WO2002071238A1 - Secure smart-id palmtop docking module - Google Patents

Secure smart-id palmtop docking module Download PDF

Info

Publication number
WO2002071238A1
WO2002071238A1 PCT/US2002/006775 US0206775W WO02071238A1 WO 2002071238 A1 WO2002071238 A1 WO 2002071238A1 US 0206775 W US0206775 W US 0206775W WO 02071238 A1 WO02071238 A1 WO 02071238A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
handheld computer
microprocessor
dog
expansion module
Prior art date
Application number
PCT/US2002/006775
Other languages
French (fr)
Inventor
Russell Morgan
Adam Hemsley
Original Assignee
E-Moola, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by E-Moola, Inc. filed Critical E-Moola, Inc.
Publication of WO2002071238A1 publication Critical patent/WO2002071238A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1632External expansion units, e.g. docking stations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1626Constructional details or arrangements for portable computers with a single-body enclosure integrating a flat display, e.g. Personal Digital Assistants [PDAs]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically

Definitions

  • the present invention converts a standard handheld computer into a secure security-ID terminal by utilizing a special expansion module and the 'plug-and-play' functionality of the expansion slot provided on some handheld computers.
  • the present invention includes mechanical structures enabling entry of IC based ID- card (Smart Card) information via either contact or contactless methods.
  • the present invention also incorporates a thumbprint scanner to further improve the security and accuracy of the device.
  • This new entity of the handheld computer and expansion module then becomes the secure security-ID terminal that accepts input from IC based ID-card (Smart Card) or IC based 'dog-tags'.
  • U.S. Pat. No. 5,465,038 to Register discloses a battery charging/data transfer apparatus for a handheld computer, the battery charging/data transfer structure is provided for use in conjunction with a handheld computer to charge its battery and serve as an infrared data exchange interface between the handheld computer and a data input/output device such as a desktop computer.
  • U.S. Pat. No. 5,157,769 to Eppley discloses a computer data interface for connecting a handheld computer and a desktop computer.
  • the computer data interface includes a cable having connectors at each end thereof.
  • Mounted in one of the connectors is an adapter circuit for receiving data signals from the handheld computer and transmitting the signals to the desktop computer at a voltage levels compatible with the desktop computer.
  • the adapter circuit receives signals from the desktop computer and transmits the signals to the handheld computer at voltage levels compatible with the handheld computer.
  • the adapter circuit is powered by the desktop computer to prevent draining the batteries of the handheld computer.
  • Aebli discloses a computer system, and particularly a handheld mobile client system, in which a user input device such as a keyboard or a scanner, coupled by a tethering conductor or a wireless link such as an infrared radiation link, functions as a master while the central processing unit of the system functions as a slave in receiving input digital signals.
  • a user input device such as a keyboard or a scanner
  • a tethering conductor or a wireless link such as an infrared radiation link
  • U.S. Pat. No. 6,115,248 to Canova discloses a detachable securement of an accessory device to a handheld computer, that provides for coupling an accessory device to a back face of a handheld computer while electrically connecting to the handheld computer through a communications or output port.
  • the accessory device "piggy-backs" on the handheld computer so that the accessory device and handheld computer form a portable combination.
  • An insertion coupling may be used to detachably secure the accessory device with the handheld computer.
  • the insertion coupling used with embodiments of the invention is preferably a snap-in coupling having one or more biased members. The biased members may be contracted to engage an aperture on a back face of the handled computer. When released, the biased members secure the accessory device to the handheld computer.
  • U.S. Pat. No. 6,144,848 to Walsh discloses a handheld remote computer control and methods for secured interactive real-time telecommunications, that describes an interactive bi-directional telecommunication method using a handheld low power user device to access a host computer server along a telecommunication path, and to command the host computer server to transmit audio and/or visual reports to the user device.
  • U.S. Pat. No. 5,974,238 to Chase, Jr., discloses an automatic data synchronization between a handheld and a host computer using pseudo cache including tags and logical data elements, that describes an apparatus for performing dynamic synchronization between data stored in a handheld computer and a host computer, each having a plurality of data sets including at least one common data set, each computer having a copy of the common data set.
  • the handheld computer has a processor, a communication port, and a data synchronization engine.
  • the data synchronization engine has a pseudo-cache and one or more tags connected to the pseudo cache. Data is synchronized whenever data is written to main memory and/or when the associated pseudo-cache tag is invalidated.
  • data coherency is achieved because the system always knows who owns the data, who has a copy of the data, and who has modified the data.
  • the data synchronization engine resolves any differences in the copies and allows the storage of identical copies of the common data set in the host computer and in the handheld computer.
  • IC based ID-card Smart Card
  • IC based 'dog-tags' found in military ID applications or high security requirements and other areas where accurate security ID is required.
  • the security guard either inserts the IC based ID-card (Smart Card) into the ID Card reader of the expansion module, or the security guard places the secure security-ID terminal in close proximity of the IC based ID-card (Smart Card) or IC based 'dog-tag' so that the information contained therein can be read utilizing conventional contactless methods of reading information from contactless ID Card products.
  • the term "security guard” refers to any person operating the present invention as disclosed herein.
  • the microprocessor on the handheld computer reads the security ID information from the IC based ID-card (Smart Card) or IC based 'dog-tag.' The validity of the data contained in the IC based ID-card (Smart Card) or IC based 'dog-tag' is checked by displaying the Name, Rank and Photo of the authorized user of the IC based ID-card (Smart Card) or IC based 'dog-tag' on the display of the handheld computer for visual comparison by the security guard.
  • the microprocessor on the handheld computer also compares the security ID information from the IC based ID-card (Smart Card) or IC based 'dog-tag' against a database of authorized individuals contained within the expansion module, and any discrepancy may be highlighted on the screen of the handheld computer.
  • the microprocessor on the handheld computer may additionally request a thumb-print scan of the holder of the IC based ID-card (Smart Card) or IC based 'dog-tag' in high security areas as further validation that it is the authorized user who is proffering the IC based ID-card (Smart Card) or IC based 'dog-tag'.
  • the microprocessor on the handheld computer determines that the thumbprint proffered does not match the thumbprint signature from the IC based ID-card (Smart Card) or IC based 'dog-tag', the thumbprint is then deemed to be not valid, and the microprocessor on the handheld computer displays an appropriate message on the handheld computer's screen that access should be denied and other appropriate action initiated.
  • IC based ID-card Smart Card
  • IC based 'dog-tag' the microprocessor on the handheld computer displays an appropriate message on the handheld computer's screen that access should be denied and other appropriate action initiated.
  • the microprocessor on the handheld computer determines that the proffered IC based ID-card (Smart Card) or IC based 'dog-tag' does not match a corresponding entry in the authorized individual database contained within the expansion module, then the IC based ID-card (Smart Card) or IC based 'dog tag' is deemed to be not valid, and the microprocessor on the handheld computer displays an appropriate message on the handheld computer's screen that access should be denied and other appropriate action initiated.
  • the microprocessor on the handheld computer records the details of every IC based ID-card (Smart Card) or IC based 'dog-tag' read in another database in the expansion module. This database is then accessed when the handheld computer is placed within the charging docking module to update the main site database of access authorizations and denials. This is also the time when the main site database would update the authorized personnel database contained within the expansion module in a similar manner.
  • FIGURE 1 shows a front view of an electrically connected handheld computer and expansion module according to the present invention
  • FIGURE 2 shows a diagram of the major components of an electrically connected handheld computer and expansion module and their interconnection, according to the present invention
  • FIGURE 3 shows a flow diagram of the actions and responses involved during the process of a typical transaction
  • FIGURE 4 shows a diagrammatic illustration of representative types of IC based ID-card (Smart Card) and IC based 'dog-tag' accepted by the present invention
  • FIGURE 5a shows a top view of the handheld computer and the expansion module connector
  • FIGURE 5b shows a top view of the expansion module
  • FIGURE 6 shows a front view of the coupled handheld computer and expansion module according to the present invention
  • FIGURE 7 shows a side view of the coupled handheld computer and expansion module according to the present invention
  • FIGURE 8 shows the function of the signals typically found on the pins of the auxiliary connector of a conventional Handspring handheld computer.
  • the present invention is a coupled handheld computer expansion module system that provides a secure security identification (security-ID) terminal for high security access applications.
  • security-ID secure security identification
  • FIG. 1 is a diagrammatic illustration of a preferred embodiment of the system that includes a conventional handheld computer 100, along with an expansion module 200, that together form a secure security-ID terminal of the present invention.
  • a Handspring Nisor Prism brand handheld computer 100 is utilized and uses a connection via the handheld computer expansion connector 106 (not shown) and expansion module mating connector 201 (not shown).
  • the Handspring Nisor Prism handheld computers are manufactured by Handspring, an American manufacturer of handheld computers and a leading supplier to the world market. There are handheld computers made by other manufacturers that conform to the Springboard Expansion Module standard that may be used with the present invention.
  • FIG. 2 schematically illustrates a typical handheld computer 100 as mated to the expansion module 200 to form the secure security-ID terminal of the invention.
  • Handspring Visor Prism handheld computers have a colour display 101, keypad 102 and touchpad 103 that are electronically connected to each other via a bus structure 105 that also interfaces with a conventional microprocessor 104.
  • the microprocessor 104 typically used in Handspring Visor Prism handheld computers is the MC68VZ328 Dragonball-VZ microprocessor manufactured by Motorola.
  • the above described hardware configuration is powered by replaceable batteries 107 and this is a common configuration in most handheld computers.
  • Handspring has established a particular protocol for interfacing between the microprocessor 104 and expansion module 200.
  • This interface allows the facilities of the expansion module to be accessed from the handheld computer 100 via the handheld computer expansion connector 106.
  • This interface allows addition programs, memory and other devices to be made available to and be controlled by the handheld computer's microprocessor 104. Information about the interface can be found in the Springboard Development Guide for Handspring Handheld Computers (Document No. 80-0091-00) and the Handspring Development Tools Guide (Document No. 80-0092-00) obtainable from the www.handspring.com website.
  • the handheld computer expansion connector 106 typically contains 70 contacts (Figure 8), including 16-data lines, 24-address lines, control signals, power and ground. All of these signals are with reference to the handheld computer. These signals mate with the matching connector 201 on the expansion module 200. Full details of the pin definitions, signal specifications and timing parameters are published in the Handspring Product Guide: Visor Prism (Document No. 80-0094- 00) that may also be obtained from the www.handspring.com website.
  • the handheld computer 100 communicates with the expansion module 200 by accessing the expansion module 200 through the handheld computer expansion connector 106, to the expansion module control assembly 202, via the mating connector 201 as detailed in the SpringBoard specifications. Additional embodiments may also contain a microprocessor 203 on the expansion module control assembly 202 to perform additional processing or security related functions.
  • a preferred microprocessor for use as the expansion module microprocessor 203 of the present invention is a Motorola MC68HC711. Other microprocessors adapted to control the functioning of the expansion module 200 may be used in the present invention and are functionally equivalent.
  • the expansion module control assembly 202 contains a smart card proximity reader 209 and also contains an ID Card reader 205 that mates with, and accepts data from IC cards or, as they are commonly known, "Smart Cards.”
  • the expansion module control assembly 202 also includes a thumbprint scanner 210 and a conventional Multifunction Secure Access Module (SAM) 204.
  • SAM Multifunction Secure Access Module
  • the Multifunction Secure Access Module (SAM) 204 is a sub-assembly that contains a special microprocessor, memory and encryption processor, encapsulated as a SIM module, similar to the conventional SIM modules found in modern mobile phones, that is used to securely perform all the required cryptographic functions as described herein.
  • the expansion module control assembly 202 also contains an internal battery 207 that is recharged whenever the handheld computer is plugged into it's conventional docking module (not shown). This internal battery 207 is used to power the features found on the expansion module, and to provide data retention when the expansion module is not in use.
  • FIG. 3 is a diagrammatic flowchart illustrating preferred operational steps and information flow for the present invention.
  • security personnel read the information from an IC based 'dog-tag' 401 through the expansion module's smart card proximity reader 209, the reader detects the 'dog-tag' information at step 300, the microprocessor 104 then performs a cryptographic validation and expiration check on the account number read from the IC based 'dog-tag' 401 at step 302 and 303 utilising the Multifunction Secure Access Module (SAM) 204.
  • SAM Multifunction Secure Access Module
  • the micro processor 104 uses conventional cryptographic validation routines as provided in the relevant ISO standards, such as ISO Standard 15408.
  • the microprocessor 104 determines whether it should authenticate the 'dog-tag' offline using either offline static or dynamic data authentication based upon the 'dog-tag' and terminal support for these methods.
  • Offline Static Data Authentication validates that important application data has not been fraudulently altered since 'dog-tag' personalization.
  • the terminal validates static (unchanging) data from the 'dog-tag' using the 'dog-tag's' Issuer Public Key (PK) Certificate that contains the Issuer Public Key and a digital signature that contains a hash of important application data encrypted with the Issuer Private Key.
  • the terminal recovers the Issuer Public Key from the Issuer PK Certificate and uses the recovered Issuer Public Key to recover the hash of application data from the digital signature.
  • a match of the recovered hash with a hash of the actual application data proves that the data has not been altered.
  • Offline Dynamic Data Authentication validates that the 'dog-tag' data has not been fraudulently altered and that the 'dog-tag' is genuine.
  • the terminal verifies the 'dog-tag' static data in a similar manner to SDA. Then, the terminal requests that the 'dog-tag' generate a cryptogram using dynamic (transaction unique) data from the 'dog-tag' and terminal and an ICC Private Key.
  • the terminal decrypts this dynamic signature using the ICC Public Key recovered from 'dog-tag' data. A match of the recovered data to the original data verifies that the 'dog-tag' is not a counterfeit 'dog-tag' created with data skimmed (copied) from a legitimate 'dog-tag'.
  • the microprocessor 104 detects the IC based ID-card (Smart Card) 400 insertion into the ID Card reader 205 at step 301, and microprocessor 104 performs a cryptographic validation and expiration check on the account number read from the IC based ID-card (Smart Card) 400 at step 302 and 303 utilizing the SAM 204.
  • the microprocessor 104 uses conventional cryptographic validation routines as provided in the relevant ISO standards, such as ISO Standard 15408.
  • the microprocessor 104 determines whether it should authenticate the card offline using either offline static or dynamic data authentication based upon the card and terminal support for these methods.
  • SDA Static Data Authentication
  • microprocessor 104 determines that the account number is not valid at step 303, an "Invalid ID Card" message or other appropriate message is displayed on the handheld computer's display 101 at step 304. The microprocessor 104 will then update the site access record to show that this ID has not been validated for site access at step 305. In a typical security scenario - the security guard will deny access and take whatever action is appropriate for the circumstances, (e.g. keep the ID badge - call authorities) at step 306.
  • the handheld computer's microprocessor 104 checks the cardholders authorization to enter the secure area against a database held within the handheld computer's memory at step 307.
  • a "Request Orders" message is displayed on the handheld computer's display 101 at step 309.
  • the security guard will request any written orders or authorization for this ID card holder to enter this secure area at step 310.
  • the security guard may then validate this written authorization using appropriate procedures at step 311 and 312. If the written authorization is not validated at step 312, the site record will be updated and the security guard will deny access at steps 305 and 306 as described previously.
  • the security guard will enter a temporary authorization code at step 313, and return the written orders to the ID card holder at step 314.
  • the microprocessor 104 will then update the site access record to show that the ID card identified in step 308 or 312 has been validated for site access.
  • the microprocessor 104 will then display the ID card holder's descriptive data on the handheld computer's display 101 at step 316, so that the security guard may perform a visual check between the information presented on the handheld computer's display 101 and the person presenting the ID card.
  • step 318 the site record will be updated and the security guard will deny access at steps 305 and 306 as described previously. If the visual inspection at step 318 passes - the security guard will indicate that the visual inspection was OK at step 318, and the microprocessor 104 will update the site access record at 319 to show that this ID card visual identification in step 318 has been validated.
  • the microprocessor 104 will then determine if the site access requires thumbscan authorization at step 320. If thumbscan authorization is required by step 320, the microprocessor 104 will then display an "Obtain Thumbscan" message on the handheld computer's display 101 at step 321. The security guard will then obtain a thumbscan of the person presenting the ID card at step 322.
  • the microprocessor 104 using appropriate computer programming software contained within the expansion module 200 will then determine at step 323, if the thumbscan just obtained matches the thumbscan image data contained within the data read from the ID card at steps 300 or 301. If the thumbscan data does not match, the microprocessor 104 will display a "Thumbscan Fail" message on the handheld computer's display 101 at step 332, and the site record will be updated and the security guard will deny access at steps 305 and 306 as described previously.
  • the microprocessor 104 will then update at 324 the site access record to show that this ID card thumbscan identification in step 323 has been validated.
  • the microprocessor 104 will display an "Access Authorized" message on the handheld computer's display 101 at step 325 to advise the security guard that access has been authorized.
  • the security guard will acknowledge the "Authorized' message at step 326, the microprocessor 104 will then update the site access record to show that this ID card has been "Authorized” for access to this site at step 327.
  • the site records will synchronize with the information contained within the handheld computer and the site records will be updated at step 329.
  • FIG. 4 diagrammatically illustrates the various types of cards accepted by the secure security-ID terminal of the present invention.
  • the card types accepted are: - IC based ID-card (Smart Card)s 400, or IC based 'dog-tag' 401 that comprise of a base plastic card, a imbedded IC chip 402, and other printed and embossed information that is pertinent to the card (not shown).
  • the IC based ID-card (Smart Card)s 400 and IC based 'dog-tags' 401 described herein conform in general to ISO 7810, ISO 7813, ISO 7816, ISO 10202 and ISO 14443.
  • Figure 5a is a diagrammatic illustration of a top view of a first preferred embodiment of the invention. It shows the handheld computer 100 and the location of the handheld computer expansion connector 106 on the top of the handheld computer 100.
  • Figure 5b is a diagrammatic illustration of a top view of the first preferred embodiment of the invention. It shows the expansion module 200 along with the location of the ID Card reader slot 208 location on top of the expansion module 200.
  • Figure 6 is a diagrammatic illustration of a front view of a first preferred embodiment of the invention. It shows the handheld computer 100 and expansion module 200 along with location details for the handheld computer's display 101, keypad 102 and touchpad 103. It also illustrates the preferred location of the thumbprint scanner 210.
  • Figure 7 is a diagrammatic illustration of a side view of a first preferred embodiment of the invention. It shows the handheld computer 100 and expansion module 200 along with location details for the handheld computer's display 101 (not seen), keypad 102 and touchpad 103 (not seen).
  • Figure 8 is a diagrammatic representation of the contact and signal configuration of a typical handheld computer. It shows the normal signals encountered on such a handheld computer.
  • the handheld computer 100 is electrically connected to the expansion module control assembly 202 via the handheld computer expansion connector 106.
  • the handheld computer 100 includes, as is customary with most handheld computer's, a keypad 102, a touchpad 103 a display 101, memory (not shown) and a microprocessor 104.
  • the handheld computer 100 is physically removably coupled to the expansion module 200.
  • the microprocessor 104 continually monitors the activity of the expansion module's smart card proximity reader 209 and the ID Card reader 205 and continually monitors the activity within the handheld computer 100, and can capture information of each key press on the keypad 102, or touchpad 103 for processing under the control of the programs contained in the expansion module 200.
  • All handheld computer keypads 102 and touchpads 103 operate in a similar manner to control the functioning of the handheld computer 100.
  • the handheld computer responds to key-presses on the keypads 102 and information stenciled on the touchpad 103 by the stylus, that are given in reply to prompts provided on the screen 101 by the program running in the handheld computer.
  • a conventional handheld computer 100 for use in the present invention preferably includes a colour display 101, keypad 102 and touchpad 103 that are electronically connected via a bus 105 to microprocessor 104.
  • This conventional handheld computer 100 will also customarily be provided with a powered docking module (not shown) that will provide battery recharge facilities, along with facilities to enable the data contained within the conventional handheld computer 100 to synchronize with an external database or source (not shown).
  • a preferred embodiment according to the present invention is one in which an IC based ID-card (Smart Card) 400 is used during the access authorization sequence. This preferred embodiment is described in detail below with reference to the accompanying drawings.
  • the security guard inserts the IC based ID-card (Smart Card) 400 through the IC based ID-card (Smart Card) slot 208 in the expansion module 200, the action of inserting the IC based ID-card (Smart Card) 400 through the IC based ID-card (Smart Card) slot 208 in the expansion module 200 causes the stored information contained in the IC based ID-card (Smart Card) 400 to be read by the ID Card reader 205 and associated electronics on the expansion module control assembly 202 in such a manner as to present to the handheld computer microprocessor 104 the information contained in the IC of the IC based ID-card (Smart Card) 400.
  • the microprocessor 104 then performs a cryptographic validation and expiration check on the information read from the IC based ID-card (Smart Card) 400.
  • the processor 104 uses conventional cryptographic validation routines as provided in the relevant ISO standards, such as ISO Standard 15408.
  • the processor 104 determines whether it should authenticate the card offline using either offline static or dynamic data authentication based upon the card and terminal support for these methods.
  • Offline Static Data Authentication validates that important application data has not been fraudulently altered since card personalization.
  • the terminal validates static (unchanging) data from the card using the card's Issuer Public Key (PK) Certificate that contains the Issuer Public Key and a digital signature that contains a hash of important application data encrypted with the Issuer Private Key.
  • PK Issuer Public Key
  • the terminal recovers the Issuer Public Key from the Issuer PK Certificate and uses the recovered Issuer Public Key to recover the hash of application data from the digital signature.
  • a match of the recovered hash with a hash of the actual application data proves that the data has not been altered.
  • DDA Offline Dynamic Data Authentication
  • an "Invalid ID Card” message or other appropriate message is displayed upon the display 101, and the site access record database (not shown) is updated by the microprocessor 104 to reflect the invalid ID card access attempt, and the security guard may take whatever action is appropriate for the circumstances.
  • the card data is checked against a valid site access database (not shown) to determine if the proffered card has been authorized for access to this site. If the proffered card information is not found within the site access database (not shown), then the microprocessor 104 will display a "Request Orders" message on the display 101 for the security guard.
  • the security guard will then request the person proffering the IC based ID-card (Smart Card) 400 to present any written orders or authorization that authorize their access to this site.
  • the security guard will validate the proffered orders or authorization using whatever procedure is required by the site in question. If the security guard is advised that the proffered documents are not valid, he will press a key on the keypad 102 to indicate to the program that the proffered documentation was found to be invalid, and the microprocessor 104 will display a "Invalid Orders" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the invalid orders access attempt, and the security guard will take whatever action is appropriate for the circumstances.
  • the site access record database (not shown) is updated by the microprocessor 104 to reflect the temporary authorization of this IC based ID-card (Smart Card) 400.
  • the microprocessor 104 will now display the information recovered from the proffered IC based ID-card (Smart Card) 400 for the security guard to view. This information will include a photo-ID of the person authorized to use this IC based ID-card (Smart Card) 400 as well as such other data as required by site security.
  • the security guard will now perform a visual comparison of the information displayed on the display 101 and the person who proffered the card. If the security guard determines that there is not a match between the information displayed on the display 101 and the person who has proffered the card, he will press a key on the keypad 102 to indicate to the program that the visual match was found to be invalid.
  • the microprocessor 104 will display a "Visual Match Fail" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the visual match failed, and the security guard will take whatever action is appropriate for the circumstances.
  • the security guard determines that there is a match between the information displayed on the display 101 and the person who has proffered the card, he will press a key on the keypad 102 to indicate to the program that the visual comparison was found to be valid, and the site access record database (not shown) is updated by the microprocessor 104 to reflect the acceptance by the security guard of the visual check.
  • the microprocessor 104 would then check the site access database (not shown) to determine if additional biometric authorization is required for access to the site, by the person proffering the IC based ID-card (Smart Card) 400. If the microprocessor 104 determines that additional biometric authorization is required for the person proffering the IC based ID-card (Smart Card) 400, then the microprocessor 104 will display an "Obtain Thumbscan" message on the display 101, and the security guard will request a thumbscan from the person proffering the IC based ID-card (Smart Card) 400.
  • the microprocessor 104 will perform a validation of the thumbscan read by the thumbprint scanner 210 and compare it with the biometric data read from the IC based ID-card (Smart Card) 400 to determine if a sufficient match has been achieved to authorize access to the site. If the microprocessor 104 determines that the proffered thumbprint was not a sufficient match, then the microprocessor 104 will display a "Thumbscan Fail" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the failed thumbscan, and the security guard will take whatever action is appropriate for the circumstances.
  • microprocessor 104 determines that the proffered thumbprint is a sufficient match by predetermined criteria then the microprocessor 104 will update the site access record database (not shown) to reflect the accepted thumbscan.
  • the thumbscan (or scan of other body parts such as a finger, or the eye) validation is performed by conventional programs that use biometric authentication systems.
  • the preferred validation program is eCryp FGP 1.0, available from and proprietary to eCryp, Inc., www.ecrypinc.com.
  • the microprocessor 104 will display an "Authorized" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect that the person proffering the IC based ID-card (Smart Card) 400 has been cleared for access to the site.
  • the security guard will press a key on the keypad 102 to indicate to the program to acknowledge the authorized message, and the microprocessor 104 will update the site access record database (not shown) to reflect the acceptance of the authorization.
  • the microprocessor 104 will synchronize it's databases (not shown) with the site main database (not shown), to reflect any changes or accesses granted or denied since the last time it synchronized with the site database in a manner similar to that disclosed in U.S. Pat. No. 5,974,238. At this time also any changes made to the site database are recorded in the database contained within the expansion module 200.
  • an IC based 'dog- tag' 401 or a contactless IC based ID-card (Smart Card) 400 is used during the access authorization sequence.
  • This embodiment is described in detail below with reference to the accompanying drawings.
  • the microprocessor 104 then performs a cryptographic validation and expiration check on the information read from the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400.
  • the processor 104 uses conventional cryptographic validation routines as provided in the relevant ISO standards, such as ISO Standard 15408.
  • the processor 104 determines whether it should authenticate the IC based 'dog-tag' or smart card offline using either offline static or dynamic data authentication based upon the IC based 'dog-tag' or smart card and terminal support for these methods.
  • the proffered IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 is deemed to be valid - it is checked against a valid site access database (not shown) to determine if the proffered card or 'dog-tag' has been authorized for access to this site. If the proffered card or 'dog-tag' information is not found within the site access database (not shown), then the microprocessor 104 will display a "Request Orders" message on the display 101 for the security guard. The security guard will then request the person proffering the IC based 'dog- tag' 401 or a contactless IC based ID-card (Smart Card) 400 to present any written orders or authorization that authorize their access to this site.
  • the security guard will validate the proffered orders or authorization using whatever procedure is required by the site in question. If the security guard is advised that the proffered documents are not valid, he will press a key on the keypad 102 to indicate to the program that the proffered documentation was found to be invalid, and the microprocessor 104 will display a "Invalid Orders" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the invalid orders access attempt, and the security guard will then take whatever action is appropriate for the circumstances.
  • the site access record database (not shown) is updated by the microprocessor 104 to reflect the temporary authorization of this IC based 'dog- tag' 401 or a contactless IC based ID-card (Smart Card) 400.
  • the microprocessor 104 will now display the information recovered from the proffered IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 for the security guard to view.
  • This information will include a photo-ID of the person authorized to use this IC based 'dog-tag' 401 or a contactless IC based ID- card (Smart Card) 400 as well as such other data as required by site security.
  • the security guard will now perform a visual comparison of the information displayed on the display 101 and the person who proffered the card. If the security guard determines that there is no match between the information displayed on the display 101 and the person who has proffered the card, he will press a key on the keypad 102 to indicate to the program that the visual match was found to be invalid.
  • the microprocessor 104 will display a "Visual Match Fail" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the visual match failed, and the security guard will take whatever action is appropriate for the circumstances.
  • the security guard determines that there is a match between the information displayed on the display 101 and the person who has proffered the card or 'dog- tag,' he will press a key on the keypad 102 to indicate to the program that the visual comparison was found to be valid, and the site access record database (not shown) is updated by the microprocessor 104 to reflect the acceptance by the security guard of the visual check.
  • the microprocessor 104 would then check the site access database (not shown) to determine if additional biometric authorization is required for access to the site, by the person proffering the IC based 'dog-tag' 401 or a contactless IC based ID- card (Smart Card) 400.
  • the microprocessor 104 determines that additional biometric authorization is required for the person proffering the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400, then the microprocessor 104 will display an "Obtain Thumbscan" message on the display 101, and the security guard will request a thumbscan from the person proffering the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400.
  • the microprocessor 104 will perform a validation of the thumbscan read by the thumbprint scanner 210 and compare it with the biometric data read from the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 to determine if a sufficient match has been achieved to authorize access to the site. If the microprocessor 104 determines that the proffered thumbprint was not a sufficient match, then the microprocessor 104 will display a "Thumbscan Fail" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the failed thumbscan, and the security guard will take whatever action is appropriate for the circumstances.
  • the microprocessor 104 determines that the proffered thumbprint was of a sufficient match by predetermined criteria then the microprocessor 104 will update the site access record database (not shown) to reflect the accepted thumbscan.
  • the microprocessor 104 will display an "Authorized" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect that the person proffering the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 has been cleared for access to the site.
  • the security guard will press a key on the keypad 102 to indicate to the program to acknowledge the authorized message, and the microprocessor 104 will update the site access record database (not shown) to reflect the acceptance of the authorization.
  • the microprocessor 104 Whenever the handheld computer 100 recognizes that it has been placed within it's docking module (not shown), as is conventional, the microprocessor 104 will synchronize it's databases (not shown) with the site main database (not shown), to reflect any changes or accesses granted or denied since the last time it synchronized with the site database. At this time also any changes made to the site database are recorded in the database contained within the expansion module 200.

Abstract

The present invention describes an expansion module for a handheld computer which allows the handheld computer (100) and expansion module (200) to function together as a secure security-ID terminal that accepts IC based ID-cards (Smart Card) and IC based 'dog-tags' and presents the information to security personnel to validate the card holders authority to enter into a secure area. The present invention utilizes photo-ID and biometric data stored on the IC based ID-card (Smart Card) and IC based 'dog-tag' to validate that the person presenting the credentials is in fact the person authorized to be presenting them. The resultant mobile secure security-ID terminal meets the advanced security requirements of military and non-military security sites worldwide. By disconnecting the handheld computer from the expansion module, the handheld computer is restored to conventional operation.

Description

SECURE SMART-ID PALMTOP DOCKING MODULE.
TECHNICAL FIELD
There is a need for a truly portable secure security ID system. The present invention converts a standard handheld computer into a secure security-ID terminal by utilizing a special expansion module and the 'plug-and-play' functionality of the expansion slot provided on some handheld computers. The present invention includes mechanical structures enabling entry of IC based ID- card (Smart Card) information via either contact or contactless methods. The present invention also incorporates a thumbprint scanner to further improve the security and accuracy of the device.
This new entity of the handheld computer and expansion module then becomes the secure security-ID terminal that accepts input from IC based ID-card (Smart Card) or IC based 'dog-tags'.
BACKGROUND ART
U.S. Pat. No. 5,465,038 to Register (Register) discloses a battery charging/data transfer apparatus for a handheld computer, the battery charging/data transfer structure is provided for use in conjunction with a handheld computer to charge its battery and serve as an infrared data exchange interface between the handheld computer and a data input/output device such as a desktop computer.
U.S. Pat. No. 5,157,769 to Eppley (Eppley) discloses a computer data interface for connecting a handheld computer and a desktop computer. The computer data interface includes a cable having connectors at each end thereof. Mounted in one of the connectors is an adapter circuit for receiving data signals from the handheld computer and transmitting the signals to the desktop computer at a voltage levels compatible with the desktop computer. Similarly, the adapter circuit receives signals from the desktop computer and transmits the signals to the handheld computer at voltage levels compatible with the handheld computer. The adapter circuit is powered by the desktop computer to prevent draining the batteries of the handheld computer. U.S. Pat. No. 5,878,276 to Aebli (Aebli) discloses a computer system, and particularly a handheld mobile client system, in which a user input device such as a keyboard or a scanner, coupled by a tethering conductor or a wireless link such as an infrared radiation link, functions as a master while the central processing unit of the system functions as a slave in receiving input digital signals.
U.S. Pat. No. 6,115,248 to Canova (Canova) discloses a detachable securement of an accessory device to a handheld computer, that provides for coupling an accessory device to a back face of a handheld computer while electrically connecting to the handheld computer through a communications or output port. In one embodiment, the accessory device "piggy-backs" on the handheld computer so that the accessory device and handheld computer form a portable combination. An insertion coupling may be used to detachably secure the accessory device with the handheld computer. The insertion coupling used with embodiments of the invention is preferably a snap-in coupling having one or more biased members. The biased members may be contracted to engage an aperture on a back face of the handled computer. When released, the biased members secure the accessory device to the handheld computer.
U.S. Pat. No. 6,144,848 to Walsh (Walsh) discloses a handheld remote computer control and methods for secured interactive real-time telecommunications, that describes an interactive bi-directional telecommunication method using a handheld low power user device to access a host computer server along a telecommunication path, and to command the host computer server to transmit audio and/or visual reports to the user device. A system for host computer ordering of consumer products and services using the telecommunications method and handheld low power user device.
U.S. Pat. No. 5,974,238 to Chase, Jr., (Chase) discloses an automatic data synchronization between a handheld and a host computer using pseudo cache including tags and logical data elements, that describes an apparatus for performing dynamic synchronization between data stored in a handheld computer and a host computer, each having a plurality of data sets including at least one common data set, each computer having a copy of the common data set. The handheld computer has a processor, a communication port, and a data synchronization engine. The data synchronization engine has a pseudo-cache and one or more tags connected to the pseudo cache. Data is synchronized whenever data is written to main memory and/or when the associated pseudo-cache tag is invalidated. By strict adherence to a set of protocols, data coherency is achieved because the system always knows who owns the data, who has a copy of the data, and who has modified the data. The data synchronization engine resolves any differences in the copies and allows the storage of identical copies of the common data set in the host computer and in the handheld computer.
DISCLOSURE OF INVENTION
It is an object of this invention to provide an improved vehicle for the acceptance of security ID information from IC based ID-card (Smart Card) or IC based 'dog-tags' as found in military ID applications or high security requirements and other areas where accurate security ID is required.
In application, the security guard either inserts the IC based ID-card (Smart Card) into the ID Card reader of the expansion module, or the security guard places the secure security-ID terminal in close proximity of the IC based ID-card (Smart Card) or IC based 'dog-tag' so that the information contained therein can be read utilizing conventional contactless methods of reading information from contactless ID Card products. It will be understood that as used herein, the term "security guard" refers to any person operating the present invention as disclosed herein.
The microprocessor on the handheld computer reads the security ID information from the IC based ID-card (Smart Card) or IC based 'dog-tag.' The validity of the data contained in the IC based ID-card (Smart Card) or IC based 'dog-tag' is checked by displaying the Name, Rank and Photo of the authorized user of the IC based ID-card (Smart Card) or IC based 'dog-tag' on the display of the handheld computer for visual comparison by the security guard. The microprocessor on the handheld computer also compares the security ID information from the IC based ID-card (Smart Card) or IC based 'dog-tag' against a database of authorized individuals contained within the expansion module, and any discrepancy may be highlighted on the screen of the handheld computer. The microprocessor on the handheld computer may additionally request a thumb-print scan of the holder of the IC based ID-card (Smart Card) or IC based 'dog-tag' in high security areas as further validation that it is the authorized user who is proffering the IC based ID-card (Smart Card) or IC based 'dog-tag'.
If the microprocessor on the handheld computer determines that the thumbprint proffered does not match the thumbprint signature from the IC based ID-card (Smart Card) or IC based 'dog-tag', the thumbprint is then deemed to be not valid, and the microprocessor on the handheld computer displays an appropriate message on the handheld computer's screen that access should be denied and other appropriate action initiated.
If the microprocessor on the handheld computer determines that the proffered IC based ID-card (Smart Card) or IC based 'dog-tag' does not match a corresponding entry in the authorized individual database contained within the expansion module, then the IC based ID-card (Smart Card) or IC based 'dog tag' is deemed to be not valid, and the microprocessor on the handheld computer displays an appropriate message on the handheld computer's screen that access should be denied and other appropriate action initiated.
The microprocessor on the handheld computer records the details of every IC based ID-card (Smart Card) or IC based 'dog-tag' read in another database in the expansion module. This database is then accessed when the handheld computer is placed within the charging docking module to update the main site database of access authorizations and denials. This is also the time when the main site database would update the authorized personnel database contained within the expansion module in a similar manner. BRIEF DESCRIPTION OF THE DRAWINGS
Detailed drawings of the present invention are shown in the attached Figures, in which:
FIGURE 1 shows a front view of an electrically connected handheld computer and expansion module according to the present invention;
FIGURE 2 shows a diagram of the major components of an electrically connected handheld computer and expansion module and their interconnection, according to the present invention;
FIGURE 3 shows a flow diagram of the actions and responses involved during the process of a typical transaction;
FIGURE 4 shows a diagrammatic illustration of representative types of IC based ID-card (Smart Card) and IC based 'dog-tag' accepted by the present invention;
FIGURE 5a shows a top view of the handheld computer and the expansion module connector;
FIGURE 5b shows a top view of the expansion module;
FIGURE 6 shows a front view of the coupled handheld computer and expansion module according to the present invention;
FIGURE 7 shows a side view of the coupled handheld computer and expansion module according to the present invention; and FIGURE 8 shows the function of the signals typically found on the pins of the auxiliary connector of a conventional Handspring handheld computer.
BEST MODE FOR CARRYING OUT THE INVENTION
The present invention is a coupled handheld computer expansion module system that provides a secure security identification (security-ID) terminal for high security access applications.
Figure 1 is a diagrammatic illustration of a preferred embodiment of the system that includes a conventional handheld computer 100, along with an expansion module 200, that together form a secure security-ID terminal of the present invention. In one preferred embodiment, a Handspring Nisor Prism brand handheld computer 100 is utilized and uses a connection via the handheld computer expansion connector 106 (not shown) and expansion module mating connector 201 (not shown). The Handspring Nisor Prism handheld computers are manufactured by Handspring, an American manufacturer of handheld computers and a leading supplier to the world market. There are handheld computers made by other manufacturers that conform to the Springboard Expansion Module standard that may be used with the present invention.
Figure 2 schematically illustrates a typical handheld computer 100 as mated to the expansion module 200 to form the secure security-ID terminal of the invention. Customarily, Handspring Visor Prism handheld computers have a colour display 101, keypad 102 and touchpad 103 that are electronically connected to each other via a bus structure 105 that also interfaces with a conventional microprocessor 104. The microprocessor 104 typically used in Handspring Visor Prism handheld computers is the MC68VZ328 Dragonball-VZ microprocessor manufactured by Motorola. The above described hardware configuration is powered by replaceable batteries 107 and this is a common configuration in most handheld computers.
Handspring has established a particular protocol for interfacing between the microprocessor 104 and expansion module 200. This interface allows the facilities of the expansion module to be accessed from the handheld computer 100 via the handheld computer expansion connector 106. This interface allows addition programs, memory and other devices to be made available to and be controlled by the handheld computer's microprocessor 104. Information about the interface can be found in the Springboard Development Guide for Handspring Handheld Computers (Document No. 80-0091-00) and the Handspring Development Tools Guide (Document No. 80-0092-00) obtainable from the www.handspring.com website.
The interface protocol, hardware and system described above are believed to be equivalent in all handheld computers that conform to the Springboard standard. Accordingly, the present invention is not limited to use with Handspring handheld computers, or limited to brand specific Handspring handheld computer models.
The handheld computer expansion connector 106 typically contains 70 contacts (Figure 8), including 16-data lines, 24-address lines, control signals, power and ground. All of these signals are with reference to the handheld computer. These signals mate with the matching connector 201 on the expansion module 200. Full details of the pin definitions, signal specifications and timing parameters are published in the Handspring Product Guide: Visor Prism (Document No. 80-0094- 00) that may also be obtained from the www.handspring.com website.
The handheld computer 100 communicates with the expansion module 200 by accessing the expansion module 200 through the handheld computer expansion connector 106, to the expansion module control assembly 202, via the mating connector 201 as detailed in the SpringBoard specifications. Additional embodiments may also contain a microprocessor 203 on the expansion module control assembly 202 to perform additional processing or security related functions.
A preferred microprocessor for use as the expansion module microprocessor 203 of the present invention is a Motorola MC68HC711. Other microprocessors adapted to control the functioning of the expansion module 200 may be used in the present invention and are functionally equivalent. The expansion module control assembly 202 contains a smart card proximity reader 209 and also contains an ID Card reader 205 that mates with, and accepts data from IC cards or, as they are commonly known, "Smart Cards." The expansion module control assembly 202 also includes a thumbprint scanner 210 and a conventional Multifunction Secure Access Module (SAM) 204. The Multifunction Secure Access Module (SAM) 204 is a sub-assembly that contains a special microprocessor, memory and encryption processor, encapsulated as a SIM module, similar to the conventional SIM modules found in modern mobile phones, that is used to securely perform all the required cryptographic functions as described herein. The expansion module control assembly 202 also contains an internal battery 207 that is recharged whenever the handheld computer is plugged into it's conventional docking module (not shown). This internal battery 207 is used to power the features found on the expansion module, and to provide data retention when the expansion module is not in use.
Figure 3 is a diagrammatic flowchart illustrating preferred operational steps and information flow for the present invention. When security personnel read the information from an IC based 'dog-tag' 401 through the expansion module's smart card proximity reader 209, the reader detects the 'dog-tag' information at step 300, the microprocessor 104 then performs a cryptographic validation and expiration check on the account number read from the IC based 'dog-tag' 401 at step 302 and 303 utilising the Multifunction Secure Access Module (SAM) 204. The micro processor 104 uses conventional cryptographic validation routines as provided in the relevant ISO standards, such as ISO Standard 15408. The microprocessor 104 determines whether it should authenticate the 'dog-tag' offline using either offline static or dynamic data authentication based upon the 'dog-tag' and terminal support for these methods.
Offline Static Data Authentication (SDA) validates that important application data has not been fraudulently altered since 'dog-tag' personalization. The terminal validates static (unchanging) data from the 'dog-tag' using the 'dog-tag's' Issuer Public Key (PK) Certificate that contains the Issuer Public Key and a digital signature that contains a hash of important application data encrypted with the Issuer Private Key. The terminal recovers the Issuer Public Key from the Issuer PK Certificate and uses the recovered Issuer Public Key to recover the hash of application data from the digital signature. A match of the recovered hash with a hash of the actual application data proves that the data has not been altered.
Offline Dynamic Data Authentication (DDA) validates that the 'dog-tag' data has not been fraudulently altered and that the 'dog-tag' is genuine. The terminal verifies the 'dog-tag' static data in a similar manner to SDA. Then, the terminal requests that the 'dog-tag' generate a cryptogram using dynamic (transaction unique) data from the 'dog-tag' and terminal and an ICC Private Key. The terminal decrypts this dynamic signature using the ICC Public Key recovered from 'dog-tag' data. A match of the recovered data to the original data verifies that the 'dog-tag' is not a counterfeit 'dog-tag' created with data skimmed (copied) from a legitimate 'dog-tag'.
Alternatively, when the security personnel inserts a IC based ID-card (Smart Card) 400 into the ID Card reader slot 208, the microprocessor 104 detects the IC based ID-card (Smart Card) 400 insertion into the ID Card reader 205 at step 301, and microprocessor 104 performs a cryptographic validation and expiration check on the account number read from the IC based ID-card (Smart Card) 400 at step 302 and 303 utilizing the SAM 204. The microprocessor 104 uses conventional cryptographic validation routines as provided in the relevant ISO standards, such as ISO Standard 15408. The microprocessor 104 determines whether it should authenticate the card offline using either offline static or dynamic data authentication based upon the card and terminal support for these methods.
Offline Static Data Authentication (SDA) validates that important application data has not been fraudulently altered since card personalization as discussed above in regard to the IC based 'dog-tag.'
If the microprocessor 104 determines that the account number is not valid at step 303, an "Invalid ID Card" message or other appropriate message is displayed on the handheld computer's display 101 at step 304. The microprocessor 104 will then update the site access record to show that this ID has not been validated for site access at step 305. In a typical security scenario - the security guard will deny access and take whatever action is appropriate for the circumstances, (e.g. keep the ID badge - call authorities) at step 306.
If the microprocessor 104 determines that the offered ID card is valid, the handheld computer's microprocessor 104 checks the cardholders authorization to enter the secure area against a database held within the handheld computer's memory at step 307.
If an authorization for entry for the person submitting the ID badge cannot be found within the database within the handheld computer's memory at step 308, a "Request Orders" message is displayed on the handheld computer's display 101 at step 309. In appropriate circumstances the security guard will request any written orders or authorization for this ID card holder to enter this secure area at step 310. The security guard may then validate this written authorization using appropriate procedures at step 311 and 312. If the written authorization is not validated at step 312, the site record will be updated and the security guard will deny access at steps 305 and 306 as described previously.
If the written authorization is validated at step 312, the security guard will enter a temporary authorization code at step 313, and return the written orders to the ID card holder at step 314.
The microprocessor 104 will then update the site access record to show that the ID card identified in step 308 or 312 has been validated for site access.
The microprocessor 104 will then display the ID card holder's descriptive data on the handheld computer's display 101 at step 316, so that the security guard may perform a visual check between the information presented on the handheld computer's display 101 and the person presenting the ID card.
If the visual inspection does not match at step 318 - the site record will be updated and the security guard will deny access at steps 305 and 306 as described previously. If the visual inspection at step 318 passes - the security guard will indicate that the visual inspection was OK at step 318, and the microprocessor 104 will update the site access record at 319 to show that this ID card visual identification in step 318 has been validated.
The microprocessor 104 will then determine if the site access requires thumbscan authorization at step 320. If thumbscan authorization is required by step 320, the microprocessor 104 will then display an "Obtain Thumbscan" message on the handheld computer's display 101 at step 321. The security guard will then obtain a thumbscan of the person presenting the ID card at step 322.
The microprocessor 104 using appropriate computer programming software contained within the expansion module 200 will then determine at step 323, if the thumbscan just obtained matches the thumbscan image data contained within the data read from the ID card at steps 300 or 301. If the thumbscan data does not match, the microprocessor 104 will display a "Thumbscan Fail" message on the handheld computer's display 101 at step 332, and the site record will be updated and the security guard will deny access at steps 305 and 306 as described previously.
If the thumbscan is validated at step 323, the microprocessor 104 will then update at 324 the site access record to show that this ID card thumbscan identification in step 323 has been validated.
If the thumbscan was not required at step 320, or the thumbscan data was validated at step 323, the microprocessor 104 will display an "Access Authorized" message on the handheld computer's display 101 at step 325 to advise the security guard that access has been authorized.
The security guard will acknowledge the "Authorized' message at step 326, the microprocessor 104 will then update the site access record to show that this ID card has been "Authorized" for access to this site at step 327.
At any time the handheld computer identifies that it has been placed into its standard power docking module at step 328, the site records will synchronize with the information contained within the handheld computer and the site records will be updated at step 329.
Figure 4 diagrammatically illustrates the various types of cards accepted by the secure security-ID terminal of the present invention. The card types accepted are: - IC based ID-card (Smart Card)s 400, or IC based 'dog-tag' 401 that comprise of a base plastic card, a imbedded IC chip 402, and other printed and embossed information that is pertinent to the card (not shown). The IC based ID-card (Smart Card)s 400 and IC based 'dog-tags' 401 described herein conform in general to ISO 7810, ISO 7813, ISO 7816, ISO 10202 and ISO 14443.
Figure 5a is a diagrammatic illustration of a top view of a first preferred embodiment of the invention. It shows the handheld computer 100 and the location of the handheld computer expansion connector 106 on the top of the handheld computer 100.
Figure 5b is a diagrammatic illustration of a top view of the first preferred embodiment of the invention. It shows the expansion module 200 along with the location of the ID Card reader slot 208 location on top of the expansion module 200.
Figure 6 is a diagrammatic illustration of a front view of a first preferred embodiment of the invention. It shows the handheld computer 100 and expansion module 200 along with location details for the handheld computer's display 101, keypad 102 and touchpad 103. It also illustrates the preferred location of the thumbprint scanner 210.
Figure 7 is a diagrammatic illustration of a side view of a first preferred embodiment of the invention. It shows the handheld computer 100 and expansion module 200 along with location details for the handheld computer's display 101 (not seen), keypad 102 and touchpad 103 (not seen).
Figure 8 is a diagrammatic representation of the contact and signal configuration of a typical handheld computer. It shows the normal signals encountered on such a handheld computer. In operation, the handheld computer 100 is electrically connected to the expansion module control assembly 202 via the handheld computer expansion connector 106. The handheld computer 100 includes, as is customary with most handheld computer's, a keypad 102, a touchpad 103 a display 101, memory (not shown) and a microprocessor 104. The handheld computer 100 is physically removably coupled to the expansion module 200.
In this invention, the microprocessor 104 continually monitors the activity of the expansion module's smart card proximity reader 209 and the ID Card reader 205 and continually monitors the activity within the handheld computer 100, and can capture information of each key press on the keypad 102, or touchpad 103 for processing under the control of the programs contained in the expansion module 200.
All handheld computer keypads 102 and touchpads 103 operate in a similar manner to control the functioning of the handheld computer 100. The handheld computer responds to key-presses on the keypads 102 and information stenciled on the touchpad 103 by the stylus, that are given in reply to prompts provided on the screen 101 by the program running in the handheld computer.
A conventional handheld computer 100 for use in the present invention, preferably includes a colour display 101, keypad 102 and touchpad 103 that are electronically connected via a bus 105 to microprocessor 104. This conventional handheld computer 100 will also customarily be provided with a powered docking module (not shown) that will provide battery recharge facilities, along with facilities to enable the data contained within the conventional handheld computer 100 to synchronize with an external database or source (not shown).
A preferred embodiment according to the present invention is one in which an IC based ID-card (Smart Card) 400 is used during the access authorization sequence. This preferred embodiment is described in detail below with reference to the accompanying drawings.
The security guard inserts the IC based ID-card (Smart Card) 400 through the IC based ID-card (Smart Card) slot 208 in the expansion module 200, the action of inserting the IC based ID-card (Smart Card) 400 through the IC based ID-card (Smart Card) slot 208 in the expansion module 200 causes the stored information contained in the IC based ID-card (Smart Card) 400 to be read by the ID Card reader 205 and associated electronics on the expansion module control assembly 202 in such a manner as to present to the handheld computer microprocessor 104 the information contained in the IC of the IC based ID-card (Smart Card) 400.
The microprocessor 104 then performs a cryptographic validation and expiration check on the information read from the IC based ID-card (Smart Card) 400. The processor 104 uses conventional cryptographic validation routines as provided in the relevant ISO standards, such as ISO Standard 15408. The processor 104 determines whether it should authenticate the card offline using either offline static or dynamic data authentication based upon the card and terminal support for these methods.
Offline Static Data Authentication (SDA) validates that important application data has not been fraudulently altered since card personalization. The terminal validates static (unchanging) data from the card using the card's Issuer Public Key (PK) Certificate that contains the Issuer Public Key and a digital signature that contains a hash of important application data encrypted with the Issuer Private Key. The terminal recovers the Issuer Public Key from the Issuer PK Certificate and uses the recovered Issuer Public Key to recover the hash of application data from the digital signature. A match of the recovered hash with a hash of the actual application data proves that the data has not been altered.
Offline Dynamic Data Authentication (DDA) validates that the card data has not been fraudulently altered and that the card is genuine. The terminal verifies the card static data in a similar manner to SDA. Then, the terminal requests that the card generate a cryptogram using dynamic (transaction unique) data from the card and terminal and an ICC Private Key. The terminal decrypts this dynamic signature using the ICC Public Key recovered from card data. A match of the recovered data to the original data verifies that the card is not a counterfeit card created with data skimmed (copied) from a legitimate card. If the proffered IC based ID-card (Smart Card) 400 is deemed to be not valid, an "Invalid ID Card" message or other appropriate message is displayed upon the display 101, and the site access record database (not shown) is updated by the microprocessor 104 to reflect the invalid ID card access attempt, and the security guard may take whatever action is appropriate for the circumstances.
If the proffered IC based ID-card (Smart Card) 400 is deemed to be valid - the card data is checked against a valid site access database (not shown) to determine if the proffered card has been authorized for access to this site. If the proffered card information is not found within the site access database (not shown), then the microprocessor 104 will display a "Request Orders" message on the display 101 for the security guard.
The security guard will then request the person proffering the IC based ID-card (Smart Card) 400 to present any written orders or authorization that authorize their access to this site. The security guard will validate the proffered orders or authorization using whatever procedure is required by the site in question. If the security guard is advised that the proffered documents are not valid, he will press a key on the keypad 102 to indicate to the program that the proffered documentation was found to be invalid, and the microprocessor 104 will display a "Invalid Orders" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the invalid orders access attempt, and the security guard will take whatever action is appropriate for the circumstances.
If the proffered documentation is found to be in order - the security guard will enter the temporary authorization number using the stylus on the touchpad 103, and return the proffered documentation to the person who presented the documentation. The site access record database (not shown) is updated by the microprocessor 104 to reflect the temporary authorization of this IC based ID-card (Smart Card) 400.
The microprocessor 104 will now display the information recovered from the proffered IC based ID-card (Smart Card) 400 for the security guard to view. This information will include a photo-ID of the person authorized to use this IC based ID-card (Smart Card) 400 as well as such other data as required by site security.
The security guard will now perform a visual comparison of the information displayed on the display 101 and the person who proffered the card. If the security guard determines that there is not a match between the information displayed on the display 101 and the person who has proffered the card, he will press a key on the keypad 102 to indicate to the program that the visual match was found to be invalid. The microprocessor 104 will display a "Visual Match Fail" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the visual match failed, and the security guard will take whatever action is appropriate for the circumstances.
If the security guard determine that there is a match between the information displayed on the display 101 and the person who has proffered the card, he will press a key on the keypad 102 to indicate to the program that the visual comparison was found to be valid, and the site access record database (not shown) is updated by the microprocessor 104 to reflect the acceptance by the security guard of the visual check.
The microprocessor 104 would then check the site access database (not shown) to determine if additional biometric authorization is required for access to the site, by the person proffering the IC based ID-card (Smart Card) 400. If the microprocessor 104 determines that additional biometric authorization is required for the person proffering the IC based ID-card (Smart Card) 400, then the microprocessor 104 will display an "Obtain Thumbscan" message on the display 101, and the security guard will request a thumbscan from the person proffering the IC based ID-card (Smart Card) 400.
The microprocessor 104 will perform a validation of the thumbscan read by the thumbprint scanner 210 and compare it with the biometric data read from the IC based ID-card (Smart Card) 400 to determine if a sufficient match has been achieved to authorize access to the site. If the microprocessor 104 determines that the proffered thumbprint was not a sufficient match, then the microprocessor 104 will display a "Thumbscan Fail" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the failed thumbscan, and the security guard will take whatever action is appropriate for the circumstances.
If the microprocessor 104 determines that the proffered thumbprint is a sufficient match by predetermined criteria then the microprocessor 104 will update the site access record database (not shown) to reflect the accepted thumbscan.
The thumbscan (or scan of other body parts such as a finger, or the eye) validation is performed by conventional programs that use biometric authentication systems. The preferred validation program is eCryp FGP 1.0, available from and proprietary to eCryp, Inc., www.ecrypinc.com.
The microprocessor 104 will display an "Authorized" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect that the person proffering the IC based ID-card (Smart Card) 400 has been cleared for access to the site. The security guard will press a key on the keypad 102 to indicate to the program to acknowledge the authorized message, and the microprocessor 104 will update the site access record database (not shown) to reflect the acceptance of the authorization.
Whenever the handheld computer 100 recognizes that it has been placed within it's docking module (not shown), as is conventional, the microprocessor 104 will synchronize it's databases (not shown) with the site main database (not shown), to reflect any changes or accesses granted or denied since the last time it synchronized with the site database in a manner similar to that disclosed in U.S. Pat. No. 5,974,238. At this time also any changes made to the site database are recorded in the database contained within the expansion module 200.
In a second embodiment according to the present invention an IC based 'dog- tag' 401 or a contactless IC based ID-card (Smart Card) 400 is used during the access authorization sequence. This embodiment is described in detail below with reference to the accompanying drawings. The security guard places the expansion module 200 in the vicinity of the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 and presses a button on the keypad 102, the action of pressing the button on the keypad 102 causes the electronics contained within the expansion module 200 to inductively read the information stored in the IC based 'dog-tag' 401 or in a contactless IC based ID-card (Smart Card) 400, to be read by the smart card proximity reader 209 and associated electronics on the expansion module control assembly 202 in such a manner as to present to the handheld computer microprocessor 104 the information contained in the IC of the IC based 'dog-tag' 401 or of a contactless IC based ID-card (Smart Card) 400.
The microprocessor 104 then performs a cryptographic validation and expiration check on the information read from the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400. The processor 104 uses conventional cryptographic validation routines as provided in the relevant ISO standards, such as ISO Standard 15408. The processor 104 determines whether it should authenticate the IC based 'dog-tag' or smart card offline using either offline static or dynamic data authentication based upon the IC based 'dog-tag' or smart card and terminal support for these methods.
If the proffered IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 is deemed to be not valid, an "Invalid ID Card" message or other appropriate message is displayed upon the display 101, and the site access record database (not shown) is updated by the microprocessor 104 to reflect the invalid ID card access attempt. The security guard will then take whatever action is appropriate for the circumstances.
If the proffered IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 is deemed to be valid - it is checked against a valid site access database (not shown) to determine if the proffered card or 'dog-tag' has been authorized for access to this site. If the proffered card or 'dog-tag' information is not found within the site access database (not shown), then the microprocessor 104 will display a "Request Orders" message on the display 101 for the security guard. The security guard will then request the person proffering the IC based 'dog- tag' 401 or a contactless IC based ID-card (Smart Card) 400 to present any written orders or authorization that authorize their access to this site. The security guard will validate the proffered orders or authorization using whatever procedure is required by the site in question. If the security guard is advised that the proffered documents are not valid, he will press a key on the keypad 102 to indicate to the program that the proffered documentation was found to be invalid, and the microprocessor 104 will display a "Invalid Orders" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the invalid orders access attempt, and the security guard will then take whatever action is appropriate for the circumstances.
If the proffered documentation is found to be in order - the security guard will enter the temporary authorization number using the stylus on the touchpad 103, and return the proffered documentation back to the person who presented the documentation. The site access record database (not shown) is updated by the microprocessor 104 to reflect the temporary authorization of this IC based 'dog- tag' 401 or a contactless IC based ID-card (Smart Card) 400.
The microprocessor 104 will now display the information recovered from the proffered IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 for the security guard to view. This information will include a photo-ID of the person authorized to use this IC based 'dog-tag' 401 or a contactless IC based ID- card (Smart Card) 400 as well as such other data as required by site security.
The security guard will now perform a visual comparison of the information displayed on the display 101 and the person who proffered the card. If the security guard determines that there is no match between the information displayed on the display 101 and the person who has proffered the card, he will press a key on the keypad 102 to indicate to the program that the visual match was found to be invalid. The microprocessor 104 will display a "Visual Match Fail" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the visual match failed, and the security guard will take whatever action is appropriate for the circumstances.
If the security guard determines that there is a match between the information displayed on the display 101 and the person who has proffered the card or 'dog- tag,' he will press a key on the keypad 102 to indicate to the program that the visual comparison was found to be valid, and the site access record database (not shown) is updated by the microprocessor 104 to reflect the acceptance by the security guard of the visual check.
The microprocessor 104 would then check the site access database (not shown) to determine if additional biometric authorization is required for access to the site, by the person proffering the IC based 'dog-tag' 401 or a contactless IC based ID- card (Smart Card) 400. If the microprocessor 104 determines that additional biometric authorization is required for the person proffering the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400, then the microprocessor 104 will display an "Obtain Thumbscan" message on the display 101, and the security guard will request a thumbscan from the person proffering the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400.
The microprocessor 104 will perform a validation of the thumbscan read by the thumbprint scanner 210 and compare it with the biometric data read from the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 to determine if a sufficient match has been achieved to authorize access to the site. If the microprocessor 104 determines that the proffered thumbprint was not a sufficient match, then the microprocessor 104 will display a "Thumbscan Fail" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect the failed thumbscan, and the security guard will take whatever action is appropriate for the circumstances.
If the microprocessor 104 determines that the proffered thumbprint was of a sufficient match by predetermined criteria then the microprocessor 104 will update the site access record database (not shown) to reflect the accepted thumbscan. The microprocessor 104 will display an "Authorized" message on the display 101 and the site access record database (not shown) is updated by the microprocessor 104 to reflect that the person proffering the IC based 'dog-tag' 401 or a contactless IC based ID-card (Smart Card) 400 has been cleared for access to the site. The security guard will press a key on the keypad 102 to indicate to the program to acknowledge the authorized message, and the microprocessor 104 will update the site access record database (not shown) to reflect the acceptance of the authorization.
Whenever the handheld computer 100 recognizes that it has been placed within it's docking module (not shown), as is conventional, the microprocessor 104 will synchronize it's databases (not shown) with the site main database (not shown), to reflect any changes or accesses granted or denied since the last time it synchronized with the site database. At this time also any changes made to the site database are recorded in the database contained within the expansion module 200.
While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiments, it is to be understood that the invention is not to be limited to the disclosed embodiments, but to the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit of the invention, which are set forth in the appended claims, and which scope is to be accorded the broadest interpretation so as to encompass all such modifications and equivalent structures.

Claims

1. A handheld computer secure security identification terminal comprising: a handheld computer including an expansion connector; an expansion module including a mating connector; the expansion connector connected to the mating connector; and the expansion module including a microprocessor, a smart card proximity reader, an identification card reader, a thumbprint scanner and a multifunction secure access module.
2. The terminal of claim 1 further including a cryptographic validation routine complying with ISO Standard 15408.
3. The terminal of claim 1 further including a color display and a keypad electronically connected to each other via a bus.
4. The terminal of claim 1 in which the multifunction secure access module further includes a memory and encryption processor.
PCT/US2002/006775 2001-03-06 2002-03-06 Secure smart-id palmtop docking module WO2002071238A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US27384701P 2001-03-06 2001-03-06
US60/273,847 2001-03-06

Publications (1)

Publication Number Publication Date
WO2002071238A1 true WO2002071238A1 (en) 2002-09-12

Family

ID=23045657

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/006775 WO2002071238A1 (en) 2001-03-06 2002-03-06 Secure smart-id palmtop docking module

Country Status (1)

Country Link
WO (1) WO2002071238A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005027055A1 (en) * 2003-09-08 2005-03-24 Simonsvoss Technologies Ag Identification system
WO2005088524A1 (en) * 2004-02-12 2005-09-22 Encentuate Pte Ltd Multi-purpose user authentication device
GB2412544A (en) * 2004-03-22 2005-09-28 Vodafone Plc Visual verification of the user of a mobile device
FR2926150A1 (en) * 2008-01-09 2009-07-10 Siemens Sas Soc Par Actions Si Computer terminal i.e. tablet personal computer, for e.g. police professional, has control module in which fingerprint reader, magnetic tape drive, contact-less chip card or badge reader and standard contact chip card reader are integrated
WO2013006695A2 (en) * 2011-07-05 2013-01-10 Patrick Bouaziz Systems and methods for facilitating transactions
GB2505723A (en) * 2012-09-11 2014-03-12 Andrea Craig Pilipczuk Identification validation system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USD429170S (en) * 1997-12-17 2000-08-08 M.L.R. Electronique (SA Conseil D'Administration) Expansion module for handheld electronic device
US6222726B1 (en) * 1998-04-10 2001-04-24 Samsung Electronics Co., Ltd. Portable personal computer with arrangement for connecting an expansion card to a socket therein
US6407914B1 (en) * 2000-04-11 2002-06-18 Hewlett-Packard Company Docking system for portable computer

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USD429170S (en) * 1997-12-17 2000-08-08 M.L.R. Electronique (SA Conseil D'Administration) Expansion module for handheld electronic device
US6222726B1 (en) * 1998-04-10 2001-04-24 Samsung Electronics Co., Ltd. Portable personal computer with arrangement for connecting an expansion card to a socket therein
US6407914B1 (en) * 2000-04-11 2002-06-18 Hewlett-Packard Company Docking system for portable computer

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005027055A1 (en) * 2003-09-08 2005-03-24 Simonsvoss Technologies Ag Identification system
WO2005088524A1 (en) * 2004-02-12 2005-09-22 Encentuate Pte Ltd Multi-purpose user authentication device
GB2412544A (en) * 2004-03-22 2005-09-28 Vodafone Plc Visual verification of the user of a mobile device
GB2412544B (en) * 2004-03-22 2008-12-31 Vodafone Plc Visual verification of the user of a mobile device
FR2926150A1 (en) * 2008-01-09 2009-07-10 Siemens Sas Soc Par Actions Si Computer terminal i.e. tablet personal computer, for e.g. police professional, has control module in which fingerprint reader, magnetic tape drive, contact-less chip card or badge reader and standard contact chip card reader are integrated
WO2013006695A2 (en) * 2011-07-05 2013-01-10 Patrick Bouaziz Systems and methods for facilitating transactions
WO2013006695A3 (en) * 2011-07-05 2013-03-21 Patrick Bouaziz Systems and methods for facilitating transactions
GB2505723A (en) * 2012-09-11 2014-03-12 Andrea Craig Pilipczuk Identification validation system and method

Similar Documents

Publication Publication Date Title
US9704312B2 (en) Apparatus and methods for identity verification
US20200019683A1 (en) Biometric identification device with removable card capabilities
US6325285B1 (en) Smart card with integrated fingerprint reader
US8340296B2 (en) Method and system for registering and verifying smart card certificate for users moving between public key infrastructure domains
EP0379333B1 (en) Secure data interchange system
CN102714591B (en) Proximity based biometric identification systems and methods
CN101496024B (en) Net settlement assisting device
US9690916B2 (en) Multi-function identification system and operation method thereof
RU2188514C2 (en) Device for reliable generation of electronic signatures
US8335926B2 (en) Computer system and biometric authentication apparatus for use in a computer system
US20020109580A1 (en) Wireless universal personal access system
EA001415B1 (en) Conditional access method and device
US20120011565A1 (en) System and method for storing and providing access to secured information
WO1999026373A1 (en) Method for using fingerprints to distribute information over a network
CN1531673A (en) Method and system for securing computer network and personal identification device used therein for controlling access to network components
WO2001086599A2 (en) Smart communications
EA020762B1 (en) Contactless biometric authentication system and authentication method
JPH1139483A (en) Fingerprint authentication card, memory card, authentication system, authentication device and portable equipment
KR20100105704A (en) Method for authorizing a communication with a portable electronic device, such as access to a memory area, corresponding electronic device and system
CA2469433A1 (en) Use of a kiosk to provide verifiable identification using cryptographic identifiers
WO2000074007A1 (en) Network authentication with smart chip and magnetic stripe
US8271391B2 (en) Method for securing an on-line transaction
WO2022245777A1 (en) Transaction authorization using biometric identity verification
WO2002071238A1 (en) Secure smart-id palmtop docking module
KR20150065167A (en) Fingerprint certification smart intergrated circuit card and method of certification of thereof

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP