CA2329311A1 - Electronic device and method for the authentication of a user of said device - Google Patents
Electronic device and method for the authentication of a user of said device Download PDFInfo
- Publication number
- CA2329311A1 CA2329311A1 CA002329311A CA2329311A CA2329311A1 CA 2329311 A1 CA2329311 A1 CA 2329311A1 CA 002329311 A CA002329311 A CA 002329311A CA 2329311 A CA2329311 A CA 2329311A CA 2329311 A1 CA2329311 A1 CA 2329311A1
- Authority
- CA
- Canada
- Prior art keywords
- authentication
- user
- input
- information
- biometric characteristics
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title claims description 29
- 238000012545 processing Methods 0.000 claims abstract description 15
- 239000013598 vector Substances 0.000 claims description 27
- 238000013139 quantization Methods 0.000 claims description 4
- 230000015572 biosynthetic process Effects 0.000 claims description 2
- 238000005259 measurement Methods 0.000 claims description 2
- 230000010365 information processing Effects 0.000 claims 1
- 238000012360 testing method Methods 0.000 abstract 2
- 238000001514 detection method Methods 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 238000011156 evaluation Methods 0.000 description 3
- 101710100421 Plantazolicin Proteins 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000005061 slumber Effects 0.000 description 2
- 229920001817 Agar Polymers 0.000 description 1
- 244000099147 Ananas comosus Species 0.000 description 1
- 235000007119 Ananas comosus Nutrition 0.000 description 1
- 101100493897 Arabidopsis thaliana BGLU30 gene Proteins 0.000 description 1
- NLZUEZXRPGMBCV-UHFFFAOYSA-N Butylhydroxytoluene Chemical compound CC1=CC(C(C)(C)C)=C(O)C(C(C)(C)C)=C1 NLZUEZXRPGMBCV-UHFFFAOYSA-N 0.000 description 1
- 241000282472 Canis lupus familiaris Species 0.000 description 1
- 241000479907 Devia <beetle> Species 0.000 description 1
- 244000287680 Garcinia dulcis Species 0.000 description 1
- 206010027783 Moaning Diseases 0.000 description 1
- YFONKFDEZLYQDH-OPQQBVKSSA-N N-[(1R,2S)-2,6-dimethyindan-1-yl]-6-[(1R)-1-fluoroethyl]-1,3,5-triazine-2,4-diamine Chemical compound C[C@@H](F)C1=NC(N)=NC(N[C@H]2C3=CC(C)=CC=C3C[C@@H]2C)=N1 YFONKFDEZLYQDH-OPQQBVKSSA-N 0.000 description 1
- 101100502015 Streptococcus pneumoniae serotype 4 (strain ATCC BAA-334 / TIGR4) exp7 gene Proteins 0.000 description 1
- 102000007315 Telomeric Repeat Binding Protein 1 Human genes 0.000 description 1
- 108010033711 Telomeric Repeat Binding Protein 1 Proteins 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 239000008272 agar Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000005021 gait Effects 0.000 description 1
- 230000001537 neural effect Effects 0.000 description 1
- 108090000623 proteins and genes Proteins 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 101150019895 thiE gene Proteins 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/12—Fingerprints or palmprints
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/66—Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
- H04M1/667—Preventing unauthorised calls from a telephone set
- H04M1/67—Preventing unauthorised calls from a telephone set by electronic means
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C11/00—Arrangements, systems or apparatus for checking, e.g. the occurrence of a condition, not provided for elsewhere
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/04—Interfaces between hierarchically different network devices
- H04W92/08—Interfaces between hierarchically different network devices between user and terminal device
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Biomedical Technology (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Finance (AREA)
- Multimedia (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Collating Specific Patterns (AREA)
- Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The inventive device comprises sensors (SE) for detecting biometric characteristics BM (e.g. finger pints) and an input device for inputting authentication data AUTINF (e.g. PIN). A data processing device (DE) of the inventive device determines authentication information FPAUTINF from the biometric characteristics BM. Said information is tested by the same testing device PE which tests the authentication information AUTINF to be input via the input device EE. As a result, the device EG can be used by different users and in the same manner as devices without sensors for biometric characteristics. The authentication rules (e.g. for mobile telephones and SIM
cards) do not have to be changed in order to permit an authentication using biometric characteristics.
cards) do not have to be changed in order to permit an authentication using biometric characteristics.
Description
~.~ t ~ ~ ~ ~ C ~ 0 0 ~ : 6 0 F M ~ 02329311 2000-10-19 a Description E1~atronic device arid method for the authentication of a user of said dpviap v~wY dlrr~~~C~~~ ~y~~d ~r elecl:rvnlc device LUi' wtiic;h d ur~~x~ hdd to be authenticated before it is used are known. Important examples are eomputerE in variouo configurations (deviaeE for i nformat i r.~n ~aroc~aAAi.ng) and t.Rl.ecommt~nics.tion device9, such as mobile phones ror example. some Bevices are generally protected against unauthorized use, for example by a password:
in the case of other devices, only certain functions are protected agc.inAt unauthorized accoas (for example by a eo-called Personal Identification Numbor, DIN). This also innlud~s the prot.-.p~!t:i pn o.f, aoreR~s tQ certain data or services, even if they are not made available by the device buL by other devices in a computer network or communications network.
No doubt the moat frequent typ~ of input o~ authentication information today is input via a keyboard or koypad of the device. After input, trie correctn~s~ of the information input, and consequently the authorization of the user Carrying out the input, is checked by a checking means iiz the device or lu a computer networlc or communications network. In the ca:e of mobile phones conforming to the GSM standard, this tak~e plane by a r7a.ra-pr~r..pssi.ng means on the so-call~d SIM card of the device checking whethez~ the YIN input matches the information stored on the SIM card. =.C l,hls id the case, the SIM Card enables the mobile phone for use. The security of the tolaphone customer ie enhanced here by the feet that the GSM
standard dogs nor. allow the PIN to be stored in the devico but only in encxypted form on the SrM card.
Received Oct-11-00 03:36pm From- To-Smart & BiQQar Paae 002 ~Ct~ll. 2~~~ ~~60PM ~ 02329311 2000-10-19 ~~.0161 P.
For some time, technologies which allow other forms vL ur~er authentication have been available. These technologies are based on the detection of user-speeifi,c biomctric charact,eristirs by special sensors. Sensox~a for fingerprint detection are an important example of this. Ot.-.her biometric characa~rl~l,lcs, such as the texture o~ the retina of the human eye or the characteristics o.C a human voice for example.
are likewise already used in some devisee.
The Characteristics c7a1-c~Ct-ed by the sensors are usually t;mn~ared in a data-processing means of the device o.r. hr a communications nel.wvrk with the known characteristiCS of an authorised usQr, and if they coincide sufficiently, access to th~a desired service, the required data or the chosen device function 1~ enabled.
Iil LiG~ltLl~ types of device, it appears to be aQvisable to combine the two types of authemticBLio~x w~utivned with one ano>rher.
For example in the case of mobile phones, it is undoubtedly desirable not only that they can be used by their owner by means of a f. i nga~rprint, ~ensor, but also that other persons who have been notified of the rllV or who would like to use thR
device wil,h ~tieir own SzM card are in a position to us~ it within the limits o~ the authorisation to which they dre entitled. Tn addition, the authentication by means of a fingerpri.nfi ovuld occasionally tail or not be possible, for example because the hands of r_hR agar are soiled or the user is wearing gloves. For thepe or similar ~'easons, it is desirable or necessary that one ox more assts r~L t~ device can authenticate themselves on it by different mee~ns. Hiometric authentication, ire to be possible in th~se cases along with authentication by PIN input. In the case of mobile phones confomm~.ng to the c~SM r~t;a,ndard, it is additionally the case Received Oct-11-00 03:36pm From- To-Smart & BIQQar Page 003 .. _._ ._,....a,.,d.. ~.._.. .. ..._..~_M~..,~....~, ".__~.,..~,.~,"."~.~y.."",~~..
~;50FM ~ 02329311 2000-10-19 that the standard prescribes the possibil~.ty of authentication by p=N input ae mandatoz-y.
Tt follows from th~ situativrz described that use of conventional biometric authentication mothods is not possible in the case of mobile phones conforming to the GeM standard, because P=N a~u~h~m~lc:a~ivrx with the S=M card is a mandatory requirement for them for reasons of compatibility with the GSM
standard alone. The at firot ~seemix~gly obviouo poAaibility of storing the DIN in the devise and transferr~.ng this stored PIN
to the SIM card for checking purposw~ if thprR ig a.r~ucce99fiu1 outcome of t~.e check Lo ascertain whether the detected fiizgerpriut coinr:ldeb with t,xaa sl.vrec'i riugex~print of arz authorized uecr is discounted because storage of the p=N ~,n the mobile phon~ anywhere else than within the 8IM card is prohibited by t-.hR GSM stand.axd for Security reasons. Hiometrie auLhenzicazion would consequently only come into consideration iiz these ca~s~s ae ate ac3,c~iCivual ~afeguard~. Such an additional safeguard is not required, however, in view of the high security of th~ authen.tieativn of the PTN input,and would probably also not ba a.r_r_Rpt~~3 by ma.z~y u~aer9.
Thn invention is therefore based on the object of sQecirying a technical teaching which allows the tpy1b111b11.lUIl Vf a biometric user authentication with an authentication by PTN input even in the case of mobil~ phones conforming to the GSM standard or in similar circumstances, it being int-.endpd for one form of authentication to be sufficient in each caste. l~he user is consequently l:o txdve t;he choice of which type of authentication he wishes to use, zt is coaceiva~ble, however, that a specially distinguished user (for example the owner of the device) is given the pc~araihil.d.t.y of sgttine~ the loc,~ic ~1ND
operation of the two types or authent1C3L7.On on trie CIeViCe.
Roceived Oct-11-00 03:36pm From- To-Smart ~ Biaaar Paao 004 Oct~11~ 2~~~ ~:61PM ~ 02329311 2000-10-19 This object ig achieved by a clevi.c:p or a method according to one of the patent Claims.
The invetztion provides that biometric characteristics of the user are detected by a sensor means and information acrving for authentication is det~rmin~d with the aid of mathematical mpthnc3~ f.rnm the detected biometriC Characteristics. Ae a result, authezl>ricaczon information which can be checked by the tjcllllC C:~I~C:kllli.~ means as authentication information input by the user via an information itxput device (for ~xamplc ,~ keyboard or keypad) is obtained at the ~nd of the evaluation of the biometric characteristic: _ In the r~imp.L~!st rasa, r_he result of the evaluation of the fingerprint is the same PIN which users could also have input via ttie kCyJ;7oard or keypad. Thi~ FIN is not stored in the device, however, but is calculated from biomctric characteriaticc of a user detected by a sensor means.
This type of evaluation of Lhe biomet:ric characteristics detected by d seusv,~~ means makes this type of authentication equivalezxt in outcome to the authcatication by meanp of keyboard or keypad input, and,the customary interface for checking the validity of the authentication .1_t,.f.ormsti nn aan rRm~ri.n unr_hanged. In particular, it ie not necessary for any requirements prescribed by ecandardi~ co be changed. The twv methods of authentication can be used alongside one another without a.ny diffiault:iec; the user has at any time dad is every situation th~ free choice betwo~n the two methods. It is of course also pn~~i b1 R t~n usc~ both in an AND combination, in which only the user who successfully nego>riatea >rhe twv authentication paths is given aecer~r~.
Received Oct-11-00 03:36am From- To-5mart ~ 6iaaar Page 005 ~Ct~11~ 2~~~ ~:61PM ~ 02329311 2000-10-19 NO~~~5~ F~ 6 ~t~he invention is described in more detail below on >rhe basis o~ preferred exemplary ev~vdimCmt,r~ arid wi~ti Ltie e,id vL
figures .
Figure 1 shows an exemplary embodiment of the invention in , which all the methods and means are integrated in one device.
Figure 2 shows an exemplary embodiment of the invr~al:ion iii Which the checking moans is not located within the device.
Figure.3 shows an exemplary embodiment of the invention in whi.r_h a display device for the display of authentication information is integrated in the device.
A gaits specific but important embodimcrit of the invention io a mobile phone conforming to the GSM standard, which hara a fingerprint sensor for user authentication. This fingerprint sensor is a special case of the sensor means (g~) repre~ented in Figure 1. It a user of the device (ECM) places a finger on this fingerprint sensor ar~.d the device is awaiting an authentication, ouch ac the input of a PZN or super PIN or DIN2 (partly manufacturer.-dependent) ~or example, the f 1 ngprpri nt ~Pn~nr c7at~r..t >~ t-.he r..~rr~sp~nc31 ng bi om~.tri r..
characteristics (HM) of the user concerned and passes triem to a data processing means (DE).
Try the car~~ of the GSM mobile phoa~, this data processing means is the processor already present in any case in the mobile phone in conjunction with software running on it. On tha other hand, however, the fingerprint sent~or (or more generally: the sensor means) could aleso l:zave iLs vwrx prwc;eer~or unit, on which a Qpccial software performing the fingerprint detection runs, so that, in the sense of this invention, the data processing means is fully or partly integrates into the Racoivod Oct-11-DD D3:36pm Fram- To-Smart Z BiQQar Page OD6 ~ C t ~ ~ ~ ~ L ~ ~ ~ ~ : 51 P M ~ 02329311 2000-10-19 sensor means . Since the f ingerpri.z~t deter._t i on i t ac~1 f , a s wc~11.
ae other meLhoda of detecting biometric charact~ristics and their z~eali,zation on data processing means of different configurations (and partitioning into aubayatemm or a~amcmbly from known. hardware module) , are sufficiently ltnown to a pereorl skilled in the art, this part of r~alizing tho invention no doubt does not present any particular problems.
Accox~diry Lv Ltie preseiiL imveiiLl~u, 1.111s data processing device then deteL-mines information suitable for the authentication o~ the user ~rom the detected biometric charactmristics. In th~ simplest case, thin ire the PIN (or PIN2 or the like) of the user - accepted ae entitled - stored in an encrypted form on the SIM card. This PIN is then transferred to the SIM card for checking in the same way ae if it had been input by the uper via the numeric keypad , (information input device) of the mobile phone. Th~ checking process known to every person skilled in the art and provided in the GSM standard than proceeds in zhe checking means of the mobile phone (SIM card, if appropriate in conjunction with thG
data processing means of the dcvicc). If the authentication information FPAU'fINF) ire oorr~ot, i.e. coincides with the PIN
storRd on i-.he STM card, t:he device function protected by the authentication ( for example network acre~s, etc . ) is ~enabl ~ec3 _ A decisive advantage of the solution according to Llae invention described ie that the fingErprint detection in the case of the authorized user loads to transfer of the uaer~e ~'IN to the SIM Card, since this allows the a~ear_t~.ri i-.y r~qul.~~emaixtd prescribed by the C~SM standard to remain completely unchanged. Other, at first perYiapr~ e~eemingly obvious solutionB do not have thin attributo. In any event, any other an7.ut:i nn would rec,~.tire either ~n additional input of the P2N via the keypad or a way of avoiding or changing the Received Oct-11-00 03:36pm From- To-Smart & BIQaar Pale 00T
~Ct~ll. 2~~~ ~:52PM ~ 02329311 2000-10-19 ~~.0151 F.
GSM standard. As1 daditional input of the 8IN via the keypad would only be moaning~ul i~ the fingerprint dete~ti~ix wGwC
conceived as an additiozsal security measure in addition to the PIN i nput. .
such an additional authentication is of course also possii'lp with the present invention. Isz Lhic~ case, it would be nocesaary ~or the e~uthentication information determined from the senoor data not to be transferred to the BIM card. Instead of th.i~, a false PIN could, for exampl~, be deliberately Eent Lo the sIM card or an input error or abnormal t:prmination of the input or the like c;vuld be simulated. The eIM card would then aga~.n regucat PIN znput. If the PIN input coincides or is compatible with the one determined, the data processing means (DE) could trana~er this PIN to the SIM card, whereupon the latter would provide the enabling function.
o~ course, the PIN dot:G~w~irsed from the sensor data does not have to be identical with the SIM card PxN. If the etarldard or - in the case o~ other deviceE - the rcapoctively relevant security protocols allow, f.he checking means could also cheek two different items of authentication i.nfnrmat.ion to ascertain whether they match one ailvl;>aer.
In the case of other devices, wh~.ch are riot subject to tile GSM
starsc3arcl, the authentication information F1'AUTTNP' calculated fz~om the sensor data could, even it the case of authentication by sensor data alone tthat is to say independpnt.-..ly of and along with PTN input), be diff~iwrst from the authentication information A'UTINF input vi,~ a lceypad, as long as the chec:kirsg means detects that the two match in the sense that they both refer to the authorized user.
Recoivad Oct-11-00 08:86pm From- Tc-Smart 8. Bimmar Page OOA
~Ct~~~~ L~~~ ~;52FM ~ 02329311 2000-10-19 In principle, all mathematical representations (LuriCtioris) which assign tc~ a fingerprint or other HM a PIN vi~ b~tne oLrmr form of (generally alphanumerically encoded) authentication information AUTINF arid satisfy the following conditions come into consideration ae methods of calculation for a.uth~rt-.1 rata nn i nforma.t.i..on FPAT1TTNF from a HM:
a) su=ficiently similar HMS lead to the same authentication 111LUt'~tle~l:iUn FPAUTINF;
b) suffxczently different DMa lead to different authentication information FPAUTINF.
r_.) it. ire virtually impossible for an unauthorized user to determine (for example guess) zhe authentication informar_inn FPAUTTNF from the HM or without knowledge of the 8M.
The condition a) io intcndcd to ensure that the fingerprint detection is sufficiently robust with rospect to minor di:turhanr_efi_ nt:hprwi.ae, t:. he rejection rate of authorized users would be too high. C:onditivn b) ensures that fingerpxwinl.r~ vL different users lead to dlllerent authentication iza,formation FPAUTINF with an adequately high degree of probability. The significance of condition c) is obViou9.
A person skilled in the art is familiar with various mathematical xepreaentation6 whic;x~r~dtisfy these requirements (poeEibly to a grcatQr or lesser e:ctent). A representation with these attributeA is provid~d by sv-called vector quantizaLion. This m~thr~d, which is actually known to a person skilled in the art, is to be explained here only to the extant which appoara to be reguired for an uuc~er~atanding of zhe invention.
It this method is applied for the purposes of th~ prasprit i~uv~rttivn, it ie firstly presupposed that the biometric _g_ Roaoivod Oct-ii-00 08c86pm From- To-Smart S BIQQaf PaQO OOA
~Ct~~~~ ~~~~ ~:62PM ~ 02329311 2000-10-19 characteristics detected by the sensor means can be brought into the form of a ao-called charav::l:Gi~ist,ie vector. Thip assumption ig not a restriction in pz:actice, since the be,cxbow data can always be represented as an ordered n tuple of n measurement data (characteristic vectors). The characteriotic vectors form an n-dimen~ional spar_P . Tn f~hi.s Space, a set of charac~t;crisl.ic vectors (codebvok vectors) would exigt and a degree of disparity (degree or similarity for biomeLric characteripties) would be defined. For each sample vector there is in this apace a sell, which io defined by the rule that, for ~aeh r_harsrt.~ristic vector in a cell, the sample vector of Lh~,p cell is trie nearest ~ample ver_t-.nr. i n t: he genes of this degree oL aispdrity.
each sample vector ie assumed to be assigned an item of information ~mixal~le in principle far authentication. A sample vector is a~signed the correct authant:idation information (fcr example the ar:~udl PIN). It is obvious from these explanations that the dete~-rnination of the xiaa.zwr~t sample vector to a ss.mple vector which eorrcsponda to the detected sensor data leads to the correct information (actual PIN) in the cast of the authorized user and otherwise supplieo false authentication information. ~t~he error rates of t:hi ~ method can be optimized :lr i~ is ensured Chat the characteris>rie vector asoaCiatcd with the biomctric characteristi~:s yr the authorized user is one of the sample vectoro. This can be achieved by t'he gygtem adapting itself to the biometriG
characterieLics Ot the authori~pd user (codebook adaptatioxx) in an initiaLi~at;ion phase.
Th~ v~etor quantization io not the only method which can be used in conjunrti,on with the invention. A person altillcd in the art ip familiar w~.Lh otrier methods, w>1i c>a, t.herefore do not have to be exp7.ained here.
_g..
Received Oct-11-00 03:36pm From- To-Smart 8 Biaaar Paae 010 0 C t . » . ~ ~ ~ 0 ~ : 5 2 P M ~ 02329311 2000-10-19 ~ O , p ~ 5 ~ F , If the literal ~enao is taken as a basis - the oa.lculation of the authentication inform0.tion FBAUTINF from the biomei.ric;
characteristics of a user by vector quantiaation actually also involves a "storage of the pIN" in th~ device, since each ~9ample veCtOr Of Lhe codebook is indeed assigned an item of authentication informal.i,vu (FPAUT=NF) that its possible in prinCxple. I~3owe~rer, in virtually all cases (apart from one, namely that of the sample vector of the authorised uaei) this is not really suitable ~or auth~ntication. For example, in the case of a five-place alpha.m~mari.c PIN, in the ideal cave all c:o~ic;eivable PZNs, and for each one a sample veor_or, ar_e therefore stored in su~:h a~ wr~,y that only if there is sufficiently aacuratc detection of the mample vector in tlm tensor can the valid PIN be addreoaed. Although the correct FIN is Cherefore arr_nrdi.ngly "stored in the device ~~ , it ie lost among the great number of conceivshle 1?INs, and can only be found for LhG person with the correC>r biometric chaxacteristica. Thi~ ~tate of ~,LLdirs is not inCended when the standard pxohibite the storage of the PIN in the device.
In the Case Of Lhe C3SM ~tandarc3, t:he storiz~ of the pIN in the device is iivl. allowed. Often, however, a change of the DTN i.s neceAaary, for example beoa~use it has become known to a LhirCi party. If, however, the PIN is determined from thG fingerprint (i.e, calculated), this initially appears to be impossible, since iC is not possible tn change a fingerprint or other biom~t,wlc; characters~ties. 1n order nRVertheless to givQ the user the possibilitr~y yr changing his PIN, Lhe invention provides in a preferred embodiment that, inst~a~i of only one method of calculation, a whole oct of such methods are available in the dsvirp_ Each individual method of calculation ovuld be assigned a Consecutive slumber, so that. a user authorized to do so could at any time change the method uBed.
Received act-11-00 03:36pm Prom- To-Smart & Riaaar Paae 011
in the case of other devices, only certain functions are protected agc.inAt unauthorized accoas (for example by a eo-called Personal Identification Numbor, DIN). This also innlud~s the prot.-.p~!t:i pn o.f, aoreR~s tQ certain data or services, even if they are not made available by the device buL by other devices in a computer network or communications network.
No doubt the moat frequent typ~ of input o~ authentication information today is input via a keyboard or koypad of the device. After input, trie correctn~s~ of the information input, and consequently the authorization of the user Carrying out the input, is checked by a checking means iiz the device or lu a computer networlc or communications network. In the ca:e of mobile phones conforming to the GSM standard, this tak~e plane by a r7a.ra-pr~r..pssi.ng means on the so-call~d SIM card of the device checking whethez~ the YIN input matches the information stored on the SIM card. =.C l,hls id the case, the SIM Card enables the mobile phone for use. The security of the tolaphone customer ie enhanced here by the feet that the GSM
standard dogs nor. allow the PIN to be stored in the devico but only in encxypted form on the SrM card.
Received Oct-11-00 03:36pm From- To-Smart & BiQQar Paae 002 ~Ct~ll. 2~~~ ~~60PM ~ 02329311 2000-10-19 ~~.0161 P.
For some time, technologies which allow other forms vL ur~er authentication have been available. These technologies are based on the detection of user-speeifi,c biomctric charact,eristirs by special sensors. Sensox~a for fingerprint detection are an important example of this. Ot.-.her biometric characa~rl~l,lcs, such as the texture o~ the retina of the human eye or the characteristics o.C a human voice for example.
are likewise already used in some devisee.
The Characteristics c7a1-c~Ct-ed by the sensors are usually t;mn~ared in a data-processing means of the device o.r. hr a communications nel.wvrk with the known characteristiCS of an authorised usQr, and if they coincide sufficiently, access to th~a desired service, the required data or the chosen device function 1~ enabled.
Iil LiG~ltLl~ types of device, it appears to be aQvisable to combine the two types of authemticBLio~x w~utivned with one ano>rher.
For example in the case of mobile phones, it is undoubtedly desirable not only that they can be used by their owner by means of a f. i nga~rprint, ~ensor, but also that other persons who have been notified of the rllV or who would like to use thR
device wil,h ~tieir own SzM card are in a position to us~ it within the limits o~ the authorisation to which they dre entitled. Tn addition, the authentication by means of a fingerpri.nfi ovuld occasionally tail or not be possible, for example because the hands of r_hR agar are soiled or the user is wearing gloves. For thepe or similar ~'easons, it is desirable or necessary that one ox more assts r~L t~ device can authenticate themselves on it by different mee~ns. Hiometric authentication, ire to be possible in th~se cases along with authentication by PIN input. In the case of mobile phones confomm~.ng to the c~SM r~t;a,ndard, it is additionally the case Received Oct-11-00 03:36pm From- To-Smart & BIQQar Page 003 .. _._ ._,....a,.,d.. ~.._.. .. ..._..~_M~..,~....~, ".__~.,..~,.~,"."~.~y.."",~~..
~;50FM ~ 02329311 2000-10-19 that the standard prescribes the possibil~.ty of authentication by p=N input ae mandatoz-y.
Tt follows from th~ situativrz described that use of conventional biometric authentication mothods is not possible in the case of mobile phones conforming to the GeM standard, because P=N a~u~h~m~lc:a~ivrx with the S=M card is a mandatory requirement for them for reasons of compatibility with the GSM
standard alone. The at firot ~seemix~gly obviouo poAaibility of storing the DIN in the devise and transferr~.ng this stored PIN
to the SIM card for checking purposw~ if thprR ig a.r~ucce99fiu1 outcome of t~.e check Lo ascertain whether the detected fiizgerpriut coinr:ldeb with t,xaa sl.vrec'i riugex~print of arz authorized uecr is discounted because storage of the p=N ~,n the mobile phon~ anywhere else than within the 8IM card is prohibited by t-.hR GSM stand.axd for Security reasons. Hiometrie auLhenzicazion would consequently only come into consideration iiz these ca~s~s ae ate ac3,c~iCivual ~afeguard~. Such an additional safeguard is not required, however, in view of the high security of th~ authen.tieativn of the PTN input,and would probably also not ba a.r_r_Rpt~~3 by ma.z~y u~aer9.
Thn invention is therefore based on the object of sQecirying a technical teaching which allows the tpy1b111b11.lUIl Vf a biometric user authentication with an authentication by PTN input even in the case of mobil~ phones conforming to the GSM standard or in similar circumstances, it being int-.endpd for one form of authentication to be sufficient in each caste. l~he user is consequently l:o txdve t;he choice of which type of authentication he wishes to use, zt is coaceiva~ble, however, that a specially distinguished user (for example the owner of the device) is given the pc~araihil.d.t.y of sgttine~ the loc,~ic ~1ND
operation of the two types or authent1C3L7.On on trie CIeViCe.
Roceived Oct-11-00 03:36pm From- To-Smart ~ Biaaar Paao 004 Oct~11~ 2~~~ ~:61PM ~ 02329311 2000-10-19 This object ig achieved by a clevi.c:p or a method according to one of the patent Claims.
The invetztion provides that biometric characteristics of the user are detected by a sensor means and information acrving for authentication is det~rmin~d with the aid of mathematical mpthnc3~ f.rnm the detected biometriC Characteristics. Ae a result, authezl>ricaczon information which can be checked by the tjcllllC C:~I~C:kllli.~ means as authentication information input by the user via an information itxput device (for ~xamplc ,~ keyboard or keypad) is obtained at the ~nd of the evaluation of the biometric characteristic: _ In the r~imp.L~!st rasa, r_he result of the evaluation of the fingerprint is the same PIN which users could also have input via ttie kCyJ;7oard or keypad. Thi~ FIN is not stored in the device, however, but is calculated from biomctric characteriaticc of a user detected by a sensor means.
This type of evaluation of Lhe biomet:ric characteristics detected by d seusv,~~ means makes this type of authentication equivalezxt in outcome to the authcatication by meanp of keyboard or keypad input, and,the customary interface for checking the validity of the authentication .1_t,.f.ormsti nn aan rRm~ri.n unr_hanged. In particular, it ie not necessary for any requirements prescribed by ecandardi~ co be changed. The twv methods of authentication can be used alongside one another without a.ny diffiault:iec; the user has at any time dad is every situation th~ free choice betwo~n the two methods. It is of course also pn~~i b1 R t~n usc~ both in an AND combination, in which only the user who successfully nego>riatea >rhe twv authentication paths is given aecer~r~.
Received Oct-11-00 03:36am From- To-5mart ~ 6iaaar Page 005 ~Ct~11~ 2~~~ ~:61PM ~ 02329311 2000-10-19 NO~~~5~ F~ 6 ~t~he invention is described in more detail below on >rhe basis o~ preferred exemplary ev~vdimCmt,r~ arid wi~ti Ltie e,id vL
figures .
Figure 1 shows an exemplary embodiment of the invention in , which all the methods and means are integrated in one device.
Figure 2 shows an exemplary embodiment of the invr~al:ion iii Which the checking moans is not located within the device.
Figure.3 shows an exemplary embodiment of the invention in whi.r_h a display device for the display of authentication information is integrated in the device.
A gaits specific but important embodimcrit of the invention io a mobile phone conforming to the GSM standard, which hara a fingerprint sensor for user authentication. This fingerprint sensor is a special case of the sensor means (g~) repre~ented in Figure 1. It a user of the device (ECM) places a finger on this fingerprint sensor ar~.d the device is awaiting an authentication, ouch ac the input of a PZN or super PIN or DIN2 (partly manufacturer.-dependent) ~or example, the f 1 ngprpri nt ~Pn~nr c7at~r..t >~ t-.he r..~rr~sp~nc31 ng bi om~.tri r..
characteristics (HM) of the user concerned and passes triem to a data processing means (DE).
Try the car~~ of the GSM mobile phoa~, this data processing means is the processor already present in any case in the mobile phone in conjunction with software running on it. On tha other hand, however, the fingerprint sent~or (or more generally: the sensor means) could aleso l:zave iLs vwrx prwc;eer~or unit, on which a Qpccial software performing the fingerprint detection runs, so that, in the sense of this invention, the data processing means is fully or partly integrates into the Racoivod Oct-11-DD D3:36pm Fram- To-Smart Z BiQQar Page OD6 ~ C t ~ ~ ~ ~ L ~ ~ ~ ~ : 51 P M ~ 02329311 2000-10-19 sensor means . Since the f ingerpri.z~t deter._t i on i t ac~1 f , a s wc~11.
ae other meLhoda of detecting biometric charact~ristics and their z~eali,zation on data processing means of different configurations (and partitioning into aubayatemm or a~amcmbly from known. hardware module) , are sufficiently ltnown to a pereorl skilled in the art, this part of r~alizing tho invention no doubt does not present any particular problems.
Accox~diry Lv Ltie preseiiL imveiiLl~u, 1.111s data processing device then deteL-mines information suitable for the authentication o~ the user ~rom the detected biometric charactmristics. In th~ simplest case, thin ire the PIN (or PIN2 or the like) of the user - accepted ae entitled - stored in an encrypted form on the SIM card. This PIN is then transferred to the SIM card for checking in the same way ae if it had been input by the uper via the numeric keypad , (information input device) of the mobile phone. Th~ checking process known to every person skilled in the art and provided in the GSM standard than proceeds in zhe checking means of the mobile phone (SIM card, if appropriate in conjunction with thG
data processing means of the dcvicc). If the authentication information FPAU'fINF) ire oorr~ot, i.e. coincides with the PIN
storRd on i-.he STM card, t:he device function protected by the authentication ( for example network acre~s, etc . ) is ~enabl ~ec3 _ A decisive advantage of the solution according to Llae invention described ie that the fingErprint detection in the case of the authorized user loads to transfer of the uaer~e ~'IN to the SIM Card, since this allows the a~ear_t~.ri i-.y r~qul.~~emaixtd prescribed by the C~SM standard to remain completely unchanged. Other, at first perYiapr~ e~eemingly obvious solutionB do not have thin attributo. In any event, any other an7.ut:i nn would rec,~.tire either ~n additional input of the P2N via the keypad or a way of avoiding or changing the Received Oct-11-00 03:36pm From- To-Smart & BIQaar Pale 00T
~Ct~ll. 2~~~ ~:52PM ~ 02329311 2000-10-19 ~~.0151 F.
GSM standard. As1 daditional input of the 8IN via the keypad would only be moaning~ul i~ the fingerprint dete~ti~ix wGwC
conceived as an additiozsal security measure in addition to the PIN i nput. .
such an additional authentication is of course also possii'lp with the present invention. Isz Lhic~ case, it would be nocesaary ~or the e~uthentication information determined from the senoor data not to be transferred to the BIM card. Instead of th.i~, a false PIN could, for exampl~, be deliberately Eent Lo the sIM card or an input error or abnormal t:prmination of the input or the like c;vuld be simulated. The eIM card would then aga~.n regucat PIN znput. If the PIN input coincides or is compatible with the one determined, the data processing means (DE) could trana~er this PIN to the SIM card, whereupon the latter would provide the enabling function.
o~ course, the PIN dot:G~w~irsed from the sensor data does not have to be identical with the SIM card PxN. If the etarldard or - in the case o~ other deviceE - the rcapoctively relevant security protocols allow, f.he checking means could also cheek two different items of authentication i.nfnrmat.ion to ascertain whether they match one ailvl;>aer.
In the case of other devices, wh~.ch are riot subject to tile GSM
starsc3arcl, the authentication information F1'AUTTNP' calculated fz~om the sensor data could, even it the case of authentication by sensor data alone tthat is to say independpnt.-..ly of and along with PTN input), be diff~iwrst from the authentication information A'UTINF input vi,~ a lceypad, as long as the chec:kirsg means detects that the two match in the sense that they both refer to the authorized user.
Recoivad Oct-11-00 08:86pm From- Tc-Smart 8. Bimmar Page OOA
~Ct~~~~ L~~~ ~;52FM ~ 02329311 2000-10-19 In principle, all mathematical representations (LuriCtioris) which assign tc~ a fingerprint or other HM a PIN vi~ b~tne oLrmr form of (generally alphanumerically encoded) authentication information AUTINF arid satisfy the following conditions come into consideration ae methods of calculation for a.uth~rt-.1 rata nn i nforma.t.i..on FPAT1TTNF from a HM:
a) su=ficiently similar HMS lead to the same authentication 111LUt'~tle~l:iUn FPAUTINF;
b) suffxczently different DMa lead to different authentication information FPAUTINF.
r_.) it. ire virtually impossible for an unauthorized user to determine (for example guess) zhe authentication informar_inn FPAUTTNF from the HM or without knowledge of the 8M.
The condition a) io intcndcd to ensure that the fingerprint detection is sufficiently robust with rospect to minor di:turhanr_efi_ nt:hprwi.ae, t:. he rejection rate of authorized users would be too high. C:onditivn b) ensures that fingerpxwinl.r~ vL different users lead to dlllerent authentication iza,formation FPAUTINF with an adequately high degree of probability. The significance of condition c) is obViou9.
A person skilled in the art is familiar with various mathematical xepreaentation6 whic;x~r~dtisfy these requirements (poeEibly to a grcatQr or lesser e:ctent). A representation with these attributeA is provid~d by sv-called vector quantizaLion. This m~thr~d, which is actually known to a person skilled in the art, is to be explained here only to the extant which appoara to be reguired for an uuc~er~atanding of zhe invention.
It this method is applied for the purposes of th~ prasprit i~uv~rttivn, it ie firstly presupposed that the biometric _g_ Roaoivod Oct-ii-00 08c86pm From- To-Smart S BIQQaf PaQO OOA
~Ct~~~~ ~~~~ ~:62PM ~ 02329311 2000-10-19 characteristics detected by the sensor means can be brought into the form of a ao-called charav::l:Gi~ist,ie vector. Thip assumption ig not a restriction in pz:actice, since the be,cxbow data can always be represented as an ordered n tuple of n measurement data (characteristic vectors). The characteriotic vectors form an n-dimen~ional spar_P . Tn f~hi.s Space, a set of charac~t;crisl.ic vectors (codebvok vectors) would exigt and a degree of disparity (degree or similarity for biomeLric characteripties) would be defined. For each sample vector there is in this apace a sell, which io defined by the rule that, for ~aeh r_harsrt.~ristic vector in a cell, the sample vector of Lh~,p cell is trie nearest ~ample ver_t-.nr. i n t: he genes of this degree oL aispdrity.
each sample vector ie assumed to be assigned an item of information ~mixal~le in principle far authentication. A sample vector is a~signed the correct authant:idation information (fcr example the ar:~udl PIN). It is obvious from these explanations that the dete~-rnination of the xiaa.zwr~t sample vector to a ss.mple vector which eorrcsponda to the detected sensor data leads to the correct information (actual PIN) in the cast of the authorized user and otherwise supplieo false authentication information. ~t~he error rates of t:hi ~ method can be optimized :lr i~ is ensured Chat the characteris>rie vector asoaCiatcd with the biomctric characteristi~:s yr the authorized user is one of the sample vectoro. This can be achieved by t'he gygtem adapting itself to the biometriG
characterieLics Ot the authori~pd user (codebook adaptatioxx) in an initiaLi~at;ion phase.
Th~ v~etor quantization io not the only method which can be used in conjunrti,on with the invention. A person altillcd in the art ip familiar w~.Lh otrier methods, w>1i c>a, t.herefore do not have to be exp7.ained here.
_g..
Received Oct-11-00 03:36pm From- To-Smart 8 Biaaar Paae 010 0 C t . » . ~ ~ ~ 0 ~ : 5 2 P M ~ 02329311 2000-10-19 ~ O , p ~ 5 ~ F , If the literal ~enao is taken as a basis - the oa.lculation of the authentication inform0.tion FBAUTINF from the biomei.ric;
characteristics of a user by vector quantiaation actually also involves a "storage of the pIN" in th~ device, since each ~9ample veCtOr Of Lhe codebook is indeed assigned an item of authentication informal.i,vu (FPAUT=NF) that its possible in prinCxple. I~3owe~rer, in virtually all cases (apart from one, namely that of the sample vector of the authorised uaei) this is not really suitable ~or auth~ntication. For example, in the case of a five-place alpha.m~mari.c PIN, in the ideal cave all c:o~ic;eivable PZNs, and for each one a sample veor_or, ar_e therefore stored in su~:h a~ wr~,y that only if there is sufficiently aacuratc detection of the mample vector in tlm tensor can the valid PIN be addreoaed. Although the correct FIN is Cherefore arr_nrdi.ngly "stored in the device ~~ , it ie lost among the great number of conceivshle 1?INs, and can only be found for LhG person with the correC>r biometric chaxacteristica. Thi~ ~tate of ~,LLdirs is not inCended when the standard pxohibite the storage of the PIN in the device.
In the Case Of Lhe C3SM ~tandarc3, t:he storiz~ of the pIN in the device is iivl. allowed. Often, however, a change of the DTN i.s neceAaary, for example beoa~use it has become known to a LhirCi party. If, however, the PIN is determined from thG fingerprint (i.e, calculated), this initially appears to be impossible, since iC is not possible tn change a fingerprint or other biom~t,wlc; characters~ties. 1n order nRVertheless to givQ the user the possibilitr~y yr changing his PIN, Lhe invention provides in a preferred embodiment that, inst~a~i of only one method of calculation, a whole oct of such methods are available in the dsvirp_ Each individual method of calculation ovuld be assigned a Consecutive slumber, so that. a user authorized to do so could at any time change the method uBed.
Received act-11-00 03:36pm Prom- To-Smart & Riaaar Paae 011
2~~0 ~:6~PM ~ 02329311 2000-10-19 ~0~0151 P~ 12 S1 nr.R pac!h method (Ml, . . . , Mn) CalCUlates a different 1~11V
(FBAUTINFl, . . . , FPAUTrNFn) fvr ona and the r~attte fing~tyj~iuL
(HM) , the user can select rxwn ds ma>;1y PINS as there are differerxt methods ~or their calculation.
Thic embodiment o~ the invention can likewise b~ realized with vector quantization, although indeed not jus>r one Codebook but a number of codebooks or sample vectors are to be provided.
Each codebook has a number and can be selected via this number. Other methods peaeibly depend on a parameter. If thiE
parameter is changed, a dif~orent mathematical representation is obtained. If the depenrience nn irhi~ para.mRtc?r is sufficiently complex. it becomes virtually impossible to guess how the dut,heiil,ir;aLion information changes when the parameter changes.
Certain typos of neural networko (for example ao-Called multi-layer perceptrone) are ssuitable for realizing representations this type. zn the case of solutions based on such neural networks, the PIN is actually not stored anywharo as a sequence o~ characters but merely (implicitly encrypted) in the network axohit~ctur~ and in th~ weight coefficients.
Th~,s implementational variant of the present invention appears tv ba of interest in particular with regard to the fact that many people require a aeries o~ di~~erent passwords for quite different purposes ox devices. It ie becoming incr~asingly more difficult to remember thepe many passwords. Z~ a numbor of methods (Ml,...Mri) (mathematical representation~) are used for calculating a number of items of authentication informata.vn (FPAUTINF1,...,FPAVTINFn) from a single eharacterictic vector (or sEt of ocnaor data), this problem is reduced to th~ detection of user-specific inalienable biometric charac>rerisLics by suitable sensors.
Zs R~c~ived Cict-11-00 03:36~m From- To-Smart a BiQaar Paae 012 ~Ct.l~, L~~~ ~:6~FM ~ 02329311 2000-10-19 0.0151 F, For the selection of a certain method, all that is necessary is to input an identification number of such a method in a context vL the u~ier ii'>,terface to be provided for thin purpose.
As a result, the data processing means can be correspondingly set up by software.
of r_our~sa~, the biometric characteristiCS of a number of people Could also be linked with the correct 8IN yr with a slumber of correct; PINd~. IL, as an exception, the device is to be unable oz~ly far one person, i . c . with on~.y j not one sIM card, the enabling function may be additionally linked with further safety mechani.gms ~t~rh as dwvir_A codes, etc. The inVentiOn allows any kind of flexibility here, tvgethez~ with the highest securil,y dud c:onyr~(;lLility with the standard.
6pecifiCally if a PIN is changed, a further useful embodiment of the invention, in which a digpla.y i s proof ~Ipc3 .fnr displaying an item of authentication information, may be helpful. A display of this type is already present in any case on mazxy devices of this type ai,nd can therefore also be used for these purposes. If a uacr wiahco to change hiA
authentication information (AUTIN&'), for example the PIN, to be input via the keypad and matching the ,SIM card or gt.ored. oxa it, it is possible in the case of some methods of CalCUlation that not all the conceivable character-digit cvmbinativna are available to him as PINS, for example becauAe the codebook is smaller than the number of all conceivable PINa. In this sass, changing the parameter of the method of Galctllation used (for example changing the codebook number, or changing a parameter of a neural network) is sufficient to change the assignment of the PINS to ~thc sample vectors and conaeguently the PIN
acaigned to itg individual sample vector. After that, he could not change the PIN on the SIM card (or more gsanearally: th~a PTN
Received Oct-11-00 03:36pm From- To-Smart ~ Bia~ar Paae 013 ~Ct. » . 2~~~ ~:S~PM ~ 02329311 2000-10-19 to be input) in the same sense without knowing i.t . Tri.s ins ne~re~ssary, however, for further use in >rhe sense of our object. ~hhe changed PIN is th~retore preferably divulged w the autlmt~i~cci user by a come~ponding, poar~ibly one-off, brief display of this PzN aftor the chs~nge on a display of the device. Othcr oolutionc (for example mailing th~ new DIN) are conceivable.
The invention its of Course not restricted Lo ~ttc~bil~ phones, in particular ilol, t;o mobile phones conforming to the a9M
standard. It ie quite cvidcnt to a. person Skilled in the art from the present description how the invention is to be realized in th~ case of ot.laP.r davi r.RS or systems.
zn particular, the inventivr~ i~ mL restricted to the case in which the checking unit (PE) is integrated into the device.
Figures 2 shows the important case of a devia~ which is connected, for example via a communicat.iong nRtwnrk, tn at least one other device, in which the Checking meari8 1s located. However, even the data prvces~sing unit vx~ l;ha.l. p~xt~l.
of the data, processing unit (DE) which is reaponoible for the calculation of the authentication information FPR~TTINF from the biometric Characteristics HM of the user does not ner..esg8.r, i 1y have tn 'hp 1 prat=r~ci in then device. Of course, the device does riot have co have ari integrated sensor means (sE) UW all 1I1LC4'~Z'iiLL°'d ~iCY);7C7~L'd or keypad (EE) . These moans could of course also be connected to the device in the form of cxtcrnal modules. Theee embodiments of the invention are intend~d to be prot:.ect.-.ed by t:he met.-.rod r..'1.a i mA .
R~coived tlct-11-00 03:36~m From- To-Smart & BiQQar Page 01d
(FBAUTINFl, . . . , FPAUTrNFn) fvr ona and the r~attte fing~tyj~iuL
(HM) , the user can select rxwn ds ma>;1y PINS as there are differerxt methods ~or their calculation.
Thic embodiment o~ the invention can likewise b~ realized with vector quantization, although indeed not jus>r one Codebook but a number of codebooks or sample vectors are to be provided.
Each codebook has a number and can be selected via this number. Other methods peaeibly depend on a parameter. If thiE
parameter is changed, a dif~orent mathematical representation is obtained. If the depenrience nn irhi~ para.mRtc?r is sufficiently complex. it becomes virtually impossible to guess how the dut,heiil,ir;aLion information changes when the parameter changes.
Certain typos of neural networko (for example ao-Called multi-layer perceptrone) are ssuitable for realizing representations this type. zn the case of solutions based on such neural networks, the PIN is actually not stored anywharo as a sequence o~ characters but merely (implicitly encrypted) in the network axohit~ctur~ and in th~ weight coefficients.
Th~,s implementational variant of the present invention appears tv ba of interest in particular with regard to the fact that many people require a aeries o~ di~~erent passwords for quite different purposes ox devices. It ie becoming incr~asingly more difficult to remember thepe many passwords. Z~ a numbor of methods (Ml,...Mri) (mathematical representation~) are used for calculating a number of items of authentication informata.vn (FPAUTINF1,...,FPAVTINFn) from a single eharacterictic vector (or sEt of ocnaor data), this problem is reduced to th~ detection of user-specific inalienable biometric charac>rerisLics by suitable sensors.
Zs R~c~ived Cict-11-00 03:36~m From- To-Smart a BiQaar Paae 012 ~Ct.l~, L~~~ ~:6~FM ~ 02329311 2000-10-19 0.0151 F, For the selection of a certain method, all that is necessary is to input an identification number of such a method in a context vL the u~ier ii'>,terface to be provided for thin purpose.
As a result, the data processing means can be correspondingly set up by software.
of r_our~sa~, the biometric characteristiCS of a number of people Could also be linked with the correct 8IN yr with a slumber of correct; PINd~. IL, as an exception, the device is to be unable oz~ly far one person, i . c . with on~.y j not one sIM card, the enabling function may be additionally linked with further safety mechani.gms ~t~rh as dwvir_A codes, etc. The inVentiOn allows any kind of flexibility here, tvgethez~ with the highest securil,y dud c:onyr~(;lLility with the standard.
6pecifiCally if a PIN is changed, a further useful embodiment of the invention, in which a digpla.y i s proof ~Ipc3 .fnr displaying an item of authentication information, may be helpful. A display of this type is already present in any case on mazxy devices of this type ai,nd can therefore also be used for these purposes. If a uacr wiahco to change hiA
authentication information (AUTIN&'), for example the PIN, to be input via the keypad and matching the ,SIM card or gt.ored. oxa it, it is possible in the case of some methods of CalCUlation that not all the conceivable character-digit cvmbinativna are available to him as PINS, for example becauAe the codebook is smaller than the number of all conceivable PINa. In this sass, changing the parameter of the method of Galctllation used (for example changing the codebook number, or changing a parameter of a neural network) is sufficient to change the assignment of the PINS to ~thc sample vectors and conaeguently the PIN
acaigned to itg individual sample vector. After that, he could not change the PIN on the SIM card (or more gsanearally: th~a PTN
Received Oct-11-00 03:36pm From- To-Smart ~ Bia~ar Paae 013 ~Ct. » . 2~~~ ~:S~PM ~ 02329311 2000-10-19 to be input) in the same sense without knowing i.t . Tri.s ins ne~re~ssary, however, for further use in >rhe sense of our object. ~hhe changed PIN is th~retore preferably divulged w the autlmt~i~cci user by a come~ponding, poar~ibly one-off, brief display of this PzN aftor the chs~nge on a display of the device. Othcr oolutionc (for example mailing th~ new DIN) are conceivable.
The invention its of Course not restricted Lo ~ttc~bil~ phones, in particular ilol, t;o mobile phones conforming to the a9M
standard. It ie quite cvidcnt to a. person Skilled in the art from the present description how the invention is to be realized in th~ case of ot.laP.r davi r.RS or systems.
zn particular, the inventivr~ i~ mL restricted to the case in which the checking unit (PE) is integrated into the device.
Figures 2 shows the important case of a devia~ which is connected, for example via a communicat.iong nRtwnrk, tn at least one other device, in which the Checking meari8 1s located. However, even the data prvces~sing unit vx~ l;ha.l. p~xt~l.
of the data, processing unit (DE) which is reaponoible for the calculation of the authentication information FPR~TTINF from the biometric Characteristics HM of the user does not ner..esg8.r, i 1y have tn 'hp 1 prat=r~ci in then device. Of course, the device does riot have co have ari integrated sensor means (sE) UW all 1I1LC4'~Z'iiLL°'d ~iCY);7C7~L'd or keypad (EE) . These moans could of course also be connected to the device in the form of cxtcrnal modules. Theee embodiments of the invention are intend~d to be prot:.ect.-.ed by t:he met.-.rod r..'1.a i mA .
R~coived tlct-11-00 03:36~m From- To-Smart & BiQQar Page 01d
Claims (7)
1. An electronic device (EG), in particular a device for information processing or for telecommunication, with a) a sensor means (SE) for detecting biometric characteristics (BM) of a user of the device, in particular for detecting fingerprints, b) a data-processing means (DE) for determining information (FPAUTINF) serving for the authentication of a user from detected biometric characteristics, c) an input means (EE) for the input of information with the possibility of using this input means for the input of information (AUTINF) serving for authentication, d) a checking means (PE) for checking the determined or input authentication in formation and for enabling device functions for this user if the check is successful.
2. The device as claimed in claim 1, the data-processing means (DE) of which can be set up in such a way that the authentication information (PIN) to be input via the input means for successful authentication checking is identical to authentication information (FPPIN) determined from the biometric characteristics of an authorized user.
3. The device as claimed in one of the preceding claims, the data-processing means (DE) of which has a number of method (M1,...,Mn) for determining from the defeated biometric characteristics of a user information (FPAUTINF1,...,FFAUTINFn) serving for authentication of this user.
4. The device as claimed in claim 3, the data-processing means of which permits an authorized user to select from the number of methods for determining authentication information from biometric characteristics a method desired by him.
5. The device as claimed in one of the preceding claims with means for displaying authentication information (FPAUTINF) determined from biometric characteristics of a user.
6. A method for the authentication of a user of a device, in which the user has the possibility of authenticating himself with the aid of user-specific biometric characteristics or by input of authentication information via an information input device, in the first case biometric characteristics of the user being detected by a sensor means and information serving for authentication being determined from the detected biometric characteristics and checked by a checking means, and is the second case the authentication information input by the user via the input device being checked by the same checking means.
7. The method for the authentication of a user of a device as claimed is claim 6 with the following steps:
a) the determination of a characteristic vector from measurement data of a sensor means, b) a vector quantization of the characteristic vector determined, and c) checking of authentication information belonging to the result of the vector quantization.
a) the determination of a characteristic vector from measurement data of a sensor means, b) a vector quantization of the characteristic vector determined, and c) checking of authentication information belonging to the result of the vector quantization.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE19817770.4 | 1998-04-21 | ||
| DE19817770 | 1998-04-21 | ||
| PCT/DE1998/002457 WO1999054851A1 (en) | 1998-04-21 | 1998-08-21 | Electronic device and method for the authentication of a user of said device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2329311A1 true CA2329311A1 (en) | 1999-10-28 |
Family
ID=7865306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002329311A Abandoned CA2329311A1 (en) | 1998-04-21 | 1998-08-21 | Electronic device and method for the authentication of a user of said device |
Country Status (7)
| Country | Link |
|---|---|
| EP (2) | EP1074004A1 (en) |
| JP (1) | JP2002512409A (en) |
| KR (1) | KR20010042881A (en) |
| CN (1) | CN1299496A (en) |
| BR (1) | BR9815824A (en) |
| CA (1) | CA2329311A1 (en) |
| WO (1) | WO1999054851A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7884812B2 (en) | 2002-08-21 | 2011-02-08 | Sanyo Electric Co., Ltd. | Liquid crystal projector |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2808153B1 (en) * | 2000-04-21 | 2005-02-04 | Sagem | LOCKED MEMORY DATA TRANSMISSION TERMINAL |
| WO2001088859A2 (en) * | 2000-05-18 | 2001-11-22 | Stefaan De Schrijver | Smartchip biometric device |
| EP1172775A1 (en) * | 2000-07-10 | 2002-01-16 | Proton World International (Pwi) | Method for protecting an access to a secured domain |
| FR2812097B1 (en) * | 2000-07-19 | 2002-12-13 | Sagem | PROCESSOR FOR INPUT AND VALIDATION OF A PHYSICAL CHARACTERISTIC OF A USER OF A RADIOTELEPHONY TERMINAL |
| FR2812098B1 (en) * | 2000-07-19 | 2002-12-13 | Sagem | PROCESSOR FOR GENERATING AND TRANSMITTING ELECTRONIC SIGNATURE AND RADIOTELEPHONY NETWORK TERMINAL COMPRISING SUCH A PROCESSOR |
| EP1258840A1 (en) * | 2001-05-15 | 2002-11-20 | Koninklijke KPN N.V. | Method and system for processing identification data |
| DE102004042625A1 (en) * | 2004-07-02 | 2006-02-16 | Dieter Effmert | Security circuit for mobile telephone may be programmed by authorized user with PIN number and fingerprint and has circuit with locking and operating control and alarm and reset circuits |
| DE502004006852D1 (en) | 2004-10-11 | 2008-05-29 | Swisscom Mobile Ag | Identification and / or authentication method based on fingerprints |
| US20080222426A1 (en) * | 2005-02-10 | 2008-09-11 | Koninklijke Philips Electronics, N.V. | Security Device |
| JP4696608B2 (en) | 2005-03-15 | 2011-06-08 | オムロン株式会社 | Subject authentication device, mobile phone, and subject authentication program |
| JP2007018050A (en) * | 2005-07-05 | 2007-01-25 | Sony Ericsson Mobilecommunications Japan Inc | Portable terminal device, personal identification number certification program, and personal identification number certification method |
| KR100952300B1 (en) * | 2008-04-07 | 2010-04-13 | 한양대학교 산학협력단 | Terminal and Memory for secure data management of storage, and Method the same |
| CN101753682B (en) * | 2009-11-27 | 2012-09-05 | 华为终端有限公司 | Right management method for user identification card and terminal unit |
| JP5213908B2 (en) * | 2010-06-03 | 2013-06-19 | 日立オムロンターミナルソリューションズ株式会社 | Biometric authentication unit |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE2533699A1 (en) * | 1975-07-28 | 1977-02-10 | Siemens Ag | Security block for data telephone terminal - prevents unauthorised use of terminal by comparing finger print with stored print |
| EP0504616A1 (en) * | 1991-03-19 | 1992-09-23 | Ascom Autelca Ag | Method of operating a self-service automatic machine and apparatus for carrying out this method |
| DE9304488U1 (en) * | 1993-03-24 | 1993-07-29 | Siemens AG, 80333 München | Telephone handset |
| US5598474A (en) * | 1994-03-29 | 1997-01-28 | Neldon P Johnson | Process for encrypting a fingerprint onto an I.D. card |
| US5680460A (en) * | 1994-09-07 | 1997-10-21 | Mytec Technologies, Inc. | Biometric controlled key generation |
| EP1283502A1 (en) * | 1995-07-21 | 2003-02-12 | Siemens AG Österreich | Electronic data processing system |
| WO1998011750A2 (en) * | 1996-09-11 | 1998-03-19 | Yang Li | Method of using fingerprints to authenticate wireless communications |
-
1998
- 1998-08-21 CN CN98814125A patent/CN1299496A/en active Pending
- 1998-08-21 EP EP98948818A patent/EP1074004A1/en not_active Ceased
- 1998-08-21 JP JP2000545128A patent/JP2002512409A/en not_active Withdrawn
- 1998-08-21 BR BR9815824-4A patent/BR9815824A/en not_active IP Right Cessation
- 1998-08-21 CA CA002329311A patent/CA2329311A1/en not_active Abandoned
- 1998-08-21 KR KR1020007011658A patent/KR20010042881A/en not_active Application Discontinuation
- 1998-08-21 EP EP04004846A patent/EP1424659A1/en not_active Withdrawn
- 1998-08-21 WO PCT/DE1998/002457 patent/WO1999054851A1/en not_active Application Discontinuation
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7884812B2 (en) | 2002-08-21 | 2011-02-08 | Sanyo Electric Co., Ltd. | Liquid crystal projector |
Also Published As
| Publication number | Publication date |
|---|---|
| KR20010042881A (en) | 2001-05-25 |
| BR9815824A (en) | 2000-12-12 |
| EP1424659A1 (en) | 2004-06-02 |
| JP2002512409A (en) | 2002-04-23 |
| EP1074004A1 (en) | 2001-02-07 |
| WO1999054851A1 (en) | 1999-10-28 |
| CN1299496A (en) | 2001-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2329311A1 (en) | Electronic device and method for the authentication of a user of said device | |
| US6832721B2 (en) | Authentication system using information on position | |
| CA2935807C (en) | Systems and methods for multi-factor remote user authentication | |
| JP2950307B2 (en) | Personal authentication device and personal authentication method | |
| US6766456B1 (en) | Method and system for authenticating a user of a computer system | |
| US20040139333A1 (en) | Information storing apparatus | |
| WO2004079498A2 (en) | Personal authentication system, apparatus and method | |
| CN1708773A (en) | Method for carrying out a secure electronic transaction using a portable data support | |
| CN1319217A (en) | Method and device for verifying authorization to log onto system | |
| CN110084011A (en) | A kind of method and device of the verifying of user's operation | |
| US20030140234A1 (en) | Authentication method, authentication system, authentication device, and module for authentication | |
| CN107733868A (en) | Mobile terminal and fingerprint simultaneously close checking implementation method and storage medium | |
| CN107864112A (en) | Log in safe verification method and device | |
| JP2007511841A (en) | Transaction authorization | |
| US20100319058A1 (en) | Method using electronic chip for authentication and configuring one time password | |
| JP2002189966A (en) | System and method for preventing illegal use of electronic information carrier | |
| CN107708105A (en) | Guard method, device and the computer-readable recording medium of information | |
| KR101985280B1 (en) | System for Providing Security certification solution for permitting Website access and Driving Method thereof | |
| NL1037813C2 (en) | System and method for checking the authenticity of the identity of a person logging into a computer network. | |
| US20110265178A1 (en) | Method and Device for Authenticating a User With the Aid of Biometric Data | |
| JP2019050014A (en) | Account opening system, account opening method, and program | |
| JP4156605B2 (en) | Personal authentication terminal, personal authentication method, and computer program | |
| EP1380146A2 (en) | Object identification based on prediction of data in distributed network | |
| JP2002304378A (en) | Personal authentication system | |
| EP2524354A1 (en) | System, smartcard and method for access authorization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDE | Discontinued |