WO2013074096A1 - Authentication device including template validation and related methods - Google Patents

Authentication device including template validation and related methods Download PDF

Info

Publication number
WO2013074096A1
WO2013074096A1 PCT/US2011/060957 US2011060957W WO2013074096A1 WO 2013074096 A1 WO2013074096 A1 WO 2013074096A1 US 2011060957 W US2011060957 W US 2011060957W WO 2013074096 A1 WO2013074096 A1 WO 2013074096A1
Authority
WO
WIPO (PCT)
Prior art keywords
template
processing circuitry
finger
image data
authentication device
Prior art date
Application number
PCT/US2011/060957
Other languages
French (fr)
Inventor
Giovanni Gozzini
Vladimir LIEBERZEIT
Original Assignee
Authentec, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Authentec, Inc. filed Critical Authentec, Inc.
Priority to IN2360DEN2012 priority Critical patent/IN2012DN02360A/en
Priority to PCT/US2011/060957 priority patent/WO2013074096A1/en
Publication of WO2013074096A1 publication Critical patent/WO2013074096A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/40Spoof detection, e.g. liveness detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints

Definitions

  • the present invention relates to the field of electronics, and, more particularly, to the field of finger sensors.
  • Fingerprint sensing and matching is a reliable and widely used technique for personal identification or verification.
  • a common approach to fingerprint identification involves scanning a sample fingerprint or an image thereof and storing the image and/or unique characteristics of the fingerprint image. The characteristics of a sample fingerprint may be compared to information for reference fingerprints already in a database to determine proper identification of a person, such as for verification purposes.
  • the fingerprint sensor is an integrated circuit sensor that drives the user's finger with an electric field signal and senses the electric field with an array of electric field sensing pixels on the integrated circuit substrate.
  • U.S. Patent No. 6,289,1 14 to Mainguet which is assigned to the assignee of the present invention and is incorporated in its entirety by reference discloses a fingerprint sensor that includes a finger sensing integrated circuit (IC).
  • the finger sensing IC includes a layer of piezoelectric or pyroelectric material placed between upper and lower electrodes to provide electric signals representative of an image of the ridges and valleys of the fingerprint.
  • a fingerprint sensor may be particularly advantageous for verification and/or authentication in an electronic device, and more particularly, a portable device, for example.
  • a fingerprint sensor may be carried by the housing of a portable electronic device, for example, and may be sized to sense a fingerprint from a single-finger.
  • the AES3400 sensor from AuthenTec, Inc. of Melbourne, Florida, is widely used in a variety of notebooks, desktops and PC peripherals.
  • Other fingerprint sensors for example, the AES850, also from AuthenTec, Inc. of Melbourne, Florida, is a sensor used on smartphones.
  • a fingerprint sensor is integrated into an electronic device or host device, for example, as noted above, it may be desirable to determine whether acquired fingerprints were acquired from a live user. Additionally, it may be desirable to determine whether such fingerprints were not tampered with or substituted. Determining tampering or substitution may be increasingly difficult when a fingerprint sensor is integrated in a host device, such as a personal computer or cellphone.
  • an authentication device may include a housing and a finger sensor carried by the housing.
  • the finger sensor may include first processing circuitry and a finger sensing area coupled thereto.
  • the first processing circuitry may be configured to generate finger image data based upon a finger positioned adjacent finger sensing area, and generate and store a first template based upon the finger image data, for example.
  • the authentication device may further include second processing circuitry carried by the housing and configured to obtain the finger image data from the first processing circuitry, and generate a second template based upon the finger image data.
  • the first processing circuitry may further be configured to obtain the second template from the second processing circuitry, and validate the second template against the first template, for example.
  • the authentication device may validate a live finger and be resistant to tampering or substitution.
  • the authentication device may further include a communications channel interface carried by the housing and coupled to the second
  • the second processing circuitry may be further configured to send the second template via the communications channel interface based upon validation of the second template against the first template, for example.
  • the communications channel interface may include a wireless transceiver.
  • the communications channel interface may further include encryption circuitry coupled to the wireless transceiver, for example.
  • the finger sensor may include a finger sensing integrated circuit module.
  • the first template may be less processing intensive than the second template, for example.
  • the first template may be based upon fingerprint minutiae extracted from the finger image data by the first processing circuitry. In other words, the fingerprint minutiae may be extracted from the finger image data using a first algorithm.
  • the second template may also be based upon fingerprint minutiae extracted from the image data by the second processing circuitry, for example. In other words, the fingerprint minutiae may be extracted from the finger image data using a second algorithm.
  • the second template may include a Minutiae Interoperability Exchange (MINEX) template.
  • the authentication device may further include at least one input device and a display each carried by the housing.
  • the second processing circuitry may include a host processor coupled to the at least one input device and the display, for example.
  • a method aspect is directed to an authentication method for an authentication device that may include a housing, a finger sensor carried by the housing and including first processing circuitry and a finger sensing area coupled thereto, and second processing circuitry carried by the housing.
  • the method may include generating, via the first processing circuitry, finger image data based upon a finger positioned adjacent the finger sensing area.
  • the method may further include generating and storing, via the first processing circuitry, a first template based upon the finger image data.
  • the method may also include obtaining, via the second processing circuitry, the finger image data from the first processing circuitry and generating, via the second processing circuitry, a second template based upon the finger image data.
  • the method may further include obtaining, via the first processing circuitry, the second template from the second processing circuitry and validating, via the first processing circuitry, the second template against the first template.
  • FIG. 1 is a schematic plan view of an authentication device including an authentication device in accordance with the present invention.
  • FIG. 2 is a schematic block diagram of the authentication device of FIG. 1 and an upstream electronic device in accordance with the present invention.
  • FIG. 3 is a schematic flow diagram of communications between the first and second processing circuitry of the authentication device of FIG. 1 .
  • the authentication device 50 is illustratively in the form of a mobile wireless communications device and includes a housing 51 , a display 52 carried by the housing, and an array of input keys 54 that may be used for dialing and other applications, for example, as will be appreciated by those skilled in the art. Other input devices may be carried by the housing 51.
  • the authentication device 50 may a wired electronic device, for example, a personal computer (PC), and/or may be stationary.
  • PC personal computer
  • the authentication device 50 also includes a communications channel interface 33 carried by the housing 51.
  • the communications channel interface 33 is illustratively a wireless interface and may include encryption circuitry 34 coupled to a wireless transceiver 56.
  • the wireless transceiver 56 may be configured to perform wireless communications functions, for example, voice and/or data communications.
  • the encryption circuitry 34 may be in the form of a secure access module (SAM), for example, and may encrypt the voice and/or data communications.
  • SAM secure access module
  • the communications channel interface 33 may be a wired interface.
  • An antenna 58 is illustratively carried by the housing 51 and is coupled to the wireless transceiver 56.
  • the authentication device 50 also includes a finger sensor 20 that is illustratively carried by the housing 51.
  • the finger sensor 20 may be in the form of an integrated circuit module, for example, and includes first processing circuitry 23 and a finger sensing area 24 coupled thereto.
  • the finger sensing area 24 is configured to receive a user's finger 61 thereon.
  • the finger sensor 20 may be a slide type sensor, for example, for processing a user's finger as it is slid across the finger sensing area 24.
  • the finger sensor 20 may be a placement type sensor, for example, where the user's finger 61 is statically placed on the finger sensing area 24 for processing.
  • the finger sensor 20 may be a fingerprint module based upon a TCS1 or TCS2 FIPS 201 compliant finger sensor available from AuthenTec, Inc. of Melbourne, Florida.
  • the finger sensor 20 may be another type of finger sensor, for example, the AES series of fingerprint sensors also available from AuthenTec, Inc. of Melbourne, Florida, as will be appreciated by those skilled in the art.
  • the first processing circuitry 23 is configured to generate finger image data based upon the user's finger 61 being positioned adjacent finger sensing area 24.
  • the first processing circuitry 23 may generate the finger image data also based upon a received initiation command, for example, received from second processing circuitry 31 or host processing circuitry, as will be described in further detail below.
  • the finger image data may be generated based upon ridges and valleys of the user's finger 61.
  • the first processing circuitry 23 is also configured to generate and store a first template based upon the finger image data.
  • the first template may be generated by the processing circuitry 23 by executing a first algorithm that is based upon detected fingerprint minutiae of the user's finger 61.
  • the first template may be generated by the processing circuitry 23 by executing a first algorithm that is based upon detected fingerprint ridges or ridge flows of the user's finger 61.
  • the first template may be considered a reference template, for example.
  • the first template is illustratively stored in a memory 25, which is coupled to the first processing circuitry 23.
  • the memory 25 may be a secure memory, for example.
  • different algorithms may be used to generate different templates.
  • the authentication device 50 further includes second processing circuitry 31 carried by the housing 51 and configured to obtain the finger image data from the first processing circuitry 23.
  • the finger image data may be encrypted prior to being sent by the first processing circuitry 23 or obtained by the second processing circuitry 31.
  • the second processing circuitry 31 includes a host processor 35, for example, that is coupled to the display 52, the array of input keys 54 or other input device(s), and the communications channel interface 33 including the wireless transceiver 56.
  • the second processing circuitry 31 may communicate with the first processing circuitry 23 over a universal serial bus (USB) interface, a universal asynchronous receive/transmit (UART) interface, or a serial peripheral interface (SPI), as will be appreciated by those skilled in the art.
  • USB universal serial bus
  • UART universal asynchronous receive/transmit
  • SPI serial peripheral interface
  • the first and second processing circuitry 23, 31 may communicate with each other over other or additional interfaces.
  • the second processing circuitry 31 generates a second template also based upon the finger image data. More particularly, the second processing circuitry 31 generates the second template based upon extracted fingerprint minutiae of the user's finger 61. More particularly, the second processing circuitry 31 generates the second template based upon fingerprint minutiae extracted from the fingerprint image data using a second algorithm.
  • the second template may be a Minutiae Interoperability Exchange (MINEX) template and generated based upon a MINEX compliant algorithm stored in the memory 36.
  • MINEX Minutiae Interoperability Exchange
  • the second processing circuitry 31 may generate the second template based upon detected fingerprint ridges or ridge flows of the user's finger 61. Additionally, the second template may be based upon both minutiae and ridge flow, for example.
  • the finger image data used to generate the second template may be a super set of the finger image data used to generate the first template.
  • the MINEX template may be computationally heavy. In other words, there may be an increased amount of processing associated with a MINEX template, as compared to other templates.
  • the algorithm generating the first template is computationally light compared to the algorithm generating the second template.
  • the first processing circuitry 23, which is part of the finger sensor 20 may be smaller in physical size, for example, as compared to the first processing circuitry 23 or host processor 35.
  • the first template, or reference template may also be less accurate than the second, or MINEX, template.
  • the first processing circuitry 23 is also configured to obtain the second template from the second processing circuitry 31 , and thereafter validates the second template against the first template.
  • the first processing circuitry 23 may validate the second template against the first template by comparing the templates, for example.
  • Other validation techniques may be used, as will be appreciated by those skilled in the art. For example, validation may be carried out as a classical match between two minutiae template.
  • validation may be carried out by verifying that the two templates are related to a fingerprint with practically the same absolute positioning, for example.
  • the second processing circuitry 31 sends the second template via the communications channel interface 33, based upon validation of the second template against the first template.
  • the first processing circuitry 23 has validated the first template against the second template, i.e., a successful validation
  • the first processing circuitry sends the second template, i.e., the MINEX template, which may be digitally signed, to the second processing circuitry 31.
  • the second processing circuitry 31 sends the digitally signed second or MINEX template to the communications interface 33 for sending to an upstream electronic device 60, for example.
  • the encryption circuitry 34 may encrypt the digitally signed second, or MINEX, template prior to sending it to the upstream electronic device 60.
  • the digitally signed second template may be send to the upstream electronic device 60 via a wireless or wired network, for example, the Internet.
  • the upstream electronic device 60 may process the digitally signed second template, for example, for matching or other processing.
  • finger image data for example fingerprints
  • fingerprints are typically not protected or secret, and thus little effort may be made to protect fingerprints.
  • fingerprints are typically not protected, neither are the templates that are generated using the finger image data.
  • the first processing circuitry of the finger sensor 20 advantageously validates or authenticates the second template, i.e., the MINEX template, generated by the second processing circuitry 31 of host processor 35, without relying on any specific security of the second processing circuitry.
  • the authentication device 50 validates that the finger image data comes from a live finger, and that the finger image data has not been tampered with or substituted.
  • the authentication device 50 may be particularly advantageous for use with authenticating a person to associate with a benefit or service. For example, a person who may not have an identification card, for example, may be entitled to certain benefits, but may have an identification number that is associated with a biometric of the person's finger. The person may wish claim the benefit, but without a physical identification card, for example, verifying the person's identity may be increasingly difficult.
  • the authentication device 50 may be used to verify the authenticity of the person's finger and communicate the authenticated template for verification that the person is entitled to the benefits he or she is seeking. In other words, the authentication device 50 may be particularly useful for reducing fraudulent activity.
  • a method aspect is directed to an authentication method for an authentication device 50 that includes a housing 51 , a finger sensor 20 carried by the housing and including first processing circuitry 23 and a finger sensing area 24 coupled thereto, and second processing circuitry 31 carried by the housing.
  • the method includes generating, via the first processing circuitry 23, finger image data based upon a finger 61 positioned adjacent the finger sensing area 24.
  • the method further includes generating and storing, via the first processing circuitry 23, a first template based upon the finger image data.
  • the method also includes obtaining, via the second processing circuitry 31 , the finger image data from the first processing circuitry 23 and generating, via the second processing circuitry, a second template based upon the finger image data.
  • the method further includes obtaining, via the first processing circuitry 23, the second template from the second processing circuitry 31 and validating, via the first processing circuitry, the second template against the first template.
  • the authentication device 50 may also include circuitry embedded within the finger sensor 20 to provide menu navigation and selection functions, tactile feedback, and/or power up functions as will be appreciated by those skilled in the art.

Abstract

An authentication device may include a housing and a finger sensor carried by the housing and including first processing circuitry and a finger sensing area coupled thereto. The first processing circuitry may be configured to generate finger image data based upon a finger positioned adjacent the finger sensing area, and generate and store a first template based upon the finger image data. The authentication device may include second processing circuitry carried by the housing and configured to obtain the finger image data from the first processing circuitry. The second processing circuitry may be configured to generate a second template based upon the finger image data. The first processing circuitry may further be configured to obtain the second template from second processing circuitry, and validate the second template against the first template.

Description

AUTHENTICATION DEVICE INCLUDING TEMPLATE VALIDATION AND
RELATED METHODS
Field of the Invention
[0001] The present invention relates to the field of electronics, and, more particularly, to the field of finger sensors.
Background of the Invention
[0002] Fingerprint sensing and matching is a reliable and widely used technique for personal identification or verification. In particular, a common approach to fingerprint identification involves scanning a sample fingerprint or an image thereof and storing the image and/or unique characteristics of the fingerprint image. The characteristics of a sample fingerprint may be compared to information for reference fingerprints already in a database to determine proper identification of a person, such as for verification purposes.
[0003] A particularly advantageous approach to fingerprint sensing is disclosed in U.S. Patent No. 5,953,441 to Setlak and assigned to the assignee of the present invention, the entire contents of which are herein incorporated by reference. The fingerprint sensor is an integrated circuit sensor that drives the user's finger with an electric field signal and senses the electric field with an array of electric field sensing pixels on the integrated circuit substrate.
[0004] U.S. Patent No. 6,289,1 14 to Mainguet, which is assigned to the assignee of the present invention and is incorporated in its entirety by reference discloses a fingerprint sensor that includes a finger sensing integrated circuit (IC). The finger sensing IC includes a layer of piezoelectric or pyroelectric material placed between upper and lower electrodes to provide electric signals representative of an image of the ridges and valleys of the fingerprint.
[0005] A particularly advantageous approach to multi-biometric fingerprint sensing is disclosed in U.S. Patent No. 7,361 ,919 to Setlak, which is assigned to the assignee of the present invention and is incorporated in its entirety by reference. The Setlak patent discloses a multi-biometric finger sensor sensing different biometric characteristics of a user's finger that have different matching selectivities.
[0006] A fingerprint sensor may be particularly advantageous for verification and/or authentication in an electronic device, and more particularly, a portable device, for example. Such a fingerprint sensor may be carried by the housing of a portable electronic device, for example, and may be sized to sense a fingerprint from a single-finger. For example, the AES3400 sensor from AuthenTec, Inc. of Melbourne, Florida, is widely used in a variety of notebooks, desktops and PC peripherals. Other fingerprint sensors, for example, the AES850, also from AuthenTec, Inc. of Melbourne, Florida, is a sensor used on smartphones.
[0007] Where a fingerprint sensor is integrated into an electronic device or host device, for example, as noted above, it may be desirable to determine whether acquired fingerprints were acquired from a live user. Additionally, it may be desirable to determine whether such fingerprints were not tampered with or substituted. Determining tampering or substitution may be increasingly difficult when a fingerprint sensor is integrated in a host device, such as a personal computer or cellphone.
Summary of the Invention
[0008] In view of the foregoing background, it is therefore an object of the present invention to provide an authentication device for validating a live finger.
[0009] This and other objects, features, and advantages in accordance with the present invention are provided by an authentication device that may include a housing and a finger sensor carried by the housing. The finger sensor may include first processing circuitry and a finger sensing area coupled thereto. The first processing circuitry may be configured to generate finger image data based upon a finger positioned adjacent finger sensing area, and generate and store a first template based upon the finger image data, for example. The authentication device may further include second processing circuitry carried by the housing and configured to obtain the finger image data from the first processing circuitry, and generate a second template based upon the finger image data. The first processing circuitry may further be configured to obtain the second template from the second processing circuitry, and validate the second template against the first template, for example.
Accordingly, the authentication device may validate a live finger and be resistant to tampering or substitution.
[0010] The authentication device may further include a communications channel interface carried by the housing and coupled to the second
processing circuitry. The second processing circuitry may be further configured to send the second template via the communications channel interface based upon validation of the second template against the first template, for example.
[0011] The communications channel interface may include a wireless transceiver. The communications channel interface may further include encryption circuitry coupled to the wireless transceiver, for example.
[0012] The finger sensor may include a finger sensing integrated circuit module. The first template may be less processing intensive than the second template, for example.
[0013] The first template may be based upon fingerprint minutiae extracted from the finger image data by the first processing circuitry. In other words, the fingerprint minutiae may be extracted from the finger image data using a first algorithm. The second template may also be based upon fingerprint minutiae extracted from the image data by the second processing circuitry, for example. In other words, the fingerprint minutiae may be extracted from the finger image data using a second algorithm. The second template may include a Minutiae Interoperability Exchange (MINEX) template. [0014] The authentication device may further include at least one input device and a display each carried by the housing. The second processing circuitry may include a host processor coupled to the at least one input device and the display, for example.
[0015] A method aspect is directed to an authentication method for an authentication device that may include a housing, a finger sensor carried by the housing and including first processing circuitry and a finger sensing area coupled thereto, and second processing circuitry carried by the housing. The method may include generating, via the first processing circuitry, finger image data based upon a finger positioned adjacent the finger sensing area. The method may further include generating and storing, via the first processing circuitry, a first template based upon the finger image data. The method may also include obtaining, via the second processing circuitry, the finger image data from the first processing circuitry and generating, via the second processing circuitry, a second template based upon the finger image data. The method may further include obtaining, via the first processing circuitry, the second template from the second processing circuitry and validating, via the first processing circuitry, the second template against the first template.
Brief Description of the Drawings
[0016] FIG. 1 is a schematic plan view of an authentication device including an authentication device in accordance with the present invention.
[0017] FIG. 2 is a schematic block diagram of the authentication device of FIG. 1 and an upstream electronic device in accordance with the present invention.
[0018] FIG. 3 is a schematic flow diagram of communications between the first and second processing circuitry of the authentication device of FIG. 1 .
Detailed Description of the Preferred Embodiments
[0019] The present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which preferred embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout.
[0020] Referring initially to FIGS. 1 and 2, an embodiment of an authentication device 50 in accordance with the present invention is now described. The authentication device 50 is illustratively in the form of a mobile wireless communications device and includes a housing 51 , a display 52 carried by the housing, and an array of input keys 54 that may be used for dialing and other applications, for example, as will be appreciated by those skilled in the art. Other input devices may be carried by the housing 51. Of course, in some embodiments, the authentication device 50 may a wired electronic device, for example, a personal computer (PC), and/or may be stationary.
[0021] The authentication device 50 also includes a communications channel interface 33 carried by the housing 51. The communications channel interface 33 is illustratively a wireless interface and may include encryption circuitry 34 coupled to a wireless transceiver 56. The wireless transceiver 56 may be configured to perform wireless communications functions, for example, voice and/or data communications. The encryption circuitry 34 may be in the form of a secure access module (SAM), for example, and may encrypt the voice and/or data communications. The communications channel interface 33 may be a wired interface. An antenna 58 is illustratively carried by the housing 51 and is coupled to the wireless transceiver 56.
[0022] Referring now additionally to FIG. 3, the authentication device 50 also includes a finger sensor 20 that is illustratively carried by the housing 51. The finger sensor 20 may be in the form of an integrated circuit module, for example, and includes first processing circuitry 23 and a finger sensing area 24 coupled thereto. The finger sensing area 24 is configured to receive a user's finger 61 thereon. The finger sensor 20 may be a slide type sensor, for example, for processing a user's finger as it is slid across the finger sensing area 24. Alternatively, the finger sensor 20 may be a placement type sensor, for example, where the user's finger 61 is statically placed on the finger sensing area 24 for processing. More particularly, the finger sensor 20 may be a fingerprint module based upon a TCS1 or TCS2 FIPS 201 compliant finger sensor available from AuthenTec, Inc. of Melbourne, Florida. Of course, the finger sensor 20 may be another type of finger sensor, for example, the AES series of fingerprint sensors also available from AuthenTec, Inc. of Melbourne, Florida, as will be appreciated by those skilled in the art.
[0023] The first processing circuitry 23 is configured to generate finger image data based upon the user's finger 61 being positioned adjacent finger sensing area 24. The first processing circuitry 23 may generate the finger image data also based upon a received initiation command, for example, received from second processing circuitry 31 or host processing circuitry, as will be described in further detail below. The finger image data may be generated based upon ridges and valleys of the user's finger 61. The first processing circuitry 23 is also configured to generate and store a first template based upon the finger image data. The first template may be generated by the processing circuitry 23 by executing a first algorithm that is based upon detected fingerprint minutiae of the user's finger 61. In some embodiments, the first template may be generated by the processing circuitry 23 by executing a first algorithm that is based upon detected fingerprint ridges or ridge flows of the user's finger 61. The first template may be considered a reference template, for example. The first template is illustratively stored in a memory 25, which is coupled to the first processing circuitry 23. The memory 25 may be a secure memory, for example. In some embodiments, different algorithms may be used to generate different templates.
[0024] The authentication device 50 further includes second processing circuitry 31 carried by the housing 51 and configured to obtain the finger image data from the first processing circuitry 23. In some embodiments, the finger image data may be encrypted prior to being sent by the first processing circuitry 23 or obtained by the second processing circuitry 31. The second processing circuitry 31 includes a host processor 35, for example, that is coupled to the display 52, the array of input keys 54 or other input device(s), and the communications channel interface 33 including the wireless transceiver 56. The second processing circuitry 31 may communicate with the first processing circuitry 23 over a universal serial bus (USB) interface, a universal asynchronous receive/transmit (UART) interface, or a serial peripheral interface (SPI), as will be appreciated by those skilled in the art. The first and second processing circuitry 23, 31 may communicate with each other over other or additional interfaces.
[0025] The second processing circuitry 31 generates a second template also based upon the finger image data. More particularly, the second processing circuitry 31 generates the second template based upon extracted fingerprint minutiae of the user's finger 61. More particularly, the second processing circuitry 31 generates the second template based upon fingerprint minutiae extracted from the fingerprint image data using a second algorithm. The second template may be a Minutiae Interoperability Exchange (MINEX) template and generated based upon a MINEX compliant algorithm stored in the memory 36. In some embodiments, similar to the first processing circuitry 23, the second processing circuitry 31 may generate the second template based upon detected fingerprint ridges or ridge flows of the user's finger 61. Additionally, the second template may be based upon both minutiae and ridge flow, for example. In other words, the finger image data used to generate the second template may be a super set of the finger image data used to generate the first template.
[0026] As will be appreciated by those skilled in the art, the MINEX template, for example, may be computationally heavy. In other words, there may be an increased amount of processing associated with a MINEX template, as compared to other templates. In particular, the algorithm generating the first template is computationally light compared to the algorithm generating the second template. Thus, the first processing circuitry 23, which is part of the finger sensor 20, may be smaller in physical size, for example, as compared to the first processing circuitry 23 or host processor 35. However, the first template, or reference template may also be less accurate than the second, or MINEX, template.
[0027] The first processing circuitry 23 is also configured to obtain the second template from the second processing circuitry 31 , and thereafter validates the second template against the first template. The first processing circuitry 23 may validate the second template against the first template by comparing the templates, for example. Other validation techniques may be used, as will be appreciated by those skilled in the art. For example, validation may be carried out as a classical match between two minutiae template.
Alternatively, validation may be carried out by verifying that the two templates are related to a fingerprint with practically the same absolute positioning, for example.
[0028] The second processing circuitry 31 sends the second template via the communications channel interface 33, based upon validation of the second template against the first template. In other words, once the first processing circuitry 23 has validated the first template against the second template, i.e., a successful validation, the first processing circuitry sends the second template, i.e., the MINEX template, which may be digitally signed, to the second processing circuitry 31. The second processing circuitry 31 sends the digitally signed second or MINEX template to the communications interface 33 for sending to an upstream electronic device 60, for example.
[0029] The encryption circuitry 34 may encrypt the digitally signed second, or MINEX, template prior to sending it to the upstream electronic device 60. The digitally signed second template may be send to the upstream electronic device 60 via a wireless or wired network, for example, the Internet. The upstream electronic device 60 may process the digitally signed second template, for example, for matching or other processing.
[0030] As will be appreciated by those skilled in the art, finger image data, for example fingerprints, are typically not protected or secret, and thus little effort may be made to protect fingerprints. Additionally, since fingerprints are typically not protected, neither are the templates that are generated using the finger image data. Thus, it may be increasingly important to validate the finger image data and the generated template, to be sure that the finger image data comes from a live user's finger and is not a spoof, substitution, or tampered version. The first processing circuitry of the finger sensor 20 advantageously validates or authenticates the second template, i.e., the MINEX template, generated by the second processing circuitry 31 of host processor 35, without relying on any specific security of the second processing circuitry. In other words, the authentication device 50 validates that the finger image data comes from a live finger, and that the finger image data has not been tampered with or substituted.
[0031] The authentication device 50 may be particularly advantageous for use with authenticating a person to associate with a benefit or service. For example, a person who may not have an identification card, for example, may be entitled to certain benefits, but may have an identification number that is associated with a biometric of the person's finger. The person may wish claim the benefit, but without a physical identification card, for example, verifying the person's identity may be increasingly difficult. The authentication device 50 may be used to verify the authenticity of the person's finger and communicate the authenticated template for verification that the person is entitled to the benefits he or she is seeking. In other words, the authentication device 50 may be particularly useful for reducing fraudulent activity.
[0032] A method aspect is directed to an authentication method for an authentication device 50 that includes a housing 51 , a finger sensor 20 carried by the housing and including first processing circuitry 23 and a finger sensing area 24 coupled thereto, and second processing circuitry 31 carried by the housing. The method includes generating, via the first processing circuitry 23, finger image data based upon a finger 61 positioned adjacent the finger sensing area 24. The method further includes generating and storing, via the first processing circuitry 23, a first template based upon the finger image data. The method also includes obtaining, via the second processing circuitry 31 , the finger image data from the first processing circuitry 23 and generating, via the second processing circuitry, a second template based upon the finger image data. The method further includes obtaining, via the first processing circuitry 23, the second template from the second processing circuitry 31 and validating, via the first processing circuitry, the second template against the first template.
[0033] The authentication device 50 may also include circuitry embedded within the finger sensor 20 to provide menu navigation and selection functions, tactile feedback, and/or power up functions as will be appreciated by those skilled in the art. Many modifications and other embodiments of the invention will come to the mind of one skilled in the art having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is understood that the invention is not to be limited to the specific embodiments disclosed, and that modifications and embodiments are intended to be included within the scope of the appended claims.

Claims

THAT WHICH IS CLAIMED IS:
1 . An authentication device comprising:
a housing;
a finger sensor carried by said housing and comprising first processing circuitry and a finger sensing area coupled thereto and configured to
generate finger image data based upon a finger positioned adjacent said finger sensing area, and
generate and store a first template based upon the finger image data; and
second processing circuitry carried by said housing and configured to
obtain the finger image data from said first processing circuitry, and
generate a second template based upon the finger image data,
said first processing circuitry further configured to obtain the second template from said second processing circuitry, and
validate the second template against the first template.
2. The authentication device of Claim 1 , further comprising a communications channel interface carried by said housing and coupled to said second processing circuitry; and wherein said second processing circuitry is further configured to send the second template via the communications channel interface based upon validation of the second template against the first template.
3. The authentication device of Claim 2, wherein said communications channel interface comprises a wireless transceiver.
4. The authentication device of Claim 3, wherein said communications channel interface further comprises encryption circuitry coupled to said wireless transceiver.
5. The authentication device of Claim 1 , wherein said finger sensor comprises a finger sensing integrated circuit module.
6. The authentication device of Claim 1 , wherein the first template is less processing intensive than the second template.
7. The authentication device of Claim 1 , wherein the first template is based upon fingerprint minutiae extracted from the finger image data by said first processing circuitry and the second template is based upon fingerprint minutiae extracted from the finger image data by said second processing circuitry.
8. The authentication device of Claim 1 , wherein the second template comprises a Minutiae Interoperability Exchange (MINEX) template.
9. The authentication device of Claim 1 , further comprising at least one input device and a display each carried by said housing; and wherein said second processing circuitry comprises a host processor coupled to said at least one input device and said display.
10. An authentication device comprising:
a housing;
a finger sensor carried by said housing and comprising first processing circuitry and a finger sensing area coupled thereto and configured to
generate fingerprint image data based upon a finger positioned adjacent said finger sensing area, and
generate and store a first template based upon fingerprint minutiae extracted from the fingerprint image data using a first algorithm; and
second processing circuitry carried by said housing and configured to obtain the fingerprint image data from said first processing circuitry, and
generate a second template based upon fingerprint minutiae extracted from the fingerprint image data using a second algorithm, the second algorithm being more processing intensive than the first algorithm;
said first processing circuitry further configured to
obtain the second template from said second processing circuitry, and
validate the second template against the first template.
1 1 . The authentication device of Claim 10, further comprising a communications channel interface carried by said housing and coupled to said second processing circuitry; and wherein said second processing circuitry is further configured to send the second template via the communications channel interface based upon validation of the second template against the first template.
12. The authentication device of Claim 1 1 , wherein said communications channel interface comprises a wireless transceiver.
13. The authentication device of Claim 12, wherein said communications channel interface further comprises encryption circuitry coupled to said wireless transceiver.
14. The authentication device of Claim 10, wherein said finger sensor comprises a finger sensing integrated circuit module.
15. The authentication device of Claim 10, wherein the second template comprises a Minutiae Interoperability Exchange (MINEX) template.
16. An authentication method for an authentication device comprising a housing, a finger sensor carried by the housing and comprising first processing circuitry and a finger sensing area coupled thereto, and second processing circuitry carried by the housing, the method comprising: generating, via the first processing circuitry, finger image data based upon a finger positioned adjacent the finger sensing area;
generating and storing, via the first processing circuitry, a first template based upon the finger image data;
obtaining, via the second processing circuitry, the finger image data from the first processing circuitry;
generating, via the second processing circuitry, a second template based upon the finger image data;
obtaining, via the first processing circuitry, the second template from the second processing circuitry; and
validating, via the first processing circuitry, the second template against the first template.
17. The method of Claim 16, further comprising sending the second template via a communications channel interface coupled to the second processing circuitry based upon validation of the second template against the first template.
18. The method of Claim 17, wherein the communications channel interface comprises a wireless transceiver.
19. The method of Claim 18, wherein the communications channel interface further comprises encryption circuitry coupled to the wireless transceiver.
20. The method of Claim 16, wherein the finger sensor comprises a finger sensing integrated circuit module.
21 . The method of Claim 16, wherein the first template is less processing intensive than the second template.
22. The method of Claim 16, wherein the first template is based upon fingerprint minutiae and the second template is also based upon fingerprint minutiae.
23. The method of Claim 16, wherein the second template comprises a Minutiae Interoperability Exchange (MINEX) template.
PCT/US2011/060957 2011-11-16 2011-11-16 Authentication device including template validation and related methods WO2013074096A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
IN2360DEN2012 IN2012DN02360A (en) 2011-11-16 2011-11-16
PCT/US2011/060957 WO2013074096A1 (en) 2011-11-16 2011-11-16 Authentication device including template validation and related methods

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2011/060957 WO2013074096A1 (en) 2011-11-16 2011-11-16 Authentication device including template validation and related methods

Publications (1)

Publication Number Publication Date
WO2013074096A1 true WO2013074096A1 (en) 2013-05-23

Family

ID=45023891

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/060957 WO2013074096A1 (en) 2011-11-16 2011-11-16 Authentication device including template validation and related methods

Country Status (2)

Country Link
IN (1) IN2012DN02360A (en)
WO (1) WO2013074096A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5953441A (en) 1997-05-16 1999-09-14 Harris Corporation Fingerprint sensor having spoof reduction features and related methods
US6289114B1 (en) 1996-06-14 2001-09-11 Thomson-Csf Fingerprint-reading system
US20070245141A1 (en) * 2005-07-05 2007-10-18 Viasat, Inc. Trusted Cryptographic Processor
US20080080750A1 (en) * 2006-10-02 2008-04-03 Wison Technology Corp. Interactive wireless fingerprint recognition system
US7361919B2 (en) 2003-09-05 2008-04-22 Authentec, Inc. Multi-biometric finger sensor having different selectivities and associated methods

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6289114B1 (en) 1996-06-14 2001-09-11 Thomson-Csf Fingerprint-reading system
US5953441A (en) 1997-05-16 1999-09-14 Harris Corporation Fingerprint sensor having spoof reduction features and related methods
US7361919B2 (en) 2003-09-05 2008-04-22 Authentec, Inc. Multi-biometric finger sensor having different selectivities and associated methods
US20070245141A1 (en) * 2005-07-05 2007-10-18 Viasat, Inc. Trusted Cryptographic Processor
US20080080750A1 (en) * 2006-10-02 2008-04-03 Wison Technology Corp. Interactive wireless fingerprint recognition system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ALEX I BAZIN ET AL: "An Investigation of Minutiae Template Interoperability", AUTOMATIC IDENTIFICATION ADVANCED TECHNOLOGIES, 2007 IEEE WORKSHOP ON, IEEE, PISCATAWAY, NJ, USA, 1 June 2007 (2007-06-01), pages 13 - 18, XP031111365, ISBN: 978-1-4244-1299-0 *

Also Published As

Publication number Publication date
IN2012DN02360A (en) 2015-08-21

Similar Documents

Publication Publication Date Title
US9940503B2 (en) Authentication device including template validation and related methods
US9652657B2 (en) Electronic device including finger sensor having orientation based authentication and related methods
US6728881B1 (en) Fingerprint and signature identification and authorization card and pen
Jansen Authenticating users on handheld devices
JP4567973B2 (en) Method and system for establishing identity trust
EP3646247B1 (en) User authentication based on rfid-enabled identity document and gesture challenge-response protocol
US20050188213A1 (en) System for personal identity verification
JP2007328502A (en) Biometrics method and system
US20160321441A1 (en) Secure biometric authentication
KR101853270B1 (en) Authentication method for portable secure authentication apparatus using fingerprint
EP3622429B1 (en) Methods and devices of enabling authentication of a user of a client device over a secure communication channel based on biometric data
US11165772B2 (en) Methods and devices of enabling authentication of a user of a client device over a secure communication channel based on biometric data
KR101853266B1 (en) Portable secure authentication apparatus using fingerprint
JP2004021615A (en) Image verification system, image verification device, information processor, image verification method, and program describing same
Hasan et al. Reliable identity management system using Raspberry Pi
WO2013074096A1 (en) Authentication device including template validation and related methods
JP2010079633A (en) Biological information authentication system and method
Jain Biometric system security
Goyal et al. Integration of Face Biometric and Steganography Technique for Individual Authorization
US11483310B1 (en) Post-quantum biometric template protection system using smart card
TW201324373A (en) Fingerprint inputting direction control system and the control method thereof
JP2002304230A (en) Person authentication system, and input device
KR100749376B1 (en) Apparatus for Controlling Access in a Finger Scan and Method thereof
Li et al. An identification system combined with fingerprint and cryptography
Tiwari et al. Biometrics based user authentication

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 2360/DELNP/2012

Country of ref document: IN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11787776

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11787776

Country of ref document: EP

Kind code of ref document: A1