071462A2
WO2001071462A2 PCT/US2001/040332 US0140332W WO0171462A2 WO 2001071462 A2 WO2001071462 A2 WO 2001071462A2 US 0140332 W US0140332 W US 0140332W WO 0171462 A2 WO0171462 A2 WO 0171462A2
Authority
WO
WIPO (PCT)
Prior art keywords
signal
transceiver
biometnc
data
biometπc
Prior art date
Application number
PCT/US2001/040332
Other languages
French (fr)
Other versions
WO2001071462A3 (en
Inventor
Martin Morris
Andrew Senyei
Jeff Calcagno
Original Assignee
Widcomm, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/531,720 external-priority patent/US7284266B1/en
Application filed by Widcomm, Inc. filed Critical Widcomm, Inc.
Priority to CA002369675A priority Critical patent/CA2369675A1/en
Priority to JP2001569590A priority patent/JP2003529143A/en
Publication of WO2001071462A2 publication Critical patent/WO2001071462A2/en
Publication of WO2001071462A3 publication Critical patent/WO2001071462A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1626Constructional details or arrangements for portable computers with a single-body enclosure integrating a flat display, e.g. Personal Digital Assistants [PDAs]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1632External expansion units, e.g. docking stations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1633Constructional details or arrangements of portable computers not specific to the type of enclosures covered by groups G06F1/1615 - G06F1/1626
    • G06F1/1684Constructional details or arrangements related to integrated I/O peripherals not covered by groups G06F1/1635 - G06F1/1675
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1633Constructional details or arrangements of portable computers not specific to the type of enclosures covered by groups G06F1/1615 - G06F1/1626
    • G06F1/1684Constructional details or arrangements related to integrated I/O peripherals not covered by groups G06F1/1635 - G06F1/1675
    • G06F1/1698Constructional details or arrangements related to integrated I/O peripherals not covered by groups G06F1/1635 - G06F1/1675 the I/O peripheral being a sending/receiving arrangement to establish a cordless communication link, e.g. radio or infrared link, integrated cellular phone
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1083Counting of PIN attempts

Definitions

  • the present invention relates to electronic devices and systems. More specifically, the present invention relates to systems and methods for providing user identification and/or authentication for electronic devices and systems.
  • the inventive system includes a mobile unit and a server
  • the mobile unit is adapted to receive biomet ⁇ c input and provide a first signal in response thereto
  • a first transceiver is included for transmitting the first signal and receiving a second signal in response thereto
  • a secure device is operationally coupled to the mobile umt The secure device has two modes of operation a first locked mode by which access thereto is prohibited and a second unlocked mode b ⁇ which access thereto is enabled on receipt of the second signal
  • the server unit includes a second transceiver for rece ⁇ ing the first signal transmitted via the wireless link
  • the server is equipped with a system for authenticating the biometric data and providing the second signal in response thereto The second signal is then communicated to the mobile unit where it is utilized to access the secure device
  • the first and second transceivers are adapted to operate in accordance with the Bluetooth specification
  • the mobile unit is adapted to encrypt the first signal and decrypt the second signal
  • biomet ⁇ c input is provided by a fingerp ⁇ nt sensor mounted on a Personal Digital Assistant
  • the secure device in the illustrative implementation is an encrypted database for which the second signal is a decryption key
  • Fig la is a perspective front view of an illustrative implementation of a PDA adapted for use in accordance with the teachings of the present invention
  • Fig lb is a perspective rear view thereof
  • Fig 2 is a block diagram of an illustrative implementation of a mobile unit subsystem constructed m accordance with the present teachings
  • Fig 3 is a block diagram of an illustrative implementation of a server subsystem for use in the system for secure biometric identification of the present invention
  • Fig 4 is a flow diagram illustrative of a method for secure biomet ⁇ c identification implemented in accordance w ith the teachings of the present invention
  • the inventive system includes a mobile unit and a server
  • the mobile unit is a Personal Digital Assistant (PDA) adapted to receive biometric input from a fingerprint sensor and provide a first signal in response thereto Personal Digital Assistants are well known and widely used
  • Fig la is a perspective front view of an illustrative implementation of a PDA adapted for use in accordance with the teachings of the present invention
  • Fig lb is a perspective rear view thereof
  • the PDA is implemented in accordance with the teachings of copendmg U S Application No 09/531 ,859, filed on March 21 , 2000, entitled "SYSTEM AND METHOD FOR SECURE USER IDENTIFICATION WITH BLUETOOTH ENABLED TRANSCEIVER AND BIOMETRIC SENSOR IMPLEMENTED IN A HANDHELD COMPUTER", inventor Martin Morns, (Atty Docket No WTDC-01 1), which teachings are hereby incorporated herein by reference
  • the PDA 10 is equipped with an expansion slot 12 such as the V ⁇ sor t ⁇ Handheld Computer manufactured and sold by Handspnng and disclosed more fulh at w w w handspnna com
  • the expansion slot 12 such as the V ⁇ sor t ⁇ Handheld Computer manufactured and sold
  • Fig 2 is a block diagram of an illustrative implementation of a mobile unit subsystem constructed m accordance with the present teachings
  • the mobile unit subsystem 20 includes the wireless transceiver 22 which is adapted to communicate with a central processing unit (CPU) 26 of the PDA
  • the central processing unit 26 receives biometric data from the fmgerpnnt sensor 28
  • data from the fmgerpnnt sensor 28 is encrypted in either m software 30 adapted to run on the CPU 26 and/or m optional hardware 32 Encryption hardware and software are well known m the art
  • the control software 30 also enables the CPU 26 to selectively access and control the mobile unit components via a system bus shown generally at 38
  • the encrypted biometric data is either used locally to access an encrypted database 34 or, preferably, transmitted over a link such as a wireless link to a server subsystem via the transceiver 22 and antenna 24
  • the server subsystem is depicted m Fig 3
  • Fig 3 is a block diagram of an illustrative implementation of a server subsystem for use m the system for secure biometnc identification of the present invention
  • the encrypted biomet ⁇ c data signal is received by a server antenna 42 and a second wireless Bluetooth enabled transceiver 44
  • the received signal is decrypted by an optional conventional hardware based decryption circuit 46 and/or by decryption software implemented m control software 48 adapted to run on a server CPU 50 .
  • decryption software implemented m control software 48 adapted to run on a server CPU 50
  • the decryption scheme utilized on the server is designed to match that of the mobile unit 20
  • the RSA public key encryption scheme is used This scheme is disclosed more fully in U S Patent No 4,405,829 entitled Cryptograpgic Communications System & Method, issued 9/29/83 to Rivest, et al the teachings of which are incorporated herein by reference
  • the server control software also controls the CPU 50 to selectively access and control the components of the server subsystem 40 via a server subsystem bus shown generally at 51
  • the decrypted biomet ⁇ c data in the illustrative implementation, the decrypted fmgerpnnt. is compared by fmgerpnnt matching software 52 to a database 54 of biomet ⁇ c data, l e , fingerpnnts Fmgerpnnt matching software is well known in the art Such software may be purchased from Vendicom, Inc of Santa Clara, CA
  • the retneved encryption key is encrypted by the resident encryption scheme either by the hardware unit 46, if provided, and/or by the encryption software implemented in the control software 48
  • the encrypted encryption key is then transmitted back to the mobile unit 20 via the wireless link through the transceiver 44 and antenna 42
  • the encrypted encryption key may be provided to a network 59 via a first network interface card or circuit 58 and a second network interface card or circuit 66
  • the network 59 facilitates the communication of the encrypted encryption key to the mobile unit 20 via a wireless transceiver 62 and an antenna 64 This configuration may be prefened if the second antenna 64 is closer to the mobile unit 20
  • the inventive system can be implemented such that the encrypted biometric data is transmitted from a first PDA 20 and the encrypted encryption key or other information is sent to a second mobile unit or
  • Fig 4 is a flow diagram illustrative of a method for secure biometric identification implemented m accordance with the teachings of the present invention As shown in Figs 2, 3 and 4 when a user in possession of the mobile unit 20 wishes to access the secure device 34, he/she places a finger on the fmgerpnnt sensor 28 and starts the access control program 100
  • the CPU 26 running the access control software 30 scans the fmgerpnnt from sensor 28 and, at step 106, encrypts it with the public key of the authentication server 40 by using the encryption software or hardware 30, 32
  • the resulting encrypted message is sent to the server 40 via the transceiver 22 and antenna 24 on the mobile unit 20 and the antenna 42 and transceiver 44 of the server 40
  • the encrypted fmgerpnnt is sent via the access point 60 and local or wide-area network 59 when the server 40 is not within direct radio range of the mobile unit 20
  • the serv er CPU 50 decrypts the message using its secret key and the encryption hardware and/or software 46 and 48, respectively
  • the CPU 50 then utilizes the fingerprint match software 52 to compare the decrypted fingerprint to the database of authorized fingerprints 54 to determine if the request is valid
  • step 1 the decryption key for the user's encrypted database 34 (Fig 2) is retrieved from the key database 56
  • the key is encrypted via the encryption hardware or software 46, 48 (Fig 3) and, at step 118, sent back to the mobile unit 20 via the same path from which the request was originally received
  • the key is received and decrypted
  • the retneved key used to make a temporary working copy 36 of the encrypted database 34
  • this temporary copy 36 is either read or edited If edited, then at step 130 the edited working copy is deleted or rewntten to encrypted form as soon as the user completes his operation

Abstract

A system and method for secure biometric identification. The inventive system includes a mobile unit and a server. The mobile unit is adapted to receive biometric input and provide a first signal in response thereto. In the illustrative implementation, the mobile unit is a Personal Digital Assistant (PDA) and the biometric input is provided by a fingerprint sensor mounted thereon. A first transceiver is mounted on the PDA for transmitting the first signal and receiving a second signal in response thereto. The PDA is adapted to encrypt the first signal and decrypt the second signal. A secure device is mounted at the PDA. The secure device has two modes of operation: a first locked mode by which access thereto is prohibited and a second unlocked mode by which access thereto is enabled on receipt of the second signal. In the illustrative implementation, the secure device is an encrypted database for which the second signal is a decryption key. The server unit includes a second transceiver for receiving the first signal transmitted via the wireless link. The first and second transceivers are adapted to operate in accordance with the Bluetooth specification. The server is equipped with a system for authenticating the biometric data and providing the second signal in response thereto. The second signal is then communicated to the mobile unit where it is utilized to access the secure device, e.g., encrypted database.

Description

SYSTEM AND METHOD FOR SECURE BIOMETRIC
IDENTIFICATION
BACKGROUND OF THE INVENTION
Field of the Invention
The present invention relates to electronic devices and systems. More specifically, the present invention relates to systems and methods for providing user identification and/or authentication for electronic devices and systems.
Description of the Related Art
Currently, whenever a user wishes to access a computer-based system containing private data, the user must often identify himself, usually with a password. Passwords notoriously provide poor security as users either chose very simple, easily ascertained passwords or, if they use more difficult passwords, users often write them down, making them subject to theft.
In the end, most forms of encryption, as well as access controls such as passwords and even locks, serve a single purpose of identifying the person requesting access.
Hence, there is a need in the art for a reliable, secure system or method of authenticating the identity of a user. Ideally, the system or method would be effective such that one would not need to memorize passwords or utilize other authenticating devices such as keys to access computers and other electronic devices and systems.
SUMMARY OF THE INVENTION
The need in the art is addressed by the system and method for secure biometric identification of the present invention. The inventive system includes a mobile unit and a server In the illustrative embodiment, the mobile unit is adapted to receive biometπc input and provide a first signal in response thereto A first transceiver is included for transmitting the first signal and receiving a second signal in response thereto In an illustrative embodiment, a secure device is operationally coupled to the mobile umt The secure device has two modes of operation a first locked mode by which access thereto is prohibited and a second unlocked mode b\ which access thereto is enabled on receipt of the second signal
The server unit includes a second transceiver for receι\ ing the first signal transmitted via the wireless link The server is equipped with a system for authenticating the biometric data and providing the second signal in response thereto The second signal is then communicated to the mobile unit where it is utilized to access the secure device
In the illustrati\ e embodiment, the first and second transceivers are adapted to operate in accordance with the Bluetooth specification Preferably, the mobile unit is adapted to encrypt the first signal and decrypt the second signal In the illustrative implementation, biometπc input is provided by a fingerpπnt sensor mounted on a Personal Digital Assistant The secure device in the illustrative implementation is an encrypted database for which the second signal is a decryption key
BRIEF DESCRIPTION OF THE DRAWINGS
Fig la is a perspective front view of an illustrative implementation of a PDA adapted for use in accordance with the teachings of the present invention
Fig lb is a perspective rear view thereof
Fig 2 is a block diagram of an illustrative implementation of a mobile unit subsystem constructed m accordance with the present teachings Fig 3 is a block diagram of an illustrative implementation of a server subsystem for use in the system for secure biometric identification of the present invention Fig 4 is a flow diagram illustrative of a method for secure biometπc identification implemented in accordance w ith the teachings of the present invention
DESCRIPTION OF THE INVENTION
Illustrative embodiments and exemplary applications will now be descπbed with reference to the accompanying drawings to disclose the advantageous teachings of the present invention
While the present invention is described herein with reference to illustrative embodiments for particular applications, it should be understood that the invention is not limited thereto Those having ordinary skill in the art and access to the teachings provided herein will recognize additional modifications, applications, and embodiments within the scope thereof and additional fields in which the present invention would be of significant utility
As mentioned above, and in accordance w ith the present teachings, the inventive system includes a mobile unit and a server In the illustrative embodiment, the mobile unit is a Personal Digital Assistant (PDA) adapted to receive biometric input from a fingerprint sensor and provide a first signal in response thereto Personal Digital Assistants are well known and widely used
Fig la is a perspective front view of an illustrative implementation of a PDA adapted for use in accordance with the teachings of the present invention Fig lb is a perspective rear view thereof In the preferred embodiment, the PDA is implemented in accordance with the teachings of copendmg U S Application No 09/531 ,859, filed on March 21 , 2000, entitled "SYSTEM AND METHOD FOR SECURE USER IDENTIFICATION WITH BLUETOOTH ENABLED TRANSCEIVER AND BIOMETRIC SENSOR IMPLEMENTED IN A HANDHELD COMPUTER", inventor Martin Morns, (Atty Docket No WTDC-01 1), which teachings are hereby incorporated herein by reference As disclosed in the reference application, in the best mode the PDA 10 is equipped with an expansion slot 12 such as the Vιsortπι Handheld Computer manufactured and sold by Handspnng and disclosed more fulh at w w w handspnna com As shown in Fig lb, the expansion slot 12 is adapted to receive a card 14 on which a biometπc device, in the illustrate e embodiment - a fmgerpπnt sensor 16, is disposed In addition, in accordance with the present teachings, a transceiver 22 is also disposed on the card 14 In the preferred embodiment, the transceiver 22 is adapted to operate in accordance with the BLUETOOTH SPECIFICATION VERSION 1 0A CORE, published in July 1999 When the card is inserted into the expansion slot, it interfaces electπcally with the system bus of the PDA and provides an electπcal circuit depicted in Fig 2
Fig 2 is a block diagram of an illustrative implementation of a mobile unit subsystem constructed m accordance with the present teachings The mobile unit subsystem 20 includes the wireless transceiver 22 which is adapted to communicate with a central processing unit (CPU) 26 of the PDA The central processing unit 26 receives biometric data from the fmgerpnnt sensor 28 In accordance with the present teachings, data from the fmgerpnnt sensor 28 is encrypted in either m software 30 adapted to run on the CPU 26 and/or m optional hardware 32 Encryption hardware and software are well known m the art The control software 30 also enables the CPU 26 to selectively access and control the mobile unit components via a system bus shown generally at 38
The encrypted biometric data is either used locally to access an encrypted database 34 or, preferably, transmitted over a link such as a wireless link to a server subsystem via the transceiver 22 and antenna 24 The server subsystem is depicted m Fig 3
Fig 3 is a block diagram of an illustrative implementation of a server subsystem for use m the system for secure biometnc identification of the present invention The encrypted biometπc data signal is received by a server antenna 42 and a second wireless Bluetooth enabled transceiver 44
The received signal is decrypted by an optional conventional hardware based decryption circuit 46 and/or by decryption software implemented m control software 48 adapted to run on a server CPU 50 Those skilled in the art will appreciate that the decryption scheme utilized on the server is designed to match that of the mobile unit 20 In the preferred embodiment, the RSA public key encryption scheme is used This scheme is disclosed more fully in U S Patent No 4,405,829 entitled Cryptograpgic Communications System & Method, issued 9/29/83 to Rivest, et al the teachings of which are incorporated herein by reference The server control software also controls the CPU 50 to selectively access and control the components of the server subsystem 40 via a server subsystem bus shown generally at 51
In accordance with the present teachings, the decrypted biometπc data, in the illustrative implementation, the decrypted fmgerpnnt. is compared by fmgerpnnt matching software 52 to a database 54 of biometπc data, l e , fingerpnnts Fmgerpnnt matching software is well known in the art Such software may be purchased from Vendicom, Inc of Santa Clara, CA
When a match is achieved, a user is identified and an authentication key specific to the identified mobile user is retneved from an encryption key database by the CPU 50 via the bus 51 In the preferred embodiment, the retneved encryption key is encrypted by the resident encryption scheme either by the hardware unit 46, if provided, and/or by the encryption software implemented in the control software 48 The encrypted encryption key is then transmitted back to the mobile unit 20 via the wireless link through the transceiver 44 and antenna 42 As an alternative, the encrypted encryption key may be provided to a network 59 via a first network interface card or circuit 58 and a second network interface card or circuit 66 The network 59 facilitates the communication of the encrypted encryption key to the mobile unit 20 via a wireless transceiver 62 and an antenna 64 This configuration may be prefened if the second antenna 64 is closer to the mobile unit 20 In addition, those skilled in the art will appreciate that the inventive system can be implemented such that the encrypted biometric data is transmitted from a first PDA 20 and the encrypted encryption key or other information is sent to a second mobile unit or over a netw ork to a second server or network of de\ ices Returning to Fig 2, on receipt of the encrypted encryption key from the server subsystem 40 via the antenna 24 and the wireless transceiver 22, the mobile unit CPL 26 decrypts the encrypted key using the resident software and/or hard are decryption facility 30 and 32, respectively The decrypted encryption key is then used by the CPU 26 to access a secure device In an illustrative embodiment, the secure device is an encrypted database 34 mounted on the mobile unit Those skilled m the art will appreciate that the secure de\ιce need not be mounted on the mobile unit 20 As an alternative, the secure device may be coupled to the mobile unit via the wireless link In any event, the secure device, 1 e , database 34, has tw o modes of operation a first locked mode by which access thereto is prohibited and a second unlocked mode by which access thereto is enabled on receipt of the decrypted encryption key For optimal security, the decryption key for the encrypted database 34 should not be stored on the mobile unit On receipt of the decrypted decryption key, a working copy 36 of the encrypted database 34 is created
Fig 4 is a flow diagram illustrative of a method for secure biometric identification implemented m accordance with the teachings of the present invention As shown in Figs 2, 3 and 4 when a user in possession of the mobile unit 20 wishes to access the secure device 34, he/she places a finger on the fmgerpnnt sensor 28 and starts the access control program 100
At step 104, the CPU 26 running the access control software 30 scans the fmgerpnnt from sensor 28 and, at step 106, encrypts it with the public key of the authentication server 40 by using the encryption software or hardware 30, 32 At step 108, the resulting encrypted message is sent to the server 40 via the transceiver 22 and antenna 24 on the mobile unit 20 and the antenna 42 and transceiver 44 of the server 40 As mentioned above, as an alternative, the encrypted fmgerpnnt is sent via the access point 60 and local or wide-area network 59 when the server 40 is not within direct radio range of the mobile unit 20
At step 1 10, when the authentication request is received at the server 40, the serv er CPU 50 decrypts the message using its secret key and the encryption hardware and/or software 46 and 48, respectively
At step 1 12, the CPU 50 then utilizes the fingerprint match software 52 to compare the decrypted fingerprint to the database of authorized fingerprints 54 to determine if the request is valid
If the request is valid, then, at step 1 14. the decryption key for the user's encrypted database 34 (Fig 2) is retrieved from the key database 56
At step 1 16, the key is encrypted via the encryption hardware or software 46, 48 (Fig 3) and, at step 118, sent back to the mobile unit 20 via the same path from which the request was originally received
At the mobile unit 20, at steps 122 and 124, the key is received and decrypted At step 126, the retneved key used to make a temporary working copy 36 of the encrypted database 34
At step 128 this temporary copy 36 is either read or edited If edited, then at step 130 the edited working copy is deleted or rewntten to encrypted form as soon as the user completes his operation Thus, the present invention has been descπbed herein with reference to a particular embodiment for a particular application Those having ordinary skill in the art and access to the present teachings will recognize additional modifications applications and embodiments within the scope thereof It is therefore intended by the appended claims to cover any and all such applications, modifications and embodiments within the scope of the present invention.
Accordingly,

Claims

WHAT IS CLAIMED IS
1 A system for secure biometric identification comprising first means for recei ing biometπc input and providing a first signal m response thereto, second means for transmitting said first signal and receiving a second signal in response thereto, and third means operationally coupled to said second means for disabling access to a resource m a first locked mode of operation and enabling access to said resource in a second unlocked mode of operation on receipt of said second signal
2 The invention of Claim 1 further including means for encrypting said first signal
3 The invention of Claim 1 wherein said first means is a fmgerpnnt sensor
4 The invention of Claim 1 further including means for decrypting said second signal
5 The invention of Claim 1 wherein said second means is a wireless transceiver
6 The invention of Claim 5 wherein said second means is a transceiver adapted to operate m accordance with a Bluetooth specification
7 The invention of Claim 1 wherein said third means is a database
8 The invention of Claim 7 wherein said database is encrypted and said second signal is a key for decrypting same to provide a decrypted database
9 The invention of Claim 8 further including means for providing a working copy of said decrypted database
10 The invention of Claim 1 further including a processor connected to said first, second and third means
11 The invention of Claim 10 wherein said processing unit is a central processing unit.
12 The invention of Claim 11 further including software for controlling said central processing unit to sequentially activate said first, second and third means
13. A mobile unit for use m a system for secure biometric identification compnsmg a biometnc sensor, a central processing unit coupled to said biometric sensor, software running on said central processing unit, a transceiver coupled to said sensor, and a device coupled to said transceiver, said device having two modes of operation, a first locked mode by which access thereto is prohibited and a second unlocked mode by which access thereto is enabled on receipt of a signal from said transceiver.
14. A server unit for use m a system for secure biometπc identification compnsmg. first means for receiving biometnc data via a wireless link, second means for authenticating said biometnc data and providing a signal m response thereto, and third means for transmitting said signal via said wireless link
15 The inv ention of Claim 14 wherein said first means includes means for decrypting said biometπc data
16 The invention of Claim 14 wherein said second means includes a processor
17 The invention of Claim 16 wherein said processor is a central processing unit
18 The invention of Claim 17 wherein said second means includes a database of biometnc data
19 The invention of Claim 18 wherein said second means includes software adapted to run on said processor and match said received biometπc data with biometnc data stored in said database
20 The invention of Claim 19 wherein said second means further includes a database of encryption keys
21 The invention of Claim 20 wherein said second means outputs said signal on identification of a match of said received biometnc to biometnc data stored in said database by said processor
22 The invention of Claim 21 wherein said signal is a key from said database of encryption keys
23 The invention of Claim 16 wherein said first and said third means is a wireless transceiver 24 The invention of Claim 23 wherein said wireless transceiver operates m accordance with a Bluetooth specification
25 A system for secure biometnc identification compnsmg first means receiving biometnc input and providing a first set of biometπc data m response thereto, second means for transmitting a first signal representative of said biometnc data, third means for receiving said first signal and providing a second signal in response thereto, fourth means for authenticating said second signal and providing a third signal in response thereto, and fifth means for providing an fourth signal m response to said third signal
26 The invention of Claim 25 wherein said first means includes a fingerpπnt sensor
27 The invention of Claim 25 wherein said first means includes means for encrypting said biometπc data
28 The invention of Claim 25 wherein said second means is a wireless transmitter
29 The invention of Claim 28 wherein said second means is a transceiver
30 The invention of Claim 29 wherein said second means is a transceiver adapted to operate in accordance with a Bluetooth specification
31 The invention of Claim 25 wherein said third means is a wireless receiver 32 The invention of Claim 31 wherein said third means is a transceiver
33 The invention of Claim 32 wherein said third means is a transceiver adapted to operate in accordance with a Bluetooth specification
34 The invention of Claim 25 wherein said third means includes means for decrypting said first signal to provide said second signal
35 The invention of Claim 25 wherein said fourth means includes means for compaπng said second signal to at least one stored signal
36 The invention of Claim 35 wherein said fourth means includes a processor
37 The invention of Claim 36 wherein said fourth means includes means for stonng a second set of biometπc data
38 The invention of Claim 37 further including means for controlling said processor to compare said first set of biometnc data to said second set of biometπc data
39 The invention of Claim 38 wherein said means for controlling includes biometnc matching software
40 The invention of Claim 39 wherein said biometnc matching software is fmgerpnnt matching software
41 The invention of Claim 25 wherein said fifth means is a decryption key
42 The invention of Claim 41 wherein said fourth signal includes a public decryption key 43 The invention of Claim 42 further including a secure de\ ice m communication ith said second means
44 The invention of Claim 43 wherein said secure device is responsive to said decryption key
45 The invention of Claim 25 wherein said first and second means are mounted on a Personal Digital Assistant
46 A system for secure biometπc identification comprising a handheld computer enabled device, a fmgerpnnt sensor mounted on said device for pro\ ldmg a first set of biometnc data, means disposed on said device for encrypting said biometnc data, a first wireless transceiver mounted on said device for transmitting a first signal representative of said biometnc data, a second w ireless transceiver for receiving said first signal and providing a second signal m response thereto, means for decrypting said second signal to provide said first set of biometnc data, means for authenticating said first set of biometπc data and providing a third signal in response thereto, said means for authenticating including means for comparing said first set of biometπc data to plural second sets of biometnc data, means for providing a decryption key to said second means in response to said third signal, and a secure device in communication with said second means and responsive to said decryption key
47 The invention of Claim 46 wherein said first transceiver is a transceiver adapted to operate in accordance with a Bluetooth specification 48 The mv ention of Claim 46 wherein said second transceiver is a transceiver adapted to operate in accordance with a Bluetooth specification
49 The mv ention of Claim 46 wherein said means for compaπng includes biometπc matching software
50 The mv ention of Claim 49 wherein said biometπc matching softw are is fmgerpnnt matching software
51 The inv ention of Claim 46 wherein decryption key is a public decryption key
52 The in ention of Claim 46 wherein said handheld device is a Personal Digital Assistant
53 A system for secure biometnc identification comprising a computer enabled device, a biometnc sensor mounted on said dev ice, a first central processing unit in communication with said sensor, a first wireless transceiver mounted on said device and coupled to said first central processing unit, a second wireless transceiver in communication with said first wireless transceiver, a second central processing unit m communication with said second transceiver, software running on said second central processing unit for authenticating a signal transmitted by said first transceiver and received by said second transceiver and providing a decryption key in response thereto, a secure device mounted on said computer enable device and responsive to said decryption key 54 The invention of Claim 53 wherein said first transceiver is a transceiver adapted to operate m accordance with a Bluetooth specification
55 The invention of Claim 53 wherein said second transceiver is a transceiver adapted to operate m accordance with a Bluetooth specification
56 The invention of Claim 53 wherein decryption key is a public decryption key
57 The invention of Claim 53 wherein said handheld device is a Personal Digital Assistant
58 A method for secure biometπc identification including the steps of providing biometπc data from a first unit, transmitting a first signal from said first unit representative of said biometnc data via a wireless link, receiving said first signal at a second unit, and authenticating said first signal at said second unit and transmitting a second signal in response thereto via said wireless link
59 The invention of Claim 58 further including the step of using said second signal to access a secure resource
PCT/US2001/040332 2000-03-21 2001-03-20 System and method for secure biometric identification WO2001071462A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CA002369675A CA2369675A1 (en) 2000-03-21 2001-03-20 System and method for secure biometric identification
JP2001569590A JP2003529143A (en) 2000-03-21 2001-03-20 Security biometric identification system and method

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US53185900A 2000-03-21 2000-03-21
US09/531,859 2000-03-21
US09/531,720 2000-03-21
US09/531,720 US7284266B1 (en) 2000-03-21 2000-03-21 System and method for secure biometric identification

Publications (2)

Publication Number Publication Date
WO2001071462A2 true WO2001071462A2 (en) 2001-09-27
WO2001071462A3 WO2001071462A3 (en) 2003-05-15

Family

ID=27063619

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2001/008962 WO2001071671A2 (en) 2000-03-21 2001-03-20 System and method for secure user identification with bluetooth enabled transceiver and biometric sensor implemented in a handheld computer
PCT/US2001/040332 WO2001071462A2 (en) 2000-03-21 2001-03-20 System and method for secure biometric identification

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/US2001/008962 WO2001071671A2 (en) 2000-03-21 2001-03-20 System and method for secure user identification with bluetooth enabled transceiver and biometric sensor implemented in a handheld computer

Country Status (4)

Country Link
EP (1) EP1196896A2 (en)
JP (2) JP2003528407A (en)
CA (2) CA2369676A1 (en)
WO (2) WO2001071671A2 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1329855A1 (en) * 2002-01-18 2003-07-23 Hewlett-Packard Company User authentication method and system
GB2391992A (en) * 2002-08-12 2004-02-18 Domain Dynamics Ltd Method of authentication
WO2005018137A1 (en) * 2003-08-13 2005-02-24 Securicom (Nsw) Pty Ltd Remote entry system
EP1521158A1 (en) * 2003-08-07 2005-04-06 Fujitsu Siemens Computers GmbH Method for securing a computer system
EP1536380A1 (en) * 2003-11-06 2005-06-01 Alcatel Biometric access method
WO2006044026A1 (en) * 2004-10-12 2006-04-27 Snap-On Incorporated Hand-held diagnostic display unit including biometric characteristic security system
WO2007003939A2 (en) * 2005-07-05 2007-01-11 Christopher Knowles A method of and a system for authentication
CN103257826A (en) * 2013-05-17 2013-08-21 广东欧珀移动通信有限公司 Method and system for mobile terminal to achieve navigation key function based on fingerprint identification
GB2521614A (en) * 2013-12-23 2015-07-01 Arm Ip Ltd Controlling authorisation within computer systems
CN106022040A (en) * 2016-05-16 2016-10-12 深圳天珑无线科技有限公司 Mobile terminal and fingerprint identification-based operation method therefor

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20030079358A (en) * 2002-04-03 2003-10-10 한포테크 주식회사 The portable information terminal which the fingerprint recognition module is had built-in and that control method
CA2724292C (en) 2003-05-30 2014-09-30 Privaris, Inc. An in-circuit security system and methods for controlling access to and use of sensitive data
EP1751908B1 (en) 2004-05-10 2016-07-13 Koninklijke Philips N.V. Personal communication apparatus capable of recording transactions secured with biometric data
US9171133B2 (en) * 2013-10-11 2015-10-27 Landis+Gyr Innovations, Inc. Securing a device and data within the device
US9836637B2 (en) * 2014-01-15 2017-12-05 Google Llc Finger print state integration with non-application processor functions for power savings in an electronic device
CN107124506A (en) * 2017-04-12 2017-09-01 广东欧珀移动通信有限公司 Unlocking method, device and mobile terminal

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996018169A1 (en) * 1994-12-06 1996-06-13 Loren Kretzschmar Transaction verification apparatus & method
WO1998011750A2 (en) * 1996-09-11 1998-03-19 Yang Li Method of using fingerprints to authenticate wireless communications
WO1998012670A1 (en) * 1996-09-18 1998-03-26 Dew Engineering And Development Limited Biometric identification system for providing secure access
EP0935221A2 (en) * 1998-02-05 1999-08-11 Mitsubishi Denki Kabushiki Kaisha Remote authentication system
WO1999041876A1 (en) * 1998-02-11 1999-08-19 Telefonaktiebolaget Lm Ericsson (Publ) System, method and apparatus for secure transmission of confidential information
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
EP0986209A2 (en) * 1998-09-11 2000-03-15 Mitsubishi Denki Kabushiki Kaisha Remote authentication system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4405829A (en) 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US5222152A (en) * 1991-11-19 1993-06-22 Digital Biometrics, Inc. Portable fingerprint scanning apparatus for identification verification
US5625534A (en) * 1995-05-12 1997-04-29 Dell Computer Corporation Portable computer having a data card reader apparatus associated therewith
US6111977A (en) * 1997-04-17 2000-08-29 Cross Match Technologies, Inc. Hand-held fingerprint recognition and transmission device
DE29821644U1 (en) * 1998-12-04 1999-02-18 Stocko Metallwarenfab Henkels Authentication system for PC cards
DE29908783U1 (en) * 1999-05-19 1999-09-09 Me Technology Europ Gmbh Input device for business transactions

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996018169A1 (en) * 1994-12-06 1996-06-13 Loren Kretzschmar Transaction verification apparatus & method
WO1998011750A2 (en) * 1996-09-11 1998-03-19 Yang Li Method of using fingerprints to authenticate wireless communications
WO1998012670A1 (en) * 1996-09-18 1998-03-26 Dew Engineering And Development Limited Biometric identification system for providing secure access
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
EP0935221A2 (en) * 1998-02-05 1999-08-11 Mitsubishi Denki Kabushiki Kaisha Remote authentication system
WO1999041876A1 (en) * 1998-02-11 1999-08-19 Telefonaktiebolaget Lm Ericsson (Publ) System, method and apparatus for secure transmission of confidential information
EP0986209A2 (en) * 1998-09-11 2000-03-15 Mitsubishi Denki Kabushiki Kaisha Remote authentication system

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1329855A1 (en) * 2002-01-18 2003-07-23 Hewlett-Packard Company User authentication method and system
GB2391992A (en) * 2002-08-12 2004-02-18 Domain Dynamics Ltd Method of authentication
EP1521158A1 (en) * 2003-08-07 2005-04-06 Fujitsu Siemens Computers GmbH Method for securing a computer system
AU2004301168B2 (en) * 2003-08-13 2009-03-19 Cpc Patent Technologies Pty Ltd Remote entry system
WO2005018137A1 (en) * 2003-08-13 2005-02-24 Securicom (Nsw) Pty Ltd Remote entry system
AU2009201293B2 (en) * 2003-08-13 2012-09-27 Cpc Patent Technologies Pty Ltd Remote entry system
US8266442B2 (en) 2003-08-13 2012-09-11 Securicom (Nsw) Pty Ltd Remote entry system
EP1536380A1 (en) * 2003-11-06 2005-06-01 Alcatel Biometric access method
WO2006044026A1 (en) * 2004-10-12 2006-04-27 Snap-On Incorporated Hand-held diagnostic display unit including biometric characteristic security system
WO2007003939A3 (en) * 2005-07-05 2007-05-31 Christopher Knowles A method of and a system for authentication
WO2007003939A2 (en) * 2005-07-05 2007-01-11 Christopher Knowles A method of and a system for authentication
CN103257826A (en) * 2013-05-17 2013-08-21 广东欧珀移动通信有限公司 Method and system for mobile terminal to achieve navigation key function based on fingerprint identification
GB2521614A (en) * 2013-12-23 2015-07-01 Arm Ip Ltd Controlling authorisation within computer systems
US10482234B2 (en) 2013-12-23 2019-11-19 Arm Ip Ltd Controlling authorization within computer systems
GB2521614B (en) * 2013-12-23 2021-01-13 Arm Ip Ltd Controlling authorisation within computer systems
CN106022040A (en) * 2016-05-16 2016-10-12 深圳天珑无线科技有限公司 Mobile terminal and fingerprint identification-based operation method therefor

Also Published As

Publication number Publication date
EP1196896A2 (en) 2002-04-17
WO2001071671A3 (en) 2002-02-14
JP2003528407A (en) 2003-09-24
JP2003529143A (en) 2003-09-30
WO2001071462A3 (en) 2003-05-15
WO2001071671A2 (en) 2001-09-27
CA2369676A1 (en) 2001-09-27
CA2369675A1 (en) 2001-09-27

Similar Documents

Publication Publication Date Title
US20080039140A1 (en) System and method for secure biometric identification
US8098129B2 (en) Identification system and method of operating same
US10142114B2 (en) ID system and program, and ID method
US7805614B2 (en) Secure local or remote biometric(s) identity and privilege (BIOTOKEN)
US7624280B2 (en) Wireless lock system
US20050221853A1 (en) User authentication using a mobile phone SIM card
US7178034B2 (en) Method and apparatus for strong authentication and proximity-based access retention
EP1801721B1 (en) Computer implemented method for securely acquiring a binding key for a token device and a secured memory device and system for securely binding a token device and a secured memory device
US9286742B2 (en) User authentication system and method
US8880036B2 (en) Retrieving data wirelessly from a mobile device
US7561691B2 (en) System and method for providing secured access to mobile devices
EP1278333B1 (en) Terminal communication system
WO2001071462A2 (en) System and method for secure biometric identification
US20050149745A1 (en) Encryption/decryption system, encryption/decryption equipment, and encryption/decryption method
EP1379930B1 (en) Security method for transferring shared keys
JPH1075489A (en) Secrecy access system
KR20030074483A (en) Service providing system in which services are provided from service provider apparatus to service user apparatus via network
US20070136604A1 (en) Method and system for managing secure access to data in a network
JP2006190175A (en) Rfid-use type authentication control system, authentication control method and authentication control program
US20050250472A1 (en) User authentication using a wireless device
KR101978232B1 (en) Vehicle Door-Lock Locking Control Method by Using Smart Key Based on BAN and System thereof
JP2001236325A (en) Individual identification system and its using method
WO1998007249A1 (en) Controlled access system and method
RU2274899C2 (en) Portable device and method for accessing device activated by key data
KR20020004368A (en) Operating method of computer system using electronic authentication system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): CA CN DE FI GB JP MX SE

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

ENP Entry into the national phase in:

Ref document number: 2369675

Country of ref document: CA

Ref country code: CA

Ref document number: 2369675

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 2001927418

Country of ref document: EP

ENP Entry into the national phase in:

Ref country code: JP

Ref document number: 2001 569590

Kind code of ref document: A

Format of ref document f/p: F

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWW Wipo information: withdrawn in national office

Ref document number: 2001927418

Country of ref document: EP