WO2002032308A1 - Procede et systeme d'authentification biometrique - Google Patents
Procede et systeme d'authentification biometrique Download PDFInfo
- Publication number
- WO2002032308A1 WO2002032308A1 PCT/SG2000/000177 SG0000177W WO0232308A1 WO 2002032308 A1 WO2002032308 A1 WO 2002032308A1 SG 0000177 W SG0000177 W SG 0000177W WO 0232308 A1 WO0232308 A1 WO 0232308A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- biometric data
- mic
- encryption
- encryption key
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/38—Individual registration on entry or exit not involving the use of a pass with central registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Definitions
- the invention relates to a system and method for restricting physical and/or logical access, and more particularly to a secure system and method for authenticating biometric data which prevents authentication of biometric data captured outside the system and reuse of biometric data captured within the system after a single authentication attempt.
- biometric data corresponding to an individual 150 is captured on-line, on a biometric data capture device 140 connected to a client 130, and then sent to an authentication server 110 together with auxiliary data, for example the customer's birthday, address, banking account information, etc.
- the server Upon receiving the biometric data, the server compares the received biometric data against biometric data previously stored in the database 120. If the received biometric data match stored biometric data, then the server authenticates the individual, who thereby gains access to the information or location guarded by the system.
- the network connection between the client and server may not be secure. There is a need for a secure link between the client and server to prevent access to these communications by Unauthorized persons.
- the client itself must be very secure. Otherwise, someone may use biometric data captured previously or elsewhere for authentication.
- the capturing device may be susceptible to tampering, and the link between the capturing device and client is ulnerable.
- U.S. Patent No. 5,933,625 discloses a unique time generating device incorporated in a computer and a device allowing sequentially manufactured computers incorporating such a unique lime generating device to authenticate each other over a network.
- Each unique time generating device accumulates elapsed time in unit increments from a starting point which is different for each time generating device, where the starting point assigned to each unique time device is different by a predetermined interval. Using this device, mutual authentication can be achieved on the basis of the accumulated time by each computer.
- the unique time data can also be used as a single-use password.
- a previously stored PIN is accessed from a data file.
- the server By applying the same encryption algorithm to the previously stored PIN and the random number transferred from the client, the server generates a new user identifier code, which it compares to that received from the client. A match indicates an authorized user,
- a dynamic identifier code dependent on the random number generated by the client, is used to obviate the need for transferring the PEN to the server.
- the user PIN may be forgotten, stolen, damaged or lost. In such a case, a fraudulent user identifier code can be generated.
- Another method for achieving secure transmission of information is the use of a one-time encryption key (session key), as disclosed in Canada Patent Nos. 1,340,092 and 2,236,406.
- Canada Patent No. 2,105,404 uses biometric information as part of the "seed" for generating a token, with other information such as time-varying information (e.g. the time of day) or a fixed code (e.g. PIN).
- time-varying information e.g. the time of day
- fixed code e.g. PIN
- the token is then communicalcd to a host system or access device to determine whether access to the host is permitted
- the host must be synchronized With the security mechanism so that the time varying code is identical
- U S Patent No 5,343,529 uses a server-generated request identifier that is specific to each transaction to ensure that access information is different foi each transaction
- the servei sends the request identifier to the client requesting access and retneves a user identifier from a database
- authentication code generators at the client and at the server independently generate an authentication code If the server and client authentication codes match, the server permits access
- the user identifier is obtained by someone other than the corresponding user, fraudulent access can be gained
- such a method cannot be used in an authentication system based on verification of biomet ⁇ c data because the irreversible transformation Will not generate the same code for different biomet ⁇ c data samples, as explained in the following
- the irreversible transformation is applied to bit st ⁇ ngs of the biometnc data If the bit st ⁇ ngs are different, the irreversible transform results Will also be different Biomet ⁇ cs samples, even for a single personal characte ⁇ s
- U S Patent No 5,870,723 provides a token-less biomet ⁇ c commercial transaction autho ⁇ zation method and system It uses a message sequence number, incremented each time a message is sent from a biomet ⁇ c input apparatus (BIA), to indicate each separate attempt to use the device It also uses a transmission code comp ⁇ sing a hardware identification code together with the incrementing sequence number to identify the sending BIA and to detect resubm ⁇ ssion attacks.
- the system disclosed in this reference is not readily adapted to use as a multi-purpose device.
- the present invention presents a solution to the security holes inherent in prior art systems and methods of user authentication.
- the present invention includes a system and method of authenticating biometric data.
- An embodiment of the method according to the present invention comprises encrypting a First session key with a first encryption key (EK), receiving and decrypting the first session key using a second EK, capturing biometric data (BD) corresponding to a user, encrypting the captured BD using a second session key, receiving and decrypting the encrypted captured BD using the first session key, comparing the captured BD and previously stored BD and verifying that an elapsed time between transmission of the first session key and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first session key.
- EK encryption key
- BD biometric data
- Another embodiment of the method according to the present invention comprises encrypting a first message identification code (MIC) with a first encryption key, receiving and decrypting the first MIC using a second encryption key, capturing BD corresponding to a user, encrypting the captured BD and a second MIC using the second encryption key, receiving and decrypting the encrypted captured BD and second MIC using the first encryption key, comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and verifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first MIC.
- MIC message identification code
- Another embodiment of the method according to the present invention comprises encrypting a first MIC with a first at least a portion of a first encryption key, receiving and decrypting the first MIC using a second at least a portion of the first encryption key, capturing BD corresponding to a user, encrypting the captured BD and a second MIC using a first at least a portion of a second encryption key, receiving and decrypting the encrypted captured BD and second MIC using a second at least a portion of the second encryption key, comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and erifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first MIC.
- An embodiment of a system for authenticating biometric data comprises a secure server, a database connected to the server for storing first biometric data corresponding to a unique user identification code (ID), a client connected to the server, and a biometric data capture device (BCD) connected to the client for capturing second biometric data from a user, wherein the BCD consists of an integrated hardware unit.
- ID unique user identification code
- BCD biometric data capture device
- a biometric data capture device serial number (BCDN) and a shared symmetric key or a private key associated with the BCD are stored in a memory internal to the BCD and can be read by an encryption module internal to the BCD and authorized personnel but cannot be modified by external intervention.
- BCDN biometric data capture device serial number
- a shared symmetric key or a private key associated with the BCD are stored in a memory internal to the BCD and can be read by an encryption module internal to the BCD and authorized personnel but cannot be modified by external intervention.
- the BCDN and shared symmetric key or private key are destroyed by overwriting the locations in memory in which they are stored when an unauthorized user opens the BCD.
- the present invention also includes a system and method of verifying live capture of biometric data.
- An embodiment of the method of verifying live capture of biometric data according to the present invention comprises capturing a sequence of characteristic feature inputs by a user, extracting from the sequence a time-varying property of the characteristic feature inputs wherein said time-varying property is known to evolve in a predictable manner, and comparing the evolution of the time-varying property against a predictive model
- the system of verifying live capture of biometric data according to the present invention comprises a biometric sensor for capturing a characteristic feature of a user, a sensor driver for acquiring biometric data corresponding to the user and means for verifying live capture of the biometric data.
- the present invention also includes a method of preventing re-use of captured biometric data.
- An embodiment of the method comprises generating a first session key, using the first session key to decrypt encrypted captured biometric data, and destroying the first session key.
- a further embodiment of the method comprises generating a first message identification code, decrypting encrypted captured biometric data and a second message identification code, and destroying the first message identification code.
- the present invention further includes a method of registering a BCD and a method of registering a user of an authentication system.
- An embodiment of the method of registering a BCD according to the present invention comprises assigning an encryption key to the BCD, writing a first at least a portion of the encryption key and a BCDN corresponding to the BCD into a database, and writing a second at least a portion of the encryption key and BCDN into a memory internal to the BCD.
- An embodiment of the method of registering a BCD according to the present invention comprises assigning an ID to the user, capturing live biometric data for the user, storing the biometric data and associated ID in a database, and defining a list of applications to which the user is authorized access.
- FIG. 1 shows an authentication system typical of the prior art
- FIG. 2 shows an authentication system according to the invention.
- FIG. 3 shows an example of an authentication method according to the invention.
- the invention generally concerns a secure user authentication system and method based on verification of biometric information unique to the user for restricting physical access to locations and/or logical access to information, wherein potential fraudulent use of the system is thwarted by preventing the biometric information from being used more than once,
- the system includes a tamper resistant biometric data capture device which may further include a module which verifies that only biometric data captured live may be used to authenticate a user seeking physical or logical access.
- the invention is a secure solution to the security holes inherent in prior art systems and methods of user authentication. An example of a user authentication system according to the present invention is shown in FIG. 2.
- the system comprises a secure server 210, a database 220 connected to the server, a client 230 connected to the server, and a biometric data capture device (BCD) 240 connected to the client.
- the server 210 controls access to a location, for example a building or safe ("physical access") or to information, for example a bank or computer account or a computer file ("logical access").
- the server itself is made secure by safeguarding it by some physical means, for example placing it in a location to which access is strictly limited, and/or digital means, for example a digital firewall. Other methods of securing the server Will be evident to those skilled in the art.
- the server comprises a random number generator 212 for generating a request number (RN) 214 which serves as a session key or a current message identification code, a communication module 216, comprising communication hardware, for example a modem, and associated software, for example a modem driver, an encryption module 218 which performs encryption and decryption functions, and a server memory (not shown).
- RN request number
- the encryption and decryption algorithms executed by the encryption module are well known in the art and may be resident on one or more application specific integrated circuits (ASIC).
- ASIC application specific integrated circuits
- ECC elliptic curve cryptosystems
- the server database stores information relevant to the authentication process, for example a BCD serial number (BCDN) 222 unique to each BCD, an encryption key (EK) 224 corresponding to each BCD, a user identification code (ED) 226 unique to each user, and biometric data (BD) 228 corresponding to each ED, previously captured by a BCD.
- the EK may take the form of any number of encryption keys known in the art, for example a shared symmetric key or a public key pair comprising a public key and corresponding private key.
- the public key of a public key pair is assumed to be accessible to all, while access to the corresponding private key is restricted, and there is a trusted third party which issues a public key certificate indicating the entity (e.g.
- the EK is shared by both the server and the BCD
- the server stores its own private key and a public key corresponding to the BCD's p ⁇ vate key
- the BCD stores its own private key and a public key corresponding to the seivcr's p ⁇ vate key
- the database may be resident as data on a memory device internal to the server or as a data file on a peripheral memory device, for example a disk d ⁇ ve, CD ROM, etc
- the user identification code may be a st ⁇ ng of nume ⁇ c or alphanume ⁇ c characters
- the client 230 is an interface between the server and the BCD, allowing data, for example an ED, BCDN, or request for authentication, to be input into the system by a user 250
- the client also allows the transmission of encrypted messages back and forth between the server and the BCD
- servers and clients within the scope of the invention include financial systems such as the existing ATM networks, stock exchange systems, database systems, secu ⁇ ty systems, and general purpose computer networks, where the server stores valuable information and a client may be a terminal through which a user can access the server to effectuate desired operations and/or transactions
- financial systems such as the existing ATM networks, stock exchange systems, database systems, secu ⁇ ty systems, and general purpose computer networks
- a client may be a terminal through which a user can access the server to effectuate desired operations and/or transactions
- a large number of servers, clients, and server databases adapted for use With biomet ⁇ c information authentication are known m the art, and all are within the scope of the invention
- the BCD 240 captures biomet ⁇ c information from the user seeking authentication, such as one or more fingerp ⁇ nts, a facial image, voice pattern, image of the retina or ins, etc , and transmits and receives this and other information through the client to and from the server
- the BCD is an integrated hardware apparatus
- the device compnses a biometric data acquisition module 242, a communication module 244, an encryption module 246, and a memory 248
- the biomet ⁇ c data acquisition module 242 compnses a biometnc sensor and an associated software dnver for captunng data
- a number of biomet ⁇ c sensors and associated dnvers are known in the art, for example video cameras for recording facial images, fmgerp ⁇ nt scanners, ins/retinal scanners, and voice recording systems All are within the scope of the invention
- the communication module 244 compnses communication hardware, for example a modem, and associated software, for example a modem dnver
- the encryption module 246 performs encryption and
- the EK may take the form of any number of encryption keys known in the art, for example a shared symmetric key or the private key of a public key pair,
- the BCDN and EK can be re-written by an authorized party such as a system administrator or repair technician.
- the BCDN and EK can be rewritten by such external intervention but are readable only by the encryption module. If the BCD is opened by an unauthorized party, the EK and BCDN will be destroyed by erasing them from the memory. This can be achieved by a re-write routine triggered by the opening of the BCD: upon opening, a memory write routine is triggered, causing zeros or random numbers, for example, to be written into the memory locations of the BCDN and EK.
- the biometric data acquisition module 242 is preferably designed to ensure that the biometric data is captured live, in real time, as part of the authentication process. This is achieved by verifying the characteristics of a sequence of biometric images as a person allows his or her biometric data to be captured by the biometric sensor. For example, as the person places his or her finger on the scanner, a sequence of images is captured. It has been observed that the captured image changes within the sequence. Because of the elasticity of the finger, the traces of the feature points possess an identifiable characteristic. The variation between the image features of different frames can be calculated to indicate whether the biometric trait has been captured live. For fingerprint capturing, several of the sensors known in the art are designed to detect only fingerprint images captured live.
- a user seeking physical or logical access through a client must be the same person whose biometric data is captured by the biometric sensor.
- the user initiates the authentication process for physical or logical access at a client by entering his or her ID (305).
- the server, through the client may prompt the user to input his or her ED.
- the BCDN may already be known to the client.
- the server, through the client may prompt the user to input the BCDN.
- the server receives the ID and BCDN from the client (310).
- the server through the client, prompts the user to input live biometric data into the BCD (315).
- the server retrieves from the database the EK, which may be any known encryption key, for example a shared symmetric key or the public key of a public key pair, corresponding to the received BCDN (320) and generates a random first RN as a session key or a message identification code (325), which is stored in the server memory.
- the server encrypts the first RN using the EK (330) and transmits the encrypted first RN to the BCD through the client (335).
- a time index indicating the time at which the encrypted first RN was transmitted to the BCD is recorded by the server in the server memory or server database for future reference (340).
- the BCD receives and decrypts, using the EK resident in the BCD memory, for example a shared symmetric key or the private key of a public key pair, the encrypted first RN (345), captures biometric data (BD) from the user (350), and stores in memory a time index indicating the time at which the BD was captured (355).
- the BCD then encrypts the BD, the time index, and auxiliary data in an encrypted message using a second RN generated from the first RN as a session key (360).
- the BCD employs the shared symmetric key or the public key of a public key pair corresponding to the server to encrypt the BD, time index, auxiliary data and a second RN generated from the first RN.
- the BCD then transmits the encrypted message through the client to the server (365).
- the data items and their order in the encrypted message are preferably pre-defined among the server and all capturing devices linked to the server.
- the server receives and decrypts the encrypted message from the BCD (370), using the first session key (retrieved from the server memory) if the first RN is used as a session key, or an encryption key, if the first RN is used as a message identification code.
- the encryption key may be the shared symmetric key or the private key of the server's public key pair.
- the server then retrieves previously stored biometric data corresponding to the ED from the database (375).
- the server compares the retrieved BD against the BD received from the BCD to determine whether there is a match (380) and calculates the elapsed time between the transmission time index and the capture time index to determine whether a time-out criterion has been violated (385), If there is a match and if there is no violation of the time-out criterion (390), then the server authenticates the user, who thereby gains physical or logical access as appropriate (395). The server subsequently deletes the first RN (399). Alternatively, if the first RN is used as a message identification code, the server will also compare the second RN (received from the BCD) against the first RN (retrieved from the server memory). Authentication of the user will then occur only if, in addition to the two requirements previously described, the first and second RN also match.
- the server does not keep a record of session keys for future reference. Systematically deleting the session key ensures that the biometric data cannot be decrypted after the time set by the time-out criterion, and that within the time window set by the time-out criterion, only the server can decrypt the biometric data and authenticate the user. Thus, the biometric data is used only once within this very short period.
- the RN is used as a message identification code
- automatic deletion of the RN assures that the server can not match a RN received from the BCD with a RN retrieved from the server memory after the RN has been used once or after a time interval which may be made as short as is practical given the time delays inherent in information transfer among the various components of the system during a single authentication operation.
- the biometric data associated with the RN is used only once.
- Registration of the BCD must be executed in a very secure way by an authorized individual (registrar), for example a system administrator or technician, who is responsible for certifying the integrity of the entire authentication system.
- An exemplary registration process may be described as follows: The registrar verifies the structural integrity of the BCD to confirm that it has not been subject to tampering.
- the registrar then reads the BCDN Written on an external surface of the BCD and assigns a unique EK, either a shared symmetric key or a public key pair, to the BCD, The registrar then writes the BCDN and corresponding at least a portion of the EK (shared symmetric key or public key of the public key pair assigned to the BCD) into the sever database and the shared symmetric key or the public key pair into the BCD memory.
- Registration of authentication system users may effected by the system administrative staff according to the following exemplary method:
- the staff assigns a user name or identification number, which may be entirely numeric or alphanumeric in content, to each user.
- Live biometric data for each user is then captured using a registered BCD.
- the biometric data and associated ID are stored in the server database.
- the staff defines a list of applications, for example physical locations or files of information to which the user is authorized access upon authentication, and stores this information in the server database with the associated ID and biometric data.
- the system and method of the invention provide a number of levels of security against fraudulent access.
- the BCDN and the EK ensure that only registered devices capture the biometric data, e.g. a registered fingerprint live-scanner captured the fingerprint image. Live biometric data ensure that only authorized individuals gain access.
- the request number session key and/or message identification code ensure that only the current message can be used only for the current authentication request.
- the time-out criterion reduces the time window during which fraudulent access can be attempted.
- any authentication request from an open network (that is, without passing through a registered BCD) will be denied. Any authentication request made using static biometric data not captured live will also be denied. Moreover, an encrypted message intercepted during transmission between the BCD and the server cannot be reused because no corresponding request number session key will be found at the server to decrypt the message or no message identification code will be available for verification of the current message.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Human Computer Interaction (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé permettant d'identifier des messages de courrier électronique redondants et de supprimer ces messages d'un ficher de messages utilisateur. L'invention concerne, en particulier, un procédé permettant d'identifier les messages redondants, qui consiste à copier des messages stockés dans un fichier de messages en deux groupes différents et à nettoyer l'un des groupes de façon à supprimer les informations de formatage et d'en-tête. Les messages nettoyés peuvent ensuite être comparés de façon à déterminer si un message particulier est totalement répété dans l'autre groupe. Les messages répétés sont supprimés de cet autre groupe, et les messages restants dans le premier groupe sont ensuite substitués par les messages du fichier de messages utilisateur, ce qui produit un fichier de messages réduit. Ledit procédé peut également s'appliquer à l'enregistrement de forums.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SG2000/000177 WO2002032308A1 (fr) | 2000-10-17 | 2000-10-17 | Procede et systeme d'authentification biometrique |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SG2000/000177 WO2002032308A1 (fr) | 2000-10-17 | 2000-10-17 | Procede et systeme d'authentification biometrique |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002032308A1 true WO2002032308A1 (fr) | 2002-04-25 |
Family
ID=20428881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SG2000/000177 WO2002032308A1 (fr) | 2000-10-17 | 2000-10-17 | Procede et systeme d'authentification biometrique |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2002032308A1 (fr) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004001656A2 (fr) | 2002-05-21 | 2003-12-31 | Bio-Key International, Inc. | Systemes et procedes d'authentification securisee |
WO2004006076A2 (fr) * | 2002-07-03 | 2004-01-15 | Aurora Wireless Technologies, Ltd. | Infrastructure de clé privée biométrique |
WO2004072870A1 (fr) | 2003-02-11 | 2004-08-26 | Argus Solutions Ltd | Controle de la gestion de substances pharmaceutiques |
WO2005004037A1 (fr) * | 2003-07-03 | 2005-01-13 | Argus Solutions Ltd | Controle de la gestion des biens |
US20080126811A1 (en) * | 2006-11-24 | 2008-05-29 | Wei Chang | Method for authorized-user verification and related apparatus |
WO2008081051A1 (fr) * | 2006-12-29 | 2008-07-10 | Doyen, S.L. | Procédé et système de sécurité par identification biométrique des personnes |
US7415605B2 (en) | 2002-05-21 | 2008-08-19 | Bio-Key International, Inc. | Biometric identification network security |
EP1975885A1 (fr) * | 2007-03-28 | 2008-10-01 | Mohammed A. Geoffrey | Système et procédé de certification et d'authentification électronique |
US7672457B2 (en) * | 2003-06-30 | 2010-03-02 | Fujitsu Limited | Computer-readable recording medium recording a wireless communication authentication program |
EP2989537A4 (fr) * | 2014-05-19 | 2016-11-02 | American Express Travel Relate | Authentification par phrase de passe biométrique |
EP3190543A1 (fr) * | 2015-01-07 | 2017-07-12 | eMemory Technology Inc. | Procédé de cryptage dynamique de données d'empreintes digitales et capteur d'empreintes associé |
WO2018083494A1 (fr) * | 2016-11-07 | 2018-05-11 | Cirrus Logic International Semiconductor Limited | Procédés et appareil d'authentification dans un dispositif électronique |
IT201700036682A1 (it) * | 2017-04-04 | 2018-10-04 | Luciano Pietrantonio | Sistema di controllo per apparati di accesso |
US10691780B2 (en) | 2016-08-03 | 2020-06-23 | Cirrus Logic, Inc. | Methods and apparatus for authentication in an electronic device |
US10878068B2 (en) | 2016-08-03 | 2020-12-29 | Cirrus Logic, Inc. | Methods and apparatus for authentication in an electronic device |
US11522871B1 (en) * | 2016-04-20 | 2022-12-06 | Wells Fargo Bank, N.A. | Verifying secure transactions through distributed nodes |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5229764A (en) * | 1991-06-20 | 1993-07-20 | Matchett Noel D | Continuous biometric authentication matrix |
US6076167A (en) * | 1996-12-04 | 2000-06-13 | Dew Engineering And Development Limited | Method and system for improving security in network applications |
-
2000
- 2000-10-17 WO PCT/SG2000/000177 patent/WO2002032308A1/fr active Search and Examination
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5229764A (en) * | 1991-06-20 | 1993-07-20 | Matchett Noel D | Continuous biometric authentication matrix |
US6076167A (en) * | 1996-12-04 | 2000-06-13 | Dew Engineering And Development Limited | Method and system for improving security in network applications |
Cited By (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7415605B2 (en) | 2002-05-21 | 2008-08-19 | Bio-Key International, Inc. | Biometric identification network security |
US8214652B2 (en) | 2002-05-21 | 2012-07-03 | BIO-key International. Inc. | Biometric identification network security |
EP1537513A2 (fr) * | 2002-05-21 | 2005-06-08 | Bio-Key International, Inc. | Systemes et procedes d'authentification securisee |
EP1537513A4 (fr) * | 2002-05-21 | 2007-02-07 | Bio Key Int Inc | Systemes et procedes d'authentification securisee |
WO2004001656A2 (fr) | 2002-05-21 | 2003-12-31 | Bio-Key International, Inc. | Systemes et procedes d'authentification securisee |
WO2004006076A2 (fr) * | 2002-07-03 | 2004-01-15 | Aurora Wireless Technologies, Ltd. | Infrastructure de clé privée biométrique |
WO2004006076A3 (fr) * | 2002-07-03 | 2004-04-22 | Aurora Wireless Technologies L | Infrastructure de clé privée biométrique |
CN100342294C (zh) * | 2002-07-03 | 2007-10-10 | 富利科技有限公司 | 生物计量私用密钥基础结构 |
WO2004072870A1 (fr) | 2003-02-11 | 2004-08-26 | Argus Solutions Ltd | Controle de la gestion de substances pharmaceutiques |
EP1593073A1 (fr) * | 2003-02-11 | 2005-11-09 | Argus Solutions PTY Ltd. | Controle de la gestion de substances pharmaceutiques |
EP1593073A4 (fr) * | 2003-02-11 | 2007-01-24 | Argus Solutions Pty Ltd | Controle de la gestion de substances pharmaceutiques |
EP2287768A1 (fr) * | 2003-02-11 | 2011-02-23 | Pharmasea International Pty Ltd. | Contrôle de la gestion de substances pharmaceutiques |
US7672457B2 (en) * | 2003-06-30 | 2010-03-02 | Fujitsu Limited | Computer-readable recording medium recording a wireless communication authentication program |
WO2005004037A1 (fr) * | 2003-07-03 | 2005-01-13 | Argus Solutions Ltd | Controle de la gestion des biens |
US20080126811A1 (en) * | 2006-11-24 | 2008-05-29 | Wei Chang | Method for authorized-user verification and related apparatus |
WO2008081051A1 (fr) * | 2006-12-29 | 2008-07-10 | Doyen, S.L. | Procédé et système de sécurité par identification biométrique des personnes |
EP1975885A1 (fr) * | 2007-03-28 | 2008-10-01 | Mohammed A. Geoffrey | Système et procédé de certification et d'authentification électronique |
US10438204B2 (en) | 2014-05-19 | 2019-10-08 | American Express Travel Related Services Copmany, Inc. | Authentication via biometric passphrase |
EP2989537A4 (fr) * | 2014-05-19 | 2016-11-02 | American Express Travel Relate | Authentification par phrase de passe biométrique |
US11282081B2 (en) | 2014-05-19 | 2022-03-22 | American Express Travel Related Services Company, Inc. | Authentication via biometric passphrase |
EP3190543A1 (fr) * | 2015-01-07 | 2017-07-12 | eMemory Technology Inc. | Procédé de cryptage dynamique de données d'empreintes digitales et capteur d'empreintes associé |
US11522871B1 (en) * | 2016-04-20 | 2022-12-06 | Wells Fargo Bank, N.A. | Verifying secure transactions through distributed nodes |
US10691780B2 (en) | 2016-08-03 | 2020-06-23 | Cirrus Logic, Inc. | Methods and apparatus for authentication in an electronic device |
US10878068B2 (en) | 2016-08-03 | 2020-12-29 | Cirrus Logic, Inc. | Methods and apparatus for authentication in an electronic device |
CN110023934A (zh) * | 2016-11-07 | 2019-07-16 | 思睿逻辑国际半导体有限公司 | 用于电子设备中的认证的方法和装置 |
US10552595B2 (en) | 2016-11-07 | 2020-02-04 | Cirrus Logic, Inc. | Methods and apparatus for authentication in an electronic device |
KR20190077066A (ko) * | 2016-11-07 | 2019-07-02 | 시러스 로직 인터내셔널 세미컨덕터 리미티드 | 전자 디바이스에서의 인증을 위한 방법들 및 장치 |
KR102343743B1 (ko) | 2016-11-07 | 2021-12-24 | 시러스 로직 인터내셔널 세미컨덕터 리미티드 | 전자 디바이스에서의 인증을 위한 방법들 및 장치 |
CN110023934B (zh) * | 2016-11-07 | 2022-04-29 | 思睿逻辑国际半导体有限公司 | 生物测定认证系统及该系统中的方法及电子设备 |
WO2018083494A1 (fr) * | 2016-11-07 | 2018-05-11 | Cirrus Logic International Semiconductor Limited | Procédés et appareil d'authentification dans un dispositif électronique |
IT201700036682A1 (it) * | 2017-04-04 | 2018-10-04 | Luciano Pietrantonio | Sistema di controllo per apparati di accesso |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6148404A (en) | Authentication system using authentication information valid one-time | |
O'Gorman | Comparing passwords, tokens, and biometrics for user authentication | |
JP3754004B2 (ja) | データ更新方法 | |
KR101226651B1 (ko) | 생체 인식 기술의 사용에 기초한 사용자 인증 방법 및 관련구조 | |
US9294288B2 (en) | Facilitating secure online transactions | |
US7805614B2 (en) | Secure local or remote biometric(s) identity and privilege (BIOTOKEN) | |
US6073237A (en) | Tamper resistant method and apparatus | |
US7415605B2 (en) | Biometric identification network security | |
US4993068A (en) | Unforgeable personal identification system | |
EP0986209B1 (fr) | Système d'authentification à distance | |
JP4668551B2 (ja) | 個人認証デバイスとこのシステムおよび方法 | |
US8499147B2 (en) | Account management system, root-account management apparatus, derived-account management apparatus, and program | |
US20020056043A1 (en) | Method and apparatus for securely transmitting and authenticating biometric data over a network | |
US20080098469A1 (en) | Authentication entity device, verification device and authentication request device | |
WO2003007121A2 (fr) | Procede et systeme permettant de determiner la confidence dans une transaction numerique | |
JP2008538146A (ja) | バイオメトリック・テンプレートのプライバシー保護のためのアーキテクチャ | |
WO2002032308A1 (fr) | Procede et systeme d'authentification biometrique | |
US20060021066A1 (en) | Data encryption system and method | |
US20140258718A1 (en) | Method and system for secure transmission of biometric data | |
JP2008167107A (ja) | 公開鍵基盤を利用したチャレンジ・レスポンス認証方法 | |
JP2015525409A (ja) | 高安全性生体認証アクセス制御のためのシステム及び方法 | |
JP2001249901A (ja) | 認証装置およびその方法、並びに、記憶媒体 | |
JP4226582B2 (ja) | データ更新システム | |
Cavoukian et al. | Keynote paper: Biometric encryption: Technology for strong authentication, security and privacy | |
Deswarte et al. | A Proposal for a Privacy-preserving National Identity Card. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): SG US |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) |