CN100437635C - Secure biometric verification of identity - Google Patents

Secure biometric verification of identity Download PDF

Info

Publication number
CN100437635C
CN100437635C CNB038250098A CN03825009A CN100437635C CN 100437635 C CN100437635 C CN 100437635C CN B038250098 A CNB038250098 A CN B038250098A CN 03825009 A CN03825009 A CN 03825009A CN 100437635 C CN100437635 C CN 100437635C
Authority
CN
China
Prior art keywords
card
processor
identification card
data
iso
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB038250098A
Other languages
Chinese (zh)
Other versions
CN1695163A (en
Inventor
塔米奥·萨伊托
会田刚
韦恩·德里辛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aiwei Intelligent Technology Co ltd
Original Assignee
Aiwei Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aiwei Intelligent Technology Co ltd filed Critical Aiwei Intelligent Technology Co ltd
Publication of CN1695163A publication Critical patent/CN1695163A/en
Application granted granted Critical
Publication of CN100437635C publication Critical patent/CN100437635C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Storage Device Security (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

A high security identification card includes an on-board memory for stored biometric data and an on-board sensor for capturing live biometric data. An on-board processor on the card performs a matching operation to verify that the captured biometric data matches the locally stored biometric data. Only if there is a positive match is any data transmitted from the card for additional verification and/or further processing. Preferably, the card is ISO SmartCard compatible. In one embodiment, the ISO SmartCard functions as a firewall for protecting the security processor used for storing and processing the protected biometric data from malicious external attack via the ISO SmartCard interface. In another embodiment, the security processor is inserted between the ISO SmartCard Interface and an unmodified ISO SmartCard processor and blocks any external communications until the user's fingerprint has been matched with a previously registered fingerprint. Real-time feedback is provided while the user is manipulating his finger over the fingerprint sensor, thereby facilitating an optimal placement of the finger over the sensor. The card may be used to enable communication with a transactional network or to obtain physical access into a secure area.

Description

The biometric verification of identity of safety
Related application
The present invention is based on following provisional application, the 60/409th of submission on September 10th, 2002, No. 716 (reel number is 7167-102P1), the 60/409th of submission on September 10th, 2002, No. 715 (reel number is 7167-103P), the 60/429th of submission on November 27th, 2002, No. 919 (reel number is 7167-104P), the 60/433rd of submission on Dec 13rd, 2002, No. 254 (reel number is 7167-105P), the 60/484th of submission on July 3rd, 2003, No. 692 (reel number is 7167-106P), and require the right of priority of these applications, the full content of these applications is hereby expressly incorporated by reference.
Technical field
The application relates to and is used for the apparatus and method that protected data and protected data exempt from unauthorized access.
Background technology
Computerize particularly Internet technology provides and has quickened finance and other transaction to comprising the ever-increasing data access of financial data, medical data, personal data, this means, wherein private data is carried out and upgrades or exchange.
Usually keep the confidentiality of these data with password; Yet password often is based on and is easy to guess and not safe date of birth or telephone number.In addition, even the complicated password that generates at random also often can be stolen easily.Based on the data access system of password thereby be subjected to rogue attacks easily, thereby give industry and economic, even bring danger and infringement for people's life.Therefore, the method for a kind of improvement of needs is used for protected data and protected data exempts from unauthorized access.
But biological data can comprise and be difficult to obtain the accurate details of analyzing easily (for example details in fingerprint sequence), but perhaps obtain the global pattern (for example spatial character of adjacent fingerprint screw thread) that is difficult to analyze easily.
Cryptographic algorithm needs only to the effective digital cipher of authorized user.Do not have correct key, have only the time enough of input and handle resource, and nonetheless, have only when some feature of clear data is known (perhaps being predictable at least), enciphered data just can be decrypted into available formats.
60-029868 number (February 15 1985 date of Japanese Laid-Open Patent Application, the application people is Tamio SAITO), propose a kind of personal identification system, it uses a kind of identification card with the integrated memory that is used to write down the ciphered biometrics data that obtains from the holder.Biological data can comprise voiceprint, fingerprint, macroscopic features and/or biological test.In the use, data are read and decipher in the card, are used for comparing with the corresponding data that obtains from the people who shows this card.This system makes the registrant to be determined identification by pin-point accuracy ground.Yet, because biological data obtains by external unit and handles, so be difficult to protect the information that is stored on the card to exempt from contingent change and/or identity theft.
A kind of identification card of improvement has been proposed; it comprises the data-driven processor chip on the card; encrypt and the hardware firewall of the biological data of isolated storage on card to provide simultaneously, thereby provide better protection to prevent without permission and change and store data.Yet actual matcher is to carry out on the outside card reader terminal of the same scene that obtains (live) biological data, thereby still is subjected to the attack of outside swindle operation potentially easily.
Summary of the invention
First embodiment of high security identification card not only comprises card (on-board claims again on the sheet or on the plate) storer that is used to store biological data, and comprises the card upper sensor that is used to catch on-the-spot biological data.Remote authentication system is safeguarded the safety database that comprises biological data.Whether processor is carried out preliminary matching operation on the card on the card, mate with biological data and local biometric storage data that checking is caught.Only when existing correct this locality to mate, the storage data of any data of obtaining or any sensitivity just can send to checking and/or the further processing that remote authentication system is used to add.As the further protection for malicious attack, local storage data preferably are different from the remote storage data, and preferably make local coupling adopt different matching algorithms with long-range coupling.Even thereby card, local storage data and/or with the local terminal sustain damage of card connection, most likely, remote authentication system still can be realized intrusion attempt.
Card upper sensor and card that second embodiment also comprises storer on the card that is used to store biological data, be used to catch on-the-spot biological data are gone up processor; Yet in this embodiment, whole matcher is gone up processor by card and is carried out, and biological original obtain data and be stored in card upward any other " privately owned " information in the storer all be inaccessible for any external program.Alternatively, the successful coupling in response between biological data that newly obtains and the biological data that before obtained only produces an authorization information.Authorization information makes this card function class be similar to according to the mode of login (log on) success/unsuccessful conventional I SO smart card of traditional PIN (PIN), but added security that is provided by more safety verification program is provided for it.In arbitrary embodiment, the biometric storage data preferably are written in the card when authorizing the holder at first with cryptographic algorithm or the encryption key that store any relevant this locality, its mode is the prevention external reference in any future, thereby has further strengthened the integrality of biometric storage data and whole proving program.
In one embodiment, the ISO smart card plays the effect of fire wall, is used to protect the safe processor that is used for storing and handle protected biological data to avoid suffering the malicious external attack of being undertaken by the ISO intelligent card interface.In another embodiment, safe processor inserts in the ISO intelligent card interface and through between the ISO smartcard processor of revising, and stops any PERCOM peripheral communication till user's fingerprint is complementary with the fingerprint of previous registration always.
In the preferred embodiment of the high security identification card of fingerprint matching ability, when the user was put into the fingerprint sensor top with its finger, feedback was provided in real time on having card, placed thereby help finger to carry out the best above sensor.This feedback has not only reduced computational complexity, and provides be used for the addition method distinguished between rawness user and fraudulent user, thereby has further reduced the possibility of false negative and/or false positive.In a further advantageous embodiment, fingerprint sensor is maintained in the carrier that additional stability is provided.
In an example use, with the biological data that gets access to and/or holder's identity sign any to the mandate of private data online access before or before any automated procedures that are used to finish Secure Transaction, encrypt, be input to then in the trade network that comprises financial institution and independent certificate server.In another example use, the output of card is used to obtain to enter the physical channel of safety zone.In arbitrary application, the record with unsuccessful access attempts of success can be stored on the card or on the external security server, perhaps all preserve on both.
Description of drawings
Fig. 1 shows to have card and goes up the embodiment of smart card that biometric authentication is shown card people's identity;
Fig. 2 is used to help the user to realize pointing the process flow diagram of the exemplary sequence of the best placement on fingerprint sensor;
Fig. 3 is the functional-block diagram of biometric authentication system of the people's that shows secure identification card of local and remote checking simultaneously identity;
Fig. 4 has during initially being written into holder's biological data and the functional-block diagram that uses the typical biometric authentication card in different physical datas path during checking holder's remote request identity;
Fig. 5 shows the optional embodiment of the canonical biometric card authentication of Fig. 4, and it plans to adopt the mode of not having the ISO smart card CPU that revises;
Fig. 6 is the process flow diagram of the communication between expression typical case application and the typical card authentication, wherein only carries out the local verification to holder's identity;
Fig. 7 is the process flow diagram that is similar to Fig. 6, but changes the mode of the canonical biometric card authentication that adopts Fig. 5 into;
Fig. 8 shows that have can be wireless or be connected to second embodiment of the smart card of biometric authentication on the card of local terminal by means of electrical connector;
Fig. 9 is the cross-sectional view of the card of Fig. 8;
Figure 10 is the circuit diagram of typical fingerprint sensor; And
Figure 11 shows an embodiment of the carrier module of the sensor that is used for Figure 10.
Embodiment
Smart card
The term of Shi Yonging " smart card (smart card) " or " smart card (intelligentcard) " are meant any physical object in general sense herein, it is small enough to and can be held in the hand, be worn on the neck, perhaps otherwise carry, it comprises microprocessor, can store, handles and transmit to relate to or other is related to card holder individual's digital code information.A well-known example of this smart card is ISO (International StandardsOrganization International Standards Organization) smart card, it has physical size and the profile identical with traditional credit card, but it comprises: flash memory is used to store user's particular data; And microprocessor, can programme with powerful cryptographic algorithm, whether the PIN that indication is received from user terminal (Personal Identification Number PIN) is complementary with the encryption PIN that blocks storage, thereby comparing with only relying on the verification system that signature and/or health appearance are carried out visual comparison, is that real holder has provided higher confidence level to the people who shows card.
Next with reference to Fig. 1, it shows has the embodiment that card is gone up the smart card of biometric authentication.Card 100 is made by plastic material usually, and has the overall appearance of traditional credit card, and its approximate size meets about 53.98 * 85.6mm and the about 0.76mm of thickness or thicker that stipulates among the ISO7816.
Be similar to traditional credit card, card 100 comprises blank upper area 102, and its whole transverse width along card extends, and the magnetic stripe that is used to carry on the back side that is positioned at card (meets ISO7811-2﹠amp; The regulation of 7811-6), can store traditional coded character information on this magnetic stripe, thereby card 100 can be used in traditional magnetic strip reader about holder and any related account.Yet, all be easy to revise because be written into any data in the magnetic stripe, surpass magnetic lineation and give in the application-specific of potential decline of security of system so such magnetic stripe only is only applicable to needs to the back compatible of old-fashioned magnetic strip terminal.
Upper area 102 also is used to support various false proof measures, for example holder's the anti-tamper photochrome and/or the hologram marking of ard issuers.Card 100 lower area 104 can use the embossed information (meeting ISO 7811-1 regulation) of traditional pattern, for example holder name, digital account (perhaps card) number and date of expiration, can use in traditional card imprinter so that block 100.
Upper area 102 and lower area 104 are separated by central region 106, wherein embed one group of 8 visible ISO smart card contact 108, and it is in the electrical connection of providing convenience between the corresponding contacts on card and the card reader.By this method, not only data, and power supply, clock and control signal all can exchange between card reader and card, as defined among the ISO 7816-3.
Sensor region 110 can be seen in right side in zone 106, and it is used for obtaining finger print data from holder's finger.Preferably, provide with sensor 110 or embed the unique corresponding ID sign indicating number of other electron component in the card to card; For example, the traditional IP and/or the coding of MAC Address form.
Fig. 1 also schematically shows several additional electronic components, and it cooperates with contact 108 and sensor 110, may compare with other, and more strong functions is provided, particularly better security.
In one embodiment, ISO smart card compatible processor 112 is directly connected to ISO contact 108, to provide and being electrically connected of the compatible card reader (not shown) of exterior I SO, thereby not only go up electron device power supply is provided, and be provided between card and any PERCOM peripheral communication software, fail-safe software, transaction software and/or other application software that operates on the correlation computations equipment that card reader or any and card reader network, transmitting the method for data to card.
Although in described embodiment, data channel between card 100 and outside card reader is to use the form of wired connection of the smart card connectivity scheme of ISO regulation, but be understood that, in other embodiments, other transmission technology also can be used, for example USB or RS 232C or SPI (serial) connect, and can pass through wireless RF (Radio Frequency radio frequency), microwave and/or IR (InfraRed infrared ray) communication link.
Equally, although described embodiment obtains power supply from card reader, other embodiment can have card and go up power supply, for example solar cell or battery.This card is gone up power supply may have advantage, for example, if the mechanical interface between card 100 and particular type card reader is such, so that fingerprint sensor 110 be connected in contact 108 can not be accessed by the user under the situation of corresponding connection in the card reader, thereby must with under the situation of the direct wired connection of card reader not catch the user fingerprints data at card 100.
Safe processor
As shown in the figure; safe processor 114 is connected between ISO processor 112 and the sensor 110; be used to provide safe handling and storage to the data of being caught; and provide " fire wall "; the data and the program that are stored in protection in its private memory exempt from any abnormal access attempt of being undertaken by ISO processor 112, and be as mentioned below.This fire wall can be designed to the only current enciphered data of having used encryption key, this encryption key is based on the network address or other and the unique corresponding thing of this particular card of unique distribution, data of extracting from previously stored fingerprint pattern for example, perhaps the device number of unique distribution is for example CPU number, perhaps fingerprint sensor number.In another embodiment, but the only current data that comprise the unique recognition data that is derived from previous transmission or data of fire wall.In other embodiments, fire wall is preserved different keys to different application, and with these keys data is sent to different separately processors or memory portion.
(not shown) in another embodiment, safe processor 114 is directly connected to ISO contact 108, and serves as the safe gate inhibition between ISO processor 112 and the ISO contact 108.This possibility has following advantage, the added security that is provided by safe processor 114 and sensor 110 is provided, and does not have any any possibility that may be integrated into the security feature in the ISO processor 112 that jeopardizes.
Safe processor 114 preferably includes Nonvolatile semiconductor memory or non-semiconductor storer, for example FRAM, OTP, E 2PROM, MRAM, MROM are used to store the fingerprint pattern of previous registration and/or other biological information of human body.In other embodiments, part or all function of safe processor 114 can be carried out in ISO processor 112, and/or some or repertoire of ISO processor 112 can be carried out in safe processor 114.The software firewall that still can keep between each function is carried out in such combination, if equipment is carried out in the mode that does not allow the saved software program to be made any subsequent modification, this will be particularly advantageous so.Alternatively, processor 112,114 can be a processor independent in the single multiprocessor machine, and this device design exempts from from any interference that operates in another program in the different processor for each processor of protection.The DDMP that an example of this multiprocessor device is Japanese Sharp company (Sharp) (Data Driven MultipleProcessor, data drive type multiprocessor).
Although these various sensors, contact and other electron component; and the P.e.c. that is used to interconnect or other electric line; all preferably be completely enclosed the card body of card 100; thereby protect their protected from wear and external contamination, but also the optimum position within the zone line 106 between upper area 102 and the lower area 104 protects further them to exempt from from other zone the possible infringement of traditional magnetic stripe reader, marking press and the marking press equipment of mechanical connection being arranged.
The LED feedback
LED 116a, 116b provide visible feedback by safe processor 114 controls to the user.In the embodiment shown, they are arranged in lower area 104, are preferably located in the position of the side of card away from contact 108.In any case, LED 116a, 116b are preferably located in during any impression program them can damaged position, and is positioned at when card inserts traditional ISO intellignet card fetch and/or points the position that they can be seen when being put into fingerprint sensor 110 tops as the user.For example:
Under Validation Mode:
Blinking red lamp: wait for finger
Stop flicker: finger is placed on the sensor
Blinking red lamp is once: do not match, and can moveable finger
Green light is long to glimmer once: mate, can remove finger
Under the registration mode:
Green light flicker: wait for finger
Stop flicker: finger is placed on the sensor
Blinking red lamp is once: can not register, and can moveable finger
Green light glimmers once: registered, can remove finger
Under the erasing mode:
Green light and blinking red lamp: prepare to wipe
Green light glimmers once: wipe
Preferably, before sending any negative report, the user is given repeatedly chance and goes to place its coupling or the registration of finger to succeed.In one embodiment, have only when removing its finger before the user is receiving green light allowance indication, perhaps when pre-specified time exceeded, negative report just was sent to certificate server.This program not only trains the user to realize that its finger carries out the best and places above sensor, and it has not only reduced computational complexity, and feasiblely can use the bigger threshold value of distinguishing.This visible feedback also provides and be used for the psychology basis distinguished between rawness user (it is usually constantly attempted up to realizing correct placement) and fraudulent user (it does not wish to cause any attention usually, and will be left by before realizing in its malice).Net result is the possibility that has significantly reduced false negative and/or false positive.
Fig. 2 shows and helps the user that its finger is placed into exemplary program on the sensor 110.In square frame 150, RED LED 116b glimmers.In case finger is detected (square frame 152), this LED just stops flicker and carries out the detection (square frame 154) of picture quality (corresponding to the elongated localized area of the protuberance and the recess of finger skin).(NO branch 156) if off quality, the single of RED LED 116b flicker indication user moves it and points different position (square frame 158) so; Otherwise (YES branch 160) carries out second and detects (square frame 162), to determine whether that identical finger is placed on the same position that is used to the registered user, thereby simple relatively matching algorithm just can be verified field data and store meeting of data in predetermined threshold range, thereby the finger identical (YES branch 164) with first registers is pointed at the checking scene, and GREEN LED 116a (square frame 166) the lasting long enough time (square frame 168) that is activated has produced successful coupling with confirmation and the user can remove its finger now.Alternatively, if the coupling threshold does not satisfy (NO branch 170), the single of red LED 116b flicker (square frame 158) indication user moves it and points different positions so, and this program repeats.
The representative network structure
Next with reference to Fig. 3, but it both shows the possible embodiment of biometric authentication system of the people's who can local also remote validation shows secure identification card identity.It comprises three major parts: client terminal 200, application server 202 and certificate server 204.Client terminal 200 comprises following function: the fingerprint of captured at jobsite and local process user, encrypt local deal with data and carry out secure communication with application server and certificate server; this secure communication is preferably undertaken by the internet that uses IP/TCP addressing scheme and host-host protocol, and provides protection to exempt from the malice visit by traditional IP fire wall 206.In other embodiments, fire wall 206 can have filtrator and scrambled device/demoder, be used for after sending data to be verified as authorization data its coding and be used for when determining before whether receive data is authorization data that with its decoding, it for example uses the cryptographic algorithm as DES 128.Use this method, fire wall 206 not only can be according to heading, and can be authorization data or potential malicious data with data qualification according to message content.
Client terminal 200 can private network device mode realize, perhaps can be applied to be installed in the middle of the software on programmable desktop computer, notebook computer or other workstation or the PC, for example Windows XXX, OS X, Solaris XX, Linux or Free BSD are controlled these computers by the general-purpose operating system.Preferably, client terminal 200 comprises " forbidding " database of keep upgrading (identity of the card of for example losing or have things stolen is perhaps to the restriction of specific card or one group of card), so that additional safety practice to be provided.
Application server 202 comprises following function, carries out issued transaction, and perhaps after the certified server 204 of user's identity confirmed, response came the long-distance user's of comfortable client terminal 200 instruction.Certificate server 204 comprises following function, carry out secure communication with client terminal 200 and application server 202, store true finger print data and other information about preceding registered user, the field data of storage data with the encryption of receiving from client terminal 200 compared, and whether the fingerprint on site data of notice application server 202 appointments mate the finger print data of storage.
More particularly, client terminal 200 also comprises two critical pieces: fixed reader 208 parts, it comprises that (it can be simple USB cable for Internet-browser terminal 210 and card reader interface 108a, terminate on one group of electric contact, be used to form corresponding electrical connection) with ISO smart card contact 108; And portable intelligent clamping part 100 '.In one embodiment, portable component 100 ' can be foregoing smart card 100, comprises fingerprint sensor 110, safe processor 114 and ISO smartcard processor 112.
Application server 202 also comprises the Internet Server interface, and it comprises fire wall 206 and Internet-browser 214, and transaction application module 216 and affirmation module 218.At application server and application module 216 is not to be designed to be undertaken by the IP/TCP agreement under the situation of legacy equipment of correspondence with foreign country, fire wall 206 can be with suitable installation the protocol convertor confirming module 218 and have a fixed ip address replace.For example, application server can be by being ready to provide the third party of service to operate by the internet to authorized user.
Certificate server 204 also comprises: Internet Server interface 220; Processing module 222 comprises fingerprint matching algorithm 224; And database 226, be used to store fingerprint and other when these people by system registry with and the real information collected from these people when satisfying requiring of Systems Operator of identity assurance.For further tightening security property, preferably, the storage data that are used for any unique individual are not listed as with single information and are stored in application server, but with every separate storage, and desired index of these projects of any connection or association all have only by corresponding key and just can obtain, and this key saves as the part of individual private data in the certificate server.
The location
In certain embodiments, " can also equip integrated HA Global Positioning Satellite (Global Positioning Satellite; " GPS ") receiver 212, it can provide about card reader and be stuck in or the useful information of current location when particular transaction takes place for fixed reader 208 and/or portable card 100.Especially, being used in card reader or card from the position data of gps receiver 212 is moved to and makes card reader and/or card lost efficacy (permanent or interim) under its situation of using the zone that is not authorized.Except by GPS, can also determine the position automatically by additive method, for example adopt PHS (Japanese cellular phone) caller's location technology, perhaps adopt alignment sensor to the localized variation sensitivity in the earth electromagnetic field.In the special example of equipment GPS card, various GPS elements comprise antenna; Numeral amplification, AD converter and sampling and holding circuit; And the digital information processor of calculating location, preferably, these elements all are the parts of monolithic integrated circuit or all are mounted in discrete device on the single circuit board that it is integrated, embeds or is laminated in the card body.
Have card and go up the card structure of the ISO card of coupling
The ISO processor interface
Fig. 4 is the functional-block diagram of the compatible biometric authentication card 100 of typical ISO smart card or 100 ', and it has different physical data paths, be used for initially being written into during holder's biological data and the identity of checking holder to remote application during.
Especially, except previously described ISO processor 112, safe processor 114, fingerprint sensor 110, LED 116a, 116b and optional gps receiver 212, wherein have only ISO processor 112 to be directly connected to outside the mode of card reader 208 by ISO smart card contact 108, also show load-on module 300 independently and be connected 302 with relevant temporarily, it provides direct communication with safe processor 114 at initial user's period of registration.Can notice that when interim loading connection 302 was connected to specific I/O port 308, ISO processor 112 communicated by I/O port 304,306 and safe processor 114.Preferably, safe processor is programmed for, and makes any responsive security-relevant data or software only can obtain and can not obtain from port 304 and 306 from port 308, thereby has avoided visiting the possibility of these sensitive datas connecting the 302 any malice in back that are under an embargo.
Obtainable ISO processor has at least two I/O ports and some has at least three on most of markets.One (I/O 1) designated traditional ISO smart card serial data connection 108 that is used to be connected to the compatible card reader 208 of exterior I SO is only arranged in these ports.Preferably, one or two I/O ports in addition provide the special-purpose hard wire communication between ISO processor 112 and safe processor 114, it is as hardware firewall, to stop safe processor 114 reprogrammings or acquisition are attempted to any malice of the visit of any sensitive information, this information may be before to be obtained by sensor 110 or may be to be stored in the processor 114.In the particular case that has more than the ISO processor of two I/O circuits, even when safe processor cuts off the power supply fully, may be at the state of the appearance of the static information on the dedicated communication path between ISO processor and the safe processor more than two, for example 1) Ready (ready), 2) Busy (hurrying), 3) Fail (failure) and 4) Pass (by).Certainly, even have only an I/O port effective, these four kinds of states also can dynamically be sent as serial data.
Can be as follows by possible order and the data that ISO interface I/O 2 and I/O 3 transmit between ISO CPU and safe CPU:
Registration or checking user command, safe CPU will send registering result or checking result to it, be used for local storage and/or be sent to remote application.
Finger print information can send to ISO CPU from safety CPU as template (reference), is used for storing into the ISO smart card memory to be sent to remote application.In order to strengthen the security of responsive personal information, reference data can be encrypted by safety CPU before it sends to ISOCPU.
Loading connection 302 provides with the direct of safe CPU 114 and is connected; in the time can between ISOCPU 112 and ISO card reader 208, keeping communication; it gets around ISO connection and relevant any firewall protection that special I/ O port 304 and 306 is provided, thereby power supply also is available for safety CPU 114.Mainly be to be used for the initial registration of this card, and can prevent unauthorized access the specific user.
Fig. 5 shows the optional embodiment of canonical biometric card authentication shown in Figure 4, and it plans to use unmodified ISO smart card CPU (unmodified ISO SmartCard CPU).Especially, ISO CPU 112 ' needn't carry out any gateway function again between card reader 208 and safe CPU 114 ' between the normal operating period or at loading days, thereby it can be any ISO permission chip, it changes never in any form, and uses with reading card device 208 with to all absolute transparent way of any applications.In this optional embodiment, if the fingerprint of fingerprint that obtains and storage is complementary, so safe CPU 114 ' is just as the transparent fire wall between ISO CPU 112 ' and any applications, if and the fingerprint of fingerprint that gets access to and storage do not match, it will stop all these communications so.
Card initialization and storage Data Protection
Cut off
In one embodiment, the initial jig of making has outstanding P.e.c. extension, and it provides and safe CPU, and is connected with the direct of storer on the part of ISO interface at least and/or any discrete card.Directly connecting interface only is used for test card and fingerprint register data, and comprises the signal that accreditation process is come into force.After registration is finished, the circuit extension is mechanically disconnected, thereby no longer may register, and safe CPU storer has only by the fire wall between ISO CPU and previously described ISO CPU and the safe CPU and just can conduct interviews.
Fuse
In another embodiment, safe CPU has a kind of storer, in case the registered fingerprint pattern is write, it is just with inaccessible.An example of this storer is disposable PROM (" OTP "), and it is structurally similar with EEPROM, but opaque to UV, thereby can not wipe.Another example is Flash ROM, and it becomes read-only after registration is finished, for example to Enable or Address or Data signal path by applying enough electric currents, in this signalling channel, to form physics open circuit (" fuse ").
Typical case's authentication procedure
In one embodiment, typical case's authentication procedure comprises obtains the physics finger print data, for example, on the client terminal that is connected to application server that uses by the visit people, use optics or pressure or conduction or electric capacity or acoustics or elasticity or camera work, then these data are sent (preferably, with encryption format) and arrive independently finger print identifying server.The finger print identifying server uses authentication software that finger print data and the file fingerprint that obtains compared, and this document comprises user's fingerprint register data, and if data mate, certificate server transmission validation instructions arrives application server so.
In another embodiment, the secure web browser of user capture finger print identifying server, it comprises file fingerprint, wherein all fingerprints are pre-registrations together with personal data, for example name, address and date of birth.Then the user by security protocol for example the safe finger print identifying server of HTTPS form visit send instruction to obtain user's fingerprint at the client terminal place to client terminal.In response to the shown instruction of client terminal browser, user's finger that it is selected is put on the fingerprint sensor, be installed in fingerprint in the client terminal then and obtain software and obtain digital finger-print, for example have 25 microns (micron) to 70 micron pitch resolution and 12.5 square millimeters of (mm 2) to 25 square millimeters areas, and the pixel image with 8 gray levels.
Safe finger print identifying server receives finger print data, and encode separately together with receiving User ID and internet-ip address and/or fingerprint sensor that (cookie is that the webserver is stored in the data in the client terminal for (MAC Address) and/or cookie, be used for the webserver and discern this client terminal) and/or the specific individuality of any unique code or other identification or terminal information are (for example, details from session previous between client terminal and the safe finger print identifying server), by receiving above information, it uses authentication software that finger print data and the file fingerprint that receives compared, this document is the finger print data and the user ID of pre-registration, personal information, name for example, the address, date of birth, illegal record, driving license, SSN (social security number), or the like, it can be details comparison and or Fast Fourier Transform (FFT) comparison.
In the beginning of authentication procedure, thereby the webserver 214 that is used for related application obtains on the sensor 110 and knocks its mouse button or keyboard key obtains software with the fingerprint that starts safe processor 114 from visually or acoustically indicating the user that its finger is put into fingerprint.Then the user fingerprints data of obtaining are sent to the webserver 220 of finger print identifying server 204 with encryption format (for example, rsa encryption host-host protocol HTTPS safe in utilization) by the web browser 210 of ISO processor 112 and client terminal 200.If the data of obtaining are successfully mated corresponding data in its database 226, finger print identifying server 204 then will be to client terminal 200 and application server 202 affirmation users' identity so.
Hereinafter with reference to Fig. 3, a typical preferred embodiment that has adopted three road authentication protocols and one-time password as Hash (Hash) character code sequence is described:
The web browser 210 of client terminal 200 is by the network interface 214 of request access application 216 visit application corresponding servers 202.
The network interface 214 of application server 202 with the dependent instruction of logining (LOG-IN) screen message and access application 216 in response.
Client terminal 200 indication ISO processors 112 activate safe processor 114.
ISO processor 112 triggers safe processor 114.
Safe processor 114 waits from the finger print data of fingerprint sensor 110 and when receiving valid data, the digital pattern that takes the fingerprint, and this pattern sends to web browser 210 by ISO processor 112.
Web browser 210 sends to certificate server 204 with the encrypted version of fingerprint extraction pattern together with the relevant information that (or encrypting jointly with it) relates to card 100 ' and card reader 208, for example the hard wire ID of the IP address of user ID, client terminal 200 and/or sensor 110 coding (MAC Address).
The network interface 220 of certificate server 204 receives the fingerprint extraction pattern together with the out of Memory from client terminal 200 by above step, and these information are sent to fingerprint matching processor 222.
Under the control of adapting software 224, the user ID that 222 uses of fingerprint matching processor are received or other user's certain relevant information are obtained pattern from the database 226 corresponding fingerprint reference patterns of retrieval and with fingerprint and the fingerprint reference pattern compares.
Result's (mate or do not match) is stored in the access history daily record together with the relevant information that terminal 200, user ID card 100 ' and application request 216 are verified, and control is returned to certificate server network interface 220.
If the result is coupling, certificate server network interface 220 produces the disposal password of a form for inquiry (challenge) character string so, it is transferred to client terminal 200, and use the enquiry character sequence as Hash codes, so that relevant information is encrypted, it is saved and is corresponding query-response, is used for the reference in possible future.
Client terminal 200 uses the enquiry character sequence of receiving as Hash codes, so that the unencryption copy of previously stored relevant submission information is encrypted, send it to the network interface 214 of application server 202 then, application is logined the part of the response of program as it.
The network interface 214 of application server 202 is received the relevant information of process Hash translation by above step, send it to application service 216, this service with its with attempt to combine from the login (LOG-ON) of client terminal, and, in order to confirm matching result, the relevant information received is sent, and this information is used the inquiry sequence that is provided by certificate server to carry out Hash translation with as query-response by client terminal.
The network interface 220 of certificate server 204, by the query-response of above step reception from application server, this response is sent to certified processor 222, whether this processor compares its reference copies with the previous expection query-response of preserving, in fact be authorized to the decision user identity.
Then turn back to application program 216 by this any authorized user identities information that relatively produces by the affirmation interface 218 of certificate server network interface 220 and application server 202.
Confirm that interface 218 enters into force to confirm the user identity of setting up when initial log is attempted by authentication.
In case user identity is identified, 216 network interfaces 214 by application server 202 of authentication (application) program carry out web browser 210 direct communications with client terminal 200.
Fig. 6 shows the optional authentication program, and wherein all couplings are carried out on the ISO of Fig. 4 compatible cards by safe CPU 114, and does not adopt external authentication server 204.The left side of Fig. 6 shows the function of being carried out by application server 202, and the right shows the function of being carried out by ISO smart card 100.
When smart card 100 was inserted card reader 208, reset signal RST sent to ISO CPU (START square frame 502) and fingerprint CPU 114 (fingerprint authentication square frame 504) from card reader, and these two parts receive power supply VCC from card reader 208.ISO CPU response is also then sent PPS (Protocol and parameters Selection agreement and parameter are selected) (square frame 506) if necessary with ATR (Answer-to-Reset reset answer) message then.Simultaneously, fingerprint CPU enters waiting status receiving finger print data, and when when sensor 110 is received data, just carries out authentication procedure (square frame 504).
When initial request command is employed 216 when sending to ISO CPU 112 (square frame 508), ISO CPU is to safety CPU inquiry (square frame 510) authentication state.If response is for affirming, ISO CPU is by moving request command with response application (square frame 512) so.Otherwise (from safety CPU's 114 no matter be error message or not response) it is not done any response to request command, but waits for the first new request (square frame 508b).
Suppose that fingerprint is verified and first response is in time received and it is employed 216 and determines it is response signal (square frame 514), the request program continues (square frame 516,518,520) to exceeding the predetermined authentication time limit just always so, do not use the request of receiving (square frame 522) from this during this period, perhaps this application can not receive intended response (square frame 524).
Fig. 7 is similar to the process flow diagram of Fig. 6, but is revised as the canonical biometric card authentication that has adopted Fig. 5.The Far Left of Fig. 7 shows the function of being carried out by application server 202, next column is corresponding to card reader 208, next column has been described ISO contact 108 again, and next column shows the function of being carried out by safety CPU 114 again, and rightmost then shows by there not being the function that change ISO smart card 112 is carried out.
When smart card is inserted card reader or application software when bringing into operation reader device, reset signal 550 is sent to safe CPU 114 from card reader 208.
Safe CPU receives reset signal 550 soon afterwards, and it sends corresponding reset signal 552 to ISO CPU 112.Simultaneously safe CPU waits for the finger print data from fingerprint sensor.
Receive reset signal 552 by above step, ISO CPU produces ATR (Answer-to-Reset) response 554 and after this then sends PPS (Protocol and parameters Selection) if necessary.
In a single day safe CPU 114 receives ATR (Answer-to-Reset) from ISO CPU, just immediately with it, comprise any relevant PPS order, is transferred to card reader (square frame 556).
Simultaneously, if safe CPU receives finger print data, it will carry out previously described authentication procedure so.In the authentication checks result is under the situation of PASS, should will keep cycle regular hour by state.If the result is FAIL, so safe CPU 114 just waits new finger print data.
Move this application by above step, command request 558 is sent to safe CPU, only when safety CPU still is in previously described PASS state or last correct response when having the multidata hyte, this safe CPU just sends to command request 560 ISO CPU and also its correct response 562 is sent to card reader (detecting square frame 564).
Otherwise (No branch 566) fingerprint CPU produces pseudo-request (dummy request, virtual request) 568 and send it to ISO CPU and also this ERR response as a result 570 is sent to card reader 216, thus the sequence number in request with respond in sequence number between keep accurate synchronization.
Encryption and secret
Before transmitting by any external network, preferably, any sensitive data and/or authentication result are all encrypted, can adopt DES or Two Fish to encrypt.Encryption key can obtain or store the password of data relevant on data contiguous in the unique allocated code, storage address, storer of data, user ID coding, sensor, other function, previous session (issued transaction), IP address, terminal coding or appointment based on fingerprint.Alternatively, sensitive data can HTTPS agreement safe in utilization to send by the internet.
For stronger security is provided, can be with virtual individual gateway, for example hardware des encryption and deciphering, between inserting safe finger print identifying server and network being connected, and the application corresponding server is with between network is connected.By using these virtual gateways or VPN (virtual private network) (" VPN ") like this, sensitive data is carried out supplementary protection by additional encryption layer, for example DES 128 (being generally used for VPN) and RSA (being adopted) by HTTPS.
For ultra-safe application, all communication can be surrounded with additional security layers.Especially, the heading in the lower level can be encrypted in higher level.
Radio communication
Other embodiment can comprise the dual interface that is used for not only contacting (ISO 7816) operation but also wireless (ISO1443 A or B) operation, and preferably, many interfaces power supply unit is installed, and it allows all using mutually between 7816 contacts of the ISO on the card, ISO 1443 A, ISO1443 B, ISO 15693 and HID conventional wireless system (between other).Alternatively, card can comprise the acknowledgment copy that is used for other wireless communication technology, for example bluetooth (short distance) or honeycomb (middle distance) or microwave (long distance).
Next with reference to Fig. 8, it shows, and have can be wireless or be connected to the smart card of biometric authentication on the card of local terminal by means of electrical connector.Its most of structure and structure are similar in appearance to the embodiment of previously described Fig. 1, and same label (may be distinguished with single quotation marks) indicates similar element.Especially, though ISO CPU 112 is presented at different position (below contact 108, rather than a side), just like preceding described identity function.
ISO antenna 132 comprises two coil antennas of the periphery that is arranged on card 100 usually, and provides ISO compatible wave point to ISO CPU 112, is used to data and power that data and power are provided similar in appearance to wired electrical interface 108.In addition, safety antenna 134 (in described example, built-in aerial 132 and only be made of a coil antenna) provides independently power supply by DC-DC power governor 120 to safety CPU 114.Because except be not used in the direct connection of wireless data by ISOCPU 112, so the sensitive data that is stored in the safe CPU 114 is not destroyed by this wave point.Alternatively, foregoing about outside card reader and external network being had only the embodiment of wired connection, the function of two processors can be merged, perhaps external interface can be by safety CPU 114 rather than by ISOCPU 112, wherein suitable wireless security measure must be attached in this variant structure.
Fig. 9 is the sectional view of card shown in Figure 8.Notice that most of described elements are included in the core district 126, have only contact 108 extensions to pass protective seam 122.The operating surface of sensor 110 by the last window in the upper strata 122 and the following window among the PCB (printed circuit board (PCB)) 134 with addressable, this PCB 134 is disposed between upper strata 122 and the central core 126, it provides electrical connection essential between the various electronic components, and around sensor 110 effective coverages around static discharge ground connection connect.
Lower floor 124 and magnetic stripe 128 are still visible.
Fingerprint sensor
Figure 10 is the typical schematic circuit diagram of sensor 110, and wherein sensor unit 402 arrays 400 are arranged as row 404 and row 406.As mentioned above, each unit 402 comprises activation door 410 and transducer 412.Protuberance and recess that fingerprint is gone up skin by finger form.When touching near unit 402 in the array 400 for one among these protuberances, transducer 412 an experience variation machinery and/or electricity of each sensor unit, in fact it produced the fingerprint digital picture that changes based on the minute-pressure that is caused by finger tip upper convex portion and recess on the sensor surface.Be described to single variable condenser although notice each transducer 412, have various types of transducers can respond one appearance among these protuberances of human skin.In the special example of pressure transducer piezoelectric membrane transducer, this film distortion and generation near the unit are stored in the electric charge in the capacitor that is connected to this unit.Voltage on the capacitor is the function of the mechanical stress that forms of the distortion by piezoelectric, itself so that be to be the protuberance or the function of recess on the unit.When driving 414 signal door 410 from related column and reach ON and when associated row, drive 416 when being grounded, on the outlet line 418 that being expert at appears in voltage, and in output driving 420, convert 8 position digital signals to this unit.In order to survey the distortion of piezoelectric substantially, the piezoelectricity electric material can form on resilient material, and for example polyimide or polyimide piezoelectricity electric material get final product.Other typically can comprise variable resistor and variable condenser with the analog converter technology that similar array organization realizes.Alternatively, each unit can comprise the simple numerical switch, and it only provides single bit of information; In the case, the additional position of information can be by providing a plurality of unit or by producing with each unit of higher frequency sampling in same district.This optional embodiment has avoided the needs to A/D converter.
In exemplary embodiments, sensor has only 0.33 millimeters thick and enough firm in to be embedded in the smart card and not to be subjected to the influence of static, element or user's skin condition (wet, do, heat, cold).Sensor 110 common device unit sizes are that 25 microns to 70 microns and common spacing are 25 microns to 70 microns.Typical sensors has area and 8 multistage sensitivity of 12.5 square millimeters to 25 square millimeters.This sensor can be made by TFT (thin film transistor (TFT)) and pressure-induced capacitance device array, is for example formed for example barium titanium oxide or strontium ba oxide, and comprise top electrode, its covering and protect whole sensitive zones by thin films of piezoelectric material.If the employing mechanical stress will produce corresponding charge so and will be stored in the film piezo-electric capacitor.Alternatively, sensor based on pressure can be made into TFT (thin film transistor (TFT)) together with thin film capacitor, and the array of pressure-induced capacitance device, for example form by the pressure conductive material sheet, carbon fibre dispersion rubber sheet for example, metal (for example copper or tin or silver), the carbon fibre of plating or paper base glass fibre or metal, the pole piece that powers on that disperses resilient material (for example silicones) and cover whole sensing unit.
The row and column of fingerprint sensor element 402 special provisions drives the electric data of 416,414 outputs to output circuit 420, thereby the physics input that will represent user fingerprints is converted to the analog electrical data.A/D converter in the output circuit 420 is converted to digital electric signal with this analog electrical signal then.The interconnection in the ranks that each thin film transistor (TFT) optionally will be shared is converted to the voltage on its relevant capacitor, and the voltage on each capacitor can be read and therefore the distortion of each unit can be measured like this.Preferably, the whole row of thin film transistor (TFT) are changed simultaneously, thereby a plurality of unit in a select column (for example 8) can be read by parallel in different interconnection in the ranks.A plurality of door as the interconnection between row and column have reduced the quantity of interconnection, walk abreast when reading a plurality of unit and then having reduced the time for reading of whole array from the different rows of same column.Output voltage from sensor can be amplified by differential amplifier.Can and be kept for A/D converter with the output of this amplifier sampling.
Substrate can be glass (for example non-alkali glass), stainless steel, aluminium, pottery (for example aluminium oxide), paper, fiberglass, but crystalline silicon thin plate preferably.Thin film semiconductor material can be amorphous silicon, polysilicon, adamas or any other semiconductive thin film.Piezoelectric can be a piezoelectric ceramics, and for example (preferably, thickness range is 0.1 to 50.0 micron to lead-zirconate-titanate, or the polymer piezo polyimide film material for lead-zirconate-titanate, PZT) film.Interconnection material can be: titanium/nickel/copper, aluminium, chromium/nickel/gold, titanium/nickel/gold, aluminium/gold, tungsten/copper, tungsten/gold, tungsten/gold.
Figure 11 shows the carrier combinations of the sensor on the thin base card that is formed on crystalline silicon.Crystalline silicon have fabulous electrical properties and help sensor array and required driving and output circuit integrated, yet will crooked and fracture when big and thin relatively silicon thin plate is subjected to local surface pressure.Illustrated carrier provides the structure more solid than the silicon chip of same integral thickness.
As shown in the figure, single piece of silicon 430 about 0.1 millimeters thick, and center on by the glass steel framework 432 of same thickness, it is installed in also is on the backing plate 434 of glass fibre reinforced plastic structure and about 0.05 millimeters thick.Frame 432 and backing plate 434 can use traditional printed circuit board (PCB) (PCB) technology to construct at an easy rate.Especially, the upper and lower surface of backing plate 434 is covered by the thin copper layer of being separated by the glass steel core 436.Frame 432 comprises a plurality of pads 440 at its external margin, is used to be connected to safe processor 114.Thin silicon sheet 430 usefulness epoxy resin bondings are to frame 432 and plate 434, and active zone is electrically connected to circuit separately in the frame 430 by connecting 442 in the traditional wiring on the peripheral portion 444 of the exposure of the silicon 430 of shielded top electrode 446.
Matching algorithm
Limited and only attempt to do on this locality card of simple 1: 1 coupling with single reference sample and handle for processing power, fingerprint matching software can be based on relatively simply the comparing of details of two patterns.For example, the gray level image of fingerprint can be reduced to two values, and is white and black, and three-dimensional protuberance is converted into two-dimentional fine rule (vector).Thereby the accuracy of this method also is subjected to following problem: fuzzy, adhesion, distortion, line segment excalation and other influence.Although accuracy is lower on the details theoretical method, it needs less computational resource and possibility with many existing database compatibilities is provided.
For on remote authentication server, handling, can require higher accurate resolution, for example " POC " (Phase Only Correlation is phase correlation only) matching algorithm with the reason ability of strength more.POC is based on the verification algorithm of the grand coupling of entire image.On the contrary, POC mates large-scale structural information-from details to total image.Therefore, POC can provide the accuracy of reinforcement to avoid noise, for example adhesion and excalation.In theory, the POC method is not subjected to move adverse effect with luminance difference from the position, and (is about 0.1 second for the off line coupling) fast and pin-point accuracy.For example, POC software can utilize fast two-dimensional fourier transformation (" 2DFFT ") to carry out the spatial frequency comparison of two fingerprint patterns.2DFFT will represent that the digitalized data array of the physics Two dimensional Distribution of fingerprint is converted to the frequency space, and in other words, with the space distribution inverse transform, the high more density pattern in this place has high more spatial frequency.Rotational transform can be used for the frequency space pattern match is mated.Because do not misled by the common defective in the fingerprint recording pattern, POC will think that these defectives are noise and detail analysis makes an explanation these defectives as significant data, so POC pattern match and details have been compared more advantage to flux matched.
For harsh especially application, mixed method provides higher accuracy and security with comparable other any independent method.For example, the details method can be used on the acquisition point, and the POC method can be used on the remote server.As another example, matcher can be analyzed details and spatial relationship have been considered two kinds of results' combination with generation mark.
Use
Previously described technology provides and has been used for various application, commercial and government, high-caliber security.According to the requirement of various application, multiple Secure Application can coexist and operate on the identical card and/or on the identical certificate server.In one embodiment, single card can comprise that 24 of as many as independently and the application of safety.For example, this technology will permit/denied access (physics and/or logic), the list that identification personnel's exact position and/or motion and/or supervision are listed, and also move other Secure Application simultaneously, each is used each other and fully and safely isolates.
The current application that can expect is as follows:
Airport ID/ is current
The mansion security personnel
Current and the record keeping of accommodation
Hospital
Game on line
Download entertainment
Birth certificate
Computer access
Driving license-TWIC
Stored value card
Emergency medical information
The explosive license
Government and military applications are current
HAZMAT (danger) licence
Medical insurance and welfare card
Entrance
Passport
The aviation license
Harbour ID/ is current
Covering note
Social insurance card
Traveller's credit
Visa or advance/go out the pass
The vote registration card
Welfare and food coupon stamp card
For these many application, preferably, storer also provides the safe storage of various personal informations on the card of card, and it has only when the holder of registration has proved its identity and authorized this visit and just can conduct interviews.The example of these personal informations has:
Management information, for example for example visa type, visa time limit, nationality etc. of name, address, date of birth, place of birth, nationality, religion, membership credentials, social insurance number, driving license number, passport number and immigrant's information.
Financial information, for example stored value card, VISA (VISA credit card), MasterCard (Master Card), American Express credit card informations such as (American Expresses), bank information, for example Bank Name, bank account balance, account transfer information, IRS (IRS) number, bankruptcy record, account transfer information etc.
Sign and health and fitness information, for example: identification individual's biological information, for example height, body weight, fingerprint, iris, retina, hand size, bone structure, sound, DNA; Blood group; The medical diagnosis testing result; Medical history; Medicine; Insurance information; To the psychology of certain stimulation and physiological reaction etc.
Event information, for example previous conviction, capital felony, misdemeanor, illegal.
Emergency information, for example graveyard, relatives and other contact details, lawyer's information, religion information.
Education, work are historical, comprise school, degree, the company relevant with FDD of taking office.
Data access history (having stored the access history data of advancing card and card release).
ID relevant information, for example result of fingerprint pattern, fingerprint pattern Processing, fingerprint pattern.
Password, for example permanent password, temporary transient password and/or one-time password.
Encryption key, for example public-key cryptography, personal key and/or one time key.
Next typical card Accreditation System is described.
Applicant: fill in application form and, preferably, comprise photo and fingerprint with its submission.For most of applicant, check that its file attachment and the information of checking submission simply in one or more governments and business database just are enough to set up individual's true identity.
After its identity was identified, the applicant entered and signs and issues the station, will think that by ard issuers necessary any information is written in the card herein.The applicant is placed on its finger on the sensor on the card.In case fingerprint matching places on the sensor with requiring and is written into card, just will make outstanding on the card be subjected to surge, it blows some fuse, should be necessarily regional with what stop that anyone writes card once more.Then, will this little outstanding cut-out/cut off by (just as the card that has umbilical cord).At this some place, card can only contact card reader or ISO wireless system by ISO and read or write.
In the situation of network authentication server, on the card contained same data some or all also be to be transferred to remote server with encrypted form, can replenish the additional data that card is gone up still may need to be used for high-security applications that are not stored in usually.

Claims (50)

1. smart identity identification card comprises:
Storer on the card is used to store reference data;
The card upper sensor is used to catch on-the-spot biological data;
Microprocessor on the card is used in predetermined threshold the biological data and the corresponding reference data of storing of being caught being compared, and just produces checking message when mating and if only if exist in predetermined threshold; And
Interface is used for described checking message is sent to external network, and wherein, described checking message comprises the extracts from the biological data of being caught at least.
2. identification card according to claim 1, wherein, described checking message comprises the extracts from the reference data of being stored at least.
3. identification card according to claim 2, wherein, described checking message is transferred to the checking that remote authentication system is used to add.
4. identification card according to claim 3, wherein, described remote authentication system comprises the reference data of the remote storage different with the reference data of described storage.
5. identification card according to claim 3, wherein, microprocessor uses the matching algorithm different with described remote authentication system on the described card.
6. identification card according to claim 2, wherein, being stored on the described card the original biological data of catching in the storer and any other " privately owned " information all is disabled for any external program.
7. identification card according to claim 2, wherein, described card is the ISO compatible smartcard.
8. identification card according to claim 7 also comprises the ISO smartcard processor.
9. identification card according to claim 8 wherein, is used to store and handle on the described card of described biological data of catching microprocessor and is isolated with described ISO smartcard processor on function by fire wall.
10. identification card according to claim 8, wherein, all external datas that pass in and out microprocessor on the described card are all by described ISO smartcard processor.
11. identification card according to claim 8, wherein, all external datas that pass in and out described ISO smartcard processor are all by microprocessor on the described card.
12. identification card according to claim 8, wherein, microprocessor has on the described card: first connects, and is used for being written into during loader data; And second connect, and is connected to external network.
13. identification card according to claim 12, wherein, make described first be connected described loader finish after permanent forbidding.
14. identification card according to claim 8 wherein, is used to store and handle on the described card of described biological data of catching microprocessor and is isolated with described ISO smartcard processor on function by fire wall.
15. identification card according to claim 8, wherein:
Described card comprises magnetic stripe zone and hyporelief zone;
Described card upper sensor is the fingerprint sensor; And
Microprocessor, described ISO smartcard processor and described fingerprint sensor all are located at the described zone line of going up between magnetic stripe zone and the described hyporelief zone on the described card.
16. identification card according to claim 2, wherein, described biological data comprises that finger print data and described sensor are the fingerprint sensors that is used for obtaining from the finger that is placed on the user on the described sensor data.
17. identification card according to claim 16 wherein, when described user is put into described fingerprint sensor top with its finger, provides real-time feedback, places thereby help described finger to carry out the best above described sensor.
18. identification card according to claim 16, wherein, microprocessor is suitable for adopting the mixing matching algorithm on the described card, the details in the biological data that described mixing matching algorithm has been considered to be caught and whole spatial relationships.
19. identification card according to claim 16, wherein, described fingerprint sensor comprises the crystal silicon chip by the backing plate supporting.
20. identification card according to claim 19, wherein, described backing plate comprises and is clipped in two glass epoxy resin layers between the metal level.
21. identification card according to claim 19, wherein, described backing plate is reinforced by the carrier frame around described silicon chip.
22. identification card according to claim 1, wherein, described card also comprises the device that is used for the use of described card is defined in the precalculated position.
23. identification card according to claim 1, wherein, described interface is a double nip, comprising:
Electrically contact interface; And
Wireless communication interface.
24. a smart identity identification card comprises:
The card upper sensor is used to catch on-the-spot biological data;
First card is gone up processor, be connected with described card upper sensor, described first card is gone up processor and is comprised the storer that is used for reference data stored, described first card is gone up processor and in predetermined threshold the biological data of being caught and the reference data of corresponding storage is compared, and and if only if in predetermined threshold, just produce checking message during coupling;
Second card is gone up processor, goes up processor with described first card and is connected, and is used to carry out intelligent card function; And
Interface is connected to any one in last processor of described first card and the last processor of described second card, is suitable for and external network communication, and described checking message is sent to described external network via described interface.
25. identification card according to claim 24, wherein, it is the ISO smartcard processor that described second card is gone up processor.
26. identification card according to claim 25, wherein, described first card is gone up processor and is separated on function by fire wall and described ISO smartcard processor.
27. identification card according to claim 25 wherein, is gone up processor and is gone up all external datas of processor all by described ISO smartcard processor from described first card to described first card.
28. identification card according to claim 25 wherein, all blocks upward processor by described first to described ISO smartcard processor with from all external datas of described ISO smartcard processor.
29. identification card according to claim 28, wherein, described first card is gone up processor and had: first connects, and is used for being written into during loader data; And second connect, and is connected to external network.
30. identification card according to claim 24 further comprises:
Position detector on the card is used for determining the current location of described identification card; And
Be used for limiting the device of the use of described card based on described current location.
31. identification card according to claim 30, wherein, position detector comprises on the described card:
The global positioning satellite signal receiver.
32. smart identity identification card according to claim 24 further comprises:
Indicator is used for providing real-time feedback when the user operates his or her finger on described card upper sensor, thereby is convenient to point the suitable placement on described sensor.
33. identification card according to claim 24, wherein, described interface is a double nip, comprising:
Electrically contact interface; And
Wireless communication interface.
34. identification card according to claim 33, wherein, described wireless communication interface comprises:
Antenna is connected to described second card and goes up processor.
35. identification card according to claim 34 further comprises:
Power supply antenna is connected to described first card and goes up processor.
36. a method that is used for the user of identification intelligent identification card, described smart identity identification card comprise that storer is gone up biology sensor with card on the card that is used for reference data stored, described method comprises:
Use described card upper sensor to catch on-the-spot biological data;
In predetermined threshold with the biological data of being caught be stored in that the corresponding reference data in the storer compares on the described card;
Only when coupling in described predetermined threshold, produce checking message; And
Described checking message is sent to external network,
Wherein, described checking message comprises the extracts from the reference data of being stored at least, and
Wherein, described checking message comprises the extracts from the biological data of being caught at least.
37. method according to claim 36 further comprises:
The checking that described checking transmission of messages is used to add to remote authentication system.
38., further comprise according to the described method of claim 37:
Storage and the local different reference data of described reference data that is stored in the described identification card in described remote authentication system.
39. according to the described method of claim 37, wherein, the matching algorithm that uses in described identification card is different from the matching algorithm that uses at described remote authentication system place.
40. method according to claim 36 further comprises:
At least some and described reference data in the biological data of being caught are transferred to certificate server, are used for before any mandate online access is used to handle the application server of the secure financial transactions that relates to this user, user identity being carried out safety verification.
41. method according to claim 36 further comprises:
Reception relates to the matching request of the particular login attempt on specific application servers; And
If on certificate server, produce positive match in response to described matching request, then carry out safety three road authentication protocols, described authentication protocol comprises:
The enquiry character sequence is sent to described identification card from described certificate server;
Based on described enquiry character sequence and described matching request, produce query-response at described identification card;
Described query-response is transmitted to described application server;
Described query-response is transmitted to described certificate server from described application server; And
Confirm at described certificate server whether described query-response is effective.
42. a method that is used for the user of identification intelligent identification card, described smart identity identification card comprise on the card that is used for reference data stored biology sensor, safe processor and ISO Card processor on storer, the card, described method comprises:
Use described card upper sensor to catch on-the-spot biological data;
Use described safe processor in predetermined threshold with the biological data of being caught be stored in that the corresponding reference data in the storer compares on the described card;
Only when in described predetermined threshold, mating, use described safe processor to produce checking message;
Via interface described checking message is sent to external network; And
If confirmed described user's identity, then allow described ISO Card processor operation.
43., further comprise according to the described method of claim 42:
Via first connection data are being loaded on the described safe processor during the loader; And
Make described first be connected described loader finish after permanent forbidding.
44., wherein, all be connected with all external datas by second of described safe processor from described ISO Card processor to described ISO Card processor according to the described method of claim 42.
45. according to the described method of claim 42, wherein, to described safe processor and from all external datas of described safe processor all by described ISO Card processor.
46. according to the described method of claim 42, wherein, described biological data comprises finger print data, and described sensor is the fingerprint sensor that is used for catching from the finger that is placed on the user on the described sensor data.
47., further comprise according to the described method of claim 46:
The real-time feedback of finger placement is provided when described user operates his or her finger on described fingerprint sensor, thereby is convenient to point the suitable placement on described sensor.
48. according to the described method of claim 42, wherein, described comparison and the described safe processor of described use comprise that employing mixes matching algorithm, the details in the biological data that described mixing matching algorithm has been considered to be caught and whole spatial relationships.
49. a device that is used for the user of identification intelligent identification card, described smart identity identification card comprise that storer is gone up biology sensor with card on the card that is used for reference data stored, described device comprises:
Acquisition equipment is used to use described card upper sensor to catch on-the-spot biological data;
Comparison means is used in predetermined threshold the biological data of will be caught and is stored in that the corresponding reference data of storer compares on the described card;
Generation device is used for only just producing checking message when coupling in predetermined threshold; And
Dispensing device is used for described checking message is sent to external network,
Wherein, described checking message comprises the extracts from the biological data of being caught at least.
50. a device that is used for the user of identification intelligent identification card, described smart identity identification card comprise on the card that is used for reference data stored biology sensor, safe processor and ISO Card processor on storer, the card, described device comprises:
Acquisition equipment is used to use described card upper sensor to catch on-the-spot biological data;
Comparison means, be used for using described safe processor in predetermined threshold with the biological data of being caught be stored in that the corresponding reference data of storer compares on the described card;
Generation device is used for only just using described safe processor to produce checking message when coupling in predetermined threshold;
Dispensing device is used for via interface described checking message being sent to external network; And
Allow device,, then allow described ISO Card processor operation if be used for confirming described user's identity.
CNB038250098A 2002-09-10 2003-09-10 Secure biometric verification of identity Expired - Fee Related CN100437635C (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US40971602P 2002-09-10 2002-09-10
US60/409,715 2002-09-10
US60/409,716 2002-09-10
US60/429,919 2002-11-27
US60/433,254 2002-12-13
US60/484,692 2003-07-03

Publications (2)

Publication Number Publication Date
CN1695163A CN1695163A (en) 2005-11-09
CN100437635C true CN100437635C (en) 2008-11-26

Family

ID=35353502

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB038250098A Expired - Fee Related CN100437635C (en) 2002-09-10 2003-09-10 Secure biometric verification of identity

Country Status (10)

Country Link
CN (1) CN100437635C (en)
AR (1) AR041226A1 (en)
LT (1) LT5344B (en)
MY (1) MY161401A (en)
PA (1) PA8581901A1 (en)
PE (1) PE20040351A1 (en)
TN (1) TNSN05068A1 (en)
TW (1) TWI366795B (en)
UY (1) UY27970A1 (en)
ZA (1) ZA200502663B (en)

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CZ2005209A3 (en) * 2002-09-10 2005-12-14 Ivi Smart Technologies, Inc. Safe biometric verification of identity
KR101615461B1 (en) * 2007-09-24 2016-04-25 애플 인크. Embedded authentication systems in an electronic device
US8600120B2 (en) 2008-01-03 2013-12-03 Apple Inc. Personal computing device control using face detection and recognition
CN101626296B (en) * 2009-05-27 2012-04-18 飞天诚信科技股份有限公司 Method for improving input information security and biological information acquisition equipment
CN101616416B (en) * 2009-07-24 2012-08-29 中兴通讯股份有限公司 Method and equipment for authenticating smart card of communication terminal
CN102831335B (en) * 2011-06-16 2015-08-05 中国科学院数据与通信保护研究教育中心 A kind of method for security protection of Windows operating system and system
US8756680B2 (en) * 2011-08-02 2014-06-17 Corning Incorporated Biometric-enabled smart card
US9002322B2 (en) 2011-09-29 2015-04-07 Apple Inc. Authentication with secondary approver
US9959539B2 (en) 2012-06-29 2018-05-01 Apple Inc. Continual authorization for secured functions
US10212158B2 (en) 2012-06-29 2019-02-19 Apple Inc. Automatic association of authentication credentials with biometrics
US9832189B2 (en) 2012-06-29 2017-11-28 Apple Inc. Automatic association of authentication credentials with biometrics
US9819676B2 (en) 2012-06-29 2017-11-14 Apple Inc. Biometric capture for unauthorized user identification
KR101231216B1 (en) * 2012-07-13 2013-02-07 주식회사 베프스 Removable storage device with fingerprint recognition and control method thereof
US10331866B2 (en) 2013-09-06 2019-06-25 Apple Inc. User verification for changing a setting of an electronic device
US9898642B2 (en) 2013-09-09 2018-02-20 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US20150073998A1 (en) 2013-09-09 2015-03-12 Apple Inc. Use of a Biometric Image in Online Commerce
US20150082890A1 (en) * 2013-09-26 2015-03-26 Intel Corporation Biometric sensors for personal devices
US20150220931A1 (en) 2014-01-31 2015-08-06 Apple Inc. Use of a Biometric Image for Authorization
CN103955733B (en) * 2014-04-22 2017-02-15 中国工商银行股份有限公司 Electronic identity card chip card, card reader and electronic identity card verification system and method
US10482461B2 (en) 2014-05-29 2019-11-19 Apple Inc. User interface for payments
DE102014110694A1 (en) 2014-07-29 2016-02-04 Bundesdruckerei Gmbh Document with sensor means
GB2529214B (en) * 2014-08-14 2016-10-19 Soloprotect Ltd An identity card holder and system
US9400914B2 (en) 2014-10-24 2016-07-26 Egis Technology Inc. Method and electronic device for generating fingerprint enrollment data
US9590986B2 (en) * 2015-02-04 2017-03-07 Aerendir Mobile Inc. Local user authentication with neuro and neuro-mechanical fingerprints
CN105069436A (en) * 2015-08-14 2015-11-18 广东欧珀移动通信有限公司 Control method and system based on fingerprint identification, and fingerprint identification module group
GB2547905B (en) * 2016-03-02 2021-09-22 Zwipe As Fingerprint authorisable device
JP6753713B2 (en) 2016-07-15 2020-09-09 株式会社東芝 IC module, IC card, and collation device
DK179471B1 (en) 2016-09-23 2018-11-26 Apple Inc. Image data for enhanced user interactions
CN106682477B (en) * 2017-01-18 2023-09-19 西京学院 Authentication method based on human body solid state characteristics
GB2564839A (en) * 2017-05-30 2019-01-30 Zwipe As Smartcard and method for controlling a smartcard
US10740494B2 (en) 2017-09-06 2020-08-11 Google Llc Central and delegate security processors for a computing device
JP6736686B1 (en) 2017-09-09 2020-08-05 アップル インコーポレイテッドApple Inc. Implementation of biometrics
ZA201802775B (en) * 2018-01-22 2019-01-30 Ratshephe Wright Makhene Ezekiel A card and identity verification system
US11170085B2 (en) 2018-06-03 2021-11-09 Apple Inc. Implementation of biometric authentication
US11100349B2 (en) 2018-09-28 2021-08-24 Apple Inc. Audio assisted enrollment
US10860096B2 (en) 2018-09-28 2020-12-08 Apple Inc. Device control using gaze information
SG10201902933WA (en) * 2019-04-01 2020-11-27 Advanide Holdings Pte Ltd An improved card with fingerprint biometrics
EP4264460A1 (en) 2021-01-25 2023-10-25 Apple Inc. Implementation of biometric authentication

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0457398A2 (en) * 1990-05-18 1991-11-21 Philips Electronics Uk Limited Fingerprint sensing
US5907627A (en) * 1995-11-06 1999-05-25 Dew Engineering And Development Limited Contact imaging device
US5978495A (en) * 1996-07-17 1999-11-02 Intelnet Inc. Method and apparatus for accurate determination of the identity of human beings
US5995630A (en) * 1996-03-07 1999-11-30 Dew Engineering And Development Limited Biometric input with encryption
EP1006479A2 (en) * 1998-12-04 2000-06-07 Stocko Contact GmbH & Co. KG Authentication system for PC-cards
EP1074949A1 (en) * 1999-08-02 2001-02-07 Ming-Shiang Shen Integrated circuit board with fingerprint verification capability
WO2001078740A1 (en) * 2000-04-18 2001-10-25 Glaxo Group Limited Medical combinations comprising mometasone and salmeterol
US6325285B1 (en) * 1999-11-12 2001-12-04 At&T Corp. Smart card with integrated fingerprint reader
US20020088632A1 (en) * 2000-08-17 2002-07-11 Authen Tec Integrated circuit package including opening exposing portion of an IC

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6029868A (en) 1983-07-29 1985-02-15 Toshiba Corp Individual identification system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0457398A2 (en) * 1990-05-18 1991-11-21 Philips Electronics Uk Limited Fingerprint sensing
US5907627A (en) * 1995-11-06 1999-05-25 Dew Engineering And Development Limited Contact imaging device
US5995630A (en) * 1996-03-07 1999-11-30 Dew Engineering And Development Limited Biometric input with encryption
US5978495A (en) * 1996-07-17 1999-11-02 Intelnet Inc. Method and apparatus for accurate determination of the identity of human beings
EP1006479A2 (en) * 1998-12-04 2000-06-07 Stocko Contact GmbH & Co. KG Authentication system for PC-cards
EP1074949A1 (en) * 1999-08-02 2001-02-07 Ming-Shiang Shen Integrated circuit board with fingerprint verification capability
US6325285B1 (en) * 1999-11-12 2001-12-04 At&T Corp. Smart card with integrated fingerprint reader
WO2001078740A1 (en) * 2000-04-18 2001-10-25 Glaxo Group Limited Medical combinations comprising mometasone and salmeterol
US20020088632A1 (en) * 2000-08-17 2002-07-11 Authen Tec Integrated circuit package including opening exposing portion of an IC

Also Published As

Publication number Publication date
LT5344B (en) 2006-06-27
TNSN05068A1 (en) 2007-05-14
AR041226A1 (en) 2005-05-11
MY161401A (en) 2017-04-14
TWI366795B (en) 2012-06-21
TW200411572A (en) 2004-07-01
LT2005035A (en) 2006-01-25
PA8581901A1 (en) 2004-05-21
PE20040351A1 (en) 2004-06-17
UY27970A1 (en) 2003-12-31
CN1695163A (en) 2005-11-09
ZA200502663B (en) 2006-08-30

Similar Documents

Publication Publication Date Title
CN100437635C (en) Secure biometric verification of identity
US7278025B2 (en) Secure biometric verification of identity
US7472275B2 (en) System and method of electronic signature verification
US7043754B2 (en) Method of secure personal identification, information processing, and precise point of contact location and timing
US7172115B2 (en) Biometric identification system
US8918900B2 (en) Smart card for passport, electronic passport, and method, system, and apparatus for authenticating person holding smart card or electronic passport
US7255269B2 (en) Device and method of recognizing at least one individual, the corresponding access control device and system and applications thereof
KR19980073694A (en) Radio frequency identification system including fingerprint identification card
RU2339081C2 (en) Intellectual identification card
EP1706852B1 (en) An identification card and a method of identifying a card holder using the card
ES2336983B1 (en) SECURITY BIOMETRIC IDENTITY VERIFICATION.
LT5403B (en) Secure biometric verification of identity
CA2529098A1 (en) System and method for network security and electronic signature verification
GB2401822A (en) Computer system with data carrier having biometric user identification

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20081126

Termination date: 20110910