TW201947454A - Secure enrolment of biometric data - Google Patents

Abstract

To provide improved security during enrolment of a user onto a biometric smartcard 105, a secure enrolment processing unit 203 is used to ensure that the biometric data cannot be easily intercepted. A method of enrolling of the user onto the biometric smartcard 105 comprises reading a fingerprint of the user using a fingerprint sensor 201 on the enrolment processing unit 203, extracting biometric data corresponding to the fingerprint, the extraction being performed in a secure processing environment of the enrolment processing unit 203, converting the biometric data to secure biometric data within the secure processing environment, and then transmitting the secure biometric data from the enrolment processing unit to the smartcard 105. The user's biometric data is thus only transmitted in a secure format.

Description

Safe registration of biometric measurement data

The present invention relates to the security of biometric measurement data during the registration process.

Biometric measurement authorization devices (such as fingerprint authorization smart cards) have been used more and more widely. For example, smart cards that have been proposed for biometric measurement authorization include pass cards, credit cards, financial cards, prepaid cards, membership cards, identity cards, and the like. Smart cards are electronic cards that can store data and interact with users and / or external devices, such as through contactless technologies such as radio frequency identification (RFID) and near field communication (NFC). These cards can interact with sensors to convey information for access, authorize transactions, and more. Other devices using biometric measurement authorization (such as fingerprint authorization) are also known, and these devices include computer memory devices, building access control devices, military technology, vehicles, and the like.

In a system, biometric measurement data is stored on a physical device such as a smart card, and the user of the device needs to be registered in a secure manner. That is, the user's biometric measurement identifier must be scanned, and biometric measurement data (such as a biometric measurement image or a biometric measurement template summarized from the biometric measurement image) is stored in On the device. Expect to do so without compromising user privacy.

Some biometric measurement authorized smart cards include a built-in biometric measurement sensor. Although beneficial to users who self-enroll (i.e., enroll their fingerprints on the device using a built-in fingerprint sensor), this also places additional restrictions on the biometric measurement authorization device, because if the device is in this way In operation, the built-in sensor must be incidentally capable of registering new biometric measurements. For example, this may require a sensor with a better resolution or larger size, and / or may require a greater degree of electrical power. For example, when a fingerprint is used as the biometric measurement data, it is usually allowed to identify a user based on a partial fingerprint. However, registration usually requires a complete fingerprint and repeated fingerprint scans to create a complete fingerprint "template" for use. User authentication in the future. As such, it is not always ideal to use the same sensor for registration as authorization.

FIG. 1 shows a prior art for how a user can be registered on a biometric measurement smart card 105 using a separate registered biometric measurement sensor. The fingerprint biometric measurement is taken as an example for description, but other biometric measurements, such as a voice signature, can also be stored in the same way.

The fingerprint registration module 101 includes a fingerprint sensor of at least as high quality as the fingerprint sensor used on the smart card 105. The fingerprint registration module 101 is used to capture a user's fingerprint. The fingerprint registration module 101 is deployed at a position to be registered by the user, and is contained in a registration management device 102. The purpose of the registration management device 102 is to manage registration. This can be one of the many functions provided by the registration management device 102, which can provide many other functions in the banking solution, such as providing an automatic teller machine (ATM) service.

The registration management device 102 can instruct the registrant to complete the registration procedure by giving instructions on a liquid crystal display (LCD) screen or the like. These instructions can be: extending a common finger, turning a finger to the left, turning a finger to the right, turning a finger up, turning a finger down, and pressing down and completing registration.

The output of the fingerprint scanner of the registration module 101 is processed by the registration management device 102 and a control logic 103 connected to the registration management device 102. In a commonly used or known embodiment of the registration management device 102, the fingerprint image is configured as a form that can be directly written to a memory 104 of the card 105. A copy of the biometric measurement data is also often stored on a bank-controlled server 106.

The card 105 may be physically located within the registration management device 102 itself, or may be located externally and connected via an appropriate physical or wireless connection.

Once registered, the smart card 105 may authorize a transaction or the like by comparing the registration template with a fingerprint scanned by a built-in fingerprint sensor 107.

A problem with such systems arises because there is a strong desire and indeed the need in some countries for a biometric measurement image or its description (such as a list of details) not kept in a publicly accessible location.

Once the biometric measurement data is stored on the biometric measurement device, it is very difficult to be accessed by an unauthorized person because it is stored in a secure memory and processed only in a secure processor. However, in the method depicted in FIG. 1, the biometric measurement image stored in the memory of the registration management system 102 is not encrypted, and therefore anyone who has accessed the memory of the registration management system 102 can obtain it. The registration management system 102 is usually part of a computer in a bank office. The registration management device 102 is likely to be composed of a networked personal computer (PC), which is connected to the registration module 101 via a universal serial bus (USB) cable. Because the system is simple, an unauthorized person can attempt to capture and capture fingerprint images from multiple entry points. In addition, one of the central databases 106 storing the biometric measurement data may appear as a target or similar of the hacker.

One of the problems with the method shown in FIG. 1 is that a computer program for processing fingerprint images (such as extracting a fingerprint template) is processed in the computer 102. The algorithms used to implement this program are often highly proprietary and are expected to prevent reverse engineering.

The invention provides a method for preparing biometric measurement data to register a user and issuing a biometric measurement authentication device to a user. The biometric measurement authentication device includes a built-in biometric measurement sensor. And a secure processing environment, the method includes: using a biometric measurement sensor of a registration processing unit to read a biometric measurement identifier of the user, the registration processing unit having a secure processing environment and communicating with The biometric measurement authentication device is separated; the biometric measurement data corresponding to the biometric measurement identifier is extracted, and the extraction is implemented in the secure processing environment of the registration processing unit; the biometric measurement data is encrypted and converted to Generating secure biometric measurement data, the encryption being implemented in the secure processing environment of the registration processing unit; and sending the secure biometric measurement data from the registration processing unit to a device provider, the device provider issuing a biometric Measurement authentication device; the device provider loads the biometric measurement data into the biometric measurement Card device; and in loading the security biometric measurement data after the biometric measuring device, the issuance of biometric authentication device for measuring the user.

The registration processing unit eliminates the need to send or pass the original biometric measurement data to or through a registration management system (such as a computing terminal or the like). Instead, the biometric measurement data is received directly at the registration processing unit, where it is processed within the secure environment. This will limit the number of access points that an unauthorized person may intercept data. The above configuration now provides only a single easy-to-access to intercept the biometric measurement data, that is, during transmission from the registration processing unit to the biometric measurement device. However, any biometric measurement data intercepted at this point has been converted into safe biometric measurement data and therefore cannot be easily used. In this way, the registration processing unit makes it more difficult for the user's data to be stolen.

As used herein, please understand that the term "secure processing environment" refers to a tamper-resistant hardware platform that can securely host application software and its confidential and encrypted data. A secure processing environment usually includes at least one secure processor and a secure memory. The processor and memory can be used as a single integrated circuit. A common example of a secure processing environment is a secure element used in a payment card.

In addition, the term "safe biometric measurement data" refers to biometric measurement data that has been modified in a manner that prevents unauthorized persons from being able to retrieve the initial biometric measurement data. For example, the modification may include encryption, or other reversible procedures used to obfuscate the material. The card preferably includes a means to reverse the process, such as having a pre-stored key or using a public key, or having a pre-stored algorithm to descramble the data. In other embodiments, the modification may be irreversible, such as it includes hashing or the like.

In one embodiment, the biometric measurement data may be encrypted by a key associated with the biometric measurement authentication device. The key can be a public encryption key. The biometric measurement authentication device can decrypt the secure biometric measurement data. For example, the biometric measurement and authentication device may include a private decryption key corresponding to the public encryption key. The biometric measurement data can be directly loaded into the biometric measurement authentication device (ie, not decrypted) to load the biometric measurement data into the biometric measurement authentication device.

Preferably, the biometric measurement data includes a biometric measurement template. A biometric measurement template is a set of features extracted from a biometric measurement image and defining the biometric measurement identifier. For example, in the case of a fingerprint, the template may include data defining a plurality of minutiae detected in the fingerprint image. In other configurations, the template may define, for example, the relative positions of the details. In still further embodiments, the template may define non-minutiae features of the fingerprint. The software used to implement the template extraction can be highly confidential and therefore stored only in a secure environment to prevent an unauthorized person from stealing the algorithms used.

The registration processing unit may be configured to be connected to a computing device. In some embodiments, the registration processing unit may be configured to draw power from the computing device. In some embodiments, the registration processing unit may be configured to receive a command from the computing device.

In some embodiments, the registration processing unit may provide an output to the computing device, such as being displayed on a screen of the computing device. In other embodiments, the registration processing unit may include a display interface, and may be configured to provide an output to the user through the display interface. For example, the display may include a liquid crystal display (LCD) or the like.

The output may include an instruction to a user of the registration processing unit, and / or an indication of a status of the registration processing unit, and / or a biometric measurement device in communication with the registration processing unit.

The registration processing unit is preferably configured not to send the (original) biometric measurement image and / or the (original) biometric measurement data to any device external to the registration processing unit. That is, the user's biometric measurement data never leaves the registration processing unit, except in a secure form.

The biometric measurement identifier is preferably a fingerprint biometric. The biometric measurement data may be a fingerprint template, which may include data representing a plurality of details. The application software may be configured to process a fingerprint image scanned by the biometric measurement sensor to identify a plurality of details and generate the biometric measurement template. As mentioned above, the algorithms used to implement this type of processing are often carefully protected.

The method may include sending the secure biometric measurement data to a remote location, such as to a device provider at a remote location, if it is not in the same location as the registration processing unit. For example, the device provider may be at least 1 km from the registration processing unit, and may be at least 10 km away.

The method may include restoring the secure biometric measurement data into biometric measurement data in a secure processing environment on the biometric measurement device. The biometric measurement data and / or the secure biometric measurement data may be stored in a secure memory on the biometric measurement device.

Preferably, the method does not include returning the secure biometric measurement data to the biometric measurement data outside a secure processing environment (for example, when not in the processing environment of the registration processing unit or the biometric measurement device). step.

The method may further include providing the biometric measurement device to the user after the safe biometric measurement data is stored. That is, a registered biometric measurement device is provided to the user. The providing may include transmitting the registered biometric measurement device to the user by, for example, mail, messenger, or the like.

The biometric measurement identifier is preferably a fingerprint biometric measurement. The biometric measurement data may be a fingerprint template, and the fingerprint template may include data representing a plurality of details. The application software may be configured to process a fingerprint image scanned by the biometric measurement sensor to identify the plurality of details and generate the biometric measurement template. As mentioned above, the algorithms used to implement this type of processing are often carefully protected.

The biometric measurement device is preferably a device configured to implement a response by comparing the stored biometric measurement data with the biometric measurement identifier of a bearer of the device. Act of holder's authentication. The biometric measurement device may include a built-in biometric measurement sensor, such as a fingerprint sensor, to read the biometric measurement identifier of the holder.

The biometric measurement device may be any of the following: a pass card, a credit card, a financial card, a prepaid card, a membership card, an identity card, or the like. The biometric measurement device may be a smart card. The smart card preferably has a width between 85.47 mm and 85.72 mm and a height between 53.92 mm and 54.03 mm. The smart card may have a thickness of less than 0.84 mm, and preferably about 0.76 mm (for example, ± 0.08 mm). More generally, the smart card can comply with a smart card specification ISO 7816 standard.

According to an embodiment of the present invention, as shown in FIG. 2, an unsecure computer 202 does not perform any algorithm calculation to register. Instead, a biometric measurement processing unit 203 includes a secure microprocessor disposed between the computer 202 and the card 105. The secure microprocessor is as difficult to hack as the secure element of the smart card 105 itself.

In this embodiment, the smart card 105 is connected to the unit 203 by direct smart card communication (such as one of the case of a contactless card 105 via a near field communication (NFC) connection).

The biometric measurement processing unit 203 includes a fingerprint sensor 201. The fingerprint sensor 201 is at least as high quality as the fingerprint sensor used on the smart card 105 to capture a user's fingerprint. The biometric measurement processing unit 203 will guide the registrant to complete the registration procedure by transmitting instructions to the computing device 202 for display on a liquid crystal display (LCD) screen or the like. Such instructions can be: extending a common finger, turning a finger to the left, turning a finger to the right, turning a finger up, turning a finger down, and pressing down and completing registration.

The output of the fingerprint sensor 201 of the biometric measurement processing unit 203 is processed by the secure microprocessor of the biometric measurement processing unit 203, and a fingerprint template is configured to be directly writeable to the memory 104 of the card 105.

The biometric measurement processing unit 203 includes a means for controlling data transmitted from the fingerprint sensor 201 to the card 105. This approach can operate in one of several ways, which are explained in more detail below.

In one configuration, the image or template is encrypted in the biometric measurement processing unit 203 according to one of several algorithms and transmitted to the card 105 in a packet. These packets are controlled as to when they arrive and reach the card memory, so that only a single packet is transmitted at a time. Once the card memory 104 receives a packet, it instructs the biometric measurement processing unit 203 to transmit the next packet. As such, two or more packets are never transmitted in a given time. In this way, a person attempting to retrieve the image from the system can find a complete image only in the memory 104 or the biometric measurement processing unit 203 of the smart card 105, the memory 104 of the smart card 105 and the biometric measurement The processing unit 203 is both secure.

In one implementation, each blank card 105 can be made from a private decryption key that has only one of the cards 105 itself. The private decryption key preferably corresponds uniquely to the smart card 105. A public key can be manufactured and provided to the biometric measurement processing unit 203. For example, the biometric measurement processing unit 203 can include a database of public keys or the biometric measurement processing unit 203 can query a public key Central database. In this way, once encrypted (that is, once stored in a secure memory again), the biometric measurement data can only be decrypted by the private key on the smart card 105. Unencrypted biometric measurement data is therefore never stored in an accessible memory.

Ideally, no database or other record (other than the smart card 105 itself) can be excluded from the private key, which will ensure that no malicious person can access this data.

Once the template of the authorized user has been registered, the smart card 105 can perform an action in response to verification of the identity of the card holder, such as authorizing a transaction or the like. This can be achieved by comparing the registered fingerprint template with a fingerprint scanned by a built-in fingerprint sensor 107.

Another embodiment shown in FIG. 3 may use a biometric measurement processing unit 203 similar to the biometric measurement processing unit shown in FIG. 2.

In this method, the encrypted biometric measurement data is not sent directly to the smart card 105, but is instead sent to a third party, such as a card provider for installation on a smart card 105. This will allow a new smart card to be registered with the user before it is delivered to the user. If the card is intercepted before it is delivered to the user and the card cannot be used fraudulently, it can Safety.

In step 301, the user first uses the fingerprint sensor 201 of the biometric measurement processing unit 203 to scan his fingerprint.

Next, in step 302, the biometric measurement processing unit 203 extracts a fingerprint template from the scanned fingerprint image captured by the fingerprint sensor 201. Step 302 is optional, and in some implementations, the biometric measurement data sent may be the biometric measurement image itself or some other derived biometric measurement.

In step 303, the biometric measurement data to be stored on the smart card 105 is encrypted. This may include identifying one or more encryption properties associated with the user and / or its smart card 105, and encrypting the biometric measurement data based on the properties. For example, these characteristics may include a used encryption type and a used encryption key.

In step 304, the encrypted biometric measurement data is sent from the biometric measurement processing unit 203 to a card provider or the like. In some embodiments, this may only be sent to the computer 202. In other embodiments, the card provider may be remote from the biometric measurement processing unit, such as a central card production facility for cards used in banking. The biometric measurement data is encrypted at this stage, and therefore cannot be used by any third party who intercepts the biometric measurement data. In addition, even the card provider cannot access the data, which reduces the risk of the biometric measurement data and decoded information being stolen if the card provider is affected by a security breach. For example, even if the card provider stores a centralized database of the encrypted biometric measurement data, if the security of the database is compromised because the decryption keys are stored only on individual cards, it cannot be accessed The library.

Second, in step 305, the card provider places the (still encrypted) biometric measurement data on the smart card. The smart card 105 contains the necessary decryption algorithms and private keys to decrypt the data, which is preferably pre-stored on the device at the time of manufacture.

Finally, in step 306, the smart card 105 is provided to the user. This can be done by mail when a remote card is provided, or it can simply include the card provider's location in the biometric measurement processing unit 203 and other situations where the smart card 105 is directly given to the user .

101‧‧‧Fingerprint registration module

102‧‧‧Registration management device / registration management system

103‧‧‧Control logic

104‧‧‧Memory

105‧‧‧Smart Card / Card / Blank Card

106‧‧‧Central Database / Server

107‧‧‧Built-in fingerprint sensor

201‧‧‧Fingerprint sensor

202‧‧‧Computer / Computing Device

203‧‧‧Biometric measurement processing unit / security registration processing unit / unit

301‧‧‧step

302‧‧‧step

303‧‧‧step

304‧‧‧step

305‧‧‧step

306‧‧‧step

Some preferred embodiments of the present invention will now be described in more detail by way of example only and with reference to the following drawings, in which: FIG. 1 shows a method for registering a user on a biometric measurement smart card FIG. 2 shows a configuration for registering a user on a biometric measurement smart card according to an embodiment of the present invention; and FIG. 3 shows a configuration according to the present invention. Another embodiment is a method for registering a user on a biometric measurement smart card.

Claims (9)

A method for issuing a biometric measurement authentication device to a user. The biometric measurement authentication device includes a built-in biometric measurement sensor and a secure processing environment. The method includes: using a registration processing unit; A biometric measurement sensor to read a biometric measurement identifier of the user, the registration processing unit has a secure processing environment and is separated from the biometric measurement authentication device; extracting and the biometric measurement The biometric measurement data corresponding to the identifier is extracted in the secure processing environment of the registration processing unit; the biometric measurement data is encrypted to generate safe biometric measurement data, and the encryption is in the registration processing unit. Implemented in a secure processing environment; sending the secure biometric measurement data from a registration processing unit to a device provider, the device provider issues a biometric measurement authentication device; Entering the biometric measurement authentication device; and loading the biometric measurement data in the biometric measurement Rear, which issued the authentication biometric measuring device to the user. The method according to item 1 of the scope of patent application, wherein the biometric measurement data is encrypted by a key associated with the biometric measurement authentication device, and the secure biometric measurement data is directly loaded by Entering the biometric measurement authentication device to load the biometric measurement data into the biometric measurement authentication device, and the biometric measurement authentication device can decrypt the secure biometric measurement data. The method according to item 1 or 2 of the scope of patent application, wherein the device provider is far away from the registration processing unit. The method as described in claim 1, 2, or 3, wherein the biometric measurement data includes a biometric measurement template. The method according to any one of the aforementioned patent applications, wherein the biometric measurement data never leaves the registration processing unit, except in a form of a secure biometric measurement device. The method according to any one of the aforementioned patent application scopes, which includes restoring the safe biometric measurement data into biometric measurement data in the secure processing environment of the biometric measurement device. The method according to any one of the aforementioned patent applications, wherein the biometric measurement device is a device configured to borrow the stored biometric measurement data and the biometric measurement of one of the holders of the device The identifiers are compared to perform an action in response to the holder's authentication. The method according to any one of the aforementioned patent applications, wherein the biometric measurement device is one of a pass token, an identity token, a credit card, a financial card, a prepaid card, and a membership card. One. The method according to any one of the aforementioned patent application scopes, wherein the biometric measurement identifier is a fingerprint biometric measurement.