WO2014146684A1 - An authentication system and method - Google Patents

An authentication system and method Download PDF

Info

Publication number
WO2014146684A1
WO2014146684A1 PCT/EP2013/055593 EP2013055593W WO2014146684A1 WO 2014146684 A1 WO2014146684 A1 WO 2014146684A1 EP 2013055593 W EP2013055593 W EP 2013055593W WO 2014146684 A1 WO2014146684 A1 WO 2014146684A1
Authority
WO
WIPO (PCT)
Prior art keywords
biometric data
identifier
operable
user
output
Prior art date
Application number
PCT/EP2013/055593
Other languages
French (fr)
Inventor
Raymond Filippi
Original Assignee
Qatar Foundation
Hoarton, Lloyd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qatar Foundation, Hoarton, Lloyd filed Critical Qatar Foundation
Priority to PCT/EP2013/055593 priority Critical patent/WO2014146684A1/en
Priority to EP13711021.9A priority patent/EP2795523A1/en
Publication of WO2014146684A1 publication Critical patent/WO2014146684A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • This invention relates to an authentication system and method. More particularly, this invention relates to a mechanism for authenticating an authorised user of an electronic device.
  • NFC Near Field Communication
  • Such security systems do not verify user presence and only require the correct entry of the PIN or password or presentation of the RFID chip in NFC systems to allow access to the services of the smartcard or mobile phone.
  • Biometric systems are available but these require the biometric data to be stored on a central server for access when authenticating data. Although such data may be encrypted it still requires a user's personal data to be stored somewhere in the remote computer server system or even in the cloud. This increases the security risk if such data is stolen, with hacker(s) having time to work to decrypt the stolen data offline, even by brute force methods with high speed CPUs and multiple computers can crack the code within a known time frame. This is unacceptable since a person's biometric data cannot be issued anew. Once stolen and decrypted (if encrypted), the biometric data is available. One cannot issue "new" biometric data, unlike a commercial bank that can issue a new bank card with a new PIN.
  • the encryption of any data is only good for the time required to decrypt the sensitive data.
  • the level of encryption employed for a particular task should be related to the timeframe for which the data should remain secret. This could lead to a conclusion that it is not acceptable to store personal biometric data on a regular or cloud server.
  • Biometric sensors e.g. finger print readers, vein pattern readers, iris readers and other biometric data are used, mostly for physical access control. Some of the readers or sensors are enhanced , for example with finger print liveliness detection. Embodiments of the present invention use a biometric sensor and data generated from the biometric sensor.
  • Sampling and sensing biometric data is not 100% accurate or reproducible mea n i ng th at va l id b iometric d ata m ay someti m es be rej ected as unrecognised. False negatives can arise. For example, if the confidence levels for validation are set too high. In whatever manner the biometric data is represented or sampled for storage or transmission, the data may differ between sensing opportunities. There will often be a delta in the biometric data.
  • a standard method of logging into a secured system is the use of a static userid and a password which can change.
  • An OTP (One Time Password) dongle is provided by some commercial banks which generates a one time password to get over the static password issue. It does not prevent an adversary who has access to the userid , and the physical dongle key generator who can login without the owners knowledge and complete a transaction.
  • the rolling code generator system is only secure until the rollover code generator has been compromised and the rolling code sequence published on the web as has happened in the past.
  • PKI Public Key Infrastructure
  • Other authentication techniques such as PKI (Public Key Infrastructure) can provide transaction or access authentication.
  • PKI is overly complex for this authentication , it requires receiver's public key and the users private key to encrypt and send a message and decryption requires the users public key and the entities private key, and communication over the internet.
  • Such systems are more complex to operate and lack ease of use for the end user in the appl ications intended for th is invention .
  • su ch a uthentication techniques lack interplay between the user and the device being operated by the user. Ease of use for the end user is a key feature of embodiments of the invention.
  • EP2530552 and EP1412831 disclose physical presence digital authentication systems.
  • EP22141 1 7 discloses authentication with physical unclonable functions.
  • EP1914938 discloses a method of physical authentication and a digital device.
  • US 7,195,154 discloses a method for generating customer secure card numbers and US 7,613,333 discloses an individual authentication system and method.
  • the present invention seeks to provide an authentication system and method which ameliorates the above issues and system limitations.
  • the present invention provides an authentication system and method as set out in the accompanying claims.
  • FIG. 1 is a schematic block diagram of an authentication system embodying one aspect of the present invention
  • FIG. 2 is a schematic representation of the two sides of a chip and PIN card incorporating an authentication system embodying the present invention
  • FIG. 3 is a schematic representation of a Near Field Communication (NFC) incorporating an authentication system embodying the present invention.
  • NFC Near Field Communication
  • FIG. 4 is a schematic block diagram of an authentication system embodying another aspect of the present invention.
  • the present invention addresses a number of technical problems. It would be preferable if a single authentication device could be used : to access ATM terminals; to authenticate online access; and to authenticate transactions at POS terminals. There are other applications where authentication of an individual user on a designated device are required. Other applications are described below in the Applications section of this description but one notable other application is in access control.
  • a single device to authenticate transactions and permit access would be more efficient and provide a universal solution. If a PIN or password for secure access is not required (for example in contactless ' payment), the system should only function if the correct owner (authorised user) is physically present. Th is safeguard would increase user acceptance of modes of transaction where a PIN or password is not required .
  • biometric data (bd)
  • the system should not require any biometric data to be stored on a server. Biometric data should only be stored securely on the apparatus itself and the system design should guarantee that the biometric data cannot be read or over-written by an adversary.
  • This invention provides apparatus that is uniquely personal to each individual user, who must be physically present with an associated or paired device for the device to give an authentication signal.
  • the device is paired to a user.
  • the device is capable of multi-factor authentication in that both the device, the user and their pairing with one another are being authenticated and only if all three relationships hold good will authentication be possible: 1 ) Is the user authorised? 2) Is the device identified? 3) Is the authorised user paired with the identified device?
  • Embodiments of the invention are unique, uncloneable and paired to an authorised user. No transaction can take place without the respective user being physically present at the paired electronic device.
  • Embodiments of this invention make use of a biometric sensor and the associated data generated from it.
  • the electronic device for use in embodiments of the present invention is in its simplest form an integrated circuit (IC).
  • the IC can be embodied in a larger component such as a chip of a chip and PIN card or can be embodied in a more elaborate electronic device such as a mobile telephone, a tablet, a computer, a vehicle or a house.
  • One embodiment of the invention is shown in Figure 1 and comprises an authentication system (100) which may be embedded in an electronic device. Th e system (100) authenticates an authorised user at the respective electronic device.
  • the IC is part of an electronic device (or in its simplest form IS the IC).
  • the IC has a device-specific identifier (di)(101 ) operable to identify the respective electronic device.
  • the device-specific identifier (101 ) is a characterstic specific to that IC arising from the IC's fabrication process.
  • the system also incorporates a biometric data sensor (102) which is operable to sample biometric data (bd) from the authorised user of the respective device identified by the device-specific identifier (101 ) and provide reference biometric data (rb) for the authorised user.
  • a biometric data sensor (102) which is operable to sample biometric data (bd) from the authorised user of the respective device identified by the device-specific identifier (101 ) and provide reference biometric data (rb) for the authorised user.
  • the sytem further incorporates a storage unit (103), preferably comprising a non-volatile memory (NVM) (103), which is operable to hold the reference biometric data (rb) derived from the biometric data of the authorised user of the respective device identified by the device-specific identifier (101 ).
  • NVM non-volatile memory
  • the NVM (103) has a lock out function (105) which prevents the NVM (103) from being written to again or over-written.
  • the system also incorporates a processor (104) to which the device identifier (d i); and the biometric data (bd/rb) are delivered .
  • the processor (104) performs a one-way function F on a data pair comprising or derived from: the device identifier (di) and the biometric data (bd/rb), the one way function having an output comprising F(di, bd/rb).
  • Embodiments of the invention include an electronic device having an IC. Because of the fabrication process, th is IC wil l have certain u n iq ue characteristics which make it different to all other ICs, even those produced in the same fabrication plant or from the same wafer.
  • One unique characteristic of the IC is the unique Physical Uncloneable Function (PUF) identifier of the IC. This is the device-specific identifier (di) (101 ).
  • PUF Physical Uncloneable Function
  • the system pairs the device-specific identifier (101 ) with stored biometric data of an authorised user. This pair is put through a circuit called a one way hash, the one way hash creates a unique output for every unique input.
  • the output of the one hash is a signature or authentication signal which is unique to the particu lar com bination of device identifier and biometric data .
  • the authentication signal or signature signifies that the authorised user is physically present at the respective electronic device to authenticate the transaction or other process.
  • the signature or authentication signal is transmitted to a controller which determines if this is the correct authentication signal or signature to allow the transaction or other process.
  • the authentication signal is the output of the one way hash, i.e. the signature, and can be looked upon as the PIN/Password and User ID combined in one. Note an added security feature here is that if an adversary obtains the signature there is no mathematical way back to determine either the PUF (101 ) (device identifier) or the biometric data input, i.e. the authorised user's personal biometric data is safe and uncompromised.
  • the biometric sensor (102) provides either and/or biometric data per se or generates data or derives data from the biometric data . All such data is considered in this disclosure as biometric data and includes the associated data generated from the pure biometric data.
  • the system does not require any biometric data to be stored on a server, the biometric data is stored only on the apparatus itself and the system design ensures that this biometric data is robustly stored and cannot be readily read or over written by an adversary.
  • the lockout functions (105) prevents the NVMs (103) from being written to again, and the optional tamper resistive circuit (106) prevents a physical attack on the device from a serious and determined adversary attack.
  • This embodiment of the system does away with the need for a password and/or PIN.
  • the system provides both user authentication and device authentication via the same mechanism.
  • the system can do away with the need of a password and/or PIN .
  • the system can also be used in conjunction with a password and/or PIN, however if the user is not physically present with the unique device, then there would be no authentication.
  • Authentication may or may not be essential to allow a transaction depending on the transaction type, value or other transaction property.
  • Embodiments of this invention make the rolling code device offered by some commercial backs or access controls for internet banking obsolete.
  • Embodiments of the present invention incorporated in a smartcard offer greater levels of security than a Chip and PIN card or a rolling code device.
  • the system can be applied to any application that requires an individual's authentication and verification that the person is present d uring the authentication process
  • the system offers a high level of security. There is immediate suitability for high value clients.
  • Present state of the art smartcards for example, establish a secu re loop by means of a P I N and the trend is to have a h ig h ly personalised card with multiple layers of security chosen by the card issuer. Embodiments of the invention are compliant with this trend.
  • an embodiment of the invention is usable by multiple authorised users - a predetermined group of people. Multiple users would have an impact on the memory requirements of embodiments of the invention.
  • the apparatus could be programmed to allow any member of the group to be physically present to be able to authenticate the device transaction.
  • the apparatus can be programmed to give each person different privileges, limiting the expenditure or ability to conduct transactions or defining access limits, different for each user.
  • the apparatus could also be programmed such that two members are required to be physically present for the transaction to be authenticated.
  • a duress signal indicating that a transaction is not valid
  • the authentic biometric data may be generated from the index finger fingerprint but a "duress" signal may be indicated from a middle finger fingerprint.
  • a further example is using the thumb and index finger of the right hand are used as the input for the reader to check you are present, but the system could also be programmed such the thumb and 2 nd finger of the right hand, when paired with the PUF and processed though the hash outputs a different signal that you are under duress and being forced against you will to complete such a transaction.
  • FIG. 1 A representative block diagram of a system embodying the present invention is shown in figure 1 .
  • a description of each block in the system and its function is as follows:
  • Some embodiments of the invention makes use of a PUF(101 ) as the mechanism for providing a device-specific identifier (101 ). Other mecahnisms which uniquely identify the electronic device can be used.
  • a PUF(101 ) is a Physical Uncloneable Function.
  • a PUF(101 ) is embodied as a micro-electronic circuit block that exploits the natural variations in the semi-conductor manufacturing process that make a single IC (Integrated Circuit) unique and different from all of it neighbours on the silicon wafer(s) being manufactured by the silicon foundry.
  • Examples of PUF circuits are volatile memory block instances where the mismatch in the sense amps within each bitcell, allows for the volatile memory block to have a signature at initial power up that is unique to that IC prior to the volatile memory being reset.
  • Another example of a micro-electronic PUF circuit is to use the phase noise of a PLL or DLL as the PUF(101 )element. If these uncloneable devices were produced in billions, it is conceivable that two devices could have the same PUF signature, but one can use a combination of two or more PUF circuits in the one IC, to uniquely identify that particular IC.
  • PUF circuits under (Automatic Test) ATE test are exercised over voltage and temperature range to identify the signature over the range that is stable, so that unstable bits over the range will be dropped from the signature recognition.
  • the output of the PUF (101 ) would be available for testing and characterising, later when one time enrolment phase is discussed we shall be made aware that after the enrolment phase, the output signature of the system is recorded for the challenge and response question(s) and access to the actual PUF value can be considered no longer required, and also may be selected for lockout of this signal at the end of the enrolment phase.
  • PUFs Another advantage of PUFs, is that when a manufacturer of this apparatus outsources assembly of the complete system e.g. a device/Smart Card/mobile phone etc., if the PUF of the semiconductor device has changed then it is known that someone has tampered with the device during assembly.
  • the PUF (101 ) provides a unique identifier which is specific to a respective IC. Storage of Biometric Data and Lockout function in the apparatus
  • the biometric data is stored on a NVM (Non-volatile Memory)(103) within the system.
  • NVM Non-volatile Memory
  • an additional lock-out function (105) is activated, that prevents any future reprogramming of the blocks of NVM storing the biometric data.
  • the lockout function (105) can be implemented in multiple ways, e.g. in a OTP (One Time Programmable) function, e.g.
  • a fuse making use of electron-migration of a poly resistor is a known method
  • another known method is to provide over voltage to a gate, to make the gate of the transistor permanently leaky so its state thereafter fixed.
  • Such an element then can be used to block path to access programming circuit of the NVM (103) making reprogramming of your biometric data not possible.
  • the lockout function (105) provides security that an adversary could never reprogram the apparatus with another set of finger prints, that would be paired with the PUF. In any case a different set of finger prints combined with the PUF, would produce a different signature coming out of the one way hash function.
  • a biometric reader (102) is used to read your personal biometric data.
  • the apparatus therefore requires its own biometric reading device (102).
  • Many biometric readers do not have a suitable form factor that fits in a smartcard or mobile device.
  • One such biometric reader that would is capacitive or CMOS readers which use capacitors and thus electrical current to form an image of the fingerprint.
  • Another advantage of CMOS readers is that they are more difficult to fool than optical readers.
  • Biometric data such as finger prints do not take much memory to store, so it is quite conceivable that if desired by the application of this apparatus that a full set of 10 finger prints could be stored in the NVM (103) (Non-Volatile Memory) on the SoC (System on Chip) that contains the apparatus of this invention.
  • NVM Non-Volatile Memory
  • the biometric data from the user is never released from the card this secures the user private data and addresses the concerns of privacy.
  • the One-Way function preferably a hash function
  • the output of the digital circuit that accomplishes the one-way hash value can be seen a signature, this signature is created from the two inputs to the oneway hash, namely the PUF and the biometric data. This pair gives a particular signature that is unique.
  • the properties of the hash circuit design needs to be strong in order to be regarded as secure. Such properties are known for example, pre-image resistance, this is the one way property of the hash whereby it is computationally infeasible for two inputs to produce the same output.
  • the second property of a strong hash is that two different inputs do not hash to the same value this is referred to as weak collision resistance. Weak collisions do exist in theory so best practice is to ensure the design does not allow this in practice.
  • the third property of a strong one way hash design is referred to as collision resistance, where it is computationally infeasible to find two different inputs which give the same output.
  • the one way hash function(104) assures even if the hash signal is compromised there is no way back to determine the two inputs (PUF and Biometric) data that were used to create the signature output of the hash block (104). This signature is therefore what identifies "you" and "your” presence also.
  • the output of the one way function (104) is a signature which is processed in a similar manner for challenge and response purposes as a PIN would be in a chip and PIN system, for example.
  • the signatures that are correct are recorded as the correct responses, for the electronic challenge and request questions later, where the answer will be a straight forward "TRUE” of "FALSE” question as is done with Chip and PIN technology today.
  • this signature would be used in the similar manner to the electronic challenge and request response much as the current day systems do with a PIN.
  • one embodiment of the present invention is configured as a Smart/Credit/ATM card (107) or phone.
  • your finger prints would be read by the sensor (102) and recorded in the NVM (103) of the IC, the blank card would have a PUF value that is known by the issuing organisation.
  • the PUF and your finger prints would be paired to create certain signals, e.g. right hand thumb and index finger for authentication of a transaction, and for example the right hand thumb and second finger could be used for a duress signal, etc.. each signal that chosen would have its own signature from the one way hash.
  • the pairing of these signals is key as it identifies "you" and "your presence with the card". In this example for added security two fingers have been used, but the system works with a single biometric signal, such as a fingerprint.
  • This block(106) is described as optional as it does not contribute to the Individual Unique authentication, but in practice such a block (106) would be included to increase security from a serious adversary.
  • the function of the block (106) is to prevent a physical attack on the IC, where the attacker is prepared to go to considerable effort to obtain the secret(s) e.g. the PUF and biometric data, or even try to bypass the NVM lockout (105) with a FIB (Focused Ion Beam) procedure to reconnect the re-program circuit.
  • a tamper resistive block (106) uses the metal stack and associated sensing circuit arrangements above the security sensitive circuits of the IC.
  • Such a tamper resistive network senses when or if an attack is being or has been made, and in response the Tamper Resistive block (106) may cause the IC to shut down, or enable some other disabling function e.g. erasing of sensitive data in the NVM(103).
  • Liveliness Detection Sensor (a sensor for detecting a sign-of-life when sampling biometric data):
  • the liveliness sensor block (108) is described as optional as it does not contribute to the Individual Unique authentication. It is well known to trick optical finger print sensors. Various materials such as Playdoh, Gelatin, Silicone and Latex can be used to take imprints of fingerprints. Different techniques and algorithms have been applied to liveliness detection.
  • a very basic liveliness sensor circuit block (108) would measure the temperature of the finger placed on the CMOS capacitive finger print reader. Sensing temperature in silicon is straight forward using well known techniques of using the Vbe and delta Vbe of the parasitic vertical pnp that occurs in a standard CMOS process. In this case there would be a range of acceptable temperature, where a window comparator would be used to measure the finger(s) temperatures are in the desired temperature range.
  • the power source would be from contact grid.
  • the power will come from the normal inductive coupling with the NFC reader element.
  • the required power would come from the battery.
  • Power for the additional circuits required for embodiments of the invention would be supplied by the existing chip and pin contact, or from the existing NFC antenna in the card for a wireless application
  • the sampled biometric data will vary so the input to the one way function will vary. This means that the output of the one way function will vary meaning the output is different depending on the variance in the sampled biometric data.
  • the above described embodiments can sample the biometric data (bd) and then use a biometric data validation unit (1 1 1 ) to carry out a verification that the sampled biometric data "matches" stored reference biometric data (rb). If there is a significant correlation between the sampled data and the stored reference data, then the sampled biometric data is considered a match for the stored biometric data.
  • the system sends to the one way function input not the sampled biometric data (bd) but the stored reference biometric data (rb). In this manner, a consistent input is provided to the one way function input thus providing a consistent output (the device-specific identifier (101 ) input does not alter).
  • the biometric sensor (102) is sufficiently reliable in quality and performance to give a robust and repetitive biometric data reading, i.e. the same output from the one way function is achieved each time the biometric data is sampled so there is no need to store the reference biometric data for presentation to the one way function.
  • FIG. 4 shows the provision of a comparator (1 12) to determine if there is a match between the reference output F(di,rb) and the candidate output F(di,cb).
  • this embodiment of the authentication system authenticates an authorised user at a respective electronic device and comprises: a device- specific identifier (101 ) operable to provide a device identifier (di); a biometric data sensor (102) operable to sample biometric data (bd) from a user and provide the sampled biometric data as candidate biometric data (cb); a processor (104) operable to perform a one-way function F on the device identifier (di) (101 ) and the candidate biometric data (cb) and provide a candidate output F(di,cb); a storage unit (103) holding a reference output comprising an output F(di,rb), where (rb) is reference biometric data derived from biometric data of the authorised user of the respective device identified by the device-specific identifier (101 ) and (di) is the device identifier input; and a comparator (1 12) to determine if there is a match between the reference output F(di,rb) and the candidate output F(d
  • Access control includes controlled entry and controlled egress of restricted environments such as buildings, campuses, institutions and allowing or prohibiting user movement within buildings via elevators or the like. Border control is another application area with the authentication system being embodied in a passport or ID document. An y p rocess wh i ch requires user authentication can benefit from embodiments of the invention. Other examples include transport ticketing where the authentication device is used as a transit ticket, boarding pass, or driving licence.
  • any process which requires a participant to have a certain level of qualification to legitimately participate can benefit from embodiments of the invention.
  • certain drugs in a pharmacy environment can only be dispensed by a suitably qualified pharmacist who may perhaps have to make enquiries of th e recip ient to d ischa rge th ei r professiona l responsi bi l ities .
  • the authentication system can authenticate that that user is who they say they are and is gaining access to the drugs with the smartcard embodying the present invention.
  • a wider system can record from both users smartcards that the drugs were dispensed to the designated recipient thereby closing the loop on the transaction between the qualified pharmacist and the correct patient.
  • USB and USB2 dongles can incorporate embodiments of the present invention so that those dongles can only be used by authorised users who are authenticated by the integrated system.
  • Communication devices including smart phones and tablets can be enabled with the technology of the present invention to authenticate authorised users.
  • Another example in access control is keeping track of entry and egress in a manufacturing facility/plant or secure area.
  • data from the authentication system components will identify which individuals are still inside the secure area.
  • the problem is particularly acute when there are thousands of personnel in a secure area. Who is in the area and who has left or been evacuated?
  • An authentication signal is required to start a motor vehicle fitted with an embodiment of the invention . Only an authorised user paired with the IC (d evice) em bedd ed i n the veh icl e C P U wi l l provid e th e necessary authentication signal.
  • the level of authorisation or permitted travel may be dictated by an insurance company, a road toll operator or other such controls. Only if the authorised is might be controlled

Abstract

An authentication system for authenticating an authorised user at a respective electronic device, the system comprising a device-specific identifier (101) (di) operable to identify the respective electronic device; a biometric data sensor (102) operable to sample biometric data (bd) from the authorised user of the respective device identified by the device-specific identifier (101) and provide reference biometric data (rb) for the authorised user; a storage unit (103) operable to hold the reference biometric data (rb) derived from the biometric data of the authorised user of the respective device identified by the device-specific identifier (101) for delivery to a processor (104) operable to perform a one-way function F on a data pair comprising or derived from: the device identifier (di) (101); and the biometric data (bd/rb), the one way function having an output comprising F(di, bd/rb).

Description

"An authentication system and method"
This invention relates to an authentication system and method. More particularly, this invention relates to a mechanism for authenticating an authorised user of an electronic device.
Background of the invention:
Users regularly use passwords and/or PIN numbers to make transactions on the internet, at shopping malls and at Automatic Telling Machine (ATM) terminals. Near Field Communication (NFC) technology is incorporated into smartcards and mobile phones making it possible to authorise such transactions wirelessly. Such systems are open to fraud by cyber criminals who attempt to capture a user's password/PIN and then make use of stolen smartcards and mobile phones to conduct unauthorised transactions. A stolen contactless payment card can be used to conduct unauthorised transactions.
Commercial banks give customers ATM cards and some banks also give clients an OTP (One Time Password) devices for online access. If one device could also be used for bank ATM terminals as well as online, in addition for use in retail outlets this would be more efficient and be universal solution. If the PIN or password for secure access is not required, the apparatus would only function if the owner was physically present, this would facilitate ease of use and increase user acceptance.
Such security systems do not verify user presence and only require the correct entry of the PIN or password or presentation of the RFID chip in NFC systems to allow access to the services of the smartcard or mobile phone.
Biometric systems are available but these require the biometric data to be stored on a central server for access when authenticating data. Although such data may be encrypted it still requires a user's personal data to be stored somewhere in the remote computer server system or even in the cloud. This increases the security risk if such data is stolen, with hacker(s) having time to work to decrypt the stolen data offline, even by brute force methods with high speed CPUs and multiple computers can crack the code within a known time frame. This is unacceptable since a person's biometric data cannot be issued anew. Once stolen and decrypted (if encrypted), the biometric data is available. One cannot issue "new" biometric data, unlike a commercial bank that can issue a new bank card with a new PIN. The encryption of any data is only good for the time required to decrypt the sensitive data. In short, the level of encryption employed for a particular task should be related to the timeframe for which the data should remain secret. This could lead to a conclusion that it is not acceptable to store personal biometric data on a regular or cloud server.
Biometric sensors, e.g. finger print readers, vein pattern readers, iris readers and other biometric data are used, mostly for physical access control. Some of the readers or sensors are enhanced , for example with finger print liveliness detection. Embodiments of the present invention use a biometric sensor and data generated from the biometric sensor.
Sampling and sensing biometric data is not 100% accurate or reproducible mea n i ng th at va l id b iometric d ata m ay someti m es be rej ected as unrecognised. False negatives can arise. For example, if the confidence levels for validation are set too high. In whatever manner the biometric data is represented or sampled for storage or transmission, the data may differ between sensing opportunities. There will often be a delta in the biometric data.
Calculating hashes from biometric data can therefore be problematic as the biometric input value/data changes which will cause a different hash to be calculated for differing biometric inputs.
A standard method of logging into a secured system is the use of a static userid and a password which can change. An OTP (One Time Password) dongle is provided by some commercial banks which generates a one time password to get over the static password issue. It does not prevent an adversary who has access to the userid , and the physical dongle key generator who can login without the owners knowledge and complete a transaction. The rolling code generator system is only secure until the rollover code generator has been compromised and the rolling code sequence published on the web as has happened in the past.
Other authentication techniques such as PKI (Public Key Infrastructure) can provide transaction or access authentication. PKI is overly complex for this authentication , it requires receiver's public key and the users private key to encrypt and send a message and decryption requires the users public key and the entities private key, and communication over the internet. Such systems are more complex to operate and lack ease of use for the end user in the appl ications intended for th is invention . Further su ch a uthentication techniques lack interplay between the user and the device being operated by the user. Ease of use for the end user is a key feature of embodiments of the invention.
In this environment there is a need for an authentication system that is unique to the individual, senses a legitimate presence of the individual when the transaction is being made, offering multi-factor authentication, with speed of transaction and ease of use.
EP2530552 and EP1412831 disclose physical presence digital authentication systems. EP22141 1 7 discloses authentication with physical unclonable functions. EP1914938 discloses a method of physical authentication and a digital device. US 7,195,154 discloses a method for generating customer secure card numbers and US 7,613,333 discloses an individual authentication system and method.
The present invention seeks to provide an authentication system and method which ameliorates the above issues and system limitations. The present invention provides an authentication system and method as set out in the accompanying claims. In order that the present invention may be more read ily u nderstood , embodiments thereof will now be described , by way of example, with reference to the accompanying drawings, in which:
Figure 1 is a schematic block diagram of an authentication system embodying one aspect of the present invention;
Figure 2 is a schematic representation of the two sides of a chip and PIN card incorporating an authentication system embodying the present invention;
Figure 3 is a schematic representation of a Near Field Communication (NFC) incorporating an authentication system embodying the present invention; and
Figure 4 is a schematic block diagram of an authentication system embodying another aspect of the present invention.
Description of embodiments of the invention:
The present invention addresses a number of technical problems. It would be preferable if a single authentication device could be used : to access ATM terminals; to authenticate online access; and to authenticate transactions at POS terminals. There are other applications where authentication of an individual user on a designated device are required. Other applications are described below in the Applications section of this description but one notable other application is in access control.
A single device to authenticate transactions and permit access would be more efficient and provide a universal solution. If a PIN or password for secure access is not required (for example in contactless 'payment), the system should only function if the correct owner (authorised user) is physically present. Th is safeguard would increase user acceptance of modes of transaction where a PIN or password is not required . Although the system embodying the present invention makes use of biometric data (bd), the system should not require any biometric data to be stored on a server. Biometric data should only be stored securely on the apparatus itself and the system design should guarantee that the biometric data cannot be read or over-written by an adversary.
This invention provides apparatus that is uniquely personal to each individual user, who must be physically present with an associated or paired device for the device to give an authentication signal. The device is paired to a user. The device is capable of multi-factor authentication in that both the device, the user and their pairing with one another are being authenticated and only if all three relationships hold good will authentication be possible: 1 ) Is the user authorised? 2) Is the device identified? 3) Is the authorised user paired with the identified device?
Abuses that take place today even if authorised by the user would not occur when operating with embodiments of the present invention. For example, if a user's child or user's partner is at home with access to the user's credit card and the user is not present, the user's credit card can be used for an online purchase. This would not be possible with the system embodying the present invention because the system would only provide authentication for the transaction if the user is physically present at the electronic device, in this case the credit card being a smartcard.
Embodiments of the invention are unique, uncloneable and paired to an authorised user. No transaction can take place without the respective user being physically present at the paired electronic device.
Embodiments of this invention make use of a biometric sensor and the associated data generated from it.
The electronic device for use in embodiments of the present invention is in its simplest form an integrated circuit (IC). The IC can be embodied in a larger component such as a chip of a chip and PIN card or can be embodied in a more elaborate electronic device such as a mobile telephone, a tablet, a computer, a vehicle or a house. One embodiment of the invention is shown in Figure 1 and comprises an authentication system (100) which may be embedded in an electronic device. Th e system (100) authenticates an authorised user at the respective electronic device. The IC is part of an electronic device (or in its simplest form IS the IC). The IC has a device-specific identifier (di)(101 ) operable to identify the respective electronic device. Preferably the device-specific identifier (101 ) is a characterstic specific to that IC arising from the IC's fabrication process.
The system also incorporates a biometric data sensor (102) which is operable to sample biometric data (bd) from the authorised user of the respective device identified by the device-specific identifier (101 ) and provide reference biometric data (rb) for the authorised user.
The sytem further incorporates a storage unit (103), preferably comprising a non-volatile memory (NVM) (103), which is operable to hold the reference biometric data (rb) derived from the biometric data of the authorised user of the respective device identified by the device-specific identifier (101 ). Preferably the NVM (103) has a lock out function (105) which prevents the NVM (103) from being written to again or over-written.
The system also incorporates a processor (104) to which the device identifier (d i); and the biometric data (bd/rb) are delivered . The processor (104) performs a one-way function F on a data pair comprising or derived from: the device identifier (di) and the biometric data (bd/rb), the one way function having an output comprising F(di, bd/rb).
The component parts of this embodiment of the invention will now be described in greater detail.
Embodiments of the invention include an electronic device having an IC. Because of the fabrication process, th is IC wil l have certain u n iq ue characteristics which make it different to all other ICs, even those produced in the same fabrication plant or from the same wafer. One unique characteristic of the IC is the unique Physical Uncloneable Function (PUF) identifier of the IC. This is the device-specific identifier (di) (101 ). The PUF (101 ) is described in more detail below in the PUF Block section of the description.
The system pairs the device-specific identifier (101 ) with stored biometric data of an authorised user. This pair is put through a circuit called a one way hash, the one way hash creates a unique output for every unique input. The output of the one hash is a signature or authentication signal which is unique to the particu lar com bination of device identifier and biometric data . The authentication signal or signature signifies that the authorised user is physically present at the respective electronic device to authenticate the transaction or other process.
The signature or authentication signal is transmitted to a controller which determines if this is the correct authentication signal or signature to allow the transaction or other process.
The authentication signal is the output of the one way hash, i.e. the signature, and can be looked upon as the PIN/Password and User ID combined in one. Note an added security feature here is that if an adversary obtains the signature there is no mathematical way back to determine either the PUF (101 ) (device identifier) or the biometric data input, i.e. the authorised user's personal biometric data is safe and uncompromised.
The biometric sensor (102) provides either and/or biometric data per se or generates data or derives data from the biometric data . All such data is considered in this disclosure as biometric data and includes the associated data generated from the pure biometric data.
Although embodiments of the invention make use of biometric data, the system does not require any biometric data to be stored on a server, the biometric data is stored only on the apparatus itself and the system design ensures that this biometric data is robustly stored and cannot be readily read or over written by an adversary. The lockout functions (105) prevents the NVMs (103) from being written to again, and the optional tamper resistive circuit (106) prevents a physical attack on the device from a serious and determined adversary attack.
This embodiment of the system does away with the need for a password and/or PIN.
The resulting output of this system indicates that "you" are present, with "your" personalised device for authentication of the transaction. Your password and/or PIN could be compromised by an adversary who knows your PIN and has your device. Existing authentication solutions are incapable of both verifying the presence of the authorised user and the traditional devices are not unique to the authorised user and are potentially cloneable.
The system provides both user authentication and device authentication via the same mechanism. The system can do away with the need of a password and/or PIN . The system can also be used in conjunction with a password and/or PIN, however if the user is not physically present with the unique device, then there would be no authentication. Authentication may or may not be essential to allow a transaction depending on the transaction type, value or other transaction property.
The same device could be used at the ATM and at home over the internet. Embodiments of this invention make the rolling code device offered by some commercial backs or access controls for internet banking obsolete.
Embodiments of the present invention incorporated in a smartcard, for example, offer greater levels of security than a Chip and PIN card or a rolling code device.
The system can be applied to any application that requires an individual's authentication and verification that the person is present d uring the authentication process The system offers a high level of security. There is immediate suitability for high value clients. Present state of the art smartcards, for example, establish a secu re loop by means of a P I N and the trend is to have a h ig h ly personalised card with multiple layers of security chosen by the card issuer. Embodiments of the invention are compliant with this trend.
If desired, an embodiment of the invention is usable by multiple authorised users - a predetermined group of people. Multiple users would have an impact on the memory requirements of embodiments of the invention. The apparatus could be programmed to allow any member of the group to be physically present to be able to authenticate the device transaction. In addition the apparatus can be programmed to give each person different privileges, limiting the expenditure or ability to conduct transactions or defining access limits, different for each user. The apparatus could also be programmed such that two members are required to be physically present for the transaction to be authenticated.
Further features such as the capability of sending other signals, such as a duress signal indicating that a transaction is not valid can be incorporated. For example the authentic biometric data may be generated from the index finger fingerprint but a "duress" signal may be indicated from a middle finger fingerprint. A further example is using the thumb and index finger of the right hand are used as the input for the reader to check you are present, but the system could also be programmed such the thumb and 2nd finger of the right hand, when paired with the PUF and processed though the hash outputs a different signal that you are under duress and being forced against you will to complete such a transaction.
A representative block diagram of a system embodying the present invention is shown in figure 1 . A description of each block in the system and its function is as follows: The PUF block (101)
Some embodiments of the invention makes use of a PUF(101 ) as the mechanism for providing a device-specific identifier (101 ). Other mecahnisms which uniquely identify the electronic device can be used. A PUF(101 ) is a Physical Uncloneable Function. A PUF(101 )is embodied as a micro-electronic circuit block that exploits the natural variations in the semi-conductor manufacturing process that make a single IC (Integrated Circuit) unique and different from all of it neighbours on the silicon wafer(s) being manufactured by the silicon foundry. Examples of PUF circuits are volatile memory block instances where the mismatch in the sense amps within each bitcell, allows for the volatile memory block to have a signature at initial power up that is unique to that IC prior to the volatile memory being reset. Another example of a micro-electronic PUF circuit is to use the phase noise of a PLL or DLL as the PUF(101 )element. If these uncloneable devices were produced in billions, it is conceivable that two devices could have the same PUF signature, but one can use a combination of two or more PUF circuits in the one IC, to uniquely identify that particular IC. PUF circuits under (Automatic Test) ATE test are exercised over voltage and temperature range to identify the signature over the range that is stable, so that unstable bits over the range will be dropped from the signature recognition. The output of the PUF (101 ) would be available for testing and characterising, later when one time enrolment phase is discussed we shall be made aware that after the enrolment phase, the output signature of the system is recorded for the challenge and response question(s) and access to the actual PUF value can be considered no longer required, and also may be selected for lockout of this signal at the end of the enrolment phase.
Another advantage of PUFs, is that when a manufacturer of this apparatus outsources assembly of the complete system e.g. a device/Smart Card/mobile phone etc., if the PUF of the semiconductor device has changed then it is known that someone has tampered with the device during assembly.
The PUF (101 ) provides a unique identifier which is specific to a respective IC. Storage of Biometric Data and Lockout function in the apparatus
The biometric data is stored on a NVM (Non-volatile Memory)(103) within the system. In order to have multi-factor authentication it is beneficial to have more than one biometric data set recorded. For example an embodiment could have all 10 of your fingerprints stored in the NVM (103). Once your biometric data is stored in the NVM (103), then an additional lock-out function (105) is activated, that prevents any future reprogramming of the blocks of NVM storing the biometric data. The lockout function (105) can be implemented in multiple ways, e.g. in a OTP (One Time Programmable) function, e.g. a fuse making use of electron-migration of a poly resistor is a known method, another known method is to provide over voltage to a gate, to make the gate of the transistor permanently leaky so its state thereafter fixed. Such an element then can be used to block path to access programming circuit of the NVM (103) making reprogramming of your biometric data not possible.
The lockout function (105) provides security that an adversary could never reprogram the apparatus with another set of finger prints, that would be paired with the PUF. In any case a different set of finger prints combined with the PUF, would produce a different signature coming out of the one way hash function.
The Biometric Reader
A biometric reader (102) is used to read your personal biometric data. The apparatus therefore requires its own biometric reading device (102). Many biometric readers do not have a suitable form factor that fits in a smartcard or mobile device. One such biometric reader that would is capacitive or CMOS readers which use capacitors and thus electrical current to form an image of the fingerprint. Another advantage of CMOS readers is that they are more difficult to fool than optical readers. Biometric data such as finger prints do not take much memory to store, so it is quite conceivable that if desired by the application of this apparatus that a full set of 10 finger prints could be stored in the NVM (103) (Non-Volatile Memory) on the SoC (System on Chip) that contains the apparatus of this invention.
The biometric data from the user is never released from the card this secures the user private data and addresses the concerns of privacy.
The One-Way function, preferably a hash function
The output of the digital circuit that accomplishes the one-way hash value can be seen a signature, this signature is created from the two inputs to the oneway hash, namely the PUF and the biometric data. This pair gives a particular signature that is unique. The properties of the hash circuit design needs to be strong in order to be regarded as secure. Such properties are known for example, pre-image resistance, this is the one way property of the hash whereby it is computationally infeasible for two inputs to produce the same output. The second property of a strong hash, is that two different inputs do not hash to the same value this is referred to as weak collision resistance. Weak collisions do exist in theory so best practice is to ensure the design does not allow this in practice. The third property of a strong one way hash design is referred to as collision resistance, where it is computationally infeasible to find two different inputs which give the same output.
The one way hash function(104) assures even if the hash signal is compromised there is no way back to determine the two inputs (PUF and Biometric) data that were used to create the signature output of the hash block (104). This signature is therefore what identifies "you" and "your" presence also.
The output of the one way function (104) is a signature which is processed in a similar manner for challenge and response purposes as a PIN would be in a chip and PIN system, for example. Enrolment
At enrolment, the signatures that are correct are recorded as the correct responses, for the electronic challenge and request questions later, where the answer will be a straight forward "TRUE" of "FALSE" question as is done with Chip and PIN technology today.
In the embodiment of using this system(100) in a Smart/ATM card(107) or mobile phone this signature would be used in the similar manner to the electronic challenge and request response much as the current day systems do with a PIN.
As shown in Figure 2, one embodiment of the present invention is configured as a Smart/Credit/ATM card (107) or phone. At an enrolment stage, your finger prints would be read by the sensor (102) and recorded in the NVM (103) of the IC, the blank card would have a PUF value that is known by the issuing organisation. The PUF and your finger prints would be paired to create certain signals, e.g. right hand thumb and index finger for authentication of a transaction, and for example the right hand thumb and second finger could be used for a duress signal, etc.. each signal that chosen would have its own signature from the one way hash. The pairing of these signals is key as it identifies "you" and "your presence with the card". In this example for added security two fingers have been used, but the system works with a single biometric signal, such as a fingerprint.
Tamper Resistive Block (106)
This block(106) is described as optional as it does not contribute to the Individual Unique authentication, but in practice such a block (106) would be included to increase security from a serious adversary. The function of the block (106) is to prevent a physical attack on the IC, where the attacker is prepared to go to considerable effort to obtain the secret(s) e.g. the PUF and biometric data, or even try to bypass the NVM lockout (105) with a FIB (Focused Ion Beam) procedure to reconnect the re-program circuit. Generally such a tamper resistive block (106) uses the metal stack and associated sensing circuit arrangements above the security sensitive circuits of the IC. Such a tamper resistive network senses when or if an attack is being or has been made, and in response the Tamper Resistive block (106) may cause the IC to shut down, or enable some other disabling function e.g. erasing of sensitive data in the NVM(103).
Liveliness Detection Sensor (108) (a sensor for detecting a sign-of-life when sampling biometric data):
The liveliness sensor block (108) is described as optional as it does not contribute to the Individual Unique authentication. It is well known to trick optical finger print sensors. Various materials such as Playdoh, Gelatin, Silicone and Latex can be used to take imprints of fingerprints. Different techniques and algorithms have been applied to liveliness detection.
A very basic liveliness sensor circuit block (108) would measure the temperature of the finger placed on the CMOS capacitive finger print reader. Sensing temperature in silicon is straight forward using well known techniques of using the Vbe and delta Vbe of the parasitic vertical pnp that occurs in a standard CMOS process. In this case there would be a range of acceptable temperature, where a window comparator would be used to measure the finger(s) temperatures are in the desired temperature range.
Power Source (109)
In an embodiment of a contact card (1 10) as in Figure 3, the power source would be from contact grid. In an embodiment of a NFC Smart Card (1 10), or NFC enabled bank credit/debit card (107) the power will come from the normal inductive coupling with the NFC reader element. In an embodiment in a mobile device such as mobile phone, or tablet, laptop etc the required power would come from the battery.
Power for the additional circuits required for embodiments of the invention would be supplied by the existing chip and pin contact, or from the existing NFC antenna in the card for a wireless application
High reliability biometric sensor embodiment:
In the above described embodiments the sampled biometric data will vary so the input to the one way function will vary. This means that the output of the one way function will vary meaning the output is different depending on the variance in the sampled biometric data. To combat this the above described embodiments can sample the biometric data (bd) and then use a biometric data validation unit (1 1 1 ) to carry out a verification that the sampled biometric data "matches" stored reference biometric data (rb). If there is a significant correlation between the sampled data and the stored reference data, then the sampled biometric data is considered a match for the stored biometric data. The system sends to the one way function input not the sampled biometric data (bd) but the stored reference biometric data (rb). In this manner, a consistent input is provided to the one way function input thus providing a consistent output (the device-specific identifier (101 ) input does not alter).
Another embodiment is shown in Figure 4. In this embodiment the biometric sensor (102) is sufficiently reliable in quality and performance to give a robust and repetitive biometric data reading, i.e. the same output from the one way function is achieved each time the biometric data is sampled so there is no need to store the reference biometric data for presentation to the one way function.
This embodiment uses all the same components as described above without the need of the local NVM to store the reference (bd), as in this embodiment the biometric sensor is sufficiently reliable to give the same output on each occasion the candidate presents themselves. Figure 4, shows the provision of a comparator (1 12) to determine if there is a match between the reference output F(di,rb) and the candidate output F(di,cb).
In general terms, this embodiment of the authentication system authenticates an authorised user at a respective electronic device and comprises: a device- specific identifier (101 ) operable to provide a device identifier (di); a biometric data sensor (102) operable to sample biometric data (bd) from a user and provide the sampled biometric data as candidate biometric data (cb); a processor (104) operable to perform a one-way function F on the device identifier (di) (101 ) and the candidate biometric data (cb) and provide a candidate output F(di,cb); a storage unit (103) holding a reference output comprising an output F(di,rb), where (rb) is reference biometric data derived from biometric data of the authorised user of the respective device identified by the device-specific identifier (101 ) and (di) is the device identifier input; and a comparator (1 12) to determine if there is a match between the reference output F(di,rb) and the candidate output F(di,cb).
In such a case there is no requirement to store the reference representative personal biometric data in the device itself thus presenting a further advantage.
Applications for authentication:
Other applications include, people certificated exams online proving their physical identification and authentication is required as proof they are the ones taking the exam, gamers ensuring that it is not someone on a stolen account or two people using the account, etc..
Access control includes controlled entry and controlled egress of restricted environments such as buildings, campuses, institutions and allowing or prohibiting user movement within buildings via elevators or the like. Border control is another application area with the authentication system being embodied in a passport or ID document. An y p rocess wh i ch requires user authentication can benefit from embodiments of the invention. Other examples include transport ticketing where the authentication device is used as a transit ticket, boarding pass, or driving licence.
Any process which requires a participant to have a certain level of qualification to legitimately participate can benefit from embodiments of the invention. For example, certain drugs in a pharmacy environment can only be dispensed by a suitably qualified pharmacist who may perhaps have to make enquiries of th e recip ient to d ischa rge th ei r professiona l responsi bi l ities . The authentication system can authenticate that that user is who they say they are and is gaining access to the drugs with the smartcard embodying the present invention. A wider system can record from both users smartcards that the drugs were dispensed to the designated recipient thereby closing the loop on the transaction between the qualified pharmacist and the correct patient.
USB and USB2 dongles can incorporate embodiments of the present invention so that those dongles can only be used by authorised users who are authenticated by the integrated system.
Communication devices including smart phones and tablets can be enabled with the technology of the present invention to authenticate authorised users.
Any application where security demands the physical presence of an individual with a device benefits from embodiments of the invention while maintaining privacy of biometric data and the device.
Another example in access control is keeping track of entry and egress in a manufacturing facility/plant or secure area. In the event of an emergency evacuation of a secure area, data from the authentication system components will identify which individuals are still inside the secure area. The problem is particularly acute when there are thousands of personnel in a secure area. Who is in the area and who has left or been evacuated? An authentication signal is required to start a motor vehicle fitted with an embodiment of the invention . Only an authorised user paired with the IC (d evice) em bedd ed i n the veh icl e C P U wi l l provid e th e necessary authentication signal. The level of authorisation or permitted travel may be dictated by an insurance company, a road toll operator or other such controls. Only if the authorised is might be controlled
From a security perspective, if an adversary has stolen or cloned a security access card or badge, then they can gain access because they have the correct credentials. These credentials do not however tie in with the identity of the user and combine that with the identity of the device as required by embodiments of the present invention.
When used in this specification and claims, the terms "comprises" and "comprising" and variations thereof mean that the specified features, steps or integers are included. The terms are not to be interpreted to exclude the presence of other features, steps or components.
The features disclosed in the foregoing description, or the following claims, or the accompanying drawings, expressed in their specific forms or in terms of a means for performing the disclosed function, or a method or process for attaining the disclosed result, as appropriate, may, separately, or in any combination of such features, be utilised for realising the invention in diverse forms thereof.

Claims

CLAIMS:
1 . An authentication system for authenticating an authorised user at a respective electronic device, the system comprising: a device-specific identifier (101 ) (d i) operable to identify the respective electronic device; a biometric data sensor (102) operable to sample biometric data (bd) from the authorised user of the respective device identified by the device-specific identifier (101 ) and provide reference biometric data (rb) for the authorised user; a storage unit (103) operable to hold the reference biometric data (rb) derived from the biometric data of the authorised user of the respective device identified by the device-specific identifier (101 ) for delivery to a processor (104) operable to perform a one-way function F on a data pair comprising or derived from: the device identifier (di) (101 ); and the biometric data (bd/rb), the one way function having an output comprising F(di, bd/rb).
2. The system of claim 1 further comprising a processor (104) operable to perform the one-way function F on the data pair comprising or derived from: the device identifier (di); and the biometric data (bd/rb), the one way function having an output comprising F(di, bd/rb).
3. The system of claim 1 or 2, wherein the biometric data sensor (102) is operable to sample biometric data from a user and provide cand idate biometric data (cb) for validation against reference biometric data (rb), the system further comprising: a biometric data validation unit (1 1 1 ) operable to determine if the candidate biometric data (cb) matches the reference biometric data (rb).
4. The system of claim 3, wherein, if the biometric data validation unit (1 1 1 ) validates that the reference biometric data (rb) matches the candidate biometric data (cb), then the processor (104) is operable to perform the oneway function F on the device identifier input (di) and the reference biometric data (rb) and provide an output F(di,rb).
5. The system of any preceding claim, wherein the sampled biometric data (bd) from the authorised user of the respective device identified by the device-specific identifier (101 ) is stored as the reference biometric data (rb) to provide the reference biometric data (rb) for the authorised user.
6. An authentication system for authenticating an authorised user at a respective electronic device, the system comprising: a device-specific identifier (101 ) operable to provide a device identifier (di); a biometric data sensor (102) operable to sample biometric data (bd) from a user and provide the sampled biometric data as candidate biometric data (cb); a processor (104) operable to perform a one-way function F on the device identifier (di) and the candidate biometric data (cb) and provide a candidate output F(di,cb); a storage unit (103) holding a reference output comprising an output F(di,rb), where (rb) is reference biometric data derived from biometric data of the authorised user of the respective device identified by the device-specific identifier (101 ) and (di) is the device identifier input; and a comparator (1 12) to determine if there is a match between the reference output F(di,rb) and the candidate output F(di,cb).
7. The system of any preceding claim, wherein the storage unit (103) is a non-volatile memory.
8. The system of any preceding claim further comprising a signs-of-life detector (108) operable to perceive a sign-of-life in the user whose biometric data is sampled.
9. The system of claim 8, wherein the signs-of-life detector (108) is in communication with the biometric data sensor (102) and is operable to detect a sign-of-life in the user whose biometric data is sampled.
10. The system of any preceding claim, wherein the device-specific identifier (101 ) comprises an identifier specific to an integrated circuit of the device.
1 1 . The system of claim 10, wherein the device-specific identifier (101 ) is a characteristic of an integrated circuit which is part of the system.
12. The system of claim 10 or 1 1 , wherein the device-specific identifier (101 ) is a Physical Uncloneable Function (PUF)(101 ).
13. The system of claim 12, wherein the device-specific identifier (101 ) comprises a combination of two or more PUF circuits to uniquely identify the device containing the two or more PUF circuits.
14. The system of claim 1 1 , wherein the integrated circuit has unique characteristics which the PUF (101 ) presents as a unique identifier.
15. The system of any preceding claim, wherein additional biometric data distinct from the candidate or reference biometric data is used to produce a signal distinct from the authentication signal.
16. The system of any preceding claim, wherein multiple authorised users are paired with the respective device.
17. The system of any preceding claim, wherein a plurality of biometric data is combinable to form aggregate biometric data as the biometric data to input in the one way function.
18. The system of any preceding claim, wherein the storage unit has a lock out function preventing the storage unit from being written to again or overwritten.
19. A method of authenticating an authorised user at a respective electronic device, the method comprising: deriving a device-specific identifier (di) (101 ) from the respective electronic device; sampling biometric data (bd) from the authorised user of the respective device identified by the device-specific identifier (101 ) and providing reference biometric data (rb) for the authorised user; storing the reference biometric data (rb) derived from the biometric data of the authorised user of the respective device identified by the device-specific identifier(101 ); and performing a one-way function F on a data pair comprising or derived from: the device identifier (di); and the biometric data (bd/rb), the one way function having an output comprising F(di, bd/rb).
20. A method of authenticating an authorised user at a respective electronic device, the method comprising: deriving a device-specific identifier (101 ) operable to provide a device identifier (di); sampling biometric data (bd) from a user and providing the sampled biometric data as candidate biometric data (cb); performing a one-way function F on the device identifier (di) and the candidate biometric data (cb) and providing a candidate output F(di,cb); storing a reference output comprising an output F(di,rb), where (rb) is reference biometric data derived from biometric data of the authorised user of the respective device identified by the device-specific identifier (101 ) and (di) is the device identifier; and determining if there is a match between the reference output F(di,rb) and the candidate output F(di,cb).
PCT/EP2013/055593 2013-03-18 2013-03-18 An authentication system and method WO2014146684A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/EP2013/055593 WO2014146684A1 (en) 2013-03-18 2013-03-18 An authentication system and method
EP13711021.9A EP2795523A1 (en) 2013-03-18 2013-03-18 An authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2013/055593 WO2014146684A1 (en) 2013-03-18 2013-03-18 An authentication system and method

Publications (1)

Publication Number Publication Date
WO2014146684A1 true WO2014146684A1 (en) 2014-09-25

Family

ID=47913412

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2013/055593 WO2014146684A1 (en) 2013-03-18 2013-03-18 An authentication system and method

Country Status (2)

Country Link
EP (1) EP2795523A1 (en)
WO (1) WO2014146684A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3037998A1 (en) * 2014-12-23 2016-06-29 Intel Corporation Method and system for providing secure and standalone-operable biometric authentication
WO2018219481A1 (en) * 2017-05-30 2018-12-06 Zwipe As Smartcard and method for controlling a smartcard

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2346239A (en) * 1999-01-26 2000-08-02 Ibm Card security and Web sites
EP1412831A2 (en) 2000-02-07 2004-04-28 Beepcard Incorporated Physical presence digital authentication system
US20070016088A1 (en) * 2001-03-23 2007-01-18 Grant J S Method and apparatus for characterizing and estimating the parameters of histological and physiological biometric markers for authentication
US7195154B2 (en) 2001-09-21 2007-03-27 Privasys, Inc. Method for generating customer secure card numbers
EP1914938A1 (en) 2005-08-11 2008-04-23 Beijing Watch Data System Co. Ltd. A method of physical authentication and a digital device
US7613333B2 (en) 2005-06-20 2009-11-03 Fujitsu Limited Individual authentication system, individual authentication method, and individual authentication program
WO2010035202A1 (en) * 2008-09-26 2010-04-01 Koninklijke Philips Electronics N.V. Authenticating a device and a user
EP2214117A2 (en) 2007-09-19 2010-08-04 Verayo, Inc. Authentication with physical unclonable functions

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2346239A (en) * 1999-01-26 2000-08-02 Ibm Card security and Web sites
EP1412831A2 (en) 2000-02-07 2004-04-28 Beepcard Incorporated Physical presence digital authentication system
EP2530552A1 (en) 2000-02-07 2012-12-05 Dialware Inc. Physical presence digital authentication system
US20070016088A1 (en) * 2001-03-23 2007-01-18 Grant J S Method and apparatus for characterizing and estimating the parameters of histological and physiological biometric markers for authentication
US7195154B2 (en) 2001-09-21 2007-03-27 Privasys, Inc. Method for generating customer secure card numbers
US7613333B2 (en) 2005-06-20 2009-11-03 Fujitsu Limited Individual authentication system, individual authentication method, and individual authentication program
EP1914938A1 (en) 2005-08-11 2008-04-23 Beijing Watch Data System Co. Ltd. A method of physical authentication and a digital device
EP2214117A2 (en) 2007-09-19 2010-08-04 Verayo, Inc. Authentication with physical unclonable functions
WO2010035202A1 (en) * 2008-09-26 2010-04-01 Koninklijke Philips Electronics N.V. Authenticating a device and a user

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3037998A1 (en) * 2014-12-23 2016-06-29 Intel Corporation Method and system for providing secure and standalone-operable biometric authentication
CN107004077A (en) * 2014-12-23 2017-08-01 英特尔公司 Method and system for providing safe and independently operable biological characteristic authentication
WO2018219481A1 (en) * 2017-05-30 2018-12-06 Zwipe As Smartcard and method for controlling a smartcard
KR20200014740A (en) * 2017-05-30 2020-02-11 즈와이프 에이에스 Smart Cards and Methods for Controlling Smart Cards
JP2020528591A (en) * 2017-05-30 2020-09-24 ズワイプ アクティーゼルスカブ Smart card and smart card control method
JP7026701B2 (en) 2017-05-30 2022-02-28 ズワイプ アクティーゼルスカブ Smart card and smart card control method
KR102503897B1 (en) 2017-05-30 2023-02-27 즈와이프 에이에스 Smartcards and Methods for Controlling Smartcards

Also Published As

Publication number Publication date
EP2795523A1 (en) 2014-10-29

Similar Documents

Publication Publication Date Title
US11664997B2 (en) Authentication in ubiquitous environment
US11895225B2 (en) Systems and methods for trustworthy electronic authentication using a computing device
US9674705B2 (en) Method and system for secure peer-to-peer mobile communications
CN106576044B (en) Authentication in ubiquitous environments
US9589399B2 (en) Credential quality assessment engine systems and methods
EP2648163B1 (en) A personalized biometric identification and non-repudiation system
EP3138265B1 (en) Enhanced security for registration of authentication devices
US10607211B2 (en) Method for authenticating a user to a machine
US20080028230A1 (en) Biometric authentication proximity card
AU2013205396B2 (en) Methods and Systems for Conducting Smart Card Transactions
US20140093144A1 (en) More-Secure Hardware Token
AU2018214800A1 (en) Methods and systems for securely storing sensitive data on smart cards
WO2014146684A1 (en) An authentication system and method
Singh Multi-factor authentication and their approaches
TW201543253A (en) An authentication system and method
Kiat et al. Analysis of OPACITY and PLAID Protocols for Contactless Smart Cards
Asani A review of trends of authentication mechanisms for access control

Legal Events

Date Code Title Description
REEP Request for entry into the european phase

Ref document number: 2013711021

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2013711021

Country of ref document: EP

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13711021

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE