Title of Invention	AN ENROLMENT METHOD COMPRISING THE CAPTURE OF BIOMETRIC DATA AND A BIOMETRIC IDENTITY CHECK METHOD
Abstract	An Enrolment Method Comprising The Capture Of Biometric Data And A Biometric Identity Check Method A method and associated device for checking a biometric signature by means of a very simple and secure calculation adapted to objects of the chip card type. The method is based on the storage within the object of an obscured biometric signature and an associated authentication code, a terminal capturing a fingerprint compares it with the obscured biometric signature transmitted by the card and transfers the result of this comparison to the chip card, which validates this result with the authentication code.

Title of Invention

AN ENROLMENT METHOD COMPRISING THE CAPTURE OF BIOMETRIC DATA AND A BIOMETRIC IDENTITY CHECK METHOD

Abstract

An Enrolment Method Comprising The Capture Of Biometric Data And A Biometric Identity Check Method A method and associated device for checking a biometric signature by means of a very simple and secure calculation adapted to objects of the chip card type. The method is based on the storage within the object of an obscured biometric signature and an associated authentication code, a terminal capturing a fingerprint compares it with the obscured biometric signature transmitted by the card and transfers the result of this comparison to the chip card, which validates this result with the authentication code.

Full Text	An Enrolment Method Comprising The Capture,Of Biometric Data And A Biometric Identity Check Method The invention concerns the biometric identification of a user of a system. It is adapted to an identity check on a portable object of the chip card type. One method normally used for identifying a user is based on a secret identification code, also referred to as a PIN (standing for Personal Identification Number in English) . In a system using chip cards, a user enters his PIN code on a transaction terminal, which then transfers the PIN code entered to the chip card, which checks the PIN code by comparison with a reference PIN code. The security of such a system is guaranteed by the fact that the reference PIN code is stored within the chip card, by nature protected, and never leaves it during the identity check process, since the final check is made by the card. The drawbacks of such a system are the fact that the owner of the card must memorise a secret and the fact that another user can commit fraud by stealing this secret. Biometrics consists of acquiring, measuring and recognising physical characteristics of a user. It makes it possible to directly identify a user whilst the PIN code method allows indirect identification by the fact of checking that the user knows a secret. Amongst the known techniques in biometrics, there are the methods of recognising voice characteristics, characteristics peculiar to the shape of the face or to the iris of the eye or, in the most frequent case, fingerprint characteristics. All the existing biometric identity check systems are broken down into three phases: - the first phase is a phase of capturing biometric data from a sensor. These biometric data obtained are usually images, for example in the case of fingerprints, iris or face shape. However, it can also be a case of sound sequences in the case of voice recognition. - The second phase is an analysis or extraction phase for extracting a biometric signature from biometric data captured during the first phase, this signature being composed of a more restricted set of particular biometric data. This second phase is extremely complex and requires high calculation power. The third phase consists of comparing the biometric signature obtained during the second phase with a reference signature defined previously during a procedure called enrolling. Portable electronic objects of the chip card type are provided with microprocessors whose calculation power is still limited. This is why a biometric system of the prior art using chip cards functions as follows: - in the enrolling phase, a reference biometric signature of the user of the card is stored in a secure memory of the chip card. - in the identity check phase, a terminal captures the biometric data of the user and then extracts a biometric signature. Two solutions then exist: either the reference biometric signature is transferred from the card to the terminal for a check on the identity, by comparing the two signatures, on the terminal: this method has the drawback that the reference signature may be intercepted, which is a security failing. A conventional identification by PIN code does not have this drawback; - or the biometric signature extracted is transferred to the card for a check on the card. The card having only a low calculation capacity, the check is a complex operation, which requires a long processing time. This represents a drawback compared with the conventional use of a PIN code. One object of the present invention is to propose a biometric identification solution which is both secure and simple, adapted to an identity check on an object of the chip card type. The solution is based on an enrolment method comprising the capture of biometric data, the extraction of a true biometric signature composed of true particular biometric data, characterised in that it comprises the following steps: - producing false particular biometric data, - generating the obscured biometric signature by combining the false particular biometric data with the particular true biometric data, producing an authentication code which indicates which are the false and true particular biometric data of the obscured biometric signature. The false particular biometric data can be produced consistently with the true particular biometric data. For this, at least one false particular biometric data item can be produced by slightly transforming a true biometric data item; - in the case of minutiae which correspond to fingerprint data of a first finger, at least one false minutiae can be produced from minutiae of a second finger; - a false particular biometric data item can also be produced by detecting a true biometric data item having a geometry relatively close to a true particular biometric data item and transforming this true biometric data item in order to create the false particular biometric data item. The authentication code can be established according to the following steps: - the particular biometric data of the obscured biometric signature are ordered; - the authentication code is composed of a series of bits, with a length equal to the total number of true and false particular biometric data of the obscured biometric signature, each bit indicating respectively whether the corresponding particular biometric data item is true or false. The obscured biometric signature and the authentication code can be recorded in a secure memory of a personal object of the chip card type. The solution also proposes a biometric identity check method comprising the capture of biometric data and the extraction of a true biometric signature composed of true particular biometric data, and comprising the following steps: - comparing the true biometric signature with an obscured biometric signature, - producing a code indicating the true and false biometric data on the basis of the previous comparison with the true biometric signature, - comparing this code with an authentication code indicating the true and false particular biometric data of the obscured biometric signature. In this method, the authentication code can be stored in a secure memory of a personal object and the comparison of the code and authentication code can take place within the personal object. The biometric identity check method for accessing a service by means of a services terminal, based on a personal object of the chip card type for storing the authentication code and the obscured biometric signature, can comprise the following steps: - transferring the obscured biometric signature from the personal object to the service terminal for the comparison of the true biometric signature with the obscured biometric signature and producing the code within the service terminal; - transferring the code from the service terminal to the personal object for comparison of the code with the authentication code on the personal object. The invention is also based on an enrolment device using biometric signature extraction software in order to obtain a true biometric signature composed of true particular biometric data from captured biometric data, using obscuring software consisting firstly of producing false particular biometric data and combining them with the true particular biometric data in order to obtain an obscured biometric signature, and secondly producing an authentication code for indicating the true and false particular biometric data of the obscured biometric signature. The enrolment device can comprise a device for communication with a personal object of the chip card type suitable for transferring the obscured biometric signature and the authentication code to the personal object - The invention also proposes a personal object comprising a secure memory and a communication means and comprising in its secure memory an obscured biometric signature and an authentication code and comprising a means of comparing a code transferred by the communication means with the authentication code. This personal object may be a medium with a chip of the chip card type. The invention also proposes a service terminal using extraction software in order to obtain a true biometric signature composed of true particular biometric data from captured biometric data and using software for producing a code from a comparison between the true biometric signature and an obscured biometric signature, the code indicating the true and false biometric data on the basis of the true biometric signature calculated by the service terminal. This service terminal can comprise a communication device for communicating with a personal object of the chip card type, able to transfer the obscured biometric signature from the personal object and the code produced to the personal object. Other characteristics and advantages of the present invention will emerge from a reading of the following description of particular example embodiments, given for illustrative purposes and non-limitingly, and the accompanying drawings in which: - Figure 1 depicts examples of minutiae of fingerprints; - Figure 2 depicts examples of the creation of false minutiae; - Figure 3 depicts a simplified example of the creation of an obscured signature and of the authentication code according to the invention. One embodiment of the invention will be described in the context of an identification by fingerprint in a banking application. A user is provided with a chip card possessing a secure memory and a biometric identity check function which will be detailed below. During the enrolment phase, which consists of storing the reference biometric signature on the card, the user goes to a secure place such as a bank branch for example, where his fingerprint is captured on a special terminal. An extraction algorithm of the prior art, whose principle consists of selecting particular biometric data from the captured fingerprint, referred to as minutiae, derives therefrom the biometric signature composed of these minutiae. To facilitate understanding of the remainder of the description, the terms true minutiae and true biometric signature will be used for these data obtained according to the calculation of the prior art. These true minutiae are for example identified by data indicating their position, plus a data item indicating their type. Figure 1 shows two examples of types of minutiae, a line bifurcation (Fig. la) and a line end (Fig. lb) . The number of minutiae to be selected by the extraction algorithm is predefined in order to obtain a good compromise between security and calculation complexity. According to the method of the invention, before the recording of the signature on the chip card, the enrolment terminal uses obscuring software in order to transform the previous true biometric signature. This obscuring software uses an obscuring method which consists of combining the true minutiae previously extracted and making up the true biometric signature with false data which will . be referred to as false minutiae, so as to obtain an obscured biometric signature. One characteristic of the obscuring method consists of defining false minutiae which are consistent with the true minutiae in order to make the operation consisting of finding the true biometric signature from the obscured signature difficult or impossible. For this, it is possible to use the following methods: - according to a first variant, the sensor of the bank terminal captures more minutiae than the predefined number. The additional minutiae are then slightly transformed in order to obtain false minutiae. This transformation can consist of a modification of the coordinates of the minutiae by a rotation or translation, or a modification of their type; - according to a second variant close to the previous one, it is possible to obtain the false minutiae by transforming minutiae obtained during the capture of the print from another finger. It will then be arranged to keep only false minutiae not too close to the true minutiae selected in order to preserve consistency of the whole. The advantage of this variant is that it is applicable in cases where the number of minutiae of a single print is small; - according to a third variant, amongst the capture biometric data, relatively close geometries of true minutiae are detected and are transformed in order to create false minutiae consistent with the global geometry of the fingerprint. This transformation is illustrated in Figure 2. Figure 2sl depicts a true geometry which is transformed into a false minutiae of the bifurcation type depicted in Figure 2a2. Figure 2bl depicts a true geometry which is transformed into a false minutiae of the line end type depicted in Figure 2b2. Combining the false and true minutiae makes it possible to obtain the obscured biometric signature. At the same time, the obscuring method generates an authentication code whose content indicates the minutiae which are true and false in the obscured signature. In order to produce this authentication code, the minutiae are first of all ordered in a well defined order, by choosing for example a geometric origin and then classifying the minutiae according to their position with respect to this origin. Then the authentication code is established in the form of a list of zeros and ones, the zeros indicating that a minutiae is false and the ones that the minutiae are true, or vice-versa. This authentication code therefore has as its dimension a number of bits equal to the total number of minutiae of the obscured signature. Figure 3 illustrates a simplified example of the production of an obscured signature and of the associated authentication code. Figure 3a depicts a fingerprint, Figure 3b depicts the two true minutiae (represented by a solid circle) extracted from the fingerprint by the extraction algorithm, Figure 3c depicts the obscured signature, which was produced by adding two false minutiae (represented by an empty circle), Figure 3d depicts the same minutiae ordered and Figure 3e depicts the associated authentication code. The enrolment phase ends with the storage of the obscured "biotmetric . signature and the authentication code in the non-volatile memory (EEPROM, FLASH etc) of the chip card. These data require a relatively small amount of memory space of a few tens of bytes. After the enrolment, the bank card can be used to make payments, access banking services etc. Each operation requires a phase of checking the identity of the user, which comprises the following steps: - the service terminal, for example a cash dispenser, captures the fingerprint of the user; - the terminal calculates the true biometric signature from this fingerprint by means of the same extraction algorithm as that used during the enrolment phase; - the card transfers the obscured biometric signature to the terminal. It should be noted that this method has the advantage, unlike the prior art, of not transferring the true reference biometric signature; - the terminal compares the true biometric signature with the obscured biometric signature transferred by the card and derives therefrom a code representing the differences between the two signatures, according to a calculation similar to that of the production of the authentication code described during the enrolment phase. This code represents the true and false minutiae on the basis of the true biometric signature derived from the captured fingerprint. This code must be almost identical to the authentication code if the user is indeed the correct person; - the code obtained is transferred from the terminal to the chip card; - the chip card comprises a means, in software or hardware form, which makes it possible to compare (for example by means of an XOR function) the code received and the. authentication code, stored in the memory during the enrolment phase. If the codes are sufficiently identical with respect to the predefined tolerance, then the card returns to the terminal a positive message validating the identity of the user. A first advantage of this method is its flexibility: it is possible to choose a number of true and false minutiae according to the security requirements and processing time required. One of the most simple implementations with the use of 10 true and 10 false minutiae, and with a tolerance consisting of accepting the error of one minutiae in the checking calculation, gives rise to a rate of false acceptance of 1 in 10,000 and a processing time by the card of the same order as the checking of a PIN code. This method also has the same advantages of the system of the prior art based on PIN codes since firstly there is no longer any transfer of confidential information from the card to the terminal and since moreover the checking calculation implemented within the card is very simple. It should be noted that the authentication code fulfils a role similar to the PIN code of the solutions of identification by PIN code as described previously. Moreover, this method of course includes the advantages of biometrics. The invention therefore makes it possible to combine the advantages of biometrics and PIN code. The invention, as described in this embodiment, is implemented by means of various devices comprising the following particular functionalities: - obscuring software based on a method of producing false minutiae, combining false and true minutiae in order to produce an obscured biometric signature and an authentication code, implemented 'during an enrolment phase on a secure terminal of a service provider such as a bank; software for comparing an extracted biometric signature with an obscured biometric signature, generating a code, used on a service terminal during an identity check phase; a code check means used on the card which also possesses a secure memory for containing an authentication code and a reference obscured biometric signature. The methods of the invention are of course adapted to other fields of biometrics, using similar mechanisms based on particular biometric data, fulfilling the role of fingerprint minutiae. False particular biometric data consistent with the true particular biometric data will also be added. In addition, the invention is particularly well adapted to the systems based on personal objects such as chip cards, possessing few hardware re-sources. It does however remain applicable to other systems not necessarily using such an object. WE CLAIM : 1. An enrolment method comprising the capture of biometric data, the extraction of a true biometric signature composed of true particular biometric data, characterised in that it comprises the following steps: - producing false particular biometric data, - generating the obscured biometric signature by combining the false particular biometric data with the true particular biometric data, producing an authentication code which indicates which are the false and true particular biometric data of the obscured biometric signature. 2. An enrolment method as claimed in Claim 1, wherein the false particular biometric data are produced in a manner consistent with the true particular biometric data. 3. An enrolment method as claimed in Claim 2, wherein at least one false particular biometric data item is produced by slightly transforming a true biometric data item. 4. An enrolment method as claimed in Claim 3, wherein the true particular biometric data are minutiae which correspond to fingerprint data of a first finger and in that at least one false minutiae is produced from minutiae of a second finger. 5. An enrolment method as claimed in Claim 3, wherein at least one false particular biometric data item is produced by detecting a true biometric data item having a geometry relatively close to a true particular biometric data item and transforming this true biometric data item in order to create the false particular biometric data item. 6. An enrolment method as claimed in Claim 1, wherein the authentication code is established according to the following steps: - the particular biometric data of the obscured biometric signature are ordered; - the authentication code is composed of a series of bits, with a length equal to the total number of true and false particular biometric data of the obscured biometric signature, each bit indicating respectively whether the corresponding particular biometric data item is true or false. 7. An enrolment method as claimed in Claim 1, wherein the biometric data are those of a fingerprint and the particular biometric data minutiae. 8. An enrolment method as claimed in one of the preceding claims, wherein the obscured biometric signature and the authentication code are recorded on a secure memory of a personal object of the chip card type. 9. A biometric identity check method comprising the capture of biometric data and the extraction of a true biometric signature composed of true particular biometric data, and comprising the following steps: - comparing the true biometric signature with an obscured biometric signature, - producing a code indicating the true and false biometric data on the basis of the previous comparison with the true biometric signature, - comparing this code with an authentication code indicating the true and false particular biometric data of the obscured biometric signature. 10. A biometric identity check method as claimed in the preceding claim, wherein the authentication code is stored in a secure memory of a personal object and in that the comparison of the code and authentication code takes place within the personal object. 11. A biometric identity check method as claimed in the preceding claim for accessing a service by means of a service terminal, based on a personal object f the chip card type for storing the authentication code and the obscured biometric signature and comprising the following steps: - transferring the obscurec biometric signature from the personal object to the service terminal for the comparison of the true biometric signature with the obscured biometric signature and producing the code within the service terminal; - transferring the code from the service terminal to the personal object for comparison of the code with the authentication code on the personal object. 12. An enrolment device using biometric signature extraction software in order to obtain a true fiometric signature composed of true particular biometric data from captured bicrr.etric data, characterised in that it uses . obscuring software consisting firstly of producing false particular biometric data and combining them with true particular biometric data in order to obtain an obscured biometric signature, and moreover producing an authentication code for indicating the true and false particular biometric data of the obscured biometric signature. 13.An enrolment device as claimed in the preceding claim, wherein it comprises a device for communicating with a personal object of the chip card type able to transfer the obscured biometric signature and the authentication code to the personal object. 14. A personal object comprising a secure memory and a communication means, characterised in that it comprises in its secure memory an obscured biometric signature and an authentication code and in that it comprises a means of comparing a code transferred by the communication means with the authentication code. 15. A personal object as claimed in the preceding claim, wherein it is a medium with a chip of the chip card type. 16. A service terminal using extraction software in order to obtain a true biometric signature composed of true particular biometric. data from captured biometric data and using software for producing a code from a comparison between the true biometric signature and an obscured biometric signature, the code indicating the true and false biometric data on the basis of the true biometric signature calculated by t.he service terminal. 17. A service terminal as claimed in the preceding claim, wherein it comprises a communication device for communicating with a personal object of the chip card type able to transfer the obscured biometric signature from the personal object and the code produced to the personal object. An Enrolment Method Comprising The Capture Of Biometric Data And A Biometric Identity Check Method A method and associated device for checking a biometric signature by means of a very simple and secure calculation adapted to objects of the chip card type. The method is based on the storage within the object of an obscured biometric signature and an associated authentication code, a terminal capturing a fingerprint compares it with the obscured biometric signature transmitted by the card and transfers the result of this comparison to the chip card, which validates this result with the authentication code.

Full Text

An Enrolment Method Comprising The Capture,Of Biometric
Data And A Biometric Identity Check Method
The invention concerns the biometric identification
of a user of a system. It is adapted to an identity
check on a portable object of the chip card type.
One method normally used for identifying a user is
based on a secret identification code, also referred to
as a PIN (standing for Personal Identification Number
in English) . In a system using chip cards, a user
enters his PIN code on a transaction terminal, which
then transfers the PIN code entered to the chip card,
which checks the PIN code by comparison with a
reference PIN code. The security of such a system is
guaranteed by the fact that the reference PIN code is
stored within the chip card, by nature protected, and
never leaves it during the identity check process,
since the final check is made by the card. The
drawbacks of such a system are the fact that the owner
of the card must memorise a secret and the fact that
another user can commit fraud by stealing this secret.
Biometrics consists of acquiring, measuring and
recognising physical characteristics of a user. It
makes it possible to directly identify a user whilst
the PIN code method allows indirect identification by
the fact of checking that the user knows a secret.
Amongst the known techniques in biometrics, there are
the methods of recognising voice characteristics,
characteristics peculiar to the shape of the face or to
the iris of the eye or, in the most frequent case,
fingerprint characteristics.
All the existing biometric identity check systems
are broken down into three phases:
- the first phase is a phase of capturing biometric
data from a sensor. These biometric data obtained are
usually images, for example in the case of
fingerprints, iris or face shape. However, it can also
be a case of sound sequences in the case of voice
recognition.
- The second phase is an analysis or extraction
phase for extracting a biometric signature from
biometric data captured during the first phase, this
signature being composed of a more restricted set of
particular biometric data. This second phase is
extremely complex and requires high calculation power.
The third phase consists of comparing the
biometric signature obtained during the second phase
with a reference signature defined previously during a
procedure called enrolling.
Portable electronic objects of the chip card type
are provided with microprocessors whose calculation
power is still limited. This is why a biometric system
of the prior art using chip cards functions as follows:
- in the enrolling phase, a reference biometric
signature of the user of the card is stored in a secure
memory of the chip card.
- in the identity check phase, a terminal captures
the biometric data of the user and then extracts a
biometric signature. Two solutions then exist:
either the reference biometric
signature is transferred from the card to the terminal
for a check on the identity, by comparing the two
signatures, on the terminal: this method has the
drawback that the reference signature may be
intercepted, which is a security failing. A
conventional identification by PIN code does not have
this drawback;
- or the biometric signature extracted
is transferred to the card for a check on the card.
The card having only a low calculation capacity, the
check is a complex operation, which requires a long
processing time. This represents a drawback compared
with the conventional use of a PIN code.
One object of the present invention is to propose a
biometric identification solution which is both secure
and simple, adapted to an identity check on an object
of the chip card type.
The solution is based on an enrolment method
comprising the capture of biometric data, the
extraction of a true biometric signature composed of
true particular biometric data, characterised in that
it comprises the following steps:
- producing false particular biometric data,
- generating the obscured biometric signature
by combining the false particular biometric data
with the particular true biometric data,
producing an authentication code which
indicates which are the false and true particular
biometric data of the obscured biometric signature.
The false particular biometric data can be
produced consistently with the true particular
biometric data. For this, at least one false particular
biometric data item can be produced by slightly
transforming a true biometric data item;
- in the case of minutiae which correspond to
fingerprint data of a first finger, at least one
false minutiae can be produced from minutiae of a
second finger;
- a false particular biometric data item can
also be produced by detecting a true biometric
data item having a geometry relatively close to a
true particular biometric data item and
transforming this true biometric data item in
order to create the false particular biometric
data item.
The authentication code can be established
according to the following steps:
- the particular biometric data of the obscured
biometric signature are ordered;
- the authentication code is composed of a series
of bits, with a length equal to the total number of
true and false particular biometric data of the
obscured biometric signature, each bit indicating
respectively whether the corresponding particular
biometric data item is true or false.
The obscured biometric signature and the
authentication code can be recorded in a secure memory
of a personal object of the chip card type.
The solution also proposes a biometric identity
check method comprising the capture of biometric data
and the extraction of a true biometric signature
composed of true particular biometric data, and
comprising the following steps:
- comparing the true biometric signature with
an obscured biometric signature,
- producing a code indicating the true and
false biometric data on the basis of the previous
comparison with the true biometric signature,
- comparing this code with an authentication
code indicating the true and false particular
biometric data of the obscured biometric signature.
In this method, the authentication code can be
stored in a secure memory of a personal object and the
comparison of the code and authentication code can take
place within the personal object.
The biometric identity check method for accessing
a service by means of a services terminal, based on a
personal object of the chip card type for storing the
authentication code and the obscured biometric
signature, can comprise the following steps:
- transferring the obscured biometric signature
from the personal object to the service terminal for
the comparison of the true biometric signature with the
obscured biometric signature and producing the code
within the service terminal;
- transferring the code from the service terminal
to the personal object for comparison of the code with
the authentication code on the personal object.
The invention is also based on an enrolment
device using biometric signature extraction software in
order to obtain a true biometric signature composed of
true particular biometric data from captured biometric
data, using obscuring software consisting firstly of
producing false particular biometric data and combining
them with the true particular biometric data in order
to obtain an obscured biometric signature, and secondly
producing an authentication code for indicating the
true and false particular biometric data of the
obscured biometric signature.
The enrolment device can comprise a device for
communication with a personal object of the chip card
type suitable for transferring the obscured biometric
signature and the authentication code to the personal
object -
The invention also proposes a personal object
comprising a secure memory and a communication means
and comprising in its secure memory an obscured
biometric signature and an authentication code and
comprising a means of comparing a code transferred by
the communication means with the authentication code.
This personal object may be a medium with a chip of the
chip card type.
The invention also proposes a service terminal
using extraction software in order to obtain a true
biometric signature composed of true particular
biometric data from captured biometric data and using
software for producing a code from a comparison between
the true biometric signature and an obscured biometric
signature, the code indicating the true and false

biometric data on the basis of the true biometric
signature calculated by the service terminal.
This service terminal can comprise a
communication device for communicating with a personal
object of the chip card type, able to transfer the
obscured biometric signature from the personal object
and the code produced to the personal object.
Other characteristics and advantages of the present
invention will emerge from a reading of the following
description of particular example embodiments, given
for illustrative purposes and non-limitingly, and the
accompanying drawings in which:
- Figure 1 depicts examples of minutiae of
fingerprints;
- Figure 2 depicts examples of the creation of false
minutiae;
- Figure 3 depicts a simplified example of the
creation of an obscured signature and of the
authentication code according to the invention.
One embodiment of the invention will be described in
the context of an identification by fingerprint in a
banking application.
A user is provided with a chip card possessing a secure
memory and a biometric identity check function which
will be detailed below.
During the enrolment phase, which consists of storing
the reference biometric signature on the card, the user
goes to a secure place such as a bank branch for
example, where his fingerprint is captured on a special
terminal. An extraction algorithm of the prior art,
whose principle consists of selecting particular
biometric data from the captured fingerprint, referred
to as minutiae, derives therefrom the biometric
signature composed of these minutiae. To facilitate
understanding of the remainder of the description, the
terms true minutiae and true biometric signature will
be used for these data obtained according to the
calculation of the prior art. These true minutiae are
for example identified by data indicating their
position, plus a data item indicating their type.
Figure 1 shows two examples of types of minutiae, a
line bifurcation (Fig. la) and a line end (Fig. lb) .
The number of minutiae to be selected by the extraction
algorithm is predefined in order to obtain a good
compromise between security and calculation complexity.
According to the method of the invention, before the
recording of the signature on the chip card, the
enrolment terminal uses obscuring software in order to
transform the previous true biometric signature. This
obscuring software uses an obscuring method which
consists of combining the true minutiae previously
extracted and making up the true biometric signature
with false data which will . be referred to as false
minutiae, so as to obtain an obscured biometric
signature.
One characteristic of the obscuring method consists of
defining false minutiae which are consistent with the
true minutiae in order to make the operation consisting
of finding the true biometric signature from the
obscured signature difficult or impossible. For this,
it is possible to use the following methods:
- according to a first variant, the sensor of the bank
terminal captures more minutiae than the predefined
number. The additional minutiae are then slightly
transformed in order to obtain false minutiae. This
transformation can consist of a modification of the
coordinates of the minutiae by a rotation or
translation, or a modification of their type;
- according to a second variant close to the previous
one, it is possible to obtain the false minutiae by
transforming minutiae obtained during the capture of
the print from another finger. It will then be arranged
to keep only false minutiae not too close to the true
minutiae selected in order to preserve consistency of
the whole. The advantage of this variant is that it is
applicable in cases where the number of minutiae of a
single print is small;
- according to a third variant, amongst the capture
biometric data, relatively close geometries of true
minutiae are detected and are transformed in order to
create false minutiae consistent with the global
geometry of the fingerprint. This transformation is
illustrated in Figure 2. Figure 2sl depicts a true
geometry which is transformed into a false minutiae of
the bifurcation type depicted in Figure 2a2. Figure 2bl
depicts a true geometry which is transformed into a
false minutiae of the line end type depicted in Figure
2b2.
Combining the false and true minutiae makes it possible
to obtain the obscured biometric signature. At the same
time, the obscuring method generates an authentication
code whose content indicates the minutiae which are
true and false in the obscured signature. In order to
produce this authentication code, the minutiae are
first of all ordered in a well defined order, by
choosing for example a geometric origin and then
classifying the minutiae according to their position
with respect to this origin. Then the authentication
code is established in the form of a list of zeros and
ones, the zeros indicating that a minutiae is false and
the ones that the minutiae are true, or vice-versa.
This authentication code therefore has as its dimension
a number of bits equal to the total number of minutiae
of the obscured signature. Figure 3 illustrates a
simplified example of the production of an obscured
signature and of the associated authentication code.
Figure 3a depicts a fingerprint, Figure 3b depicts the
two true minutiae (represented by a solid circle)
extracted from the fingerprint by the extraction
algorithm, Figure 3c depicts the obscured signature,
which was produced by adding two false minutiae
(represented by an empty circle), Figure 3d depicts the
same minutiae ordered and Figure 3e depicts the
associated authentication code.
The enrolment phase ends with the storage of the
obscured "biotmetric . signature and the authentication
code in the non-volatile memory (EEPROM, FLASH etc) of
the chip card. These data require a relatively small
amount of memory space of a few tens of bytes.
After the enrolment, the bank card can be used to make
payments, access banking services etc. Each operation
requires a phase of checking the identity of the user,
which comprises the following steps:
- the service terminal, for example a cash dispenser,
captures the fingerprint of the user;
- the terminal calculates the true biometric signature
from this fingerprint by means of the same extraction
algorithm as that used during the enrolment phase;
- the card transfers the obscured biometric signature
to the terminal. It should be noted that this method
has the advantage, unlike the prior art, of not
transferring the true reference biometric signature;
- the terminal compares the true biometric signature
with the obscured biometric signature transferred by
the card and derives therefrom a code representing the
differences between the two signatures, according to a
calculation similar to that of the production of the
authentication code described during the enrolment
phase. This code represents the true and false minutiae
on the basis of the true biometric signature derived
from the captured fingerprint. This code must be almost
identical to the authentication code if the user is
indeed the correct person;
- the code obtained is transferred from the terminal to
the chip card;
- the chip card comprises a means, in software or
hardware form, which makes it possible to compare (for
example by means of an XOR function) the code received
and the. authentication code, stored in the memory
during the enrolment phase. If the codes are
sufficiently identical with respect to the predefined
tolerance, then the card returns to the terminal a
positive message validating the identity of the user.
A first advantage of this method is its flexibility: it
is possible to choose a number of true and false
minutiae according to the security requirements and
processing time required. One of the most simple
implementations with the use of 10 true and 10 false
minutiae, and with a tolerance consisting of accepting
the error of one minutiae in the checking calculation,
gives rise to a rate of false acceptance of 1 in 10,000
and a processing time by the card of the same order as
the checking of a PIN code.
This method also has the same advantages of the system
of the prior art based on PIN codes since firstly there
is no longer any transfer of confidential information
from the card to the terminal and since moreover the
checking calculation implemented within the card is
very simple. It should be noted that the authentication
code fulfils a role similar to the PIN code of the
solutions of identification by PIN code as described
previously. Moreover, this method of course includes
the advantages of biometrics. The invention therefore
makes it possible to combine the advantages of
biometrics and PIN code.
The invention, as described in this embodiment, is
implemented by means of various devices comprising the
following particular functionalities:
- obscuring software based on a method of producing
false minutiae, combining false and true minutiae in
order to produce an obscured biometric signature and an
authentication code, implemented 'during an enrolment
phase on a secure terminal of a service provider such
as a bank;
software for comparing an extracted biometric
signature with an obscured biometric signature,
generating a code, used on a service terminal during an
identity check phase;
a code check means used on the card which also
possesses a secure memory for containing an
authentication code and a reference obscured biometric
signature.
The methods of the invention are of course adapted to
other fields of biometrics, using similar mechanisms
based on particular biometric data, fulfilling the role
of fingerprint minutiae. False particular biometric
data consistent with the true particular biometric data
will also be added.
In addition, the invention is particularly well adapted
to the systems based on personal objects such as chip
cards, possessing few hardware re-sources. It does
however remain applicable to other systems not
necessarily using such an object.
WE CLAIM :
1. An enrolment method comprising the capture of
biometric data, the extraction of a true biometric
signature composed of true particular biometric data,
characterised in that it comprises the following steps:
- producing false particular biometric data,
- generating the obscured biometric signature by
combining the false particular biometric data with the
true particular biometric data,
producing an authentication code which
indicates which are the false and true particular
biometric data of the obscured biometric signature.
2. An enrolment method as claimed in Claim 1,
wherein the false particular biometric data are
produced in a manner consistent with the true
particular biometric data.
3. An enrolment method as claimed in Claim 2, wherein
at least one false particular biometric data item is
produced by slightly transforming a true biometric data
item.
4. An enrolment method as claimed in Claim 3,
wherein the true particular biometric data are minutiae
which correspond to fingerprint data of a first finger
and in that at least one false minutiae is produced
from minutiae of a second finger.
5. An enrolment method as claimed in Claim 3,
wherein at least one false particular biometric data
item is produced by detecting a true biometric data
item having a geometry relatively close to a true
particular biometric data item and transforming this
true biometric data item in order to create the false
particular biometric data item.
6. An enrolment method as claimed in Claim 1,
wherein the authentication code is established
according to the following steps:
- the particular biometric data of the obscured
biometric signature are ordered;
- the authentication code is composed of a series
of bits, with a length equal to the total number of
true and false particular biometric data of the
obscured biometric signature, each bit indicating
respectively whether the corresponding particular
biometric data item is true or false.
7. An enrolment method as claimed in Claim 1,
wherein the biometric data are those of a fingerprint
and the particular biometric data minutiae.
8. An enrolment method as claimed in one of the
preceding claims, wherein the obscured biometric
signature and the authentication code are recorded on a
secure memory of a personal object of the chip card
type.
9. A biometric identity check method comprising
the capture of biometric data and the extraction of a
true biometric signature composed of true particular
biometric data, and comprising the following steps:
- comparing the true biometric signature with
an obscured biometric signature,
- producing a code indicating the true and
false biometric data on the basis of the previous
comparison with the true biometric signature,
- comparing this code with an authentication
code indicating the true and false particular
biometric data of the obscured biometric signature.
10. A biometric identity check method as claimed
in the preceding claim, wherein the authentication code
is stored in a secure memory of a personal object and
in that the comparison of the code and authentication
code takes place within the personal object.
11. A biometric identity check method as claimed
in the preceding claim for accessing a service by means
of a service terminal, based on a personal object f
the chip card type for storing the authentication code
and the obscured biometric signature and comprising the
following steps:
- transferring the obscurec biometric signature
from the personal object to the service terminal for
the comparison of the true biometric signature with the
obscured biometric signature and producing the code
within the service terminal;
- transferring the code from the service terminal
to the personal object for comparison of the code with
the authentication code on the personal object.
12. An enrolment device using biometric
signature extraction software in order to obtain a true
fiometric signature composed of true particular
biometric data from captured bicrr.etric data,
characterised in that it uses . obscuring software
consisting firstly of producing false particular
biometric data and combining them with true particular
biometric data in order to obtain an obscured biometric
signature,
and moreover producing an authentication code for
indicating the true and false particular biometric data
of the obscured biometric signature.
13.An enrolment device as claimed in the
preceding claim, wherein it comprises a device for
communicating with a personal object of the chip card
type able to transfer the obscured biometric signature
and the authentication code to the personal object.
14. A personal object comprising a secure memory
and a communication means, characterised in that it
comprises in its secure memory an obscured biometric
signature and an authentication code and in that it
comprises a means of comparing a code transferred by
the communication means with the authentication code.
15. A personal object as claimed in the
preceding claim, wherein it is a medium with a chip of
the chip card type.
16. A service terminal using extraction software
in order to obtain a true biometric signature composed
of true particular biometric. data from captured
biometric data and using software for producing a code
from a comparison between the true biometric signature
and an obscured biometric signature, the code
indicating the true and false biometric data on the
basis of the true biometric signature calculated by t.he
service terminal.
17. A service terminal as claimed in the
preceding claim, wherein it comprises a communication
device for communicating with a personal object of the
chip card type able to transfer the obscured biometric
signature from the personal object and the code
produced to the personal object.
An Enrolment Method Comprising The Capture Of Biometric
Data And A Biometric Identity Check Method
A method and associated device for checking a
biometric signature by means of a very simple and
secure calculation adapted to objects of the chip card
type.
The method is based on the storage within the
object of an obscured biometric signature and an
associated authentication code, a terminal capturing a
fingerprint compares it with the obscured biometric
signature transmitted by the card and transfers the
result of this comparison to the chip card, which
validates this result with the authentication code.

Documents:

« Previous Patent

Next Patent »

Patent Number

224731

Indian Patent Application Number

02467/KOLNP/2005

PG Journal Number

43/2008

Publication Date

24-Oct-2008

Grant Date

22-Oct-2008

Date of Filing

02-Dec-2005

Name of Patentee

GEMPLUS

Applicant Address

AVENUE DU PIC DE BERTAGNE, PARC D'ACTIVITÉ DE GÉMENOS, F-13420 GÉMENOS

Inventors:

#	Inventor's Name	Inventor's Address
1	NACCACHE DAVID	52, RUE LETORT, F-75018 PARIS
2	BARRAL, CLAUDE	6 LA BASTIDE SAMAT, F-13119 ST SAVOURNIN
3	CORON, JEAN-SEBASTIEN	17 AVENUE D'ARGENTEUIL, F-92600 ASNIÈRES-SUR-SEINE
4	CARDONNEL, CÉDRIC	RÉSIDENCE "LES HAUTS DE CASSIS", BÂT.D, F-13470 CARNOUX EN PROVENCE

PCT International Classification Number

G06K 9/00

PCT International Application Number

PCT/EP2004/050996

PCT International Filing date

2004-06-02

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	0306789	2003-06-05	France