EP1104572A1 - Security system - Google Patents

Security system

Info

Publication number
EP1104572A1
EP1104572A1 EP99944372A EP99944372A EP1104572A1 EP 1104572 A1 EP1104572 A1 EP 1104572A1 EP 99944372 A EP99944372 A EP 99944372A EP 99944372 A EP99944372 A EP 99944372A EP 1104572 A1 EP1104572 A1 EP 1104572A1
Authority
EP
European Patent Office
Prior art keywords
chip card
security system
card reader
system according
characterized
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99944372A
Other languages
German (de)
French (fr)
Inventor
Wolfgang Neifer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Identiv GmbH
Original Assignee
Identiv GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to DE29814427U priority Critical patent/DE29814427U1/en
Priority to DE29814427U priority
Application filed by Identiv GmbH filed Critical Identiv GmbH
Priority to PCT/EP1999/005879 priority patent/WO2000010134A1/en
Publication of EP1104572A1 publication Critical patent/EP1104572A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/26Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass

Abstract

The present invention relates to a security system for identity and authorisation checking in a protected communication environment. This system essentially involves using a smart-card reader having the same format as a PC card. Personal data is memorised on the smart card, while a fingerprint detector is coupled to the smart-card reader. The personal data read from the smart card is validated according to the data provided by the fingerprint detector.

Description

 security system

The invention relates to a security system for identity and authorization checking in a secure communication environment.

The identity and authorization check is usually carried out in a secure communication environment using personal identification in combination with a memory or chip card. For example, a bank card and then a personal PIN of the user must be entered at an ATM. Experience shows that such identity and authorization checks are not sufficient to prevent any misuse. Entering your personal PIN is not only cumbersome, it can also be spied on relatively easily.

Identity and authorization checks using a fingerprint sensor are considered very secure. There are known high-resolution sensors which work according to the principle of a capacitive matrix, which derive a clear and unmistakable characteristic from a fingerprint and which are available as a parameter after a highly effective data reduction. This parameter can be saved in an application as an access and authorization condition. In such a system, entering a personal secret code is unnecessary. In principle, however, it cannot be ruled out that the parameter supplied by the fingerprint sensor is intercepted or spied on during its transmission.

The invention provides a security system which offers very high protection when a personal secret code is not entered. According to the invention, the security system contains a chip card reader in the form mat a PC card on which personal data is stored. A fingerprint sensor is coupled to the chip card reader. A validation device validates the personal information read from the chip card as a function of data supplied by the fingerprint sensor. For the positive outcome of an identity and authorization check, it is necessary that both the chip card with the personal data is available and the parameter supplied by the finterprint sensor is correctly assigned to the personal data stored on the chip card.

With the security system according to the invention, a highly secure control over the communication between a local data processing device and a network can be established. According to a first solution, in which the fingerprint sensor is integrated in the chip card reader, the security system contains an interface for connection to the network. This interface can be a common network adapter, a modem or an IR interface. Communication between the local data processing device and the network can only take place via the security system. Such a security system can ensure that only authorized users can access the network. Furthermore, it can be provided that all messages transmitted in one or in both directions are signed by the parameter supplied by the fingerprint sensor and thus authenticated.

A second solution is to arrange the fingerprint sensor on a module coupled to the chip card reader by a detachable plug connection. In order to prevent the parameter supplied by the fingerprint sensor from being spied on in the area of the plug connection in this solution, this parameter is not transmitted directly but in encrypted form. For this purpose, the module has a SAM card reader and an internal processor. Even with such an embodiment of the security system, the communication between a local data processing device and a network or the like can be controlled with a maximum of security.

Further features and advantages of the invention will become apparent from the following description and from the drawing, to which reference is made. The drawing shows:

FIG. 1 shows a schematic side view of a chip card reader with an inserted chip card and a plugged-in sensor module;

Figure 2 is an end view of the sensor module;

FIG. 3 shows a top view of the sensor module with the chip card shown cut off;

Figure 4 shows three possible embodiments for the housing of the sensor module;

FIG. 5 shows a schematic side view of the chip card reader and the sensor module according to a further embodiment;

FIG. 6 shows an end view of the sensor module;

FIG. 7 shows a top view of the sensor module;

FIG. 8 shows a schematic side view of a further embodiment of the chip card reader with a sensor module; and

Figure 9 is a block diagram of the security system.

The security system shown in Figure 1 for the identity and authorization check in a secure communication environment contains a chip card reader 10 in the format of a PC card and a sensor module 12, which has a fingerprint sensor 14 and by a connector is detachably coupled to the chip card reader 10. The chip card reader 10 has a receiving channel for a chip card 16 and a contact field 18 arranged in the receiving channel for contacting the chip card 16. In the embodiment shown here, the receiving channel for the chip card is formed between a cover plate 10a and the main body 10b of the chip card reader.

The sensor module 12 is coupled to the narrow end face of the chip card reader 10, from which the chip card 16 protrudes. The housing of the sensor module 12 is provided with a slot 20 for the passage of the chip card 16. The fingerprint sensor 14 is embedded in the upper main surface of the sensor module 12. Two guide pins 24 of the sensor module 12 can be inserted into corresponding receiving openings on the narrow face of the chip card reader 10. A number of contact pins 26 of the sensor module 12 can be inserted into corresponding contact openings on the same end face of the chip card reader 10. Actuating elements 28 for a locking device are attached to the narrow sides of the sensor module 12, by means of which the sensor module 12 is releasably locked to the chip card reader 10. The contact surface 16a of the chip card 16 is also shown in FIG. It comes to rest under the contact field 18 when the chip card 16 is inserted into the chip card reader 10.

Depending on the arrangement of the receiving channel for the chip card 16 in the chip card reader, the slot 20 shown in FIG. 2 or a recess 20a on the underside or a recess 20b on the top of the sensor module 12 is provided on the housing of the sensor module 12, as in FIG. 4 illustrated.

In the embodiment shown in FIG. 5, a housing block with a ramp-shaped support surface is formed on the sensor module 12, into which the fingerprint sensor 14 is embedded. Furthermore, the sensor module 12 is for receiving and reading out a so-called SAM card or SIM card 32 educated. This card is a well-known security and authentication module.

Part of the sensor module 12 is also an interface for connection to a communication system; in the embodiment shown, this is a network adapter to which a network cable 34 is connected by means of a plug connector 36.

FIG. 8 shows an embodiment of the chip card reader with a receiving channel for the chip card, which is formed between a base plate and the main body of the chip card reader.

The concept on which the security system is based is now explained on the basis of the block diagram in FIG.

The security system consisting of the chip card reader 10 with chip card 16 on the one hand and the sensor module 12 with fingerprint sensor 14 and SAM card 32 on the other hand is inserted between a data processing device (PC) called a host and a network connection. Like the sensor module 12, the chip card reader 10 has its own local bus. The two bus systems are coupled to one another via the plug connection between chip card reader 10 and sensor module 12. The chip card reader 10 contains an internal processor 40 which performs the functions of authentication, identification, cryptographic encryption and signature. On the host side, the chip card reader 10 is equipped with a suitable interface 42, in particular a PCMCIA interface. Furthermore, the chip card reader 10 contains a memory 44 for saved data in flash technology and a time stamp unit 46, which may include a radio clock module. The chip card 16 is designed as a so-called smart card and contains its own processor and memory circuits. In particular, personal keys and code words are stored in chip card 16 for the purpose of checking identity and authorization. All Components of the chip card reader 10 are coupled to its internal local bus.

The sensor module 12 also contains an internal processor 50, the task of which is in particular the analysis of the fingerprint data supplied by the sensor 14 for the purpose of identification. The SAM card is read out via a contact unit 52. Fingerprint identification data of the authorized user are stored on the SAM card. The communication interface of the sensor module 12 comprises an interface control unit 54 and a network adapter 56 to which the network cable 34 is connected.

In addition to the fingerprint identification data of the authorized user, the SAM card contains data and structures for encrypting this data, which are then transferred in an encrypted form to the chip card reader 10 for evaluation.

An encrypted transmission of the fingerprint data can be dispensed with if the fingerprint sensor and chip card reader are integrated with one another, so that it is not possible to intercept the data from the fingerprint sensor. In this alternative embodiment, the communication interface (network adapter) is also integrated in the system.

Claims

 1. Security system for the identity and authorization check in a secure communication environment, with a chip card reader in the format of a PC card; -a chip card on which personal data is stored; a fingerprint sensor, which is coupled to the chip card reader; a validation device for validating the personal information read from the chip card as a function of data supplied by the fingerprint sensor.
2. Security system according to claim 1, characterized in that the fingerprint sensor is arranged on a module coupled to the chip card reader by a detachable plug connection.
3. Security system according to claim 2, characterized in that the module can be plugged onto a narrow end face of the chip card reader, on which the chip card protrudes.
5. Security system according to claim 3, characterized in that a slot for the passage of the chip card is arranged in the module.
6. Security system according to one of claims 2 to 5, characterized in that the module contains a SAM or SIM card reader.
7. Security system according to claim 6, characterized in that the data supplied by the fingerprint sensor with the data from the SAM or. SIM card read data are processed in an internal processor of the module to encrypted identity information.
8. Security system according to one of claims 1 to 7, characterized by an interface for connection to a communication system, in particular network.
9. Security system according to claims 2 and 8, characterized in that the interface is included in the module.
10. Security system according to claim 8 or 9, characterized in that signed messages can be exchanged with the communication environment via the interface.
EP99944372A 1998-08-11 1999-08-11 Security system Withdrawn EP1104572A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
DE29814427U DE29814427U1 (en) 1998-08-11 1998-08-11 security system
DE29814427U 1998-08-11
PCT/EP1999/005879 WO2000010134A1 (en) 1998-08-11 1999-08-11 Security system

Publications (1)

Publication Number Publication Date
EP1104572A1 true EP1104572A1 (en) 2001-06-06

Family

ID=8061181

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99944372A Withdrawn EP1104572A1 (en) 1998-08-11 1999-08-11 Security system

Country Status (4)

Country Link
EP (1) EP1104572A1 (en)
JP (1) JP2002522852A (en)
DE (1) DE29814427U1 (en)
WO (1) WO2000010134A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6631201B1 (en) * 1998-11-06 2003-10-07 Security First Corporation Relief object sensor adaptor
DE29821644U1 (en) 1998-12-04 1999-02-18 Stocko Metallwarenfab Henkels Authentication system for PC cards
SE9900887L (en) * 1999-03-12 2000-09-13 Business Security encryption device
DE19938096A1 (en) * 1999-08-12 2001-02-15 Scm Microsystems Gmbh Procedure for checking the authorization of transactions
FR2806187B1 (en) * 2000-03-10 2004-03-05 Gemplus Card Int Biometric identification method, portable electronic device and electronic biometric data acquisition device for implementing it

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3412663A1 (en) * 1984-04-04 1985-10-17 Siemens Ag Chip card system
DE3706466C2 (en) * 1987-02-27 1993-09-30 Siemens Ag Portable control unit for chip cards
FR2686172B1 (en) * 1992-01-14 1996-09-06 Gemplus Card Int Plug - in card for a microcomputer forming a card reader with flushed contacts.
DE29505678U1 (en) * 1995-04-01 1995-06-14 Stocko Metallwarenfab Henkels Contact unit for card-shaped carrier elements
DE29513985U1 (en) * 1995-08-31 1995-11-02 Cards & Devices Chipkartenloes Miniaturized reader for chip cards
NL1004171C2 (en) * 1996-10-02 1998-04-06 Nedap Nv Holder for smart card activated by fingerprint detection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0010134A1 *

Also Published As

Publication number Publication date
JP2002522852A (en) 2002-07-23
DE29814427U1 (en) 1998-12-10
WO2000010134A1 (en) 2000-02-24

Similar Documents

Publication Publication Date Title
US9413535B2 (en) Critical security parameter generation and exchange system and method for smart-card memory modules
US9003516B2 (en) System and method for encrypted smart card pin entry
US10296735B2 (en) Biometric identification device with removable card capabilities
US20140337636A1 (en) Simplified multi-factor authentication
US20160259736A1 (en) Encryption bridge system and method of operation thereof
US6799275B1 (en) Method and apparatus for securing a secure processor
DE102013106295A1 (en) Embedded secure element for authentication, storage and transaction in a mobile terminal
US8215547B2 (en) Data communicating apparatus and method for managing memory of data communicating apparatus
US8255697B2 (en) Portable or embedded access and input devices and methods for giving access to access limited devices, apparatuses, appliances, systems or networks
US9111045B2 (en) Intelligent controller system and method for smart card memory modules
CA2640915C (en) Biometric authentication method, computer programme, authentication server, corresponding terminal and portable object
US6454173B2 (en) Smart card technology
KR20150113152A (en) Smart card and smart card system with enhanced security features
EP0870222B1 (en) Conditional access method and device
JP4054052B2 (en) Biometric parameter protection USB interface portable data storage device with USB interface accessible biometric processor
US6257486B1 (en) Smart card pin system, card, and reader
CA2608834C (en) Method for accessing a data station to an electronic device
AU2002257249B2 (en) Smart card access control system
US6630928B1 (en) Method and apparatus for touch screen data entry
DE60209589T2 (en) Electronic device and method for debugging authorization
AU736113B2 (en) Personal identification authenticating with fingerprint identification
CA2665417C (en) Proxy authentication methods and apparatus
US7664961B2 (en) Wireless handheld device with local biometric authentication
EP0552078B1 (en) Insertable card for microcomputer constituting a reader for cards with flat contacts
US5280527A (en) Biometric token for authorizing access to a host system

Legal Events

Date Code Title Description
17P Request for examination filed

Effective date: 20010308

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17Q First examination report despatched

Effective date: 20021014

18D Application deemed to be withdrawn

Effective date: 20060301