WO2005064547A1 - User authentication method based on the utilization of biometric identification techniques and related architecture - Google Patents

User authentication method based on the utilization of biometric identification techniques and related architecture Download PDF

Info

Publication number
WO2005064547A1
WO2005064547A1 PCT/EP2004/014099 EP2004014099W WO2005064547A1 WO 2005064547 A1 WO2005064547 A1 WO 2005064547A1 EP 2004014099 W EP2004014099 W EP 2004014099W WO 2005064547 A1 WO2005064547 A1 WO 2005064547A1
Authority
WO
WIPO (PCT)
Prior art keywords
reference biometric
biometric template
template
user
authenticated
Prior art date
Application number
PCT/EP2004/014099
Other languages
French (fr)
Inventor
Madalina Baltatu
Rosalia D'alessandro
Roberta D'amico
Original Assignee
Telecom Italia S.P.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telecom Italia S.P.A. filed Critical Telecom Italia S.P.A.
Priority to EP04803743A priority Critical patent/EP1697907A1/en
Priority to JP2006545982A priority patent/JP4869944B2/en
Priority to US10/584,506 priority patent/US8135180B2/en
Priority to KR1020067014907A priority patent/KR101226651B1/en
Priority to BRPI0418089-5A priority patent/BRPI0418089A/en
Publication of WO2005064547A1 publication Critical patent/WO2005064547A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/94Hardware or software architectures specially adapted for image or video understanding
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • the present invention refers in general to the field of secure authentication system. More particularly, the present invention refers to a user authentication method based on the utilization of biometric ' identification techniques and related architecture.
  • Authentication is the process by which an entity, such as a financial institution, a bank, etc., identifies and verifies its customers or users to itself and identifies and verifies itself to its customers -or users. Authentication includes the use of physical
  • Biometric tasks include, for example, an identification task and a verification task.
  • the verification task determines whether or not the person claiming an identity is really the person whose identity has been claimed.
  • the identification task determines whether the biometric signal, such as a fingerprint, matches that of someone already enrolled in the system.
  • biometrics have been considered for use with smart cards, such as fingerprints, hand prints, voice prints, retinal images, handwriting samples and the like.
  • biometric-based smart card An example of a biometric-based smart card is shown in US-A-5, 280 , 527 describing a credit card sized token (referred to as biometric security apparatus) containing a microchip, in which a sample of the authorised user's voice is stored.
  • biometric security apparatus a credit card sized token
  • the user In order to gain access to an account, the user must insert the token into a designated slot of an ATM, and then speak with the ATM. If a match is found between the user's voice and the sample enrolment of the voice stored into the microchip, access to the account is granted.
  • a security system comprising: a central unit with a biometric sensor to detect biometric data representing characteristic biometric features of a person; at least one portable data carrier; a memory means for storing biometric reference data representing the biometric reference features of the person in the system; a control system capable of generating an authorisation signal to control a functional unit depending on a comparison between the biometric data detected by the sensor and the reference data.
  • the reference data that are compared with the biometric data detected by the sensor to ascertain the authenticity of the user, are not wholly stored into the data carrier, in the conventional manner, but are splitted, partly in the data carrier and partly in the reading device. Only the combination of data carrier and reading device will produce the complete information needed for authentication.
  • the invention is particularly advantageous if the biometric sensor is a fingerprint sensor.
  • a fingerprint sensor determines the locally resolved position of minutiae of the fingerprint.
  • the minutiae are singular points df the papillary lines of a fingerprint. These might be end points, branches or similar points of the papillary lines of the fingerprint.
  • the local position is determined depending on the distance from a reference point or radius to the angle related to a reference direction.
  • the fingerprint of the data carrier owner is reproduced and appropriate reference values are determined for radius and angle. These values are then stored into the system.
  • the radius reference data are stored only on the data carrier and the angle reference data are stored only on the reading device.
  • the angle reference data are stored in the data carrier and the distance reference data are stored on the reading device.
  • a user authentication method based on the use of biometric identification techniques comprising the steps of: generating a reference biometric template from a first biometric image of a user to be authenticated and, afterwards, splitting the reference biometric template into a first and a second reference biometric template portion, said first and second reference biometric template portion being separable.
  • the first and the second biometric reference template portion are then signed, enciphered and stored in different memories.
  • a user authentication method based on the use of biometric identification techniques comprises an enrolment step and a verification step, said enrolment step including the steps of: - generating a reference biometric template from a first biometric image of a user to be authenticated; - splitting said reference biometric template into a first and a second reference biometric template portion; - enciphering said first and second reference biometric template portion; and storing each one of said reference biometric template portions into a different memory.
  • Another aspect of the present invention refers to an architecture based on the use of biometric identification techniques comprising: at least one data enrolment system for generating a reference biometric template from a first biometric image of a user to be authenticated, said data enrolment system comprising a Host Computer for splitting said reference biometric template into a first and a second reference biometric template portion that are physically separable and for enciphering said first and second reference biometric template portion; - at least one portable data carrier associated with said user to be authenticated, said data carrier comprising a memory for storing said first signed and enciphered reference biometric template portion; and at least one data verification system comprising a memory for storing said second signed and enciphered reference biometric template portion.
  • Another aspect of the present invention refers to a portable data carrier associated with a user that has to be authenticated through a user authentication architecture, said data carrier including a microprocessor comprising a memory for storing a first reference biometric template portion associated with said user to be authenticated, said first reference biometric template portion being signed and enciphered, said portable data carrier being adapted to received as input, from said user authentication architecture, a second reference biometric template portion and a live template associated with said user to be authenticated, said second reference biometric template portion and said live template being signed and enciphered, said microprocessor further comprising: - a processing logic for deciphering said first and second reference biometric template portion and for recomposing therefrom said reference biometric template associated with said user to be authenticated; - a comparing logic for comparing said reference biometric template recomposed with said live template and sending a result of said comparison to said user authentication architecture.
  • Another aspect of the present invention refers to a data verification system comprising an electronic device and a portable data carrier associated with a user that has to be authenticated, said data carrier being adapted to store a first reference biometric template portion associated with a user to be authenticated, said first reference biometric template portion being signed and enciphered; said electronic device comprising: - a memory adapted to store a second reference biometric template portion associated with a user to be authenticated, complementary with said first portion, said second reference biometric template portion being signed and enciphered; - an image acquiring and processing device for generating a live template ; said electronic device being adapted to encipher and sign said live template , transmit said second reference biometric template portion and said live template to said portable data carrier and authenticate said user depending on the result of a comparison performed by said data carrier between said live template and a reference biometric template of said user to be authenticated, said reference biometric template being recomposed by using said first and second reference biometric template portion.
  • a further aspect of the present invention deals with a computer program product that can be loaded in the memory of at least one electronic processor and comprising portions of software code to perform the process according to the invention when the product is executed on a processor: in this context such diction must be deemed equivalent to the mention of a means readable by a computer comprising instructions to control a network of computers in order to perform a process according to the invention.
  • the reference to "at least one electronic processor” is obviously aimed to point out the possibility of carrying out the solution according to the invention in a de-centralised context . Further preferred aspects of the present invention are disclosed in the dependent claims and in the present description.
  • FIG. 1 is a schematic representation of a user authentication architecture according to the invention
  • figure 2 shows a flow diagram related to implementing a first step of a user authentication method according to the invention
  • figure 3 shows a flow diagram related to implementing a second step of the user authentication method according to the invention.
  • the user authentication method according to the invention is applied to a user authentication architecture 1 comprising a data enrolment system 2, a data verification system 3 and a portable data carrier 4, this latter one belonging to a user that has to be authenticated.
  • the data carrier 4 can be a substrate whose sizes are substantially rectangular, such as for example an access card, a credit card, a debit card, an identification card, a smart card, a SIM card or a secure digital card.
  • the data carrier 4 is equipped with a microprocessor 5 including a processing logic 5a, a comparing logic 5b and a memory 6.
  • the data enrolment system 2 comprises a Host Computer 7, for example a personal computer, a business computer, etc., having enough memory 7a to store biometric data of a user that has to be authenticated.
  • the data enrolment system 2 can also include an image acquiring and processing device 8, connected to the Host Computer 7, and a data reading/writing device 60 , also connected to the Host Computer 7 realising the interface with the data carrier 4.
  • the data reading/writing device 60 can be, for example, a smart card reader, if the data carrier 4 is a smart card, or a cellular phone, if the data carrier 4 is a SIM card.
  • the image acquiring and processing device 8 includes: a sensor 9 of the biometric type, for example a television camera, to detect a first biometric image (i.e., biometric data sample) of the user that has to be authenticated, for example a face template; an image processor 10, connected between sensor 9 and Host Computer 7, to generate a reference biometric template from the user biometric image, detected through sensor 9.
  • a sensor 9 of the biometric type for example a television camera
  • a first biometric image i.e., biometric data sample
  • Host Computer 7 to generate a reference biometric template from the user biometric image, detected through sensor 9.
  • the data enrolment system 2 is a separated system from the data verification system 3 and is placed in a secure environment.
  • the data verification system 3 comprises an electronic device 11, for example a personal computer, a palmtop computer, a cellular telephone, an hand-held PC, a smart-phone, having enough memory 11a to store biometric data of a user that has to be authenticated.
  • the data verification system 3 can also comprise: a data base, of a known type and therefore not shown in figure 1, managed by a remote system connected to the electronic device 11; an image acquiring and processing device 12; a data reading/writing device 61 realising the interface with the data carrier 4.
  • the image acquiring and processing device 12 and the data reading/writing device 61 are both connected to the electronic device 11.
  • the data reading/writing device 61 can be, for example, a smart card reader, if the data carrier 4 is a smart card, or a cellular phone, if the data carrier 4 is a SIM card.
  • the image acquiring and processing device 12 comprises: a sensor 13, of the biometric type, for example a television camera, to detect a second biometric image (the face template) of the user that has to be authenticated.
  • the image acquiring and processing device 12 also includes an image processor 14, connected between sensor 13 and electronic device 11, to generate a live template from the user biometric image detected through the sensor 13.
  • the electronic device 11 can also comprise a processing logic (not shown in figure 1) able to read and interpret the comparison operation result between reference biometric template and live template performed by the data carrier 4, as will be described more in detail below.
  • a processing logic not shown in figure 1
  • cryptographic algorithms of the asymmetrical type for example the RSA algorithm
  • these algorithms are based on the use of two different keys in the data enciphering and deciphering steps and on the existence of a PKI (Public Key Infrastructure) , for example based on standard X.509 described in R. Housley, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459, 1999.
  • the method according to the invention comprises an enrolment step 20, performed by the data enrolment system 2 and shown in figure 2, and a verification step 40, performed by the data verification system 3 and the data carrier 4 and shown in figure 3.
  • the enrolment step 20 provides an initialisation step 21 of the data enrolment system 2 , of the data verification system 3 and the data carrier 4.
  • the initialisation step 21 provides: - storing, in the memory 7a of Host Computer 7, a pair of public KE pU b and private KE pr keys associated with the data enrolment system 2, the related digital certificate C E containing the public key KE pub signed with the private key issued by a secure Certification Authority and, possibly, the digital certificate C A c of the same Certification Authority; - storing, in the memory 6 of data carrier 4, a pair of public KU pU b and private KU pr keys associated with the user to be authenticated, the related digital certificate Cu containing the public key KU pUb signed with the private key of the secure Certification Authority and, possibly, the digital certificate C A c of the same Certification Authority.
  • the data carrier 4 initialisation can provide for the generation of the pair of public and private keys KU pub , KU pr aboard the data carrier 4 itself (on-card) and the transmission of the certification request for the public key KU pU b to the secure Certification Authority.
  • the initialisation process is then finalised by installing the user digital certificate Cu on the data carrier 4 and distributing the related certificate to the data enrolment system 2 and the data verification system 3.
  • All these operations can be performed in the microprocessor 5; and - storing, in the memory 11a of electronic device 11, a file containing a pair of public KV pu and private KV pr keys associated with the data verification system 3, the related digital certificate C v containing the public key KV pUb signed with the private key issued by the secure Certification Authority and, possibly, the digital certificate C AC of the same Certification Authority.
  • the enrolment step 20 then proceeds with detecting, through the sensor 9, a first biometric image of the user to be authenticated (block 22) . Afterwards, the first biometric image is transferred to the image processor 10 that generates the reference biometric template (block 23) . The reference biometric template is then stored into the memory 7a of the Host Computer 7 (block 24) .
  • the Host Computer 7 decomposes the reference biometric template into a first and a second reference biometric template portion (block 25) , using a splitting algorithm that will be described more in detail herein below, and then destroys the original copy of the reference biometric template (block 26) .
  • the Host Computer 7 signs the first and the second reference biometric template portion with the private key KE pr of the data enrolment system 2 (block 27) and then enciphers the two portions with the public key KU pub • of the user to be authenticated (block 28) .
  • the Host Computer 7 transfers the first reference biometric template portion onto the data carrier 4 (block 29) .
  • the first reference biometric template portion is stored into a protected area 6a (shown in figure 1) of the memory 6 (block 30) .
  • the memory 6a area can be protected through PIN.
  • the Host Computer 7 can transfer the first reference biometric template portion into a memory included in the reading/writing device 61, for example in a cellular phone memory or in any personal processing device (PC, PDA, handheld device, etc.) memory. Communication between data enrolment system 2 and data carrier 4 can occur for example though the communication protocol implemented in the reading/writing device 60.
  • the reading/writing device 60 is also equipped with a logic (an application program) that checks the data transfer.
  • the second reference biometric template portion is instead transferred and stored into the memory 11a of the electronic device 11 (block 31) .
  • the second reference biometric template portion can be transferred and stored into the data base .
  • the transfer of the second reference biometric template portion from data enrolment system 2 to electronic device 11, or to data base can occur by using methods of the OOB ("Out Of Band") type. In particular, these methods assume that data are not transferred in a network, but are transferred using alternative communication channels, such as, for example, a telephone channel or the traditional mail.
  • the transfer of the second reference biometric template portion can occur through a modem or a communication network, for example a TCP/IP or GSM network.
  • the verification step 40 starts when a user, by entering the data carrier 4 into the data reading/writing device 61, asks the user architecture 1 to be authenticated (block 40a) .
  • the data verification system 3 through the sensor 13, detects a second biometric image of the user that has to be authenticated (block 4l) .
  • This second biometric image is . then transferred to the image processor 14 that generates the live template (block 42) .
  • the live template is sent to the electronic device 11 that signs it with the private key KV pr of the data verification system 3 and enciphers it with the public key of the user KU pub (block 43) .
  • the electronic device 11 transmits to the data carrier 4 both the live template and the second reference biometric template portion, this latter one stored locally or recovered by the data base, enclosing a univocal Nonce (namely an aleatory value, used a single time in a cryptographic scheme) to guarantee the authenticity of the current data verification session (block 44) .
  • the univocal Nonce is also enciphered and signed.
  • Such operation guarantees for example the protection from the so-called replay attacks (attacks where the attacking person is an authorised user that re-proposes to the system, in a following authentication session, a previously positive authentication session as regards the interested user) .
  • Communication between data verification system 3 and data carrier 4 can occur for example through the communication protocol implemented in the reading/writing device 61.
  • the reading/writing device 61 is also equipped with a logic (an application program) that checks the data transfer.
  • the data carrier 4 using its own private key KU pr , deciphers the second reference biometric template portion and checks its signature by using the public key KE pub of the data enrolment system 2 (block 45) .
  • the data carrier 4 through a recomposition algorithm, stored into the memory 6 and shown below, recomposes the reference biometric template (block 46) using the now deciphered second reference biometric template portion and the first reference biometric template portion, stored into the protected memory area 6a.
  • the data carrier 4 using its own private key KU pr , deciphers the live template transmitted by the data verification system 3 and checks its signature by using the public key KV pub of the data verification system 3 (block 47) . If all previously-described check operations realised through the processing logic 5a of the microprocessor 5, have a positive result, the data carrier 4 performs a comparison operation between the reference biometric template and the live template (block 48) .
  • the comparison operation is performed by the comparing logic 5b of the microprocessor 5 as an atomic operation using known comparison functions depending on the biometric identification techniques used.
  • the data carrier 4 transfers to the data verification system 3 the comparison operation result together with the univocal Nonce previously received by the data verification system itself (block 49) .
  • the comparison operation result and the univocal Nonce can for example be sent as a message signed with the user private key Ku pr and enciphered with the public key KV pUb of the data verification system 3.
  • the electronic device 11 using the private key KV pr of the data verification system 3, deciphers the message sent thereto by the data carrier 4, checks its signature, and, depending on the comparison operation result, grants or not the user access to the required service (block 50) .
  • a data base is used for storing the second reference biometric template portion, it is necessary to make secure also the communication between electronic device 11 and remote data base managing system. This can be obtained by using, for example, the previously-described authentication, privacy and non- repudiation cryptographic mechanisms, in order to guarantee the authentication of affected parts, in addition to integrity and privacy of transferred data.
  • the remote data base managing system can use access control methods, of the Access Control List type (with user authentication through userlD and
  • the splitting algorithm used by the data enrolment system 2 to split the reference biometric template into the two portions of reference biometric template is a secret splitting algorithm, that can be used in the cryptographic techniques of the "secret sharing scheme" type.
  • a secret is divided into N parts, securely transferred to N entities with the property that, starting from a single part of the secret, the original cannot be rebuilt.
  • An algorithm of this type is for example described in H. Feistel in "Cryptographic Coding for Data-Banking Privacy", IBM Research, New York, 1970.
  • the splitting algorithm comprises an enrolment step in which the data enrolment system 2 that created the template t (the reference biometric template) generates a random number ti (the first reference biometric template portion) of the same size (length) of the template t. Afterwards the data enrolment system 2 applies a XOR function to t and ti to generate a value t 2 (the second reference biometric template portion) , namely: ti is then stored in a protected mode (that provides for signature and enciphering) on the data carrier 4 while t 2 is stored in a protected mode (that provides for signature and enciphering) on the data verification system 3 or in the central data base.
  • the recomposition algorithm for the template t used by the data carrier 4 to recompose the template t from t x and t 2 , is, mathematically, the reverse function of the previously-described splitting algorithm.
  • the data carrier 4 after having obtained t 2 , performs the XOR between ti and t 2 rebuilding the original value of the template t, namely: If all described operations are correctly performed, the technique is secure since by possessing a single part, tl or t2, it is not possible to obtain the template t .
  • the advantages that can be obtained with the described user authentication method are as follows.
  • the user authentication method is secure since an hacker that tries to violate either the data carrier 4 or the data verification system 3 does not obtain enough elements to go back to the reference biometric template, since this latter one is partly stored in the data carrier 4 and partly in the data verification system 3.
  • the reference biometric template is a piece of information depending on the used biometric technique : by applying the same biometric technique to the image of the same person, a reference biometric template is obtained that is very similar to the original one.
  • the whole reference biometric template falls in the hand of an hacker, this latter one could use it for disguising as the user enabled to the service, impairing the used biometric technique.
  • the hacker can go back to the mode used by the biometric technique to produce the reference biometric template.
  • the relevant biometric technique is no more secure.
  • the user authentication method according to the invention is also advantageous in case the authentication is mandatory for the access to an online service, in which the operator providing the service controls the data verification system 3.
  • the operator offering the service can go on keeping the control over the verification of the users because, according to the invention, both data carrier 4 and data verification system 3 concur in performing the verification step in a secure way that cannot be repudiated (the non-repudiation of a session implies the impossibility for a user to negate having participated into the session itself) .
  • the global security provided by the user authentication method according to the invention is further increased by the fact that the creation logic of the reference biometric template 11 does not reside on the data carrier 4 but on the data enrolment system 2 that, preferably, is a separate system from the data verification system 3 and placed in a secure environment .
  • n > 2, (e.g., ti, t 2 , ..-, t n ) , with the property that it is impossible to obtain t from an arbitrary number i of its portions t x , t 2 ,..., t n , where i ⁇ n.
  • the size of the single portions can vary: depending on the chosen splitting algorithm they could not equal the size of the template t.
  • the user authentication method according to the invention can be applied to different scenarios, such as for example : Stand Alone scenario, in which the user authentication method according to the invention is used to protect the access to the data verification system 3 (ex. login to personal computer, palmtop, cellular phone-SIM) by a user provided with the data carrier 4 ; - client-server scenario, in which the client scenario comprises the data carrier 4, preferably realised as a SIM-card, and a client portion of the data verification system 3, while the server scenario comprises a server portion of the data verification system 3.
  • the server portion of the data verification system 3 can coincide or not with a central server (for example the server offering the required service) .
  • the client portion of the data verification system 3 can perform a more or less active role in the authentication process.
  • the client portion of the data verification system 3 can perform the function of detecting the biometric image of the user that has to be authenticated, then transferring it to the central server to which instead the live template generation is entrusted; the central server will then take care of transferring the live template to the client portion of the data verification system 3.
  • the client portion of the data verification system 3 can also generate the live template . In both scenarios taken into account, the comparison operation between reference biometric template and live template is performed on the data carrier 4, then the recomposed reference biometric template never goes out of the data carrier 4.
  • the result of this operation is then transferred in a secure way (for example enciphered and signed) to the central server that decides whether granting or not the authorisation.
  • the reference biometric template can be split, for example, in three portions: ti stored on the data carrier 4, t 2 stored on the central server 15, included in the server portion 3a of the data verification system 3, and t 3 stored on the client portion 3b of the data verification system 3, as illustrated in figure 4.
  • the portion t 3 of the reference biometric template can be stored on the server portion 3a. Interaction between all the systems is required for template recomposition and template verification.
  • the configuration described above can also be extended to an arbitrary number of systems, each of them storing a respective portion of the splitted reference biometric template.
  • an extended version of the previously described splitting algorithm can be used (see for example the book "Applied Cryptography” Second Edition, Chapter 3, pages 70-71", author Bruce Schneier, published by John Wiley and Sons Inc) .
  • n- 1 random strings are generated, at an enrolment step, having the same length of the original template t.
  • These n-1 random strings are then XORed with the template t for obtaining the n-th random string of the shared template.
  • Each of these random strings is then distributed to the respective system and the original template t is subsequently destroyed. At a verification step all these random strings should be present to recompose the original template t.
  • a sharing scheme of this type is for example described in Shamir, How to share a secret, Communications of the ACM, 22 (1979) , pp. 612-613.
  • the template t is divided into n portions so that only m of them are needed to recompose the original template t.
  • the data enrolment system 2 can split the template t among the data carrier 4 (ti) , the server portion 3a of the data verification system 3, comprising, for example, the central server 15 (t 2 ) and a backup server 16 (t 4 ) and the client portion 3b of the data verification system 3 (t 3 ) , so that only three of these systems are needed to recompose of the original template t.
  • the backup server 16 can replace it in the template recomposition.
  • the same security considerations, regarding the protection of the information exchanged between the systems involved in the template recomposition, are valid for the configurations described above, i.e. all the template portions are digitally signed and enciphered, before transmission, using the appropriate private and public keys.
  • all the communication channels between the systems are protected by means of public key cryptography methods like the ones previously described.
  • all the request/response messages exchanged by the systems are signed and enciphered using the appropriate private and public keys. These messages can also include a nonce for protection against replay-attacks .
  • the comparison operation between the reference biometric template and the live template is performed on the data carrier 4 but, depending on the specific application requirements, it can also be performed outside the data carrier 4, for example, by the data verification system 3 (client portion or server portion) .
  • the Applicant outlines that biometric reference template splitting and its secure storing in the described distributed manner ensure increased resistance to template directed attacks and hence guarantee the privacy of the users.
  • Conventional security mechanisms may also be used to guarantee the authenticity of the parties that take part to the secret sharing scheme and the confidentiality of the communication channels used.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

The present invention refers to a user authentication method based on the use of identification biometric techniques comprising the steps of: - generating a reference biometric template from a first biometric image of a user to be authenticated; - splitting the reference biometric template into a first and a second reference biometric template portion that can be physically separated; - signing and enciphering the first and the second reference biometric template portion; - storing the signed and enciphered first and the second reference biometric template portion into different memories.

Description

USER AUTHENTICATION METHOD BASED ON THE UTILIZATION OP BIOMETRIC IDENTIFICATION TECHNIQUES AND RELATED
ARCHITECTURE * * * * * The present invention refers in general to the field of secure authentication system. More particularly, the present invention refers to a user authentication method based on the utilization of biometric' identification techniques and related architecture. Authentication is the process by which an entity, such as a financial institution, a bank, etc., identifies and verifies its customers or users to itself and identifies and verifies itself to its customers -or users. Authentication includes the use of physical
Objects, such as cards and/or keys, shared secrets, such as Personal Identification Numbers (PIN's) and/or passwords, and biometric technologies such as voice prints, photos, signatures and/or fingerprints. Biometric tasks include, for example, an identification task and a verification task. The verification task determines whether or not the person claiming an identity is really the person whose identity has been claimed. The identification task determines whether the biometric signal, such as a fingerprint, matches that of someone already enrolled in the system. Various biometrics have been considered for use with smart cards, such as fingerprints, hand prints, voice prints, retinal images, handwriting samples and the like. An example of a biometric-based smart card is shown in US-A-5, 280 , 527 describing a credit card sized token (referred to as biometric security apparatus) containing a microchip, in which a sample of the authorised user's voice is stored. In order to gain access to an account, the user must insert the token into a designated slot of an ATM, and then speak with the ATM. If a match is found between the user's voice and the sample enrolment of the voice stored into the microchip, access to the account is granted. Although the system disclosed in US-A-5, 280, 527 reduces the risks of unauthorised access, if compared with conventional PIN-based systems, however, to the extent that the credit card and the microchip disposed therein can be tampered with, the system does not provide the level of reliability and security that is often required in nowadays finance transactions . In O-A-0139134 a security system is further disclosed, comprising: a central unit with a biometric sensor to detect biometric data representing characteristic biometric features of a person; at least one portable data carrier; a memory means for storing biometric reference data representing the biometric reference features of the person in the system; a control system capable of generating an authorisation signal to control a functional unit depending on a comparison between the biometric data detected by the sensor and the reference data. In the security system proposed in such document, the reference data, that are compared with the biometric data detected by the sensor to ascertain the authenticity of the user, are not wholly stored into the data carrier, in the conventional manner, but are splitted, partly in the data carrier and partly in the reading device. Only the combination of data carrier and reading device will produce the complete information needed for authentication. The invention is particularly advantageous if the biometric sensor is a fingerprint sensor. A fingerprint sensor determines the locally resolved position of minutiae of the fingerprint. The minutiae are singular points df the papillary lines of a fingerprint. These might be end points, branches or similar points of the papillary lines of the fingerprint. The local position is determined depending on the distance from a reference point or radius to the angle related to a reference direction. In order to personalise the data carrier, the fingerprint of the data carrier owner is reproduced and appropriate reference values are determined for radius and angle. These values are then stored into the system. For practical purpose, the radius reference data are stored only on the data carrier and the angle reference data are stored only on the reading device. Alternatively, the angle reference data are stored in the data carrier and the distance reference data are stored on the reading device. The Applicant faced the problem of realising a method for authenticating users based on the use of biometric identification techniques, that is secure, independent from the used biometric identification techniques and that protects user privacy. The Applicant has observed that the above- described problem can be solved by a user authentication method based on the use of biometric identification techniques comprising the steps of: generating a reference biometric template from a first biometric image of a user to be authenticated and, afterwards, splitting the reference biometric template into a first and a second reference biometric template portion, said first and second reference biometric template portion being separable. The first and the second biometric reference template portion are then signed, enciphered and stored in different memories. More specifically, a user authentication method based on the use of biometric identification techniques comprises an enrolment step and a verification step, said enrolment step including the steps of: - generating a reference biometric template from a first biometric image of a user to be authenticated; - splitting said reference biometric template into a first and a second reference biometric template portion; - enciphering said first and second reference biometric template portion; and storing each one of said reference biometric template portions into a different memory. Another aspect of the present invention refers to an architecture based on the use of biometric identification techniques comprising: at least one data enrolment system for generating a reference biometric template from a first biometric image of a user to be authenticated, said data enrolment system comprising a Host Computer for splitting said reference biometric template into a first and a second reference biometric template portion that are physically separable and for enciphering said first and second reference biometric template portion; - at least one portable data carrier associated with said user to be authenticated, said data carrier comprising a memory for storing said first signed and enciphered reference biometric template portion; and at least one data verification system comprising a memory for storing said second signed and enciphered reference biometric template portion. Another aspect of the present invention refers to a portable data carrier associated with a user that has to be authenticated through a user authentication architecture, said data carrier including a microprocessor comprising a memory for storing a first reference biometric template portion associated with said user to be authenticated, said first reference biometric template portion being signed and enciphered, said portable data carrier being adapted to received as input, from said user authentication architecture, a second reference biometric template portion and a live template associated with said user to be authenticated, said second reference biometric template portion and said live template being signed and enciphered, said microprocessor further comprising: - a processing logic for deciphering said first and second reference biometric template portion and for recomposing therefrom said reference biometric template associated with said user to be authenticated; - a comparing logic for comparing said reference biometric template recomposed with said live template and sending a result of said comparison to said user authentication architecture. Another aspect of the present invention refers to a data verification system comprising an electronic device and a portable data carrier associated with a user that has to be authenticated, said data carrier being adapted to store a first reference biometric template portion associated with a user to be authenticated, said first reference biometric template portion being signed and enciphered; said electronic device comprising: - a memory adapted to store a second reference biometric template portion associated with a user to be authenticated, complementary with said first portion, said second reference biometric template portion being signed and enciphered; - an image acquiring and processing device for generating a live template ; said electronic device being adapted to encipher and sign said live template , transmit said second reference biometric template portion and said live template to said portable data carrier and authenticate said user depending on the result of a comparison performed by said data carrier between said live template and a reference biometric template of said user to be authenticated, said reference biometric template being recomposed by using said first and second reference biometric template portion. A further aspect of the present invention deals with a computer program product that can be loaded in the memory of at least one electronic processor and comprising portions of software code to perform the process according to the invention when the product is executed on a processor: in this context such diction must be deemed equivalent to the mention of a means readable by a computer comprising instructions to control a network of computers in order to perform a process according to the invention. The reference to "at least one electronic processor" is obviously aimed to point out the possibility of carrying out the solution according to the invention in a de-centralised context . Further preferred aspects of the present invention are disclosed in the dependent claims and in the present description. The features and the advantages of the present invention will result from the herein below description of an embodiment, provided as a non-limiting example, with reference to the enclosed drawings, in which: - figure 1 is a schematic representation of a user authentication architecture according to the invention; figure 2 shows a flow diagram related to implementing a first step of a user authentication method according to the invention; and figure 3 shows a flow diagram related to implementing a second step of the user authentication method according to the invention. With reference to ■ figure 1, the user authentication method according to the invention is applied to a user authentication architecture 1 comprising a data enrolment system 2, a data verification system 3 and a portable data carrier 4, this latter one belonging to a user that has to be authenticated. The data carrier 4 can be a substrate whose sizes are substantially rectangular, such as for example an access card, a credit card, a debit card, an identification card, a smart card, a SIM card or a secure digital card. In any case, the data carrier 4 is equipped with a microprocessor 5 including a processing logic 5a, a comparing logic 5b and a memory 6. Always with reference to figure 1, in a preferred embodiment, the data enrolment system 2 comprises a Host Computer 7, for example a personal computer, a business computer, etc., having enough memory 7a to store biometric data of a user that has to be authenticated. The data enrolment system 2 can also include an image acquiring and processing device 8, connected to the Host Computer 7, and a data reading/writing device 60 , also connected to the Host Computer 7 realising the interface with the data carrier 4. The data reading/writing device 60 can be, for example, a smart card reader, if the data carrier 4 is a smart card, or a cellular phone, if the data carrier 4 is a SIM card. Specifically, the image acquiring and processing device 8 includes: a sensor 9 of the biometric type, for example a television camera, to detect a first biometric image (i.e., biometric data sample) of the user that has to be authenticated, for example a face template; an image processor 10, connected between sensor 9 and Host Computer 7, to generate a reference biometric template from the user biometric image, detected through sensor 9. Preferably, the data enrolment system 2 is a separated system from the data verification system 3 and is placed in a secure environment. In a preferred embodiment, the data verification system 3 comprises an electronic device 11, for example a personal computer, a palmtop computer, a cellular telephone, an hand-held PC, a smart-phone, having enough memory 11a to store biometric data of a user that has to be authenticated. The data verification system 3 can also comprise: a data base, of a known type and therefore not shown in figure 1, managed by a remote system connected to the electronic device 11; an image acquiring and processing device 12; a data reading/writing device 61 realising the interface with the data carrier 4. The image acquiring and processing device 12 and the data reading/writing device 61 are both connected to the electronic device 11. Moreover, the data reading/writing device 61 can be, for example, a smart card reader, if the data carrier 4 is a smart card, or a cellular phone, if the data carrier 4 is a SIM card. Specifically, the image acquiring and processing device 12 comprises: a sensor 13, of the biometric type, for example a television camera, to detect a second biometric image (the face template) of the user that has to be authenticated. The image acquiring and processing device 12 also includes an image processor 14, connected between sensor 13 and electronic device 11, to generate a live template from the user biometric image detected through the sensor 13. The electronic device 11 can also comprise a processing logic (not shown in figure 1) able to read and interpret the comparison operation result between reference biometric template and live template performed by the data carrier 4, as will be described more in detail below. It is to be remarked that, in the following description, for enciphering and deciphering biometric data, cryptographic algorithms of the asymmetrical type, for example the RSA algorithm, are preferably used. In particular, these algorithms are based on the use of two different keys in the data enciphering and deciphering steps and on the existence of a PKI (Public Key Infrastructure) , for example based on standard X.509 described in R. Housley, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459, 1999. The user authentication method, according to the invention, will now be described with reference to the flow diagrams shown in figures 2-3. In a preferred embodiment, the method according to the invention comprises an enrolment step 20, performed by the data enrolment system 2 and shown in figure 2, and a verification step 40, performed by the data verification system 3 and the data carrier 4 and shown in figure 3. With reference to figure 2, initially the enrolment step 20 provides an initialisation step 21 of the data enrolment system 2 , of the data verification system 3 and the data carrier 4. Specifically, the initialisation step 21 provides: - storing, in the memory 7a of Host Computer 7, a pair of public KEpUb and private KEpr keys associated with the data enrolment system 2, the related digital certificate CE containing the public key KEpub signed with the private key issued by a secure Certification Authority and, possibly, the digital certificate CAc of the same Certification Authority; - storing, in the memory 6 of data carrier 4, a pair of public KUpUb and private KUpr keys associated with the user to be authenticated, the related digital certificate Cu containing the public key KUpUb signed with the private key of the secure Certification Authority and, possibly, the digital certificate CAc of the same Certification Authority. Alternatively, the data carrier 4 initialisation can provide for the generation of the pair of public and private keys KUpub, KUpr aboard the data carrier 4 itself (on-card) and the transmission of the certification request for the public key KUpUb to the secure Certification Authority. The initialisation process is then finalised by installing the user digital certificate Cu on the data carrier 4 and distributing the related certificate to the data enrolment system 2 and the data verification system 3. All these operations can be performed in the microprocessor 5; and - storing, in the memory 11a of electronic device 11, a file containing a pair of public KVpu and private KVpr keys associated with the data verification system 3, the related digital certificate Cv containing the public key KVpUb signed with the private key issued by the secure Certification Authority and, possibly, the digital certificate CAC of the same Certification Authority. The enrolment step 20 then proceeds with detecting, through the sensor 9, a first biometric image of the user to be authenticated (block 22) . Afterwards, the first biometric image is transferred to the image processor 10 that generates the reference biometric template (block 23) . The reference biometric template is then stored into the memory 7a of the Host Computer 7 (block 24) . Afterwards, the Host Computer 7 decomposes the reference biometric template into a first and a second reference biometric template portion (block 25) , using a splitting algorithm that will be described more in detail herein below, and then destroys the original copy of the reference biometric template (block 26) . At this time, the Host Computer 7 signs the first and the second reference biometric template portion with the private key KEpr of the data enrolment system 2 (block 27) and then enciphers the two portions with the public key KUpub • of the user to be authenticated (block 28) . Afterwards, the Host Computer 7 transfers the first reference biometric template portion onto the data carrier 4 (block 29) . Here, the first reference biometric template portion is stored into a protected area 6a (shown in figure 1) of the memory 6 (block 30) .- For example, the memory 6a area can be protected through PIN. In another embodiment of the present invention, the Host Computer 7 can transfer the first reference biometric template portion into a memory included in the reading/writing device 61, for example in a cellular phone memory or in any personal processing device (PC, PDA, handheld device, etc.) memory. Communication between data enrolment system 2 and data carrier 4 can occur for example though the communication protocol implemented in the reading/writing device 60. The reading/writing device 60 is also equipped with a logic (an application program) that checks the data transfer. The second reference biometric template portion is instead transferred and stored into the memory 11a of the electronic device 11 (block 31) . Alternatively, the second reference biometric template portion can be transferred and stored into the data base . The transfer of the second reference biometric template portion from data enrolment system 2 to electronic device 11, or to data base, can occur by using methods of the OOB ("Out Of Band") type. In particular, these methods assume that data are not transferred in a network, but are transferred using alternative communication channels, such as, for example, a telephone channel or the traditional mail. Less preferably, the transfer of the second reference biometric template portion can occur through a modem or a communication network, for example a TCP/IP or GSM network. With reference now to figure 3, the verification step 40 starts when a user, by entering the data carrier 4 into the data reading/writing device 61, asks the user architecture 1 to be authenticated (block 40a) . Under these conditions, the data verification system 3, through the sensor 13, detects a second biometric image of the user that has to be authenticated (block 4l) . This second biometric image is . then transferred to the image processor 14 that generates the live template (block 42) . Afterwards, the live template is sent to the electronic device 11 that signs it with the private key KVpr of the data verification system 3 and enciphers it with the public key of the user KUpub (block 43) . At that time, the electronic device 11, through the reading/writing device 61, transmits to the data carrier 4 both the live template and the second reference biometric template portion, this latter one stored locally or recovered by the data base, enclosing a univocal Nonce (namely an aleatory value, used a single time in a cryptographic scheme) to guarantee the authenticity of the current data verification session (block 44) . The univocal Nonce is also enciphered and signed. Such operation guarantees for example the protection from the so-called replay attacks (attacks where the attacking person is an authorised user that re-proposes to the system, in a following authentication session, a previously positive authentication session as regards the interested user) . Communication between data verification system 3 and data carrier 4 can occur for example through the communication protocol implemented in the reading/writing device 61. The reading/writing device 61 is also equipped with a logic (an application program) that checks the data transfer. Afterwards, the data carrier 4, using its own private key KUpr, deciphers the second reference biometric template portion and checks its signature by using the public key KEpub of the data enrolment system 2 (block 45) . In case of check success, the data carrier 4, through a recomposition algorithm, stored into the memory 6 and shown below, recomposes the reference biometric template (block 46) using the now deciphered second reference biometric template portion and the first reference biometric template portion, stored into the protected memory area 6a. Afterwards, the data carrier 4, using its own private key KUpr, deciphers the live template transmitted by the data verification system 3 and checks its signature by using the public key KVpub of the data verification system 3 (block 47) . If all previously-described check operations realised through the processing logic 5a of the microprocessor 5, have a positive result, the data carrier 4 performs a comparison operation between the reference biometric template and the live template (block 48) . Preferably, the comparison operation is performed by the comparing logic 5b of the microprocessor 5 as an atomic operation using known comparison functions depending on the biometric identification techniques used. For example, for the face template, as comparison functions, those provided in the Principal Component Analysis (Eigenfaces) or Local Features Analysis, or Neural Networks or 3D or wavelet Gabor, etc. techniques can be used. Afterwards, the data carrier 4 transfers to the data verification system 3 the comparison operation result together with the univocal Nonce previously received by the data verification system itself (block 49) . The comparison operation result and the univocal Nonce can for example be sent as a message signed with the user private key Kupr and enciphered with the public key KVpUb of the data verification system 3. At this time, the electronic device 11, using the private key KVpr of the data verification system 3, deciphers the message sent thereto by the data carrier 4, checks its signature, and, depending on the comparison operation result, grants or not the user access to the required service (block 50) . In case a data base is used for storing the second reference biometric template portion, it is necessary to make secure also the communication between electronic device 11 and remote data base managing system. This can be obtained by using, for example, the previously-described authentication, privacy and non- repudiation cryptographic mechanisms, in order to guarantee the authentication of affected parts, in addition to integrity and privacy of transferred data. Moreover, the remote data base managing system can use access control methods, of the Access Control List type (with user authentication through userlD and
Password or through digital certificates) to guarantee a secure access to data contained in the data base. Preferably, the splitting algorithm used by the data enrolment system 2 to split the reference biometric template into the two portions of reference biometric template, is a secret splitting algorithm, that can be used in the cryptographic techniques of the "secret sharing scheme" type. In this case a secret is divided into N parts, securely transferred to N entities with the property that, starting from a single part of the secret, the original cannot be rebuilt. An algorithm of this type is for example described in H. Feistel in "Cryptographic Coding for Data-Banking Privacy", IBM Research, New York, 1970. More in detail, the splitting algorithm comprises an enrolment step in which the data enrolment system 2 that created the template t (the reference biometric template) generates a random number ti (the first reference biometric template portion) of the same size (length) of the template t. Afterwards the data enrolment system 2 applies a XOR function to t and ti to generate a value t2 (the second reference biometric template portion) , namely:
Figure imgf000019_0001
ti is then stored in a protected mode (that provides for signature and enciphering) on the data carrier 4 while t2 is stored in a protected mode (that provides for signature and enciphering) on the data verification system 3 or in the central data base. The recomposition algorithm for the template t, used by the data carrier 4 to recompose the template t from tx and t2, is, mathematically, the reverse function of the previously-described splitting algorithm. In particular, the data carrier 4, after having obtained t2, performs the XOR between ti and t2 rebuilding the original value of the template t, namely:
Figure imgf000019_0002
If all described operations are correctly performed, the technique is secure since by possessing a single part, tl or t2, it is not possible to obtain the template t . The advantages that can be obtained with the described user authentication method are as follows. Firstly, the user authentication method is secure since an hacker that tries to violate either the data carrier 4 or the data verification system 3 does not obtain enough elements to go back to the reference biometric template, since this latter one is partly stored in the data carrier 4 and partly in the data verification system 3. In this way, both user privacy compliance, and the chance of using the same biometric technique also in case of violation/corruption of only one part of the reference biometric template, are guaranteed. In fact, the reference biometric template is a piece of information depending on the used biometric technique : by applying the same biometric technique to the image of the same person, a reference biometric template is obtained that is very similar to the original one. Therefore, if the whole reference biometric template falls in the hand of an hacker, this latter one could use it for disguising as the user enabled to the service, impairing the used biometric technique. Moreover, it is plausible that, through a reverse-engineering process, the hacker can go back to the mode used by the biometric technique to produce the reference biometric template. In this way, the relevant biometric technique is no more secure. Moreover, the user authentication method according to the invention is also advantageous in case the authentication is mandatory for the access to an online service, in which the operator providing the service controls the data verification system 3. In fact, the operator offering the service can go on keeping the control over the verification of the users because, according to the invention, both data carrier 4 and data verification system 3 concur in performing the verification step in a secure way that cannot be repudiated (the non-repudiation of a session implies the impossibility for a user to negate having participated into the session itself) . Moreover, the global security provided by the user authentication method according to the invention is further increased by the fact that the creation logic of the reference biometric template 11 does not reside on the data carrier 4 but on the data enrolment system 2 that, preferably, is a separate system from the data verification system 3 and placed in a secure environment . On the data carrier 4 there are only the processing logic 5a that recomposes the reference biometric template and also performs the suitable cryptographic operations and the comparing logic 5b computing the correlation between reference biometric template and live template. It is finally clear that to the herein described and shown user authentication method and its related architecture numerous modifications and variations can be made, all falling within the scope of the inventive concept, as defined in the enclosed claims. For example, biometric techniques can be used that are different from face recognition, such as fingerprints, hand prints, voice templates, retinal images, calligraphic samples and the like. Furthermore, the splitting algorithm used by the data enrolment system 2 can split the template t in n portions, where n > = 2, (e.g., ti, t2, ..-, tn) , with the property that it is impossible to obtain t from an arbitrary number i of its portions tx, t2,..., tn, where i < n. In other words, only all the portions tx , t2 f ..., tπ combined together can recompose the original template t. The size of the single portions can vary: depending on the chosen splitting algorithm they could not equal the size of the template t. Moreover, the user authentication method according to the invention can be applied to different scenarios, such as for example : Stand Alone scenario, in which the user authentication method according to the invention is used to protect the access to the data verification system 3 (ex. login to personal computer, palmtop, cellular phone-SIM) by a user provided with the data carrier 4 ; - client-server scenario, in which the client scenario comprises the data carrier 4, preferably realised as a SIM-card, and a client portion of the data verification system 3, while the server scenario comprises a server portion of the data verification system 3. In particular, the server portion of the data verification system 3 can coincide or not with a central server (for example the server offering the required service) . In this case, the client portion of the data verification system 3 can perform a more or less active role in the authentication process. For example, the client portion of the data verification system 3 can perform the function of detecting the biometric image of the user that has to be authenticated, then transferring it to the central server to which instead the live template generation is entrusted; the central server will then take care of transferring the live template to the client portion of the data verification system 3. Alternatively, the client portion of the data verification system 3 can also generate the live template . In both scenarios taken into account, the comparison operation between reference biometric template and live template is performed on the data carrier 4, then the recomposed reference biometric template never goes out of the data carrier 4. The result of this operation is then transferred in a secure way (for example enciphered and signed) to the central server that decides whether granting or not the authorisation. With reference to the client-server authentication scenario, if the central server plays an active role in the authentication process, the reference biometric template can be split, for example, in three portions: ti stored on the data carrier 4, t2 stored on the central server 15, included in the server portion 3a of the data verification system 3, and t3 stored on the client portion 3b of the data verification system 3, as illustrated in figure 4. Alternatively, also the portion t3 of the reference biometric template can be stored on the server portion 3a. Interaction between all the systems is required for template recomposition and template verification. According to the application's specific requirements, the configuration described above can also be extended to an arbitrary number of systems, each of them storing a respective portion of the splitted reference biometric template. In this case, an extended version of the previously described splitting algorithm can be used (see for example the book "Applied Cryptography" Second Edition, Chapter 3, pages 70-71", author Bruce Schneier, published by John Wiley and Sons Inc) . Specifically, for n systems involved (n > = 2) , n- 1 random strings are generated, at an enrolment step, having the same length of the original template t. These n-1 random strings are then XORed with the template t for obtaining the n-th random string of the shared template. Each of these random strings is then distributed to the respective system and the original template t is subsequently destroyed. At a verification step all these random strings should be present to recompose the original template t. A further scenario including n systems, each of them storing a respective portion of the original template t, can require a template sharing scheme in which only m systems, with n > m > = 2, are involved in the template recomposition and verification. A sharing scheme of this type is for example described in Shamir, How to share a secret, Communications of the ACM, 22 (1979) , pp. 612-613. More specifically, in this sharing scheme, called (m,n)- threshold scheme, the template t is divided into n portions so that only m of them are needed to recompose the original template t. For example, as shown in figure 5, with a (3,4)- threshold scheme, the data enrolment system 2 can split the template t among the data carrier 4 (ti) , the server portion 3a of the data verification system 3, comprising, for example, the central server 15 (t2) and a backup server 16 (t4) and the client portion 3b of the data verification system 3 (t3) , so that only three of these systems are needed to recompose of the original template t. In this way, if the central server 15 is temporarily unavailable (or it has been compromised by an attack) the backup server 16 can replace it in the template recomposition. The same security considerations, regarding the protection of the information exchanged between the systems involved in the template recomposition, are valid for the configurations described above, i.e. all the template portions are digitally signed and enciphered, before transmission, using the appropriate private and public keys. Further, in each one of the above described scenarios, all the communication channels between the systems are protected by means of public key cryptography methods like the ones previously described. Thus, all the request/response messages exchanged by the systems are signed and enciphered using the appropriate private and public keys. These messages can also include a nonce for protection against replay-attacks . For increasing the privacy, the comparison operation between the reference biometric template and the live template is performed on the data carrier 4 but, depending on the specific application requirements, it can also be performed outside the data carrier 4, for example, by the data verification system 3 (client portion or server portion) . Moreover, the Applicant outlines that biometric reference template splitting and its secure storing in the described distributed manner ensure increased resistance to template directed attacks and hence guarantee the privacy of the users. Conventional security mechanisms (possibly based on the use of asymmetric cryptography) may also be used to guarantee the authenticity of the parties that take part to the secret sharing scheme and the confidentiality of the communication channels used.

Claims

1. User authentication method based on the use of identification biometric techniques comprising an enrolment step (20) and a verification step (40) , said enrolment step (20) including the steps of: generating (22, 23) a reference biometric template from a first biometric image of a user to be authenticated; - splitting (25) said reference biometric template into a first and a second reference biometric template portion; enciphering (27, 28) said first and second reference biometric template portion; and - storing (29, 30, 31) each one of said reference biometric template portions into a different memory.
2. Method according to Claim 1, characterised in that said step of storing each one of said reference biometric template portions into a different memory comprises the step of: - transmitting (29) said first reference biometric template portion from a first system (2) to a device (4) , said first system (2) operating in said enrolment step (20) ; - storing (30) said first reference biometric template portion into a memory (6) of said device (4) , said device (4) operating in said verification step (40) ; transmitting (31) said second reference biometric template portion from said first system (2) to a second system (3) , said second system (3) operating in said verification step (40) ; and storing (31) said second reference biometric template portion into a memory (11a) of said second system (3) .
3. Method according to any one of Claims 1 or 2 , characterised in that said verification step (40) comprises the steps of: generating (41, 42) a live template from a second biometric image of said user to be authenticated; - enciphering (43) said live template; and - transmitting (44) said live template and said second reference biometric template portion to said device (4) .
4. Method according to Claim 3, characterised in that said verification step (40) comprises the steps of: - deciphering (45, 47) said live template and said second reference biometric template portion; recomposing (46) said reference biometric template from said first and second reference biometric template portion; and comparing (48) said recomposed reference biometric template with said live template.
5. Method according to Claim 4, characterised in that said verification step (40) comprises the steps of: - sending (49) a result of said comparison to said second system (3); and - authenticating (50) or not authenticating said user depending on said result.
6. Method according to any one of Claims 2-5, characterised in that said step of splitting said reference biometric template into a first and a second reference biometric template portion comprises the step of: - destroying said biometric template performed by said first system (2) .
7. Method according to any one of Claims 2-6, characterised in that said step of enciphering (27, 28) said first and second reference biometric template portion comprises the steps of: - storing (21) a first and a second key (KEpub/
KEpr) and a related digital certificate (CE) into a memory (7a) of said first system (2) , said first and second keys (KEpub, KEpr) being respectively a public key (KEpub) and a private key (KEpr) associated with said first system (2) ; - storing (21) a first and a second key (KUpub, KUpr) and a related digital certificate (Cu) into said memory (6) of said device (4) , said first and second keys (KUpu ; KUpr) being respectively a public key (KUpub and a private key (KUpr) associated with said user to be authenticated; signing (27) said first and second reference biometric template portion with said private key (KEpr) of said first system (2) ; and - enciphering (28) said first and second reference biometric template portion with said public key (KUpUb) of said user to be authenticated.
8. Method according to any one of Claims 3-7, characterised in that said step of transmitting said live template and said second reference biometric template portion to said device (4) comprises the steps of: - generating an aleatory value associated with the current data verification step (40) , said aleatory value guaranteeing the authenticity of said current data verification step (40) ; - signing and enciphering said aleatory value; and - transmitting said aleatory value to said device (4) .
9. Method according to Claims 7 or 8, characterised in that said step of enciphering said comparison biometric template comprises the steps of: - storing a first and a second key (KVpUb, KVpr) and a related digital certificate (Cv) into said memory (11a) of said second system (3) , said first and second keys (KVpub/ KVpr) being respectively a public key (KVpub) and a private key (KVpr) associated with said second system (3) ; signing (43) said live template with said private key (KVpr) of said second system (3) ; and - enciphering (43) said live template with said public key (KUpub) of said user to be authenticated.
10. Method according to any one of Claims 8 or 9, characterised in that said step of deciphering said live template and said second reference biometric template portion comprises the steps of: - deciphering the signature and the validity of said aleatory value; - deciphering (45) said second reference biometric template portion with said private key (KUpr) of said user to be authenticated; - verification its signature (45) - deciphering (47) said live template with said private key (KUpr) of said user to be authenticated; and - verification its signature (47) .
11. Method according to any one of Claims 5-10, characterised in that said step of sending a result of said comparison to said second device (11) comprises the steps of : - generating a message containing said result; - enciphering said message.
12. Method according to any one of the previous claims, characterised in that said identification biometric techniques comprise at least one biometric identification technique of the type selected among: face recognition, fingerprints, hand prints, voice templates, retinal images, calligraphic samples.
13. Method according to any one of Claims 2-12, characterised in that said first and second system (2) , (3) are respectively a data enrolment system and a data verification system and said device (4) is a data carrier.
14. Method according to Claim 1, characterised in that said step of splitting said reference biometric template includes the steps of - splitting said reference biometric template into a plurality of reference biometric template portions, at least some of said reference biometric template portions being used to recompose said reference biometric template.
15. User authentication architecture bases on the use of biometric identification techniques comprising: at least one data enrolment system (2) for generating a reference biometric template from a first biometric image of a user to be authenticated, said data enrolment system (2) comprising a Host Computer (7) to split said reference biometric template into a first and a second reference biometric template portion and for enciphering said first and second reference biometric template portion; - at least one portable data carrier (4) associated with said user to be authenticated, said data carrier (4) comprising a memory (6a) for storing said first signed and enciphered reference biometric template portion; and - at least one data verification system (3) comprising a memory (11a) for storing said second signed and enciphered reference biometric template portion.
16. Architecture according to Claim 15, characterised in that said data carrier (4) comprises a microprocessor (5) including a processing logic (5a) for deciphering said first and second reference biometric template portion, verification the signature and recomposing said reference biometric template from said first and second deciphered reference biometric template portion.
17. Architecture according to Claim 16, characterised in that said microprocessor (5) comprises a comparing logic (5b) to compare said recomposed reference biometric template with a live template generated by a second biometric image of the user to be authenticated, said second biometric image of the user to be authenticated being generated by the data verification system (3) .
18. Portable data carrier (4) associated with a user that has to be authenticated through a user authentication architecture (1) , said data carrier (4) including a microprocessor (5) comprising a memory (6) for storing a first reference biometric template portion associated with said user to be authenticated, said first reference biometric template portion being signed and enciphered, said portable data carrier being adapted to receive as input, from said user authentication architecture, a second reference biometric template portion and a live template associated with said user to be authenticated, said second reference biometric template portion and said live template being signed and enciphered, said microprocessor (5) further comprising: a processing logic (5a) for deciphering said first and second reference biometric template portions and for recomposing therefrom said reference biometric template associated with said user to be authenticated; a comparing logic (5b) for comparing said reference biometric template recomposed with said live template and sending a result of said comparison to said user authentication architecture (1) .
19. Data carrier according to Claim 18, characterised in that it comprises a substrate whose sizes are substantially rectangular.
20. Data carrier according to any one of Claims 18 or 19, characterised in that said data carrier (4) is an access card or a credit card or a debit card or an identification card or a smart card or a SIM card.
21. Data verification system (3) comprising an electronic device (11) and a portable data carrier (4) associated with a user that has to be authenticated, said data carrier being adapted to store a first reference biometric template portion associated with a user to be authenticated, said first reference biometric template portion being signed and enciphered; said electronic device comprising: a memory (11a) adapted to store a second reference biometric template portion associated with a user to be authenticated, complementary to said first portion, said second reference biometric template portion being signed and enciphered; - an image acquiring and processing device (12) for generating a live template; said electronic device (11) being adapted to encipher and sign said live template, transmitting said second reference biometric template portion and said live template to said portable data carrier (4) and authenticating said user depending on the result of a comparison performed by said data carrier (4) between said live template and a reference biometric template of said user to be authenticated, said reference biometric template being rebuilt by using said first and second reference biometric template portion.22. Data verification system (3) comprising an electronic device (11) and a portable data carrier (4) associated with a user that has to be authenticated, said data carrier being adapted to store a first reference biometric template portion associated with a user to be authenticated, said first reference biometric template portion being signed and enciphered; said electronic device comprising: - a first memory (11a, 15) adapted to store a second reference biometric template portion associated with a user to be authenticated, said second reference biometric template portion being signed and enciphered; - at least a second memory (11a, 15, 3b) adapted to store at least a third reference biometric template portion associated with a user to be authenticated, said third reference biometric template portion being signed and enciphered, wherein said first, second and at least third reference biometric template portions are such that the reference biometric template can be recomposed from a subset of at least two of said reference biometric template portions; - an image acquiring and processing device (12) for generating a live template; said electronic device (11) being adapted td encipher and sign said live template, transmitting said second reference biometric template portion and said live template to said portable data carrier (4) and authenticating said user depending on the result of a comparison performed by said data carrier (4) between said live template and a reference biometric template of said user to be authenticated, said reference biometric template being rebuilt by using said first and second reference biometric template portion. 23. Program for electronic processor that can be loaded into the memory of at least one electronic processor and including program codes for performing the steps of the method according to any one of Claims 1-14 when said program is executed by said electronic processor.
PCT/EP2004/014099 2003-12-24 2004-12-10 User authentication method based on the utilization of biometric identification techniques and related architecture WO2005064547A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
EP04803743A EP1697907A1 (en) 2003-12-24 2004-12-10 User authentication method based on the utilization of biometric identification techniques and related architecture
JP2006545982A JP4869944B2 (en) 2003-12-24 2004-12-10 User authentication methods and related architectures based on the use of biometric identification technology
US10/584,506 US8135180B2 (en) 2003-12-24 2004-12-10 User authentication method based on the utilization of biometric identification techniques and related architecture
KR1020067014907A KR101226651B1 (en) 2003-12-24 2004-12-10 User authentication method based on the utilization of biometric identification techniques and related architecture
BRPI0418089-5A BRPI0418089A (en) 2003-12-24 2004-12-10 method for user authentication, user authentication architecture, portable data bearer, data verification system, and electronic processor program

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
IB0306186 2003-12-24
IBPCT/IB03/06186 2003-12-24
EPPCT/EP04/004923 2004-05-07
EP2004004923 2004-05-07

Publications (1)

Publication Number Publication Date
WO2005064547A1 true WO2005064547A1 (en) 2005-07-14

Family

ID=34740690

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2004/014099 WO2005064547A1 (en) 2003-12-24 2004-12-10 User authentication method based on the utilization of biometric identification techniques and related architecture

Country Status (5)

Country Link
US (1) US8135180B2 (en)
EP (1) EP1697907A1 (en)
JP (2) JP4869944B2 (en)
KR (1) KR101226651B1 (en)
WO (1) WO2005064547A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1855227A2 (en) * 2006-05-10 2007-11-14 Hitachi-Omron Terminal Solutions, Corp. Processing device constituting an authentication system, authentication system, and the operation method thereof
JP2008065388A (en) * 2006-09-04 2008-03-21 Toppan Printing Co Ltd Biological information authentication device, biological information authentication system, and biological information authentication method
WO2009146315A1 (en) * 2008-05-27 2009-12-03 Newport Scientific Research, Llc Split template biometric verification system
KR100972218B1 (en) 2006-09-12 2010-07-26 후지쯔 가부시끼가이샤 Biometrics authentication method and biometrics authentication device
KR100996466B1 (en) 2008-10-09 2010-11-25 조선대학교산학협력단 Apparatus For Storage Of Fingerprint Data Using Secret Distribution Technique, System For Authentication Of Fingerprint Data Using Secret Distribution Technique, And Method For Authentication Of Fingerprint Data Using Secret Distribution Technique
WO2011113478A1 (en) 2010-03-16 2011-09-22 Carlo Trugenberger Authentication system, method for authenticating an object, apparatus for producing an identication device, method for producing an identification device
KR101148304B1 (en) * 2006-09-20 2012-05-21 후지쯔 가부시끼가이샤 Information processor, starting method, and computer readable storage medium storing starting program of information processor
US8443201B2 (en) * 2006-10-04 2013-05-14 Hitachi, Ltd. Biometric authentication system, enrollment terminal, authentication terminal and authentication server
CN103838994A (en) * 2012-02-29 2014-06-04 汪风珍 Internal storage lock
CN103971094A (en) * 2014-04-27 2014-08-06 汪风珍 Biological code lock
EP3321846A1 (en) * 2016-11-15 2018-05-16 Mastercard International Incorporated Systems and methods for secure biometric sample raw data storage
EP3447988A1 (en) 2017-08-24 2019-02-27 DURA Operating, LLC Method for authorizing a driver to activate at least one system of a vehicle, based on a biometric authentication process

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6941274B1 (en) * 1997-11-28 2005-09-06 Diebold, Incorporated Automated transaction machine
AUPS169002A0 (en) * 2002-04-11 2002-05-16 Tune, Andrew Dominic An information storage system
US7571472B2 (en) 2002-12-30 2009-08-04 American Express Travel Related Services Company, Inc. Methods and apparatus for credential validation
CN1859096B (en) * 2005-10-22 2011-04-13 华为技术有限公司 Safety verifying system and method
JP2007241371A (en) * 2006-03-06 2007-09-20 Konica Minolta Business Technologies Inc Authentication system
KR100826873B1 (en) * 2006-09-07 2008-05-06 한국전자통신연구원 Method and Apparatus for Biometrics
US8401244B2 (en) * 2007-12-21 2013-03-19 General Instrument Corporation Method and system for securely authenticating user identity information
CN102460473B (en) 2009-06-24 2013-12-25 皇家飞利浦电子股份有限公司 Robust biometric feature extraction with and without reference point
US9137246B2 (en) 2012-04-09 2015-09-15 Brivas Llc Systems, methods and apparatus for multivariate authentication
US9152869B2 (en) * 2013-02-26 2015-10-06 Qtech Systems Inc. Biometric authentication systems and methods
US9590966B2 (en) 2013-03-15 2017-03-07 Intel Corporation Reducing authentication confidence over time based on user history
US9137247B2 (en) 2013-03-15 2015-09-15 Intel Corporation Technologies for secure storage and use of biometric authentication information
WO2014142947A1 (en) 2013-03-15 2014-09-18 Intel Corporation Continuous authentication confidence module
GB2517777B (en) * 2013-08-30 2015-08-05 Cylon Global Technology Inc Data encryption and smartcard storing encrypted data
US9686274B2 (en) * 2013-10-11 2017-06-20 Microsoft Technology Licensing, Llc Informed implicit enrollment and identification
JP2016085381A (en) * 2014-10-27 2016-05-19 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Encryption method, encryption device and encryption system
CN104361494A (en) * 2014-11-24 2015-02-18 成都卫士通信息产业股份有限公司 Bank counter authorization and certification method and system based on fingerprint recognition
KR101645862B1 (en) * 2015-03-16 2016-08-05 주식회사 시큐센 Method, electronic document management device and computer-readable recording media for managing electronic document signed by electronic signature based on the biological information
US9730001B2 (en) 2015-03-30 2017-08-08 Vmware, Inc. Proximity based authentication using bluetooth
US9853971B2 (en) * 2015-03-30 2017-12-26 Vmware, Inc. Proximity based authentication using bluetooth
CN106203240A (en) * 2015-05-07 2016-12-07 神盾股份有限公司 Fingerprinting method and electronic installation
JP6573193B2 (en) * 2015-07-03 2019-09-11 パナソニックIpマネジメント株式会社 Determination device, determination method, and determination program
CN106549919B (en) * 2015-09-21 2021-01-22 创新先进技术有限公司 Information registration and authentication method and device
KR102460069B1 (en) * 2015-09-30 2022-10-28 삼성전자주식회사 Security certification apparatus using biometric information and security certification method
US9935947B1 (en) * 2015-12-18 2018-04-03 EMC IP Holding Company LLC Secure and reliable protection and matching of biometric templates across multiple devices using secret sharing
SE1650416A1 (en) 2016-03-31 2017-10-01 Fingerprint Cards Ab Secure storage of fingerprint related elements
US20190311100A1 (en) * 2016-06-15 2019-10-10 Unbound Tech Ltd. System and methods for securing security processes with biometric data
KR102397812B1 (en) 2016-08-23 2022-05-13 비자 인터네셔널 서비스 어소시에이션 Remote use of locally stored biometric authentication data
US10327139B2 (en) 2016-10-06 2019-06-18 Bank Of America Corporation Multi-level authentication using phone application level data
US10452826B2 (en) * 2016-11-10 2019-10-22 EyeVerify Inc. Verified and private portable identity
US11036969B1 (en) * 2017-02-08 2021-06-15 Robert Kocher Group identification device
KR102317598B1 (en) 2017-10-11 2021-10-26 삼성전자주식회사 Server, method for controlling the server and terminal apparatus
US10521662B2 (en) 2018-01-12 2019-12-31 Microsoft Technology Licensing, Llc Unguided passive biometric enrollment
WO2019144948A1 (en) 2018-01-27 2019-08-01 Redrock Biometrics Inc Decentralized biometric authentication platform
US20200412541A1 (en) * 2018-01-27 2020-12-31 Redrock Biometrics Inc Authentication ledger interactions for decentralized biometric authentication
US20210037009A1 (en) * 2018-01-27 2021-02-04 Redrock Biometrics Inc Biometric data sub-sampling during decentralized biometric authentication
US11223478B2 (en) 2018-04-04 2022-01-11 Sri International Biometric authentication with template privacy and non-interactive re-enrollment
US10719594B2 (en) 2018-04-04 2020-07-21 Sri International Secure re-enrollment of biometric templates using distributed secure computation and secret sharing
US11023569B2 (en) 2018-05-29 2021-06-01 Sri International Secure re-enrollment of biometric templates using functional encryption
CN112334897A (en) * 2018-06-19 2021-02-05 指纹卡有限公司 Method and electronic equipment for authenticating user
US11042620B2 (en) * 2019-03-05 2021-06-22 King Abdulaziz University Securing electronic documents with fingerprint/biometric data
US11303452B2 (en) * 2019-04-03 2022-04-12 Keychainx Ag Biometric digital signature generation for identity verification
EP4116849A1 (en) * 2021-07-07 2023-01-11 iCognize GmbH Computer implemented method for managing a data set comprising security-relevant information

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001039134A2 (en) * 1999-11-25 2001-05-31 Infineon Technologies Ag Security system comprising a biometric sensor
US20020196963A1 (en) * 2001-02-23 2002-12-26 Biometric Security Card, Inc. Biometric identification system using a magnetic stripe and associated methods
WO2003002013A1 (en) * 2001-06-29 2003-01-09 Precise Biometrics Ab Method and device for positioning a finger, when verifying a person's identity.
US20030218534A1 (en) * 2002-05-21 2003-11-27 Lacous Mira K. Systems and methods for secure biometric authentication

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5280527A (en) 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
JPH10271104A (en) * 1997-03-24 1998-10-09 Hitachi Inf Syst Ltd Ciphering method and decipherinc method
US6185316B1 (en) * 1997-11-12 2001-02-06 Unisys Corporation Self-authentication apparatus and method
JP3112076B2 (en) * 1998-05-21 2000-11-27 豊 保倉 User authentication system
US20020056043A1 (en) * 1999-01-18 2002-05-09 Sensar, Inc. Method and apparatus for securely transmitting and authenticating biometric data over a network
US6546122B1 (en) * 1999-07-29 2003-04-08 Veridicom, Inc. Method for combining fingerprint templates representing various sensed areas of a fingerprint to derive one fingerprint template representing the fingerprint
JP3596595B2 (en) * 1999-08-25 2004-12-02 沖電気工業株式会社 Personal authentication system
KR100620628B1 (en) * 2000-12-30 2006-09-13 주식회사 비즈모델라인 System for recognizing and verifying the Iris by using wireless telecommunication devices
JP3860721B2 (en) * 2001-01-12 2006-12-20 日本電信電話株式会社 Authentication system
JP4164732B2 (en) * 2001-03-07 2008-10-15 ソニー株式会社 Fingerprint verification system, fingerprint verification device, fingerprint verification method, and biometric verification device
JP2002351843A (en) * 2001-05-28 2002-12-06 Hitachi Ltd Template re-registration method, identity authentication method, its implementation system, and its processing system
JP3957130B2 (en) * 2001-05-30 2007-08-15 日本電信電話株式会社 User authentication method, user authentication system, verification device, storage device, and electronic data record carrier
WO2003003295A1 (en) * 2001-06-28 2003-01-09 Trek 2000 International Ltd. A portable device having biometrics-based authentication capabilities
GB2381916B (en) * 2001-11-08 2005-03-23 Ncr Int Inc Biometrics template
DE10207056A1 (en) * 2002-02-20 2003-09-04 Giesecke & Devrient Gmbh Procedure for proving a person's authorization to use a portable data carrier
JP4106926B2 (en) * 2002-02-22 2008-06-25 沖電気工業株式会社 Authentication system and authentication information registration device
JP2003308302A (en) * 2002-04-15 2003-10-31 Dainippon Printing Co Ltd Biometrics system
US7543156B2 (en) * 2002-06-25 2009-06-02 Resilent, Llc Transaction authentication card
US8930276B2 (en) * 2002-08-20 2015-01-06 Fusionarc, Inc. Method of multiple algorithm processing of biometric data
US7406601B2 (en) * 2003-05-23 2008-07-29 Activecard Ireland, Ltd. Secure messaging for security token
US7474769B1 (en) * 2004-09-14 2009-01-06 Unisys Corporation Bioindex mechanism for increasing the relative speed of biometric identification against large population samples

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001039134A2 (en) * 1999-11-25 2001-05-31 Infineon Technologies Ag Security system comprising a biometric sensor
US20020196963A1 (en) * 2001-02-23 2002-12-26 Biometric Security Card, Inc. Biometric identification system using a magnetic stripe and associated methods
WO2003002013A1 (en) * 2001-06-29 2003-01-09 Precise Biometrics Ab Method and device for positioning a finger, when verifying a person's identity.
US20030218534A1 (en) * 2002-05-21 2003-11-27 Lacous Mira K. Systems and methods for secure biometric authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1697907A1 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8151111B2 (en) 2006-05-10 2012-04-03 Hitachi-Omron Terminal Solutions, Corp. Processing device constituting an authentication system, authentication system, and the operation method thereof
EP1855227A2 (en) * 2006-05-10 2007-11-14 Hitachi-Omron Terminal Solutions, Corp. Processing device constituting an authentication system, authentication system, and the operation method thereof
EP1855227A3 (en) * 2006-05-10 2010-03-03 Hitachi-Omron Terminal Solutions, Corp. Processing device constituting an authentication system, authentication system, and the operation method thereof
JP2008065388A (en) * 2006-09-04 2008-03-21 Toppan Printing Co Ltd Biological information authentication device, biological information authentication system, and biological information authentication method
KR100972218B1 (en) 2006-09-12 2010-07-26 후지쯔 가부시끼가이샤 Biometrics authentication method and biometrics authentication device
KR101148304B1 (en) * 2006-09-20 2012-05-21 후지쯔 가부시끼가이샤 Information processor, starting method, and computer readable storage medium storing starting program of information processor
US8443201B2 (en) * 2006-10-04 2013-05-14 Hitachi, Ltd. Biometric authentication system, enrollment terminal, authentication terminal and authentication server
WO2009146315A1 (en) * 2008-05-27 2009-12-03 Newport Scientific Research, Llc Split template biometric verification system
KR100996466B1 (en) 2008-10-09 2010-11-25 조선대학교산학협력단 Apparatus For Storage Of Fingerprint Data Using Secret Distribution Technique, System For Authentication Of Fingerprint Data Using Secret Distribution Technique, And Method For Authentication Of Fingerprint Data Using Secret Distribution Technique
WO2011113478A1 (en) 2010-03-16 2011-09-22 Carlo Trugenberger Authentication system, method for authenticating an object, apparatus for producing an identication device, method for producing an identification device
US9268990B2 (en) 2010-03-16 2016-02-23 Carlo Trugenberger Apparatus and method for producing an identification device
CN103838994A (en) * 2012-02-29 2014-06-04 汪风珍 Internal storage lock
CN103971094A (en) * 2014-04-27 2014-08-06 汪风珍 Biological code lock
EP3321846A1 (en) * 2016-11-15 2018-05-16 Mastercard International Incorporated Systems and methods for secure biometric sample raw data storage
WO2018093496A1 (en) * 2016-11-15 2018-05-24 Mastercard International Incorporated Systems and methods for secure biometric sample raw data storage
EP3447988A1 (en) 2017-08-24 2019-02-27 DURA Operating, LLC Method for authorizing a driver to activate at least one system of a vehicle, based on a biometric authentication process

Also Published As

Publication number Publication date
US8135180B2 (en) 2012-03-13
JP2007522540A (en) 2007-08-09
EP1697907A1 (en) 2006-09-06
JP5470344B2 (en) 2014-04-16
US20080019573A1 (en) 2008-01-24
JP4869944B2 (en) 2012-02-08
KR101226651B1 (en) 2013-01-25
KR20060127080A (en) 2006-12-11
JP2012044670A (en) 2012-03-01

Similar Documents

Publication Publication Date Title
US8135180B2 (en) User authentication method based on the utilization of biometric identification techniques and related architecture
US10681025B2 (en) Systems and methods for securely managing biometric data
US7840034B2 (en) Method, system and program for authenticating a user by biometric information
US7024562B1 (en) Method for carrying out secure digital signature and a system therefor
US5602918A (en) Application level security system and method
US9384338B2 (en) Architectures for privacy protection of biometric templates
US20110126024A1 (en) Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
US20040117636A1 (en) System, method and apparatus for secure two-tier backup and retrieval of authentication information
US20140337635A1 (en) Biometric verification with improved privacy and network performance in client-server networks
JPWO2007094165A1 (en) Identification system and program, and identification method
CN111466097A (en) Server-assisted privacy preserving biometric comparison
JP2006209697A (en) Individual authentication system, and authentication device and individual authentication method used for the individual authentication system
EP2579221A1 (en) Template delivery type cancelable biometric authentication system and method therefor
CN111541713A (en) Identity authentication method and device based on block chain and user signature
JP2008167107A (en) Challenge response authentication method using public key infrastructure
JP2003044436A (en) Authentication processing method, information processor, and computer program
JP2002297551A (en) Identification system
Khalid et al. Cloud server security using bio-cryptography
KR20040082674A (en) System and Method for Authenticating a Living Body Doubly
KR100546775B1 (en) Method for issuing a note of authentication and identification of MOC user using human features
Chakraborty et al. Generation and verification of digital signature with two factor authentication
Wang et al. A new fingerprint authentication scheme based on secret-splitting for cloud computing security
CN114124422B (en) Key management method and device
JPH1188322A (en) Digital signature generation method
Salaiwarakul et al. Analysis of a biometric authentication protocol for signature creation application

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REEP Request for entry into the european phase

Ref document number: 2004803743

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2004803743

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2006545982

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 1020067014907

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2004803743

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020067014907

Country of ref document: KR

ENP Entry into the national phase

Ref document number: PI0418089

Country of ref document: BR

WWE Wipo information: entry into national phase

Ref document number: 10584506

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 10584506

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 10584506

Country of ref document: US