WO2001009847A1 - Method, device and system for biometric authentication - Google Patents
Method, device and system for biometric authentication Download PDFInfo
- Publication number
- WO2001009847A1 WO2001009847A1 PCT/EP2000/007124 EP0007124W WO0109847A1 WO 2001009847 A1 WO2001009847 A1 WO 2001009847A1 EP 0007124 W EP0007124 W EP 0007124W WO 0109847 A1 WO0109847 A1 WO 0109847A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- authentication
- biometric
- stored
- biometric data
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000007689 inspection Methods 0.000 abstract 1
- 230000006870 function Effects 0.000 description 4
- 230000000007 visual effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
Definitions
- the invention relates to a method, as well as a device and a system for biometric authentication, in particular for securing the biological authentication against replay attacks.
- An authentication procedure is used when a person requests access to secure facilities. For example, authentication is carried out regularly by means of a PIN comparison if a card user inserts a chip card - for example a credit card - into an automated teller machine (terminal) or if a person requests entry to secure premises. For this purpose, a stored PIN is checked for identity with the PIN specified by the card user or the person requesting entry.
- a biometric feature of the person is used as an identification feature instead of a PIN.
- the biometric feature can be a fingerprint, for example, but in the context of the present invention is also intended to include a personal signature.
- a disadvantage of such authentication methods is that authentication can be attacked if the biometric data that has been stored as reference data or that has led to authentication is intercepted by unauthorized third parties in order to use it again later for unauthorized authentication , This type of attack is known as a replay attack.
- the object of the present invention is therefore to secure biometric authentication methods against replay attacks. This object is achieved by the features of the independent claims. Advantageous refinements of the invention are specified in subclaims.
- the invention makes use of the fact that the biometric features are generally common, that in contrast to the PIN they are not 100% reproducible, which is why authorization is already given when the biometric feature presented by the person matches the stored reference data exceeds a predetermined threshold.
- a predetermined threshold value in particular not 100% and preferably not more than 99%.
- a replay attack can in fact be assumed and, according to the invention, the authentication is consequently refused.
- a comparison circuit is provided which generates a message and, for example, outputs an error message when a comparison of the reference data with the newly recorded biometric data of a person results in a match lying above this (second) threshold value. If the error message is output, it can also be provided to automatically block further operation.
- the (second) visual value of 99% or 100% relevant to the invention is stored either in a terminal or on a separate data carrier, in particular a chip card, together with the reference data.
- the recorded biometric data which have led to an authentication and possibly also the recorded biometric data which did not lead to the authentication because they were below the first threshold value are collected and stored as data records ⁇ verden. These data records are preferably stored in a stack memory or shift register. During each authentication process, it is then checked whether the biometric data of the presented biometric feature are identical to one of the stored data records or if more than 99% match. A replay attack can then be assumed and authentication is refused by the authentication system.
- hash values of the same are stored.
- a hash function is applied to the comparison data record, which generates a relatively short hash value.
- Hash functions are known per se, a hash function being a unique, compressive mapping to a word of fixed length.
- the hash function is processed in several rounds on a block-by-block partition of the output data. The result depends on the entire input. It is not possible to calculate the output data from the hash value. It is complexity theory difficult to change the input data in such a way that the hash value remains the same.
- the hash value is recalculated.
- the probability that two biometric data sets produce the same hash value is low, so that a replay attack must be assumed if they match.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU68283/00A AU6828300A (en) | 1999-07-30 | 2000-07-25 | Method, device and system for biometric authentication |
EP00956278A EP1208540A1 (en) | 1999-07-30 | 2000-07-25 | Method, device and system for biometric authentication |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19936094.4 | 1999-07-30 | ||
DE19936094A DE19936094C1 (en) | 1999-07-30 | 1999-07-30 | Method and device for biometric authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001009847A1 true WO2001009847A1 (en) | 2001-02-08 |
Family
ID=7916749
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2000/007124 WO2001009847A1 (en) | 1999-07-30 | 2000-07-25 | Method, device and system for biometric authentication |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1208540A1 (en) |
AU (1) | AU6828300A (en) |
DE (1) | DE19936094C1 (en) |
WO (1) | WO2001009847A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1418486A2 (en) * | 2002-11-05 | 2004-05-12 | Samsung Electronics Co., Ltd. | Fingerprint-based authentication apparatus |
WO2005096214A1 (en) * | 2004-03-22 | 2005-10-13 | Raytheon Company | Personal authentication device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5280527A (en) * | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
WO1998011750A2 (en) * | 1996-09-11 | 1998-03-19 | Yang Li | Method of using fingerprints to authenticate wireless communications |
US5870723A (en) * | 1994-11-28 | 1999-02-09 | Pare, Jr.; David Ferrin | Tokenless biometric transaction authorization method and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19730170A1 (en) * | 1997-07-15 | 1999-01-21 | Rene Baltus | Multiple detection and comparison arrangement for biometric characteristics |
-
1999
- 1999-07-30 DE DE19936094A patent/DE19936094C1/en not_active Expired - Fee Related
-
2000
- 2000-07-25 AU AU68283/00A patent/AU6828300A/en not_active Abandoned
- 2000-07-25 WO PCT/EP2000/007124 patent/WO2001009847A1/en not_active Application Discontinuation
- 2000-07-25 EP EP00956278A patent/EP1208540A1/en not_active Ceased
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5280527A (en) * | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
US5870723A (en) * | 1994-11-28 | 1999-02-09 | Pare, Jr.; David Ferrin | Tokenless biometric transaction authorization method and system |
WO1998011750A2 (en) * | 1996-09-11 | 1998-03-19 | Yang Li | Method of using fingerprints to authenticate wireless communications |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1418486A2 (en) * | 2002-11-05 | 2004-05-12 | Samsung Electronics Co., Ltd. | Fingerprint-based authentication apparatus |
EP1418486A3 (en) * | 2002-11-05 | 2005-01-05 | Samsung Electronics Co., Ltd. | Fingerprint-based authentication apparatus |
US7382904B2 (en) | 2002-11-05 | 2008-06-03 | Samsung Electronics Co., Ltd. | Security system and security method using fingerprints |
WO2005096214A1 (en) * | 2004-03-22 | 2005-10-13 | Raytheon Company | Personal authentication device |
US7693313B2 (en) | 2004-03-22 | 2010-04-06 | Raytheon Company | Personal authentication device |
Also Published As
Publication number | Publication date |
---|---|
DE19936094C1 (en) | 2001-04-26 |
AU6828300A (en) | 2001-02-19 |
EP1208540A1 (en) | 2002-05-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE3103514C2 (en) | Method and device for securing transactions | |
EP1326470A2 (en) | Method and device for authenticating a subscriber in a communications network | |
EP1188151A1 (en) | Devices and methods for biometric authentication | |
WO1999048056A1 (en) | Method and device for verifying a biometric characteristic | |
EP0980565B1 (en) | Computer-controlled adaptation of reference data by means of input data | |
WO1998047110A1 (en) | Identity verification method | |
AT401205B (en) | SYSTEM FOR IDENTIFYING A CARD USER | |
DE102018208118A1 (en) | Method and apparatus for authenticating a message transmitted over a bus | |
DE60105550T2 (en) | PROCESS FOR PROTECTING THE THEFT OF A SECRET CODE ON A CHIP CARD FOR MULTIPLE APPLICATIONS, AND CHIP CARDS FOR CARRYING OUT THIS METHOD | |
DE102018109825A1 (en) | Election procedure and voting machine | |
WO2001009847A1 (en) | Method, device and system for biometric authentication | |
EP2077658A1 (en) | Method for providing a service for a user | |
DE102006034241A1 (en) | Authorization determination method e.g. for access authorization, involves determining authorization using biometric characteristic determined by sensor unit and compared to individual assigned stored data records | |
WO2000051084A1 (en) | User identification method | |
WO2000018061A1 (en) | Method for authenticating at least one subscriber during a data exchange | |
EP1071034A2 (en) | Fingerprint enrollment | |
DE102009014919A1 (en) | Method for authenticating user to system e.g. automated teller machine, involves comparing compressed recording value with stored recording value so that access to secured function is denied based on correlation of values | |
DE102014100794A1 (en) | Method at least for reading at least one ID number of user data memories with different data structures | |
WO2001069900A1 (en) | Verifying a caller according to a biometrical method | |
DE19841886A1 (en) | Method and device for generating passwords | |
DE69725252T2 (en) | Language testing method and apparatus | |
DE10258323A1 (en) | Increasing security against determination of encryption key, by evaluating input data based on check of predetermined criteria and calculating cipher text accordingly | |
DE102005028160B4 (en) | Method for authenticating a user | |
DE102008030088A1 (en) | Method for fraud-safe authentication of individual for access to assigned user account, involves storing information of test sample in suspicious database, when similarity measure falls below predetermined threshold value | |
EP1177534A1 (en) | Device and method for comparing biometric data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2000956278 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2000956278 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWR | Wipo information: refused in national office |
Ref document number: 2000956278 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2000956278 Country of ref document: EP |