Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
  • H04L9/3231—Biological data, e.g. fingerprint, voice or retina
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/401—Transaction verification
  • G06Q20/4014—Identity check for transactions
  • G06Q20/40145—Biometric identity checks
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/80—Wireless
  • H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

• Biometric identity verification system with a success signal cooperating with a portable object
• the invention relates to biometric systems for verification of identity, where a physical characteristic of a person is automatically compared to a reference to verify his identity.
• a sensor acquires data representative of a physical characteristic of an individual, the resultant data is compared to a reference datum, and the individual is authenticated if the two data have sufficiently similar characteristics.
• fingerprints commonly referred to as “fingerprints”
• WO 2009/097604 A1 discloses a biometric system capable of being temporarily coupled to another system and selectively providing it with certain information in the event of successful authentication (and also a biometric system in which graphic information is disclosed or hidden according to the result of the authentication).
• the WO 2010/022129 A1 describes a biometric system integrated into an identification card that can be temporarily coupled to a terminal, such that the success of the authentication is necessary for the activation of the functions of the card, and therefore its use.
• WO 2005/096214 A1 discloses a biometric system integrated into an identification card that may be temporarily coupled by radio to another device subject to successful authentication.
• WO 2008/137206 A1 describes a biometric system integrated into an RFID transponder provided with a memory that can be accessed by this means subject to successful authentication.
• US 7,360,688 B1 as well as EP 1 840 788 A2 describe a biometric system of which at least the sensor is integrated in an identification card that can be temporarily coupled to a terminal (without precise indication of what is produced by the device). authentication).
• a particular example is the situation encountered when a customer rides a taxi.
• the customer is supposed to check that the taxi in which he rides is operated by a driver holding a valid license, based on a plate attached to the vehicle and / or a driver's authorization card.
• This is sometimes insufficient: these elements of identification are difficult to verify, may be counterfeit, or be stolen from their legitimate holder, for example with the vehicle, in order to strip the customers of this fake taxi with the complicity of the false driver.
• the problem is so acute that various embassies (France, USA, ...) indicate: "In town, it is strongly discouraged to hail a taxi at random and to borrow free taxis".
• the driver used a conventional biometric system to prove his identity to the customer, the risk would be that a device of identical appearance is used by a false driver and gives false assurance to the customer that the driver holds a valid license.
• the invention proposes, essentially, to solve this difficulty by completing the biometric verification system of the identity by a success signal of a nature to bring the proof to the second individual (the person requesting the verification) that the identification of the first individual (that which is the object of the verification) is validly carried out, this signal of success cooperating with a portable object held by the second individual and in which he can have confidence. It could possibly be a pre-existing secure portable object such as transport card, passport or contactless identity card, mobile phone, etc.
• the customer will see for example a sentence he has chosen, from a card he holds, displayed on the housing performing the biometric authentication, the system of the invention ensuring that this is possible only if the identity of the driver has been validly verified.
• the system of the invention can also validate a flow of the race by means of electronic money, which reduces the risk of aggression of the driver by an unscrupulous customer, since the latter has no way to recover the dematerialized currency held by the chauffeur.
• the invention proposes a biometric system for verifying identity of the general type disclosed by the aforementioned WO 2009/097604 A1, that is to say comprising:
• biometric verification subsystem of the identity of a first individual
• the biometric verification subsystem is held by the first individual and the portable object is held by the second individual;
• the means for selectively delivering a success signal are means included in the biometric verification subsystem
• the cryptographic protocol is a protocol capable of producing a result determining a characteristic of the success signal and representative of the concordance between a secret datum and a datum contained in the portable object;
• the means for restoring in visual or auditory form the success signal are means controlled by a circuit of the biometric verification subsystem held by the first individual, so that the perception of this signal by the second individual assures him that the identity of the first individual is validly verified.
• the invention also relates to a biometric method for verifying the identity of a first individual by a second individual, comprising the following steps:
• biometric verification subsystem selective issuance of a successful success signal: (i) a biometric verification and (ii) a verification of the authenticity of the biometric verification subsystem by a cryptographic protocol between it and the portable object,
• this cryptographic protocol being a protocol capable of producing a result determining a characteristic of the success signal and representative of the concordance between a secret datum and a datum contained in the portable object;
• FIG. 1 illustrates in block diagram form functional the system of the invention in its most general form.
• FIG. 2 illustrates a particular embodiment of the invention.
• FIG 1 illustrates the system of the invention in its most general form.
• the system of the invention comprises a subsystem 100 for biometric verification of the identity of a first individual.
• a sensor 101 produces a biometric 102 characteristic of the first individual.
• This datum is compared with a reference datum 103 by an automatic comparison device 104 which produces a comparison result 105 capable of taking at least two distinct values, True or False, depending on whether the data have, or do not have, sufficiently similar characteristics.
• the system further comprises a portable object 300 held by a second individual to whom proof of the identity of the first individual is to be provided; the portable object 300 comprises a means 350 for temporary coupling and information exchange with a coupler 250 for portable objects, a microcircuit 307 forming information processing means, in particular data 306 previously introduced and stored in this portable object.
• the portable object 300 may be, for example, a contact (ISO / IEC 7816) or non-contact (proximity) magnetic proximity card according to ISO / IEC 14443 standards or Near Field Communication (NFC) standards, or magnetic neighborhood coupling according to ISO / IEC ISO / IEC 15693 standards), or a mobile phone with an NFC interface.
• the temporary coupling of the portable object 300 with the rest of the system may be for example an inductive coupling between the coupler 250 and the coupling means 350.
• the system of the invention implements a cryptographic protocol, between the microcircuit 307 for an operation concerning the data 306, and a microcircuit 207 for an operation concerning a secret datum 206; the messages of this protocol are exchanged through the coupler 250 collaborating with the microcircuit 207, and the coupling means 350 collaborating with the microcircuit 307, the coupler 250 and the coupling means 350 carrying out their temporary coupling and transfer function. infor- mation; the result 201 of the cryptographic protocol depends on the concordance between the secret datum 206 and the datum 306.
• the system of the invention comprises a success signal 202 accessible to the senses (visual, auditory, etc.) of the second individual, activated according to the result 201 AND that the comparison result 105 is True.
• a good way to achieve this result is to produce the result 201 and selectively transfer it to the success signal 202 when the comparison result 105 is True, as shown in FIG. 1.
• An equivalent means is that the microcircuit 207 does not implement the cryptographic protocol only selectively if the comparison result 105 is True, and the microcircuit 207, or respectively the microcircuit 307, controls the success signal 202 as a function of the result 201 when the cryptographic protocol comes to its normal end.
• this success signal 202 is obtained in the manner that will be described below.
• the success signal 202 is in the form of a characteristic such as the text of a message or the notes of a melody chosen by the second individual. This characteristic is recognizable by the second individual but is initially unknown to the first individual. It is determined from the result 201 and that the result of the comparison 105 is True.
• This embodiment is well suited to the case where the presentation of the success signal 202 is carried out by the first individual and controlled by the microcircuit 207. Since the result 201 depends on the concordance between the secret datum 206 and the datum 306, the signal expected success is produced only if the secret data 206 is concordant with the data 306 and the result of the comparison 105 is True, that is to say if the identity of the first individual has been validly verified.
• FIG. 2 illustrates a particular form of this embodiment of the system of the invention.
• the cryptographic protocol is that the microcircuit 207 decrypts the data 306 with the key formed by the secret data 206 selectively when the result of the comparison 105 is True.
• Each letter of the data item 306 is, for example, shifted in the alphabet, especially since the corresponding figure of the secret data item 206, and the result 201 of the tocole, generated by the microcircuit 207, is presented by a display revealing the success signal 202 to the second individual, who for example recognizes a text ("monica") to which he expects. It will be appreciated that if the secret datum 206 is altered or absent, this text would not be displayed. The display of the expected text is therefore for the second individual a factor of assurance that the system used is not counterfeit.
• the physical implementation should ensure that an alteration of the comparison device 104, the result 105 of the comparison, or the microcircuit 207, as well as, as far as possible, an alteration of the sensor 101, the data 102, or reference datum 103, would destroy the secret datum 206 and / or prevent by a similar means the normal activation of the success signal 202.
• the elements 102 to 207 can be made for example by means of a SecurCore ARM security microcontroller connected closer to the sensor 101 and collaborating closely with it, for example by operating its mechanical, optical elements or / and electronic.
• the secret data 206 may constitute the secret key of a cryptographic algorithm, the data 306 being the same key, a paired public key, or a value encrypted by the key constituted by the secret data 206.
• the data item 306 is written into the portable object during its manufacture or subsequently by appropriate input for example on dedicated equipment, and results from an encryption operation according to a symmetric cryptographic algorithm (for example AES, described by the FIPS publication No. 197 NIST) of a message chosen by the second individual, with a key whose value coincides with the secret data 206.
• a symmetric cryptographic algorithm for example AES, described by the FIPS publication No. 197 NIST
• the data 306 is transferred from the portable object through the coupling means 350 and the coupler 250, and decrypted by the microcircuit 207 under control of the key formed by the secret data 206, producing the result 201 constituting the success signal that is displayed, this selectively when the result of the comparison 105 is right.
• the expected message is observable by the second individual selectively only if the cryptographic protocol has succeeded and the identity of the first individual has been verified.
• the activation of the success signal 202 is advantageously conditioned on the fact that the use of the sensor 101 has occurred within a time period below a predetermined threshold. This prevents a circumvention of the system where the identity of the first individual is verified, then usurped later by a third individual.
• a system element is advantageously recorded in a newspaper and / or broadcast remotely, each record of the newspaper or each broadcast being accompanied by at least one item of data from a system element, such as a serial number, part of the reference data 103, secret data 206, and / or data 306, and transferred through the coupling means 350 and the coupler 250; the cryptographic protocol used can also ensure the integrity of this data.
• the recording can for example be done in a cyclic file of a microcircuit, as described in the ISO / IEC 7816, part 4.
• the diffusion can be done by a data telecommunication system (SMS, MMS, GPRS, ).
• a payment system by means of the portable object 300 held by the second individual, which system can be activated only if the success of the cryptographic protocol makes it available, selectively if the result of the Comparison 105 is true, flow-through information transferred from the portable object through the coupling means 350 and the coupler 250.
• the flow rate is conditioned on the activation of a confirmation signal of the flow authorization in a predetermined time window relative to the implementation of a system element, and / or the flow rate with flow-through information. is inhibited by a new implementation of an element of the system. This helps to prevent unauthorized flow.
• the data 306 evolves so that the success signal 202 evolves in a predetermined manner.
• the evolution may consist, for example, in the increment of a usage counter directly displayed by the success signal 202, or / and the selection of one of several messages or melody in a cyclic list. This gives increased assurance on the confidentiality of the expected value for the success signal 202.
• the driver holds a biometric authentication box including the biometric verification subsystem 100, the secret data 206, the microcircuit 207, the coupler 250 and the success signal 202.
• the customer holds a portable object including including information 306 known to the customer, such as an account number or / and a message he has chosen.
• the driver presents his finger on the sensor 101, and its identity is verified by the biometric system on the basis of the characteristics of the dermatoglyphs of the finger compared to the reference characteristics 103.
• the client approaches his portable object 300 of the reader 250 and the temporary coupling is established with the coupling means 350.
• the data item 306 is read, decrypted under control of the key formed by the secret data item 206 selectively if the result 105 of the comparison is True, as described above, and the activation signal 202 is revealed by displaying the message known to the client on a screen of the box.
• a record is added to the on-demand log of the microcircuit 207 and / or the microcircuit 307, including the serial number of the portable object of the client read through the coupler 250 and the coupling means 350, as well as the date.
• this information is broadcast, for example by an SMS message sent on command of the microcircuit 207 and / or the microcircuit 307.
• This record which can be used in the case of an inquiry, constitutes an indication of the support for this customer in this taxi at this precise moment, and this as soon as the intention of the customer to use the taxi is constituted, that the identity of the driver is checked or not. This also deters a legitimate taxi driver from becoming an accomplice to wrongdoing.
• the system can be connected to the taximeter, the activation of its "support” mode constituting the confirmation signal of the debit authorization. If this activation occurs within a predetermined time window relative to the activation of the activation signal 202 or some other element of the system, the credentials of the customer, such as the account number, are used for debiting the amount of money. the race, which can come from the taximeter, or otherwise be obtained via an ad hoc keyboard. This credential information is then cleared, as is the case where another customer's support occurs without a debit, preventing the new customer from being charged to the previous customer.
• the reference data item 103 may be searched automatically among a plurality; and / or the reference datum 103 may be derived from an additional portable object held by the identified individual, which may collaborate with the coupler 250 or the like; in the example of application to taxis, it may be for example several drivers sharing the same vehicle.
• the sensor 101 and / or the automatic comparison device 104 and / or the secret key 206 and / or the log support can be integrated with this additional portable object.
• the reference datum 103 may be protected by a cryptographic certificate, and / or be associated with a validity expiry date, and / or with a known carrier code of the first individual.
• two individuals each equipped with NFC mobile phones can demonstrate to each other their identity, provided that one (at least) of the two mobile phones, or an intermediate device, includes a biometric verification subsystem.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Business, Economics & Management (AREA)
• Physics & Mathematics (AREA)
• Accounting & Taxation (AREA)
• General Physics & Mathematics (AREA)
• Life Sciences & Earth Sciences (AREA)
• General Health & Medical Sciences (AREA)
• Biomedical Technology (AREA)
• Health & Medical Sciences (AREA)
• Biodiversity & Conservation Biology (AREA)
• Signal Processing (AREA)
• Finance (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Theoretical Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Collating Specific Patterns (AREA)
• Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=44312327

Family Applications (1)

Country Status (5)

Family Cites Families (7)

• 2011
  • 2011-01-28 FR FR1150662A patent/FR2971109B1/fr not_active Expired - Fee Related
• 2012
  • 2012-01-27 BR BR112013018631A patent/BR112013018631A2/pt not_active Application Discontinuation
  • 2012-01-27 EP EP12706637.1A patent/EP2668738A1/de not_active Withdrawn
  • 2012-01-27 MX MX2013008675A patent/MX2013008675A/es active IP Right Grant
  • 2012-01-27 WO PCT/FR2012/050175 patent/WO2012101389A1/fr active Application Filing

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events