WO2006061435A2 - Procede et dispositif perfectionnes de ratification de donnees probatoires presentant un degré de ressemblance non necessairement binaire avec une donnee de reference - Google Patents
Procede et dispositif perfectionnes de ratification de donnees probatoires presentant un degré de ressemblance non necessairement binaire avec une donnee de reference Download PDFInfo
- Publication number
- WO2006061435A2 WO2006061435A2 PCT/EP2005/056662 EP2005056662W WO2006061435A2 WO 2006061435 A2 WO2006061435 A2 WO 2006061435A2 EP 2005056662 W EP2005056662 W EP 2005056662W WO 2006061435 A2 WO2006061435 A2 WO 2006061435A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- request
- data
- evaluation
- comptn
- counter
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
Definitions
- the invention relates, in general, authentication techniques such as those that are for example implemented to reserve to authorized persons access to premises, materials, or private or specific services, and therefore to prohibit this access to persons who are not qualified to be entitled to it.
- the invention relates, in a first aspect, to a method of ratification of probative data making it possible to selectively grant a right to an applicant in return for the provision, in a request invoking a reference datum, of a Probationary data presenting with this reference datum a resemblance evaluated as being greater than a predetermined minimum threshold, this method comprising, for each request, an acquisition operation of the probationary data supplied for this request, an evaluation operation, a step including a storage operation and an updating operation, and a sanctioning operation, the evaluation operation of producing an evaluation result depending on the similarity between the probationary data and the data of the judgment.
- the storage operation consisting, for each reference datum, storing in a non-volatile memory a summary of the evaluation results produced for successively provided probative data for previous requests that invoked this reference datum, the updating operation consisting, for each reference datum, to be updated this balance sheet, each new request invoking this reference datum, by making this balance sheet evolve in response to at least the appearance of an insufficient resemblance between the evidential data provided for this request and the reference datum, and the sanctioning operation of validating or invalidate each request according to the evaluation result obtained for this request and of said balance sheet.
- a method of this type is for example known to those skilled in the art by the patent EP 0 481 882.
- the probative data used to secure any transaction for example a right of access, always necessarily have a minimum complexity without which the discrimination between authorized persons and others would be ineffective. If for example a transaction is secured by a numeric code, it is crucial to provide that this code has more than one digit, otherwise an unauthorized person composing a random number will have a one in ten chance of being considered a authorized person. However, regardless of the length of the allowed numeric code, whether or not the code composed by a person requesting a secure transaction exactly matches the code of an authorized person can still be answered in all or nothing.
- the answer to this question can only be expressed in nuanced terms when the probative data used presents a continuum of possible configurations, as is the case, for example, with a fingerprint or, more generally, with a fingerprint. biometric authentication data.
- the current known methods of allocating rights or privileges bypass this difficulty by defining a threshold for accepting the evaluation result, and allocating the required rights or privileges to each request on the sole condition that the evaluation result for this request exceeds the acceptance threshold set a priori.
- the invention which is based on the identification of potential flaws of such an approach, aims to propose a method of ratification of probative data having a higher degree of security than the known methods.
- the method of the invention which moreover complies with the generic definition given in the preamble above, is essentially characterized in that the evaluation operation provides, as an evaluation result, a strictly positive degree of resemblance and strictly less than 100% in case of resemblance and only partial dissimilarity between the probative data provided during a request and the reference data, in that the logging step is implemented for each request even if this request is validated, and in that the operation for each request invoking a reference datum, invalidating this request for a given cumulation, reflected by the updated balance sheet, of insufficient degree of resemblance of the probative data successively provided in previous requests that invoked this reference data and during the current request.
- the evaluation operation provides, at each request, an evaluation result expressed as a percentage. It is then possible to provide that the storage operation consists in storing in the non-volatile memory, for each reference datum, a credibility counter permanently containing a current value representative of said balance sheet and initially constituted by a maximum credit allocated to the customer. set of requests invoking this reference data, the update operation consists, for each request, of subtracting from the current value contained in this counter before this request the complement to 100% of the evaluation result obtained by the evaluation operation performed for this request, and that the sanctioning operation is implemented by invalidating the request as soon as the current value contained in the counter is at most equal to said predetermined minimum threshold, for example equal to zero.
- the logging step can be divided into two phases, the first of which is implemented upstream of the evaluation operation and consists of subtracting 100 from the current value contained in the credibility counter. before the current request, and the second is implemented between the evaluation and sanctioning operations and consists in updating the current value contained in the credibility counter by adding to it the evaluation result obtained for the request In progress.
- the evaluation operation can be implemented by rounding up to 100% any evaluation result representing a degree of resemblance greater than a predefined threshold.
- the current value of the credibility counter can be reset to the value of the initial maximum credit when the evaluation result obtained during a query represents a degree of resemblance greater than a predefined threshold.
- the updating operation is for example implemented, with each request, by copying in a random access memory the current value contained in the credibility counter before this request, by updating this value according to the evaluation result. obtained for this request, and storing in the non-volatile memory the new value of the credibility counter instead of the previous one.
- the evaluation operation and the updating operation are advantageously both implemented in the volatile memory of the same device, this device being typically constituted by a smart card or by a terminal designed for communicate with such a smart card.
- the non-volatile memory in which the credibility counter is stored preferably belongs to the device in which the reference data is also stored, this device being here advantageously constituted by the smart card.
- the reference data is attached to an individual authorized to make a request, that is, to a legitimate applicant.
- the reference data includes an identification reference data, such as a secret code, and a personal reference datum, such as a biometric or behavioral datum, and if the probative data provided to each request includes itself proof of identification and personal evidence, then the same credibility counter can be used for identification evidence and personal evidence.
- an identification reference data such as a secret code
- a personal reference datum such as a biometric or behavioral datum
- the method of the invention is particularly advantageous in the case where the probative data are biometric data, or in the case where the evidential data are obtained by a behavioral analysis.
- the invention relates to a device for ratification of probative data for the implementation of a method as previously described, this method comprising means for acquiring a probationary data for each request, means for evaluating the similarity between the probationary data and the reference datum invoked during this request, means of recording including at least one non-volatile memory and a volatile memory, and means of sanctioning, this method being characterized in that the evaluation means are designed to provide, as a result of evaluation, a strictly positive degree of resemblance and strictly less than 100% in case of only partial resemblance and dissimilarity between the probative data provided in a query and the reference data, in what the means of consignment are designed to permanently store a credit or a balance sheet of evaivarion in the non-volatile memory, to systematically update this report on the basis of the evaluation result obtained for the current request and using the volatile memory, and to systematically store in the non-volatile memory, after each request, the balance sheet updated, and in that the means of sanction
- FIGS. 1 to 4 are organizational diagrams of implementation of FIG. four respective possible variants of the invention, the latter being considered in its preferred application for securing transactions, in particular by means of smart cards.
- the invention makes it possible to conditionally grant temporary personal rights or privileges to entities that require them, that is to say to applicants (humans, animals, machines, etc.). these rights or privileges being of any nature and for example constituted by rights of access to a room, a material or a service.
- each applicant must, on the occasion of each request for a transaction that he formulates to obtain them, provide a presumptive data that is supposed to conform to a reference datum serving as a model and at least to establish, by comparison, if that claimant is presumed to have the status of trustee, that is, to be legitimately entitled to receive those rights or privileges.
- a probationary data and "a reference datum” must here be understood with a collective meaning, each of which may in fact consist of a multitude of pieces of information.
- the petitioner must, at each petition, provide one of his fingerprints, let him take an image of his iris, or provide a copy of his signature in the case of a human petitioner.
- the method of the invention is applicable to any type of evidential data, it is particularly advantageous in the case where these data are of a biometric nature, or else in the case where they are obtained by a behavioral analysis.
- the method implements an acquisition operation. noted ACQ which allows to acquire, by means of any appropriate sensor, a D_PROBn evidence provided by this applicant in support of his request.
- the method of the invention also comprises an evaluation operation rated EVAL and consisting in delivering an evaluation result denoted RSLTn%. and representative of the degree of resemblance, relative to the reference datum, of the D_PROBn data provided for this request.
- the method of the invention furthermore comprises, for example between the EVAL evaluation operations and SANCT sanctioning, a step noted CONSIGN, and which will be called "logging".
- the process ends, for each request, by a sanctioning operation SANCT which consists, depending in particular on the RSLTn% evaluation result, to validate the request, that is to say to accept the transaction by granting the applicant the rights or privileges it seeks, or to invalidate the request, that is to say to defeat the transaction by refusing to allocate these rights or privileges.
- SANCT which consists, depending in particular on the RSLTn% evaluation result, to validate the request, that is to say to accept the transaction by granting the applicant the rights or privileges it seeks, or to invalidate the request, that is to say to defeat the transaction by refusing to allocate these rights or privileges.
- the CONSIGN step which is implemented in a systematic way, that is to say, as well when the SANCT sanctioning operation results in a validation of the request that when it ends with an invalidation of this request , includes a storage operation and an update operation.
- the storage operation consists, for each reference datum, of keeping in a non-volatile memory a balance sheet COMPTn of the non-binary evaluation results produced for successively provided probative data during the various previous requests which have already invoked this reference datum, that is to say during requests 1 to "n", during which the applicant provided D_PROB1 with D_PROB1, respectively.
- the EVAL evaluation operation provides, for example, for each request "n", an evaluation result RSLTn% expressed as a percentage
- the storage operation consists in keeping, for each reference datum, a credibility counter in a non-volatile memory which, in the preferred application of the invention, belongs to a smart card.
- This credibility counter permanently contains a current value which constitutes the balance sheet COMPTn and which is initially constituted by a maximum credit CRED0 allocated to all of its future requests which will invoke this reference data.
- the update operation of the logging step CONSIGN updates the balance sheet constituted by the current value COMPTn-I of the counter before the request.
- this balance sheet evolves in response to the appearance of a relatively low degree of resemblance of the probationary data, provided during this request, compared to the reference data.
- this update may for example consist, for each request "n", of subtracting from the current value COMPTn-I, contained in the counter before this request, the value (100-RSLTn%), that is the 100% complement of the RSLTn% evaluation result obtained by the EVAL evaluation operation performed for this "n" request.
- This update operation is typically implemented, at each request, by copying in a random access memory the current value COMPTn-I contained in the counter of credibility before this request, updating this value according to the evaluation result obtained for this request, and storing in the non-volatile memory the new value COMPTn of the credibility counter in place of the previous COMPTn-I.
- Sanction operation SANCT can then easily be implemented by invalidating the request for a given cumulation, reflected by the COMPTn balance sheet, of insufficient degree of resemblance of the probative data successively provided during previous, not necessarily consecutive, requests invoked. the reference data concerned.
- the EVAL evaluation operation and the update operation are advantageously both implemented in the volatile memory of the same device, this device being typically constituted by a smart card or by a terminal designed to communicate with such a smart card.
- the non-volatile memory in which the credibility counter is stored preferably belongs to the device in which the reference data is also stored, this device being here advantageously constituted by the smart card.
- FIG. 4 represents an alternative embodiment of the invention as illustrated in FIG. 1, this variant making it possible to eliminate the risk that a fraudster could unduly use the information he would obtain by scrutinizing the operation of the device. EVAL operation and interrupting the process before the Sanction SANCT operation.
- the logging step CONSIGN is split into two phases denoted CONSIGN_1 and CONSIGN_2.
- the first phase CONSIGN_1 is implemented upstream of the EVAL evaluation operation and consists in subtracting 100 of the current value COMPTn-I contained in the credibility counter before the current request.
- the second phase CONSIGN_2 which is implemented between EVAL evaluation and SANCT sanction operations, consists in updating the current value COMPTn-I as modified in phase CONSIGN_1 by adding the evaluation result RSLTn% obtained by the EVAL evaluation operation performed for the current request.
- the SANCT sanctioning operation is therefore implemented by invalidating the request as soon as the current value
- COMPTn contained in the counter is at most equal to a predetermined minimum threshold, for example equal to zero.
- the transaction may be accepted unless other conditions, imposed in addition to the COMPTn value and combined with the invention, must also be satisfied and not be satisfied.
- RSLTn% obtained by the evaluation operation EVAL during each request "n" can be used directly, without any additional processing, for the implementation of the logging step CONSIGN.
- another possibility to avoid the natural erosion of the current value COMPTn of the credibility counter may consist in returning to this current value COMPTn the value of the initial maximum credit CRED0, when the evaluation result RSLTn% obtained during a request represents a degree of resemblance greater than a predefined threshold LIM2, for example set at 90%.
- the following example illustrates the implementation of the method of the invention by detailing the evolution, during different queries invoking the same reference data, of the current value COMPTn of the credibility counter associated with this reference datum.
- the invention is implemented in its variant illustrated in FIG. 2, where the threshold at which the current value COMPTn contained in the credibility counter is compared is arbitrarily set to zero, and where the maximum credit CRED0 allocated to all requests invoking the reference data is arbitrarily set to 150. Given this latter assumption, the current value COMPTO available in the credibility counter at the beginning of the first request is therefore 150.
- the current value COMPT1 available in the credibility counter at the end of the first request is equal to 150- ( 100-7O), i.e. 120. If the RSLT2% evaluation result of the degree of resemblance of the probationary data provided in the second request is equal to 55, the current value COMPT2 available in the credibility counter at the end of this second request is equal to 120- ( 100-55), that is, 75.
- the current value COMPT3 available in the credibility counter at the end of the third query is equal to 75- (100-10O), that is 75.
- the current value of COMPT4 available in the credibility counter at the end of this fourth query is equal to 75 - (100-60), that is to say 35.
- the current value COMPT5 available in the credibility counter at the end of this fifth request is equal to 35 - (100-55), that is -10.
- the applicant can not then hope to formulate a new successful application without obtaining from a supervisory authority and assignment of rights a possible reset of its credibility counter, provided that such a reinforcement is legitimate.
- the reference data is attached to an individual authorized to submit a request.
- the reference data may include an identification reference data attached to an individual by a purely conventional link and for example constituted by a secret code, and a personal reference data attached to this individual by an intrinsic link and for example constituted by a biometric or behavioral data.
- a single credibility counter to account for the history of compliance with the identification reference data and the personal reference data. This single counter will then be used, for example, to account for the degree of resemblance, 100% or less, of the secret code presented by the applicant, as a proof of identification of this applicant, compared to the reference code, and then to give an account of the degree of resemblance, taking any value between 0 and 100%, of the fingerprint presented by this applicant, as personal evidence, in relation to the reference fingerprint.
- the method of the invention is not only applicable to securing transactions.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0413194 | 2004-12-10 | ||
FR0413194 | 2004-12-10 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006061435A2 true WO2006061435A2 (fr) | 2006-06-15 |
Family
ID=34955286
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2005/056662 WO2006061435A2 (fr) | 2004-12-10 | 2005-12-09 | Procede et dispositif perfectionnes de ratification de donnees probatoires presentant un degré de ressemblance non necessairement binaire avec une donnee de reference |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2006061435A2 (fr) |
-
2005
- 2005-12-09 WO PCT/EP2005/056662 patent/WO2006061435A2/fr not_active Application Discontinuation
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1811422B1 (fr) | Procédés de détermination d'un identifiant et de vérification biométrique et systèmes associés | |
CA2559559C (fr) | Procede de controle d'identification de personnes et systeme pour la mise en oeuvre du procede | |
EP0402210B1 (fr) | Procédé pour vérifier l'intégrité d'un logiciel ou de données, et système pour la mise en oeuvre de ce procédé | |
EP1605333B1 (fr) | Contrôle de l'exécution d'un programme | |
EP2502211A1 (fr) | Procede et systeme de controle automatique de l'authenticite d'un document d'identite. | |
EP1055203B1 (fr) | Protocole de controle d'acces entre une cle et une serrure electronique | |
FR2923047A1 (fr) | Procede de gestion des droits d'acces dans une carte a puce | |
CA2743954C (fr) | Procede d'identification ou d'autorisation, et systeme et module securise associes | |
FR2757972A1 (fr) | Procede de securisation d'un module de securite, et module de securite associe | |
FR3079333A1 (fr) | Procede d'enrolement de donnees pour controler une identite, et procede de controle d'identite | |
FR2834841A1 (fr) | Procede cryptographique de revocation a l'aide d'une carte a puce | |
WO2006061435A2 (fr) | Procede et dispositif perfectionnes de ratification de donnees probatoires presentant un degré de ressemblance non necessairement binaire avec une donnee de reference | |
FR3033205A1 (fr) | Procede de transaction sans support physique d'un identifiant de securite et sans jeton, securise par decouplage structurel des identifiants personnels et de services. | |
EP2048592B1 (fr) | Procédé d'authentification biométrique, système d'authentification, programme et terminal correspondants | |
EP0818031B1 (fr) | Carte a memoire et procede pour fiabiliser une demande d'acces a une application | |
EP1747526A2 (fr) | Procede de masquage d'une donnee numerique, telle que par exemple une empreinte biometrique | |
WO2005050419A1 (fr) | Procede de securisation d'une image d'une donnee biometrique d'authentification et procede d'authentification d'un utilisateur a partir d'une image d'une donnee biometrique d'authentification | |
EP1126419A1 (fr) | Procédé de codage d'une image détectée d'une caractéristique biométrique d'une personne, procédé d'authentification sécurisé pour une autorisation d'accès en faisant application, dispositifs de mise en oeuvre correspondants | |
EP2252978B1 (fr) | Carte a circuit integre ayant un programme d'exploitation modifiable et procede de modification correspondant | |
FR3047594A1 (fr) | ||
OA20698A (fr) | Procédé mis en œuvre par ordinateur d'établissement sécurisé d'un document de transfert de responsabilité d'un bien. | |
FR2789774A1 (fr) | Procede de comparaison securise de deux registres memoire, et module de securite mettant en oeuvre ce procede | |
FR3021435A1 (fr) | Procede de diffusion d'une donnee a partir de documents identitaires | |
FR3017732A1 (fr) | Procede d'identification et/ou d'authentification d'un individu a partir de son reseau veineux | |
BE1024547A1 (fr) | Systeme informatise de gestion de droits de propriete intellectuelle et de detection de contrefacon et de fiabilite de l’oeuvre et de l’auteur |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 05817362 Country of ref document: EP Kind code of ref document: A2 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 5817362 Country of ref document: EP |