U.S. patent application number 16/081608 was filed with the patent office on 2019-02-28 for fingerprint authorisable device.
The applicant listed for this patent is ZWIPE AS. Invention is credited to Kim Kristian HUMBORSTAD.
Application Number | 20190065918 16/081608 |
Document ID | / |
Family ID | 55807166 |
Filed Date | 2019-02-28 |
United States Patent
Application |
20190065918 |
Kind Code |
A1 |
HUMBORSTAD; Kim Kristian |
February 28, 2019 |
FINGERPRINT AUTHORISABLE DEVICE
Abstract
A fingerprint authorisable device may include a fingerprint
sensor for obtaining fingerprint data from a user's finger or
thumb, and a control system for controlling the device. The control
system may be arranged to provide access to one or more functions
of the device in response to identification of an authorised
fingerprint and the control system further may include a
fingerprint failure feature in which a non-fingerprint
authorisation can act to at least partially replace the fingerprint
authorisation such that the control system may be arranged to
provide access to at least some of the one or more functions of the
device when a user is identified via the non-fingerprint
authorisation. The non-fingerprint authorisation may require an
interaction with the fingerprint authorisable device by the user,
the interaction including one or more action(s) detected via the
fingerprint sensor.
Inventors: |
HUMBORSTAD; Kim Kristian;
(Oslo, NO) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
ZWIPE AS |
Oslo |
|
NO |
|
|
Family ID: |
55807166 |
Appl. No.: |
16/081608 |
Filed: |
March 1, 2017 |
PCT Filed: |
March 1, 2017 |
PCT NO: |
PCT/EP2017/054778 |
371 Date: |
August 31, 2018 |
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
G06K 19/0718 20130101;
G06K 19/0719 20130101; G06F 21/32 20130101 |
International
Class: |
G06K 19/07 20060101
G06K019/07; G06F 21/32 20060101 G06F021/32 |
Foreign Application Data
Date |
Code |
Application Number |
Mar 2, 2016 |
GB |
1603602.2 |
Claims
1. A fingerprint authorisable device comprising: a fingerprint
sensor for obtaining fingerprint data from a user's finger or
thumb, and a control system for controlling the device; wherein the
control system is arranged to provide access to one or more
functions of the device in response to identification of an
authorised fingerprint, wherein the control system further includes
a fingerprint failure feature in which a non-fingerprint
authorisation can act to at least partially replace the fingerprint
authorisation such that the control system is arranged to provide
access to at least some of the one or more functions of the device
when a user is identified via the non-fingerprint authorisation,
and wherein the non-fingerprint authorisation requires an
interaction with the fingerprint authorisable device by the user,
the interaction including one or more action(s) detected via the
fingerprint sensor.
2. A fingerprint authorisable device as claimed in claim 1, wherein
the action(s) detected via the fingerprint sensor include one or
more of a stationary contact with the sensor, a moving contact with
the sensor, a time period of contact with the sensor, a direction
of movement of contact with the sensor, a number of contacts with
the sensor, or a time period where there is no contact with the
sensor.
3. A fingerprint authorisable device as claimed in claim 1, wherein
the non-fingerprint authorisation requires a combination of
different actions.
4. A fingerprint authorisable device as claimed in claim 1, wherein
the action(s) include a sequence with parallel and/or perpendicular
movements, or more complex movements defined by the user, such as a
rotating contact or a circular movement.
5. A fingerprint authorisable device as claimed in claim 1, wherein
the actions detected by the fingerprint sensor include a time
period of one or more contacts, a number of contacts and/or the
spacing in between contacts.
6. A fingerprint authorisable device as claimed in claim 1, wherein
the control system is arranged to enrol an authorised user by
obtaining fingerprint data via the fingerprint sensor.
7. A fingerprint authorisable device as claimed in claim 1, wherein
the control system has an enrolment mode in which a user may enrol
their fingerprint via the fingerprint sensor with the fingerprint
data generated during enrolment being stored on the memory, and
wherein the control system is arranged to prompt the user for
enrolment of a non-fingerprint authorisation code in addition to
fingerprint enrolment and/or in the event of a failure to enrol the
user.
8. A fingerprint authorisable device as claimed in claim 1, wherein
the device is a portable device
9. A fingerprint authorisable device as claimed in claim 1, wherein
the device is a smartcard.
10. A fingerprint authorisable device as claimed in claim 1,
wherein the device is a fingerprint authorisable RFID card.
11. A fingerprint authorisable device as claimed in claim 1,
wherein the device is a single-purpose device.
12. A fingerprint authorisable device as claimed in claim 1,
wherein the non-fingerprint authorisation includes interactions
with the fingerprint sensor and interactions with one or more
further sensor such as one or more button, capacitive sensor or
accelerometer, for example.
13. A fingerprint authorisable device as claimed in claim 1,
wherein the device comprises an accelerometer for sensing movements
of the device, wherein the control system is arranged to identify
movements of the device based on the output of the accelerometer,
and wherein the non-fingerprint authorisation includes a
combination of one or more action(s) detected via the fingerprint
sensor as well as a movement sensed by the accelerometer.
14. A fingerprint authorisable device as claimed in claim 1,
wherein action(s) detected via the fingerprint sensor are able to
prompt the control system to switch between different modes of
multiple operating modes of the device.
15. A method for controlling a fingerprint authorisable device
having a fingerprint sensor for obtaining fingerprint data from a
user's finger or thumb, and a control system for controlling the
device; the method comprising: providing access to one or more
functions of the device in response to identification of an
authorised fingerprint; and alternatively or additionally providing
access to at least some of the one or more functions of the device
when a user is identified via a non-fingerprint authorisation as a
part of a fingerprint failure feature of the control system in
which a non-fingerprint authorisation can act to at least partially
replace the fingerprint authorisation; wherein the non-fingerprint
authorisation requires an interaction with the fingerprint
authorisable device by the user, the interaction including one or
more action(s) detected via the fingerprint sensor.
16. A method as claimed in claim 15 comprising use of the device of
claim 1.
17. A method as claimed in claim 15, wherein the fingerprint
failure feature is utilised in the event that a user is unwilling
or unable to provide fingerprint data for use in a fingerprint
authorisation.
18. A method as claimed in claim 15, wherein the fingerprint
failure feature is utilised in the event that fingerprint
authorisation of an enrolled user is unsuccessful.
19. A computer programme product comprising instructions that, when
executed on a control system in a fingerprint authorisable device
as claimed in claim 1, will cause the control system to: provide
access to one or more functions of the device in response to
identification of an authorised fingerprint; and alternatively or
additionally provide access to at least some of the one or more
functions of the device when a user is identified via a
non-fingerprint authorisation as a part of a fingerprint failure
feature of the control system in which a non-fingerprint
authorisation can act to at least partially replace the fingerprint
authorisation; wherein the non-fingerprint authorisation requires
an interaction with the fingerprint authorisable device by the
user, the interaction including one or more action(s) detected via
the fingerprint sensor.
20. A method of adapting a fingerprint authorisable device in order
to provide a fingerprint failure feature, wherein the fingerprint
authorisable device comprises a fingerprint sensor for obtaining
fingerprint data from a user's finger or thumb, and a control
system for controlling the device; the method comprising installing
a computer programme product as claimed in claim 19 on the
fingerprint authorisable device
21. (canceled)
22. (canceled)
Description
[0001] The present invention relates to a fingerprint authorisable
device and to a method for controlling a fingerprint authorisable
device.
[0002] Fingerprint authorised devices such as smartcards are
becoming increasingly more widely used. Smartcards for which
biometric authorisation has been proposed include, for example,
access cards, credit cards, debit cards, pre-pay cards, loyalty
cards, identity cards, cryptographic cards, and so on. Smartcards
are electronic cards with the ability to store data and to interact
with the user and/or with outside devices, for example via
contactless technologies such as RFID. These cards can interact
with sensors to communicate information in order to enable access,
to authorise transactions and so on. Other devices are also known
that make use of biometric authorisation such as fingerprint
authorisation, and these include computer memory devices, building
access control devices, military technologies, vehicles and so
on.
[0003] In some cases a fingerprint authorisation may fail or may
not be possible. For example the user's fingerprints may be damaged
by injury, or covered up. The sensor may also be damaged or might
otherwise be inoperable. Another situation that can arise with
fingerprint sensors is a failure to enrol. This is a fundamental
issue with a small percentage of the population, who have
fingerprints that for some reason cannot be registered using some
or all sensors, and it also arises when people have missing or
damaged fingers. In addition, some users do not wish to record
their fingerprint details. In existing fingerprint authorisable
devices this presents a major problem, and often means that an
alternative device must be provided for some users.
[0004] Viewed from a first aspect the present invention provides a
fingerprint authorisable device comprising: a fingerprint sensor
for obtaining fingerprint data from a user's finger or thumb, and a
control system for controlling the device, wherein the control
system is arranged to provide access to one or more functions of
the device in response to identification of an authorised
fingerprint, wherein the control system further includes a
fingerprint failure feature in which a non-fingerprint
authorisation can act to at least partially replace the fingerprint
authorisation such that the control system is arranged to provide
access to at least some of the one or more functions of the device
when a user is identified via the non-fingerprint authorisation,
and wherein the non-fingerprint authorisation requires an
interaction with the fingerprint authorisable device by the user,
the interaction including one or more action(s) detected via the
fingerprint sensor.
[0005] Thus, with the fingerprint authorisable device of this
aspect it is possible for users that are unable to enrol for
fingerprint authorisation to still use some or all of the features
of the device by means of the non-fingerprint authorisation. The
non-fingerprint authorisation also provides a way for enrolled
users to continue to use the device when they are not able to
provide fingerprint authorisation, for example due to an injury
that prevents access to or damages the enrolled fingerprint(s).
Further, as noted above some users may not wish to enrol via
fingerprint, and this feature allows for those users to use the
device based purely on non-fingerprint authorisation, whilst at the
same time still using the fingerprint sensor as an input for
interaction with the device and with the authorisation process. The
fingerprint sensor is used for part of or all of the
non-fingerprint authorisation process, meaning that the proposed
non-fingerprint authorisation can be carried out with no
requirement for adding further sensors to the device, although if
other sensors are present then these may be utilised as explained
below. The modification to allow for the enrolment failure feature
may be implemented based purely on an adjustment to the control
system for the device, which may advantageously be purely a
software modification in some cases.
[0006] The action(s) detected via the fingerprint sensor may
include one or more of a stationary contact with the sensor, a
moving contact with the sensor, a time period of contact with the
sensor, a direction of movement of contact with the sensor, a
number of contacts with the sensor, or a time period where there is
no contact with the sensor (i.e. a time period between contacts).
Preferably the non-fingerprint authorisation requires a combination
of different actions, which may include a sequence of actions on
the fingerprint sensor and/or at least one action on the
fingerprint sensor in combination with at least one action via
another input or sensor.
[0007] The contact may be any contact detectable via the
fingerprint sensor of the device. The nature of fingerprint sensors
means that they are arranged to identify contact with the skin and
so the contact may be a contact of the skin, for example contact
with a fingertip or thumbtip. The user may for some reason have
fingerprint characteristics that are not able to be enrolled, or
they may have decided not to enrol their fingerprint and hence the
interactions with the fingerprint sensor that are used during the
non-fingerprint authorisation may be distinguished from
interactions during fingerprint authorisation by the fact that the
fingerprint sensor is not used to gather a sufficient level of
information about the contact to enable a fingerprint
authorisation.
[0008] An action in the form of stationary contact detected by the
fingerprint sensor may include a detection of the presence of a
contact, as distinct from the absence of a contact. Alternatively,
the action(s) detected by the fingerprint sensor may include a
detection of characteristics of the contact that allow for
differentiation between two different contacts, e.g. a difference
between one person's thumb contact and another person's thumb
contact, but are not sufficiently detailed or complex for full
fingerprint enrolment. These characteristics could be stored in the
same way as fingerprint data for enrolled users.
[0009] An action in the form of a moving contact detected by the
fingerprint sensor may include a detection of the direction of
movement and/or a speed of the movement. The direction may be
identified relative to one or more axes of the device. For example
in the case of a smartcard the control system may be arranged to
distinguish between a contact moving parallel with the long side of
the card and a contact moving parallel with the short side of the
card. The action(s) may include a sequence with parallel and/or
perpendicular movements, or more complex movements defined by the
user, such as a rotating contact or a circular movement.
[0010] Whether the fingerprint sensor is used to simply detect the
presence of a contact or to detect more complex characteristics the
actions detected by the fingerprint sensor may include a time
period of one or more contacts, a number of contacts and/or the
spacing in between contacts, similar to codes such as Morse code,
for example. The interaction with the device required for the
non-fingerprint authorisation may hence include or consist of a
code input by a sequence of stationary or moving contacts with the
sensor.
[0011] When the non-fingerprint authorisation is used to access the
one or more functions of the device, then the user may be permitted
access to all of the functions that are accessible via the
fingerprint authorisation, or the user may only be given restricted
access to these functions. In one possible implementation in the
case of a failure to enrol, i.e. where there is no fingerprint data
available for fingerprint authorisation, then the user may be
permitted full access to the one or more functions of the device
using the non-fingerprint authorisation. This then enables the
device to be used fully by a person that is unable or unwilling to
enrol, albeit with potentially reduced security. In the case where
there is fingerprint data but for some reason the user cannot
complete the fingerprint authorisation process, e.g. in the case of
an injury to the finger, then the device may be arranged to allow
only partial access in response to the non-fingerprint
authorisation. This can allow for restricted use of the device when
a user who normally uses fingerprint authorisation is temporarily
unable to provide fingerprint authorisation or decides to use the
non-fingerprint authorisation. For example, in the case where the
device is a smartcard use for financial transactions then the
non-fingerprint authorisation might permit payments with a limit on
the size of the payments, whereas fingerprint authorisation may
permit payments without limit or with a larger limit.
[0012] The authorised user may initially enrol their fingerprint
with the device, optionally indirectly through some other device,
but preferably directly onto the device via the fingerprint sensor,
and may then typically be required to place their finger or thumb
on the fingerprint sensor in order to authorise some or all uses of
the device. A fingerprint matching algorithm in the control system
may be used to identify a fingerprint match between an enrolled
user and a fingerprint sensed by the fingerprint sensor. In the
event of a failure to match the fingerprint, the control system may
issue a prompt for a non-fingerprint authorisation.
[0013] It is preferred for the device to be arranged so that it is
impossible to extract the data used for identifying users via
fingerprint and/or non-fingerprint authorisation, example by a
fingerprint template or the like. The transmission of this type of
data outside of the device is considered to be one of the biggest
risks to the security of the device.
[0014] To avoid any need for communication of the fingerprint data
outside of the device then the device may be able to self-enrol,
i.e. the control system may be arranged to enrol an authorised user
by obtaining fingerprint data via the fingerprint sensor. This also
has advantages arising from the fact that the same sensor with the
same geometry is used for the enrolment as for the fingerprint
authorisation. The fingerprint data can be obtained more
consistently in this way compared to the case where a different
sensor on a different device is used for enrolment. With
fingerprint biometrics, one problem has been that it is difficult
to obtain repeatable results when the initial enrolment takes place
in one place, such as a dedicated enrolment terminal, and the
subsequent enrolment for matching takes place in another, such as
the terminal where the matching is required. The mechanical
features of the housing around each fingerprint sensor must be
carefully designed to guide the finger in a consistent manner each
time it is read by any one of multiple sensors. If a fingerprint is
scanned with a number of different terminals, each one being
slightly different, then errors can occur in the reading of the
fingerprint. Conversely, if the same fingerprint sensor is used
every time then the likelihood of such errors occurring is
reduced.
[0015] In accordance with the proposed device, both the matching
and enrolment scans may be performed using the same fingerprint
sensor. As a result, scanning errors can be balanced out because,
for example, if a user tends to present their finger with a lateral
bias during enrolment, then they are likely to do so also during
matching.
[0016] The control system may have an enrolment mode in which a
user may enrol their fingerprint via the fingerprint sensor, with
the fingerprint data generated during enrolment being stored on the
memory. The control system may be arranged to prompt the user for
enrolment of a non-fingerprint authorisation code in addition to
fingerprint enrolment (i.e. to allow for later failures in
fingerprint authorisation) and/or in the event of a failure to
enrol the user.
[0017] The control system may be in the enrolment mode when the
device is first provided to the user, so that the user can
immediately enrol their fingerprint data. The first enrolled user
may be provided with the ability to later prompt an enrolment mode
for subsequent users to be added, for example via input on an input
device of the device after identification has been confirmed.
Alternatively or additionally it may be possible to prompt the
enrolment mode of the control system via outside means, such as via
interaction between the device and a secure system, which may be a
secure system controlled by the manufacturer or by another
authorised entity.
[0018] The control system may include a fingerprint processor for
executing the fingerprint matching algorithm and a memory for
storing fingerprint data for enrolled fingerprints. The control
system of the device may include multiple processors, wherein the
fingerprint processor may be a separate processor associated with
the fingerprint sensor. Other processors may include a control
processor for controlling basic functions of the device, such as
communication with other devices (e.g. via contactless
technologies), activation and control of receivers/transmitters,
activation and control of secure elements such as for financial
transactions and so on. The various processors could be embodied in
separate hardware elements, or could be combined into a single
hardware element, possibly with separate software modules.
[0019] The device may be a portable device, by which is meant a
device designed for being carried by a person, preferably a device
small and light enough to be carried conveniently. The device can
be arranged to be carried within a pocket, handbag or purse, for
example. The device may be a smartcard such as a fingerprint
authorisable RFID card. The device may be a control token for
controlling access to a system external to the control token, such
as a one-time-password device for access to a computer system or a
fob for a vehicle keyless entry system. The device is preferably
also portable in the sense that it does not rely on a wired power
source. The device may be powered by an internal battery and/or by
power harvested contactlessly from a reader or the like, for
example from an RFID reader.
[0020] The device may be a single-purpose device, i.e. a device for
interacting with a single external system or network or for
interacting with a single type of external system or network,
wherein the device does not have any other purpose. Thus, the
device is to be distinguished from complex and multi-function
devices such as smartphones and the like.
[0021] Where the device is a smartcard then the smartcard may be
any one of: an access card, a credit card, a debit card, a pre-pay
card, a loyalty card, an identity card, or the like. The smartcard
preferably has a width of between 85.47 mm and 85.72 mm, and a
height of between 53.92 mm and 54.03 mm. The smartcard may have a
thickness less than 0.84 mm, and preferably of about 0.76 mm (e.g.
.+-.0.08 mm). More generally, the smartcard may comply with ISO
7816, which is the specification for a smartcard.
[0022] Where the device is a control token it may for example be a
keyless entry key for a vehicle, in which case the external system
may be the locking/access system of the vehicle and/or the ignition
system. The external system may more broadly be a control system of
the vehicle. The control token may act as a master key or smart
key, with the radio frequency signal giving access to the vehicle
features only being transmitted in response to fingerprint
identification of an authorised user. Alternatively the control
token may act as a remote locking type key, with the signal for
unlocking the vehicle only being able to be sent if the fingerprint
authorisation module identifies an authorised user. In this case
the identification of the authorised user may have the same effect
as pressing the unlock button on prior art keyless entry type
devices, and the signal for unlocking the vehicle may be sent
automatically upon fingerprint or non-fingerprint identification of
an authorised user, or sent in response to a button press when the
control token has been activated by authentication of an authorised
user.
[0023] The non-fingerprint authorisation may include interactions
with the fingerprint sensor and optionally with one or more further
sensor. In some implementations no sensors are added compared to a
`standard` device without the non-fingerprint authorisation, but
where additional sensors are already present then the
non-fingerprint authorisation may include interactions with such
devices as well as the interaction(s) with the fingerprint sensor.
Additional sensors on the fingerprint authorisable device may
include one or more button, capacitive sensor or accelerometer, for
example.
[0024] Thus, the device may comprise an accelerometer for sensing
movements of the device, wherein the control system is arranged to
identify movements of the device based on the output of the
accelerometer, and wherein the non-fingerprint authorisation
includes a combination of one or more action(s) detected via the
fingerprint sensor as well as a movement sensed by the
accelerometer.
[0025] The various possible ways for the user to interact with the
device, including action(s) detected via the fingerprint sensor,
movements detected by an accelerometer and/or inputs via buttons or
other sensors may be used as instructions for the control system to
switch between different modes of multiple operating modes of the
device.
[0026] The movements sensed by the accelerometer may include
rotation of the device in one or more directions
(clockwise/anticlockwise) and/or in one or more than one axis of
rotation, translation of the device in one or more directions
(forward/backward) and along one or more axis, and/or accelerations
in one or more directions (forward/backward) and along one or more
axis as well as jerk or impulses in one or more directions
(forward/backward) and along one or more axis. Combinations of
these movements may also be detected, for example a "flick" motion
including a combination of translation and
acceleration/deceleration to characterise the movement detected by
the accelerometer. When the device is a smartcard then the axes
referenced above may for example be x, y, z axes aligned with the
long side of the card, the short side of the card, and the normal
to the card. The accelerometer may also be arranged to detect a
free fall movement, for example when the device is dropped. The use
of accelerometers to detect free fall is well-established and is
used, for example, to activate safety features of hard disk drives
to prevent damage when they are dropped.
[0027] Rotations of the device sensed by the accelerometer may
include changes in orientation of the device, for example switching
a smartcard from portrait to landscape orientation or turning the
card over. The rotations may include 90 degree turns, 180 degree
turns, 270 degree turns or 360 degree turns, or intervening values,
in any direction.
[0028] Translational movements may include waving motions,
optionally in combination with acceleration/deceleration as with a
flicking type motion, or a tapping motion.
[0029] The control system may be arranged to identify the movements
of the device based on the output of the accelerometer, and use
this in the non-fingerprint authorisation and/or change the
operating mode of the device in response to pre-set movements. The
pre-set movements may include any or all movements discussed above.
In addition, the control system may determine the length of a time
period without motion, i.e. a time period indicative of no active
usage of the device, and this may also be used to change the
operating mode of the device. The control system may also be
arranged to identify repeated movements or sequences of movements,
such as a double tap, or a translational movement followed by a
rotation such as a sliding and twisting motion. Advantageously, the
device may be arranged to allow the user to set their own movements
and or combinations of movements. For example the control system
may have a learn mode where a combination of movements by the user
can be taught to the control system and then allocated to a
specific change in the operating mode of the device. This can
provide for increased security by the use of movements that may be
unique to each individual.
[0030] The operating modes of the device that are controlled by the
interaction of the user with the device may be related to a high
level function, for example turning the device on or off,
activating secure aspects of the device such as contactless
payment, or changing the basic functionality of the device for
example by switching a smartcard between operating as an access
card, a payment card, or a transportation smartcard, switching
between different accounts of the same type (e.g. two bank
accounts) and so on.
[0031] Alternatively or additionally the operating modes of the
device that are controlled by interaction of the user with the
device may concern more specific functionalities of the device, for
example switching between communications protocols (such as blue
tooth, wifi, NFC) and/or activating a communication protocol,
activating a display such as an LCD or LED display or obtaining an
output from the device, such as a one-time-password or the
like.
[0032] Alternatively or additionally the operating modes of the
device that are controlled by interaction of the user with the
device may include prompting the device to automatically perform a
standard operation of the device. Examples of such standard
operations might include a pre-set cash withdrawal in response to a
specific movement during or prior to communication with an ATM,
entering into a learning or set-up mode, PIN activation of a
smartcard (i.e. movements used in place of a PIN entry via a keypad
on an external card reader), sending a message to a contactless
reader or a smartphone (e.g. via NFC) and so on.
[0033] The control system may be arranged to allow for the user to
specify which interactions (including combinations of different
interactions or movements) should activate particular operating
modes, and/or to specify movements to be used as a part of the
non-fingerprint authorisation. The control system may use different
movements for each one of a set of operating modes, or
alternatively it may cycle through the operating modes of a set of
operating modes in response to a repeated movement.
[0034] Examples of combinations of movements and changes in the
operating mode of the device include: flicking a smartcard to
switch the card application between, for example, access card,
payment card, transport system card, turning on the device via a
pre-set (preferably user specified) activation gesture, turning the
device 180 degrees to switch between blue tooth and NFC, double tap
on a surface to activate a display and so on.
[0035] One example includes placing the device into a dropped
device mode when free fall is detected. This mode may require
reauthorisation via a security feature after the device has been
picked up before further use of the device is permitted, or before
full use of the device is permitted. This can ensure that a dropped
device cannot be fraudulently used if found by an unauthorised
user. The security feature may be the fingerprint authorisation,
the non-fingerprint authorisation, and/or use of a PIN at a card
reader for a smartcard. In one example for a payment card there
might be no authorisation for an automatic transaction via
contactless payments after the card is dropped until a subsequent
authorisation is provided.
[0036] The device may enter a dormant/off mode and require
re-activation or re-authorisation for continued use after it has
been left unused for a period of time, for example for several days
or several weeks depending on the application. A re-activation may
require a specific sequence of movements to be detected, or
activation via interaction with a sensor. A reauthorisation may be
as discussed above in relation to the dropped device mode.
[0037] Although movements can be detected by an accelerometer with
a single sensing axis, it is preferred to be able to detect
accelerations in all directions. This may be done via multiple
accelerometers, but preferably a single accelerometer is used that
can detect acceleration in all directions, such as a tri-axis
accelerometer.
[0038] The accelerometer may be a micro-machined accelerometer such
as a MEMS accelerometer. Alternatively a piezoelectric sensor may
be used, such as a dedicated piezoelectric accelerometer or another
piezoelectric sensor that can sense accelerations (e.g. a
piezoelectric sounder or microphone). The use of these types of
accelerometers allows for them to be installed on a portable device
such as a without the need for increasing the size of the device.
They also have low power consumption, which can be another design
restriction for portable devices such as smartcards. Piezoelectric
sensors may advantageously be incorporated into the device in such
a way that there is zero power consumption until an input is
detected by the piezoelectric sensor. The accelerometer may use a
sense element such as a micro-machined cantilever or seismic mass.
In an example implementation the acceleration sensing is based on
the principle of a differential capacitance arising from
acceleration-induced motion of the sense element. A possible
accelerometer that could be used is a Tri-axis Digital
Accelerometer such as those provided by Kionix, Inc. of Ithaca,
N.Y., USA. An example embodiment uses the Kionix KXCJB-1041
accelerometer.
[0039] The device may be capable of wireless communication, such as
using RFID or NFC communication. Alternatively or additionally the
device may comprise a contact connection, for example via a contact
pad or the like such as those used for "chip and pin" payment
cards. In various embodiments, the device may permit both wireless
communication and contact communication.
[0040] Viewed from a second aspect, the invention provides a method
for controlling a fingerprint authorisable device having a
fingerprint sensor for obtaining fingerprint data from a user's
finger or thumb, and a control system for controlling the device;
the method comprising: providing access to one or more functions of
the device in response to identification of an authorised
fingerprint; and alternatively or additionally providing access to
at least some of the one or more functions of the device when a
user is identified via a non-fingerprint authorisation as a part of
a fingerprint failure feature of the control system in which a
non-fingerprint authorisation can act to at least partially replace
the fingerprint authorisation; wherein the non-fingerprint
authorisation requires an interaction with the fingerprint
authorisable device by the user, the interaction including one or
more action(s) detected via the fingerprint sensor.
[0041] The method may include features as described above in
connection with the fingerprint authorisable device. Thus, the
action(s) detected via the fingerprint sensor may include one or
more action(s) as described above. The device may have any or all
features described above. For example the method may involve the
use of a device including an accelerometer and may hence include
detecting movements of the device and using those movements in
relation to the non-fingerprint authorisation and/or to prompt a
change in operating mode. The method may include using a
fingerprint matching algorithm in the control system to identify a
fingerprint match between an enrolled user and a fingerprint sensed
by the fingerprint sensor. The method may include using an
enrolment mode of the control system to enrol an authorised user by
obtaining fingerprint data via the fingerprint sensor. The control
system may have an enrolment mode in which a user may enrol their
fingerprint via the fingerprint sensor, with the user being
prompted for enrolment of a non-fingerprint authorisation code in
addition to fingerprint enrolment (i.e. to allow for later failures
in fingerprint authorisation) and/or in the event of a failure to
enrol the user.
[0042] The non-fingerprint authorisation may include interactions
with the fingerprint sensor and optionally with one or more further
sensor, as discussed above.
[0043] In a third aspect, the present invention provides a computer
programme product comprising instructions that, when executed on a
control system in a fingerprint authorisable device as described
above, will cause the control system to provide access to one or
more functions of the device in response to identification of an
authorised fingerprint; and to alternatively or additionally
provide access to at least some of the one or more functions of the
device when a user is identified via a non-fingerprint
authorisation as a part of a fingerprint failure feature of the
control system in which a non-fingerprint authorisation can act to
at least partially replace the fingerprint authorisation; wherein
the non-fingerprint authorisation requires an interaction with the
fingerprint authorisable device by the user, the interaction
including one or more action(s) detected via the fingerprint
sensor. The instructions may be arranged to cause the control
system to operate in accordance with any or all of the optional and
preferred features discussed above.
[0044] It will be appreciated from the discussion above that an
existing fingerprint authorisable device with a fingerprint sensor
for fingerprint authorisation and a control system for controlling
the device can be modified to implement the advantageous
fingerprint failure feature described herein. This can be done by
installing a computer programme product as described above. Another
aspect of the invention hence provides a method of adapting a
fingerprint authorisable device in order to provide a fingerprint
failure feature, wherein the fingerprint authorisable device
comprises a fingerprint sensor for obtaining fingerprint data from
a user's finger or thumb, and a control system for controlling the
device; the method comprising installing a computer programme
product as described above on the fingerprint authorisable
device.
[0045] In a fourth aspect that is not presently claimed, the
present invention provides a smartcard having multiple operating
modes, the smartcard comprising a processor for controlling
operation of the smartcard and an accelerometer for sensing
movements of the smartcard, wherein the processor is arranged to
switch between different modes of the multiple operating modes in
response to the movements sensed by the accelerometer.
[0046] This smartcard provides additional functionality by allowing
interaction between the user and the smartcard using movements or
gestures by a user holding or touching the card. This can allow for
alternative card features to be activated without the need for
manipulation of input devices on the card such as buttons or other
sensors needing direct physical contact. Advantageously the
smartcard is a contactless card and thus the user can switch
between different modes as well as using the card via card readers
with the only contact being holding of the card by the user. This
can allow for increased features and increased complexity in how
the smartcard is used, without detriment to the ease of operation
of the card.
[0047] The movements sensed by the accelerometer may be as
discussed above, for example. The smartcard of this aspect may
include any or all features discussed above for the device of the
first aspect.
[0048] The accelerometer measures a vibrational/movement pattern
that is specific to the sequence selected by the user. The
processor may be arranged to receive and record a movement pattern
that is to be enrolled to the smartcard. Alternatively or
additionally the accelerometer output data produced by the movement
pattern may be transmitted from the card during enrolment and
recorded in an external database. The processor may be arranged to
permit access to the one or more secure feature(s) when both of the
movements sensed by the accelerometer are determined to be a match
with an enrolled movement pattern and there is authentication of
the user's identity via the biometric sensor.
[0049] The output of the accelerometer is unique to the sequence of
movements made by the user, and also unique to the smartcard. Each
smartcard will have its own natural frequency as well as reacting
dynamically to interactions of the user with the card in a
different way to other cards. For example, a stiffer card will move
differently after the user waves or taps the card than a more
flexible card. Thus, it is important to understand that movements
of the card that are detected by the accelerometer will include the
effects of the dynamic reaction of the smartcard. The discussion
herein of movements detected by the accelerometer should be
understood in that context. The output signal (i.e. the
accelerometer output data) from the accelerometer is a
representation of the dynamic reaction of the smartcard as well as
the movement that are made.
[0050] Since the accelerometer output data is specific to both the
user and the card, then the data cannot be duplicated. If a "fake"
card is produced and the tap sequence data is "injected" into the
microprocessor, the dynamic reaction of the new card will be
different from the original card, so therefore it cannot be hacked
by mimicking the movement pattern. In the case of smartcards that
are mass produced then it is likely that tolerances and inevitable
small variations in the construction of the smartcards will lead to
differences in the characteristics of the movements of the
smartcard.
[0051] To enhance the distinctions between mass produced smart
cards manufactured using the same basic process then the
manufacturing method may include varying the location of the
accelerometer and/or adding mass/stiffness elements with differing
characteristics to the cards so that each individual card has a
fully unique movement pattern. Thus, the smartcard may include an
added mass or stiffness element in some examples. If another user
tries to use the original card by following the owner's tap
sequence, the manner in which the fraudulent user holds the card
(for example, after successfully creating a false biometric
acceptance), and his/her tapping mannerisms will also create a
different resonance.
[0052] The smartcard may comprise a biometric sensor, such as a
fingerprint sensor, which is preferably embedded into the card.
With this feature the authorised user may initially enrol their
fingerprint onto the actual card, and may then be required to place
their finger or thumb on the fingerprint sensor in order to
authorise some or all uses of the card. A fingerprint matching
algorithm on the processor may be used to identify a fingerprint
match between an enrolled user and a fingerprint sensed by the
fingerprint sensor.
[0053] A biometric sensor may be used to activate subsequent
control of the card by movements, or to activate features denoted
as higher security, such as a payment or withdrawal with a
payment/bank card, or access to more secure areas when the
smartcard is an access card. A biometric authorisation may be
required in addition to a movement of the card in order to complete
a more secure operation.
[0054] In some cases a biometric authorisation may fail or may not
be possible. For example in the case of a fingerprint sensor the
user's fingerprints may be damaged by injury, or covered up. The
sensor may also be damaged or might otherwise be inoperable. In
this case the smartcard may advantageously allow for a pre-set, and
preferably complex, movement acting as a back-up for biometric
authorisation. The complex movement may be a motion sequence that
includes two or more movements, for example three, four or five
movements such as rotations, translations and so on. Preferably the
pre-set movement is user defined and hence may be unique to the
user.
[0055] A situation that can arise with some forms of biometric
sensors and fingerprint sensors in particular is a failure to
enrol. This is a fundamental issue with a small percentage of the
population, who have fingerprints or other biometric
characteristics that for some reason cannot be registered using the
known biometric sensors. For fingerprints such failures are usually
caused by missing or weak characteristics, such as missing fingers,
faint fingerprints as well as damaged fingers. A system providing
an alternative to biometric enrolment would also allow the use of
biometric cards by those users who would just rather not have their
biometric details recorded. The movement sensed by the
accelerometer can be used as a non-biometric alternative for a
biometric card so that people can still access the system or
service without using the biometric system. In this case, a
smartcard including a biometric sensor as well as the accelerometer
may be provided with the ability to enrol via movements sensed by
the accelerometer as an alternative to biometric data. The user may
set a movement or sequence of movements for authorisation of the
use of the card, such as a complex movement of the type discussed
above. This may be the sole purpose of the sensed movements and/or
sensed movements may also be used for changing the card between
further different operating modes.
[0056] Viewed from a fifth aspect, which is not presently claimed,
the invention provides a method for controlling a smartcard, the
smartcard comprising a processor for controlling operation of the
smartcard and an accelerometer for sensing movements of the
smartcard, wherein the method comprises detecting movements of the
smartcard using the accelerometer and the processor, and switching
between different modes of multiple operating modes of the
smartcard in response to the detected movements.
[0057] The method may include use of a smartcard with features as
discussed above in relation to the first aspect or the fourth
aspect. The detected movements may be as discussed above and/or the
operating modes may be as discussed above.
[0058] The method may include allowing the user to specify which
movements (including combinations of movements) should activate
particular operating modes.
[0059] The smartcard may comprise a biometric sensor, such as a
fingerprint sensor, which is preferably embedded into the card. The
method may include using the biometric sensor may be used to
activate subsequent control of the card by movements, or to
activate features denoted as higher security, such as a payment or
withdrawal with a payment/bank card, or access to more secure areas
when the smartcard is an access card.
[0060] The method may comprise authenticating the identity of a
bearer of a smartcard using a biometric sensor embedded within the
smartcard and enabling movement activated interaction of the user
with the card only after their identity has been authenticated. The
movement activated interaction with the card may be enabled for a
set period after biometric authentication, for example a period of
hours or days. In this way the user can access the features of the
card without continued re-authentication, but with the benefit of
the enhanced security provided by the use of biometrics.
[0061] The method may include the use of a sequence of movements in
place of biometric authorisation, for example to allow for use of
some or all operating modes of the card when biometric
authorisation fails, or to allow for enrolment without using the
biometric sensor.
[0062] The invention may also include a method of manufacturing a
smartcard. This may consist of providing features as in the first
aspect or the fourth aspect. The manufacturing method may also
include providing any or all of the optional features discussed
above. The method may include programming the processor to function
as discussed above. To enhance the distinctions in vibrational
patterns and hence allow for greater differences in accelerometer
output between cards manufactured using the same process that are
exposed to identical movements, then the manufacturing method may
include varying the location of the accelerometer and/or adding
mass/stiffness elements with differing characteristics and/or at
differing locations to the cards so that each individual card has a
unique vibration pattern. The method may optionally include adding
a mass and/or stiffness element to the card, for example on a
circuit board of the card, with the mass and/or stiffness element
being selected from a set of elements with differing mass and/or
stiffness characteristics. This allows for the added mass and/or
stiffness element to be placed at the same location, which can
allow for easier manufacture, whilst ensuring variable effects on
the movement of the card since the mass and/or stiffness of the
added element will vary. Alternatively or additionally a mass
and/or stiffness element may be added to the card at a location
that varies for each card. This could use an identical mass and/or
stiffness element for each card, or the mass and/or stiffness
element being selected from a set of elements with differing mass
and/or stiffness characteristics.
[0063] In yet a further aspect, the present invention may also
provide a computer programme product comprising instructions that,
when executed on a processor in a smartcard as described above,
will cause the processor to identify movements of the smartcard
based on the output from the accelerometer, and to switch between
different modes of multiple operating modes of the smartcard in
response to the detected movements. The instructions may be
arranged to cause the processor to operate in accordance with any
or all of the optional and preferred features discussed above.
[0064] Certain preferred embodiments on the present invention will
now be described in greater detail, by way of example only and with
reference to the accompanying drawings, in which:
[0065] FIG. 1 illustrates a circuit for a smartcard with a
fingerprint sensor;
[0066] FIG. 2 illustrates a first embodiment of the smartcard
including an external housing; and
[0067] FIG. 3 illustrates a second embodiment of the smartcard
which has been laminated.
[0068] By way of example the invention is described in the context
of a fingerprint authorised smartcard that includes contactless
technology and uses power harvested from the card reader. These
features are envisaged to be advantageous features of one
application of the proposed fingerprint failure feature, but are
not seen as essential features. The smartcard may hence
alternatively use a physical contact and/or include a battery
providing internal power, for example. The fingerprint failure
feature can also be implemented with appropriate modifications in
any other device or system that uses fingerprint authorisation.
[0069] FIG. 1 shows the architecture of a smartcard 102 that is
provided with the proposed fingerprint failure feature. A powered
card reader 104 transmits a signal via an antenna 106. The signal
is typically 13.56 MHz for MIFARE.RTM. and DESFire.RTM. systems,
manufactured by NXP Semiconductors, but may be 125 kHz for lower
frequency PROX.RTM. products, manufactured by HID Global Corp. This
signal is received by an antenna 108 of the smartcard 102,
comprising a tuned coil and capacitor, and then passed to a
communication chip 110. The received signal is rectified by a
bridge rectifier 112, and the DC output of the rectifier 112 is
provided to processor 114 that controls the messaging from the
communication chip 110.
[0070] A control signal output from the processor 114 controls a
field effect transistor 116 that is connected across the antenna
108. By switching on and off the transistor 116, a signal can be
transmitted by the smartcard 102 and decoded by suitable control
circuits 118 in the sensor 104. This type of signalling is known as
backscatter modulation and is characterised by the fact that the
sensor 104 is used to power the return message to itself.
[0071] An accelerometer 16, which is an optional feature, is
connected in an appropriate way to the processor 114. The
accelerometer 16 can be a Tri-axis Digital Accelerometer as
provided by Kionix, Inc. of Ithaca, N.Y., USA and in this example
it is the Kionix KXCJB-1041 accelerometer. The accelerometer senses
movements of the card and provides an output signal to the
processor 114, which is arranged to detect and identify movements
that are associated with required operating modes on the card as
discussed below. The accelerometer 16 may be used only when power
is being harvested from the powered card reader 104, or
alternatively the smartcard 102 may be additionally provided with a
battery (not shown in the Figures) allowing for the accelerometer
16, and also the related functionalities of the processor 114 and
other features of the device to be used at any time.
[0072] The smartcard further includes a fingerprint authentication
engine 120 including a fingerprint processor 128 and a fingerprint
sensor 130. This allows for enrolment and authorisation via
fingerprint identification. The fingerprint processor 128 and the
processor 114 that controls the communication chip 110 together
form a control system for the device. The two processors could in
fact be implemented as software modules on the same hardware,
although separate hardware could also be used. As with the
accelerometer 16 (where present) the fingerprint sensor 130 may be
used only when power is being harvested from the powered card
reader 104, or alternatively the smartcard 102 may be additionally
provided with a battery (not shown in the Figures) allowing power
to be provided at any time for the fingerprint sensor 130 and
fingerprint processor 128, as well as the processor 114 and other
features of the device.
[0073] The antenna 108 comprises a tuned circuit including an
induction coil and a capacitor, which are tuned to receive an RF
signal from the card reader 104. When exposed to the excitation
field generated by the sensor 104, a voltage is induced across the
antenna 108.
[0074] The antenna 108 has first and second end output lines 122,
124, one at each end of the antenna 108. The output lines of the
antenna 108 are connected to the fingerprint authentication engine
120 to provide power to the fingerprint authentication engine 120.
In this arrangement, a rectifier 126 is provided to rectify the AC
voltage received by the antenna 108. The rectified DC voltage is
smoothed using a smoothing capacitor and then supplied to the
fingerprint authentication engine 120.
[0075] The fingerprint sensor 130 of the fingerprint authorisation
engine, which can be an area fingerprint sensor 130, may be mounted
on a card housing 134 as shown in FIG. 2 or fitted so as to be
exposed from a laminated card body 140 as shown in FIG. 3. The card
housing 134 or the laminated body 140 encases all of the components
of FIG. 1, and is sized similarly to conventional smartcards. The
fingerprint authentication engine 120 is passive, and hence is
powered only by the voltage output from the antenna 108. The
processor 128 comprises a microprocessor that is chosen to be of
very low power and very high speed, so as to be able to perform
fingerprint matching in a reasonable time.
[0076] The fingerprint authentication engine 120 is arranged to
scan a finger or thumb presented to the fingerprint sensor 130 and
to compare the scanned fingerprint of the finger or thumb to
pre-stored fingerprint data using the processor 128. A
determination is then made as to whether the scanned fingerprint
matches the pre-stored fingerprint data. In a preferred embodiment,
the time required for capturing a fingerprint image and
authenticating the bearer of the card 102 is less than one
second.
[0077] If a fingerprint match is determined and/or if appropriate
movements are detected via the accelerometer 16, then the processor
takes appropriate action depending on its programming. In this
example the fingerprint authorisation process is used to authorise
the use of the smartcard 104 with the contactless card reader 104.
Thus, the communication chip 110 is authorised to transmit a signal
to the card reader 104 when a fingerprint match is made. The
communication chip 110 transmits the signal by backscatter
modulation, in the same manner as the conventional communication
chip 110. The card may provide an indication of successful
authorisation using a suitable indicator, such as a first LED
136.
[0078] The fingerprint processor 128 and the processor 114 can
receive an indication of a non-fingerprint interaction with the
fingerprint sensor 130, which can include any action detectable via
the fingerprint sensor 130 as discussed above. The interaction of
the user with the card via the fingerprint sensor 130 are used as a
part of a non-fingerprint authorisation and also may be used to
allow the user to control the smartcard by switching between
different operating modes of the smartcard.
[0079] In some circumstances, the owner of the fingerprint
smartcard 102 may suffer an injury resulting in damage to the
finger that has been enrolled on the card 102. This damage might,
for example, be a scar on the part of the finger that is being
evaluated. Such damage can mean that the owner will not be
authorised by the card 102 since a fingerprint match is not made.
In this event the processor 114 may prompt the user for a back-up
identification/authorisation check via an alternative interaction
with the smartcard 102, which in this case includes one or more
action(s) detected via the fingerprint sensor 130 and also
optionally actions detected via other sensors, such as the
accelerometer 16. The card may prompt the user to use a back-up
identification/authorisation using a suitable indicator, such as a
second LED 138. It is preferred for the non-fingerprint
authorisation to require a sequence of interactions with the card
by the user, this sequence being pre-set by the user. The pre-set
sequence for non-fingerprint authorisation may be set when the user
enrols with the card 102. The user can hence have a non-fingerprint
authorisation in the form of a "password" entered using
non-fingerprint interactions with the card to be used in the event
that the fingerprint authorisation fails. The same type of
non-fingerprint authorisation can be used in the event that a user
is unable or unwilling to enrol with the card 102 via the
fingerprint sensor 130.
[0080] Thus, as well as allowing communication via the circuit 110
with the card reader 104 in response to a fingerprint authorisation
via the fingerprint sensor 130 and fingerprint processor 128 the
processor 114 may also be arranged to allow such communication in
response to a non-fingerprint authorisation.
[0081] When a non-fingerprint authorisation is used the card 102
could be arranged to be used as normal, or it could be provided
with a degraded mode in which fewer operating modes or fewer
features of the card 102 are enabled. For example, if the smartcard
102 can act as a bank card then the non-fingerprint authorisation
might allow for transactions with a maximum spending limit lower
than the usual maximum limit for the card 102.
[0082] The processor 114 receives the output from the accelerometer
16 and this allows the processor 114 to determine what movements of
the smart card 102 have been made. The processor 114 identifies
pre-set movements and other actions of the user that are linked
with required changes to the operating mode of the smartcard. As
discussed above, the movements may include any type of or
combination of rotation, translation, acceleration, impulse and
other movements detectable by the accelerometer 16. The other
actions of the user may include actions detected via the
fingerprint sensor, such as taps, swipes and so on as discussed
above.
[0083] The operating modes that the processor 114 activates or
switches to in response to an identified movement associated with
the required change in operating mode may include any mode of
operation as discussed above, including turning the card on or off,
activating secure aspects of the card 102 such as contactless
payment, or changing the basic functionality of the card 102 for
example by switching between operating as an access card, a payment
card, a transportation smartcard, switching between different
accounts of the same type (e.g. two bank accounts), switching
between communications protocols (such as blue tooth, wifi, NFC)
and/or activating a communication protocol, activating a display
such as an LCD or LED display, obtaining an output from the
smartcard 102, such as a one-time-password or the like, or
prompting the card 102 to automatically perform a standard
operation of the smartcard 102.
[0084] The processor 114 has an enrolment mode, which may be
activated upon first use of the smartcard 102. In the enrolment
mode the user is prompted to enrol their fingerprint data via the
fingerprint sensor 130. This can require a repeated scan of the
fingerprint via the fingerprint sensor 130 so that the fingerprint
processor 128 can build up appropriate fingerprint data, such as a
fingerprint template. After a successful or an unsuccessful
enrolment of fingerprint data the user is prompted to enter a
non-fingerprint authorisation. This could be optional in the case
of a successful fingerprint enrolment, or compulsory if the
fingerprint enrolment was not successful. The non-fingerprint
authorisation includes a sequence of interactions with the
smartcard 102 including at least one action by the user that is
detected via the fingerprint sensor 130. The processor 114 can keep
a record of these interactions in a memory, and it is arranged to
provide at least partial authorisation to use the functions of the
card in the event that the non-fingerprint authorisation is
provided by the user.
[0085] The processor 114 can have a learn mode to allow for the
user to specify which actions (including combinations of
actions/interactions) should activate particular operating modes
whilst the smartcard 102 is in use. This type of control of the
smartcard 102 might be enabled only after a successful fingerprint
or non-fingerprint authorisation. In the learn mode the processor
114 prompts the user to make the desired sequence of actions, and
to repeat the movements for a predetermined set of times. These
movements are then allocated to the required operating mode or to
the non-fingerprint authorisation. With this latter feature the
learn mode can allow for the sequence of movements used for the
non-fingerprint authorisation to be changed by the user in the same
way that a traditional PIN can be changed.
* * * * *