WO2002032308A1 - Procede et systeme d'authentification biometrique - Google Patents

Procede et systeme d'authentification biometrique Download PDF

Info

Publication number
WO2002032308A1
WO2002032308A1 PCT/SG2000/000177 SG0000177W WO0232308A1 WO 2002032308 A1 WO2002032308 A1 WO 2002032308A1 SG 0000177 W SG0000177 W SG 0000177W WO 0232308 A1 WO0232308 A1 WO 0232308A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
biometric data
mic
encryption
encryption key
Prior art date
Application number
PCT/SG2000/000177
Other languages
English (en)
Inventor
Weimin Huang
Jiankang Wu
Chian Prong Lam
Original Assignee
Kent Ridge Digital Labs
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kent Ridge Digital Labs filed Critical Kent Ridge Digital Labs
Priority to PCT/SG2000/000177 priority Critical patent/WO2002032308A1/fr
Publication of WO2002032308A1 publication Critical patent/WO2002032308A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/38Individual registration on entry or exit not involving the use of a pass with central registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the invention relates to a system and method for restricting physical and/or logical access, and more particularly to a secure system and method for authenticating biometric data which prevents authentication of biometric data captured outside the system and reuse of biometric data captured within the system after a single authentication attempt.
  • biometric data corresponding to an individual 150 is captured on-line, on a biometric data capture device 140 connected to a client 130, and then sent to an authentication server 110 together with auxiliary data, for example the customer's birthday, address, banking account information, etc.
  • the server Upon receiving the biometric data, the server compares the received biometric data against biometric data previously stored in the database 120. If the received biometric data match stored biometric data, then the server authenticates the individual, who thereby gains access to the information or location guarded by the system.
  • the network connection between the client and server may not be secure. There is a need for a secure link between the client and server to prevent access to these communications by Unauthorized persons.
  • the client itself must be very secure. Otherwise, someone may use biometric data captured previously or elsewhere for authentication.
  • the capturing device may be susceptible to tampering, and the link between the capturing device and client is ulnerable.
  • U.S. Patent No. 5,933,625 discloses a unique time generating device incorporated in a computer and a device allowing sequentially manufactured computers incorporating such a unique lime generating device to authenticate each other over a network.
  • Each unique time generating device accumulates elapsed time in unit increments from a starting point which is different for each time generating device, where the starting point assigned to each unique time device is different by a predetermined interval. Using this device, mutual authentication can be achieved on the basis of the accumulated time by each computer.
  • the unique time data can also be used as a single-use password.
  • a previously stored PIN is accessed from a data file.
  • the server By applying the same encryption algorithm to the previously stored PIN and the random number transferred from the client, the server generates a new user identifier code, which it compares to that received from the client. A match indicates an authorized user,
  • a dynamic identifier code dependent on the random number generated by the client, is used to obviate the need for transferring the PEN to the server.
  • the user PIN may be forgotten, stolen, damaged or lost. In such a case, a fraudulent user identifier code can be generated.
  • Another method for achieving secure transmission of information is the use of a one-time encryption key (session key), as disclosed in Canada Patent Nos. 1,340,092 and 2,236,406.
  • Canada Patent No. 2,105,404 uses biometric information as part of the "seed" for generating a token, with other information such as time-varying information (e.g. the time of day) or a fixed code (e.g. PIN).
  • time-varying information e.g. the time of day
  • fixed code e.g. PIN
  • the token is then communicalcd to a host system or access device to determine whether access to the host is permitted
  • the host must be synchronized With the security mechanism so that the time varying code is identical
  • U S Patent No 5,343,529 uses a server-generated request identifier that is specific to each transaction to ensure that access information is different foi each transaction
  • the servei sends the request identifier to the client requesting access and retneves a user identifier from a database
  • authentication code generators at the client and at the server independently generate an authentication code If the server and client authentication codes match, the server permits access
  • the user identifier is obtained by someone other than the corresponding user, fraudulent access can be gained
  • such a method cannot be used in an authentication system based on verification of biomet ⁇ c data because the irreversible transformation Will not generate the same code for different biomet ⁇ c data samples, as explained in the following
  • the irreversible transformation is applied to bit st ⁇ ngs of the biometnc data If the bit st ⁇ ngs are different, the irreversible transform results Will also be different Biomet ⁇ cs samples, even for a single personal characte ⁇ s
  • U S Patent No 5,870,723 provides a token-less biomet ⁇ c commercial transaction autho ⁇ zation method and system It uses a message sequence number, incremented each time a message is sent from a biomet ⁇ c input apparatus (BIA), to indicate each separate attempt to use the device It also uses a transmission code comp ⁇ sing a hardware identification code together with the incrementing sequence number to identify the sending BIA and to detect resubm ⁇ ssion attacks.
  • the system disclosed in this reference is not readily adapted to use as a multi-purpose device.
  • the present invention presents a solution to the security holes inherent in prior art systems and methods of user authentication.
  • the present invention includes a system and method of authenticating biometric data.
  • An embodiment of the method according to the present invention comprises encrypting a First session key with a first encryption key (EK), receiving and decrypting the first session key using a second EK, capturing biometric data (BD) corresponding to a user, encrypting the captured BD using a second session key, receiving and decrypting the encrypted captured BD using the first session key, comparing the captured BD and previously stored BD and verifying that an elapsed time between transmission of the first session key and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first session key.
  • EK encryption key
  • BD biometric data
  • Another embodiment of the method according to the present invention comprises encrypting a first message identification code (MIC) with a first encryption key, receiving and decrypting the first MIC using a second encryption key, capturing BD corresponding to a user, encrypting the captured BD and a second MIC using the second encryption key, receiving and decrypting the encrypted captured BD and second MIC using the first encryption key, comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and verifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first MIC.
  • MIC message identification code
  • Another embodiment of the method according to the present invention comprises encrypting a first MIC with a first at least a portion of a first encryption key, receiving and decrypting the first MIC using a second at least a portion of the first encryption key, capturing BD corresponding to a user, encrypting the captured BD and a second MIC using a first at least a portion of a second encryption key, receiving and decrypting the encrypted captured BD and second MIC using a second at least a portion of the second encryption key, comparing the captured BD and previously stored BD, comparing the second MIC and the first MIC, and erifying that an elapsed time between transmission of the first MIC and transmission of the encrypted captured BD does not violate a timeout criterion, so as to authenticate the captured BD, and destroying the first MIC.
  • An embodiment of a system for authenticating biometric data comprises a secure server, a database connected to the server for storing first biometric data corresponding to a unique user identification code (ID), a client connected to the server, and a biometric data capture device (BCD) connected to the client for capturing second biometric data from a user, wherein the BCD consists of an integrated hardware unit.
  • ID unique user identification code
  • BCD biometric data capture device
  • a biometric data capture device serial number (BCDN) and a shared symmetric key or a private key associated with the BCD are stored in a memory internal to the BCD and can be read by an encryption module internal to the BCD and authorized personnel but cannot be modified by external intervention.
  • BCDN biometric data capture device serial number
  • a shared symmetric key or a private key associated with the BCD are stored in a memory internal to the BCD and can be read by an encryption module internal to the BCD and authorized personnel but cannot be modified by external intervention.
  • the BCDN and shared symmetric key or private key are destroyed by overwriting the locations in memory in which they are stored when an unauthorized user opens the BCD.
  • the present invention also includes a system and method of verifying live capture of biometric data.
  • An embodiment of the method of verifying live capture of biometric data according to the present invention comprises capturing a sequence of characteristic feature inputs by a user, extracting from the sequence a time-varying property of the characteristic feature inputs wherein said time-varying property is known to evolve in a predictable manner, and comparing the evolution of the time-varying property against a predictive model
  • the system of verifying live capture of biometric data according to the present invention comprises a biometric sensor for capturing a characteristic feature of a user, a sensor driver for acquiring biometric data corresponding to the user and means for verifying live capture of the biometric data.
  • the present invention also includes a method of preventing re-use of captured biometric data.
  • An embodiment of the method comprises generating a first session key, using the first session key to decrypt encrypted captured biometric data, and destroying the first session key.
  • a further embodiment of the method comprises generating a first message identification code, decrypting encrypted captured biometric data and a second message identification code, and destroying the first message identification code.
  • the present invention further includes a method of registering a BCD and a method of registering a user of an authentication system.
  • An embodiment of the method of registering a BCD according to the present invention comprises assigning an encryption key to the BCD, writing a first at least a portion of the encryption key and a BCDN corresponding to the BCD into a database, and writing a second at least a portion of the encryption key and BCDN into a memory internal to the BCD.
  • An embodiment of the method of registering a BCD according to the present invention comprises assigning an ID to the user, capturing live biometric data for the user, storing the biometric data and associated ID in a database, and defining a list of applications to which the user is authorized access.
  • FIG. 1 shows an authentication system typical of the prior art
  • FIG. 2 shows an authentication system according to the invention.
  • FIG. 3 shows an example of an authentication method according to the invention.
  • the invention generally concerns a secure user authentication system and method based on verification of biometric information unique to the user for restricting physical access to locations and/or logical access to information, wherein potential fraudulent use of the system is thwarted by preventing the biometric information from being used more than once,
  • the system includes a tamper resistant biometric data capture device which may further include a module which verifies that only biometric data captured live may be used to authenticate a user seeking physical or logical access.
  • the invention is a secure solution to the security holes inherent in prior art systems and methods of user authentication. An example of a user authentication system according to the present invention is shown in FIG. 2.
  • the system comprises a secure server 210, a database 220 connected to the server, a client 230 connected to the server, and a biometric data capture device (BCD) 240 connected to the client.
  • the server 210 controls access to a location, for example a building or safe ("physical access") or to information, for example a bank or computer account or a computer file ("logical access").
  • the server itself is made secure by safeguarding it by some physical means, for example placing it in a location to which access is strictly limited, and/or digital means, for example a digital firewall. Other methods of securing the server Will be evident to those skilled in the art.
  • the server comprises a random number generator 212 for generating a request number (RN) 214 which serves as a session key or a current message identification code, a communication module 216, comprising communication hardware, for example a modem, and associated software, for example a modem driver, an encryption module 218 which performs encryption and decryption functions, and a server memory (not shown).
  • RN request number
  • the encryption and decryption algorithms executed by the encryption module are well known in the art and may be resident on one or more application specific integrated circuits (ASIC).
  • ASIC application specific integrated circuits
  • ECC elliptic curve cryptosystems
  • the server database stores information relevant to the authentication process, for example a BCD serial number (BCDN) 222 unique to each BCD, an encryption key (EK) 224 corresponding to each BCD, a user identification code (ED) 226 unique to each user, and biometric data (BD) 228 corresponding to each ED, previously captured by a BCD.
  • the EK may take the form of any number of encryption keys known in the art, for example a shared symmetric key or a public key pair comprising a public key and corresponding private key.
  • the public key of a public key pair is assumed to be accessible to all, while access to the corresponding private key is restricted, and there is a trusted third party which issues a public key certificate indicating the entity (e.g.
  • the EK is shared by both the server and the BCD
  • the server stores its own private key and a public key corresponding to the BCD's p ⁇ vate key
  • the BCD stores its own private key and a public key corresponding to the seivcr's p ⁇ vate key
  • the database may be resident as data on a memory device internal to the server or as a data file on a peripheral memory device, for example a disk d ⁇ ve, CD ROM, etc
  • the user identification code may be a st ⁇ ng of nume ⁇ c or alphanume ⁇ c characters
  • the client 230 is an interface between the server and the BCD, allowing data, for example an ED, BCDN, or request for authentication, to be input into the system by a user 250
  • the client also allows the transmission of encrypted messages back and forth between the server and the BCD
  • servers and clients within the scope of the invention include financial systems such as the existing ATM networks, stock exchange systems, database systems, secu ⁇ ty systems, and general purpose computer networks, where the server stores valuable information and a client may be a terminal through which a user can access the server to effectuate desired operations and/or transactions
  • financial systems such as the existing ATM networks, stock exchange systems, database systems, secu ⁇ ty systems, and general purpose computer networks
  • a client may be a terminal through which a user can access the server to effectuate desired operations and/or transactions
  • a large number of servers, clients, and server databases adapted for use With biomet ⁇ c information authentication are known m the art, and all are within the scope of the invention
  • the BCD 240 captures biomet ⁇ c information from the user seeking authentication, such as one or more fingerp ⁇ nts, a facial image, voice pattern, image of the retina or ins, etc , and transmits and receives this and other information through the client to and from the server
  • the BCD is an integrated hardware apparatus
  • the device compnses a biometric data acquisition module 242, a communication module 244, an encryption module 246, and a memory 248
  • the biomet ⁇ c data acquisition module 242 compnses a biometnc sensor and an associated software dnver for captunng data
  • a number of biomet ⁇ c sensors and associated dnvers are known in the art, for example video cameras for recording facial images, fmgerp ⁇ nt scanners, ins/retinal scanners, and voice recording systems All are within the scope of the invention
  • the communication module 244 compnses communication hardware, for example a modem, and associated software, for example a modem dnver
  • the encryption module 246 performs encryption and
  • the EK may take the form of any number of encryption keys known in the art, for example a shared symmetric key or the private key of a public key pair,
  • the BCDN and EK can be re-written by an authorized party such as a system administrator or repair technician.
  • the BCDN and EK can be rewritten by such external intervention but are readable only by the encryption module. If the BCD is opened by an unauthorized party, the EK and BCDN will be destroyed by erasing them from the memory. This can be achieved by a re-write routine triggered by the opening of the BCD: upon opening, a memory write routine is triggered, causing zeros or random numbers, for example, to be written into the memory locations of the BCDN and EK.
  • the biometric data acquisition module 242 is preferably designed to ensure that the biometric data is captured live, in real time, as part of the authentication process. This is achieved by verifying the characteristics of a sequence of biometric images as a person allows his or her biometric data to be captured by the biometric sensor. For example, as the person places his or her finger on the scanner, a sequence of images is captured. It has been observed that the captured image changes within the sequence. Because of the elasticity of the finger, the traces of the feature points possess an identifiable characteristic. The variation between the image features of different frames can be calculated to indicate whether the biometric trait has been captured live. For fingerprint capturing, several of the sensors known in the art are designed to detect only fingerprint images captured live.
  • a user seeking physical or logical access through a client must be the same person whose biometric data is captured by the biometric sensor.
  • the user initiates the authentication process for physical or logical access at a client by entering his or her ID (305).
  • the server, through the client may prompt the user to input his or her ED.
  • the BCDN may already be known to the client.
  • the server, through the client may prompt the user to input the BCDN.
  • the server receives the ID and BCDN from the client (310).
  • the server through the client, prompts the user to input live biometric data into the BCD (315).
  • the server retrieves from the database the EK, which may be any known encryption key, for example a shared symmetric key or the public key of a public key pair, corresponding to the received BCDN (320) and generates a random first RN as a session key or a message identification code (325), which is stored in the server memory.
  • the server encrypts the first RN using the EK (330) and transmits the encrypted first RN to the BCD through the client (335).
  • a time index indicating the time at which the encrypted first RN was transmitted to the BCD is recorded by the server in the server memory or server database for future reference (340).
  • the BCD receives and decrypts, using the EK resident in the BCD memory, for example a shared symmetric key or the private key of a public key pair, the encrypted first RN (345), captures biometric data (BD) from the user (350), and stores in memory a time index indicating the time at which the BD was captured (355).
  • the BCD then encrypts the BD, the time index, and auxiliary data in an encrypted message using a second RN generated from the first RN as a session key (360).
  • the BCD employs the shared symmetric key or the public key of a public key pair corresponding to the server to encrypt the BD, time index, auxiliary data and a second RN generated from the first RN.
  • the BCD then transmits the encrypted message through the client to the server (365).
  • the data items and their order in the encrypted message are preferably pre-defined among the server and all capturing devices linked to the server.
  • the server receives and decrypts the encrypted message from the BCD (370), using the first session key (retrieved from the server memory) if the first RN is used as a session key, or an encryption key, if the first RN is used as a message identification code.
  • the encryption key may be the shared symmetric key or the private key of the server's public key pair.
  • the server then retrieves previously stored biometric data corresponding to the ED from the database (375).
  • the server compares the retrieved BD against the BD received from the BCD to determine whether there is a match (380) and calculates the elapsed time between the transmission time index and the capture time index to determine whether a time-out criterion has been violated (385), If there is a match and if there is no violation of the time-out criterion (390), then the server authenticates the user, who thereby gains physical or logical access as appropriate (395). The server subsequently deletes the first RN (399). Alternatively, if the first RN is used as a message identification code, the server will also compare the second RN (received from the BCD) against the first RN (retrieved from the server memory). Authentication of the user will then occur only if, in addition to the two requirements previously described, the first and second RN also match.
  • the server does not keep a record of session keys for future reference. Systematically deleting the session key ensures that the biometric data cannot be decrypted after the time set by the time-out criterion, and that within the time window set by the time-out criterion, only the server can decrypt the biometric data and authenticate the user. Thus, the biometric data is used only once within this very short period.
  • the RN is used as a message identification code
  • automatic deletion of the RN assures that the server can not match a RN received from the BCD with a RN retrieved from the server memory after the RN has been used once or after a time interval which may be made as short as is practical given the time delays inherent in information transfer among the various components of the system during a single authentication operation.
  • the biometric data associated with the RN is used only once.
  • Registration of the BCD must be executed in a very secure way by an authorized individual (registrar), for example a system administrator or technician, who is responsible for certifying the integrity of the entire authentication system.
  • An exemplary registration process may be described as follows: The registrar verifies the structural integrity of the BCD to confirm that it has not been subject to tampering.
  • the registrar then reads the BCDN Written on an external surface of the BCD and assigns a unique EK, either a shared symmetric key or a public key pair, to the BCD, The registrar then writes the BCDN and corresponding at least a portion of the EK (shared symmetric key or public key of the public key pair assigned to the BCD) into the sever database and the shared symmetric key or the public key pair into the BCD memory.
  • Registration of authentication system users may effected by the system administrative staff according to the following exemplary method:
  • the staff assigns a user name or identification number, which may be entirely numeric or alphanumeric in content, to each user.
  • Live biometric data for each user is then captured using a registered BCD.
  • the biometric data and associated ID are stored in the server database.
  • the staff defines a list of applications, for example physical locations or files of information to which the user is authorized access upon authentication, and stores this information in the server database with the associated ID and biometric data.
  • the system and method of the invention provide a number of levels of security against fraudulent access.
  • the BCDN and the EK ensure that only registered devices capture the biometric data, e.g. a registered fingerprint live-scanner captured the fingerprint image. Live biometric data ensure that only authorized individuals gain access.
  • the request number session key and/or message identification code ensure that only the current message can be used only for the current authentication request.
  • the time-out criterion reduces the time window during which fraudulent access can be attempted.
  • any authentication request from an open network (that is, without passing through a registered BCD) will be denied. Any authentication request made using static biometric data not captured live will also be denied. Moreover, an encrypted message intercepted during transmission between the BCD and the server cannot be reused because no corresponding request number session key will be found at the server to decrypt the message or no message identification code will be available for verification of the current message.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé permettant d'identifier des messages de courrier électronique redondants et de supprimer ces messages d'un ficher de messages utilisateur. L'invention concerne, en particulier, un procédé permettant d'identifier les messages redondants, qui consiste à copier des messages stockés dans un fichier de messages en deux groupes différents et à nettoyer l'un des groupes de façon à supprimer les informations de formatage et d'en-tête. Les messages nettoyés peuvent ensuite être comparés de façon à déterminer si un message particulier est totalement répété dans l'autre groupe. Les messages répétés sont supprimés de cet autre groupe, et les messages restants dans le premier groupe sont ensuite substitués par les messages du fichier de messages utilisateur, ce qui produit un fichier de messages réduit. Ledit procédé peut également s'appliquer à l'enregistrement de forums.
PCT/SG2000/000177 2000-10-17 2000-10-17 Procede et systeme d'authentification biometrique WO2002032308A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SG2000/000177 WO2002032308A1 (fr) 2000-10-17 2000-10-17 Procede et systeme d'authentification biometrique

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG2000/000177 WO2002032308A1 (fr) 2000-10-17 2000-10-17 Procede et systeme d'authentification biometrique

Publications (1)

Publication Number Publication Date
WO2002032308A1 true WO2002032308A1 (fr) 2002-04-25

Family

ID=20428881

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2000/000177 WO2002032308A1 (fr) 2000-10-17 2000-10-17 Procede et systeme d'authentification biometrique

Country Status (1)

Country Link
WO (1) WO2002032308A1 (fr)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004001656A2 (fr) 2002-05-21 2003-12-31 Bio-Key International, Inc. Systemes et procedes d'authentification securisee
WO2004006076A2 (fr) * 2002-07-03 2004-01-15 Aurora Wireless Technologies, Ltd. Infrastructure de clé privée biométrique
WO2004072870A1 (fr) 2003-02-11 2004-08-26 Argus Solutions Ltd Controle de la gestion de substances pharmaceutiques
WO2005004037A1 (fr) * 2003-07-03 2005-01-13 Argus Solutions Ltd Controle de la gestion des biens
US20080126811A1 (en) * 2006-11-24 2008-05-29 Wei Chang Method for authorized-user verification and related apparatus
WO2008081051A1 (fr) * 2006-12-29 2008-07-10 Doyen, S.L. Procédé et système de sécurité par identification biométrique des personnes
US7415605B2 (en) 2002-05-21 2008-08-19 Bio-Key International, Inc. Biometric identification network security
EP1975885A1 (fr) * 2007-03-28 2008-10-01 Mohammed A. Geoffrey Système et procédé de certification et d'authentification électronique
US7672457B2 (en) * 2003-06-30 2010-03-02 Fujitsu Limited Computer-readable recording medium recording a wireless communication authentication program
EP2989537A4 (fr) * 2014-05-19 2016-11-02 American Express Travel Relate Authentification par phrase de passe biométrique
EP3190543A1 (fr) * 2015-01-07 2017-07-12 eMemory Technology Inc. Procédé de cryptage dynamique de données d'empreintes digitales et capteur d'empreintes associé
WO2018083494A1 (fr) * 2016-11-07 2018-05-11 Cirrus Logic International Semiconductor Limited Procédés et appareil d'authentification dans un dispositif électronique
IT201700036682A1 (it) * 2017-04-04 2018-10-04 Luciano Pietrantonio Sistema di controllo per apparati di accesso
US10691780B2 (en) 2016-08-03 2020-06-23 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
US10878068B2 (en) 2016-08-03 2020-12-29 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
US11522871B1 (en) * 2016-04-20 2022-12-06 Wells Fargo Bank, N.A. Verifying secure transactions through distributed nodes

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5229764A (en) * 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
US6076167A (en) * 1996-12-04 2000-06-13 Dew Engineering And Development Limited Method and system for improving security in network applications

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5229764A (en) * 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
US6076167A (en) * 1996-12-04 2000-06-13 Dew Engineering And Development Limited Method and system for improving security in network applications

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7415605B2 (en) 2002-05-21 2008-08-19 Bio-Key International, Inc. Biometric identification network security
US8214652B2 (en) 2002-05-21 2012-07-03 BIO-key International. Inc. Biometric identification network security
EP1537513A2 (fr) * 2002-05-21 2005-06-08 Bio-Key International, Inc. Systemes et procedes d'authentification securisee
EP1537513A4 (fr) * 2002-05-21 2007-02-07 Bio Key Int Inc Systemes et procedes d'authentification securisee
WO2004001656A2 (fr) 2002-05-21 2003-12-31 Bio-Key International, Inc. Systemes et procedes d'authentification securisee
WO2004006076A2 (fr) * 2002-07-03 2004-01-15 Aurora Wireless Technologies, Ltd. Infrastructure de clé privée biométrique
WO2004006076A3 (fr) * 2002-07-03 2004-04-22 Aurora Wireless Technologies L Infrastructure de clé privée biométrique
CN100342294C (zh) * 2002-07-03 2007-10-10 富利科技有限公司 生物计量私用密钥基础结构
WO2004072870A1 (fr) 2003-02-11 2004-08-26 Argus Solutions Ltd Controle de la gestion de substances pharmaceutiques
EP1593073A1 (fr) * 2003-02-11 2005-11-09 Argus Solutions PTY Ltd. Controle de la gestion de substances pharmaceutiques
EP1593073A4 (fr) * 2003-02-11 2007-01-24 Argus Solutions Pty Ltd Controle de la gestion de substances pharmaceutiques
EP2287768A1 (fr) * 2003-02-11 2011-02-23 Pharmasea International Pty Ltd. Contrôle de la gestion de substances pharmaceutiques
US7672457B2 (en) * 2003-06-30 2010-03-02 Fujitsu Limited Computer-readable recording medium recording a wireless communication authentication program
WO2005004037A1 (fr) * 2003-07-03 2005-01-13 Argus Solutions Ltd Controle de la gestion des biens
US20080126811A1 (en) * 2006-11-24 2008-05-29 Wei Chang Method for authorized-user verification and related apparatus
WO2008081051A1 (fr) * 2006-12-29 2008-07-10 Doyen, S.L. Procédé et système de sécurité par identification biométrique des personnes
EP1975885A1 (fr) * 2007-03-28 2008-10-01 Mohammed A. Geoffrey Système et procédé de certification et d'authentification électronique
US10438204B2 (en) 2014-05-19 2019-10-08 American Express Travel Related Services Copmany, Inc. Authentication via biometric passphrase
EP2989537A4 (fr) * 2014-05-19 2016-11-02 American Express Travel Relate Authentification par phrase de passe biométrique
US11282081B2 (en) 2014-05-19 2022-03-22 American Express Travel Related Services Company, Inc. Authentication via biometric passphrase
EP3190543A1 (fr) * 2015-01-07 2017-07-12 eMemory Technology Inc. Procédé de cryptage dynamique de données d'empreintes digitales et capteur d'empreintes associé
US11522871B1 (en) * 2016-04-20 2022-12-06 Wells Fargo Bank, N.A. Verifying secure transactions through distributed nodes
US10691780B2 (en) 2016-08-03 2020-06-23 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
US10878068B2 (en) 2016-08-03 2020-12-29 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
CN110023934A (zh) * 2016-11-07 2019-07-16 思睿逻辑国际半导体有限公司 用于电子设备中的认证的方法和装置
US10552595B2 (en) 2016-11-07 2020-02-04 Cirrus Logic, Inc. Methods and apparatus for authentication in an electronic device
KR20190077066A (ko) * 2016-11-07 2019-07-02 시러스 로직 인터내셔널 세미컨덕터 리미티드 전자 디바이스에서의 인증을 위한 방법들 및 장치
KR102343743B1 (ko) 2016-11-07 2021-12-24 시러스 로직 인터내셔널 세미컨덕터 리미티드 전자 디바이스에서의 인증을 위한 방법들 및 장치
CN110023934B (zh) * 2016-11-07 2022-04-29 思睿逻辑国际半导体有限公司 生物测定认证系统及该系统中的方法及电子设备
WO2018083494A1 (fr) * 2016-11-07 2018-05-11 Cirrus Logic International Semiconductor Limited Procédés et appareil d'authentification dans un dispositif électronique
IT201700036682A1 (it) * 2017-04-04 2018-10-04 Luciano Pietrantonio Sistema di controllo per apparati di accesso

Similar Documents

Publication Publication Date Title
US6148404A (en) Authentication system using authentication information valid one-time
O'Gorman Comparing passwords, tokens, and biometrics for user authentication
JP3754004B2 (ja) データ更新方法
KR101226651B1 (ko) 생체 인식 기술의 사용에 기초한 사용자 인증 방법 및 관련구조
US9294288B2 (en) Facilitating secure online transactions
US7805614B2 (en) Secure local or remote biometric(s) identity and privilege (BIOTOKEN)
US6073237A (en) Tamper resistant method and apparatus
US7415605B2 (en) Biometric identification network security
US4993068A (en) Unforgeable personal identification system
EP0986209B1 (fr) Système d'authentification à distance
JP4668551B2 (ja) 個人認証デバイスとこのシステムおよび方法
US8499147B2 (en) Account management system, root-account management apparatus, derived-account management apparatus, and program
US20020056043A1 (en) Method and apparatus for securely transmitting and authenticating biometric data over a network
US20080098469A1 (en) Authentication entity device, verification device and authentication request device
WO2003007121A2 (fr) Procede et systeme permettant de determiner la confidence dans une transaction numerique
JP2008538146A (ja) バイオメトリック・テンプレートのプライバシー保護のためのアーキテクチャ
WO2002032308A1 (fr) Procede et systeme d'authentification biometrique
US20060021066A1 (en) Data encryption system and method
US20140258718A1 (en) Method and system for secure transmission of biometric data
JP2008167107A (ja) 公開鍵基盤を利用したチャレンジ・レスポンス認証方法
JP2015525409A (ja) 高安全性生体認証アクセス制御のためのシステム及び方法
JP2001249901A (ja) 認証装置およびその方法、並びに、記憶媒体
JP4226582B2 (ja) データ更新システム
Cavoukian et al. Keynote paper: Biometric encryption: Technology for strong authentication, security and privacy
Deswarte et al. A Proposal for a Privacy-preserving National Identity Card.

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): SG US

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)