Note: Descriptions are shown in the official language in which they were submitted.
CA 02369675 2001-10-03
WO 01/71462 PCT/USO1/40332
SYSTEM AND METHOD FOR SECURE BIOMETRIC
IDENTIFICATION
BACKGROUND OF THE INVENTION
Field of the Invention
The present invention relates to electronic devices and systems.
More specifically, the present invention relates to systems and methods for
providing user identification and/or authentication for electronic devices and
systems.
Description of the Related Art
Currently, whenever a user wishes to access a computer-based system
containing private data, the user must often identify himself, usually with a
password. Passwords notoriously provide poor security as users either chose
very simple, easily ascertained passwords or, if they use more difficult
passwords, users often write them down, making them subject to theft.
In the end, most forms of encryption, as well as access controls such
as passwords and even locks, serve a single purpose of identifying the person
requesting access.
Hence, there is a need in the art for a reliable, secure system or
method of authenticating the identity of a user. Ideally, the system or method
would be effective such that one would not need to memorize passwords or
utilize other authenticating devices such as keys to access computers and
other electronic devices and systems.
SUMMARY OF THE INVENTION
The need in the art is addressed by the system and method for secure
biometric identification of the present invention. The inventive system
1
CA 02369675 2001-10-03
WO 01/71462 PCT/USO1/40332
includes a mobile unit and a server. In the illustrative embodiment, the
mobile unit is adapted to receive biometric input and provide a first signal
in
response thereto. A first transceiver is included for transmitting the first
signal and receiving a second signal in response thereto. W an illustrative
embodiment, a secure device is operationally coupled to the mobile unit.
The secure device has two modes of operation: a first locked mode by which
access thereto is prohibited and a second unlocked mode b~- which access
thereto is enabled on receipt of the second signal.
The server unit includes a second transceiver for receiving the first
signal transmitted via the wireless link. The server is equipped with a
system for authenticating the biometric data and providing the second signal
in response thereto. The second signal is then communicated to the mobile
unit where it is utilized to access the secure device.
In the illustrative embodiment, the first and second transceivers are
adapted to operate in accordance with the Bluetooth specification.
Preferably, the mobile unit is adapted to encrypt the first signal and decrypt
the second signal. In the illustrative implementation, biometric input is
provided by a fingerprint sensor mounted on a Personal Digital Assistant.
The secure device in the illustrative implementation is an encrypted
database for which the second signal is a decryption key.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 a is a perspective front view of an illustrative implementation of
a PDA adapted for use in accordance with the teachings of the present
invention.
Fig. lb is a perspective rear view thereof.
Fig. 2 is a block diagram of an illustrative implementation of a
mobile unit subsystem constructed in accordance with the present teachings.
Fig. 3 is a block diagram of an illustrative implementation of a server
subsystem for use in the system for secure biometric identification of the
present invention.
2
CA 02369675 2001-10-03
WO 01/71462 PCT/USO1/40332
Fig. 4 is a flow diagram illustrative of a method for secure biometric
identification implemented in accordance with the teachings of the present
invention.
DESCRIPTION OF THE INVENTION
Illustrative embodiments and exemplary applications will now be
described with reference to the accompanying drawings to disclose the
advantageous teachings of the present invention.
While the present invention is described herein with reference to
I S illustrative embodiments for particular applications, it should be
understood
that the invention is not limited thereto. Those having ordinary skill in the
art and access to the teachings provided herein will recognize additional
modifications, applications, and embodiments within the scope thereof and
additional fields in which the present invention would be of significant
utility.
As mentioned above, and in accordance with the present teachings,
the inventive system includes a mobile unit and a server. In the illustrative
embodiment. the mobile unit is a Personal Digital Assistant (PDA) adapted
to receive biometric input from a fingerprint sensor and provide a first
signal in response thereto. Personal Digital Assistants are well known and
widely used.
Fig. la is a perspective front view of an illustrative
implementation of a PDA adapted for use in accordance with the teachings
of the present invention. Fig. lb is a perspective rear view thereof. In the
preferred embodiment, the PDA is implemented in accordance with the
teachings of copending U.S. Application No. 09/531,859, filed on March 21,
2000, entitled "SYSTEM AND METHOD FOR SECURE USER
IDENTIFICATION WITH BLUETOOTH ENABLED TRANSCENER
AND BIOMETRIC SENSOR IMPLEMENTED IN A HANDHELD
COMPUTER", inventor Martin Morris, (Atty. Docket No. WIDC-O11),
which teachings are hereby incorporated herein by reference. As disclosed in
3
CA 02369675 2001-10-03
WO 01/71462 PCT/USO1/40332
the reference application, in the best mode. the PDA 10 is equipped with an
expansion slot 12 such as the Visor~m Handheld Computer manufactured and
sold by Handspring and disclosed more fully at wwv.handspring.com. As
shown in Fig. lb, the expansion slot 12 is adapted to receive a card 14 on
which a biometric device, in the illustrative embodiment - a fingerprint
sensor 16, is disposed. In addition, in accordance with the present teachings,
a transceiver 22 is also disposed on the card 14. In the preferred
embodiment, the transceiver 22 is adapted to operate in accordance with the
BLUETOOTH SPECIFICATION VERSION 1.OA CORE, published in July
1999. When the card is inserted into the expansion slot, it interfaces
electrically with the system bus of the PDA and provides an electrical circuit
depicted in Fig. 2.
Fig. 2 is a block diagram of an illustrative implementation of a
mobile unit subsystem constructed in accordance with the present teachings.
The mobile unit subsystem 20 includes the wireless transceiver 22 which is
adapted to communicate with a central processing unit (CPU) 26 of the PDA.
The central processing unit 26 receives biometric data from the fingerprint
sensor 28. In accordance with the present teachings, data from the
fingerprint sensor 28 is encrypted in either in software 30 adapted to run on
the CPU 26 and/or in optional hardware 32. Encryption hardware and
software are well known in the art. The control software 30 also enables the
CPU 26 to selectively access and control the mobile unit components via a
system bus shown generally at 38.
The encrypted biometric data is either used locally to access an
encrypted database 34 or, preferably, transmitted over a link such as a
wireless link to a server subsystem via the transceiver 22 and antenna 24.
The server subsystem is depicted in Fig. 3.
Fig. 3 is a block diagram of an illustrative implementation of a server
subsystem for use in the system for secure biometric identification of the
present invention. The encrypted biometric data signal is received by a
server antenna 42 and a second wireless Bluetooth enabled transceiver 44.
The received signal is decrypted by an optional conventional hardware
4
CA 02369675 2001-10-03
WO 01/71462 PCT/USO1/40332
based decryption circuit 46 and/or by decryption software implemented in
control software 48 adapted to run on a server CPU 50. Those skilled in the
art will appreciate that the decryption scheme utilized on the server is
designed to match that of the mobile unit 20. In the preferred embodiment,
the RSA public key encryption scheme is used. This scheme is disclosed
more fully in U.S. Patent No. 4,405,829 entitled Cryptograpgic
Communications System & Method, issued 9/29/83 to Rivest, et al. the
teachings of which are incorporated herein by reference. The server control
software also controls the CPU 50 to selectively access and control the
components of the server subsystem 40 via a server subsystem bus shown
generally at 51.
In accordance with the present teachings, the decrypted biometric
data, in the illustrative implementation, the decrypted fingerprint, is
compared by fingerprint matching software 52 to a database 54 of biometric
data, i.e., fingerprints. Fingerprint matching software is well known in the
art. Such software may be purchased from Veridicom, Inc. of Santa Clara,
CA.
When a match is achieved, a user is identified and an authentication
key specific to the identified mobile user is retrieved from an encryption key
database by the CPU 50 via the bus 51. In the preferred embodiment, the
retrieved encryption key is encrypted by the resident encryption scheme
either by the hardware unit 46, if provided, and/or by the encryption
software implemented in the control software 48. The encrypted encryption
key is then transmitted back to the mobile unit 20 via the wireless link
through the transceiver 44 and antenna 42. As an alternative, the encrypted
encryption key may be provided to a network 59 via a first network interface
card or circuit 58 and a second network interface card or circuit 66. The
network 59 facilitates the communication of the encrypted encryption key to
the mobile unit 20 via a wireless transceiver 62 and an antenna 64. This
configuration may be preferred if the second antenna 64 is closer to the
mobile unit 20.
5
CA 02369675 2001-10-03
WO 01/71462 PCT/USO1/40332
In addition, those skilled in the art will appreciate that the inventive
system can be implemented such that the encrypted biometric data is
transmitted from a first PDA 20 and the encrypted encryption key or other
information is sent to a second mobile unit or over a network to a second
server or network of devices.
Returning to Fig. 2, on receipt of the encrypted encryption key from
the server subsystem 40 via the antenna 24 and the wireless transceiver 22,
the mobile unit CPL 26 decrypts the encrypted key using the resident
software and/or hardware decryption facility 30 and 32, respectively. The
decrypted encryption key is then used by the CPU 26 to access a secure
device. In an illustrative embodiment, the secure device is an encrypted
database 34 mounted on the mobile unit. Those skilled in the art will
appreciate that the secure device need not be mounted on the mobile unit 20.
As an alternative, the secure device may be coupled to the mobile unit via
the wireless link.
In any event, the secure device, i.e., database 34, has two modes of
operation: a first locked mode by which access thereto is prohibited and a
second unlocked mode by which access thereto is enabled on receipt of the
decrypted encryption key. For optimal security, the decryption key for the
encrypted database 34 should not be stored on the mobile unit. On receipt
of the decrypted decryption key, a working copy 36 of the encrypted
database 34 is created.
Fig. 4 is a flo«~ diagram illustrative of a method for secure biometric
identification implemented in accordance with the teachings of the present
invention. As shown in Figs. 2, 3 and 4 when a user in possession of the
mobile unit 20 wishes to access the secure device 34, he/she places a finger
on the fingerprint sensor 28 and starts the access control program 100.
At step 104, the CPU 26 running the access control software 30 scans
the fingerprint from sensor 28 and, at step 106, encrypts it with the public
key of the authentication server 40 by using the encryption software or
hardware 30, 32.
6
CA 02369675 2001-10-03
WO 01/71462 PCT/USO1/40332
At step 108, the resulting encrypted message is sent to the server 40
via the transceiver 22 and antenna 24 on the mobile unit 20 and the antenna
42 and transceiver 44 of the server 40. As mentioned above, as an
alternative, the encrypted fingerprint is sent via the access point 60 and
local
or wide-area network 59 when the server 40 is not within direct radio range
of the mobile unit 20.
At step 110, when the authentication request is received at the server
40, the server CPU 50 decrypts the message using its secret key and the
encryption hardware and/or software 46 and 48, respectively.
At step 112, the CPU 50 then utilizes the fingerprint match software
52 to compare the decrypted fingerprint to the database of authorized
fingerprints 54 to determine if the request is valid.
If the request is valid, then, at step 114, the decryption key for the
user's encrypted database 34 (Fig. 2) is retrieved from the key database 56
(Fig. 3).
At step 116, the key is encrypted via the encryption hardware or
software 46, 48 (Fig. 3) and, at step 118, sent back to the mobile unit 20 via
the same path from which the request was originally received.
At the mobile unit 20, at steps 122 and 124, the key is received and
decrypted.
At step 126, the retrieved key used to make a temporary working
copy 36 of the encrypted database 34.
At step 128 this temporary copy 36 is either read or edited.
If edited, then at step 130 the edited working copy is deleted or rewritten to
encrypted form as soon as the user completes his operation.
Thus, the present invention has been described herein with reference
to a particular embodiment for a particular application. Those having
ordinary skill in the art and access to the present teachings will recognize
additional modifications applications and embodiments within the scope
thereof.
7
CA 02369675 2001-10-03
WO 01/71462 PCT/USO1/40332
It is therefore intended by the appended claims to cover airy and all
such applications, modifications and embodiments within the scope of the
present invention.
Accordingly,
8