[go: up one dir, main page]

CN1377492A - Devices for measuring and analyzing data or signals and methods for verifying the identity or authorization of persons - Google Patents

Devices for measuring and analyzing data or signals and methods for verifying the identity or authorization of persons Download PDF

Info

Publication number
CN1377492A
CN1377492A CN00803571A CN00803571A CN1377492A CN 1377492 A CN1377492 A CN 1377492A CN 00803571 A CN00803571 A CN 00803571A CN 00803571 A CN00803571 A CN 00803571A CN 1377492 A CN1377492 A CN 1377492A
Authority
CN
China
Prior art keywords
data
input data
person
authorization
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN00803571A
Other languages
Chinese (zh)
Other versions
CN1154960C (en
Inventor
M·布罗姆巴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Corp
Original Assignee
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Corp filed Critical Siemens Corp
Publication of CN1377492A publication Critical patent/CN1377492A/en
Application granted granted Critical
Publication of CN1154960C publication Critical patent/CN1154960C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/21Individual registration on entry or exit involving the use of a pass having a variable access code

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Collating Specific Patterns (AREA)

Abstract

When checking the identity or authorization of a person, secret or personal-specific data are protected against intrusion by third parties in that the data are checked in a protected area. And if the verification result is positive, carrying out encryption coding on input data input from the outside by using the key stored in the protection area. The input data encrypted and encoded is outputted to the outside. The identity or authorization can be verified by decryption.

Description

测定和分析数据或信号的装置 以及检验人的身份或授权的方法Devices for measuring and analyzing data or signals and methods for verifying the identity or authorization of persons

随着信息技术系统的不断扩宽,检验人的身份或授权的方法显得越来越重要。这种类型的已知方法都有一个共同点,就是授权的人相对于信息技术系统而言是借助一种信息或特征来识别的,所述信息只有该人知道,且所述特征是该人特有的、唯一的和不变的。As information technology systems continue to expand, methods of verifying a person's identity or authorization are becoming more and more important. Known methods of this type all have in common that an authorized person is identified with respect to an information technology system by means of information or a characteristic known only to that person, and said characteristic is that the person Unique, unique and unchanging.

人的诸如指印图样、虹膜图样及类似特征等生物特征的特点在于其唯一性和不变性。因此,借助信息技术系统可以轻易地从生物特征来识别每个人。只要不暴露关键字,该秘密的关键字也可以为人的特定特征。为此,生物特征和关键字能很好地适用于上述目的。A person's biometrics, such as fingerprint patterns, iris patterns, and the like, are characterized by their uniqueness and invariance. Therefore, each person can be easily identified from biometrics with the help of information technology systems. The secret keyword can also be a specific characteristic of a person as long as the keyword is not revealed. For this reason, biometrics and keywords are well suited for the above purposes.

现代生物鉴别方法首先是借助特殊的传感器测定人的生物特征以作为原始数据。借助特殊算法再从这些原始数据中提取本来的特征。然后通过将存放的参考特征数组与当前的特征进行比较来实现鉴别或识别。The modern biometric identification method is to use special sensors to determine the biological characteristics of people as the original data. The original features are extracted from these raw data with the help of special algorithms. Identification or identification is then achieved by comparing the stored reference signature array with the current signature.

显然,所述方法的可靠性主要取决于非法者不能获得所述的原始数据、提取的特征数组和关键字。但在今天已知的系统中,这种要求是不能满足的,或者说满足得不够。本发明所基于的任务在于改进这种状况。该任务通过具有权利要求1特征部分的测定和分析数据或信号的装置来解决,或者通过具有权利要求5特征部分的、检验人的身份或授权的方法来解决。Apparently, the reliability of the method mainly depends on the inability of illegal persons to obtain the original data, extracted feature arrays and keywords. But in the systems known today, this requirement cannot be satisfied, or not satisfied enough. The object underlying the invention is to improve this situation. This object is achieved by a device for determining and evaluating data or signals having the characterizing parts of claim 1 or by a method for checking the identity or authorization of a person having the characterizing parts of claim 5 .

在此,本发明所基于的思想在于,人的特征数据不传送到外部系统,而是通过授权人所具有的装置来测定这些数据或信号,然后借助所述装置把该装置从外部系统获得的输入数据进行加密编码,这样,所述外部系统不是从需保护的授权人的特征来识别他的授权,而是从所述输入数据的正确加密编码来识别。在此,特征的识别和输入数据的加密编码是优选地在防止非法访问的、非常安全的装置内进行的。由此可以有效地防止一个人的特征数据被滥用。Here, the invention is based on the idea that the characteristic data of a person are not transmitted to an external system, but rather these data or signals are determined by means of a device possessed by the authorized person, and the data obtained by this device from the external system are then transferred by means of said device. The input data are encrypted, so that the external system does not recognize the authorization of the authorizer to be protected from his identity, but from the correct encryption of the input data. In this case, the identification of the features and the encryption of the input data are preferably carried out in a very secure device against unauthorized access. Misuse of a person's characteristic data can thus be effectively prevented.

本发明的优选扩展方案由从属权利要求给出。Preferred developments of the invention are given by the subclaims.

下面借助优选实施例并参考附图来讲述本发明。The invention is explained below with the aid of preferred exemplary embodiments and with reference to the drawings.

图1简要地示出了本发明优选实施方案的结构,并同时阐明了本发明方法的流程。Fig. 1 schematically shows the structure of the preferred embodiment of the present invention, and at the same time illustrates the flow of the method of the present invention.

本发明用于测定和分析数据或信号、尤其是用于检验人的身份或授权等的装置包括有:用于测定数据(D)或信号(S)的设备(DE);用于检验在所述装置内所测定的数据或信号的设备(DV);以及用于对所述装置内的输入数据(ED)进行加密编码的设备(KE)。The device according to the invention for measuring and analyzing data or signals, especially for checking the identity or authorization of persons, etc., comprises: a device (DE) for measuring data (D) or signal (S); means (DV) for data or signals measured in said device; and means (KE) for encrypting and encoding input data (ED) in said device.

所述测定数据或信号的设备可以是计算机或通信终端或其它小型设备的简单键盘。当然,为代替该键盘,也可以采用一种图像输入介质,譬如可以具有下置显示器的压力传感输入面等。这种输入设备特别适合用于测定关键字或签名。The device for measuring data or signals may be a simple keyboard of a computer or a communication terminal or other small devices. Of course, instead of the keyboard, an image input medium can also be used, for example, a pressure-sensing input surface with a display placed below it can be used. Such an input device is particularly suitable for determining keywords or signatures.

但是,用于测定数据或信号的设备也可以是麦克风,或是摄像机或指印传感器。尤其用来测定人的生物特征的其它设备也是可以想见的。所测定的数据或信号可以包括文字、数字、笔迹、有关声音试样、语音字或句等等,它们适合于鉴别或检验人的授权。可以直接、或在提取特征数据(MD)之后由检验设备(DV)来检验这些数据或信号。根据本发明,该检验设备位于所述的装置之内。因此,所述需检验的数据或信号、或从它们提取的特征数据在检验时不会离开所述的装置。However, the device for determining the data or signal can also be a microphone, or a video camera or a fingerprint sensor. Other devices are also conceivable, in particular for determining biological characteristics of a person. The measured data or signals may include characters, numbers, handwriting, relevant sound samples, phonetic words or sentences, etc., which are suitable for authentication or verification of human authorization. These data or signals can be verified directly, or by the verification device (DV) after extraction of the characteristic data (MD). According to the invention, the testing device is located within said device. Thus, the data or signals to be checked, or the characteristic data extracted from them, do not leave the device during the check.

为此,如果至少用户单独占有该装置并能排除非法者的侵犯,则他就可以确保其数据不被滥用。如果检验进行得成功(肯定),也就是说所述测定的数据及信号从检验的意义上指示出输入是由授权用户执行的,则从外部输入所述装置的输入数据(ED)便借助加密编码设备(KE)在该装置内进行加密编码。For this reason, the user can ensure that his data will not be misused if at least the user has exclusive possession of the device and can exclude unauthorized persons. If the verification is carried out successfully (positive), that is to say that the measured data and signals indicate in the sense of the verification that the input was performed by an authorized user, the input data (ED) entered into the device from the outside are encrypted by means of encryption. Encoding equipment (KE) performs encryption encoding within the device.

此时,外部系统便可以对该输入数据的正确加密编码进行检验,由此检验人的身份或其授权。对此,只需读出所述被加密编码过的输入数据并进行检验。该人的特征数据位于所述的装置之内,因此防止了被滥用。At this point, the external system can verify the correct encryption code of the input data, thereby verifying the person's identity or authorization. For this, it is only necessary to read out the encrypted input data and check it. The person's profile data resides within said device, thus preventing misuse.

在所述装置内检验人的数据可以利用各种不同的方法来实现。一方面,直接从测定的数据或信号中,或从自其提取的特征数据中计算出给输入数据加密编码时所需要的密钥。另一种可能性在于,将所述特征数据输入到一种判别功能内,由该断别功能以是/否判断的形式直接得出检验结果。相反,最简单的是将所述的数据、信号或特征数据同所述装置的存储器(SE1)内所存储的参考数据(RD)进行比较。但前面所讲述的两种方法有个优点,就是需保护的数据本身不存储在所述装置内,因此更好地防止了滥用。Checking the data of a person within the device can be accomplished using various methods. On the one hand, the key required for encrypting the input data is calculated directly from the measured data or signal, or from characteristic data extracted therefrom. Another possibility is to input the characteristic data into a decision function, from which the test result is directly produced in the form of a yes/no decision. Instead, it is easiest to compare said data, signal or characteristic data with reference data (RD) stored in the memory (SE1) of said device. However, the two methods described above have the advantage that the data to be protected are not themselves stored in the device, so misuse is better protected.

如果不直接在所述装置内计算出所述的密钥(K),那么将它存储在该装置的存储器(SE2)内便是比较有利的。另一种可能性在于,采用一种“固定连接”的算法来进行加密编码,其中所述的密钥隐式地隐藏在电路的结构之中。但该方法的缺点是制造费用较高。该明确存储的密钥位于必要时存储于所述装置之内的、个人专用参数的参考数据附近,否则该装置为通用的装置。If the key (K) is not directly calculated in the device, it is advantageous to store it in the memory (SE2) of the device. Another possibility is to use a "fixed connection" algorithm for the encryption, in which the key is implicitly hidden in the structure of the circuit. However, this method has the disadvantage of high manufacturing costs. This explicitly stored key is located next to the reference data of individual-specific parameters, which may be stored in the device, which is otherwise a universal device.

然而,除了在原则上适用于本发明的对称密钥之外,还可以特别采用不对称的密钥对。在该情形下,所述的密钥(K)为授权人私人的、也即秘密保留的密钥。相反,采用公开的密钥在检验人的身份或授权的外部信息系统中对加密编码过的输入数据进行解密。However, in addition to symmetric keys which are suitable for the invention in principle, asymmetric key pairs can also be used in particular. In this case, said key (K) is a private key of the authorized person, ie kept secret. Instead, the public key is used to decrypt encrypted input data in an external information system that verifies the person's identity or authorization.

特别地,随机或伪随机的字符序列、数字序列或符号序列适合被用作输入数据(ED),这些序列的正确加密编码可以由外部的检验系统轻易地进行检验,且实际上它们是不能由入侵者预言或猜测的。而且,该符号序列的复原时间可以足够地长,也即实际上为无限长。In particular, random or pseudo-random sequences of characters, numbers or symbols are suitable as input data (ED), the correct encryption code of these sequences can be easily checked by an external verification system, and in fact they cannot be checked by Predicted or guessed by an intruder. Moreover, the restoration time of the symbol sequence can be sufficiently long, that is, practically infinite.

Claims (8)

1.用于测定和分析数据或信号、尤其是用于检验人的身份或授权等的装置,具有如下特征:1. Devices for determining and analyzing data or signals, especially for checking the identity or authorization of persons, etc., having the following characteristics: a)用于测定数据(D)或信号(S)的设备(DE);a) equipment (DE) for determining data (D) or signal (S); b)用于在所述装置内检验所述测定的数据或信号的设备(DV);b) a device (DV) for checking the data or signal of said assay within said device; c)用于在所述装置内对输入数据(ED)进行加密编码的设备(KE)。c) A device (KE) for encrypting the input data (ED) within the device. 2.如权利要求1所述的装置,其中对所述测定数据或信号的检验是通过将该数据或信号、或从其导出的特征数据(MD)同存储于所述装置的存储设备(SE1)内的参考数据(RD)进行比较来实现的。2. Apparatus according to claim 1, wherein said measured data or signal is checked by storing said data or signal, or characteristic data (MD) derived therefrom, in a memory device (SE1) of said apparatus ) is compared to the reference data (RD). 3.如前述权利要求之一所述的装置,其中借助存储于所述装置的存储器(SE2)之内的密钥(K)来对所述的输入数据(ED)进行加密编码。3. The device as claimed in one of the preceding claims, wherein the input data (ED) are encrypted by means of a key (K) stored in a memory (SE2) of the device. 4.如前述权利要求之一所述的装置,其中装设有一种用于传输所述加密编码过的输入数据(ED)的设备(MT)。4. The device as claimed in one of the preceding claims, wherein a device (MT) is provided for transmitting the encrypted input data (ED). 5.检验人的身份或授权的方法,具有如下步骤:5. A method of verifying a person's identity or authorization, comprising the following steps: a)由该人向一种装置输入一个保密的数据,或由所述的装置借助传感设备测定该人的个人特有特征,尤其是生物特征;a) input of confidential data by the person into a device, or the determination of personal characteristics, in particular biometrics, of the person by said device by means of a sensor device; b)在所述的装置内检验所述输入的数据或所述测定的传感数据;b) verifying said input data or said measured sensory data within said device; c)如果该检验结果为肯定,则在所述装置内对输入数据进行加密编码。c) If the result of this check is positive, the input data is encrypted and encoded within the device. 6.如权利要求5所述的方法,其中对所述输入的数据或测定的传感数据的检验是通过将该数据或由其导出的特征数据同存储于所述装置的存储设备内的参考数据进行比较来实现的。6. A method as claimed in claim 5, wherein said input data or measured sensory data is checked by comparing the data or characteristic data derived therefrom with a reference stored in a storage device of said apparatus. data are compared. 7.如权利要求5或6之一所述的方法,其中借助存储于所述装置的存储器(SE2)之内的密钥(K)来对所述的输入数据(ED)进行加密编码。7. The method as claimed in one of claims 5 or 6, wherein said input data (ED) are encrypted by means of a key (K) stored in a memory (SE2) of said device. 8.如权利要求5、6或7之一所述的方法,其中所述存储于所述装置之内的密钥为授权人的私人密钥,而且,借助一种传输装置(MT)将所述加密编码过的输入数据传输给所述装置之外的接收设备,并由该接收设备或后接于其上的设备通过借助授权人的公开密钥进行解密来检验该输入数据。8. Method according to any one of claims 5, 6 or 7, wherein said key stored in said device is the private key of the authorized person, and said key is transferred by means of a transmission means (MT) The encrypted input data are transmitted to a receiving device outside the device, and are verified by this receiving device or a device connected thereto by decryption using the public key of the authorized person.
CNB008035717A 1999-02-08 2000-02-01 Arrangement for determining and evaluating data or signals and method for verifying identify or authorisation of person Expired - Lifetime CN1154960C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE19905033.3 1999-02-08
DE19905033 1999-02-08

Publications (2)

Publication Number Publication Date
CN1377492A true CN1377492A (en) 2002-10-30
CN1154960C CN1154960C (en) 2004-06-23

Family

ID=7896762

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB008035717A Expired - Lifetime CN1154960C (en) 1999-02-08 2000-02-01 Arrangement for determining and evaluating data or signals and method for verifying identify or authorisation of person

Country Status (4)

Country Link
EP (1) EP1151417A1 (en)
CN (1) CN1154960C (en)
HU (1) HUP0201309A2 (en)
WO (1) WO2000048133A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100541542C (en) * 2003-06-24 2009-09-16 T-科斯瑟鲁申斯公司 Working time recording system and method for recording working time
US8868681B2 (en) 2009-10-30 2014-10-21 Huawei Technologies Co., Ltd. Method, device, and system for remotely acquiring user physiological detection data

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4405829A (en) * 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
DE3412663A1 (en) * 1984-04-04 1985-10-17 Siemens AG, 1000 Berlin und 8000 München CHIP CARD SYSTEM
US5657388A (en) * 1993-05-25 1997-08-12 Security Dynamics Technologies, Inc. Method and apparatus for utilizing a token for resource access
US5280527A (en) * 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
US5680460A (en) * 1994-09-07 1997-10-21 Mytec Technologies, Inc. Biometric controlled key generation
US6213391B1 (en) * 1997-09-10 2001-04-10 William H. Lewis Portable system for personal identification based upon distinctive characteristics of the user

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100541542C (en) * 2003-06-24 2009-09-16 T-科斯瑟鲁申斯公司 Working time recording system and method for recording working time
US8868681B2 (en) 2009-10-30 2014-10-21 Huawei Technologies Co., Ltd. Method, device, and system for remotely acquiring user physiological detection data

Also Published As

Publication number Publication date
EP1151417A1 (en) 2001-11-07
WO2000048133A1 (en) 2000-08-17
HUP0201309A2 (en) 2002-09-28
CN1154960C (en) 2004-06-23

Similar Documents

Publication Publication Date Title
Bolle et al. Biometric perils and patches
US6185316B1 (en) Self-authentication apparatus and method
EP0924656B2 (en) Personal identification FOB
KR20010078320A (en) Biometric identification method and system
JP2001525960A (en) Identification and security using biometrics
WO2004061668A1 (en) Authorized anonymous authentication
Matsumoto Gummy and conductive silicone rubber fingers importance of vulnerability analysis
Matyáš et al. Security of biometric authentication systems
CN109426713B (en) Fake biometric filtering device for use in identity verification systems
Taha et al. Information hiding: a tools for securing biometric information
Li et al. Privacy protection of fingerprint database
Moi et al. An improved approach of iris biometric authentication performance and security with cryptography and error correction codes
Latha et al. A study on attacks and security against fingerprint template database
US7724923B2 (en) Removable swipe-imaging device and method for identifying same
US12216748B2 (en) Authentication device, authentication method, and recording medium
CN1154960C (en) Arrangement for determining and evaluating data or signals and method for verifying identify or authorisation of person
Butt et al. Privacy protection of biometric templates
JP4575731B2 (en) Biometric authentication device, biometric authentication system and method
Bayly et al. Fractional biometrics: safeguarding privacy in biometric applications
JP4608527B2 (en) Card type medium judging device and judging system
Ali et al. The Application of Layered Authentication in Cybersecurity
TWI646474B (en) Forged-physiological-characteristic filtering device of identity authentication system
Cimato et al. Biometrics and privacy
Fleming Biometrics: Past, Present and Future
JP2004515014A (en) Method and apparatus for determining an error rate for a biometric device

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term

Granted publication date: 20040623

CX01 Expiry of patent term