CA2233942A1 - Biometric identification system for providing secure access - Google Patents
Biometric identification system for providing secure access Download PDFInfo
- Publication number
- CA2233942A1 CA2233942A1 CA002233942A CA2233942A CA2233942A1 CA 2233942 A1 CA2233942 A1 CA 2233942A1 CA 002233942 A CA002233942 A CA 002233942A CA 2233942 A CA2233942 A CA 2233942A CA 2233942 A1 CA2233942 A1 CA 2233942A1
- Authority
- CA
- Canada
- Prior art keywords
- biometric
- biometric data
- data
- portable
- sensing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/12—Fingerprints or palmprints
- G06V40/13—Sensors therefor
- G06V40/1306—Sensors therefor non-optical, e.g. ultrasonic or capacitive sensing
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/26—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/28—Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/33—Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses
Abstract
A portable device is disclosed for receiving biometric information and for providing a signal in dependence thereon to a remote receiver. The device comprises a biometric sensor for imaging fingerprints, a processor for encoding the input biometric information, an infrared transmitter for transmitting the encoded biometric information to a receiver, and a power source. The device can be implemented in a watch, key chain, ID badge or a credit card.
Description
BlO~n~rRTC nDENT~CAl~ON SYSTEM FOR PROVnDnNG SECU~E ACCESS
Field of the Invention This invention relates generally to personal identification systems and more particularly relates to a biometric security identification system (BSIS).
Background of the Invention Biometric security identification systems, such as fingerprint sc~nning and input devices are becoming more commonplace as the need to validate authorized users of computers, databases, and secure spaces grows. As computers become more mini~hlrized~ so 0 too are other cu~ u~lication and security devices decreasing in size. One of the more important reasons~ however. to mini~tllrize electronic devices is to lessen the burden of porting them.
The use of security systems is generally well Icnown. Their use is increasing with s greater availability of digital electronic components at a relatively low cost. Such systems are known for securing buildings, banks, automobiles, computers and many other devices. For example, U.S. Pat. No. 4, 951, 249 discloses a computer security system which protects computer software from unauthorized access by requiring the user to supply a name and a password during the operating system loading procedure ("boot-up") of a personal computer 20 (PC). This is accomplished by the insertion of a special card into an input/output expansion slot of the PC. During the loading of the operating system of the PC, the basic inputloutput system (BIOS) scans memory addresses of the card for an identification code, consisting of a 55AA hex code. When this hex code is located, the BIOS instructions are vectored to the address where the target hex code resides and instructions at the following addresses are ~5 executed as part of the initialization routines of the system boot-up procedure.
This PC security system, lltili7ing password protection, is typical of many systems that are currently available. Password protection requires a user's narne and a password associated with that user's name. Only once an associated password is detected for a valid 30 user's name does the PC complete the boot-up roL~ine. Though passwords may be useful in some instances, they are inadequate in many respects. For exarnple, an unauthorized skilled user with a correct password in hand, can gain entry to such a processor based system. Yet another undesirable feature of the foregoing system is that passwords on occasion are forgotten, and furthermore, and more importantly, passwords have been known to be decrypted.
s As of late one of the most ubiquitous electronic components is the digital processor.
Multi-purpose and dedicated processors of various types control devices ranging from bank machines, to cash registers and automobiles. With ever increasing use of these processor based devices, there is greater concern that unauthorized use will become more prevalent.
o ~hus, the verification and/or authentication of authorized users of processor based systems is a burgeoning industry.
Alarrns and security systems to warn of unauthorized use of automobiles and other processor controlled systems are available, however, these security systems have been known ls to be circumvented. Unfortunately, many commercially available solutions aimed at preventing theft or unauthorized use of automobiles have also been circumvented. As of late, initiatives have been underway in the security industry, to provide biometric input devices to validate users of electronic and other systems, that are to have restricted access. One limitation associated with many typical comrnercially available biometric systems is the large ~o physical size of the im~ging devices. Concern with placing a biometric input device in an location that is ~rces~ihle to the public is the risk of the input device being v~n~l"li7Prl In the field of digital and analog comm~mic~tions7 wireless devices are becomingmore commonplace. Inexpensive computer systems are currently commercially available 2s wherein printers communicate with computers which in turn communicate with other c~ lpu~ , via infra red tr~n~mitters and receivers. Other devices, using other optical co~ l.,ic~tion systems, such as data transmitting/receiving wrist watches are now available in department stores at ~ .LallLially affordable prices; these wrist watches include processors and software for c~ ,l,ullication with a colll~uL~:. and for downloa ling and uploading small 30 amounts of data as required.
Ob~ect of the Invention It is an object of this invention to provide a portable biometric input device for sensing input biometric data, and transmitting the data to a receiver.
5 Summary of the Invention In a first broad embodiment the invention seeks to provide a portable biometric input device comprising: biometric sensing means for sensing biometric input information.
generating biometric data therefrom, and providing the biometric data in relation to the lo sensed biometric input information; tr~n~mi~ion means for receiving at least an aspect of the biometric data and for transmitting a signal in dependence upon the at least an aspect of the biometric data; and a battery for providing power to the device.
In an embodiment, the transmission means is a wireless tr~ncmi~ion means for 5 transmitting a signal in dependence upon the at least an aspect of the biometric data.
In an embodiment. the tr:~n~ ion means comprises a biometric data encoder and aninfrared transmitter for transmitting a signal in dependence upon the at least an aspcct of the biometric data.
In an embodiment. the device further comprises storage means for storing data related to said biometric data.
In an embodiment, the device further comprises processor means for processing the 25 biometric data.
In an embodiment, the processor means is for comparing the biometric data with previously stored biometric data to provide comparison results; and the signal in dependence upon at least an aspect of the biometric data comprises a signa} in depen~l~nce upon the 30 comparison results.
In an embodiment, the device further comprises means to receive a password and wherein the ~ c~iion means is for tr~n~mitting a signal in dependence upon at least an aspect of the biometric data and the password.
In an embodiment, the device further comprises means to receive a password and wherein the processor means is for co...l-~. ;.,g the biometric data with previously stored biometric data and the password and a previously stored password to provide col~palison results; and the signal in dependence upon at least an aspect of the biometric data comprises a signal in dependence upon the co~ "~Qn results.
In an embodiment, the device fi~rther comprises means for encrypting at least anaspect the biometric data; and the tr~n~mi~ion means is for receiving the encrypted data and for tr~n~mitting a signal in dependence upon the at least an aspect of the encrypted data.
In an embodiment, the means for encrypting the biometric data comprise public/private key encryption means.
Alternatively, the means for encrypting the biometric data comprise session key encryption means.
In an embodiment, the biometric input means is a fingerprint im~ging device.
In an embodiment, the device further comprises a housing in the form of a watch r,~Pn~pnt and a watch face.
2s In an embodiment, the biometric input means comprises associated electronic Cil~;Ui~l,y and conductive pads disposed on the watch face.
In a further broad embodiment, the invention seeks to provide a portable biometric input sensor comprising: an array of sense ~le1llPnte spaced apart and comprising a sensing electrode for sensing biometric input; drive means coupled to at least some of the sense W O9811267~ PCT/CA97100663 elements for controlling and addressing each of the at least some sense elements according to a predetermined sequence, for receiving a signal in dependence upon the biometric input. and for providing biometric data in dependence upon the sensed biometric input; processor means for processing biometric data; and, wireless transmission means for transmitting to a receiver s a signal that corresponds to at least an aspect of the biometric data.
In an embodiment~ the device further comprises means for encrypting the biometric data further comprising means for encrypting at least an aspect the biometric data; and the tr~n~mi~ion means is for receiving the encrypted data and for transmitting a signal in I o dependence upon the at least an aspect of the encrypted data.
In an embodiment. the means for encrypting the biometric data comprise public/private key encryption means.
In an embodiment, the means for encrypting the biometric data comprise session key encryption means.
In another broad embodiment the invention seeks to provide a biometric security identification system comprising: a portable transmitting module comprising a biometric sensing means. means for encoding biometric data and wireless tr~n~mi~ion means for tr~n~mit~in~ the encoded biometric data as an encoded signal; and a receiving module comprising means for receiving the encoded signal, means for extracting the encoded biometric data~ and means for comparing the encoded biometric data with predetermined reference values, and means for authorizing access to a host system.
2s In an embodiment, the biometric sensing means comprises a fingerprint scanner.
In an embodiment, the device further comprises means for encrypting the biometric data further comprising means for encrypting at least an aspect the biometric data; the - 30 tr~n~mi~.sion means is for receiving the encrypted data and for transmitting a signal in dependence upon the at least an aspect of the encrypted data; and the means for extracting the W O 98/12670 PC~/CA97/00663 encoded biometric data comprises means for decrypting and for extracting the encoded biometric data.
In an embodiment, the means for encrypting the biometric data comprise public/private key encryption means.
In an embodiment, the means for encrypting the biometric data comprise session key encryption means.
o In yet another broad aspect, the invention seeks to provide a portable biometric input device comprising: sensing means including a platen upon which to rest a finger, said sensing means for sensing the presence and location of fingerprint ridges upon the device; processor means for processing sensed data; and, wireless k~n~mi~ion means for transmitting a signal that corresponds to at lcast an aspect of the sensed data; and a battery for providing power to the 1 5 device.
The advantages of a system in accordance with this invention are numerous For example, providing a lightweight fingerprint input tr~n~ u~r capable of wireless communications with a remote system obviates the requirement of securing the input tr~n~ducer from vandals and prevents tampering therewith. Providing an input sensor that serves as a user's personalized key, offers distinct and obvious advantages. Firstly, the sensor may be protected by the user, being his or her own personal device. and furthermore, a user's personalized sensor may comrnunicate with several different devices that require validation in the form of a users biometric input data, for example, the input sensor may provide a valid access code in the forrn of a biometric key, to unlock a locked car door, a house door, and/or to provide access to a banking m~hin~ or a computer. Furthermore, a user's personal sensor can be programmed with its own identification key which can accompany a user's biometric data in t_e validation process, to validate both the sensor and the user.
Brief D~ "ion of the D. ~
Exemplary embodiments of the invention will now be discussed in conjunction withthe ~rh~ drawings in which:
Fig. I is a block diagram of the biometric security identification system (BSIS)according to the invention;
Fig. 2 is a simplified diagram of a sensing device for use with the present invention showing an array of sensing elements together with associated addressing circuitry;
Fig. 3 is a simplified diagram of a sensing element for use with the present invention;
Fig. 4 is a s~.h~m~tic diagram of an amplifier circuit for use with the present invention;
Fig. 5a is a digital watch according to the present invention;
Fig. ~b is an analogue watch according to the invention;
o Fig. 6 is a block diagram of the transmitting module of Fig. I;
Fig. 7 shows a block diagram of the receiving module of Fig. 1;
Fig. 8 is a flowchart for illustrating a mode of operation of an embodiment of a BSIS
according to the present invention;
Fig. 9 is a flowchart for illustrating a mode of operation of an cmbodiment of a BSIS
15 according to the present invention;
~ig. 10 is a flowchart for illustrating a mode of operation of an embodiment of a BSIS
according to the present invention further C~ illg bi-directional communication;Fig. 11 is a flowchart for illustrating a mode of operation of an embodiment of a BSIS
using bi-directional communication and a time out according to the present invention;
Fig. 12 is a biometric credit card according to the present invention;
Fig. 13 is a device according to the present invention incorporated into a keychain and using infrared wireless communication; and Fig. 14 is a device according to the present invention incorporated into a keychain and using RF wireless commllnic~tion.
Detailed Description Fig. I illustrates the block diagram of a biometric security identification system (BSIS) according to the invention. The system comprises a transmitting module 10 and a receiving module 20 connected over a tran~mic~ion channel in the form of a wireless 30 tr~n~mie~ion channel. The tr~n~mitting module 10 measures a biometric characteristic of a person requesting access to a protected host system and converts the biometric characteristic CA 02233942 l998-04-03 into a biometric ic~entifi~ti-)n (ID) code. The ll,.n~ r module is adapted to be carried or worn by the user, and therefore can take any suitable form, such as a wrist watch, a badge, a wallet, etc.
The biomekic information may be acco~ pallied by a password for increased security of the identification process. In this way, access to the protected host system is denied to unauthorized users, who may have a similar biometric ID. Similar biometric ID may occur if the tr~n~inrer has a low sensitivity, for example for cost or/and mini~ ion reasons. The password could be any m~rl~int? readable code like a PIN, an account number, or a time-o varying code. Selected passwords can be unique to the watch itself, or they can be chosen by the user.
It is apparent that various types of trz~n.~duçers may be used, such as image ort~ p~ Lulc~ t~n~iurers~ electromagnetic field sensors, optical sensors. etc. Preferably, the sensitivity of the tr~n.~ rf r allows for capture of biometric data which reasonably distinguishes the user. In an embodiment, the transmitting module is in the form of a wrist watch provided with a fingerprint reader and described in more detail bclow.
The biometric ID is transmitted to receiving module 20, which is attached to a host system. The tr~n~mi.~.~ion is preferably made by motlnl~ting an infrared (IR) carrier with the biometric ID, but any other type of communication between the tr~n~mitting module 10 and receiving module 20 may be used. Preferably wireless communication means are used as dictated by selected design parameters, such as the tli~t~nre between the modules, the power budget, etc. Preferably, and for obvious security reasons, a wireless communication means employed should minimi7e the risk of interception and recording of a biometric ID.
At receiving module 20, the biometric ID is compared to a reference ID pre-stored in a memory. If the current biometric ID (IDC) m~trhr$ a reference ID (IDREF3, access to the host system is authorized. The host system could be a computer system, an ATM banking machine, a door latch or any other system which must be secured against unauthorized WO 98/12670 ~CT/CA97/00663 access. In an alternative embodiment, the biometric ID is compared in the transmitting module 10 and an access code is sent to the receiving module 2~) for comparison.
Referring to Fig. 2. part of a sensing device for use in an embodiment of the present 5 invention and implemented on a semiconductor chip is shown comprising a single active matrix addressed sensing pad 119 having an X-Y array of sense elements consisting of r rows (1 to r) with c sensing elements 117 in each row. In practice there may be about 30Q rows and 200 columns of regularly-spaced elements occupying an area of approximately 2 cm x 3 cm.
This area is for accepting a fingertip for sçz~nning Should such a sensing pad 119 be made lo larger~ it could be used for sc~nning other items such as a palm of a hand.
Sensor elements 117 are disposed in such a fashion that they are capable of distinguishing the smallest desired feature of a fingerprint. Preferably, the placement and spacing of the sensor elements allow an image of a fingerprint, once scanned, to contain all 5 required features for analysis. The sensing element 117 is smaller than half the smallest sensible feature size allowing a suitable image to be generated. Empirical studies reveal that a square plate of about 50 !lm edge length is suitable for fingerprint sensing. Although the ~al~lus is described with reference to an array of sensing elements 117 having substantially square shape. it is possible to use different configurations of sensing elements 117 such as 20 concentric circles or a spiral and different shapes such as triangles, circles. or rectangles.
The array of sensing elements 117 is connected through an analog switch matrix to facilitate reading the finge.y..lll image out of the sensing array 119. Timing and sequencing logic 116 selects each element in the array in turn to produce a complete image of a 2s fingerprint presented to the device. The signal may be output directly as an analog signal or may be converted to a digital signal prior to output from the device.
The sensing pad 119 further comprises a ground ring 115 and bonding pads 118 rlesigned for connection to other components or to p~ck~ging The ground ring 115 also 30 serves to provide a cornmon ground for the sensing pad. Accordingly, it is important that the ground ring 115 and integrated circuit elements be designed so as to minimi7~ noise to each sensing element 117. The signal to noise ratio that is acceptable will vary between applications and should be adjusted to meet the needs of a specific design. When possible~
p~ck~ging should be selected to limit noise.
Referring to Fig. 3, a single sensing plate 120 is shown. Such a sensing plate 120 is designed to be used in arrays and preferably is smaller than half the smallest sensible feature size as indicated above. Charge sensing electrode 121 is connected to an active element which is shown as a three terminal switching device in the form of a field effect transistor (FET) having a source, a drain, and a gate 126. The gate 126 is connected to the sensing electrode o 121 by an interconnect 124. Disposed bet.~,veen the gate 126 and the transistor 130 is a gate oxide 127. Such transistor configuration is known in the art.
Above the charge sensing electrode 121 is disposed an overglass 122 which serves to protect the charge sensing electrode 121 and to space the electrode and a fingertip presented thereto. Below the charge sensing electrode 121 is disposed a field oxide 125. ~ finger placed against the overglass 122 induces charge in the charge sensing electrode 121. By amplifying the charges induced by a fingertip on the charge sensing electrode 121 with an amplifier circuit such as is shown in Fig. 4, the inclllce~l charges can be rendered easily distinguishable.
Referring to Fig. 4, a sensing pad 120 is electrically grounded. A second side is connected through electrostatic discharge protection 131 in the forrn of resistors and diodes.
A filter circuit 132 and 133 improves circuit operation. Transistors 134, 135, 136, and 137 provide amplification of inf~ ecl voltages allowing a signal at an output of transistor 136 to be digitized by a low cost A/D COllV~:;lt~l.
Assuming that the charge density on the fingertip is ~h~ 11y even, induced charges on the charge sensing electrode 121 will depend solely on the rliet:~nt~e between the charge sensing electrode 121 and the skin of the fingertip inci~lcing the charge. Further, as the induced charge falls off with the rli~t~nt~e, the closest skin of the fingertip will induce a larger proportion of the charge. The sensor is employed in the above fashion to image fingertips.
W 098/1267~ PCT/CA97/00663 Referring to Fig. 5a, a watch is shown comprising (in part~ the present invention. The watch 50 is secured in place on a person7s wrist for example by way of a strap 51. Alternative methods such as a chain as is common in pocket watches, a pouch (not shown)~ velcro~ a pin, or means for secllring the watch to a sporting apparatus may also be used. A time display means 52 in the form of an LCD display, an LED display, an analogue time display~ a voice generated time, or a Braille time display is disposed upon the watch 50 in a conventional manner. Preferably, the time display means 52 is offset to allow for sufficient contiguous surface area for a biometric sensor 53. Alternatively, the biometric sensor 53 is designed to be superimposed upon the time display means 52 and not interfere therewith as shown in Fig.
o 5b. An emitter port in the form of an infra red emitter port 55 is located on the watch 50 such that light emitted from the infra red port 55 is directed toward a sensor (not shown) in use. In Fig. 5a and Fig. Sb, the infra red emitter port 55 is located on the top of the watch above the face and pointing substantially coplanar to the watch face. In this orientation. an emitted signal is directed away from the body of a user and forward during normal use.
The biometric sensor means 53 is of the form described above and shown in Figs. 27 3, and 4. Alternatively, the biometric sensor means 53 is a capacitive fingerprint scanner requiring pre-charging as are well known in the art. Further alternatively, the biometric sensing means 53 is an optical biometric sc~nning device in the forrn of a retinal scanner, an ~o optical fingerprint scanner, an optical palm scanner, or any other suitable (and portable) biometric sensing device.
Referring to Fig. 5b, an analogue watch 150 is shown. ~nalogue watches of this type are well known and are in common use. On to the face of the analogue watch 150 are deposited a plurality of metal pads 155 and associated circuitry 156. The pads 155 and the associated circuitry 156 act as sensors and addressing circuitry and combine to form the sense electrode for a biometric input device. The analogue watch 150 is ~ ignPd to be easily read in the presence of the pads 155 and the associated circuitry 156. This is accomplished by ensuring that a short hand on the watch 150 is long enough to be partially visible at each - 30 outside edge of the metal pads 150 in each possible orientation. Alternatively, this is accomplished by ~lesigning the hands of the watch to be visible through or between the pads Il 150. Further ~ltern:ltively, this is accomplished by ~le~igning the pads 150 such that information on positions of the watch hands is transmitted through or by the metal pads 150.
Further alternatively, this is accomplished by ~lçcigning the watch face with an offset analogue time indication providing sufficient space for the pads 150 as is shown in Fig. 5a.
The associated ci~ y 156 is coupled to driver and sensing circuitry for reading the electrode in the form of metal pads 155 and for determining the presence of a fingerprint or other biometric input. The analogue watch 150 also comprises an infra red emitter port 55.
lo Alternatively in Fig. 5a and Fig. 5b, the infra red emitter port 55 comprises a transceiver capable of transmitting and receiving information in the form of infra red signals.
An emitter is sufficient for carrying out the invention but a transceiver adds additional functionality. A watch, such as those shown in Figs. 5a and Sb can accept information to further enhance security of the invention during use. Further, a transceiver is useful in progr~mming the device for password access or for new authorized users. Further, a transceiver is useful in storing a time log of accesses and providing same to a computer at intervals.
Alternatively, the emitter 55 is a wireless emitter other than infrared. Furtheralternatively, the emitter 55 is in the form of a coupling device for coupling to the receiving module 20 and sending a signal thereto via a non-wireless electrical connection.Alternatively, the transceiver 55 is a wireless transceiver other than infrared. Further alt~rn~tively, the transceiver 55 is in the form of a coupling device for coupling to the receiving module 20 and sending a signal thereto or receiving a signal thc.~;;rlolll via a non-wireless electrical connection.
Fig. 6 shows a block ~liAgrAm of the tran~mitting module 10 of the BSIS. The module 10 comprises a power source in the form of a battery 5. The battery provides power to electronic circuits within the trAn~mitting module 10. A reader 11 comprises a transducer, or sensor 15, 16, 17, and a drive circuit 18. The sensor is in the form of a contact im~ging device for SÇ:~nning a fingerprint. The contact im:~ging device may be in the form of Figs. 2. 3, and 4 or may be a conventional capacitive contact im~ging device. Conventional capacitive contact im~ging devices use a silicon substrate with an array of capacitive pads, each capacitor being associated with a driver. The sensing pads are disposed in close but non-contacting relationship. A small gap between adJacent elements ensures that adjacent edges of the 5 elements do not wipe against one another when a finger is pressed against the sensing surface.
The sensing surface is formed by film deposition on the substrate surface. Sensing pads are regularly spaced apart equally sized electrodes built by metal deposition on an ap~ pliate glass or quartz sl]hstr~t~? Alternatively, the sensing pads are irregular and/or unequally spaced. A reader used for the transducer of an embodiment of the present invention is of a 10 simplified design, adapted for large scale mslnnf~cture. The reader comprises a glass substrate 15 for supporting a capacitive array 16 and a contact surface ~sheet) 17. The array 16 comprises Indium-Tungsten oxide traces which are overlapped with hard gold. Eachcapacitive element has a sense electrode and a switching device such that, when a finger is pressed on the contact surface 17 each sense electrode and the respective overlying portion of 5 the finger surface forrn opposite plates of a capacitor~ the finger surface being at ground potential. The insulating film and air gap, when present, provides the capacitor dielectric. The capacitances of these individual capacitors vary as a function of the spacing between the finger and the contact surface, with smaller capacitance values occurring where the troughs in the finger surface are aligned with a sensor than where ridges are so aligned.
Drive circuit 19 is, preferably, not disposed on the substrate as in conventional sensors. It is preferably couplcd to switching devices for conkolling and addressing each capacitive pad according to a mapping sequence whereby a predetermined potential is applied to each capacitive pad. When a finger is placed on sheet 17 charges are in-lucerl in array 16.
~s Charge is induced in each capacitor in an uneven manner in dependence upon ridges and troughs in the fingertip. The sensor reads these in~ ecl charges in the form of changes in capacitance or capacitive charge and transforms them into a bitmap particular to the fingerprint or a group of fing~ fillL~.
30Alternatively, the array of capacitive plates 17 is applied to a plastic film using metal-film processing or photographic image processing techniques. The plastic film is then applied to any surface. such as a wallet, a key chain, a pen knife, a personal digital assistant, a transportable computer or a watch. Drive circuit 19 is then attached to the array of capacitive pads using conductive epoxy adhesives, or an anisotropic adhesive process. This allows for an inexpensive sensor suhstr~t~ which can be produced on a large scale using conventional s ~CD techniques.
The bitmap collected from the capacitive array is then input to processing unit 12 which encodes the bitmap co~ n~ the fingerprint information and generates a biometric ID. In one embodiment, processor 12 is an 8-bit microprocessor, such as Intel 8051.
o Processor 12 may include a standard encryption module which applies an encryption algorithm for generating an encoded biometric ID.
An infrared transmitter 19 receives the biometric ID, modulates an infrared carrier with this information and then transmits an authorization request signal to receiving module 20.
1s A keypad 13 and a display 14 are preferably provided at the transmitting module 10.
Keypad 13 is used for providing further data or functionality in the form of ON/OFF
functionality and a password. In the embodiment comprising a watch, display means 14 includes time information.
Receiving module 20 is shown in Fig. 7. Receiving module 20 is provided with ~p~ ate transducer means 21 for receiving the authorization request signal and converting it into an electrical signal. Transducer 21 may be for example an IrDA diode. The transducer is controlled by a control Unit 25 in dep.onrl~nc~e upon the current operating mode as 2s (l~?tf~ninec~ by a mode selector 26. Modes of operation for the device are discussed below.
The converted electrical signal is applied to decoder 22 where the biometric ID is extracted in the conventional mode. The recovered biometric IDC and a reference IDRE~ are applied to a co~ Lor 23. The reference ID is obtained from a memory 24, where it has been previously stored, using any of the conventional methods. If a password is also included in the received 30 signal together with the biometric IDC, the p;l~7~7WUld iS extracted by decoder 22 in addition to the biometric IDC, and compared with a reference password in c~lllpald~or 23. When the result of the comparison indicates that the biometric IDC and the password are acceptable~
access to the host system is permitted.
The receiving module 20 is initially configured in an ENROLL mode for obtaining 5 and for storing one or more reference biometric samples. Enrolling software is normally in~ce~ible after the first use, or in a multi-user system. re-entering the enroll mode is accomplished through a function key and is limited to an authorized person or authorized persons. After e~rollment is completed, the module enters its NORMAL mode.
0 The flow chart of Fig. 8 shows the operation of an embodiment of the invention. In step 30~ the biometric data is read at the tr~n.~mi~ion module 10 with reader 11. As indicated above, in a preferred embodiment, reader 11 collects data indicative of the image of a fingerprint. Next, the biometric data is encoded in processing means 12, in step 31.
Transmitter 16 broadcasts the biometric data, as illustrated in step 32. Next, in step 33.
15 receiving module 20 receives the biometric data and decodes the biometric ID therefrom, and checks the mode indicator in step 34. When the receiving module is in the "enroll" mode, the biometric ID is stored in memory 24 in step 35, and the receiving module is switched to the "access" mode of operation in step 36.
~o When the receiving module 20 is in the "access" mode, the received biometric ID is compared with the reference biometric ID in step 37. If the received signal comprises also a password, receiving module 20 sepal~tes the password from the biometric ID, and additionally compares the password against a reference password in step 38. Finally, access to the host system is authorized or not, depending on the result of the comparison(s), as shown 2s in steps 39 and 40 respectively.
Alternatively, the transmitting module 10 is provided with a a change password initiator in the form of a key or a button allowing a user of the transmitting module }0 to enter a mode to alter their password. In this embodiment, an initial albi~ .y password (such ~ 30 as none or"password") is set. Entering the mode to alter the password requires user verification of the existing password~ user entry of a new password and user verification of CA 02233942 l998-04-03 W O 98/12670 PCT/CAg7/00663 the new password. Password selection algorithms of this type are known in the art of computer network security and operating systems. The password is stored in the receiving module 20. Alternatively, the password is stored in the transmitting module 10.
s Referring to Fig. 9 a flow chart of an embodiment wherein biometric data th~ntic~tion is performed within the tr~n~mitting module 10 and an access key ist~ lliLLed therefrom to the receiving module 2~) is shown. Only "access" mode is described for this embodiment, "enroll" mode functions in a fashion similar to that set out above. This embodiment is particularly useful in that theft of the transmitting module 10 is discouraged.
The biometric data is read at the trzln.~mi~.~ion module 10 with reader 11. As indicated above. in a preferred embodiment, reader 11 collects data indicative of the image of a fingerprint. Next, the biomekic data is decoded for comparison. The decoding accounts for rotation and mi~lignm~nt in the biometric input. The decoded data is compared to at least previously stored biometric data. When password protection is also used. a password is required and verified. When the verification of the password and the fingerprint fails (i.e. the password is incorrect or the decoded biometric data failed to register correctly against any previously stored biometric data) no further action occurs. ~lternatively, a signal indicative of invalid registration is tr~n.cmittetl Further alternatively, the signal contains information in the form of the biometric data to identify the unauthorized user of the device. When the verification s~lcceeA~ the biometric data is encoded in processing means 12. Alternatively, an access key is encoded in processing means 12.
Tr~n~mitt~?r 16 bro~ tc the encoded data to the receiving module 20 which receives 2s the encoded data and decodes it. At the receiving module (not shown~, the data is verified to be an acceptable user authorization and provides access to the host system or releases a host locking mechanism.
I~eferring to Fig. 10 a flow chart of an embodiment of the present invention using bi-directional communication is shown. Biometric information is read from a biometric input means. The information is decoded and then stored in an electronic storage means. The electronic storage means is in the form of RAM. Alternatively~ the electronic storage mean comprises magnetic storage means~ optical storage means. mechanical storage means, or other suitable low power storage means. The decoded information is analyzed to determine whether the information corresponds to an authorized user of the host system. When an authorized user is detected through a comparison, an access code is stored in a buffer. When the biometric information does not correspond to an authorized user, an error code is stored in the buffer. In response to a request from an external system for the code stored within the buffer, either the error code or the authorization code ~whichever was last stored) is provided.
The external system responds to the code in a predetermined fashion.
Referring to Fig. 11, a flow chart for an embodiment similar to that of Fig. 10 is shown. The flow chart of Fig. 1 1 shows only the lower portion of the flow chart - those parts associated with bi-directional communication. A time-out is introduced upon storage of a code. When a request is not presented within a predetermined time, the buffer is e}ased and the method returns to a start. This prevents use of a device, embodying a method according to this invention. when found or taken by clearing any data related to the biometric input from the buffer. Second~ a request from an external system comprises a further code parameter.
The code parameter may be in the form of an encryption key, an access category, a device number, etc. According to the flow chart, a default code is provided to the external system 20 when the received code parameter is unknown. When the code parameter is known~ an access code in dependence upon the code parameter is provided to the external system. The method then returns to a start.
Referring to Fig. 12, a credit card biometric input device is shown. The device 2s comprises a substantially flat substrate 209. A biometric input means 210 in the form of a finger print detector is disposed on the substrate as is a battery 211, an edge connector 212, ~tl~ting means 214 in the form of card edges, and elcctronic circuitry 21S. The circuitry comprises electronic storage and processing means for verifying biometric input and providing an access code. The processor means is also for accepting a parameter code from an 30 external system and encrypting the access code before transmitting same. In use~ a user of such a device places their finger tip onto the biometric input means 210. Their fingerprint is CA 02233942 l998-04-03 recorded. analyzed, and verified in the electronic storage and processor means 215. When the user is authorized, an access code is stored in a buffer and a time-out is put in place. When a rec~uest for the access code is provided prior to the time-out, the access code is transmitted.
7 he device may also function according to the flow charts of Figs. 8, 9, 10, and 1 1.
s The embodiment of Fig. 12, is useful as a credit card and for electronic finance.
Un~tt~n-led electronic devices accept the card in a similar fashion to current automatic teller m~hinf~s (ATM) and only return the card when it is not reported stolen. f~tt~n-led transaction locations, such as stores, would erase the buffer and recluire input of the biometric lo information in their presence. In this way, the device serves the purpose of both a credit card and an electronic "cash" card.
In Fig. 13 a key chain embodiment of the invention is shown. The Icey chain 220 is attached to a biometric input device 209a comprising biometric input means 210, buttons 15 218, an infrared transceiver 219a, and electronic circuitry (not shown) housed within the device. In operation the device acts like other devices described above. The buttons may be used for password entry, function selection, or to distinguish operations such as opening a car door, a garage door, a trunk for a car, etc.
In Fig. 14 a further key chain embodiment of the invention is shown. The key chain 220 is attached to a biometric input device 209a comprising biometric input means 210~
buttons 218. an ~F transceiver 219b, and electronic circuitry (not shown) housed within the device. In operation the device acts like other devices described above. The buttons may be used for password entry, function selection, or to distinguish operations such as opening a car zs door, a garage door, a trunlc for a car, etc. In an embodiment, uni-directional com~nunication is used between a portable biometric input device according to this invention and a receiving module. Alternatively, biometric data authentication is performed using two way conl~ ,ications between the ~ lirlg module 10 and the receiving module 20. ~urther ~1tern~tively, biometric data ~llthentication is pcLro~ ed using multi-channel multi-party 30 c~>mmllnications to add functionality such as access logs, central access control, access permission authorization from a third location, etc.
In a further embodiment, the transmitting module 10 and the receiving module 20 are programmed via a communication port using a computer. Thc comm--nic:~tion port is preferably bi-directional. Preferably, the communication port is the transceiver in the s transmitting module 10 and the tr~n~d-lcer in the receiving module 20.
A device according to the present invention may be used to provide secure access to computers. computer networks, buildings, safes, houses, portable electronic locks, automobiles, h~nking services in the form of automatic teller m~chines, electronic commerce, o household cabinets for rendering them child safe, television services, pay per view television services, electrical appliance, garages, hotel rooms, educational facilities. health club facilities, etc. The device is useful where p~ WOIdS, magnetic strips, physical key and lock merh~ni~m~, electronic locks, ID cards and other securc forms of identification are used.
s In a further embodiment and according to a method according to the present invention, the transmitter is an audio tr~n~mittt-r capable of transmitting tones in dependence upon the biometric data. One form of the tones is a series of telephone tones indicative of the identity of an individual and capable of being understood by a telephone system. A further form of tones are similar to those of a computer modem or fax machine. devices sending digital data across analogue telephone lines.
In order to improve the security of embodiments of this invention. it is possible to employ encryption technology. The encryption technologies are generally known and include public/private key encryption, session key encryption, and other encryption schemes for secure data tr~n.~mi~ion. In private/public key encryption, a receiver sends a public key to a device according to the present invention and tr~n~mi~ions from the device to the receiver are encrypted using the public key. Only the receiver, having the private key, can decrypt the trz~n~mi.c~ion. A group of public keys can be used or public keys can vary regularly in order to prevent interception and replay of a tr~n~mie~ion.
- 30 In session key encryption an encryption key is selected for a particular session based on a predeterrnined algorithm or some other method. The key is used for the session and then discarded. In this fashion, interception and recording of transmitted signals is of no use as the session key will change for subsequent sessions.
It is also sl~g{~sted to increase security by verifying the device type in use according 5 to the invention. Establishing a device type and protocol allows some receivers to inhibit access to devices of certain security access levels or protocols.
Numerous other embodiments may be envisaged without departing from the spirit and scope of the invention.
Field of the Invention This invention relates generally to personal identification systems and more particularly relates to a biometric security identification system (BSIS).
Background of the Invention Biometric security identification systems, such as fingerprint sc~nning and input devices are becoming more commonplace as the need to validate authorized users of computers, databases, and secure spaces grows. As computers become more mini~hlrized~ so 0 too are other cu~ u~lication and security devices decreasing in size. One of the more important reasons~ however. to mini~tllrize electronic devices is to lessen the burden of porting them.
The use of security systems is generally well Icnown. Their use is increasing with s greater availability of digital electronic components at a relatively low cost. Such systems are known for securing buildings, banks, automobiles, computers and many other devices. For example, U.S. Pat. No. 4, 951, 249 discloses a computer security system which protects computer software from unauthorized access by requiring the user to supply a name and a password during the operating system loading procedure ("boot-up") of a personal computer 20 (PC). This is accomplished by the insertion of a special card into an input/output expansion slot of the PC. During the loading of the operating system of the PC, the basic inputloutput system (BIOS) scans memory addresses of the card for an identification code, consisting of a 55AA hex code. When this hex code is located, the BIOS instructions are vectored to the address where the target hex code resides and instructions at the following addresses are ~5 executed as part of the initialization routines of the system boot-up procedure.
This PC security system, lltili7ing password protection, is typical of many systems that are currently available. Password protection requires a user's narne and a password associated with that user's name. Only once an associated password is detected for a valid 30 user's name does the PC complete the boot-up roL~ine. Though passwords may be useful in some instances, they are inadequate in many respects. For exarnple, an unauthorized skilled user with a correct password in hand, can gain entry to such a processor based system. Yet another undesirable feature of the foregoing system is that passwords on occasion are forgotten, and furthermore, and more importantly, passwords have been known to be decrypted.
s As of late one of the most ubiquitous electronic components is the digital processor.
Multi-purpose and dedicated processors of various types control devices ranging from bank machines, to cash registers and automobiles. With ever increasing use of these processor based devices, there is greater concern that unauthorized use will become more prevalent.
o ~hus, the verification and/or authentication of authorized users of processor based systems is a burgeoning industry.
Alarrns and security systems to warn of unauthorized use of automobiles and other processor controlled systems are available, however, these security systems have been known ls to be circumvented. Unfortunately, many commercially available solutions aimed at preventing theft or unauthorized use of automobiles have also been circumvented. As of late, initiatives have been underway in the security industry, to provide biometric input devices to validate users of electronic and other systems, that are to have restricted access. One limitation associated with many typical comrnercially available biometric systems is the large ~o physical size of the im~ging devices. Concern with placing a biometric input device in an location that is ~rces~ihle to the public is the risk of the input device being v~n~l"li7Prl In the field of digital and analog comm~mic~tions7 wireless devices are becomingmore commonplace. Inexpensive computer systems are currently commercially available 2s wherein printers communicate with computers which in turn communicate with other c~ lpu~ , via infra red tr~n~mitters and receivers. Other devices, using other optical co~ l.,ic~tion systems, such as data transmitting/receiving wrist watches are now available in department stores at ~ .LallLially affordable prices; these wrist watches include processors and software for c~ ,l,ullication with a colll~uL~:. and for downloa ling and uploading small 30 amounts of data as required.
Ob~ect of the Invention It is an object of this invention to provide a portable biometric input device for sensing input biometric data, and transmitting the data to a receiver.
5 Summary of the Invention In a first broad embodiment the invention seeks to provide a portable biometric input device comprising: biometric sensing means for sensing biometric input information.
generating biometric data therefrom, and providing the biometric data in relation to the lo sensed biometric input information; tr~n~mi~ion means for receiving at least an aspect of the biometric data and for transmitting a signal in dependence upon the at least an aspect of the biometric data; and a battery for providing power to the device.
In an embodiment, the transmission means is a wireless tr~ncmi~ion means for 5 transmitting a signal in dependence upon the at least an aspect of the biometric data.
In an embodiment. the tr:~n~ ion means comprises a biometric data encoder and aninfrared transmitter for transmitting a signal in dependence upon the at least an aspcct of the biometric data.
In an embodiment. the device further comprises storage means for storing data related to said biometric data.
In an embodiment, the device further comprises processor means for processing the 25 biometric data.
In an embodiment, the processor means is for comparing the biometric data with previously stored biometric data to provide comparison results; and the signal in dependence upon at least an aspect of the biometric data comprises a signa} in depen~l~nce upon the 30 comparison results.
In an embodiment, the device further comprises means to receive a password and wherein the ~ c~iion means is for tr~n~mitting a signal in dependence upon at least an aspect of the biometric data and the password.
In an embodiment, the device further comprises means to receive a password and wherein the processor means is for co...l-~. ;.,g the biometric data with previously stored biometric data and the password and a previously stored password to provide col~palison results; and the signal in dependence upon at least an aspect of the biometric data comprises a signal in dependence upon the co~ "~Qn results.
In an embodiment, the device fi~rther comprises means for encrypting at least anaspect the biometric data; and the tr~n~mi~ion means is for receiving the encrypted data and for tr~n~mitting a signal in dependence upon the at least an aspect of the encrypted data.
In an embodiment, the means for encrypting the biometric data comprise public/private key encryption means.
Alternatively, the means for encrypting the biometric data comprise session key encryption means.
In an embodiment, the biometric input means is a fingerprint im~ging device.
In an embodiment, the device further comprises a housing in the form of a watch r,~Pn~pnt and a watch face.
2s In an embodiment, the biometric input means comprises associated electronic Cil~;Ui~l,y and conductive pads disposed on the watch face.
In a further broad embodiment, the invention seeks to provide a portable biometric input sensor comprising: an array of sense ~le1llPnte spaced apart and comprising a sensing electrode for sensing biometric input; drive means coupled to at least some of the sense W O9811267~ PCT/CA97100663 elements for controlling and addressing each of the at least some sense elements according to a predetermined sequence, for receiving a signal in dependence upon the biometric input. and for providing biometric data in dependence upon the sensed biometric input; processor means for processing biometric data; and, wireless transmission means for transmitting to a receiver s a signal that corresponds to at least an aspect of the biometric data.
In an embodiment~ the device further comprises means for encrypting the biometric data further comprising means for encrypting at least an aspect the biometric data; and the tr~n~mi~ion means is for receiving the encrypted data and for transmitting a signal in I o dependence upon the at least an aspect of the encrypted data.
In an embodiment. the means for encrypting the biometric data comprise public/private key encryption means.
In an embodiment, the means for encrypting the biometric data comprise session key encryption means.
In another broad embodiment the invention seeks to provide a biometric security identification system comprising: a portable transmitting module comprising a biometric sensing means. means for encoding biometric data and wireless tr~n~mi~ion means for tr~n~mit~in~ the encoded biometric data as an encoded signal; and a receiving module comprising means for receiving the encoded signal, means for extracting the encoded biometric data~ and means for comparing the encoded biometric data with predetermined reference values, and means for authorizing access to a host system.
2s In an embodiment, the biometric sensing means comprises a fingerprint scanner.
In an embodiment, the device further comprises means for encrypting the biometric data further comprising means for encrypting at least an aspect the biometric data; the - 30 tr~n~mi~.sion means is for receiving the encrypted data and for transmitting a signal in dependence upon the at least an aspect of the encrypted data; and the means for extracting the W O 98/12670 PC~/CA97/00663 encoded biometric data comprises means for decrypting and for extracting the encoded biometric data.
In an embodiment, the means for encrypting the biometric data comprise public/private key encryption means.
In an embodiment, the means for encrypting the biometric data comprise session key encryption means.
o In yet another broad aspect, the invention seeks to provide a portable biometric input device comprising: sensing means including a platen upon which to rest a finger, said sensing means for sensing the presence and location of fingerprint ridges upon the device; processor means for processing sensed data; and, wireless k~n~mi~ion means for transmitting a signal that corresponds to at lcast an aspect of the sensed data; and a battery for providing power to the 1 5 device.
The advantages of a system in accordance with this invention are numerous For example, providing a lightweight fingerprint input tr~n~ u~r capable of wireless communications with a remote system obviates the requirement of securing the input tr~n~ducer from vandals and prevents tampering therewith. Providing an input sensor that serves as a user's personalized key, offers distinct and obvious advantages. Firstly, the sensor may be protected by the user, being his or her own personal device. and furthermore, a user's personalized sensor may comrnunicate with several different devices that require validation in the form of a users biometric input data, for example, the input sensor may provide a valid access code in the forrn of a biometric key, to unlock a locked car door, a house door, and/or to provide access to a banking m~hin~ or a computer. Furthermore, a user's personal sensor can be programmed with its own identification key which can accompany a user's biometric data in t_e validation process, to validate both the sensor and the user.
Brief D~ "ion of the D. ~
Exemplary embodiments of the invention will now be discussed in conjunction withthe ~rh~ drawings in which:
Fig. I is a block diagram of the biometric security identification system (BSIS)according to the invention;
Fig. 2 is a simplified diagram of a sensing device for use with the present invention showing an array of sensing elements together with associated addressing circuitry;
Fig. 3 is a simplified diagram of a sensing element for use with the present invention;
Fig. 4 is a s~.h~m~tic diagram of an amplifier circuit for use with the present invention;
Fig. 5a is a digital watch according to the present invention;
Fig. ~b is an analogue watch according to the invention;
o Fig. 6 is a block diagram of the transmitting module of Fig. I;
Fig. 7 shows a block diagram of the receiving module of Fig. 1;
Fig. 8 is a flowchart for illustrating a mode of operation of an embodiment of a BSIS
according to the present invention;
Fig. 9 is a flowchart for illustrating a mode of operation of an cmbodiment of a BSIS
15 according to the present invention;
~ig. 10 is a flowchart for illustrating a mode of operation of an embodiment of a BSIS
according to the present invention further C~ illg bi-directional communication;Fig. 11 is a flowchart for illustrating a mode of operation of an embodiment of a BSIS
using bi-directional communication and a time out according to the present invention;
Fig. 12 is a biometric credit card according to the present invention;
Fig. 13 is a device according to the present invention incorporated into a keychain and using infrared wireless communication; and Fig. 14 is a device according to the present invention incorporated into a keychain and using RF wireless commllnic~tion.
Detailed Description Fig. I illustrates the block diagram of a biometric security identification system (BSIS) according to the invention. The system comprises a transmitting module 10 and a receiving module 20 connected over a tran~mic~ion channel in the form of a wireless 30 tr~n~mie~ion channel. The tr~n~mitting module 10 measures a biometric characteristic of a person requesting access to a protected host system and converts the biometric characteristic CA 02233942 l998-04-03 into a biometric ic~entifi~ti-)n (ID) code. The ll,.n~ r module is adapted to be carried or worn by the user, and therefore can take any suitable form, such as a wrist watch, a badge, a wallet, etc.
The biomekic information may be acco~ pallied by a password for increased security of the identification process. In this way, access to the protected host system is denied to unauthorized users, who may have a similar biometric ID. Similar biometric ID may occur if the tr~n~inrer has a low sensitivity, for example for cost or/and mini~ ion reasons. The password could be any m~rl~int? readable code like a PIN, an account number, or a time-o varying code. Selected passwords can be unique to the watch itself, or they can be chosen by the user.
It is apparent that various types of trz~n.~duçers may be used, such as image ort~ p~ Lulc~ t~n~iurers~ electromagnetic field sensors, optical sensors. etc. Preferably, the sensitivity of the tr~n.~ rf r allows for capture of biometric data which reasonably distinguishes the user. In an embodiment, the transmitting module is in the form of a wrist watch provided with a fingerprint reader and described in more detail bclow.
The biometric ID is transmitted to receiving module 20, which is attached to a host system. The tr~n~mi.~.~ion is preferably made by motlnl~ting an infrared (IR) carrier with the biometric ID, but any other type of communication between the tr~n~mitting module 10 and receiving module 20 may be used. Preferably wireless communication means are used as dictated by selected design parameters, such as the tli~t~nre between the modules, the power budget, etc. Preferably, and for obvious security reasons, a wireless communication means employed should minimi7e the risk of interception and recording of a biometric ID.
At receiving module 20, the biometric ID is compared to a reference ID pre-stored in a memory. If the current biometric ID (IDC) m~trhr$ a reference ID (IDREF3, access to the host system is authorized. The host system could be a computer system, an ATM banking machine, a door latch or any other system which must be secured against unauthorized WO 98/12670 ~CT/CA97/00663 access. In an alternative embodiment, the biometric ID is compared in the transmitting module 10 and an access code is sent to the receiving module 2~) for comparison.
Referring to Fig. 2. part of a sensing device for use in an embodiment of the present 5 invention and implemented on a semiconductor chip is shown comprising a single active matrix addressed sensing pad 119 having an X-Y array of sense elements consisting of r rows (1 to r) with c sensing elements 117 in each row. In practice there may be about 30Q rows and 200 columns of regularly-spaced elements occupying an area of approximately 2 cm x 3 cm.
This area is for accepting a fingertip for sçz~nning Should such a sensing pad 119 be made lo larger~ it could be used for sc~nning other items such as a palm of a hand.
Sensor elements 117 are disposed in such a fashion that they are capable of distinguishing the smallest desired feature of a fingerprint. Preferably, the placement and spacing of the sensor elements allow an image of a fingerprint, once scanned, to contain all 5 required features for analysis. The sensing element 117 is smaller than half the smallest sensible feature size allowing a suitable image to be generated. Empirical studies reveal that a square plate of about 50 !lm edge length is suitable for fingerprint sensing. Although the ~al~lus is described with reference to an array of sensing elements 117 having substantially square shape. it is possible to use different configurations of sensing elements 117 such as 20 concentric circles or a spiral and different shapes such as triangles, circles. or rectangles.
The array of sensing elements 117 is connected through an analog switch matrix to facilitate reading the finge.y..lll image out of the sensing array 119. Timing and sequencing logic 116 selects each element in the array in turn to produce a complete image of a 2s fingerprint presented to the device. The signal may be output directly as an analog signal or may be converted to a digital signal prior to output from the device.
The sensing pad 119 further comprises a ground ring 115 and bonding pads 118 rlesigned for connection to other components or to p~ck~ging The ground ring 115 also 30 serves to provide a cornmon ground for the sensing pad. Accordingly, it is important that the ground ring 115 and integrated circuit elements be designed so as to minimi7~ noise to each sensing element 117. The signal to noise ratio that is acceptable will vary between applications and should be adjusted to meet the needs of a specific design. When possible~
p~ck~ging should be selected to limit noise.
Referring to Fig. 3, a single sensing plate 120 is shown. Such a sensing plate 120 is designed to be used in arrays and preferably is smaller than half the smallest sensible feature size as indicated above. Charge sensing electrode 121 is connected to an active element which is shown as a three terminal switching device in the form of a field effect transistor (FET) having a source, a drain, and a gate 126. The gate 126 is connected to the sensing electrode o 121 by an interconnect 124. Disposed bet.~,veen the gate 126 and the transistor 130 is a gate oxide 127. Such transistor configuration is known in the art.
Above the charge sensing electrode 121 is disposed an overglass 122 which serves to protect the charge sensing electrode 121 and to space the electrode and a fingertip presented thereto. Below the charge sensing electrode 121 is disposed a field oxide 125. ~ finger placed against the overglass 122 induces charge in the charge sensing electrode 121. By amplifying the charges induced by a fingertip on the charge sensing electrode 121 with an amplifier circuit such as is shown in Fig. 4, the inclllce~l charges can be rendered easily distinguishable.
Referring to Fig. 4, a sensing pad 120 is electrically grounded. A second side is connected through electrostatic discharge protection 131 in the forrn of resistors and diodes.
A filter circuit 132 and 133 improves circuit operation. Transistors 134, 135, 136, and 137 provide amplification of inf~ ecl voltages allowing a signal at an output of transistor 136 to be digitized by a low cost A/D COllV~:;lt~l.
Assuming that the charge density on the fingertip is ~h~ 11y even, induced charges on the charge sensing electrode 121 will depend solely on the rliet:~nt~e between the charge sensing electrode 121 and the skin of the fingertip inci~lcing the charge. Further, as the induced charge falls off with the rli~t~nt~e, the closest skin of the fingertip will induce a larger proportion of the charge. The sensor is employed in the above fashion to image fingertips.
W 098/1267~ PCT/CA97/00663 Referring to Fig. 5a, a watch is shown comprising (in part~ the present invention. The watch 50 is secured in place on a person7s wrist for example by way of a strap 51. Alternative methods such as a chain as is common in pocket watches, a pouch (not shown)~ velcro~ a pin, or means for secllring the watch to a sporting apparatus may also be used. A time display means 52 in the form of an LCD display, an LED display, an analogue time display~ a voice generated time, or a Braille time display is disposed upon the watch 50 in a conventional manner. Preferably, the time display means 52 is offset to allow for sufficient contiguous surface area for a biometric sensor 53. Alternatively, the biometric sensor 53 is designed to be superimposed upon the time display means 52 and not interfere therewith as shown in Fig.
o 5b. An emitter port in the form of an infra red emitter port 55 is located on the watch 50 such that light emitted from the infra red port 55 is directed toward a sensor (not shown) in use. In Fig. 5a and Fig. Sb, the infra red emitter port 55 is located on the top of the watch above the face and pointing substantially coplanar to the watch face. In this orientation. an emitted signal is directed away from the body of a user and forward during normal use.
The biometric sensor means 53 is of the form described above and shown in Figs. 27 3, and 4. Alternatively, the biometric sensor means 53 is a capacitive fingerprint scanner requiring pre-charging as are well known in the art. Further alternatively, the biometric sensing means 53 is an optical biometric sc~nning device in the forrn of a retinal scanner, an ~o optical fingerprint scanner, an optical palm scanner, or any other suitable (and portable) biometric sensing device.
Referring to Fig. 5b, an analogue watch 150 is shown. ~nalogue watches of this type are well known and are in common use. On to the face of the analogue watch 150 are deposited a plurality of metal pads 155 and associated circuitry 156. The pads 155 and the associated circuitry 156 act as sensors and addressing circuitry and combine to form the sense electrode for a biometric input device. The analogue watch 150 is ~ ignPd to be easily read in the presence of the pads 155 and the associated circuitry 156. This is accomplished by ensuring that a short hand on the watch 150 is long enough to be partially visible at each - 30 outside edge of the metal pads 150 in each possible orientation. Alternatively, this is accomplished by ~lesigning the hands of the watch to be visible through or between the pads Il 150. Further ~ltern:ltively, this is accomplished by ~le~igning the pads 150 such that information on positions of the watch hands is transmitted through or by the metal pads 150.
Further alternatively, this is accomplished by ~lçcigning the watch face with an offset analogue time indication providing sufficient space for the pads 150 as is shown in Fig. 5a.
The associated ci~ y 156 is coupled to driver and sensing circuitry for reading the electrode in the form of metal pads 155 and for determining the presence of a fingerprint or other biometric input. The analogue watch 150 also comprises an infra red emitter port 55.
lo Alternatively in Fig. 5a and Fig. 5b, the infra red emitter port 55 comprises a transceiver capable of transmitting and receiving information in the form of infra red signals.
An emitter is sufficient for carrying out the invention but a transceiver adds additional functionality. A watch, such as those shown in Figs. 5a and Sb can accept information to further enhance security of the invention during use. Further, a transceiver is useful in progr~mming the device for password access or for new authorized users. Further, a transceiver is useful in storing a time log of accesses and providing same to a computer at intervals.
Alternatively, the emitter 55 is a wireless emitter other than infrared. Furtheralternatively, the emitter 55 is in the form of a coupling device for coupling to the receiving module 20 and sending a signal thereto via a non-wireless electrical connection.Alternatively, the transceiver 55 is a wireless transceiver other than infrared. Further alt~rn~tively, the transceiver 55 is in the form of a coupling device for coupling to the receiving module 20 and sending a signal thereto or receiving a signal thc.~;;rlolll via a non-wireless electrical connection.
Fig. 6 shows a block ~liAgrAm of the tran~mitting module 10 of the BSIS. The module 10 comprises a power source in the form of a battery 5. The battery provides power to electronic circuits within the trAn~mitting module 10. A reader 11 comprises a transducer, or sensor 15, 16, 17, and a drive circuit 18. The sensor is in the form of a contact im~ging device for SÇ:~nning a fingerprint. The contact im:~ging device may be in the form of Figs. 2. 3, and 4 or may be a conventional capacitive contact im~ging device. Conventional capacitive contact im~ging devices use a silicon substrate with an array of capacitive pads, each capacitor being associated with a driver. The sensing pads are disposed in close but non-contacting relationship. A small gap between adJacent elements ensures that adjacent edges of the 5 elements do not wipe against one another when a finger is pressed against the sensing surface.
The sensing surface is formed by film deposition on the substrate surface. Sensing pads are regularly spaced apart equally sized electrodes built by metal deposition on an ap~ pliate glass or quartz sl]hstr~t~? Alternatively, the sensing pads are irregular and/or unequally spaced. A reader used for the transducer of an embodiment of the present invention is of a 10 simplified design, adapted for large scale mslnnf~cture. The reader comprises a glass substrate 15 for supporting a capacitive array 16 and a contact surface ~sheet) 17. The array 16 comprises Indium-Tungsten oxide traces which are overlapped with hard gold. Eachcapacitive element has a sense electrode and a switching device such that, when a finger is pressed on the contact surface 17 each sense electrode and the respective overlying portion of 5 the finger surface forrn opposite plates of a capacitor~ the finger surface being at ground potential. The insulating film and air gap, when present, provides the capacitor dielectric. The capacitances of these individual capacitors vary as a function of the spacing between the finger and the contact surface, with smaller capacitance values occurring where the troughs in the finger surface are aligned with a sensor than where ridges are so aligned.
Drive circuit 19 is, preferably, not disposed on the substrate as in conventional sensors. It is preferably couplcd to switching devices for conkolling and addressing each capacitive pad according to a mapping sequence whereby a predetermined potential is applied to each capacitive pad. When a finger is placed on sheet 17 charges are in-lucerl in array 16.
~s Charge is induced in each capacitor in an uneven manner in dependence upon ridges and troughs in the fingertip. The sensor reads these in~ ecl charges in the form of changes in capacitance or capacitive charge and transforms them into a bitmap particular to the fingerprint or a group of fing~ fillL~.
30Alternatively, the array of capacitive plates 17 is applied to a plastic film using metal-film processing or photographic image processing techniques. The plastic film is then applied to any surface. such as a wallet, a key chain, a pen knife, a personal digital assistant, a transportable computer or a watch. Drive circuit 19 is then attached to the array of capacitive pads using conductive epoxy adhesives, or an anisotropic adhesive process. This allows for an inexpensive sensor suhstr~t~ which can be produced on a large scale using conventional s ~CD techniques.
The bitmap collected from the capacitive array is then input to processing unit 12 which encodes the bitmap co~ n~ the fingerprint information and generates a biometric ID. In one embodiment, processor 12 is an 8-bit microprocessor, such as Intel 8051.
o Processor 12 may include a standard encryption module which applies an encryption algorithm for generating an encoded biometric ID.
An infrared transmitter 19 receives the biometric ID, modulates an infrared carrier with this information and then transmits an authorization request signal to receiving module 20.
1s A keypad 13 and a display 14 are preferably provided at the transmitting module 10.
Keypad 13 is used for providing further data or functionality in the form of ON/OFF
functionality and a password. In the embodiment comprising a watch, display means 14 includes time information.
Receiving module 20 is shown in Fig. 7. Receiving module 20 is provided with ~p~ ate transducer means 21 for receiving the authorization request signal and converting it into an electrical signal. Transducer 21 may be for example an IrDA diode. The transducer is controlled by a control Unit 25 in dep.onrl~nc~e upon the current operating mode as 2s (l~?tf~ninec~ by a mode selector 26. Modes of operation for the device are discussed below.
The converted electrical signal is applied to decoder 22 where the biometric ID is extracted in the conventional mode. The recovered biometric IDC and a reference IDRE~ are applied to a co~ Lor 23. The reference ID is obtained from a memory 24, where it has been previously stored, using any of the conventional methods. If a password is also included in the received 30 signal together with the biometric IDC, the p;l~7~7WUld iS extracted by decoder 22 in addition to the biometric IDC, and compared with a reference password in c~lllpald~or 23. When the result of the comparison indicates that the biometric IDC and the password are acceptable~
access to the host system is permitted.
The receiving module 20 is initially configured in an ENROLL mode for obtaining 5 and for storing one or more reference biometric samples. Enrolling software is normally in~ce~ible after the first use, or in a multi-user system. re-entering the enroll mode is accomplished through a function key and is limited to an authorized person or authorized persons. After e~rollment is completed, the module enters its NORMAL mode.
0 The flow chart of Fig. 8 shows the operation of an embodiment of the invention. In step 30~ the biometric data is read at the tr~n.~mi~ion module 10 with reader 11. As indicated above, in a preferred embodiment, reader 11 collects data indicative of the image of a fingerprint. Next, the biometric data is encoded in processing means 12, in step 31.
Transmitter 16 broadcasts the biometric data, as illustrated in step 32. Next, in step 33.
15 receiving module 20 receives the biometric data and decodes the biometric ID therefrom, and checks the mode indicator in step 34. When the receiving module is in the "enroll" mode, the biometric ID is stored in memory 24 in step 35, and the receiving module is switched to the "access" mode of operation in step 36.
~o When the receiving module 20 is in the "access" mode, the received biometric ID is compared with the reference biometric ID in step 37. If the received signal comprises also a password, receiving module 20 sepal~tes the password from the biometric ID, and additionally compares the password against a reference password in step 38. Finally, access to the host system is authorized or not, depending on the result of the comparison(s), as shown 2s in steps 39 and 40 respectively.
Alternatively, the transmitting module 10 is provided with a a change password initiator in the form of a key or a button allowing a user of the transmitting module }0 to enter a mode to alter their password. In this embodiment, an initial albi~ .y password (such ~ 30 as none or"password") is set. Entering the mode to alter the password requires user verification of the existing password~ user entry of a new password and user verification of CA 02233942 l998-04-03 W O 98/12670 PCT/CAg7/00663 the new password. Password selection algorithms of this type are known in the art of computer network security and operating systems. The password is stored in the receiving module 20. Alternatively, the password is stored in the transmitting module 10.
s Referring to Fig. 9 a flow chart of an embodiment wherein biometric data th~ntic~tion is performed within the tr~n~mitting module 10 and an access key ist~ lliLLed therefrom to the receiving module 2~) is shown. Only "access" mode is described for this embodiment, "enroll" mode functions in a fashion similar to that set out above. This embodiment is particularly useful in that theft of the transmitting module 10 is discouraged.
The biometric data is read at the trzln.~mi~.~ion module 10 with reader 11. As indicated above. in a preferred embodiment, reader 11 collects data indicative of the image of a fingerprint. Next, the biomekic data is decoded for comparison. The decoding accounts for rotation and mi~lignm~nt in the biometric input. The decoded data is compared to at least previously stored biometric data. When password protection is also used. a password is required and verified. When the verification of the password and the fingerprint fails (i.e. the password is incorrect or the decoded biometric data failed to register correctly against any previously stored biometric data) no further action occurs. ~lternatively, a signal indicative of invalid registration is tr~n.cmittetl Further alternatively, the signal contains information in the form of the biometric data to identify the unauthorized user of the device. When the verification s~lcceeA~ the biometric data is encoded in processing means 12. Alternatively, an access key is encoded in processing means 12.
Tr~n~mitt~?r 16 bro~ tc the encoded data to the receiving module 20 which receives 2s the encoded data and decodes it. At the receiving module (not shown~, the data is verified to be an acceptable user authorization and provides access to the host system or releases a host locking mechanism.
I~eferring to Fig. 10 a flow chart of an embodiment of the present invention using bi-directional communication is shown. Biometric information is read from a biometric input means. The information is decoded and then stored in an electronic storage means. The electronic storage means is in the form of RAM. Alternatively~ the electronic storage mean comprises magnetic storage means~ optical storage means. mechanical storage means, or other suitable low power storage means. The decoded information is analyzed to determine whether the information corresponds to an authorized user of the host system. When an authorized user is detected through a comparison, an access code is stored in a buffer. When the biometric information does not correspond to an authorized user, an error code is stored in the buffer. In response to a request from an external system for the code stored within the buffer, either the error code or the authorization code ~whichever was last stored) is provided.
The external system responds to the code in a predetermined fashion.
Referring to Fig. 11, a flow chart for an embodiment similar to that of Fig. 10 is shown. The flow chart of Fig. 1 1 shows only the lower portion of the flow chart - those parts associated with bi-directional communication. A time-out is introduced upon storage of a code. When a request is not presented within a predetermined time, the buffer is e}ased and the method returns to a start. This prevents use of a device, embodying a method according to this invention. when found or taken by clearing any data related to the biometric input from the buffer. Second~ a request from an external system comprises a further code parameter.
The code parameter may be in the form of an encryption key, an access category, a device number, etc. According to the flow chart, a default code is provided to the external system 20 when the received code parameter is unknown. When the code parameter is known~ an access code in dependence upon the code parameter is provided to the external system. The method then returns to a start.
Referring to Fig. 12, a credit card biometric input device is shown. The device 2s comprises a substantially flat substrate 209. A biometric input means 210 in the form of a finger print detector is disposed on the substrate as is a battery 211, an edge connector 212, ~tl~ting means 214 in the form of card edges, and elcctronic circuitry 21S. The circuitry comprises electronic storage and processing means for verifying biometric input and providing an access code. The processor means is also for accepting a parameter code from an 30 external system and encrypting the access code before transmitting same. In use~ a user of such a device places their finger tip onto the biometric input means 210. Their fingerprint is CA 02233942 l998-04-03 recorded. analyzed, and verified in the electronic storage and processor means 215. When the user is authorized, an access code is stored in a buffer and a time-out is put in place. When a rec~uest for the access code is provided prior to the time-out, the access code is transmitted.
7 he device may also function according to the flow charts of Figs. 8, 9, 10, and 1 1.
s The embodiment of Fig. 12, is useful as a credit card and for electronic finance.
Un~tt~n-led electronic devices accept the card in a similar fashion to current automatic teller m~hinf~s (ATM) and only return the card when it is not reported stolen. f~tt~n-led transaction locations, such as stores, would erase the buffer and recluire input of the biometric lo information in their presence. In this way, the device serves the purpose of both a credit card and an electronic "cash" card.
In Fig. 13 a key chain embodiment of the invention is shown. The Icey chain 220 is attached to a biometric input device 209a comprising biometric input means 210, buttons 15 218, an infrared transceiver 219a, and electronic circuitry (not shown) housed within the device. In operation the device acts like other devices described above. The buttons may be used for password entry, function selection, or to distinguish operations such as opening a car door, a garage door, a trunk for a car, etc.
In Fig. 14 a further key chain embodiment of the invention is shown. The key chain 220 is attached to a biometric input device 209a comprising biometric input means 210~
buttons 218. an ~F transceiver 219b, and electronic circuitry (not shown) housed within the device. In operation the device acts like other devices described above. The buttons may be used for password entry, function selection, or to distinguish operations such as opening a car zs door, a garage door, a trunlc for a car, etc. In an embodiment, uni-directional com~nunication is used between a portable biometric input device according to this invention and a receiving module. Alternatively, biometric data authentication is performed using two way conl~ ,ications between the ~ lirlg module 10 and the receiving module 20. ~urther ~1tern~tively, biometric data ~llthentication is pcLro~ ed using multi-channel multi-party 30 c~>mmllnications to add functionality such as access logs, central access control, access permission authorization from a third location, etc.
In a further embodiment, the transmitting module 10 and the receiving module 20 are programmed via a communication port using a computer. Thc comm--nic:~tion port is preferably bi-directional. Preferably, the communication port is the transceiver in the s transmitting module 10 and the tr~n~d-lcer in the receiving module 20.
A device according to the present invention may be used to provide secure access to computers. computer networks, buildings, safes, houses, portable electronic locks, automobiles, h~nking services in the form of automatic teller m~chines, electronic commerce, o household cabinets for rendering them child safe, television services, pay per view television services, electrical appliance, garages, hotel rooms, educational facilities. health club facilities, etc. The device is useful where p~ WOIdS, magnetic strips, physical key and lock merh~ni~m~, electronic locks, ID cards and other securc forms of identification are used.
s In a further embodiment and according to a method according to the present invention, the transmitter is an audio tr~n~mittt-r capable of transmitting tones in dependence upon the biometric data. One form of the tones is a series of telephone tones indicative of the identity of an individual and capable of being understood by a telephone system. A further form of tones are similar to those of a computer modem or fax machine. devices sending digital data across analogue telephone lines.
In order to improve the security of embodiments of this invention. it is possible to employ encryption technology. The encryption technologies are generally known and include public/private key encryption, session key encryption, and other encryption schemes for secure data tr~n.~mi~ion. In private/public key encryption, a receiver sends a public key to a device according to the present invention and tr~n~mi~ions from the device to the receiver are encrypted using the public key. Only the receiver, having the private key, can decrypt the trz~n~mi.c~ion. A group of public keys can be used or public keys can vary regularly in order to prevent interception and replay of a tr~n~mie~ion.
- 30 In session key encryption an encryption key is selected for a particular session based on a predeterrnined algorithm or some other method. The key is used for the session and then discarded. In this fashion, interception and recording of transmitted signals is of no use as the session key will change for subsequent sessions.
It is also sl~g{~sted to increase security by verifying the device type in use according 5 to the invention. Establishing a device type and protocol allows some receivers to inhibit access to devices of certain security access levels or protocols.
Numerous other embodiments may be envisaged without departing from the spirit and scope of the invention.
Claims (18)
1. A portable biometric input device comprising:
biometric sensing means for sensing biometric input information, generating biometric data therefrom, and providing the biometric data in relation to the sensed biometric input information:
storage means for storing data related to said biometric data;
processor means for characterising the biometric data; and, transmission means for receiving at least an aspect of the characterised biometric data and for transmitting a signal in dependence upon the at least an aspect of the characterised biometric data; and a battery for providing power to the device.
biometric sensing means for sensing biometric input information, generating biometric data therefrom, and providing the biometric data in relation to the sensed biometric input information:
storage means for storing data related to said biometric data;
processor means for characterising the biometric data; and, transmission means for receiving at least an aspect of the characterised biometric data and for transmitting a signal in dependence upon the at least an aspect of the characterised biometric data; and a battery for providing power to the device.
2. A portable biometric input device comprising:
biometric sensing means for sensing biometric input information, generating biometric data therefrom, and providing the biometric data in relation to the sensed biometric input information;
a processor for comparing the biometric data with previously stored biometric data to provide comparison results; and, transmission means for receiving at least an aspect of the biometric data and for transmitting a signal in dependence upon the comparison results.
biometric sensing means for sensing biometric input information, generating biometric data therefrom, and providing the biometric data in relation to the sensed biometric input information;
a processor for comparing the biometric data with previously stored biometric data to provide comparison results; and, transmission means for receiving at least an aspect of the biometric data and for transmitting a signal in dependence upon the comparison results.
3. A portable biometric input device as defined in claim 2, further comprising means to receive a password and wherein the transmission means is for transmitting a signal in dependence upon at least an aspect of the biometric data and the password.
4. A portable biometric input device as defined in claim 2 comprising means to receive a password and wherein the processor means is for comparing the passwordand a previously stored password to provide further comparison results; and wherein the signal in dependence upon at least an aspect of the comparison results is a signal in dependence upon at least an aspect of the comparison results and of the further comparison results.
5. A portable biometric input device comprising:
biometric sensing means for sensing biometric input information, generating biometric data therefrom and providing the biometric data in relation to the sensed biometric input information;
means for encrypting at least an aspect the biometric data;
transmission means for receiving at least an aspect of the encrypted biometric data and for transmitting a signal in dependence upon the at least an aspect of the biometric data; and a battery for providing power to the device.
biometric sensing means for sensing biometric input information, generating biometric data therefrom and providing the biometric data in relation to the sensed biometric input information;
means for encrypting at least an aspect the biometric data;
transmission means for receiving at least an aspect of the encrypted biometric data and for transmitting a signal in dependence upon the at least an aspect of the biometric data; and a battery for providing power to the device.
6. A portable biometric input device as defined in claim 5 wherein the means forencrypting the biometric data comprise public/private key encryption means.
7. A portable biometric input device as defined in claim 5 wherein the means forencrypting the biometric data comprise session key encryption means.
8. A portable biometric input device as defined in claim 1 wherein the biometric input means is a fingerprint imaging device.
9. A portable biometric input device as defined in claim 1 further comprising a housing in the form of a watch casement and a watch face.
10. A portable biometric input device as defined in claim 9 wherein the biometric input means comprises associated electronic circuitry and conductive pads disposed on the watch face.
11. A portable biometric input sensor comprising:
a) an array of sense elements spaced apart and comprising a sensing electrode for sensing biometric input;
b) drive means coupled to at least some of the sense elements for controlling and addressing each of the at least some sense elements according to a predeterminedsequence, for receiving a signal in dependence upon the biometric input, and forproviding biometric data in dependence upon the sensed biometric input;
(c) processor means for processing biometric data; and, (d) wireless transmission means for transmitting to a receiver a signal that corresponds to at least an aspect of the biometric data.
a) an array of sense elements spaced apart and comprising a sensing electrode for sensing biometric input;
b) drive means coupled to at least some of the sense elements for controlling and addressing each of the at least some sense elements according to a predeterminedsequence, for receiving a signal in dependence upon the biometric input, and forproviding biometric data in dependence upon the sensed biometric input;
(c) processor means for processing biometric data; and, (d) wireless transmission means for transmitting to a receiver a signal that corresponds to at least an aspect of the biometric data.
12. A portable biometric input sensor as defined in claim 11, further comprisingmeans for encrypting the biometric data further comprising means for encrypting at least an aspect the biometric data; and the transmission means is for receiving the encrypted data and for transmitting a signal in dependence upon the at least an aspect of the encrypted data.
13. A portable biometric input sensor as defined in claim 12 wherein the means for encrypting the biometric data comprise public/private key encryption means.
14. A portable biometric input sensor as defined in claim 12 wherein the means for encrypting the biometric data comprise session key encryption means.
15. A biometric security identification system comprising:
a portable transmitting module comprising a biometric sensing, means for sensingbiometric data, means for encrypting at least an aspect the biometric data, means for encoding the encrypted biometric data, and wireless transmission means for transmitting the encoded encrypted biometric data as an encoded signal; and a receiving module comprising means for receiving the encoded signal, means for extracting the encoded biometric data, means for decrypting the decoded biometric data, means for comparing the biometric data with predetermined reference values, and means for authorizing access to a host system.
a portable transmitting module comprising a biometric sensing, means for sensingbiometric data, means for encrypting at least an aspect the biometric data, means for encoding the encrypted biometric data, and wireless transmission means for transmitting the encoded encrypted biometric data as an encoded signal; and a receiving module comprising means for receiving the encoded signal, means for extracting the encoded biometric data, means for decrypting the decoded biometric data, means for comparing the biometric data with predetermined reference values, and means for authorizing access to a host system.
16. A biometric security identification system as defined in claim 15, wherein said biometric sensing means comprises a fingerprint scanner.
17. A biometric security identification system as defined in claim 15 wherein the means for encrypting the biometric data comprise public/private key encryption means.
18. A biometric security identification system as defined in claim 15 wherein the means for encrypting the biometric data comprise session key encryption means.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US71543296A | 1996-09-18 | 1996-09-18 | |
| US08/715,432 | 1996-09-18 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2233942A1 true CA2233942A1 (en) | 1998-03-26 |
Family
ID=24874030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002233942A Abandoned CA2233942A1 (en) | 1996-09-18 | 1997-09-15 | Biometric identification system for providing secure access |
Country Status (3)
| Country | Link |
|---|---|
| AU (1) | AU4196497A (en) |
| CA (1) | CA2233942A1 (en) |
| WO (1) | WO1998012670A1 (en) |
Families Citing this family (102)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6111977A (en) * | 1997-04-17 | 2000-08-29 | Cross Match Technologies, Inc. | Hand-held fingerprint recognition and transmission device |
| US6263090B1 (en) | 1997-05-19 | 2001-07-17 | Cross Match Technologies, Inc. | Code reader fingerprint scanner |
| US6178255B1 (en) | 1998-04-28 | 2001-01-23 | Cross Match Technologies, Inc. | Individualized fingerprint scanner |
| US6353889B1 (en) | 1998-05-13 | 2002-03-05 | Mytec Technologies Inc. | Portable device and method for accessing data key actuated devices |
| IL127569A0 (en) | 1998-09-16 | 1999-10-28 | Comsense Technologies Ltd | Interactive toys |
| US6607136B1 (en) | 1998-09-16 | 2003-08-19 | Beepcard Inc. | Physical presence digital authentication system |
| JP2002527012A (en) | 1998-10-02 | 2002-08-20 | コムセンス・テクノロジーズ・リミテッド | Card for interaction with computer |
| EP1125393B1 (en) * | 1998-10-14 | 2010-01-20 | Aegis Systems Inc. | Method of sending and receiving secure data with a shared key |
| US7260221B1 (en) | 1998-11-16 | 2007-08-21 | Beepcard Ltd. | Personal communicator authentication |
| IT1303207B1 (en) * | 1998-12-02 | 2000-10-30 | Bottero Spa | GLASS FORMING MACHINE EQUIPPED WITH AN ACCESS LEVEL IDENTIFICATION SYSTEM |
| DE29821644U1 (en) * | 1998-12-04 | 1999-02-18 | Stocko Metallwarenfab Henkels | Authentication system for PC cards |
| CA2256809C (en) * | 1998-12-21 | 2006-09-12 | Digital Security Controls Ltd. | Biometric input device for security system |
| US6507912B1 (en) * | 1999-01-27 | 2003-01-14 | International Business Machines Corporation | Protection of biometric data via key-dependent sampling |
| DE19903919A1 (en) * | 1999-02-01 | 2000-08-03 | Bsh Bosch Siemens Hausgeraete | Electrically operated household appliance |
| US6272562B1 (en) | 1999-05-28 | 2001-08-07 | Cross Match Technologies, Inc. | Access control unit interface |
| US7889052B2 (en) * | 2001-07-10 | 2011-02-15 | Xatra Fund Mx, Llc | Authorizing payment subsequent to RF transactions |
| SE9903341L (en) * | 1999-09-16 | 2001-03-17 | Lennart Eriksson | Procedure and control system |
| WO2001020463A1 (en) * | 1999-09-17 | 2001-03-22 | Fingloq Ab | Security arrangement |
| US7340439B2 (en) | 1999-09-28 | 2008-03-04 | Chameleon Network Inc. | Portable electronic authorization system and method |
| US7080037B2 (en) * | 1999-09-28 | 2006-07-18 | Chameleon Network Inc. | Portable electronic authorization system and method |
| AU7621300A (en) | 1999-09-28 | 2001-04-30 | Chameleon Network Inc. | Portable electronic authorization system and associated method |
| US8019609B2 (en) | 1999-10-04 | 2011-09-13 | Dialware Inc. | Sonic/ultrasonic authentication method |
| DE19963329A1 (en) * | 1999-12-27 | 2001-07-12 | Siemens Ag | Backup of sensor data |
| KR20010080832A (en) * | 2000-01-17 | 2001-08-25 | 안준영 | Finger print cognition type door locking device having function of wireless transmitting finger print data |
| DE10001929A1 (en) * | 2000-01-19 | 2001-08-09 | Skidata Ag | Authorization control facility |
| KR100408785B1 (en) * | 2000-01-24 | 2003-12-11 | 이승호 | Fingerprint Recognition System |
| CZ296706B6 (en) | 2000-02-21 | 2006-05-17 | Trek 2000 International Ltd | Portable data storage device |
| JP2003529143A (en) * | 2000-03-21 | 2003-09-30 | ウィドコム,インコーポレイティド | Security biometric identification system and method |
| US7412604B1 (en) | 2000-03-28 | 2008-08-12 | International Business Machines Corporation | Using biometrics on pervasive devices for mobile identification |
| DE10042856A1 (en) * | 2000-08-30 | 2002-03-14 | Heimann Systems Gmbh & Co | Operation unit for x-ray test apparatus has identification device that is provided to operator, and recognition device that is provided to control panel |
| US6837422B1 (en) | 2000-09-01 | 2005-01-04 | Heimann Systems Gmbh | Service unit for an X-ray examining device |
| AT4892U1 (en) * | 2000-11-03 | 2001-12-27 | Wolfram Peter | DEVICE FOR CONTROLLING FUNCTIONS VIA BIOMETRIC DATA |
| US7337326B2 (en) | 2002-03-28 | 2008-02-26 | Innovation Connection Corporation | Apparatus and method for effecting secure physical and commercial transactions in a contactless manner using biometric identity validation |
| US8103881B2 (en) | 2000-11-06 | 2012-01-24 | Innovation Connection Corporation | System, method and apparatus for electronic ticketing |
| US8015592B2 (en) | 2002-03-28 | 2011-09-06 | Innovation Connection Corporation | System, method and apparatus for enabling transactions using a biometrically enabled programmable magnetic stripe |
| US7512806B2 (en) | 2000-11-30 | 2009-03-31 | Palmsource, Inc. | Security technique for controlling access to a network by a wireless device |
| DE10103948A1 (en) | 2001-01-30 | 2002-08-01 | Bsh Bosch Siemens Hausgeraete | Method and device for controlling household appliances |
| US9219708B2 (en) | 2001-03-22 | 2015-12-22 | DialwareInc. | Method and system for remotely authenticating identification devices |
| US6778688B2 (en) | 2001-05-04 | 2004-08-17 | International Business Machines Corporation | Remote authentication of fingerprints over an insecure network |
| US6937135B2 (en) * | 2001-05-30 | 2005-08-30 | Hewlett-Packard Development Company, L.P. | Face and environment sensing watch |
| US20030046228A1 (en) * | 2001-08-28 | 2003-03-06 | Jean-Marc Berney | User-wearable functional jewelry with biometrics and smartcard to remotely sign and/or authenticate to e-services |
| US7474592B2 (en) | 2001-12-05 | 2009-01-06 | Hewlett-Packard Development Company, L.P. | Secure operation of a versatile device based on whether an authenticated user continues to wear the versatile device after initiating its use |
| AU2003207563A1 (en) | 2002-01-17 | 2003-09-02 | Cross Match Technologies, Inc. | Fingerprint workstation and methods |
| US7204425B2 (en) | 2002-03-18 | 2007-04-17 | Precision Dynamics Corporation | Enhanced identification appliance |
| US8082575B2 (en) | 2002-03-28 | 2011-12-20 | Rampart-Id Systems, Inc. | System, method and apparatus for enabling transactions using a user enabled programmable magnetic stripe |
| USH2120H1 (en) * | 2002-10-10 | 2005-07-05 | The United States Of America As Represented By The Secretary Of The Air Force | Biometric personal identification credential system (PICS) |
| JP2004133794A (en) * | 2002-10-11 | 2004-04-30 | Ntt Docomo Inc | Authentication device, authentication system, and authentication method |
| US20040200896A1 (en) * | 2003-04-14 | 2004-10-14 | Marcus Eckerl | Apparatus for storing and transferring personal data |
| US8032760B2 (en) * | 2003-05-21 | 2011-10-04 | Koninklijke Philips Electronics N.V. | Method and system for authentication of a physical object |
| WO2005020503A1 (en) | 2003-08-25 | 2005-03-03 | Research In Motion Limited | System and method for securing wireless data |
| US9123077B2 (en) | 2003-10-07 | 2015-09-01 | Hospira, Inc. | Medication management system |
| US8065161B2 (en) | 2003-11-13 | 2011-11-22 | Hospira, Inc. | System for maintaining drug information and communicating with medication delivery devices |
| US20050122210A1 (en) * | 2003-12-05 | 2005-06-09 | Honeywell International Inc. | Dual technology door entry person authentication |
| US20090079540A1 (en) * | 2005-12-15 | 2009-03-26 | Evgeniy Aleksandrovich Grafeev | Electronic system of management of multi-address access |
| US7979714B2 (en) | 2006-06-02 | 2011-07-12 | Harris Corporation | Authentication and access control device |
| KR100826872B1 (en) * | 2006-08-30 | 2008-05-06 | 한국전자통신연구원 | Wearable computer system and method controlling information/service in wearable computer system |
| AU2007317669A1 (en) | 2006-10-16 | 2008-05-15 | Hospira, Inc. | System and method for comparing and utilizing activity information and configuration information from mulitple device management systems |
| US8219771B2 (en) * | 2006-10-19 | 2012-07-10 | Stmicroelectronics, Inc. | Portable device for storing private information such as medical, financial or emergency information |
| EP2365477A1 (en) * | 2007-03-14 | 2011-09-14 | Dexrad (Proprietary) Limited | Personal identification device for secure transactions |
| US9026370B2 (en) | 2007-12-18 | 2015-05-05 | Hospira, Inc. | User interface improvements for medical devices |
| US8271106B2 (en) | 2009-04-17 | 2012-09-18 | Hospira, Inc. | System and method for configuring a rule set for medical event management and responses |
| EP2649590B1 (en) * | 2010-12-06 | 2015-12-02 | Yonos Lda. | Wireless biometric access control system and operation method thereof |
| AU2012299169B2 (en) | 2011-08-19 | 2017-08-24 | Icu Medical, Inc. | Systems and methods for a graphical interface including a graphical representation of medical data |
| EP2769357B1 (en) | 2011-10-21 | 2023-08-30 | ICU Medical, Inc. | Medical device update system |
| WO2013090709A1 (en) | 2011-12-16 | 2013-06-20 | Hospira, Inc. | System for monitoring and delivering medication to a patient and method of using the same to minimize the risks associated with automated therapy |
| WO2013148798A1 (en) | 2012-03-30 | 2013-10-03 | Hospira, Inc. | Air detection system and method for detecting air in a pump of an infusion system |
| EP2660749B1 (en) * | 2012-05-03 | 2016-11-30 | Siemens Aktiengesellschaft | Operating device with authentication means |
| CA3089257C (en) | 2012-07-31 | 2023-07-25 | Icu Medical, Inc. | Patient care system for critical medications |
| US20140068725A1 (en) * | 2012-08-31 | 2014-03-06 | Apple Inc. | Wireless Pairing and Communication Between Devices Using Biometric Data |
| US10171458B2 (en) * | 2012-08-31 | 2019-01-01 | Apple Inc. | Wireless pairing and communication between devices using biometric data |
| AU2014225658B2 (en) | 2013-03-06 | 2018-05-31 | Icu Medical, Inc. | Medical device communication method |
| AU2014268355B2 (en) | 2013-05-24 | 2018-06-14 | Icu Medical, Inc. | Multi-sensor infusion system for detecting air or an occlusion in the infusion system |
| AU2014274122A1 (en) | 2013-05-29 | 2016-01-21 | Icu Medical, Inc. | Infusion system and method of use which prevents over-saturation of an analog-to-digital converter |
| ES2838450T3 (en) | 2013-05-29 | 2021-07-02 | Icu Medical Inc | Infusion set that uses one or more sensors and additional information to make an air determination relative to the infusion set |
| EP3039596A4 (en) | 2013-08-30 | 2017-04-12 | Hospira, Inc. | System and method of monitoring and managing a remote infusion regimen |
| US9662436B2 (en) | 2013-09-20 | 2017-05-30 | Icu Medical, Inc. | Fail-safe drug infusion therapy system |
| KR102162955B1 (en) | 2013-10-31 | 2020-10-08 | 삼성전자 주식회사 | Method for performing authentication using biometrics information and portable electronic device supporting the same |
| US10311972B2 (en) | 2013-11-11 | 2019-06-04 | Icu Medical, Inc. | Medical device system performance index |
| AU2014353130B9 (en) | 2013-11-19 | 2019-09-05 | Icu Medical, Inc. | Infusion pump automation system and method |
| US10342917B2 (en) | 2014-02-28 | 2019-07-09 | Icu Medical, Inc. | Infusion system and method which utilizes dual wavelength optical air-in-line detection |
| CA2945647C (en) | 2014-04-30 | 2023-08-08 | Hospira, Inc. | Patient care system with conditional alarm forwarding |
| JP2017517302A (en) | 2014-05-29 | 2017-06-29 | ホスピーラ インコーポレイテッド | Infusion system and pump with configurable closed loop delivery rate catchup |
| US9724470B2 (en) | 2014-06-16 | 2017-08-08 | Icu Medical, Inc. | System for monitoring and delivering medication to a patient and method of using the same to minimize the risks associated with automated therapy |
| US9539383B2 (en) | 2014-09-15 | 2017-01-10 | Hospira, Inc. | System and method that matches delayed infusion auto-programs with manually entered infusion programs and analyzes differences therein |
| CN205050141U (en) | 2014-09-30 | 2016-02-24 | 苹果公司 | Electronic equipment |
| US11344668B2 (en) | 2014-12-19 | 2022-05-31 | Icu Medical, Inc. | Infusion system with concurrent TPN/insulin infusion |
| US10850024B2 (en) | 2015-03-02 | 2020-12-01 | Icu Medical, Inc. | Infusion system, device, and method having advanced infusion features |
| FR3034599B1 (en) * | 2015-04-03 | 2018-08-03 | Idemia France | METHOD FOR SECURELY CONTROLLING A MOBILE TELEPHONE BY A DOOR ELECTRONIC DEVICE AND ELECTRONIC DEVICE ADAPTED TO BEING THE DOOR THEREFOR |
| CA2988094A1 (en) | 2015-05-26 | 2016-12-01 | Icu Medical, Inc. | Infusion pump system and method with multiple drug library editor source capability |
| CA3023658C (en) | 2016-05-13 | 2023-03-07 | Icu Medical, Inc. | Infusion pump system and method with common line auto flush |
| AU2017277804B2 (en) | 2016-06-10 | 2022-05-26 | Icu Medical, Inc. | Acoustic flow sensor for continuous medication flow measurements and feedback control of infusion |
| NZ750032A (en) | 2016-07-14 | 2020-05-29 | Icu Medical Inc | Multi-communication path selection and security system for a medical device |
| US10089055B1 (en) | 2017-12-27 | 2018-10-02 | Icu Medical, Inc. | Synchronized display of screen content on networked devices |
| NZ772135A (en) | 2018-07-17 | 2022-11-25 | Icu Medical Inc | Systems and methods for facilitating clinical messaging in a network environment |
| CA3106516C (en) | 2018-07-17 | 2023-07-25 | Icu Medical, Inc. | Updating infusion pump drug libraries and operational software in a networked environment |
| US10861592B2 (en) | 2018-07-17 | 2020-12-08 | Icu Medical, Inc. | Reducing infusion pump network congestion by staggering updates |
| US11152109B2 (en) | 2018-07-17 | 2021-10-19 | Icu Medical, Inc. | Detecting missing messages from clinical environment |
| US10692595B2 (en) | 2018-07-26 | 2020-06-23 | Icu Medical, Inc. | Drug library dynamic version management |
| CA3107315C (en) | 2018-07-26 | 2023-01-03 | Icu Medical, Inc. | Drug library management system |
| US11278671B2 (en) | 2019-12-04 | 2022-03-22 | Icu Medical, Inc. | Infusion pump with safety sequence keypad |
| WO2022020184A1 (en) | 2020-07-21 | 2022-01-27 | Icu Medical, Inc. | Fluid transfer devices and methods of use |
| US11135360B1 (en) | 2020-12-07 | 2021-10-05 | Icu Medical, Inc. | Concurrent infusion with common line auto flush |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4577345A (en) * | 1984-04-05 | 1986-03-18 | Igor Abramov | Fingerprint sensor |
| GB8525161D0 (en) * | 1985-10-11 | 1985-11-13 | Blackwell V C | Personalised identification device |
| US4993068A (en) * | 1989-11-27 | 1991-02-12 | Motorola, Inc. | Unforgeable personal identification system |
| US5526428A (en) * | 1993-12-29 | 1996-06-11 | International Business Machines Corporation | Access control apparatus and method |
-
1997
- 1997-09-15 AU AU41964/97A patent/AU4196497A/en not_active Abandoned
- 1997-09-15 CA CA002233942A patent/CA2233942A1/en not_active Abandoned
- 1997-09-15 WO PCT/CA1997/000663 patent/WO1998012670A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO1998012670A1 (en) | 1998-03-26 |
| AU4196497A (en) | 1998-04-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2233942A1 (en) | Biometric identification system for providing secure access | |
| US6484260B1 (en) | Personal identification system | |
| US6848052B2 (en) | High security personalized wireless portable biometric device | |
| US8000506B2 (en) | Fingerprint detecting wireless device | |
| US6038666A (en) | Remote identity verification technique using a personal identification device | |
| AU736113B2 (en) | Personal identification authenticating with fingerprint identification | |
| US9342674B2 (en) | Man-machine interface for controlling access to electronic devices | |
| US7111174B2 (en) | Method and system for providing access to secure entity or service by a subset of N persons of M designated persons | |
| US6914517B2 (en) | Fingerprint sensor with feature authentication | |
| US7774613B2 (en) | Security technique for controlling access to a network by a wireless device | |
| US7493495B2 (en) | Biometrics interface | |
| US7278025B2 (en) | Secure biometric verification of identity | |
| NZ232106A (en) | Secure data interchange system: verification of card, terminal and user validity | |
| CA2105404A1 (en) | Biometric token for authorizing access to a host system | |
| JP2004164347A (en) | Ic card and method for principal authentication using the same | |
| US7200755B2 (en) | Method and system for providing gated access for a third party to a secure entity or service | |
| US6973565B2 (en) | Biometrically secured memory IC | |
| JPH10334239A (en) | Terminal equipment | |
| KR20020004368A (en) | Operating method of computer system using electronic authentication system | |
| KR20020090061A (en) | Wireless Input Device with Finger Print Device | |
| GB2401822A (en) | Computer system with data carrier having biometric user identification | |
| JP2003036245A (en) | Personal authentication device | |
| KR20020060875A (en) | Electronic seal for user authentication in service systems for closed customers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDE | Discontinued |