CN100437635C - Secure biometric verification of identity - Google Patents
Secure biometric verification of identity Download PDFInfo
- Publication number
- CN100437635C CN100437635C CNB038250098A CN03825009A CN100437635C CN 100437635 C CN100437635 C CN 100437635C CN B038250098 A CNB038250098 A CN B038250098A CN 03825009 A CN03825009 A CN 03825009A CN 100437635 C CN100437635 C CN 100437635C
- Authority
- CN
- China
- Prior art keywords
- card
- processor
- identification card
- data
- iso
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000012795 verification Methods 0.000 title claims abstract description 7
- 238000004891 communication Methods 0.000 claims abstract description 21
- 238000000034 method Methods 0.000 claims description 42
- 230000004044 response Effects 0.000 claims description 27
- 230000008878 coupling Effects 0.000 claims description 16
- 238000010168 coupling process Methods 0.000 claims description 16
- 238000005859 coupling reaction Methods 0.000 claims description 16
- 241001269238 Data Species 0.000 claims description 8
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 claims description 7
- 229910052710 silicon Inorganic materials 0.000 claims description 7
- 239000010703 silicon Substances 0.000 claims description 7
- 239000011521 glass Substances 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 229910052751 metal Inorganic materials 0.000 claims description 3
- 239000002184 metal Substances 0.000 claims description 3
- 239000003822 epoxy resin Substances 0.000 claims description 2
- 229920000647 polyepoxide Polymers 0.000 claims description 2
- 239000000284 extract Substances 0.000 claims 5
- 230000013011 mating Effects 0.000 claims 2
- 239000013078 crystal Substances 0.000 claims 1
- 230000006870 function Effects 0.000 abstract description 19
- 238000012545 processing Methods 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 9
- 239000010409 thin film Substances 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- PXHVJJICTQNCMI-UHFFFAOYSA-N Nickel Chemical compound [Ni] PXHVJJICTQNCMI-UHFFFAOYSA-N 0.000 description 6
- 239000003990 capacitor Substances 0.000 description 6
- 238000013475 authorization Methods 0.000 description 5
- 229910052737 gold Inorganic materials 0.000 description 5
- 239000010931 gold Substances 0.000 description 5
- 239000000463 material Substances 0.000 description 5
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 4
- 230000004397 blinking Effects 0.000 description 4
- 229910052802 copper Inorganic materials 0.000 description 4
- 239000010949 copper Substances 0.000 description 4
- PNEYBMLMFCGWSK-UHFFFAOYSA-N Alumina Chemical compound [O-2].[O-2].[O-2].[Al+3].[Al+3] PNEYBMLMFCGWSK-UHFFFAOYSA-N 0.000 description 3
- 239000004411 aluminium Substances 0.000 description 3
- 229910052782 aluminium Inorganic materials 0.000 description 3
- XAGFODPZIPBFFR-UHFFFAOYSA-N aluminium Chemical compound [Al] XAGFODPZIPBFFR-UHFFFAOYSA-N 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 230000033228 biological regulation Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 230000000295 complement effect Effects 0.000 description 3
- 229910021419 crystalline silicon Inorganic materials 0.000 description 3
- 230000002950 deficient Effects 0.000 description 3
- 239000000835 fiber Substances 0.000 description 3
- 239000010408 film Substances 0.000 description 3
- 229910052451 lead zirconate titanate Inorganic materials 0.000 description 3
- 229910052759 nickel Inorganic materials 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 229920001721 polyimide Polymers 0.000 description 3
- 238000005070 sampling Methods 0.000 description 3
- 239000004065 semiconductor Substances 0.000 description 3
- 230000035945 sensitivity Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- WFKWXMTUELFFGS-UHFFFAOYSA-N tungsten Chemical compound [W] WFKWXMTUELFFGS-UHFFFAOYSA-N 0.000 description 3
- 229910052721 tungsten Inorganic materials 0.000 description 3
- 239000010937 tungsten Substances 0.000 description 3
- 238000010200 validation analysis Methods 0.000 description 3
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 2
- 239000004642 Polyimide Substances 0.000 description 2
- 229910000831 Steel Inorganic materials 0.000 description 2
- RTAQQCXQSZGOHL-UHFFFAOYSA-N Titanium Chemical compound [Ti] RTAQQCXQSZGOHL-UHFFFAOYSA-N 0.000 description 2
- 229910052799 carbon Inorganic materials 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000002305 electric material Substances 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- MOYKHGMNXAOIAT-JGWLITMVSA-N isosorbide dinitrate Chemical compound [O-][N+](=O)O[C@H]1CO[C@@H]2[C@H](O[N+](=O)[O-])CO[C@@H]21 MOYKHGMNXAOIAT-JGWLITMVSA-N 0.000 description 2
- HFGPZNIAWCZYJU-UHFFFAOYSA-N lead zirconate titanate Chemical compound [O-2].[O-2].[O-2].[O-2].[O-2].[Ti+4].[Zr+4].[Pb+2] HFGPZNIAWCZYJU-UHFFFAOYSA-N 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 239000012858 resilient material Substances 0.000 description 2
- 239000010959 steel Substances 0.000 description 2
- 239000010936 titanium Substances 0.000 description 2
- 229910052719 titanium Inorganic materials 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- RVWLHPJFOKUPNM-UHFFFAOYSA-N 1,2,4,5-tetrachloro-3-(2,3-dichlorophenyl)benzene Chemical class ClC1=CC=CC(C=2C(=C(Cl)C=C(Cl)C=2Cl)Cl)=C1Cl RVWLHPJFOKUPNM-UHFFFAOYSA-N 0.000 description 1
- VYZAMTAEIAYCRO-UHFFFAOYSA-N Chromium Chemical compound [Cr] VYZAMTAEIAYCRO-UHFFFAOYSA-N 0.000 description 1
- 241000662429 Fenerbahce Species 0.000 description 1
- 229920002430 Fibre-reinforced plastic Polymers 0.000 description 1
- BQCADISMDOOEFD-UHFFFAOYSA-N Silver Chemical compound [Ag] BQCADISMDOOEFD-UHFFFAOYSA-N 0.000 description 1
- ATJFFYVFTNAWJD-UHFFFAOYSA-N Tin Chemical compound [Sn] ATJFFYVFTNAWJD-UHFFFAOYSA-N 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004308 accommodation Effects 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 239000003513 alkali Substances 0.000 description 1
- 229910021417 amorphous silicon Inorganic materials 0.000 description 1
- 230000003321 amplification Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- VKJLWXGJGDEGSO-UHFFFAOYSA-N barium(2+);oxygen(2-);titanium(4+) Chemical compound [O-2].[O-2].[O-2].[Ti+4].[Ba+2] VKJLWXGJGDEGSO-UHFFFAOYSA-N 0.000 description 1
- 239000002585 base Substances 0.000 description 1
- 239000006121 base glass Substances 0.000 description 1
- 239000008280 blood Substances 0.000 description 1
- 210000004369 blood Anatomy 0.000 description 1
- 230000037396 body weight Effects 0.000 description 1
- 210000000988 bone and bone Anatomy 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 239000000919 ceramic Substances 0.000 description 1
- 239000011651 chromium Substances 0.000 description 1
- 229910052804 chromium Inorganic materials 0.000 description 1
- 239000004020 conductor Substances 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000011109 contamination Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 229940079593 drug Drugs 0.000 description 1
- 239000003814 drug Substances 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000005672 electromagnetic field Effects 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 239000011152 fibreglass Substances 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 230000004907 flux Effects 0.000 description 1
- 235000013305 food Nutrition 0.000 description 1
- 239000003365 glass fiber Substances 0.000 description 1
- 230000005764 inhibitory process Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 239000012528 membrane Substances 0.000 description 1
- VQJHOPSWBGJHQS-UHFFFAOYSA-N metoprine, methodichlorophen Chemical compound CC1=NC(N)=NC(N)=C1C1=CC=C(Cl)C(Cl)=C1 VQJHOPSWBGJHQS-UHFFFAOYSA-N 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 239000004033 plastic Substances 0.000 description 1
- 229920003023 plastic Polymers 0.000 description 1
- 238000007747 plating Methods 0.000 description 1
- 229910021420 polycrystalline silicon Inorganic materials 0.000 description 1
- 229920000642 polymer Polymers 0.000 description 1
- 229920005591 polysilicon Polymers 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 239000013074 reference sample Substances 0.000 description 1
- 230000011514 reflex Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 230000008672 reprogramming Effects 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 229910052709 silver Inorganic materials 0.000 description 1
- 239000004332 silver Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 239000010935 stainless steel Substances 0.000 description 1
- 229910001220 stainless steel Inorganic materials 0.000 description 1
- 230000000638 stimulation Effects 0.000 description 1
- 229910052712 strontium Inorganic materials 0.000 description 1
- CIOAGBVUUVVLOB-UHFFFAOYSA-N strontium atom Chemical compound [Sr] CIOAGBVUUVVLOB-UHFFFAOYSA-N 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
- 229910052718 tin Inorganic materials 0.000 description 1
- 239000011135 tin Substances 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 210000003954 umbilical cord Anatomy 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Landscapes
- Collating Specific Patterns (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
- Storage Device Security (AREA)
- Credit Cards Or The Like (AREA)
Abstract
A high security identification card includes an on-board memory for stored biometric data and an on-board sensor for capturing live biometric data. An on-board processor on the card performs a matching operation to verify that the captured biometric data matches the locally stored biometric data. Only if there is a positive match is any data transmitted from the card for additional verification and/or further processing. Preferably, the card is ISO SmartCard compatible. In one embodiment, the ISO SmartCard functions as a firewall for protecting the security processor used for storing and processing the protected biometric data from malicious external attack via the ISO SmartCard interface. In another embodiment, the security processor is inserted between the ISO SmartCard Interface and an unmodified ISO SmartCard processor and blocks any external communications until the user's fingerprint has been matched with a previously registered fingerprint. Real-time feedback is provided while the user is manipulating his finger over the fingerprint sensor, thereby facilitating an optimal placement of the finger over the sensor. The card may be used to enable communication with a transactional network or to obtain physical access into a secure area.
Description
Related application
The present invention is based on following provisional application, the 60/409th of submission on September 10th, 2002, No. 716 (reel number is 7167-102P1), the 60/409th of submission on September 10th, 2002, No. 715 (reel number is 7167-103P), the 60/429th of submission on November 27th, 2002, No. 919 (reel number is 7167-104P), the 60/433rd of submission on Dec 13rd, 2002, No. 254 (reel number is 7167-105P), the 60/484th of submission on July 3rd, 2003, No. 692 (reel number is 7167-106P), and require the right of priority of these applications, the full content of these applications is hereby expressly incorporated by reference.
Technical field
The application relates to and is used for the apparatus and method that protected data and protected data exempt from unauthorized access.
Background technology
Computerize particularly Internet technology provides and has quickened finance and other transaction to comprising the ever-increasing data access of financial data, medical data, personal data, this means, wherein private data is carried out and upgrades or exchange.
Usually keep the confidentiality of these data with password; Yet password often is based on and is easy to guess and not safe date of birth or telephone number.In addition, even the complicated password that generates at random also often can be stolen easily.Based on the data access system of password thereby be subjected to rogue attacks easily, thereby give industry and economic, even bring danger and infringement for people's life.Therefore, the method for a kind of improvement of needs is used for protected data and protected data exempts from unauthorized access.
But biological data can comprise and be difficult to obtain the accurate details of analyzing easily (for example details in fingerprint sequence), but perhaps obtain the global pattern (for example spatial character of adjacent fingerprint screw thread) that is difficult to analyze easily.
Cryptographic algorithm needs only to the effective digital cipher of authorized user.Do not have correct key, have only the time enough of input and handle resource, and nonetheless, have only when some feature of clear data is known (perhaps being predictable at least), enciphered data just can be decrypted into available formats.
60-029868 number (February 15 1985 date of Japanese Laid-Open Patent Application, the application people is Tamio SAITO), propose a kind of personal identification system, it uses a kind of identification card with the integrated memory that is used to write down the ciphered biometrics data that obtains from the holder.Biological data can comprise voiceprint, fingerprint, macroscopic features and/or biological test.In the use, data are read and decipher in the card, are used for comparing with the corresponding data that obtains from the people who shows this card.This system makes the registrant to be determined identification by pin-point accuracy ground.Yet, because biological data obtains by external unit and handles, so be difficult to protect the information that is stored on the card to exempt from contingent change and/or identity theft.
A kind of identification card of improvement has been proposed; it comprises the data-driven processor chip on the card; encrypt and the hardware firewall of the biological data of isolated storage on card to provide simultaneously, thereby provide better protection to prevent without permission and change and store data.Yet actual matcher is to carry out on the outside card reader terminal of the same scene that obtains (live) biological data, thereby still is subjected to the attack of outside swindle operation potentially easily.
Summary of the invention
First embodiment of high security identification card not only comprises card (on-board claims again on the sheet or on the plate) storer that is used to store biological data, and comprises the card upper sensor that is used to catch on-the-spot biological data.Remote authentication system is safeguarded the safety database that comprises biological data.Whether processor is carried out preliminary matching operation on the card on the card, mate with biological data and local biometric storage data that checking is caught.Only when existing correct this locality to mate, the storage data of any data of obtaining or any sensitivity just can send to checking and/or the further processing that remote authentication system is used to add.As the further protection for malicious attack, local storage data preferably are different from the remote storage data, and preferably make local coupling adopt different matching algorithms with long-range coupling.Even thereby card, local storage data and/or with the local terminal sustain damage of card connection, most likely, remote authentication system still can be realized intrusion attempt.
Card upper sensor and card that second embodiment also comprises storer on the card that is used to store biological data, be used to catch on-the-spot biological data are gone up processor; Yet in this embodiment, whole matcher is gone up processor by card and is carried out, and biological original obtain data and be stored in card upward any other " privately owned " information in the storer all be inaccessible for any external program.Alternatively, the successful coupling in response between biological data that newly obtains and the biological data that before obtained only produces an authorization information.Authorization information makes this card function class be similar to according to the mode of login (log on) success/unsuccessful conventional I SO smart card of traditional PIN (PIN), but added security that is provided by more safety verification program is provided for it.In arbitrary embodiment, the biometric storage data preferably are written in the card when authorizing the holder at first with cryptographic algorithm or the encryption key that store any relevant this locality, its mode is the prevention external reference in any future, thereby has further strengthened the integrality of biometric storage data and whole proving program.
In one embodiment, the ISO smart card plays the effect of fire wall, is used to protect the safe processor that is used for storing and handle protected biological data to avoid suffering the malicious external attack of being undertaken by the ISO intelligent card interface.In another embodiment, safe processor inserts in the ISO intelligent card interface and through between the ISO smartcard processor of revising, and stops any PERCOM peripheral communication till user's fingerprint is complementary with the fingerprint of previous registration always.
In the preferred embodiment of the high security identification card of fingerprint matching ability, when the user was put into the fingerprint sensor top with its finger, feedback was provided in real time on having card, placed thereby help finger to carry out the best above sensor.This feedback has not only reduced computational complexity, and provides be used for the addition method distinguished between rawness user and fraudulent user, thereby has further reduced the possibility of false negative and/or false positive.In a further advantageous embodiment, fingerprint sensor is maintained in the carrier that additional stability is provided.
In an example use, with the biological data that gets access to and/or holder's identity sign any to the mandate of private data online access before or before any automated procedures that are used to finish Secure Transaction, encrypt, be input to then in the trade network that comprises financial institution and independent certificate server.In another example use, the output of card is used to obtain to enter the physical channel of safety zone.In arbitrary application, the record with unsuccessful access attempts of success can be stored on the card or on the external security server, perhaps all preserve on both.
Description of drawings
Fig. 1 shows to have card and goes up the embodiment of smart card that biometric authentication is shown card people's identity;
Fig. 2 is used to help the user to realize pointing the process flow diagram of the exemplary sequence of the best placement on fingerprint sensor;
Fig. 3 is the functional-block diagram of biometric authentication system of the people's that shows secure identification card of local and remote checking simultaneously identity;
Fig. 4 has during initially being written into holder's biological data and the functional-block diagram that uses the typical biometric authentication card in different physical datas path during checking holder's remote request identity;
Fig. 5 shows the optional embodiment of the canonical biometric card authentication of Fig. 4, and it plans to adopt the mode of not having the ISO smart card CPU that revises;
Fig. 6 is the process flow diagram of the communication between expression typical case application and the typical card authentication, wherein only carries out the local verification to holder's identity;
Fig. 7 is the process flow diagram that is similar to Fig. 6, but changes the mode of the canonical biometric card authentication that adopts Fig. 5 into;
Fig. 8 shows that have can be wireless or be connected to second embodiment of the smart card of biometric authentication on the card of local terminal by means of electrical connector;
Fig. 9 is the cross-sectional view of the card of Fig. 8;
Figure 10 is the circuit diagram of typical fingerprint sensor; And
Figure 11 shows an embodiment of the carrier module of the sensor that is used for Figure 10.
Embodiment
Smart card
The term of Shi Yonging " smart card (smart card) " or " smart card (intelligentcard) " are meant any physical object in general sense herein, it is small enough to and can be held in the hand, be worn on the neck, perhaps otherwise carry, it comprises microprocessor, can store, handles and transmit to relate to or other is related to card holder individual's digital code information.A well-known example of this smart card is ISO (International StandardsOrganization International Standards Organization) smart card, it has physical size and the profile identical with traditional credit card, but it comprises: flash memory is used to store user's particular data; And microprocessor, can programme with powerful cryptographic algorithm, whether the PIN that indication is received from user terminal (Personal Identification Number PIN) is complementary with the encryption PIN that blocks storage, thereby comparing with only relying on the verification system that signature and/or health appearance are carried out visual comparison, is that real holder has provided higher confidence level to the people who shows card.
Next with reference to Fig. 1, it shows has the embodiment that card is gone up the smart card of biometric authentication.Card 100 is made by plastic material usually, and has the overall appearance of traditional credit card, and its approximate size meets about 53.98 * 85.6mm and the about 0.76mm of thickness or thicker that stipulates among the ISO7816.
Be similar to traditional credit card, card 100 comprises blank upper area 102, and its whole transverse width along card extends, and the magnetic stripe that is used to carry on the back side that is positioned at card (meets ISO7811-2﹠amp; The regulation of 7811-6), can store traditional coded character information on this magnetic stripe, thereby card 100 can be used in traditional magnetic strip reader about holder and any related account.Yet, all be easy to revise because be written into any data in the magnetic stripe, surpass magnetic lineation and give in the application-specific of potential decline of security of system so such magnetic stripe only is only applicable to needs to the back compatible of old-fashioned magnetic strip terminal.
Fig. 1 also schematically shows several additional electronic components, and it cooperates with contact 108 and sensor 110, may compare with other, and more strong functions is provided, particularly better security.
In one embodiment, ISO smart card compatible processor 112 is directly connected to ISO contact 108, to provide and being electrically connected of the compatible card reader (not shown) of exterior I SO, thereby not only go up electron device power supply is provided, and be provided between card and any PERCOM peripheral communication software, fail-safe software, transaction software and/or other application software that operates on the correlation computations equipment that card reader or any and card reader network, transmitting the method for data to card.
Although in described embodiment, data channel between card 100 and outside card reader is to use the form of wired connection of the smart card connectivity scheme of ISO regulation, but be understood that, in other embodiments, other transmission technology also can be used, for example USB or RS 232C or SPI (serial) connect, and can pass through wireless RF (Radio Frequency radio frequency), microwave and/or IR (InfraRed infrared ray) communication link.
Equally, although described embodiment obtains power supply from card reader, other embodiment can have card and go up power supply, for example solar cell or battery.This card is gone up power supply may have advantage, for example, if the mechanical interface between card 100 and particular type card reader is such, so that fingerprint sensor 110 be connected in contact 108 can not be accessed by the user under the situation of corresponding connection in the card reader, thereby must with under the situation of the direct wired connection of card reader not catch the user fingerprints data at card 100.
Safe processor
As shown in the figure; safe processor 114 is connected between ISO processor 112 and the sensor 110; be used to provide safe handling and storage to the data of being caught; and provide " fire wall "; the data and the program that are stored in protection in its private memory exempt from any abnormal access attempt of being undertaken by ISO processor 112, and be as mentioned below.This fire wall can be designed to the only current enciphered data of having used encryption key, this encryption key is based on the network address or other and the unique corresponding thing of this particular card of unique distribution, data of extracting from previously stored fingerprint pattern for example, perhaps the device number of unique distribution is for example CPU number, perhaps fingerprint sensor number.In another embodiment, but the only current data that comprise the unique recognition data that is derived from previous transmission or data of fire wall.In other embodiments, fire wall is preserved different keys to different application, and with these keys data is sent to different separately processors or memory portion.
(not shown) in another embodiment, safe processor 114 is directly connected to ISO contact 108, and serves as the safe gate inhibition between ISO processor 112 and the ISO contact 108.This possibility has following advantage, the added security that is provided by safe processor 114 and sensor 110 is provided, and does not have any any possibility that may be integrated into the security feature in the ISO processor 112 that jeopardizes.
Although these various sensors, contact and other electron component; and the P.e.c. that is used to interconnect or other electric line; all preferably be completely enclosed the card body of card 100; thereby protect their protected from wear and external contamination, but also the optimum position within the zone line 106 between upper area 102 and the lower area 104 protects further them to exempt from from other zone the possible infringement of traditional magnetic stripe reader, marking press and the marking press equipment of mechanical connection being arranged.
The LED feedback
Under Validation Mode:
Blinking red lamp: wait for finger
Stop flicker: finger is placed on the sensor
Blinking red lamp is once: do not match, and can moveable finger
Green light is long to glimmer once: mate, can remove finger
Under the registration mode:
Green light flicker: wait for finger
Stop flicker: finger is placed on the sensor
Blinking red lamp is once: can not register, and can moveable finger
Green light glimmers once: registered, can remove finger
Under the erasing mode:
Green light and blinking red lamp: prepare to wipe
Green light glimmers once: wipe
Preferably, before sending any negative report, the user is given repeatedly chance and goes to place its coupling or the registration of finger to succeed.In one embodiment, have only when removing its finger before the user is receiving green light allowance indication, perhaps when pre-specified time exceeded, negative report just was sent to certificate server.This program not only trains the user to realize that its finger carries out the best and places above sensor, and it has not only reduced computational complexity, and feasiblely can use the bigger threshold value of distinguishing.This visible feedback also provides and be used for the psychology basis distinguished between rawness user (it is usually constantly attempted up to realizing correct placement) and fraudulent user (it does not wish to cause any attention usually, and will be left by before realizing in its malice).Net result is the possibility that has significantly reduced false negative and/or false positive.
Fig. 2 shows and helps the user that its finger is placed into exemplary program on the sensor 110.In square frame 150, RED LED 116b glimmers.In case finger is detected (square frame 152), this LED just stops flicker and carries out the detection (square frame 154) of picture quality (corresponding to the elongated localized area of the protuberance and the recess of finger skin).(NO branch 156) if off quality, the single of RED LED 116b flicker indication user moves it and points different position (square frame 158) so; Otherwise (YES branch 160) carries out second and detects (square frame 162), to determine whether that identical finger is placed on the same position that is used to the registered user, thereby simple relatively matching algorithm just can be verified field data and store meeting of data in predetermined threshold range, thereby the finger identical (YES branch 164) with first registers is pointed at the checking scene, and GREEN LED 116a (square frame 166) the lasting long enough time (square frame 168) that is activated has produced successful coupling with confirmation and the user can remove its finger now.Alternatively, if the coupling threshold does not satisfy (NO branch 170), the single of red LED 116b flicker (square frame 158) indication user moves it and points different positions so, and this program repeats.
The representative network structure
Next with reference to Fig. 3, but it both shows the possible embodiment of biometric authentication system of the people's who can local also remote validation shows secure identification card identity.It comprises three major parts: client terminal 200, application server 202 and certificate server 204.Client terminal 200 comprises following function: the fingerprint of captured at jobsite and local process user, encrypt local deal with data and carry out secure communication with application server and certificate server; this secure communication is preferably undertaken by the internet that uses IP/TCP addressing scheme and host-host protocol, and provides protection to exempt from the malice visit by traditional IP fire wall 206.In other embodiments, fire wall 206 can have filtrator and scrambled device/demoder, be used for after sending data to be verified as authorization data its coding and be used for when determining before whether receive data is authorization data that with its decoding, it for example uses the cryptographic algorithm as DES 128.Use this method, fire wall 206 not only can be according to heading, and can be authorization data or potential malicious data with data qualification according to message content.
More particularly, client terminal 200 also comprises two critical pieces: fixed reader 208 parts, it comprises that (it can be simple USB cable for Internet-browser terminal 210 and card reader interface 108a, terminate on one group of electric contact, be used to form corresponding electrical connection) with ISO smart card contact 108; And portable intelligent clamping part 100 '.In one embodiment, portable component 100 ' can be foregoing smart card 100, comprises fingerprint sensor 110, safe processor 114 and ISO smartcard processor 112.
The location
In certain embodiments, " can also equip integrated HA Global Positioning Satellite (Global Positioning Satellite; " GPS ") receiver 212, it can provide about card reader and be stuck in or the useful information of current location when particular transaction takes place for fixed reader 208 and/or portable card 100.Especially, being used in card reader or card from the position data of gps receiver 212 is moved to and makes card reader and/or card lost efficacy (permanent or interim) under its situation of using the zone that is not authorized.Except by GPS, can also determine the position automatically by additive method, for example adopt PHS (Japanese cellular phone) caller's location technology, perhaps adopt alignment sensor to the localized variation sensitivity in the earth electromagnetic field.In the special example of equipment GPS card, various GPS elements comprise antenna; Numeral amplification, AD converter and sampling and holding circuit; And the digital information processor of calculating location, preferably, these elements all are the parts of monolithic integrated circuit or all are mounted in discrete device on the single circuit board that it is integrated, embeds or is laminated in the card body.
Have card and go up the card structure of the ISO card of coupling
The ISO processor interface
Fig. 4 is the functional-block diagram of the compatible biometric authentication card 100 of typical ISO smart card or 100 ', and it has different physical data paths, be used for initially being written into during holder's biological data and the identity of checking holder to remote application during.
Especially, except previously described ISO processor 112, safe processor 114, fingerprint sensor 110, LED 116a, 116b and optional gps receiver 212, wherein have only ISO processor 112 to be directly connected to outside the mode of card reader 208 by ISO smart card contact 108, also show load-on module 300 independently and be connected 302 with relevant temporarily, it provides direct communication with safe processor 114 at initial user's period of registration.Can notice that when interim loading connection 302 was connected to specific I/O port 308, ISO processor 112 communicated by I/O port 304,306 and safe processor 114.Preferably, safe processor is programmed for, and makes any responsive security-relevant data or software only can obtain and can not obtain from port 304 and 306 from port 308, thereby has avoided visiting the possibility of these sensitive datas connecting the 302 any malice in back that are under an embargo.
Obtainable ISO processor has at least two I/O ports and some has at least three on most of markets.One (I/O 1) designated traditional ISO smart card serial data connection 108 that is used to be connected to the compatible card reader 208 of exterior I SO is only arranged in these ports.Preferably, one or two I/O ports in addition provide the special-purpose hard wire communication between ISO processor 112 and safe processor 114, it is as hardware firewall, to stop safe processor 114 reprogrammings or acquisition are attempted to any malice of the visit of any sensitive information, this information may be before to be obtained by sensor 110 or may be to be stored in the processor 114.In the particular case that has more than the ISO processor of two I/O circuits, even when safe processor cuts off the power supply fully, may be at the state of the appearance of the static information on the dedicated communication path between ISO processor and the safe processor more than two, for example 1) Ready (ready), 2) Busy (hurrying), 3) Fail (failure) and 4) Pass (by).Certainly, even have only an I/O port effective, these four kinds of states also can dynamically be sent as serial data.
Can be as follows by possible order and the data that ISO interface I/O 2 and I/O 3 transmit between ISO CPU and safe CPU:
Registration or checking user command, safe CPU will send registering result or checking result to it, be used for local storage and/or be sent to remote application.
Finger print information can send to ISO CPU from safety CPU as template (reference), is used for storing into the ISO smart card memory to be sent to remote application.In order to strengthen the security of responsive personal information, reference data can be encrypted by safety CPU before it sends to ISOCPU.
Fig. 5 shows the optional embodiment of canonical biometric card authentication shown in Figure 4, and it plans to use unmodified ISO smart card CPU (unmodified ISO SmartCard CPU).Especially, ISO CPU 112 ' needn't carry out any gateway function again between card reader 208 and safe CPU 114 ' between the normal operating period or at loading days, thereby it can be any ISO permission chip, it changes never in any form, and uses with reading card device 208 with to all absolute transparent way of any applications.In this optional embodiment, if the fingerprint of fingerprint that obtains and storage is complementary, so safe CPU 114 ' is just as the transparent fire wall between ISO CPU 112 ' and any applications, if and the fingerprint of fingerprint that gets access to and storage do not match, it will stop all these communications so.
Card initialization and storage Data Protection
Cut off
In one embodiment, the initial jig of making has outstanding P.e.c. extension, and it provides and safe CPU, and is connected with the direct of storer on the part of ISO interface at least and/or any discrete card.Directly connecting interface only is used for test card and fingerprint register data, and comprises the signal that accreditation process is come into force.After registration is finished, the circuit extension is mechanically disconnected, thereby no longer may register, and safe CPU storer has only by the fire wall between ISO CPU and previously described ISO CPU and the safe CPU and just can conduct interviews.
Fuse
In another embodiment, safe CPU has a kind of storer, in case the registered fingerprint pattern is write, it is just with inaccessible.An example of this storer is disposable PROM (" OTP "), and it is structurally similar with EEPROM, but opaque to UV, thereby can not wipe.Another example is Flash ROM, and it becomes read-only after registration is finished, for example to Enable or Address or Data signal path by applying enough electric currents, in this signalling channel, to form physics open circuit (" fuse ").
Typical case's authentication procedure
In one embodiment, typical case's authentication procedure comprises obtains the physics finger print data, for example, on the client terminal that is connected to application server that uses by the visit people, use optics or pressure or conduction or electric capacity or acoustics or elasticity or camera work, then these data are sent (preferably, with encryption format) and arrive independently finger print identifying server.The finger print identifying server uses authentication software that finger print data and the file fingerprint that obtains compared, and this document comprises user's fingerprint register data, and if data mate, certificate server transmission validation instructions arrives application server so.
In another embodiment, the secure web browser of user capture finger print identifying server, it comprises file fingerprint, wherein all fingerprints are pre-registrations together with personal data, for example name, address and date of birth.Then the user by security protocol for example the safe finger print identifying server of HTTPS form visit send instruction to obtain user's fingerprint at the client terminal place to client terminal.In response to the shown instruction of client terminal browser, user's finger that it is selected is put on the fingerprint sensor, be installed in fingerprint in the client terminal then and obtain software and obtain digital finger-print, for example have 25 microns (micron) to 70 micron pitch resolution and 12.5 square millimeters of (mm
2) to 25 square millimeters areas, and the pixel image with 8 gray levels.
Safe finger print identifying server receives finger print data, and encode separately together with receiving User ID and internet-ip address and/or fingerprint sensor that (cookie is that the webserver is stored in the data in the client terminal for (MAC Address) and/or cookie, be used for the webserver and discern this client terminal) and/or the specific individuality of any unique code or other identification or terminal information are (for example, details from session previous between client terminal and the safe finger print identifying server), by receiving above information, it uses authentication software that finger print data and the file fingerprint that receives compared, this document is the finger print data and the user ID of pre-registration, personal information, name for example, the address, date of birth, illegal record, driving license, SSN (social security number), or the like, it can be details comparison and or Fast Fourier Transform (FFT) comparison.
In the beginning of authentication procedure, thereby the webserver 214 that is used for related application obtains on the sensor 110 and knocks its mouse button or keyboard key obtains software with the fingerprint that starts safe processor 114 from visually or acoustically indicating the user that its finger is put into fingerprint.Then the user fingerprints data of obtaining are sent to the webserver 220 of finger print identifying server 204 with encryption format (for example, rsa encryption host-host protocol HTTPS safe in utilization) by the web browser 210 of ISO processor 112 and client terminal 200.If the data of obtaining are successfully mated corresponding data in its database 226, finger print identifying server 204 then will be to client terminal 200 and application server 202 affirmation users' identity so.
Hereinafter with reference to Fig. 3, a typical preferred embodiment that has adopted three road authentication protocols and one-time password as Hash (Hash) character code sequence is described:
The web browser 210 of client terminal 200 is by the network interface 214 of request access application 216 visit application corresponding servers 202.
The network interface 214 of application server 202 with the dependent instruction of logining (LOG-IN) screen message and access application 216 in response.
The network interface 220 of certificate server 204 receives the fingerprint extraction pattern together with the out of Memory from client terminal 200 by above step, and these information are sent to fingerprint matching processor 222.
Under the control of adapting software 224, the user ID that 222 uses of fingerprint matching processor are received or other user's certain relevant information are obtained pattern from the database 226 corresponding fingerprint reference patterns of retrieval and with fingerprint and the fingerprint reference pattern compares.
Result's (mate or do not match) is stored in the access history daily record together with the relevant information that terminal 200, user ID card 100 ' and application request 216 are verified, and control is returned to certificate server network interface 220.
If the result is coupling, certificate server network interface 220 produces the disposal password of a form for inquiry (challenge) character string so, it is transferred to client terminal 200, and use the enquiry character sequence as Hash codes, so that relevant information is encrypted, it is saved and is corresponding query-response, is used for the reference in possible future.
The network interface 214 of application server 202 is received the relevant information of process Hash translation by above step, send it to application service 216, this service with its with attempt to combine from the login (LOG-ON) of client terminal, and, in order to confirm matching result, the relevant information received is sent, and this information is used the inquiry sequence that is provided by certificate server to carry out Hash translation with as query-response by client terminal.
The network interface 220 of certificate server 204, by the query-response of above step reception from application server, this response is sent to certified processor 222, whether this processor compares its reference copies with the previous expection query-response of preserving, in fact be authorized to the decision user identity.
Then turn back to application program 216 by this any authorized user identities information that relatively produces by the affirmation interface 218 of certificate server network interface 220 and application server 202.
Confirm that interface 218 enters into force to confirm the user identity of setting up when initial log is attempted by authentication.
In case user identity is identified, 216 network interfaces 214 by application server 202 of authentication (application) program carry out web browser 210 direct communications with client terminal 200.
Fig. 6 shows the optional authentication program, and wherein all couplings are carried out on the ISO of Fig. 4 compatible cards by safe CPU 114, and does not adopt external authentication server 204.The left side of Fig. 6 shows the function of being carried out by application server 202, and the right shows the function of being carried out by ISO smart card 100.
When smart card 100 was inserted card reader 208, reset signal RST sent to ISO CPU (START square frame 502) and fingerprint CPU 114 (fingerprint authentication square frame 504) from card reader, and these two parts receive power supply VCC from card reader 208.ISO CPU response is also then sent PPS (Protocol and parameters Selection agreement and parameter are selected) (square frame 506) if necessary with ATR (Answer-to-Reset reset answer) message then.Simultaneously, fingerprint CPU enters waiting status receiving finger print data, and when when sensor 110 is received data, just carries out authentication procedure (square frame 504).
When initial request command is employed 216 when sending to ISO CPU 112 (square frame 508), ISO CPU is to safety CPU inquiry (square frame 510) authentication state.If response is for affirming, ISO CPU is by moving request command with response application (square frame 512) so.Otherwise (from safety CPU's 114 no matter be error message or not response) it is not done any response to request command, but waits for the first new request (square frame 508b).
Suppose that fingerprint is verified and first response is in time received and it is employed 216 and determines it is response signal (square frame 514), the request program continues (square frame 516,518,520) to exceeding the predetermined authentication time limit just always so, do not use the request of receiving (square frame 522) from this during this period, perhaps this application can not receive intended response (square frame 524).
Fig. 7 is similar to the process flow diagram of Fig. 6, but is revised as the canonical biometric card authentication that has adopted Fig. 5.The Far Left of Fig. 7 shows the function of being carried out by application server 202, next column is corresponding to card reader 208, next column has been described ISO contact 108 again, and next column shows the function of being carried out by safety CPU 114 again, and rightmost then shows by there not being the function that change ISO smart card 112 is carried out.
When smart card is inserted card reader or application software when bringing into operation reader device, reset signal 550 is sent to safe CPU 114 from card reader 208.
Safe CPU receives reset signal 550 soon afterwards, and it sends corresponding reset signal 552 to ISO CPU 112.Simultaneously safe CPU waits for the finger print data from fingerprint sensor.
Receive reset signal 552 by above step, ISO CPU produces ATR (Answer-to-Reset) response 554 and after this then sends PPS (Protocol and parameters Selection) if necessary.
In a single day safe CPU 114 receives ATR (Answer-to-Reset) from ISO CPU, just immediately with it, comprise any relevant PPS order, is transferred to card reader (square frame 556).
Simultaneously, if safe CPU receives finger print data, it will carry out previously described authentication procedure so.In the authentication checks result is under the situation of PASS, should will keep cycle regular hour by state.If the result is FAIL, so safe CPU 114 just waits new finger print data.
Move this application by above step, command request 558 is sent to safe CPU, only when safety CPU still is in previously described PASS state or last correct response when having the multidata hyte, this safe CPU just sends to command request 560 ISO CPU and also its correct response 562 is sent to card reader (detecting square frame 564).
Otherwise (No branch 566) fingerprint CPU produces pseudo-request (dummy request, virtual request) 568 and send it to ISO CPU and also this ERR response as a result 570 is sent to card reader 216, thus the sequence number in request with respond in sequence number between keep accurate synchronization.
Encryption and secret
Before transmitting by any external network, preferably, any sensitive data and/or authentication result are all encrypted, can adopt DES or Two Fish to encrypt.Encryption key can obtain or store the password of data relevant on data contiguous in the unique allocated code, storage address, storer of data, user ID coding, sensor, other function, previous session (issued transaction), IP address, terminal coding or appointment based on fingerprint.Alternatively, sensitive data can HTTPS agreement safe in utilization to send by the internet.
For stronger security is provided, can be with virtual individual gateway, for example hardware des encryption and deciphering, between inserting safe finger print identifying server and network being connected, and the application corresponding server is with between network is connected.By using these virtual gateways or VPN (virtual private network) (" VPN ") like this, sensitive data is carried out supplementary protection by additional encryption layer, for example DES 128 (being generally used for VPN) and RSA (being adopted) by HTTPS.
For ultra-safe application, all communication can be surrounded with additional security layers.Especially, the heading in the lower level can be encrypted in higher level.
Radio communication
Other embodiment can comprise the dual interface that is used for not only contacting (ISO 7816) operation but also wireless (ISO1443 A or B) operation, and preferably, many interfaces power supply unit is installed, and it allows all using mutually between 7816 contacts of the ISO on the card, ISO 1443 A, ISO1443 B, ISO 15693 and HID conventional wireless system (between other).Alternatively, card can comprise the acknowledgment copy that is used for other wireless communication technology, for example bluetooth (short distance) or honeycomb (middle distance) or microwave (long distance).
Next with reference to Fig. 8, it shows, and have can be wireless or be connected to the smart card of biometric authentication on the card of local terminal by means of electrical connector.Its most of structure and structure are similar in appearance to the embodiment of previously described Fig. 1, and same label (may be distinguished with single quotation marks) indicates similar element.Especially, though ISO CPU 112 is presented at different position (below contact 108, rather than a side), just like preceding described identity function.
Fig. 9 is the sectional view of card shown in Figure 8.Notice that most of described elements are included in the core district 126, have only contact 108 extensions to pass protective seam 122.The operating surface of sensor 110 by the last window in the upper strata 122 and the following window among the PCB (printed circuit board (PCB)) 134 with addressable, this PCB 134 is disposed between upper strata 122 and the central core 126, it provides electrical connection essential between the various electronic components, and around sensor 110 effective coverages around static discharge ground connection connect.
Fingerprint sensor
Figure 10 is the typical schematic circuit diagram of sensor 110, and wherein sensor unit 402 arrays 400 are arranged as row 404 and row 406.As mentioned above, each unit 402 comprises activation door 410 and transducer 412.Protuberance and recess that fingerprint is gone up skin by finger form.When touching near unit 402 in the array 400 for one among these protuberances, transducer 412 an experience variation machinery and/or electricity of each sensor unit, in fact it produced the fingerprint digital picture that changes based on the minute-pressure that is caused by finger tip upper convex portion and recess on the sensor surface.Be described to single variable condenser although notice each transducer 412, have various types of transducers can respond one appearance among these protuberances of human skin.In the special example of pressure transducer piezoelectric membrane transducer, this film distortion and generation near the unit are stored in the electric charge in the capacitor that is connected to this unit.Voltage on the capacitor is the function of the mechanical stress that forms of the distortion by piezoelectric, itself so that be to be the protuberance or the function of recess on the unit.When driving 414 signal door 410 from related column and reach ON and when associated row, drive 416 when being grounded, on the outlet line 418 that being expert at appears in voltage, and in output driving 420, convert 8 position digital signals to this unit.In order to survey the distortion of piezoelectric substantially, the piezoelectricity electric material can form on resilient material, and for example polyimide or polyimide piezoelectricity electric material get final product.Other typically can comprise variable resistor and variable condenser with the analog converter technology that similar array organization realizes.Alternatively, each unit can comprise the simple numerical switch, and it only provides single bit of information; In the case, the additional position of information can be by providing a plurality of unit or by producing with each unit of higher frequency sampling in same district.This optional embodiment has avoided the needs to A/D converter.
In exemplary embodiments, sensor has only 0.33 millimeters thick and enough firm in to be embedded in the smart card and not to be subjected to the influence of static, element or user's skin condition (wet, do, heat, cold).Sensor 110 common device unit sizes are that 25 microns to 70 microns and common spacing are 25 microns to 70 microns.Typical sensors has area and 8 multistage sensitivity of 12.5 square millimeters to 25 square millimeters.This sensor can be made by TFT (thin film transistor (TFT)) and pressure-induced capacitance device array, is for example formed for example barium titanium oxide or strontium ba oxide, and comprise top electrode, its covering and protect whole sensitive zones by thin films of piezoelectric material.If the employing mechanical stress will produce corresponding charge so and will be stored in the film piezo-electric capacitor.Alternatively, sensor based on pressure can be made into TFT (thin film transistor (TFT)) together with thin film capacitor, and the array of pressure-induced capacitance device, for example form by the pressure conductive material sheet, carbon fibre dispersion rubber sheet for example, metal (for example copper or tin or silver), the carbon fibre of plating or paper base glass fibre or metal, the pole piece that powers on that disperses resilient material (for example silicones) and cover whole sensing unit.
The row and column of fingerprint sensor element 402 special provisions drives the electric data of 416,414 outputs to output circuit 420, thereby the physics input that will represent user fingerprints is converted to the analog electrical data.A/D converter in the output circuit 420 is converted to digital electric signal with this analog electrical signal then.The interconnection in the ranks that each thin film transistor (TFT) optionally will be shared is converted to the voltage on its relevant capacitor, and the voltage on each capacitor can be read and therefore the distortion of each unit can be measured like this.Preferably, the whole row of thin film transistor (TFT) are changed simultaneously, thereby a plurality of unit in a select column (for example 8) can be read by parallel in different interconnection in the ranks.A plurality of door as the interconnection between row and column have reduced the quantity of interconnection, walk abreast when reading a plurality of unit and then having reduced the time for reading of whole array from the different rows of same column.Output voltage from sensor can be amplified by differential amplifier.Can and be kept for A/D converter with the output of this amplifier sampling.
Substrate can be glass (for example non-alkali glass), stainless steel, aluminium, pottery (for example aluminium oxide), paper, fiberglass, but crystalline silicon thin plate preferably.Thin film semiconductor material can be amorphous silicon, polysilicon, adamas or any other semiconductive thin film.Piezoelectric can be a piezoelectric ceramics, and for example (preferably, thickness range is 0.1 to 50.0 micron to lead-zirconate-titanate, or the polymer piezo polyimide film material for lead-zirconate-titanate, PZT) film.Interconnection material can be: titanium/nickel/copper, aluminium, chromium/nickel/gold, titanium/nickel/gold, aluminium/gold, tungsten/copper, tungsten/gold, tungsten/gold.
Figure 11 shows the carrier combinations of the sensor on the thin base card that is formed on crystalline silicon.Crystalline silicon have fabulous electrical properties and help sensor array and required driving and output circuit integrated, yet will crooked and fracture when big and thin relatively silicon thin plate is subjected to local surface pressure.Illustrated carrier provides the structure more solid than the silicon chip of same integral thickness.
As shown in the figure, single piece of silicon 430 about 0.1 millimeters thick, and center on by the glass steel framework 432 of same thickness, it is installed in also is on the backing plate 434 of glass fibre reinforced plastic structure and about 0.05 millimeters thick.Frame 432 and backing plate 434 can use traditional printed circuit board (PCB) (PCB) technology to construct at an easy rate.Especially, the upper and lower surface of backing plate 434 is covered by the thin copper layer of being separated by the glass steel core 436.Frame 432 comprises a plurality of pads 440 at its external margin, is used to be connected to safe processor 114.Thin silicon sheet 430 usefulness epoxy resin bondings are to frame 432 and plate 434, and active zone is electrically connected to circuit separately in the frame 430 by connecting 442 in the traditional wiring on the peripheral portion 444 of the exposure of the silicon 430 of shielded top electrode 446.
Matching algorithm
Limited and only attempt to do on this locality card of simple 1: 1 coupling with single reference sample and handle for processing power, fingerprint matching software can be based on relatively simply the comparing of details of two patterns.For example, the gray level image of fingerprint can be reduced to two values, and is white and black, and three-dimensional protuberance is converted into two-dimentional fine rule (vector).Thereby the accuracy of this method also is subjected to following problem: fuzzy, adhesion, distortion, line segment excalation and other influence.Although accuracy is lower on the details theoretical method, it needs less computational resource and possibility with many existing database compatibilities is provided.
For on remote authentication server, handling, can require higher accurate resolution, for example " POC " (Phase Only Correlation is phase correlation only) matching algorithm with the reason ability of strength more.POC is based on the verification algorithm of the grand coupling of entire image.On the contrary, POC mates large-scale structural information-from details to total image.Therefore, POC can provide the accuracy of reinforcement to avoid noise, for example adhesion and excalation.In theory, the POC method is not subjected to move adverse effect with luminance difference from the position, and (is about 0.1 second for the off line coupling) fast and pin-point accuracy.For example, POC software can utilize fast two-dimensional fourier transformation (" 2DFFT ") to carry out the spatial frequency comparison of two fingerprint patterns.2DFFT will represent that the digitalized data array of the physics Two dimensional Distribution of fingerprint is converted to the frequency space, and in other words, with the space distribution inverse transform, the high more density pattern in this place has high more spatial frequency.Rotational transform can be used for the frequency space pattern match is mated.Because do not misled by the common defective in the fingerprint recording pattern, POC will think that these defectives are noise and detail analysis makes an explanation these defectives as significant data, so POC pattern match and details have been compared more advantage to flux matched.
For harsh especially application, mixed method provides higher accuracy and security with comparable other any independent method.For example, the details method can be used on the acquisition point, and the POC method can be used on the remote server.As another example, matcher can be analyzed details and spatial relationship have been considered two kinds of results' combination with generation mark.
Use
Previously described technology provides and has been used for various application, commercial and government, high-caliber security.According to the requirement of various application, multiple Secure Application can coexist and operate on the identical card and/or on the identical certificate server.In one embodiment, single card can comprise that 24 of as many as independently and the application of safety.For example, this technology will permit/denied access (physics and/or logic), the list that identification personnel's exact position and/or motion and/or supervision are listed, and also move other Secure Application simultaneously, each is used each other and fully and safely isolates.
The current application that can expect is as follows:
Airport ID/ is current
The mansion security personnel
Current and the record keeping of accommodation
Hospital
Game on line
Download entertainment
Birth certificate
Computer access
Driving license-TWIC
Stored value card
Emergency medical information
The explosive license
Government and military applications are current
HAZMAT (danger) licence
Medical insurance and welfare card
Entrance
Passport
The aviation license
Harbour ID/ is current
Covering note
Social insurance card
Traveller's credit
Visa or advance/go out the pass
The vote registration card
Welfare and food coupon stamp card
For these many application, preferably, storer also provides the safe storage of various personal informations on the card of card, and it has only when the holder of registration has proved its identity and authorized this visit and just can conduct interviews.The example of these personal informations has:
Management information, for example for example visa type, visa time limit, nationality etc. of name, address, date of birth, place of birth, nationality, religion, membership credentials, social insurance number, driving license number, passport number and immigrant's information.
Financial information, for example stored value card, VISA (VISA credit card), MasterCard (Master Card), American Express credit card informations such as (American Expresses), bank information, for example Bank Name, bank account balance, account transfer information, IRS (IRS) number, bankruptcy record, account transfer information etc.
Sign and health and fitness information, for example: identification individual's biological information, for example height, body weight, fingerprint, iris, retina, hand size, bone structure, sound, DNA; Blood group; The medical diagnosis testing result; Medical history; Medicine; Insurance information; To the psychology of certain stimulation and physiological reaction etc.
Event information, for example previous conviction, capital felony, misdemeanor, illegal.
Emergency information, for example graveyard, relatives and other contact details, lawyer's information, religion information.
Education, work are historical, comprise school, degree, the company relevant with FDD of taking office.
Data access history (having stored the access history data of advancing card and card release).
ID relevant information, for example result of fingerprint pattern, fingerprint pattern Processing, fingerprint pattern.
Password, for example permanent password, temporary transient password and/or one-time password.
Encryption key, for example public-key cryptography, personal key and/or one time key.
Next typical card Accreditation System is described.
Applicant: fill in application form and, preferably, comprise photo and fingerprint with its submission.For most of applicant, check that its file attachment and the information of checking submission simply in one or more governments and business database just are enough to set up individual's true identity.
After its identity was identified, the applicant entered and signs and issues the station, will think that by ard issuers necessary any information is written in the card herein.The applicant is placed on its finger on the sensor on the card.In case fingerprint matching places on the sensor with requiring and is written into card, just will make outstanding on the card be subjected to surge, it blows some fuse, should be necessarily regional with what stop that anyone writes card once more.Then, will this little outstanding cut-out/cut off by (just as the card that has umbilical cord).At this some place, card can only contact card reader or ISO wireless system by ISO and read or write.
In the situation of network authentication server, on the card contained same data some or all also be to be transferred to remote server with encrypted form, can replenish the additional data that card is gone up still may need to be used for high-security applications that are not stored in usually.
Claims (50)
1. smart identity identification card comprises:
Storer on the card is used to store reference data;
The card upper sensor is used to catch on-the-spot biological data;
Microprocessor on the card is used in predetermined threshold the biological data and the corresponding reference data of storing of being caught being compared, and just produces checking message when mating and if only if exist in predetermined threshold; And
Interface is used for described checking message is sent to external network, and wherein, described checking message comprises the extracts from the biological data of being caught at least.
2. identification card according to claim 1, wherein, described checking message comprises the extracts from the reference data of being stored at least.
3. identification card according to claim 2, wherein, described checking message is transferred to the checking that remote authentication system is used to add.
4. identification card according to claim 3, wherein, described remote authentication system comprises the reference data of the remote storage different with the reference data of described storage.
5. identification card according to claim 3, wherein, microprocessor uses the matching algorithm different with described remote authentication system on the described card.
6. identification card according to claim 2, wherein, being stored on the described card the original biological data of catching in the storer and any other " privately owned " information all is disabled for any external program.
7. identification card according to claim 2, wherein, described card is the ISO compatible smartcard.
8. identification card according to claim 7 also comprises the ISO smartcard processor.
9. identification card according to claim 8 wherein, is used to store and handle on the described card of described biological data of catching microprocessor and is isolated with described ISO smartcard processor on function by fire wall.
10. identification card according to claim 8, wherein, all external datas that pass in and out microprocessor on the described card are all by described ISO smartcard processor.
11. identification card according to claim 8, wherein, all external datas that pass in and out described ISO smartcard processor are all by microprocessor on the described card.
12. identification card according to claim 8, wherein, microprocessor has on the described card: first connects, and is used for being written into during loader data; And second connect, and is connected to external network.
13. identification card according to claim 12, wherein, make described first be connected described loader finish after permanent forbidding.
14. identification card according to claim 8 wherein, is used to store and handle on the described card of described biological data of catching microprocessor and is isolated with described ISO smartcard processor on function by fire wall.
15. identification card according to claim 8, wherein:
Described card comprises magnetic stripe zone and hyporelief zone;
Described card upper sensor is the fingerprint sensor; And
Microprocessor, described ISO smartcard processor and described fingerprint sensor all are located at the described zone line of going up between magnetic stripe zone and the described hyporelief zone on the described card.
16. identification card according to claim 2, wherein, described biological data comprises that finger print data and described sensor are the fingerprint sensors that is used for obtaining from the finger that is placed on the user on the described sensor data.
17. identification card according to claim 16 wherein, when described user is put into described fingerprint sensor top with its finger, provides real-time feedback, places thereby help described finger to carry out the best above described sensor.
18. identification card according to claim 16, wherein, microprocessor is suitable for adopting the mixing matching algorithm on the described card, the details in the biological data that described mixing matching algorithm has been considered to be caught and whole spatial relationships.
19. identification card according to claim 16, wherein, described fingerprint sensor comprises the crystal silicon chip by the backing plate supporting.
20. identification card according to claim 19, wherein, described backing plate comprises and is clipped in two glass epoxy resin layers between the metal level.
21. identification card according to claim 19, wherein, described backing plate is reinforced by the carrier frame around described silicon chip.
22. identification card according to claim 1, wherein, described card also comprises the device that is used for the use of described card is defined in the precalculated position.
23. identification card according to claim 1, wherein, described interface is a double nip, comprising:
Electrically contact interface; And
Wireless communication interface.
24. a smart identity identification card comprises:
The card upper sensor is used to catch on-the-spot biological data;
First card is gone up processor, be connected with described card upper sensor, described first card is gone up processor and is comprised the storer that is used for reference data stored, described first card is gone up processor and in predetermined threshold the biological data of being caught and the reference data of corresponding storage is compared, and and if only if in predetermined threshold, just produce checking message during coupling;
Second card is gone up processor, goes up processor with described first card and is connected, and is used to carry out intelligent card function; And
Interface is connected to any one in last processor of described first card and the last processor of described second card, is suitable for and external network communication, and described checking message is sent to described external network via described interface.
25. identification card according to claim 24, wherein, it is the ISO smartcard processor that described second card is gone up processor.
26. identification card according to claim 25, wherein, described first card is gone up processor and is separated on function by fire wall and described ISO smartcard processor.
27. identification card according to claim 25 wherein, is gone up processor and is gone up all external datas of processor all by described ISO smartcard processor from described first card to described first card.
28. identification card according to claim 25 wherein, all blocks upward processor by described first to described ISO smartcard processor with from all external datas of described ISO smartcard processor.
29. identification card according to claim 28, wherein, described first card is gone up processor and had: first connects, and is used for being written into during loader data; And second connect, and is connected to external network.
30. identification card according to claim 24 further comprises:
Position detector on the card is used for determining the current location of described identification card; And
Be used for limiting the device of the use of described card based on described current location.
31. identification card according to claim 30, wherein, position detector comprises on the described card:
The global positioning satellite signal receiver.
32. smart identity identification card according to claim 24 further comprises:
Indicator is used for providing real-time feedback when the user operates his or her finger on described card upper sensor, thereby is convenient to point the suitable placement on described sensor.
33. identification card according to claim 24, wherein, described interface is a double nip, comprising:
Electrically contact interface; And
Wireless communication interface.
34. identification card according to claim 33, wherein, described wireless communication interface comprises:
Antenna is connected to described second card and goes up processor.
35. identification card according to claim 34 further comprises:
Power supply antenna is connected to described first card and goes up processor.
36. a method that is used for the user of identification intelligent identification card, described smart identity identification card comprise that storer is gone up biology sensor with card on the card that is used for reference data stored, described method comprises:
Use described card upper sensor to catch on-the-spot biological data;
In predetermined threshold with the biological data of being caught be stored in that the corresponding reference data in the storer compares on the described card;
Only when coupling in described predetermined threshold, produce checking message; And
Described checking message is sent to external network,
Wherein, described checking message comprises the extracts from the reference data of being stored at least, and
Wherein, described checking message comprises the extracts from the biological data of being caught at least.
37. method according to claim 36 further comprises:
The checking that described checking transmission of messages is used to add to remote authentication system.
38., further comprise according to the described method of claim 37:
Storage and the local different reference data of described reference data that is stored in the described identification card in described remote authentication system.
39. according to the described method of claim 37, wherein, the matching algorithm that uses in described identification card is different from the matching algorithm that uses at described remote authentication system place.
40. method according to claim 36 further comprises:
At least some and described reference data in the biological data of being caught are transferred to certificate server, are used for before any mandate online access is used to handle the application server of the secure financial transactions that relates to this user, user identity being carried out safety verification.
41. method according to claim 36 further comprises:
Reception relates to the matching request of the particular login attempt on specific application servers; And
If on certificate server, produce positive match in response to described matching request, then carry out safety three road authentication protocols, described authentication protocol comprises:
The enquiry character sequence is sent to described identification card from described certificate server;
Based on described enquiry character sequence and described matching request, produce query-response at described identification card;
Described query-response is transmitted to described application server;
Described query-response is transmitted to described certificate server from described application server; And
Confirm at described certificate server whether described query-response is effective.
42. a method that is used for the user of identification intelligent identification card, described smart identity identification card comprise on the card that is used for reference data stored biology sensor, safe processor and ISO Card processor on storer, the card, described method comprises:
Use described card upper sensor to catch on-the-spot biological data;
Use described safe processor in predetermined threshold with the biological data of being caught be stored in that the corresponding reference data in the storer compares on the described card;
Only when in described predetermined threshold, mating, use described safe processor to produce checking message;
Via interface described checking message is sent to external network; And
If confirmed described user's identity, then allow described ISO Card processor operation.
43., further comprise according to the described method of claim 42:
Via first connection data are being loaded on the described safe processor during the loader; And
Make described first be connected described loader finish after permanent forbidding.
44., wherein, all be connected with all external datas by second of described safe processor from described ISO Card processor to described ISO Card processor according to the described method of claim 42.
45. according to the described method of claim 42, wherein, to described safe processor and from all external datas of described safe processor all by described ISO Card processor.
46. according to the described method of claim 42, wherein, described biological data comprises finger print data, and described sensor is the fingerprint sensor that is used for catching from the finger that is placed on the user on the described sensor data.
47., further comprise according to the described method of claim 46:
The real-time feedback of finger placement is provided when described user operates his or her finger on described fingerprint sensor, thereby is convenient to point the suitable placement on described sensor.
48. according to the described method of claim 42, wherein, described comparison and the described safe processor of described use comprise that employing mixes matching algorithm, the details in the biological data that described mixing matching algorithm has been considered to be caught and whole spatial relationships.
49. a device that is used for the user of identification intelligent identification card, described smart identity identification card comprise that storer is gone up biology sensor with card on the card that is used for reference data stored, described device comprises:
Acquisition equipment is used to use described card upper sensor to catch on-the-spot biological data;
Comparison means is used in predetermined threshold the biological data of will be caught and is stored in that the corresponding reference data of storer compares on the described card;
Generation device is used for only just producing checking message when coupling in predetermined threshold; And
Dispensing device is used for described checking message is sent to external network,
Wherein, described checking message comprises the extracts from the biological data of being caught at least.
50. a device that is used for the user of identification intelligent identification card, described smart identity identification card comprise on the card that is used for reference data stored biology sensor, safe processor and ISO Card processor on storer, the card, described device comprises:
Acquisition equipment is used to use described card upper sensor to catch on-the-spot biological data;
Comparison means, be used for using described safe processor in predetermined threshold with the biological data of being caught be stored in that the corresponding reference data of storer compares on the described card;
Generation device is used for only just using described safe processor to produce checking message when coupling in predetermined threshold;
Dispensing device is used for via interface described checking message being sent to external network; And
Allow device,, then allow described ISO Card processor operation if be used for confirming described user's identity.
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US40971602P | 2002-09-10 | 2002-09-10 | |
US60/409,715 | 2002-09-10 | ||
US60/409,716 | 2002-09-10 | ||
US60/429,919 | 2002-11-27 | ||
US60/433,254 | 2002-12-13 | ||
US60/484,692 | 2003-07-03 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1695163A CN1695163A (en) | 2005-11-09 |
CN100437635C true CN100437635C (en) | 2008-11-26 |
Family
ID=35353502
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB038250098A Expired - Fee Related CN100437635C (en) | 2002-09-10 | 2003-09-10 | Secure biometric verification of identity |
Country Status (10)
Country | Link |
---|---|
CN (1) | CN100437635C (en) |
AR (1) | AR041226A1 (en) |
LT (1) | LT5344B (en) |
MY (1) | MY161401A (en) |
PA (1) | PA8581901A1 (en) |
PE (1) | PE20040351A1 (en) |
TN (1) | TNSN05068A1 (en) |
TW (1) | TWI366795B (en) |
UY (1) | UY27970A1 (en) |
ZA (1) | ZA200502663B (en) |
Families Citing this family (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CZ2005209A3 (en) * | 2002-09-10 | 2005-12-14 | Ivi Smart Technologies, Inc. | Safe biometric verification of identity |
KR101615461B1 (en) * | 2007-09-24 | 2016-04-25 | 애플 인크. | Embedded authentication systems in an electronic device |
US8600120B2 (en) | 2008-01-03 | 2013-12-03 | Apple Inc. | Personal computing device control using face detection and recognition |
CN101626296B (en) * | 2009-05-27 | 2012-04-18 | 飞天诚信科技股份有限公司 | Method for improving input information security and biological information acquisition equipment |
CN101616416B (en) * | 2009-07-24 | 2012-08-29 | 中兴通讯股份有限公司 | Method and equipment for authenticating smart card of communication terminal |
CN102831335B (en) * | 2011-06-16 | 2015-08-05 | 中国科学院数据与通信保护研究教育中心 | A kind of method for security protection of Windows operating system and system |
US8756680B2 (en) * | 2011-08-02 | 2014-06-17 | Corning Incorporated | Biometric-enabled smart card |
US9002322B2 (en) | 2011-09-29 | 2015-04-07 | Apple Inc. | Authentication with secondary approver |
US9959539B2 (en) | 2012-06-29 | 2018-05-01 | Apple Inc. | Continual authorization for secured functions |
US10212158B2 (en) | 2012-06-29 | 2019-02-19 | Apple Inc. | Automatic association of authentication credentials with biometrics |
US9832189B2 (en) | 2012-06-29 | 2017-11-28 | Apple Inc. | Automatic association of authentication credentials with biometrics |
US9819676B2 (en) | 2012-06-29 | 2017-11-14 | Apple Inc. | Biometric capture for unauthorized user identification |
KR101231216B1 (en) * | 2012-07-13 | 2013-02-07 | 주식회사 베프스 | Removable storage device with fingerprint recognition and control method thereof |
US10331866B2 (en) | 2013-09-06 | 2019-06-25 | Apple Inc. | User verification for changing a setting of an electronic device |
US9898642B2 (en) | 2013-09-09 | 2018-02-20 | Apple Inc. | Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs |
US20150073998A1 (en) | 2013-09-09 | 2015-03-12 | Apple Inc. | Use of a Biometric Image in Online Commerce |
US20150082890A1 (en) * | 2013-09-26 | 2015-03-26 | Intel Corporation | Biometric sensors for personal devices |
US20150220931A1 (en) | 2014-01-31 | 2015-08-06 | Apple Inc. | Use of a Biometric Image for Authorization |
CN103955733B (en) * | 2014-04-22 | 2017-02-15 | 中国工商银行股份有限公司 | Electronic identity card chip card, card reader and electronic identity card verification system and method |
US10482461B2 (en) | 2014-05-29 | 2019-11-19 | Apple Inc. | User interface for payments |
DE102014110694A1 (en) | 2014-07-29 | 2016-02-04 | Bundesdruckerei Gmbh | Document with sensor means |
GB2529214B (en) * | 2014-08-14 | 2016-10-19 | Soloprotect Ltd | An identity card holder and system |
US9400914B2 (en) | 2014-10-24 | 2016-07-26 | Egis Technology Inc. | Method and electronic device for generating fingerprint enrollment data |
US9590986B2 (en) * | 2015-02-04 | 2017-03-07 | Aerendir Mobile Inc. | Local user authentication with neuro and neuro-mechanical fingerprints |
CN105069436A (en) * | 2015-08-14 | 2015-11-18 | 广东欧珀移动通信有限公司 | Control method and system based on fingerprint identification, and fingerprint identification module group |
GB2547905B (en) * | 2016-03-02 | 2021-09-22 | Zwipe As | Fingerprint authorisable device |
JP6753713B2 (en) | 2016-07-15 | 2020-09-09 | 株式会社東芝 | IC module, IC card, and collation device |
DK179471B1 (en) | 2016-09-23 | 2018-11-26 | Apple Inc. | Image data for enhanced user interactions |
CN106682477B (en) * | 2017-01-18 | 2023-09-19 | 西京学院 | Authentication method based on human body solid state characteristics |
GB2564839A (en) * | 2017-05-30 | 2019-01-30 | Zwipe As | Smartcard and method for controlling a smartcard |
US10740494B2 (en) | 2017-09-06 | 2020-08-11 | Google Llc | Central and delegate security processors for a computing device |
JP6736686B1 (en) | 2017-09-09 | 2020-08-05 | アップル インコーポレイテッドApple Inc. | Implementation of biometrics |
ZA201802775B (en) * | 2018-01-22 | 2019-01-30 | Ratshephe Wright Makhene Ezekiel | A card and identity verification system |
US11170085B2 (en) | 2018-06-03 | 2021-11-09 | Apple Inc. | Implementation of biometric authentication |
US11100349B2 (en) | 2018-09-28 | 2021-08-24 | Apple Inc. | Audio assisted enrollment |
US10860096B2 (en) | 2018-09-28 | 2020-12-08 | Apple Inc. | Device control using gaze information |
SG10201902933WA (en) * | 2019-04-01 | 2020-11-27 | Advanide Holdings Pte Ltd | An improved card with fingerprint biometrics |
EP4264460A1 (en) | 2021-01-25 | 2023-10-25 | Apple Inc. | Implementation of biometric authentication |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0457398A2 (en) * | 1990-05-18 | 1991-11-21 | Philips Electronics Uk Limited | Fingerprint sensing |
US5907627A (en) * | 1995-11-06 | 1999-05-25 | Dew Engineering And Development Limited | Contact imaging device |
US5978495A (en) * | 1996-07-17 | 1999-11-02 | Intelnet Inc. | Method and apparatus for accurate determination of the identity of human beings |
US5995630A (en) * | 1996-03-07 | 1999-11-30 | Dew Engineering And Development Limited | Biometric input with encryption |
EP1006479A2 (en) * | 1998-12-04 | 2000-06-07 | Stocko Contact GmbH & Co. KG | Authentication system for PC-cards |
EP1074949A1 (en) * | 1999-08-02 | 2001-02-07 | Ming-Shiang Shen | Integrated circuit board with fingerprint verification capability |
WO2001078740A1 (en) * | 2000-04-18 | 2001-10-25 | Glaxo Group Limited | Medical combinations comprising mometasone and salmeterol |
US6325285B1 (en) * | 1999-11-12 | 2001-12-04 | At&T Corp. | Smart card with integrated fingerprint reader |
US20020088632A1 (en) * | 2000-08-17 | 2002-07-11 | Authen Tec | Integrated circuit package including opening exposing portion of an IC |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS6029868A (en) | 1983-07-29 | 1985-02-15 | Toshiba Corp | Individual identification system |
-
2003
- 2003-09-10 MY MYPI20033420A patent/MY161401A/en unknown
- 2003-09-10 UY UY27970A patent/UY27970A1/en not_active Application Discontinuation
- 2003-09-10 CN CNB038250098A patent/CN100437635C/en not_active Expired - Fee Related
- 2003-09-10 PE PE2003000916A patent/PE20040351A1/en not_active Application Discontinuation
- 2003-09-10 PA PA8581901A patent/PA8581901A1/en unknown
- 2003-09-10 TW TW092124967A patent/TWI366795B/en not_active IP Right Cessation
- 2003-09-11 AR ARP030103284 patent/AR041226A1/en active IP Right Grant
-
2005
- 2005-03-08 TN TNP2005000068A patent/TNSN05068A1/en unknown
- 2005-04-01 ZA ZA200502663A patent/ZA200502663B/en unknown
- 2005-04-05 LT LT2005035A patent/LT5344B/en not_active IP Right Cessation
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0457398A2 (en) * | 1990-05-18 | 1991-11-21 | Philips Electronics Uk Limited | Fingerprint sensing |
US5907627A (en) * | 1995-11-06 | 1999-05-25 | Dew Engineering And Development Limited | Contact imaging device |
US5995630A (en) * | 1996-03-07 | 1999-11-30 | Dew Engineering And Development Limited | Biometric input with encryption |
US5978495A (en) * | 1996-07-17 | 1999-11-02 | Intelnet Inc. | Method and apparatus for accurate determination of the identity of human beings |
EP1006479A2 (en) * | 1998-12-04 | 2000-06-07 | Stocko Contact GmbH & Co. KG | Authentication system for PC-cards |
EP1074949A1 (en) * | 1999-08-02 | 2001-02-07 | Ming-Shiang Shen | Integrated circuit board with fingerprint verification capability |
US6325285B1 (en) * | 1999-11-12 | 2001-12-04 | At&T Corp. | Smart card with integrated fingerprint reader |
WO2001078740A1 (en) * | 2000-04-18 | 2001-10-25 | Glaxo Group Limited | Medical combinations comprising mometasone and salmeterol |
US20020088632A1 (en) * | 2000-08-17 | 2002-07-11 | Authen Tec | Integrated circuit package including opening exposing portion of an IC |
Also Published As
Publication number | Publication date |
---|---|
LT5344B (en) | 2006-06-27 |
TNSN05068A1 (en) | 2007-05-14 |
AR041226A1 (en) | 2005-05-11 |
MY161401A (en) | 2017-04-14 |
TWI366795B (en) | 2012-06-21 |
TW200411572A (en) | 2004-07-01 |
LT2005035A (en) | 2006-01-25 |
PA8581901A1 (en) | 2004-05-21 |
PE20040351A1 (en) | 2004-06-17 |
UY27970A1 (en) | 2003-12-31 |
CN1695163A (en) | 2005-11-09 |
ZA200502663B (en) | 2006-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100437635C (en) | Secure biometric verification of identity | |
US7278025B2 (en) | Secure biometric verification of identity | |
US7472275B2 (en) | System and method of electronic signature verification | |
US7043754B2 (en) | Method of secure personal identification, information processing, and precise point of contact location and timing | |
US7172115B2 (en) | Biometric identification system | |
US8918900B2 (en) | Smart card for passport, electronic passport, and method, system, and apparatus for authenticating person holding smart card or electronic passport | |
US7255269B2 (en) | Device and method of recognizing at least one individual, the corresponding access control device and system and applications thereof | |
KR19980073694A (en) | Radio frequency identification system including fingerprint identification card | |
RU2339081C2 (en) | Intellectual identification card | |
EP1706852B1 (en) | An identification card and a method of identifying a card holder using the card | |
ES2336983B1 (en) | SECURITY BIOMETRIC IDENTITY VERIFICATION. | |
LT5403B (en) | Secure biometric verification of identity | |
CA2529098A1 (en) | System and method for network security and electronic signature verification | |
GB2401822A (en) | Computer system with data carrier having biometric user identification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20081126 Termination date: 20110910 |