CA2199034C - Biometric controlled key generation - Google Patents
Biometric controlled key generation Download PDFInfo
- Publication number
- CA2199034C CA2199034C CA002199034A CA2199034A CA2199034C CA 2199034 C CA2199034 C CA 2199034C CA 002199034 A CA002199034 A CA 002199034A CA 2199034 A CA2199034 A CA 2199034A CA 2199034 C CA2199034 C CA 2199034C
- Authority
- CA
- Canada
- Prior art keywords
- control system
- card
- individual
- information
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/12—Fingerprints or palmprints
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Abstract
A key generation system is implemented as follows. In an enrolment apparatus, a unique number for use with PIN operated machines or public key cryptography system is generated by manipulation of fingerprint information of a subscriber. A filter is then generated which is a function both of the Fourier transform of the subscriber's fingerprint(s) and of the unique number. This filter is stored on a subscriber card. When the subscriber wishes to generate his key, he inputs his card to a card reader of an apparatus and places his finger(s) on a fingerprint input. The apparatus generates an optical Fourier transform from the fingerprint input. The Fourier transform signal is incident on to a spatial light modulator programmed with the filter information from the card. An inverse transform is generated from the filtered signal and this is used to regenerate the key that will be used as the PIN in a PIN operated device, or as the private key in a public key cryptography system.
Description
2 1 (' 9/1 34 PCT/CA95/00509 BIOMETRIC CONTROLLED KEY GENERATION
Background of the Invention 1. Field of the Invention This invention relates to a system for generating a key under the control of a biometric, such as a fingerprint. The system has application in a public key cryptographic system and for devices requiring a personal identification number (PIN) for operation.
2. Description of the Related Art In a public key cryptosystem, a plain text message may be encrypted by inputting the message and an enciphering key to an encryption algorithm. To decipher the message, the encrypted message is input to the inverse of the same algorithm along with a deciphering key. As with many encryption techniques, the encryption algorithm effects transformations of the plain text message which are so complicated it is computationally infeasible to reverse the process even if the algorithm is known. A
peculiarity of public key systems is that it is also computationally infeasible to determine the deciphering key from the enciphering key. Consequently, in a public key cryptosystem, both the algorithm and the enciphering key may be made available to the public without jeopardising the security of a message enciphered with the enciphering key. Hence the term "public key"
for the enciphering key. The deciphering key, which is confidential, is known as a "private key". With a public key system, anyone who wishes to receive encrypted messages may make an encryption algorithm and a public key freely available. Moreover, some public key systems allow the transmission of a "digital signature" that prevents forgery of messages by a receiver as well as a third party.
By way of example, with the known "knapsack" cryptosystem, a public key is derived from a private key utilising modular arithmetic. Each element in the array (vector) forming a private key is multiplied by a large prime number, x, and divided by a second large prime number, y. The corresponding element of the public key vector is the remainder from this operation. In order to encrypt a plain text message, the message is digitized and the digital string grouped into arrays (vectors) each having the same number of elements as the number of elements in the array which comprises the public key. The encrypted message is formed from the vector dot product of the public key vector with each vector formed from the digitized plain text message.
Clearly the exemplary encryption technique and the technique for deriving a public key from a private key make it computationally infeasible to determine either the private key or the plain text message even though the algorithm, along with the encrypted text, is known. There are, however, known techniques for structuring a private key vector such that, with it, the plain text can be rapidly derived from an encrypted message. Two sample techniques in this regard are described in an article entitled "The Mathematics of Public-Key Cryptography" Scientific American August 1979, pages 146 to 157.
The problem with such public key cryptograph systems is that, in use, they require a secure, yet readily available, private key. The private key has to either be remembered, which is not practical, or stored in a secure place and retrieved.
The security of storage therefore is at best dependent on password access which itself can be compromised.
A number of devices, such as automated teller machines (ATMs) and symmetric encryption/decryption systems, require the entry of a PIN for operation. A PIN
therefore acts as a private key which permits operation of such devices.
Devices requiring a data key for operation share the same problem as identified for public key cryptographic systems: the data key must be secure and yet readily available. To mitigate this problem, PIN operated devices often utilize a short key which may be memorized by the user.
However, not all users do memorize their PIN and, in any event, use of a short PIN reduces the security of the PIN operated device.
DE 42 43 908 to Bodo discloses a system for mapping a fingerprint or other biometric to a secret key. A biometric feature is recorded in an analog device and then digitized. Points of the digitized biometric which are considered to be stable (i.e., constant over time) are chosen and a function is applied to map these points to a secret key. By choosing stable points, the mapping is done in a reproducible manner so that the same key is produced each time the system is presented with a given biometric.
US 5,095,194 to Barbanell discloses a system for verifying a user. A
hologram is recorded on a card by interfering a reference beam with a complex spatial Fourier transform of the image of a user's fingerprint. For verification, a user inputs his card and places his finger on an input window. The finger is illuminated so that a reflected light beam is impressed with characteristics of the fingerprint. The reflected light beam passes through a lens such that a Fourier transform of the fingerprint impinges on the hologram of the card. The hologram acts as a matched filter producing a correlation spot at an output plane if the input fingerprint is the same as the fingerprint which recorded the hologram.
In a second embodiment of Barbanell, it is suggested that the reference beam used in recording the hologram could be modulated with a digital sequence by placing, for example, a slide transparency in the path of the reference beam. It is postulated that, in use, such a hologram would return an image of the digital sequence if a matching fingerprint were input during verification. It is believed that those skilled in the art will appreciate such an embodiment would not be viable.
This invention seeks to overcome drawbacks of the known prior art and provide an extremely secure private key which is not even known by the user yet is readily accessible.
Summary of the Invention According to the present invention, there is provided an apparatus for interfacing with an existing personnel control system that utilizes stored data in a predetermined format for the purpose of determining whether a presented individual is authorized to have access to a controlled area, the apparatus comprising:
means for storing physical characteristic information for a plurality of individuals; means for storing for each individual, an access signal associated with the existing personnel control system; means for scanning a physical characteristic of a presented individual; means for generating a scanned physical characteristic signal for the presented individual; means for comparing the stored physical characteristics information to the scanned physical characteristic sigrial to determine if a match is found; means for outputting the access signal associated with the
Background of the Invention 1. Field of the Invention This invention relates to a system for generating a key under the control of a biometric, such as a fingerprint. The system has application in a public key cryptographic system and for devices requiring a personal identification number (PIN) for operation.
2. Description of the Related Art In a public key cryptosystem, a plain text message may be encrypted by inputting the message and an enciphering key to an encryption algorithm. To decipher the message, the encrypted message is input to the inverse of the same algorithm along with a deciphering key. As with many encryption techniques, the encryption algorithm effects transformations of the plain text message which are so complicated it is computationally infeasible to reverse the process even if the algorithm is known. A
peculiarity of public key systems is that it is also computationally infeasible to determine the deciphering key from the enciphering key. Consequently, in a public key cryptosystem, both the algorithm and the enciphering key may be made available to the public without jeopardising the security of a message enciphered with the enciphering key. Hence the term "public key"
for the enciphering key. The deciphering key, which is confidential, is known as a "private key". With a public key system, anyone who wishes to receive encrypted messages may make an encryption algorithm and a public key freely available. Moreover, some public key systems allow the transmission of a "digital signature" that prevents forgery of messages by a receiver as well as a third party.
By way of example, with the known "knapsack" cryptosystem, a public key is derived from a private key utilising modular arithmetic. Each element in the array (vector) forming a private key is multiplied by a large prime number, x, and divided by a second large prime number, y. The corresponding element of the public key vector is the remainder from this operation. In order to encrypt a plain text message, the message is digitized and the digital string grouped into arrays (vectors) each having the same number of elements as the number of elements in the array which comprises the public key. The encrypted message is formed from the vector dot product of the public key vector with each vector formed from the digitized plain text message.
Clearly the exemplary encryption technique and the technique for deriving a public key from a private key make it computationally infeasible to determine either the private key or the plain text message even though the algorithm, along with the encrypted text, is known. There are, however, known techniques for structuring a private key vector such that, with it, the plain text can be rapidly derived from an encrypted message. Two sample techniques in this regard are described in an article entitled "The Mathematics of Public-Key Cryptography" Scientific American August 1979, pages 146 to 157.
The problem with such public key cryptograph systems is that, in use, they require a secure, yet readily available, private key. The private key has to either be remembered, which is not practical, or stored in a secure place and retrieved.
The security of storage therefore is at best dependent on password access which itself can be compromised.
A number of devices, such as automated teller machines (ATMs) and symmetric encryption/decryption systems, require the entry of a PIN for operation. A PIN
therefore acts as a private key which permits operation of such devices.
Devices requiring a data key for operation share the same problem as identified for public key cryptographic systems: the data key must be secure and yet readily available. To mitigate this problem, PIN operated devices often utilize a short key which may be memorized by the user.
However, not all users do memorize their PIN and, in any event, use of a short PIN reduces the security of the PIN operated device.
DE 42 43 908 to Bodo discloses a system for mapping a fingerprint or other biometric to a secret key. A biometric feature is recorded in an analog device and then digitized. Points of the digitized biometric which are considered to be stable (i.e., constant over time) are chosen and a function is applied to map these points to a secret key. By choosing stable points, the mapping is done in a reproducible manner so that the same key is produced each time the system is presented with a given biometric.
US 5,095,194 to Barbanell discloses a system for verifying a user. A
hologram is recorded on a card by interfering a reference beam with a complex spatial Fourier transform of the image of a user's fingerprint. For verification, a user inputs his card and places his finger on an input window. The finger is illuminated so that a reflected light beam is impressed with characteristics of the fingerprint. The reflected light beam passes through a lens such that a Fourier transform of the fingerprint impinges on the hologram of the card. The hologram acts as a matched filter producing a correlation spot at an output plane if the input fingerprint is the same as the fingerprint which recorded the hologram.
In a second embodiment of Barbanell, it is suggested that the reference beam used in recording the hologram could be modulated with a digital sequence by placing, for example, a slide transparency in the path of the reference beam. It is postulated that, in use, such a hologram would return an image of the digital sequence if a matching fingerprint were input during verification. It is believed that those skilled in the art will appreciate such an embodiment would not be viable.
This invention seeks to overcome drawbacks of the known prior art and provide an extremely secure private key which is not even known by the user yet is readily accessible.
Summary of the Invention According to the present invention, there is provided an apparatus for interfacing with an existing personnel control system that utilizes stored data in a predetermined format for the purpose of determining whether a presented individual is authorized to have access to a controlled area, the apparatus comprising:
means for storing physical characteristic information for a plurality of individuals; means for storing for each individual, an access signal associated with the existing personnel control system; means for scanning a physical characteristic of a presented individual; means for generating a scanned physical characteristic signal for the presented individual; means for comparing the stored physical characteristics information to the scanned physical characteristic sigrial to determine if a match is found; means for outputting the access signal associated with the
-3-presented individual when a match is found; and means for communicating the outputted access signal to the existing control system in a format that is compatible with the predetermined format of the stored data so that the existing personnel control system will recognize the outputted access signal as a match for the presented individual stored data and authorize access to the controlled area.
According to another aspect of the present invention, there is provided a biometric apparatus for interfacing with an existing personnel control system that utilizes stored data, in addition to biometric data, for the purpose of determining whether a presented individual is authorized to have access to a controlled area, the apparatus comprising: means for storing biometric information for a plurality of individuals; means for obtaining biometric information on a presented individual; means for storing for each individual, an access signal associated with the existing personnel control system; means for generating an obtained biometric information signal for the presented individual; means for comparing the stored biometric information to the obtained signal to determine if a match is found; means for outputting the access signal associated with the presented individual when a match is found; and means for communicating the outputted access signal to the existing control system in a format that is compatible with the stored data so that the existing personnel control system will recognize the outputted access signal as a match for the presented individual stored data and authorize access to the controlled area.
Brief Description of the Drawings In the figures which disclose example embodiments of the invention, figure 1 is a schematic diagram of an enrolment apparatus made in accordance with this invention, figure 2 is a schematic diagram of an encrypting/decrypting apparatus made in accordance with this invention, figure 3 is a schematic diagram of a portion of figure 2, and figure 4 is a schematic diagram of a PIN generating apparatus made in accordance with this invention.
Description of the Preferred Embodiments In the following, lower case letters represent functions in the "spatial _ . , domain" and upper case letters represent the "Fourier transformed frequency domain".
Also, we use the following terminology: "Fourier transform" denotes a transformation from the spatial domain to the frequency domain, and "inverse Fourier transform"
denotes a transformation from the frequency domain to the spatial domain. It should be noted that when the inverse Fourier transform is implemented optically (using a lens), the transformation is in fact equivalent to the Fourier transform. The consequence of this is that a coordinate reversal occurs in the resulting spatial domain. On the other hand, digital implementation of the inverse Fourier transform can be accomplished as mathematically defmed, and so no such coordinate reversal occurs. However, both (optical and digital) implementations of the inverse Fourier transform can be used to produce the correlation operation which is required for this invention.
An individual who wishes to use the encrypting and decrypting apparatus of this invention is enroled by way of enrolment apparatus 10 of figure 1. With reference to figure 1, enrolment apparatus 10 comprises an input system 29 with a light source 30, which may be a coherent source, an expander lens 31, and a collimator lens 33 to illuminate a prism 35 with a beam 37. One face of the prism forms an input screen 28.
The individual to be enroled places a finger (or fingers) 12 on the input screen. The input system utilizes the principle of total internal reflection to read the pattern formed by the furrows of the input fmgerprint pattern. That is, a furrow will create an air space over the surface of a glass screen, allowing light which is internally reflected from the interior surface of the screen to proceed unimpeded. Ridges, however, will be in contact with the surface, where they will scatter and absorb a portion of the illuminating light. This effect is known as frustrated total internal reflection. In the result, the output beam 39 from the prism is an information beam carrying the fingerprint pattern, p. The optical beam 39 inputs a lens 40 which images the fmgerprint information onto an Image Capture and Digitizer Device ICDD, 41, comprising a light detector array, an A/D converter and a processor. The ICDD converts the optical fmgerprint information beam into a two-dimensional grey scale digital representation. The digital output 42 of the ICDD is input to a unique filter generator 43 and to a unique number generator 44.
The unique number generator 44 generates an array of numbers. This may=
be accomplished in any of a number of ways. For example, a Fourier transform of the
According to another aspect of the present invention, there is provided a biometric apparatus for interfacing with an existing personnel control system that utilizes stored data, in addition to biometric data, for the purpose of determining whether a presented individual is authorized to have access to a controlled area, the apparatus comprising: means for storing biometric information for a plurality of individuals; means for obtaining biometric information on a presented individual; means for storing for each individual, an access signal associated with the existing personnel control system; means for generating an obtained biometric information signal for the presented individual; means for comparing the stored biometric information to the obtained signal to determine if a match is found; means for outputting the access signal associated with the presented individual when a match is found; and means for communicating the outputted access signal to the existing control system in a format that is compatible with the stored data so that the existing personnel control system will recognize the outputted access signal as a match for the presented individual stored data and authorize access to the controlled area.
Brief Description of the Drawings In the figures which disclose example embodiments of the invention, figure 1 is a schematic diagram of an enrolment apparatus made in accordance with this invention, figure 2 is a schematic diagram of an encrypting/decrypting apparatus made in accordance with this invention, figure 3 is a schematic diagram of a portion of figure 2, and figure 4 is a schematic diagram of a PIN generating apparatus made in accordance with this invention.
Description of the Preferred Embodiments In the following, lower case letters represent functions in the "spatial _ . , domain" and upper case letters represent the "Fourier transformed frequency domain".
Also, we use the following terminology: "Fourier transform" denotes a transformation from the spatial domain to the frequency domain, and "inverse Fourier transform"
denotes a transformation from the frequency domain to the spatial domain. It should be noted that when the inverse Fourier transform is implemented optically (using a lens), the transformation is in fact equivalent to the Fourier transform. The consequence of this is that a coordinate reversal occurs in the resulting spatial domain. On the other hand, digital implementation of the inverse Fourier transform can be accomplished as mathematically defmed, and so no such coordinate reversal occurs. However, both (optical and digital) implementations of the inverse Fourier transform can be used to produce the correlation operation which is required for this invention.
An individual who wishes to use the encrypting and decrypting apparatus of this invention is enroled by way of enrolment apparatus 10 of figure 1. With reference to figure 1, enrolment apparatus 10 comprises an input system 29 with a light source 30, which may be a coherent source, an expander lens 31, and a collimator lens 33 to illuminate a prism 35 with a beam 37. One face of the prism forms an input screen 28.
The individual to be enroled places a finger (or fingers) 12 on the input screen. The input system utilizes the principle of total internal reflection to read the pattern formed by the furrows of the input fmgerprint pattern. That is, a furrow will create an air space over the surface of a glass screen, allowing light which is internally reflected from the interior surface of the screen to proceed unimpeded. Ridges, however, will be in contact with the surface, where they will scatter and absorb a portion of the illuminating light. This effect is known as frustrated total internal reflection. In the result, the output beam 39 from the prism is an information beam carrying the fingerprint pattern, p. The optical beam 39 inputs a lens 40 which images the fmgerprint information onto an Image Capture and Digitizer Device ICDD, 41, comprising a light detector array, an A/D converter and a processor. The ICDD converts the optical fmgerprint information beam into a two-dimensional grey scale digital representation. The digital output 42 of the ICDD is input to a unique filter generator 43 and to a unique number generator 44.
The unique number generator 44 generates an array of numbers. This may=
be accomplished in any of a number of ways. For example, a Fourier transform of the
-4-WO 96/08093 2 1g (~ ~ 34 PCT/CA95/00509 fingerprint information may be calculated to obtain the Fourier transform co-efficients of the transform. Selected ones of these Fourier transform co-efficients may then be chosen and combined to generate a number u. It will be apparent that this number u is unique to the particular fingerprint(s) placed on the input screen. Alternatively, u can be generated by a random number generator seeded with the selected Fourier transform co-efficients.
The unique number u is then used to generate an array of numbers g={g 1, .....
gn} such that the values in the elements of g represent the unique number u. For example, if u is a k-digit base 10 number and if in any subsequent measurement of the values g1..... gn, the detecting instrument will have a known error in detection which only allows 0 distinct values from 0 to m - 1 inclusive (m is the dynamic range of the detector), n would be chosen to be the integer greater than or equal to logol0k. The unique number u can then be expanded into elements of g by using modulo division, i.e.:
gl = Integer of u 0 n-1 g2 = Integer of u mod (3n-I
Qn-2 g3 = Integer of (u mod (3n-1) mod l3n-2 = Integer of u mod Qn-2 0 n-3 Rn-3 etc. The array, g, is input to the unique filter generator 43.
The unique filter generator 43 calculates the digital Fourier transform, P, of the fmgerprint information and generates a two dimensional filter function, F, as follows.
The mathematical multiplication of the fingerprint transform, P, with the filter, F, produces the two-dimensional light distribution S. F is generated so that the inverse Fourier transform.of S, denoted by s, is equal to a series of n displaced delta-like functions S1, 52...... Sn, where the square of the amplitude of Si is equal to the corresponding value gi in the array g. This may be represented mathematically by the following sets of equations which for convenience will be described in one dimension:
The unique number u is then used to generate an array of numbers g={g 1, .....
gn} such that the values in the elements of g represent the unique number u. For example, if u is a k-digit base 10 number and if in any subsequent measurement of the values g1..... gn, the detecting instrument will have a known error in detection which only allows 0 distinct values from 0 to m - 1 inclusive (m is the dynamic range of the detector), n would be chosen to be the integer greater than or equal to logol0k. The unique number u can then be expanded into elements of g by using modulo division, i.e.:
gl = Integer of u 0 n-1 g2 = Integer of u mod (3n-I
Qn-2 g3 = Integer of (u mod (3n-1) mod l3n-2 = Integer of u mod Qn-2 0 n-3 Rn-3 etc. The array, g, is input to the unique filter generator 43.
The unique filter generator 43 calculates the digital Fourier transform, P, of the fmgerprint information and generates a two dimensional filter function, F, as follows.
The mathematical multiplication of the fingerprint transform, P, with the filter, F, produces the two-dimensional light distribution S. F is generated so that the inverse Fourier transform.of S, denoted by s, is equal to a series of n displaced delta-like functions S1, 52...... Sn, where the square of the amplitude of Si is equal to the corresponding value gi in the array g. This may be represented mathematically by the following sets of equations which for convenience will be described in one dimension:
-5-WO 96/08093 2 199Pt 34 PCT/CA95/00509 Let p(x) be the input fmgerprint pattern signal P(u) be the complex Fourier transform of the signal, denoted by I P(u) I exp(jd(u)), where d(u) is the phase of the Fourier transform F(u) be the filter function and s(x) be the output signal We desire s(x) to have the following form;
s(x) = V"g 1 .6(x-xl) + -Vg 2 .6(x-x2) + . . -Vg n .8(x-xn) that is n delta functions at positions xl, x2,...xn and relative intensities g 1, 92, ... gn respectively Then, S(u) = JV-g 1 .S(x-xl).exp( j27rux)dx JVg 2 .S(x-x2).exp( j27cux)dx +...
Let x' = x-xl, x" = x-x2, etc.
S(u) = JV"g-, .S(x').exp( j27cu(x'+xl))dx' + jv~-g-2.S(x").exp( j27cu(x"+x2))dx"+...
=Vrg-, .exp( j27rux1). J S(x').exP( j27cux')dx'+,V-g-2.exP( j27cux2). J
g(xõ).exP( j27[ux")dx"+...
= V"-g-,-.exP( j27cux1)+ v/'-g-2.exp( j27Cux2) + ...
We require that P(u).F(u) = S(u) Thus, F(u) = S(u) P(u) That is, V"-g-j-.exP( j27Eux1) +V-g2.exP( j27Cux2) +..-Vrg-nexP( j27ruxõ) F(u) _ L
lY(u)l exp (jd(u))
s(x) = V"g 1 .6(x-xl) + -Vg 2 .6(x-x2) + . . -Vg n .8(x-xn) that is n delta functions at positions xl, x2,...xn and relative intensities g 1, 92, ... gn respectively Then, S(u) = JV-g 1 .S(x-xl).exp( j27rux)dx JVg 2 .S(x-x2).exp( j27cux)dx +...
Let x' = x-xl, x" = x-x2, etc.
S(u) = JV"g-, .S(x').exp( j27cu(x'+xl))dx' + jv~-g-2.S(x").exp( j27cu(x"+x2))dx"+...
=Vrg-, .exp( j27rux1). J S(x').exP( j27cux')dx'+,V-g-2.exP( j27cux2). J
g(xõ).exP( j27[ux")dx"+...
= V"-g-,-.exP( j27cux1)+ v/'-g-2.exp( j27Cux2) + ...
We require that P(u).F(u) = S(u) Thus, F(u) = S(u) P(u) That is, V"-g-j-.exP( j27Eux1) +V-g2.exP( j27Cux2) +..-Vrg-nexP( j27ruxõ) F(u) _ L
lY(u)l exp (jd(u))
-6-exp( jd(u)) _ [~exp( j2~ux1)+~exp( j27Cux2)+ ...]
~(u)~
In general fP(u)l = 0 will occur for some values of u, resulting in singularities in the above expression for F(u). This problem is usually eliminated by imposing a magnitude constraint on F(u), such that I aex -'d u .[Vg_~xp( j27Eux1) +V_g__~exp( j27cux2)+...] for ~(u)La F(u)= (u) exp( jd(u)) .[~exp( j2n-ux,) +,v ~gxp( j27Cux2)+...] otherwise where a is a constant that ensures that IF(u)I is normalized.
This complex-valued filter function, F, will be implemented on the available spatial light modulator using the methods described in the article "Optimal realizable filters and the minimum Euclidean distance principle," Richard D. Juday, Applied Optics, Vol.
32 pages 5100-5111 (1993), or by other such methods.
One knowledgeable in the art can easily extend this to two dimensions. The unique filter generator outputs the values of the filter F to card storage device 22 on line 46.
The card storage device stores filter F on a storage medium (such as a magnetic strip or smart card chip) of a card 20. Once this operation is accomplished, enrolment is complete and the individual leaves with card 20.
A subscriber may communicate his public key or decrypt a message utilizing apparatus 70 of figure 2. Further, another may encrypt a message with apparatus 70.
Turning to figure 2, apparatus 70 comprises an input system 129 with a laser 130, expander lens 131, collimator lens 133, and prism 135 which may be similar to the input system 29 of figure 1. A correlator 142 is in the information beam path 139. The correlator comprises a Fourier transforming lens 143, an electronically addressable (programmable) spatial light modulator (SLM) 144 in the back focal plane of lens 143, and
~(u)~
In general fP(u)l = 0 will occur for some values of u, resulting in singularities in the above expression for F(u). This problem is usually eliminated by imposing a magnitude constraint on F(u), such that I aex -'d u .[Vg_~xp( j27Eux1) +V_g__~exp( j27cux2)+...] for ~(u)La F(u)= (u) exp( jd(u)) .[~exp( j2n-ux,) +,v ~gxp( j27Cux2)+...] otherwise where a is a constant that ensures that IF(u)I is normalized.
This complex-valued filter function, F, will be implemented on the available spatial light modulator using the methods described in the article "Optimal realizable filters and the minimum Euclidean distance principle," Richard D. Juday, Applied Optics, Vol.
32 pages 5100-5111 (1993), or by other such methods.
One knowledgeable in the art can easily extend this to two dimensions. The unique filter generator outputs the values of the filter F to card storage device 22 on line 46.
The card storage device stores filter F on a storage medium (such as a magnetic strip or smart card chip) of a card 20. Once this operation is accomplished, enrolment is complete and the individual leaves with card 20.
A subscriber may communicate his public key or decrypt a message utilizing apparatus 70 of figure 2. Further, another may encrypt a message with apparatus 70.
Turning to figure 2, apparatus 70 comprises an input system 129 with a laser 130, expander lens 131, collimator lens 133, and prism 135 which may be similar to the input system 29 of figure 1. A correlator 142 is in the information beam path 139. The correlator comprises a Fourier transforming lens 143, an electronically addressable (programmable) spatial light modulator (SLM) 144 in the back focal plane of lens 143, and
-7-WO 96/08093 ~ 199034 PCT/CA95/00509 an inverse Fourier transform lens 146. The output beam 147 from the correlator inputs optical detector 148. Detector 148 inputs processor 80 on line 149. The processor also receives an input from card reader 72 on line 78. The processor outputs to the on line 79, to a pseudo-random number generator 84, and to a public/private key generator 88 on line 82. The pseudo-random number generator outputs to the public/private key generator which, in turn, outputs to a public key communicator 94 and, on line 92, to a decryption/encryption system 96. The public/private key generator also receives an input from public key receiver 95 and from keypad 74. The decryption/encryption system receives an input from an input message store 98 and outputs to an output message store 100.
A subscriber who wishes to transmit his public key places the same finger or fmgers on the input screen 128 as were placed on the screen 28 (figure 1) during enrolment, his card 20 in reader 72, and presses button 76 of keypad 74. This activates light source 130 and the resulting output beam 139 from the prism is an information beam carrying the fingerprint pattern p'. The beam 139 carrying the spatial fingerprint information proceeds into the correlator 142 and passes through the Fourier transform lens 143. The filter information, F, stored on card 20 is read by reader 72 and input to processor 80. The processor converts the incoming digital filter information signals to analog SLM drive voltages. These drive voltages, which represent the filter information, are transferred into the SLM 144 on line 79. The filter written on the SLM 144 modulates the fingerprint's optical transform through a multiplicative method which is part of the optical correlation operation which compares the subscribers fingerprint(s) with those represented by the encoded filter F stored on the subscriber's card. The output from the SLM 144 is an optical signal S' whose similarity to the transform function S depends on the degree of correlation between the input fmgerprint(s) p' and the reference fingerprint(s) p used to construct the filter F. If p and p' are the same fingerprint(s) then S' equals S. The optical signal 145 which comprises S' passes through the second transform lens 146 and onto the optical detector 148 where its intensity distribution s' is detected. When p' equals p then s' will be an intensity distribution representing g, the array of numbers which represent the unique number u. The output of the optical detector 148 inputs the processor 80 which calculates the unique number u from the array of numbers {g, ...... gn}. If the error in detection by detector 148 only allows 0 distinct values between 0 and m-1 inclusive, where m is the dynamic range of the optical detector 148, we calculate:
A subscriber who wishes to transmit his public key places the same finger or fmgers on the input screen 128 as were placed on the screen 28 (figure 1) during enrolment, his card 20 in reader 72, and presses button 76 of keypad 74. This activates light source 130 and the resulting output beam 139 from the prism is an information beam carrying the fingerprint pattern p'. The beam 139 carrying the spatial fingerprint information proceeds into the correlator 142 and passes through the Fourier transform lens 143. The filter information, F, stored on card 20 is read by reader 72 and input to processor 80. The processor converts the incoming digital filter information signals to analog SLM drive voltages. These drive voltages, which represent the filter information, are transferred into the SLM 144 on line 79. The filter written on the SLM 144 modulates the fingerprint's optical transform through a multiplicative method which is part of the optical correlation operation which compares the subscribers fingerprint(s) with those represented by the encoded filter F stored on the subscriber's card. The output from the SLM 144 is an optical signal S' whose similarity to the transform function S depends on the degree of correlation between the input fmgerprint(s) p' and the reference fingerprint(s) p used to construct the filter F. If p and p' are the same fingerprint(s) then S' equals S. The optical signal 145 which comprises S' passes through the second transform lens 146 and onto the optical detector 148 where its intensity distribution s' is detected. When p' equals p then s' will be an intensity distribution representing g, the array of numbers which represent the unique number u. The output of the optical detector 148 inputs the processor 80 which calculates the unique number u from the array of numbers {g, ...... gn}. If the error in detection by detector 148 only allows 0 distinct values between 0 and m-1 inclusive, where m is the dynamic range of the optical detector 148, we calculate:
-8-WO 96/08093 2 199t1 3f! PCT/CA95/00509 gi* = gi(measured) and round to integers m where0<_gi*<P.
Then u gi*Rn-1+ 92*R -2 +..... +gn*
The number u then acts as the seed number which inputs pseudo-random number generator 84. It is important to note that the pseudo-random number generator will generate the same random numbers whenever it is input with the same seed, in this case u.
The random numbers derived by pseudo-random number generator 84 as well as u itself, on line 82, input the key generator 88. The key generator utilizes known public-key cryptographic techniques to derive a private key or a public key from these inputs. With button 76 of keypad 74 depressed, the key generator is prompted to output the public key on line 90 to public key communicator 94. Communicator 94 may simply be a display or it could be a transmitter such as a modem which transmits the number to a sendee.
If a subscriber has an encrypted message he wants to decipher, he may utilize apparatus 70 to decrypt same, as follows. The encrypted message is input to input message store 98. Then the subscriber (receiver) inserts his card 20 in card reader 72, depresses button 79 of keypad 74, and places his finger(s) on input screen 128. As before, the processor 80 generates the unique number u from the intensity distribution s' and this, along with the random numbers generated by random number generator 84 in response to the seed number u, input the key generator 88. In response to the prompt from button 79, the key generator utilizes these inputs to derive the private key. The private key then inputs decryption/encryption system 96 on line 92; the encrypted message stored in the input message store 98 also inputs system 96. The system 96 utilizes known public key cryptographic techniques to decrypt the message from these inputs. The decrypted message is then output to output message store 100 where it may be accessed by the subscriber.
If the person using apparatus 70 was not the person whose fingerprints were represented by the encoded filter F, then the optical signal S' derived from the multiplication of the filter F from the card with the Fourier transform P' of that persons fingerprint(s) will
Then u gi*Rn-1+ 92*R -2 +..... +gn*
The number u then acts as the seed number which inputs pseudo-random number generator 84. It is important to note that the pseudo-random number generator will generate the same random numbers whenever it is input with the same seed, in this case u.
The random numbers derived by pseudo-random number generator 84 as well as u itself, on line 82, input the key generator 88. The key generator utilizes known public-key cryptographic techniques to derive a private key or a public key from these inputs. With button 76 of keypad 74 depressed, the key generator is prompted to output the public key on line 90 to public key communicator 94. Communicator 94 may simply be a display or it could be a transmitter such as a modem which transmits the number to a sendee.
If a subscriber has an encrypted message he wants to decipher, he may utilize apparatus 70 to decrypt same, as follows. The encrypted message is input to input message store 98. Then the subscriber (receiver) inserts his card 20 in card reader 72, depresses button 79 of keypad 74, and places his finger(s) on input screen 128. As before, the processor 80 generates the unique number u from the intensity distribution s' and this, along with the random numbers generated by random number generator 84 in response to the seed number u, input the key generator 88. In response to the prompt from button 79, the key generator utilizes these inputs to derive the private key. The private key then inputs decryption/encryption system 96 on line 92; the encrypted message stored in the input message store 98 also inputs system 96. The system 96 utilizes known public key cryptographic techniques to decrypt the message from these inputs. The decrypted message is then output to output message store 100 where it may be accessed by the subscriber.
If the person using apparatus 70 was not the person whose fingerprints were represented by the encoded filter F, then the optical signal S' derived from the multiplication of the filter F from the card with the Fourier transform P' of that persons fingerprint(s) will
-9-- -- _ _ , not equal S. This will mean that the unique number u' indirectly derived from S' will not be equivalent to u. Consequently the key generated by the private/public key generator 88 will not decrypt the encrypted message.
An individual may send a subscriber an encrypted message utilizing apparatus 70 in the following manner. The individual stores a plain text message in input message store 98, depresses button 77 of operator input 74 and inputs the public key of the subscriber to public key receiver 95. This prompts the key generator 88 to directly input the public key from public key receiver 95 to the decryption/encryption system 96. The system 96 uses this key in encrypting the plain text message and outputs the encrypted message to output message store 100. The individual may then transmit the encrypted message to the subscriber in any non-secure manner. (It may be noted that the fingerprint and card reading subsystems of apparatus 70 are inactive when button 77 is pressed.) It will be apparent that the system of this invention allows the use of public key encryption techniques without a subscriber knowing his private key. This enhances the security of the system. Yet further a lost card could not be used by a third party in apparatus 70 because the unique number u is only recoverable by inputting the subscriber's fmgerprint.
Another advantage of the subject system is that the subscriber need not know his public key as it may be easily generated with the system of the invention.
Furthermore, if an unauthorized individual broke in to an apparatus 70 of figure 2, he would have no way of determining the manner for generation of u since this number is only generated in the enrolment devices of figure 1 and is unique to each individual.
The robustness of the system of the present invention may be enhanced as follows. In the enrolment apparatus 10 of figure 1, the absolute value of one point of g =
{g1...... gn}, for example gl, may be stored on card 20. If this is done, then the processor circuit 80 of figure 2 may compare the intensity of this same point in the g function generated by optical correlator 142 with that point stored on the card and scale the elements of g from correlator 142 accordingly. This will reduce the effect of the "noise" present in apparatus 70. For example, dirt or oil on the input screen 128 could reduce the absolute
An individual may send a subscriber an encrypted message utilizing apparatus 70 in the following manner. The individual stores a plain text message in input message store 98, depresses button 77 of operator input 74 and inputs the public key of the subscriber to public key receiver 95. This prompts the key generator 88 to directly input the public key from public key receiver 95 to the decryption/encryption system 96. The system 96 uses this key in encrypting the plain text message and outputs the encrypted message to output message store 100. The individual may then transmit the encrypted message to the subscriber in any non-secure manner. (It may be noted that the fingerprint and card reading subsystems of apparatus 70 are inactive when button 77 is pressed.) It will be apparent that the system of this invention allows the use of public key encryption techniques without a subscriber knowing his private key. This enhances the security of the system. Yet further a lost card could not be used by a third party in apparatus 70 because the unique number u is only recoverable by inputting the subscriber's fmgerprint.
Another advantage of the subject system is that the subscriber need not know his public key as it may be easily generated with the system of the invention.
Furthermore, if an unauthorized individual broke in to an apparatus 70 of figure 2, he would have no way of determining the manner for generation of u since this number is only generated in the enrolment devices of figure 1 and is unique to each individual.
The robustness of the system of the present invention may be enhanced as follows. In the enrolment apparatus 10 of figure 1, the absolute value of one point of g =
{g1...... gn}, for example gl, may be stored on card 20. If this is done, then the processor circuit 80 of figure 2 may compare the intensity of this same point in the g function generated by optical correlator 142 with that point stored on the card and scale the elements of g from correlator 142 accordingly. This will reduce the effect of the "noise" present in apparatus 70. For example, dirt or oil on the input screen 128 could reduce the absolute
-10-intensity of g. However, the relative intensities of the delta functions would be preserved.
The absolute value could then be recovered by comparing one point of g generated by correlator 142 with that same point of g which is stored in absolute form on card 20.
In another embodiment of the invention, the unique number, u, is related to the location of peaks in the correlator output, rather than their relative intensities as considered so far. In this embodiment the filter F is designed to produce a series of equal-intensity peaks at the correlation plane detector. The peak locations are carefully controlled so that they occur within a grid of p by q cells on the detector. When n such series of peaks are displayed sequentially, the unique number u can be reproduced, using only the peak location information.
In this embodiment an individual will be enroled using the following procedure. With reference to figure 1, the individual will place their finger(s) on the input screen 28. As before, the fingerprint information is input to the ICDD 41. The digital output 42 of the ICDD is input to the unique filter generator 43 and to the unique number generator 44. The unique number generator 44 will assign the subscriber a unique number u as previously described. Then, the unique number generator 44 determines an array b which is related to the unique number u by the following relationship:
u = f(b,w) where w is a constant for any specified number of peaks (t) and size of grid (p by q) as described hereinafter. For reasons which will also be apparent hereinafter, a convenient choice for the function is:
u = bIw -' + b2wn-2 +..... + bn-lwl .+ bnw Thus, the coefficients bl, b2 ... bn which determine the unique number u can be evaluated using modular arithmetic as follows:
bl = Integer of u Wn-I
b2 = Integer of u mod wn-1 wn-2 bn-I =lnteger of u mod w2 wI
bn = Integer of u mod wl Wo The unique number generator 44 then assigns each value of bi to one of the possible permutations of arranging t peaks in a grid of p by q cells. One of the peaks is always located in the upper left cell of the grid, to serve as a reference peak. The number of permutations of locating the remaining t-1 peaks in the p.q-1 cells is given by w, where:
w = (p.a-1)!
(t-1)! (p.q-t)!
Thus, it is clear that each coefficient bi has a value between 0 and w-1 inclusive. The assignment of the value of bi to a particular pattern of peak locations is accomplished by using a randomised look-up table in the filter generator which relates every possible value of bi (i.e. from 0 to w-1) to a unique permutation of peak locations in the grid. Thus, a two-way relationship between the value of bi and the relative locations of peaks in the grid is established. Clearly then, if the subscriber can later reproduce the pattern of peaks in such a grid using the apparatus 70 of figure 2, then the unique number u can be regenerated and thus the subscriber can proceed. Note however, that because of the randomised look-up table, even if a pattern of peaks were discerned, it would bear no relationship to the corresponding value of the element of b unless the look-up were known.
The required locations of the peaks for each element, bi, of b are input to the unique filter generator from the unique number generator. The unique filter generator calculates the filter, F;, so that when the correct fingerprint (or fingerprints), p, is input to apparatus 70 of figure 2, the output function, si, is the specified arrangement of equal-intensity peaks. This calculation uses the Fourier transform of the subscriber's fingerprint(s), P, and the same approach as described previously, with the exception that all of the delta-like functions are assigned the same peak height, and their relative locations are determined by bi. (Therefore, in one dimension, si = S(x-xl)+S(x-xz)+ ..... + b(x-xd where xl, x2,....., xt are determined by the look-up table of peak locations for bi.) Note that n such filters, F1, F2,...Fn, corresponding to bl, b2,...bn, will be required to determine all the elements of b. The n filters are generated in this manner, and are then stored on the card 20. Thus, the enrolment process is completed and the user retains the card 20.
Where the subscriber to the system wishes to regenerate the unique number, u, to produce the private or public key, the following procedure is adopted.
Turning to figure 2, when a subscriber places his finger(s) on the input 128 of apparatus 70, inserts his card 20 in the reader 72, and presses button 76 (to display his public key) or 79 (to decrypt a message), the processor causes the n filters from the card 20 to be transferred sequentially to the SLM 144 on line 79. A given filter, Fi, is multiplied in the correlator 142 with the Fourier transform, P, of the subscriber's fingerprint(s). The inverse Fourier transform of the result, which is the function si, is displayed on the correlation plane detector 148. With reference to figure 3, which schematically illustrates a portion of figure 2, the location of the first peak 150 in the detector 148 is determined by scanning across the detector from upper left to the bottom right. This first peak is considered to be the reference peak, and its position defines the grid 151 of p by q detection cells in the correlation plane detector, with the reference peak occupying the upper left cell in this grid. The detector output is then scanned over the area of the grid 151 and the locations of the other t-1 peaks are determined. Each of the t-1 peaks occupies a unique cell in the grid and the position of each is communicated to the processor 80 on line 149. The processor determines the element bi of the vector b from the pattern of peaks by referring to the same randomised look-up table as used in the unique filter generator 43. The next filter, Fi, is then written to the SLM and thus the next element of b is determined and so on, until the entire array, b, is generated.
Since each element bi, will have w possible values, bi, is, in effect, a number in base w. It is for this reason that u = f(b,w) is chosen as u = blw '1 + bZw "Z +..... + bn_lwi + bnw , because this equation converts the n elements of b from base w to base 10 which is more suitable for communication purposes. Thus, the unique number u is recreated using the apparatus 70 of figure 2, and can be input to the pseudo-random number generator.
In the example shown in figure 3, t=4 (there are 4 peaks), p=q=4 (a 4x4 detection grid is defined), and n=4 (4 filters are displayed sequentially).
Thus, in this example, the unique number u would be capable of representing 4554 or 4.3x1010 values.
This embodiment of the invention has the advantage of requiring only a binary search for correlation peaks, without regard to their intensity. It will thus be more resistant to any variations in the correlation peak heights caused by the correlator system noise.
A further embodiment of the invention would use the combination of peak height and location to generate the unique number, u, using the procedures described herein.
A subscriber may use his card created with the enrolment device of figure 1 to operate a PIN operated device, such as an ATM or a symmetric encryption/decryption system, utilizing apparatus 270 of figure 4. With regard to figure 1, the PIN
may be derived from the unique number generator 44 or can be chosen by the system user 50.
Turning to figure 4 in which like parts to those appearing in figure 2 have been given like numbers, apparatus 270 comprises an input system 129 with a laser 130, expander lens 131, collimator lens 133, and prism 135. A correlator 142 is in the information beam path 139. The correlator comprises a Fourier transforming lens 143, an.
electronically addressable (programmable) spatial light modulator (SLM) 144 in the back WO 96/08093 99n 34 PCT/CA95/00509 focal plane of lens 143, and an inverse Fourier transform lens 146. The output beam 147 from the correlator inputs optical detector 148. Detector 148 inputs processor 80 on line 149. The processor also receives an input from card reader 72 on line 78. The processor outputs to the SLM 144 on line 79 and to a PIN operated device 200 on line 282.
A subscriber who wishes to use the PIN operated device places the same finger or fingers on the input screen 128 as were placed on the screen 28 (figure 1) during enrolment and his card 20 in reader 72. This activates light source 130 and the resulting output beam 139 from the prism is an information beam carrying the fingerprint pattern p'.
The beam 139 carrying the spatial fingerprint information proceeds into the correlator 142 and passes through the Fourier transform lens 143. The filter information, F, stored on card 20 is read by reader 72 and input to processor 80. The processor converts the incoming digital filter information signals to analog SLM drive voltages. These drive voltages, which represent the filter information, are transferred into the SLM 144 on line 79.
The filter written on the SLM 144 modulates the fingerprint's optical transform through a multiplicative method which is part of the optical correlation operation which compares the subscribers fingerprint(s) with those represented by the encoded filter F
stored on the subscriber's card. The output from the SLM 144 is an optical signal S' whose similarity to the transform function S depends on the degree of correlation between the input fingerprint(s) p' and the reference fingerprint(s) p used to construct the filter F. If p and p' are the same fingerprint(s) then S' equals S. The optical signal 145 which comprises S' passes through the second transform lens 146 and onto the optical detector 148 where its intensity distribution s' is detected. When p' equals p then s' will be an intensity distribution equal to g, the array of numbers which represent the unique number u. The output of the optical detector 148 inputs the processor 80 which calculates the unique number u from the array of numbers {gl...... gõ}. If the error in detection by detector 148 only allows 0 distinct values between 0 and m-1 inclusive, where m is the dynamic range of the optical detector 148, we calculate:
gi* = gi(measured) .i and round to integers m where0_gi*<(3.
Then u = gi*Rn-1+ g2*(3n-2 +..... +gn*P
The number u then acts as the PIN (private key) for operating the PIN
operated device 200. Thus, the fingerprint of an authorised user will recover his PIN from his card without need for the user to know his PIN. On the other hand, because the PIN is secured by the fingerprint, the user may choose his/her own PIN for use with the PIN
operated system.
The unique number u can also be generated using peak locations in the output of the correlator as described in a previous embodiment.
It will be apparent to those skilled in the art that input systems other than system 29 of figure 1 and 129 of figures 2-and 4 are available in order to produce a fingerprint information beam. Some of these other systems do not require a laser.
While it is preferred that the input to the input system is the fingerprint(s) of a user, the input system could be adapted to produce an optical signal impressed with characteristics from other body parts, such as a user's hand or iris. Indeed, any body part which has a unique signature comprises a biometric which may be suitable for use within the spirit of this invention.
While the systems of figures 2 and 4 have been described in conjunction with an optical correlator 142, it will be apparent to those skilled in the art that the correlator may be implemented digitally.
Other modifications will be apparent to those skilled in the art and, accordingly, the invention is defined in the claims.
The absolute value could then be recovered by comparing one point of g generated by correlator 142 with that same point of g which is stored in absolute form on card 20.
In another embodiment of the invention, the unique number, u, is related to the location of peaks in the correlator output, rather than their relative intensities as considered so far. In this embodiment the filter F is designed to produce a series of equal-intensity peaks at the correlation plane detector. The peak locations are carefully controlled so that they occur within a grid of p by q cells on the detector. When n such series of peaks are displayed sequentially, the unique number u can be reproduced, using only the peak location information.
In this embodiment an individual will be enroled using the following procedure. With reference to figure 1, the individual will place their finger(s) on the input screen 28. As before, the fingerprint information is input to the ICDD 41. The digital output 42 of the ICDD is input to the unique filter generator 43 and to the unique number generator 44. The unique number generator 44 will assign the subscriber a unique number u as previously described. Then, the unique number generator 44 determines an array b which is related to the unique number u by the following relationship:
u = f(b,w) where w is a constant for any specified number of peaks (t) and size of grid (p by q) as described hereinafter. For reasons which will also be apparent hereinafter, a convenient choice for the function is:
u = bIw -' + b2wn-2 +..... + bn-lwl .+ bnw Thus, the coefficients bl, b2 ... bn which determine the unique number u can be evaluated using modular arithmetic as follows:
bl = Integer of u Wn-I
b2 = Integer of u mod wn-1 wn-2 bn-I =lnteger of u mod w2 wI
bn = Integer of u mod wl Wo The unique number generator 44 then assigns each value of bi to one of the possible permutations of arranging t peaks in a grid of p by q cells. One of the peaks is always located in the upper left cell of the grid, to serve as a reference peak. The number of permutations of locating the remaining t-1 peaks in the p.q-1 cells is given by w, where:
w = (p.a-1)!
(t-1)! (p.q-t)!
Thus, it is clear that each coefficient bi has a value between 0 and w-1 inclusive. The assignment of the value of bi to a particular pattern of peak locations is accomplished by using a randomised look-up table in the filter generator which relates every possible value of bi (i.e. from 0 to w-1) to a unique permutation of peak locations in the grid. Thus, a two-way relationship between the value of bi and the relative locations of peaks in the grid is established. Clearly then, if the subscriber can later reproduce the pattern of peaks in such a grid using the apparatus 70 of figure 2, then the unique number u can be regenerated and thus the subscriber can proceed. Note however, that because of the randomised look-up table, even if a pattern of peaks were discerned, it would bear no relationship to the corresponding value of the element of b unless the look-up were known.
The required locations of the peaks for each element, bi, of b are input to the unique filter generator from the unique number generator. The unique filter generator calculates the filter, F;, so that when the correct fingerprint (or fingerprints), p, is input to apparatus 70 of figure 2, the output function, si, is the specified arrangement of equal-intensity peaks. This calculation uses the Fourier transform of the subscriber's fingerprint(s), P, and the same approach as described previously, with the exception that all of the delta-like functions are assigned the same peak height, and their relative locations are determined by bi. (Therefore, in one dimension, si = S(x-xl)+S(x-xz)+ ..... + b(x-xd where xl, x2,....., xt are determined by the look-up table of peak locations for bi.) Note that n such filters, F1, F2,...Fn, corresponding to bl, b2,...bn, will be required to determine all the elements of b. The n filters are generated in this manner, and are then stored on the card 20. Thus, the enrolment process is completed and the user retains the card 20.
Where the subscriber to the system wishes to regenerate the unique number, u, to produce the private or public key, the following procedure is adopted.
Turning to figure 2, when a subscriber places his finger(s) on the input 128 of apparatus 70, inserts his card 20 in the reader 72, and presses button 76 (to display his public key) or 79 (to decrypt a message), the processor causes the n filters from the card 20 to be transferred sequentially to the SLM 144 on line 79. A given filter, Fi, is multiplied in the correlator 142 with the Fourier transform, P, of the subscriber's fingerprint(s). The inverse Fourier transform of the result, which is the function si, is displayed on the correlation plane detector 148. With reference to figure 3, which schematically illustrates a portion of figure 2, the location of the first peak 150 in the detector 148 is determined by scanning across the detector from upper left to the bottom right. This first peak is considered to be the reference peak, and its position defines the grid 151 of p by q detection cells in the correlation plane detector, with the reference peak occupying the upper left cell in this grid. The detector output is then scanned over the area of the grid 151 and the locations of the other t-1 peaks are determined. Each of the t-1 peaks occupies a unique cell in the grid and the position of each is communicated to the processor 80 on line 149. The processor determines the element bi of the vector b from the pattern of peaks by referring to the same randomised look-up table as used in the unique filter generator 43. The next filter, Fi, is then written to the SLM and thus the next element of b is determined and so on, until the entire array, b, is generated.
Since each element bi, will have w possible values, bi, is, in effect, a number in base w. It is for this reason that u = f(b,w) is chosen as u = blw '1 + bZw "Z +..... + bn_lwi + bnw , because this equation converts the n elements of b from base w to base 10 which is more suitable for communication purposes. Thus, the unique number u is recreated using the apparatus 70 of figure 2, and can be input to the pseudo-random number generator.
In the example shown in figure 3, t=4 (there are 4 peaks), p=q=4 (a 4x4 detection grid is defined), and n=4 (4 filters are displayed sequentially).
Thus, in this example, the unique number u would be capable of representing 4554 or 4.3x1010 values.
This embodiment of the invention has the advantage of requiring only a binary search for correlation peaks, without regard to their intensity. It will thus be more resistant to any variations in the correlation peak heights caused by the correlator system noise.
A further embodiment of the invention would use the combination of peak height and location to generate the unique number, u, using the procedures described herein.
A subscriber may use his card created with the enrolment device of figure 1 to operate a PIN operated device, such as an ATM or a symmetric encryption/decryption system, utilizing apparatus 270 of figure 4. With regard to figure 1, the PIN
may be derived from the unique number generator 44 or can be chosen by the system user 50.
Turning to figure 4 in which like parts to those appearing in figure 2 have been given like numbers, apparatus 270 comprises an input system 129 with a laser 130, expander lens 131, collimator lens 133, and prism 135. A correlator 142 is in the information beam path 139. The correlator comprises a Fourier transforming lens 143, an.
electronically addressable (programmable) spatial light modulator (SLM) 144 in the back WO 96/08093 99n 34 PCT/CA95/00509 focal plane of lens 143, and an inverse Fourier transform lens 146. The output beam 147 from the correlator inputs optical detector 148. Detector 148 inputs processor 80 on line 149. The processor also receives an input from card reader 72 on line 78. The processor outputs to the SLM 144 on line 79 and to a PIN operated device 200 on line 282.
A subscriber who wishes to use the PIN operated device places the same finger or fingers on the input screen 128 as were placed on the screen 28 (figure 1) during enrolment and his card 20 in reader 72. This activates light source 130 and the resulting output beam 139 from the prism is an information beam carrying the fingerprint pattern p'.
The beam 139 carrying the spatial fingerprint information proceeds into the correlator 142 and passes through the Fourier transform lens 143. The filter information, F, stored on card 20 is read by reader 72 and input to processor 80. The processor converts the incoming digital filter information signals to analog SLM drive voltages. These drive voltages, which represent the filter information, are transferred into the SLM 144 on line 79.
The filter written on the SLM 144 modulates the fingerprint's optical transform through a multiplicative method which is part of the optical correlation operation which compares the subscribers fingerprint(s) with those represented by the encoded filter F
stored on the subscriber's card. The output from the SLM 144 is an optical signal S' whose similarity to the transform function S depends on the degree of correlation between the input fingerprint(s) p' and the reference fingerprint(s) p used to construct the filter F. If p and p' are the same fingerprint(s) then S' equals S. The optical signal 145 which comprises S' passes through the second transform lens 146 and onto the optical detector 148 where its intensity distribution s' is detected. When p' equals p then s' will be an intensity distribution equal to g, the array of numbers which represent the unique number u. The output of the optical detector 148 inputs the processor 80 which calculates the unique number u from the array of numbers {gl...... gõ}. If the error in detection by detector 148 only allows 0 distinct values between 0 and m-1 inclusive, where m is the dynamic range of the optical detector 148, we calculate:
gi* = gi(measured) .i and round to integers m where0_gi*<(3.
Then u = gi*Rn-1+ g2*(3n-2 +..... +gn*P
The number u then acts as the PIN (private key) for operating the PIN
operated device 200. Thus, the fingerprint of an authorised user will recover his PIN from his card without need for the user to know his PIN. On the other hand, because the PIN is secured by the fingerprint, the user may choose his/her own PIN for use with the PIN
operated system.
The unique number u can also be generated using peak locations in the output of the correlator as described in a previous embodiment.
It will be apparent to those skilled in the art that input systems other than system 29 of figure 1 and 129 of figures 2-and 4 are available in order to produce a fingerprint information beam. Some of these other systems do not require a laser.
While it is preferred that the input to the input system is the fingerprint(s) of a user, the input system could be adapted to produce an optical signal impressed with characteristics from other body parts, such as a user's hand or iris. Indeed, any body part which has a unique signature comprises a biometric which may be suitable for use within the spirit of this invention.
While the systems of figures 2 and 4 have been described in conjunction with an optical correlator 142, it will be apparent to those skilled in the art that the correlator may be implemented digitally.
Other modifications will be apparent to those skilled in the art and, accordingly, the invention is defined in the claims.
Claims (7)
1. An apparatus for interfacing with an existing personnel control system that utilizes stored data in a predetermined format for the purpose of determining whether a presented individual is authorized to have access to a controlled area, the apparatus comprising:
means for storing physical characteristic information for a plurality of individuals;
means for storing for each individual, an access signal associated with the existing personnel control system;
means for scanning a physical characteristic of a presented individual;
means for generating a scanned physical characteristic signal for the presented individual;
means for comparing the stored physical characteristics information to the scanned physical characteristic signal to determine if a match is found;
means for outputting the access signal associated with the presented individual when a match is found; and means for communicating the outputted access signal to the existing control system in a format that is compatible with the predetermined format of the stored data so that the existing personnel control system will recognize the outputted access signal as a match for the presented individual stored data and authorize access to the controlled area.
means for storing physical characteristic information for a plurality of individuals;
means for storing for each individual, an access signal associated with the existing personnel control system;
means for scanning a physical characteristic of a presented individual;
means for generating a scanned physical characteristic signal for the presented individual;
means for comparing the stored physical characteristics information to the scanned physical characteristic signal to determine if a match is found;
means for outputting the access signal associated with the presented individual when a match is found; and means for communicating the outputted access signal to the existing control system in a format that is compatible with the predetermined format of the stored data so that the existing personnel control system will recognize the outputted access signal as a match for the presented individual stored data and authorize access to the controlled area.
2. The apparatus of claim 1 wherein the predetermined format of the existing personnel control system is compatible with information stored on a card.
3. The apparatus of claim 2 wherein the card has a magnetic stripe and the stored information is encoded thereon.
4. The apparatus of claim 2 wherein the stored information is encoded on the card in machine readable code.
5. The apparatus of claim 1 wherein the predetermined format of the existing personnel control system is compatible with a PIN.
6. The apparatus of claim 1 further comprising means for denying access when a match is not found.
7. A biometric apparatus for interfacing with an existing personnel control system that utilizes stored data, in addition to biometric data, for the purpose of determining whether a presented individual is authorized to have access to a controlled area, the apparatus comprising:
means for storing biometric information for a plurality of individuals;
means for obtaining biometric information on a presented individual;
means for storing for each individual, an access signal associated with the existing personnel control system;
means for generating an obtained biometric information signal for the presented individual;
means for comparing the stored biometric information to the obtained signal to determine if a match is found;
means for outputting the access signal associated with the presented individual when a match is found; and means for communicating the outputted access signal to the existing control system in a format that is compatible with the stored data so that the existing personnel control system will recognize the outputted access signal as a match for the presented individual stored data and authorize access to the controlled area.
means for storing biometric information for a plurality of individuals;
means for obtaining biometric information on a presented individual;
means for storing for each individual, an access signal associated with the existing personnel control system;
means for generating an obtained biometric information signal for the presented individual;
means for comparing the stored biometric information to the obtained signal to determine if a match is found;
means for outputting the access signal associated with the presented individual when a match is found; and means for communicating the outputted access signal to the existing control system in a format that is compatible with the stored data so that the existing personnel control system will recognize the outputted access signal as a match for the presented individual stored data and authorize access to the controlled area.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US08/301,677 | 1994-09-07 | ||
| US08/301,677 US5541994A (en) | 1994-09-07 | 1994-09-07 | Fingerprint controlled public key cryptographic system |
| US08/512,491 | 1995-08-08 | ||
| US08/512,491 US5680460A (en) | 1994-09-07 | 1995-08-08 | Biometric controlled key generation |
| PCT/CA1995/000509 WO1996008093A1 (en) | 1994-09-07 | 1995-09-06 | Biometric controlled key generation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2199034A1 CA2199034A1 (en) | 1996-03-14 |
| CA2199034C true CA2199034C (en) | 2007-10-16 |
Family
ID=26972538
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002199034A Expired - Lifetime CA2199034C (en) | 1994-09-07 | 1995-09-06 | Biometric controlled key generation |
Country Status (8)
| Country | Link |
|---|---|
| US (1) | US5680460A (en) |
| EP (1) | EP0780040A2 (en) |
| JP (1) | JPH10505474A (en) |
| CN (1) | CN1157677A (en) |
| AU (1) | AU689946B2 (en) |
| BR (1) | BR9509002A (en) |
| CA (1) | CA2199034C (en) |
| WO (1) | WO1996008093A1 (en) |
Families Citing this family (110)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10361802B1 (en) | 1999-02-01 | 2019-07-23 | Blanding Hovenweep, Llc | Adaptive pattern recognition based control system and method |
| US20010016825A1 (en) * | 1993-06-08 | 2001-08-23 | Pugliese, Anthony V. | Electronic ticketing and reservation system and method |
| US5724520A (en) * | 1993-06-08 | 1998-03-03 | Anthony V. Pugliese | Electronic ticketing and reservation system and method |
| US5604806A (en) * | 1995-01-20 | 1997-02-18 | Ericsson Inc. | Apparatus and method for secure radio communication |
| US5995630A (en) * | 1996-03-07 | 1999-11-30 | Dew Engineering And Development Limited | Biometric input with encryption |
| AU764405B2 (en) * | 1996-04-19 | 2003-08-21 | Canon Kabushiki Kaisha | Enciphering method, deciphering method and certifying method |
| JPH09284272A (en) | 1996-04-19 | 1997-10-31 | Canon Inc | Ciphering system, signature system, key common share system, identity proving system and device for the systems |
| US5745578A (en) * | 1996-06-17 | 1998-04-28 | Ericsson Inc. | Apparatus and method for secure communication based on channel characteristics |
| US6219793B1 (en) * | 1996-09-11 | 2001-04-17 | Hush, Inc. | Method of using fingerprints to authenticate wireless communications |
| DE19715644A1 (en) * | 1997-04-15 | 1998-10-22 | Iks Gmbh Information Kommunika | Identity verification procedures |
| US6125192A (en) * | 1997-04-21 | 2000-09-26 | Digital Persona, Inc. | Fingerprint recognition system |
| CA2203212A1 (en) * | 1997-04-21 | 1998-10-21 | Vijayakumar Bhagavatula | Methodology for biometric encryption |
| AU7020898A (en) * | 1997-04-21 | 1998-11-13 | Mytec Technologies Inc. | Method for secure key management using a biometric |
| US5991408A (en) * | 1997-05-16 | 1999-11-23 | Veridicom, Inc. | Identification and security using biometric measurements |
| AU3709297A (en) * | 1997-08-05 | 1999-03-01 | Enix Corporation | Fingerprint collation |
| US6035398A (en) * | 1997-11-14 | 2000-03-07 | Digitalpersona, Inc. | Cryptographic key generation using biometric data |
| US6044353A (en) * | 1998-03-10 | 2000-03-28 | Pugliese, Iii; Anthony V. | Baggage check-in and security system and method |
| JP2002512409A (en) * | 1998-04-21 | 2002-04-23 | シーメンス アクチエンゲゼルシヤフト | Electronic device and method for authenticating a user of the device |
| US6353889B1 (en) * | 1998-05-13 | 2002-03-05 | Mytec Technologies Inc. | Portable device and method for accessing data key actuated devices |
| US6324310B1 (en) | 1998-06-02 | 2001-11-27 | Digital Persona, Inc. | Method and apparatus for scanning a fingerprint using a linear sensor |
| US6188781B1 (en) | 1998-07-28 | 2001-02-13 | Digital Persona, Inc. | Method and apparatus for illuminating a fingerprint through side illumination of a platen |
| EP1112554A1 (en) * | 1998-09-07 | 2001-07-04 | Kent Ridge Digital Labs | A method of and apparatus for generation of a key |
| US6363485B1 (en) | 1998-09-09 | 2002-03-26 | Entrust Technologies Limited | Multi-factor biometric authenticating device and method |
| JP3258632B2 (en) * | 1998-11-26 | 2002-02-18 | 株式会社高度移動通信セキュリティ技術研究所 | Fingerprint authentication device |
| US20020124176A1 (en) * | 1998-12-14 | 2002-09-05 | Michael Epstein | Biometric identification mechanism that preserves the integrity of the biometric information |
| JP2000188594A (en) * | 1998-12-21 | 2000-07-04 | Sony Corp | Authentication system, fingerprint collation device and authentication method |
| US6748533B1 (en) | 1998-12-23 | 2004-06-08 | Kent Ridge Digital Labs | Method and apparatus for protecting the legitimacy of an article |
| HUP0201309A2 (en) * | 1999-02-08 | 2002-09-28 | Siemens Ag | Arrangement for determining and evaluating data or signals and method for verifying the identity or authorisation of a person |
| US6901145B1 (en) | 1999-04-08 | 2005-05-31 | Lucent Technologies Inc. | Generation of repeatable cryptographic key based on varying parameters |
| US7711152B1 (en) * | 1999-04-30 | 2010-05-04 | Davida George I | System and method for authenticated and privacy preserving biometric identification systems |
| US8325994B2 (en) | 1999-04-30 | 2012-12-04 | Davida George I | System and method for authenticated and privacy preserving biometric identification systems |
| US7170499B1 (en) * | 1999-05-25 | 2007-01-30 | Silverbrook Research Pty Ltd | Handwritten text capture via interface surface |
| US6940976B1 (en) * | 1999-06-02 | 2005-09-06 | International Business Machines Corporation | Generating user-dependent RSA keys |
| US6687375B1 (en) * | 1999-06-02 | 2004-02-03 | International Business Machines Corporation | Generating user-dependent keys and random numbers |
| US6807291B1 (en) | 1999-06-04 | 2004-10-19 | Intelligent Verification Systems, Inc. | Animated toy utilizing artificial intelligence and fingerprint verification |
| JP4519963B2 (en) * | 1999-06-21 | 2010-08-04 | 富士通株式会社 | Biometric information encryption / decryption method and apparatus, and personal authentication system using biometric information |
| US7127088B1 (en) | 1999-07-19 | 2006-10-24 | Mandylion Research Labs, Llc | Method of authenticating proper access to secured site and device for implementation thereof |
| US6928163B1 (en) | 1999-07-20 | 2005-08-09 | International Business Machines Corporation | Methods, systems and computer program products for generating user-dependent RSA values without storing seeds |
| JP2001057551A (en) * | 1999-08-18 | 2001-02-27 | Nec Corp | Encryption communication system and encryption communication method |
| US8479012B1 (en) | 1999-10-19 | 2013-07-02 | Harris Technology, Llc | Using biometrics as an encryption key |
| FR2805066B1 (en) * | 2000-02-15 | 2003-12-05 | Sagem | METHOD FOR ENCODING A DETECTED IMAGE OF A BIOMETRIC CHARACTERISTIC OF A PERSON, SECURE AUTHENTICATION METHOD FOR ACCESS AUTHORIZATION USING THE SAME, IMPLEMENTING DEVICES THEREOF |
| US6678821B1 (en) | 2000-03-23 | 2004-01-13 | E-Witness Inc. | Method and system for restricting access to the private key of a user in a public key infrastructure |
| KR100383012B1 (en) * | 2000-05-16 | 2003-05-09 | 주식회사 엔지티 | Apparatus and method for controling a secure door using fingerprint recognition and face detection |
| US7024562B1 (en) | 2000-06-29 | 2006-04-04 | Optisec Technologies Ltd. | Method for carrying out secure digital signature and a system therefor |
| US20040111625A1 (en) * | 2001-02-14 | 2004-06-10 | Duffy Dominic Gavan | Data processing apparatus and method |
| GB0113255D0 (en) * | 2001-05-31 | 2001-07-25 | Scient Generics Ltd | Number generator |
| US7181017B1 (en) | 2001-03-23 | 2007-02-20 | David Felsher | System and method for secure three-party communications |
| KR20030097847A (en) * | 2001-05-02 | 2003-12-31 | 시큐젠 코포레이션 | Authenticating user on computer network for biometric information |
| EP1258840A1 (en) * | 2001-05-15 | 2002-11-20 | Koninklijke KPN N.V. | Method and system for processing identification data |
| HUP0103350A2 (en) * | 2001-08-17 | 2003-04-28 | Péter Ladányi | Electronic writing device for generating electronic signature of enhanced security |
| KR100432490B1 (en) | 2001-09-17 | 2004-05-22 | (주)니트 젠 | Optical fingerprint acquisition apparatus |
| US7237115B1 (en) * | 2001-09-26 | 2007-06-26 | Sandia Corporation | Authenticating concealed private data while maintaining concealment |
| NO316489B1 (en) * | 2001-10-01 | 2004-01-26 | Genkey As | System, portable device and method for digital authentication, encryption and signing by generating volatile but consistent and repeatable crypton keys |
| US20030131114A1 (en) * | 2001-10-12 | 2003-07-10 | Scheidt Edward M. | Portable electronic authenticator cryptographic module |
| AU2002342409B2 (en) * | 2001-11-30 | 2008-04-17 | Thumbsecure Biometrics Corporation Pty Ltd | An encryption system |
| WO2003047160A1 (en) * | 2001-11-30 | 2003-06-05 | Thumbaccess Biometrics Corporation Pty Ltd | An encryption system |
| GB0228434D0 (en) * | 2002-12-05 | 2003-01-08 | Scient Generics Ltd | Error correction |
| DE60309176T2 (en) * | 2002-05-31 | 2007-09-06 | Scientific Generics Ltd., Harston | BIOMETRIC AUTHENTICATION SYSTEM |
| US20070234052A1 (en) * | 2002-06-25 | 2007-10-04 | Campisi Steven E | Electromechanical lock system |
| US7543156B2 (en) * | 2002-06-25 | 2009-06-02 | Resilent, Llc | Transaction authentication card |
| US20070220272A1 (en) * | 2002-06-25 | 2007-09-20 | Campisi Steven E | Transaction authentication card |
| US9818136B1 (en) | 2003-02-05 | 2017-11-14 | Steven M. Hoffberg | System and method for determining contingent relevance |
| WO2004092956A1 (en) * | 2003-04-02 | 2004-10-28 | Pathfire, Inc. | Cascading key encryption |
| GB0309182D0 (en) * | 2003-04-23 | 2003-05-28 | Hewlett Packard Development Co | Security method and apparatus using biometric data |
| US20050005136A1 (en) * | 2003-04-23 | 2005-01-06 | Liqun Chen | Security method and apparatus using biometric data |
| US20070096869A1 (en) * | 2003-06-24 | 2007-05-03 | Stefan Trohler | Work time recording system and method for recording work time |
| US20050044387A1 (en) * | 2003-08-18 | 2005-02-24 | Ozolins Helmars E. | Portable access device |
| JP4294434B2 (en) * | 2003-10-17 | 2009-07-15 | 株式会社日立製作所 | Unique code generation apparatus and method, program, and recording medium |
| FR2862394B1 (en) * | 2003-11-18 | 2006-02-17 | Atmel Grenoble Sa | GENERATOR OF RANDOM BITARY SEQUENCES |
| US7801833B2 (en) * | 2003-12-22 | 2010-09-21 | Endicott Interconnect Technologies, Inc. | Item identification control method |
| JP4556103B2 (en) * | 2004-02-24 | 2010-10-06 | ソニー株式会社 | Encryption apparatus and encryption method |
| US20050246763A1 (en) * | 2004-03-25 | 2005-11-03 | National University Of Ireland | Secure digital content reproduction using biometrically derived hybrid encryption techniques |
| US7996673B2 (en) | 2004-05-12 | 2011-08-09 | Echoworx Corporation | System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient |
| US8232862B2 (en) * | 2004-05-17 | 2012-07-31 | Assa Abloy Ab | Biometrically authenticated portable access device |
| GB0413034D0 (en) * | 2004-06-10 | 2004-07-14 | Scient Generics Ltd | Secure workflow engine |
| JP4622334B2 (en) * | 2004-06-23 | 2011-02-02 | 日本電気株式会社 | Content data utilization system and method, mobile communication terminal and program |
| US20060056729A1 (en) * | 2004-09-15 | 2006-03-16 | Hillis W D | Fourier domain camera |
| US7734079B2 (en) * | 2004-09-28 | 2010-06-08 | General Electric Company | Methods and apparatus for image reconstruction |
| CN101091348B (en) * | 2004-12-28 | 2011-09-07 | 皇家飞利浦电子股份有限公司 | Key generation using biometric data and secret extraction codes |
| JP4547624B2 (en) * | 2005-04-27 | 2010-09-22 | ソニー株式会社 | Pseudorandom number generation device, pseudorandom number generation method, and program |
| JP2007018050A (en) * | 2005-07-05 | 2007-01-25 | Sony Ericsson Mobilecommunications Japan Inc | Portable terminal device, personal identification number certification program, and personal identification number certification method |
| US8874477B2 (en) | 2005-10-04 | 2014-10-28 | Steven Mark Hoffberg | Multifactorial optimization system and method |
| US7623659B2 (en) | 2005-11-04 | 2009-11-24 | Cisco Technology, Inc. | Biometric non-repudiation network security systems and methods |
| CN1988441A (en) * | 2005-12-21 | 2007-06-27 | 中国银联股份有限公司 | Data safety transmission method |
| US8005277B2 (en) * | 2006-03-03 | 2011-08-23 | Research Foundation-State University of NY | Secure fingerprint matching by hashing localized information |
| JP4961214B2 (en) * | 2006-03-29 | 2012-06-27 | 株式会社日立情報制御ソリューションズ | Biometric authentication method and system |
| CN101227269B (en) * | 2007-01-18 | 2010-10-06 | 中国科学院自动化研究所 | Method for binding and publishing digital information or cryptographic key based on fingerprint frequency domain |
| GB0702091D0 (en) * | 2007-02-02 | 2007-03-14 | Fracture Code Corp Aps | Secure Barcode |
| ITAQ20070002A1 (en) * | 2007-02-07 | 2007-05-07 | Fabio Antonini | TERMINAL DISPENSER OF BANCONOTE (ATM), FOR ELECTRONIC PAYMENT AND MAKING OF OPERATIONS WITH USE OF THE BANCOMAT CARD, CREDIT OR DEBIT, WITH AUTHENTICATION BY DIGITAL FINGERPRINT AND / OR PIN CODE AND WITH POSSIBILITY OF COMMUNICATION |
| US7841539B2 (en) * | 2007-02-15 | 2010-11-30 | Alfred Hewton | Smart card with random temporary account number generation |
| US8011593B2 (en) * | 2007-03-15 | 2011-09-06 | Joseph Frank Preta | Smart apparatus for making secure transactions |
| US8382668B2 (en) * | 2007-06-21 | 2013-02-26 | Rf Science & Technology Inc. | Non-invasive determination of characteristics of a sample |
| US8647272B2 (en) * | 2007-06-21 | 2014-02-11 | Rf Science & Technology Inc | Non-invasive scanning apparatuses |
| US8647273B2 (en) * | 2007-06-21 | 2014-02-11 | RF Science & Technology, Inc. | Non-invasive weight and performance management |
| US10264993B2 (en) * | 2007-06-21 | 2019-04-23 | Rf Science & Technology Inc. | Sample scanning and analysis system and methods for using the same |
| US8259299B2 (en) | 2007-06-21 | 2012-09-04 | Rf Science & Technology Inc. | Gas scanning and analysis |
| JP2009080773A (en) * | 2007-09-27 | 2009-04-16 | Fuji Xerox Co Ltd | Handwritten information management device, handwritten information management system, and handwritten information management program |
| FR2925732B1 (en) * | 2007-12-21 | 2010-02-12 | Sagem Securite | GENERATION AND USE OF A BIOMETRIC KEY |
| US9077537B2 (en) * | 2008-11-13 | 2015-07-07 | International Business Machines Corporation | Generating secure private keys for use in a public key communications environment |
| DE102009001718B4 (en) * | 2009-03-20 | 2010-12-30 | Compugroup Holding Ag | Method for providing cryptographic key pairs |
| EP2482219B1 (en) | 2011-01-31 | 2015-10-14 | BlackBerry Limited | Blacklisting of frequently used gesture passwords |
| CN103370718B (en) * | 2011-03-21 | 2016-01-20 | 索尼爱立信移动通讯有限公司 | Use the data guard method of distributed security key, equipment and system |
| KR101284481B1 (en) * | 2011-07-15 | 2013-07-16 | 아이리텍 잉크 | Authentication method and device using OTP including biometric data |
| CN103425456A (en) * | 2012-05-22 | 2013-12-04 | 中国科学院深圳先进技术研究院 | Password input system on basis of human communication channel |
| CN103353841A (en) * | 2013-06-20 | 2013-10-16 | 金硕澳门离岸商业服务有限公司 | Multifunctional MCU (micro computer unit) implementation method and multifunctional MCU |
| US9450953B2 (en) | 2013-11-06 | 2016-09-20 | Blackberry Limited | Blacklisting of frequently used gesture passwords |
| CN103873232B (en) * | 2014-03-03 | 2017-01-11 | 杭州电子科技大学 | Generation method for biologic key of user chirography on touch screen |
| US9374370B1 (en) | 2015-01-23 | 2016-06-21 | Island Intellectual Property, Llc | Invariant biohash security system and method |
| RU2610696C2 (en) * | 2015-06-05 | 2017-02-14 | Закрытое акционерное общество "Лаборатория Касперского" | System and method for user authentication using electronic digital signature of user |
| US10951609B2 (en) | 2018-11-05 | 2021-03-16 | International Business Machines Corporation | System to effectively validate the authentication of OTP usage |
Family Cites Families (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US3771129A (en) * | 1972-07-27 | 1973-11-06 | Sperry Rand Corp | Optical processor fingerprint identification apparatus |
| JPS59107658A (en) * | 1982-12-10 | 1984-06-21 | Nec Corp | Method and apparatus of private talk |
| US4532508A (en) * | 1983-04-01 | 1985-07-30 | Siemens Corporate Research & Support, Inc. | Personal authentication system |
| US5159474A (en) * | 1986-10-17 | 1992-10-27 | E. I. Du Pont De Nemours And Company | Transform optical processing system |
| US4837843A (en) * | 1987-06-19 | 1989-06-06 | Hughes Aircraft Company | Hybrid optical and electronic associative memory |
| US4876725A (en) * | 1987-10-08 | 1989-10-24 | Mytec Technologies Inc. | Method and apparatus for fingerprint verification |
| JPH0830830B2 (en) * | 1988-09-07 | 1996-03-27 | セイコー電子工業株式会社 | Optical correlation processor |
| EP0396774A4 (en) * | 1988-10-26 | 1991-10-30 | Hitachi Maxell Ltd. | Method and apparatus for controlling recording medium and recording medium produced under the control thereof |
| US5245329A (en) * | 1989-02-27 | 1993-09-14 | Security People Inc. | Access control system with mechanical keys which store data |
| US5040140A (en) * | 1989-04-28 | 1991-08-13 | The United States Of America As Represented By The Secretary Of The Air Force | Single SLM joint transform correaltors |
| US5095194A (en) * | 1989-10-12 | 1992-03-10 | Joseph Barbanell | Holographic credit card with automatical authentication and verification |
| US4993068A (en) * | 1989-11-27 | 1991-02-12 | Motorola, Inc. | Unforgeable personal identification system |
| US5138468A (en) * | 1990-02-02 | 1992-08-11 | Dz Company | Keyless holographic lock |
| US5386378A (en) * | 1990-06-05 | 1995-01-31 | Matsushita Electric Industrial Co., Ltd. | Optical information processing apparatus and method using computer generated hologram |
| US5050220A (en) * | 1990-07-24 | 1991-09-17 | The United States Of America As Represented By The Secretary Of The Navy | Optical fingerprint correlator |
| US5343415A (en) * | 1990-08-31 | 1994-08-30 | Matsushita Electric Industrial Co., Ltd. | Logarithmic polar coordinate transforming method, vision recognizing method, and optical information processing apparatus |
| US5347375A (en) * | 1991-11-26 | 1994-09-13 | Kabushiki Kaisha Toshiba | Computer-assisted holographic image formation technique which determines interference pattern data used to form the holographic |
| US5280527A (en) * | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
| US5268963A (en) * | 1992-06-09 | 1993-12-07 | Audio Digital Imaging Inc. | System for encoding personalized identification for storage on memory storage devices |
| US5327286A (en) * | 1992-08-31 | 1994-07-05 | Texas Instruments Incorporated | Real time optical correlation system |
| DE4243908C2 (en) * | 1992-12-23 | 2001-06-07 | Gao Ges Automation Org | Method for generating a digital signature using a biometric feature |
| US5365586A (en) * | 1993-04-09 | 1994-11-15 | Washington University | Method and apparatus for fingerprinting magnetic media |
| US5345508A (en) * | 1993-08-23 | 1994-09-06 | Apple Computer, Inc. | Method and apparatus for variable-overhead cached encryption |
| US5418380A (en) * | 1994-04-12 | 1995-05-23 | Martin Marietta Corporation | Optical correlator using ferroelectric liquid crystal spatial light modulators and Fourier transform lenses |
| US5469506A (en) * | 1994-06-27 | 1995-11-21 | Pitney Bowes Inc. | Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic |
| US5541994A (en) * | 1994-09-07 | 1996-07-30 | Mytec Technologies Inc. | Fingerprint controlled public key cryptographic system |
-
1995
- 1995-08-08 US US08/512,491 patent/US5680460A/en not_active Expired - Lifetime
- 1995-09-06 CA CA002199034A patent/CA2199034C/en not_active Expired - Lifetime
- 1995-09-06 WO PCT/CA1995/000509 patent/WO1996008093A1/en not_active Application Discontinuation
- 1995-09-06 EP EP95929706A patent/EP0780040A2/en not_active Withdrawn
- 1995-09-06 AU AU33390/95A patent/AU689946B2/en not_active Ceased
- 1995-09-06 BR BR9509002A patent/BR9509002A/en unknown
- 1995-09-06 CN CN95194945A patent/CN1157677A/en active Pending
- 1995-09-06 JP JP8509062A patent/JPH10505474A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| AU689946B2 (en) | 1998-04-09 |
| CN1157677A (en) | 1997-08-20 |
| MX9701786A (en) | 1997-10-31 |
| WO1996008093A1 (en) | 1996-03-14 |
| US5680460A (en) | 1997-10-21 |
| JPH10505474A (en) | 1998-05-26 |
| AU3339095A (en) | 1996-03-27 |
| EP0780040A2 (en) | 1997-06-25 |
| BR9509002A (en) | 1998-06-02 |
| CA2199034A1 (en) | 1996-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2199034C (en) | Biometric controlled key generation | |
| US5541994A (en) | Fingerprint controlled public key cryptographic system | |
| US5712912A (en) | Method and apparatus for securely handling a personal identification number or cryptographic key using biometric techniques | |
| US5737420A (en) | Method for secure data transmission between remote stations | |
| US6002770A (en) | Method for secure data transmission between remote stations | |
| Matoba et al. | Optical techniques for information security | |
| Bhatnagar et al. | Chaos-based security solution for fingerprint data during communication and transmission | |
| CN100370725C (en) | Enciphering method, deciphering method and certifying method | |
| US20020101988A1 (en) | Decryption glasses | |
| JP3957130B2 (en) | User authentication method, user authentication system, verification device, storage device, and electronic data record carrier | |
| WO1996008093B1 (en) | Biometric controlled key generation | |
| US20050005136A1 (en) | Security method and apparatus using biometric data | |
| EP1520369A1 (en) | Biometric authentication system | |
| US20030140232A1 (en) | Method and apparatus for secure encryption of data | |
| US7693279B2 (en) | Security method and apparatus using biometric data | |
| Ramírez-Ruiz et al. | Cryptographic keys generation using fingercodes | |
| Wei et al. | Optical image encryption using QR code and multilevel fingerprints in gyrator transform domains | |
| Lin et al. | Multiple images encryption based on Fourier transform hologram | |
| CA2319958C (en) | Image processing apparatus and method with locking feature | |
| Takeda et al. | Encrypted sensing based on digital holography for fingerprint images | |
| Wai Kuan et al. | Secure hashing of dynamic hand signatures using wavelet-fourier compression with biophasor mixing and discretization | |
| GB2401015A (en) | Security method and apparatus using biometric data | |
| JP2002149611A (en) | Authentication system, authentication requesting device, verification device and service medium | |
| WO2005076201A1 (en) | Personal authentication method, personal authentication system, and optical information recording medium | |
| Souza et al. | Improving biometrics authentication with a multi-factor approach based on optical interference and chaotic maps |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKEX | Expiry |
Effective date: 20150908 |