CA2369675A1 - System and method for secure biometric identification - Google Patents

System and method for secure biometric identification Download PDF

Info

Publication number
CA2369675A1
CA2369675A1 CA 2369675 CA2369675A CA2369675A1 CA 2369675 A1 CA2369675 A1 CA 2369675A1 CA 2369675 CA2369675 CA 2369675 CA 2369675 A CA2369675 A CA 2369675A CA 2369675 A1 CA2369675 A1 CA 2369675A1
Authority
CA
Canada
Prior art keywords
means
invention
signal
transceiver
biometric
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA 2369675
Other languages
French (fr)
Inventor
Martin Morris
Jeff Calcagno
Andrew Senyei
Original Assignee
Widcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US53185900A priority Critical
Priority to US09/531,859 priority
Priority to US09/531,720 priority patent/US7284266B1/en
Priority to US09/531,720 priority
Application filed by Widcomm Inc filed Critical Widcomm Inc
Priority to PCT/US2001/040332 priority patent/WO2001071462A2/en
Publication of CA2369675A1 publication Critical patent/CA2369675A1/en
Application status is Abandoned legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 – G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1626Constructional details or arrangements for portable computers with a single-body enclosure integrating a flat display, e.g. Personal Digital Assistants [PDAs]
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 – G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1632External expansion units, e.g. docking stations
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 – G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1633Constructional details or arrangements of portable computers not specific to the type of enclosures covered by groups G06F1/1615 - G06F1/1626
    • G06F1/1684Constructional details or arrangements related to integrated I/O peripherals not covered by groups G06F1/1635 - G06F1/1675
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 – G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1633Constructional details or arrangements of portable computers not specific to the type of enclosures covered by groups G06F1/1615 - G06F1/1626
    • G06F1/1684Constructional details or arrangements related to integrated I/O peripherals not covered by groups G06F1/1635 - G06F1/1675
    • G06F1/1698Constructional details or arrangements related to integrated I/O peripherals not covered by groups G06F1/1635 - G06F1/1675 the I/O peripheral being a sending/receiving arrangement to establish a cordless communication link, e.g. radio or infrared link, integrated cellular phone
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual entry or exit registers
    • G07C9/00007Access-control involving the use of a pass
    • G07C9/00031Access-control involving the use of a pass in combination with an identity-check of the pass-holder
    • G07C9/00071Access-control involving the use of a pass in combination with an identity-check of the pass-holder by means of personal physical data, e.g. characteristic facial curves, hand geometry, voice spectrum, fingerprints
    • G07C9/00087Access-control involving the use of a pass in combination with an identity-check of the pass-holder by means of personal physical data, e.g. characteristic facial curves, hand geometry, voice spectrum, fingerprints electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual entry or exit registers
    • G07C9/00126Access control not involving the use of a pass
    • G07C9/00134Access control not involving the use of a pass in combination with an identity-check
    • G07C9/00158Access control not involving the use of a pass in combination with an identity-check by means of a personal physical data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1083Counting of PIN attempts

Abstract

A system and method for secure biometric identification. The inventive system includes a mobile unit and a server. The mobile unit is adapted to receive biometric input and provide a first signal in response thereto. In the illustrative implementation, the mobile unit is a Personal Digital Assistant (PDA) and the biometric input is provided by a fingerprint sensor mounted thereon. A first transceiver is mounted on the PDA for transmitting the first signal and receiving a second signal in response thereto. The PDA is adapted to encrypt the first signal and decrypt the second signal. A secure device is mounted at the PDA. The secure device has two modes of operation: a first locked mode by which access thereto is prohibited and a second unlocked mode by which access thereto is enabled on receipt of the second signal. In the illustrative implementation, the secure device is an encrypted database for which the second signal is a decryption key. The server unit includes a second transceiver for receiving the first signal transmitted via the wireless link.
The first and second transceivers are adapted to operate in accordance with the Bluetooth specification. The server is equipped with a system for authenticating the biometric data and providing the second signal in response thereto. The second signal is then communicated to the mobile unit where it is utilized to access the secure device, e.g., encrypted database.

Description

SYSTEM AND METHOD FOR SECURE BIOMETRIC
IDENTIFICATION
BACKGROUND OF THE INVENTION
Field of the Invention The present invention relates to electronic devices and systems.
More specifically, the present invention relates to systems and methods for providing user identification and/or authentication for electronic devices and systems.
Description of the Related Art Currently, whenever a user wishes to access a computer-based system containing private data, the user must often identify himself, usually with a password. Passwords notoriously provide poor security as users either chose very simple, easily ascertained passwords or, if they use more difficult passwords, users often write them down, making them subject to theft.
In the end, most forms of encryption, as well as access controls such as passwords and even locks, serve a single purpose of identifying the person requesting access.
Hence, there is a need in the art for a reliable, secure system or method of authenticating the identity of a user. Ideally, the system or method would be effective such that one would not need to memorize passwords or utilize other authenticating devices such as keys to access computers and other electronic devices and systems.
SUMMARY OF THE INVENTION
The need in the art is addressed by the system and method for secure biometric identification of the present invention. The inventive system includes a mobile unit and a server. In the illustrative embodiment, the mobile unit is adapted to receive biometric input and provide a first signal in response thereto. A first transceiver is included for transmitting the first signal and receiving a second signal in response thereto. W an illustrative embodiment, a secure device is operationally coupled to the mobile unit.
The secure device has two modes of operation: a first locked mode by which access thereto is prohibited and a second unlocked mode b~- which access thereto is enabled on receipt of the second signal.
The server unit includes a second transceiver for receiving the first signal transmitted via the wireless link. The server is equipped with a system for authenticating the biometric data and providing the second signal in response thereto. The second signal is then communicated to the mobile unit where it is utilized to access the secure device.
In the illustrative embodiment, the first and second transceivers are adapted to operate in accordance with the Bluetooth specification.
Preferably, the mobile unit is adapted to encrypt the first signal and decrypt the second signal. In the illustrative implementation, biometric input is provided by a fingerprint sensor mounted on a Personal Digital Assistant.
The secure device in the illustrative implementation is an encrypted database for which the second signal is a decryption key.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 a is a perspective front view of an illustrative implementation of a PDA adapted for use in accordance with the teachings of the present invention.
Fig. lb is a perspective rear view thereof.
Fig. 2 is a block diagram of an illustrative implementation of a mobile unit subsystem constructed in accordance with the present teachings.
Fig. 3 is a block diagram of an illustrative implementation of a server subsystem for use in the system for secure biometric identification of the present invention.

Fig. 4 is a flow diagram illustrative of a method for secure biometric identification implemented in accordance with the teachings of the present invention.
DESCRIPTION OF THE INVENTION
Illustrative embodiments and exemplary applications will now be described with reference to the accompanying drawings to disclose the advantageous teachings of the present invention.
While the present invention is described herein with reference to I S illustrative embodiments for particular applications, it should be understood that the invention is not limited thereto. Those having ordinary skill in the art and access to the teachings provided herein will recognize additional modifications, applications, and embodiments within the scope thereof and additional fields in which the present invention would be of significant utility.
As mentioned above, and in accordance with the present teachings, the inventive system includes a mobile unit and a server. In the illustrative embodiment. the mobile unit is a Personal Digital Assistant (PDA) adapted to receive biometric input from a fingerprint sensor and provide a first signal in response thereto. Personal Digital Assistants are well known and widely used.
Fig. la is a perspective front view of an illustrative implementation of a PDA adapted for use in accordance with the teachings of the present invention. Fig. lb is a perspective rear view thereof. In the preferred embodiment, the PDA is implemented in accordance with the teachings of copending U.S. Application No. 09/531,859, filed on March 21, 2000, entitled "SYSTEM AND METHOD FOR SECURE USER
IDENTIFICATION WITH BLUETOOTH ENABLED TRANSCENER
AND BIOMETRIC SENSOR IMPLEMENTED IN A HANDHELD
COMPUTER", inventor Martin Morris, (Atty. Docket No. WIDC-O11), which teachings are hereby incorporated herein by reference. As disclosed in the reference application, in the best mode. the PDA 10 is equipped with an expansion slot 12 such as the Visor~m Handheld Computer manufactured and sold by Handspring and disclosed more fully at wwv.handspring.com. As shown in Fig. lb, the expansion slot 12 is adapted to receive a card 14 on which a biometric device, in the illustrative embodiment - a fingerprint sensor 16, is disposed. In addition, in accordance with the present teachings, a transceiver 22 is also disposed on the card 14. In the preferred embodiment, the transceiver 22 is adapted to operate in accordance with the BLUETOOTH SPECIFICATION VERSION 1.OA CORE, published in July 1999. When the card is inserted into the expansion slot, it interfaces electrically with the system bus of the PDA and provides an electrical circuit depicted in Fig. 2.
Fig. 2 is a block diagram of an illustrative implementation of a mobile unit subsystem constructed in accordance with the present teachings.
The mobile unit subsystem 20 includes the wireless transceiver 22 which is adapted to communicate with a central processing unit (CPU) 26 of the PDA.
The central processing unit 26 receives biometric data from the fingerprint sensor 28. In accordance with the present teachings, data from the fingerprint sensor 28 is encrypted in either in software 30 adapted to run on the CPU 26 and/or in optional hardware 32. Encryption hardware and software are well known in the art. The control software 30 also enables the CPU 26 to selectively access and control the mobile unit components via a system bus shown generally at 38.
The encrypted biometric data is either used locally to access an encrypted database 34 or, preferably, transmitted over a link such as a wireless link to a server subsystem via the transceiver 22 and antenna 24.
The server subsystem is depicted in Fig. 3.
Fig. 3 is a block diagram of an illustrative implementation of a server subsystem for use in the system for secure biometric identification of the present invention. The encrypted biometric data signal is received by a server antenna 42 and a second wireless Bluetooth enabled transceiver 44.
The received signal is decrypted by an optional conventional hardware based decryption circuit 46 and/or by decryption software implemented in control software 48 adapted to run on a server CPU 50. Those skilled in the art will appreciate that the decryption scheme utilized on the server is designed to match that of the mobile unit 20. In the preferred embodiment, the RSA public key encryption scheme is used. This scheme is disclosed more fully in U.S. Patent No. 4,405,829 entitled Cryptograpgic Communications System & Method, issued 9/29/83 to Rivest, et al. the teachings of which are incorporated herein by reference. The server control software also controls the CPU 50 to selectively access and control the components of the server subsystem 40 via a server subsystem bus shown generally at 51.
In accordance with the present teachings, the decrypted biometric data, in the illustrative implementation, the decrypted fingerprint, is compared by fingerprint matching software 52 to a database 54 of biometric data, i.e., fingerprints. Fingerprint matching software is well known in the art. Such software may be purchased from Veridicom, Inc. of Santa Clara, CA.
When a match is achieved, a user is identified and an authentication key specific to the identified mobile user is retrieved from an encryption key database by the CPU 50 via the bus 51. In the preferred embodiment, the retrieved encryption key is encrypted by the resident encryption scheme either by the hardware unit 46, if provided, and/or by the encryption software implemented in the control software 48. The encrypted encryption key is then transmitted back to the mobile unit 20 via the wireless link through the transceiver 44 and antenna 42. As an alternative, the encrypted encryption key may be provided to a network 59 via a first network interface card or circuit 58 and a second network interface card or circuit 66. The network 59 facilitates the communication of the encrypted encryption key to the mobile unit 20 via a wireless transceiver 62 and an antenna 64. This configuration may be preferred if the second antenna 64 is closer to the mobile unit 20.

In addition, those skilled in the art will appreciate that the inventive system can be implemented such that the encrypted biometric data is transmitted from a first PDA 20 and the encrypted encryption key or other information is sent to a second mobile unit or over a network to a second server or network of devices.
Returning to Fig. 2, on receipt of the encrypted encryption key from the server subsystem 40 via the antenna 24 and the wireless transceiver 22, the mobile unit CPL 26 decrypts the encrypted key using the resident software and/or hardware decryption facility 30 and 32, respectively. The decrypted encryption key is then used by the CPU 26 to access a secure device. In an illustrative embodiment, the secure device is an encrypted database 34 mounted on the mobile unit. Those skilled in the art will appreciate that the secure device need not be mounted on the mobile unit 20.
As an alternative, the secure device may be coupled to the mobile unit via the wireless link.
In any event, the secure device, i.e., database 34, has two modes of operation: a first locked mode by which access thereto is prohibited and a second unlocked mode by which access thereto is enabled on receipt of the decrypted encryption key. For optimal security, the decryption key for the encrypted database 34 should not be stored on the mobile unit. On receipt of the decrypted decryption key, a working copy 36 of the encrypted database 34 is created.
Fig. 4 is a flo«~ diagram illustrative of a method for secure biometric identification implemented in accordance with the teachings of the present invention. As shown in Figs. 2, 3 and 4 when a user in possession of the mobile unit 20 wishes to access the secure device 34, he/she places a finger on the fingerprint sensor 28 and starts the access control program 100.
At step 104, the CPU 26 running the access control software 30 scans the fingerprint from sensor 28 and, at step 106, encrypts it with the public key of the authentication server 40 by using the encryption software or hardware 30, 32.

At step 108, the resulting encrypted message is sent to the server 40 via the transceiver 22 and antenna 24 on the mobile unit 20 and the antenna 42 and transceiver 44 of the server 40. As mentioned above, as an alternative, the encrypted fingerprint is sent via the access point 60 and local or wide-area network 59 when the server 40 is not within direct radio range of the mobile unit 20.
At step 110, when the authentication request is received at the server 40, the server CPU 50 decrypts the message using its secret key and the encryption hardware and/or software 46 and 48, respectively.
At step 112, the CPU 50 then utilizes the fingerprint match software 52 to compare the decrypted fingerprint to the database of authorized fingerprints 54 to determine if the request is valid.
If the request is valid, then, at step 114, the decryption key for the user's encrypted database 34 (Fig. 2) is retrieved from the key database 56 (Fig. 3).
At step 116, the key is encrypted via the encryption hardware or software 46, 48 (Fig. 3) and, at step 118, sent back to the mobile unit 20 via the same path from which the request was originally received.
At the mobile unit 20, at steps 122 and 124, the key is received and decrypted.
At step 126, the retrieved key used to make a temporary working copy 36 of the encrypted database 34.
At step 128 this temporary copy 36 is either read or edited.
If edited, then at step 130 the edited working copy is deleted or rewritten to encrypted form as soon as the user completes his operation.
Thus, the present invention has been described herein with reference to a particular embodiment for a particular application. Those having ordinary skill in the art and access to the present teachings will recognize additional modifications applications and embodiments within the scope thereof.

It is therefore intended by the appended claims to cover airy and all such applications, modifications and embodiments within the scope of the present invention.
Accordingly,

Claims (59)

1. A system for secure biometric identification comprising:
first means for receiving biometric input and providing a first signal in response thereto;
second means for transmitting said first signal and receiving a second signal in response thereto; and third means operationally coupled to said second means for disabling access to a resource in a first locked mode of operation and enabling access to said resource in a second unlocked mode of operation on receipt of said second signal.
2. The invention of Claim 1 further including means for encrypting said first signal.
3. The invention of Claim 1 wherein said first means is a fingerprint sensor.
4. The invention of Claim 1 further including means for decrypting said second signal.
5. The invention of Claim 1 wherein said second means is a wireless transceiver.
6. The invention of Claim 5 wherein said second means is a transceiver adapted to operate in accordance with a Bluetooth specification.
7. The invention of Claim 1 wherein said third means is a database.
8. The invention of Claim 7 wherein said database is encrypted and said second signal is a key for decrypting same to provide a decrypted database.
9. The invention of Claim 8 further including means for providing a working copy of said decrypted database.
10. The invention of Claim 1 further including a processor connected to said first, second and third means.
11. The invention of Claim 10 wherein said processing unit is a central processing unit.
12. The invention of Claim 11 further including software for controlling said central processing unit to sequentially activate said first, second and third means.
13. A mobile unit for use in a system for secure biometric identification comprising:

a biometric sensor;
a central processing unit coupled to said biometric sensor;
software running on said central processing unit;
a transceiver coupled to said sensor; and a device coupled to said transceiver, said device having two modes of operation, a first locked mode by which access thereto is prohibited and a second unlocked mode by which access thereto is enabled on receipt of a signal from said transceiver.
14. A server unit for use in a system for secure biometric identification comprising:

first means for receiving biometric data via a wireless link;

second means for authenticating said biometric data and providing a signal in response thereto; and third means for transmitting said signal via said wireless link.
15. The invention of Claim 14 wherein said first means includes means for decrypting said biometric data.
16. The invention of Claim 14 wherein said second means includes a processor.
17. The invention of Claim 16 wherein said processor is a central processing unit.
18. The invention of Claim 17 wherein said second means includes a database of biometric data.
19. The invention of Claim 18 wherein said second means includes software adapted to run on said processor and match said received biometric data with biometric data stored in said database.
20. The invention of Claim 19 wherein said second means further includes a database of encryption keys.
21. The invention of Claim 20 wherein said second means outputs said signal on identification of a match of said received biometric to biometric data stored in said database by said processor.
22. The invention of Claim 21 wherein said signal is a key from said database of encryption keys.
23. The invention of Claim 16 wherein said first and said third means is a wireless transceiver.
24. The invention of Claim 23 wherein said wireless transceiver operates in accordance with a Bluetooth specification.
25. A system for secure biometric identification comprising:
first means receiving biometric input and providing a first set of biometric data in response thereto;

second means for transmitting a first signal representative of said biometric data;

third means for receiving said first signal and providing a second signal in response thereto;

fourth means for authenticating said second signal and providing a third signal in response thereto; and fifth means for providing an fourth signal in response to said third signal.
26. The invention of Claim 25 wherein said first means includes a fingerprint sensor.
27. The invention of Claim 25 wherein said first means includes means for encrypting said biometric data.
28. The invention of Claim 25 wherein said second means is a wireless transmitter.
29. The invention of Claim 28 wherein said second means is a transceiver.
30. The invention of Claim 29 wherein said second means is a transceiver adapted to operate in accordance with a Bluetooth specification.
31. The invention of Claim 25 wherein said third means is a wireless receiver.
32. The invention of Claim 31 wherein said third means is a transceiver.
33. The invention of Claim 32 wherein said third means is a transceiver adapted to operate in accordance with a Bluetooth specification.
34. The invention of Claim 25 wherein said third means includes means for decrypting said first signal to provide said second signal.
35. The invention of Claim 25 wherein said fourth means includes means for comparing said second signal to at least one stored signal.
36. The invention of Claim 35 wherein said fourth means includes a processor.
37. The invention of Claim 36 wherein said fourth means includes means for storing a second set of biometric data.
38. The invention of Claim 37 further including means for controlling said processor to compare said first set of biometric data to said second set of biometric data.
39. The invention of Claim 38 wherein said means for controlling includes biometric matching software.
40. The invention of Claim 39 wherein said biometric matching software is fingerprint matching software.
41. The invention of Claim 25 wherein said fifth means is a decryption key.
42. The invention of Claim 41 wherein said fourth signal includes a public decryption key.
43. The invention of Claim 42 further including a secure device in communication with said second means.
44. The invention of Claim 43 wherein said secure device is responsive to said decryption key.
45. The invention of Claim 25 wherein said first and second means are mounted on a Personal Digital Assistant.
46. A system for secure biometric identification comprising:
a handheld computer enabled device;
a fingerprint sensor mounted on said device for providing a first set of biometric data;
means disposed on said device for encrypting said biometric data;
a first wireless transceiver mounted on said device for transmitting a first signal representative of said biometric data;
a second wireless transceiver for receiving said first signal and providing a second signal in response thereto;
means for decrypting said second signal to provide said first set of biometric data;
means for authenticating said first set of biometric data and providing a third signal in response thereto, said means for authenticating including means for comparing said first set of biometric data to plural second sets of biometric data;
means for providing a decryption key to said second means in response to said third signal; and a secure device in communication with said second means and responsive to said decryption key.
47. The invention of Claim 46 wherein said first transceiver is a transceiver adapted to operate in accordance with a Bluetooth specification.
48. The invention of Claim 46 wherein said second transceiver is a transceiver adapted to operate in accordance with a Bluetooth specification.
49. The invention of Claim 46 wherein said means for comparing includes biometric matching software.
50. The invention of Claim 49 wherein said biometric matching software is fingerprint matching software.
51. The invention of Claim 46 wherein decryption key is a public decryption key.
52. The invention of Claim 46 wherein said handheld device is a Personal Digital Assistant.
53. A system for secure biometric identification comprising:
a computer enabled device;

a biometric sensor mounted on said device;
a first central processing unit in communication with said sensor;
a first wireless transceiver mounted on said device and coupled to said first central processing unit;
a second wireless transceiver in communication with said first wireless transceiver;
a second central processing unit in communication with said second transceiver;
software running on said second central processing unit for authenticating a signal transmitted by said first transceiver and received by said second transceiver and providing a decryption key in response thereto;
a secure device mounted on said computer enable device and responsive to said decryption key.
54. The invention of Claim 53 wherein said first transceiver is a transceiver adapted to operate in accordance with a Bluetooth specification.
55. The invention of Claim 53 wherein said second transceiver is a transceiver adapted to operate in accordance with a Bluetooth specification.
56. The invention of Claim 53 wherein decryption key is a public decryption key.
57. The invention of Claim 53 wherein said handheld device is a Personal Digital Assistant.
58. A method for secure biometric identification including the steps of:
providing biometric data from a first unit;
transmitting a first signal from said first unit representative of said biometric data via a wireless link;
receiving said first signal at a second unit; and authenticating said first signal at said second unit and transmitting a second signal in response thereto via said wireless link.
59. The invention of Claim 58 further including the step of using said second signal to access a secure resource.
CA 2369675 2000-03-21 2001-03-20 System and method for secure biometric identification Abandoned CA2369675A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US53185900A true 2000-03-21 2000-03-21
US09/531,859 2000-03-21
US09/531,720 US7284266B1 (en) 2000-03-21 2000-03-21 System and method for secure biometric identification
US09/531,720 2000-03-21
PCT/US2001/040332 WO2001071462A2 (en) 2000-03-21 2001-03-20 System and method for secure biometric identification

Publications (1)

Publication Number Publication Date
CA2369675A1 true CA2369675A1 (en) 2001-09-27

Family

ID=27063619

Family Applications (2)

Application Number Title Priority Date Filing Date
CA 2369676 Abandoned CA2369676A1 (en) 2000-03-21 2001-03-20 System and method for secure user identification with bluetooth enabled transceiver and biometric sensor implemented in a handheld computer
CA 2369675 Abandoned CA2369675A1 (en) 2000-03-21 2001-03-20 System and method for secure biometric identification

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CA 2369676 Abandoned CA2369676A1 (en) 2000-03-21 2001-03-20 System and method for secure user identification with bluetooth enabled transceiver and biometric sensor implemented in a handheld computer

Country Status (4)

Country Link
EP (1) EP1196896A2 (en)
JP (2) JP2003528407A (en)
CA (2) CA2369676A1 (en)
WO (2) WO2001071462A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124506A (en) * 2017-04-12 2017-09-01 广东欧珀移动通信有限公司 Unlocking method, device and mobile terminal

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1329855A1 (en) * 2002-01-18 2003-07-23 Hewlett-Packard Company User authentication method and system
GB0218706D0 (en) * 2002-08-12 2002-09-18 Domain Dynamics Ltd Method of voice authentication
WO2004109454A2 (en) 2003-05-30 2004-12-16 Privaris, Inc. A man-machine interface for controlling access to electronic devices
DE10336246A1 (en) * 2003-08-07 2005-03-10 Fujitsu Siemens Computers Gmbh Method for securing a computer system
AU2003904317A0 (en) * 2003-08-13 2003-08-28 Securicom (Nsw) Pty Ltd Remote entry system
EP1536380A1 (en) * 2003-11-06 2005-06-01 Alcatel Biometric access method
EP1751908B1 (en) 2004-05-10 2016-07-13 Koninklijke Philips N.V. Personal communication apparatus capable of recording transactions secured with biometric data
US20060078175A1 (en) * 2004-10-12 2006-04-13 Snap-On Technologies, Inc. A Delaware Corporation Hand-held diagnostic display unit including biometric characteristic security system
GB0513767D0 (en) * 2005-07-05 2005-08-10 Knowles Christopher A method of and a system for authentication
CN103257826A (en) * 2013-05-17 2013-08-21 广东欧珀移动通信有限公司 Method and system for mobile terminal to achieve navigation key function based on fingerprint identification
US9171133B2 (en) * 2013-10-11 2015-10-27 Landis+Gyr Innovations, Inc. Securing a device and data within the device
GB2521614A (en) * 2013-12-23 2015-07-01 Arm Ip Ltd Controlling authorisation within computer systems
US9836637B2 (en) * 2014-01-15 2017-12-05 Google Llc Finger print state integration with non-application processor functions for power savings in an electronic device
CN106022040A (en) * 2016-05-16 2016-10-12 深圳天珑无线科技有限公司 Mobile terminal and fingerprint identification-based operation method therefor

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4405829A (en) 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US5222152A (en) * 1991-11-19 1993-06-22 Digital Biometrics, Inc. Portable fingerprint scanning apparatus for identification verification
WO1996018169A1 (en) * 1994-12-06 1996-06-13 Loren Kretzschmar Transaction verification apparatus & method
US5625534A (en) * 1995-05-12 1997-04-29 Dell Computer Corporation Portable computer having a data card reader apparatus associated therewith
EP0931430B1 (en) * 1996-09-11 2006-06-28 Yang Li Method of using fingerprints to authenticate wireless communications
AU4196497A (en) * 1996-09-18 1998-04-14 Dew Engineering And Development Limited Biometric identification system for providing secure access
US6111977A (en) * 1997-04-17 2000-08-29 Cross Match Technologies, Inc. Hand-held fingerprint recognition and transmission device
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
JPH11224236A (en) * 1998-02-05 1999-08-17 Mitsubishi Electric Corp Remote authentication system
US6901241B2 (en) * 1998-02-11 2005-05-31 Telefonaktiebolaget L M Ericsson (Publ) System, method and apparatus for secure transmission of confidential information
JP2000092046A (en) * 1998-09-11 2000-03-31 Mitsubishi Electric Corp Remote authentication system
DE29821644U1 (en) * 1998-12-04 1999-02-18 Stocko Metallwarenfab Henkels Authentication system for PC cards
DE29908783U1 (en) * 1999-05-19 1999-09-09 Me Technology Europ Gmbh Input device for business transactions

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124506A (en) * 2017-04-12 2017-09-01 广东欧珀移动通信有限公司 Unlocking method, device and mobile terminal

Also Published As

Publication number Publication date
EP1196896A2 (en) 2002-04-17
WO2001071671A2 (en) 2001-09-27
JP2003528407A (en) 2003-09-24
WO2001071462A3 (en) 2003-05-15
JP2003529143A (en) 2003-09-30
CA2369676A1 (en) 2001-09-27
WO2001071462A2 (en) 2001-09-27
WO2001071671A3 (en) 2002-02-14

Similar Documents

Publication Publication Date Title
JP4638990B2 (en) Secure distribution and protection of cryptographic key information
EP1257106B1 (en) Secure remote subscription module access
US7788501B2 (en) Methods for secure backup of personal identity credentials into electronic devices
US6460138B1 (en) User authentication for portable electronic devices using asymmetrical cryptography
CA2554300C (en) System and method for encrypted smart card pin entry
US6151677A (en) Programmable telecommunications security module for key encryption adaptable for tokenless use
AU681500B2 (en) Method and apparatus for utilizing a token for resource access
JP5112700B2 (en) A system for identifying individuals in electronic transactions
US6240183B1 (en) Security apparatus for data transmission with dynamic random encryption
RU2313916C2 (en) Method for acoustic two-factor authentication
US6799275B1 (en) Method and apparatus for securing a secure processor
KR100213188B1 (en) Apparatus and method for user authentication
DE60028778T2 (en) Process for maintaining and distribution of individual fuses
US7558965B2 (en) Entity authentication in electronic communications by providing verification status of device
US8341714B2 (en) Security token and method for authentication of a user with the security token
JP4511459B2 (en) Facilitating and authenticating transactions
EP1454303B1 (en) Portable device and method for accessing data key actuated devices
US7114178B2 (en) Security system
US7775427B2 (en) System and method for binding a smartcard and a smartcard reader
KR100952551B1 (en) Method and apparatus for simplified audio authentication
US6484260B1 (en) Personal identification system
US7325132B2 (en) Authentication method, system and apparatus of an electronic value
US6075861A (en) Security access system
AU2002251480B2 (en) Terminal communication system
KR100791432B1 (en) Providing a user device with a set of access codes

Legal Events

Date Code Title Description
FZDE Dead