WO2016135437A2 - Dispositif d'authentification biométrique - Google Patents

Dispositif d'authentification biométrique Download PDF

Info

Publication number
WO2016135437A2
WO2016135437A2 PCT/GB2016/000044 GB2016000044W WO2016135437A2 WO 2016135437 A2 WO2016135437 A2 WO 2016135437A2 GB 2016000044 W GB2016000044 W GB 2016000044W WO 2016135437 A2 WO2016135437 A2 WO 2016135437A2
Authority
WO
WIPO (PCT)
Prior art keywords
signal
user
authentication
accessory
biometric
Prior art date
Application number
PCT/GB2016/000044
Other languages
English (en)
Other versions
WO2016135437A3 (fr
Inventor
Alan Foreman
Adrien CONDON
Original Assignee
B-Secur Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB1503415.0A external-priority patent/GB2535999A/en
Priority claimed from GB1522526.1A external-priority patent/GB2545669B/en
Application filed by B-Secur Limited filed Critical B-Secur Limited
Publication of WO2016135437A2 publication Critical patent/WO2016135437A2/fr
Publication of WO2016135437A3 publication Critical patent/WO2016135437A3/fr

Links

Classifications

    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/117Identification of persons
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/24Detecting, measuring or recording bioelectric or biomagnetic signals of the body or parts thereof
    • A61B5/316Modalities, i.e. specific diagnostic methods
    • A61B5/318Heart-related electrical modalities, e.g. electrocardiography [ECG]
    • A61B5/346Analysis of electrocardiograms
    • A61B5/349Detecting specific parameters of the electrocardiograph cycle
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/10Current supply arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B2560/00Constructional details of operational features of apparatus; Accessories for medical measuring apparatus
    • A61B2560/02Operational features
    • A61B2560/0204Operational features of power management
    • A61B2560/0214Operational features of power management of power generation or supply
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/15Biometric patterns based on physiological signals, e.g. heartbeat, blood flow
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • This invention relates to an authentication and/or identification accessory for a mobile telephone or device and to equipment comprising a mobile telephone or other device or apparatus and a biometric unlocking accessory for the mobile telephone or other device or apparatus. It also relates to smart cards and biometric security. Background
  • Physiological characteristics that have been used as biometrics include fingerprints, face, hand and finger geometry, iris and retina geometry, vein patterns and DNA make-up.
  • Behavioural characteristics that have been used as biometrics include handwriting, voice and gait properties, and keystroke dynamics.
  • Biometric measurements such as fingerprints and DNA
  • Biometric measurements such as hand geometry, iris/retinal geometry and voice properties
  • access control systems for identification of individuals to allow, for example, access to buildings and equipment such as computers.
  • Fingerprints are used to unlock mobile telephones in various mobile devices such as the Apple iPhone 5s and the Samsung Galaxy S5 models.
  • Bio-potential waveforms for example in the form of electrocardiograms (ECGs) are generated by the electrical activity of an individual's heart. Such waveforms have been used for some time in the assessment and management of an individual's health.
  • ECGs electrocardiograms
  • the details of bio-potential waveforms vary from individual to individual, according to, for example, variations in heart morphology, orientation, ion paths, blockages etc. It has been recognised that bio-potential waveforms therefore offer potential as a biometric for providing information concerning the identity of an individual.
  • EP2115663A1 assigned to Intelesens Ltd. describes a method of determining the identity of an individual by measuring unique characteristics of a bio-potential waveform generated by the individuals heart.
  • the generated waveform generally contains 5 points, points PQRST, which correspond to the various peaks and troughs of the waveform. Points PQRST are then used to calculate a waveform parameter, the waveform parameter is then compared to a previously acquired waveform parameter. This comparison generates a score which can be used to determine information concerning the identity of the individual.
  • a personal identity verification (PIV) card is a United States Federal smart card that contains the necessary data for the cardholder to be granted to Federal facilities and information systems and assure appropriate levels of security for all applicable Federal applications.
  • Proximity card technologies referred to as near field communication (NFC) provide radio communication over short distances, such as a few centimetres.
  • Radio-frequency identification (RFID) is an example of such technology.
  • RFID refers to wireless use of electromagnetic fields to transfer data, for the purposes of automatically identifying tags containing electronically stored information. The tags can be powered by electromagnetic induction from magnetic fields produced near the reader.
  • NFC has come to be used to refer to a short-range wireless connectivity standard (Ecma-340, ISO/I EC 18092) that uses magnetic field induction to enable communication between devices when they are touched together, or brought within a few centimetres of each other and to a specific set of protocols that enable two electronic devices, one of which is usually a portable device such as a smartphone, to establish radio data communication with each other by bringing them closer than, typically, 0-10 cm from each other.
  • proximity card technologies employ electromagnetic induction between two loop antennae when devices— for example a 'smartphone' and a 'smart poster'— exchange information. They typically operate within the globally available unlicensed radio frequency ISM band of 13.56 MHz on ISO/I EC 18000-3 air interface at rates ranging from 106 to 424 kbit/s.
  • Bio-potential waveforms for example in the form of electrocardiograms (ECGs) are generated by the electrical activity of an individual's heart. Such waveforms have been used for some time in the assessment and management of an individual's health. The details of bio-potential waveforms vary from individual to individual, according to, for example, variations in heart morphology, orientation, ion paths, blockages etc.
  • bio-potential waveforms therefore offer potential as a biometric for providing information concerning the identity of an individual, but heretofore measurement of ECGs has been cumbersome, inconvenient and an impractical way to conduct biometric authentication, requiring specialised equipment.
  • a method of enrolling an authentication device comprising: coupling (preferably wirelessly) a host device and an authentication device such that the authentication device receives power (preferably wirelessly) from the host device; presenting, to at least one sensor on the authentication device, a skin surface from which an electrocardiograph, ECG, measurement can be taken; and receiving and storing an ECG measurement stored in the authentication device.
  • electrocardiogram is sometimes used to refer to a longer version of an “electrocardiograph”, but the two are uses synonymously in the following description.
  • a short (e.g. 1-2 or 1-8 second duration) electrocardiograph may be sufficient whereas, for enrolment purposes, a longer (e.g. 20-60 second) electrocardiogram is preferred.
  • a personal identity verification device such as a smart card
  • wireless communication means e.g. NFC with or without BluetoothTM or RFID with or without BluetoothTM
  • at least one sensor preferably first and second sensors
  • processing means connected to the wireless communication means and the or each sensor(s) to receive power from the wireless communication means, optionally apply a signal to the sensor(s) and read, from the sensor(s), a user electrocardiograph, ECG, signal, authenticate the user using the ECG signal and convey the authentication by the near field communication means.
  • authentication apparatus comprising a user device and a personal identity verification card, each having a wireless communicator (e.g. e.g. near field or RFID with or without BluetoothTM) for communicating with the other, the user device having means for activating the card via the wireless communicators and wirelessly supplying power to the card, and the card having a sensor or sensors for receiving a user electrocardiograph, ECG, signal when activated.
  • the apparatus further comprises means for: comparing the ECG signal received against an ECG stored on the card; making an authentication decision based on the comparison; and sending a secure signal to the user device to indicate a successful authentication to the user device.
  • a method of authentication comprising: coupling (preferably wirelessly) a first device and a second device (such as a personal identity verification card) such that the second device receives power (preferably wirelessly) from the first device; presenting, to at least one sensor on the second device, a skin surface from which an electrocardiograph, ECG, measurement can be taken; comparing the ECG measurement with a stored ECG measurement stored in the second device; and sending an authentication signal to the first device in the event of a positive comparison.
  • the comparing takes place in the second device (e.g. in the personal identity verification card).
  • an authentication signal is sent from the first device to a server upon receipt of the authentication signal from the second device.
  • a smart card comprising: a processor with electrical contacts mounted on a face of the card; first and second sensors mounted on the card (e.g. on the same face as the electrical contacts), at an end opposite to that of the processor, on either side of a centreline, the sensors being connected to the processor.
  • the processor has means for reading a user electrocardiograph, ECG, signal from the sensors, comparing the ECG signal received against an ECG stored on the card; authenticating the user using the ECG signal and conveying the authentication to a host device.
  • the card if it is used as a contact card, it can be inserted into a slot and the contacts at one end can communicate with a host in the usual manner of a contact smart card, while the sensors/electrodes at the other end can protrude from the slot and receive an EGC signal.
  • a smart card comprising: a processor with electrical contacts mounted on a face of the card, the contacts being connected to the processor.
  • the card In a contact mode, the card can be inserted in a slot and the electrical contacts connect the processor to a host in the usual manner of a contact smart card.
  • the contacts serve a different purpose, and the processor has means for reading a user electrocardiograph, ECG, signal from the contacts, comparing the ECG signal received against an ECG stored on the card; authenticating the user using the ECG signal and conveying the authentication to a host device.
  • a biometric authentication and/or identification device for a mobile telephone or other device or apparatus comprising; a biometric sensor, a wireless transmitter and a controller.
  • the controller is adapted to receive a biometric signal from a user via the biometric sensor, identify (or authenticate) the user from the signal, generate a signal in response thereto and send the signal wirelessly through the transmitter to the mobile telephone or other device or apparatus to at least partially unlock a function on the mobile device.
  • the signal is preferably encrypted by an encryption module in the accessory before sending to the mobile telephone or other device or apparatus.
  • the controller may be preprogrammed with a key that is selected to match a key in the mobile telephone or other device or apparatus to be unlocked.
  • the biometric sensor is preferably a bio-potential waveform sensor, for example comprising at least a pair of electrodes mounted on the accessory. They may be mounted on opposing sides of the accessory.
  • the device is preferably a cover that partially surrounds or accessory device that otherwise attaches to a mobile device (e.g. by a lanyard or by peel-off adhesive).
  • equipment or a kit of parts
  • a biometric authentication device for the mobile device.
  • the authentication device comprises: an electronic circuit adapted to receive a biometric signal from a user and to generate a signal in response thereto and send it wirelessly to the mobile device; and the mobile device comprises: application software that permits a user to authenticate user biometric data from the accessory, and a short-range wireless transmitter for sending an authentication signal to the accessory.
  • the application software is preferably adapted to permit a user to specify a function in the mobile telephone or other device or apparatus that will operate only on unlocking using the code.
  • the function may be the opening of a folder or other area of memory or may be another application or may be at the level of the operating system such that all data and user applications require unlocking using the code.
  • the controller may be pre-programmed with a key that is selected to match a key in the mobile telephone or other device or apparatus to be unlocked.
  • a method of authenticating a user and unlocking a mobile telephone or other device or apparatus comprises: receiving, at an authentication device, a biometric signal from the user; generating a signal in response to receipt of the biometric signal; sending the signal wirelessly to the mobile telephone or other device or apparatus; and authenticating the user based on the received generated signal and a corresponding previously stored signal.
  • Fig. 1 shows a stereoscopic view of a biometric authentication device in accordance with an embodiment of the invention and a mobile telephone or other mobile device.
  • Fig. 2 shows a reverse stereoscopic view of the device of Fig. 1 and an associated card, paper or packaging that may accompany the device.
  • Fig. 3 is a block diagram illustrating components of the circuit board of the biometric authentication device of Figs 1 and 2.
  • Fig. 4 is a block diagram illustrating components of the mobile device.
  • Fig. 5 is a timing diagram illustrating initialisation steps between the two devices of Fig. 1.
  • Fig. 6 is a timing diagram showing subsequent steps for unlocking an application in the mobile device.
  • Fig. 7 is a block diagram illustrating processes within the mobile device.
  • Fig. 8 is a perspective view of a smart card or other personal identification device in accordance with an aspect of the invention.
  • Fig. 9 is a circuit diagram of an embodiment, showing a user device and smart card.
  • Fig. 10 is a flow diagram showing the operation of the devices of Fig. 9.
  • Fig. 11 is a diagram showing communications between a smart card or other personal identification device, a user device and a server.
  • Fig. 12 is a flow diagram showing the enrolment of a smart card or other device.
  • Fig. 1 shows a stereoscopic view of a biometric authentication device 100 and a mobile device 110 which, in this example, is a mobile phone 110.
  • the biometric authentication device may be a generic accessory for a range of devices and phones. In one embodiment it is designed to form a cover for the phone 110 and preferably be a matching cover.
  • the authentication device 100 includes a circuit board 101, an access point 103 for the circuit board, two battery compartments 102a and 102b, an opening 104 for a camera or any other functioning component of the phone and a retaining lip 105.
  • the circuit board 101 contains the electronic components used in the biometric authentication device 100.
  • the door 103 serves to protect the circuitry of the circuit board 101.
  • Electrodes 203a and 203b are coupled to the circuit board 101.
  • the cover is designed to partially surround a corresponding mobile phone 110. It is made of elastomeric material that fits over the phone in an interference fit. It preferably has a lip 105 to prevent the phone slipping out of the cover. In the case of an Apple i-Phone (trade mark) or the like, the lip surrounds the screen of the phone.
  • the opening 104 allows a camera (not shown) of the phone to be used whilst the cover is attached to the phone.
  • the device is a cover that surrounds the back of the phone and all four sides, but it may fit to the phone in other ways, for example surrounding only three sides or as a pocket surrounding front, back and three sides, perhaps with a window for the screen and/or buttons of the phone.
  • Fig. 2 shows a reverse stereoscopic view of the biometric authentication device 200 and a separate device ID 201 that may be supplied with the device, in the packaging or as a removable label.
  • the device ID 201 includes an encryption key 202.
  • the encryption key 202 may be used to encrypt data being sent from the device to the mobile device as described below.
  • Fig. 3 is a block diagram illustrating components of the circuit board 101 in the biometric authentication device.
  • the biometric authentication device includes a memory unit 301, a controller 302, batteries or other power source 303, an encryption component 304, a wireless transmitter/receiver 305 and a biometric sensor 306.
  • Fig. 4 is a block diagram illustrating components of the mobile telephone or other device or apparatus 401.
  • the mobile telephone or other device or apparatus includes a memory unit 402, a processor 403, a power source 404, a Bluetooth or similar wireless transmitter/receiver 406, a cellular network transmitter/receiver 408, an encryption component 405, a decryption component 407 and a touch screen display 409.
  • Fig. 5 is a timeline illustrating initialisation (enrolment) steps between the device 100 and the mobile telephone or other device or apparatus 401.
  • application software an "application” specific to the biometric authentication device is downloaded to the mobile device or other device or apparatus 401. Alternatively, it may be pre-loaded in the mobile telephone or other device at the factory.
  • the application is launched. (The application may be launched some time after it has been downloaded as represented by dotted line.)
  • the device 100 is switched on.
  • the device 100 may be switched on by placing fingers or thumbs on the electrodes 203a and 203b as described in European patent EP 1 706 852 Bl. Alternatively, the device 100 may be switched on upon placing a power source 301 into the device, or by a switch (not shown) located on the device, or by some other means.
  • the device and phone (or other device) are paired to one another.
  • the pairing may be achieved via Bluetooth as in known in the art.
  • the Bluetooth or other pairing signal is sent and received wirelessly via the wireless transmitter/receiver 406 of the phone (or other device) and the wireless transmitter/receiver 305 of the device 100.
  • the device and the phone share encryption information.
  • the application 501 prompts the user to enter a code or key.
  • the key may be an encryption key 202 that is unique to the device 100.
  • the device may provide a key to the phone (or other device or apparatus) prompting the application on the phone (or other device) to request that the user enters a code known only to the user, which permits the phone or other device 401 and device 100 to undergo authentication in a challenge-response manner.
  • the phone or other device prompts the user for biometric data.
  • the biometric data may be an electrocardiogram (ECG) signal as described in EP2115663A1.
  • ECG electrocardiogram
  • the device 100 receives the biometric data from the user via the pair of electrodes 203a, 203b on the device 100. The user place fingers (or thumbs) of the left and right hands on these electrodes and the controller 302 generates the biometric data.
  • the biometric signal may be a fingerprint scanned by a scanner on the device 100, a retinal scan from a camera on the device or some other biometric signal.
  • a biometric signature is generated based on the biometric data.
  • the encryption component in the device 100 encrypts the biometric signature to create an encrypted digital signature, based on the previously shared encryption information.
  • the encrypted digital signature is sent to the phone or other device 401.
  • the encrypted digital signature is sent by Bluetooth or some other means via the wireless transmitter/receiver of the device 305 and received via the wireless transmitter/receiver 406 of the phone or other device 401.
  • the decryption component 407 of the phone or other device or apparatus decrypts the encrypted digital signature. This converts the encrypted digital signature back to the digital signature, which is based on the biometric data.
  • the digital signature is stored on the phone or other device or apparatus.
  • step 513 the application on the phone or other device 401 may cause a prompt to be displayed to prompt another user for biometric data. If another user is needed, the application goes back to step 506 and the subsequent steps are repeated for another user. Should no other user be needed, the application moves to step 514, the application is closed and in step 515, the device 100 is set to sleep mode. Sleep mode puts the device 100 into a low power listening mode in which only the receiver circuitry of the device 100 is supplied with power, and only on an intermittent basis whereby it can be woken up by a Bluetooth signal sent by the mobile or other device application. Alternatively, the device 100 may be switched off until woken up by some other means.
  • Fig. 6 is a timing diagram showing steps between the device 100 and the mobile phone or other device or apparatus for unlocking an application using the biometric authentication device 100.
  • step 601 the application is launched on the phone or other device.
  • step 602 a Bluetooth activation signal is sent to the device 100.
  • step 603 the device 100 is switched on.
  • step 604 the phone or other device or apparatus prompts the user for biometric data.
  • the biometric data is an electrocardiograph (ECG) signal, but in other examples, it may be a scanned fingerprint or some other biometric signal.
  • ECG electrocardiograph
  • step 605 the device 100 receives biometric data from the user via the pair of electrodes 203a, 203b on the device 100. The user places fingers (or thumbs) on the electrodes and the controller generates the biometric data as before.
  • step 606 a biometric signature is generated based on the biometric data.
  • step 607 the encryption component in the device 100 encrypts the biometric signature to create an encrypted digital signature based on the previously shared encryption information.
  • step 608 the encrypted digital signature is sent to the phone or other device or apparatus by Bluetooth or other means via the wireless transmitter/receiver 406 of the device 100 and is received via the wireless transmitter/receiver of the mobile phone or other device 305.
  • step 609 the decryption component 407 of the phone or other device decrypts the encrypted digital signature. This converts the encrypted digital signature back to the digital signature, which is based on the biometric data.
  • the mobile phone or other device or apparatus matches the biometric signature with the stored biometric signature(s).
  • step 511 is skipped and the phone or other device or apparatus 401 instead stores the encrypted version of the digital signature. Consequently, the phone or other device or apparatus matches the encrypted digital signature, sent by the device 100, with a stored encrypted digital signature.
  • the device 100 sends the digital signature to the phone or other device or apparatus 401 before it has been encrypted.
  • the phone or other device or apparatus 401 then stores the digital signature, in an unencrypted form.
  • the stored digital signature is later used to match with an unencrypted digital signature, sent by the device 100. If there is a positive match, the application is unlocked 611 in a manner described below. If there is a no match the phone returns to step 604 and the subsequent steps may be repeated. A limited number of repetitions may be permitted (e.g. five or ten). There may be increasing delays between each repetition. If, after the limit is reached, there is no match, the application is locked and some alternative method may be required to unlock it.
  • Fig. 7 is a block diagram illustrating operations between the application 701 and the memory of the phone or other device or apparatus.
  • a user may access an encrypted memory space, for example a folder.
  • user A may access memory 704 and user B may access memory 705.
  • User A may store data in memory 704; data may be encrypted by encryption component 405 before being stored.
  • User B may store data in memory 705; data may be encrypted by encryption component 405 before being stored.
  • User A may access data from memory 704; the stored data may be decrypted by decryption component 407 before being displayed to the user.
  • User B may access data from memory 705; the stored data may be decrypted by decryption component 407 before being displayed to the user.
  • biometric authentication device and the “cover” may be used synonymously throughout this description.
  • a smart card or other personal identity verification device 800 is illustrated in Fig. 8 comprising a top side 802, a bottom side 803, a centreline 801, a processor 804, with contacts 808 on top thereof, sensors 805, 806, electrical contacts 808 and conductive tracks 809, 810.
  • the electrical components and conductive tracks are attached on the top or bottom side of the device 800, or embedded within it.
  • An inductive loop (and/or a bipole or monopole) antenna 815 is provided, on the top or bottom side of the card or encapsulated within the card (by lamination or otherwise), generally central, but preferably centred towards the processor end of the card, away from the sensors 805, 806.
  • the smart card preferably has first and second sensors mounted on the same face of the card as the electrical contacts, at an end opposite to that of the processor, on either side of the centreline.
  • This arrangement is easy for a user to hold and present the smart card to a host (whether a contact or contactless host).
  • Fig. 9 shows the device 800 of Fig. 8 having an NFC module 918 connected to the antenna 815, an amplifier 920, sensors 805, 806, a memory module 924 and a microprocessor 926 which contains a comparison module 928 and an encryption module 930.
  • the NFC module 918 may be in accordance with the NFC specification or may be in accordance with FID technology or both may be supported, allowing either implementation.
  • One or both of these modules may be supplemented with a BluetoothTM transceiver 919.
  • the device 800 also has a power bus 927 from the NFC module 918 to the amplifier 920, memory 924 and microprocessor 926.
  • the sensors 805, 806 are connected to the amplifier and/or filter.
  • the amplifier and/or filter 920, memory 924 and encryption module 930 are connected to the comparison module 928.
  • the encryption module 930 is connected to the NFC module 918.
  • the sensors 805, 806 can be used to measure an electrocardiograph (ECG) signal.
  • ECG electrocardiograph
  • Fig. 9 also shows a user device 902 (or “host device") having a standard antenna 904 (e.g. GSM, 3G or WiFi), a standard radio 906 (similar), a memory module 908 containing an application 910, a processor 912, a touch screen or other input/output device 914, an NFC module 916 and an inductive loop (or bipole or monopole) antenna 915.
  • the antenna 904 is connected to the radio 906.
  • the radio 906, memory 908, touch screen 914 and NFC module 916 are all connected to the processor.
  • the inductive loop (or other) antenna 815 of the card 800 is coupled to the corresponding antenna 915 of the NFC module 916 when the two are in proximity.
  • the NFC module 916 may be in accordance with the NFC specification or may be in accordance with RFID technology or both (i.e. either). One or both of these modules may be supplemented with a BluetoothTM transceiver 917.
  • Fig. 9 also shows a server 950, with which the user device 902 communicates via the radio 906 and antenna 904 (and via a base station and a network, not shown).
  • Step 1000 is started when the user selects an app 910 on the user device 902 by use of the touch screen 914. This launches the app 910 on the processor 912 for the user to interface with via the touch screen 914.
  • the app 910 enables the device NFC module 916 by instructing the processor 912 to provide power to it and instruct it to commence radiating inductive power via the inductive loop antenna 915.
  • the NFC module 916 (or the BluetoothTM transceiver 917) begins a discovery process to discover any other NFC (or BluetoothTM) devices in the vicinity.
  • Step 1004 comprises the user placing the device 800 next to the user device 902 with his or her fingers on the biometric smart card sensors 805, 806.
  • the user can present the smart card to the device 902 and, when prompted to do so by instructions on the screen 914, the user can then place his or her fingers on the smart cards sensors, but once a user is familiar with the procedure, it is a very simple action to hold the card between thumbs and forefingers, with thumbs and/or fingers on the sensors, and present the card 800 to the device 902 in a single action.
  • step 1006 the user device 902 provides radiated power 932 to the smart card 800 to read the ECG signal detected by the sensors 805, 806. Power is supplied to the components of the device 800 by the power bus 927 from the NFC module 918 to the amplifier and/or filter 920, memory 924 and microprocessor 926.
  • the user device NFC module 916 then discovers the biometric smart card NFC module 918 and they pair via their inductive loop (or BluetoothTM or other) antennas 815, 916 and set up a communication channel 934.
  • the biometric device 800 is provided with power 932 by this connection.
  • the sensors 805, 806 detect the bio-potential ECG waveform by measuring the potential difference from thumb-to-thumb (or finger of one hand to finger of the other hand). This provides a path through the user's thorax and provides a good measurement across the heart. Whereas at least two sensors are preferred, for a clear ECG signal, it is possible to obtain a suitable signal from just one sensor.
  • Heartbeat detection is carried out and, if no heartbeat is detected (e.g. within a timeout period), the microprocessor 926 causes a message to be displayed on the touch screen 914 of the user device 902 to prompt the user to try again, e.g. to wipe his or her fingers or to try different fingers. When at least one heartbeat has been detected, the process proceeds to step 1008.
  • Multiple waveforms can be obtained from the user during a single biometric authentication process. Obtaining multiple waveforms increases accuracy and reduces the risk of a spurious read, which itself could lead to a false negative or false positive when authenticating the user.
  • the bio-potential waveform is monitored and the authentication process is carried out by the comparison module 928.
  • the comparison module 928 compares the bio-potential waveform recorded by the sensors 805, 806 with the reference bio-potential waveform of the user stored within the memory 924 of the smart card 800.
  • the authentication process preferably comprises (a) windowing, where a pre-processed ECG signal is subjected to segmentation into non-overlapping windows, (b) normalized autocorrelation computation for every window and (c) dimensionality reduction (e.g. by Discrete Cosine Transform or Linear Discriminant Analysis). Details of these steps can be found in "ECG Based Recognition Using Second Order Statistics", F. Agrafioti and D. Hatzinakos, Communication Networks and Services Research Conference, pp. 82-87, 2008. An authentication decision is taken based on comparison of the ECG signal and a pre-stored ECG signal.
  • the encryption module 930 encrypts a signal showing authentication success and sends the encrypted signal 934 to the device app 910 via the NFC communication channel 934.
  • Step 310 is carried out by allowing the app 910 to complete the process for which it needed verification.
  • a signal indicting authentication failure is sent to the device app 910.
  • the app 910 then prompts the processor 912 to display a 'not authorised' message on the touch screen 914 indicating there has been a mismatch between the recorded ECG signal and the pre-stored ECG signal.
  • Step 1010 is not carried out in this case as the app 910 has not received the verification needed to complete the process for which it needed verification.
  • Fig. 11 shows the communication process between the smart card 800, the user device 902 and a server 950.
  • the user device 902 communicates with the server 950 by use of the radio 906 and antenna 904.
  • the user device 902 communicates with the device 800 by use of the NFC modules 815, 916.
  • the user device 902 sends a message 1104 to the server describing a transaction that the user wishes to implement (e.g. "transfer $x from account A to account B" or "access building” or “open gate") for which verification will be required.
  • the server 950 sends 1106 a verification challenge.
  • the user device 902 then sends 1108 this verification challenge to the device 800 and the smart card responds 1110 by the process detailed in Fig. 10.
  • the smart card's response to the challenge is then sent 1112 back to the server 950. If the response is correct, the server 950 authorises the process for which it needed verification. If the response is incorrect, it does not.
  • the user device 902 can set up a transparent connection between the device 800 and the server 950 (i.e. a communication in which the user device 902 plays no further active part and merely passes through the challenge 1106 and the response 1110)) or the process can be one of chained authentication in which the user device and card authenticate with each other and, by virtue of the trusted authentication between the server 950 and the user device 902, the server 950 in effect trusts the card 800.
  • the challenge 1108 is not necessarily the same as the challenge 1106 (and the response 1112 is not necessarily the same as the response 1110).
  • Fig. 12 details the process for enrolling a new device 800 to store the user's ECG within the memory 924 of the smart card or other device 800.
  • Step 1200 is started when the user selects the app 910 on the user device 902 by use of the touch screen 914. This launches the app 910 on the processor 912 for the user to interface with via the touch screen 914.
  • the app 910 enables the device NFC module 916 by instructing the processor 912 to provide power to it and instruct it to commence radiating inductive power via the inductive loop antenna 915.
  • the NFC module 916 begins the discovery process to discover any other NFC devices in the vicinity.
  • Step 1204 comprises the user placing his or her thumbs or fingers on the biometric smart card sensors 805, 806 and placing the device 800 next to the user device 902.
  • the user device NFC module 916 then discovers the biometric smart card NFC module 918 and they pair via their inductive loop antennas 915, 115 and set up a communication channel 934.
  • the biometric device 800 is then provided power 932 by this connection.
  • step 1206 the user device 902 powers 932 the smart card 900 to read the ECG signal detected by the sensors 805, 806. Power is supplied to the components of the device 800 by the power bus 927 from the NFC module 918 to the amplifier 920, memory 924 and microprocessor 926.
  • the app 910 discovers that there is no ECG signal stored in the memory 924 of the device 800 and enters enrolment mode, step 1208. Note that other causes may initiate step 1208.
  • the app 910 may recognize that the card 800 is a new card or a card that is not registered with the app 910 (or more particularly, not yet registered with the server 950). This may be based on an ID of the card 800. It may or may not require a connection to the server 950. E.g. the app 910, upon being presented with a card having an ID unknown to it, may send a request to the server 950 to initiate registration. Alternatively, the app 910 may already have the ID of the card 800 stored in memory 908 so that when the card 800 presents itself, the enrolment process can begin in a convenient offline manner.
  • step 1210 the user enters an initiation code into app 910 via the touch screen 914.
  • the initiation code is specific to the individual smart card 800. It may have been sent to the user of the card upon issuing of the card.
  • step 1212 the initiation code is sent to the smart card over the communication channel 934 set up in step 1204.
  • the initiation code is verified in step 1214 by the smart card microprocessor 926 by comparing it to an initiation code stored within the memory 924. If the code is incorrect the user is prompted by a message (e.g. "code is incorrect - try again") from the app 910 displayed on the touch screen 914 of the user device 902. If the code is correct the enrolment of the device 800 begins.
  • step 1216 the device 800 reads the user ECG. This is done by the sensors 805, 806 detecting the user's bio-potential ECG waveform.
  • Heartbeat detection is carried out and, if no heartbeat is detected (e.g. within a timeout period), the microprocessor 926 causes a message to be displayed on the touch screen 914 of the user device 902 to prompt the user to try again, e.g. to wipe his or her fingers or to try different fingers.
  • the process proceeds to step 1218.
  • Multiple waveforms can be obtained from the user during a single biometric enrolment process. Obtaining multiple waveforms increases accuracy and reduces the risk of a spurious read, which itself could lead to a false negative or false positive when authenticating the user.
  • step 1218 the ECG waveform is stored within the memory 924 of the device 800 for use in verifications such as the one detailed in Fig. 10.

Abstract

Accessoire destiné à un téléphone ou dispositif mobile, et accessoire et équipement de déverrouillage biométrique associés, ainsi que carte à puce intelligente assurant la sécurité biométrique. Selon un aspect, une communication en champ proche est utilisée pour fournir de l'énergie et lire un signal d'électrocardiographe, ECG, utilisateur à partir de capteurs afin d'authentifier un utilisateur. Selon un autre aspect, l'invention concerne d'inscription. Un dispositif d'authentification est couplé (de préférence sans fil) à un dispositif hôte pour recevoir de l'énergie (de préférence sans fil) provenant du dispositif hôte. Au moins un capteur est présenté à une surface de la peau depuis lequel une mesure ECG peut être prise et stockée. D'autres aspects de l'invention concernent un dispositif d'identification et/ou d'authentification biométrique pour un téléphone, ou autre dispositif ou appareil, mobile. Le dispositif comprend un capteur biométrique, un émetteur sans fil et un dispositif de commande. Le dispositif de commande est conçu pour recevoir un signal en provenance d'un utilisateur par l'intermédiaire du capteur biométrique, identifier (ou authentifier) l'utilisateur à partir du signal, produire un signal en réponse à celui-ci et envoyer le signal sans fil par le biais de l'émetteur vers le téléphone, ou autre dispositif ou appareil, mobile pour déverrouiller au moins partiellement une fonction.
PCT/GB2016/000044 2015-02-27 2016-02-29 Dispositif d'authentification biométrique WO2016135437A2 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB1503415.0A GB2535999A (en) 2015-02-27 2015-02-27 Biometric authentication device
GB1503415.0 2015-02-27
GB1522526.1A GB2545669B (en) 2015-12-21 2015-12-21 Smartcard with biometric security and method of authentication
GB1522526.1 2015-12-21

Publications (2)

Publication Number Publication Date
WO2016135437A2 true WO2016135437A2 (fr) 2016-09-01
WO2016135437A3 WO2016135437A3 (fr) 2017-01-19

Family

ID=55640766

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2016/000044 WO2016135437A2 (fr) 2015-02-27 2016-02-29 Dispositif d'authentification biométrique

Country Status (1)

Country Link
WO (1) WO2016135437A2 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2018201939A1 (en) * 2017-03-23 2018-10-11 Idex Biometrics Asa Sensor array system selectively configurable as a fingerprint sensor or data entry device
US10775906B2 (en) 2017-12-12 2020-09-15 Idex Biometrics Asa Power source for biometric enrollment with status indicators
GB2584434A (en) * 2019-05-31 2020-12-09 Advanide Holdings Pte Ltd Enrolment device for a biometric smart card
EP3756116A4 (fr) * 2018-02-23 2021-03-31 Visa International Service Association Auto-inscription biométrique efficace
US11250307B2 (en) 2017-03-23 2022-02-15 Idex Biometrics Asa Secure, remote biometric enrollment
EP3965010A1 (fr) * 2020-09-04 2022-03-09 STMicroelectronics (Rousset) SAS Personnalisation d'une carte à microcircuit

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0704429D0 (en) * 2007-03-08 2007-04-18 Sensor Technologies & Devices Method and apparatus for determining information concerning the identity of an individual
WO2014165230A1 (fr) * 2013-03-13 2014-10-09 Lookout, Inc. Système et procédé de modification du comportement de sécurité d'un dispositif basée sur la proximité d'un autre dispositif
US8994498B2 (en) * 2013-07-25 2015-03-31 Bionym Inc. Preauthorized wearable biometric device, system and method for use thereof
CN103944615B (zh) * 2014-04-14 2016-09-14 惠州Tcl移动通信有限公司 根据心电图实现近距离解锁的方法及其系统

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10769512B2 (en) 2017-03-23 2020-09-08 Idex Biometrics Asa Device and method to facilitate enrollment of a biometric template
AU2018201939B2 (en) * 2017-03-23 2019-03-14 Idex Biometrics Asa Sensor array system selectively configurable as a fingerprint sensor or data entry device
US10248900B2 (en) 2017-03-23 2019-04-02 Idex Asa Sensor array system selectively configurable as a fingerprint sensor or data entry device
US10282651B2 (en) 2017-03-23 2019-05-07 Idex Asa Sensor array system selectively configurable as a fingerprint sensor or data entry device
US10546223B2 (en) 2017-03-23 2020-01-28 Idex Biometrics Asa Sensor array system selectively configurable as a fingerprint sensor or data entry device
AU2018201939B9 (en) * 2017-03-23 2020-07-16 Idex Biometrics Asa Sensor array system selectively configurable as a fingerprint sensor or data entry device
AU2018201939A1 (en) * 2017-03-23 2018-10-11 Idex Biometrics Asa Sensor array system selectively configurable as a fingerprint sensor or data entry device
US11250307B2 (en) 2017-03-23 2022-02-15 Idex Biometrics Asa Secure, remote biometric enrollment
US10775906B2 (en) 2017-12-12 2020-09-15 Idex Biometrics Asa Power source for biometric enrollment with status indicators
EP3756116A4 (fr) * 2018-02-23 2021-03-31 Visa International Service Association Auto-inscription biométrique efficace
GB2584434A (en) * 2019-05-31 2020-12-09 Advanide Holdings Pte Ltd Enrolment device for a biometric smart card
EP3965010A1 (fr) * 2020-09-04 2022-03-09 STMicroelectronics (Rousset) SAS Personnalisation d'une carte à microcircuit
FR3113966A1 (fr) * 2020-09-04 2022-03-11 Stmicroelectronics (Rousset) Sas Personnalisation d’une carte à microcircuit

Also Published As

Publication number Publication date
WO2016135437A3 (fr) 2017-01-19

Similar Documents

Publication Publication Date Title
US11012438B2 (en) Biometric device pairing
WO2016135437A2 (fr) Dispositif d'authentification biométrique
US10943000B2 (en) System and method for supplying security information
EP3116138B1 (fr) Procédé de mise en uvre d'un déverrouillage à courte portée d'après un électrocardiogramme, et système à cet effet
US9942760B2 (en) Wearable device and a method for storing credentials associated with an electronic device in said wearable device
US10924472B2 (en) Wearable communication devices for secured transaction and communication
US9971927B2 (en) Fingerprint sensors
AU2008299811B2 (en) Smart wallet
CN111758096A (zh) 活的用户认证设备、系统和方法
CN101213559B (zh) 通信装置和通信系统
US20150379255A1 (en) Systems and methods for granting access to a computing device using a wearable device
US9391987B2 (en) Biometric personal authentication
US20150373019A1 (en) Electrocardiogram (ecg) biometric authentication
KR101555451B1 (ko) 액세서리에 커스터마이즈 가능한, 신체를 통해 통신하기 위한 디바이스
KR101937136B1 (ko) 다중 생체 인식을 이용한 본인 인증 시스템 및 방법
US20180018452A1 (en) Non-contact identity verification device, non-contact identity verification system, and non-contact identity verification method
KR20180061819A (ko) 다중 생체 인증 장치 또는 다중 생체 인증 시스템, 그리고 이를 사용한 다중 생체 인증 방법
CN114072795A (zh) 活的用户认证设备、系统和方法以及使用其的欺诈或合谋防止
KR20180050127A (ko) M2m 통신을 이용한 웨어러블 장치의 운동량 모니터링 시스템 및 방법
KR101826300B1 (ko) 다중 생체인식을 이용한 본인 인증 웨어러블 장치 및 그 방법
CN104657649B (zh) 一种生物特征识别开机的令牌装置
GB2535999A (en) Biometric authentication device
KR20180082762A (ko) 심전도 신호를 이용한 사용자 인증장치
KR20180082763A (ko) 심전도 신호를 이용한 사용자 인증방법
GB2545669A (en) Smartcard with biometric security and method of authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16712395

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16712395

Country of ref document: EP

Kind code of ref document: A2