EP3248129A1 - Biometric device utilizing finger sequence for authentication - Google Patents
Biometric device utilizing finger sequence for authenticationInfo
- Publication number
- EP3248129A1 EP3248129A1 EP16739834.6A EP16739834A EP3248129A1 EP 3248129 A1 EP3248129 A1 EP 3248129A1 EP 16739834 A EP16739834 A EP 16739834A EP 3248129 A1 EP3248129 A1 EP 3248129A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- fingerprint
- sequence
- memory
- fingerprint templates
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
Definitions
- the present disclosure relates generally to biometric security, and more particularly, some embodiments relate to biometric authentication utilizing a fingerprint sequence.
- a smart card is a device that includes an embedded integrated circuit chip that can be either a secure processing module (e.g., microprocessor, microcontroller, or equivalent intelligence) operating with an internal or external memory or a memory chip alone.
- Smart cards can provide identification, authentication, data storage, and application processing, as well as serving as credit or ATM debit cards, phone or fuel cards, and high-security access-control cards for granting access to a building or computer.
- Smart cards can authenticate the identity of a user by employing a public key infrastructure (PKI). This authentication process may be conducted in a variety of ways, including through the use of a pin, password, or biometric authentication, or a combination of methods for added layers of security.
- PKI public key infrastructure
- a method of enhanced biometric security comprising, during an enrollment period obtaining a set of fingerprint templates associated with a registering user; storing the fingerprint templates on a memory of the electronic transaction system; determining a verification sequence unique to the registering user, wherein the verification sequence comprises a pattern of entering fingerprint images; and associating the verification sequence with the stored set of fingerprint templates to be used for a subsequent authentication of the registering user.
- a method of authenticating a registered user in an electronic transaction system comprising obtaining one or more fingerprint templates associated with a party requesting a new transaction, the one or more fingerprint templates associated with the party generated from one or more fingerprint images entered by the party in a first sequence; comparing the one or more fingerprint templates associated with the party to one or more fingerprint templates associated with a registered user and a second sequence, the set of fingerprint templates generated from a set of fingerprint images entered by the registered user during an enrollment process; and determining whether there is a match between the first sequence and the second sequence.
- an electronic transactions system comprising a fingerprint scanner configured to obtain one or more fingerprint images entered by a party requesting a new transaction in a first sequence; a memory for storing a set of fingerprint templates associated with a registered user and a second sequence, the set of fingerprint templates generated from a plurality of fingerprint images entered by the registered user during an enrollment process; and one or more processing modules communicatively coupled to the memory and the fingerprint scanner, and configured to: generate one or more fingerprint templates associated with the party from the one or more fingerprint images entered by the party via the fingerprint scanner; compare the one or more fingerprint templates associated with the party to one or more fingerprint templates from the set of fingerprint templates associated with the registered user; and determine whether there is a match between the first sequence and the second sequence.
- Figures 1A & 1 B are example environments within which various embodiments of the technology disclosed herein may be implemented.
- Figure 2 is an example diagram of a personal transaction device that may be used in accordance with various embodiments of the technology disclosed herein.
- Figure 3 is an example diagram of a transaction using a personal transaction device in accordance with the technology disclosed herein.
- Figure 4 is an example flowchart of an authentication process in accordance with the technology disclosed herein.
- Figure 5 is another example diagram of a transaction using a personal transaction device in accordance with the technology disclosed herein.
- Figure 6 is an example flowchart of an enrollment process in accordance with the technology disclosed herein.
- Figure 7 is an example diagram of a computing module that may be used in implementing various features of embodiments of the technology disclosed herein.
- Embodiments of the technology disclosed herein are directed toward a system for and method of enhancing the security of a biometric device. More particularly, the various embodiments of the technology disclosed herein relate to biometric security utilizing fingerprint sequence authentication.
- FIG. 1A is a block diagram of an example electronic transaction system 100 that can implement a finger sequence authentication procedure according to certain aspects of the present disclosure.
- the system 100 includes an electronic portable transaction device (PTD) 1 10, a transaction processing system (TPS) 130, and an interface device 120 that facilitates communications between the PTD 1 10 and the TPS 130.
- PTD 1 10 can be, for example, a smart card, a smart key, a smart fob, or a mobile device.
- the PTD 1 10 can include a biometric authentication module (not shown) for biometric authentication, as discussed in more detail with regards to Figure 2.
- the PTD 10 can conduct various types of electronic transactions with the TPS 130 via the interface device 120.
- the PTD 1 10 can be a smart payment card such as a smart credit, debit, and/or prepaid card, or a smartphone with a payment transaction application.
- the TPS 130 can be a payment processing system of a merchant (e.g., Target ® ), a bank (e.g., Bank of America ® ), or a card issuer (e.g., Visa ® ).
- the interface device 120 can be a point of sale (POS) terminal that can communicate with the PTD 1 10 using a contact method (e.g., matching male and female contact pads) or a contactless method (e.g., RFID, Bluetooth, NFC, Wi-Fi, ZigBee).
- POS point of sale
- contactless method e.g., RFID, Bluetooth, NFC, Wi-Fi, ZigBee
- the PTD 1 10 may communicate directly with the TPS 130 without an interface such as the interface device 120.
- the PTD 1 10 can be equipped with a transceiver that can communicate with a cellular network such as a 3G UMTS or 4G LTE network.
- the PTD 1 10 can be a smart phone capable of communicating with a cellular network.
- the PTD 1 10 can be a smart access card, smart fob, or smart key for providing access to a facility or computer.
- a PTD 1 10 in accordance with the present disclosure may be required to gain access to one or more of a secured facility, specific areas within a facility, a particular computing device or piece of equipment, a computer network, or a combination thereof.
- the TPS 130 can be a server in a central computer system, or a dedicated access controller that controls access to a facility or computer.
- Interface device 120 can be a card, fob, or key reader that can communicate with the PTD 1 0 using a contact method (e.g., contact pads) or a contactless method (e.g., RFID, Bluetooth, NFC, Wi-Fi, ZigBee).
- a contact method e.g., contact pads
- a contactless method e.g., RFID, Bluetooth, NFC, Wi-Fi, ZigBee.
- interface 120 may communicate with TPS 130 over network 140.
- Network 140 may be any communications network, such as a cellular or data network, a satellite network, an intranet, an extranet, a virtual private network (VPN), a local area network (LAN), a wireless LAN (WLAN), a wide area network (WAN), a personal area network (PAN), a portion of the Internet, a portion of the Public Switched Telephone Network (PSTN), or any combination thereof.
- network 140 may employ various communication media, such as a coaxial cable, fiber optic cable system, Ethernet, radio waves, etc.
- the PTD 1 10 includes a processing module 1 12 and a data storage device 1 14; the interface device 120 includes a processing module 122 and a data storage device 124; and the TPS 130 includes a processing module 132 and a data storage device 134.
- the PTD 1 10 can include a biometric authentication module (not shown) that includes a biometric sensor and a controller.
- the processing modules 1 12, 122, and 132 may be a microprocessor, microcontroller, application-specific integrated circuit (ASIC), field-programmable gate array (FPGA), computer, server, or any combination of components or devices configured to perform and/or control the functions of the PTD 1 0, interface device 120, and TPS 130, respectively.
- the data storage devices 1 14, 124, and 134 may be a read-only memory (ROM), such as EPROM or EEPROM, flash, a hard disk, a database, or any other storage component capable of storing executory programs and information for use by the processing modules 1 12, 122, and 132, respectively.
- PTD 1 10, interface device 120, and TPS 130 are all shown including a processing module (1 12, 122, 132) and a data storage device (1 14, 124, 134), such components are not required in all embodiments. In various embodiments, only one data storage device or only one processing module may be present that is accessible by one or more of the PTD, the interface device, and the TPS.
- FIG. 1 B illustrates another example electronic transaction system 150 that can implement a finger sequence authentication procedure according to certain aspects of the present disclosure.
- electronic transactions occur between a portable transaction device (PTD) 1 10B and a transaction processing system (TPS) 130B over network 140B, without an interface device.
- PTD portable transaction device
- TPS transaction processing system
- a shopper may use a smartphone equipped with a camera to capture an image of a code (e.g., bar or QR code) to make a payment for a product or service by transmitting payment information to a card payment processing system via network 140B, in this case a cellular network.
- a code e.g., bar or QR code
- an access card reader at a facility may store information (e.g., passwords and/or security tokens) associated with employees authorized to enter the facility and, upon reading an access card, may compare security information received from the card with the stored information and grant or deny access depending on the outcome of the comparison.
- information e.g., passwords and/or security tokens
- card 200 has substantially the same shape and form factor as conventional credit and debit cards.
- Card 200 comprises a processing module 212 and a memory 214.
- Processing module 212 may be a microprocessor, microcontroller, application-specific integrated circuit (ASIC), field-programmable gate array (FPGA), or any combination of components configured to perform and/or control the functions of card 200.
- Memory 214 may be a read-only memory (ROM) such as EPROM or EEPROM, flash, or any other storage component capable of storing executory programs and information for use by the processing module 212.
- ROM read-only memory
- Memory 214 can be internal to processor 212.
- Card 200 includes a transaction interface 216.
- Transaction interface 216 is communicatively coupled to processing module 212.
- transaction interface 216 is configured to communicate with TPS 130 through interface device 120 described above with respect to Figure 1 .
- Interface device 120 may be any point-of-sale (POS) or other transaction terminal connected to TPS 130 and configured to enable transactions with card 200 to occur.
- POS point-of-sale
- transaction interface 216 may include one or more conductive pads or pins that make electrical contact with corresponding conductive pads or pins provided in interface device 120. Data communication between card 200 and interface device 120 occurs through transaction interface 216.
- some of the conductive pads of transaction interface 216 provide paths by which electrical power flows from interface device 120 to the components of card 200 via power line 218. This eliminates the need for card 200 to have its own on-board power source, simplifying design and manufacture.
- card 200 may include additional components to allow direct communication with TPS 130 without the need of interface device 120.
- Card 200 may include components required to allow contactless communication, such as RFID, Bluetooth, NFC, Wi-Fi, or ZigBee communication with TPS 130.
- card 200 further includes a biometric authentication module 220.
- biometric authentication module 220 includes an authentication memory 224, a controller module 226, and a biometric sensor 222.
- Authentication memory 224 may be configured to store a template of the fingerprints of an authorized (e.g., registered) user for authentication purposes.
- authentication memory 224 may also be configured to store a copy of ah authentication sequence. The authentication process is described in more detail below.
- Authentication memory 224 may be a read-only memory (ROM) such as EPROM or EEPROM, flash, or any other storage component capable of storing biometric data of one or more authorized users at the time card 200 is issued.
- ROM read-only memory
- authentication memory 224 may be capable of both read and write commands to allow for the addition of other later authorized users through a reenrollment process after issuance of the card.
- authentication memory 224 and memory 214 may be the same component.
- Controller 226 is a processing module configured to execute authentication application programming stored in memory 224.
- controller 226 may accept a fingerprint image input from sensor 222 and perform additional processing (e.g., extracting, focusing, aligning, rotating, scaling, normalizing and/or formatting) operations on the image to generate a fingerprint template that can be compared to a stored fingerprint template associated with an authorized (e.g., registered) user.
- controller 226 can receive an already processed fingerprint template from sensor 222.
- Controller 226 is coupled to processing module 212 through connection 228.
- controller 226 may be a separate hardware processing module from processing module 212.
- controller 226 may be implemented in software, such as a virtual machine (VM) executed using processing module 212.
- VM virtual machine
- additional security features may be implemented within processing module 212, such as partitioning between the VM and the card operating system to ensure that no unauthorized access to the controller module occurs.
- the authentication application programming executed by controller 226 may be stored in memory 214 and accessible by controller 226 through processing module 212.
- controller 226 may have direct access to memory 214.
- Biometric sensor 222 is a biometric reader or scanner capable of reading or scanning a user's fingerprints. As discussed above, the biometric input from sensor 222 can be sent directly to controller 226 in order to allow controller 226 to perform formatting operations to generate a fingerprint template. In various embodiments, sensor 222 may be capable of formatting the fingerprint image prior to sending the fingerprint image to controller 226.
- biometric devices with which the present disclosure may be implemented include smart fobs, smart keys, and mobile devices, among others.
- smart fobs smart fobs
- smart keys smart keys
- mobile devices among others.
- the authentication process and embodiments thereof are discussed with regards to the biometric-enabled smart card shown in Figure 2. This discussion should not be read to limit the embodiments to only transactions involving smart cards, as the present disclosure is compatible with any biometric device.
- a processor in the card 200 can perform a comparison and a matching of one or more fingerprint templates associated with the person (the templates generated from fingerprint images received from biometric sensor 222) to one or more fingerprint templates associated with a registered user stored in a memory (e.g., memory 224 or memory 214).
- the controller 226 performs both the generation of fingerprint templates associated with the person and the comparison and matching of the fingerprint templates to the stored fingerprint templates associated with the registered user.
- the controller 226 performs the generation of fingerprint templates associated with the person and the processing module 212 performs the comparison and matching of the fingerprint templates to the stored fingerprint templates associated with the registered user.
- card 200 may have only a single component for processing both the transaction and authentication functions of card 200.
- this single processing component may be processing module 212, and processing module 212 may be configured to execute both transaction applications and the functions of controller 226 described above. This eliminates the need for multiple processing units on the card and lowers the complexity of the design.
- the single processing component performs the generation of fingerprint templates associated with a person requesting a new transaction and the comparison and matching of the fingerprint templates to stored fingerprint templates associated with a registered user.
- FIG. 3 illustrates an example transaction system 300 implementing card 200.
- the system 300 includes interface device 120 and TPS 130, described above with regards to Figure 1.
- card 200 which corresponds with the PTD 1 10 of Figure 1.
- PTDs may be used, such as a mobile device, a smart key, a smart fob, or a combination thereof.
- interface device 120 includes a PTD interface 126, a processing module 122, and a data storage device 124.
- TPS 130 includes a processing module 132, and a data storage device 134, and a network interface 136 for communicating with interface device 120 via a communication network 140.
- PTD interface 126 and transaction interface 216 on card 200 provide a communication link between card 200 and interface device 120. Using this communication link, card 200 can communicate authentication- and/or transaction- related data with interface device 120 and/or TPS 130.
- interface device 120 may be a terminal and PTD interface 126 may be a physical card reader or scanner.
- card 200 interacts with interface device 120 by inserting card 200 into the card reader, or scanning interface 216 of card 200 with the card scanner of interface device 120.
- card 200 may include components necessary to enable contactless transactions, such as transceivers required for RFID, Bluetooth, NFC, or ZigBee communication.
- interface device 120 supplies power to card 200 through this physical connection.
- card 200 may include on on-board power source to supply power to the card components.
- card 200 may include wires or coils configured to receive power through induction principles, such as induction through NFC.
- FIG 4 is a flow diagram of an example authentication process 400 in accordance with the present disclosure. Although discussed in regards to the transaction environment illustrated in Figure 3, implementation of authentication process 400 should not be limited to the transaction environment of Figure 3. As one of ordinary skill in the art would recognize, authentication process 400 is applicable in any transaction environment in which fingerprint identification is implemented as a security layer, and with any biometric device. For ease of discussion, authentication process 400 is described in relation to a transaction occurring using a smart card containing a biometric authentication module. Where appropriate, different embodiments may be discussed.
- one or more fingerprint templates associated with a party requesting a transaction are obtained.
- the one or more fingerprint templates associated with the party are generated by processing (e.g., extracting, focusing, aligning, rotating, scaling, normalizing and/or formatting) fingerprint images entered by the party requesting the new transaction in a first sequence using a fingerprint scanner embedded on a smart card being used to conduct the transaction.
- the fingerprint scanner may be part of a transaction terminal, such as interface device 120.
- one or more fingerprint templates associated with a registered user authorized to use the smart card are obtained from a memory of the transaction system.
- the one or more fingerprint templates associated with the registered user are obtained from a set of fingerprint templates generated from a set of fingerprint images entered by the registered user in a second sequence during an example enrollment process explained below with respect to Figure 6.
- the set of fingerprint templates is stored in authentication memory 224.
- the set of fingerprint templates may be stored within data storage devices 134 or 124.
- the set of fingerprint templates may be stored in one or more of the different memories discussed above to ensure access to the templates during a transaction.
- the one or more fingerprint templates associated with the party requesting the transaction are compared with the one or more fingerprint templates associated with the registered user to authenticate the identity of the party.
- the comparison can performed according to their respective sequences, meaning that the one or more fingerprint templates associated with the party in the first sequence are compared with the one or more fingerprint templates associated with the registered party in the second sequence.
- decision 408 may occur during operation 406.
- the criterion for a match may depend on the algorithm implemented by the operator of the transaction system. For example, the algorithm may involve determining whether a difference between compared fingerprint templates is within a predetermined threshold value (e.g., percentage).
- a match/no-match decision is made right after a fingerprint image is received from the party requesting the transaction. In such an embodiment, the party may be rejected after a first fingerprint entry. In other embodiments, the party is allowed to enter the entire sequence of fingerprint images before the decision is made.
- an indication of authentication may be presented to the party via a display on the PTD 1 10 used, such as smart card 200, or on a display included in the transaction terminal used, such as interface device 120.
- a record of successful authentication may be recorded in one or more of authentication memory 224, data storage devices 124 and 134, or a combination thereof. In this way, an authenticated party may be able to conduct several transactions during a session without the need to go through the authentication process each time.
- an indication of a successful authentication may be stored in volatile memory only, such as random access memory (RAM). In this way, multiple transactions may be conducted during a single session, but once power is removed the authentication is lost, requiring reauthentication to establish a new transaction session.
- RAM random access memory
- an indication of an unauthenticated request may be presented to the party through a display, in a similar fashion as described above with regards to a successful authentication.
- an indication of an unauthenticated request may be sent to the TPS 130 to alert the operator that an unauthenticated transaction was attempted. Additional messages to the registered user may be sent, depending on any alert system implemented by the operator of the transaction system.
- the unauthenticated party may be requested to enter a new set of fingerprint images if no match is found.
- the unauthenticated party may only reenter a new set of fingerprint images once before the transaction is terminated and no transaction is permitted.
- the transaction is terminated and the unauthenticated party is locked out of conducting transactions and/or the electronic portable transaction device may be disabled. In such a way, an additional layer of security may be included within the system.
- card 200 may be any of the other devices associated with PTD 1 10 described in regard to Figure 1 , such as a smart key, a smart fob, or a mobile device, among others.
- a combination of different biometric devices may be used to function as PTD 1 10.
- PTD 1 1 ⁇ may be able to communicate and conduct transactions with TPS 130B without interface device 120, as illustrated in Figure 1 B.
- PTD 110B may include a smart card, similar to card 200, without contactless communication capability, and a card carrier designed to enable card 200 to conduct contactless communication with TPS 130B, such as the smart card system disclosed in "Smart Card Systems Comprising a Card and a Carrier,” which is incorporated herein by reference.
- the authentication process illustrated in Figure 4 may be performed by more than one entity.
- PTD 1 10B may be a smartphone equipped with a fingerprint scanner in communication with TPS 130B over network 140B.
- the smartphone may be configured to perform operation 402 of Figure 4, querying the user to enter fingerprint images in a first sequence using the fingerprint scanner and generating the fingerprint templates.
- the smartphone can then transmit those fingerprint images or fingerprint templates to TPS 130B for back-end performance of operations 404-412.
- the smartphone may only obtain the fingerprint images entered by the user in a first sequence and transmit those fingerprint images for generation of fingerprint templates by TPS 130B, in accordance with the description above regarding Figure 4.
- the operations of Figure 4 may be performed by one or more of TPS 130, PTD, 1 10, interface device 120, or any combination thereof.
- interface device 520 may include the same components as interface device 120, in addition to a biometric scanner 522 (e.g., a fingerprint scanner). Interface device 520 may be implemented with card 200, or with other smart card embodiments that do not include the biometric authentication module 220 of card 200. In the illustrated embodiment of Figure 5, the biometric scanning functions described above in regards to the biometric authentication module 220 are performed by biometric scanner 522 in interface device 520.
- biometric sensor 222 on card 200 may still be able to communicate with controlled 226, allowing an unauthenticated user to input fingerprint images in accordance with the example process of Figure 4 using either scanner.
- interface device 520 may communicate with processing module 212 and request that biometric sensor 222 be deactivated while the transaction is occurring.
- biometric sensor 222 may not be included in card 200.
- the authentication process would proceed in the same way as discussed above in regard to Figure 4, except that the fingerprint images used to generate the one or more fingerprint templates associated with a person requesting a transaction would be inputted through sensor 522 of interface device 520 and transmitted to card 200 through interface 521 for authentication processing.
- interface device 520 may conduct the authentication processing as well.
- processing module 524 may perform the functions of controller 226.
- data storage device 526 may be configured to act like authentication memory 224, storing the set of fingerprint templates associated with a registered user in the second sequence as discussed above with regards to operation 404.
- all the components of biometric authentication module 220 may be included in interface device 520, and card 200 may not include a biometric authentication module.
- the authentication process includes a set of fingerprint templates associated with a registered user in a second sequence stored on a memory of the transaction system.
- This set of fingerprint templates is obtained and identified during an enrollment process.
- a registered user's fingerprint templates and a verification sequence are created during the period.
- the implementation of an enrollment period depends on the operator of the transaction system, such as the bank managing the user's account.
- the operator may have a single enrollment period at the time a biometric device, like PTD 1 10 and card 200, is enrolled in the system.
- an operator may allow a registered user to enroll a new or additional user after the biometric device has already been enrolled.
- a set of fingerprint templates associated with a registering user are obtained.
- the fingerprint templates can be generated from a set of fingerprint images of the registering user by processing (e.g., extracting, focusing, aligning, rotating, scaling, normalizing and/or formatting) the fingerprint images.
- the set of fingerprint images can be obtained using a fingerprint scanner.
- the enrollment process may be directed at enrolling a smart card, smart key, smart fob, a mobile device, or a combination thereof with the transaction system.
- the fingerprint scanner used to obtain the fingerprint templates may be a fingerprint scanner embedded on the smart card, smart key, or smart fob.
- the fingerprint scanner may be included in a mobile device (e.g., smart phone, PDA, tablet, laptop, portable POS terminal) used for conducting transaction, both with or without an interface device like interface device 120.
- the fingerprint scanner within the mobile device may be a physical component, such as an image scanner or touch sensitive pad, or could be an application utilizing other components of the mobile device, such as an application that scans fingerprint images using a touch screen of the mobile device or through a camera included in the mobile device.
- the fingerprint scanner used could be a fingerprint scanner included within a transaction terminal connected to the transaction system.
- the fingerprint templates may be obtained via a standalone fingerprint scanner connected to the transaction system at a transaction system's operator's enrollment location, such as a bank branch.
- the set of fingerprint templates obtained may include only a subset of fingerprint templates associated with the registering user.
- the set of fingerprint templates may include templates for only the registering user's ring, middle, and index fingers on the left hand, and only the thumb and index finger on the right hand. In other embodiments, a different grouping of fingers between the registering user's two hands may be used.
- the set of fingerprint templates may be limited to a threshold amount of templates. In various embodiments, the set of fingerprint templates may be limited to the fingerprints of a single hand.
- the set of fingerprint templates may be obtained during an enrollment period.
- the enrollment period may be the initial period in which a user or user's account is registered with the transaction system.
- the enrollment period may occur only once, prior to the user being able to conduct any transactions.
- the registering user may be able to re-enroll at a later time, such as when a new authorized user must be added to the account or a new biometric device is to be registered.
- the fingerprint templates may be obtained prior to the enrollment process. For example, the registering user may provide fingerprint templates prior to the date of enrollment for processing purposes, or the fingerprint templates may be obtained from another stored set of fingerprint templates associated with the registering user.
- the set of fingerprint templates are stored on a memory of the transaction system. Storage of the fingerprint templates allows retrieval of the fingerprint templates for authentication purposes prior to completing a transaction, such as for use in the authentication process discussed above.
- the memory of the transaction system may be any compatible data storage component, such as a readonly memory (ROM), such as EPROM or EEPROM, flash, a hard disk, a database, or any other storage component capable of storing executory programs and information.
- the set of fingerprint templates may be stored on a memory of a smart card or mobile device.
- the set of fingerprint templates may be stored on a memory of a transaction terminal, such as a POS terminal.
- the set of fingerprint templates may be stored on a data storage device of the transaction system, such as a central database.
- the set of fingerprint templates may be stored in more than one location to ensure that the templates may be retrieved for authentication purposes.
- a verification sequence is determined that is unique to the registering user.
- the verification sequence comprises a pattern of entry of a registering user's fingerprints, similar to a personal identification number (PIN) or passcode.
- PIN personal identification number
- passcode a personal identification number
- an unauthenticated user must provide fingerprint images in an ordered pattern dictated by the verification sequence. For example, if the verification sequence unique to the individual is "ring finger, thumb, index finger," the unauthenticated user must first provide an image of his or her ring finger, then the thumb, then the index finger. If not entered correctly, the authentication process fails.
- the example sequence used was simplified for explanatory purposes and should not be read to limit the embodiments of the present disclosure.
- the verification, sequence may be determined based on the ordered sequence in which the fingerprint templates were obtained.
- the verification sequence may be chosen by the registering user (e.g., from a list of fingerprint images or fingers to the user) before or after the set of fingerprint templates are obtained.
- the verification sequence may be provided or suggested by the operator of the transaction system.
- the verification sequence may be stored on a memory of the transaction system in the same way as the set of fingerprint templates discussed above with regards to operation 604.
- the verification sequence is associated with the set of fingerprint templates associated with the registering user.
- the verification sequence may be formatted as numerical values, such as the first entry is “one", the second "two”, etc.
- the registering user's ring finger template would be “one,” the thumb would be “two,” and the index finger "three.” Accordingly, when an unauthenticated user enters a fingerprint sequence, the corresponding templates can be retrieved based on the image to which it is compared: the first entered fingerprint is compared against template "one,” the second entered fingerprint against template "two,” etc.
- the verification sequence may be associated with the fingerprint templates by ordering the fingerprint templates based on the verification sequence.
- the verification sequence may be associated with corresponding fingerprint templates, such as the two fingerprint templates associated with a registering user's ring fingers (one for each hand).
- the associated verification sequence represents the second sequence associated with a registered user referenced above in regards to operation 404 of Figure 4.
- the sequence may include additional identifiers.
- the verification sequence may refer to the specific hand associated with the specific fingerprint template.
- the process of Figure 6 may be used outside of the initial enrollment process to allow a registering user greater control over the account.
- the process may be used to allow a registering user to change an already registered verification sequence.
- one or more of the operations may be omitted, such as obtaining the set of fingerprint templates.
- the term set may refer to any collection of elements, whether finite or infinite.
- the term subset may refer to any collection of elements, wherein the elements are taken from a parent set; a subset may be the entire parent set.
- the term proper subset refers to a subset containing fewer elements than the parent set.
- sequence may refer to an ordered set or subset. The terms less than, less than or equal to, greater than, and greater than or equal to, may be used herein to describe the relations between various objects or members of ordered sets or sequences; these terms will be understood to refer to any appropriate ordering relation applicable to the objects being ordered.
- module might describe a given unit of functionality that can be performed in accordance with one or more embodiments of the technology disclosed herein.
- a module might be implemented utilizing any form of hardware, software, or a combination thereof.
- processors, controllers, ASICs, PLAs, PALs, CPLDs, FPGAs, logical components, software routines or other mechanisms might be implemented to make up a module.
- the various modules described herein might be implemented as discrete modules or the functions and features described can be shared in part or in total among one or more modules.
- computing module 700 may represent, for example, computing or processing capabilities found within desktop, laptop and notebook computers; hand-held computing devices (PDA's, smart phones, cell phones, palmtops, etc.); mainframes, supercomputers, workstations or servers; or any other type of special-purpose or general-purpose computing devices as may be desirable or appropriate for a given application or environment.
- Computing module 700 might also represent computing capabilities embedded within or otherwise available to a given device.
- a computing module might be found in other electronic devices such as, for example, digital cameras, navigation systems, cellular telephones, portable computing devices, modems, routers, WAPs, terminals and other electronic devices that might include some form of processing capability.
- Computing module 700 might include, for example, one or more processors, controllers, control modules, or other processing devices, such as a processor 704.
- Processor 704 might be implemented using a general-purpose or special-purpose processing engine such as, for example, a microprocessor, controller, or other control logic.
- processor 704 is connected to a bus 702, although any communication medium can be used to facilitate interaction with other components of computing module 700 or to communicate externally.
- Computing module 700 might also include one or more memory modules, simply referred to herein as main memory 706. For example, preferably random access memory (RAM) or other dynamic memory, might be used for storing information and instructions to be executed by processor 704. Main memory 706 might also be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 704. Computing module 700 might likewise include a read only memory (“ROM”) or other static storage device coupled to bus 702 for storing static information and instructions for processor 704.
- ROM read only memory
- the computing module 700 might also include one or more various forms of information storage mechanism 708, which might include, for example, a media drive 710 and a storage unit interface 714.
- the media drive 710 might include a drive or other mechanism to support fixed or removable storage media 712.
- a hard disk drive, a floppy disk drive, a magnetic tape drive, an optical disk drive, a CD or DVD drive (R or RW), or other removable or fixed media drive might be provided.
- storage media 712 might include, for example, a hard disk, a floppy disk, magnetic tape, cartridge, optical disk, a CD or DVD, or other fixed or removable medium that is read by, written to or accessed by media drive 710.
- the storage media 712 can include a computer usable storage medium having stored therein computer software or data.
- information storage mechanism 708 might include other similar instrumentalities for allowing computer programs or other instructions or data to be loaded into computing module 700.
- Such instrumentalities might include, for example, a fixed or removable storage unit 716 and an interface 714.
- Examples of such storage units 716 and interfaces 714 can include a program cartridge and cartridge interface, a removable memory (for example, a flash memory or other removable memory module) and memory slot, a PCMCIA slot and card, and other fixed or removable storage units 716 and interfaces 714 that allow software and data to be transferred from the storage unit 716 to computing module 700.
- Computing module 700 might also include a communications interface 720.
- Communications interface 720 might be used to allow software and data to be transferred between computing module 700 and external devices.
- Examples of communications interface 720 might include a modem or softmodem, a network interface (such as an Ethernet, network interface card, WiMedia, IEEE 802.XX or other interface), a communications port (such as for example, a USB port, IR port, RS232 port Bluetooth® interface, or other port), or other communications interface.
- Software and data transferred via communications interface 720 might typically be carried on signals, which can be electronic, electromagnetic (which includes optical) or other signals capable of being exchanged by a given communications interface 720. These signals might be provided to communications interface 720 via a channel 722.
- This channel 722 might carry signals and might be implemented using a wired or wireless communication medium.
- Some examples of a channel might include a phone line, a cellular link, an RF link, an optical link, a network interface, a local or wide area network, and other wired or wireless communications channels.
- computer program medium and “computer usable medium” are used to generally refer to media such as, for example, memory 706, storage unit 716, media 712, and channel 722. These and other various forms of computer program media or computer usable media may be involved in carrying one or more sequences of one or more instructions to a processing device for execution. Such instructions embodied on the medium, are generally referred to as “computer program code” or a “computer program product” (which may be grouped in the form of computer programs or other groupings). When executed, such instructions might enable the computing module 700 to perform features or functions of the disclosed technology as discussed herein.
- module does not imply that the components or functionality described or claimed as part of the module are all configured in a common package. Indeed, any or all of the various components of a module, whether control logic or other components, can be combined in a single package or separately maintained and can further be distributed in multiple groupings or packages or across multiple locations.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Collating Specific Patterns (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/603,703 US10037528B2 (en) | 2015-01-14 | 2015-01-23 | Biometric device utilizing finger sequence for authentication |
PCT/IB2016/000048 WO2016116807A1 (en) | 2015-01-23 | 2016-01-25 | Biometric device utilizing finger sequence for authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3248129A1 true EP3248129A1 (en) | 2017-11-29 |
EP3248129A4 EP3248129A4 (en) | 2018-08-01 |
Family
ID=56416480
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP16739834.6A Withdrawn EP3248129A4 (en) | 2015-01-23 | 2016-01-25 | Biometric device utilizing finger sequence for authentication |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP3248129A4 (en) |
WO (1) | WO2016116807A1 (en) |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6325285B1 (en) * | 1999-11-12 | 2001-12-04 | At&T Corp. | Smart card with integrated fingerprint reader |
US7039812B2 (en) * | 2000-01-26 | 2006-05-02 | Citicorp Development Center, Inc. | System and method for user authentication |
KR20030042639A (en) * | 2001-11-23 | 2003-06-02 | (주)코아게이트 | Multi-certification system and the method using smart card |
KR100899199B1 (en) * | 2002-11-05 | 2009-05-27 | 삼성전자주식회사 | security system and security method using fingerprint |
JP2007058649A (en) * | 2005-08-25 | 2007-03-08 | Konica Minolta Business Technologies Inc | Personal identification system and method for controlling the same |
US20070073619A1 (en) * | 2005-09-23 | 2007-03-29 | Smith Rebecca C | Biometric anti-fraud plastic card |
JP2010262586A (en) * | 2009-05-11 | 2010-11-18 | Nitty-Gritty Inc | Memory device, memory device system, and method therefor |
DE102009035966A1 (en) * | 2009-08-04 | 2011-02-10 | Deutsche Telekom Ag | Method for coded input and control by means of fingerprint |
-
2016
- 2016-01-25 EP EP16739834.6A patent/EP3248129A4/en not_active Withdrawn
- 2016-01-25 WO PCT/IB2016/000048 patent/WO2016116807A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
EP3248129A4 (en) | 2018-08-01 |
WO2016116807A1 (en) | 2016-07-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20180365689A1 (en) | Biometric Device Utilizing Finger Sequence for Authentication | |
US10223555B2 (en) | Smart card systems comprising a card and a carrier | |
US11734676B2 (en) | Using a contactless card to securely share personal data stored in a blockchain | |
US11824642B2 (en) | Systems and methods for provisioning biometric image templates to devices for use in user authentication | |
US20160203478A1 (en) | System and method for comparing electronic transaction records for enhanced security | |
WO2008149366A2 (en) | Device method & system for facilitating mobile transactions | |
US10284551B2 (en) | Electronic mechanism to self-authenticate and automate actions | |
US20230185898A1 (en) | Systems and methods for authentication code entry using mobile electronic devices | |
US20130198836A1 (en) | Facial Recognition Streamlined Login | |
US20150023572A1 (en) | System and methods for providing finger vein authentication and signature for execution of electronic wallet transactions | |
US20240029039A1 (en) | Provisioning of an individual computing device via atm | |
US20230186297A1 (en) | Secure authentication based on passport data stored in a contactless card | |
WO2023081621A1 (en) | Fingerprint-based credential entry | |
WO2016116807A1 (en) | Biometric device utilizing finger sequence for authentication | |
WO2016125003A2 (en) | Smart card systems and methods utilizing multiple atr messages | |
US20160203492A1 (en) | System and method for requesting reconciliation of electronic transaction records for enhanced security | |
WO2016151386A2 (en) | System and method for selectively initiating biometric authentication for enhanced security of transactions | |
KR20060124206A (en) | Method and system for authenticating user | |
KR20190002408A (en) | Method for Providing Appointed Service by using Biometric Information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20170823 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
A4 | Supplementary search report drawn up and despatched |
Effective date: 20180704 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04W 12/08 20090101ALI20180626BHEP Ipc: H04W 12/06 20090101ALI20180626BHEP Ipc: G06F 21/32 20130101AFI20180626BHEP |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20190516 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20191127 |