EP2106644A1 - Password generator - Google Patents

Password generator

Info

Publication number
EP2106644A1
EP2106644A1 EP07784873A EP07784873A EP2106644A1 EP 2106644 A1 EP2106644 A1 EP 2106644A1 EP 07784873 A EP07784873 A EP 07784873A EP 07784873 A EP07784873 A EP 07784873A EP 2106644 A1 EP2106644 A1 EP 2106644A1
Authority
EP
European Patent Office
Prior art keywords
password
biometric
database
signal
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07784873A
Other languages
German (de)
French (fr)
Other versions
EP2106644A4 (en
Inventor
Christopher John Burke
David Victor Murray
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microlatch Pty Ltd
Original Assignee
Microlatch Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2006905032A external-priority patent/AU2006905032A0/en
Application filed by Microlatch Pty Ltd filed Critical Microlatch Pty Ltd
Publication of EP2106644A1 publication Critical patent/EP2106644A1/en
Publication of EP2106644A4 publication Critical patent/EP2106644A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the present invention relates to secure access systems and, in particular, to a password generator for use in providing secure access to a controlled application, such as an Internet banking website.
  • One-time password generators are used to provide time dynamic passwords that are short enough for a user to enter into an authentication system.
  • the one-time password generators are used to replace digital certificates which had previously been used for on- line security.
  • the password generators are typically in the form of a remote fob (which is a small portable device carried by the user) comprising an on-board micro-processor, a button and a liquid crystal display (LCD) display.
  • a remote fob which is a small portable device carried by the user
  • the micro-processor Upon a user pressing the button of the password generator, the micro-processor generates a one-time password.
  • the user In order to log on to a controlled application, such as the bank's Internet banking website, using one of the above one-time password generators, the user enters their user ID and a fixed (or static) password into the banking website using a personal computer, for example. The user then presses the button on the one-time password generator and a six (or greater number) digit password is generated by the password generator and is displayed on the LCD. The user then enters the six digit password into the banking website via a personal computer, for example.
  • the server that hosts the banking website (hereinafter "the authentication server") performs the same calculation as the user's password generator and then compare a resulting six digit value to the password provided by the user. If the one- password provided the user matches the value calculated by the server, the user's identity is confirmed prior to the user being allowed to carry out their personal Internet banking using the banking website.
  • the authentication server performs the same calculation as the user's password generator and then compare a resulting six digit value to the password provided by the user. If the
  • the above one-time password generators typically function by taking an input value, encrypting the input value according to an encryption algorithm (e.g., RSA, Public Key Infrastructure (PKI), Data Encryption Standard (DES), Blowfish, International Data Encryption Algorithm (IDEA)), and displaying the result as the one-time password.
  • the encryption algorithm uses a secret key stored within each password generator as part of the process to generate the password. Changing the secret key causes a different password to be generated, even if the same input value is used.
  • the secret keys are assigned to specific users and thus tie the user to a specific password generator.
  • the authentication server also has a copy of the user's secret key. As such, the authentication server can perform the same calculation as the user's password generator by taking the same input and calculating the correct one-time password.
  • Time dependent password generators require a clock to be configured within the password generator and within the authentication server. Time dependent password generators take the current time as the input value. For example, every 20 seconds a time dependent password generator may read the time from their clock and use the time as the input value to generate a one-time password. The input value is then encrypted using the user's secret key as part of the encryption process. The resulting encrypted number becomes the one-time password. Time-dependent password generators are referred to as synchronous since both the time- dependent password generator and the authentication server obtain their input values from the time of day which should be, in theory, always the same.
  • the authentication server typically has a window allowing the passwords to be some period of time (e.g., two (2) minutes) off.
  • Event-synchronous password generators do not rely on an internal clock and are therefore not subject to the same drift as time-dependent password generators. Instead, event-synchronous password generators use a simple counter as the input value.
  • the internal counter is set to zero when a password generator is first initialised by a user. From that point on, each time an event occurs (e.g., when the user requests a new password), the counter is incremented and the incremented value is used as the input value. This input value is then encrypted with the result becoming the one-time password.
  • a counter is also associated with the user's account on the authentication server. This authentication server clock is initialised to zero when the account is created, and is incremented each time the user is authenticated.
  • password generators also exist, such as "asynchronous challenge/response" password generators which select a random number as input value to the encryption process.
  • the password generator Prior to using a one-time password generator, the password generator must be initialised, as mentioned above. Password generator initialisation again requires correct entry of the user's DD and fixed password into the controlled application (e.g., the Internet banking website). The user is then required to enter in a ten digit serial number located on the back of the password generator together with designated digits from the user's bank passport number into the banking website.
  • the controlled application e.g., the Internet banking website.
  • the user is then required to enter in a ten digit serial number located on the back of the password generator together with designated digits from the user's bank passport number into the banking website.
  • one problem with the one-time password generators is that if a fraudster is able to gain access to a user's personal
  • the fraudster will be able to activate the password generator and perform fraudulent Internet banking transactions using the password generator.
  • a system for providing secure access to a controlled application comprising: a database of one or more biometric signatures; a first subsystem comprising: a biometric sensor for receiving a biometric signal; means for matching the biometric signal against members of the database of biometric signatures to thereby determine an authentication signal; and means for generating a password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value; and a second sub-system comprising; means for receiving the password; and means for providing conditional access to the controlled application dependent upon said password.
  • a first subsystem for operating in a system for providing secure access to a controlled application, the system comprising a database of biometric signatures, a second sub-system comprising means for receiving a password, and means for providing conditional access to the controlled application dependent upon the password, the first subsystem comprising: a biometric sensor for receiving a biometric signal; means for matching the biometric signal against members of the database of biometric signatures to thereby determine an authentication signal; and means for generating the password dependent upon said authentication signal, wherein said password is generated according to an encryption process based on a dynamic input value.
  • a password generator for providing secure access to a controlled application executing within a system, the system comprising a database of biometric signatures, a sub-system comprising means for receiving the password, and means for providing conditional access to the controlled application dependent upon the password, said password generator comprising: a biometric sensor for receiving a biometric signal; a processor for matching the biometric signal against members of the database of biometric signatures to thereby determine an authentication signal, and for generating the password dependent upon said authentication signal, wherein said password is generated according to an encryption process based on a dynamic input value.
  • a method for providing secure access to a controlled application comprising the steps of: receiving a biometric signal; matching the biometric signal against members of a database of biometric signatures to thereby output an authentication signal; generating a password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value; and providing conditional access to the controlled application dependent upon said password.
  • a method for populating a database of biometric signatures in a system for providing secure access to a controlled application comprising said database of biometric signatures, a first subsystem comprising a biometric sensor for receiving a biometric signal, and means for generating a password capable of granting access to the controlled item, said password being generated according to an encryption process based on a dynamic input value, and a second sub-system comprising means for receiving the password, and means for providing access to the controlled item dependent upon said password, said method comprising the steps of: receiving a series of entries of the biometric signal; determining at least one of the number of said entries and a duration of each said entry; mapping said series into an instruction; and populating the database according to the instruction.
  • a method generating a password in a system for providing secure access to a controlled application comprising a database of biometric signatures, a first sub-system comprising means for receiving the password generated by a second sub-system, and means for providing conditional access to the controlled application dependent upon the password, said method comprising the steps of: receiving a biometric signal by biometric sensor; matching the biometric signal against members of the database of biometric signatures to thereby output an authentication signal; and generating the password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value.
  • a computer program product having a computer readable medium having a computer program recorded therein for directing a processor to provide secure access to a controlled application
  • said computer program product comprising: code for receiving a biometric signal; code for matching the biometric signal against members of a database of biometric signatures to thereby output an authentication signal; code for generating a password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value; and code for providing conditional access to the controlled application dependent upon said password.
  • a computer program product having a computer readable medium having a computer program recorded therein for directing a processor to execute a method for populating a database of biometric signatures in a system for providing secure access to a controlled application, the system comprising said database of biometric signatures, a first subsystem comprising a biometric sensor for receiving a biometric signal, and means for generating a password capable of granting access to the controlled application, and a second sub-system comprising means for receiving the password, and means for providing access to the controlled application dependent upon the password, said program comprising: code for receiving a series of entries of the biometric signal; code for determining at least one of the number of said entries and a duration of each said entry; code for mapping said series into an instruction; and code for populating the database according to the instruction.
  • a computer program product having a computer readable medium having a computer program recorded therein for directing a processor to generate a password for providing secure access to a controlled application
  • said computer program product comprising: code for receiving a biometric sensor by biometric signal; code for matching the biometric signal against members of the database of biometric signatures to thereby output an authentication signal; and code for generating the password dependent upon said authentication signal, wherein said password is generated according to an encryption process based on a dynamic input value.
  • Fig. 1 is a functional block diagram of an arrangement for providing secure access according to the present disclosure
  • Fig. 2 is a schematic block diagram of a general purpose computer upon which an authentication server can be practiced;
  • Fig. 3 shows an example of a method of operation of the control module of Fig. l;
  • Fig. 4 shows an example of a method of operation of the authentication server of Fig. 2;
  • Fig. 5 shows another example of how the secure access system operates
  • Fig. 6 shows one enrolment process relating to the example of Fig. 5
  • Fig. 7 shows another enrolment process relating to the example of Fig. 5
  • Fig. 8 is a schematic block diagram of a sub-system in Fig. 1.
  • Fig. 1 is a functional block diagram of a system 100 for providing secure access to a controlled application according to one arrangement.
  • the controlled application is an Internet banking application being hosted by an authentication server 200 (see Fig. 2).
  • a user 101 provides their user ID and fixed (or static) password to the authentication server 200, as depicted by an arrow 108, using a personal computer 250 connected to the authentication server 200 via a communications network 220.
  • the user 101 then makes a request, as depicted by an arrow 102, to a code entry module 103.
  • the code entry module 103 includes a biometric sensor 121 and the request 102 takes a form which corresponds to the nature of the sensor 121 in the module 103.
  • the request 102 typically takes the form of a thumb press on a sensor panel (not shown) on the code entry module 103.
  • Other physical attributes that can be used to provide the request 102 include voice, retinal or iris pattern, face pattern, palm configuration, vein pattern and so on.
  • the code entry module 103 would require the corresponding biometric sensor.
  • the code entry module 103 interrogates, as depicted by an arrow 104, a user identity database 105.
  • a user identity database 105 contains one or more biometric signatures for each of one or more authorised users against which the request 102 can be authenticated.
  • the code entry module 103 sends an authentication signal 106 to a controller/ password generator 107.
  • the controller/password generator 107 accesses a key stored in a key database 113, as depicted by the arrow 112, and generates a one-time password using the key and the current time which the controller/password generator 107 determines from a clock 118.
  • the password is generated using the RSA encryption algorithm.
  • any suitable encryption algorithm may be used (e.g., Data Encryption Standard (DES), Blowfish, International Data Encryption Algorithm (IDEA)).
  • the code entry module 103 also incorporates at least one mechanism for providing feedback to the user 101.
  • This mechanism can, for example, take the form of a Liquid Crystal Display 122 which can provide visual feedback, depicted by an arrow 123, to the user 101.
  • the password generated by the controller/password generator 107 is provided to the user 101 using the Liquid Crystal Display 122.
  • the mechanism can take the form of an audio signal provided by an audio transducer 124 providing audio feedback 125.
  • the mechanism can take the form of one or more Light Emitting Diode (LED) indicators 109 providing visual feedback 126.
  • LED Light Emitting Diode
  • the user then provides the generated password to the authentication server 200, as depicted by an arrow 110, again, via the personal computer 250 and the communications network 220.
  • the system 100 in Fig. 1 has been described for the case in which the controller/password generator 107 generates a password using the current time as the input value to the encryption process. It is noted that this is merely one arrangement, and other input values such as a simple counter value or a random number may be used as with the event-synchronous tokens and the asynchronous challenge/response tokens, respectively, described above.
  • the password may be generated using a rolling code to generate a different code variant each time the password is generated.
  • successive passwords may be generated using a code and/or a look-up table known to both the code entry module 103 and the authentication server 200. Using this approach successive numbers are modified, resulting in a non-repeatable number.
  • the code entry module 103, the database 105, the controller/password generator 107, the database 113, may be implemented as a first sub-system 116 of the system 100, in a number of different forms.
  • the first sub-system 116 can for example be incorporated into a remote fob (e.g., a key fob carried by the user 101), or alternately can be mounted in a protected enclosure positioned adjacent to the personal computer 250.
  • the personal computer 250 and the authentication server 200 can be referred to as a second sub-system 117.
  • the biometric signature database 105 is shown in Fig. 1 to be part of the first sub-system 1 16.
  • the biometric signature database 105 can be located in the personal computer 250, in which case communication 104 between the code entry module 103 and the signature database 105 can be performed over a secure wireless communication channel.
  • the biometric signature of the authorised user may be stored on a hard disk drive (not shown) of the personal computer
  • the fob incorporates the biometric (eg fingerprint) database 105, in which case only a small number (e.g., one or more for a user's hand) biometric signatures are stored in the fob.
  • biometric eg fingerprint
  • the incorporation of the biometric sensor 121 into the code entry module 103 in the form of a remote fob also means that if the user 101 loses the remote fob, the user need not be concerned that someone else can use it. Since the finder of the lost fob will not be able to have his or her biometric signal authenticated by the biometric sensor 121 in the code entry module 103, the lost fob is useless to anyone apart from the rightful user 101.
  • the first sub-system 116 is preferably fabricated in the form of a single integrated circuit (IC) to reduce the possibility of an authorised person bypassing the biometric sensor 121 in the code entry module 103 and directly forcing the controller/password generator 107 to generate the password.
  • IC integrated circuit
  • Fig. 3 shows the method of operation of the first sub-system 116 of Fig. 1.
  • the process 300 commences with a testing step 301 in which the biometric sensor 121 in the code entry module 103 checks whether a biometric signal 102 is being received. If this is not the case, then the process 300 is directed in accordance with a NO arrow back to the step 301 in a loop. If, on the other hand, the biometric signal 102 has been received, then the process 300 is directed in accordance with a YES arrow to a step 302.
  • the controller/password generator 107 compares the received biometric signal 102 with information in the biometric signature database 105 in order to ensure that the biometric signal received 102 is that of the rightful user 101 of the sub-system 116.
  • a subsequent testing step 303 checks whether the comparison in the step 302 yields the desired authentication. If the biometric signature matching is authenticated, then the code entry module 103 sends an authentication signal 106 to the controller/password generator 107 and the process 300 is directed in accordance with a YES arrow to a step 304.
  • the controller/password generator 107 accesses a key stored in the key database 113 and determines the current time from the clock 118.
  • the controller/password generator 107 In the subsequent step 305, the controller/password generator 107 generates a one-time password using the key and the current time. In the method 300, the controller/password generator 107 uses the accessed key to encrypt a value representing the current time, using the RSA encryption algorithm. However, any suitable encryption algorithm may be used (e.g., Data Encryption Standard (DES), Blowfish, International Data Encryption Algorithm (IDEA)). The process 300 is then directed in accordance with an arrow 306 back to the step 301.
  • DES Data Encryption Standard
  • Blowfish Blowfish
  • IDA International Data Encryption Algorithm
  • the process 300 is directed in accordance with a NO arrow back to the step 301.
  • the NO arrow from the step 303 could lead to a disabling step which would disable further operation of the first sub-system 116, either immediately upon receipt of the incorrect biometric signal 102, or after a number of attempts to provide the correct biometric signal 102.
  • Fig. 4 shows the method of operation of the authentication server 200 of Fig. 2.
  • the method 400 commences with a testing step 401 which checks whether the user's ID and fixed password, received via the personal computer 250 and communications network 220, are correct.
  • the step 401 is performed by the authentication server 200 and, in particular, the processor 205 shown in Fig. 2. If the user's ID and fixed password are incorrect, then the process 400 is directed in accordance with a NO arrow in a looping manner back to the step 401.
  • the NO arrow from the step 401 may lead to a disabling step which disables further access to the authentication server 200 (and the Internet banking website being hosted thereon) by the user after a number of attempts to provide the correct user ID and fixed password.
  • the process 400 is directed from the step 401 by means of a YES arrow to a step 402.
  • the authentication server 200 accesses a key (associated with the user of the code module 103) stored in a key database 251 and determines the current time from a system clock (not shown).
  • the key database 251 is configured within the hard disk drive 210 of the authentication server 200.
  • the authentication server 200 generates a one-time password using the key and the current time determined at step 402.
  • the authentication server 200 again uses the accessed key to encrypt a value representing the current time, using the RSA encryption algorithm, which is the same encryption algorithm used by the controller/password generator 107. Accordingly, the authentication server 200 performs the same calculation as the controller/password generator 107 in determining the password
  • the authentication server 200 compares the password generated at step 403 with a password received from the user in accordance with the password generated at step 305.
  • a subsequent testing step 405 is performed by authentication server 200.
  • the process 400 is directed in accordance with a YES arrow to a step 407.
  • the authentication server 200 allows the user to access the Internet banking website being hosted on the authentication server 200 and the process 400 concludes.
  • the process 400 is directed from the step 405 in accordance with a NO arrow back to the step 401.
  • the process 400 may be directed, if the password match is negative, from the step 405 back to step 402 where the authentication server 200 would again access the key stored in the database 251 and determine the current time from the system clock (not shown). This would also require the user to repeat the process 300 in order to generate another one-time password and again provide the generated password to the authentication server 200. Further access to the authentication server 200 by the user may be disabled if the incorrect password where received once or a number of times.
  • Fig. 5 shows another process 500 of operation of the access system 100 of Fig. 1.
  • the process 500 commences with a step 501 that determines if a biometric signal has been received by the biometric sensor 121 in the code entry module in Fig. 1. If not, then the process 500 follows a NO arrow back to the step 501. If however a biometric signal has been received, then the process 500 follows a YES arrow to a step 502 that determines if the user ID database 105 in Fig. 1 is empty. This would be the case, for example, if the code entry module 103 is new and has never been used, or if the user 101 has erased all the information in the database 105.
  • the process 500 is directed by an arrow 503 to 506 in Fig. 7 which depicts a process 700 dealing with the enrolment or the administration function for loading relevant signatures into the database 105. If on the other hand the database 105 is not empty, then the process 500 is directed to a step 504 that determines if the biometric signal that has been received is an administrator's biometric signal.
  • the disclosed access system 100 can accommodate at least two classes of user, namely administrators and (ordinary) users.
  • the administrators have the ability to amend data stored, for example, in the database 105, while the ordinary users do not have this capability.
  • the first user of the code entry module 103 is automatically categorised as an administrator. This first administrator can direct the access system 100 to either accept further administrators, or alternately to only accept further ordinary users.
  • the biometric sensor 121 (see Fig. 1) is a fingerprint sensor
  • a single user can enrol two or more of his or her own fingers as separate administrators or (ordinary) users, by storing corresponding fingerprints for corresponding fingers in the database 105 via the enrolment process 700 (see Fig. 7).
  • the first administrator can provide control information to the code entry module 103 by providing a succession of finger presses to the biometric sensor 121, providing that these successive presses are of the appropriate duration, the appropriate quantity, and are input within a predetermined time.
  • the control information is encoded by either or both (a) the number of finger presses and (b) the relative duration of the finger presses. If the successive finger presses are provided within this predetermined time, then the controller/password generator 107 accepts the presses as potential control information and checks the input information against a stored set of legal control signals.
  • a legal control signal can be expressed as follows:
  • ROM Read Only Memory
  • the code entry module 103 has feedback signalling mechanisms 122, implemented for example by the LCD 122, and 124, implemented by an audio transducer.
  • the code entry module 103 may also comprise Light Emitting Diodes (LEDs) 109 to signal the state of the code entry module 103 to the user 101, and to direct the administration process.
  • LEDs Light Emitting Diodes
  • three LEDs, being Red, Amber and Green are provided.
  • step 504 if the step determines that the biometric signal received is an administrator's signal, then the process 500 is directed by a YES arrow to 506 in Fig. 6 as depicted by the arrow 503. If on the other hand, the step 504 indicates that the received biometric signal does not belong to an administrator then the process 500 is directed by a NO arrow to 505.
  • Fig. 6 shows a process 600 for implementing various enrolment procedures.
  • the process 600 commences at 506 from Fig. 5 after which a step 601 determines if the biometric signal is a first administrators input (which is the case if the database 105 is empty). If this is the case, then the process 600 is directed to a step 602 that stores the administrator's signature in the database 105. From a terminology perspective, this first administrator, or rather the first administrator's first finger (in the event that the biometric sensor 121 in Fig. 1 is a fingerprint sensor), is referred to as the "superfmger”. Further administrator's fingers are referred to as admin-fingers, and ordinary users fingers are referred to merely as "fingers". The reason that someone would enrol more than one of their own fingers into the system is to ensure that even in the event that one of their enrolled fingers is injured, the person can still operate the system using another enrolled finger.
  • a step 601 determines if the biometric signal is a first administrators
  • step 602 as well as the steps 605, 607 and 609 involve sequences of finger presses on the biometric sensor 121 in conjunction with feedback signals from the LEDs 122 and/or the audio speaker 124.
  • the process 600 then proceeds to a step 610 that determines if further enrolment procedures are required. If this is the case, then the process 600 proceeds by a YES arrow back to the step 601. If no further enrolment procedures are required, then the process 600 proceeds by a NO arrow to 505 in Fig. 5.
  • the process 600 proceeds by a NO arrow to a step 603.
  • the step 603 determines if a further administrator signature is to be stored. It is noted that all signatures stored in the database are tagged as belonging to one or more of the classes of administrator and ordinary user. If a further administrator signature is to be stored, then the process 600 proceeds by a YES arrow to the step 602 that stores the biometric signal as a further administrator's signature. If a further administrator's signature is not required, then the process 600 proceeds according to a NO arrow to a step 606.
  • the step 606 determines if a further simple signature (ie belonging to an ordinary user) is to be stored. If a further simple signature is to be stored, then the process 600 proceeds by a YES arrow to the step 607 that stores the biometric signal as a further ordinary signature.
  • the process 600 proceeds according to a NO arrow to a step 608 that determines if any or all signatures are to be erased from the database 105. If this is the case then the process 600 follows a YES arrow to a step 609 that erases the desired signatures. The process 600 then proceeds to the step 610. If however the step 608 determines that no signatures are to be erased, then the process 600 proceeds by a NO arrow to the step 610.
  • Fig. 7 shows another enrolment process relating to the example of Fig. 5.
  • the process 700 commences at 506 from Fig. 5 after which a step 701 determines if the received biometric signal comes from the first administrator. If this is the case, then the process 700 proceeds according to a YES arrow to a step 702.
  • the step 702 emits an "Enrolment" tone and flashes the green LED once only.
  • a step 705 reads the incoming biometric signal which is provided by the user as directed by the Amber LED. When the Amber LED flashes continuously, this directs the user to "Apply Finger". When the Amber LED is in a steady illuminated state, this directs the user to "Maintain Finger Pressure”. Finally, when the amber LED is off, this directs the user to "Remove
  • step 701 if the incoming biometric signal does not belong to the first administrator, then the process 700 proceeds according to a NO arrow to a step 703.
  • the step 703 emits an "Enrolment" tone, and flashes the Red LED in an on-going fashion. Thereafter, the process 700 proceeds according to an arrow 704 to the step 705.
  • a step 706 determines whether the incoming biometric signal is legible. If this is not the case, then the process 700 proceeds according to a NO arrow to a step 707. The step 707 emits a "Rejection" tone, after which the process 700 is directed, according to an arrow 708 to 505 in Fig. 5.
  • the process 700 follows a YES arrow to a step 709. The step 709 determines whether the finger press exceeds a predetermined time. If this is not the case, then the process 700 follows a NO arrow to a step 710 which stores the biometric signal, which in the present case is a fingerprint signature. Thereafter the process 700 follows an arrow 711 to 505 in Fig. 5.
  • the process follows a YES arrow to a step 712.
  • the step 712 erases relevant signatures depending upon the attributes of the incoming biometric signal.
  • the incoming biometric signal belongs to an ordinary user
  • the ordinary user's signature in the database 105 is erased by the step 712.
  • the incoming biometric signal belongs to the first administrator
  • all the signatures in the database 105 are erased. Administrators who are not the first administrator can be granted either the same powers as the first administrator in regard to erasure of signatures, or can be granted the same powers as ordinary users in this respect.
  • the process 700 follows an arrow 713 to 505 in Fig. 5.
  • Fig. 8 is a schematic block diagram of the sub-system 116 in Fig. 1.
  • the disclosed secure access methods are preferably practiced using an arrangement, such as that shown in Fig. 8 wherein the processes of Figs. 3-4, and 5-7 may be implemented as software, such as application program modules executing within the sub-system 116.
  • the method steps for providing secure access are effected by instructions in the software that are carried out under direction of the respective controller/password generator 107 and the processor 205 in the first and second sub-systems 116 and 117.
  • the instructions may be formed as one or more code modules, each for performing one or more particular tasks.
  • the software may also be divided into two separate parts, in which a first part performs the provision of secure access methods and a second part manages a user interface between the first part and the user.
  • the software may be stored in a computer readable medium, including the storage devices described below, for example.
  • the software is loaded into the first and second sub-systems 116 and 117 from the computer readable medium, and then executed under direction of the respective controller/password generator 107 and processor 205.
  • a computer readable medium having such software or computer program recorded on it is a computer program product.
  • the use of the computer program product in the computer preferably effects an advantageous apparatus for provision of secure access.
  • the system 100 is formed, having regard to the first sub-system 116, by the controller/ password generator module 107, input devices such as the bio sensor 121, output devices including the LCD display 122, the LED indicators 109 and the audio device 124.
  • a communication interface/transceiver 1008 may be used by the controller/password generator module 107 for communicating to and from a communications network 1020.
  • the controller/password generator module 107 typically includes at least one processor unit 1005, and a memory unit 1006, for example formed from semiconductor random access memory (RAM) and read only memory (ROM).
  • the controller/password generator module 107 also includes a number of input/output (I/O) interfaces including an audio-video interface 1007 that couples to the LCD display 122, the LED indicators 109 and audio speaker 124, an I/O interface 1013 for the bio-sensor 121, and the interface 1008 for communications.
  • the components 1007, 1008, 1005, 1013 and 1006 the controller module 107 typically communicate via an interconnected bus 1004 and in a manner which results in a conventional mode of operation of the controller 107 known to those in the relevant art.
  • the application program modules for the first sub-system 116 are resident in the memory 1006 iROM, and are read and controlled in their execution by the processor 1005. Intermediate storage of the program and any data fetched from the bio sensor 121 and the network 1020 may be accomplished using the RAM in the semiconductor memory 1006. In some instances, the application program modules may be supplied to the user encoded into the ROM in the memory 1006. Still further, the software modules can also be loaded into the first sub-system 116 from other computer readable media, say over the network 1020.
  • the term "computer readable medium” as used herein refers to any storage or transmission medium that participates in providing instructions and/or data to the first sub-system 116 for execution and/or processing.
  • Examples of storage media include floppy disks, magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, a magneto-optical disk, or a computer readable card such as a PCMCIA card and the like, whether or not such devices are internal or external of the first sub-system 116.
  • Examples of transmission media include radio or infra-red transmission channels as well as a network connection to another computer or networked device, and the Internet or Intranets including e-mail transmissions and information recorded on Websites and the like.
  • the process 400 of Fig. 4 may be implemented using the second sub-system, as shown in Fig. 2 wherein the process 400 may be implemented as software, such as one or more application programs executable within the authentication server 200.
  • the steps of process 400 are effected by instructions in the software that are carried out within the server 200.
  • the instructions may be formed as one or more code modules, each for performing one or more particular tasks.
  • the software may be stored in a computer readable medium, including the storage devices described below, for example.
  • the software is loaded into the server 200 from the computer readable medium, and then executed by the server 200.
  • a computer readable medium having such software or computer program recorded on it is a computer program product.
  • the use of the computer program product in the server 200 preferably effects an advantageous apparatus for implementing the method 400.
  • the authentication server 200 is formed by a computer module 201, input devices such as a keyboard 202 and a mouse pointer device 203, and output devices including a printer 215, a display device 214 and loudspeakers 217.
  • An external Modulator-Demodulator (Modem) transceiver device 216 may be used by the computer module 201 for communicating to and from the personal computer 250 over the communications network 220 via a connection 221.
  • the network 220 may be a wide-area network (WAN), such as the Internet or a private WAN.
  • the modem 216 may be a traditional "dial-up" modem.
  • the modem 216 may be a broadband modem.
  • a wireless modem may also be used for wireless connection to the network 220.
  • the computer module 201 typically includes at least one processor unit 205, and a memory unit 206 for example formed from semiconductor random access memory (RAM) and read only memory (ROM).
  • the module 201 also includes an number of input/output (I/O) interfaces including an audio-video interface 207 that couples to the video display 214 and loudspeakers 217, an I/O interface 213 for the keyboard 202 and mouse 203 and optionally a joystick (not illustrated), and an interface 208 for the external modem 216 and printer 215.
  • the modem 216 may be incorporated within the computer module 201, for example within the interface 208.
  • the computer module 201 also has a local network interface 211 which, via a connection 223, permits coupling of the computer system 200 to a local computer network 222, known as a Local Area Network (LAN).
  • LAN Local Area Network
  • the local network 222 may also couple to the wide network 220 via a connection 224, which would typically include a so-called "firewall” device or similar functionality.
  • the interface 211 may be formed by an EthernetTM circuit card, a wireless BluetoothTM or an IEEE 802.11 wireless arrangement.
  • the interfaces 208 and 213 may afford both serial and parallel connectivity, the former typically being implemented according to the Universal Serial Bus (USB) standards and having corresponding USB connectors (not illustrated).
  • Storage devices 209 are provided and typically include a hard disk drive (HDD) 210. Other devices such as a floppy disk drive and a magnetic tape drive (not illustrated) may also be used.
  • An optical disk drive 212 is typically provided to act as a non- volatile source of data. Portable memory devices, such optical disks (eg: CD-ROM, DVD), USB-RAM, and floppy disks for example may then be used as appropriate sources of data to the system 200.
  • the components 205 to 213 of the computer module 201 typically communicate via an interconnected bus 204 and in a manner which results in a conventional mode of operation of the computer system 200 known to those in the relevant art.
  • Examples of computers on which the described arrangements can be practised include IBM-PC's and compatibles, Sun Sparcstations, Apple MacTM or alike computer systems evolved therefrom.
  • the application programs for the second sub-system 117 are resident on the hard disk drive 210 and read and controlled in execution by the processor 205. Intermediate storage of such programs and any data fetched from the networks 220 and 222 may be accomplished using the semiconductor memory 206, possibly in concert with the hard disk drive 210. In some instances, the application programs may be supplied to the user encoded on one or more CD-ROM and read via the corresponding drive 212, or alternatively may be read by the user from the networks 220 or 222. Still further, the software can also be loaded into the computer system 200 from other computer readable media.
  • Computer readable media refers to any storage medium that participates in providing instructions and/or data to the computer system 200 for execution and/or processing.
  • Examples of such media include floppy disks, magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, a magneto-optical disk, or a computer readable card such as a PCMCIA card and the like, whether or not such devices are internal or external of the computer module 201.
  • Examples of computer readable transmission media that may also participate in the provision of instructions and/or data include radio or infra-red transmission channels as well as a network connection to another computer or networked device, and the Internet or Intranets including e-mail transmissions and information recorded on Websites and the like.
  • the system 100 can also be used to provide authorised access to lighting systems, building control devices, exterior or remote devices such as air compressors and so on.
  • authorised access to lighting systems, building control devices, exterior or remote devices such as air compressors and so on.
  • the concept of "secure access” is thus extendible beyond mere access to restricted physical areas.

Abstract

A system (100) for providing secure access to a controlled application is disclosed. The system (100) comprises a database (105) of one or more biometric signatures. The system (100) also comprises a first subsystem (116) comprising a biometric sensor (121) for receiving a biometric signal and means for matching the biometric signal against members of the database (105) of biometric signatures to thereby determine an authentication signal. The first subsystem (116) also comprises means for generating a password dependent upon the authentication signal, the password being generated according to an encryption process based on a dynamic input value. The system (100) also comprises a second sub-system (117) comprising means for receiving the password and means for providing conditional access to the controlled application dependent upon the password.

Description

PASSWORD GENERATOR Field of the Invention
The present invention relates to secure access systems and, in particular, to a password generator for use in providing secure access to a controlled application, such as an Internet banking website.
Background
Identity theft is on the increase. It was recently reported that during 2005, 8.9 million people were affected by identity theft, at a total cost to business and individuals of US$56.6 billion. The cost per victim of this identity theft averaged US$6,383. These figures are expected to rise in the future as fraudsters devise smarter, more focused scams. A major portion of the above identity theft is online identity theft. In that context, businesses with valuable intellectual property or electronically accessible financial assets are largely left to protect themselves. In most situations, these businesses have succeeded in securing their own networks, but that leaves the more daunting task of protecting a greater point of weakness - their customers.
While network and application security and back-end fraud detection are crucial elements in preventing fraud, many of the online security attacks today are targeted at individuals. As a result, companies are starting to deploy to customers stronger kinds of authentication. For example, one large multinational bank recently announced that it was deploying a security device in the form of a "one-time dynamic password generator" for their customers to use in accessing personal Internet banking.
One-time password generators are used to provide time dynamic passwords that are short enough for a user to enter into an authentication system. The one-time password generators are used to replace digital certificates which had previously been used for on- line security. The password generators are typically in the form of a remote fob (which is a small portable device carried by the user) comprising an on-board micro-processor, a button and a liquid crystal display (LCD) display. Upon a user pressing the button of the password generator, the micro-processor generates a one-time password.
In order to log on to a controlled application, such as the bank's Internet banking website, using one of the above one-time password generators, the user enters their user ID and a fixed (or static) password into the banking website using a personal computer, for example. The user then presses the button on the one-time password generator and a six (or greater number) digit password is generated by the password generator and is displayed on the LCD. The user then enters the six digit password into the banking website via a personal computer, for example. The server that hosts the banking website (hereinafter "the authentication server") performs the same calculation as the user's password generator and then compare a resulting six digit value to the password provided by the user. If the one- password provided the user matches the value calculated by the server, the user's identity is confirmed prior to the user being allowed to carry out their personal Internet banking using the banking website.
The above one-time password generators typically function by taking an input value, encrypting the input value according to an encryption algorithm (e.g., RSA, Public Key Infrastructure (PKI), Data Encryption Standard (DES), Blowfish, International Data Encryption Algorithm (IDEA)), and displaying the result as the one-time password. The encryption algorithm uses a secret key stored within each password generator as part of the process to generate the password. Changing the secret key causes a different password to be generated, even if the same input value is used. The secret keys are assigned to specific users and thus tie the user to a specific password generator. The authentication server also has a copy of the user's secret key. As such, the authentication server can perform the same calculation as the user's password generator by taking the same input and calculating the correct one-time password.
There are two commonly used types of one-time password generators, namely "time-dependent" and "event-synchronous". Time dependent password generators require a clock to be configured within the password generator and within the authentication server. Time dependent password generators take the current time as the input value. For example, every 20 seconds a time dependent password generator may read the time from their clock and use the time as the input value to generate a one-time password. The input value is then encrypted using the user's secret key as part of the encryption process. The resulting encrypted number becomes the one-time password. Time-dependent password generators are referred to as synchronous since both the time- dependent password generator and the authentication server obtain their input values from the time of day which should be, in theory, always the same. However, in reality, some host system clocks drift, requiring a system administrator to manually set the clock periodically. In contrast, the clocks in password generators cannot be set and may drift throughout the lifetime of the password generator. To accommodate the varying times within the time-dependent password generators, the authentication server typically has a window allowing the passwords to be some period of time (e.g., two (2) minutes) off.
Event-synchronous password generators do not rely on an internal clock and are therefore not subject to the same drift as time-dependent password generators. Instead, event-synchronous password generators use a simple counter as the input value. The internal counter is set to zero when a password generator is first initialised by a user. From that point on, each time an event occurs (e.g., when the user requests a new password), the counter is incremented and the incremented value is used as the input value. This input value is then encrypted with the result becoming the one-time password. Similarly, a counter is also associated with the user's account on the authentication server. This authentication server clock is initialised to zero when the account is created, and is incremented each time the user is authenticated.
Other types of password generators also exist, such as "asynchronous challenge/response" password generators which select a random number as input value to the encryption process.
Prior to using a one-time password generator, the password generator must be initialised, as mentioned above. Password generator initialisation again requires correct entry of the user's DD and fixed password into the controlled application (e.g., the Internet banking website). The user is then required to enter in a ten digit serial number located on the back of the password generator together with designated digits from the user's bank passport number into the banking website. However, one problem with the one-time password generators is that if a fraudster is able to gain access to a user's personal
Internet banking details, the fraudster will be able to activate the password generator and perform fraudulent Internet banking transactions using the password generator.
Thus a need clearly exists for a more efficient password generator for use in providing secure access to a controlled application.
Summary
It is an object of the present invention to substantially overcome, or at least ameliorate, one or more disadvantages of existing arrangements.
According to one aspect of the present invention there is provided a system for providing secure access to a controlled application, the system comprising: a database of one or more biometric signatures; a first subsystem comprising: a biometric sensor for receiving a biometric signal; means for matching the biometric signal against members of the database of biometric signatures to thereby determine an authentication signal; and means for generating a password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value; and a second sub-system comprising; means for receiving the password; and means for providing conditional access to the controlled application dependent upon said password. According to another aspect of the present invention there is provided a first subsystem for operating in a system for providing secure access to a controlled application, the system comprising a database of biometric signatures, a second sub-system comprising means for receiving a password, and means for providing conditional access to the controlled application dependent upon the password, the first subsystem comprising: a biometric sensor for receiving a biometric signal; means for matching the biometric signal against members of the database of biometric signatures to thereby determine an authentication signal; and means for generating the password dependent upon said authentication signal, wherein said password is generated according to an encryption process based on a dynamic input value.
According to still another aspect of the present invention there is provided a password generator for providing secure access to a controlled application executing within a system, the system comprising a database of biometric signatures, a sub-system comprising means for receiving the password, and means for providing conditional access to the controlled application dependent upon the password, said password generator comprising: a biometric sensor for receiving a biometric signal; a processor for matching the biometric signal against members of the database of biometric signatures to thereby determine an authentication signal, and for generating the password dependent upon said authentication signal, wherein said password is generated according to an encryption process based on a dynamic input value.
According to still another aspect of the present invention there is provided a method for providing secure access to a controlled application, the method comprising the steps of: receiving a biometric signal; matching the biometric signal against members of a database of biometric signatures to thereby output an authentication signal; generating a password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value; and providing conditional access to the controlled application dependent upon said password.
According to still another aspect of the present invention there is provided a method for populating a database of biometric signatures in a system for providing secure access to a controlled application, the system comprising said database of biometric signatures, a first subsystem comprising a biometric sensor for receiving a biometric signal, and means for generating a password capable of granting access to the controlled item, said password being generated according to an encryption process based on a dynamic input value, and a second sub-system comprising means for receiving the password, and means for providing access to the controlled item dependent upon said password, said method comprising the steps of: receiving a series of entries of the biometric signal; determining at least one of the number of said entries and a duration of each said entry; mapping said series into an instruction; and populating the database according to the instruction.
According to still another aspect of the present invention there is provided a method generating a password in a system for providing secure access to a controlled application, the system comprising a database of biometric signatures, a first sub-system comprising means for receiving the password generated by a second sub-system, and means for providing conditional access to the controlled application dependent upon the password, said method comprising the steps of: receiving a biometric signal by biometric sensor; matching the biometric signal against members of the database of biometric signatures to thereby output an authentication signal; and generating the password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value. According to still another aspect of the present invention there is provided a computer program product having a computer readable medium having a computer program recorded therein for directing a processor to provide secure access to a controlled application, said computer program product comprising: code for receiving a biometric signal; code for matching the biometric signal against members of a database of biometric signatures to thereby output an authentication signal; code for generating a password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value; and code for providing conditional access to the controlled application dependent upon said password.
According to still another aspect of the present invention there is provided a computer program product having a computer readable medium having a computer program recorded therein for directing a processor to execute a method for populating a database of biometric signatures in a system for providing secure access to a controlled application, the system comprising said database of biometric signatures, a first subsystem comprising a biometric sensor for receiving a biometric signal, and means for generating a password capable of granting access to the controlled application, and a second sub-system comprising means for receiving the password, and means for providing access to the controlled application dependent upon the password, said program comprising: code for receiving a series of entries of the biometric signal; code for determining at least one of the number of said entries and a duration of each said entry; code for mapping said series into an instruction; and code for populating the database according to the instruction. According to still another aspect of the present invention there is provided a computer program product having a computer readable medium having a computer program recorded therein for directing a processor to generate a password for providing secure access to a controlled application, said computer program product comprising: code for receiving a biometric sensor by biometric signal; code for matching the biometric signal against members of the database of biometric signatures to thereby output an authentication signal; and code for generating the password dependent upon said authentication signal, wherein said password is generated according to an encryption process based on a dynamic input value.
Other aspects of the invention are also disclosed. Brief Description of the Drawings
Some aspects of the prior art and one or more embodiments of the present invention are described with reference to the drawings, in which:
Fig. 1 is a functional block diagram of an arrangement for providing secure access according to the present disclosure; Fig. 2 is a schematic block diagram of a general purpose computer upon which an authentication server can be practiced;
Fig. 3 shows an example of a method of operation of the control module of Fig. l;
Fig. 4 shows an example of a method of operation of the authentication server of Fig. 2;
Fig. 5 shows another example of how the secure access system operates;
Fig. 6 shows one enrolment process relating to the example of Fig. 5; Fig. 7 shows another enrolment process relating to the example of Fig. 5; and Fig. 8 is a schematic block diagram of a sub-system in Fig. 1.
Detailed Description including Best Mode
It is to be noted that the discussions contained in the "Background" section relating to prior art arrangements relate to discussions of documents or devices which form public knowledge through their respective publication and/or use. Such should not be interpreted as a representation by the present inventor(s) or patent applicant that such documents or devices in any way form part of the common general knowledge in the art.
Where reference is made in any one or more of the accompanying drawings to steps and/or features, which have the same reference numerals, those steps and/or features have for the purposes of this description the same function(s) or operation(s), unless the contrary intention appears.
Fig. 1 is a functional block diagram of a system 100 for providing secure access to a controlled application according to one arrangement. In the present example, the controlled application is an Internet banking application being hosted by an authentication server 200 (see Fig. 2). A user 101 provides their user ID and fixed (or static) password to the authentication server 200, as depicted by an arrow 108, using a personal computer 250 connected to the authentication server 200 via a communications network 220. The user 101 then makes a request, as depicted by an arrow 102, to a code entry module 103. The code entry module 103 includes a biometric sensor 121 and the request 102 takes a form which corresponds to the nature of the sensor 121 in the module 103. Thus, for example, if the biometric sensor 121 in the code entry module 103 is a fingerprint sensor, then the request 102 typically takes the form of a thumb press on a sensor panel (not shown) on the code entry module 103. Other physical attributes that can be used to provide the request 102 include voice, retinal or iris pattern, face pattern, palm configuration, vein pattern and so on. In this instance, the code entry module 103 would require the corresponding biometric sensor.
The code entry module 103 interrogates, as depicted by an arrow 104, a user identity database 105. Thus for example if the request 102 is the thumb press on the biometric sensor panel 121 then the user database 105 contains one or more biometric signatures for each of one or more authorised users against which the request 102 can be authenticated. If the identity of the user 101 is authenticated successfully, then the code entry module 103 sends an authentication signal 106 to a controller/ password generator 107. The controller/password generator 107 accesses a key stored in a key database 113, as depicted by the arrow 112, and generates a one-time password using the key and the current time which the controller/password generator 107 determines from a clock 118. In the present example, the password is generated using the RSA encryption algorithm. However, any suitable encryption algorithm may be used (e.g., Data Encryption Standard (DES), Blowfish, International Data Encryption Algorithm (IDEA)). The code entry module 103 also incorporates at least one mechanism for providing feedback to the user 101. This mechanism can, for example, take the form of a Liquid Crystal Display 122 which can provide visual feedback, depicted by an arrow 123, to the user 101. For example, the password generated by the controller/password generator 107 is provided to the user 101 using the Liquid Crystal Display 122. Alternately or in addition the mechanism can take the form of an audio signal provided by an audio transducer 124 providing audio feedback 125. Still further, (again, alternately or in addition to) the mechanism can take the form of one or more Light Emitting Diode (LED) indicators 109 providing visual feedback 126. The user then provides the generated password to the authentication server 200, as depicted by an arrow 110, again, via the personal computer 250 and the communications network 220. The system 100 in Fig. 1 has been described for the case in which the controller/password generator 107 generates a password using the current time as the input value to the encryption process. It is noted that this is merely one arrangement, and other input values such as a simple counter value or a random number may be used as with the event-synchronous tokens and the asynchronous challenge/response tokens, respectively, described above.
Further, other mathematical algorithms or codes can equally be used to generate the one-time password. For example, the password may be generated using a rolling code to generate a different code variant each time the password is generated. In this instance, successive passwords may be generated using a code and/or a look-up table known to both the code entry module 103 and the authentication server 200. Using this approach successive numbers are modified, resulting in a non-repeatable number.
The code entry module 103, the database 105, the controller/password generator 107, the database 113, may be implemented as a first sub-system 116 of the system 100, in a number of different forms. The first sub-system 116 can for example be incorporated into a remote fob (e.g., a key fob carried by the user 101), or alternately can be mounted in a protected enclosure positioned adjacent to the personal computer 250. The personal computer 250 and the authentication server 200 can be referred to as a second sub-system 117. The biometric signature database 105 is shown in Fig. 1 to be part of the first sub-system 1 16. However, in an alternate arrangement, the biometric signature database 105 can be located in the personal computer 250, in which case communication 104 between the code entry module 103 and the signature database 105 can be performed over a secure wireless communication channel. For example, the biometric signature of the authorised user may be stored on a hard disk drive (not shown) of the personal computer
250.
When the sub-system 116 is implemented as a remote fob, the fob incorporates the biometric (eg fingerprint) database 105, in which case only a small number (e.g., one or more for a user's hand) biometric signatures are stored in the fob.
The incorporation of the biometric sensor 121 into the code entry module 103 in the form of a remote fob also means that if the user 101 loses the remote fob, the user need not be concerned that someone else can use it. Since the finder of the lost fob will not be able to have his or her biometric signal authenticated by the biometric sensor 121 in the code entry module 103, the lost fob is useless to anyone apart from the rightful user 101.
The first sub-system 116 is preferably fabricated in the form of a single integrated circuit (IC) to reduce the possibility of an authorised person bypassing the biometric sensor 121 in the code entry module 103 and directly forcing the controller/password generator 107 to generate the password.
Fig. 3 shows the method of operation of the first sub-system 116 of Fig. 1. The process 300 commences with a testing step 301 in which the biometric sensor 121 in the code entry module 103 checks whether a biometric signal 102 is being received. If this is not the case, then the process 300 is directed in accordance with a NO arrow back to the step 301 in a loop. If, on the other hand, the biometric signal 102 has been received, then the process 300 is directed in accordance with a YES arrow to a step 302. At step 302, the controller/password generator 107 compares the received biometric signal 102 with information in the biometric signature database 105 in order to ensure that the biometric signal received 102 is that of the rightful user 101 of the sub-system 116. A subsequent testing step 303 checks whether the comparison in the step 302 yields the desired authentication. If the biometric signature matching is authenticated, then the code entry module 103 sends an authentication signal 106 to the controller/password generator 107 and the process 300 is directed in accordance with a YES arrow to a step 304. At step 304, the controller/password generator 107 accesses a key stored in the key database 113 and determines the current time from the clock 118. In the subsequent step 305, the controller/password generator 107 generates a one-time password using the key and the current time. In the method 300, the controller/password generator 107 uses the accessed key to encrypt a value representing the current time, using the RSA encryption algorithm. However, any suitable encryption algorithm may be used (e.g., Data Encryption Standard (DES), Blowfish, International Data Encryption Algorithm (IDEA)). The process 300 is then directed in accordance with an arrow 306 back to the step 301.
Returning to the testing step 303, if the signature comparison indicates that the biometric signal 102 is not authentic, and has thus not been received from the proper user, then the process 300 is directed in accordance with a NO arrow back to the step 301. In an alternate arrangement, the NO arrow from the step 303 could lead to a disabling step which would disable further operation of the first sub-system 116, either immediately upon receipt of the incorrect biometric signal 102, or after a number of attempts to provide the correct biometric signal 102.
Fig. 4 shows the method of operation of the authentication server 200 of Fig. 2. The method 400 commences with a testing step 401 which checks whether the user's ID and fixed password, received via the personal computer 250 and communications network 220, are correct. The step 401 is performed by the authentication server 200 and, in particular, the processor 205 shown in Fig. 2. If the user's ID and fixed password are incorrect, then the process 400 is directed in accordance with a NO arrow in a looping manner back to the step 401. In an alternate arrangement, the NO arrow from the step 401 may lead to a disabling step which disables further access to the authentication server 200 (and the Internet banking website being hosted thereon) by the user after a number of attempts to provide the correct user ID and fixed password.
When the user's ID and fixed password are correct, the process 400 is directed from the step 401 by means of a YES arrow to a step 402. At step 402, the authentication server 200 accesses a key (associated with the user of the code module 103) stored in a key database 251 and determines the current time from a system clock (not shown). In the present example, the key database 251 is configured within the hard disk drive 210 of the authentication server 200. In a subsequent step 403, the authentication server 200 generates a one-time password using the key and the current time determined at step 402. In the method 400, the authentication server 200 again uses the accessed key to encrypt a value representing the current time, using the RSA encryption algorithm, which is the same encryption algorithm used by the controller/password generator 107. Accordingly, the authentication server 200 performs the same calculation as the controller/password generator 107 in determining the password
In the subsequent step 404, the authentication server 200 compares the password generated at step 403 with a password received from the user in accordance with the password generated at step 305. A subsequent testing step 405 is performed by authentication server 200. In the step 405 if the password received from the user is successfully matched against the password generated at step 403 then the process 400 is directed in accordance with a YES arrow to a step 407. In the step 407 the authentication server 200 allows the user to access the Internet banking website being hosted on the authentication server 200 and the process 400 concludes.
Returning to the testing step 405 if the password received from the user is not successfully matched to the password generated at step 403 by the authentication server 200 then the process 400 is directed from the step 405 in accordance with a NO arrow back to the step 401. hi an alternate arrangement, the process 400 may be directed, if the password match is negative, from the step 405 back to step 402 where the authentication server 200 would again access the key stored in the database 251 and determine the current time from the system clock (not shown). This would also require the user to repeat the process 300 in order to generate another one-time password and again provide the generated password to the authentication server 200. Further access to the authentication server 200 by the user may be disabled if the incorrect password where received once or a number of times. Fig. 5 shows another process 500 of operation of the access system 100 of Fig. 1.
The process 500 commences with a step 501 that determines if a biometric signal has been received by the biometric sensor 121 in the code entry module in Fig. 1. If not, then the process 500 follows a NO arrow back to the step 501. If however a biometric signal has been received, then the process 500 follows a YES arrow to a step 502 that determines if the user ID database 105 in Fig. 1 is empty. This would be the case, for example, if the code entry module 103 is new and has never been used, or if the user 101 has erased all the information in the database 105.
If the database 105 is empty, then the process 500 is directed by an arrow 503 to 506 in Fig. 7 which depicts a process 700 dealing with the enrolment or the administration function for loading relevant signatures into the database 105. If on the other hand the database 105 is not empty, then the process 500 is directed to a step 504 that determines if the biometric signal that has been received is an administrator's biometric signal.
The disclosed access system 100 can accommodate at least two classes of user, namely administrators and (ordinary) users. The administrators have the ability to amend data stored, for example, in the database 105, while the ordinary users do not have this capability. The first user of the code entry module 103, whether this is the user who purchases the module 103, or the user who programs the module 103 after all data has been erased from the database 105, is automatically categorised as an administrator. This first administrator can direct the access system 100 to either accept further administrators, or alternately to only accept further ordinary users.
Although the present description refers to "users", in fact it is "fingers" which are the operative entities in system operation when the biometric sensor 121 (see Fig. 1) is a fingerprint sensor, hi this event, a single user can enrol two or more of his or her own fingers as separate administrators or (ordinary) users, by storing corresponding fingerprints for corresponding fingers in the database 105 via the enrolment process 700 (see Fig. 7).
The first administrator can provide control information to the code entry module 103 by providing a succession of finger presses to the biometric sensor 121, providing that these successive presses are of the appropriate duration, the appropriate quantity, and are input within a predetermined time. In one arrangement, the control information is encoded by either or both (a) the number of finger presses and (b) the relative duration of the finger presses. If the successive finger presses are provided within this predetermined time, then the controller/password generator 107 accepts the presses as potential control information and checks the input information against a stored set of legal control signals. One example of a legal control signal can be expressed as follows:
"Enrol an ordinary user" -> dit, dit, dit, dah where "dit" is a finger press of one second's duration (provided by the user 101 in response to the feedback provided by the Amber LED as described below), and "dah" is a finger press of two second's duration.
In the event that a legitimate sequence of finger presses are not delivered within the predetermined time, then the presses are considered not to be control information and merely to be presses intended to provide access to the controlled item 111. Legitimate control sequences are defined in Read Only Memory (ROM) in the controller/ password generator 107.
The code entry module 103 has feedback signalling mechanisms 122, implemented for example by the LCD 122, and 124, implemented by an audio transducer. The code entry module 103 may also comprise Light Emitting Diodes (LEDs) 109 to signal the state of the code entry module 103 to the user 101, and to direct the administration process. Thus, in one example, three LEDs, being Red, Amber and Green are provided.
When the Amber LED is flashing, it means "Press the sensor". When the Amber LED is steady ON, it means "Maintain finger pressure". When the Amber LED is OFF, it means "Remove finger pressure". When the system 100 enters the enrolment state (depicted by the process 600 in Fig. 6), then the audio transducer 124 emits the "begin enrolment" signal (dit dit dit dit) and the Red LED flashes. Enrolment of a normal user (according to the step 607 in Fig. 6) is signalled by the OK audio signal (dit dit) and a single blink of the Green LED.
Returning to the step 504, if the step determines that the biometric signal received is an administrator's signal, then the process 500 is directed by a YES arrow to 506 in Fig. 6 as depicted by the arrow 503. If on the other hand, the step 504 indicates that the received biometric signal does not belong to an administrator then the process 500 is directed by a NO arrow to 505.
Fig. 6 shows a process 600 for implementing various enrolment procedures. The process 600 commences at 506 from Fig. 5 after which a step 601 determines if the biometric signal is a first administrators input (which is the case if the database 105 is empty). If this is the case, then the process 600 is directed to a step 602 that stores the administrator's signature in the database 105. From a terminology perspective, this first administrator, or rather the first administrator's first finger (in the event that the biometric sensor 121 in Fig. 1 is a fingerprint sensor), is referred to as the "superfmger". Further administrator's fingers are referred to as admin-fingers, and ordinary users fingers are referred to merely as "fingers". The reason that someone would enrol more than one of their own fingers into the system is to ensure that even in the event that one of their enrolled fingers is injured, the person can still operate the system using another enrolled finger.
It is noted that the step 602, as well as the steps 605, 607 and 609 involve sequences of finger presses on the biometric sensor 121 in conjunction with feedback signals from the LEDs 122 and/or the audio speaker 124. The process 600 then proceeds to a step 610 that determines if further enrolment procedures are required. If this is the case, then the process 600 proceeds by a YES arrow back to the step 601. If no further enrolment procedures are required, then the process 600 proceeds by a NO arrow to 505 in Fig. 5.
Returning to the step 601, if the biometric signal is not a first administrator's signal, then the process 600 proceeds by a NO arrow to a step 603. The step 603 determines if a further administrator signature is to be stored. It is noted that all signatures stored in the database are tagged as belonging to one or more of the classes of administrator and ordinary user. If a further administrator signature is to be stored, then the process 600 proceeds by a YES arrow to the step 602 that stores the biometric signal as a further administrator's signature. If a further administrator's signature is not required, then the process 600 proceeds according to a NO arrow to a step 606.
The step 606 determines if a further simple signature (ie belonging to an ordinary user) is to be stored. If a further simple signature is to be stored, then the process 600 proceeds by a YES arrow to the step 607 that stores the biometric signal as a further ordinary signature.
If a further simple signature is not required, then the process 600 proceeds according to a NO arrow to a step 608 that determines if any or all signatures are to be erased from the database 105. If this is the case then the process 600 follows a YES arrow to a step 609 that erases the desired signatures. The process 600 then proceeds to the step 610. If however the step 608 determines that no signatures are to be erased, then the process 600 proceeds by a NO arrow to the step 610.
Fig. 7 shows another enrolment process relating to the example of Fig. 5. The process 700 commences at 506 from Fig. 5 after which a step 701 determines if the received biometric signal comes from the first administrator. If this is the case, then the process 700 proceeds according to a YES arrow to a step 702. The step 702 emits an "Enrolment" tone and flashes the green LED once only. Thereafter, a step 705 reads the incoming biometric signal which is provided by the user as directed by the Amber LED. When the Amber LED flashes continuously, this directs the user to "Apply Finger". When the Amber LED is in a steady illuminated state, this directs the user to "Maintain Finger Pressure". Finally, when the amber LED is off, this directs the user to "Remove
Finger".
Returning to the step 701, if the incoming biometric signal does not belong to the first administrator, then the process 700 proceeds according to a NO arrow to a step 703. The step 703 emits an "Enrolment" tone, and flashes the Red LED in an on-going fashion. Thereafter, the process 700 proceeds according to an arrow 704 to the step 705.
Following the step 705, a step 706 determines whether the incoming biometric signal is legible. If this is not the case, then the process 700 proceeds according to a NO arrow to a step 707. The step 707 emits a "Rejection" tone, after which the process 700 is directed, according to an arrow 708 to 505 in Fig. 5. Returning to the step 706, if the incoming biometric signal is legible, then the process 700 follows a YES arrow to a step 709. The step 709 determines whether the finger press exceeds a predetermined time. If this is not the case, then the process 700 follows a NO arrow to a step 710 which stores the biometric signal, which in the present case is a fingerprint signature. Thereafter the process 700 follows an arrow 711 to 505 in Fig. 5.
Returning to the step 709 if the finger press does exceed the predetermined period, then the process follows a YES arrow to a step 712. The step 712 erases relevant signatures depending upon the attributes of the incoming biometric signal. Thus, for example, if the incoming biometric signal belongs to an ordinary user, then the ordinary user's signature in the database 105 is erased by the step 712. If, on the other hand, the incoming biometric signal belongs to the first administrator, then all the signatures in the database 105 are erased. Administrators who are not the first administrator can be granted either the same powers as the first administrator in regard to erasure of signatures, or can be granted the same powers as ordinary users in this respect. Once the step 712 has completed erasure of the relevant signatures, then the process 700 follows an arrow 713 to 505 in Fig. 5.
Fig. 8 is a schematic block diagram of the sub-system 116 in Fig. 1. The disclosed secure access methods are preferably practiced using an arrangement, such as that shown in Fig. 8 wherein the processes of Figs. 3-4, and 5-7 may be implemented as software, such as application program modules executing within the sub-system 116. In particular, the method steps for providing secure access are effected by instructions in the software that are carried out under direction of the respective controller/password generator 107 and the processor 205 in the first and second sub-systems 116 and 117. The instructions may be formed as one or more code modules, each for performing one or more particular tasks. The software may also be divided into two separate parts, in which a first part performs the provision of secure access methods and a second part manages a user interface between the first part and the user. The software may be stored in a computer readable medium, including the storage devices described below, for example. The software is loaded into the first and second sub-systems 116 and 117 from the computer readable medium, and then executed under direction of the respective controller/password generator 107 and processor 205. A computer readable medium having such software or computer program recorded on it is a computer program product. The use of the computer program product in the computer preferably effects an advantageous apparatus for provision of secure access.
The following description is directed primarily to the first sub-system 116, however the description applies in general to the operation of the second sub-system 117. The system 100 is formed, having regard to the first sub-system 116, by the controller/ password generator module 107, input devices such as the bio sensor 121, output devices including the LCD display 122, the LED indicators 109 and the audio device 124. A communication interface/transceiver 1008 may be used by the controller/password generator module 107 for communicating to and from a communications network 1020.
The controller/password generator module 107 typically includes at least one processor unit 1005, and a memory unit 1006, for example formed from semiconductor random access memory (RAM) and read only memory (ROM). The controller/password generator module 107 also includes a number of input/output (I/O) interfaces including an audio-video interface 1007 that couples to the LCD display 122, the LED indicators 109 and audio speaker 124, an I/O interface 1013 for the bio-sensor 121, and the interface 1008 for communications. The components 1007, 1008, 1005, 1013 and 1006 the controller module 107 typically communicate via an interconnected bus 1004 and in a manner which results in a conventional mode of operation of the controller 107 known to those in the relevant art.
Typically, the application program modules for the first sub-system 116 are resident in the memory 1006 iROM, and are read and controlled in their execution by the processor 1005. Intermediate storage of the program and any data fetched from the bio sensor 121 and the network 1020 may be accomplished using the RAM in the semiconductor memory 1006. In some instances, the application program modules may be supplied to the user encoded into the ROM in the memory 1006. Still further, the software modules can also be loaded into the first sub-system 116 from other computer readable media, say over the network 1020. The term "computer readable medium" as used herein refers to any storage or transmission medium that participates in providing instructions and/or data to the first sub-system 116 for execution and/or processing. Examples of storage media include floppy disks, magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, a magneto-optical disk, or a computer readable card such as a PCMCIA card and the like, whether or not such devices are internal or external of the first sub-system 116. Examples of transmission media include radio or infra-red transmission channels as well as a network connection to another computer or networked device, and the Internet or Intranets including e-mail transmissions and information recorded on Websites and the like. The process 400 of Fig. 4 may be implemented using the second sub-system, as shown in Fig. 2 wherein the process 400 may be implemented as software, such as one or more application programs executable within the authentication server 200. Li particular, the steps of process 400 are effected by instructions in the software that are carried out within the server 200. The instructions may be formed as one or more code modules, each for performing one or more particular tasks. The software may be stored in a computer readable medium, including the storage devices described below, for example. The software is loaded into the server 200 from the computer readable medium, and then executed by the server 200. A computer readable medium having such software or computer program recorded on it is a computer program product. The use of the computer program product in the server 200 preferably effects an advantageous apparatus for implementing the method 400.
As seen in Fig. 2, the authentication server 200 is formed by a computer module 201, input devices such as a keyboard 202 and a mouse pointer device 203, and output devices including a printer 215, a display device 214 and loudspeakers 217. An external Modulator-Demodulator (Modem) transceiver device 216 may be used by the computer module 201 for communicating to and from the personal computer 250 over the communications network 220 via a connection 221. The network 220 may be a wide-area network (WAN), such as the Internet or a private WAN. Where the connection 221 is a telephone line, the modem 216 may be a traditional "dial-up" modem. Alternatively, where the connection 221 is a high capacity (eg: cable) connection, the modem 216 may be a broadband modem. A wireless modem may also be used for wireless connection to the network 220.
The computer module 201 typically includes at least one processor unit 205, and a memory unit 206 for example formed from semiconductor random access memory (RAM) and read only memory (ROM). The module 201 also includes an number of input/output (I/O) interfaces including an audio-video interface 207 that couples to the video display 214 and loudspeakers 217, an I/O interface 213 for the keyboard 202 and mouse 203 and optionally a joystick (not illustrated), and an interface 208 for the external modem 216 and printer 215. In some implementations, the modem 216 may be incorporated within the computer module 201, for example within the interface 208. The computer module 201 also has a local network interface 211 which, via a connection 223, permits coupling of the computer system 200 to a local computer network 222, known as a Local Area Network (LAN). As also illustrated, the local network 222 may also couple to the wide network 220 via a connection 224, which would typically include a so-called "firewall" device or similar functionality. The interface 211 may be formed by an Ethernet™ circuit card, a wireless Bluetooth™ or an IEEE 802.11 wireless arrangement.
The interfaces 208 and 213 may afford both serial and parallel connectivity, the former typically being implemented according to the Universal Serial Bus (USB) standards and having corresponding USB connectors (not illustrated). Storage devices 209 are provided and typically include a hard disk drive (HDD) 210. Other devices such as a floppy disk drive and a magnetic tape drive (not illustrated) may also be used. An optical disk drive 212 is typically provided to act as a non- volatile source of data. Portable memory devices, such optical disks (eg: CD-ROM, DVD), USB-RAM, and floppy disks for example may then be used as appropriate sources of data to the system 200. The components 205 to 213 of the computer module 201 typically communicate via an interconnected bus 204 and in a manner which results in a conventional mode of operation of the computer system 200 known to those in the relevant art. Examples of computers on which the described arrangements can be practised include IBM-PC's and compatibles, Sun Sparcstations, Apple Mac™ or alike computer systems evolved therefrom.
Typically, the application programs for the second sub-system 117 are resident on the hard disk drive 210 and read and controlled in execution by the processor 205. Intermediate storage of such programs and any data fetched from the networks 220 and 222 may be accomplished using the semiconductor memory 206, possibly in concert with the hard disk drive 210. In some instances, the application programs may be supplied to the user encoded on one or more CD-ROM and read via the corresponding drive 212, or alternatively may be read by the user from the networks 220 or 222. Still further, the software can also be loaded into the computer system 200 from other computer readable media. Computer readable media refers to any storage medium that participates in providing instructions and/or data to the computer system 200 for execution and/or processing. Examples of such media include floppy disks, magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, a magneto-optical disk, or a computer readable card such as a PCMCIA card and the like, whether or not such devices are internal or external of the computer module 201. Examples of computer readable transmission media that may also participate in the provision of instructions and/or data include radio or infra-red transmission channels as well as a network connection to another computer or networked device, and the Internet or Intranets including e-mail transmissions and information recorded on Websites and the like. Industrial Applicability It is apparent from the above that the arrangements described are applicable to the security industry.
The foregoing describes only some embodiments of the present invention, and modifications and/or changes can be made thereto without departing from the scope and spirit of the invention, the embodiments being illustrative and not restrictive.
The system 100 can also be used to provide authorised access to lighting systems, building control devices, exterior or remote devices such as air compressors and so on. The concept of "secure access" is thus extendible beyond mere access to restricted physical areas.

Claims

Claims
1. A system for providing secure access to a controlled application, the system comprising: a database of one or more biometric signatures; a first subsystem comprising: a biometric sensor for receiving a biometric signal; means for matching the biometric signal against members of the database of biometric signatures to thereby determine an authentication signal; and means for generating a password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value; and a second sub-system comprising; means for receiving the password; and means for providing conditional access to the controlled application dependent upon said password.
2. A system according to claim 1, wherein the controlled application is executing on said second sub-system.
3. A system according to claim 1, wherein the encryption process is a time dependent process.
4. A system according to claim 1, wherein the encryption process is an event synchronous process.
5. A system according to claim 1, wherein the first sub-system further comprises means for populating the database of biometric signatures.
6. A system according to claim 2, wherein the means for populating the database of biometric signatures comprises: means for receiving a series of entries of the biometric signal, said series being characterised according to at least one of the number of said entries and a duration of each said entry; means for mapping said series into an instruction; and means for populating the database according to the instruction.
7. A system according to claim 3 further comprising: means for providing a signal for directing input of the series of entries of the biometric signal; means for incorporating into the secure access signal an identification field identifying the biometric signal if the signal matches a member of the database; and means for constructing an audit trail of biometric signals provided to the biometric sensor for the purpose of accessing the controlled item.
8. A system according to claim 4, wherein the database of biometric signatures comprises signatures in at least one of a system administrator class and a system user class.
9. A system according to claim 1, wherein the controlled application is an Internet banking website.
10. A system according to claim 1, wherein the biometric sensor is responsive to one of a fingerprint pattern, voice, retinal pattern, iris pattern, face pattern, vein pattern and palm configuration.
11. A system according to claim 1, wherein the database of biometric signatures is located in the first sub-system.
12. A system according to claim 1, wherein the first sub-system is a password generator.
13. A system according to claim 1, wherein the second sub-system comprises an authentication server.
14. A first sub-system for operating in a system for providing secure access to a controlled application, the system comprising a database of biometric signatures, a second sub-system comprising means for receiving a password, and means for providing conditional access to the controlled application dependent upon the password, the first subsystem comprising: a biometric sensor for receiving a biometric signal; means for matching the biometric signal against members of the database of biometric signatures to thereby determine an authentication signal; and means for generating the password dependent upon said authentication signal, wherein said password is generated according to an encryption process based on a dynamic input value.
15. A first system according to claim 14, wherein the controlled application is executing on said second sub-system.
16. A first system according to claim 14, wherein the encryption process is a time dependent process.
17. A first system according to claim 14, wherein the encryption process is an event synchronous process.
18. A first sub-system according to claim 14, further comprising means for populating the database of biometric signatures.
19. A first sub-system according to claim 18, wherein the means for populating the database of biometric signatures comprises: means for receiving a series of entries of the biometric signal, said series being characterised according to at least one of the number of said entries and a duration of each said entry; means for mapping said series into an instruction; and means for populating the database according to the instruction.
20. A first sub-system according to claim 19 further comprising: means for providing a signal for directing input of the series of entries of the biometric signal; and means for incorporating into the secure access signal an identification field identifying the biometric signal if the signal matches a member of the database, said identification field for use in constructing an audit trail of biometric signals provided to the biometric sensor for the purpose of accessing the controlled item.
21. A first sub-system according to claim 20, wherein the database of biometric signatures comprises signatures in at least one of a system administrator class and a system user class.
22. A first sub-system according to claim 14, wherein the database of biometric signatures comprises signatures in at least one of a system administrator class and a system user class.
23. A first sub-system according to claim 14, wherein the biometric sensor is responsive to one of voice, retinal pattern, iris pattern, face pattern, and palm configuration.
24. A first sub-system according to claim 14, wherein the database of biometric signatures is located in the first sub-system.
25. A system according to claim 14, wherein the first sub-system is a password generator.
26. A system according to claim 14, wherein the second sub-system comprises an authentication server.
27. A password generator for providing secure access to a controlled application executing within a system, the system comprising a database of biometric signatures, a sub-system comprising means for receiving the password, and means for providing conditional access to the controlled application dependent upon the password, said password generator comprising: a biometric sensor for receiving a biometric signal; a processor for matching the biometric signal against members of the database of biometric signatures to thereby determine an authentication signal, and for generating the password dependent upon said authentication signal, wherein said password is generated according to an encryption process based on a dynamic input value.
28. A password generator according to claim 27, wherein the controlled application is executing on said sub-system.
29. A password generator according to claim 27, wherein the encryption process is a time dependent process.
30. A password generator according to claim 27, wherein the encryption process is an event synchronous process.
31. A password generator according to claim 27, wherein the password generator further comprises means for populating the database of biometric signatures.
32. A password generator according to claim 27, wherein the means for populating the database of biometric signatures comprises: means for receiving a series of entries of the biometric signal, said series being characterised according to at least one of the number of said entries and a duration of each said entry; means for mapping said series into an instruction; and means for populating the database according to the instruction.
33. A password generator according to claim 27, wherein the controlled application is an Internet banking website.
34. A password generator according to claim 27, wherein the biometric sensor is responsive to one of a fingerprint pattern, voice, retinal pattern, iris pattern, face pattern, vein pattern and palm configuration.
35. A password generator according to claim 27, wherein the database of biometric signatures is located in the password generator.
36. A password generator according to claim 27, wherein the sub-system comprises an authentication server.
37. A method for providing secure access to a controlled application, the method comprising the steps of: receiving a biometric signal; matching the biometric signal against members of a database of biometric signatures to thereby output an authentication signal; generating a password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value; and providing conditional access to the controlled application dependent upon said password.
38. A method according to claim 37, wherein the controlled application is executing on a server.
39. A method according to claim 37, wherein the encryption process is a time dependent process.
40. A method according to claim 37, wherein the encryption process is an event synchronous process.
41. A method according to claim 37, wherein the database of biometric signatures comprises signatures in at least one of a system administrator class and a system user class.
42. A method for populating a database of biometric signatures in a system for providing secure access to a controlled application, the system comprising said database of biometric signatures, a first subsystem comprising a biometric sensor for receiving a biometric signal, and means for generating a password capable of granting access to the controlled item, said password being generated according to an encryption process based on a dynamic input value, and a second sub-system comprising means for receiving the password, and means for providing access to the controlled item dependent upon said password, said method comprising the steps of: receiving a series of entries of the biometric signal; determining at least one of the number of said entries and a duration of each said entry; mapping said series into an instruction; and populating the database according to the instruction.
43. A method generating a password in a system for providing secure access to a controlled application, the system comprising a database of biometric signatures, a first sub-system comprising means for receiving the password generated by a second subsystem, and means for providing conditional access to the controlled application dependent upon the password, said method comprising the steps of: receiving a biometric signal by biometric sensor; matching the biometric signal against members of the database of biometric signatures to thereby output an authentication signal; and generating the password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value.
44. A computer program product having a computer readable medium having a computer program recorded therein for directing a processor to provide secure access to a controlled application, said computer program product comprising: code for receiving a biometric signal; code for matching the biometric signal against members of a database of biometric signatures to thereby output an authentication signal; code for generating a password dependent upon said authentication signal, said password being generated according to an encryption process based on a dynamic input value; and code for providing conditional access to the controlled application dependent upon said password.
45. A computer program product having a computer readable medium having a computer program recorded therein for directing a processor to execute a method for populating a database of biometric signatures in a system for providing secure access to a controlled application, the system comprising said database of biometric signatures, a first subsystem comprising a biometric sensor for receiving a biometric signal, and means for generating a password capable of granting access to the controlled application, and a second sub-system comprising means for receiving the password, and means for providing access to the controlled application dependent upon the password, said program comprising: code for receiving a series of entries of the biometric signal; code for determining at least one of the number of said entries and a duration of each said entry; code for mapping said series into an instruction; and code for populating the database according to the instruction.
46. A computer program product having a computer readable medium having a computer program recorded therein for directing a processor to generate a password for providing secure access to a controlled application, said computer program product comprising: code for receiving a biometric sensor by biometric signal; code for matching the biometric signal against members of the database of biometric signatures to thereby output an authentication signal; and code for generating the password dependent upon said authentication signal, wherein said password is generated according to an encryption process based on a dynamic input value.
EP07784873A 2006-09-12 2007-08-30 Password generator Withdrawn EP2106644A4 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2006905032A AU2006905032A0 (en) 2006-09-12 Password generator
PCT/AU2007/001253 WO2008031143A1 (en) 2006-09-12 2007-08-30 Password generator

Publications (2)

Publication Number Publication Date
EP2106644A1 true EP2106644A1 (en) 2009-10-07
EP2106644A4 EP2106644A4 (en) 2012-12-19

Family

ID=39183256

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07784873A Withdrawn EP2106644A4 (en) 2006-09-12 2007-08-30 Password generator

Country Status (2)

Country Link
EP (1) EP2106644A4 (en)
WO (1) WO2008031143A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2008316289B2 (en) 2007-10-22 2012-03-22 Cpc Patent Technologies Pty Ltd A transmitter for transmitting a secure access signal
KR100936920B1 (en) * 2007-12-14 2010-01-18 한국전자통신연구원 Method, Client and System for Reservation Connection to Management Server using One-Time Password
US8656473B2 (en) 2009-05-14 2014-02-18 Microsoft Corporation Linking web identity and access to devices
GB2611755A (en) * 2021-10-12 2023-04-19 Validsoft Ltd Methods and systems for providing a user with secure access to an online account

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5280527A (en) * 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
WO2002088932A1 (en) * 2001-04-26 2002-11-07 Audlem, Ltd. A bio-metric smart card, bio-metric smart card reader, and method of use
US6687375B1 (en) * 1999-06-02 2004-02-03 International Business Machines Corporation Generating user-dependent keys and random numbers
US20050253683A1 (en) * 2004-05-17 2005-11-17 Identification Technology Group Biometrically authenticated portable access device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6151676A (en) * 1997-12-24 2000-11-21 Philips Electronics North America Corporation Administration and utilization of secret fresh random numbers in a networked environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5280527A (en) * 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
US6687375B1 (en) * 1999-06-02 2004-02-03 International Business Machines Corporation Generating user-dependent keys and random numbers
WO2002088932A1 (en) * 2001-04-26 2002-11-07 Audlem, Ltd. A bio-metric smart card, bio-metric smart card reader, and method of use
US20050253683A1 (en) * 2004-05-17 2005-11-17 Identification Technology Group Biometrically authenticated portable access device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2008031143A1 *

Also Published As

Publication number Publication date
EP2106644A4 (en) 2012-12-19
WO2008031143A1 (en) 2008-03-20

Similar Documents

Publication Publication Date Title
US8458484B2 (en) Password generator
CA2417901C (en) Entity authentication in electronic communications by providing verification status of device
Idrus et al. A review on authentication methods
US7415605B2 (en) Biometric identification network security
US20160219046A1 (en) System and method for multi-modal biometric identity verification
US20070118758A1 (en) Processing device, helper data generating device, terminal device, authentication device and biometrics authentication system
US20030101348A1 (en) Method and system for determining confidence in a digital transaction
US20090235086A1 (en) Server-side biometric authentication
US20040117636A1 (en) System, method and apparatus for secure two-tier backup and retrieval of authentication information
EP2513834B1 (en) System and method for verifying the identity of an individual by employing biometric data features associated with the individual as well as a computer program product for performing said method
WO2007112023A2 (en) Secure biometric processing system and method of use
JP2005050308A (en) Personal authentication device, system, and method thereof
JP2005516268A (en) Method for operating a computer system
KR20070024633A (en) Renewable and private biometrics
US20010048359A1 (en) Restriction method for utilization of computer file with use of biometrical information, method of logging in computer system and recording medium
JP2003509771A (en) Security equipment
KR100974815B1 (en) System for Authenticating a Living Body Doubly
WO2008031143A1 (en) Password generator
US20030014642A1 (en) Security arrangement
Ashish et al. Biometric template protection
Nath et al. Issues and challenges in two factor authentication algorithms
KR100657577B1 (en) System and method for authorization using client information assembly
RU2260840C2 (en) Protection means
JP2006323691A (en) Authentication device, registration device, registration method and authentication method
JP2002304230A (en) Person authentication system, and input device

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090807

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20121119

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/00 20060101ALI20121113BHEP

Ipc: H04L 9/32 20060101AFI20121113BHEP

17Q First examination report despatched

Effective date: 20150219

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20150702