[go: up one dir, main page]

WO1999039310A1 - Systeme et procede d'authentification biometrique - Google Patents

Systeme et procede d'authentification biometrique Download PDF

Info

Publication number
WO1999039310A1
WO1999039310A1 PCT/US1999/001727 US9901727W WO9939310A1 WO 1999039310 A1 WO1999039310 A1 WO 1999039310A1 US 9901727 W US9901727 W US 9901727W WO 9939310 A1 WO9939310 A1 WO 9939310A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
site
feature set
access
service provider
Prior art date
Application number
PCT/US1999/001727
Other languages
English (en)
Inventor
Barry C. Phelps
Seenu S. Reddi
Original Assignee
Phelps Barry C
Reddi Seenu S
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Phelps Barry C, Reddi Seenu S filed Critical Phelps Barry C
Priority to AU23454/99A priority Critical patent/AU2345499A/en
Publication of WO1999039310A1 publication Critical patent/WO1999039310A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Definitions

  • the invention relates to a method for authenticating the identity of users, and in particular to the authentication of users across networks, more particularly across the Internet.
  • Biometric authentication involves two processes: an initial enrollment or registration process, and a verification process conducted each time the user seeks access to the service provider.
  • a reference biometric is acquired from the user, whose identity has been reliably established by other, conventional techniques (such as personal comparison of facial features to photo identity cards by a service provider's personnel).
  • the reference biometric is acquired by converting a biological feature or attribute (voice sample, finger print, signature, etc.) with an appropriate converter (microphone, scanner, etc.) into a set of numerical data, or biometric acquisition.
  • Characteristic features are then extracted from the biometric acquisition to produce a feature set.
  • a feature set is a parametric representation of the biometric voice sample, such as filter coefficients in a linear predictive coding approach.
  • biometric acquisitions are taken and their feature sets combined into a composite, reference feature set.
  • the reference feature set is then stored for future use.
  • another biometric is acquired from the user for extraction of a feature set for comparison to the reference feature set.
  • the newly acquired biometric is referred to herein as a "bid” biometric.
  • a bid feature set extracted from the bid biometric is then compared to the reference feature set, and a quality of comparison, or "score,” indicative of the closeness of the match between the two feature sets is established.
  • the quality of comparison is a measure of the differences between the bid and reference feature sets, and therefore a low value for the quality of comparison is more indicative of close match than a high value. Therefore, a user's identification is authenticated (i.e. the user from whom the bid biometric was acquired is presumed to be the same user who provided the reference biometric, and is granted access to the service provider) when the quality of comparison has a value lower than a predetermined, threshold value.
  • biometrics such as fingerprints
  • higher values are more indicative of a match, and authentication would be based on the value of the quality of comparison exceeding a threshold value.
  • higher values of quality of comparison are considered to be indicative of a better match, and authentication is based on the value of the quality of comparison exceeding a threshold value.
  • Known biometric authentication systems can be usefully classified and discussed according to the relative locations of the user, the service provider, the point of access to the service provider, the point at which the bid biometric is acquired, the point at which the bid feature set is extracted, the point at which the reference feature set is stored, the point at which the bid and reference feature sets are compared, and the point at which the verification is made (by evaluating the quality of comparison of the bid and reference feature sets).
  • the points of bid biometric acquisition, bid feature set extraction, reference feature set storage, and bid to reference feature set comparison are the same, there must be some transmission between points of one or more of the bid biometric, bid feature set, or reference feature set.
  • the assignee of the present application developed a secure door entry system with voice authentication.
  • the point of access to the service provider is the doorway.
  • the user is at the same location as the doorway when seeking admittance.
  • the service provider is at the same location (on the other side of the doorway).
  • the reference feature set is stored at a location remote from the doorway, the biometric is acquired at the doorway (by a telephone handset), the bid feature set is extracted and compared to the reference feature set, at the remote site.
  • the bid biometric acquisition is therefore transmitted (via a telephone line) in analog form from the doorway to the remote site.
  • U.S. Pat. Nos. 5,647,017 and 5,544,255 to Smithies disclose signature verification systems in which the bid biometric (signature) is acquired at a remote site (where the user is located) and transmitted to a host site (the point of access to the service provider) for verification.
  • the bid feature set is extracted at the user's site, and stored in a signature envelope along with the claimed identity of the user.
  • the signature envelope is encrypted and sent to the host site (a second computer) for decryption and for subsequent comparison of the bid and reference feature sets.
  • the bid feature set is transmitted from the user site to the host site.
  • U.S. Pat. No. 5,280,527 to Gullman discloses a remote authorization system in which a security apparatus includes a biometric sensor for capturing biometrics such as voice print, fingerprint, or signature, PROM for storing a reference feature set generated from a biometric acquired in an enroll mode and a fixed code (e.g. PIN or account number).
  • the security apparatus also includes a code generator that generates a time-varying code, a processor and a display.
  • the security apparatus is disclosed as preferably being embodied in a self-contained, portable form, such as a smart card.
  • the system compares the bid biometric to the locally stored reference feature set, and generates a "correlation factor," or quality of comparison
  • the correlation factor is compared to a threshold and if it exceeds the threshold, a security token is generated.
  • the token combines the correlation factor, the fixed code, and the time varying code.
  • the token is then displayed to the user, who can input it into an access device (e.g. ATM keypad).
  • the access device transmits the security token to the host system, which decodes the token, determines from the fixed code whether the user is an authorized user, and whether the correlation factor exceeds the threshold. If so, access is granted.
  • the bid biometric is acquired, the bid feature set extracted, the reference feature set stored, the bid and reference feature sets compared, and the verification evaluation performed, at the same site as the user (in the smart card).
  • the user is at the point of access (an ATM), while the service provider is remote.
  • U.S. Pat. Nos. 5,613,012 and 5,615,277 to Hoffman are directed to an authentication system in which a bid biometric (e.g. a fingerprint) is acquired, and the bid feature set extracted, at a biometric input device associated with a terminal at which the user is located.
  • the terminal transmits the bid feature set to a remote data processing center (DPC), where it is compared to the reference feature set.
  • DPC remote data processing center
  • U.S. Pat. No. 5,706,427 to Tabuki discloses an authentication system for use in computer networks, in which the user (at a user host computer) seeks services from a remote application server.
  • the application server directs the user host to transmit a bid biometric (acquired at the host computer) to a verification server (at a third site different from that of the user or the application server), where the bid feature set is extracted and compared to the reference feature set and where the verification evaluation is performed.
  • biometric authentication systems described above can be applied in the context of network, and Internet, service access, they suffer from shortcomings that can be particularly problematic in such contexts.
  • voice biometrics vary for a given user by time of day, mood, state of health, etc. It is therefore not uncommon to produce false negatives, in which a valid user's bid feature set is rejected as being unacceptably different from the reference feature set. It is therefore common to allow a user to submit another bid biometric following a rejection. This can be repeated some predetermined number of times before the user is refused further bids and must resort to other avenues for access to the service provider.
  • the need to permit repeated bid biometric acquisition, bid feature set extraction, and feature set comparison operations in a single service provider access transaction makes network biometric authentication, especially on the Internet, unattractive because these operations are relatively likely to be interrupted. This would require the user to attempt (often unsuccessfully) to reestablish communication first with the Internet, then with the service provider's point of access and then to reinitiate the bid process.
  • the bid biometric or bid feature set is transmitted to a site remote from the user for bid feature set extraction and/or bid-to-reference feature set comparison. If the verification evaluation produces a negative result, that information must be communicated back to the user's site so that another bid biometric can be acquired.
  • Such systems are therefore susceptible to the interruption problem described above.
  • Gullman avoids the interruption problem by storing the reference feature set with the user (in the same smart card that contains the biometric sensor).
  • the user must have a physical token (the smart card).
  • the service provider does not have control over the reference feature set, since it is in the user's possession. Many, if not most, service providers would consider this to be unacceptable.
  • a user seeking access to a service provider's service contacts an access point, such as a Internet site or page on the World Wide Web (WWW) and requests access.
  • Identifying information (such as a name, account number, personal identification number (PIN), etc.) Is requested from the user.
  • a reference biometric feature set maintained by the service provider (or a third party) remote from the user's site is transmitted (such as via the Internet) to the user's site.
  • a bid biometric is acquired from the user and a bid feature set extracted from the bid biometric, at the user's site.
  • the bid and reference feature sets are compared at the user's site, and a quality of comparison is determined and compared to a predetermined threshold value to determine, to a desired degree of certainty, whether the user's identity matches that of the user associated with the reference feature set. If the identities match, appropriate information indicative of the match is transmitted from the user site to the access point, which then grants the user access to the service provider. If the identities do not match, another bid feature set can be obtained from the user, compared to the reference feature set, and the resulting quality of comparison compared to the quality threshold. After a predetermined number of unsuccessfully attempted matches, the bid process can be terminated. This authentication process requires only a single transmission of a biometric feature set between the user site and access point.
  • the bid feature set acquisition and comparison to the reference feature set, the quality of comparison calculation, and if necessary, subsequent bid feature set acquisition are ail performed at the user's location. This renders the authentication process less vulnerable to interruption of communication between the user and the access point.
  • the biometric used for authentication is the user's voice. This permits the use of simple, inexpensive, and commonly and readily available biometric conversion hardware, such as a microphone.
  • FIG. 1 is a schematic illustration of a biometric authentication system.
  • Fig. 2 is a schematic illustration of a user site.
  • Fig. 3 is a schematic illustration of a service provider site.
  • Fig. 4 is a schematic illustration of the user and service provider sites.
  • Figs. 5A-C are flow diagrams of the service provider access procedure.
  • Figs. 6A-B are schematic illustrations of the flow and contents of data exchanged by the user and service provider sites during the enrollment process.
  • Figs. 7A-B are schematic illustrations of the flow and contents of data exchanged by the user and service provider sites during the verification process.
  • a biometric authentication system embodying the principles of the invention is illustrated in schematic form in Fig. 1.
  • the system includes a user site 100, which can communicate via a network, for example the Internet 10, with a service provider site 200.
  • Service provider site 200 conceptually includes a service provider access site 210, a service provider service site 220, and a verification / storage site 230.
  • the user seeks access to services available from service site 220 by contacting access site 210, which initiates communication between user site 100 and verification / storage site 230, either directly or via access site 210.
  • User site 100 generally consists of a personal computer equipped with appropriate hardware and software to enable acquisition and manipulation of biometrics, communication with access site 210, and execution of biometric verification processes through interaction with access site 210 and/or verification site 230.
  • user site 100 can include user input device(s) 110, biometric sensor or converter 120 for acquiring biometrics from the user, output device(s) 130, processor (with RAM) 180, communications device 150, software and data storage 145, all of which can communicate with each other via, for example, communication bus 170.
  • User input device(s) 110 can include a keyboard and a pointing device (mouse, joystick, track pad, etc.).
  • Biometric converter 120 can include any suitable device for acquiring a selected biometric. In the illustrated embodiment,
  • biometric converter 120 is therefore a microphone.
  • Any suitable apparatus and process can be used for acquiring voice prints, extracting reference and bid feature sets, comparing feature sets, evaluating the quality of the comparison, setting threshold values, and comparing quality of comparison to thresholds.
  • Such suitable apparatuses are available for selection by the artisan, and neither their selection nor the details of their operation form a part of the invention.
  • Other devices can be used for other biometrics, such as a digitizing pad or scanner to acquire signatures, a camera to acquire facial features, a scanner to acquire fingerprints, etc.
  • Output device(s) 130 can include a visual display, auditory output device such as a speaker, and physical output device such as a printer.
  • Communications device 150 can include any suitable device for communication with the network on which the service provider access site is resident, such as a modem for communication via analog data lines with an ISP, a network interface to the network containing the access site or a local area network having capabilities for communication with the Internet.
  • Storage 145 can include any suitable mass storage device, such as magnetic or optical disk drive, etc., on which can be stored software and data associated with the biometric authentication process and from which the software and data can be retrieved and loaded into RAM or other location suitable for execution and processing by processor 180.
  • service provider site 200 can include communications device 240, processor 250, services 280, reference feature sets storage 260 and software for downloading storage 270.
  • the communications device 240 provides the ability to communicate with the network, preferably the Internet 10, communicating requests for access to the services 280 as well as downloading software and reference feature sets.
  • the processor 250 processes requests for access, requests for software to be downloaded and requests for reference feature sets for be downloaded.
  • Services 280 can consist of any services the service provider is offering to the user, such as banking services, once access to the service provider has been authenticated.
  • Fig. 4 illustrates schematically user site 100 and service provider site 200.
  • each user site has a computer including CPU 185, user interface 190, primary memory (RAM) 140, user communications interface 151 for communication with the service provider 200 via the communication network 10, and additional memory 160 for loading software for execution by CPU 180.
  • the software components include software that is already resident at user site 100 before accessing the service provider site 200, such as an operating system 162, and network navigation / interface software, such as WWW browser program 164.
  • service provider site 200 has a computer including CPU 290, primary memory (RAM) 292, communications interface 294 for communicating with the user sites 100 via the communications network 10, and additional memory 295 for loading software for execution by CPU 290.
  • the software components include server interface software and/or data 296, such as hypertext documents encoded in Hypertext Markup Language (HTML), which present the Web page to the user.
  • server interface software and/or data 296, such as hypertext documents encoded in Hypertext Markup Language (HTML), which present the Web page to the user.
  • HTTP Hypertext Markup Language
  • user site 100 and service provider site 200 communicate via interaction between browser program 164 and the server interface 296, i.e. by the browser program reading the HTML encoded Web page.
  • the authentication process is implemented in software which has components at both the service provider site 200 and the user site 100, which components operate as a layer or interface between the browser and the HTML.
  • the user site software component 165 is downloaded from the service provider site 200 during the enrollment process, as described below.
  • the downloaded software includes native code 168, which contains the functions Verify() and Enroll(), 168a and 168b, respectively, and browser interface 166.
  • Browser interface 166 provides an interface between the native code and the browser.
  • the service provider site software component 298 is an applet that can be invoked through the Web page via the browser. This applet in turn communicates with the browser interface software to initiate execution of the native code.
  • browser interface 166 is implemented as a Netscape plug-in and the service provider site software
  • 10 component 298 is correspondingly implemented as an applet coded in the Java programming language.
  • browser interface 166 is implemented as a Microsoft ActiveX program (OCX)
  • OCX Microsoft ActiveX program
  • the service provider site software component 298 is correspondingly implemented as ActiveX control.
  • the service provider access procedure 500 of the illustrated embodiment is illustrated in Fig. 5A.
  • the process begins when the user initiates access to the service provider's access site on the WWW at step 502.
  • the service provider determines at step 504 if the user is a new user to the service. If the user is new, then the enrollment process is initiated at step 508 with a New User Request to the service provider 200.
  • the service provider 200 assigns a User ID for this user at step 509, then transmits a New User Download at step 510, which provides the user site software component 165.
  • the service provider then generates a request for enrollment at step 580.
  • the user in turn initiates the enrollment procedure at step 590.
  • Enrollment procedure 590 is shown in more detail in Fig. 5B.
  • Enrollment process 590 begins with initiation of the Enroll() function 168a at step 592.
  • the Enroll() function acquires from the user at step 594 several biometric samples, from each of which is extracted a feature set.
  • the feature sets are combined to generate a composite, reference feature set at step 596.
  • the reference feature set is then uploaded at step 598 to the service provider for storage in the reference feature set repository.
  • control of the process is returned to the access procedure at step 599.
  • the flow and content of data exchanged by user site 100 and service provider site 200 relating to the enrollment process 590 is illustrated schematically in Figs. 6A and 6B.
  • New User Request 650 includes a block of identifying information 652 about the user (such as the user's name, address, account number with the service provider, etc.).
  • the service provider assigns a User ID
  • Download 660 includes User ID 664, the user site software component 165, and information relating to the verification process, such as a default maximum number of verification attempts allowed 662, and default quality of comparison threshold 663.
  • the reference feature set 672 is generated, and an enrollment upload 670 is sent to the service provider.
  • Enrollment upload 670 includes User ID 664 and reference feature set 672.
  • the service provider then stores reference feature set 672. After enrolling, the user can access the service provider's service site, subject to the verification process. As shown in Fig.
  • the verification process is initiated at step 530 with an Access Request transmitted from user site 100 to service provider 200.
  • the service provider requests verification at step 540 by transmitting Verification Request 720. This in turn initiates the verification process at step 550.
  • Verification procedure 550 is shown in more detail in Fig. 5C.
  • Verification procedure 550 begins with initiation of the Verify() function 168b at step 551.
  • the VerifyO function generates a request to the service provider for this User ID's reference feature set.
  • the reference feature set is downloaded to the user site in step 552.
  • the VerifyO function acquires from the user a bid biometric sample in step 553, from which a bid feature set is extracted.
  • the bid feature set is compared to the reference feature set at step 554, and a quality of comparison, or score, is calculated at step 555.
  • the quality of comparison represents a goodness of fit, or match, between the bid and reference features sets, and correlates with the likelihood that the user is the person from whom the reference feature set was generated.
  • the quality of comparison is then compared at step 556 to a threshold value to determine if the user should be authenticated.
  • the threshold is set at a predetermined value, which value is selected to strike the balance preferred by the service provider between having a high degree of confidence that the user is authentic and having authentic users incorrectly rejected. If the quality of
  • the verification process returns that the user should be authenticated at step 557. If the quality of comparison does not exceed the threshold, then the VerifyO function checks to see how many times the user has thus far attempted verification at step 558. If the number of bids does not exceed the maximum number of allowed attempts, the user can generate a new bid by acquiring and extracting a new bid biometric, as shown by loop 501 in Fig. 5C. If the quality of comparison of the bid biometrics never exceeds the threshold and the user exceeds the maximum allowed attempts, then "user not authenticated" is returned at step 559, and the user is not allowed access to service provider site 200.
  • Figs. 7A and 7B The flow and content of data exchanged by user site 100 and service provider site 200 relating to the verification process 550 is illustrated in Figs. 7A and 7B.
  • the user site 100 sends an Access Request 710 to service provider site 200.
  • Access Request 710 includes User ID 664.
  • Service provider site 200 then transmits a Verification Request 720 to user site 100.
  • Verification Request 720 can include a call to VerifyO 722, the maximum allowable number of bids for this access attempt 724, and the minimum quality of comparison threshold required for this access attempt 726.
  • Maximum allowable number of bids 724 and minimum quality of comparison threshold 726 are optional data, to be used if the service provider wishes to override the default maximum allowable number of bids 662 and default minimum quality of comparison threshold 663 downloaded in the New User Download 660.
  • Request 725 for the bid user's reference feature set is then transmitted to service provider site 200, and reference feature set 730 is downloaded.
  • verification result 740 (User Authenticated 742 or User Not Authenticated 743) is returned to service provider 200, and the user is granted or denied access accordingly.
  • any other biometric can be used. All of the functional elements of the service provider's site (access site, service site, storage site, verification site) can be located at the same physical location or network site, or can be dispersed across a network (including a LAN, WAN, or the Internet). Although it is assumed that the service site is under the direct control of the service provider, the other elements or functions (access, storage, verification) can be under control of third parties or the service provider. Although it is preferred to store, and transmit to the user site, a reference feature set, it is contemplated that reference biometrics could be stored and transmitted instead.
  • some of these steps could be performed at the service provider site, albeit at the cost of additional transmissions and attendant risk of interruption.
  • the quality of comparison could be transmitted to the service provider site, where it could be compared to the threshold, and if the threshold is not met, an instruction transmitted back to the user site to acquire another bid biometric, extract another bid feature set, perform another comparison, and transmit to the service provider site another quality of comparison.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Collating Specific Patterns (AREA)

Abstract

L'invention concerne un procédé d'authentification biométrique de l'identité d'un utilisateur se trouvant sur un site utilisateur (100) et cherchant à accéder à des services fournis par un prestataire de services (200) se trouvant à un emplacement différent du site utilisateur. Ce procédé consiste à obtenir de l'utilisateur l'entrée de ses caractéristiques biométriques, à transmettre au site utilisateur un ensemble de caractéristiques biométriques de référence, associées à l'utilisateur et mises en mémoire en un lieu éloigné du site utilisateur, et à comparer sur le site utilisateur les caractéristiques soumises par l'utilisateur et l'ensemble de caractéristiques de référence.
PCT/US1999/001727 1998-01-30 1999-01-28 Systeme et procede d'authentification biometrique WO1999039310A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU23454/99A AU2345499A (en) 1998-01-30 1999-01-28 Biometric authentication system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US7316698P 1998-01-30 1998-01-30
US60/073,166 1998-01-30

Publications (1)

Publication Number Publication Date
WO1999039310A1 true WO1999039310A1 (fr) 1999-08-05

Family

ID=22112122

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/001727 WO1999039310A1 (fr) 1998-01-30 1999-01-28 Systeme et procede d'authentification biometrique

Country Status (2)

Country Link
AU (1) AU2345499A (fr)
WO (1) WO1999039310A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001020463A1 (fr) * 1999-09-17 2001-03-22 Fingloq Ab Installation de securite
WO2001084507A1 (fr) * 2000-05-04 2001-11-08 Marco Iori Systeme de reconnaissance d'utilisateur pour la commande automatique d'acces, appareils et equipement similaire
WO2003009113A1 (fr) * 2001-07-18 2003-01-30 Safe Connect Sweden Aktiebolag Procede permettant de connecter de maniere sure et rapide un premier ordinateur sur un second ordinateur ayant une capacite d'acces limitee
EP1139301A3 (fr) * 2000-03-24 2004-05-06 Matsushita Electric Industrial Co., Ltd. Appareil pour vérification d'identité, système pour vérification d'identité, carte pour vérification d'identité et procédé pour vérification d'identité basé sur l'identification biométrique

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1986006527A1 (fr) * 1985-04-22 1986-11-06 The Quantum Fund Ltd. Procede et dispositif de reconnaissance de motifs epidermiques
US5229764A (en) * 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
US5280527A (en) 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
US5386104A (en) * 1993-11-08 1995-01-31 Ncr Corporation System and method for detecting user fraud in automated teller machine transactions
WO1996018169A1 (fr) * 1994-12-06 1996-06-13 Loren Kretzschmar Appareil et procede de verification de transaction
US5544255A (en) 1994-08-31 1996-08-06 Peripheral Vision Limited Method and system for the capture, storage, transport and authentication of handwritten signatures
US5613012A (en) 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions
US5615277A (en) 1994-11-28 1997-03-25 Hoffman; Ned Tokenless security system for authorizing access to a secured computer system
US5706427A (en) 1995-09-08 1998-01-06 Cadix Inc. Authentication method for networks

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1986006527A1 (fr) * 1985-04-22 1986-11-06 The Quantum Fund Ltd. Procede et dispositif de reconnaissance de motifs epidermiques
US5229764A (en) * 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
US5280527A (en) 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
US5386104A (en) * 1993-11-08 1995-01-31 Ncr Corporation System and method for detecting user fraud in automated teller machine transactions
US5544255A (en) 1994-08-31 1996-08-06 Peripheral Vision Limited Method and system for the capture, storage, transport and authentication of handwritten signatures
US5647017A (en) 1994-08-31 1997-07-08 Peripheral Vision Ltd. Method and system for the verification of handwritten signatures
US5613012A (en) 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions
US5615277A (en) 1994-11-28 1997-03-25 Hoffman; Ned Tokenless security system for authorizing access to a secured computer system
WO1996018169A1 (fr) * 1994-12-06 1996-06-13 Loren Kretzschmar Appareil et procede de verification de transaction
US5706427A (en) 1995-09-08 1998-01-06 Cadix Inc. Authentication method for networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
STOCKEL A: "SECURING DATA AND FINANCIAL TRANSACTIONS", 18 October 1995, PROCEEDINGS OF THE 29TH. ANNUAL INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY, SANDERSTEAD, GB, OCT. 18 - 20, 1995, NR. CONF. 29, PAGE(S) 397 - 401, SANSON L D (ED ), XP000575565 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001020463A1 (fr) * 1999-09-17 2001-03-22 Fingloq Ab Installation de securite
EP1139301A3 (fr) * 2000-03-24 2004-05-06 Matsushita Electric Industrial Co., Ltd. Appareil pour vérification d'identité, système pour vérification d'identité, carte pour vérification d'identité et procédé pour vérification d'identité basé sur l'identification biométrique
WO2001084507A1 (fr) * 2000-05-04 2001-11-08 Marco Iori Systeme de reconnaissance d'utilisateur pour la commande automatique d'acces, appareils et equipement similaire
WO2003009113A1 (fr) * 2001-07-18 2003-01-30 Safe Connect Sweden Aktiebolag Procede permettant de connecter de maniere sure et rapide un premier ordinateur sur un second ordinateur ayant une capacite d'acces limitee

Also Published As

Publication number Publication date
AU2345499A (en) 1999-08-16

Similar Documents

Publication Publication Date Title
CA2636825C (fr) Authentification de documents d'identite multimode
US7447910B2 (en) Method, arrangement and secure medium for authentication of a user
US8220063B2 (en) Biometric authentication for remote initiation of actions and services
JP3668175B2 (ja) 個人認証方法、個人認証装置および個人認証システム
US6970853B2 (en) Method and system for strong, convenient authentication of a web user
RU2320009C2 (ru) Системы и способы для защищенной биометрической аутентификации
US7091826B2 (en) User authentication system using biometric information
US7086085B1 (en) Variable trust levels for authentication
US8161291B2 (en) Process and arrangement for authenticating a user of facilities, a service, a database or a data network
US6636975B1 (en) Accessing a secure resource using certificates bound with authentication information
US20070061590A1 (en) Secure biometric authentication system
JP4799496B2 (ja) 個人認証方法
US20030046237A1 (en) Method and system for enabling the issuance of biometrically secured online credit or other online payment transactions without tokens
US20030051173A1 (en) Computer security system
US20060242691A1 (en) Method for carrying out a secure electronic transaction using a portable data support
JP2003534589A (ja) 認証システム及び方法
US20020038426A1 (en) Method and a system for improving logon security in network applications
EP1410149A4 (fr) Systeme et procede d'authentification multimodale par verification du locuteur
US8438620B2 (en) Portable device for clearing access
WO1999039310A1 (fr) Systeme et procede d'authentification biometrique
JP2011118561A (ja) 個人認証装置及び個人認証方法
JP2002366527A (ja) 本人認証方法
WO2004077208A2 (fr) Systeme et procede d'authentification
JP2003091508A (ja) 生体情報を用いた個人認証サービスシステム
JP2005107668A (ja) 生体認証方法及びプログラム並びに装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
NENP Non-entry into the national phase

Ref country code: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase