EP1092182A2 - Apparatus and method for end-to-end authentication using biometric data - Google Patents

Apparatus and method for end-to-end authentication using biometric data

Info

Publication number
EP1092182A2
EP1092182A2 EP19990937183 EP99937183A EP1092182A2 EP 1092182 A2 EP1092182 A2 EP 1092182A2 EP 19990937183 EP19990937183 EP 19990937183 EP 99937183 A EP99937183 A EP 99937183A EP 1092182 A2 EP1092182 A2 EP 1092182A2
Authority
EP
Grant status
Application
Patent type
Prior art keywords
biometric
device
data
secure
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP19990937183
Other languages
German (de)
French (fr)
Inventor
Schrijver Stefaan A. De
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LCI SMARTPEN NV
LCI/Smartpen NV
Original Assignee
LCI/SMARTPEN, N.V.
LCI SMARTPEN NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transaction
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual entry or exit registers
    • G07C9/00126Access control not involving the use of a pass
    • G07C9/00134Access control not involving the use of a pass in combination with an identity-check
    • G07C9/00158Access control not involving the use of a pass in combination with an identity-check by means of a personal physical data
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Abstract

A secure transaction system and a secure method for authenticating a user based on biometric data of the user includes a biometric analyzer device that is assembled in a secure environment and has a secure device identifier and encryption key. First authentication means receive the biometric data and authenticate the biometric data of the user based on biometric reference data from the user, while second authentication means authenticate an authorized use of the biometric analyzer device based on at least the secure device identifier. The secure transaction system authenticates the user only if both the first and second authentication means authenticate the biometric data and the authorized use of the biometric input device, respectively.

Description

APPARATUS AND METHOD FOR END-TO-END AUTHENTICATION

USING BIOMETRIC DATA

Cross-Reference to Related Applications

The present application claims the benefit of the filing date of the provisional application Serial No. 60/090,822, which has a filing date of June 26, 1998.

Background of The Invention

1. Field of the invention

The invention relates to the field of authentication, fraud detection and prevention, security and cryptography. More particularly, the invention relates to the authentication of biometric data.

2. Description of Related Art

With the emergence of Electronic Commerce, various processes have been devised for authenticating users and ensuring the privacy of electronic data transmitted and received by the users. Governments in many countries designate and accredit appropriate organizations to perform specific roles for secure data transmission, including digital signature.

Electronic commerce may require several distinct security elements: Authentication, Secure Communications, Trusted Server Environments, Electronic Contracts, Protection of Intellectual Property, Digital Payment mechanisms, and Corporate Information Security (Data, Processes, Access Control)

Technologies commonly employed to detect and react to breach of confidentiality, fraud and piracy include cryptography, which provides the mathematical framework for secure document transmission and authentication; key registration and certification for enhancing proof of authenticity; tokens for providing safety of physical information; biometric analysis for linking verifiable physical user attributes (biometric properties) with the authentication process; and tamper-resistant devices for safe storage and processing of intrinsic physical information.

By way of background, cryptographic methods can be divided into symmetric and asymmetric methods, depending on the keys used to encrypt and decrypt messages. Symmetric ("Private Key") cryptography uses the same key both for encrypting and decrypting a message. A message is understood to represent an arbitrary data string which may be represented by binary, octal, hexadecimal number, as is known in the art. Since the same key is used for both encryption and decryption, the key must always be kept secret and delivered to another party in a secure fashion. Anyone in possession of the symmetric decryption key can also encrypt, making it impossible to authenticate the originator.

Asymmetric Key ("Public/Private Key pair") cryptography is based on two keys which are mathematically related to one another to form a complement. For example, one of the keys can be used to encrypt a data string, while the other key can be used to decrypt the data string. One key, called the Private Key, is kept secret. The other key, called the Public Key, is not secret and may be distributed without jeopardizing security. Public-Key cryptography is well known in the art.

Asymmetric Key arrangements can be used in two ways: for secure encryption of data strings, or to authenticate the originator of the data. However, the same key pair cannot be used simultaneously to encrypt the data strings and for authenticating the originator.

Another useful concept in cryptography are one-way functions, noticeably oneway hash functions. A hash function is a function that takes an input string and converts it to a fixed-size, often smaller output string. Since hash functions are typically many to one, they cannot be used to determine with absolute certainty if two input strings are equal; however, if two input strings hash to the same value, they two input strings are identical with an overwhelming degree of certainty. In other words, the hash values cannot be decrypted. To enhance security further, the hashed output string can be encrypted with the recipients public key, which the recipient then decrypts with his private key. One-way functions have to major applications: password protection and message digesting. Examples for password protection using one-way functions can be found on modern computers to verify access authorization. Examples for message are the MD4 and MD5 algorithms, which are known in the art.

Another useful concept is that of a Digital Signature. To secure a message, one can attach to it a Digital Signature. A person creates a message as described above. The sender of an original message produces a one-way hash of the message, i.e., the message digest, and encrypts the hash with the sender's Private Key. The sender then attaches the message digest and the Private Key to the original message. This attachment is called a Digital Signature. The sender sends to the recipient the original message and the message digest, as well as information which allows the recipient to compute the sender's Public Key. Digital Signatures can authenticate that the Private Key of the sender was indeed used with the original document and verify that the original document has not been altered.

Without additional safeguarding, however, the recipient has no way, based on the transmitted information alone, to verify the true identity of the sender. In other words, the recipient cannot verify that the sender and the person from which the recipient expects the message, are identical.

To remedy these shortcomings, the ISO authentication framework, also known as X.509 protocol, was established. The framework is certificate-based. A trusted certification authority (CA) assigns a unique name to each user and issues a certification certificate containing the name and the user's public key. The CA signs all certification certificates with a secret key. Certification certificates may have a specified validity period. However, unless the user is personally known to the CA, the CA is still not able to guarantee that the user actually is the physical person associated with the user name.

Such guarantee is provided by a Registration or Device Authority (DA). The DA verifies the identity of the user and issues a Private Key/Public Key arrangement. The person's Private Key is typically a password which the person has to remember, and/or a token that contains the Private Key. The DA encrypts the information about the person, including the person's public key, using the DA's Private Key, digitally signs the encrypted information and makes the information available to

CA's for storage on a key server. The signed encrypted information is called a Registration Certificate.

The CA distributes the Registration Certificate on a server, and certifies them as authentic based on the DA's public key which the CA has in its possession. The CA's public keys are incorporated into most browsers. A person can verify another person by using the certification authority's public key. In this way the requesting person can know that the Certificate is authentic. Certificates are not limited to a single sender and a single recipient. If several people are involved in a transaction, a Certificate must be certified for each party. The plurality of Certificates must be attached to the message digest corresponding with the transaction. As mentioned above, all Certificates are deemed authentic.

However, the Certification Authority may issue an authentic Certificate based on the correct Private Key or Token of the user, although the user was not authenticated.

For example, secure Private Keys may have a considerable number of characters, making them difficult to remember. An authenticated user may therefore be tempted to record the password either on paper or in a computer file as plain text, which may then be misappropriated by a potential perpetrator. Passwords may also be recorded when entered into a security station and fraudulently replayed at a later time. Tokens containing the Private Key, on the other hand, may be misappropriated or stolen.

It is therefore desirable to uniquely establish a secure link between a person and the Private Key being used by that person in such a way that the Private Key can only be used by that person. It is further desirable to establish a Private Key for a person which is unique and does not have to be recorded or memorized Summary of the Invention

In general, the present invention combines biometric authentication, electronic signatures, digital signatures, device identification, and an apparatus for secure manufacturing with symmetric and asymmetric cryptography to enable end-to-end security of electronic transactions.

According to one aspect of the invention, a secure transaction system for authenticating a user based on the user's biometric data includes a biometric analyzer device that receives the biometric data of the user and has a secure device identifier. The secure transaction system authenticates the user only if both a first authentication means, which receives the biometric data, authenticates the biometric data of the user based on biometric reference data of the user, and a second authentication means authenticates an authorized use of the biometric analyzer device based on at least the secure device identifier.

According to another aspect of the invention, a method for authenticating biometric data of a user includes providing a biometric analyzer device with a secure device identifier, acquiring with the biometric analyzer device biometric data of the user, and generating a sequentially increasing session ID for successive acquisitions of the biometric data. The method further includes authenticating the biometric analyzer device based on at least the secure device identifier, and authenticating the biometric analyzer data based on at least the session ID and a comparison between the acquired biometric analyzer data and reference biometric data for the user. The biometric data are authenticated only if both the biometric analyzer device and the biometric analyzer data are authentic.

According to yet another aspect of the invention, a method for providing end-to- end security in a transaction using biometric data includes programming a biometric analyzer device with a secure device identifier, assigning a secure device key to the biometric analyzer device, and acquiring the biometric data with the biometric analyzer device, wherein the biometric analyzer device generates a respective sequentially increasing session ID for successive recordings of the biometric data. The method further includes authenticating the biometric data based on at least the secure device identifier, the device key and the session ID, and on a comparison of a representation of the acquired biometric data with a representation of reference biometric data recorded with the same biometric analyzer device.

Embodiments of the invention may include one or more of the following features. The biometric analyzer device may generate a unique session ID for each user session, wherein the unique session ID may be sequentially increasing from one session to the next. The user is authenticated only if the session ID of the current session is greater than the session ID of the previous session for the respective biometric analyzer device. The biometric analyzer device may include a unique biometric analyzer key which is issued by a trusted device authority and stored tamper-proof in the biometric analyzer device. The biometric analyzer device may be programmed by a secure programming device having a secure programming station identification key which is known to the trusted device authority. The secure programming device may include a programming station identification key which may be a symmetric key provided by a trusted device authority. As a further security measure, the biometric analyzer device may also include a biometric analyzer key, wherein authentication of the biometric analyzer device depends on a comparison of the biometric analyzer with a reference key maintained by a trusted device authority. The biometric data may be in the form of a message digest or hash.

Further features and advantages of the present invention will be apparent from the following description of preferred embodiments and from the claims.

Brief description of the Drawings

FIG. 1 is a schematic block diagram of a system for end-to-end authentication of biometric data according to the invention,

FIG. 2 shows the interactions between various devices and the Device Authority during manufacture and initialization of the Biometric Analyzer Device, FIG. 3 shows the interactions between the secure application station and the registration and certification authorities during authentication of biometric data,

FIG. 4 is a flow diagram of the manufacturing process of a Biometric Analyzer Device according to the invention, and

FIG. 5 is a flow diagram of the authentication process according to the invention.

Description of Preferred Embodiments Referring now to FIG. 1, a secure manufacturing and authentication system 5 for end-to-end authentication of biometric data includes a manufacturing station 10 at which an exemplary Biometric Analyzer Device 14, shown here in form of a pen 14, for entering a user's signature, is assembled. The pen 14 may be, for example, a LCI-SMARTpen™ available in the USA from LCI-SMARTpen, Andover, MA. The LCI-SMARTpen™ includes an advanced wireless computer system which is miniaturized to have the same footprint and performance as a pen.

Instead of or in addition to the pen 14, the Biometric Analyzer Device may include other biometric input devices, such as a fingerprint reader 32, a voice recognition device 36, an optical face or iris scanner 34, and the like. Although the invention will be described hereinafter with respect to the pen input device 14, it will be understood by those skilled in the art that the apparatus and method of the invention are applicable to other biometric input devices as well. The electronic circuit of the Biometric Analyzer Device 14 includes electronic chips for data acquisition, data processing and data output. At least one of the chips typically includes a programmable or re-programmable chip ID provided by the chip manufacturer. This chip ID is unique but not secure, because it is known by the chip manufacturer. To improve the security of the stored identification numbers, the manufacturing station 10 includes a Secure Programming Device 12 which is tamper-resistant and contains a unique Private Key, called a Programming Station Identification Key (PSIK) 13. The Secure Programming

Device 12 with the PSIK 13 is installed by a trusted third party, such as a Device Authority (DA) 20. Details of the interactions between the Secure Programming Device 12, the Biometric Analyzer Device 14 and the DA 20 will be discussed in more detail below. The manufacturing station 10 may interact with the DA 20 via data lines 50, 52 and 56, which may be secure or open communication channels, in a manner known in the art.

The electronics in the Biometric Analyzer Device 14 are physically protected by conventional tamper-resistant electronic packaging. The unique but public ID number of the programmed chip in the Biometric Analyzer Device 14 is stored in the device 14 as a Chip ID 15. The Biometric Analyzer Public Key, which will be discussed later, also remains with the Biometric Analyzer Device at all times. These data are unalterable and can be read only inside the Biometric Analyzer Device.

The secure manufacturing and authentication system 5 communicates with a Certification Authority (CA) 40 which has knowledge about the encryption keys used by the DA 20 and is responsible for issuing a certificate once the biometric data have been authenticated. Both the Device Authority 20 and the Certification Authority 40 maintain respective databases 22, 42 which store attributes of the Biometric Analyzer Devices 14 required for verification and authentication of the biometric data. For example, the PSIK is securely stored in the DA database 22.

Another part of the secure manufacturing and authentication system 5 for providing end-to-end security is a secure application station 30 to which the Biometric Analyzer Device 14 can be connected. For the purpose of authentication, the secure application station 30 interacts with the DA 20 and the CA 40. Details of this interaction will be discussed in detail below.

Referring now to FIG. 2, during manufacture of the Biometric Analyzer Device 14, the Secure Programming Device 12 of the manufacturing station 10 sends the chip ID (C-ID) 15 of the Biometric Analyzer Device 14 to a trusted third party, in this case the Device Authority (DA) 20, in the form of a message digest by hashing the chip ID

15 with the Programming Station Identification Key (PSIK) 13, as indicated by arrow 16. The Device Authority 20 recognizes the PSIK and generates a biometric analyzer public/private key arrangement (BAID). The Device Authority 20 stores the chip ID 15 and the BAID in its database 22 corresponding to the PSIK.

The Device Authority 20 encrypts the BAID using the PSIK and sends the encrypted BAID to the Secure Programming Device 12 corresponding to the PSIK, as indicated by arrow 17. The Secure Programming Device 12 decrypts the received the encrypted BAID and embeds the Biometric Analyzer's private key into the Biometric Analyzer Device 14, as indicated by arrow 18. The BAID public key travels with the Biometric Analyzer Device 14 to the secure application station 30 which will be described in more detail below. In addition, the Device Authority 20 communicates the

PSIK also to the Certification Authority 40 via a secure transmission channel (not shown).

Referring now to FIG. 3, the Biometric Analyzer Device 14 of the secure application station 30 acquires biometric user input data. The secure application station

30 generates a biometric message digest (hash) of a transaction including an electronic signature of the Biometric Analyzer Device. The secure application station 30 transmits the hashed and signed transaction data to the Certification Authority 40 as a trusted third party, as indicated by arrow 25. The Certification Authority 40 sends the BAID for verification to the Device Authority 20, as indicated by arrow 27. If the private key and the public key match the PSIK keys stored in the DA database 22, the Device Authority 20 issues a security certificate to the Certification Authority 40, as indicated by arrow 28. The Device Authority 20 may also make an entry into the record in its database 22 corresponding to the PSIK. As mentioned above, the Device Authority 20 communicates the PSIK to the Certification Authority 40 via a secure communication channel. The Certification Authority 40 checks the electronic signature of the Biometric Analyzer Device 14 based on records in its database 42.

One of two situations can occur: If this is the first time the user enters biometric data into the Biometric Analyzer Device 14, a trusted third party has to verify the user's true identity. The trusted third party may be, for example, a bank, a notary and the like, that is in possession of an authenticated private key. The corresponding public key would be known to the various certification authorities. The trusted third party signs the biometric data or a hash thereof which is considered by the respective certification authority receiving the biometric data as proof that the biometric data are genuine and are associated with the identified user. The respective certification authority stores the user and biometric data attributes in its secure database.

If, on the other hand, the user's biometric data are already referenced in the respective Certification Authority's database, an authentication algorithm of the Certification Authority 40 compares the received biometric data with the referenced biometric data. If these data are in agreement and if a valid security certificate was received from the Device Authority 20, then the Certification Authority 40 issues of an Authentication Certificate, as indicated by arrow 26. Issuance of the certificate may also be recorded in the CA database 42.

Referring now to FIG. 4, a flow diagram depicts the secure generation of device identifiers for the Biometric Analyzer Device 14. The secure generation of device identifiers essentially can be separated into two parts: a process 60 for generating a secure device identifier based on the tamper-resistant Programming Station Identification Key (PSIK) 13, and a process 70 by which the Device Authority 20 that also has possession of the PSIK generates Biometric Analyzer Private/Public key pairs for the device having the respective PSIK. In process 60, a chip manufacturer providing electronic components for the Biometric Analyzer Device loads a unique chip ID into the Biometric Analyzer Device, step 62. The Secure Programming Device reads the chip ID provided by the chip manufacturer, step 64. The chip ID is unique, but not secure, because it is known by the chip manufacturer, as discussed above. Next, the

Secure Programming Device generates a sequence number (SN), step 66. The Secure Programming Device then uses its PSIK to encrypt the chip ID and the sequence number, step 68, and sends the encrypted information to the Device Authority (DA), step 69.

In process 70, the Device Authority, upon verification of the PSIK, symmetrically decrypts the encrypted information. The Device Authority generates for the device associated with the PSIK a Biometric Analyzer Public/Private Key (BAID) arrangement by conventional key generation methods, such as RSA, step 72. The Device Authority stores the chip ID with the Biometric Analyzer Identification Public and Private Keys (BAID) in a secure database, step 74. The database is secured by conventional means known in the art. The Device Authority then encrypts the BAID using the appropriate PSIK, and sends the encrypted BAID to the Secure Programming Device that corresponds with the respective PSIK, step 76.

The Secure Programming Device, upon receipt of the encrypted BAID, decrypts the BAID with its PSIK and embeds the Biometric Analyzer Private Key into the programmable integrated circuit of the Biometric Analyzer Device currently being assembled at the manufacturing station, step 78, using a Write Once Read Many process. Write Once Read Many (WORM) processes are well known in the art. The Biometric Analyzer Device is now ready to record biometric data from a user.

Referring now to FIG. 5, a flow diagram depicts a process 80 for recordation of biometric data and a process 90 for authentication of the biometric data acquired with an authenticated Biometric Analyzer Device. In process 80, the Biometric Analyzer Device 14 records user biometric data, step 82, and generates a sequentially increasing Session-ID, step 84. The recorded biometric data together with the BAID private key and the Session-ID are encrypted with the BAID public key, step 86, before the data leave the Biometric Analyzer Device. The encrypted data are then hashed into a message digest and digitally signed, whereafter the hashed and signed data are securely transmitted to the Certification Authority (CA). The Certification Authority (CA) decrypts the message digest, step 92. The Certification Authority then checks if the session ID is greater than a session ID previously received for the same device, step 94. If the Session ID is greater than the last recorded session ID, the Certification Authority contacts the Device Authority which knows the BAID Public and Private keys for the respective Chip-ID. If the BAID is correct, step 98, the DA issues a security certificate to the Certification Authority, step 100. Upon receipt of the security certificate and after reviewing the biometric data and comparing the biometric data with corresponding reference biometric data contained in the CA database 42, the Certification Authority issues its own certificate, which may be time and date stamped and recorded in persistent storage by the Certification Authority, and sends the certificate to the secure application station 30, step 10. It will be understood by those skilled in the art, that instead of the biometric data themselves, a hash of these data may be compared. The biometric data can now be used to authenticate the user on-line.

On the other hand, if it is determined in step 94 that the Session-ID the same or smaller than the last session ID received, forgery or tampering with the Biometric Analyzer Device should be suspected. In this case, the Certification Authority will not issue a certificate and may even disable future use of the device, step 96.

It will be apparent to those skilled in the art that the use of symmetric or asymmetric key arrangements will depend on the security of the respective transmission channel. Over dedicated secure lines, data may be encrypted with a symmetric key, whereas, for example, transmission over the Internet requires asymmetric encryption.

Symmetric key encryption is typically significantly faster than asymmetric encryption.

The exemplary authentication process described above may be processed on-line in real time, with signature authentication typically being completed in approximately 1 second. Alternatively, the biometric data may also be used off-line for verification at a later stage.

While the invention has been disclosed in connection with the preferred embodiments shown and described in detail, various modifications and improvements thereon will become readily apparent to those skilled in the art. Accordingly, the spirit and scope of the present invention is to be limited only by the following claims.

We claim:

Claims

Claims:
1. A secure transaction system for authenticating a user, comprising:
a biometric analyzer device receiving biometric data of the user and having a secure device identifier;
first authentication means which receive the biometric data and authenticate the biometric data of the user based on biometric reference data of the user; and
second authentication means which authenticate an authorized use of the biometric analyzer device based on at least the secure device identifier,
wherein the secure transaction system authenticates the user if both the first and second authentication means authenticate the biometric data and the authorized use of the biometric input device, respectively.
2. The transaction system according to claim 1, wherein the biometric analyzer device generates a unique session ID for each user session.
3. The transaction system according to claim 2, wherein the unique session ID is sequentially increasing from one session to a following session.
4. The transaction system according to claim 1, wherein the biometric analyzer device further includes a unique biometric analyzer key issued by a trusted device authority.
5. The transaction system according to claim 4, wherein the biometric analyzer device is programmed by a secure programming device having a secure programming station identification key which is known to the trusted device authority.
6. The transaction system according to claim 1, wherein the biometric data received by the first authentication means are in the form of a hashed message digest.
7. The transaction system according to claim 2, wherein the first authentication means compares the current session ID of the biometric analyzer device with the session
ID of the previous session and authenticates the user only if the current session ID is greater than the session ID of the previous session.
8. The transaction system according to claim 4, wherein the second authentication means compares the unique biometric analyzer key of the biometric analyzer device with a reference key for the same device.
9. The transaction system according to claim 1, wherein the biometric reference data of the user are stored by a certification authority.
10. The transaction system according to claim 1, wherein the biometric reference data are in the form of a hashed message digest.
11. A method for authenticating biometric data of a user, comprising:
providing a biometric analyzer device with a secure device identifier,
acquiring with the biometric analyzer device biometric data of the user,
generating a sequentially increasing session ID for successive acquisitions of the biometric data,
authenticating the biometric analyzer device based on at least the secure device identifier, and authenticating the biometric analyzer data based on at least the session ID and a comparison between the acquired biometric analyzer data and reference biometric data for the user, wherein the biometric data are authenticated only if both the biometric analyzer device and the biometric analyzer data are authentic.
12. The method of claim 11 , wherein the comparison between the acquired biometric analyzer data and reference biometric data for the user includes comparing a hash of the respective biometric analyzer data and reference biometric data.
13. The method of claim 11 , wherein the secure device identifier is supplied to the biometric input device by a secure programming device.
14. The method of claim 13, wherein the secure programming device comprises a secure programming station identification key.
15. The method of claim 14, wherein the secure programming station identification key is provided to the secure programming device by a trusted device authority.
16. The method of claim 11 , wherein authenticating the biometric analyzer device further includes comparing a biometric analyzer key of the biometric analyzer device with a reference key maintained by a trusted device authority.
17. A method for providing end-to-end security in a transaction using biometric data, comprising: programming a biometric analyzer device with a secure device identifier, assigning a secure device key to the biometric analyzer device, acquiring the biometric data with the biometric analyzer device, the biometric analyzer device generating a respective sequentially increasing session ID for successive recordings of the biometric data, and authenticating the biometric data based on at least the secure device identifier, the device key and the session ID, and on a comparison of a representation of the acquired biometric data with a representation of reference biometric data recorded with the same biometric analyzer device.
18. The method of claim 17, wherein the representation of the biometric data is a hash.
19. The method of claim 17, wherein programming includes connecting said biometric analyzer device to a secure programming device capable of reading a chip identification of the biometric analyzer device, generating a sequence number and obtaining from a device authority a biometric analyzer key pair based on a programming station identification key stored in the secure programming device.
20. The method of claim 19, wherein the private key of the biometric analyzer key pair is embedded in the biometric analyzer device.
EP19990937183 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data Withdrawn EP1092182A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US9082298 true 1998-06-27 1998-06-27
US90822P 1998-06-27
PCT/US1999/014554 WO2000000882A3 (en) 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data

Publications (1)

Publication Number Publication Date
EP1092182A2 true true EP1092182A2 (en) 2001-04-18

Family

ID=22224487

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19990937183 Withdrawn EP1092182A2 (en) 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data

Country Status (5)

Country Link
EP (1) EP1092182A2 (en)
JP (1) JP2002519782A (en)
CN (1) CN1322335A (en)
CA (1) CA2335532A1 (en)
WO (1) WO2000000882A3 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE69310518D1 (en) * 1992-07-28 1997-06-12 Procter & Gamble A pharmaceutical composition for topical application comprising a crosslinked cationic polymer, and contains an alkoxylated ether
US6928547B2 (en) 1998-07-06 2005-08-09 Saflink Corporation System and method for authenticating users in a computer network
GB9923802D0 (en) * 1999-10-08 1999-12-08 Hewlett Packard Co User authentication
US7284125B2 (en) 2000-03-23 2007-10-16 Tietech Co. Ltd. Method and apparatus for personal identification
CA2408181C (en) * 2000-04-04 2010-06-29 Bruce D. Sunstein Apparatus and method for assuring the integrity of a multi-user personal information database
FR2810822B1 (en) 2000-06-23 2004-09-17 France Telecom Method for authentication / identification biometric Secure entry module and biometric data for verification module to implement the PROCESS
DE10109760A1 (en) * 2001-02-28 2002-09-05 Unipen Ag Chip reader and identification method for the verification of the usage authorization of a user chip
GB0309182D0 (en) 2003-04-23 2003-05-28 Hewlett Packard Development Co Security method and apparatus using biometric data
EP1524629A1 (en) 2003-10-17 2005-04-20 Swisscom Mobile AG Authorisation control mechanism and device
KR101224348B1 (en) 2004-05-10 2013-01-21 코닌클리케 필립스 일렉트로닉스 엔.브이. Personal communication apparatus capable of recording transactions secured with biometric data, and computer readable recording medium
US20070220274A1 (en) * 2005-10-17 2007-09-20 Saflink Corporation Biometric authentication system
NL1037554C (en) * 2009-12-15 2011-06-16 Priv Id B V System and method for verifying the identity of an individual by employing biometric data features associated with the individual as well as a computer program product for performing said method.

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5249230A (en) * 1991-11-21 1993-09-28 Motorola, Inc. Authentication system
DE4336679A1 (en) * 1993-10-27 1995-05-04 Siemens Ag Method for authorising the entry of information into a communications and information system with the aid of an entry device
US5613012A (en) * 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0000882A2 *

Also Published As

Publication number Publication date Type
WO2000000882A3 (en) 2000-04-13 application
CN1322335A (en) 2001-11-14 application
CA2335532A1 (en) 2000-01-06 application
JP2002519782A (en) 2002-07-02 application
WO2000000882A2 (en) 2000-01-06 application

Similar Documents

Publication Publication Date Title
Bhargav-Spantzel et al. Privacy preserving multi-factor authentication with biometrics
US6460138B1 (en) User authentication for portable electronic devices using asymmetrical cryptography
US5640454A (en) System and method for access field verification
US4981370A (en) Document authentication apparatus
US6711263B1 (en) Secure distribution and protection of encryption key information
US6138239A (en) Method and system for authenticating and utilizing secure resources in a computer system
US6160891A (en) Methods and apparatus for recovering keys
US6678821B1 (en) Method and system for restricting access to the private key of a user in a public key infrastructure
US5539828A (en) Apparatus and method for providing secured communications
US6549626B1 (en) Method and apparatus for encoding keys
US5956404A (en) Digital signature with auditing bits
US6401206B1 (en) Method and apparatus for binding electronic impressions made by digital identities to documents
US6871278B1 (en) Secure transactions with passive storage media
US7552333B2 (en) Trusted authentication digital signature (tads) system
US5748738A (en) System and method for electronic transmission, storage and retrieval of authenticated documents
US7558965B2 (en) Entity authentication in electronic communications by providing verification status of device
US6845453B2 (en) Multiple factor-based user identification and authentication
US6170058B1 (en) Method and apparatus for cryptographically camouflaged cryptographic key storage, certification and use
US5659616A (en) Method for securely using digital signatures in a commercial cryptographic system
US7860243B2 (en) Public key encryption for groups
US6185546B1 (en) Apparatus and method for providing secured communications
US20030115475A1 (en) Biometrically enhanced digital certificates and system and method for making and using
US5196840A (en) Secure communications system for remotely located computers
US20060256961A1 (en) System and method for authentication seed distribution
US20010020228A1 (en) Umethod, system and program for managing relationships among entities to exchange encryption keys for use in providing access and authorization to resources

Legal Events

Date Code Title Description
17P Request for examination filed

Effective date: 20010129

AK Designated contracting states:

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17Q First examination report

Effective date: 20010809

18D Deemed to be withdrawn

Effective date: 20030311