WO2004055738A1 - Dispositifs pour acces et entrees combines - Google Patents

Dispositifs pour acces et entrees combines Download PDF

Info

Publication number
WO2004055738A1
WO2004055738A1 PCT/NO2003/000421 NO0300421W WO2004055738A1 WO 2004055738 A1 WO2004055738 A1 WO 2004055738A1 NO 0300421 W NO0300421 W NO 0300421W WO 2004055738 A1 WO2004055738 A1 WO 2004055738A1
Authority
WO
WIPO (PCT)
Prior art keywords
fingerprint
access
sensor
embedded
interface
Prior art date
Application number
PCT/NO2003/000421
Other languages
English (en)
Inventor
Svein Mathiassen
Ivar Mathiassen
Original Assignee
Svein Mathiassen
Ivar Mathiassen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Svein Mathiassen, Ivar Mathiassen filed Critical Svein Mathiassen
Priority to AU2003291779A priority Critical patent/AU2003291779A1/en
Publication of WO2004055738A1 publication Critical patent/WO2004055738A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/13Sensors therefor
    • G06V40/1306Sensors therefor non-optical, e.g. ultrasonic or capacitive sensing
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • This invention is in general related to access and input devices for giving access and allowing user input in access limited devices, apparatuses, appliances, systems or networks.
  • the invention is related to a portable and an embedded access or input devices and methods of using these in order to obtain a high level of security.
  • Automated access from a device or terminal to another device or a network / server is subject to authentication of authorized users.
  • Such automated access eliminates manual authentication of the user by human recognition, and has to rely on some form of electronic identification of the user.
  • One way to resolve such electronic identification of the user is to issue a secret password to the user.
  • Another method is to issue a physical token to the user.
  • the system relies on the assumption that the person knowing such password, or alternatively carrying such physical token, has proved his identity, assuming that this has authenticated the authorized user.
  • passwords, or tokens may intentionally be passed away to a third person, or non-intentionally and illegally acquired by such third person.
  • this method is still the dominating method of user identification to networks / servers, etc. because it is practical, but mainly because no better alternative is still commercially available in greater scale .
  • biometrics such as fingerprints. Although biometrics is gaining ground, this happens slowly and is not employed in a greater scale. There are several reasons for this slow growth in biometrics identification for access to networks and servers; a. Biometrics has to gain wide public acceptance.
  • USB Dongles with memory onboard (up to 1 Gb) .
  • Some of these USB Dongle memory devices are even equipped with fingerprint sensors to prevent unauthorized access to the information stored onboard the USB Dongle. While these devices may physically look somewhat ⁇ -like one of the preferred embodiments of the present invention, there is no similarity in their functionality at all.
  • the USB Dongles presently on the market are purely portable storage means, while the present invention focuses on secure communication triggered by an authorized fingerprint on such portable devices.
  • biometrics access control is far more secure, and convenient, than password-based or token-based access control.
  • biometrics access control is far more secure, and convenient, than password-based or token-based access control.
  • the market leaders are hesitant to provide biometrics access methods widely offered to the market, the lack of availability to the general public will continue to restrain the growth of biometrics access control systems .
  • an access-limited apparatus, device, network or system e.g. a computer terminal, an internet bank or a corporate or government intranet comprising a device interface, being electronic or mechanical or both, for coupling the device to the access-limited unit, e.g. a computer terminal port.
  • LAN local area network
  • WAN wide area network
  • It is a further objective of the present invention provide a portable or embedded access device and methods of using such which does not require a transfer of biometrics fingerprint information over otherwise open and insecure parts of communication systems using such devices.
  • It is yet another object of the present invention provide a portable or embedded access device and methods of using such which does not rely on the development on international biometrics standards.
  • Fig. la Shows a network (N) or a system using a fingerprint sensor according to prior art.
  • Fig. lb Shows a network (N) or a system of devices employing a biometrics device according to the invention.
  • Fig. 2a Shows a first realization of an integrated circuit that is an integral part of the invention.
  • Fig. 2b Shows a second realization of an integrated circuit that is an integral part of the invention.
  • Figs. 3a, 3b Shows a portable access device according to the invention in the form of a USB dongle.
  • Figs. 4a, 4b Shows a portable access device according to the invention in the form of a PCMCIA card
  • Figs. 4c Shows a PCMCIA card where the integrated fingerprint sensor is protected underneath a sliding lid, for mechanical protection of the sensor.
  • Fig. 5 Illustrates how an access device according to the invention may be embedded as part of the keyboard or mouse of a computer terminal or laptop computer.
  • Fig. 6 Illustrates how an access control and user input device or apparatus according to the invention may be arranged as a built-in part of a hotel safe.
  • Fig. 7 Illustrates how. an access control and user input device or apparatus according to the invention may be arranged as a built-in part of a medicine cabinet .
  • Fig. 8 Illustrates how an access control and user input device or apparatus according to the invention can be applied in a portable door control unit for the electronic systems in automotive applications.
  • Fig. 9 Illustrates how an access control and user input device or apparatus according to the invention can be embedded in the gear stick or steering wheel of a car.
  • FIG. 1A The traditional biometrics approach, as per current methods, is illustrated in Figure 1A.
  • the User places, or swipes his finger (A) over the access/input device with a fingerprint sensor (B) .
  • the entire image from the sensor (B) is transmitted from the access/input device to the processor (C) (e.g. a PC) where implemented Software Module (s) (D) acquires the sensor signals and processes them to reconstruct a 2-dimensional fingerprint image, and thereafter extracts the particulars of the fingerprint, and finally either perform a matching locally at the PC (C) or transmits the interpreted fingerprint essentials to a server in a network
  • the processor e.g. a PC
  • S Software Module
  • a portable access device for allowing only authorized users access is preferably arranged as shown schematically in Figure IB.
  • a biometrics processor (FI) may be integrated with the sensor (B) , or alternatively mounted as a separate integrated circuit (F2) next to or closely coupled to the sensor (B) , or alternatively be embedded in a PC or its peripherals (F3) .
  • the sensor (B) and the biometrics processor (F; referring to FI, F2, or F3) may work in a stand-alone mode (e.g.
  • the biometrics processor as an integrated circuit is exemplified in Figures 2A and 2B.
  • the advantages of this configuration are multiple.
  • the biometrics processor (F) is directly connected to he sensor (B) the biometrics processor (F) can be tailored to optimize the interaction between the sensor (B) and the biometrics processor (F) .
  • Such tailoring of the biometrics processor (F) to the sensor (B) combined with is direct connection to the sensor (B) , or integration therein, enables inclusion of methods and procedures that severely constrains interception of the signals between the sensor (B) and the biometrics processor
  • biometrics processor can transform the biometrics from the sensor (B) to general communication security measures in a network, such as including Secure Key Generation (SKG) as basis for encryption into the biometrics processor (F) .
  • biometrics sensors (B) may be connected to a network (C and N) in a secure manner according to existing infrastructure, without requiring that the supplier of the network system architecture makes any decision on which biometrics standard will evolve in the future as the winning standard.
  • the biometrics processor (F) becomes a bridge between biometrics sensors (B) and current infrastructure of networks (E) .
  • a biometrics sensor in the form of a fingerprint sensor (5) is coupled with a biometrics processor in the form of an integrated circuit - IC (1) that is the core device of the invention.
  • a biometrics processor in the form of an integrated circuit - IC (1) that is the core device of the invention.
  • Two versions of the IC are shown in Figures 2A and 2B. The details of the ICs will now be explained.
  • the sensor (5) is connected to a fingerprint sensor signal capturing and pre-processing block (5C) via a first interface block (5A) as well as a wake-up circuit (5B) , the function of the latter being to power up all other blocks of the IC (1) .
  • a finger is detected on the sensor (5) surface, the output signals from the sensor (5) will raise beyond a pre-set threshold, triggering the wake-up circuit (5B) to power up the rest of the IC (1) in a pre-set sequence.
  • the first blocks to be powered up are the Image Capture and Pre-processing block (5C) as well as the highspeed bus (3) and the volatile memory (6 or 6C) , all of which are connected to the high-speed bus (3) .
  • the pre-processing block is designed to perform the initial, heavy-duty processing of the captured raw images from the sensor (5) .
  • the intermediate results are stored in the volatile memory
  • the volatile memory (6A or 6C) thus provides working memory that is available to other modules on the IC (1) .
  • the remaining blocks of the IC (1) are powered up in a pre-set sequence, starting with the central processor (2) being a powerful processor, such as ARM 9, or equivalent.
  • the processor unit (2) is also connected to the high-speed bus (3) for allowing communication with the other on-chip components or modules.
  • the pre-processing block (5C) has crunched the captured raw images to an intermediate stage of significantly compressed information, i.e. a dataset of reduced size, denoted intermediate fingerprint data.
  • the intermediate fingerprint data are fed to the central processor (2) for final reduction of the captured fingerprint image to compact fingerprint representations, called minutiae.
  • Such minutiae are distinct points where fingerprint lines (ridges) starts or stops, or locations of bifurcation of the ridges and may be described by at least a vector comprising X and Y coordinates, and direction of the individual minutiae, stored as an alphanumeric string in nonvolatile memory (7, 7A or 7C) .
  • the non- olatile memory (7, 7A or.7E) being coupled to the high-speed bus (3) via a second memory interface block (7B or 7D) , is typically used for storing program code, e.g. administrative software, tailored security output responses, secret information like seed and key number (s) for the encryption, electronic certificates and fingerprint representations in the form of so-called minutiae.
  • These fingerprint representations are compared by the central processor (2) with master fingerprint representations stored in non-volatile memory (7, 7A or 7C) . If a positive match is established, the chip may proceed with generating a secure key (SKG) either processed by a special algorithm on the central processor (2) based on a seed pre-stored in the non-volatile memory (7, 7A or 7C) , or alternatively embedded in hardware block (8A) . If the same SKG algorithm is run on two separate computers (e.g. a server (30) and the central processor (2) on the IC (1)) it will yield the same key, or password, when the identical algorithm on both of the two separate computers is fed with the identical seed.
  • SKG secure key
  • the seed is individual and secret and only known by the system administrator and the user.
  • the SKG algorithm may be constructed to produce a pseudo-random identical key on both computers (2 and 30) that is either valid for a time frame, or alternatively changes for each transaction. This may require that the present key number as well as the past key number is stored in the non-volatile memory (7, 7A or 7C) .
  • Secret information such as seed, key numbers, IP address, etc. may either be scrambled by block
  • the administrative software stored in the non-volatile memory (7, 7A or 7C) and run on the central processor (2) may then combine information to be part of a secure communication between the IC (1) and the network server (30) .
  • the information to be encrypted may comprise User ID, password and other info. Encryption is performed in hardware blocks (8 or 8B or 8C) .
  • the rules of secure communication enforced on the prevailing network (N) are embedded in the administrative software executed on the central processor (2), and may be adapted to include PKI biometrics verification and hand-shake sequences.
  • the encryption blocks (8, 8B or 8C) may also be used to encrypt general information transactions between the IC (1) and the network server (30), if desirable. Access to such extended encryption will be given to the user pending a positive match of his fingerprint with an authorized fingerprint representation by compact minutiae tables, pre-stored in the non-volatile memory (7, 7A or 7C) .
  • the IC (1) also comprises hardware and/or software required to supply output signals to a number of second interface blocks (9A, 9B, 9C or 9D) for transferring data to other devices and networks (N) external to the IC (1) .
  • the IC (1) is adapted to provide data to the external access-limited apparatus, device or system.
  • This second interface block may comprise hardware and software for supporting a USB (9A), Ethernet (9B), GPIO (9C), PCMCIA/UART (9D) and/or SmartCard (7C) interface. Except from the USB and the Ethernet interfaces, the second interface blocks are serviced by a bus (4) with lower bandwidth and capacity than the high-speed bus (3) .
  • the two buses (3 and 4) are connected by a bus bridge (11C) .
  • the hardware blocks that are not dependent on high speed are connected to the slower bus (4) .
  • the hardware blocks of the IC (1) are designed to perform their respective tasks in a minimum of time, and to interact with each other with a minimum of delays and queuing.
  • the central processor (2) executing the administrative software renders a high degree of flexibility in adapting the programming to secure communication with external devices and networks (N) .
  • the IC (1) is designed as a multi-purpose tool that can service a fingerprint sensor (5) in a stand-alone mode, but it can also communicate with external devices and networks (N) by bridging the biometrics from the sensor (5) to a non-biometrics representation into the network (N) and onto its server(s) (30).
  • the IC (1) transforms the fingerprint, under prevailing secure communication rules, to a regular representation by e.g. password and User ID on a server (30) .
  • IC (1) is a portable device to be plugged into a terminal (31) of the network, either as USB dongle, as illustrated in Figure 3A and 3B, or as a PCMCIA card, as illustrated in Figure 4A and 4B.
  • the portable device has an IC (1) being mounted on a small printed circuit board PCB (12B) also carrying a fingerprint sensor (5) .
  • the PCB (12B) is connected to at least one of a USB interface (12C) or a PCMCIA mechanical interface (13B).
  • Electronic surface components to support at least one of the USB mechanical interface (12C) and the PCMCIA mechanical interface (13B) are mounted on the PCB (12B).
  • An SDRAM chip (6) typically at least with 4 MB capacity, is also mounted on the same PCB
  • non-volatile serial Flash chip (7) typically with at least 256 Kbytes capacity, is also mounted on the same PCB (12B) .
  • a non-volatile serial Flash chip (7) typically with at least 256 Kbytes capacity, is also mounted on the same PCB (12B) .
  • all preceding components and chips are protected inside a housing (12A or 13C) .
  • the portable device has a housing designed with a recess thus enabling a finger (A) to be placed on, or swiped over the sensor (5) .
  • the sensor With the sensor arranged in the bottom of the recess, it will be have some protection, while still being conveniently accessible by the finger (A) .
  • the portable device is designed with a housing which is equipped with a sliding lid (13D) enabling a finger (A) to be placed on, or swiped over the sensor (5) being protected under said sliding lid, but still conveniently accessible by the finger (A) .
  • the sliding lid (13D) may be forced into closed position by a spring, thus fully covering the sensor (5) when the sliding lid is not pushed aside by a finger (A) when a fingerprint image is to be captured.
  • a finger guide structure (13E) is placed adjacent to the sliding lid (13D) when the sliding lid (13E) is in closed position, fully covering the sensor (5) .
  • the purpose of the finger guide (13E) is to intuitively guide the finger (A) in correct position to open the sliding lid (13D) and thereby swipe the finger (A) correctly over the sensor (5) if the sensor (5) is of the swipe type.
  • the UART interface (9D) on the IC (1) typically supports the PCMCIA port (13B) .
  • the portable device is equipped with non-volatile memory (7) that is expanded with extra capacity beyond the 256 Kbytes minimum capacity to provide extra storage capacity for data, thereby enabling the device to operate as a general portable data storage.
  • the IC (1) can be equipped with a USB mass storage class controller with at least one control endpoint and 2 bulk endpoints (in/out) in order to provide access to data onboard the portable device, only accessible upon positive match of the captured fingerprint image with one of the fingerprint representations of authorized users stored onboard the portable device.
  • the network administrator will organize issue of the portable devices (12 or 13) to the authorized users in a personalization process for the chip/IC (1) wherein data is pre-stored into the chip/IC (1) . This involves loading the
  • IP address of a targeted Intranet server the selected encryption algorithm, and other data characterizing the
  • Intranet onto the portable device (12 or 13) .
  • This information is either scrambled by block (8) for storage on external non-volatile Flash memory (7), or alternatively stored securely in embedded non-volatile SmartCard memory (7A) or on an external non-volatile SmartCard memory (7E) .
  • the network administrator, or persons he has delegated authority to, will then enroll the user who will be the "owner" of the portable device (12 or 13) .
  • Such delegation may be performed by the administrator enrolling new sub- administrators on the server, with privilege to enroll new users.
  • the administrator When the administrator has enrolled a sub- administrator, including capturing one or more of the sub- administrator's fingerprints, the administrator must counter-sign with his own pre-approved fingerprint, before the sub-administrator privilege to enroll new users is authorized by the software on the server (30) .
  • a delegation hierarchy is maintained, enabling tracking of administrator and sub-administrator authorizations, to check for non-intended use of the administrator rights, to detect any unfaithful servants in the hierarchy.
  • Enrolment of a new user by the administrator or a sub- administrator, will be performed on a terminal connected to the server (30) .
  • the administrator (or a sub-administrator) will perform the enrolment procedure of a new user, including capturing one or more fingerprints of the new user, and issuing a seed for the SKG algorithm to such new user.
  • the administrator, or sub-administrator will complete this procedure by counter-signing with his fingerprint. If the counter-signature fingerprint matches that of an authorized administrator, or sub-administrator, the enrolment procedure is deemed valid, and the personalized data downloaded to the portable device (12 or 13) connected to the terminal. If the counter-signature is not authenticated, the enrolment is deemed to be non-valid, and will be aborted.
  • the user has, by the above enrolment and issuance of a portable device (12 or 13) , become authorized to access the Intranet network (N) , or parts thereof.
  • N Intranet network
  • the definition of which parts of the network the user has authorized access to, or which directories on the server (30) will be defined in the User Profile, stored on the server (30).
  • the user may by means of such portable device securely access the server (30) of the network (N) from a terminal (31) in the network (N) , or from any terminal connected to the server (30) in the network N, by Internet, either by landlines or by wireless connections.
  • Such access will now be described by example of the USB Dongle as illustrated in Figures 3A and 3B containing an IC (1) as shown in figures 2A and 2B.
  • This example involves a user traveling, wanting to connect to the Intranet server (30) of the network (N) from an Internet cafe or a Business Center at a hotel.
  • the user will insert the portable device (12 or 13) into the USB port (or alternatively into the PCMCIA slot of the terminal, if the portable device is a PCMCIA card) .
  • the USB
  • Dongle (12) may have an extension cord for the USB connection, in case the USB port is awkwardly positioned on the back of the terminal (31) .
  • the user swipes his finger over the fingerprint sensor (5) of the USB
  • the triggering signal from the sensor (5) to the wake-up block (5B) will cause the wake-up circuitry (5B) to power up the pre-processing block (5C) , the high-speed bus (3) and the volatile working memory ( 6A or 6C) .
  • the preprocessing block (5C) will immediately start capturing the fingerprint image from the sensor (5) via a first interface block (5A) , while the wake-up circuitry (5B) is powering up the remaining blocks of the IC (1) , starting with the central processor (2) .
  • the pre-processing block (5C) will crunch the raw data, i.e. the captured fingerprint images, using hardware- embedded algorithms optimized for the laborious initial high-speed processing of the fingerprint data, thus reducing them to an intermediate form, to be stored in the working volatile memory ( 6A or 6C) .
  • the pre- processing block (5C) designed to perform this number- crunching at a maximum speed in dedicated hardware block (5C) the reduced data are gradually transferred from the working volatile memory (5C) to the central processor (2) via the high-speed bus (3) .
  • the central processor (2) will further reduce the fingerprint data to a compact form by so-called minutiae, where significant details of the fingerprint are transformed into an alphanumeric string comprising at least X and Y coordinates of each minutiae, plus its direction.
  • This compact fingerprint representation by minutiae may be expanded with other features deemed necessary.
  • the central processor (2) When the central processor (2) has completed the reduction of the captured fingerprint image to compact minutia form, it will transfer this access minutiae table via the high-speed bus (3) for temporary storage in the working volatile memory ( 6A or 6C) .
  • the central processor (2) will retrieve the compact fingerprint minutia information from a master minutiae table, created during the enrolment of the authorized user(s), stored in non-volatile memory (7, 7A or 7C) , and compare it with the access minutiae table temporarily stored in working volatile memory (6A or 6C) .
  • the matching algorithm being a subset of the administrative software, will position the minutiae points of the access attempt minutiae table over the minutiae points of the master minutiae table, and translate and rotate the upper until a best fit is established.
  • Such best fit is deemed by allocating a predefined tolerance area around each of the master minutiae points, and checking if the position of the access attempt minutiae points are falling within the boundaries of the tolerance area. Thereby a comparison of the extracted features representing the captured fingerprint with features of the pre-stored master fingerprint representations is obtained.
  • the number of minutiae points matching between the access attempt minutiae table and the master minutiae table, required to validate an authenticated user is preset in a sub-set of the administrative software by the system administrator.
  • the minimum number of coinciding minutiae points required to declare a positive match may be varied by the system administrator according to the sensitivity of the contents of the directory which the user is seeking access to.
  • the concept of a binary match or non-match may be expanded with a quality feature, where an absolute match, whereby the access attempt minutiae point is exactly coinciding with the corresponding master minutiae table, gives the highest quality score.
  • the quality score of each matching minutiae pair may then be decreased gradually until the location of the access attempt minutiae falls towards the boundary of the tolerance area around the master minutiae point. If the matching is positive, the connection process will automatically continue. If the result of the matching is negative, then the connection process is aborted at this stage.
  • the next step of the connection procedure comprises the device (USB Dongle or PCMCIA card) (12 or 13) automatically loading a Java applet from its non-volatile memory (7, 7A or 7E) onto the terminal (31) via the USB port (9A) in the case of the device being a USB Dongle, or via the UART port (9D) in the case the device is a PCMCIA board.
  • This Java applet contains the IP address of the server (30) that the user is seeking authorized access to.
  • the administrative software When the central processor (2) has established a positive match between the access attempt minutiae and the resident master minutiae, the administrative software [stored in the non-volatile memory (7, 7A or 7E) ] will calculate a secure key.
  • the secure key will either be calculated by an algorithm executed on the central processor (2) (in case of figure 2A) , or alternatively by a dedicated hardware block (8A) in case of figure 2B) .
  • the general algorithm will generate the secure key, and the particular key or password will be generated as a result of the seed being inputted to the algorithm.
  • This seed will either be scrambled and stored in scrambled format in non-volatile memory (7) in the alternative of figure 2a, or be securely stored in a SmartCard environment (7A) in case of the alternative IC architecture outlined in figure 2b.
  • the secure key will be input to the encryption block (8, 8B or 8C) for encryption of a message / communication.
  • the message will comprise the following elements;
  • This message/communication is encrypted to form a secure output in a predefined format and sequence (e.g. hand- shake procedures) and transferred to an external unit, network or system through one of the communication interfaces .
  • an output signal from the IC/chip (1) including target IP address and encrypted communication is generated.
  • the receiving server (30) When this information is received by e.g. the target server (30) of the network (N) the receiving server (30) will look up the non-encrypted serial number, or IP address of the device (12 or 13) in the privilege subset of the data repository on the server (30) .
  • the server (30) will retrieve the particular seed issued to this user, during enrolment. This seed is then inputted secure key generation algorithm SKG on the server (30) , together with the open
  • the server will step up the key number to match that of the device (12 or 13) , and generate the corresponding key from the SKG algorithm with the seed stored by the serial number of the device, as input to the decryption process.
  • the server will return its current key number to the device (12 or 13) implicating that the device steps up its key number correspondingly.
  • this decryption fails (an erroneous password emerging), the server (30) will assume that the received communication attempt is false, and the server will abort further steps in the communication procedure.
  • a subset of the administrative software which tailors the output secure response to the target network or intranet (N) to a pre-defined format and sequence including handshake sequences, could be pre-loaded into the non-volatile memory (7A, 7E, or 7) .
  • this pre-loaded subset of administrative software is able to combine one or more of the following steps : - generating a secure key or password (8 or 8A) , applying any of the encryption methods at hand and embedded in the hardware blocks, such as DES, ECB, CBC, TDES (8 or 8B) or any proprietary encryption algorithm also embedded in hardware (8C) , - tailoring handshake sequences according to the rules of secure communication of the device, network or system (N) .
  • the pre-loaded subset of the administrative software is preferably also adapted to perform sequencing of the operation of the respective functionality blocks of the chip/IC (1) in order to produce secured output data which is suitable for transmission in the targeted network (C) and for processing by receiving units connected to the network (C) .
  • the output from the IC (1) could be blocked (non- authorized access state) if the matching of the captured fingerprint is negative relative to any of the authorized fingerprint representations stored in the non-volatile memory (7A, 7E or 7) .
  • the output from the IC (1) can be opened (authorized access state) if the above-mentioned matching is positive.
  • a local fingerprint authentication at the device (12 or 13) will be transformed to a password and optionally hand-shake procedure as per the secure communication procedure of the prevailing network (30) without having to include a biometrics representation on the server (30) .
  • the system provider of the network (N) does not have to choose any of the emerging biometrics standards, with the embedded risk of choosing a non-winning biometrics standard.
  • the system administrator will have the security of biometrics, through devices (12 or 13) when authenticating authorized users.
  • an access device with the sensor (5) and the IC (1) is embedded in peripheral hardware of the terminal (31) , such as e.g. embedding the sensor (5) and the IC (1) into a PC mouse or a PC keyboard or onto the chassis of a laptop PC.
  • the access device for embedding may have all or many of the technical features of the portable device described above, however, some aspects of this application will be explained in more detail by reference to figure 5.
  • the embedded system (15) comprises the fingerprint sensor
  • the PCB (15A) also contains a connector (15C) for connecting the embedded device (15) into the peripherals of a terminal (31) or the computer of a stand-alone device.
  • the biometrics device (15) may be embedded in a mouse (41), or the keyboard (42) of the terminal (31), or in the chassis of a laptop PC (40) .
  • This method of using the embedded access device will follow the same procedure as described above for the portable device, possibly with an alternative enrolment method termed "remote enrolment" and described below. Note that this remote enrolment alternative may as well apply to portable devices (12 or 13) as to embedded applications. This enrolment alternative implies that the system administrator does not personally oversee who is enrolling his fingerprint at the sensor (5) .
  • the system administrator or his delegates, will issue a seed to the potential user, e.g. by classified mail.
  • the mailed parcel may in addition to the seed also include a CD-ROM with the personalization data for the biometrics device (15) , in case of the embedded alternative.
  • the mail parcel may include the device fully personalized, so that the first user only has to enroll his finger (s) .
  • the new user may connect via the network (N) to the system administrator, to perform the remote enrolment procedure in online mode.
  • This will involve a special transmission where the personalization data for the embedded device (15) are transmitted over the network in a special session.
  • the first person enrolling his fingerprint is assumed to have the proper identity, and will become the "owner" of the device.
  • the embedded device will thereby comprise a multi-service chip in which each proprietary memory sector is non-accessible to other service providers or network system administrators.
  • Yet another aspect of the invention is related to stand- alone applications, or applications within a local network e.g. within a car. Examples of such applications are; Hotel safes,
  • the method of secured access control and user input in stand-alone applications according to this aspect of the invention will typically comprise many or all of the steps as described above for the embedded or portable access device, however, limited to operations being performed in the standalone application per se.
  • the operating and control software of the stand-alone appliance is pre-loaded into the non-volatile memory block (7 or 7A or 7E) of the integrated circuit IC
  • the central processor block (2) of the IC (1) executes the said operating and control software of the stand-alone appliance.
  • the method of secured access control and user input in stand-alone appliances having an embedded access control or user input device according to the invention typically comprises steps similar to the ones outlined above for the portable access device.
  • Hotel safes involve frequent enrolment of new guests for a limited time (e.g. a single night stay). Further there may be multiple users (e.g. a family) requiring access to the safe.
  • An important feature is that when leaving the safe door open for a period (say 5 minutes) all resident master fingerprint minutiae tables shall be automatically erased, so that the memory is clean when the next guest (s) checks into the room. Another factor is the ability to trace non- authorized access attempts, e.g. by unfaithful servants.
  • the hotel safe stand-alone application will be explained with reference to Figure 6.
  • the hotel safe (50) of this example is not connected to any network, and has only a power supply from the mains (not shown) .
  • the safe is equipped with a hinged door (51) with locking bolts (52) .
  • a cover (53) accommodating the user interfaces comprising a fingerprint sensor (5) and a socket for connection of a service unit (not shown) .
  • the service unit may be a PDA that may be used to re-set the settings of the safe's administrative software, downloading event tables, and download fingerprints from unsuccessful opening attempts.
  • the fingerprint sensor (5) is connected by a cable (15B) to the printed circuit board PCB (15) .
  • the PCB The PCB
  • the two printed circuit boards (15 and 54) are mounted on the inside of the hinged door (51) on the "safe side", while the sensor (5) is mounted on the outside, in the cover (53) .
  • the safe will be operated as follows, with reference to Figure 6, and Figures 2A and 2B.
  • a guest checks out of the hotel room he will leave the safe door (51) open.
  • the safe door (51) has been left open, for a pre-set time stored in the administrative software of the IC (1) , all master minutiae fingerprint representations stored in the non-volatile memory (7) will automatically be deleted, leaving the safe memory in a "clean" state for the next guest.
  • the next guest (s) checks into the room the guest will find the safe (50) with the door (53) open, waiting for the next "owner” to enroll his fingerprint. The guest will now enroll his fingerprint by the sensor (5) .
  • the fingerprint will be processed by the preprocessor block (5C) and the central processor (2) until stored in compact format as a minutiae table in non-volatile memory (7, 7A or 7C) using the volatile memory (6 or 6C) as working memory.
  • Such processing of the fingerprint to compact minutiae representation shall take less than 1,0 seconds.
  • a beeper (not shown) in the front cover (53) will beep for a pre-set period of say 10,0 seconds.
  • a next fingerprint may be captured, processed and stored by the IC (1) .
  • This may be a second finger of the guest, or fingers of his family. This process may be repeated until the say 10 seconds time frame of beeping since the last fingerprint was enrolled elapses without a new fingerprint has been enrolled.
  • a number of master fingerprint compact representations, in the form of minutiae may be stored in the non-volatile memory (7, 7A or 7C) .
  • the safe door (51) may now be closed. However, at such door closure the locking bolt(s) (52) will not close until one of the enrolled users countersign with his fingerprint on the sensor (5) , and this counter-signature fingerprint is found by the IC (1) to match with one of the enrolled master prints stored in the memory. This will prevent the safe from being erroneously locked by non- enrolled persons.
  • the safe door (52) When the safe door (52) is shut and locked, it is waiting for an authorized fingerprint to open the safe. Any non-authorized fingerprints attempting to open the safe may be recorded, for subsequent downloading to the service unit (not shown) . This will have preventative effects on any unfaithful servants trying to tamper with the safes, to get illegal access.
  • the central processor (2) When a fingerprint image from the sensor (5) is captured and processed by the IC (1) , the central processor (2) will perform a matching analysis of the access attempt minutiae with the authorized master minutiae templates stored in the non-volatile memory (7, 7A or 7C) . In case of a positive match, the administrative software of the safe control PCB (54) will retract locking bolts (52) and the hinged door (51) will spring open.
  • the safe control PCB (54) may be eliminated, by all administrative software of the safe control PCB (54) to be transferred to the IC (1) as this has ample capacity, as fingerprint processing will only be carried out a fraction of the time.
  • the final stage of the operating procedure of the hotel safe (50) is that the user leaves the safe door (51) open when he checks out of the room, automatically causing all master prints to be erased from the non-volatile memory (7, 7A or 7C) .
  • Personal safes e.g. for student dormitories
  • the cover (53) on the front door (51) may be furnished with a keyboard, or at least some function buttons, enabling the user to send commands to the IC (1) such as e.g. "erase master fingerprints".
  • commands may be communicated from the user to the IC (1) by fingerprint commands, utilizing the navigation mode of the IC (1) .
  • fingerprint commands utilizing the navigation mode of the IC (1) .
  • the user has to counter-sign with his fingerprint to authenticate the command. This will prevent any non- authorized persons to enter commands into the IC (1) .
  • biometrics medicine cabinet will have a different set-up than the above safe versions.
  • the main purpose of a biometrics medicine cabinet is to prevent theft of narcotics and prescription drugs. Considering consequences from any emergency situations, the main purpose of the biometrics medicine cabinet is not to block access to the cabinet, but to log all accesses for subsequent review if inventory discrepancies are discovered at say each change of shifts. Further, this requires that the biometrics medicine cabinet fails to open mode, in case of a power cut, etc. Accordingly, the principles of the invention will be the same, but the flexibility of the invention will be utilized to accommodate these user interface principles.
  • the functioning of the biometrics medicine cabinet will be made by reference to figure 7, and figures 2a and 2b.
  • the biometrics medicine cabinet will be made in two versions; a networked cabinet for clinics and hospitals, and a stand-alone version e.g. for private homes.
  • the networked version will have an external terminal (42) for administration and printing of access logs, while the standalone cabinet version will have a front cover (62) only.
  • the description will first be made for the networked cabinet, and thereafter for the stand-alone cabinet.
  • the biometrics medicine cabinet (60) has a hinged front door (61) containing a locking mechanism (65) and a front cover with a user interface (62) comprising a keyboard, a slot for the finger including a fingerprint sensor (5) plus 3 LEDs (Light Emitting Diodes; green, yellow and red) .
  • the user interface (62) and the locking mechanism (65) are connected to a printed circuit board PCB (15) (refer figure 6) .
  • the PCB printed circuit board
  • the locking mechanism (65) is arranged for fail-to-open, in case of complete loss of power supply, including the rechargeable battery (64B).
  • the handle shaft protrudes the hinged door (61) supported by a bearing inside the front plate.
  • a cylinder with internal splines terminates the handle shaft.
  • the inner locking mechanism has a corresponding cylinder with internal splines. This cylinder is attached to a lever pushing or retrieving the locking bolts.
  • the said lever is attached to a spring assisting in keeping the locking bolts in closed position, requiring the handle to be pushed down to open the medicine cabinet.
  • the outer and the inner cylinders may be connected with a locking pin, with external splines, operated by a solenoid controlled from the PCB (15) .
  • this locking pin will connect the two cylinders (with internal splines) enabling the safe to be opened by the handle.
  • the solenoid When the system is active (power on) the solenoid will be controlled from the PCB so that the locking pin extends, and thereby connect the two cylinders, only when there is a positive fingerprint match enabling the door to be opened by the handle.
  • the administrator will automatically be given full privileges.
  • the system will come up in a training mode, enabling the person to be enrolled to practice on swiping his fingerprint, until a minimum number of consecutive attempts (e.g. minimum 3) are of sufficient quality to grant access.
  • Fingerprint capture will be done by the sensor (5) mounted in the user interface front cover (62), or alternatively by a portable biometrics device (12 or 13) attached to the terminal (42) or by an embedded biometrics device (15) integrated in one of the terminal's (42) peripherals (40, 41 or 42) .
  • the registration itself is explained with reference to figures 2a and 2b, representing the IC (1) being mounted on the PCB (15) in the front door (or embedded in the terminal's peripherals).
  • the first fingerprint of the system administrator is captured by the sensor (5) waking up the IC (1) by a triggering signal to the wake-up circuit (5B) .
  • the pre-processor will capture the fingerprint image, and perform the initial heavy-duty processing, reducing the fingerprint image to a compressed intermediate format, using the volatile memory (6A or 6C) as working memory via the high-speed bus (3) . These intermediate data are then fed to the central processor (2) reducing the fingerprint to compact representation by minutiae.
  • the administrative software will be set up to require a minimum of say 3 minutiae fingerprint representations of acceptable quality. If any of these fingerprint captures are of inferior quality, the administrative software will reject the attempt. When sufficient (say three) minutiae tables of the system administrator has been captured with accepted quality, these will be stored in non-volatile memory (7, 7A or 7C) as the system administrator's master minutiae table.
  • the system administrator When the next user is to be enrolled, the system administrator will have to open this procedure by authenticating himself by his fingerprint. When such access by the system administrator is authenticated by a positive match versus the master minutiae tables of the system administrator stored in the non-volatile memory (7, 7A or 7C) , the next user can be enrolled. Such enrolment is performed as described above, by a training session followed by enrolment of a minimum (say three) fingerprint minutiae (per finger) of acceptable quality. The system administrator then enters the user name and user ID of the user, and finally assigns the user's access privileges (if any restrictions) . Temporary staff can be enrolled for a given calendar period.
  • the system administrator must countersign with his own fingerprint, to be authenticated versus the stored master minutiae of the system administrator.
  • the enrolment of the new user will only be completed, and accepted, upon such authenticated counter-signature.
  • Other users may be enrolled in the same way, at any time.
  • the system administrator may delegate enrolment authority by entering such authorization as a special privilege in the database.
  • the access tables will be stored both in the nonvolatile memory (7, 7A or 7C) of the IC (1) embedded in the user interface cover (62) mounted on the front of the door (61) of the cabinet (60), as well as being backed up in the non-volatile memory of the terminal (42) or any server (30) which the system is connected to.
  • Actual access control will be performed locally on the IC (1) of the medicine cabinet (60) while transactions will be copied to the back-up data storage of the terminal (42) or the server (30) . Thereby the medicine cabinet (60) can be accessed even if the terminal (42) or the server (30) of the network (N) is down.
  • Any authorized user may enter the biometrics medicine cabinet by punching a user ID onto the keyboard of the user interface cover at the front of the hinged door, followed by a fingerprint image capturing on the sensor (5) of the user interface cover (62) . Punching the user ID will trigger the wake-up circuitry (5B) powering up the complete IC (1) .
  • the user ID When the user ID has been punched in on the keyboard of the user interface cover (62) the user will submit his fingerprint on the sensor (5) mounted in the user interface cover (62) .
  • the IC (1) will process the fingerprint image captured from the sensor (5) to compact access minutiae fingerprint representation locally in the IC (1) .
  • the administrative software on the IC (1) looks up the user ID punched in on the local keyboard of the user interface cover (62) and then compares the access minutiae table with the master minutiae table stored together with the user ID on the non-volatile memory (7, 7A or 7C) of the IC (1) during enrolment. If the minutiae matching by the central processor (2) confirms that the person seeking access is the authentic owner of the user ID, then the administrative software of the IC (1) will power up the solenoid of the locking mechanism (65) thereby extending the locking pin with external splines to connect the two cylinders with internal splines of the locking mechanism (65) . This connection by the locking pin will enable the medicine cabinet to be opened by pushing down the handle of the locking mechanism.
  • the administrative software of the IC (1) will keep the locking pin of the locking mechanism (65) engaged for a pre-set time (e.g. 30 seconds) while one of the LEDs (light-emitting diodes) of the user interface cover (62) is flashing.
  • the event is logged in the non-volatile memory (7, 7A or 7C) of the IC (1), and copied to the database of the terminal (42) and optionally to a server (30) of a network (N) .
  • the locking pin of the locking mechanism (65) will not extend into the splines of the outer cylinder. Such failure to connect will disengage the handle, so that the handle is isolated and the cabinet can not be opened.
  • An option, to guarantee access, may be to open the medicine cabinet even if the fingerprint does not match, but then to record the fingerprint image and store it for later check. The opening procedure will be initiated the same way as above. The user enters his user ID on the keyboard of the user interface cover (62) . If the user ID does not match any of the pre-stored authenticated users, the process is aborted and the red LED will flash.
  • the above procedure ensures that the biometrics medicine cabinet can be accessed even in case of an emergency, but the identity of the person seeking access is either authenticated by a matching fingerprint minutiae, or the complete fingerprint image is stored for subsequent identity search.
  • the above method of looking up the user ID and then checking the authenticity of the owner by his fingerprint enables a so-called "one-to-one" match. Thereby the number of users does not dilute the security of the system. The system will thereby provide maximum security, even for large user groups e.g. within a hospital.
  • the fingerprint will be reduced to compact minutiae form locally on the IC (1) of the PCB (15) in the door of the medicine cabinet, then encrypted by IC (1) before being transferred to a server (30) for authentication in the server data base.
  • the main difference between the networked version of the medicine cabinet (e.g. for hospitals and clinics, as described above) and the stand-alone version (e.g. for private homes) is that the terminal (42) and any network connection (N) to a server (30) will not be included.
  • the differentiation between the two versions is simply a setting in the configuration of the administrative software on the IC
  • the first person to enroll the stand-alone version will be the system administrator ("owner") of the stand-alone version, given full access privileges.
  • the administrator may use the keys of the keyboard of the user interface cover (62) to enroll new users, or delete the previous users completely (except the system administrator) . Enrolment of new users will require authenticated matching of the counter-signature by the system administrator to be valid.
  • the door control (central locking system) is outlined in figure 8.
  • the door control being a portable device (20), comprises an external housing (20) which contains a fingerprint sensor (5) coupled to a miniature printed circuit board (21) on which is mounted the IC (1) .
  • the remote control (20) further comprises a battery (25) for power supply retained in the housing (20) by a removable lid (26) .
  • the battery (25) is connected to the PCB (21) by wires.
  • the remote control is also equipped with a wireless 2-way transceiver (27) , and all the active components are connected to the IC (1) by cables (23) via the PCB (21) .
  • This remote control for the car doors can be made very compact, where the size of the housing (20) is determined by the size of the battery (25) . Thereby the physical size of the housing may be compressed to the size of a key-ring holder.
  • the portable remote door control (20) and the embedded ignition control (15) are both connected to a central computer in the car.
  • the connection of the portable remote door control (20) is by 2-way wireless transceiver (27), while hard wires to the central computer (not shown) of the car connect the embedded ignition control (15) .
  • Operation of the biometrics system for operation in cars will be explained by reference to figures 8, 9, 6 and 2a. The protected mode of the system will not be activated until the car is sold from the dealer.
  • the dealer will at this stage enter an encrypted command into the system through wireless transmission to the portable door control unit (20) , which in turn will transmit the command wirelessly to the embedded ignition device (15) via the door locks and the central computer of the car. - The dealer will access the database on the terminal (42) protected by fingerprint authentication.
  • the database at the terminal (42) will download the particulars of the car to be sold, including its serial number (e.g. the chassis number) from a server (30) in a network (N) . These downloaded particulars will include the unique seed for the secure key generation SKG algorithm, resident in each of the IC (1) of the portable door control (20) and the embedded ignition control (15) as well as on the terminal (42) .
  • the terminal (42) will encrypt a communication message to the portable door control (20) based on the particular seed of the prevailing car, generating a unique password.
  • the encrypted message will be wirelessly transmitted from the terminal (30) to the portable door control (20) by two-way wireless transmission, inviting to a handshake communication procedure.
  • the IC (1) of the portable door control (20) will receive the encrypted message and initiate decryption by fetching the seed from the non-volatile memory (7A) .
  • This seed will be fed into the secure key generating block SKG (8A) to generate a temporary password.
  • the password is passed on to the encryption block (8B or 8C) along with the encrypted message from the terminal (42).
  • the communication procedure will be terminated by the IC (1) of the portable door control (20) .
  • the encryption is successful the communication procedure will be completed, involving e.g. handshake sequences, until the portable door control (20) is satisfied that the message from the terminal (42) is genuine, and authorized.
  • the IC (1) of the portable door control (20) will be set in protected mode, waiting for the first user to be enrolled to be the system administrator of the biometrics system in the car.
  • the purchaser of the car (the car "owner") may then train in fingerprint capturing by a training module on the terminal (42) .
  • the car owner will enroll one or more of his fingers on the portable door control unit (20) .
  • These master minutiae tables will be stored in the non-volatile memory (7A) of the IC (1) .
  • This first person to enroll his fingerprint on the portable door control (20) becomes the "owner" of the car, in the sense that he becomes the system administrator.
  • he will countersign by his fingerprint to authorize and initiate encryption of his master minutiae table (s) from the IC (1) on the portable door control (20) via the door locks and the central car computer (not shown) to the IC (1) of the embedded ignition control (15) of the car.
  • Such transfer of authorized master minutiae will start with retrieving the unique seed of the car from non- volatile memory (7A) of the IC (1) of the portable door control (20) .
  • the seed will be fed to the secure key generation SKG block (8A) of the IC (1) to generate a valid password.
  • This password will then be fed to the encryption block (8B or 8C) of the IC (1) at the portable door control (20) , initiating encryption of the master minutiae tables of the "owner's" finger (s).
  • the encrypted message will be transmitted wirelessly from the portable door control (20) by means of two-way wireless transceiver (27) via the door locks to the central computer of the car. Note that such enrolment is the only event when encrypted minutiae tables are transmitted from the portable door unit (20) . At normal opening of the door matching minutiae will only be used to authorize encryption and transmission of straight commands, such as "open door” or "lock door".
  • the central computer of the car If the central computer of the car is capable of successfully decrypting the message from the portable door control (20) it will forward the encrypted message to the embedded ignition control (15) . Failure by the central computer of the car to decrypt the message (e.g. by non-matching temporary pseudo-random password) will terminate the communication procedure.
  • the unique seed of the car will be fetched from the non-volatile memory (7A) of the IC (1) of the embedded ignition control (15). - The seed will be inputted to the secure key generation SKG block (8A) to generate a pseudo-random temporary password.
  • the pseudo-random temporary password will be fed to the encryption block (8B or 8C) of the IC (1) to start decryption of the encrypted message.
  • His finger on the sensor will trigger a signal from the sensor (5) to the wake-up circuit (5B) of the IC (1) , powering up the IC (1) in a pre-set sequence.
  • the pre-processing block (5C) will reduce the captured fingerprint image to a reduced intermediate format, feeding it via volatile working memory (6B or 6C) and the high-speed bus (3) to the processor (2) .
  • the processor (2) will reduce the captured and pre- processed fingerprint image to compact master minutiae format.
  • the processor (2) will then compare this access minutiae table with the master minutiae table (s) pre-stored at time of enrolment in non-volatile memory (7A) .
  • the processor (2) Provided the processor (2) established a match between the access attempt and one of the resident master minutiae tables, the processor will proceed to open (or lock) the car doors;
  • the processor (2) will fetch the seed from the nonvolatile memory (7A) and feed it to the SKG block (8A) .
  • the SKG block will generate a valid, and temporary, password that will be input to the encryption block (8B or 8C) .
  • the processor will issue the "open door” command to the encryption block (8B or 8C) that in turn will encrypt it based on the valid, and temporary password from the SKG block (8A) .
  • the encrypted "open door” command will then be wirelessly transmitted by the transceiver (27) from the portable door control (20) to the embedded ignition control (15) via the transceivers of the door locks and the central car computer.
  • the encrypted message will be decrypted by the embedded ignition control (15) by its processor (2) on its resident IC (1) fetching the seed from the non-volatile memory (7A) .
  • the seed will be entered into the SKG block (8A) to generate the identical, and temporary password fed on to the encryption block (8B or 8C) . If the decrypted message confirms a valid and authenticated "open door” command, a similar encrypted command will be relayed to the door locks by the car computer.
  • the decryption and authentication algorithms may be performed on the central car computer instead of on the embedded ignition control.
  • an authenticated fingerprint triggers the portable door control (20) and the embedded ignition control (15) to generate encrypted communication procedures, involving handshake procedures, fully compatible with the communication procedures of the central computer of the car, and the door locks.
  • the benefit of the invention is that no fingerprints have to be transmitted between the car system security components (except for enrolment) , but triggers the prevailing, secure communication protocols.
  • Another benefit from this application of the invention is that the security of the complete system resides in the fingerprints of the car owner (or other users he may have enrolled), and not in some tokens, such as e.g. electronic keys with complex key generation algorithms. If such an electronic key is lost, considerable logistics are involved in issuing a new electronic key. The involved logistics make such a key replacement both very expensive, and time- consuming. The latter may cause considerable grievances to the car owner.
  • a fingerprint-based portable door control device (20) may be stored on the shelf by the dealer, and immediately issued to the car owner. These replacement keys have not been personalized to any particular car as no seed has been downloaded. Such personalization is being initiated by a "replacement" version of the car mode control software residing on the dealer's terminal (42) .
  • the car owner's fingerprint (s) is enrolled on the replacement portable door control (20) . They may be authenticated versus pre-stored master minutiae tables in the dealer's database. When the car owner's identity is satisfactorily established, the proprietary seed of the car is downloaded from the dealer's database to the replacement portable door control (20) now being fully compatible with the embedded systems residing in the car.
  • the portable or embedded device could be equipped with means for the input of code or commands. This is achieved by defining a fingerprint storage segment in non-volatile memory (7, 7A or 7E) where the device may store a series of consecutive fingerprint representations generated by the fingerprint sensor signal capturing and preprocessing block (5C) .
  • Movement analyzing means in the form of a hardware or a software movement analyzing program module analyzes the obtained series of fingerprint representations to obtain a measure of the omni-directional finger movements across the sensor in two dimensions.
  • Translation means in the form of a hardware or a software translation program module analyzes and categorizes the omni-directional finger movements across the fingerprint sensor according to predefined sets of finger movement sequences including directional and touch/no-touch finger movement sequences.
  • a command table is used to translate the categorized finger movements into control signals whereby the translating means generates control signal for controlling the device, e.g. the stand-alone appliance, in response to the finger movements on the sensor.

Abstract

La présente invention concerne un dispositif d'accès portable ou inclus conçu pour se coupler en ne donnant qu'à des utilisateurs autorisés accès à un appareil, dispositif, réseau ou système à accès limité, par exemple un terminal d'ordinateur, une banque Internet ou un Intranet d'entreprise ou d'administration publique. Le dispositif d'accès comprend un circuit intégré (1) procurant une sécurité accrue par l'établissement d'une passerelle avec la fonction de lecture d'empreinte digitale d'un utilisateur, et, après authentification positive de celle-ci, l'établissement d'une communication sécurisée avec l'appareil, le dispositif, le réseau ou le système d'accès limité considéré. L'invention concerne également un procédé d'utilisation du dispositif portable et du dispositif inclus pour l'établissement d'une passerelle depuis les données biométriques fournies à un ordinateur, aboutissant à des réactions en protocole de communication sécurisé pour un réseau hors biométrie. L'invention concerne aussi un dispositif inclus de contrôle d'accès et d'entrée utilisateur ou un appareil devant s'intégrer à des équipements autonomes nécessitant une certaine forme de contrôle d'accès tels que les coffres d'hôtel, les cabinets médicaux ou analogues, et pour fournir une sécurité accrue. L'invention concerne enfin un procédé permettant l'établissement de contrôles d'accès sécurisé et d'entrée utilisateur dans des équipements autonomes disposant d'un contrôle d'accès intégré ou d'un dispositif d'entrée utilisateur selon l'invention.
PCT/NO2003/000421 2002-12-18 2003-12-17 Dispositifs pour acces et entrees combines WO2004055738A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003291779A AU2003291779A1 (en) 2002-12-18 2003-12-17 Devices for combined access and input

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO20026097A NO318168B1 (no) 2002-12-18 2002-12-18 Anordning for kombinert adgang og input
NO20026097 2002-12-18

Publications (1)

Publication Number Publication Date
WO2004055738A1 true WO2004055738A1 (fr) 2004-07-01

Family

ID=19914307

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2003/000421 WO2004055738A1 (fr) 2002-12-18 2003-12-17 Dispositifs pour acces et entrees combines

Country Status (3)

Country Link
AU (1) AU2003291779A1 (fr)
NO (1) NO318168B1 (fr)
WO (1) WO2004055738A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009009819A1 (fr) * 2007-07-17 2009-01-22 Valid8 Technologies Pty Ltd Procédé et arrangement pour une validation d'utilisateur
ES2341935A1 (es) * 2008-10-07 2010-06-29 Intelligent Data, S.L. Sistema biometrico inteligente de control de acceso a instalaciones sobre internet.
US7853830B2 (en) 2006-11-03 2010-12-14 Thomson Licensing Apparatus and method for providing error notification in a wireless virtual file system
CN104700011A (zh) * 2013-12-09 2015-06-10 中国移动通信集团公司 一种终端访问控制的方法和装置
DE102017100941A1 (de) 2017-01-18 2018-07-19 Adtran GmbH Authentifizierung und Zugriff auf eine Vorrichtung einer Festnetzkommunikationsvorrichtung
EP3354522A1 (fr) * 2017-01-25 2018-08-01 TVS Motor Company Limited Dispositif d'immobilisation pour véhicule à deux roues
CN112968864A (zh) * 2021-01-26 2021-06-15 太原理工大学 一种可信的IPv6网络服务过程机制

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0924656A2 (fr) * 1997-12-22 1999-06-23 TRW Inc. Porte-clefs d'identification personnel
EP1168137A1 (fr) * 2000-06-23 2002-01-02 IPM-NET S.p.A. Lecteur de carte à puce avec interface USB pour permettre une connection avec des ordinateurs personnels
WO2002001328A2 (fr) * 2000-06-27 2002-01-03 Intel Corporation Authentification biometrique dans un dispositif a memoire non volatile
EP1241553A1 (fr) * 2001-03-17 2002-09-18 eSecurium SA Module de sécurité amovible
US6484260B1 (en) * 1998-04-24 2002-11-19 Identix, Inc. Personal identification system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0924656A2 (fr) * 1997-12-22 1999-06-23 TRW Inc. Porte-clefs d'identification personnel
US6484260B1 (en) * 1998-04-24 2002-11-19 Identix, Inc. Personal identification system
EP1168137A1 (fr) * 2000-06-23 2002-01-02 IPM-NET S.p.A. Lecteur de carte à puce avec interface USB pour permettre une connection avec des ordinateurs personnels
WO2002001328A2 (fr) * 2000-06-27 2002-01-03 Intel Corporation Authentification biometrique dans un dispositif a memoire non volatile
EP1241553A1 (fr) * 2001-03-17 2002-09-18 eSecurium SA Module de sécurité amovible

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7853830B2 (en) 2006-11-03 2010-12-14 Thomson Licensing Apparatus and method for providing error notification in a wireless virtual file system
WO2009009819A1 (fr) * 2007-07-17 2009-01-22 Valid8 Technologies Pty Ltd Procédé et arrangement pour une validation d'utilisateur
GB2465947A (en) * 2007-07-17 2010-06-09 Valid8 Technologies Pty Ltd A method and arrangement for user validation
ES2341935A1 (es) * 2008-10-07 2010-06-29 Intelligent Data, S.L. Sistema biometrico inteligente de control de acceso a instalaciones sobre internet.
CN104700011A (zh) * 2013-12-09 2015-06-10 中国移动通信集团公司 一种终端访问控制的方法和装置
DE102017100941A1 (de) 2017-01-18 2018-07-19 Adtran GmbH Authentifizierung und Zugriff auf eine Vorrichtung einer Festnetzkommunikationsvorrichtung
US10880305B2 (en) 2017-01-18 2020-12-29 Adtran GmbH Authentication and access to a device of a fixed line communication device
EP3354522A1 (fr) * 2017-01-25 2018-08-01 TVS Motor Company Limited Dispositif d'immobilisation pour véhicule à deux roues
CN112968864A (zh) * 2021-01-26 2021-06-15 太原理工大学 一种可信的IPv6网络服务过程机制

Also Published As

Publication number Publication date
NO20026097D0 (no) 2002-12-18
AU2003291779A1 (en) 2004-07-09
NO318168B1 (no) 2005-02-14

Similar Documents

Publication Publication Date Title
US8255697B2 (en) Portable or embedded access and input devices and methods for giving access to access limited devices, apparatuses, appliances, systems or networks
JP4054052B2 (ja) Usbインターフェースアクセス可能生体認証プロセッサを有する生体認証パラメータ保護usbインターフェース携帯型データ記憶装置
EP0379333B1 (fr) Système de sécurité pour transmission de données
EP0924657B2 (fr) Technique de vérification d'identité à distance avec un dispositif d'identification personel
US7796013B2 (en) Device using histological and physiological biometric marker for authentication and activation
CA2640915C (fr) Methode d'authentification biometrique, programme informatique, serveur d'authentification, terminal et objet portable correspondants
US8112632B2 (en) Security devices, systems and computer program products
US7716383B2 (en) Flash-interfaced fingerprint sensor
EP1265121A2 (fr) Unité et système d'authentification d'empreintes digitales
US9690916B2 (en) Multi-function identification system and operation method thereof
EP1168137A1 (fr) Lecteur de carte à puce avec interface USB pour permettre une connection avec des ordinateurs personnels
US20020059521A1 (en) Method and system for identifying a user
EP1982262A1 (fr) Systeme de securite de donnees
CN102713887A (zh) 增强系统的生物测定安全性
WO2003091885A1 (fr) Dispositif de stockage de donnees portable a interface bus serie informatique protege par des parametres biometriques, et procede d'inscription de donnees biometriques de propriete
WO2009095263A1 (fr) Procédé d'entrée de numéro d'identification personnel sécurisée et de réglage de mode de fonctionnement dans un dispositif portable personnel
JP2007011993A (ja) 情報処理システム、情報処理装置および方法、並びにプログラム
EP1228433A1 (fr) Installation de securite
US20030014642A1 (en) Security arrangement
JP4984838B2 (ja) Icカード、icカード制御プログラム
WO2004055738A1 (fr) Dispositifs pour acces et entrees combines
JP4089294B2 (ja) 個人認証システム及び個人認証用端末装置
CN1333348C (zh) 含生物辨识的可携式加密储存装置及储存资料的保护方法
US20070168667A1 (en) Method, authentication medium and device for securing access to a piece of equipment
RU2260840C2 (ru) Средство защиты

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP