Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
  • H04L9/3231—Biological data, e.g. fingerprint, voice or retina
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
  • H04W12/06—Authentication
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/401—Transaction verification
  • G06Q20/4014—Identity check for transactions
  • G06Q20/40145—Biometric identity checks
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
  • G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
  • G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
  • G06V40/12—Fingerprints or palmprints
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/30—Individual registration on entry or exit not involving the use of a pass
  • G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
  • G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04M—TELEPHONIC COMMUNICATION
  • H04M1/00—Substation equipment, e.g. for use by subscribers
  • H04M1/66—Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
  • H04M1/667—Preventing unauthorised calls from a telephone set
  • H04M1/67—Preventing unauthorised calls from a telephone set by electronic means
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C11/00—Arrangements, systems or apparatus for checking, e.g. the occurrence of a condition, not provided for elsewhere
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
  • H04W88/02—Terminal devices
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W92/00—Interfaces specially adapted for wireless communication networks
  • H04W92/04—Interfaces between hierarchically different network devices
  • H04W92/08—Interfaces between hierarchically different network devices between user and terminal device

Definitions

• the device's keyboard After the input, the correctness of the information entered and thus the authorization of the input user is checked by a test device in the device or on a computer or communication network. In the case of mobile telephones according to the GSM standard, this is done by a data processing device on the so-called SIM card of the device checking whether the PIN entered matches the information stored on the SIM card. If this is the case, the SIM card releases the mobile phone for use. It increases the security of the telephone customer that, according to the GSM standard, the PIN must not be saved in the device, but only in encrypted form on the SIM card.
• This 2 Technologies are based on the acquisition of user-specific biometric features by special sensors. A more ⁇ term example of this are sensors to detect the fingerprint. Other biometric features such as the retinal texture of the human eye or the characteristics of a human voice are also used in some devices.
• the features detected by the sensors are compared in a data processing device of the device or a communication network with the known features of an authorized user, and if there is sufficient agreement, access to the desired service, the required data or the selected device function is enabled.
• Fingerprint occasionally fail or be impracticable, for example because the user's hands are dirty or the user is wearing gloves. For these or similar reasons, it is desirable or necessary for one or more users of a device to be able to authenticate to it in different ways. In these cases, biometric authentication should be possible in addition to authentication by entering a PIN. In the case of mobile telephones according to the GSM standard, there is also the fact that the standard prescribes the possibility of authentication by entering a PIN. 3 From the described situation arises that a Ver ⁇ application of conventional biometric Authent Schemesver- go mobile phones based on the GSM standard is not possible because this only for reasons of compatibility with the GSM standard authentication via PIN with the SIM card imperative.
• the invention is therefore based on the object of specifying a technical teaching which allows the combination of biometric user authentication with authentication by entering a PIN even in the case of mobile telephones according to the GSM standard or in similar cases, one form of authentication being sufficient in each case should.
• the user should therefore have the choice of which type of authentication he would like to use.
• a particularly excellent user e.g. the owner of the device
• the invention provides that biometric features of the user are detected by a sensor device and that from the detected biometric features an authentication 4 tion-serving information is determined using mathematical methods. This results in authentication information at the end of the evaluation of the biometric features, which can be checked by the same checking device as authentication information entered by the user via an information input device (for example a keyboard).
• an information input device for example a keyboard
• the result of the evaluation of the fingerprint is the same PIN that users could have entered using the keyboard.
• this PIN is not stored in the device, but is calculated from the biometric features of a user detected by a sensor device.
• FIG. 1 shows an exemplary embodiment of the invention, in which all methods and devices are integrated in one device.
• FIG. 2 shows an exemplary embodiment of the invention, in which the test device is not located within the device.
• FIG. 3 shows an exemplary embodiment of the invention, in which a display device for displaying authentication information is integrated in the device.
• a rather special important embodiment of the invention It is a mobile phone according to the GSM standard, which dispose with a fingerprint sensor for user authentication.
• This fingerprint sensor is a special case of the sensor device (SE) shown in FIG. 1. If a user of the device (EG) places a finger on this fingerprint sensor and the device expects authentication such as the entry of a PIN or SuperPIN or PIN2 (depending on the manufacturer), the fingerprint sensor detects the corresponding biometric features (BM) of the concerned user and leads this to a data processing device (DE).
• SE sensor device
• this data processing device will be the processor which is already present in the mobile phone and is connected to software running on it.
• the fingerprint sensor (or more generally: the sensor device) could also have its own processor unit, on which a special software that performs fingerprint recognition runs, so that the data processing device in the sense of this invention is wholly or partly integrated into the sensor device. Since fingerprint recognition itself as well as other methods for recognizing biometric features and their implementation on data processing devices of different configurations (and partitioning in subsystems or composition from known hardware modules) are sufficiently known to the person skilled in the art, this section of the implementation of the invention certainly does not pose any particular problems.
• the PIN determined from the sensor data need not be identical to the SIM card PIN. If the standard or - in the case of other devices - the relevant security protocols allow this, the test facility was also able to check two different authentication information items to determine whether they match each other.
• the authentication information FPAUTINF calculated from the sensor data could also be different from the authentication information entered via a keyboard, in the case of sole authentication using sensor data (that is to say independently of and in addition to the PIN input) Be AUTINF as long as only the test facility recognizes that the two fit together in the sense that both refer to the authorized user.
• Condition a) is intended to ensure that the fingerprint detection is sufficiently robust against small disturbances. Otherwise, the rejection rate for authorized users would be too high.
• Condition b) ensures that fingerprints of different users lead to different authentication information FPAUTINF with a sufficiently high probability.
• the meaning of condition c) is obvious.
• Sensor device detected biometric features can be brought into the form of a so-called feature vector.
• feature vector n measurement data
• the feature vectors form an n-dimensional space.
• pattern vectors codebook vectors
• distance measure similarity measure for biometric features
• the correct authentication information (e.g. the actual PIN) is assigned to a pattern vector.
• the error rates of this method can be optimized if it is ensured that the feature vector associated with the biometric features of the authorized user is one of the pattern vectors. This can be achieved by adapting the system to the biometric characteristics of the authorized user in an initialization phase (code book adaptation).
• Vector quantization is not the only method that can be used in connection with the invention. Other methods are familiar to the person skilled in the art and therefore need not be explained here.
• the calculation of the authentication information FPAUTINF from the biometric characteristics of a user by vector quantization is - if one starts from the wording - actually connected with a "storage of the PIN" in the device, since every pattern vector of the code book is assigned a basically possible authentication information (FPAUTINF) is.
• FPAUTINF basically possible authentication information
• this is not really suitable for authentication. So there are e.g. in the case of a five-digit alphanumeric PIN in
• the invention provides in a preferred embodiment that instead of just one calculation method, a whole set of such methods is immediately available in the device. A serial number could be assigned to each individual calculation method, so that an authorized user could change the method used at any time.
• This embodiment of the invention can also be realized with vector quantization, whereby not only one code book but several code books of pattern vectors are to be provided. Each code book has a number and can be selected using this number. Other methods may depend on one parameter. If this parameter is changed, a different mathematical mapping results. If the dependency on this parameter is sufficiently complex, it will be practically impossible to change the authentication information when the parameter is changed 11 guess.
• Certain types of neural networks eg so-called multilayer perceptrons
• the PIN is actually not stored anywhere as a string, but only (implicitly encrypted) the network architecture and the weight coefficient.
• This embodiment variant of the present invention appears to be of particular interest in view of the fact that many people require a number of different passwords for very different purposes or devices. It is becoming increasingly difficult to remember these many passwords.
• Ml, ..., Mn matrix of methods for calculating a plurality of authentication information (FPAUTINF1, ..., FPAUTINFn) from a single feature vector (or sensor data record)
• FPAUTINF1, ..., FPAUTINFn a plurality of authentication information
• a key figure of such a method has to be entered only in a context of the user interface to be provided for it.
• the data processing device can be set up accordingly by software.
• the biometric characteristics of several people can also be linked to the correct PIN or to several correct PINs. If, by way of exception, the device is only to be used for connection with one person, ie with only one SIM card, the release can also be linked to other security mechanisms such as device codes, etc.
• the invention allows any kind of flexibility with maximum security and compatibility with the standard. 12 Especially in the case of changing a PIN may be useful another Nön ⁇ Liche embodiment of the invention in which a display is provided for displaying a Authentiflkationsinformation. Such a display is already present in many devices of this type and can therefore also be used for these purposes. If a user wants to change his authentication information (AUTINF), such as the PIN, which is to be entered via the keyboard, matches the SIM card or is stored on it, some calculation methods may not provide him with all conceivable characters-digits.
• AUTINF authentication information
• Combinations available as PINs e.g. because the code book is smaller than the number of all possible PINs.
• changing the parameter of the calculation method used e.g. changing the code book number, or changing a parameter of a neural network
• the PINs are sufficient to change the assignment of the PINs to the pattern vectors and thus the PIN assigned to his individual feature vector.
• the authorized user is therefore preferably informed of the changed PIN by a corresponding, possibly one-time brief display of this PIN after the change on a display of the device.
• Other solutions e.g. mail delivery of the new PIN are conceivable.
• the invention is of course not restricted to mobile telephones, in particular not to mobile telephones according to the GSM standard.
• the person skilled in the art will readily recognize from the present description how the invention can be implemented in the case of other devices or systems.
• the invention is not limited to the case that the test unit (PE) m is integrated into the device.
• Figure 2 shows the important case of a device, for example, via a communication network with at least one other device 13 is connected, m is the test facility.
• the data processing unit or that part of the data processing unit (DE) which is responsible for calculating the authentication information FPAUTINF from the biometric features BM of the user does not necessarily have to be in the device.
• the device does not have to have an integrated sensor device (SE) or an integrated keyboard (EE).
• SE integrated sensor device
• EE integrated keyboard

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Signal Processing (AREA)
• Computer Networks & Wireless Communication (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Business, Economics & Management (AREA)
• Theoretical Computer Science (AREA)
• Accounting & Taxation (AREA)
• Strategic Management (AREA)
• Health & Medical Sciences (AREA)
• General Business, Economics & Management (AREA)
• Biomedical Technology (AREA)
• Human Computer Interaction (AREA)
• Computing Systems (AREA)
• Computer Hardware Design (AREA)
• General Engineering & Computer Science (AREA)
• General Health & Medical Sciences (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Finance (AREA)
• Multimedia (AREA)
• Life Sciences & Earth Sciences (AREA)
• Biodiversity & Conservation Biology (AREA)
• Collating Specific Patterns (AREA)
• Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
• Mobile Radio Communication Systems (AREA)

Priority Applications (1)

Applications Claiming Priority (3)

Related Child Applications (1)

Publications (1)

Family

ID=7865306

Family Applications (2)

Family Applications Before (1)

Country Status (7)

Families Citing this family (15)

Family Cites Families (7)

• 1998
  • 1998-08-21 KR KR1020007011658A patent/KR20010042881A/ko not_active Application Discontinuation
  • 1998-08-21 CA CA002329311A patent/CA2329311A1/en not_active Abandoned
  • 1998-08-21 WO PCT/DE1998/002457 patent/WO1999054851A1/de not_active Application Discontinuation
  • 1998-08-21 CN CN98814125A patent/CN1299496A/zh active Pending
  • 1998-08-21 EP EP04004846A patent/EP1424659A1/de not_active Withdrawn
  • 1998-08-21 JP JP2000545128A patent/JP2002512409A/ja not_active Withdrawn
  • 1998-08-21 EP EP98948818A patent/EP1074004A1/de not_active Ceased
  • 1998-08-21 BR BR9815824-4A patent/BR9815824A/pt not_active IP Right Cessation

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events