WO2002032308A1 - Biometrics authentication system and method - Google Patents

Biometrics authentication system and method Download PDF

Info

Publication number
WO2002032308A1
WO2002032308A1 PCT/SG2000/000177 SG0000177W WO0232308A1 WO 2002032308 A1 WO2002032308 A1 WO 2002032308A1 SG 0000177 W SG0000177 W SG 0000177W WO 0232308 A1 WO0232308 A1 WO 0232308A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
biometric data
mic
encryption
encryption key
Prior art date
Application number
PCT/SG2000/000177
Other languages
French (fr)
Inventor
Weimin Huang
Jiankang Wu
Chian Prong Lam
Original Assignee
Kent Ridge Digital Labs
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kent Ridge Digital Labs filed Critical Kent Ridge Digital Labs
Priority to PCT/SG2000/000177 priority Critical patent/WO2002032308A1/en
Publication of WO2002032308A1 publication Critical patent/WO2002032308A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/38Individual registration on entry or exit not involving the use of a pass with central registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the invention relates to a system and method for restricting physical and/or logical access, and more particularly to a secure system and method for authenticating biometric data which prevents authentication of biometric data captured outside the system and reuse of biometric data captured within the system after a single authentication attempt.
  • biometric data corresponding to an individual 150 is captured on-line, on a biometric data capture device 140 connected to a client 130, and then sent to an authentication server 110 together with auxiliary data, for example the customer's birthday, address, banking account information, etc.
  • the server Upon receiving the biometric data, the server compares the received biometric data against biometric data previously stored in the database 120. If the received biometric data match stored biometric data, then the server authenticates the individual, who thereby gains access to the information or location guarded by the system.
  • the network connection between the client and server may not be secure. There is a need for a secure link between the client and server to prevent access to these communications by Unauthorized persons.
  • the client itself must be very secure. Otherwise, someone may use biometric data captured previously or elsewhere for authentication.
  • the capturing device may be susceptible to tampering, and the link between the capturing device and client is ulnerable.
  • U.S. Patent No. 5,933,625 discloses a unique time generating device incorporated in a computer and a device allowing sequentially manufactured computers incorporating such a unique lime generating device to authenticate each other over a network.
  • Each unique time generating device accumulates elapsed time in unit increments from a starting point which is different for each time generating device, where the starting point assigned to each unique time device is different by a predetermined interval. Using this device, mutual authentication can be achieved on the basis of the accumulated time by each computer.
  • the unique time data can also be used as a single-use password.
  • a previously stored PIN is accessed from a data file.
  • the server By applying the same encryption algorithm to the previously stored PIN and the random number transferred from the client, the server generates a new user identifier code, which it compares to that received from the client. A match indicates an authorized user,
  • a dynamic identifier code dependent on the random number generated by the client, is used to obviate the need for transferring the PEN to the server.
  • the user PIN may be forgotten, stolen, damaged or lost. In such a case, a fraudulent user identifier code can be generated.
  • Another method for achieving secure transmission of information is the use of a one-time encryption key (session key), as disclosed in Canada Patent Nos. 1,340,092 and 2,236,406.
  • Canada Patent No. 2,105,404 uses biometric information as part of the "seed" for generating a token, with other information such as time-varying information (e.g. the time of day) or a fixed code (e.g. PIN).
  • time-varying information e.g. the time of day
  • fixed code e.g. PIN
  • the token is then communicalcd to a host system or access device to determine whether access to the host is permitted
  • the host must be synchronized With the security mechanism so that the time varying code is identical
  • U S Patent No 5,343,529 uses a server-generated request identifier that is specific to each transaction to ensure that access information is different foi each transaction
  • the servei sends the request identifier to the client requesting access and retneves a user identifier from a database
  • authentication code generators at the client and at the server independently generate an authentication code If the server and client authentication codes match, the server permits access
  • the user identifier is obtained by someone other than the corresponding user, fraudulent access can be gained
  • such a method cannot be used in an authentication system based on verification of biomet ⁇ c data because the irreversible transformation Will not generate the same code for different biomet ⁇ c data samples, as explained in the following
  • the irreversible transformation is applied to bit st ⁇ ngs of the biometnc data If the bit st ⁇ ngs are different, the irreversible transform results Will also be different Biomet ⁇ cs samples, even for a single personal characte ⁇ s
  • U S Patent No 5,870,723 provides a token-less biomet ⁇ c commercial transaction autho ⁇ zation method and system It uses a message sequence number, incremented each time a message is sent from a biomet ⁇ c input apparatus (BIA), to indicate each separate attempt to use the device It also uses a transmission code comp ⁇ sing a hardware identification code together with the incrementing sequence number to identify the sending BIA and to detect resubm ⁇ ssion attacks.
  • the system disclosed in this reference is not readily adapted to use as a multi-purpose device.
  • the present invention presents a solution to the security holes inherent in prior art systems and methods of user authentication.
  • the present invention includes a system and method of authenticating biometric data.
  • An embodiment of the method according to the present invention comprises encrypting a First session key with a first encryption key (EK), receiving and decrypting the first session key using a second EK, capturing biometric data (BD) corresponding to a user, encrypting the captured BD using a second session key, receiving and decrypting the encrypted captured BD using the first session key, comparing the captured BD and previously stored BD and verifying that an elapsed time between transmission of the first session key and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first session key.
  • EK encryption key
  • BD biometric data
  • Another embodiment of the method according to the present invention comprises encrypting a first message identification code (MIC) with a first encryption key, receiving and decrypting the first MIC using a second encryption key, capturing BD corresponding to a user, encrypting the captured BD and a second MIC using the second encryption key, receiving and decrypting the encrypted captured BD and second MIC using the first encryption key, comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and verifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first MIC.
  • MIC message identification code
  • Another embodiment of the method according to the present invention comprises encrypting a first MIC with a first at least a portion of a first encryption key, receiving and decrypting the first MIC using a second at least a portion of the first encryption key, capturing BD corresponding to a user, encrypting the captured BD and a second MIC using a first at least a portion of a second encryption key, receiving and decrypting the encrypted captured BD and second MIC using a second at least a portion of the second encryption key, comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and erifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first MIC.
  • An embodiment of a system for authenticating biometric data comprises a secure server, a database connected to the server for storing first biometric data corresponding to a unique user identification code (ID), a client connected to the server, and a biometric data capture device (BCD) connected to the client for capturing second biometric data from a user, wherein the BCD consists of an integrated hardware unit.
  • ID unique user identification code
  • BCD biometric data capture device
  • a biometric data capture device serial number (BCDN) and a shared symmetric key or a private key associated with the BCD are stored in a memory internal to the BCD and can be read by an encryption module internal to the BCD and authorized personnel but cannot be modified by external intervention.
  • BCDN biometric data capture device serial number
  • a shared symmetric key or a private key associated with the BCD are stored in a memory internal to the BCD and can be read by an encryption module internal to the BCD and authorized personnel but cannot be modified by external intervention.
  • the BCDN and shared symmetric key or private key are destroyed by overwriting the locations in memory in which they are stored when an unauthorized user opens the BCD.
  • the present invention also includes a system and method of verifying live capture of biometric data.
  • An embodiment of the method of verifying live capture of biometric data according to the present invention comprises capturing a sequence of characteristic feature inputs by a user, extracting from the sequence a time-varying property of the characteristic feature inputs wherein said time-varying property is known to evolve in a predictable manner, and comparing the evolution of the time-varying property against a predictive model
  • the system of verifying live capture of biometric data according to the present invention comprises a biometric sensor for capturing a characteristic feature of a user, a sensor driver for acquiring biometric data corresponding to the user and means for verifying live capture of the biometric data.
  • the present invention also includes a method of preventing re-use of captured biometric data.
  • An embodiment of the method comprises generating a first session key, using the first session key to decrypt encrypted captured biometric data, and destroying the first session key.
  • a further embodiment of the method comprises generating a first message identification code, decrypting encrypted captured biometric data and a second message identification code, and destroying the first message identification code.
  • the present invention further includes a method of registering a BCD and a method of registering a user of an authentication system.
  • An embodiment of the method of registering a BCD according to the present invention comprises assigning an encryption key to the BCD, writing a first at least a portion of the encryption key and a BCDN corresponding to the BCD into a database, and writing a second at least a portion of the encryption key and BCDN into a memory internal to the BCD.
  • An embodiment of the method of registering a BCD according to the present invention comprises assigning an ID to the user, capturing live biometric data for the user, storing the biometric data and associated ID in a database, and defining a list of applications to which the user is authorized access.
  • FIG. 1 shows an authentication system typical of the prior art
  • FIG. 2 shows an authentication system according to the invention.
  • FIG. 3 shows an example of an authentication method according to the invention.
  • the invention generally concerns a secure user authentication system and method based on verification of biometric information unique to the user for restricting physical access to locations and/or logical access to information, wherein potential fraudulent use of the system is thwarted by preventing the biometric information from being used more than once,
  • the system includes a tamper resistant biometric data capture device which may further include a module which verifies that only biometric data captured live may be used to authenticate a user seeking physical or logical access.
  • the invention is a secure solution to the security holes inherent in prior art systems and methods of user authentication. An example of a user authentication system according to the present invention is shown in FIG. 2.
  • the system comprises a secure server 210, a database 220 connected to the server, a client 230 connected to the server, and a biometric data capture device (BCD) 240 connected to the client.
  • the server 210 controls access to a location, for example a building or safe ("physical access") or to information, for example a bank or computer account or a computer file ("logical access").
  • the server itself is made secure by safeguarding it by some physical means, for example placing it in a location to which access is strictly limited, and/or digital means, for example a digital firewall. Other methods of securing the server Will be evident to those skilled in the art.
  • the server comprises a random number generator 212 for generating a request number (RN) 214 which serves as a session key or a current message identification code, a communication module 216, comprising communication hardware, for example a modem, and associated software, for example a modem driver, an encryption module 218 which performs encryption and decryption functions, and a server memory (not shown).
  • RN request number
  • the encryption and decryption algorithms executed by the encryption module are well known in the art and may be resident on one or more application specific integrated circuits (ASIC).
  • ASIC application specific integrated circuits
  • ECC elliptic curve cryptosystems
  • the server database stores information relevant to the authentication process, for example a BCD serial number (BCDN) 222 unique to each BCD, an encryption key (EK) 224 corresponding to each BCD, a user identification code (ED) 226 unique to each user, and biometric data (BD) 228 corresponding to each ED, previously captured by a BCD.
  • the EK may take the form of any number of encryption keys known in the art, for example a shared symmetric key or a public key pair comprising a public key and corresponding private key.
  • the public key of a public key pair is assumed to be accessible to all, while access to the corresponding private key is restricted, and there is a trusted third party which issues a public key certificate indicating the entity (e.g.
  • the EK is shared by both the server and the BCD
  • the server stores its own private key and a public key corresponding to the BCD's p ⁇ vate key
  • the BCD stores its own private key and a public key corresponding to the seivcr's p ⁇ vate key
  • the database may be resident as data on a memory device internal to the server or as a data file on a peripheral memory device, for example a disk d ⁇ ve, CD ROM, etc
  • the user identification code may be a st ⁇ ng of nume ⁇ c or alphanume ⁇ c characters
  • the client 230 is an interface between the server and the BCD, allowing data, for example an ED, BCDN, or request for authentication, to be input into the system by a user 250
  • the client also allows the transmission of encrypted messages back and forth between the server and the BCD
  • servers and clients within the scope of the invention include financial systems such as the existing ATM networks, stock exchange systems, database systems, secu ⁇ ty systems, and general purpose computer networks, where the server stores valuable information and a client may be a terminal through which a user can access the server to effectuate desired operations and/or transactions
  • financial systems such as the existing ATM networks, stock exchange systems, database systems, secu ⁇ ty systems, and general purpose computer networks
  • a client may be a terminal through which a user can access the server to effectuate desired operations and/or transactions
  • a large number of servers, clients, and server databases adapted for use With biomet ⁇ c information authentication are known m the art, and all are within the scope of the invention
  • the BCD 240 captures biomet ⁇ c information from the user seeking authentication, such as one or more fingerp ⁇ nts, a facial image, voice pattern, image of the retina or ins, etc , and transmits and receives this and other information through the client to and from the server
  • the BCD is an integrated hardware apparatus
  • the device compnses a biometric data acquisition module 242, a communication module 244, an encryption module 246, and a memory 248
  • the biomet ⁇ c data acquisition module 242 compnses a biometnc sensor and an associated software dnver for captunng data
  • a number of biomet ⁇ c sensors and associated dnvers are known in the art, for example video cameras for recording facial images, fmgerp ⁇ nt scanners, ins/retinal scanners, and voice recording systems All are within the scope of the invention
  • the communication module 244 compnses communication hardware, for example a modem, and associated software, for example a modem dnver
  • the encryption module 246 performs encryption and
  • the EK may take the form of any number of encryption keys known in the art, for example a shared symmetric key or the private key of a public key pair,
  • the BCDN and EK can be re-written by an authorized party such as a system administrator or repair technician.
  • the BCDN and EK can be rewritten by such external intervention but are readable only by the encryption module. If the BCD is opened by an unauthorized party, the EK and BCDN will be destroyed by erasing them from the memory. This can be achieved by a re-write routine triggered by the opening of the BCD: upon opening, a memory write routine is triggered, causing zeros or random numbers, for example, to be written into the memory locations of the BCDN and EK.
  • the biometric data acquisition module 242 is preferably designed to ensure that the biometric data is captured live, in real time, as part of the authentication process. This is achieved by verifying the characteristics of a sequence of biometric images as a person allows his or her biometric data to be captured by the biometric sensor. For example, as the person places his or her finger on the scanner, a sequence of images is captured. It has been observed that the captured image changes within the sequence. Because of the elasticity of the finger, the traces of the feature points possess an identifiable characteristic. The variation between the image features of different frames can be calculated to indicate whether the biometric trait has been captured live. For fingerprint capturing, several of the sensors known in the art are designed to detect only fingerprint images captured live.
  • a user seeking physical or logical access through a client must be the same person whose biometric data is captured by the biometric sensor.
  • the user initiates the authentication process for physical or logical access at a client by entering his or her ID (305).
  • the server, through the client may prompt the user to input his or her ED.
  • the BCDN may already be known to the client.
  • the server, through the client may prompt the user to input the BCDN.
  • the server receives the ID and BCDN from the client (310).
  • the server through the client, prompts the user to input live biometric data into the BCD (315).
  • the server retrieves from the database the EK, which may be any known encryption key, for example a shared symmetric key or the public key of a public key pair, corresponding to the received BCDN (320) and generates a random first RN as a session key or a message identification code (325), which is stored in the server memory.
  • the server encrypts the first RN using the EK (330) and transmits the encrypted first RN to the BCD through the client (335).
  • a time index indicating the time at which the encrypted first RN was transmitted to the BCD is recorded by the server in the server memory or server database for future reference (340).
  • the BCD receives and decrypts, using the EK resident in the BCD memory, for example a shared symmetric key or the private key of a public key pair, the encrypted first RN (345), captures biometric data (BD) from the user (350), and stores in memory a time index indicating the time at which the BD was captured (355).
  • the BCD then encrypts the BD, the time index, and auxiliary data in an encrypted message using a second RN generated from the first RN as a session key (360).
  • the BCD employs the shared symmetric key or the public key of a public key pair corresponding to the server to encrypt the BD, time index, auxiliary data and a second RN generated from the first RN.
  • the BCD then transmits the encrypted message through the client to the server (365).
  • the data items and their order in the encrypted message are preferably pre-defined among the server and all capturing devices linked to the server.
  • the server receives and decrypts the encrypted message from the BCD (370), using the first session key (retrieved from the server memory) if the first RN is used as a session key, or an encryption key, if the first RN is used as a message identification code.
  • the encryption key may be the shared symmetric key or the private key of the server's public key pair.
  • the server then retrieves previously stored biometric data corresponding to the ED from the database (375).
  • the server compares the retrieved BD against the BD received from the BCD to determine whether there is a match (380) and calculates the elapsed time between the transmission time index and the capture time index to determine whether a time-out criterion has been violated (385), If there is a match and if there is no violation of the time-out criterion (390), then the server authenticates the user, who thereby gains physical or logical access as appropriate (395). The server subsequently deletes the first RN (399). Alternatively, if the first RN is used as a message identification code, the server will also compare the second RN (received from the BCD) against the first RN (retrieved from the server memory). Authentication of the user will then occur only if, in addition to the two requirements previously described, the first and second RN also match.
  • the server does not keep a record of session keys for future reference. Systematically deleting the session key ensures that the biometric data cannot be decrypted after the time set by the time-out criterion, and that within the time window set by the time-out criterion, only the server can decrypt the biometric data and authenticate the user. Thus, the biometric data is used only once within this very short period.
  • the RN is used as a message identification code
  • automatic deletion of the RN assures that the server can not match a RN received from the BCD with a RN retrieved from the server memory after the RN has been used once or after a time interval which may be made as short as is practical given the time delays inherent in information transfer among the various components of the system during a single authentication operation.
  • the biometric data associated with the RN is used only once.
  • Registration of the BCD must be executed in a very secure way by an authorized individual (registrar), for example a system administrator or technician, who is responsible for certifying the integrity of the entire authentication system.
  • An exemplary registration process may be described as follows: The registrar verifies the structural integrity of the BCD to confirm that it has not been subject to tampering.
  • the registrar then reads the BCDN Written on an external surface of the BCD and assigns a unique EK, either a shared symmetric key or a public key pair, to the BCD, The registrar then writes the BCDN and corresponding at least a portion of the EK (shared symmetric key or public key of the public key pair assigned to the BCD) into the sever database and the shared symmetric key or the public key pair into the BCD memory.
  • Registration of authentication system users may effected by the system administrative staff according to the following exemplary method:
  • the staff assigns a user name or identification number, which may be entirely numeric or alphanumeric in content, to each user.
  • Live biometric data for each user is then captured using a registered BCD.
  • the biometric data and associated ID are stored in the server database.
  • the staff defines a list of applications, for example physical locations or files of information to which the user is authorized access upon authentication, and stores this information in the server database with the associated ID and biometric data.
  • the system and method of the invention provide a number of levels of security against fraudulent access.
  • the BCDN and the EK ensure that only registered devices capture the biometric data, e.g. a registered fingerprint live-scanner captured the fingerprint image. Live biometric data ensure that only authorized individuals gain access.
  • the request number session key and/or message identification code ensure that only the current message can be used only for the current authentication request.
  • the time-out criterion reduces the time window during which fraudulent access can be attempted.
  • any authentication request from an open network (that is, without passing through a registered BCD) will be denied. Any authentication request made using static biometric data not captured live will also be denied. Moreover, an encrypted message intercepted during transmission between the BCD and the server cannot be reused because no corresponding request number session key will be found at the server to decrypt the message or no message identification code will be available for verification of the current message.

Abstract

A method of identifying redundant email messages and removing the redundant messages from a user's message file. More particularly, to identify redundant messages, there is described a method of copying messages stored in a message file into two different arrays and cleansing one of the arrays so as to remove formatting and header information. These cleansed messages may then be compared to determine whether a particular message is wholly repeated in any other. Messages that are found to be repeated are removed from the other array. The messages remaining in the other array may then be substituted for the messages in the user's message file, resulting in a minimized message file. The method may also be applied to newsgroup postings.

Description

KIOMETRICS AUTHENTICATION SYSTEM AND METHOD
TECHNICAL FIELD OF THE INVENTION
The invention relates to a system and method for restricting physical and/or logical access, and more particularly to a secure system and method for authenticating biometric data which prevents authentication of biometric data captured outside the system and reuse of biometric data captured within the system after a single authentication attempt.
BACKGROUND OF THE INVENTION
A typical system according to the prior art using biometric data to control physical or logical access may be described with reference to FIG. 1. First, biometric data corresponding to an individual 150 is captured on-line, on a biometric data capture device 140 connected to a client 130, and then sent to an authentication server 110 together with auxiliary data, for example the customer's birthday, address, banking account information, etc. Upon receiving the biometric data, the server compares the received biometric data against biometric data previously stored in the database 120. If the received biometric data match stored biometric data, then the server authenticates the individual, who thereby gains access to the information or location guarded by the system.
In such a system, there can be several security holes: First, the network connection between the client and server, if any, may not be secure. There is a need for a secure link between the client and server to prevent access to these communications by Unauthorized persons. Second, the client itself must be very secure. Otherwise, someone may use biometric data captured previously or elsewhere for authentication. Third, the capturing device may be susceptible to tampering, and the link between the capturing device and client is ulnerable.
A number of prior art systems and methods have been proposed for controlling physical access to restricted locations and logical access to restricted information. U.S. Patent No. 5,933,625 discloses a unique time generating device incorporated in a computer and a device allowing sequentially manufactured computers incorporating such a unique lime generating device to authenticate each other over a network. Each unique time generating device accumulates elapsed time in unit increments from a starting point which is different for each time generating device, where the starting point assigned to each unique time device is different by a predetermined interval. Using this device, mutual authentication can be achieved on the basis of the accumulated time by each computer. The unique time data can also be used as a single-use password. The identification and authentication of a computer or a device is based upon the presence and function of the unique time generating device. Therefore, the security of the system is based on the security of the computer. Anyone who acquires a computer containing such a unique time generating device can perform the authorized actions. Such computer authentication cannot be confused with personal authentication. Moreover, U.S. Patent No. 5,933,625 does not concern use of biometric data for personal authentication.
It is known in the prior art to authenticate a user by means of an article the user has in his or her possession, for example an access card, or by means of information known to the user, for example a personal identification number (PIN), for access to buildings, bank accounts and network computer accounts. Such authentication methods are usually used either in a secure or closed environment for example the existing bank automatic teller machine (ATM) system, or for access to locations or information that do not require high security. Canada Patent No. 1 , 149,484 discloses a method and apparatus for securing data transmissions. According to the disclosure, a user's PIN and a random number generated at the client are encrypted to form a user identifier code which is transmitted along with the random number to a server for comparison. At the server, a previously stored PIN is accessed from a data file. By applying the same encryption algorithm to the previously stored PIN and the random number transferred from the client, the server generates a new user identifier code, which it compares to that received from the client. A match indicates an authorized user, In another embodiment, a dynamic identifier code, dependent on the random number generated by the client, is used to obviate the need for transferring the PEN to the server. Here, the user PIN may be forgotten, stolen, damaged or lost. In such a case, a fraudulent user identifier code can be generated.
Another method for achieving secure transmission of information is the use of a one-time encryption key (session key), as disclosed in Canada Patent Nos. 1,340,092 and 2,236,406.
Canada Patent No. 2,105,404 (U.S. Patent No. 5,280,527) uses biometric information as part of the "seed" for generating a token, with other information such as time-varying information (e.g. the time of day) or a fixed code (e.g. PIN). The token is then communicalcd to a host system or access device to determine whether access to the host is permitted The host must be synchronized With the security mechanism so that the time varying code is identical
U S Patent No 5,343,529 uses a server-generated request identifier that is specific to each transaction to ensure that access information is different foi each transaction The servei sends the request identifier to the client requesting access and retneves a user identifier from a database By applying the same irreversible transformation to the user identifier and request identifier, authentication code generators at the client and at the server independently generate an authentication code If the server and client authentication codes match, the server permits access However, if the user identifier is obtained by someone other than the corresponding user, fraudulent access can be gained Moreover, such a method cannot be used in an authentication system based on verification of biometπc data because the irreversible transformation Will not generate the same code for different biometπc data samples, as explained in the following The irreversible transformation is applied to bit stπngs of the biometnc data If the bit stπngs are different, the irreversible transform results Will also be different Biometπcs samples, even for a single personal characteπstic, for example a fingerpπnt, cannot be exactly the same due to the existence of captuπng noise and vaπations in captuπng conditions Therefore, an irreversible transformation Will result in the generation of different codes Examples of irreversible transforms include the hash algoπthm and certain encryption algoπthms, in hich use of a different key gives a different encryption result U S Patent No 5,778,071 discloses a portable secuπty device that can authenticate the individual who carnes it and encrypt data communications This disclosure uses an idea similar to that of Canada Patent No 1,149,484, which generates a time-varying number and encrypts it together with the user's PIN The encryption result and the time-varying number are sent to server At the server end, the user's PIN is retπeved from a database and encrypted together with the received time-varying number to obtain a second encryption result The user is considered to be authenticated properly if the two encryption results match
U S Patent No 5,870,723 provides a token-less biometπc commercial transaction authoπzation method and system It uses a message sequence number, incremented each time a message is sent from a biometπc input apparatus (BIA), to indicate each separate attempt to use the device It also uses a transmission code compπsing a hardware identification code together with the incrementing sequence number to identify the sending BIA and to detect resubmϊssion attacks. The system disclosed in this reference is not readily adapted to use as a multi-purpose device.
None of the prior art mentioned above addresses the security problems listed previously to which prior art systems such as that shown in FIG. 1 are susceptible.
SUMMARY OF THE INVENTION
The present invention presents a solution to the security holes inherent in prior art systems and methods of user authentication.
The present invention includes a system and method of authenticating biometric data. An embodiment of the method according to the present invention comprises encrypting a First session key with a first encryption key (EK), receiving and decrypting the first session key using a second EK, capturing biometric data (BD) corresponding to a user, encrypting the captured BD using a second session key, receiving and decrypting the encrypted captured BD using the first session key, comparing the captured BD and previously stored BD and verifying that an elapsed time between transmission of the first session key and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first session key.
Another embodiment of the method according to the present invention comprises encrypting a first message identification code (MIC) with a first encryption key, receiving and decrypting the first MIC using a second encryption key, capturing BD corresponding to a user, encrypting the captured BD and a second MIC using the second encryption key, receiving and decrypting the encrypted captured BD and second MIC using the first encryption key, comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and verifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first MIC.
Another embodiment of the method according to the present invention comprises encrypting a first MIC with a first at least a portion of a first encryption key, receiving and decrypting the first MIC using a second at least a portion of the first encryption key, capturing BD corresponding to a user, encrypting the captured BD and a second MIC using a first at least a portion of a second encryption key, receiving and decrypting the encrypted captured BD and second MIC using a second at least a portion of the second encryption key, comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and erifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first MIC.
An embodiment of a system for authenticating biometric data according to the present invention comprises a secure server, a database connected to the server for storing first biometric data corresponding to a unique user identification code (ID), a client connected to the server, and a biometric data capture device (BCD) connected to the client for capturing second biometric data from a user, wherein the BCD consists of an integrated hardware unit.
In an aspect of the embodiment, a biometric data capture device serial number (BCDN) and a shared symmetric key or a private key associated with the BCD are stored in a memory internal to the BCD and can be read by an encryption module internal to the BCD and authorized personnel but cannot be modified by external intervention.
In a further aspect of the embodiment, the BCDN and shared symmetric key or private key are destroyed by overwriting the locations in memory in which they are stored when an unauthorized user opens the BCD. The present invention also includes a system and method of verifying live capture of biometric data. An embodiment of the method of verifying live capture of biometric data according to the present invention comprises capturing a sequence of characteristic feature inputs by a user, extracting from the sequence a time-varying property of the characteristic feature inputs wherein said time-varying property is known to evolve in a predictable manner, and comparing the evolution of the time-varying property against a predictive model, The system of verifying live capture of biometric data according to the present invention comprises a biometric sensor for capturing a characteristic feature of a user, a sensor driver for acquiring biometric data corresponding to the user and means for verifying live capture of the biometric data.
The present invention also includes a method of preventing re-use of captured biometric data. An embodiment of the method comprises generating a first session key, using the first session key to decrypt encrypted captured biometric data, and destroying the first session key.
A further embodiment of the method comprises generating a first message identification code, decrypting encrypted captured biometric data and a second message identification code, and destroying the first message identification code. The present invention further includes a method of registering a BCD and a method of registering a user of an authentication system. An embodiment of the method of registering a BCD according to the present invention comprises assigning an encryption key to the BCD, writing a first at least a portion of the encryption key and a BCDN corresponding to the BCD into a database, and writing a second at least a portion of the encryption key and BCDN into a memory internal to the BCD.
An embodiment of the method of registering a BCD according to the present invention comprises assigning an ID to the user, capturing live biometric data for the user, storing the biometric data and associated ID in a database, and defining a list of applications to which the user is authorized access. These and other embodiments of the invention will become readily apparent to those of ordinary skill in the art from the following description of the invention, which is to be read in conjunction with the accompanying drawings and appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will be better understood with reference to the drawings, in which: FIG. 1 shows an authentication system typical of the prior art,
FIG. 2 shows an authentication system according to the invention.
FIG. 3 shows an example of an authentication method according to the invention.
DETAILED DESCRIPTION OF THE INVENTION
The invention generally concerns a secure user authentication system and method based on verification of biometric information unique to the user for restricting physical access to locations and/or logical access to information, wherein potential fraudulent use of the system is thwarted by preventing the biometric information from being used more than once, The system includes a tamper resistant biometric data capture device which may further include a module which verifies that only biometric data captured live may be used to authenticate a user seeking physical or logical access. The invention is a secure solution to the security holes inherent in prior art systems and methods of user authentication. An example of a user authentication system according to the present invention is shown in FIG. 2. The system comprises a secure server 210, a database 220 connected to the server, a client 230 connected to the server, and a biometric data capture device (BCD) 240 connected to the client. The server 210 controls access to a location, for example a building or safe ("physical access") or to information, for example a bank or computer account or a computer file ("logical access"). The server itself is made secure by safeguarding it by some physical means, for example placing it in a location to which access is strictly limited, and/or digital means, for example a digital firewall. Other methods of securing the server Will be evident to those skilled in the art. The server comprises a random number generator 212 for generating a request number (RN) 214 which serves as a session key or a current message identification code, a communication module 216, comprising communication hardware, for example a modem, and associated software, for example a modem driver, an encryption module 218 which performs encryption and decryption functions, and a server memory (not shown). The encryption and decryption algorithms executed by the encryption module are well known in the art and may be resident on one or more application specific integrated circuits (ASIC). Many suitable encryption algorithms are known in the art and are within the scope of the invention, for example International Data Encryption Algorithm (IDEA), Data Encryption Standard (DES), Rivest- Shamir-Adelman Encryption Algorithm (RSA), and elliptic curve cryptosystems (ECC).
The server database stores information relevant to the authentication process, for example a BCD serial number (BCDN) 222 unique to each BCD, an encryption key (EK) 224 corresponding to each BCD, a user identification code (ED) 226 unique to each user, and biometric data (BD) 228 corresponding to each ED, previously captured by a BCD. The EK may take the form of any number of encryption keys known in the art, for example a shared symmetric key or a public key pair comprising a public key and corresponding private key. As is known in the art, in the public key infrastructure system, the public key of a public key pair is assumed to be accessible to all, while access to the corresponding private key is restricted, and there is a trusted third party which issues a public key certificate indicating the entity (e.g. device) to which the public key belongs In the case of a shared symmetric key the EK is shared by both the server and the BCD In the case of a public key pair, the server stores its own private key and a public key corresponding to the BCD's pπvate key, while the BCD stores its own private key and a public key corresponding to the seivcr's pπvate key The database may be resident as data on a memory device internal to the server or as a data file on a peripheral memory device, for example a disk dπve, CD ROM, etc The user identification code may be a stπng of numeπc or alphanumeπc characters
The client 230 is an interface between the server and the BCD, allowing data, for example an ED, BCDN, or request for authentication, to be input into the system by a user 250 The client also allows the transmission of encrypted messages back and forth between the server and the BCD Examples of servers and clients within the scope of the invention include financial systems such as the existing ATM networks, stock exchange systems, database systems, secuπty systems, and general purpose computer networks, where the server stores valuable information and a client may be a terminal through which a user can access the server to effectuate desired operations and/or transactions A large number of servers, clients, and server databases adapted for use With biometπc information authentication are known m the art, and all are within the scope of the invention
The BCD 240 captures biometπc information from the user seeking authentication, such as one or more fingerpπnts, a facial image, voice pattern, image of the retina or ins, etc , and transmits and receives this and other information through the client to and from the server To enhance the secuπty of the device, the BCD is an integrated hardware apparatus The device compnses a biometric data acquisition module 242, a communication module 244, an encryption module 246, and a memory 248 The biometπc data acquisition module 242 compnses a biometnc sensor and an associated software dnver for captunng data A number of biometπc sensors and associated dnvers are known in the art, for example video cameras for recording facial images, fmgerpπnt scanners, ins/retinal scanners, and voice recording systems All are within the scope of the invention The communication module 244 compnses communication hardware, for example a modem, and associated software, for example a modem dnver The encryption module 246 performs encryption and decryption functions The encryption and decryption algorithms may be executed by one or more ASICs or by conventional integrated circuits Stored in the memory 248 of the BCD is an EK 252 and a serial number BCDN 254, both unique to the BCD. The EK may take the form of any number of encryption keys known in the art, for example a shared symmetric key or the private key of a public key pair, For flexibility, the BCDN and EK can be re-written by an authorized party such as a system administrator or repair technician. Preferably, the BCDN and EK can be rewritten by such external intervention but are readable only by the encryption module. If the BCD is opened by an unauthorized party, the EK and BCDN will be destroyed by erasing them from the memory. This can be achieved by a re-write routine triggered by the opening of the BCD: upon opening, a memory write routine is triggered, causing zeros or random numbers, for example, to be written into the memory locations of the BCDN and EK.
The biometric data acquisition module 242 is preferably designed to ensure that the biometric data is captured live, in real time, as part of the authentication process. This is achieved by verifying the characteristics of a sequence of biometric images as a person allows his or her biometric data to be captured by the biometric sensor. For example, as the person places his or her finger on the scanner, a sequence of images is captured. It has been observed that the captured image changes within the sequence. Because of the elasticity of the finger, the traces of the feature points possess an identifiable characteristic. The variation between the image features of different frames can be calculated to indicate whether the biometric trait has been captured live. For fingerprint capturing, several of the sensors known in the art are designed to detect only fingerprint images captured live. Another example is facial image capturing: as a person approaches a camera, the motion vector variation derived from the facial images has a certain predictable time-varying property. Data Which are not captured live, but rather are generated off-line, do not display this time-varying property. Therefore, biometric data captured live will be recognized as different from data which are not. An example of a user authentication method according to the invention will now be described, with reference to FIG. 3. According to the invention, a user seeking physical or logical access through a client must be the same person whose biometric data is captured by the biometric sensor. The user initiates the authentication process for physical or logical access at a client by entering his or her ID (305). The server, through the client, may prompt the user to input his or her ED. The BCDN may already be known to the client. Alternatively, the server, through the client, may prompt the user to input the BCDN. The server then receives the ID and BCDN from the client (310).
Subsequently the server, through the client, prompts the user to input live biometric data into the BCD (315). This involves allowing capture of a characteristic image of the user, for example one or more fingerprint images, a facial image, image of the retina or iris, etc. The server then retrieves from the database the EK, which may be any known encryption key, for example a shared symmetric key or the public key of a public key pair, corresponding to the received BCDN (320) and generates a random first RN as a session key or a message identification code (325), Which is stored in the server memory. The server encrypts the first RN using the EK (330) and transmits the encrypted first RN to the BCD through the client (335). A time index indicating the time at which the encrypted first RN was transmitted to the BCD is recorded by the server in the server memory or server database for future reference (340).
The BCD receives and decrypts, using the EK resident in the BCD memory, for example a shared symmetric key or the private key of a public key pair, the encrypted first RN (345), captures biometric data (BD) from the user (350), and stores in memory a time index indicating the time at which the BD was captured (355). The BCD then encrypts the BD, the time index, and auxiliary data in an encrypted message using a second RN generated from the first RN as a session key (360). Alternatively, if the first RN is used as a message identification code, the BCD employs the shared symmetric key or the public key of a public key pair corresponding to the server to encrypt the BD, time index, auxiliary data and a second RN generated from the first RN. The BCD then transmits the encrypted message through the client to the server (365). The data items and their order in the encrypted message are preferably pre-defined among the server and all capturing devices linked to the server.
The server receives and decrypts the encrypted message from the BCD (370), using the first session key (retrieved from the server memory) if the first RN is used as a session key, or an encryption key, if the first RN is used as a message identification code. In the latter case, the encryption key may be the shared symmetric key or the private key of the server's public key pair. The server then retrieves previously stored biometric data corresponding to the ED from the database (375). The server then compares the retrieved BD against the BD received from the BCD to determine whether there is a match (380) and calculates the elapsed time between the transmission time index and the capture time index to determine whether a time-out criterion has been violated (385), If there is a match and if there is no violation of the time-out criterion (390), then the server authenticates the user, who thereby gains physical or logical access as appropriate (395). The server subsequently deletes the first RN (399). Alternatively, if the first RN is used as a message identification code, the server will also compare the second RN (received from the BCD) against the first RN (retrieved from the server memory). Authentication of the user will then occur only if, in addition to the two requirements previously described, the first and second RN also match.
For enhanced security, the server does not keep a record of session keys for future reference. Systematically deleting the session key ensures that the biometric data cannot be decrypted after the time set by the time-out criterion, and that within the time window set by the time-out criterion, only the server can decrypt the biometric data and authenticate the user. Thus, the biometric data is used only once within this very short period. In the case where the RN is used as a message identification code, automatic deletion of the RN assures that the server can not match a RN received from the BCD with a RN retrieved from the server memory after the RN has been used once or after a time interval which may be made as short as is practical given the time delays inherent in information transfer among the various components of the system during a single authentication operation. Thus the biometric data associated with the RN is used only once.
Registration of the BCD must be executed in a very secure way by an authorized individual (registrar), for example a system administrator or technician, who is responsible for certifying the integrity of the entire authentication system. An exemplary registration process may be described as follows: The registrar verifies the structural integrity of the BCD to confirm that it has not been subject to tampering. The registrar then reads the BCDN Written on an external surface of the BCD and assigns a unique EK, either a shared symmetric key or a public key pair, to the BCD, The registrar then writes the BCDN and corresponding at least a portion of the EK (shared symmetric key or public key of the public key pair assigned to the BCD) into the sever database and the shared symmetric key or the public key pair into the BCD memory.
Registration of authentication system users may effected by the system administrative staff according to the following exemplary method: The staff assigns a user name or identification number, which may be entirely numeric or alphanumeric in content, to each user. Live biometric data for each user is then captured using a registered BCD. The biometric data and associated ID are stored in the server database. Subsequently, the staff defines a list of applications, for example physical locations or files of information to which the user is authorized access upon authentication, and stores this information in the server database with the associated ID and biometric data.
The system and method of the invention provide a number of levels of security against fraudulent access. The BCDN and the EK ensure that only registered devices capture the biometric data, e.g. a registered fingerprint live-scanner captured the fingerprint image. Live biometric data ensure that only authorized individuals gain access. The request number session key and/or message identification code ensure that only the current message can be used only for the current authentication request. The time-out criterion reduces the time window during which fraudulent access can be attempted.
In an authentication system according to the invention, any authentication request from an open network (that is, without passing through a registered BCD) will be denied. Any authentication request made using static biometric data not captured live will also be denied. Moreover, an encrypted message intercepted during transmission between the BCD and the server cannot be reused because no corresponding request number session key will be found at the server to decrypt the message or no message identification code will be available for verification of the current message. Various preferred embodiments of the invention have now been described. While these embodiments have been set forth by way of example, various other embodiments and modifications will be apparent to those skilled in the art. Accordingly, it should be understood that the invention is not limited to such embodiments, but encompasses all that which is described in the following claims.

Claims

What is claimed is
1 A method of authenticating biometric data comprising enci ypting a first session key ith a first enci yption key, receiving and decrypting the first session key using a second encryption key, captuπng biometπc data (BD) corresponding to a user, encrypting the captured BD using a second session key, receiving and decrypting the encrypted captured BD using the first session key, compaπng the captured BD and previously stored BD and venfying that an elapsed time between transmission of the first session key and transmission of the encrypted captured BD does not violate a timeout cnteπon, so as to authenticate the captured BD, and destroying the first session key
2 The method according to claim 1 wherein each of said first and second encryption keys is a shared symmetπc key
3 The method according to claim 1 wherein the first encryption key is a public key of a public key pair and the second encryption key is a pπvate key corresponding to the public key
4 The method according to claim 1, wherein the first session key is a random number generated by a server
5 The method according to claim 1 wherein the second session key is generated using the first session key
6 The method according to claim 1 wherein the first encryption key corresponds to a biometπc data capture device senal number (BCDN) unique to a biometπc data capture device (BCD)
7 The method according to claim 1 wherein the previously stored BD corresponds to a previously stored user identification code (ID) unique to the user
8 The method according to claim 1 wherein the first session key is stored in a memory associated with a server and destroyed by deletion from the memory
9. A method of authenticating biometric data comprising: encrypting a first message identification code (MIC) with a first encryption key; f 1 dυDvπi ϊli 1 n ι i£nj i
Figure imgf000015_0002
uiύCii nn αg, i u
Figure imgf000015_0001
O nirri i jmlui Avni i I i' *r-n ji' ■> capturing biometric data (BD) con-esponding to a user; encrypting the captured BD and a second MIC using the second encryption key; receiving and decrypting the encrypted captured BD and second MIC using the first encryption key; comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and verifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD; and destroying the first MIC.
10. The method according to claim 9 wherein each of the first and second encryption keys is a shared symmetric key.
11. The method according to claim 9, wherein the first MIC is a random number generated by a server wherein said random number corresponds to a biometric data capture device serial number (BCDN).
12. The method according to claim 9 wherein the second MIC is generated using the first MIC.
13. The method according to claim 9 wherein the first encryption key corresponds to a BCDN unique to a biometric data capture device (BCD).
14. The method according to claim 9 wherein the previously stored BD corresponds to a previously stored user identification code (ID) unique to the user.
15. The method according to claim 9 wherein the first MIC is stored in a memory associated with a server and destroyed by deletion from the memory.
16. A method of authenticating biometric data comprising: encrypting a first message identification code (MIC) with a first at least a portion of a first encryption key; receiving and decrypting the first MIC using a second at least a portion of the first encryption key; capturing biometric data (BD) corresponding to a user; encrypting the captured BD and a second MIC using a first at least a portion of a second encryption key; receiving and decrypting the encrypted captured BD and second MIC using a second at least a portion of the second encryption key; comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and verifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD; and destroying the first MIC.
17. The method according to claim 16 wherein each of the first and second encryption keys is a public key pair comprising a public key and a private key corresponding to the public key.
18. The method according to claim 16, wherein the first MIC is a random number generated by a server wherein said random number corresponds to a biometric data capture device serial number (BCDN).
19. The method according to claim 16 wherein the second MIC is generated using the first MIC.
20. The method according to claim 16 wherein the first at least a portion of the first encryption key corresponds to a BCDN unique to a biometric data capture device (BCD).
21. The method according to claim 16 wherein the previously stored BD corresponds to a previously stored user identification code (ED) unique to the user.
22. The method according to claim 16 wherein the first MIC is stored in a memory associated with a server and destroyed by deletion from the memory.
23. A system for authenticating biometric data comprising: a secure server; a database connected to said server for storing first biometric data corresponding to a unique ID; a client connected to said server; and a biometric data capture device (BCD) connected to said client for capturing second biometric data from a user, said BCD consisting of an integrated hardware unit.
24. The system of claim 23 wherein the server comprises a random number generator.
25. The system according to claim 23 wherein the server comprises a first communication module and a first encryption module.
26. The system according to claim 25 wherein the first communication module comprises a modem and an associated driver for communicating directly with the client and indirectly with the BCD through the client.
27. The system according to claim 25 wherein the first encryption module comprises at least one application specific integrated circuit (ASIC).
28. The system according to claim 23 wherein the database stores a first at least a portion of a first encryption key and a first biometric data capture device serial number (BCDN) corresponding to the first at least a portion of the first encryption key.
29. The system according to claim 23 wherein the integrated hardware unit comprises a biometric data acquisition module, a second communication module, and a second encryption module.
30. The system according to claim 29 herein the biometric data acquisition module comprises a biometric sensor for capturing a characteristic feature of the user and a sensor driver for acquisition of said second biometric data.
31. The system according to claim 29 wherein the second communication module comprises a modem and an associated driver for communicating directly with the client and indirectly with the server through the client,
32. The system according to claim 29 wherein the second communication module comprises a wireless communication module for communicating directly with the client and indirectly with the server through the client.
33. The system according to claim 29 wherein the second encryption module comprises at least one ASIC.
34. The system according to claim 29 wherein the integrated hardware unit further comprises a memory.
35. The system according to claim 34 wherein the memory stores at separate locations in the memory a unique second BCDN corresponding to the BCD, a unique second at least a portion of the first encryption key corresponding to the BCDN, and a first at least a portion of a second encryption key.
36. The system according to claim 35 wherein the database stores a second at least a portion of the second encryption key.
37. The system according to claim 35 wherein the second BCDN and first and second at least a portion of the first encryption key may be modified by an authorized person.
38. The system according to claim 35 wherein the second BCDN and the second at least a portion of the first encryption key may be read only by the second encryption module.
39. The system according to claim 35 wherein the second BCDN and the second at least a portion of the first encryption key are erased when the BCD is opened by an unauthorized person.
40. The system according to claim 39 wherein the second BCDN and the second at least a portion of the first encryption key are erased by overwriting the separate locations in the memory.
41. The system according to claim 35 wherein each of the first and second encryption keys is a shared symmetric key.
42. The system according to claim 35 wherein each of the first and second encryption keys is a public key pair comprising a public key and a private key corresponding to the private key.
43. The system according to claim 23 wherein the server comprises a server memory,
44. A system for authenticating biometric data for controlling physical and/or logical access comprising: a secure server comprising a random number generator, a first communication module, a first encryption module, and a server memory; a database connected to said server for storing a first at least a portion of each of first and second encryption keys, a first biometric data capture device serial number (BCDN) corresponding to the at least a portion of the first encryption key, a unique user identification code (ED) corresponding to a user, and first biometric data corresponding to said ID; a client connected to said server; and a biometric data capture device (BCD) connected to said client for capturing second biometric data from a user, said BCD consisting of an integrated hardware unit comprising a biometric data acquisition module, a second communication module, a second encryption module, and a BCD memory, said BCD being associated with a unique second BCDN stored in said BCD memory and a second at least a portion of the first encryption key stored in said BCD memory.
45. A method of verifying live capture of biometric data comprising: capturing a sequence of characteristic feature inputs by a user; extracting from the sequence a time-varying property of the characteristic feature inputs wherein said time-varying property is known to evolve in a predictable manner; and comparing the evolution of the time-varying property against a predictive model.
46. A biometric data capture device for verifying live capture of biometric data comprising; a biometric sensor for capturing a characteristic feature of a user; a sensor driver for acquiring biometric data corresponding to the user; and means for verifying live capture of the biometric data.
47. A method of authenticating biometric data comprising: encrypting a first session key ith a first encryption key; receiving and decrypting the first session key using a second encryption key; capturing biometric data (BD) corresponding to a user; capturing a sequence of characteristic feature inputs by the user; extracting from the sequence a time-varying property of the characteristic feature inputs wherein the time-varying property is known to evolve in a predictable manner; and comparing the evolution of the time-varying property against a predictive model. encrypting the captured BD using a second session key; receiving and decrypting the encrypted captured BD using the first session key; comparing the captured BD and previously stored BD, verifying that the evolution of the time varying property matches a predictive model, and verifying that an elapsed time between transmission of the first session key and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD; and destroying the first session key.
48. The method according to claim 47 wherein each of said first and second encryption keys is a shared symmetric key.
49. The method according to claim 47 wherein the first encryption key is a public key of a public key pair and the second encryption key is a private key corresponding to the public key.
50. The method according to claim 47, wherein the first session key is a random number generated by a server.
51. The method according to claim 47 wherein the second session key is generated using the first session key.
52. The method according to claim 47 wherein the first encryption key corresponds to a biometric data capture device serial number (BCDN) unique to a biometric data capture device (BCD).
53. The method according to claim 47 wherein the previously stored BD corresponds to a previously stored user identification code (ED) unique to the user,
54. The method according to claim 47 wherein the first session key is stored in a memory associated with a server and destroyed by deletion from the memory,
55. A method of authenticating biometric data comprising: encrypting a first message identification code (MIC) with a first encryption key; receiving and decrypting the first MIC using a second encryption key; capturing biometric data (BD) corresponding to a user; uμiui 111 μ, *.ι u u i )f characteristic feature inputs by the user; extracting from the sequence a time-Varying property of the characteristic feature inputs wherein the time-varying property is known to evolve in a predictable manner; and comparing the evolution of the time-varying property against a predictive model. encrypting the captured BD and a second MIC using the second encryption key; receiving and decrypting the encrypted captured BD and second MIC using the first encryption key; comparing the captured BD and previously stored BD, comparing the second MIC and the first MEC, verifying that the evolution of the time varying property matches a predictive model, and verifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD; and destroying the first MEC.
56. The method according to claim 55 wherein each of the first and second encryption keys is a shared symmetric key.
57. The method according to claim 55, wherein the first MEC is a random number generated by a server wherein said random number corresponds to a biometric data capture device serial number (BCDN).
58. The method according to claim 55 wherein the second MEC is generated using the first MIC.
59. The method according to claim 55 wherein the first encryption key corresponds to a BCDN unique to a biometric data capture device (BCD).
60. The method according to claim 55 wherein the previously stored BD corresponds to a previously stored user identification code (ED) unique to the user.
61. The method according to claim 55 wherein the first MIC is stored in a memory associated with a server and destroyed by deletion from the memory
62 A method of authenticating biometnc data compπsmg encrypting a first message identification code (MIC) with a fust at least a portion of a fust encryption key, receiving and decrypting the first MIC using a second at least a portion of the first encryption key, captuπng biometnc data (BD) corresponding to a user, captunng a sequence of characteπstic feature inputs by the user, extracting from the sequence a time-varying property of the charactenstic feature inputs wherein the time-varying property is known to evolve in a predictable manner, and companng the evolution of the time-vary g property against a predictive model encrypting the captured BD and a second MIC using a first at least a portion of a second encryption key, receiving and decrypting the encrypted captured BD and second MIC using a second at least a portion of the second encryption key, companng the captured BD and previously stored BD, venfymg that the evolution of the time varying property matches a predictive model, companng the second MIC and the first MJC, and venfying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout cnteπon, so as to authenticate the captured BD, and destroying the first MIC
63 The method according to claim 62 wherein each of the first and second encryption keys is a public key pair comprising a public key and a pnvate key corresponding to the public key
64 The method according to claim 62, wherein the first MIC is a random number generated by a server wherein said random number corresponds to a biometπc data capture device senal number (BCDN)
65 The method according to claim 62 wheie the second MIC is generated using the first MIC.
66. The method according to claim 62 wherein the first at least a portion of the first encryption key corresponds to a BCDN unique to a biometric data capture device (BCD).
67. The method according to claim 62 wherein the previously stored BD corresponds to a previously stored user identification code (ID) unique to the user.
68. The method according to claim 62 wherein the first MEC is stored in a memory associated with a server and destroyed by deletion from the memory.
69. A system for authenticating biometric data comprising: a secure server; a database connected to said server for storing first biometric data corresponding to a unique user identification code (ED); a client connected to said server; and a biometric data capture device (BCD) connected to said client for capturing second biometric data from a user, said BCD consisting of an integrated hardware unit comprising means for verifying live capture of the second BD.
70. The system of claim 69 wherein the server comprises a random number generator.
71. The system according to claim 69 wherein the server comprises a first communication module and a first encryption module.
72. The system according to claim 71 wherein the first communication module comprises a modem and an associated driver for communicating directly with the client and indirectly with the BCD through the client.
73. The system according to claim 71 wherein the first encryption module comprises at least one application specific integrated circuit (ASIC).
74. The system according to claim 69 wherein the database stores a first at least a portion of a first encryption key and a first biometric data capture device serial number (BCDN) corresponding to the first at least a portion of the first encryption key.
75. The system according to claim 69 wherein the integrated hardware unit further comprises a biometric data acquisition module, a second communication module, and a second encryption module.
76. The system according to claim 75 wherein the biometric data acquisition module comprises a biometric sensor for capturing a characteristic feature of the user and a sensor driver for acquisition of said second biometric data.
77. The system according to claim 75 wherein the second communication module comprises a modem and an associated driver for communicating directly with the client and indirectly with the server through the client.
78. The system according to claim 75 wherein the second communication module comprises a wireless communication module for communicating directly with the client and indirectly with the server through the client.
79. The system according to claim 75 wherein the second encryption module comprises at least one ASIC.
80. The system according to claim 75 wherein the integrated hardware unit further comprises a memory.
81. The system according to claim 80 wherein the memory stores at separate locations in the memory a unique second BCDN corresponding to the BCD, a unique second at least a portion of the first encryption key corresponding to the BCDN, and a first at least a portion of a second encryption key.
82. The system according to claim 81 wherein the database stores a second at least a portion of the second encryption key.
83. The system according to claim 81 wherein the second BCDN and first and second at least a portion of the first encryption key may be modified by an authorized person.
84. The system according to claim 81 wherein the second BCDN and the second at least a portion of the first encryption key may be read only by the second encryption module.
85. The system according to claim 81 wherein the second BCDN and the second at least a portion of the first encryption key are erased when the BCD is opened by an unauthorized person.
86. The system according to claim 85 wherein the second BCDN and the second at least a portion of the first encryption key are erased by overwriting the separate locations in the memory.
87. The system according to claim 81 wherein each of the first and second encryption keys is a shared symmetric key.
88. The system according to claim 81 wherein each of the first and second encryption keys is a public key pair comprising a public key and a private key corresponding to the private key.
89. The system according to claim 69 wherein the server comprises a server memory.
90. A method of registering a biometric data capture device (BCD) comprising: assigning a first encryption key to the BCD; writing a first at least a portion of the first encryption key and a biometric data capture device serial number (BCDN) corresponding to the BCD into a database; and writing a second at least a portion of the first encryption key, a first at least a portion of a second encryption key, and the BCDN into a memory internal to the BCD.
9E. The method according to claim 90 further comprising inspecting the BCD to determine if it has been subject to tampering.
92. The method according to claim 90 further comprising reading the BCDN from the BCD.
93. The method according to claim 90 wherein each of the first and second encryption keys is a shared symmetric key.
94. The method according to claim 90 wherein each of the first and second encryption keys is a public key pair comprising a public key and a private key corresponding to the public key.
95. A method of registering a user of an authentication system comprising; assigning a user identification code (ID) to the user; capturing live biometric data for the user; storing the biometric data and associated ID in a database; and defining a list of applications to which the user is authorized access.
96. The method according to claim 95 further comprising storing the list in the database.
97. The method according to claim 95 wherein the list is associated with the ID and the captured live biometric data,
98. A method or preventing re-use of biometric data comprising: generating a first session key; using the first session key to decrypt encrypted captured biometric data; and destroying the first session key.
99. The method according to claim 98 further comprising encrypting the captured biometric data using a second session key.
100. The method according to claim 99 wherein the second session key is generated using the first session key.
101. The method according to claim 99 wherein each of the first and second session keys is a random number.
102. The method according to claim 98 further comprising encrypting the first session key with a first encryption key.
103. The method according to claim 102 wherein the first encryption key corresponds to a biometric data capture device serial number (BCDN).
104. The method according to claim 102 further comprising decrypting the encrypted first session key with a second encryption key.
105. The method according to claim 104 wherein each of the first and second encryption keys is a shared symmetric key.
106. The method according to claim 104 wherein the first encryption key is a public key of a public key pair and the second encryption key is a private key corresponding to the public key.
107. The method according to claim 102 further comprising comparing the captured biometric data to previously stored biometric data.
108. The method according to claim 107 further comprising verifying that an elapsed time between a transmission of the first session key and a transmission of the encrypted captured biometric data does not violate a time-out criterion.
109. A method or preventing re-use of biometric data comprising: generating a first message identification code (MIC); decrypting encrypted captured biometric data and a second MIC; and destroying the first MIC.
110. The method according to claim 109 further comprising encrypting the first MIC with a first at least a portion of a first encryption key.
111. The method according to claim 1 10 further comprising decrypting the encrypted first MIC with a second at least a portion of the first encryption key.
112. The method according to claim 11 1 further comprising encrypting the captured biometric data and the second MIC using a first at least a portion of a second encryption key.
1 13. The method according to claim 1 12 further comprising decrypting the encrypted captured biometric data and second MIC using a second at least a portion of the second encryption key.
114. The method according to claim 113 wherein the first at least a portion of the first encryption key corresponds to a biometric data capture device serial number (BCDN).
115. The method according to claim 113 wherein each of the first and second encryption keys is a shared symmetric key.
116. The method according to claim 113 wherein each of the first and second encryption keys is a public key pair comprising a public key and a private key corresponding to the public key.
117. The method according to claim 113 further comprising comparing the captured biometric data to previously stored biometric data and the first MIC to the second MIC.
118. The method according to claim 117 further comprising verifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured biometric data does not violate a time-out criterion.
1 19. The method according to claim 109 wherein the second MEC is generated using the first MIC.
120. The method according to claim 109 wherein each of the first and second MIC is a random number.
PCT/SG2000/000177 2000-10-17 2000-10-17 Biometrics authentication system and method WO2002032308A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SG2000/000177 WO2002032308A1 (en) 2000-10-17 2000-10-17 Biometrics authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG2000/000177 WO2002032308A1 (en) 2000-10-17 2000-10-17 Biometrics authentication system and method

Publications (1)

Publication Number Publication Date
WO2002032308A1 true WO2002032308A1 (en) 2002-04-25

Family

ID=20428881

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2000/000177 WO2002032308A1 (en) 2000-10-17 2000-10-17 Biometrics authentication system and method

Country Status (1)

Country Link
WO (1) WO2002032308A1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004001656A2 (en) 2002-05-21 2003-12-31 Bio-Key International, Inc. Systems and methods for secure biometric authentication
WO2004006076A2 (en) * 2002-07-03 2004-01-15 Aurora Wireless Technologies, Ltd. Biometric private key infrastructure
WO2004072870A1 (en) 2003-02-11 2004-08-26 Argus Solutions Ltd Management control of pharmaceutical substances
WO2005004037A1 (en) * 2003-07-03 2005-01-13 Argus Solutions Ltd Management control of assets
US20080126811A1 (en) * 2006-11-24 2008-05-29 Wei Chang Method for authorized-user verification and related apparatus
WO2008081051A1 (en) * 2006-12-29 2008-07-10 Doyen, S.L. Method and system of security by means of biometric identification of persons
US7415605B2 (en) 2002-05-21 2008-08-19 Bio-Key International, Inc. Biometric identification network security
EP1975885A1 (en) * 2007-03-28 2008-10-01 Mohammed A. Geoffrey System and method for electronic certification and authentification
US7672457B2 (en) * 2003-06-30 2010-03-02 Fujitsu Limited Computer-readable recording medium recording a wireless communication authentication program
EP2989537A4 (en) * 2014-05-19 2016-11-02 American Express Travel Relate Authentication via biometric passphrase
EP3190543A1 (en) * 2015-01-07 2017-07-12 eMemory Technology Inc. Method of dynamically encrypting fingerprint data and related fingerprint sensor
WO2018083494A1 (en) * 2016-11-07 2018-05-11 Cirrus Logic International Semiconductor Limited Methods and apparatus for authentication in an electronic device
IT201700036682A1 (en) * 2017-04-04 2018-10-04 Luciano Pietrantonio Control system for access equipment
US10691780B2 (en) 2016-08-03 2020-06-23 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
US10878068B2 (en) 2016-08-03 2020-12-29 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
US11522871B1 (en) * 2016-04-20 2022-12-06 Wells Fargo Bank, N.A. Verifying secure transactions through distributed nodes

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5229764A (en) * 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
US6076167A (en) * 1996-12-04 2000-06-13 Dew Engineering And Development Limited Method and system for improving security in network applications

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5229764A (en) * 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
US6076167A (en) * 1996-12-04 2000-06-13 Dew Engineering And Development Limited Method and system for improving security in network applications

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7415605B2 (en) 2002-05-21 2008-08-19 Bio-Key International, Inc. Biometric identification network security
US8214652B2 (en) 2002-05-21 2012-07-03 BIO-key International. Inc. Biometric identification network security
EP1537513A2 (en) * 2002-05-21 2005-06-08 Bio-Key International, Inc. Systems and methods for secure biometric authentication
EP1537513A4 (en) * 2002-05-21 2007-02-07 Bio Key Int Inc Systems and methods for secure biometric authentication
WO2004001656A2 (en) 2002-05-21 2003-12-31 Bio-Key International, Inc. Systems and methods for secure biometric authentication
WO2004006076A2 (en) * 2002-07-03 2004-01-15 Aurora Wireless Technologies, Ltd. Biometric private key infrastructure
WO2004006076A3 (en) * 2002-07-03 2004-04-22 Aurora Wireless Technologies L Biometric private key infrastructure
CN100342294C (en) * 2002-07-03 2007-10-10 富利科技有限公司 Biometric private key infrastructure
WO2004072870A1 (en) 2003-02-11 2004-08-26 Argus Solutions Ltd Management control of pharmaceutical substances
EP1593073A1 (en) * 2003-02-11 2005-11-09 Argus Solutions PTY Ltd. Management control of pharmaceutical substances
EP1593073A4 (en) * 2003-02-11 2007-01-24 Argus Solutions Pty Ltd Management control of pharmaceutical substances
EP2287768A1 (en) * 2003-02-11 2011-02-23 Pharmasea International Pty Ltd. Management control of pharmaceutical substances
US7672457B2 (en) * 2003-06-30 2010-03-02 Fujitsu Limited Computer-readable recording medium recording a wireless communication authentication program
WO2005004037A1 (en) * 2003-07-03 2005-01-13 Argus Solutions Ltd Management control of assets
US20080126811A1 (en) * 2006-11-24 2008-05-29 Wei Chang Method for authorized-user verification and related apparatus
WO2008081051A1 (en) * 2006-12-29 2008-07-10 Doyen, S.L. Method and system of security by means of biometric identification of persons
EP1975885A1 (en) * 2007-03-28 2008-10-01 Mohammed A. Geoffrey System and method for electronic certification and authentification
US10438204B2 (en) 2014-05-19 2019-10-08 American Express Travel Related Services Copmany, Inc. Authentication via biometric passphrase
EP2989537A4 (en) * 2014-05-19 2016-11-02 American Express Travel Relate Authentication via biometric passphrase
US11282081B2 (en) 2014-05-19 2022-03-22 American Express Travel Related Services Company, Inc. Authentication via biometric passphrase
EP3190543A1 (en) * 2015-01-07 2017-07-12 eMemory Technology Inc. Method of dynamically encrypting fingerprint data and related fingerprint sensor
US11522871B1 (en) * 2016-04-20 2022-12-06 Wells Fargo Bank, N.A. Verifying secure transactions through distributed nodes
US10691780B2 (en) 2016-08-03 2020-06-23 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
US10878068B2 (en) 2016-08-03 2020-12-29 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
CN110023934A (en) * 2016-11-07 2019-07-16 思睿逻辑国际半导体有限公司 Method and apparatus for the certification in electronic equipment
US10552595B2 (en) 2016-11-07 2020-02-04 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
KR20190077066A (en) * 2016-11-07 2019-07-02 시러스 로직 인터내셔널 세미컨덕터 리미티드 Methods and apparatus for authentication in electronic devices
KR102343743B1 (en) 2016-11-07 2021-12-24 시러스 로직 인터내셔널 세미컨덕터 리미티드 Methods and apparatus for authentication in an electronic device
CN110023934B (en) * 2016-11-07 2022-04-29 思睿逻辑国际半导体有限公司 Biometric authentication system, method in the system and electronic device
WO2018083494A1 (en) * 2016-11-07 2018-05-11 Cirrus Logic International Semiconductor Limited Methods and apparatus for authentication in an electronic device
IT201700036682A1 (en) * 2017-04-04 2018-10-04 Luciano Pietrantonio Control system for access equipment

Similar Documents

Publication Publication Date Title
US6148404A (en) Authentication system using authentication information valid one-time
O'Gorman Comparing passwords, tokens, and biometrics for user authentication
JP3754004B2 (en) Data update method
KR101226651B1 (en) User authentication method based on the utilization of biometric identification techniques and related architecture
US9294288B2 (en) Facilitating secure online transactions
US7805614B2 (en) Secure local or remote biometric(s) identity and privilege (BIOTOKEN)
US6073237A (en) Tamper resistant method and apparatus
US7415605B2 (en) Biometric identification network security
US4993068A (en) Unforgeable personal identification system
EP0986209B1 (en) Remote authentication system
JP4668551B2 (en) Personal authentication device and system and method thereof
US8499147B2 (en) Account management system, root-account management apparatus, derived-account management apparatus, and program
US20020056043A1 (en) Method and apparatus for securely transmitting and authenticating biometric data over a network
US20030101348A1 (en) Method and system for determining confidence in a digital transaction
US20080098469A1 (en) Authentication entity device, verification device and authentication request device
WO2002032308A1 (en) Biometrics authentication system and method
US20060021066A1 (en) Data encryption system and method
US20140258718A1 (en) Method and system for secure transmission of biometric data
JP2015525409A (en) System and method for high security biometric access control
JP2008167107A (en) Challenge response authentication method using public key infrastructure
JP2001249901A (en) Authentication device, method therefor and storage medium
JP4226582B2 (en) Data update system
Cavoukian et al. Keynote paper: Biometric encryption: Technology for strong authentication, security and privacy
Deswarte et al. A Proposal for a Privacy-preserving National Identity Card.
Chizari et al. Security issues in ATM smart card technology

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): SG US

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)