WO2000000882A2 - Apparatus and method for end-to-end authentication using biometric data - Google Patents

Apparatus and method for end-to-end authentication using biometric data Download PDF

Info

Publication number
WO2000000882A2
WO2000000882A2 PCT/US1999/014554 US9914554W WO0000882A2 WO 2000000882 A2 WO2000000882 A2 WO 2000000882A2 US 9914554 W US9914554 W US 9914554W WO 0000882 A2 WO0000882 A2 WO 0000882A2
Authority
WO
WIPO (PCT)
Prior art keywords
biometric
data
secure
analyzer
user
Prior art date
Application number
PCT/US1999/014554
Other languages
French (fr)
Other versions
WO2000000882A3 (en
Inventor
Stefaan A. De Schrijver
Original Assignee
Lci/Smartpen, N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lci/Smartpen, N.V. filed Critical Lci/Smartpen, N.V.
Priority to CA002335532A priority Critical patent/CA2335532A1/en
Priority to AU52064/99A priority patent/AU5206499A/en
Priority to IL14035799A priority patent/IL140357A0/en
Priority to JP2000557190A priority patent/JP2002519782A/en
Priority to EP99937183A priority patent/EP1092182A2/en
Publication of WO2000000882A2 publication Critical patent/WO2000000882A2/en
Publication of WO2000000882A3 publication Critical patent/WO2000000882A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Definitions

  • the invention relates to the field of authentication, fraud detection and prevention, security and cryptography. More particularly, the invention relates to the authentication of biometric data.
  • Electronic commerce may require several distinct security elements: Authentication, Secure Communications, Trusted Server Environments, Electronic Contracts, Protection of Intellectual Property, Digital Payment mechanisms, and Corporate Information Security (Data, Processes, Access Control)
  • Cryptography which provides the mathematical framework for secure document transmission and authentication; key registration and certification for enhancing proof of authenticity; tokens for providing safety of physical information; biometric analysis for linking verifiable physical user attributes (biometric properties) with the authentication process; and tamper-resistant devices for safe storage and processing of intrinsic physical information.
  • symmetric and asymmetric methods can be divided into symmetric and asymmetric methods, depending on the keys used to encrypt and decrypt messages.
  • Symmetric Principal Key
  • a message is understood to represent an arbitrary data string which may be represented by binary, octal, hexadecimal number, as is known in the art. Since the same key is used for both encryption and decryption, the key must always be kept secret and delivered to another party in a secure fashion.
  • anyone in possession of the symmetric decryption key can also encrypt, making it impossible to authenticate the originator.
  • Asymmetric Key (“Public/Private Key pair”) cryptography is based on two keys which are mathematically related to one another to form a complement. For example, one of the keys can be used to encrypt a data string, while the other key can be used to decrypt the data string.
  • One key called the Private Key
  • the other key called the Public Key, is not secret and may be distributed without jeopardizing security.
  • Public-Key cryptography is well known in the art.
  • Asymmetric Key arrangements can be used in two ways: for secure encryption of data strings, or to authenticate the originator of the data. However, the same key pair cannot be used simultaneously to encrypt the data strings and for authenticating the originator.
  • a hash function is a function that takes an input string and converts it to a fixed-size, often smaller output string. Since hash functions are typically many to one, they cannot be used to determine with absolute certainty if two input strings are equal; however, if two input strings hash to the same value, they two input strings are identical with an overwhelming degree of certainty. In other words, the hash values cannot be decrypted. To enhance security further, the hashed output string can be encrypted with the recipients public key, which the recipient then decrypts with his private key.
  • One-way functions have to major applications: password protection and message digesting. Examples for password protection using one-way functions can be found on modern computers to verify access authorization. Examples for message are the MD4 and MD5 algorithms, which are known in the art.
  • Another useful concept is that of a Digital Signature.
  • a Digital Signature To secure a message, one can attach to it a Digital Signature.
  • the sender of an original message produces a one-way hash of the message, i.e., the message digest, and encrypts the hash with the sender's Private Key.
  • the sender then attaches the message digest and the Private Key to the original message.
  • This attachment is called a Digital Signature.
  • the sender sends to the recipient the original message and the message digest, as well as information which allows the recipient to compute the sender's Public Key.
  • Digital Signatures can authenticate that the Private Key of the sender was indeed used with the original document and verify that the original document has not been altered.
  • the recipient has no way, based on the transmitted information alone, to verify the true identity of the sender. In other words, the recipient cannot verify that the sender and the person from which the recipient expects the message, are identical.
  • the ISO authentication framework also known as X.509 protocol.
  • the framework is certificate-based.
  • a trusted certification authority (CA) assigns a unique name to each user and issues a certification certificate containing the name and the user's public key.
  • the CA signs all certification certificates with a secret key.
  • Certification certificates may have a specified validity period.
  • the CA is still not able to guarantee that the user actually is the physical person associated with the user name.
  • DA Registration or Device Authority
  • the DA verifies the identity of the user and issues a Private Key/Public Key arrangement.
  • the person's Private Key is typically a password which the person has to remember, and/or a token that contains the Private Key.
  • the DA encrypts the information about the person, including the person's public key, using the DA's Private Key, digitally signs the encrypted information and makes the information available to
  • the signed encrypted information is called a Registration Certificate.
  • the CA distributes the Registration Certificate on a server, and certifies them as authentic based on the DA's public key which the CA has in its possession.
  • the CA's public keys are incorporated into most browsers. A person can verify another person by using the certification authority's public key. In this way the requesting person can know that the Certificate is authentic. Certificates are not limited to a single sender and a single recipient. If several people are involved in a transaction, a Certificate must be certified for each party. The plurality of Certificates must be attached to the message digest corresponding with the transaction. As mentioned above, all Certificates are deemed authentic.
  • the Certification Authority may issue an authentic Certificate based on the correct Private Key or Token of the user, although the user was not authenticated.
  • secure Private Keys may have a considerable number of characters, making them difficult to remember. An authenticated user may therefore be tempted to record the password either on paper or in a computer file as plain text, which may then be misappropriated by a potential perpetrator. Passwords may also be recorded when entered into a security station and fraudulently replayed at a later time. Tokens containing the Private Key, on the other hand, may be misappropriated or stolen.
  • the present invention combines biometric authentication, electronic signatures, digital signatures, device identification, and an apparatus for secure manufacturing with symmetric and asymmetric cryptography to enable end-to-end security of electronic transactions.
  • a secure transaction system for authenticating a user based on the user's biometric data includes a biometric analyzer device that receives the biometric data of the user and has a secure device identifier.
  • the secure transaction system authenticates the user only if both a first authentication means, which receives the biometric data, authenticates the biometric data of the user based on biometric reference data of the user, and a second authentication means authenticates an authorized use of the biometric analyzer device based on at least the secure device identifier.
  • a method for authenticating biometric data of a user includes providing a biometric analyzer device with a secure device identifier, acquiring with the biometric analyzer device biometric data of the user, and generating a sequentially increasing session ID for successive acquisitions of the biometric data.
  • the method further includes authenticating the biometric analyzer device based on at least the secure device identifier, and authenticating the biometric analyzer data based on at least the session ID and a comparison between the acquired biometric analyzer data and reference biometric data for the user.
  • the biometric data are authenticated only if both the biometric analyzer device and the biometric analyzer data are authentic.
  • a method for providing end-to- end security in a transaction using biometric data includes programming a biometric analyzer device with a secure device identifier, assigning a secure device key to the biometric analyzer device, and acquiring the biometric data with the biometric analyzer device, wherein the biometric analyzer device generates a respective sequentially increasing session ID for successive recordings of the biometric data.
  • the method further includes authenticating the biometric data based on at least the secure device identifier, the device key and the session ID, and on a comparison of a representation of the acquired biometric data with a representation of reference biometric data recorded with the same biometric analyzer device.
  • Embodiments of the invention may include one or more of the following features.
  • the biometric analyzer device may generate a unique session ID for each user session, wherein the unique session ID may be sequentially increasing from one session to the next. The user is authenticated only if the session ID of the current session is greater than the session ID of the previous session for the respective biometric analyzer device.
  • the biometric analyzer device may include a unique biometric analyzer key which is issued by a trusted device authority and stored tamper-proof in the biometric analyzer device.
  • the biometric analyzer device may be programmed by a secure programming device having a secure programming station identification key which is known to the trusted device authority.
  • the secure programming device may include a programming station identification key which may be a symmetric key provided by a trusted device authority.
  • the biometric analyzer device may also include a biometric analyzer key, wherein authentication of the biometric analyzer device depends on a comparison of the biometric analyzer with a reference key maintained by a trusted device authority.
  • the biometric data may be in the form of a message digest or hash.
  • FIG. 1 is a schematic block diagram of a system for end-to-end authentication of biometric data according to the invention
  • FIG. 2 shows the interactions between various devices and the Device Authority during manufacture and initialization of the Biometric Analyzer Device
  • FIG. 3 shows the interactions between the secure application station and the registration and certification authorities during authentication of biometric data
  • FIG. 4 is a flow diagram of the manufacturing process of a Biometric Analyzer Device according to the invention.
  • FIG. 5 is a flow diagram of the authentication process according to the invention.
  • a secure manufacturing and authentication system 5 for end-to-end authentication of biometric data includes a manufacturing station 10 at which an exemplary Biometric Analyzer Device 14, shown here in form of a pen 14, for entering a user's signature, is assembled.
  • the pen 14 may be, for example, a LCI-SMARTpenTM available in the USA from LCI-SMARTpen, Andover, MA.
  • the LCI-SMARTpenTM includes an advanced wireless computer system which is miniaturized to have the same footprint and performance as a pen.
  • the Biometric Analyzer Device may include other biometric input devices, such as a fingerprint reader 32, a voice recognition device 36, an optical face or iris scanner 34, and the like. Although the invention will be described hereinafter with respect to the pen input device 14, it will be understood by those skilled in the art that the apparatus and method of the invention are applicable to other biometric input devices as well.
  • the electronic circuit of the Biometric Analyzer Device 14 includes electronic chips for data acquisition, data processing and data output. At least one of the chips typically includes a programmable or re-programmable chip ID provided by the chip manufacturer. This chip ID is unique but not secure, because it is known by the chip manufacturer.
  • the manufacturing station 10 includes a Secure Programming Device 12 which is tamper-resistant and contains a unique Private Key, called a Programming Station Identification Key (PSIK) 13.
  • PSIK Programming Station Identification Key
  • the manufacturing station 10 may interact with the DA 20 via data lines 50, 52 and 56, which may be secure or open communication channels, in a manner known in the art.
  • the electronics in the Biometric Analyzer Device 14 are physically protected by conventional tamper-resistant electronic packaging.
  • the unique but public ID number of the programmed chip in the Biometric Analyzer Device 14 is stored in the device 14 as a Chip ID 15.
  • the Biometric Analyzer Public Key which will be discussed later, also remains with the Biometric Analyzer Device at all times. These data are unalterable and can be read only inside the Biometric Analyzer Device.
  • the secure manufacturing and authentication system 5 communicates with a Certification Authority (CA) 40 which has knowledge about the encryption keys used by the DA 20 and is responsible for issuing a certificate once the biometric data have been authenticated.
  • CA Certification Authority
  • Both the Device Authority 20 and the Certification Authority 40 maintain respective databases 22, 42 which store attributes of the Biometric Analyzer Devices 14 required for verification and authentication of the biometric data.
  • the PSIK is securely stored in the DA database 22.
  • a secure application station 30 to which the Biometric Analyzer Device 14 can be connected.
  • the secure application station 30 interacts with the DA 20 and the CA 40. Details of this interaction will be discussed in detail below.
  • the Secure Programming Device 12 of the manufacturing station 10 sends the chip ID (C-ID) 15 of the Biometric Analyzer Device 14 to a trusted third party, in this case the Device Authority (DA) 20, in the form of a message digest by hashing the chip ID
  • DA Device Authority
  • the Device Authority 20 recognizes the PSIK and generates a biometric analyzer public/private key arrangement (BAID).
  • BAID biometric analyzer public/private key arrangement
  • the Device Authority 20 encrypts the BAID using the PSIK and sends the encrypted BAID to the Secure Programming Device 12 corresponding to the PSIK, as indicated by arrow 17.
  • the Secure Programming Device 12 decrypts the received the encrypted BAID and embeds the Biometric Analyzer's private key into the Biometric Analyzer Device 14, as indicated by arrow 18.
  • the BAID public key travels with the Biometric Analyzer Device 14 to the secure application station 30 which will be described in more detail below.
  • the Device Authority 20 communicates the
  • PSIK also to the Certification Authority 40 via a secure transmission channel (not shown).
  • the Biometric Analyzer Device 14 of the secure application station 30 acquires biometric user input data.
  • the secure application station
  • the secure application station 30 transmits the hashed and signed transaction data to the Certification Authority 40 as a trusted third party, as indicated by arrow 25.
  • the Certification Authority 40 sends the BAID for verification to the Device Authority 20, as indicated by arrow 27. If the private key and the public key match the PSIK keys stored in the DA database 22, the Device Authority 20 issues a security certificate to the Certification Authority 40, as indicated by arrow 28.
  • the Device Authority 20 may also make an entry into the record in its database 22 corresponding to the PSIK.
  • the Device Authority 20 communicates the PSIK to the Certification Authority 40 via a secure communication channel.
  • the Certification Authority 40 checks the electronic signature of the Biometric Analyzer Device 14 based on records in its database 42.
  • a trusted third party has to verify the user's true identity.
  • the trusted third party may be, for example, a bank, a notary and the like, that is in possession of an authenticated private key.
  • the corresponding public key would be known to the various certification authorities.
  • the trusted third party signs the biometric data or a hash thereof which is considered by the respective certification authority receiving the biometric data as proof that the biometric data are genuine and are associated with the identified user.
  • the respective certification authority stores the user and biometric data attributes in its secure database.
  • an authentication algorithm of the Certification Authority 40 compares the received biometric data with the referenced biometric data. If these data are in agreement and if a valid security certificate was received from the Device Authority 20, then the Certification Authority 40 issues of an Authentication Certificate, as indicated by arrow 26. Issuance of the certificate may also be recorded in the CA database 42.
  • a flow diagram depicts the secure generation of device identifiers for the Biometric Analyzer Device 14.
  • the secure generation of device identifiers essentially can be separated into two parts: a process 60 for generating a secure device identifier based on the tamper-resistant Programming Station Identification Key (PSIK) 13, and a process 70 by which the Device Authority 20 that also has possession of the PSIK generates Biometric Analyzer Private/Public key pairs for the device having the respective PSIK.
  • PSIK tamper-resistant Programming Station Identification Key
  • a chip manufacturer providing electronic components for the Biometric Analyzer Device loads a unique chip ID into the Biometric Analyzer Device, step 62.
  • the Secure Programming Device reads the chip ID provided by the chip manufacturer, step 64.
  • the chip ID is unique, but not secure, because it is known by the chip manufacturer, as discussed above.
  • Secure Programming Device generates a sequence number (SN), step 66.
  • the Secure Programming Device then uses its PSIK to encrypt the chip ID and the sequence number, step 68, and sends the encrypted information to the Device Authority (DA), step 69.
  • SN sequence number
  • DA Device Authority
  • the Device Authority upon verification of the PSIK, symmetrically decrypts the encrypted information.
  • the Device Authority generates for the device associated with the PSIK a Biometric Analyzer Public/Private Key (BAID) arrangement by conventional key generation methods, such as RSA, step 72.
  • the Device Authority stores the chip ID with the Biometric Analyzer Identification Public and Private Keys (BAID) in a secure database, step 74.
  • the database is secured by conventional means known in the art.
  • the Device Authority then encrypts the BAID using the appropriate PSIK, and sends the encrypted BAID to the Secure Programming Device that corresponds with the respective PSIK, step 76.
  • the Secure Programming Device upon receipt of the encrypted BAID, decrypts the BAID with its PSIK and embeds the Biometric Analyzer Private Key into the programmable integrated circuit of the Biometric Analyzer Device currently being assembled at the manufacturing station, step 78, using a Write Once Read Many process.
  • Write Once Read Many (WORM) processes are well known in the art.
  • the Biometric Analyzer Device is now ready to record biometric data from a user.
  • a flow diagram depicts a process 80 for recordation of biometric data and a process 90 for authentication of the biometric data acquired with an authenticated Biometric Analyzer Device.
  • the Biometric Analyzer Device 14 records user biometric data, step 82, and generates a sequentially increasing Session-ID, step 84.
  • the recorded biometric data together with the BAID private key and the Session-ID are encrypted with the BAID public key, step 86, before the data leave the Biometric Analyzer Device.
  • the encrypted data are then hashed into a message digest and digitally signed, whereafter the hashed and signed data are securely transmitted to the Certification Authority (CA).
  • the Certification Authority (CA) decrypts the message digest, step 92.
  • the Certification Authority then checks if the session ID is greater than a session ID previously received for the same device, step 94. If the Session ID is greater than the last recorded session ID, the Certification Authority contacts the Device Authority which knows the BAID Public and Private keys for the respective Chip-ID. If the BAID is correct, step 98, the DA issues a security certificate to the Certification Authority, step 100. Upon receipt of the security certificate and after reviewing the biometric data and comparing the biometric data with corresponding reference biometric data contained in the CA database 42, the Certification Authority issues its own certificate, which may be time and date stamped and recorded in persistent storage by the Certification Authority, and sends the certificate to the secure application station 30, step 10. It will be understood by those skilled in the art, that instead of the biometric data themselves, a hash of these data may be compared. The biometric data can now be used to authenticate the user on-line.
  • step 94 if it is determined in step 94 that the Session-ID the same or smaller than the last session ID received, forgery or tampering with the Biometric Analyzer Device should be suspected. In this case, the Certification Authority will not issue a certificate and may even disable future use of the device, step 96.
  • Symmetric key encryption is typically significantly faster than asymmetric encryption.
  • the exemplary authentication process described above may be processed on-line in real time, with signature authentication typically being completed in approximately 1 second.
  • the biometric data may also be used off-line for verification at a later stage.

Abstract

A secure transaction system and a secure method for authenticating a user based on biometric data of the user includes a biometric analyzer device that is assembled in a secure environment and has a secure device identifier and encryption key. First authentication means receive the biometric data and authenticate the biometric data of the user based on biometric reference data from the user, while second authentication means authenticate an authorized use of the biometric analyzer device based on at least the secure device identifier. The secure transaction system authenticates the user only if both the first and second authentication means authenticate the biometric data and the authorized use of the biometric input device, respectively.

Description

APPARATUS AND METHOD FOR END-TO-END AUTHENTICATION
USING BIOMETRIC DATA
Cross-Reference to Related Applications
The present application claims the benefit of the filing date of the provisional application Serial No. 60/090,822, which has a filing date of June 26, 1998.
Background of The Invention
1. Field of the invention
The invention relates to the field of authentication, fraud detection and prevention, security and cryptography. More particularly, the invention relates to the authentication of biometric data.
2. Description of Related Art
With the emergence of Electronic Commerce, various processes have been devised for authenticating users and ensuring the privacy of electronic data transmitted and received by the users. Governments in many countries designate and accredit appropriate organizations to perform specific roles for secure data transmission, including digital signature.
Electronic commerce may require several distinct security elements: Authentication, Secure Communications, Trusted Server Environments, Electronic Contracts, Protection of Intellectual Property, Digital Payment mechanisms, and Corporate Information Security (Data, Processes, Access Control)
Technologies commonly employed to detect and react to breach of confidentiality, fraud and piracy include cryptography, which provides the mathematical framework for secure document transmission and authentication; key registration and certification for enhancing proof of authenticity; tokens for providing safety of physical information; biometric analysis for linking verifiable physical user attributes (biometric properties) with the authentication process; and tamper-resistant devices for safe storage and processing of intrinsic physical information.
By way of background, cryptographic methods can be divided into symmetric and asymmetric methods, depending on the keys used to encrypt and decrypt messages. Symmetric ("Private Key") cryptography uses the same key both for encrypting and decrypting a message. A message is understood to represent an arbitrary data string which may be represented by binary, octal, hexadecimal number, as is known in the art. Since the same key is used for both encryption and decryption, the key must always be kept secret and delivered to another party in a secure fashion. Anyone in possession of the symmetric decryption key can also encrypt, making it impossible to authenticate the originator.
Asymmetric Key ("Public/Private Key pair") cryptography is based on two keys which are mathematically related to one another to form a complement. For example, one of the keys can be used to encrypt a data string, while the other key can be used to decrypt the data string. One key, called the Private Key, is kept secret. The other key, called the Public Key, is not secret and may be distributed without jeopardizing security. Public-Key cryptography is well known in the art.
Asymmetric Key arrangements can be used in two ways: for secure encryption of data strings, or to authenticate the originator of the data. However, the same key pair cannot be used simultaneously to encrypt the data strings and for authenticating the originator.
Another useful concept in cryptography are one-way functions, noticeably oneway hash functions. A hash function is a function that takes an input string and converts it to a fixed-size, often smaller output string. Since hash functions are typically many to one, they cannot be used to determine with absolute certainty if two input strings are equal; however, if two input strings hash to the same value, they two input strings are identical with an overwhelming degree of certainty. In other words, the hash values cannot be decrypted. To enhance security further, the hashed output string can be encrypted with the recipients public key, which the recipient then decrypts with his private key. One-way functions have to major applications: password protection and message digesting. Examples for password protection using one-way functions can be found on modern computers to verify access authorization. Examples for message are the MD4 and MD5 algorithms, which are known in the art.
Another useful concept is that of a Digital Signature. To secure a message, one can attach to it a Digital Signature. A person creates a message as described above. The sender of an original message produces a one-way hash of the message, i.e., the message digest, and encrypts the hash with the sender's Private Key. The sender then attaches the message digest and the Private Key to the original message. This attachment is called a Digital Signature. The sender sends to the recipient the original message and the message digest, as well as information which allows the recipient to compute the sender's Public Key. Digital Signatures can authenticate that the Private Key of the sender was indeed used with the original document and verify that the original document has not been altered.
Without additional safeguarding, however, the recipient has no way, based on the transmitted information alone, to verify the true identity of the sender. In other words, the recipient cannot verify that the sender and the person from which the recipient expects the message, are identical.
To remedy these shortcomings, the ISO authentication framework, also known as X.509 protocol, was established. The framework is certificate-based. A trusted certification authority (CA) assigns a unique name to each user and issues a certification certificate containing the name and the user's public key. The CA signs all certification certificates with a secret key. Certification certificates may have a specified validity period. However, unless the user is personally known to the CA, the CA is still not able to guarantee that the user actually is the physical person associated with the user name.
Such guarantee is provided by a Registration or Device Authority (DA). The DA verifies the identity of the user and issues a Private Key/Public Key arrangement. The person's Private Key is typically a password which the person has to remember, and/or a token that contains the Private Key. The DA encrypts the information about the person, including the person's public key, using the DA's Private Key, digitally signs the encrypted information and makes the information available to
CA's for storage on a key server. The signed encrypted information is called a Registration Certificate.
The CA distributes the Registration Certificate on a server, and certifies them as authentic based on the DA's public key which the CA has in its possession. The CA's public keys are incorporated into most browsers. A person can verify another person by using the certification authority's public key. In this way the requesting person can know that the Certificate is authentic. Certificates are not limited to a single sender and a single recipient. If several people are involved in a transaction, a Certificate must be certified for each party. The plurality of Certificates must be attached to the message digest corresponding with the transaction. As mentioned above, all Certificates are deemed authentic.
However, the Certification Authority may issue an authentic Certificate based on the correct Private Key or Token of the user, although the user was not authenticated.
For example, secure Private Keys may have a considerable number of characters, making them difficult to remember. An authenticated user may therefore be tempted to record the password either on paper or in a computer file as plain text, which may then be misappropriated by a potential perpetrator. Passwords may also be recorded when entered into a security station and fraudulently replayed at a later time. Tokens containing the Private Key, on the other hand, may be misappropriated or stolen.
It is therefore desirable to uniquely establish a secure link between a person and the Private Key being used by that person in such a way that the Private Key can only be used by that person. It is further desirable to establish a Private Key for a person which is unique and does not have to be recorded or memorized Summary of the Invention
In general, the present invention combines biometric authentication, electronic signatures, digital signatures, device identification, and an apparatus for secure manufacturing with symmetric and asymmetric cryptography to enable end-to-end security of electronic transactions.
According to one aspect of the invention, a secure transaction system for authenticating a user based on the user's biometric data includes a biometric analyzer device that receives the biometric data of the user and has a secure device identifier. The secure transaction system authenticates the user only if both a first authentication means, which receives the biometric data, authenticates the biometric data of the user based on biometric reference data of the user, and a second authentication means authenticates an authorized use of the biometric analyzer device based on at least the secure device identifier.
According to another aspect of the invention, a method for authenticating biometric data of a user includes providing a biometric analyzer device with a secure device identifier, acquiring with the biometric analyzer device biometric data of the user, and generating a sequentially increasing session ID for successive acquisitions of the biometric data. The method further includes authenticating the biometric analyzer device based on at least the secure device identifier, and authenticating the biometric analyzer data based on at least the session ID and a comparison between the acquired biometric analyzer data and reference biometric data for the user. The biometric data are authenticated only if both the biometric analyzer device and the biometric analyzer data are authentic.
According to yet another aspect of the invention, a method for providing end-to- end security in a transaction using biometric data includes programming a biometric analyzer device with a secure device identifier, assigning a secure device key to the biometric analyzer device, and acquiring the biometric data with the biometric analyzer device, wherein the biometric analyzer device generates a respective sequentially increasing session ID for successive recordings of the biometric data. The method further includes authenticating the biometric data based on at least the secure device identifier, the device key and the session ID, and on a comparison of a representation of the acquired biometric data with a representation of reference biometric data recorded with the same biometric analyzer device.
Embodiments of the invention may include one or more of the following features. The biometric analyzer device may generate a unique session ID for each user session, wherein the unique session ID may be sequentially increasing from one session to the next. The user is authenticated only if the session ID of the current session is greater than the session ID of the previous session for the respective biometric analyzer device. The biometric analyzer device may include a unique biometric analyzer key which is issued by a trusted device authority and stored tamper-proof in the biometric analyzer device. The biometric analyzer device may be programmed by a secure programming device having a secure programming station identification key which is known to the trusted device authority. The secure programming device may include a programming station identification key which may be a symmetric key provided by a trusted device authority. As a further security measure, the biometric analyzer device may also include a biometric analyzer key, wherein authentication of the biometric analyzer device depends on a comparison of the biometric analyzer with a reference key maintained by a trusted device authority. The biometric data may be in the form of a message digest or hash.
Further features and advantages of the present invention will be apparent from the following description of preferred embodiments and from the claims.
Brief description of the Drawings
FIG. 1 is a schematic block diagram of a system for end-to-end authentication of biometric data according to the invention,
FIG. 2 shows the interactions between various devices and the Device Authority during manufacture and initialization of the Biometric Analyzer Device, FIG. 3 shows the interactions between the secure application station and the registration and certification authorities during authentication of biometric data,
FIG. 4 is a flow diagram of the manufacturing process of a Biometric Analyzer Device according to the invention, and
FIG. 5 is a flow diagram of the authentication process according to the invention.
Description of Preferred Embodiments Referring now to FIG. 1, a secure manufacturing and authentication system 5 for end-to-end authentication of biometric data includes a manufacturing station 10 at which an exemplary Biometric Analyzer Device 14, shown here in form of a pen 14, for entering a user's signature, is assembled. The pen 14 may be, for example, a LCI-SMARTpen™ available in the USA from LCI-SMARTpen, Andover, MA. The LCI-SMARTpen™ includes an advanced wireless computer system which is miniaturized to have the same footprint and performance as a pen.
Instead of or in addition to the pen 14, the Biometric Analyzer Device may include other biometric input devices, such as a fingerprint reader 32, a voice recognition device 36, an optical face or iris scanner 34, and the like. Although the invention will be described hereinafter with respect to the pen input device 14, it will be understood by those skilled in the art that the apparatus and method of the invention are applicable to other biometric input devices as well. The electronic circuit of the Biometric Analyzer Device 14 includes electronic chips for data acquisition, data processing and data output. At least one of the chips typically includes a programmable or re-programmable chip ID provided by the chip manufacturer. This chip ID is unique but not secure, because it is known by the chip manufacturer. To improve the security of the stored identification numbers, the manufacturing station 10 includes a Secure Programming Device 12 which is tamper-resistant and contains a unique Private Key, called a Programming Station Identification Key (PSIK) 13. The Secure Programming
Device 12 with the PSIK 13 is installed by a trusted third party, such as a Device Authority (DA) 20. Details of the interactions between the Secure Programming Device 12, the Biometric Analyzer Device 14 and the DA 20 will be discussed in more detail below. The manufacturing station 10 may interact with the DA 20 via data lines 50, 52 and 56, which may be secure or open communication channels, in a manner known in the art.
The electronics in the Biometric Analyzer Device 14 are physically protected by conventional tamper-resistant electronic packaging. The unique but public ID number of the programmed chip in the Biometric Analyzer Device 14 is stored in the device 14 as a Chip ID 15. The Biometric Analyzer Public Key, which will be discussed later, also remains with the Biometric Analyzer Device at all times. These data are unalterable and can be read only inside the Biometric Analyzer Device.
The secure manufacturing and authentication system 5 communicates with a Certification Authority (CA) 40 which has knowledge about the encryption keys used by the DA 20 and is responsible for issuing a certificate once the biometric data have been authenticated. Both the Device Authority 20 and the Certification Authority 40 maintain respective databases 22, 42 which store attributes of the Biometric Analyzer Devices 14 required for verification and authentication of the biometric data. For example, the PSIK is securely stored in the DA database 22.
Another part of the secure manufacturing and authentication system 5 for providing end-to-end security is a secure application station 30 to which the Biometric Analyzer Device 14 can be connected. For the purpose of authentication, the secure application station 30 interacts with the DA 20 and the CA 40. Details of this interaction will be discussed in detail below.
Referring now to FIG. 2, during manufacture of the Biometric Analyzer Device 14, the Secure Programming Device 12 of the manufacturing station 10 sends the chip ID (C-ID) 15 of the Biometric Analyzer Device 14 to a trusted third party, in this case the Device Authority (DA) 20, in the form of a message digest by hashing the chip ID
15 with the Programming Station Identification Key (PSIK) 13, as indicated by arrow 16. The Device Authority 20 recognizes the PSIK and generates a biometric analyzer public/private key arrangement (BAID). The Device Authority 20 stores the chip ID 15 and the BAID in its database 22 corresponding to the PSIK.
The Device Authority 20 encrypts the BAID using the PSIK and sends the encrypted BAID to the Secure Programming Device 12 corresponding to the PSIK, as indicated by arrow 17. The Secure Programming Device 12 decrypts the received the encrypted BAID and embeds the Biometric Analyzer's private key into the Biometric Analyzer Device 14, as indicated by arrow 18. The BAID public key travels with the Biometric Analyzer Device 14 to the secure application station 30 which will be described in more detail below. In addition, the Device Authority 20 communicates the
PSIK also to the Certification Authority 40 via a secure transmission channel (not shown).
Referring now to FIG. 3, the Biometric Analyzer Device 14 of the secure application station 30 acquires biometric user input data. The secure application station
30 generates a biometric message digest (hash) of a transaction including an electronic signature of the Biometric Analyzer Device. The secure application station 30 transmits the hashed and signed transaction data to the Certification Authority 40 as a trusted third party, as indicated by arrow 25. The Certification Authority 40 sends the BAID for verification to the Device Authority 20, as indicated by arrow 27. If the private key and the public key match the PSIK keys stored in the DA database 22, the Device Authority 20 issues a security certificate to the Certification Authority 40, as indicated by arrow 28. The Device Authority 20 may also make an entry into the record in its database 22 corresponding to the PSIK. As mentioned above, the Device Authority 20 communicates the PSIK to the Certification Authority 40 via a secure communication channel. The Certification Authority 40 checks the electronic signature of the Biometric Analyzer Device 14 based on records in its database 42.
One of two situations can occur: If this is the first time the user enters biometric data into the Biometric Analyzer Device 14, a trusted third party has to verify the user's true identity. The trusted third party may be, for example, a bank, a notary and the like, that is in possession of an authenticated private key. The corresponding public key would be known to the various certification authorities. The trusted third party signs the biometric data or a hash thereof which is considered by the respective certification authority receiving the biometric data as proof that the biometric data are genuine and are associated with the identified user. The respective certification authority stores the user and biometric data attributes in its secure database.
If, on the other hand, the user's biometric data are already referenced in the respective Certification Authority's database, an authentication algorithm of the Certification Authority 40 compares the received biometric data with the referenced biometric data. If these data are in agreement and if a valid security certificate was received from the Device Authority 20, then the Certification Authority 40 issues of an Authentication Certificate, as indicated by arrow 26. Issuance of the certificate may also be recorded in the CA database 42.
Referring now to FIG. 4, a flow diagram depicts the secure generation of device identifiers for the Biometric Analyzer Device 14. The secure generation of device identifiers essentially can be separated into two parts: a process 60 for generating a secure device identifier based on the tamper-resistant Programming Station Identification Key (PSIK) 13, and a process 70 by which the Device Authority 20 that also has possession of the PSIK generates Biometric Analyzer Private/Public key pairs for the device having the respective PSIK. In process 60, a chip manufacturer providing electronic components for the Biometric Analyzer Device loads a unique chip ID into the Biometric Analyzer Device, step 62. The Secure Programming Device reads the chip ID provided by the chip manufacturer, step 64. The chip ID is unique, but not secure, because it is known by the chip manufacturer, as discussed above. Next, the
Secure Programming Device generates a sequence number (SN), step 66. The Secure Programming Device then uses its PSIK to encrypt the chip ID and the sequence number, step 68, and sends the encrypted information to the Device Authority (DA), step 69.
In process 70, the Device Authority, upon verification of the PSIK, symmetrically decrypts the encrypted information. The Device Authority generates for the device associated with the PSIK a Biometric Analyzer Public/Private Key (BAID) arrangement by conventional key generation methods, such as RSA, step 72. The Device Authority stores the chip ID with the Biometric Analyzer Identification Public and Private Keys (BAID) in a secure database, step 74. The database is secured by conventional means known in the art. The Device Authority then encrypts the BAID using the appropriate PSIK, and sends the encrypted BAID to the Secure Programming Device that corresponds with the respective PSIK, step 76.
The Secure Programming Device, upon receipt of the encrypted BAID, decrypts the BAID with its PSIK and embeds the Biometric Analyzer Private Key into the programmable integrated circuit of the Biometric Analyzer Device currently being assembled at the manufacturing station, step 78, using a Write Once Read Many process. Write Once Read Many (WORM) processes are well known in the art. The Biometric Analyzer Device is now ready to record biometric data from a user.
Referring now to FIG. 5, a flow diagram depicts a process 80 for recordation of biometric data and a process 90 for authentication of the biometric data acquired with an authenticated Biometric Analyzer Device. In process 80, the Biometric Analyzer Device 14 records user biometric data, step 82, and generates a sequentially increasing Session-ID, step 84. The recorded biometric data together with the BAID private key and the Session-ID are encrypted with the BAID public key, step 86, before the data leave the Biometric Analyzer Device. The encrypted data are then hashed into a message digest and digitally signed, whereafter the hashed and signed data are securely transmitted to the Certification Authority (CA). The Certification Authority (CA) decrypts the message digest, step 92. The Certification Authority then checks if the session ID is greater than a session ID previously received for the same device, step 94. If the Session ID is greater than the last recorded session ID, the Certification Authority contacts the Device Authority which knows the BAID Public and Private keys for the respective Chip-ID. If the BAID is correct, step 98, the DA issues a security certificate to the Certification Authority, step 100. Upon receipt of the security certificate and after reviewing the biometric data and comparing the biometric data with corresponding reference biometric data contained in the CA database 42, the Certification Authority issues its own certificate, which may be time and date stamped and recorded in persistent storage by the Certification Authority, and sends the certificate to the secure application station 30, step 10. It will be understood by those skilled in the art, that instead of the biometric data themselves, a hash of these data may be compared. The biometric data can now be used to authenticate the user on-line.
On the other hand, if it is determined in step 94 that the Session-ID the same or smaller than the last session ID received, forgery or tampering with the Biometric Analyzer Device should be suspected. In this case, the Certification Authority will not issue a certificate and may even disable future use of the device, step 96.
It will be apparent to those skilled in the art that the use of symmetric or asymmetric key arrangements will depend on the security of the respective transmission channel. Over dedicated secure lines, data may be encrypted with a symmetric key, whereas, for example, transmission over the Internet requires asymmetric encryption.
Symmetric key encryption is typically significantly faster than asymmetric encryption.
The exemplary authentication process described above may be processed on-line in real time, with signature authentication typically being completed in approximately 1 second. Alternatively, the biometric data may also be used off-line for verification at a later stage.
While the invention has been disclosed in connection with the preferred embodiments shown and described in detail, various modifications and improvements thereon will become readily apparent to those skilled in the art. Accordingly, the spirit and scope of the present invention is to be limited only by the following claims.
We claim:

Claims

Claims:
1. A secure transaction system for authenticating a user, comprising:
a biometric analyzer device receiving biometric data of the user and having a secure device identifier;
first authentication means which receive the biometric data and authenticate the biometric data of the user based on biometric reference data of the user; and
second authentication means which authenticate an authorized use of the biometric analyzer device based on at least the secure device identifier,
wherein the secure transaction system authenticates the user if both the first and second authentication means authenticate the biometric data and the authorized use of the biometric input device, respectively.
2. The transaction system according to claim 1, wherein the biometric analyzer device generates a unique session ID for each user session.
3. The transaction system according to claim 2, wherein the unique session ID is sequentially increasing from one session to a following session.
4. The transaction system according to claim 1, wherein the biometric analyzer device further includes a unique biometric analyzer key issued by a trusted device authority.
5. The transaction system according to claim 4, wherein the biometric analyzer device is programmed by a secure programming device having a secure programming station identification key which is known to the trusted device authority.
6. The transaction system according to claim 1, wherein the biometric data received by the first authentication means are in the form of a hashed message digest.
7. The transaction system according to claim 2, wherein the first authentication means compares the current session ID of the biometric analyzer device with the session
ID of the previous session and authenticates the user only if the current session ID is greater than the session ID of the previous session.
8. The transaction system according to claim 4, wherein the second authentication means compares the unique biometric analyzer key of the biometric analyzer device with a reference key for the same device.
9. The transaction system according to claim 1, wherein the biometric reference data of the user are stored by a certification authority.
10. The transaction system according to claim 1, wherein the biometric reference data are in the form of a hashed message digest.
11. A method for authenticating biometric data of a user, comprising:
providing a biometric analyzer device with a secure device identifier,
acquiring with the biometric analyzer device biometric data of the user,
generating a sequentially increasing session ID for successive acquisitions of the biometric data,
authenticating the biometric analyzer device based on at least the secure device identifier, and authenticating the biometric analyzer data based on at least the session ID and a comparison between the acquired biometric analyzer data and reference biometric data for the user, wherein the biometric data are authenticated only if both the biometric analyzer device and the biometric analyzer data are authentic.
12. The method of claim 11 , wherein the comparison between the acquired biometric analyzer data and reference biometric data for the user includes comparing a hash of the respective biometric analyzer data and reference biometric data.
13. The method of claim 11 , wherein the secure device identifier is supplied to the biometric input device by a secure programming device.
14. The method of claim 13, wherein the secure programming device comprises a secure programming station identification key.
15. The method of claim 14, wherein the secure programming station identification key is provided to the secure programming device by a trusted device authority.
16. The method of claim 11 , wherein authenticating the biometric analyzer device further includes comparing a biometric analyzer key of the biometric analyzer device with a reference key maintained by a trusted device authority.
17. A method for providing end-to-end security in a transaction using biometric data, comprising: programming a biometric analyzer device with a secure device identifier, assigning a secure device key to the biometric analyzer device, acquiring the biometric data with the biometric analyzer device, the biometric analyzer device generating a respective sequentially increasing session ID for successive recordings of the biometric data, and authenticating the biometric data based on at least the secure device identifier, the device key and the session ID, and on a comparison of a representation of the acquired biometric data with a representation of reference biometric data recorded with the same biometric analyzer device.
18. The method of claim 17, wherein the representation of the biometric data is a hash.
19. The method of claim 17, wherein programming includes connecting said biometric analyzer device to a secure programming device capable of reading a chip identification of the biometric analyzer device, generating a sequence number and obtaining from a device authority a biometric analyzer key pair based on a programming station identification key stored in the secure programming device.
20. The method of claim 19, wherein the private key of the biometric analyzer key pair is embedded in the biometric analyzer device.
PCT/US1999/014554 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data WO2000000882A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CA002335532A CA2335532A1 (en) 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data
AU52064/99A AU5206499A (en) 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data
IL14035799A IL140357A0 (en) 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data
JP2000557190A JP2002519782A (en) 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data
EP99937183A EP1092182A2 (en) 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US9082298P 1998-06-27 1998-06-27
US60/090,822 1998-06-27

Publications (2)

Publication Number Publication Date
WO2000000882A2 true WO2000000882A2 (en) 2000-01-06
WO2000000882A3 WO2000000882A3 (en) 2000-04-13

Family

ID=22224487

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/014554 WO2000000882A2 (en) 1998-06-27 1999-06-25 Apparatus and method for end-to-end authentication using biometric data

Country Status (7)

Country Link
EP (1) EP1092182A2 (en)
JP (1) JP2002519782A (en)
CN (1) CN1322335A (en)
AU (1) AU5206499A (en)
CA (1) CA2335532A1 (en)
IL (1) IL140357A0 (en)
WO (1) WO2000000882A2 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0652774B1 (en) * 1992-07-28 1997-05-07 The Procter & Gamble Company Pharmaceutical composition for topical use containing a crosslinked cationic polymer and an alkoxylated ether
WO2001027723A1 (en) * 1999-10-08 2001-04-19 Hewlett-Packard Company Trusted computing platform with biometric authentication
WO2001075561A1 (en) * 2000-04-04 2001-10-11 Sunstein Bruce D Apparatus and method for assuring the integrity of a multi-user personal information database
WO2001099337A1 (en) * 2000-06-23 2001-12-27 France Telecom Method for secure biometric authentication/identification, biometric data input module and verification module
DE10109760A1 (en) * 2001-02-28 2002-09-05 Unipen Ag Chip reader and identification method for verifying the usage authorization of a chip user
EP1283474A1 (en) * 2000-03-23 2003-02-12 Tietech Co., Ltd Method and apparatus for personal identification
EP1777641A1 (en) * 2005-10-17 2007-04-25 Saflink Corporation Biometric authentication system
US7693279B2 (en) 2003-04-23 2010-04-06 Hewlett-Packard Development Company, L.P. Security method and apparatus using biometric data
NL1037554C2 (en) * 2009-12-15 2011-06-16 Priv Id B V System and method for verifying the identity of an individual by employing biometric data features associated with the individual as well as a computer program product for performing said method.
US8171288B2 (en) 1998-07-06 2012-05-01 Imprivata, Inc. System and method for authenticating users in a computer network

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2820533B1 (en) * 2001-02-07 2003-04-18 Sagem BIOMETRIC IDENTIFICATION OR AUTHENTICATION SYSTEM
CN1951059B (en) * 2004-05-10 2010-11-03 皇家飞利浦电子股份有限公司 Personal communication apparatus capable of recording transactions secured with biometric data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5249230A (en) * 1991-11-21 1993-09-28 Motorola, Inc. Authentication system
DE4336679A1 (en) * 1993-10-27 1995-05-04 Siemens Ag Method for authorising the entry of information into a communications and information system with the aid of an entry device
WO1996036934A1 (en) * 1995-05-17 1996-11-21 Smart Touch, L.L.C. Tokenless identification system for authorization of electronic transactions and electronic transmissions

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5249230A (en) * 1991-11-21 1993-09-28 Motorola, Inc. Authentication system
DE4336679A1 (en) * 1993-10-27 1995-05-04 Siemens Ag Method for authorising the entry of information into a communications and information system with the aid of an entry device
WO1996036934A1 (en) * 1995-05-17 1996-11-21 Smart Touch, L.L.C. Tokenless identification system for authorization of electronic transactions and electronic transmissions

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DAVIDA G I ET AL: "ON ENABLING SECURE APPLICATIONS THROUGH OFF-LINE BIOMETRIC IDENTIFICATION" IEEE SYMPOSIUM ON SECURITY AND PRIVACY,US,LOS ALAMITOS, CA: IEEE COMPUTER SOC, vol. CONF. 19, page 148-157 XP000825837 ISBN: 0-7803-4994-6 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0652774B1 (en) * 1992-07-28 1997-05-07 The Procter & Gamble Company Pharmaceutical composition for topical use containing a crosslinked cationic polymer and an alkoxylated ether
US8171288B2 (en) 1998-07-06 2012-05-01 Imprivata, Inc. System and method for authenticating users in a computer network
WO2001027723A1 (en) * 1999-10-08 2001-04-19 Hewlett-Packard Company Trusted computing platform with biometric authentication
EP1283474A4 (en) * 2000-03-23 2007-04-04 Tietech Co Ltd Method and apparatus for personal identification
US7284125B2 (en) 2000-03-23 2007-10-16 Tietech Co. Ltd. Method and apparatus for personal identification
EP1283474A1 (en) * 2000-03-23 2003-02-12 Tietech Co., Ltd Method and apparatus for personal identification
WO2001075561A1 (en) * 2000-04-04 2001-10-11 Sunstein Bruce D Apparatus and method for assuring the integrity of a multi-user personal information database
FR2810822A1 (en) * 2000-06-23 2001-12-28 France Telecom Secure biometric authentication/identification method, encrypting biometric data and communicating to verification module
US7194632B2 (en) 2000-06-23 2007-03-20 France Telecom Method for secure biometric authentication/identification, biometric data input module and verification module
WO2001099337A1 (en) * 2000-06-23 2001-12-27 France Telecom Method for secure biometric authentication/identification, biometric data input module and verification module
DE10109760A1 (en) * 2001-02-28 2002-09-05 Unipen Ag Chip reader and identification method for verifying the usage authorization of a chip user
US7693279B2 (en) 2003-04-23 2010-04-06 Hewlett-Packard Development Company, L.P. Security method and apparatus using biometric data
EP1777641A1 (en) * 2005-10-17 2007-04-25 Saflink Corporation Biometric authentication system
NL1037554C2 (en) * 2009-12-15 2011-06-16 Priv Id B V System and method for verifying the identity of an individual by employing biometric data features associated with the individual as well as a computer program product for performing said method.
WO2011074955A1 (en) * 2009-12-15 2011-06-23 Priv-Id B.V. System and method for verifying the identity of an individual by employing biometric data features associated with the individual as well as a computer program product for performing said method
US9160522B2 (en) 2009-12-15 2015-10-13 Genkey Netherlands B.V. System and method for verifying the identity of an individual by employing biometric data features associated with the individual

Also Published As

Publication number Publication date
WO2000000882A3 (en) 2000-04-13
JP2002519782A (en) 2002-07-02
CN1322335A (en) 2001-11-14
EP1092182A2 (en) 2001-04-18
AU5206499A (en) 2000-01-17
IL140357A0 (en) 2002-02-10
CA2335532A1 (en) 2000-01-06

Similar Documents

Publication Publication Date Title
US6189096B1 (en) User authentification using a virtual private key
US9716698B2 (en) Methods for secure enrollment and backup of personal identity credentials into electronic devices
US6085320A (en) Client/server protocol for proving authenticity
US7178027B2 (en) System and method for securely copying a cryptographic key
US6148404A (en) Authentication system using authentication information valid one-time
US7421079B2 (en) Method and apparatus for secure key replacement
AU2004288540B2 (en) Portable security transaction protocol
US20020176583A1 (en) Method and token for registering users of a public-key infrastructure and registration system
US20030101348A1 (en) Method and system for determining confidence in a digital transaction
US20040059924A1 (en) Biometric private key infrastructure
US7366904B2 (en) Method for modifying validity of a certificate using biometric information in public key infrastructure-based authentication system
WO1999024895A1 (en) Tamper resistant method and apparatus
US6215872B1 (en) Method for creating communities of trust in a secure communication system
TWM623435U (en) System for verifying client identity and transaction services using multiple security levels
JP2001249901A (en) Authentication device, method therefor and storage medium
JPH10135943A (en) Portable information storage medium, verification method and verification system
EP1092182A2 (en) Apparatus and method for end-to-end authentication using biometric data
EP1263164B1 (en) Method and token for registering users of a public-key infrastuture and registration system
US20020184501A1 (en) Method and system for establishing secure data transmission in a data communications network notably using an optical media key encrypted environment (omkee)
CN111541708B (en) Identity authentication method based on power distribution
CA2283178C (en) Method for generating asymmetrical cryptographic keys by the user
KR100649858B1 (en) System and method for issuing and authenticating of payphone smart card
EP1267516B1 (en) Method for securing data relating to users of a public-key infrastructure
TWI828001B (en) System for using multiple security levels to verify customer identity and transaction services and method thereof
WO2023199619A1 (en) Remote signature system and anti-tamper device

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 99807954.5

Country of ref document: CN

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 140357

Country of ref document: IL

ENP Entry into the national phase

Ref document number: 2335532

Country of ref document: CA

ENP Entry into the national phase

Ref document number: 2000 557190

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1999937183

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1999937183

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 1999937183

Country of ref document: EP