Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards

Definitions

• the present invention relates to the authentication or identification of an individual using an electronic device. It will be noted that throughout this text, when we talk about authentication or identification, the "or” is inclusive, that is, it means “and / or”, so that the present invention is applicable to both authentication and identification, or even both.
• the identification aims to make it possible to know the identity of an entity, for example using an identifier which can be a user name or a network identifier (telephone number for example).
• Authentication verifies the identity of an entity to allow access to services or resources.
• Authentication or identification regularly uses a server storing data relating to entities, ie individuals having previously undergone a so-called registration (or registration) phase with said server to be delivered, when authentication or identification, any right (issuing a driver's license, a ticket, compensation, authorization to access a room, authorization to access a service, implementation of a service, electronic payment, etc.).
• the data traditionally used for the registration of individuals with the server are personal data, most often alphanumeric, such as passwords, addresses of electronic devices used by individuals (eg IP addresses), identities and / or others.
• the data used can be relatively complex from the point of view of the individuals. For example, the longer a password contains characters, the more reliable it will be, but the more difficult it will be for an individual to memorize.
• an object communicating, smart card type, "smart phone”, tablet digital or other can be used as an identification medium. It is appropriate that this object can be used by its wearer reliably and securely, while remaining ergonomic in its use by its wearer.
• Biometric data may be used in association with a communicating object to ensure the uniqueness of the individual carrying the object.
• a biometric passport constitutes such a secure identification object.
• the registration server may contain only weak links between the biometric data of the wearer and his identity; for example, document FR-A-2 867 881 may be referred to, likewise the biometric data may be stored only in the object of the wearer without sharing with a base.
• the reading of the biometric data from the identification object is subject to mutual authentication between the security element of the object (an electronic chip for example) and a remote server via a reader of the object ( according to the EAC protocol, for "Extended Access Control" for example), which allows verification in local mode (data in the bearer object) and / or in remote mode with information sharing with a server.
• the invention thus proposes a method for generating a digital identity for an individual carrying an identification object comprising a security component, the method comprising the following steps:
• a first aspect of the invention consists of an initialization phase.
• This initialization phase aims to build a digital identity for the individual carrying an identification object.
• This initial digital identity carries the uniqueness of the carrier-object pair, that is to say that it attests to the authenticity of the identity of the wearer upon presentation of the object.
• the object of identification can not be validly used without its legitimate carrier.
• This initial digital identity is however non-significant, that is to say that it does not in any case to directly find the civil status of the wearer.
• the object of identification is thus protected against theft or misappropriation by the biometric data associated with the digital identity it bears, without these biometric data being directly related to the identity of the bearer of the object.
• the method of generating a digital identity according to the invention may furthermore comprise one or more of the following characteristics:
• the digital data can be derived from the initial biometric data by applying an algorithm stored in the security component of the object; or the initial biometric data may be transmitted to a server that calculates the reference digital data derived from the biometric data and transmits it to the identification object.
• the data generated by the security component of the object may be a Physical Unclonable Feature (PUF) produced by the security component of the object; or the data generated by the security component of the object may be a random stored in the security component of the object after printing.
• PAF Physical Unclonable Feature
• the initial digital identity can be determined by encrypting the reference digital data using a key using at least the data generated by the security component of the object; this initial digital identity can be stored in the security component of the object and / or transmitted to an authentication server.
• the invention also proposes a method for verifying the digital identity of an individual carrying an identification object, the verification method comprising the following steps:
• the data generated by the security component of the object is validated by the positive statistical comparison of the current digital identity with the initial digital identity.
• the comparison can be carried out in the identification object and / or with an authentication server.
• a second aspect of the invention consists of a verification phase of the digital identity generated according to the invention.
• the invention also relates to an electronic device comprising a security component adapted to implement the steps of the method according to the invention.
• a security component adapted to implement the steps of the method according to the invention.
• Such a device may further comprise means for entering a biometric data item.
• the invention also relates to a system for verifying the identity of a carrier of an identification object, the system comprising a device electronic device according to the invention and an authentication server comprising at least one initial digital identity stored associated with rights for the individual.
• FIG. 1 is a flowchart of an example of an initialization phase during the implementation of the method according to the invention
• FIG. 2 is a flowchart of an example of a verification phase of the authenticity of the carrier-object pair during the implementation of the method according to the invention
• FIG. 3 is a flowchart of an example of a phase of verification of the stability of the data generated by the security component of the object during the implementation of the method according to the invention
• FIG. 4 is an example of an identification object that can be used during the implementation of the method according to the invention.
• FIG. 5 is another example of an identification object that can be used during the implementation of the method according to the invention.
• FIG. 6 is a diagram showing an example of an initialization phase that can be implemented according to one embodiment of the invention.
• FIG. 7 is a diagram showing an example of a verification phase that can be implemented according to one embodiment of the invention.
• a first aspect of the invention consists of an initialization phase.
• This initialization phase is intended to build a digital identity bearing the uniqueness of the carrier-object couple to allow the individual to be subsequently issued any right (issuance of a driving license, a title of transport, compensation, authorization for access to premises, authorization to access a service, implementation of a service, electronic payment, etc.) upon presentation of the object.
• the identification object may be a smart card, a mobile phone or any other portable object having at least one security component.
• the identification object can be used as a loyalty card, a card of member to access services, an insurance card or a carrier bearing a regal identity.
• the initialization phase is illustrated in FIG.
• This initial bio biometric data of the individual is entered.
• This initial biometric data Bio may be a fingerprint, an iris print or a photo of the face, ear or other discriminating part of the body of the individual, such as a tattoo, scar, or other .
• This biometric initial biometric data of the individual is digitized and processed to create a digital reference data MO derived from the initial biometric data. Only the digital reference data MO derived from the initial biometric data is stored in the security component of the object. The initial biometric data Bio does not have to be stored in the identification object. No diversion of the biometric data of an individual can therefore be operated in case of theft or loss of the object of identification.
• a signature data P1 is generated by the security component of the object.
• This data P1 is unpredictable and depends only on the electronics of the security component of the object; it is not stored in the memory of the identification object but generated for each use as a signature of the electronic security component.
• a data P1 may be designated by the acronym PUF for "Physical Unclonable Feature”; it consists of a series of unpredictable binary values that are unavailable outside the object.
• the signature data P1 generated by the security component of the object can also be a random stored after drawing in the security component of the object.
• An initial digital identity M1 can then be determined. This initial digital identity M1 is obtained by modifying the digital reference data MO by the data P1 generated by the security component of the object.
• the initial digital identity M1 is obtained by encrypting the digital reference data MO and the value P1; for example, P1 generated by the identification object may be an entire or part of a key used to encrypt the digital reference data MO.
• the initial digital identity M1 is then stored in the memory of the identification object.
• the use of a non-reversible algorithm ensures that even in the event of theft or loss of the identification object, no information personal can not be derived from the digital identity M1 stored in the object.
• the digital identity can then also be transmitted according to several known methods to an authentication server for enrolling the individual with said server to be delivered, during a subsequent authentication, any right on presentation of the object and verification of the authenticity of the carrier-object couple.
• Verification of the authenticity of the carrier-object pair can be done by using the biometric data Bio to authenticate the carrier by comparison with the reference digital data MO, derived from the initial biometric data and stored in the security component of the object.
• the type of biometric data used being defined by the wearer himself, a first level of trust is established between bearer and object.
• a current biometric data Bio ' is entered and a derived digital data MO' is calculated. Then, this digital data MO 'derived from the current biometric data Bio' is validated internally by a comparison made in the object itself, according to a process known by the acronym MOC for "Match On Card".
• the value of the PUF ie of the data P1 generated by the security component of the object, can also change over time, because of the technology. In this case, the value of the data P1 may no longer be strictly identical to that initially generated, effectively prohibiting the deterministic calculations necessary for cryptography. It is then necessary to requalify the value of PUF or to destroy at least the sensitive functions of the product. The requalification opens the doors to an attack on the integrity of the PUF. In this case, the use of biometrics makes it possible to protect the wearer.
• FIG. 3 The phase of verification of the stability of the PUF data, with input of the biometry is illustrated in FIG. 3.
• the digital reference data MO which is derived from the biometric value and stored in the component of FIG. security of the object, can serve as a direct reference.
• This current biometric data item Bio is digitized and processed to create a new digital data item MO 'derived from the current biometric data item; the processing is preferably carried out with the same types of software as those used to create the digital reference data MO during the initialization phase. If the bearer is the legitimate bearer, the new digital data MO 'derived from the current biometric data will be considered identical by the MOC relative to the digital reference data MO. In the field considered, the term "identical" means a statistical correspondence greater than a defined threshold between two sets of digital data. The threshold value is used to set the level of requirement and security.
• P2 is again generated by the security component of the object.
• This data is always unpredictable and remains solely dependent on the electronics of the security component of the object.
• the data P2 generated during the verification phase is normally identical to the value P1 generated during the initialization phase (FIG. 1) since it represents a signature of the electronic security component of the object.
• a current digital identity M2 can then be determined, according to the same encryption process as the initial digital identity M1.
• the current digital identity M2 is then compared to the initial digital identity M1. This comparison can be done in the object itself in OMC.
• the current digital identity M2 can, if necessary, also be transmitted to an authentication server which itself compares with the digital identity. M1 initial, as will be described in more detail with reference to Figure 6.
• the comparison between the current digital identity M2 and the initial digital identity M1 is a statistical comparison. Indeed, it may be that the new value of the PUF P2 generated by the security component of the object during the verification phase is different from the value of the PUF P1 generated during the initialization phase (FIG. ) without the object being defrauded. Indeed, the electronic component of the object can evolve and some binary values of the hazard can be changed without the carrier or a third party intervened maliciously. This would result in a rebuttal of the authenticity of the carrier-object couple without any fraud having occurred.
• the new value of PUF P2 can differ by a few bits from the initial value of PUF P1.
• the difference between the value P2 and the value P1 will not be statistically significant for a qualification of the similarity of these values by a function of the MOC type performed in the security component of the object, which makes it possible to validate a drift without fraud of the PUF.
• Such a statistical comparison can use any known and appropriate biometric data comparison algorithm. Several algorithms can also be juxtaposed or combined to improve the reliability of the comparison ("Match On Card” or "Match On System”).
• the term "statistically identical" means a statistical correspondence greater than a threshold defined according to the level of security targeted.
• the identification object 10 may be a mobile phone (FIG. 4) comprising a security component 1 1 provided in a SIM card or any other embedded security element.
• the telephone 10 may comprise an image capture means 12 and / or sound and / or a fingerprint reader 13, or any other biometric data input means.
• the telephone 10 also comprises communication means 14 with a cellular network; it may also include means of communication with a local network (WiFi or BT type) or near-field communication means (NFC).
• the telephone 10 can thus communicate with an authentication server to trigger access to the rights or services required by the bearer after checking a current digital identity MV or M2 as explained above.
• the verification of the current digital identity MV or M2 can be done in the phone itself by a MOC process before transmission of said current identity MV or M2 or an attestation of identity to a server or a base station the rights or services required.
• the identification object 10 may be a smart card (FIG. 5) comprising a security element 11 in the form of an electronic chip of the card.
• the card 10 may comprise a fingerprint reader 13 or any other means for entering biometric data.
• the card 10 is also communicating by reading the data of the chip 1 1 via an appropriate reader in contact mode and / or by non-contact communication means such as the near field model (NFC) via an antenna in the card 10.
• NFC near field model
• the card 10 can thus, for example communicate with a terminal or a telephone to trigger access to rights or services required by the wearer after verification of a current digital identity M2 as explained above.
• the verification of the current digital identity M2 can be done in the card itself by a MOC process before transmission of said M2 identity or an attestation of identity to a terminal access rights or services required. According to one embodiment, all the steps of the initialization phase and / or all the steps of the verification phase can be carried out in the identification object itself.
• the biometric data Bio can be entered by the individual using the identification object itself; for example in the case where the identification object is a mobile phone equipped with a camera or a fingerprint reader as described with reference to FIG. 4.
• the biometric reference for the functions of OMC can then be derived biometric data by applying an algorithm stored in the security component of the object, for example an algorithm for creating a stable digital signature as described in document FR-A-2 925 732.
• This digital data derived from the biometric data ⁇ MO in the illustrated example) can also be encrypted, by application of a hash function for example.
• the initial numerical identities M1 and current MV, M2 can be determined in the security component of the object which can itself perform the verification by an MOC comparison as described above.
• the security component then transmits only, to a terminal or a server, a validation or a refutation of the identity of the bearer of the identification object, in the form of a certificate or a digital signature, for example.
• Such an embodiment has the advantages of limiting the exchange of sensitive data and allowing access to services via local terminals without connection to an Internet or cellular network.
• the steps of the initialization phase and / or the steps of a verification phase can be shared between the identification object and an authentication server.
• the identification object may be devoid of any means for entering biometric data. He is then able to communicate to collect a Bio biometric data input elsewhere (a card reader equipped with a biometric solution for example) or even to collect a digital data MO, MO 'derived from the biometric data on an integrated solution to a system.
• FIG. 6 shows an example implemented during an initialization phase and FIG. 7 shows an example implemented during a verification phase.
• the initial biometric data item Bio is entered by an appropriate means 20 such as a fingerprint reading terminal or a webcam installed on a PC for example.
• This initial biometric data Bio is then transmitted to a server 30 which calculates the digital reference data MO derived from the biometric data item and transmits it to the identification object 10.
• this initial biometric data Bio can be transmitted directly to the identification object 10, by communication in the NFC near field for example if the object is equipped with this function, or by cellular communication or wifi if the object is equipped with this function; the object 10 then calculates itself the reference digital data MO derived from the biometric data.
• the digital reference data MO derived from the biometric data Bio can be calculated in the input means 20 and then transmitted directly to the identification object 10, by NFC communication or by cellular communication. or wifi.
• the secure component of the identification object 10 generates a randomness P1 and calculates the initial digital identity M1 as described above; then the initial digital identity M1 is transmitted to the server 30 to be stored there with associated rights.
• the data P1 generated by the identification object 10 may be the private key of a bi-key used to encrypt the digital reference data MO.
• the public key of the key pair can then be transmitted to the identification server 30 with a request for certification of the key pair.
• the identification server generates a certificate related to the digital identity M1. This certificate is then returned to the identification object next to the key pair.
• the current biometric data item Bio ' is also entered by an appropriate means 20 and transmitted to the server 30 which calculates the digital data item MO' derived from this current biometric data item and transmits it to the object of identification 10.
• this current biometric data Bio ' can be transmitted directly to the identification object 10 which then calculates itself the digital data MO' derived from the biometric data; or digital data MO 'derived from the biometric data can be calculated in the input means 20 and then transmitted directly to the identification object 10.
• the secure component of the identification object 1 0 then generates a new PUF data, which can be the initial data P1 remained stable or a data item P2 that has evolved.
• the security component of the object then calculates the current digital identity M1 'or M2 as described above with reference to FIGS. 2 and 3; then the current digital identity M1 'or M2 is transmitted to the server 30 to be compared with the initial digital identity M1 stored. If the comparison is positive, the associated access rights are open; otherwise, the authenticity of the bearer-object pair is refuted.
• the comparison can also be carried out in the object itself by an OMC process and a validation certificate or refutation indication is sent back to the server 30. This validation or refutation attestation sent back to the server 30 can be redundant with the comparison made at the server level.
• Data transmissions - Bio, MO, M1, M2 or their derived values - can be direct or pass through one or more intermediate devices, as for example in the case where the transmission is through a communication network.
• the format of the transmitted data may be any.
• these transmissions are carried out in a secure manner.
• any appropriate procedure for securing the transmission can be envisaged, such as the use of HTTPS, SSL / TLS or other.
• a single server 30 may be used or several entities may perform respective functions; for example, an entity may be dedicated to computing or storing data from the biometric values used, and another entity may be dedicated to storing and comparing the digital identity.
• one or more personal data of the individual can be transmitted to the server 30 in the same configurations as for the initial digital identity M1.
• This personal data may include any data that may be used in connection with authentication or identification. As an illustration, they may include at least one of: a password, an email address of the identification object, an identity, or other.
• the various data relating to the individual are stored in association by or for the server 30.
• each data associated with a digital identity can be used for separate functions or services (local or remote). Note that, although the above description has been described with the assumption that only one initial biometric data is captured during the initialization phase, the invention also applies to the case where several complementary biometric data would be seizures and several initial numerical identities M1 would be determined during the initialization phase, for later comparison with current digital identities M2 during the verification phase. This increases the reliability of the authenticity of the carrier-object pair.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Theoretical Computer Science (AREA)
• Computer Hardware Design (AREA)
• Software Systems (AREA)
• Physics & Mathematics (AREA)
• General Engineering & Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Storage Device Security (AREA)
• Collating Specific Patterns (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=47080598

Family Applications (1)

Country Status (3)

Citations (1)

Family Cites Families (7)

• 2012
  • 2012-03-19 FR FR1252446A patent/FR2988197B1/fr not_active Expired - Fee Related
• 2013
  • 2013-03-18 WO PCT/FR2013/050574 patent/WO2013140078A1/fr active Application Filing
  • 2013-03-18 EP EP13715348.2A patent/EP2836952A1/de not_active Ceased

Patent Citations (1)

Non-Patent Citations (3)

Also Published As

Similar Documents

Legal Events