WO2004055737A1

WO2004055737A1 - Apparatus and method forming a bridge between biometrics and conventional means of secure communication

Info

Publication number: WO2004055737A1
Application number: PCT/NO2003/000420
Authority: WO
Inventors: Svein Mathiassen; Ivar Mathiassen
Original assignee: Svein Mathiassen; Ivar Mathiassen
Priority date: 2002-12-18
Filing date: 2003-12-17
Publication date: 2004-07-01
Also published as: NO20026096D0; NO319572B1; AU2003291778A1; NO20026096L

Abstract

An integrated circuit - IC (1) having an architecture (1) is provided which yields increased security in the bridging of biometrics input into a device and secured communication with other devices. The IC (1) comprises encryption modules (8 or 8A, 8B and 8C ) connected to a high-speed bus (3) for providing encryption or scrambling of information. The processor unit (2) of the IC (1) is adapted to apply the encryption information to the fingerprint data for producing secured data as an output to the high-speed bus (3), interface blocks (9A, 9B 9C, or 9d) for supplying the secured data to external devices or units. Correspondingly, a method of providing increased security in the bridging of biometrics input into a device and secured communication with other devices comprising in a single integrated circuit (IC) (1) is disclosed. A method of creating an audit trail for delegating authority to enroll new delegates or users of a network is also disclosed wherein authentication is performed by biometrics to access such delegation software and where countersigning by biometrics enrolment of new delegate(s) or user(s) to issue privileges to new delegate(s) or user(s) and to validate such enrolment.

Description

APPARATUS AND METHOD FORMING A BRIDGE BETWEEN BIOMETRICS AND CONVENTIONAL MEANS OF SECURE COMMUNICATION

FIELD OF THE INNOVATION This invention relates to an apparatus and a method for bridging authentication of users by biometrics, to conventional means of secure communication in a network, without having to embody biometrics representation in servers of said network. Accordingly it enables the network operators to take advantage of user authentication at a terminal to the network, without selecting amongst several competing biometrics standards or proprietary solutions for implementation on their server (s). The invention creates a flexible method of tailoring secure communication methods and sequences in the network to the secure communication requirements of the prevailing network.

BACKGROUND OF THE INVENTION

Mankind has always required authentication of identity of any potential partner to engage in business with, or with whom transactions are planned performed. In the pre-computer age such authentication need was normally ascertained by personal judgement, or by personal vouches from a third party known to both parties. With the ever-growing use of computer networking and internationalization of trades and transactions, such personal judgement has become impractical, and in most instances impossible.

Computer-based applications, such as Internet banking or access to government or corporate Intranets therefore require other means of identity authentication, to be automatically handled (electronic authentication) by computers. Such authentication has traditionally been carried out by means of a secret which both parties know, e.g. a password, or something unique the person carries, that can be authenticated by the receiving party, such as e.g. a token generating a code that is non-predictable to anyone else than the receiving party.

Examples of a secret known to both parties are simple and fairly constant passwords, such as e.g. a user ID or a variable password. The shortcoming of this method is that such passwords are fairly easy to crack, and are in numerous occasions passed on, voluntarily or involuntarily, to third parties that may abuse a false identity. This has caused development of varieties being are more difficult to crack. Examples are algorithms creating variable (pseudo-random) passwords valid for a limited time, or changing for each transaction. The problem is that such methods are based on a common seed to the algorithms resident on the computers of the issuer and the receiver. If this seed is intercepted or intentionally or wrongly acquired by a third party, then the recipient can not trust the true identity of the issuer, except that he is holding the proper seed.

As a response to this challenge more elaborated systems have emerged, involving PKI solutions based on a combination of secret key and public keys used to encrypt and authenticate electronic communications. These methods may involve trusted third parties issuing electronic certificates confirming the keys. An example is described in US 5,995,630. However, even if such methods are harder to crack, they do not resolve the basic challenge; how to verify that the person using the key(s) or certificate (s) is truly the authorized identity. Another challenge of these methods and systems is that they normally involve proprietary solutions, or a trusted third party which coverage is not universal. Accordingly the network operator has to relate to a number of alternative providers with different solutions.

Another known solution has been to issue hardware devices, so-called tokens, to persons required to authenticate them selves, such devices generating passwords or secure communication sequences ensuring that the hardware device is authentic. An example is described in WO 02/060210. However, the same problem applies; how to ensure that the carrier of the hardware device or token truly represent the authentic user, and how to avoid proprietary methods and devices, and non-universal solutions.

An emerging response to the above challenges has been to involve biometrics, being some mathematical description of the person that can not be separated from his person, rather than something he knows or carries . Such biometrics may be in the form of fingerprint recognition, iris or retina recognition, voice recognition, facial recognition, and onwards. An example is described in US 5,991,408. Though biometrics will resolve the problem of a third party voluntarily or involuntarily obtaining a person' s password or hardware token, it still represents several challenges to users and system operators. The main problem is again that there is no universal system or dominating industry standard yet, not to speak of internationally enforced standards that will safeguard the system operator' s investment for the future, in implementing such biometrics solutions. Such implementation of biometrics in large systems, often being business-critical, is expensive and time consuming. If the system operator chooses a non-winning standard he may be forced to re-do the complete implementation of another biometrics standard. This may inflict negative public relation effects by his customers, and significantly increase the costs. Further, it will inflict loss of time to market due to implementation of the new system, while the competitors who have chosen the winning standard may benefit in the market to such extent which may change the market shares significantly, and even topple previous ranking of market leaders .

OBJECT OF THE INVENTION

Thus, in an attempt to overcome these and other limitations of known prior art methods and devices, it is an object of this invention to provide a method of providing biometrics authentication of users, without having to implement any biometrics representation or standards on system server (s). It is further an object of this invention to translate biometrics identification at peripherals of a network to the prevailing secure communication implementation of the prevailing network.

It is finally an object of this invention that biometrics input at the peripherals can be flexibly translated to the secure communication of the prevailing network, tailored to the system operator' s existing secure communication implementation, without having to change his existing methods and systems. In accordance with the invention matching biometrics templates at the peripherals may automatically trigger output adapted to the individual system operator's requirements, rather than the other way around.

SUMMARY OF THE INVENTION In accordance with the invention a method is provided to make authenticated biometrics input automatically trigger secure communication responses, being flexibly tailored to the prevailing network, by combination of known methods and techniques .

More specifically the invention comprises an integrated circuit capable of capturing and processing input from a biometrics sensor, perform image data cleaning and reduction, perform matching analyses, and thereafter generate a tailored secure communication response to the network, by combination of known methods and means. The same integrated circuit will also incorporate alternative output interfaces commonly used, to render flexibility also in hardware compatibility.

BRIEF DESCRIPTION OF THE DRAWINGS

Exemplary embodiments of the invention will be described in conjunction with the following drawings, in which:

Figure la shows a traditional situation with a fingerprint sensor being connected to a terminal being connected to a network serviced by a server. Figure lb shows implementation of a hardware device according to the invention, mounted between the fingerprint sensor and a terminal in the network. Figure 2a shows the architecture of the integrated chip IC, according to the invention, the IC shown in a reduced version with external nonvolatile memories.

Figure 2b shows the architecture of the integrated chip according to the invention, the IC shown in an extended version with internal non-volatile memories.

Figures 3a and 3b show one preferred embodiment of the invention in a portable device, interfaced by a USB port.

Figures 4a, 4b, 4c and 4d show another preferred embodiment of the invention in a portable device in the form of PCMCIA card connected to a UART interface block of the IC.

Figure 5 shows yet another preferred embodiment of the invention embedded in a terminal, alternatively in a PC mouse, a PC keyboard or a laptop chassis.

Figure 6 exemplifies how the integrated circuit can be triggered for wake-up (power-up) from sleep mode by the biometrics sensor being activated.

Figure 7a is from international patent publication no. WO 01/74007, showing the main blocks of a system for secure key generation. Figure 7b shows the relevant blocks of the IC of figure 2b, relevant to secure key generation triggered by matching biometrics in accordance with this invention.

Figure 7c ^'is from WO 01/74007, showing the flowchart of on solution for secure key generation. Figure 7d shows the flowchart of how such a secure key generation can be adapted to be triggered by biometrics in accordance with this invention, as one preferred embodiment.

Figure 8a is from European patent application EP 0 225 010, showing the communication flowchart of PIN identification by a customer at a dealer's terminal, communicating with a bank clearing entity, in which the PIN* may be authentic or may be not.

Figure 8b shows how a solution similar to that of figure 8a can be adapted according to this invention into a portable device ICP, based on identification by fingerprints (FP) .

Figure 8c is from patent no. EP 0 225 010 showing a communication procedure involving public and secret key sets, still rendering uncertainty about the PIN* authenticity as well as lacking verification of the terminal. Figure 8d shows how a solution similar to that of Figure 8c can be adapted to be a part of one preferred embodiment of the present invention, whereby the authenticity of the terminal is irrelevant, and the system thereby is able to communicate securely with e.g. personal computers in private homes without compromising the security requirements.

DETAILED DESCRIPTION OF THE INVENTION

The traditional approach to implementation of biometrics according to current methods is illustrated in Figure la. The user places his finger (A) , or swipes it over the fingerprint sensor (B) . Examples of fingerprint sensors of the swipe type are known from FR 2 749 955 and NO 304 766. In principle any fingerprint sensor type, or other biometrics sensor, may be applied by the invention, whether of so-called swipe type or matrix type.

The entire image from the sensor (B) is transmitted to the processor (C) of a terminal (31) e.g. a PC. Software module (s)

(D) are implemented at the said terminal (31) . The software captures the sensor output signals reconstructing a 2-dimensional fingerprint image, to extract the particulars of the fingerprint, and finally either performs a matching locally at the computer terminal (31) or to transmit the interpreted fingerprint essentials to a server (30) in a network (N) .

There are several weaknesses of this approach. The transmission of the complete image signals from the sensor (B) to the processor (C) comprises relatively large amounts of data that in some cases are severely limited by the communication capacity between the sensor (B) and the processor (C) , particularly if there are numerous "biometrics" users in the network (N) . Further the signal from the sensor (B) represents an external signal into the processor (C) and may therefore be intercepted, and accordingly faked or falsified. Further, when the processor (C) of the terminal (31) is connected to a network (N) the fingerprint image essentials extracted by processor (C) from the sensor (B) must be represented on the network server (30) by some industry standard, not universally accepted yet. Finally the processing by the processor (C) including embedded software module (D) must communicate with the sensor (B) according to a standard operating system and embedded communication solutions. This severely reduces the ability of the processor (C) to optimize the interaction with the sensor (B) adding processing and communication time, as well as risks of erroneous image processing.

The preferred configuration according to the invention is shown in figure lb. A biometrics processor (FI) according to the invention may be integrated with the sensor (B) , or alternatively as a portable device (F2) connected by cable to the terminal (31) , or as an embedded device (F3) integrated in the terminal (31) or its peripherals (e.g. PC mouse or keyboard). The sensor (B) and the biometrics processor (F) may work in a stand-alone mode (e.g. in a hotel safe not connected to a network) or be connected to another device (not shown) and optionally networked (N).

The biometrics processor (FI, F2 or F3; jointly referred to as F) includes an integrated circuit shown in two versions in figures 2a and 2b. The advantages of this configuration are multiple. As the biometrics processor (F) is directly connected to the sensor (B) , the biometrics processor (F) can be tailored to optimize the interaction between the sensor (B) and the biometrics processor (F) . Such tailoring of the biometrics processor (F) to the sensor (B) , combined with is direct connection to the sensor (B) , enables inclusion of methods and procedures that severely constrains interception of the signals between the sensor (B) and the biometrics processor (F) . Another benefit from the biometrics processor (F) is that the hardware circuits of the IC (1) are adapted to interact with the sensor (5) at a truly high-speed mode avoiding buffering delays and other dead-time, as opposed to general processors. The target of the invention is to be able to capture a fingerprint image, process it and perform a matching analysis in less than 1,0 seconds .

The presence of the biometrics processor (F) further significantly reduces the network traffic between the sensor (B) and the biometrics processor (F) , and the other networked processors (N and 30) . The major advantage is, however, that the biometrics processor (F) can transform the biometrics from the sensor (B) to general communication security measures in a network (N) , such as including Secure Key Generation as basis for encryption into the biometrics processor (F) . By this method biometrics sensors (B) may be connected to a network (N) with server (30) and terminals (31) in a secure manner according to the implemented secure communication, not requiring the supplier of the network system architecture to make any decision on which biometrics standard that will evolve in the future as the winning standard. By this method the biometrics processor (F) becomes a bridge between biometrics sensors (B) and current infrastructure of networks (N) .

The IC (1) of the biometrics processor (F) according to the invention will be further described by reference to figures 2a and 2b, showing two versions of the IC (1) . ^"The IC (1) contains a central processor unit (2), being e.g. an ARM 9 processor or similar, that communicates with the other components on the chip by at least one high-speed bus (3) and preferably a secondary bus (4) with lower transmission rate. The biometrics sensor (5) is preferably a fingerprint sensor, e.g. as described in FR 2 749 955. Said sensor (5) may either be mounted external to the IC (1), or integrated in the IC (1). The sensor (5) is connected to the high-speed bus (3) by an interface (5A) (preferably a serial port interface) , a "wake-up" circuit (5B) and an "Image Capture & Pre-Processing" block (5C) . The image capture and pre-processing block (5C) performs a raw-image processing, i.e. the initial and most demanding time-consuming processing of the captured fingerprint raw images from the sensor. The image capture and pre-processing block (5C) is coupled to the volatile memory (6A or 6C) for temporarily storing interim data. The fingerprint sensor (5) could be embedded in the IC (1) in order to effectively provide raw fingerprint images for the IC (1) . The IC (1) could be supplied with several image capture and pre-processing blocks (5C) , each adapted to a particular sensor type, in order to make the IC (1) adaptable to several generic types of fingerprint sensors, e.g. swipe and matrix sensors. A raise in the output signal from the sensor (5) may in one embodiment of the invention be used to trigger the «wake-up» circuit (5B) , as per figure 6. The output signal from the sensor (5) triggers the wake-up circuit (5B) of the IC (1) . Different types of fingerprint sensors (5) generate different output signals when a finger (B) with fingerprint ridges (Bl) touches the sensor elements (61) . The wake-up circuit (5B) may be adapted to different makes of fingerprint sensor (5) to be accommodated by the IC (1) . Figure 6 shows one way of controlling the wake-up circuitry (5B) of the IC (1): The fingerprint sensor (5) comprises sensor elements (61), a sensor controller (62) and an output interface (63) emitting signals via a cable (64) to the sensor interface (5A) of the IC (1) . Before the finger (B) touches the sensor element (61) the output signal from the output interface (63) may be a low-level signal (65). When the finger ridges (Bl) touches the sensor elements (61) the output signal increases to a new level (66) exceeding a pre-set threshold (67) of the wake-up circuitry (5B) , triggering the wake-up circuitry (5B) to initiate power-up of the IC (1) in a pre-set sequence, including at least power-up of the image capture & pre-processing block (5C) and its communication with the volatile memory (6A or 6C) via the high-speed bus (3) for immediate signal capturing and fingerprint signal pre-processing. The central processor (2) and other blocks on the chip may also be powered up. After this explanation of how to trigger the "wake-up" circuit by reference to figure 6, we now return to figures 2a and 2b.

The high-speed bus (3) of the integrated circuit (1) is connected to an external volatile memory (6A) or alternatively to an internal volatile memory (6C) through first interfaces (6B) and (6D) respectively. The volatile memory provides working memory that is available also to other modules on the integrated circuit. The volatile memory may for example be an SDRAM storage device .

The high-speed bus (3) of the integrated circuit (1) may, as shown in figure 2b, be connected to an embedded non-volatile memory (7A) through a second interface (7B) according to figure

2b. This internal non-volatile memory (7A) is made as a "SmartCard" block in EEPROM technology, embedded in the CMOS IC chip (1) . This internal SmartCard Block (7A) may have all the safety features of stand-alone SmartCard chips available on the market. The internal non-volatile memory (7A) may either be combined with, or substituted by an external non-volatile memory (7) with a dedicated interface block (7D) . The internal EEPROM "SmartCard Block" (7A) and its interface (7B) shall have all the safety features currently provided by SmartCard chips, to prevent access to secret information stored in the SmartCard Block. In one alternative the external non-volatile memory unit (7) is a so-called FLASH-module . The non-volatile memory enables the storage of program code, such as administrative software, tailored security output responses and fingerprint representations in the form of so-called fingerprint minutiae.

The image capture and pre-processing block (5C) comprises a heavy-duty processing module for reducing the large volume of raw fingerprint images captured from the sensor (5) into a dataset of reduced volume, denoted intermediate fingerprint data. These intermediate fingerprint data are submitted as output to the central processor block (2) via the high speed bus (3), for final processing in the central processor block (2) to a more compact form of representations of fingerprints, denoted fingerprint minutia.

In case of an external non-volatile memory (7) of the reduced version of the IC (1) as per figure 2a, there is provided a special scrambling block & encryption (8) comprising a secret algorithm embedded in hardware, that scrambles (and de-scrambles) all secret or sensitive information, such as e.g. master fingerprint minutia representing the fingerprints of authorized users, SKG key numbers and seeds for encryption, to be stored on the external non-volatile memory (7). The scrambling block (8) may contain seeds for encryption according to a scrambling algorithm. The scrambling block (8) will chop the information and sequence of the chopped data elements, and store these in variable registers of the external non-volatile memory (7) in a pseudo-random way or pattern that is not repeated. This makes the secure and sensitive information which is stored on the external non-volatile memory a lot harder to interpret, even though it in principle is accessible without intruding into the chip (1) itself.

The same scrambling block & encryption (8) of the reduced IC architecture shown in figure 2a will also perform DES and TDES encryption / decryption. The complete procedure will be described below, with reference to figure 7. For the extended IC architecture, shown in figure 2b, the SmartCard interface (7B) is connected to some important functional blocks, connected directly or indirectly to the highspeed bus (3) . There is a "Secure Key Generation" (SKG) block (8A) with embedded algorithms for generating a secure key, as input to the encryption blocks (8B and 8C) . The "Secure Key Generation" block (8A) has embedded algorithms, e.g. as known from WO 01/74007, for generating an unpredictable key, as exemplified in figure 7. The key generation is based on a "seed" which is secretly stored in the "SmartCard Block" (7A) and accessed through the SmartCard Interface (7B) . The output unique key from the SKG block (8A) is the input to encryption algorithms embedded in the DES (Data Encryption Standard) / TDES (Triple Data Encryption Standard) encryption block (8B) or the alternative block "Other Encryption" (8C) where any proprietary encryption algorithm may be embedded. CBC (Cipher Block Chaining mode of DES) and EBC (Electronic Code Block) are examples of other encryption standards that be used. The access to the SmartCard block (7A), in particular an external SmartCard block, is preferably made to depend on the recognition of representations of fingerprint minutiae of an authorized user. The secret seed is thus retrieved from the external nonvolatile memory (7) and de-scrambled by the scrambling and encryption block (8) thus generating a basis for the SKG- algorithm. The SKG-algorithm is a software program or part of such running on the central processor (2) . Either the SKG-module (8A) or the scrambling & encryption module (8) is coupled with the high-speed bus (3) and with the second memory interface block (7B) or alternatively with the interface block (7D). to the external non-volatile memory (7) .

The encryption module (8) may be adapted to be automatically triggered by the administrative software in order to generate a secure key only when completion of the fingerprint processing by the central processor (2) has confirmed a positive match of the captured fingerprint reduced to so-called minutia, with an authorized master fingerprint minutia stored in either the embedded secure SmartCard block (7a) or alternatively stored in scrambled, secure format on the external non-volatile memory (7) .

The processor unit (2) is preferably also adapted to communicate with other components on the IC via a secondary bus

(4) . A bus bridge block (11C) provides a connection between the secondary bus (4) and the high-speed bus (3).

For supplying the resulting secured data, encrypted and/or scrambled, to external devices or units, there are provided second interface blocks (9A, 9B, 9C and 9D) . These interface blocks comprise hardware and software for supporting a USB interface (9A), an Ethernet interface (9B), a GPIO interface (9C), a PCMCIA/UART interface (9D) and/or a SmartCard interface (7C) . Except from the USB and the Ethernet interfaces, the second interface blocks are serviced by the secondary bus (4) with lower bandwidth and capacity than the high-speed bus (3) .

The administrative software may be adapted to automatically initiate retrieval and de-scrambling of a pre-stored scrambled IP address from the external SmartCard chip (7E) , after the secure key generation and encryption is completed. The sensor signal and capturing module (5C) could be adapted to capturing sensor image signals at a predetermined programmed interval in order to emulate a so-called "normal" operation of the integrated circuit, whereby the identity of the system operator could also be continuously checked. In another mode the image capture and pre-processing block (5C) could be adapted to scan for the presence of a finger at a pre-set interval. Further processing is only activated upon the detection of the presence of a finger.

A special block is the "Operation Mode" block (10), which may control the IC (1) and the fingerprint sensor (5) to go to navigation mode, upon external request. This "operation mode" block is further capable of putting the fingerprint sensor (5) and all other IC functions to sleep when not used, to save power consumption. Then the "Operation Mode" block (10) may reduce the internal clock frequency of the IC (1) when in stand-by mode. The IC (1) may be equipped with other blocks to ensure practical functioning, such as "Address Decoder" block (11A),

"Boot ROM" block (11B), bus bridge block (11C) in case of multiple buses, Arbiter block (11D) and Watchdog Timer block (11C) .

The IC (1) is equipped with administrative software processed by the central processor (2), to enable functions to be executed in appropriate sequence, ensuring maximum response speed, and controlling communication internally on the integrated circuit, as well as communication with external devices or network.

The IC (1) could be in a particular preferred embodiment comprise software and/or hardware for capturing a number of fingerprint images and pre-processing these images (5C) in the pre-processing unit (5C) in order to obtain a series of compacted images, as previously disclosed in international patent application PCT/NO01/00384. Incremental differences of the compacted image information as provided by the pre-processing block (5C) could be estimated or calculated.

This calculation or estimation can be performed by software running in the central processor (2) thereby determining the direction of movement of the finger (A) and the associated speed of movement over the sensor (5) and whether the contact of the finger (A) on the surface of the sensor (5) is disrupted, and possibly for how long such disrupted contact lasts. In the central processor (2) the obtained information, e.g. finger speed and direction, contact or no-contact versus time, can be compared with a pre-stored table of finger commands, such as for example defined by sequences and directions of finger movements over the sensor, stored in one of the non-volatile memory blocks (7, 7A or 7E) . Using the central processor (2) , and depending on the results of said comparison, it is determined which finger command the analyzed finger movements represent.

Thereafter the code for this particular finger command is transmitted from the central processor (2) via the high-speed bus (3) to a selected communication interface block (9A, 9B, 9C or 9D) .

The advantages of this combination of integrated functions according to the invention are multiple:

A tight security is achieved, as there can be no interception between the biometrics and the secure key generation and encryption modules. The software embedded on the IC (1) shall check whether the sensor signal is genuine, or has been intercepted and tampered. Such security will be especially important e.g. for installation of biometrics in cars, etc.

The architecture of the IC (1) and the method of sequencing the various blocks of the IC (1) can be flexibly used to employ previously known methods of secure communication into a total system. One such previously known methods is the Secure Key Generation (SKG) , based on a seed, and this seed in turn being the basis for the encryption. This aspect will therefore be described separately with reference to figures 7. The two main ingredients to any SKG system is an algorithm (assumed to be known, by hackers) and a secret seed, only known by the user and the issuer. The algorithm of any acknowledged SKG system generates passwords that either may be valid for only a limited time, or varied for each transaction. An SKG algorithm will generate knew passwords that ^' appears to a third party (even with knowledge of the algorithm) to be random. When the same SKG algorithm is run on a device (e.g. the IC (1) and a server (30) with the identical seed, they will both produce the same key (or password) and thereby be capable of encrypting and decrypting messages between themselves. Any other party not having that particular seed will not understand this key (or password) . The same SKG algorithm can accordingly be used for a large user group, provided each user has a unique seed.

In practice the present invention may use any SKG of acceptable quality. Such SKG algorithms may be implemented in the IC (1) as a program code processed by the central processor (2) of the IC (1) . In order to comply with the target adaptability and flexibility of the invention, the SKG algorithm supported by the prevailing Intranet or other network (N) shall be embedded in a subset of the administrative software of the IC (1) for execution when needed on the central processor (2).

In addition the IC (1) also offers hardware embedment of a powerful SKG algorithm as described in WO 01/74007. This particular SKG hardware block (8A) is shown in figure 7b embedded in the extended version of the IC (1) as outlined in figure 2a, except that all hardware blocks not related to the SKG are omitted for clarity in figure 7b.

In order to explain how an encryption scheme will be included in the IC (1) according to this invention, the principles of the use of an SKG algorithm as described in international patent publication WO 01/74007 will be explained in general and in some detail with reference to figures 7a and 7c, thereafter the particular details of implementation of this scheme into IC (1) according to the present invention will be described with reference to figures 7b and 7d. Patent WO 01/74007 states that that invention relates to a method and a system for secure transmission or authentica'tion between at least two different units via an insecure communication channel.

Patent WO 01/74007 further states in its background that normally it is difficult to achieve secure encrypted transmission via insecure communication channels, such as public telephone lines, data networks, in radio-transmission operations, and so on. Conventional encrypting algorithms require keys (in the form of private or public keys) to be transmitted between the units. Suck key transmissions does, however, cause practical problems. The keys may be transmitted on separate secure channels, but this solution is inconvenient. Alternatively the keys may be transmitted via the insecure channel on which the encrypted message is then to be transmitted. However, this procedure involves a security risk. Also when encrypting systems having so- called open keys are used, such as the RSA system, the transmission of the key means that larger and more complex keys and encryption algorithms are required in order to ensure that the encrypted transmission is sufficiently secure, which naturally increases inconvenience and costs.

Patent WO 01/74007 further states that similar problems are encountered in order to provide secure verification of units, so- called authentication, via insecure communication channels. Such authentication is based on transmission between the units of data that are based on a unique key. For example, the key may be used to encrypt a check sum based on a transmitted or received message. Also in this case one is confronted with the same problems as those found in other encrypted transmission of the keys between the units. Consequently, one object of the invention of patent WO 01/74007 is to provide a method and a system of encrypted transmission and authentication via an insecure communication channel that completely or at least partly solve the above stated problems found in the prior-art technology. This object of patent WO 01/74007 is achieved by means of a method and a system as described below. The description of patent WO 01/74007 is made be reference to these two figures:

Fig 7a is a schematic view of the key-generating unit in accordance with one embodiment of that invention; and - Fig 7c is a flowchart for performing encrypted transmission or authentication in accordance with one embodiment of that patent .

In its description of preferred embodiments, patent WO 01/74007 states that the invention relates to a system for secure encrypted transmission / authentication between at least two units via an insecure communication channel. The communication channel could be any channel via which data may be transmitted, and more specifically, the channel could be stationary as well as wireless. Each such unit* comprises a key-generating unit (I) as shown in Fig 7a. This kind of key-generating unit comprises a memory (II) , wherein identical values U, so-called seeds, have been stored, preferably in a dynamic and inter-/ex-changeable manner. The storage of the original values shall preferably be effected in connection with the introductory initiation of the units, and it could advantageously be affected via a secure channel. Possibly, the original values U need not, however, be transmitted physically but instead the users of the units concerned may themselves input an agreed-upon value. In addition, the original values may be replaced, when needed, but alternatively the same original values are used for the duration of the entire life of the key-generating unit. In this case the original values need not be stored in dynamic memories, but instead permanent memories may be used.

In addition, patent WO 01/74007 states that the key- generating units comprise a counter to periodically change a counting value R, and a calculating unit adapted to generate, in each and every unit and independent of other units, a key based on the original value U, and a counting value R issued by the counter. Advantageously however, the counter and the calculating unit may be integrated in the same unit (III) , which advantageously may be a microprocessor, such as a commercially available CPU. The counter may advantageously be controlled by an oscillator or a clock, which could likewise be integrated in the CPU (III) . In addition, the counter is increased stepwise by integers, whereby it becomes easier to keep the units in phase with each other (the R-value is identical at both units) .

Provided that the same original values U (the seeds) are stored in the memory (I) and that the counters are synchronized to deliver the same counting value R, identical keys may be generated in several key-generating units, independent of each other. These keys may then be used for encrypting or authentication purposes between the units.

Furthermore, according to patent WO 01/74007, the key- generating units preferably are adapted to sense whether they are synchronized or not, and in case they are not, to implement this synchronization. Sensing may be performed by means of a particular synchronizing test that is performed prior to the generation of keys. Alternatively, a need for synchronization may, however, be identified when different keys are used, and only thereafter may synchronization re-setting be effected. Synchronization may be effected for example by exchange of counting values between the units.

According to patent WO 01/74007, the calculating unit comprises a calculating algorithm F, which uses the original value U and the counting value R as input parameters, i.e. F = f(R,U). This calculating algorithm is preferably implemented in hardware in the calculating unit, or alternatively it is stored in the non-dynamic and unchangeable memory. The calculating algorithm preferably generates a 128-bit key, but keys of other lengths are also conceivable. Every time an order is given to the key generator to produce a new key therefore a new pseudo-random 128-bit word is generated, which is calculated on the basis of the seed U and the counting value R.

According to figure 7a, the key-generating unit of patent WO 01/74007 further comprises an interface part (IV) serving to enable communication between the communicating unit (VII) and the key-generating unit (I) . Preferably, this communication comprises emission of instructions (V) to the key-generating unit (I) to generate a new key, and the emission of a thus generated key (VI) back to the communicating unit (VII) . Advantageously the key- generating unit is implemented in hardware and executed in the form of an integrated circuit, thereby making it more difficult to tamper with. This circuit may then be added to and used together with essentially any type of communication unit. For example, it is possible to use the key generating unit in accordance with the invention of patent WO 01/74007 together with rechargeable cards, so-called SmartCards, in portable or stationary computers, in mobile telephones, electronic calendars and similar electronic equipment that is communicative. However, it is likewise possible to implement the key-generating unit (I) in software for example in a conventional computer, and to use existing memories and the like. This alternative is particularly advantageous for implementation in stationary units, and in particular units that are used as central units (server applications).

The key-generating units (I) in accordance with patent WO 01/74007 may be used either for point-to-point communication or authentication, i.e. between two units, or between a central unit (a server) or several users (clients) . Such a central unit preferably comprises a plurality of different key-generating units (I) , being software-embedded, one for each client in communication with the central unit. Alternatively, a key- generating unit (I) could comprise a multiple of original values U, in which case the command (V) to the key-generating unit (I) to generate a key also comprises information regarding which original value U_n should be used. It is likewise possible for several units that communicate with the central unit to have identical key-generating units (I) , enabling them to communicate with the same key-generating unit (I) in the central unit (server) .

Patent WO 01/74007 states that in the case of a central unit, adapted to communicate with several other units, the central unit preferably comprises a means for software implementation of the key generating unit (I) whereas the clients have hardware implemented means. For example, the clients could be SmartCards or mobile telephones, computers and the like. Thus the system in accordance with patent WO 01/74007 may be used between a bank and its clients, between enterprises and their employees, between a company and its subsidiaries, and so on. In addition, the system may be used to control means to access home pages via Internet or the like, for example by connecting its SmartCard to a reader provided for that purpose, and in this manner it becomes possible also to control the access to electronic equipment that communicates wireless for example via Blue-tooth. According to patent WO 01/74007, also units that are not central units may comprise several original values U_n, in the same key-generating device or in separate units, in order to communicate via several separate channels. In this manner the unit may be used for communication with several different central units. For example, a SmartCard may be used for communication with several different banks or other establishments.

In the following an encrypted transmission or authentication with the aid of the system according to patent WO 01/74007 will be described with reference to figure 7c. - In a first step SI, the units intended for future intercommunication are initiated, in which process they are provided with identical original value U and preferably are also synchronized.

The system is now ready for use, and at a later time, which may occur after the lapse of an arbitrary period of time after the initiation, the units are interconnected via an insecure communication channel. (Step S2) .

At least one of the key-generating units (I) identifies itself to the other. (Step S3) . - In step S4 the other unit determines whether the identity given is known and whether it has corresponding key-generating circuit, i.e. a key-generating unit (I) as defined above and with a corresponding original value U. If this is the case, the process proceeds to step S5, otherwise the process is interrupted.

The key-generating units then agree to execute encrypted transmission or authentication, whereby each one separately calculates keys in the respective key-generating unit (Step S8) . - Before this happens, a synchronization test (S6) might have been made to investigate whether the counters R_N in the respective key-generating units (I) are synchronized. If this is the case, the process continues directly to step S8, otherwise a synchronization step S7 is first executed to reset the inter-unit synchronization. Step 7 could alternatively be omitted, and the process of identifying that the units are no longer synchronized could instead be performed by recognizing that identical keys have not been used. In this case, the process thereafter executes the synchronization Step S7 and then returns to Step S8 in order to again calculate keys in the respective units.

The calculated keys are then used to execute encrypted transmission or authentication. It should be understood, however, that encrypted transmission and authentication of course may be effected simultaneously and in the same process. Encryption and authentication may be effected with the aids of essentially any encrypting algorithm that uses keys, as known RFSM and RSA algorithms. This ends the quotation from patent WO 01/74007 covering a proprietary Secure Key Generating (SKG) method, and below will be explained how the SKG method from patent WO 01/74007 is adapted to optimum implementation by the present invention, embedded in hardware of block (8A), as an alternative to any other software- based key generating algorithm preferred in the prevailing network (N) .

This description refers to figure 7b showing the identical extended version of the IC (1) as of figure 2b, except that any block not directly related to SKG is not shown in figure 7b. Generally the SKG algorithm [key-generating unit (I)] will be hardware-embedded in block (8A) . The memory for storing the original value U (the seed) is the non-volatile memory of the embedded EEPROM SmartCard block (7A) where also the incrementally increasing counter R_N will be stored. The commands (V) to the key-generating unit (block 8A) will be generated by the central processor (2) via the high-speed bus (3) to the key-generating block (8A) . Note that according to the present invention, matching biometrics templates may automatically trigger the command (V) . Note that further in accordance with the present invention access to the SKG algorithm embedded in block (8A) may be denied, unless a prior positive match of biometrics templates. The key-generating block (8A) will then transmit the generated key via the high-speed bus (3) to the encryption block (8B or 8C) . The communicating unit (VII) of figure 7a corresponds in the present invention to a combination of the central processor (2) and any of the interface blocks (9A, 9B or 9D) according to the set-up of the prevailing network (N) .

The steps of utilizing the key-generating algorithm according to WO 01/74007 into the present invention will be explained with reference to figures 7b and 7d.

Step S10: Initiate Device. This will be done either at the factory, prior to shipping the unit, or when received by the Issuer, e.g. an Intranet operator, an Internet bank, etc. All network particulars will be loaded into the memory (7A) of the IC (1) . The seed (original value U) may be downloaded to the device at this stage, automatically generated by the server (30) and stored in the database of the server, linked e.g. to the device number (ID) . - Step Sll: Enroll User. This may be facilitated at the Issuer's premises. A trusted person, acting on behalf of the Issuer (e.g. the IT manager, or whom he has delegated authority to (as per figures 7e and 7f) will enroll the user by capturing his fingerprint, assigning a user ID, and linking the particular device to the user ID in the data base. Thereby the user is linked indirectly to the seed U downloaded to the device in Step S10. The access privileges of the user will further be specified as well as his Authorizer, to enable audit trail tracking as per figure 7d. The enrolment procedure will be completed by the Issuer's fingerprint countersignature . A validation of the Issuer's fingerprint will be made, to check that he has the authority to enroll users. If the validation check of the Issuer is positive, the enrolment will be completed by storing the user data (not including his master minutia fingerprint representation) on the server (30) and downloading the master minutia fingerprint representation onto the device. If the validation of the Issuer turns out negative, the enrolment procedure will be aborted. The user description in the database on the server will include definition of who enrolled the user, enabling an audit trail of the Issuer defining the chain of delegations. The resulting database then comprises a link between each personal entry, including privileges, and the "downstream" delegate (s) or user(s) enrolled by such person. Thereby an audit trail is provided using biometrics, from each user up through the hierarchy of Issuer (s), via any authorized delegates up to the ROOT of said hierarchy. Thereby the enrolment procedure is completed, and the user takes possession of the device. The further steps below describe an alternative communication process by using the device in accordance with the present invention.

Step S12. Activate a communication sequence. The user will select a command on his device [e.g. the USB dongle (12)] initiating a communication sequence with the server (30), e.g. by swiping his finger over the sensor (5) . This will activate the wake-up circuit (5B) powering up the IC (1) in a pre-set sequence. The fingerprint image will be captured by the preprocessing block (5C), reduced to a temporary compressed format and then transmitted via the high-speed bus (3) to the central processor (2) for final reduction to compact minutia fingerprint representation.

Step S13. The central processor will retrieve the master minutia table of the authorized user stored during the¹ enrolment (Step Sll) in non-volatile memory (7A) and compare the access minutia table (S12) with the master minutia table (Sll). If the matching is positive, the process continues. In case of a negative matching result, the process is aborted.

Step S14. Retrieve seed U and counter R_N from the embedded SmartCard block (7A) . Access to retrieve these data will be denied by SmartCard interface (7B) unless the fingerprint match of Step S12 has been positive. The seed U and the counter R_N are then transmitted as input to the SKG block (8A) .

Step S15. Generate new secure key. Based on the input data

(seed U and counter R_N) the SKG block (8A) will generate a pseudo-random unique and secure key that can be truncated from

128 bits, or be a combination of 128 bit ciphers, pending the setup of the Intranet communication procedure.

Step S16. Transmit new key (password) to the encryption block (8B or 8C) along with the communication message to be encrypted. This message will typically comprise the following information: M = [Unit ID, Counter R_N, f_U/R(User ID, )] where f_D,R(User ID, ) will be encrypted e.g. in DES or any

TDES standard prevailing in the Intranet. The encryption block may further, but not necessarily scramble the complete message [Unit ID, Counter R_N, f₀,_R(User ID, )].

Step S17. Transmission. The complete scrambled message [Unit

ID, Counter R_N, frj,_R(User ID, )] will be transmitted via the bus (3) to the pre-defined interface block (9A in case of USB dongle, 9B in case of Ethernet, or 9D in case of PCMCIA) . Step S18. Receipt by server (30) of the scrambled message. Step S19. The server will unscramble the message M = [Unit

ID, Counter R_N, f₀,_R(User ID, )].

Step S20. Validation. The server (30) will check that the unit ID is registered as an authorized device in its database. If negative validation a non-complete signal will be returned to the IC (1) . If the validation is positive, the server will check that the counter R_N is synchronous with its own counter R_N for that particular device. If the counter R_N on the- server is smaller than the counter received from the device, then the server will increase its own counter R_N to synchronize. If the counter R_N of the server is larger than the received counter R_N, the server (30) will return a command to the device, for the device to increase its counter to synchronized value, and repeat the encryption procedure now using the synchronized counter for new key generation. Step S21. When the synchronization is valid, the server (30) will generate the identical key (password) on its resident SKG using the seed U, stored on its database linked to the User ID, in turn linked to the Unit ID received to decrypt the received transmission f_{ϋ R}(User ID, ).

Step S22. Decryption. The message will be decrypted by the prevailing encryption algorithm of the Intranet, by key generated in Step 21, and counter R_N.

Step S23. If the decryption fails the server will alert the system operator.

Step S24. If the decryption is successful, the server will notify the device that transmission is well received, the device will then confirm, and both counters R_N will be incremented to R_N+ι-

The above example shows how a secure key can be generated without needing to input any PIN-code, and therefore not be required to remember any such PIN-code, and still efficiently generate a secure key. Moreover, the present invention enables the receiver to verify the authenticity of the user as the authorized person that the seed U was issued to.

Another example of the flexibility of the architecture of the IC (1) in accommodating previously known technology will be made by reference to patent EP 0 225 010. This patent describes an invention related to a terminal by means of which users may communicate in a secure fashion with a second party, e.g. a bank, in order to transact business, e.g. transfer funds. The user must be verified to a second party before business can be transacted; and it is advantageously if, in addition, the terminal is able to verify the second party that is genuine.

In order to achieve this verification, according to patent EP 0 225 010, the terminal encrypts information about the user's identity using a selected key, then encrypts the selected key using a public key, corresponding to a secret key held by the second party, before transmission. The selected key may be a conventional key or a second secret key corresponding to a second public key. Multiple encryptions of the selected key are also described.

In a preferred embodiment of patent EP 0 225 010 the terminal also sends a cryptographic checksum to the second party based either on the selected key or a secret key.

The invention also includes a system using such a terminal. The patent EP 0 225 010 particularly states that in order to minimize fraud, it is necessary that the bank should adequately verify the card and the customer. It is also necessary that the retailer's terminal can verify that the bank is genuine.

Figure 8a shows a payment system representing pre-state of the art according to patent EP 0 225 010. The terminal T is assumed to be located at a retailer' s premises for goods purchased there. The terminal T has a card reader for reading a card P presented by a customer C. The terminal T communicates with the bank that issued the card, or the entity performing checking on behalf of the bank -indicated as bank checking entity BCE, by a telecommunications link L. The terminal T has input means, such as a keyboard, for entering data relating to the transaction, such as the amount £ to be transferred, and for entering the customer C's personal identifier PIN. Patent EP 0 225 010 states that bank servers (BCE) may be regarded as "trusted" while a retailer' s terminal T and the insecure link L are not.

The customer's personal identifier -generally a number (often abbreviated PIN) is regarded as particularly confidential and in the arrangement shown in figure 8a is encrypted before transmission to the bank for checking. The message format used in figure 8a comprises a terminal identity (TID) (stored in the terminal) , bank identity (BID) , and account number (ACN) [both read from the card (P) ] , the amount to be transferred (£) (entered into the terminal) and the customer identifier entered into the terminal by the customer (this is designated PIN*, since it may or may not be the true identifier) . In the following encryption is indicated by a letter E with the encryption keys shown as subscripts and the data to be encrypted shown in brackets .

The PIN* is encrypted using an encryption algorithm in dependence of two keys; a terminal key KT and a customer key KP stored on the card (P) . He message is further verified by a message authentication code (MAC) which is a cryptographic checksum of the message and is generated using KP and KT i.e. MAC

(KP,KT). (The encrypted PIN could be reproduced verbatim by an eavesdropper and does not itself provide sufficient verification) .

The bank decrypts the personal identifier and authentication code, i.e. MAC (KP,KT) which serves to verify to the terminal that the bank is genuine since only the bank would "know" both KP and K .

An alternative, permitting the personal identifier comparison to be carried out at the terminal (hereby speeding up the procedure if the customer makes an error in entry) -but without disclosing the identifier to the terminal, involves the terminal sending to the bank the same message as before but with a random number TRN substituted for the personal qualifier viz TID/BID/ACN/£/E_Kp_KT{ (TRN/MAC (KP, KT) } . When the bank acknowledges it returns the random number encrypted using KP, KT and the true identifier PIN as keys, i.e. E_KP,_KT,_PIN (TRN) . The terminal has available KP, KT and TRN. The nature of the encryption is such that the terminal cannot decrypt the PIN; it can, however, encrypt the identifier PIN* offered by the customer and compare it with that sent by the bank, i.e. the comparison E _P,_KT,_PIN* (TRN) ⁼ EKP,KT,PIN (TRN) ? The system described with reference to figure 8a poses some challenges:

The bank (or BCE) can not verify that the bearer of the card (P) is the authentic owner, or the authorized user of the card (P) , only that the bearer of the card (P) knows the verified PIN, obtained either voluntarily or involuntarily from the authorized user of the card (P) .

The bank (or BCE) must verify that the terminal (T) is genuine (by TID) , as the bank can not guarantee that the bearer of the card is genuine. If the device (P) is considered to be trusted, then the bank strictly do not require to verify the terminal (T) if further the bank (or BCE) can verify that the bearer of the device (P) is the authorized user, e.g. by biometrics .

The above two critical issues may be resolved by the device and method according to the present invention: The card (P) is replaced by a USB Dongle (described in figures 3a and 3b) , or a PCMCIA card (as described in figures 4a, b, c and d) , both containing an IC (1) as described in figure 2b, or a SmartCard with embedded IC (1) with fingerprint sensor (5) . The present invention will then simplify and secure the communication contents and sequence, as per figure 8a, now described with reference to figure 8b. The device (P) (e.g. a SmartCard) with embedded IC (1) (as per figure 2b) , hereafter referred to as ICP, is connected to the terminal T. The retailer enters the amount to be transferred (£) at the terminal's keyboard, while the terminal identity (TID) and the dealer's account number (ACN_D) is automatically downloaded from the terminal (T) onto the device, in encrypted form by KT; Mi = Eκτ(TID,ACN_D) . The customer (C) checks the amount (£) to be transferred and then confirms the transaction by his fingerprint on the sensor (5) of the ICP. The IC (1) of the ICP stores the amount (£) and the encrypted terminal data E_KT(TID, ACN_D) in its volatile working memory ( 6C or 6A) . The ICP may then return the amount ^"(£) to be transferred back to the terminal (T) to be presented at the display of the terminal (T) for checking. If satisfied of the correct amount, the customer (C) may then accept by sweeping his finger over the sensor (5) embedded in the ICP along with the embedded IC (1) . The fingerprint image from the sensor (5) is captured by the pre-processor (5C) and further by the central processor (2) being reduced to compact fingerprint representation by fingerprint minutia. This minutia is then compared by matching with the resident master minutia of the authorized owner of the ICP, stored in non-volatile memory (7A) . When the authentic ownership of the customer (C) is thereby proved by the matching fingerprint minutia, the IC (1) triggers the retrieval of the secret seed U of the ICP (issued and personalized by the bank) from the non-volatile memory (7A) , feeds it to the SKG block (8A) generating a pseudo-random key Key = f(U,R_N) that is further passed on to the encryption block (8B or 8C) encrypting the already encrypted terminal data [E_KT(TID, ACN_D) ] along with the amount (£) , the user account number ACN_D, and adding the bank ID (BID) , terminal ID (TID) , Unit ID (of ICP) and the counter R_N. The complete message thereby comprises;

M₂ = BID/Unit ID/R_N/E₀,_R[£,ACNτj,Eκτ(TID,ACN_D) ]

This whole message may be scrambled, but this is not important. This message is then passed on by the central processor (2) via the high-speed bus (3) to the appropriate output interface block [e.g. UART (9D)] for output by PCMCIA to the terminal (T) , which is unable to decrypt the message as the encryption keys U and R_N are only known to the ICP. The terminal (T) then encrypts the message by its own encryption key KT, and ads the terminal ID (TID), so the message becomes:

M₃ = TID/BID/E_KT{Unit ID, R_N, E₀,_R[£,ACN₀, E_κτ (TID,ACN_D) ] } This message is now passed on to the bank server (BCE) via the insecure communication line (L) . The bank server (BCE) (addressed by the bank identification number BID) looks up the terminal ID (TID) in its data repository, finds the terminal encryption key (KT) , decrypts the message by KT, finds the Unit ID (of ICP) and the ICP counter number R_N. Then the bank server (BCE) looks up the Unit ID (of the ICP) and finds its seed U and then decrypts the outer shell of E₀,_R[£,ACN_D, E_κτ (TID, ACN_D) ] . It then retrieves the amount (£) and may check the ACN₀ before decrypting the inner shell E_κτ (TID,ACN_D) by the key KT of the terminal.

The bank server (BCE) then encrypts a response comprising the terminal ID (TID), the dealer's account number ACN_D and the amount (£) by the seed U and counter number R_N of the User.:

M_RI = R„, E₀,_R(TID,ACN_D,£) The bank server further encrypts this message together with the bank's transaction number (TRANS_N) , User's account number ACNrj and the amount (£) , using the terminal's key KT . The complete return message now becomes: M_R2 = E_κτ [TRANS_N,ACNu, £,R_N,E_D,_R (TID,ACN_D, £) ]

The bank server (BCE) sends this response message (handshake) to the terminal (T) via the insecure communication line (L) . The terminal receives the message M_R2 and decrypts the outer shell, encrypted by the terminal's key KT, and thereby receives the bank's transaction number TRANS_N, the customer's account number ACNrj and a verification of the amount to be transferred (£) . Thereby the dealer (or terminal T) knows the entire transaction is valid, and thereby that the User is authenticated including the ICP) as the customer's account number ACNu could not possibly be returned unless the User ID and his account number ACN_α was found through an authenticated Unit ID. This further verifies that the bank (BCE) (and the communication line L) are both secure, as the returned message M_R2 is encrypted with KT, only known to the bank.

The terminal (T) can not decrypt the inner shell _Rι = R_N, Eu,_R (TID,ACN_D,£) as this is encrypted by the seed U and the counter number R, only known to the bank and the ICP. The terminal sends M_Ri = R_N, E_D,_R(TID,ACN_D, £) to the ICP that decrypts the message by seed U and the counter number R_N, [both retrieved from the non-volatile memory (7A) ] . Thereby the User's device ICP has the terminal ID, the dealer's account number ACN_D and the amount (£) . The ICP then increments R_N to R_N+ι and the complete transaction is terminated.

This method of using the architecture of the IC (1) in accordance with the present invention is shown in figure 8b, yielding several advantages compared to those stated by patent EP 0 225 010:

The bank server (BCE) and the customer's device (ICP) both represent trusted environments, as the ICP is issued by the bank, and personalized by the bank, and can only be accessed by authenticated fingerprint.

The communication line (L) AND the terminal (T) may BOTH be insecure, as the communication involves several layers of encryption, and the terminal can not function (encrypt / decrypt and relay) unless it is in between two secure devices, namely the bank server (BCE) and the customer's device (ICP).

All parties know that the customer is authentic owner of the account ACN_D as the customer can only open access to the secret seed U, for encryption, by biometrics authentication of his fingerprints . - As the terminal (T) need not be trusted as secure, the

Customer may very well use the ICP from his home terminal

(private PC, or any other PC) , as long as the ICP is trusted as secure.

Eavesdropping [by a third party tapping the insecure communication line (L) or by false access to the terminal (T) ] is not a problem, as the encryption between the customer' s device ICP and the bank server (BCE) is based on a pseudorandom encryption key (SKG) in turn being based on a secret seed U, only known to the bank server (BCE) and the customer's device ICP. Furthermore, the encryption key (SKG) varies for all transmissions (by the counter R_N changing every time) .

The shortcoming of the method described with reference to figure 8b is that it is limited to parties known to each other in advance; namely the bank (BCE) and the customer (ICP) . Patent EP 0 225 010 considers the concept of public key cryptosystems . The public key system involves encryption of a message by a sender using a first (public) key E^P _PK, which can be decoded by the recipient using a second (different) key known only to him (the private key E^p _sκ) (E^p denotes encryption using a public key system) . The second key cannot be deduced from the first -at least not without a prohibitive amount of computation. Thus anyone possessing the public key can send a message knowing that it will be understood only by the intended recipient. In public key systems the recipient will normally transmit his public key in encrypted form to a sender at the beginning of a transaction to avoid the necessity for the sender to store large numbers of keys; however, a possibility of fraud arises if a pirate recipient X intercepts a message from a sender S while claiming to be the bona fide recipient R. X cannot send R' s public key as then S's reply would be unintelligible to him since X does not know R' s secret key. So X offers R' s identity but his own public key.

This danger can be avoided by the converse use of a public key encryption in which a message is encrypted using a private key and decrypted using a public key, so that the message is authenticated as to its source - (analogous to a signature) . This involves the recipient R appending a "certificate" to his message. The certificate is an cryptographic checksum of the recipient R' s identity and his public key (plus, optionally, any other derived data) , encrypted by using a certification private key known only to a "certification server" and not to S, R or X who, however, know the certification public key and how to calculate the cryptographic checksums, and so S (in this case) can decrypt the certificate and check that the alleged identity and key correspond.

Figure 8c illustrates a known electronic funds transfer system, as described by patent EP 0 225 010, using a public key cryptosystem. Although similar to figure 8a, it differs in that in place of the keys KP and KT it employs bank public and secret keys BPK and BSK. The personal identifier PIN* is encrypted at the terminal using the bank's public key BPK (the corresponding secret key BSK is known only to the bank) . BPK could be stored in the terminal, or obtained from a central directory D. Either way the bank' s public key is stored with the corresponding certificate so that it can be verified by the terminal before use .

The terminal is then able to send a secure message to the bank i.e. TID/BID/ACN/£/E^p _BPK* (PIN*), where the bank checking entity BCE can decrypt the message. The bank can then check the PIN*, transfer the funds requested and acknowledge the transfer. The acknowledgement can include a message authentication code using the bank secret key, i.e. ACK/MAC^P (BSK) , to prove to the terminal that it is genuine.

Patent EP 0 225 010 claims that the system described with reference to figure 8c suffers from the drawback that the terminal is not authenticated to the bank. This can be resolved by applying the present invention, as described below with reference to figure 8d.

When the bank initiates (personalizes) the ICP, it will download the bank ID (BID) , its public key (BPK) and a certificate (CERT_C) being a cryptographic checksum of the customer C s identity and his public key. At the same time the issuing bank will download the customer C's secret key. All this information will be stored in the non-volatile memory (7A) of the embedded SmartCard (7A) in the IC (1) . This information will only be available for the user by an authenticated fingerprint (FP) imaged on the ICP, matching the pre-stored master minutia table of the authorized user, stored at enrolment in the non-volatile memory (7A) of the embedded SmartCard in the IC (1) .

At a purchase the dealer will enter the transferable amount (£) onto the terminal (T) via its keyboard. The terminal (T) will encrypt its certificate (CERT_T) (either stored in the terminal, or obtained from a central directory D) by the bank public key (BPK) .

The terminal will transfer its ID (TID) , the transferable amount (£) plus its encrypted certificate (CERT_T) to the ICP. [Message M_ = TPK/£/E^p _BPK (CERT_T) ] .

At the customer C s ICP, the customer will sign by his fingerprint (FP) on the sensor (5) . The fingerprint image will be captured by the pre-processing block (5C) of the IC (1), and a matching analysis will be performed by the central processor (2) versus pre-stored master minutia table (retrieved from nonvolatile memory 7A) of the authorized user (C) . If the authentication match is positive, the IC (1) will open access to the non-volatile memory (7A) embedded in the IC (1) , and the bank identification (BID) , the bank pubic key (BPK) and the customer's certificate (CERT_C) will be retrieved from the nonvolatile memory (7A) , the latter information being pre-stored in 7A during personalization of the ICP.

The seed (U) will be sent from the non-volatile memory (7A) to the encryption block (8B or 8C) encrypting the PIN (either a constant alphanumeric sequence, or a pseudo-random number) as well as the already encrypted message Mi into a message

M₂ = TID/TPK/BID/ACN_C/£/E^PC _BS_K[PIN, E^PT _BSK (CERT_T) ] Note that superscript E^PC means encryption by customer (on ICP) while superscript E^pτ means encryption by the terminal (T) .

The message M₂ is relayed straight through the terminal T, along the insecure communication line (L) to the bank.

The bank (BCE) will check up on the customer's account number (ACN_C) from its data depository and will retrieve the decryption key of the customer (C) . A successful decryption will in itself be a proof to the bank (BCE) that the customer

(C) is authentic, as the customer could never retrieve the identity (PIN) from the non-volatile memory (7A) of the IC (1) without a matching fingerprint (FP) . When the bank (BCE) has decrypted the outer shell (E^PC _BSK) it will decrypt the inner shell (E^pτ _Bsκ) verifying the terminal T's identity. By now the bank (BCE) has verified the authenticity of both the customer (C) and the terminal (T) . - Thereby the bank (BCE) is authorized to transfer the amount (£) from the customer C's account (ACN_C) to the dealer's account (ACN ) .

The bank then returns an acknowledgement of the transfer to the terminal (T) and the customer C's device ICP, via the terminal (T) . Again, this acknowledgement message comprises a twin shell encryption comprising return message

M_Ri = ACK/MAC1^P[BSK, MAC2^P(BSK)] where the outer encryption shell (MAC1^P) is targeted for the terminal (T) , and the inner encryption shell (MAC2^P) is targeted for the customer C's ICP device.

The terminal receives the return message

M_Ri = ACK/MAC1^P[BSK, MAC2^P(BSK)] and decrypts the outer encryption shell (MAC1^P) , thereby receiving the bank acknowledgement of transfer of amount £. - The terminal then passes on the inner encryption shell message M_R2 = ACK/MAC2^P (BSK) to the customer C's device ICP.

The ICP then decrypts this inner encryption shell, issued by the bank (BCE) , and passed on via the terminal (T) . Thereby all parties have been verified relative to each other, and the ICP has received its acknowledgement from the bank (BCE) .

This application of the present invention has a number of advantages over the solution described in patent no. EP 0 225

010; - The bank (BCE) will be certain that the customer (C) is the authorized user of the account (ACN₀) and not just a person that legally, or by fraud, has obtained the customer C's identity (PIN) .

The dealer owning the terminal (T) will positively know that the ICP and its owner is genuine, and not attempting to abuse a found credit card by a phony ID (PIN*) . If the customer C's device ICP at all returns the message M₂ = TID/TPK/BID/ACN_C/£/E^PCBSK[PIN, E^pτ _BSκ (CERT_T) ] to the bank (BCE) via the terminal (T) the dealer will know that the ICP is genuine and that the customer (C) is the bona fide owner of the ICP and its account (ACNrj) , because the customer (C) could not access the secret parts of the non-volatile memory (7A) of the ICP unless his fingerprint matches. Accordingly the ICP can be securely used at a terminal (T) even if the terminal (T) is offline and connected neither to the directory (D) nor the bank (BCE) . This could be facilitated in a simplified mode with a reduced message set compared to the full communication outlined in figure 8d.

- By the method and communication procedures shown in figure 8d, all parties [including the customer (C) , the terminal (T) , and the bank (BCE) ] are verified relative to each other. Thereby there is no need to implement the more elaborate part of patent no. EP 0 225 010 as shown in its figure 3. - By the application of the present invention as shown in figure 8d, it is not necessary that the terminal (T) is verified, as the customer accepts the transfer of the amount

(£) , and therefore the authenticity of the terminal (T) is really a non-issue to the bank (BCE) . The customer (C) has authorized the deal by his message M₂ relayed in encrypted format trough the terminal (T) to the bank (BCE) . Thereby the terminal (T) is simply a relay station for the encrypted message M₂ and the verification of terminal (T) is superfluous . - Since the present invention makes the identity of the terminal (T) superfluous, the ICP according to the present invention may be used on any insecure terminal, including personal computers in private homes, ICPs embedded in mobile phones, and so on. Having thus outlined the secure communication principles of the present invention by the preceding examples referring to patents EP 0 225 010 and WO 01/74007, we will now consider the practical aspects of the present invention.

Embedding the IC (1) in accordance with the present invention in a peripheral device (e.g. a PC mouse or keyboard, etc.) in turn being connected to a network, will confine the biometrics representation to the peripheral device. Accordingly the system supplier do not need to decide on the issue of implementing biometrics in the network itself, and thereby do not need to make any decisions on which biometrics standards will be the future survivor. By this method the communication can be performed according to current standards.

Typical embodiments of the method according to the invention are described below.

The IC (1) termed F-SoC (Fingerprint System on Chip) can be embodied in a so-called "USB Dongle" as a portable device to be connected to any terminal (31) of a targeted network (N) , as indicated in figures 3a and 3b. The complete dongle (12) has a plastic housing (12A) accommodating a small printed circuit board

PCB (12B) connected to a mechanical USB contact (12C) . The PCB connects the following elements; the IC (1) , the fingerprint sensor (5) , an external flash memory (12D) and an external RAM memory (6). Alternatively the IC (1) and the fingerprint sensor

(5), the flash (12D) and the RAM (6) may all be integrated into the IC (1), as partly indicated in figure 2b. The USB Dongle (12) exterior is shown as top view in figure 3b, being typically 4,5 cm long and 1,5 cm wide.

This embodiment and the advantages of the invention will be described with reference to figure 3a. The portable USB Dongle (12) will be connected to a PC (31) by the USB connection (12C), alternatively with a USB extension cable (not shown) . The USB

Dongle (12) will allow the user to be conveniently connected to any non-trusted terminal (31) , such as a business center in a hotel or a private PC at home, and still be securely connected to a corporate Intranet (N) or an Internet bank server (30) according to the prevailing standard for secure communication of the prevailing network (N) . The fingerprint minutia of the authorized user is stored in a scrambled function on the nonvolatile memory (12D) , or alternatively in the internal SmartCard block (7A) . The user then swipes his finger over the sensor (5) . The fingerprint image is then captured and preprocessed by the preprocessing block (5C) . The administrative software stored in the non-volatile memory (12D or 7A) and executed by the on-board processor (2) will determine whether the current fingerprint matches the authorized user (or one of the authorized users) of this particular USB Dongle. If no match is established, the process is aborted and a message to the user displayed on the screen of the computer terminal (31) . If a match is established, two actions will be carried out in parallel by the IC (1) ;

JAVA applets are automatically downloaded from the flash (12D or 7A) of the Dongle (12) to ensure communication from the computer terminal (31) to the required web-site or Intranet server (30) including the appropriate IP address of the target network (N) , being a corporate or government Intranet or Internet bank's web-site, and so on. the IC (1) will generate the appropriate encryption key, by the SKG block (8A) and then encrypt the message that the user types into the computer terminal (31) by encryption block (8B or 8C) .

The SKG is performed on the basis of a general algorithm (refer patent no. WO 01/74007 and figures 7c and 7d) stored in the memory (12D) of the IC (1) and on the server (30) of the Internet or Intranet (N) or the Internet bank web-site. The actual encryption key is generated by this algorithm with the input of a seed U assigned to the authorized user of the Dongle (12), scrambled by block (8A) , if stored on external flash (12D) or securely stored in the internal SmartCard block (7A) . This seed U is pre-stored in the dongle (12) during personalization, by the issuing organization or bank. alternatively the IC (1) will respond to a communication process based on PKI as illustrated in figure 8d, whereby an electronic certificate is released for encrypted communication responses by a valid fingerprint (FP) of the authorized user.

Another preferred embodiment of the invention into a portable device is illustrated in figures 4a, 4b, 4c and 4d showing the fingerprint sensor (5) being integrated in a PCMCIA card (13) . The PCMCIA embodiment of figures 4 is very similar to the USB dongle embodiment of figures 3; A printed circuit board PCB (13A) accommodates the sensor (5), the IC (1), external SDRAM (6), external flash (7) and a mechanical / electronic PCMCIA interface (13B) . This PCMCIA interface is supported from the IC (1) by its UART interface block (9D) . The fingerprint sensor (5) may be mechanically protected by a sliding lid (13D) being pushed aside to reveal the sensor (5) when the finger (A) is moved over the sensor location. The same functionality as described for the USB dongle (12) can be obtained by embodiment of the invention on a PCMCIA-card. The communication procedures of the F-SoC IC (1) can be structured and automated to verify the electronic signature of PKI.

Figure 5 shows yet another preferred embodiment of the invention as an integral device embedded in either one of the peripherals of the computer terminal (31), such as a mouse (41) or the keyboard (42) or embedded into the chassis of a laptop PC

(40) . In this embedded version the printed circuit board (15A) will be mounted directly into the host device, without any outer housing. A suitable connector (15C) , for connection to the host device, is accommodated on the PCB (15A) for communication and power supply.

The invention is particularly suited for this, as the size of the F-SoC integrated circuit (1) is very compact. The IC die of the integrated circuit (1) version shown in figure 21 is only 4 mm².

BENEFITS FROM THE INVENTION

The benefit of the invention for the user is that he simply swipes his finger over the sensor (5) . If a positive match is established by the IC (1) (the F-SoC integrated chip) then secure communication is automatically set up by the IC (1) (the F-SoC integrated chip) inside the USB Dongle (12) or the PCMCIA card

(13) or an embedded device (15), without the user having to remember any password or IP address: "Swipe^Λn go".

One benefit of the invention for the operator of the network (N) is that secure communication is set up, according to the operator's current standards and communication infrastructure, irrespective of the terminal (31) being classified as trusted or not . Another benefit of the invention to the operator of the network (N) is that he can be sure that the user of the USB dongle (12) or the PCMCIA card (13) or an embedded device (15), is the authorized user. The major benefit of the invention to the operator of the network (N) is that he can take advantage of the above benefits without having to modify the infrastructure of his network to biometrics . The biometrics is bridged to the prevailing standards of secure communication infrastructure by the IC (1) inside the device carrying the IC (1) whether it is a portable device [e.g. a USB dongle (12), a PCMCIA card (13)] or an embedded F-SoC solution.

As the invention will allow the network operator to enjoy the above benefits of a biometrics bridge at the peripherals, will enable system providers of software systems to offer their current systems to users and network operators without having to choose between several emerging standards of biometrics representation. This will in turn protect the system supplier from risky strategy decisions, the network operators from new and risky investments (which biometrics standard will prevail?) and the users from facing different software systems that can hardly communicate .

Claims

C l a i m s

1. Integrated circuit (IC) architecture (1) for providing increased security in the bridging of biometrics input into a device and secured communication with other devices, comprising

- a processor unit (2) communicating with the other on-chip components via a high speed bus (3) ,

- a first memory interface block (6B or 6D) being connected to the high speed bus (3) for interfacing with volatile memory

(6A or 6C) thus providing working memory available to other modules on the integrated circuit

- a second memory interface block (7B or 7D) being connected to the high speed bus (3) for interfacing with non-volatile memory (7A or 7), for storing of program code, such as administrative software, tailored security output responses and fingerprint representations in the form of so-called fingerprint minutia,

- a first interface block (5A) for being coupled to a fingerprint sensor (5)

- said first interface block (5A) is connected to a fingerprint sensor signal capturing and pre-processing block (5C) ,

- said sensor signal capturing and pre-processing block (5C) comprises a heavy-duty processing module for reducing the large volume of raw fingerprint images captured from the sensor (5) into a dataset of reduced volume, denoted intermediate fingerprint data, being submitted as output to the central processor block (2) via the high speed bus (3), for final processing in the central processor block (2) to a more compact form of representations of fingerprints, denoted fingerprint minutia,

- encryption modules (8 or 8A, 8B and 8C ) connected to the high-speed bus (3) for providing at least one of encryption or scrambling of information, - the processor unit (2) is adapted to apply the encryption information to the fingerprint data for producing secured data as an output to the high-speed bus (3)

- a second set of interface blocks (9A, 9B 9C, or 9d) for supplying the secured data to external devices or units.

2. IC architecture according to claim 1 wherein the first volatile memory interface block (6B) is coupled with an external volatile memory unit (6A), e.g. an SDRAM-unit.

3. IC architecture according to claim 1 wherein the second non-volatile memory interface block (7D) is coupled with an external non-volatile memory unit (7), e.g. an external FLASH-module .

4. IC architecture according to claim 1 comprising internal volatile memory (6C) being connected to the first volatile memory interface block (6D).

5. IC architecture according to claim 1 comprising internal non-volatile memory (7A) , e.g. an internal EEPROM- block embedded in the CMOS chip, being connected to the second memory interface block (7B) .

6. IC architecture according to claim 1, comprising interface block (7C) to an external non-volatile memory (7E) , such as an external SmartCard chip.

7. IC architecture according to claim 1, wherein the processor unit (2) is a powerful general purpose processor, e.g. the ARM 946 processor, or other processor with similar processing capacity.

8. IC architecture according to claim 1, wherein the non-volatile embedded memory block (7A) comprises a master fingerprint storage allocation coupled with the nonvolatile memory interface (7B)for storing master fingerprint minutia representing the fingerprints of authorized users.

9. IC architecture according to claim 1, wherein the external non-volatile memory (7) comprises a fingerprint master minutia storage allocation coupled with a scrambling & encryption block (8) via the non-volatile memory interface (7D) , for storing master fingerprint minutia representing the fingerprints of authorized users and other secret information in a scrambled format.

10. IC architecture according to claim 1, comprising a scrambling & encryption block (8) for scrambling secret and sensitive information, such as for example master fingerprint minutia, SKG numbers and seeds for encryption according to a scrambling algorithm embedded in the hardware of the scrambling & encryption block (8) together with DES and TDES algorithms, to secure that such secret and sensitive information stored on the external non-volatile memory (8) is scrambled in non-repetitive pseudo-random ways on the accessible external non-volatile memory (8).

11. IC architecture according to claim 1, comprising an embedded fingerprint sensor (5) for providing the fingerprint raw fingerprint image.

12. IC architecture according to claim 1, wherein the fingerprint sensor signal capturing and preprocessing block (5C) performs a raw-image processing, comprising the initial and most demanding time- consuming processing of the captured fingerprint raw image from the sensor, said pre-processing block being coupled with the volatile memory (6A or 6C) for temporarily storing interim data, and with a wake-up module for waking up the rest of the chip (1) including the central processor (2), thus enabling the passing on of the reduced fingerprint representations to the central processor (2) via the highspeed bus (3) , for final reduction to compact fingerprint minutia on the central processor (2) .

13. IC architecture according to claim 1, wherein the encryption module (8B) is coupled with a Secure Key Generation (SKG) module (8A) for providing a Secure Key based on a seed for the SKG algorithm of module (8A) retrieved from the embedded SmartCard block (7A) to be opened by an authorized fingerprint minutia representation.

14. IC architecture according to claim 13, wherein the SKG-algorithm is a software program or part of such running on the central processor (2), and wherein a secret seed retrieved from the external non-volatile memory (7) and de-scrambled by the scrambling & encryption block (8) provides the basis for the SKG-algorithm.

15. IC architecture according to claim 1, wherein the at least one of the SKG-module (8A) or the scrambling & encryption module (8) is coupled with the high speed bus (3) and with the second memory interface block (7B) or alternatively the interface block (7D) to the external nonvolatile memory (7) .

16. IC architecture according to claim 1, wherein the said second interface block comprises an Ethernet interface (9B) for providing communication with an external network, or device.

17. IC architecture according to claim 1, wherein the said second interface block comprises a USB interface (9A) for providing communication with an external device.

18. IC architecture according to claim 1, wherein the encryption module (8B) comprises algorithms embedded in hardware for performing standard encryption functions, e.g. DES (Data Encryption Standard), TDES (Triple Data Encryption Standard) , CBC (Cipher Block Chaining mode of DES) or ECB (Electronic Code Block)

19. IC architecture according to claim 1, comprising an auxiliary encryption module (8C) where any proprietary encryption / decryption algorithms may be embedded in hardware

20. IC architecture according to claim 1, wherein the processor unit (2) is adapted to communicate with other components on the IC via a secondary bus (4)

21. IC architecture according to claim 20, wherein the secondary bus (4) is connected to the high-speed bus (3) via a bus bridge block (11C) .

22. IC architecture according to claim 21, wherein the second interface block comprises a UART serial communications block (9D) connected to the secondary bus (4)

23. IC architecture according to claim 21, wherein the second interface block comprises a general purpose input/output (GPIO) block (9C) connected to the secondary bus (4) .

24. IC architecture according to claim 1, comprising a wake-up block (5B) having signal level determination means and signal comparison means for determining a level of the signal from the fingerprint sensor (5) and for comparing this signal level with a preset value, whereby a signal level being different from the preset value is taken as an indication of the possible presence of a finger on the sensor and initiating a wake up the Image Capturing & Pre-Processing block (5C) and its communication with the volatile memory ( 6A or 6C) via the high-speed bus (3) for immediate signal capturing and fingerprint signal preprocessing, while wakening up the central processor (2) and the other blocks on the chip (1) .

25. An integrated circuit (IC) for enhancing the security in devices or systems which obtain user fingerprint information for user authorization, user access control or the like comprising

- an arrangement in a single integrated circuit of the following components and functions: - a processor unit (2) communicating with the other on-chip components via a high speed bus (3) ,

- a first memory interface block (6B or 6D) being connected to the high speed bus (3) for interfacing with volatile memory (6A or 6C) , - a second memory interface block (7D or 7B) being connected to the high speed bus (3) for interfacing with non-volatile memories; either external flash (7) or alternatively embedded internal SmartCard block (7E) ,

- a first interface block (5A) for being coupled to a fingerprint sensor (5)

- said first interface block (5A) is connected to a fingerprint sensor signal capturing and pre-processing block (5C) , via a wake-up block (5B)

- said sensor signal capturing and pre-processing block (5C) is adapted to convert the fingerprint sensor signal into compact and representative fingerprint data for output to other modules via the high speed bus (3)

- an encryption module (8B) connected to the high speed bus (3) for providing encryption information, or alternatively a Seed Guardian scrambling & encryption block (8)

- the processor unit (2) is adapted to apply the encryption information to the fingerprint data for producing secured data as an output to the high speed bus (3)

- a second interface block (9A, 9B, 9C or 9D) for supplying the secured data to external devices or units.

26. IC according to claim 25, wherein the fingerprint sensor (5) is an integral part of the integrated circuit (1) .

27. IC according to claim 25, wherein the fingerprint input capturing and pre-processing module (5C) is adapted to receive fingerprint data from an external fingerprint sensor module (5) .

28. IC according to claim 25, comprising also administrative software for controlling traffic on bus(es), coordinating the operation of various modules and blocks on the IC, and for sequencing the operations performed on the IC, tuned to minimize the waiting time of the interaction between the blocks on the IC (1) .

29. IC according to claim 28 wherein the administrative software is adapted to automatically initiate retrieval and de-scrambling of a pre- stored scrambled IP address from the external SmartCard chip (7E) , after the secure key generation and encryption is completed.

30. IC according to claim 25, wherein in one or more sensor image pre-processing blocks (5A) are adapted to receive image signals from swipe sensors or matrix sensors, or both generic types of fingerprint sensors.

31. IC according to claim 25, wherein the encryption module (8) comprises a secure key generation unit (8A) which is adapted to be automatically triggered by the administrative software to generate a secure key whenever completion of the fingerprint processing by the central processor (2) has confirmed a positive match of the captured fingerprint reduced to so-called minutia, with an authorized master fingerprint minutia stored in either the embedded secure SmartCard block (7a) or alternatively stored in scrambled, secure format on the external non-volatile memory (7) .

32. IC according to claim 25, wherein the encryption module (8B) comprises a digital encryption standard (DES/TDES) unit being automatically triggered by the administrative software at the completion of generation of a secure key by one of the secure key generator module (8A) or the SKG algorithm executed by the central processor (2) from a scrambled seed retrieved from the external non-volatile memory (7) and de-scrambled by the Seed Guardian scrambling & encryption block (8) .

33. IC according to claim 25, wherein the seed guardian scrambling & encryption module (8) comprises a scrambling block.

34. IC according to claim 33 comprising a secure interface (7B) for exchanging scrambled information with an external secure storage (7E) for secret information, e.g. a SmartCard module.

35. IC according to claim 25, comprising an auxiliary encryption module (8C) for executing other proprietary encryption algorithms, embedded in hardware, and being connected to an internal SmartCard EEPROM block (7A) for the storing and retrieval of such other encryption algorithms via an internal interface (7B) .

36. IC according to claim 25, comprising - a fingerprint storage module where the device may store a series of consecutive fingerprint representations generated by the fingerprint sensor signal capturing and pre-processing block (5C),

- movement detection means for analyzing the obtained series of fingerprint representations to obtain a measure of the omni-directional finger movements across the sensor in two dimensions,

- analyzing means and translation means for analyzing and categorizing the omni-directional finger movements across the fingerprint sensor according to predefined sets of finger movement sequences including directional and touch/no-touch finger movement sequences

- a command table for translating the categorized finger movements into control signals whereby the translating means generates code to be included in the secured data to be supplied to external devices or units.

37 Method of providing increased security in the bridging of biometrics input into a device and secured communication with other devices comprising in a single integrated circuit (IC)

(1) executing the following steps: - capturing (5C) an image in a fingerprint sensor (5) via a first interface block (5A) ,

- pre-processing (5C) the captured fingerprint signal in the sensor signal capturing and pre-processing block (5C) using hardware-embedded algorithms for processing of the most laborious initial processing of the raw image data ,

- transferring the pre-processed data to the processor unit

(2) for extracting compact minutia features of the fingerprint via a high-speed bus (3)

- retrieval by the processor unit (2) of compact fingerprint minutia information from a non-volatile storage module (7, 7A or 7E) holding pre-stored master fingerprint representations of authorized persons,

- comparing in the processor unit (2) the extracted features representing the captured fingerprint with features of the pre-stored master fingerprint representations

- producing in dependence of a positive result from the said comparison, a secure output to an external unit or system through a multiple of communication interfaces (9A, 9B, 9C, 9D and 7C) .

38. Method according to claim 37, comprising the steps of

- retrieving a secret seed for the SKG algorithm either de- scrambled from an external non-volatile memory (7), or from an embedded internal SmartCard block (7A) or from an external SmartCard chip (7E)

- generating a secure key (8A) based on the said seed,

- encrypting the output based on the said seed either according to standard encryption formats, such as for example DES (Data Encryption Standard) , ECB (Electronic Code Block) , CBC (Cipher Block Chaining Mode of DES) or TDES (Triple Data Encryption Standard) , or alternatively to any other proprietary encryption format embedded in hardware in block

(8C)

- providing the output (9A, 9B, 9C or 9D) to the external unit or system in secure form as an encrypted message encrypted with a secure key as a basis (2 or 8A) , in turn generated from an SKG seed, as a safety precaution

- tailoring the output security responses to the prevailing secure communication protocols of the relevant network by means of the administrative software executed on the central processor (2) and by utilizing the SKG and encryption blocks (8, 8A, 8B or 8C) .

39. Method according to claim 37, comprising the steps of - encrypting data (8, 8A or 8C) representing a combination of a secure key or password (8A or 2) derived from a secret seed, and the compact minutia representation of the captured fingerprint,

- including said encrypted combination of secure key, or password, and compact minutia representation of the captured fingerprint in the output to the external unit or system, in a format that is tailored to the secure communication protocols of the said external unit or system.

40. Method according to claim 37, comprising

- storing a seed for the secure key generating algorithm in a secure way, either on an internal embedded SmartCard block (7A) embedded in the chip (1) , or on an external SmartCard chip (7E) accessed via a SmartCard interface (7C) or scrambled by a proprietary algorithm embedded in a hardware block (8) and stored in scrambled format on an external non-volatile memory (7) retrieving the seed to be used for the generation of the secure key from the secure storage (7, 7A or 7C)

41. Method according to claim 40, comprising

- allowing access to secure storage (7, 7A or 7C) and to the encryption blocks (8, 8A or 8C) in dependence on a positive match of the captured fingerprint representation with any of the pre-stored master minutia of authorized users.

42. Method according to claim 40, comprising

- automatic triggering (2) of the release of an encrypted password, for example encrypted together with the compact fingerprint representation depending on the result of the fingerprint matching process.

43. Method according to claim 37, comprising the step of

- scrambling (8) all or part of the output to an external unit or system as a safety precaution for the alternative with an external non-volatile memory (7 or 7E) .

44. Method according to claim 37, comprising the step of

- adapting the signal to the communication standards of the external system or unit, e.g. by generating a signal suitable for an interface known per se, such as e.g. an Ethernet-based interface, a USB-interface, a UART-interface (9D) or an interface with an external SmartCard interface (7E) .

45. Method according to claim 37, comprising

- capturing sensor image signals at a predetermined programmed interval in order to emulate a so-called "normal" operation of the integrated circuit, by checking the identity of the system operator.

46. Method according to claim 45, comprising

- scanning for the presence of a finger with a predetermined programmed interval,

- activation of further processing upon the detection of the presence of a finger.

47. Method according to claim 37, wherein

- the capturing and processing of fingerprint data includes signing, encryption and authentication functionality as part of a PKI system and

- providing a secure output to an external unit or system that includes transmitting a resulting key to a PKI server.

48. Method to create an audit trail for delegating authority to enroll new delegates or users of a network comprising

- authentication by biometrics to access such delegation software, and

- countersigning by biometrics enrolment of new delegate (s) or user(s) to issue privileges to new delegate (s) or user(s) and to validate such enrolment.

49. Method for creating an audit trail related to enrolment of new delegates or users for a system or network and delegating authority to these delegates or users wherein

- access to such enrolment and delegation software includes authentication by biometrics^ and

- countersigning of the enrolment of new delegate (s) or user(s), issuance of privileges or delegating authority to new delegates (s) or user(s) or validation of such enrolment or issuance includes authentication by biometrics.

50. Method according to claim 49 whereby a resulting database comprises a link between each personal entry, including privileges, and the "downstream" delegate (s) or user(s) enrolled by such person, in order to provide an audit trail by biometrics, from each user up through the hierarchy of Issuer (s), via any authorized delegates up to the ROOT of said hierarchy.