WO1999056429A1 - Personal identification system and method - Google Patents

Personal identification system and method Download PDF

Info

Publication number
WO1999056429A1
WO1999056429A1 PCT/US1999/008990 US9908990W WO9956429A1 WO 1999056429 A1 WO1999056429 A1 WO 1999056429A1 US 9908990 W US9908990 W US 9908990W WO 9956429 A1 WO9956429 A1 WO 9956429A1
Authority
WO
WIPO (PCT)
Prior art keywords
signal
user
code
host
biometric
Prior art date
Application number
PCT/US1999/008990
Other languages
French (fr)
Inventor
John D. Scott
Terence P. Curtis
Original Assignee
Identix Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/066,643 external-priority patent/US6484260B1/en
Application filed by Identix Incorporated filed Critical Identix Incorporated
Priority to AU37610/99A priority Critical patent/AU3761099A/en
Priority to GB0025864A priority patent/GB2353386B/en
Priority to DE19983155T priority patent/DE19983155T1/en
Priority to JP2000546486A priority patent/JP2003529113A/en
Publication of WO1999056429A1 publication Critical patent/WO1999056429A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00563Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means

Definitions

  • the invention relates to a personal identification system and method for allowing access to secure facilities.
  • Some security systems such as home security systems and door locks, require a user to enter a fixed code into a device at a host facility before allowing a person access to the facility.
  • Other systems such as automated teller machines (ATM), require a person to submit an authorized card and also to enter a fixed code that is associated with the person's bank accounts.
  • ATM automated teller machines
  • Automobile alarms, locks, and disabling devices, and garage door openers can be operated by pressing a button on a small remote device to transmit a coded signal to a receiving unit on the automobile or garage.
  • Each of these security systems can be operated by any person who is in possession of the fixed code, the card or the transmitting device, as the case may be. Therefore, each of these systems is inherently insecure.
  • some host facilities employ a biometric sensor to measure a biometric trait of a person requesting access to the host facility.
  • the biometric trait is a unique identifier of a person, and can be, for example, a person's fingerprint, voice pattern, iris pattern, or the like.
  • the requesting person also enters other identifying information about himself.
  • the measured biometric trait is compared with stored biometric data associated with the identified person and, if there is a match, the requesting person is allowed entry or access to the host facility.
  • each authorized person registers with the host facility by providing a sample of their biometric trait, for example, by having his fingerprint optically scanned into a host system data base.
  • Each host facility must have a biometric sensor, access to the database of registered persons' biometric trait registration data, and a processing system capable of quickly searching the database and conducting the comparison to verify a person's identity.
  • a processing system capable of quickly searching the database and conducting the comparison to verify a person's identity.
  • the set of authorized persons is large, such a system would require a huge database to store the fingerprint images of all the authorized persons, and the identification process would become slower as the set of authorized persons increases.
  • a processing circuit responsive to the biometric signal is adapted to compare the biometric signal with stored biometric data representative of the biometric trait of an enrolled person that is indicative of the identity of the enrolled person.
  • the processor provides a verification signal only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person.
  • the verification signal is indicative of the enrolled person or the device.
  • a communication unit including a transmitter circuit, is adapted to transmit the verification signal to a remote host system.
  • the invention features a personal identification system, comprising: a biometric sensor configured to extract a representation of a biometric trait of a user; a processor configured to verify the user's identity based upon a comparison of a representation of a biometric trait extracted from a user with a stored representation of the biometric trait; and a transmitter configured to transmit a verification signal indicative of a successful verification of the user's identity.
  • Embodiments may include one or more of the following features.
  • the processor may be configured to process signals received from a global positioning system (GPS) receiver.
  • the processor may be configured to derive trip information (e.g., the location of the GPS receiver) from the signals received from the GPS receiver.
  • the processor may be programmable to prompt the user for additional verification information when the GPS receiver is positioned at a particular location.
  • the system may include a user input configured to enable a user to enter trip information, and wherein the processor is configured to process information received from the user.
  • the transmitter may be further configured to transmit signals representative of stored trip information.
  • the biometric sensor, the processor, and the transmitter may be housed within a portable, hand-held housing.
  • the system may include an input device mounted inside a vehicle and coupled to the vehicle's power system, and wherein the input device is adapted to receive the verification signal from the transmitter and to enable the user to turn on the vehicle only upon receipt of the verification signal.
  • the housing may have the form of a pocket-sized security badge.
  • the housing may be configured to receive a graphical representation of the user.
  • the system may include an automatic door locking device coupled to a vehicle door (or trunk) and adapted to unlock the door (or trunk) upon receipt of the verification signal.
  • the system also may include a receiver.
  • the processor may be operable to switch the system from a low power operation to a normal power operation when the receiver receives a power-up signal from a host system.
  • the system also may include a memory configured to store the representation of the biometric trait.
  • the memory may be housed within a portable housing separable from the biometric sensor, processor and transmitter.
  • the communication unit preferably is adapted for remote communication with the host system via a wireless communication medium.
  • the device can further include a display and a keypad.
  • the biometric sensor system can include a fingerprint sensor, a voice sensor, or any other type of biometric sensor.
  • the fingerprint sensor can include a platen adapted for placing a finger thereon.
  • the fingerprint sensor can further include an optical image sensor, which may include a complementary metal oxide semiconductor (CMOS) optical sensor, a charge coupled device (CCD) optical sensor, or any other optical sensor having sufficient resolution to provide a signal indicative of a fingerprint image.
  • CMOS complementary metal oxide semiconductor
  • CCD charge coupled device
  • the platen would include an optical platen, and the biometric sensor may also include a lens focusing light from the platen onto the optical sensor.
  • the fingerprint sensor can alternatively include a direct contact sensor device, such as a capacitive sensor chip or thermal sensor chip. In these embodiments, the platen would be the surface of the sensor chip.
  • the processing unit can include a processor circuit, a memory and an encoder, wherein the memory stores the biometric data, and wherein the verification signal includes an encrypted signal encrypted by the encoder.
  • the encoder includes an encoding circuit, and the verification signal further includes an ID code indicative of the enrolled person or the device.
  • the encoder comprises an encryption algorithm programmed into the processor.
  • the encryption algorithm employs a private key indicative of the enrolled person or the device.
  • the communication unit can further include a receiver circuit.
  • the memory can further store an ID code indicative of the enrolled person or the device.
  • the processor unit can be further adapted to first cause the transmitter circuit to transmit an ID code signal indicative of the ID code to the host system.
  • the receiver circuit can be adapted to receive a host response signal transmitted by the host system in response to the ID code signal.
  • the processor unit employs the encryption algorithm and the private key to encrypt the host response signal to create the verification signal, and causes the transmitter circuit to transmit the verification signal to the host system only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person.
  • the memory can be located in a removable plug-in module, and the personal identification device further includes a socket adapted to receive the module.
  • a fingerprint sensor system in the housing is capable of sensing a fingerprint of a user and providing a fingerprint signal indicative thereof.
  • the fingerprint sensor system includes a platen on a surface of the housing adapted to receive a finger.
  • a communication unit in the housing is adapted for wireless communication with a separate host system.
  • the communication unit includes a transmitting circuit and a receiving circuit.
  • a slot in the housing receives a removable smart card that includes a memory.
  • the device can be combined with the smart card.
  • the memory in the smart card stores a fingerprint template representative of the fingerprint of an enrolled person, and an ID code and a personal encryption key being associated with the device.
  • a processing circuit in the device is adapted to cause the ID code signal from memory to be transmitted by the transmitting circuit.
  • the processing circuit is further adapted to cause a host response signal received by the receiving circuit signal from the host system in response to the ID code signal to be encrypted according an encryption algorithm employing the personal encryption key and to cause the encrypted host response signal to be transmitted by the transmitting circuit only if the fingerprint signal corresponds sufficiently to the fingerprint template to verify that the user is the registered person.
  • a method of providing secure access to a host facility includes the step of registering one or more persons with the host facility, including storing a unique ID code and a public encryption key for each registered person.
  • the method also includes receiving a first transmission comprising a first user signal at the host facility, generating and then transmitting a random number signal from the host facility only if the first user signal represents one of the stored ID codes, receiving a second transmission comprising a second user signal at the host facility, decrypting the second user signal with the public encryption key associated with the registered person who is also associated with the stored ID code represented by the first user signal, and providing access to the host facility only if the decrypted second user signal represents the random number.
  • a method of providing access to a secure host facility only to registered persons includes registering one or more registered persons with the host system. Registering each registered person includes storing an ID code associated only with a portable hand-held device under the control of that registered person. The method also includes transmitting an ID code signal from a portable hand-held device to a host facility of the host system. The ID code signal represents an ID code associated with the transmitting device.
  • Other steps include generating, at the host facility, a random number signal representing a random number in response to the ID code signal only if the ID code signal is representative of the ID code of the device controlled by one of the registered persons, and retrieving, with the host system, a public key associated with the one of the registered persons only if the ID code signal is representative of the ID code of the one the devices controlled by the one of the registered persons. Retrieving the public key can include retrieving the public key from a trusted third party. Further steps include transmitting the random number signal from the host facility to the transmitting device, and receiving the random number signal with the transmitting device.
  • the method also includes generating a user fingerprint signal representing a fingerprint image of a user's finger being placed on a platen of the transmitting device, and comparing, with the transmitting device, the user fingerprint signal to a fingerprint template stored in the transmitting device, wherein the fingerprint template represents a fingerprint image of a person who is enrolled with the transmitting device.
  • Other steps include encrypting the random number signal with the transmitting device, the random number signal being encrypted according to an encryption algorithm employing a private key associated only with the transmitting device, transmitting the encrypted random number signal from the transmitting device to the host facility only if the fingerprint image represented by the user fingerprint signal corresponds sufficiently to the fingerprint image represented by the fingerprint template to verify that the user is the enrolled person, decrypting the encrypted random number signal with the host system, including employing the retrieved public key, and providing the user access to the host facility only if the decrypted encrypted random number signal represents the random number.
  • Transmitting the ID code signal, transmitting the random number signal, and transmitting the encrypted random number signal each can include transmitting via a wireless transmission. Transmitting the ID code signal, transmitting the random number signal, and transmitting the encrypted random number signal each can further include transmitting via at least one of a modem, a cable access TV line, and a computer communication medium.
  • a method of providing a secure function at a host facility only to a registered person includes registering a person with the host facility by storing an ID code associated only with a portable registered device controlled by the registered person, learning a synchronization counter of the registered device, storing an encryption key associated with the registered device and associating the encryption key of the registered device with the stored ID code.
  • the method also includes generating a user fingerprint signal representing a fingerprint image of a user's finger being placed on a platen of a portable user device, comparing, with the user device, the user fingerprint signal to a fingerprint template stored in the user device, the fingerprint template representing a fingerprint image of an enrolled person who is enrolled with the user device, and generating an access signal with the user device only if the fingerprint image represented by the user fingerprint signal corresponds sufficiently to the fingerprint image represented by the fingerprint template to verify that the user is the enrolled person, the access signal including an ID code associated only with the user device, button press information representing a requested function, and encrypted data encrypted with an encryption key associated with the user device, the encrypted data including a synchronization counter associated with the user device.
  • the method then includes transmitting the access signal from the user device to the host facility, determining, with the host facility, if the ID code in the access signal matches the stored ID code, retrieving the encryption key of the registered device if the match is successful, employing the encryption key of the registered device to decrypt the encrypted data and determine the synchronization counter of the user device, comparing the synchronization counter of the user device with the synchronization counter of the registered device, and providing the requested function represented by the button press data only if the synchronization counter of the user device matches the synchronization counter of the registered device.
  • the invention provides a method of accessing a secure host facility, including sensing a biometric trait of a user that is unique to a user with a biometric sensor system of a portable device, and providing a biometric signal indicative of the biometric trait; comparing, with the portable device, the biometric signal with stored biometric data representative of the biometric trait of an enrolled person that is indicative of the identity of the enrolled person; providing a verification signal only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person; and transmitting the verification signal and an ID code signal to a remote host system, wherein the ID code signal is indicative of an ID code associated only with the portable device, and wherein the host system provides access to the secure facility in response to the verification signal only if host facility determines that personal device associated with the ID code belongs to a registered person.
  • the system can be employed to provide secure access to a variety of different types of host facilities.
  • the system can be used to replace security systems employing key card entry, fixed code entry, or a combination of key card and fixed code entry, which are currently employed, for example, with ATM's, gate and garage door openers, burglar alarm systems, point of sale (POS) devices, hotel room locks, and the like.
  • the system can also be configured for use with automotive remote key entry (RKE) systems, automotive alarm systems, and automotive immobilizers.
  • RKE remote key entry
  • the personal identification device and system of the invention has several advantages.
  • the system is very private. Persons' biometric data, such as a fingerprint, are not stored in a central database, as with prior art systems using fingerprint identification for security.
  • An electronic template of a user's fingerprint is stored only with their own personal identification device, and is used only for verifying the user's fingerprint.
  • the host facilities store only an ID code and a public key for each registered person.
  • the ID code may be the serial number of the device, and the public key can be retained by a trusted third party.
  • the private key used by the device is never disclosed.
  • the personal identification device is compact, being about the same size as an electronic pager. With advances in technology, it could be made even smaller.
  • the personal identification device can be configured such that all the information that is associated with the user, i.e., the ID code, the personal encryption key, and the fingerprint template, is stored in a smart card, which can be transferred between identical devices having the image capture electronics, processing circuit, communication module and power supply. This enables the user to switch devices when one is worn out or broken without having to re-register.
  • the host system can be installed at host facilities with a minimal expenditure compared with current systems employing fingerprint identification for security.
  • the biometric sensor is installed in each personal identification device, rather than with the host facility.
  • This configuration also makes retrofitting existing security systems for use with the personal identification device a relatively simple procedure. The point of contact is with the personal identification device, which makes the present system more feasible for use at exposed, public locations, such as with automated teller machines, parked automobiles, and gate entries, where the weather and vandalism can be problems.
  • This also makes the system of the invention more sanitary than other systems that require a person to operate a public terminal, keypad, or fingerprint scanner.
  • each user carries his own fingerprint template in the personal identification device, users can "roam" to many different applications and host facilities without the need to enroll the template at each site. They only need to register prior to use. This can be done over the phone or over computer communication lines, such as the Internet, if only medium level security is required.
  • the user has total control over the procedure for accessing a host facility.
  • the ID cannot be read unless the user presses the fingerprint reader.
  • the random number transmission and the encrypted random number transmission cannot be "scanned" as the random numbers are different each time access to a host facility is requested.
  • the personal identification device can be used in conjunction with conventional telephone lines or computer network communication lines without any risk of theft.
  • Personal identification devices could be sold via any retail outlet, for example, as a shrink wrap product. As the units are manufactured with unique ID codes and private keys there is no need to control the sale in any way.
  • FIG. 1 is a block diagram of a security system according to the invention.
  • FIG. 2 is a block diagram of another embodiment of a security system according to the invention.
  • FIG. 3. is a perspective view of a personal identification device according to another feature of the invention.
  • FIGS. 4A, 4B, 4C, and 4D are respective front, side, top and bottom views of an embodiment of a personal identification device.
  • FIGS. 5A and 5B are respective front and side views of another embodiment of a personal identification device.
  • FIG. 6 is a front view of a third embodiment of a personal identification device.
  • FIG. 7 is a flow diagram illustrating an embodiment of a method of accessing a host facility with a personal identification device.
  • FIG. 8 is a flow diagram illustrating another embodiment of a method of accessing a host facility with a personal identification device.
  • FIG. 9 is a schematic diagram of an embodiment of the processor unit.
  • FIGS. 10A and 1 OB are a perspective and block diagrams, respectively, of a personal identification system.
  • FIG. 11 is a perspective view of a personal identification system clipped to a user's pocket.
  • a security system 2 provides access to one or more secure host facilities 4 only to registered persons.
  • a host facility 4 may be a bank, a store, a military base, a computer system, an automobile, a home security system, a gate, or any other facility where it is desired to restrict access to selected individuals.
  • Each registered person uses a battery powered, portable personal identification device (PID) 6, which communicates with a communication unit 8 located at each host facility 4.
  • PID 6 is small enough to carry on ones person, being similar in size to a hand-held pager. An example of a PID 6 is shown being held in the palm of a man's hand 10 in FIG. 3.
  • PID 6 includes a biometric sensor.
  • a biometric sensor 11 includes an optics unit 12 having a CMOS optical sensor imaging device 14, and an exposed optical platen 15.
  • Imaging device 14 can also be a CCD imaging device.
  • a lens (not shown) may also be used to focus an image from a surface of platen 15 onto imaging device 14.
  • PID also includes a processing unit 16.
  • Processing unit 16 includes a processor circuit 18, an external memory 20 and may include an analog-to-digital converter circuit (A/D) 22.
  • A/D analog-to-digital converter circuit
  • Some CMOS optical sensors provide a digital output signal, which eliminated the need for A/D 22.
  • PID 6 further includes a communication unit 24, which has a transmitter module 26 and a receiver module 28.
  • Memory 20 stores information that is specific to processing unit 16.
  • Memory 20 stores an ID code that is set in PID 6 by the manufacturer.
  • the ID code of a device which may be the device serial number, is unique to each device.
  • Memory 20 also stores a fingerprint template that is generated by processing unit 16 from a fingerprint image signal provided by optics 12 unit when an individual first enrolls into PID 6, as will be described in detail below. That fingerprint image signal is representative of an image of a fingerprint of the enrolled individual.
  • the fingerprint template is a data set that is representative of features of the enrolled individual's fingerprint.
  • the fingerprint template is normally not changed once it is established in memory 20.
  • PID 6 may include a serial port (not shown), which can be used to plug into a computer to update or change the fingerprint template. For security purposes, PID 6 would be used to perform an identification verification before allowing such a change.
  • Processing unit 16 also includes an encryption algorithm incorporated into an encoder 23.
  • the encryption algorithm is programmed into processor circuit 18.
  • a private key that is stored in memory 20 is used with the encryption algorithm for encryption.
  • the private key can be set into memory by the manufacturer, and is specific to each PID 6. Different PIDs 6, which have different processing units 16, will typically have different private keys.
  • the encryption algorithm can be the same for all PID's 6.
  • Host facility 4 is part of a host system 30.
  • Host system 30 will typically be bank ATM systems, point of sale systems, and the like.
  • Host system 30 also includes a host processing unit 32, which has a processor circuit 34 and memory 36.
  • Communication unit 8 in host facility 4 includes a receiver module 38 and a transmitter module 40.
  • Host processing unit 32 may be located with host facility 4, or may be located at a remote location, where it may also serve other host facilities 4 in a distributed network 42.
  • Memory 36 stores ID codes of enrolled individuals who have registered with host system 30. Memory 36 also stores public keys associated with respective ones of the stored ID codes. By employing the correct public key associated with a specific ID code, host processor circuit 34 can decrypt a signal that has been encrypted according to the encryption algorithm and personal key associated with the specific ID code, in a manner known in the encryption arts. The public key can also be stored with a trusted third party 39, which provides this service for several host systems in a known manner.
  • Signals 41 may be transmitted between PID 6 and host facility via any wireless transmission method. Transmission can be via RF, infrared, induction, sound, or the like. In this embodiment, PID communication unit 24 and host communication unit 8 will normally have a short transmission range of approximately a meter or less, however, longer ranges can be used as well. Hardwire transmission methods can also be employed, either alone or in combination with a wireless transmission method. For example, transmission can employ dial tone modulation frequency (DTMF)(tone transmission) via a conventional phone system, employ a cable TV line in conjunction with the cable remote control system, or employ a computer communication medium, such as the Internet or a private network. PID 6 can employ more than one transmission reception mode, such as, for example, an RF and a DTMF unit.
  • DTMF dial tone modulation frequency
  • a PID 6A includes most of the features of PID 6 described above with reference to FIG. 1 , with some significant differences. Note that features that system 2 has in common with system 2A are labeled with the same reference numerals in FIGS. 1 and 2, which convention is continued in the remainder of the FIGS, and in the following description.
  • communication module 24A lacks receiver module 26.
  • encoder 23A includes an encoder chip, for example, the HSC200 or HSC300 KEELOQ® Code Hopping Encoder, available from Microchip Technology, Inc. of Chandler, Arizona, that contains the encryption algorithm.
  • Security system 2A includes a host facility 4A in which host processing unit 32A is located at the same site as host facility 4A.
  • Host system communication unit 8A includes a receiver module 38, but does not include a transmitter module.
  • Encoder 23 A includes an ID code, which may be a serial number of encoder 23 or PID 6A. Encoder 23A also includes a synchronization counter, an encryption key and an encryption algorithm that employs the encryption key. Host system 4A must "learn" the ID code and the synchronization counter for each PID 6A which is used to access a function of host system 4A. Host system 4A must also know the encryption key.
  • a PID 6B which includes all the features also shown in FIG. 1, includes a housing 44 similar in size to a personal pager or a small cellular telephone.
  • a front side 46 includes a keypad 48 for entering data and commands, and a liquid crystal display 50 for displaying data being entered with keypad 48 and for displaying status signals to the user. Keypad 48 can be eliminated in some models where programmability is not required.
  • Platen 15 is located at the top of PID 6B, and is contoured for a finger. Platen 15 is also slightly recessed in housing 42 to provide some protection from scratching.
  • a back side 56 of PID 6B includes a battery cover (not shown) and apertures for a DTMP speaker (not shown). A serial port can be included under the battery cover.
  • Housing 42 includes a slot 52 for receiving a smart card 54, which is shown in shadow being fully inserted into slot 52 in FIG. 4A.
  • Smart card 54 includes external memory 20, and can be removed from one housing 42 and used in a new housing 42. Because memory 20 contains all the personal information, i.e., the private key, the ID code, and the fingerprint template, the smart card can be used with a different PID housing 42 without having to re-enroll the user or re-register any user information with host systems. Some models in which memory 20 is hard-wired inside housing 42 would not include smart card slot 52.
  • FIGS. 5 A and 5B illustrate an embodiment of a PID 6C in which keypad 48 and smart card slot 52 are not included.
  • PID 6C does, however, include platen 15, display 50, and a belt clip 58, which could be included in any model.
  • FIG. 6 illustrates an embodiment of a PID 6D which is structured similar to the embodiment illustrated in FIG. 2, for uses such as a garage door opener or automobile security system.
  • PID 6D includes platen 15 at the top of housing 42, and three function buttons.
  • the function buttons can be a driver door button 60, a trunk button 62 and an alarm button 64. Buttons
  • 60, 62, and 64 can be adapted for use with other host systems having different functions.
  • Optics unit 12 can be an image sensor module available from Fingerscan PTY Ltd (an Identix company), of Sydney, Australia, as part of their F3 OEM Kit. The entire F3 OEM Kit manual, published in 1998, is incorporated herein by reference. Platen 15 and imaging device 14 have a usable area of about 16 mm X 18 mm. Imaging device 14 in the F# OEM kit is a CMOS device that provides a video output comprising an analog fingerprint image signal representing an image of a finger placed on platen 15. The fingerprint image signal is communicated to processing unit 16 via a six- wire connector 68, which is shown in a circuit diagram illustrated in FIG. 9.
  • processor circuit 18 includes an SH7034 32-bit RISC microprocessor 70, made by Hitachi of Japan. Microprocessor 70 communicates over an 8-bit data bus 72 with external memory 20 and A/D 22, and over control lines 74, 76 with optics unit 12.
  • the SH7034 microprocessor 70 has a 64 Kb internal programmable read only memory (PROM) engine and an internal 4 Kb static random access memory (SRAM).
  • a Fingerscan Biometrics Engine which includes algorithms for capturing and processing fingerprint image signals. These algorithms allow a finger image of approximately 140 Kbytes to be converted into a finger model, or template, of approximately 120 bytes. This size saves memory and improves the speed of processing by decreasing the time it takes to transfer - finger models to and from the internal memory.
  • the FBE includes special instruction sequences to optimize the following operations: image capture and background rejection; video signal filtering and digitizing; template matching; finger presence detection; false finger detection; and power on self test.
  • A/D 22 converts the analog video signal from optics unit 12 into digital data that is stored in memory for subsequent use by processor circuit 18.
  • Memory 20 also stores the finger template of the user who is enrolled in PID 6, and also stores custom written code.
  • Microprocessor 70 controls and has access to 1 Mbyte in DRAM 78 -70) and 512 Kbytes of external flash memory in PROM 80. DRAM
  • PROM 80 includes two NEC 424400 chips, and PROM 80 is an AMD 29F040 chip.
  • transmitter module includes an induction loop data link, which is configured as a short-range ( ⁇ 0.5 m) wireless modem, operating at 1200 Baud, at 70 KHz carrier frequency, using amplitude shift keying modulation.
  • the protocol is half duplex, carrier detect multiple access
  • a processor included in transmitter module is based on a PIC16C72 device.
  • the transmit current is typically 1 niA.
  • encoder 23 resides in code programmed into processing circuit 18.
  • other embodiments may base encoder 23 on a dedicated encoder chip, such as the HSC200 or HSC300 KEELOQ® Code Hopping Encoder.
  • a PID may include encryption code residing in processor circuit 18 and also include an encoder chip so that PID can combine the functions of the embodiments illustrated in FIGS. 1 and 2 in a single unit.
  • These encoder chips combine a 32-bit hopping code generated by a non-linear encryption algorithm, with a 28-bit serial number and 6 information bit to create a 66-bit transmission stream.
  • PID 6 The length of the transmission eliminates the threat of code scanning, and the code hopping mechanism makes the transmission unique, thus rendering code capture and resend schemes useless.
  • An owner of PID 6 must first "enroll" into the unit. Enrollment is the process of scanning a finger to create an image which is stored as a fingerprint template in memory 20. The user enrolls on the unit by removing the "packing" cover and placing a thumb or finger on platen 15. PID can be configured to automatically start the enrollment routine with this action. Enrollment takes approximately 7 seconds. The resultant template is stored in memory 20. Ideally, PID 6 is configured to enable a user to enroll one finger on each hand so that, if the user injures the finger they usually use for verification, an alternate image is available.
  • Enrollment preferably permits the user several attempts to check and test the operation on the verify. Instructions and queries would be indicated, for example, by display 50 in this mode (see FIG. 4A). Until the user accepts the enrollment the unit will not transmit signals in any way but will allow any number of attempts to re-enroll and verify (test) the operation. Once committed there is no going back or editing.
  • the enrollment is be stored on a removable smart card 54 (see FIG. 4A) along with the ID code and private encryption key files, these would not be accessible to other devices. It allows users to swap their PID 6 and retain their enrolled identifying data on smart card 54, while using other PIDs 6. This is the same process used in digital portable telephones today. A user can take the SIM card out of the telephone and swap phones without any security issues.
  • Verification is carried out when a user places his finger on platen 15, or presses a verify button if included in PID 6. In the embodiment illustrated in FIG.
  • the verify button can be a dedicated button, such as the # button 55, or could be any other button or sequence of buttons.
  • the optics unit 12 creates a fingerprint signal indicative of the fingerprint image of the user's finger on platen 15.
  • the fingerprint signal is compared to the stored fingerprint template. If the two are significantly similar, the user's identity is verified to be the enrolled person. Verification takes about 1 second or less once the fingerprint template has been retrieved from storage. The user's fingerprint is always verified with the fingerprint template to allow the use of the encryption key.
  • Verification threshold can be set at the time of enrollment. Once the owner or person controlling the unit is enrolled, the unit can then be "registered" with numerous organizations. The host organization is only interested in knowing the ID code and the public encryption key.
  • security system 2 illustrated in FIG. 1 is different from the operation of security system 2A illustrated in FIG. 2. The operation of the embodiment illustrated in FIG. 1 will be described first.
  • each of PID 6 and host facility 4 include transmit and receive functions.
  • a communication from PID 6 to host system 30 is encrypted according to an encryption algorithm that employs a private key in encrypting and a public key to decrypt.
  • the public encryption key is associated with PID 6 and therefore also with the enrolled person.
  • the private encryption key is stored or loaded into PID 6 at registration time or at manufacture.
  • the user When a user registers with each host system 30, the user provides the user's ID code and public key to host facility 4 as part of the user's account record.
  • the public key can be stored by the host system. Alternatively, the user provides the public key to a central authority (trusted third party 39) with which host system 30 can communicate. Referring now to FIG.
  • a user of PID 6 approaches host facility 4, e.g., an ATM (100).
  • the microprocessor is "powered up.” The user may have to select a transmission mode that matches that of host system 30, if more than one transmission mode is available on PID 6.
  • Processor circuit 18 causes transmitter module 28 to transmit the ID code signal without encryption (102). This is received by host receiver module 38 and passed on to host processing unit 32 (104).
  • Host processing unit 32 verifies that the received ID code signal represents a registered ID code (106). If the verification fails, then the access process ends (108). If the ID code is verified, then the account or user information is located, including the public encryption key associated with the registered ID code (110).
  • the public encryption key may have to be retrieved from a remote source, such as a central authority.
  • a large random number is also generated by host processing unit 32 (112), and is passed on to transmitter module 40.
  • Transmitter module 40 transmits a random number signal indicative of the random number to PID 6 (114).
  • Receiver module 26 passes the random number signal to processing unit 16 (116).
  • PID 6 performs a user verification (118). If the verification fails, the process ends (108). Alternatively, PID 6 can display a prompt to try again.
  • Processing unit 16 causes transmitter module 28 to transmit a signal representing the encrypted random number to host system 30 (122), where host processing unit 32 uses the public encryption key to decrypt the encrypted random number (124). Host processing unit 32 then determines if the decrypted random number matches the random number (126). If this is successful, then the user is granted access to the host facility (128). If this verification fails, the user is denied access (108).
  • the step of verifying the identity of the user with the biometrics (118) can be performed at other junctures of the process, such as prior to transmitting the ID code signal (102), however, it must be carried out before encrypting the random number (120).
  • Hardware for host system 30 can include a small communication unit 8 with a sensor, such as an RF antenna.
  • Processor circuit 34 can include a CPU to generate a random number, to verify the ID code received from PID 6, to decrypt the encrypted random number received from PID 6, and to compare the decrypted random number with the earlier generated random number. As these transmissions are random, there is no possibility of scanning or tracking the codes other than to find the original ID code, which is effectively of no real use.
  • the random number generators are such that they will always produce unique codes.
  • a host system 30 such as a bank, a store, or a credit card company, implements this system, it would have the users register by presenting themselves with their PID 6 and the required personal identification papers, which is no different than current methods of obtaining a bank card to access accounts with an ATM.
  • the bank or other host system 30 would ask the user to complete a verify on their PID 6 and read the ID code and test the send and receive of the encryption codes. This would establish the public key with the bank and confirm the private key in PID 6.
  • the user is now ready to use the system. Note that the bank does not have the user's fingerprint template—it only has the ID code and the public encryption key. Therefore there is no privacy issue regarding release of the user's fingerprint template.
  • the ATM commences normal operation.
  • the user instead of entering a bank card and a personal identification number (PIN), may simply press a verify pad or button on their PID 6 while placing their finger on platen 15.
  • PIN personal identification number
  • the ATM receiver reads the ID code, and if the code is valid generates a large random number, and transmits the number to the user's PID 6. If the validation is successful, PID 6 then encrypts the random number using the private encryption key according to the encryption algorithm, and transmits the result back.
  • the bank system checks the result using the public encryption key and confirms the correct identity of the user. The transaction proceeds.
  • the bank's ATM will typically be connected to the Bank central system via network 42.
  • Network 42 can be used for transmitting signals between the ATM and the bank central system where the CPU and data bases may be located.
  • the private encryption key can only be used after a verify, host system 30 knows the ID is correct as the key is unique to that user. Therefore, only that user could be carrying the reader.
  • the key may well be installed during manufacture but only released after the unit is loaded with a template.
  • PID 6A is configured as shown in FIG. 2 to transmit, and host facility 4A is configured to only receive.
  • Receiver module 38 is a standard automobile or garage door type of installation. There is no special adaptation other than the required alarm or immobilizer installation. These systems include a "learn" mode, which is used to program in the new system.
  • the host system 4A learns the ID code, the synchronization counter timing, and the encryption key of that PID 6A. This process is essentially the same as the learning process for many current model garage door openers, automobile security systems and the like.
  • PID 6 A to obtain access to host facility 4A, the user activates PID 6 A by placing a finger on platen 15.
  • PID 6 A performs a user verification from the internally stored fingerprint template (200). If the verify succeeds, processing unit 16A causes encoder 23 A to generate an encrypted signal (202). If not successful, the process ends (204).
  • the encrypted signal includes the unencrypted ID code of PID 6, encrypted synchronization counter information and unencrypted function button information.
  • the encryption employs the encryption key resident in encoder 23 A.
  • Transmitter unit 28 then transmits the encrypted signal to host facility 4 A (206).
  • Host facility 4 A than passes the encrypted signal to host processing unit 32 A, which checks the ID code for a match with the ID code of a registered user (208).
  • the process ends (204). If there is a match, host processing unit 4A retrieves the stored encryption key and decrypts the encrypted portion of the received encrypted signal (210). Host processing unit then verifies that the synchronization counter information in the decrypted signal matches stored synchronization counter information in memory 36 (212). If the synchronization counter information does not match the stored information, then the process ends (204). If the synchronization counter information matches the stored information, then the user is granted access to host facility 4A (214). The access granted is determined by the function button information contained in the encrypted signal. In both embodiments, the PID unit can be set in a low power "StandBy" or
  • a hotel could employ the invention in a door lock security system.
  • a hotel registrant would register his PID with the hotel.
  • the hotel would identify the user's ID code to the lock on his room's door.
  • a member of the hotel staff would carry a master
  • the biometric sensor 11 may include a direct contact device instead of an optic sensor unit 12.
  • Direct contact capacitive chip fingerprint sensors can be obtained from SGS Thomson Microelectronics, of Phoenix Arizona, from
  • a direct contact thermal sensor may also be used for fingerprint sensing.
  • a PID 300 is configured to identify a user of a vehicle, provide immobilization security for the vehicle, and to automatically maintain a log of vehicle travel information.
  • PID 300 is configured as a hand-held device with a finger platen 301, a display 302, an input keypad 304, and an input/output port 306.
  • Input/output port 306 plugs into an in-vehicle adaptor module 307 which couples PID 300 to the vehicle power system 308, the engine management computer 310 and a global positioning system (GPS) 312.
  • Adaptor module 307 includes a unique identification number that relates to the registration details of the vehicle.
  • PID 300 To operate the vehicle, the user must first be enrolled in PID 300 and PID 300 must be inserted into adaptor module 307. To start the vehicle, the user must activate a start-up option on PID 300 and must press (or swipe) a finger against finger platen 301. PID 300 extracts a representation of the user's fingerprint and compares the extracted information with a stored representation of the user's fingerprint. If the two fingerprint representations substantially match, PID 300 transmits a verification signal that enables the user to access the engine management system and operate the vehicle.
  • PID 300 After the user's identity has been verified, PID 300 begins to log trip information, including start time, vehicle location and trip log (map) information based on information received from GPS 312, vehicle speed and distance traveled. There is no need for the user to log travel information because all logging information is automated. The user may, however, enter additional information into PID 300 through keypad 304. PID 300 is programmable. For example, PID 300 may be programmed to prompt the user to enter additional identification information at different times during a trip or at preselected vehicle locations based upon signals " received from GPS 312.
  • PID 300 includes a transceiver (e.g., an RF transceiver or a digital cellular telephone transceiver) that enables the device to be interrogated remotely (e.g., by devices located at preselected vehicle checkpoint locations, such as the locations of existing highway monitoring cameras).
  • a transceiver e.g., an RF transceiver or a digital cellular telephone transceiver
  • a PID 320 is configured as a pocket-sized unit which may be clipped to a pocket 321 of a user's shirt and is configured to provide access to a secure location.
  • the housing of PID 320 includes a pocket for holding a user identification card 325 (e.g., a photo ID card).
  • PID 320 includes a finger platen 322, a notification light 324 (e.g., a red light emitting diode), a processor, and a receiver.
  • the processor switches from a low power operation (standby or off mode) to a normal power operation and causes notification light 324 to flash, prompting the user to press (or swipe) a finger against finger platen
  • PID 320 extracts a representation of the user's fingerprint and compares the extracted information with a stored representation of the user's fingerprint. If the two fingerprint representations are sufficiently close, PID 320 transmits a verification signal to the host system. Upon receipt of the verification signal, the host system grants access to the secure location and logs information relating to the user and time access was granted.
  • PID 320 includes an RF transceiver which enables PID 320 to wirelessly receive enrollment information (e.g., add or remove users) and to set access codes for each of the enrolled users.

Abstract

A portable, hand-held personal identification device (6) and method for providing secure access to a host facility (4) includes a biometric sensor system capable of sensing a biometric trait of a user that is unique to the user and providing a biometric signal indicative of the sensed biometric trait. A processing unit responsive to the biometric signal is adapted to compare the biometric signal with stored biometric data representative of the biometric trait of an enrolled person that is unique to the enrolled person, and to provide a verification signal only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person. The verification signal (41) includes information indicative of the enrolled person or the device. A communication unit, including a transmitting circuit (28), is adapted to transmit the verification signal to a host system (30).

Description

PERSONAL IDENTIFICATION SYSTEM AND METHOD
Background of the Invention The invention relates to a personal identification system and method for allowing access to secure facilities.
Some security systems, such as home security systems and door locks, require a user to enter a fixed code into a device at a host facility before allowing a person access to the facility. Other systems, such as automated teller machines (ATM), require a person to submit an authorized card and also to enter a fixed code that is associated with the person's bank accounts. Automobile alarms, locks, and disabling devices, and garage door openers can be operated by pressing a button on a small remote device to transmit a coded signal to a receiving unit on the automobile or garage.
Each of these security systems can be operated by any person who is in possession of the fixed code, the card or the transmitting device, as the case may be. Therefore, each of these systems is inherently insecure. Where absolute security is essential, some host facilities employ a biometric sensor to measure a biometric trait of a person requesting access to the host facility. The biometric trait is a unique identifier of a person, and can be, for example, a person's fingerprint, voice pattern, iris pattern, or the like. The requesting person also enters other identifying information about himself. The measured biometric trait is compared with stored biometric data associated with the identified person and, if there is a match, the requesting person is allowed entry or access to the host facility.
In presently available biometric systems, each authorized person registers with the host facility by providing a sample of their biometric trait, for example, by having his fingerprint optically scanned into a host system data base. Each host facility must have a biometric sensor, access to the database of registered persons' biometric trait registration data, and a processing system capable of quickly searching the database and conducting the comparison to verify a person's identity. However, if the set of authorized persons is large, such a system would require a huge database to store the fingerprint images of all the authorized persons, and the identification process would become slower as the set of authorized persons increases.
Summary of the Invention According to one aspect of the invention, a portable personal identification device for providing secure access to a host facility includes a biometric sensor system capable of sensing a biometric trait of a user that is unique to the user and providing a biometric signal indicative thereof. A processing circuit responsive to the biometric signal is adapted to compare the biometric signal with stored biometric data representative of the biometric trait of an enrolled person that is indicative of the identity of the enrolled person. The processor provides a verification signal only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person. The verification signal is indicative of the enrolled person or the device. A communication unit, including a transmitter circuit, is adapted to transmit the verification signal to a remote host system.
In another aspect, the invention features a personal identification system, comprising: a biometric sensor configured to extract a representation of a biometric trait of a user; a processor configured to verify the user's identity based upon a comparison of a representation of a biometric trait extracted from a user with a stored representation of the biometric trait; and a transmitter configured to transmit a verification signal indicative of a successful verification of the user's identity.
Embodiments may include one or more of the following features. The processor may be configured to process signals received from a global positioning system (GPS) receiver. The processor may be configured to derive trip information (e.g., the location of the GPS receiver) from the signals received from the GPS receiver. The processor may be programmable to prompt the user for additional verification information when the GPS receiver is positioned at a particular location.
The system may include a user input configured to enable a user to enter trip information, and wherein the processor is configured to process information received from the user. The transmitter may be further configured to transmit signals representative of stored trip information.
The biometric sensor, the processor, and the transmitter may be housed within a portable, hand-held housing. The system may include an input device mounted inside a vehicle and coupled to the vehicle's power system, and wherein the input device is adapted to receive the verification signal from the transmitter and to enable the user to turn on the vehicle only upon receipt of the verification signal. The housing may have the form of a pocket-sized security badge. The housing may be configured to receive a graphical representation of the user. The system may include an automatic door locking device coupled to a vehicle door (or trunk) and adapted to unlock the door (or trunk) upon receipt of the verification signal. The system also may include a receiver. The processor may be operable to switch the system from a low power operation to a normal power operation when the receiver receives a power-up signal from a host system. The system also may include a memory configured to store the representation of the biometric trait. The memory may be housed within a portable housing separable from the biometric sensor, processor and transmitter.
The communication unit preferably is adapted for remote communication with the host system via a wireless communication medium. The device can further include a display and a keypad.
The biometric sensor system can include a fingerprint sensor, a voice sensor, or any other type of biometric sensor. The fingerprint sensor can include a platen adapted for placing a finger thereon. The fingerprint sensor can further include an optical image sensor, which may include a complementary metal oxide semiconductor (CMOS) optical sensor, a charge coupled device (CCD) optical sensor, or any other optical sensor having sufficient resolution to provide a signal indicative of a fingerprint image. In the embodiments with an optical sensor, the platen would include an optical platen, and the biometric sensor may also include a lens focusing light from the platen onto the optical sensor. The fingerprint sensor can alternatively include a direct contact sensor device, such as a capacitive sensor chip or thermal sensor chip. In these embodiments, the platen would be the surface of the sensor chip. The processing unit can include a processor circuit, a memory and an encoder, wherein the memory stores the biometric data, and wherein the verification signal includes an encrypted signal encrypted by the encoder. In one embodiment, the encoder includes an encoding circuit, and the verification signal further includes an ID code indicative of the enrolled person or the device.
In another embodiment, the encoder comprises an encryption algorithm programmed into the processor. The encryption algorithm employs a private key indicative of the enrolled person or the device. In this embodiment, the communication unit can further include a receiver circuit. The memory can further store an ID code indicative of the enrolled person or the device. The processor unit can be further adapted to first cause the transmitter circuit to transmit an ID code signal indicative of the ID code to the host system. The receiver circuit can be adapted to receive a host response signal transmitted by the host system in response to the ID code signal. The processor unit employs the encryption algorithm and the private key to encrypt the host response signal to create the verification signal, and causes the transmitter circuit to transmit the verification signal to the host system only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person.
In either of these embodiments, the memory can be located in a removable plug-in module, and the personal identification device further includes a socket adapted to receive the module.
According to another aspect of the invention, a portable, hand-held personal identification device for providing secure access to a host facility includes a housing. A fingerprint sensor system in the housing is capable of sensing a fingerprint of a user and providing a fingerprint signal indicative thereof. The fingerprint sensor system includes a platen on a surface of the housing adapted to receive a finger. A communication unit in the housing is adapted for wireless communication with a separate host system. The communication unit includes a transmitting circuit and a receiving circuit. A slot in the housing receives a removable smart card that includes a memory. The device can be combined with the smart card. The memory in the smart card stores a fingerprint template representative of the fingerprint of an enrolled person, and an ID code and a personal encryption key being associated with the device. A processing circuit in the device is adapted to cause the ID code signal from memory to be transmitted by the transmitting circuit. The processing circuit is further adapted to cause a host response signal received by the receiving circuit signal from the host system in response to the ID code signal to be encrypted according an encryption algorithm employing the personal encryption key and to cause the encrypted host response signal to be transmitted by the transmitting circuit only if the fingerprint signal corresponds sufficiently to the fingerprint template to verify that the user is the registered person. According to yet another aspect of the invention, a method of providing secure access to a host facility includes the step of registering one or more persons with the host facility, including storing a unique ID code and a public encryption key for each registered person. The method also includes receiving a first transmission comprising a first user signal at the host facility, generating and then transmitting a random number signal from the host facility only if the first user signal represents one of the stored ID codes, receiving a second transmission comprising a second user signal at the host facility, decrypting the second user signal with the public encryption key associated with the registered person who is also associated with the stored ID code represented by the first user signal, and providing access to the host facility only if the decrypted second user signal represents the random number.
According to still another aspect of the invention, a method of providing access to a secure host facility only to registered persons includes registering one or more registered persons with the host system. Registering each registered person includes storing an ID code associated only with a portable hand-held device under the control of that registered person. The method also includes transmitting an ID code signal from a portable hand-held device to a host facility of the host system. The ID code signal represents an ID code associated with the transmitting device. Other steps include generating, at the host facility, a random number signal representing a random number in response to the ID code signal only if the ID code signal is representative of the ID code of the device controlled by one of the registered persons, and retrieving, with the host system, a public key associated with the one of the registered persons only if the ID code signal is representative of the ID code of the one the devices controlled by the one of the registered persons. Retrieving the public key can include retrieving the public key from a trusted third party. Further steps include transmitting the random number signal from the host facility to the transmitting device, and receiving the random number signal with the transmitting device. The method also includes generating a user fingerprint signal representing a fingerprint image of a user's finger being placed on a platen of the transmitting device, and comparing, with the transmitting device, the user fingerprint signal to a fingerprint template stored in the transmitting device, wherein the fingerprint template represents a fingerprint image of a person who is enrolled with the transmitting device. Other steps include encrypting the random number signal with the transmitting device, the random number signal being encrypted according to an encryption algorithm employing a private key associated only with the transmitting device, transmitting the encrypted random number signal from the transmitting device to the host facility only if the fingerprint image represented by the user fingerprint signal corresponds sufficiently to the fingerprint image represented by the fingerprint template to verify that the user is the enrolled person, decrypting the encrypted random number signal with the host system, including employing the retrieved public key, and providing the user access to the host facility only if the decrypted encrypted random number signal represents the random number.
Transmitting the ID code signal, transmitting the random number signal, and transmitting the encrypted random number signal each can include transmitting via a wireless transmission. Transmitting the ID code signal, transmitting the random number signal, and transmitting the encrypted random number signal each can further include transmitting via at least one of a modem, a cable access TV line, and a computer communication medium.
In yet another aspect of the invention, a method of providing a secure function at a host facility only to a registered person includes registering a person with the host facility by storing an ID code associated only with a portable registered device controlled by the registered person, learning a synchronization counter of the registered device, storing an encryption key associated with the registered device and associating the encryption key of the registered device with the stored ID code. The method also includes generating a user fingerprint signal representing a fingerprint image of a user's finger being placed on a platen of a portable user device, comparing, with the user device, the user fingerprint signal to a fingerprint template stored in the user device, the fingerprint template representing a fingerprint image of an enrolled person who is enrolled with the user device, and generating an access signal with the user device only if the fingerprint image represented by the user fingerprint signal corresponds sufficiently to the fingerprint image represented by the fingerprint template to verify that the user is the enrolled person, the access signal including an ID code associated only with the user device, button press information representing a requested function, and encrypted data encrypted with an encryption key associated with the user device, the encrypted data including a synchronization counter associated with the user device. The method then includes transmitting the access signal from the user device to the host facility, determining, with the host facility, if the ID code in the access signal matches the stored ID code, retrieving the encryption key of the registered device if the match is successful, employing the encryption key of the registered device to decrypt the encrypted data and determine the synchronization counter of the user device, comparing the synchronization counter of the user device with the synchronization counter of the registered device, and providing the requested function represented by the button press data only if the synchronization counter of the user device matches the synchronization counter of the registered device.
In another aspect, the invention provides a method of accessing a secure host facility, including sensing a biometric trait of a user that is unique to a user with a biometric sensor system of a portable device, and providing a biometric signal indicative of the biometric trait; comparing, with the portable device, the biometric signal with stored biometric data representative of the biometric trait of an enrolled person that is indicative of the identity of the enrolled person; providing a verification signal only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person; and transmitting the verification signal and an ID code signal to a remote host system, wherein the ID code signal is indicative of an ID code associated only with the portable device, and wherein the host system provides access to the secure facility in response to the verification signal only if host facility determines that personal device associated with the ID code belongs to a registered person. The system can be employed to provide secure access to a variety of different types of host facilities. The system can be used to replace security systems employing key card entry, fixed code entry, or a combination of key card and fixed code entry, which are currently employed, for example, with ATM's, gate and garage door openers, burglar alarm systems, point of sale (POS) devices, hotel room locks, and the like. The system can also be configured for use with automotive remote key entry (RKE) systems, automotive alarm systems, and automotive immobilizers.
The personal identification device and system of the invention has several advantages. The system is very private. Persons' biometric data, such as a fingerprint, are not stored in a central database, as with prior art systems using fingerprint identification for security. An electronic template of a user's fingerprint is stored only with their own personal identification device, and is used only for verifying the user's fingerprint. In the embodiment with two-way communication, the host facilities store only an ID code and a public key for each registered person. The ID code may be the serial number of the device, and the public key can be retained by a trusted third party. The private key used by the device is never disclosed.
The personal identification device is compact, being about the same size as an electronic pager. With advances in technology, it could be made even smaller. The personal identification device can be configured such that all the information that is associated with the user, i.e., the ID code, the personal encryption key, and the fingerprint template, is stored in a smart card, which can be transferred between identical devices having the image capture electronics, processing circuit, communication module and power supply. This enables the user to switch devices when one is worn out or broken without having to re-register.
The host system can be installed at host facilities with a minimal expenditure compared with current systems employing fingerprint identification for security. The biometric sensor is installed in each personal identification device, rather than with the host facility. This configuration also makes retrofitting existing security systems for use with the personal identification device a relatively simple procedure. The point of contact is with the personal identification device, which makes the present system more feasible for use at exposed, public locations, such as with automated teller machines, parked automobiles, and gate entries, where the weather and vandalism can be problems. This also makes the system of the invention more sanitary than other systems that require a person to operate a public terminal, keypad, or fingerprint scanner. Because each user carries his own fingerprint template in the personal identification device, users can "roam" to many different applications and host facilities without the need to enroll the template at each site. They only need to register prior to use. This can be done over the phone or over computer communication lines, such as the Internet, if only medium level security is required.
The user has total control over the procedure for accessing a host facility. The ID cannot be read unless the user presses the fingerprint reader. The random number transmission and the encrypted random number transmission cannot be "scanned" as the random numbers are different each time access to a host facility is requested. The personal identification device can be used in conjunction with conventional telephone lines or computer network communication lines without any risk of theft.
Personal identification devices could be sold via any retail outlet, for example, as a shrink wrap product. As the units are manufactured with unique ID codes and private keys there is no need to control the sale in any way.
Unlike prior art biometric identification systems, the user is already enrolled by the first use of the personal identification device. This completely eliminates the delays and problems associated with enrolling large numbers of users and storing each user's biometric data. Other features and advantages will become apparent from the following description, including the drawings and the claims. Brief Description of the Drawings FIG. 1 is a block diagram of a security system according to the invention. FIG. 2 is a block diagram of another embodiment of a security system according to the invention. FIG. 3. is a perspective view of a personal identification device according to another feature of the invention.
FIGS. 4A, 4B, 4C, and 4D are respective front, side, top and bottom views of an embodiment of a personal identification device.
FIGS. 5A and 5B are respective front and side views of another embodiment of a personal identification device.
FIG. 6 is a front view of a third embodiment of a personal identification device.
FIG. 7 is a flow diagram illustrating an embodiment of a method of accessing a host facility with a personal identification device. FIG. 8 is a flow diagram illustrating another embodiment of a method of accessing a host facility with a personal identification device.
FIG. 9 is a schematic diagram of an embodiment of the processor unit. FIGS. 10A and 1 OB are a perspective and block diagrams, respectively, of a personal identification system. FIG. 11 is a perspective view of a personal identification system clipped to a user's pocket.
Detailed Description Referring to FIG. 1, a security system 2 provides access to one or more secure host facilities 4 only to registered persons. A host facility 4 may be a bank, a store, a military base, a computer system, an automobile, a home security system, a gate, or any other facility where it is desired to restrict access to selected individuals. Each registered person uses a battery powered, portable personal identification device (PID) 6, which communicates with a communication unit 8 located at each host facility 4. PID 6 is small enough to carry on ones person, being similar in size to a hand-held pager. An example of a PID 6 is shown being held in the palm of a man's hand 10 in FIG. 3. PID 6 includes a biometric sensor. In the described embodiment, a biometric sensor 11 includes an optics unit 12 having a CMOS optical sensor imaging device 14, and an exposed optical platen 15. Imaging device 14 can also be a CCD imaging device. A lens (not shown) may also be used to focus an image from a surface of platen 15 onto imaging device 14. PID also includes a processing unit 16. Processing unit 16 includes a processor circuit 18, an external memory 20 and may include an analog-to-digital converter circuit (A/D) 22. Some CMOS optical sensors provide a digital output signal, which eliminated the need for A/D 22. PID 6 further includes a communication unit 24, which has a transmitter module 26 and a receiver module 28.
Memory 20 stores information that is specific to processing unit 16. Memory 20 stores an ID code that is set in PID 6 by the manufacturer. The ID code of a device, which may be the device serial number, is unique to each device. Memory 20 also stores a fingerprint template that is generated by processing unit 16 from a fingerprint image signal provided by optics 12 unit when an individual first enrolls into PID 6, as will be described in detail below. That fingerprint image signal is representative of an image of a fingerprint of the enrolled individual. The fingerprint template is a data set that is representative of features of the enrolled individual's fingerprint. The fingerprint template is normally not changed once it is established in memory 20. In some embodiments, PID 6 may include a serial port (not shown), which can be used to plug into a computer to update or change the fingerprint template. For security purposes, PID 6 would be used to perform an identification verification before allowing such a change.
Processing unit 16 also includes an encryption algorithm incorporated into an encoder 23. In the embodiment illustrated in FIG. 1, the encryption algorithm is programmed into processor circuit 18. A private key that is stored in memory 20 is used with the encryption algorithm for encryption. The private key can be set into memory by the manufacturer, and is specific to each PID 6. Different PIDs 6, which have different processing units 16, will typically have different private keys. The encryption algorithm, on the other hand, can be the same for all PID's 6.
Host facility 4 is part of a host system 30. Host system 30 will typically be bank ATM systems, point of sale systems, and the like. Host system 30 also includes a host processing unit 32, which has a processor circuit 34 and memory 36. Communication unit 8 in host facility 4 includes a receiver module 38 and a transmitter module 40. Host processing unit 32 may be located with host facility 4, or may be located at a remote location, where it may also serve other host facilities 4 in a distributed network 42.
Memory 36 stores ID codes of enrolled individuals who have registered with host system 30. Memory 36 also stores public keys associated with respective ones of the stored ID codes. By employing the correct public key associated with a specific ID code, host processor circuit 34 can decrypt a signal that has been encrypted according to the encryption algorithm and personal key associated with the specific ID code, in a manner known in the encryption arts. The public key can also be stored with a trusted third party 39, which provides this service for several host systems in a known manner.
Signals 41 may be transmitted between PID 6 and host facility via any wireless transmission method. Transmission can be via RF, infrared, induction, sound, or the like. In this embodiment, PID communication unit 24 and host communication unit 8 will normally have a short transmission range of approximately a meter or less, however, longer ranges can be used as well. Hardwire transmission methods can also be employed, either alone or in combination with a wireless transmission method. For example, transmission can employ dial tone modulation frequency (DTMF)(tone transmission) via a conventional phone system, employ a cable TV line in conjunction with the cable remote control system, or employ a computer communication medium, such as the Internet or a private network. PID 6 can employ more than one transmission reception mode, such as, for example, an RF and a DTMF unit.
In another embodiment of a security system 2A, shown in FIG. 2, a PID 6A includes most of the features of PID 6 described above with reference to FIG. 1 , with some significant differences. Note that features that system 2 has in common with system 2A are labeled with the same reference numerals in FIGS. 1 and 2, which convention is continued in the remainder of the FIGS, and in the following description. One difference is that communication module 24A lacks receiver module 26. Also, encoder 23A includes an encoder chip, for example, the HSC200 or HSC300 KEELOQ® Code Hopping Encoder, available from Microchip Technology, Inc. of Chandler, Arizona, that contains the encryption algorithm. Security system 2A includes a host facility 4A in which host processing unit 32A is located at the same site as host facility 4A. Host system communication unit 8A includes a receiver module 38, but does not include a transmitter module.
The embodiment illustrated in FIG. 2 will typically be employed with systems such as garage door openers, automobile security systems, door locks, and the like. As such, PID communication module 24A will have a longer transmission range than communication module 24 in the embodiment illustrated in FIG. 1. Encoder 23 A includes an ID code, which may be a serial number of encoder 23 or PID 6A. Encoder 23A also includes a synchronization counter, an encryption key and an encryption algorithm that employs the encryption key. Host system 4A must "learn" the ID code and the synchronization counter for each PID 6A which is used to access a function of host system 4A. Host system 4A must also know the encryption key.
Referring now to FIGS. 4A-4D, one embodiment of a PID 6B, which includes all the features also shown in FIG. 1, includes a housing 44 similar in size to a personal pager or a small cellular telephone. A front side 46 includes a keypad 48 for entering data and commands, and a liquid crystal display 50 for displaying data being entered with keypad 48 and for displaying status signals to the user. Keypad 48 can be eliminated in some models where programmability is not required. Platen 15 is located at the top of PID 6B, and is contoured for a finger. Platen 15 is also slightly recessed in housing 42 to provide some protection from scratching. A back side 56 of PID 6B includes a battery cover (not shown) and apertures for a DTMP speaker (not shown). A serial port can be included under the battery cover.
Housing 42 includes a slot 52 for receiving a smart card 54, which is shown in shadow being fully inserted into slot 52 in FIG. 4A. Smart card 54 includes external memory 20, and can be removed from one housing 42 and used in a new housing 42. Because memory 20 contains all the personal information, i.e., the private key, the ID code, and the fingerprint template, the smart card can be used with a different PID housing 42 without having to re-enroll the user or re-register any user information with host systems. Some models in which memory 20 is hard-wired inside housing 42 would not include smart card slot 52.
FIGS. 5 A and 5B illustrate an embodiment of a PID 6C in which keypad 48 and smart card slot 52 are not included. PID 6C does, however, include platen 15, display 50, and a belt clip 58, which could be included in any model.
FIG. 6 illustrates an embodiment of a PID 6D which is structured similar to the embodiment illustrated in FIG. 2, for uses such as a garage door opener or automobile security system. PID 6D includes platen 15 at the top of housing 42, and three function buttons. For an automobile security system the function buttons can be a driver door button 60, a trunk button 62 and an alarm button 64. Buttons
60, 62, and 64 can be adapted for use with other host systems having different functions.
Optics unit 12 can be an image sensor module available from Fingerscan PTY Ltd (an Identix company), of Sydney, Australia, as part of their F3 OEM Kit. The entire F3 OEM Kit manual, published in 1998, is incorporated herein by reference. Platen 15 and imaging device 14 have a usable area of about 16 mm X 18 mm. Imaging device 14 in the F# OEM kit is a CMOS device that provides a video output comprising an analog fingerprint image signal representing an image of a finger placed on platen 15. The fingerprint image signal is communicated to processing unit 16 via a six- wire connector 68, which is shown in a circuit diagram illustrated in FIG. 9.
Most of processing unit 16 is also included in the F3 OEM Kit. Referring again to FIG. 9, processor circuit 18 includes an SH7034 32-bit RISC microprocessor 70, made by Hitachi of Japan. Microprocessor 70 communicates over an 8-bit data bus 72 with external memory 20 and A/D 22, and over control lines 74, 76 with optics unit 12. The SH7034 microprocessor 70 has a 64 Kb internal programmable read only memory (PROM) engine and an internal 4 Kb static random access memory (SRAM).
In the PROM resides a Fingerscan Biometrics Engine (FBE), which includes algorithms for capturing and processing fingerprint image signals. These algorithms allow a finger image of approximately 140 Kbytes to be converted into a finger model, or template, of approximately 120 bytes. This size saves memory and improves the speed of processing by decreasing the time it takes to transfer - finger models to and from the internal memory. The FBE includes special instruction sequences to optimize the following operations: image capture and background rejection; video signal filtering and digitizing; template matching; finger presence detection; false finger detection; and power on self test.
A/D 22 converts the analog video signal from optics unit 12 into digital data that is stored in memory for subsequent use by processor circuit 18. Memory 20 also stores the finger template of the user who is enrolled in PID 6, and also stores custom written code. Microprocessor 70 controls and has access to 1 Mbyte in DRAM 78 -70) and 512 Kbytes of external flash memory in PROM 80. DRAM
78 includes two NEC 424400 chips, and PROM 80 is an AMD 29F040 chip.
In one embodiment of communication unit 24, transmitter module includes an induction loop data link, which is configured as a short-range (< 0.5 m) wireless modem, operating at 1200 Baud, at 70 KHz carrier frequency, using amplitude shift keying modulation. The protocol is half duplex, carrier detect multiple access
(modified aloha) and the software includes a CRC 16 packet error correction method. A processor included in transmitter module is based on a PIC16C72 device. The transmit current is typically 1 niA.
In the embodiment illustrated in FIG. 9, encoder 23 resides in code programmed into processing circuit 18. However, as discussed above, other embodiments may base encoder 23 on a dedicated encoder chip, such as the HSC200 or HSC300 KEELOQ® Code Hopping Encoder. A PID may include encryption code residing in processor circuit 18 and also include an encoder chip so that PID can combine the functions of the embodiments illustrated in FIGS. 1 and 2 in a single unit. These encoder chips combine a 32-bit hopping code generated by a non-linear encryption algorithm, with a 28-bit serial number and 6 information bit to create a 66-bit transmission stream. The length of the transmission eliminates the threat of code scanning, and the code hopping mechanism makes the transmission unique, thus rendering code capture and resend schemes useless. An owner of PID 6 must first "enroll" into the unit. Enrollment is the process of scanning a finger to create an image which is stored as a fingerprint template in memory 20. The user enrolls on the unit by removing the "packing" cover and placing a thumb or finger on platen 15. PID can be configured to automatically start the enrollment routine with this action. Enrollment takes approximately 7 seconds. The resultant template is stored in memory 20. Ideally, PID 6 is configured to enable a user to enroll one finger on each hand so that, if the user injures the finger they usually use for verification, an alternate image is available.
Enrollment preferably permits the user several attempts to check and test the operation on the verify. Instructions and queries would be indicated, for example, by display 50 in this mode (see FIG. 4A). Until the user accepts the enrollment the unit will not transmit signals in any way but will allow any number of attempts to re-enroll and verify (test) the operation. Once committed there is no going back or editing.
If the enrollment is be stored on a removable smart card 54 (see FIG. 4A) along with the ID code and private encryption key files, these would not be accessible to other devices. It allows users to swap their PID 6 and retain their enrolled identifying data on smart card 54, while using other PIDs 6. This is the same process used in digital portable telephones today. A user can take the SIM card out of the telephone and swap phones without any security issues.
Verification is carried out when a user places his finger on platen 15, or presses a verify button if included in PID 6. In the embodiment illustrated in FIG.
4 A, the verify button can be a dedicated button, such as the # button 55, or could be any other button or sequence of buttons. Each time the user places his or her finger on platen 15 (or presses the verify button and places their finger on platen 15) the optics unit 12 creates a fingerprint signal indicative of the fingerprint image of the user's finger on platen 15. The fingerprint signal is compared to the stored fingerprint template. If the two are significantly similar, the user's identity is verified to be the enrolled person. Verification takes about 1 second or less once the fingerprint template has been retrieved from storage. The user's fingerprint is always verified with the fingerprint template to allow the use of the encryption key. In programmable PID's, verification for individual users can be set at various threshold levels to account for users who may have very fine, worn or damaged fingers. In this event the ease of use can be enhanced by reducing their verification threshold. Verification threshold can be set at the time of enrollment. Once the owner or person controlling the unit is enrolled, the unit can then be "registered" with numerous organizations. The host organization is only interested in knowing the ID code and the public encryption key.
The operation of security system 2 illustrated in FIG. 1 is different from the operation of security system 2A illustrated in FIG. 2. The operation of the embodiment illustrated in FIG. 1 will be described first.
In the first embodiment illustrated in FIG. 1 , each of PID 6 and host facility 4 include transmit and receive functions. A communication from PID 6 to host system 30 is encrypted according to an encryption algorithm that employs a private key in encrypting and a public key to decrypt. The public encryption key is associated with PID 6 and therefore also with the enrolled person. The private encryption key is stored or loaded into PID 6 at registration time or at manufacture. When a user registers with each host system 30, the user provides the user's ID code and public key to host facility 4 as part of the user's account record. The public key can be stored by the host system. Alternatively, the user provides the public key to a central authority (trusted third party 39) with which host system 30 can communicate. Referring now to FIG. 7, a user of PID 6 approaches host facility 4, e.g., an ATM (100). As PID 6 reaches the range of the host facility's receiver module 38, the microprocessor is "powered up." The user may have to select a transmission mode that matches that of host system 30, if more than one transmission mode is available on PID 6. Processor circuit 18 causes transmitter module 28 to transmit the ID code signal without encryption (102). This is received by host receiver module 38 and passed on to host processing unit 32 (104). Host processing unit 32 verifies that the received ID code signal represents a registered ID code (106). If the verification fails, then the access process ends (108). If the ID code is verified, then the account or user information is located, including the public encryption key associated with the registered ID code (110).
The public encryption key may have to be retrieved from a remote source, such as a central authority. A large random number is also generated by host processing unit 32 (112), and is passed on to transmitter module 40. Transmitter module 40 transmits a random number signal indicative of the random number to PID 6 (114). Receiver module 26 passes the random number signal to processing unit 16 (116). PID 6 performs a user verification (118). If the verification fails, the process ends (108). Alternatively, PID 6 can display a prompt to try again. If the user's identity is successfully verified as a match with the enrolled person based upon a comparison of the stored fingerprint template and a fingerprint image signal generated when the user places his finger on platen 15, the private encryption key associated with PID 6 is used to encrypt the random number according to an encryption algorithm (120). Processing unit 16 causes transmitter module 28 to transmit a signal representing the encrypted random number to host system 30 (122), where host processing unit 32 uses the public encryption key to decrypt the encrypted random number (124). Host processing unit 32 then determines if the decrypted random number matches the random number (126). If this is successful, then the user is granted access to the host facility (128). If this verification fails, the user is denied access (108). The step of verifying the identity of the user with the biometrics (118) can be performed at other junctures of the process, such as prior to transmitting the ID code signal (102), however, it must be carried out before encrypting the random number (120). Hardware for host system 30 can include a small communication unit 8 with a sensor, such as an RF antenna. Processor circuit 34 can include a CPU to generate a random number, to verify the ID code received from PID 6, to decrypt the encrypted random number received from PID 6, and to compare the decrypted random number with the earlier generated random number. As these transmissions are random, there is no possibility of scanning or tracking the codes other than to find the original ID code, which is effectively of no real use. The random number generators are such that they will always produce unique codes.
If a host system 30, such as a bank, a store, or a credit card company, implements this system, it would have the users register by presenting themselves with their PID 6 and the required personal identification papers, which is no different than current methods of obtaining a bank card to access accounts with an ATM. The bank or other host system 30 would ask the user to complete a verify on their PID 6 and read the ID code and test the send and receive of the encryption codes. This would establish the public key with the bank and confirm the private key in PID 6. The user is now ready to use the system. Note that the bank does not have the user's fingerprint template—it only has the ID code and the public encryption key. Therefore there is no privacy issue regarding release of the user's fingerprint template.
After the user registers, verification is as described above. From the bank's point of view, the ATM (for example) commences normal operation. The user, instead of entering a bank card and a personal identification number (PIN), may simply press a verify pad or button on their PID 6 while placing their finger on platen 15. The ATM receiver reads the ID code, and if the code is valid generates a large random number, and transmits the number to the user's PID 6. If the validation is successful, PID 6 then encrypts the random number using the private encryption key according to the encryption algorithm, and transmits the result back. The bank system checks the result using the public encryption key and confirms the correct identity of the user. The transaction proceeds.
The bank's ATM will typically be connected to the Bank central system via network 42. Network 42 can be used for transmitting signals between the ATM and the bank central system where the CPU and data bases may be located.
The private encryption key can only be used after a verify, host system 30 knows the ID is correct as the key is unique to that user. Therefore, only that user could be carrying the reader. The key may well be installed during manufacture but only released after the unit is loaded with a template. In a second mode of operation, typically used in car alarm systems and the like, PID 6A is configured as shown in FIG. 2 to transmit, and host facility 4A is configured to only receive. Receiver module 38 is a standard automobile or garage door type of installation. There is no special adaptation other than the required alarm or immobilizer installation. These systems include a "learn" mode, which is used to program in the new system. In learning a registering person's PID 6 A, the host system 4A learns the ID code, the synchronization counter timing, and the encryption key of that PID 6A. This process is essentially the same as the learning process for many current model garage door openers, automobile security systems and the like.
Referring to FIG. 8, to obtain access to host facility 4A, the user activates PID 6 A by placing a finger on platen 15. PID 6 A performs a user verification from the internally stored fingerprint template (200). If the verify succeeds, processing unit 16A causes encoder 23 A to generate an encrypted signal (202). If not successful, the process ends (204). The encrypted signal includes the unencrypted ID code of PID 6, encrypted synchronization counter information and unencrypted function button information. The encryption employs the encryption key resident in encoder 23 A. Transmitter unit 28 then transmits the encrypted signal to host facility 4 A (206). Host facility 4 A than passes the encrypted signal to host processing unit 32 A, which checks the ID code for a match with the ID code of a registered user (208). Typically, there will be only a small number of registered users for car lock and garage door systems, and each may have the same ID code and encryption key. If there is no match, then the process ends (204). If there is a match, host processing unit 4A retrieves the stored encryption key and decrypts the encrypted portion of the received encrypted signal (210). Host processing unit then verifies that the synchronization counter information in the decrypted signal matches stored synchronization counter information in memory 36 (212). If the synchronization counter information does not match the stored information, then the process ends (204). If the synchronization counter information matches the stored information, then the user is granted access to host facility 4A (214). The access granted is determined by the function button information contained in the encrypted signal. In both embodiments, the PID unit can be set in a low power "StandBy" or
"Off function, or could be powered on by the action of pressing the platen.
There are a large number of alternative applications. For example, a hotel could employ the invention in a door lock security system. A hotel registrant would register his PID with the hotel. The hotel would identify the user's ID code to the lock on his room's door. A member of the hotel staff would carry a master
PID which would configure the door to that PID and some other master PID for hotel staff. There would be no need for a hard wired communications system to each door unless central control is required.
The biometric sensor 11 may include a direct contact device instead of an optic sensor unit 12. Direct contact capacitive chip fingerprint sensors can be obtained from SGS Thomson Microelectronics, of Phoenix Arizona, from
Veridicom, Inc., of Santa Clara California, and from Harris Semiconductor, of Melbourne, Florida. A direct contact thermal sensor may also be used for fingerprint sensing.
Other embodiments are within the scope of the claims. For example, referring to FIGS. 10A and 10B, a PID 300 is configured to identify a user of a vehicle, provide immobilization security for the vehicle, and to automatically maintain a log of vehicle travel information. PID 300 is configured as a hand-held device with a finger platen 301, a display 302, an input keypad 304, and an input/output port 306. Input/output port 306 plugs into an in-vehicle adaptor module 307 which couples PID 300 to the vehicle power system 308, the engine management computer 310 and a global positioning system (GPS) 312. Adaptor module 307 includes a unique identification number that relates to the registration details of the vehicle. To operate the vehicle, the user must first be enrolled in PID 300 and PID 300 must be inserted into adaptor module 307. To start the vehicle, the user must activate a start-up option on PID 300 and must press (or swipe) a finger against finger platen 301. PID 300 extracts a representation of the user's fingerprint and compares the extracted information with a stored representation of the user's fingerprint. If the two fingerprint representations substantially match, PID 300 transmits a verification signal that enables the user to access the engine management system and operate the vehicle.
After the user's identity has been verified, PID 300 begins to log trip information, including start time, vehicle location and trip log (map) information based on information received from GPS 312, vehicle speed and distance traveled. There is no need for the user to log travel information because all logging information is automated. The user may, however, enter additional information into PID 300 through keypad 304. PID 300 is programmable. For example, PID 300 may be programmed to prompt the user to enter additional identification information at different times during a trip or at preselected vehicle locations based upon signals" received from GPS 312. PID 300 includes a transceiver (e.g., an RF transceiver or a digital cellular telephone transceiver) that enables the device to be interrogated remotely (e.g., by devices located at preselected vehicle checkpoint locations, such as the locations of existing highway monitoring cameras).
Referring to FIG. 11, in another embodiment, a PID 320 is configured as a pocket-sized unit which may be clipped to a pocket 321 of a user's shirt and is configured to provide access to a secure location. The housing of PID 320 includes a pocket for holding a user identification card 325 (e.g., a photo ID card). PID 320 includes a finger platen 322, a notification light 324 (e.g., a red light emitting diode), a processor, and a receiver. When the receiver is located near (e.g., within about 0.5 meters) the transmitter of a host system which controls access to the secure location, the processor switches from a low power operation (standby or off mode) to a normal power operation and causes notification light 324 to flash, prompting the user to press (or swipe) a finger against finger platen
322. PID 320 extracts a representation of the user's fingerprint and compares the extracted information with a stored representation of the user's fingerprint. If the two fingerprint representations are sufficiently close, PID 320 transmits a verification signal to the host system. Upon receipt of the verification signal, the host system grants access to the secure location and logs information relating to the user and time access was granted. PID 320 includes an RF transceiver which enables PID 320 to wirelessly receive enrollment information (e.g., add or remove users) and to set access codes for each of the enrolled users.
Still other embodiments are within the scope of the claims.

Claims

WHAT IS CLAIMED IS:
1. A portable, hand-held personal identification device for providing secure access to a host facility, comprising: a biometric sensor system capable of sensing a biometric trait of a user that is unique to the user and providing a biometric signal indicative thereof; a processing unit responsive to the biometric signal, being adapted to compare the biometric signal with stored biometric data representative of the biometric trait of an enrolled person that is indicative of the identity of the enrolled person, and to provide a verification signal only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person, wherein the verification signal is indicative of the enrolled person or the device; and a communication unit, including a transmitter circuit, is adapted to transmit the verification signal to a remote host system.
2. The personal identification device of claim 1, wherein the biometric sensor system includes a fingerprint sensor.
3. The personal identification device of claim 2, wherein the fingerprint sensor includes a platen adapted for placing a finger thereon.
4. The personal identification device of claim 3, wherein the fingerprint sensor further includes an optical image sensor.
5. The personal identification device of claim 1, wherein the biometric sensor system includes an optical image sensor.
6. The personal identification device of claim 5, wherein the optical image sensor comprises a CMOS chip.
7. The personal identification device of claim 1, wherein the processing - unit includes a processor circuit, a memory and an encoder, wherein the memory stores the biometric data, and wherein the verification signal comprises an encrypted signal encrypted by the encoder.
8. The personal identification device of claim 7, wherein the encoder comprises an encoding circuit, and wherein the verification signal further comprises an ID code indicative of the enrolled person or the device.
9. The personal identification device of claim 7, wherein the encoder comprises an encryption algorithm programmed into the processor, and wherein the encryption algorithm employs a private key indicative of the enrolled person or the device.
10. The personal identification device of claim 9, wherein the communication unit further comprises a receiver circuit, wherein the memory further stores an ID code indicative of the enrolled person or the device, wherein the processor unit is further adapted to first cause the transmitter circuit to transmit an ID code signal indicative of the ID code to the host system, wherein the receiver circuit is adapted to receive a host response signal transmitted by the host system in response to the ID code signal, and wherein the processor unit employs the encryption algorithm and the private key to encrypt the host response signal to create the verification signal, and causes the transmitter circuit to transmit the verification signal to the host system only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person.
11. The personal identification device of claim 7, wherein the memory is located in a removable plug-in module, the personal identification device further comprising a socket adapted to receive the module.
12. The personal identification device of claim 1, wherein the communication unit further includes a receiving circuit being adapted to receive a host response signal from the host system.
13. The personal identification device of claim 1, wherein the communication unit is adapted for remote communication with the host system via a wireless communication medium.
14. The personal identification device of claim 1, further comprising a display.
15. The personal identification device of claim 14, further comprising a keypad.
16. The personal identification device of claim 1, wherein the biometric sensor system includes a fingerprint sensor and wherein the biometric trait is a fingerprint; wherein the communication unit further comprises a receiver circuit adapted to receive signals transmitted by the host system; wherein the processing unit includes: memory for storing an ID code associated only with the device, a personal encryption key associated only with the device, and the biometric data; a processor circuit adapted to encrypt the host response signal according to an encryption algorithm employing the personal encryption key; wherein the processing unit is further adapted to first cause the transmitter circuit to transmit an ID code signal indicative of the ID code to the host system, wherein the receiver circuit is adapted to receive a host response signal transmitted by the host system in response to the ID code signal, and to employ the encryption algorithm and the private encryption key to create the verification signal by encrypting a host response signal received by the receiver circuit from the host system in response to the ID code signal.
17. The personal identification device of claim 16, wherein the memory is located in a removable plug-in module, the personal identification device further comprising a socket adapted to receive the module.
18. A portable, hand-held personal identification device for providing secure access to a host facility, comprising: a housing; a fingerprint sensor system capable of sensing a fingerprint of a user and providing a fingerprint signal indicative thereof, the fingerprint sensor system including a platen on a surface of the housing adapted to receive a finger; a communication unit in the housing being adapted for wireless communication with a separate host system, including a transmitting circuit and a receiving circuit; and a slot in the housing for receiving a smart card that includes a memory.
19. The personal identification device of claim 18, in combination with the smart card, wherein the memory in the smart card stores a fingerprint template representative of the fingerprint of an enrolled person, and an ID code and a personal encryption key being associated with the device, wherein the processing circuit is adapted to cause the ID code signal from memory to be transmitted by the transmitting circuit, and wherein the processing circuit is further adapted to cause a host response signal received by the receiving circuit signal from the host system in response to the ID code signal to be encrypted according an encryption algorithm employing the personal encryption key and to cause the encrypted host response signal to be transmitted by the transmitting circuit only if the fingerprint signal corresponds sufficiently to the fingerprint template to verify that the user is the registered person.
20. The personal identification device of claim 18, further comprising an alphanumeric display.
21. The personal identification device of claim 20, further comprising a keypad for inputting data.
22. A method of providing secure access to a host facility, comprising: registering one or more persons with the host facility, including storing a unique ID code and a public encryption key for each registered person; receiving a first transmission comprising a first user signal at the host facility; generating and then transmitting a random number signal only if the first user signal represents one of the stored ID codes; receiving a second transmission comprising a second user signal at the host facility; decrypting the second user signal with the public encryption key associated with the registered person who is also associated with the stored ID code represented by the first user signal; and providing access to the host facility only if the decrypted second user signal represents the random number.
23. A method of providing access to a secure host facility only to registered persons, comprising: registering one or more registered persons with the host system, wherein registering each registered person includes storing an ID code associated only with a portable hand-held device under the control of that registered person; transmitting an ID code signal from a portable hand-held device to a facility of the host system, wherein the ID code signal represents an ID code associated with the transmitting device; generating, at the host facility, a random number signal representing a random number in response to the ID code signal only if the ID code signal is representative of the ID code of the device controlled by one of the registered persons; retrieving, with the host system, a public key associated with the one of the registered persons only if the ID code signal is representative of the ID code of the one the device controlled by the one of the registered persons; transmitting the random number signal from the host facility to the transmitting device; receiving the random number signal with the transmitting device; generating a user fingerprint signal representing a fingerprint image of a user's finger being placed on a platen of the transmitting device; comparing, with the transmitting device, the user fingerprint signal to a fingerprint template stored in the transmitting device, the fingerprint template representing a fingerprint image of a person who is enrolled with the transmitting device; encrypting the random number signal with the transmitting device, the random number signal being encrypted according to an encryption algorithm employing a private key associated only with the transmitting device; transmitting the encrypted random number signal from the transmitting device to the host facility only if the fingerprint image represented by the user fingerprint signal corresponds sufficiently to the fingerprint image represented by the fingerprint template to verify that the user is the enrolled person; decrypting the encrypted random number signal with the host system, including employing the retrieved public key; and providing the user access to the host facility only if the decrypted encrypted random number signal represents the random number.
24. The method of claim 23, wherein retrieving the public key includes retrieving the public key from a trusted third party.
25. The method of claim 23, wherein transmitting the ID code signal, transmitting the random number signal, and transmitting the encrypted random number signal each includes transmitting via a wireless transmission.
26. The method of claim 23, wherein transmitting the ID code signal, transmitting the random number signal, and transmitting the encrypted random number signal each includes transmitting via at least one of a modem, a cable access TV line, and a computer communication medium.
27. A method of providing a secure function at a host facility only to a registered person, comprising: registering a person with the host facility by storing an ID code associated only with a portable registered device controlled by the registered person, learning a synchronization counter of the registered device, storing an encryption key associated with the registered device and associating the encryption key of the registered device with the stored ID code; generating a user fingerprint signal representing a fingerprint image of a user's finger being placed on a platen of a portable user device; comparing, with the user device, the user fingerprint signal to a fingerprint template stored in the user device, the fingerprint template representing a fingerprint image of an enrolled person who is enrolled with the user device; generating an access signal with the user device only if the fingerprint image represented by the user fingerprint signal corresponds sufficiently to the fingerprint image represented by the fingerprint template to verify that the user is the enrolled person, the access signal comprising an ID code associated only with the user device, button press information representing a requested function, and encrypted data encrypted with an encryption key associated with the user device, the encrypted data including a synchronization counter associated with the user device; transmitting the access signal from the user device to the host facility; determining, with the host facility, if the ID code in the access signal matches the stored ID code; retrieving the encryption key of the registered device if the match is successful; employing the encryption key of the registered device to decrypt the encrypted data and determine the synchronization counter of the user device; comparing the synchronization counter of the user device with the synchronization counter of the registered device; providing the requested function represented by the button press data only if the synchronization counter of the user device matches the synchronization counter of the registered device.
28. A method of accessing a secure host facility, comprising: sensing a biometric trait of a user that is unique to a user with a biometric sensor system of a portable device, and providing a biometric signal indicative of the biometric trait; comparing, with the portable device, the biometric signal with stored biometric data representative of the biometric trait of an enrolled person that is indicative of the identity of the enrolled person; providing a verification signal only if the biometric signal corresponds sufficiently to the biometric data to verify that the user is the enrolled person; and transmitting the verification signal and an ID code signal to a remote host system, wherein the ID code signal is indicative of an ID code associated only with the portable device, and wherein the host system provides access to the secure facility in response to the verification signal only if host facility determines that personal device associated with the ID code belongs to a registered person.
29. A personal identification system, comprising: a biometric sensor configured to extract a representation of a biometric trait of a user; a processor configured to verify the user's identity based upon a comparison of a representation of a biometric trait extracted from a user with a stored representation of the biometric trait; and a transmitter configured to transmit a verification signal indicative of a successful verification of the user's identity.
30. The system of claim 29, wherein the processor is configured to process signals received from a global positioning system (GPS) receiver.
31. The system of claim 30, wherein the processor is configured to derive trip information from the signals received from the GPS receiver.
32. The system of claim 31, wherein the trip information includes the location of the GPS receiver.
33. The system of claim 32, wherein the processor is programmable to prompt the user for additional verification information when the GPS receiver is positioned at a particular location.
34. The system of claim 29, further comprising a user input configured to enable a user to enter trip information, and wherein the processor is configured to process information received from the user.
35. The system of claim 29, wherein the transmitter is further configured to transmit signals representative of stored trip information.
36. The system of claim 29, wherein the biometric sensor, the processor, and the transmitter are housed within a portable, hand-held housing.
37. The system of claim 36, further comprising an input device mounted inside a vehicle and coupled to the vehicle's power system, and wherein the input device is adapted to receive the verification signal from the transmitter and to enable the user to turn on the vehicle only upon receipt of the verification signal.
38. The system of claim 36, wherein the housing has the form of a pocket-sized security badge.
39. The system of claim 36, wherein the housing is configured to receive a graphical representation of the user.
40. The system of claim 29, further comprising an automatic door locking device coupled to a vehicle door and adapted to unlock the door upon receipt of the verification signal.
41. The system of claim 29, further comprising an automatic door locking device coupled to a vehicle trunk and adapted to unlock the trunk upon receipt of the verification signal.
42. The system of claim 29, further comprising a receiver, and wherein the processor is operable to switch the system from a low power operation to a normal power operation when the receiver receives a power-up signal from a host system.
43. The system of claim 29, further comprising a memory configured to store the representation of the biometric trait.
44. The system of claim 44, wherein the memory is housed within a portable housing separable from the biometric sensor, processor and transmitter.
45. The system of claim 29, wherein the biometric sensor is configured to extract a representation of the user's fingerprint.
PCT/US1999/008990 1998-04-24 1999-04-26 Personal identification system and method WO1999056429A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
AU37610/99A AU3761099A (en) 1998-04-24 1999-04-26 Personal identification system and method
GB0025864A GB2353386B (en) 1998-04-24 1999-04-26 Personal identification system and method
DE19983155T DE19983155T1 (en) 1998-04-24 1999-04-26 Personal identification system and procedure
JP2000546486A JP2003529113A (en) 1998-04-24 1999-04-26 Personal identification device and method

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US09/066,643 US6484260B1 (en) 1998-04-24 1998-04-24 Personal identification system
US09/066,643 1998-04-24
US29832699A 1999-04-23 1999-04-23
US09/298,326 1999-04-23

Publications (1)

Publication Number Publication Date
WO1999056429A1 true WO1999056429A1 (en) 1999-11-04

Family

ID=26746990

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/008990 WO1999056429A1 (en) 1998-04-24 1999-04-26 Personal identification system and method

Country Status (5)

Country Link
JP (1) JP2003529113A (en)
AU (1) AU3761099A (en)
DE (1) DE19983155T1 (en)
GB (1) GB2353386B (en)
WO (1) WO1999056429A1 (en)

Cited By (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1158467A2 (en) * 2000-05-26 2001-11-28 Biocentric Solutions, Inc. Integrating biometric devices in time and attendance applications
EP1170704A1 (en) * 2000-07-04 2002-01-09 acter AG Portable access authorization device, GPS receiver and antenna
WO2002011088A1 (en) * 2000-07-07 2002-02-07 Tre Sigma S.R.L. New system for the integration of the new generation of telephone systems (umts) into the credit card protection system through a direct confirmation system
GB2348309B (en) * 1999-03-23 2002-10-09 Nec Corp Authentication executing,device portable authentication device and authentication method using biometrics identification
WO2002091139A2 (en) * 2001-05-03 2002-11-14 Berner Fachhochschule Hochschule für Technik und Architektur Biel Security device for online transaction
WO2002091330A1 (en) * 2001-05-10 2002-11-14 Societe De Marques Et De Droits Derives Internationaux - Smddi Taxi booking method and device using individual units enabling caller location and identification
WO2002095547A2 (en) * 2001-05-24 2002-11-28 Activcard Ireland, Limited Method and system for providing gated access for a third party to a secure entity or service
EP1271436A2 (en) * 2001-06-25 2003-01-02 NTT DoCoMo, Inc. A mobile terminal authentication method and a mobile terminal therefor
WO2003003295A1 (en) * 2001-06-28 2003-01-09 Trek 2000 International Ltd. A portable device having biometrics-based authentication capabilities
EP1277162A1 (en) * 2000-02-18 2003-01-22 Vasco Data Security Inc. Field programmable smart card terminal and token device
WO2003021538A2 (en) * 2001-08-29 2003-03-13 Activcard Ireland, Limited Method and system for providing access to a secure entity or service by a subset of n persons of m designated persons
WO2003084124A1 (en) 2002-03-28 2003-10-09 Innovation Connection Corporation Apparatus and method for transactions security using biometric identity validation and contactless smartcard.
WO2004001562A2 (en) * 2001-12-20 2003-12-31 Stevens Lawrence A Systems and methods for storage of user information and for verifying user identity
EP1391075A1 (en) * 2001-05-25 2004-02-25 Gerald R. Black Security access system
US6766040B1 (en) 2000-10-02 2004-07-20 Biometric Solutions, Llc System and method for capturing, enrolling and verifying a fingerprint
EP1223560A3 (en) * 2001-01-12 2004-12-29 Nippon Telegraph and Telephone Corporation Authentication token and authentication system
FR2856857A1 (en) * 2003-06-24 2004-12-31 R I F I Realisations Informati SECURITY DEVICE AND ITS OPERATING METHOD
US6880054B2 (en) 2000-02-21 2005-04-12 Trek Technology (Singapore) Pte. Ltd. Portable data storage device having a secure mode of operation
EP1544780A1 (en) * 2003-07-11 2005-06-22 Matsushita Electric Industrial Co., Ltd. Authentication system
EP1547002A1 (en) * 2002-07-24 2005-06-29 BQT Solutions Pty Ltd A method of secure transmission
EP1656639A1 (en) * 2003-06-16 2006-05-17 Uru Technology Incorporated Method and system for creating and operating biometrically enabled multi-purpose credential management devices
WO2007062888A1 (en) * 2005-11-29 2007-06-07 Siemens Aktiengesellschaft Mobile chip card device and method for authenticating at least one device using a chip card
DE102005061281A1 (en) * 2005-12-20 2007-06-28 Wolfgang Suft Device and method for generating an authentication feature
US7310734B2 (en) 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
WO2008044093A1 (en) * 2006-10-11 2008-04-17 Renault Trucks Customer identification device, keyless access system for vehicle, vehicle sharing system including such a device and methods using such a device
EP1942468A1 (en) 2007-01-03 2008-07-09 Actividentity Inc. Configurable digital badge holder
US7650470B2 (en) 2001-06-28 2010-01-19 Trek 2000 International, Ltd. Method and devices for data transfer
AU2004280973B2 (en) * 2003-10-07 2011-09-01 Innovation Connection Corporation System, method and apparatus for enabling transactions using a biometrically enabled programmable magnetic stripe
US8082575B2 (en) 2002-03-28 2011-12-20 Rampart-Id Systems, Inc. System, method and apparatus for enabling transactions using a user enabled programmable magnetic stripe
US8103881B2 (en) 2000-11-06 2012-01-24 Innovation Connection Corporation System, method and apparatus for electronic ticketing
US8566250B2 (en) 1999-11-30 2013-10-22 Privaris, Inc. Biometric identification device and methods for secure transactions
US8923513B2 (en) 2008-08-11 2014-12-30 Assa Abloy Ab Secure wiegand communications
CN105128818A (en) * 2015-07-12 2015-12-09 九江学院 Multistage-identity-authentication car remote controlled key and work method thereof
WO2018014854A1 (en) * 2016-07-20 2018-01-25 腾讯科技(深圳)有限公司 Data processing method, apparatus and system
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485
CN111626397A (en) * 2020-05-25 2020-09-04 成都市迈德物联网技术有限公司 Radio frequency card user identity matching and identifying method based on card veins
CN113205628A (en) * 2019-06-28 2021-08-03 飞天诚信科技股份有限公司 Intelligent door lock control method and system based on biological feature recognition
US11182792B2 (en) 2006-05-05 2021-11-23 Proxense, Llc Personal digital key initialization and registration for secure transactions
CN113808315A (en) * 2021-09-24 2021-12-17 中移(杭州)信息技术有限公司 Access control management method, device and computer readable storage medium
US11212797B2 (en) 2006-01-06 2021-12-28 Proxense, Llc Wireless network synchronization of cells and client devices on a network with masking
US11258791B2 (en) 2004-03-08 2022-02-22 Proxense, Llc Linked account system using personal digital key (PDK-LAS)
US11546325B2 (en) 2010-07-15 2023-01-03 Proxense, Llc Proximity-based system for object tracking
US11553481B2 (en) 2006-01-06 2023-01-10 Proxense, Llc Wireless network synchronization of cells and client devices on a network
US11562644B2 (en) 2007-11-09 2023-01-24 Proxense, Llc Proximity-sensor supporting multiple application services
US11669701B2 (en) 2011-02-21 2023-06-06 Proxense, Llc Implementation of a proximity-based system for object tracking and automatic application initialization
US11727355B2 (en) 2008-02-14 2023-08-15 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
US11914695B2 (en) 2013-05-10 2024-02-27 Proxense, Llc Secure element as a digital pocket
EP4332922A1 (en) * 2022-09-05 2024-03-06 Nagravision Sarl Methods and systems for identifying a person

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4995086A (en) * 1986-05-06 1991-02-19 Siemens Aktiengesellschaft Arrangement and procedure for determining the authorization of individuals by verifying their fingerprints
US5546471A (en) * 1994-10-28 1996-08-13 The National Registry, Inc. Ergonomic fingerprint reader apparatus
US5623552A (en) * 1994-01-21 1997-04-22 Cardguard International, Inc. Self-authenticating identification card with fingerprint identification
US5903225A (en) * 1997-05-16 1999-05-11 Harris Corporation Access control system including fingerprint sensor enrollment and associated methods

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6041410A (en) * 1997-12-22 2000-03-21 Trw Inc. Personal identification fob

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4995086A (en) * 1986-05-06 1991-02-19 Siemens Aktiengesellschaft Arrangement and procedure for determining the authorization of individuals by verifying their fingerprints
US5623552A (en) * 1994-01-21 1997-04-22 Cardguard International, Inc. Self-authenticating identification card with fingerprint identification
US5546471A (en) * 1994-10-28 1996-08-13 The National Registry, Inc. Ergonomic fingerprint reader apparatus
US5903225A (en) * 1997-05-16 1999-05-11 Harris Corporation Access control system including fingerprint sensor enrollment and associated methods

Cited By (93)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2348309B (en) * 1999-03-23 2002-10-09 Nec Corp Authentication executing,device portable authentication device and authentication method using biometrics identification
US9659297B2 (en) 1999-11-30 2017-05-23 Apple Inc. Biometric identification device
US10332114B2 (en) 1999-11-30 2019-06-25 Apple Inc. Methods, systems and apparatuses for secure transactions
US8566250B2 (en) 1999-11-30 2013-10-22 Privaris, Inc. Biometric identification device and methods for secure transactions
EP1277162A4 (en) * 2000-02-18 2008-02-20 Vasco Data Security Inc Field programmable smart card terminal and token device
EP1277162A1 (en) * 2000-02-18 2003-01-22 Vasco Data Security Inc. Field programmable smart card terminal and token device
EP2290577A3 (en) * 2000-02-18 2012-06-13 Vasco Data Security International GmbH Token device having a USB connector
US8949608B2 (en) 2000-02-18 2015-02-03 Vasco Data Security, Inc. Field programmable smart card terminal and token device
US9710635B2 (en) 2000-02-18 2017-07-18 Vasco Data Security, Inc. Field programmable smart card terminal and token device
US8209462B2 (en) 2000-02-21 2012-06-26 Trek 2000 International Ltd. Portable data storage device
US6880054B2 (en) 2000-02-21 2005-04-12 Trek Technology (Singapore) Pte. Ltd. Portable data storage device having a secure mode of operation
EP1158467A3 (en) * 2000-05-26 2002-07-03 Biocentric Solutions, Inc. Integrating biometric devices in time and attendance applications
EP1158467A2 (en) * 2000-05-26 2001-11-28 Biocentric Solutions, Inc. Integrating biometric devices in time and attendance applications
EP1170704A1 (en) * 2000-07-04 2002-01-09 acter AG Portable access authorization device, GPS receiver and antenna
WO2002011088A1 (en) * 2000-07-07 2002-02-07 Tre Sigma S.R.L. New system for the integration of the new generation of telephone systems (umts) into the credit card protection system through a direct confirmation system
US6766040B1 (en) 2000-10-02 2004-07-20 Biometric Solutions, Llc System and method for capturing, enrolling and verifying a fingerprint
US8103881B2 (en) 2000-11-06 2012-01-24 Innovation Connection Corporation System, method and apparatus for electronic ticketing
EP1223560A3 (en) * 2001-01-12 2004-12-29 Nippon Telegraph and Telephone Corporation Authentication token and authentication system
US7310734B2 (en) 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
WO2002091139A3 (en) * 2001-05-03 2004-01-29 Berner Fachhochschule Hochschu Security device for online transaction
WO2002091139A2 (en) * 2001-05-03 2002-11-14 Berner Fachhochschule Hochschule für Technik und Architektur Biel Security device for online transaction
FR2824657A1 (en) * 2001-05-10 2002-11-15 Marques Et De Droits Derives I METHOD AND SYSTEM FOR RESERVING TAXI THROUGH INDIVIDUAL BOXES ALLOWING LOCATION AND IDENTIFICATION OF CALLER
WO2002091330A1 (en) * 2001-05-10 2002-11-14 Societe De Marques Et De Droits Derives Internationaux - Smddi Taxi booking method and device using individual units enabling caller location and identification
US7200755B2 (en) 2001-05-24 2007-04-03 Larry Hamid Method and system for providing gated access for a third party to a secure entity or service
WO2002095547A3 (en) * 2001-05-24 2003-11-13 Activcard Ireland Ltd Method and system for providing gated access for a third party to a secure entity or service
WO2002095547A2 (en) * 2001-05-24 2002-11-28 Activcard Ireland, Limited Method and system for providing gated access for a third party to a secure entity or service
EP1391075A4 (en) * 2001-05-25 2006-05-31 Gerald R Black Security access system
EP1391075A1 (en) * 2001-05-25 2004-02-25 Gerald R. Black Security access system
EP1271436A3 (en) * 2001-06-25 2003-12-10 NTT DoCoMo, Inc. A mobile terminal authentication method and a mobile terminal therefor
EP1271436A2 (en) * 2001-06-25 2003-01-02 NTT DoCoMo, Inc. A mobile terminal authentication method and a mobile terminal therefor
SG114557A1 (en) * 2001-06-25 2005-09-28 Ntt Docomo Inc A mobile terminal authentication method and a mobile terminal therefor
WO2003003295A1 (en) * 2001-06-28 2003-01-09 Trek 2000 International Ltd. A portable device having biometrics-based authentication capabilities
US7650470B2 (en) 2001-06-28 2010-01-19 Trek 2000 International, Ltd. Method and devices for data transfer
US7111174B2 (en) 2001-08-29 2006-09-19 Activcard Ireland Limited Method and system for providing access to secure entity or service by a subset of N persons of M designated persons
WO2003021538A3 (en) * 2001-08-29 2003-09-25 Activcard Ireland Ltd Method and system for providing access to a secure entity or service by a subset of n persons of m designated persons
WO2003021538A2 (en) * 2001-08-29 2003-03-13 Activcard Ireland, Limited Method and system for providing access to a secure entity or service by a subset of n persons of m designated persons
JP2005520267A (en) * 2001-12-20 2005-07-07 スティーヴンス,ローレンス・エイ System and method for storing user information and verifying user identity
US7929951B2 (en) 2001-12-20 2011-04-19 Stevens Lawrence A Systems and methods for storage of user information and for verifying user identity
WO2004001562A3 (en) * 2001-12-20 2004-11-18 Lawrence A Stevens Systems and methods for storage of user information and for verifying user identity
JP4642463B2 (en) * 2001-12-20 2011-03-02 スティーヴンス,ローレンス・エイ System and method for storing user information and verifying user identity
WO2004001562A2 (en) * 2001-12-20 2003-12-31 Stevens Lawrence A Systems and methods for storage of user information and for verifying user identity
US8015592B2 (en) 2002-03-28 2011-09-06 Innovation Connection Corporation System, method and apparatus for enabling transactions using a biometrically enabled programmable magnetic stripe
US8082575B2 (en) 2002-03-28 2011-12-20 Rampart-Id Systems, Inc. System, method and apparatus for enabling transactions using a user enabled programmable magnetic stripe
WO2003084124A1 (en) 2002-03-28 2003-10-09 Innovation Connection Corporation Apparatus and method for transactions security using biometric identity validation and contactless smartcard.
US7337326B2 (en) 2002-03-28 2008-02-26 Innovation Connection Corporation Apparatus and method for effecting secure physical and commercial transactions in a contactless manner using biometric identity validation
US9016584B2 (en) 2002-03-28 2015-04-28 Innovation Connection Corporation System, method and apparatus for enabling transactions using a biometrically enabled programmable magnetic stripe
EP1535421A1 (en) * 2002-03-28 2005-06-01 Innovation Connection Corporation Apparatus and method for transactions security using biometric identity validation and contactless smartcard.
EP1535421A4 (en) * 2002-03-28 2005-09-07 Innovation Connection Corp Apparatus and method for transactions security using biometric identity validation and contactless smartcard.
EP1547002A1 (en) * 2002-07-24 2005-06-29 BQT Solutions Pty Ltd A method of secure transmission
EP1547002A4 (en) * 2002-07-24 2007-08-22 Bqt Solutions Australia Pty Lt A method of secure transmission
US8144941B2 (en) 2003-06-16 2012-03-27 Uru Technology Incorporated Method and system for creating and operating biometrically enabled multi-purpose credential management devices
EP1656639A1 (en) * 2003-06-16 2006-05-17 Uru Technology Incorporated Method and system for creating and operating biometrically enabled multi-purpose credential management devices
US7715593B1 (en) 2003-06-16 2010-05-11 Uru Technology Incorporated Method and system for creating and operating biometrically enabled multi-purpose credential management devices
EP1656639A4 (en) * 2003-06-16 2007-10-31 Uru Technology Inc Method and system for creating and operating biometrically enabled multi-purpose credential management devices
WO2005001584A3 (en) * 2003-06-24 2005-05-19 R I F L Realisations Informati Security device and operating method thereof
FR2856857A1 (en) * 2003-06-24 2004-12-31 R I F I Realisations Informati SECURITY DEVICE AND ITS OPERATING METHOD
WO2005001584A2 (en) * 2003-06-24 2005-01-06 R.I.F.L. Realisations Informatiques Et Formation Logiciels Security device and operating method thereof
EP1544780A4 (en) * 2003-07-11 2006-08-02 Matsushita Electric Ind Co Ltd Authentication system
EP1544780A1 (en) * 2003-07-11 2005-06-22 Matsushita Electric Industrial Co., Ltd. Authentication system
AU2004280973B2 (en) * 2003-10-07 2011-09-01 Innovation Connection Corporation System, method and apparatus for enabling transactions using a biometrically enabled programmable magnetic stripe
US11922395B2 (en) 2004-03-08 2024-03-05 Proxense, Llc Linked account system using personal digital key (PDK-LAS)
US11258791B2 (en) 2004-03-08 2022-02-22 Proxense, Llc Linked account system using personal digital key (PDK-LAS)
WO2007062888A1 (en) * 2005-11-29 2007-06-07 Siemens Aktiengesellschaft Mobile chip card device and method for authenticating at least one device using a chip card
DE102005061281A1 (en) * 2005-12-20 2007-06-28 Wolfgang Suft Device and method for generating an authentication feature
US11553481B2 (en) 2006-01-06 2023-01-10 Proxense, Llc Wireless network synchronization of cells and client devices on a network
US11800502B2 (en) 2006-01-06 2023-10-24 Proxense, LL Wireless network synchronization of cells and client devices on a network
US11219022B2 (en) 2006-01-06 2022-01-04 Proxense, Llc Wireless network synchronization of cells and client devices on a network with dynamic adjustment
US11212797B2 (en) 2006-01-06 2021-12-28 Proxense, Llc Wireless network synchronization of cells and client devices on a network with masking
US11551222B2 (en) 2006-05-05 2023-01-10 Proxense, Llc Single step transaction authentication using proximity and biometric input
US11182792B2 (en) 2006-05-05 2021-11-23 Proxense, Llc Personal digital key initialization and registration for secure transactions
WO2008044093A1 (en) * 2006-10-11 2008-04-17 Renault Trucks Customer identification device, keyless access system for vehicle, vehicle sharing system including such a device and methods using such a device
EP1942468A1 (en) 2007-01-03 2008-07-09 Actividentity Inc. Configurable digital badge holder
US10467832B2 (en) 2007-01-03 2019-11-05 Assa Abloy Ab Configurable digital badge holder
EP3471070A1 (en) 2007-01-03 2019-04-17 Assa Abloy AB Configurable digital badge holder
US8628019B2 (en) 2007-01-03 2014-01-14 Actividentity, Inc. Configurable digital badge holder
US11562644B2 (en) 2007-11-09 2023-01-24 Proxense, Llc Proximity-sensor supporting multiple application services
US11727355B2 (en) 2008-02-14 2023-08-15 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
US8923513B2 (en) 2008-08-11 2014-12-30 Assa Abloy Ab Secure wiegand communications
US8943562B2 (en) 2008-08-11 2015-01-27 Assa Abloy Ab Secure Wiegand communications
US11546325B2 (en) 2010-07-15 2023-01-03 Proxense, Llc Proximity-based system for object tracking
US11669701B2 (en) 2011-02-21 2023-06-06 Proxense, Llc Implementation of a proximity-based system for object tracking and automatic application initialization
US11914695B2 (en) 2013-05-10 2024-02-27 Proxense, Llc Secure element as a digital pocket
CN105128818A (en) * 2015-07-12 2015-12-09 九江学院 Multistage-identity-authentication car remote controlled key and work method thereof
WO2018014854A1 (en) * 2016-07-20 2018-01-25 腾讯科技(深圳)有限公司 Data processing method, apparatus and system
US10759385B2 (en) 2016-07-20 2020-09-01 Tencent Technology (Shenzhen) Company Limited Electronic lock and key for performing an unlock operation
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485
CN113205628B (en) * 2019-06-28 2023-06-13 飞天诚信科技股份有限公司 Intelligent door lock control method and system based on biological feature recognition
CN113205628A (en) * 2019-06-28 2021-08-03 飞天诚信科技股份有限公司 Intelligent door lock control method and system based on biological feature recognition
CN111626397B (en) * 2020-05-25 2023-08-01 成都市迈德物联网技术有限公司 Radio frequency card user identity matching and identifying method based on clamping patterns
CN111626397A (en) * 2020-05-25 2020-09-04 成都市迈德物联网技术有限公司 Radio frequency card user identity matching and identifying method based on card veins
CN113808315A (en) * 2021-09-24 2021-12-17 中移(杭州)信息技术有限公司 Access control management method, device and computer readable storage medium
EP4332922A1 (en) * 2022-09-05 2024-03-06 Nagravision Sarl Methods and systems for identifying a person
WO2024052330A1 (en) * 2022-09-05 2024-03-14 Nagravision Sàrl Methods and systems for identifying a person

Also Published As

Publication number Publication date
DE19983155T1 (en) 2001-06-13
AU3761099A (en) 1999-11-16
JP2003529113A (en) 2003-09-30
GB2353386B (en) 2003-08-06
GB2353386A (en) 2001-02-21
GB0025864D0 (en) 2000-12-06

Similar Documents

Publication Publication Date Title
US6484260B1 (en) Personal identification system
WO1999056429A1 (en) Personal identification system and method
EP0924656B1 (en) Personal identification FOB
EP0924657B1 (en) Remote idendity verification technique using a personal identification device
US6111977A (en) Hand-held fingerprint recognition and transmission device
US6353889B1 (en) Portable device and method for accessing data key actuated devices
US7111174B2 (en) Method and system for providing access to secure entity or service by a subset of N persons of M designated persons
US20060107067A1 (en) Identification card with bio-sensor and user authentication method
EP1280110A2 (en) Biometric characteristic security system
US20100148923A1 (en) Vehicle on-board biometric authentication system
US20060170530A1 (en) Fingerprint-based authentication using radio frequency identification
US20060294393A1 (en) Remote biometric registration for vehicles
US20050225429A1 (en) Multiuser vehicle utilization system and electronic key therefor
US20040128519A1 (en) Biometrics interface
WO1998012670A1 (en) Biometric identification system for providing secure access
JP2008535061A (en) Biometric device with smart card function
JP2003242428A (en) Cellular phone with card function and cellular phone with settlement function
US20030117260A1 (en) Access control system
JP2013155525A (en) Electric lock control system
JP2003253940A (en) Keyless entry system
JP3807943B2 (en) Biometric information verification security device
JP2006053808A (en) Operator authentication management system
JP2002047840A (en) Switching mechanism with biometrics data authentification device, switching method jointly using biometrics data authentification, and recording medium having switching program jointly using biometrics data authentification recorded therein
KR200223756Y1 (en) An identifying system using aremoval terminal
GB2401822A (en) Computer system with data carrier having biometric user identification

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 200025864

Country of ref document: GB

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2000 546486

Country of ref document: JP

Kind code of ref document: A

RET De translation (de og part 6b)

Ref document number: 19983155

Country of ref document: DE

Date of ref document: 20010613

WWE Wipo information: entry into national phase

Ref document number: 19983155

Country of ref document: DE

122 Ep: pct application non-entry in european phase
ENPW Started to enter national phase and was withdrawn or failed for other reasons

Ref document number: PI9909894

Country of ref document: BR

Free format text: PEDIDO CONSIDERADO RETIRADO EM RELACAO AO BRASIL, POR TER SIDO A FASE NACIONAL INTEMPESTIVA.