WO2000010134A1 - Security system - Google Patents

Security system Download PDF

Info

Publication number
WO2000010134A1
WO2000010134A1 PCT/EP1999/005879 EP9905879W WO0010134A1 WO 2000010134 A1 WO2000010134 A1 WO 2000010134A1 EP 9905879 W EP9905879 W EP 9905879W WO 0010134 A1 WO0010134 A1 WO 0010134A1
Authority
WO
WIPO (PCT)
Prior art keywords
chip card
security system
card reader
module
fingerprint sensor
Prior art date
Application number
PCT/EP1999/005879
Other languages
German (de)
French (fr)
Inventor
Wolfgang Neifer
Original Assignee
Scm Microsystems Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Scm Microsystems Gmbh filed Critical Scm Microsystems Gmbh
Priority to JP2000565507A priority Critical patent/JP2002522852A/en
Priority to EP99944372A priority patent/EP1104572A1/en
Publication of WO2000010134A1 publication Critical patent/WO2000010134A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/26Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass

Definitions

  • the invention relates to a security system for identity and authorization checking in a secure communication environment.
  • the identity and authorization check is usually carried out in a secure communication environment using personal identification in combination with a memory or chip card. For example, a bank card and then a personal PIN of the user must be entered at an ATM. Experience shows that such identity and authorization checks are not sufficient to prevent any misuse. Entering your personal PIN is not only cumbersome, it can also be spied on relatively easily.
  • the invention provides a security system which offers very high protection when a personal secret code is not entered.
  • the security system contains a chip card reader in the form mat a PC card on which personal data is stored.
  • a fingerprint sensor is coupled to the chip card reader.
  • a validation device validates the personal information read from the chip card as a function of data supplied by the fingerprint sensor. For the positive outcome of an identity and authorization check, it is necessary that both the chip card with the personal data is available and the parameter supplied by the finterprint sensor is correctly assigned to the personal data stored on the chip card.
  • the security system contains an interface for connection to the network.
  • This interface can be a common network adapter, a modem or an IR interface. Communication between the local data processing device and the network can only take place via the security system.
  • Such a security system can ensure that only authorized users can access the network. Furthermore, it can be provided that all messages transmitted in one or in both directions are signed by the parameter supplied by the fingerprint sensor and thus authenticated.
  • a second solution is to arrange the fingerprint sensor on a module coupled to the chip card reader by a detachable plug connection.
  • this parameter is not transmitted directly but in encrypted form.
  • the module has a SAM card reader and an internal processor. Even with such an embodiment of the security system, the communication between a local data processing device and a network or the like can be controlled with a maximum of security.
  • FIG. 1 shows a schematic side view of a chip card reader with an inserted chip card and a plugged-in sensor module
  • Figure 2 is an end view of the sensor module
  • FIG. 3 shows a top view of the sensor module with the chip card shown cut off
  • Figure 4 shows three possible embodiments for the housing of the sensor module
  • FIG. 5 shows a schematic side view of the chip card reader and the sensor module according to a further embodiment
  • FIG. 6 shows an end view of the sensor module
  • FIG. 7 shows a top view of the sensor module
  • FIG. 8 shows a schematic side view of a further embodiment of the chip card reader with a sensor module
  • FIG. 9 is a block diagram of the security system.
  • the security system shown in Figure 1 for the identity and authorization check in a secure communication environment contains a chip card reader 10 in the format of a PC card and a sensor module 12, which has a fingerprint sensor 14 and by a connector is detachably coupled to the chip card reader 10.
  • the chip card reader 10 has a receiving channel for a chip card 16 and a contact field 18 arranged in the receiving channel for contacting the chip card 16.
  • the receiving channel for the chip card is formed between a cover plate 10a and the main body 10b of the chip card reader.
  • the sensor module 12 is coupled to the narrow end face of the chip card reader 10, from which the chip card 16 protrudes.
  • the housing of the sensor module 12 is provided with a slot 20 for the passage of the chip card 16.
  • the fingerprint sensor 14 is embedded in the upper main surface of the sensor module 12.
  • Two guide pins 24 of the sensor module 12 can be inserted into corresponding receiving openings on the narrow face of the chip card reader 10.
  • a number of contact pins 26 of the sensor module 12 can be inserted into corresponding contact openings on the same end face of the chip card reader 10.
  • Actuating elements 28 for a locking device are attached to the narrow sides of the sensor module 12, by means of which the sensor module 12 is releasably locked to the chip card reader 10.
  • the contact surface 16a of the chip card 16 is also shown in FIG. It comes to rest under the contact field 18 when the chip card 16 is inserted into the chip card reader 10.
  • the slot 20 shown in FIG. 2 or a recess 20a on the underside or a recess 20b on the top of the sensor module 12 is provided on the housing of the sensor module 12, as in FIG. 4 illustrated.
  • a housing block with a ramp-shaped support surface is formed on the sensor module 12, into which the fingerprint sensor 14 is embedded. Furthermore, the sensor module 12 is for receiving and reading out a so-called SAM card or SIM card 32 educated. This card is a well-known security and authentication module.
  • Part of the sensor module 12 is also an interface for connection to a communication system; in the embodiment shown, this is a network adapter to which a network cable 34 is connected by means of a plug connector 36.
  • FIG. 8 shows an embodiment of the chip card reader with a receiving channel for the chip card, which is formed between a base plate and the main body of the chip card reader.
  • the security system consisting of the chip card reader 10 with chip card 16 on the one hand and the sensor module 12 with fingerprint sensor 14 and SAM card 32 on the other hand is inserted between a data processing device (PC) called a host and a network connection.
  • the chip card reader 10 has its own local bus. The two bus systems are coupled to one another via the plug connection between chip card reader 10 and sensor module 12.
  • the chip card reader 10 contains an internal processor 40 which performs the functions of authentication, identification, cryptographic encryption and signature.
  • the chip card reader 10 is equipped with a suitable interface 42, in particular a PCMCIA interface.
  • the chip card reader 10 contains a memory 44 for saved data in flash technology and a time stamp unit 46, which may include a radio clock module.
  • the chip card 16 is designed as a so-called smart card and contains its own processor and memory circuits. In particular, personal keys and code words are stored in chip card 16 for the purpose of checking identity and authorization. All Components of the chip card reader 10 are coupled to its internal local bus.
  • the sensor module 12 also contains an internal processor 50, the task of which is in particular the analysis of the fingerprint data supplied by the sensor 14 for the purpose of identification.
  • the SAM card is read out via a contact unit 52. Fingerprint identification data of the authorized user are stored on the SAM card.
  • the communication interface of the sensor module 12 comprises an interface control unit 54 and a network adapter 56 to which the network cable 34 is connected.
  • the SAM card contains data and structures for encrypting this data, which are then transferred in an encrypted form to the chip card reader 10 for evaluation.
  • An encrypted transmission of the fingerprint data can be dispensed with if the fingerprint sensor and chip card reader are integrated with one another, so that it is not possible to intercept the data from the fingerprint sensor.
  • the communication interface network adapter
  • the communication interface is also integrated in the system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Human Computer Interaction (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Image Input (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The present invention relates to a security system for identity and authorisation checking in a protected communication environment. This system essentially involves using a smart-card reader having the same format as a PC card. Personal data is memorised on the smart card, while a fingerprint detector is coupled to the smart-card reader. The personal data read from the smart card is validated according to the data provided by the fingerprint detector.

Description

Sicherheitssystem security system
Die Erfindung betrifft ein Sicherheitssystem für die Identitäts- und Berechtigungsprüfung in einer gesicherten Kommunikationsumgebung.The invention relates to a security system for identity and authorization checking in a secure communication environment.
Die Identitäts- und Berechtigungsprüfung erfolgt in einer gesicherten Koirurvunikationsumgebung in der Regel anhand von persönlichen Kennzeichnungen in Kombination mit einer Speicher- oder Chipkarte. Beispielsweise muß an einem Bankautomat zuerst eine Bankkarte und dann eine persönliche Geheimzahl des Benutzers eingegeben werden. Wie die Erfahrung zeigt, sind derartige Identitäts- und Berechtigungskontrollen nicht ausreichend, um jeden Mißbrauch zu verhindern. Die Eingabe der persönlichen Geheimzahl ist nicht nur umständlich, sie kann auch relativ leicht ausspioniert werden.The identity and authorization check is usually carried out in a secure communication environment using personal identification in combination with a memory or chip card. For example, a bank card and then a personal PIN of the user must be entered at an ATM. Experience shows that such identity and authorization checks are not sufficient to prevent any misuse. Entering your personal PIN is not only cumbersome, it can also be spied on relatively easily.
Als sehr sicher gelten Identitäts- und Berechtigungsprüfungen mittels eines Fingerabdruck-Sensors. Es sind hoch auflösende, nach dem Prinzip einer kapazitiven Matrix arbeitende Sensoren bekannt, die von einem Fingerabdruck eine eindeutige und unverwechselbare Charakteristik ableiten und nach einer hochwirksamen Datenreduktion als Kenngröße zur Verfügung stellen. Diese Kenngröße kann in einer Anwendung als Zugangs- und Berechtigungsbedingung abgespeichert werden. In einem solchen System ist die Eingabe eines persönlichen Geheimcodes überflüssig. Es ist aber prinzipiell nicht auszuschließen, daß die von dem Fingerabdruck-Sensor gelieferte Kenngröße auf ihrem Übertragungsweg abgefangen oder ausspioniert wird.Identity and authorization checks using a fingerprint sensor are considered very secure. There are known high-resolution sensors which work according to the principle of a capacitive matrix, which derive a clear and unmistakable characteristic from a fingerprint and which are available as a parameter after a highly effective data reduction. This parameter can be saved in an application as an access and authorization condition. In such a system, entering a personal secret code is unnecessary. In principle, however, it cannot be ruled out that the parameter supplied by the fingerprint sensor is intercepted or spied on during its transmission.
Durch die Erfindung wird ein Sicherheitssystem geschaffen, das bei Verzicht auf die Eingabe eines persönlichen Geheimcodes einen sehr hohen Schutz bietet. Gemäß der Erfindung enthält das Sicherheitssystem einen Chipkartenleser im For- mat einer PC-Karte, auf der personenbezogene Daten gespeichert sind. An den Chipkartenleser ist ein Fingerabdruck- Sensor angekoppelt. Eine Validierungseinrichtung validiert die von der Chipkarte gelesenen personenbezogenen Informationen in Abhängigkeit von Daten, die von dem Fingerabdruck-Sensor geliefert werden. Für den positiven Ausgang einer Identitäts- und Berechtigungsprüfung ist es notwendig, daß sowohl die Chipkarte mit den personenbezogenen Daten verfügbar ist als auch die von dem Finterabdruck-Sensor gelieferte Kenngröße den auf der Chipkarte gespeicherten personenbezogenen Daten korrekt zugeordnet ist.The invention provides a security system which offers very high protection when a personal secret code is not entered. According to the invention, the security system contains a chip card reader in the form mat a PC card on which personal data is stored. A fingerprint sensor is coupled to the chip card reader. A validation device validates the personal information read from the chip card as a function of data supplied by the fingerprint sensor. For the positive outcome of an identity and authorization check, it is necessary that both the chip card with the personal data is available and the parameter supplied by the finterprint sensor is correctly assigned to the personal data stored on the chip card.
Mit dem erfindungsgemäßen Sicherheitssystem läßt sich eine hochgradig gesicherte Kontrolle über die Kommunikation zwischen einem lokalen Datenverarbeitungsgerät und einem Netzwerk aufbauen. Gemäß einem ersten Lösungsansatz, bei dem der Fingerabdruck-Sensor in den Chipkartenleser integriert ist, enthält das Sicherheitssystem eine Schnittstelle für den Anschluß an das Netzwerk. Bei dieser Schnittstelle kann es sich um einen üblichen Netzwerkadapter, ein Modem oder eine IR-Schnittstelle handeln. Die Kommunikation zwischen dem lokalen Datenverarbeitungsgerät und dem Netzwerk kann nur über das Sicherheitssystem erfolgen. Durch ein solches Sicherheitssystem kann gewährleistet werden, daß nur berechtigte Benutzer auf das Netzwerk zugreifen können. Ferner kann vorgesehen sein, daß alle in einer oder in beiden Richtungen übertragenen Nachrichten durch die von dem Fingerabdruck-Sensor gelieferte Kenngröße signiert und somit authentifiziert werden.With the security system according to the invention, a highly secure control over the communication between a local data processing device and a network can be established. According to a first solution, in which the fingerprint sensor is integrated in the chip card reader, the security system contains an interface for connection to the network. This interface can be a common network adapter, a modem or an IR interface. Communication between the local data processing device and the network can only take place via the security system. Such a security system can ensure that only authorized users can access the network. Furthermore, it can be provided that all messages transmitted in one or in both directions are signed by the parameter supplied by the fingerprint sensor and thus authenticated.
Ein zweiter Lösungsansatz besteht darin, den Fingerabdruck- Sensor an einem mit dem Chipkartenleser durch eine lösbare Steckverbindung gekoppelten Modul anzuordnen. Um bei dieser Lösung ein Ausspionieren der von dem Fingerabdruck-Sensor gelieferten Kenngröße im Bereich der Steckverbindung zu verhindern, wird diese Kenngröße nicht unmittelbar, sondern verschlüsselt übertragen. Zu diesem Zweck verfügt das Modul über einen SAM-Kartenleser und einen internen Prozessor. Auch mit einer solchen Ausführung des Sicherheitssystems läßt sich die Kommunikation zwischen einer lokalen Datenverarbeitungseinrichtung und einem Netzwerk oder dergleichen mit einem Höchstmaß von Sicherheit kontrollieren.A second solution is to arrange the fingerprint sensor on a module coupled to the chip card reader by a detachable plug connection. In order to prevent the parameter supplied by the fingerprint sensor from being spied on in the area of the plug connection in this solution, this parameter is not transmitted directly but in encrypted form. For this purpose, the module has a SAM card reader and an internal processor. Even with such an embodiment of the security system, the communication between a local data processing device and a network or the like can be controlled with a maximum of security.
Weitere Merkmale und Vorteile der Erfindung ergeben sich aus der folgenden Beschreibung und aus der Zeichnung, auf die Bezug genommen wird. In der Zeichnung zeigen:Further features and advantages of the invention will become apparent from the following description and from the drawing, to which reference is made. The drawing shows:
Figur 1 eine schematische Seitenansicht eines Chipkartenlesers mit eingeschobener Chipkarte und angestecktem Sensormodul;FIG. 1 shows a schematic side view of a chip card reader with an inserted chip card and a plugged-in sensor module;
Figur 2 eine Stirnansicht des Sensormoduls;Figure 2 is an end view of the sensor module;
Figur 3 eine Draufsicht des Sensormoduls mit abgeschnitten dargestellter Chipkarte;FIG. 3 shows a top view of the sensor module with the chip card shown cut off;
Figur 4 drei mögliche Ausführungsformen für das Gehäuse des Sensormoduls ;Figure 4 shows three possible embodiments for the housing of the sensor module;
Figur 5 eine schematische Seitenansicht des Chipkartenlesers und des Sensormoduls gemäß einer weiteren Ausführungsform;FIG. 5 shows a schematic side view of the chip card reader and the sensor module according to a further embodiment;
Figur 6 eine Stirnansicht des Sensormoduls;FIG. 6 shows an end view of the sensor module;
Figur 7 eine Draufsicht des Sensormoduls;FIG. 7 shows a top view of the sensor module;
Figur 8 eine schematische Seitenansicht einer weiteren Ausführungsform des Chipkartenlesers mit Sensormodul; undFIG. 8 shows a schematic side view of a further embodiment of the chip card reader with a sensor module; and
Figur 9 ein Blockschaltbild des Sicherheitssystems.Figure 9 is a block diagram of the security system.
Das in Figur 1 gezeigte Sicherheitssystem für die Identitäts- und Berechtigungsprüfung in einer gesicherten Kommunikationsumgebung enthält einen Chipkartenleser 10 im Format einer PC-Karte und einen Sensormodul 12, der einen Fingerabdruck-Sensor 14 aufweist und durch eine Steckverbindung lösbar mit dem Chipkartenleser 10 gekoppelt ist. Der Chipkartenleser 10 weist einen Aufnahirtekanal für eine Chipkarte 16 und ein in dem Aufnahmekanal angeordnetes Kontaktfeld 18 zur Kontaktierung der Chipkarte 16 auf. Bei der hier gezeigten Ausführungsform ist der Aufnahmekanal für die Chipkarte zwischen einer Deckelplatte 10a und dem Hauptkörper 10b des Chipkartenlesers gebildet.The security system shown in Figure 1 for the identity and authorization check in a secure communication environment contains a chip card reader 10 in the format of a PC card and a sensor module 12, which has a fingerprint sensor 14 and by a connector is detachably coupled to the chip card reader 10. The chip card reader 10 has a receiving channel for a chip card 16 and a contact field 18 arranged in the receiving channel for contacting the chip card 16. In the embodiment shown here, the receiving channel for the chip card is formed between a cover plate 10a and the main body 10b of the chip card reader.
Das Sensormodul 12 ist an die schmale Stirnfläche des Chipkartenlesers 10 angekoppelt, aus der die Chipkarte 16 herausragt. Für den Durchgang der Chipkarte 16 ist das Gehäuse des Sensormoduls 12 mit einem Schlitz 20 versehen. In die obere Hauptfläche des Sensormoduls 12 ist der Fingerabdruck-Sensor 14 eingelassen. Zwei Führungsstifte 24 des Sensormoduls 12 sind in entsprechende Aufnahmeöffnungen an der schmalen Stirnseite des Chipkartenlesers 10 einführbar. Eine Reihe von Kontaktstiften 26 des Sensormoduls 12 ist in entsprechende Kontaktöffnungen an derselben Stirnseite des Chipkartenlesers 10 einführbar. An den Schmalseiten des Sensormoduls 12 sind Betätigungselemente 28 für eine Verriegelungseinrichtung angebracht, mittels welcher das Sensormodul 12 lösbar mit dem Chipkartenleser 10 verrastet wird. In Figur 3 ist auch die Kontaktfläche 16a der Chipkarte 16 eingezeichnet. Sie kommt bei in den Chipkartenleser 10 eingeschobener Chipkarte 16 unter dem Kontaktfeld 18 zu liegen.The sensor module 12 is coupled to the narrow end face of the chip card reader 10, from which the chip card 16 protrudes. The housing of the sensor module 12 is provided with a slot 20 for the passage of the chip card 16. The fingerprint sensor 14 is embedded in the upper main surface of the sensor module 12. Two guide pins 24 of the sensor module 12 can be inserted into corresponding receiving openings on the narrow face of the chip card reader 10. A number of contact pins 26 of the sensor module 12 can be inserted into corresponding contact openings on the same end face of the chip card reader 10. Actuating elements 28 for a locking device are attached to the narrow sides of the sensor module 12, by means of which the sensor module 12 is releasably locked to the chip card reader 10. The contact surface 16a of the chip card 16 is also shown in FIG. It comes to rest under the contact field 18 when the chip card 16 is inserted into the chip card reader 10.
Je nach Anordnung des Aufnahmekanals für die Chipkarte 16 im Chipkartenleser ist am Gehäuse des Sensormoduls 12 der in Figur 2 zu erkennende Schlitz 20 oder aber eine Aussparung 20a an der Unterseite bzw. eine Aussparung 20b an der Oberseite des Sensormoduls 12 angebracht, wie in Figur 4 veranschaulicht.Depending on the arrangement of the receiving channel for the chip card 16 in the chip card reader, the slot 20 shown in FIG. 2 or a recess 20a on the underside or a recess 20b on the top of the sensor module 12 is provided on the housing of the sensor module 12, as in FIG. 4 illustrated.
Bei der in Figur 5 gezeigten Ausführungsform ist an dem Sensormodul 12 ein Gehäuseblock mit einer rampenförmigen Auflagefläche gebildet, in die der Fingerabdruck-Sensor 14 eingelassen ist. Ferner ist das Sensormodul 12 zur Aufnahme und zum Auslesen einer sogenannten SAM-Karte oder SIM-Karte 32 ausgebildet. Bei dieser Karte handelt es sich um einen bekannten Sicherheits- und Authentifizierungs-Modul .In the embodiment shown in FIG. 5, a housing block with a ramp-shaped support surface is formed on the sensor module 12, into which the fingerprint sensor 14 is embedded. Furthermore, the sensor module 12 is for receiving and reading out a so-called SAM card or SIM card 32 educated. This card is a well-known security and authentication module.
Bestandteil des Sensormoduls 12 ist ferner eine Schnittstelle für den Anschluß an ein Kommunikationssystem; bei der gezeigten Ausführungsform ist dies ein Netzwerk-Adapter, an den ein Netzwerkkabel 34 mittels eines Steckverbinders 36 angeschlossen wird.Part of the sensor module 12 is also an interface for connection to a communication system; in the embodiment shown, this is a network adapter to which a network cable 34 is connected by means of a plug connector 36.
Figur 8 zeigt eine Ausführungsform des Chipkartenlesers mit einem Aufnaϊimekanal für die Chipkarte, der zwischen einer Bodenplatte und dem Hauptkörper des Chipkartenlesers gebildet ist.FIG. 8 shows an embodiment of the chip card reader with a receiving channel for the chip card, which is formed between a base plate and the main body of the chip card reader.
Anhand des Blockschaltbilds in Figur 9 wird nun das dem Sicherheitssystem zugrunde liegende Konzept erläutert.The concept on which the security system is based is now explained on the basis of the block diagram in FIG.
Das aus dem Chipkartenleser 10 mit Chipkarte 16 einerseits und dem Sensormodul 12 mit Fingerabdruck-Sensor 14 und SAM- Karte 32 andererseits bestehende Sicherheitssystem ist zwischen ein als Host bezeichnetes Datenverarbeitungsgerät (PC) und einen Netzwerkanschluß eingefügt. Der Chipkartenleser 10 verfügt ebenso wie das Sensormodul 12 über einen eigenen lokalen Bus . Über die Steckverbindung zwischen Chipkartenleser 10 und Sensormodul 12 sind die beiden Bussysteme miteinander gekoppelt. Der Chipkartenleser 10 enthält einen internen Prozessor 40, der die Funktionen Authentifizierung, Identifizierung, kryptographische Verschlüsselung und Signatur übernimmt. Auf der Seite des Host ist der Chipkartenleser 10 mit einer geeigneten Schnittstelle 42, insbesondere einer PCMCIA-Schnittstelle ausgestattet. Ferner beinhaltet der Chipkartenleser 10 einen Speicher 44 für gesicherte Daten in Flash-Technologie und eine Zeitstempel-Einheit 46, die einen Funkuhr-Modul beinhalten kann. Die Chipkarte 16 ist als sogenannte Smartcard ausgebildet und enthält eigene Prozessor- und Speicherschaltungen. In der Chipkarte 16 sind insbesondere persönliche Schlüssel und Codewörter zum Zweck der Identitäts- und Berechtigungsprüfung abgelegt. Alle ge- nannten Bestandteile des Chipkartenlesers 10 sind an dessen internen lokalen Bus angekoppelt.The security system consisting of the chip card reader 10 with chip card 16 on the one hand and the sensor module 12 with fingerprint sensor 14 and SAM card 32 on the other hand is inserted between a data processing device (PC) called a host and a network connection. Like the sensor module 12, the chip card reader 10 has its own local bus. The two bus systems are coupled to one another via the plug connection between chip card reader 10 and sensor module 12. The chip card reader 10 contains an internal processor 40 which performs the functions of authentication, identification, cryptographic encryption and signature. On the host side, the chip card reader 10 is equipped with a suitable interface 42, in particular a PCMCIA interface. Furthermore, the chip card reader 10 contains a memory 44 for saved data in flash technology and a time stamp unit 46, which may include a radio clock module. The chip card 16 is designed as a so-called smart card and contains its own processor and memory circuits. In particular, personal keys and code words are stored in chip card 16 for the purpose of checking identity and authorization. All Components of the chip card reader 10 are coupled to its internal local bus.
Das Sensormodul 12 enthält ebenfalls einen internen Prozessor 50, dessen Aufgabe insbesondere die Analyse der von dem Sensor 14 gelieferten Fingerabdruck-Daten zum Zweck der Identifizierung ist. Die SAM-Karte wird über eine Kontakteinheit 52 ausgelesen. Auf der SAM-Karte sind Fingerabdruck- Kenndaten des berechtigten Benutzers gespeichert. Die Koramunikations-Schnittstelle des Sensormoduls 12 umfaßt eine Schnittstellen-Steuereinheit 54 und einen Netzwerkadapter 56, an den das Netzwerkkabel 34 angeschlossen wird.The sensor module 12 also contains an internal processor 50, the task of which is in particular the analysis of the fingerprint data supplied by the sensor 14 for the purpose of identification. The SAM card is read out via a contact unit 52. Fingerprint identification data of the authorized user are stored on the SAM card. The communication interface of the sensor module 12 comprises an interface control unit 54 and a network adapter 56 to which the network cable 34 is connected.
Die SAM-Karte enthält zusätzlich zu den Fingerabdruck-Kenndaten des berechtigten Benutzers Daten und Strukturen zur Verschlüsselung dieser Daten, die dann in verschlüsselter Form an den Chipkartenleser 10 zur Auswertung übergeben werden.In addition to the fingerprint identification data of the authorized user, the SAM card contains data and structures for encrypting this data, which are then transferred in an encrypted form to the chip card reader 10 for evaluation.
Auf eine verschlüsselte Übertragung der Fingerabdruck-Daten kann verzichtet werden, wenn Fingerabdruck-Sensor und Chipkartenleser miteinander integriert sind, so daß ein Abfangen der Daten vom Fingerabdruck-Sensor nicht möglich ist. Bei dieser alternativen Ausführungsform wird auch die Kommuni- kationsschnittstelle (Netzwerkadapter) in dem System integriert. An encrypted transmission of the fingerprint data can be dispensed with if the fingerprint sensor and chip card reader are integrated with one another, so that it is not possible to intercept the data from the fingerprint sensor. In this alternative embodiment, the communication interface (network adapter) is also integrated in the system.

Claims

Patentansprücheclaims
1. Sicherheitssystem für die Identitäts- und Berechtigungsprüfung in einer gesicherten Kommunikationsumgebung, mit1. Security system for identity and authorization verification in a secure communication environment, with
- einem Chipkartenleser im Format einer PC-Karte;- a chip card reader in the format of a PC card;
- einer Chipkarte, auf der personenbezogene Daten gespeichert sind;- a chip card on which personal data is stored;
- einem Fingerabdruck-Sensor, der mit dem Chipkartenleser gekoppelt ist;- A fingerprint sensor, which is coupled to the chip card reader;
- einer Validierungseinrichtung zu Validierung der von der Chipkarte gelesenen personenbezogenen Informationen in Abhängigkeit von Daten, die von dem Fingerabdruck-Sensor geliefert werden.a validation device for validating the personal information read from the chip card as a function of data supplied by the fingerprint sensor.
2. Sicherheitssystem nach Anspruch 1, dadurch gekennzeichnet, daß der Fingerabdruck-Sensor an einem mit dem Chipkartenleser durch eine lösbare Steckverbindung gekoppelten Modul angeordnet ist .2. Security system according to claim 1, characterized in that the fingerprint sensor is arranged on a module coupled to the chip card reader by a releasable plug connection.
3. Sicherheitssystem nach Anspruch 2, dadurch gekennzeichnet, daß das Modul auf eine schmale Stirnfläche des Chipkartenlesers, an der die Chipkarte herausragt, aufsteckbar ist.3. Security system according to claim 2, characterized in that the module can be plugged onto a narrow end face of the chip card reader, on which the chip card protrudes.
5. Sicherheitssystem nach Anspruch 3, dadurch gekennzeichnet, daß in dem Modul ein Schlitz für den Durchgang der Chipkarte angeordnet ist.5. Security system according to claim 3, characterized in that a slot is arranged in the module for the passage of the chip card.
6. Sicherheitssystem nach einem der Ansprüche 2 bis 5, dadurch gekennzeichnet, daß das Modul einen SAM- oder SIM- Kartenleser beinhaltet.6. Security system according to one of claims 2 to 5, characterized in that the module contains a SAM or SIM card reader.
7. Sicherheitssystem nach Anspruch 6, dadurch gekennzeichnet, daß die von dem Fingerabdruck-Sensor gelieferten Daten mit den von der SAM-bzw. SIM-Karte gelesenen Daten in einem internen Prozessor des Moduls zu einer verschlüsselten Identitätsinformation verarbeitet werden. 7. Security system according to claim 6, characterized in that the data supplied by the fingerprint sensor with the data from the SAM or. SIM card read data are processed in an internal processor of the module to encrypted identity information.
8. Sicherheitssystem nach einem der Ansprüche 1 bis 7, gekennzeichnet durch eine Schnittstelle für den Anschluß an ein KommunikationsSystem, insbesondere Netzwerk.8. Security system according to one of claims 1 to 7, characterized by an interface for connection to a communication system, in particular network.
9. Sicherheitssystem nach den Ansprüchen 2 und 8, dadurch gekennzeichnet, daß die Schnittstelle in dem Modul enthalten ist.9. Security system according to claims 2 and 8, characterized in that the interface is included in the module.
10. Sicherheitssystem nach Anspruch 8 oder 9, dadurch gekennzeichnet, daß über die Schnittstelle signierte Nachrichten mit der Kommunikationsumgebung austauschbar sind. 10. Security system according to claim 8 or 9, characterized in that signed messages are interchangeable with the communication environment via the interface.
PCT/EP1999/005879 1998-08-11 1999-08-11 Security system WO2000010134A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2000565507A JP2002522852A (en) 1998-08-11 1999-08-11 Security system
EP99944372A EP1104572A1 (en) 1998-08-11 1999-08-11 Security system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE29814427U DE29814427U1 (en) 1998-08-11 1998-08-11 security system
DE29814427.1 1998-08-11

Publications (1)

Publication Number Publication Date
WO2000010134A1 true WO2000010134A1 (en) 2000-02-24

Family

ID=8061181

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP1999/005879 WO2000010134A1 (en) 1998-08-11 1999-08-11 Security system

Country Status (4)

Country Link
EP (1) EP1104572A1 (en)
JP (1) JP2002522852A (en)
DE (1) DE29814427U1 (en)
WO (1) WO2000010134A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001067399A1 (en) * 2000-03-10 2001-09-13 Gemplus Biometric identification method, portable electronic device and electronic device acquiring biometric data therefor
US6592031B1 (en) * 1998-12-04 2003-07-15 Stocko Contact Gmbh & Co. Kg Authentication system for PC cards

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU1814500A (en) * 1998-11-06 2000-05-29 Who? Vision Systems Inc. Relief object sensor adaptor
SE9900887L (en) * 1999-03-12 2000-09-13 Business Security encryption device
DE19938096A1 (en) * 1999-08-12 2001-02-15 Scm Microsystems Gmbh Procedure for checking the authorization of transactions
CN109272609A (en) * 2018-08-19 2019-01-25 天津新泰基业电子股份有限公司 A kind of CPU safety door inhibition control method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0159539A1 (en) * 1984-04-04 1985-10-30 Siemens Aktiengesellschaft Chip card system
DE3706466A1 (en) * 1987-02-27 1988-09-08 Siemens Ag Portable operating unit for smart cards
EP0552078A1 (en) * 1992-01-14 1993-07-21 Gemplus Card International Insertable card for microcomputer constituting a reader for cards with flat contacts
DE29513985U1 (en) * 1995-08-31 1995-11-02 Cards & Devices Chipkartenloes Miniaturized reader for chip cards
EP0735507A2 (en) * 1995-04-01 1996-10-02 STOCKO Metallwarenfabriken Henkels und Sohn GmbH & Co Contact unit for card-form carrier elements
NL1004171C2 (en) * 1996-10-02 1998-04-06 Nedap Nv Holder for smart card activated by fingerprint detection

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0159539A1 (en) * 1984-04-04 1985-10-30 Siemens Aktiengesellschaft Chip card system
DE3706466A1 (en) * 1987-02-27 1988-09-08 Siemens Ag Portable operating unit for smart cards
EP0552078A1 (en) * 1992-01-14 1993-07-21 Gemplus Card International Insertable card for microcomputer constituting a reader for cards with flat contacts
EP0735507A2 (en) * 1995-04-01 1996-10-02 STOCKO Metallwarenfabriken Henkels und Sohn GmbH & Co Contact unit for card-form carrier elements
DE29513985U1 (en) * 1995-08-31 1995-11-02 Cards & Devices Chipkartenloes Miniaturized reader for chip cards
NL1004171C2 (en) * 1996-10-02 1998-04-06 Nedap Nv Holder for smart card activated by fingerprint detection

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6592031B1 (en) * 1998-12-04 2003-07-15 Stocko Contact Gmbh & Co. Kg Authentication system for PC cards
WO2001067399A1 (en) * 2000-03-10 2001-09-13 Gemplus Biometric identification method, portable electronic device and electronic device acquiring biometric data therefor
FR2806187A1 (en) * 2000-03-10 2001-09-14 Gemplus Card Int Biometric identification method has an additional step for authenticating the origin of a biometric signature to ensure that it was correctly acquired rather than fraudulently introduced
US7289959B2 (en) 2000-03-10 2007-10-30 Gemplus Biometric identification method, portable electronic device and electronic device acquiring biometric data therefor

Also Published As

Publication number Publication date
EP1104572A1 (en) 2001-06-06
JP2002522852A (en) 2002-07-23
DE29814427U1 (en) 1998-12-10

Similar Documents

Publication Publication Date Title
EP0355372B1 (en) Data carrier controlled terminal for a data exchange system
DE69730128T2 (en) Authentication Method and System Based on a Periodic Challenge Response Protocol
DE10001672C2 (en) Electronic data storage medium with the ability to check fingerprints
DE19648767C2 (en) Identification system with an electronic chip card
DE19860177C2 (en) Method and device for the user-controlled activation of chip card functions
EP1006479A2 (en) Authentication system for PC-cards
DE10105396A1 (en) Mobile electronic device with a function for verifying a user by means of biometric information
EP2602738A2 (en) Device for protecting security tokens against malware
EP0197535A2 (en) Data input device
DE102005005378A1 (en) Device for entering and transmitting encrypted signals
DE3706465C2 (en)
EP1104572A1 (en) Security system
DE19631569A1 (en) Smart card with fingerprint scanner
EP3252643B1 (en) Reading device for a chip card and computer system
DE102004039365A1 (en) Data carrier for contactless transmission of encrypted data signals
EP2169579B1 (en) Method and device for accessing a machine readable document
DE19929251C2 (en) Method and device for establishing communication between a user device and a network
DE3836801C2 (en)
DE10034993B4 (en) Universal security module
DE102010054061B4 (en) Portable system comprising data carrier and input medium carrier, use and method of the system
DE102013112943B4 (en) Smart card reader
EP1152377B1 (en) Method and terminal apparatus for performing transactions using a portable data carrier
DE102005059001A1 (en) Portable electronic device, method for enabling a smart card and computer program product
WO2004019188A2 (en) Verification and granting of authorizations of use
WO2001013340A1 (en) Method for making authorization checks of transactions

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP SG US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 1999944372

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 09762649

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 1999944372

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1999944372

Country of ref document: EP