JP4999193B2 - Portable device with fingerprint authentication function - Google Patents

Description

The present invention is widely used for settlement of bank cards, credit cards, electronic money cards, transportation pass cards for restricting boarding / exiting with high value-added functions, etc., as well as employee keys with car keys and key functions. The present invention relates to a portable device such as a card shape that is used as a transaction means or an access control means on a daily basis.

Card-type portable devices that are carried by the person on a daily basis as a means of settlement, transaction, and access control increase in added value due to an increase in services, while the owner is a legitimate person (who has authority to use). As a method of confirming whether or not there is, other than confirmation by having the portable device, determination by provision of a signature, provision of a personal identification number, confirmation of a face photograph printed on a card device, etc. .

However, in the case of non-contact cards, which are generally popular, a technique called skimming is used to illegally use a newly forged card because the personal information in the card and the personal identification number can be easily read by a third party. There are many crimes to be done. Keys that can control the opening and closing of car doors by wireless communication means are also popular because of their convenience, but from the viewpoint of convenience, they do not have a means for discriminating the proper owner of the key itself, and the opening and closing control is not provided. There is no denying the danger of car stealing through signal interception and analysis.

Hereinafter, an IC card (portable device) such as a credit card used in a financial service terminal such as a CD (cash dispenser) terminal device or ATM terminal device installed in a bank or a convenience store related to the present invention. The transmission / reception means with the terminal device will be described below as an example.

To use the financial service terminal, a user visiting the installation location operates the operation panel of the financial service terminal, selects a transaction type, inserts the device (credit card) into a predetermined insertion slot of the financial service terminal, After the confirmation of the PIN, it covers transactions such as balance inquiry and cash withdrawal. After the transaction ends, the card device is ejected from the card insertion slot of the financial service terminal and returned to the owner. During this transaction, communication as shown in FIG. 1 is performed between the IC card and the financial service terminal.

That is, first, when the IC card 1 is inserted into the terminal device 2, whether or not it is a legitimate card device that can be traded with the terminal device 2 is confirmed with the terminal device as follows. . First, a challenge code 11 (for example, a random number) is generated from the card device 1 and transmitted to the terminal device 2. The terminal device 2 encrypts 21 the authentication key 22 held together with the challenge code 11 received, and transmits the result (response 23) to the IC card 1.

This encrypted data is decrypted 15 in the IC card 1. This decryption 15 is possible only by having the same encryption system (21, 15) as the terminal device and knowing the challenge code 11 generated by itself.

This response 23 is decrypted 15 and verified 12 with the authentication key held in its own device (IC card 1).

In accordance with the data confidentiality method using the same challenge 11 / response 23, the password number 24 key-entered from the operation panel of the terminal device is collated 16 with the password number 13 recorded on the IC card 1 to match the password number. Confidential data 14 such as personal information and transaction history recorded in the IC card 1 is sent to the terminal device 2 at the time of confirmation.

Such a series of communication procedures is defined as a procedure (called a protocol) different for each service organization such as a bank association, a railway network, and a Juki network, and is treated as the most important secret.

On the other hand, FIG. 2 is a block diagram showing an example of the internal configuration of an IC card device 3 that is currently generally used. As can be seen from this figure, the internal configuration of the IC card device 3 has the same function as a general computer. That is, an operating system (OS) and a program adjusted exclusively for the card are stored in the ROM 31, expanded in the RAM 32 in an operating state, and sequentially processed by the CPU 36. The previous encryption system (encryption 21 and decryption 15) is implemented by the encryption process 37. Generation of the necessary challenge code 11 (random number) is also realized in the cryptographic process 37.

An authentication key 22 for confirming that the terminal device 2 belongs to the same service and a personal identification number 13 for identifying the owner are recorded in a rewritable memory (EEPROM 34). The non-volatile memory 33 and the rewritable memory (EEPROM 34) have the same apparent function, but are generally distinguished in terms of security handling.

As an example of the operation, the password confirmation operation described with reference to FIG. 1 will be described with reference to the block configuration of FIG. First, the code number 24 encrypted from the terminal device 2 is received through the input / output device (I / O device) 35 and sent to the CPU 36 (refer to the dotted line in the figure). The CPU 36 sends the received personal identification number to the encryption process 37 and combines it with the personal identification number stored in the EEPROM 34.

In the case of a contact type IC card, the input / output device (I / O device 35) is controlled via 8 terminals exposed on the card surface, and in the case of a non-contact type IC card, it is embedded in the inside of the card. It is connected to the antenna circuit and takes charge of control. Two of the eight terminals of the contact IC card are responsible for power supply, and in the case of a non-contact IC card, an induced electromotive force generated in the internal antenna by a magnetic field generated from the terminal device is used.

The important point to note here is that once the power is supplied to any type of IC card, all the functions of the device enter the ON state, that is, the operating state, and start a series of operations. Considering the above-described communication procedure including the authentication key 22 for the security measure, the personal identification number 13 and the encryption system, all data except the challenge code 11 (random number) is recorded on the IC card and is unique data. That is, once the authentication key 22 and the password 13 are stolen, there is no change method other than reissuing the IC card. In other words, there is no countermeasure if the communication data is intercepted after understanding the outline of the communication procedure (protocol).

In recent years, the non-contact type IC card data stealing called skimming, which has become a problem, is illegally using a small terminal device that emits a magnetic field to supply power to the IC card in crowds such as in crowded trains. This is performed using a method in which the IC card is activated and the data is read within a short time. The stolen data is written on an unused IC card called a white card, and the IC card pretending to be a victim is freely used illegally.

In this case, as long as the challenge code 11 (random number) issued at the start of the protocol can be received by an illegal small terminal, trying a plurality of trials and errors is not possible for recent high-speed commercial CPUs. is there. Furthermore, the communication procedure specific to the service associated with the IC card can be easily clarified by obtaining and analyzing the IC card issued by a malicious third party through a legitimate procedure. Therefore, the above-described multiple trials and errors can be performed by simple operations that sequentially try communication procedures corresponding to several types of services.

As mentioned above, IC cards are devices that have the same configuration and functions as computer functions, and the fact that they operate when power is turned on is the biggest pitfall (security hole) for ensuring safety. Yes.

In the case of a car key that controls the opening and closing of the door by wireless communication that cannot confirm the PIN code in operation, it depends on the verification verification of only the authentication key, and it must be said that the system is even more vulnerable in terms of safety. I don't get it.

In addition, in the case of employee ID cards (currently mainly using IC cards) that are now used in corporate offices and factories, the above-mentioned communication is used because a commercially available terminal is used for access control of entry / exit. The procedure uses a well-known protocol.

Furthermore, the actual situation is that the input operation of the personal identification number used in combination is at risk of a third party's snooping.

On the other hand, the convenience of controlling all entrances and exits on the premises by the employee ID card, on the other hand, must be suspected to be more effective than deterrence in preventing the risk of theft of confidential corporate information.
However, a card-type portable device that is carried by the person on a daily basis as a means of settlement, transaction, or access control increases the added value due to an increase in services, while the owner is a legitimate person (who has authority to use it). In addition to confirming that you have the portable device, you can make a decision by providing a signature, providing a personal identification number, confirming a face photo printed on the card device, etc. Stop on.

The present invention has been made in view of the above, and its purpose is to confirm whether the owner of a device used as a settlement, transaction means or access control means is a legitimate person (a person who has authority to use). The purpose is to ensure the operation and to realize the operation without impairing the convenience.

The present invention is a portable device that operates by transmitting / receiving to / from a terminal device, the device transmitting / receiving to / from the terminal device, fingerprint reading, fingerprint authentication of a read fingerprint, fingerprint authentication Provided with a means to exempt fingerprint authentication for a predetermined time after success, and when transmission / reception with the terminal device is activated only when it is confirmed that the user is a legitimate owner by successful fingerprint authentication, after the above-mentioned authentication exemption time elapses The present invention provides a portable device equipped with a fingerprint authentication function for inactivating a transmission / reception means.

Specifically, fingerprint reading, fingerprint authentication of the read fingerprint, means for exempting fingerprint authentication for a predetermined time after successful fingerprint authentication are always in operation, and means for transmitting and receiving with the terminal device is inactive, Only when it is confirmed that the user is a legitimate owner by successful fingerprint authentication, the transmission / reception with the terminal device is put into an operating state, and the transmission / reception means is inactivated after the authentication exemption time has elapsed.

Since the present invention is configured as described above, the original function of a portable device such as an IC card is lost before fingerprint authentication by a legitimate owner, and therefore, it is used for a crime by a malicious third party. At the same time, after the fingerprint authentication is performed, the convenience inherent to the conventional portable device is not impaired by setting an appropriate exemption time.

A portable device that operates by transmitting / receiving to / from a terminal device, the device transmitting / receiving to / from the terminal device, and reading a fingerprint, fingerprint authentication of a read fingerprint, and predetermined authentication after successful fingerprint authentication It is provided with means for exempting time fingerprint authentication, and only when it is confirmed that the owner is a valid owner due to successful fingerprint authentication, the transmission / reception means with the terminal device is put into operation, and the transmission / reception means is disabled after the above-mentioned authentication exemption time has elapsed. A portable device equipped with a fingerprint authentication function, wherein the portable device is activated.

An embodiment in the case of the IC card device 5 to which the present invention is applied will be described with reference to FIG.

51 is a fingerprint reading unit having a fingerprint detection function, 53 is a means for transmitting / receiving to / from the terminal device, and a CMPU (Card Micro Processing Unit) incorporating a transmitting / receiving mechanism with the terminal device 2 as in 3 of FIG. It consists of a one-chip IC called.

Reference numeral 56 denotes a fingerprint reading, fingerprint authentication of a read fingerprint, and means for exempting fingerprint authentication for a predetermined time after successful fingerprint authentication, which is configured by a one-chip IC called ASIC (Application Specific Integrated Circuit) 56, and 58 is a registered fingerprint. This is a recording device for information 58a and fingerprint exemption time 58b.

As for the operation of the apparatus, the power supply 4 is supplied from the terminal device 2 to the I / O device 35 in the CMPU 53, and when the power supply 4 is supplied, the I / O device 35 starts the CPU 36 in the CMPU 53 and at the same time. A power supply 54 is supplied to the ASIC 56, which is a dedicated IC for realizing the contents.

The ASIC 56 is a fingerprint collation means 57, specifically fingerprint image collection 57a, image processing 57b after fingerprint reading is completed, fingerprint characteristics are extracted 57c, collation 57d with the fingerprint information 58 of the registered owner, and after collation is completed. Timing 57e is performed.

At this time, the CPU 36 waits until an ON / OFF control signal 55 that is an operation permission signal (referred to as a normal enable signal) from the ASIC 56 arrives, and does not proceed to the above-described original processing.

When the ASIC 56 detects that the owner places a finger on the fingerprint reading sensor 51, fingerprint image collection 57a is started, image processing 57b after fingerprint reading is completed, fingerprint features 57c are extracted, and then registered in advance. The collation 57d with the fingerprint information 58a of the owner is performed.

When the verification 57d is confirmed to be successful, the time counting control 57e in the ASIC 56 starts measuring the fingerprint authentication exemption time, and displays an indicator (display means) 52 for notifying the owner that the IC card is in an ON state, that is, activated. After the light is turned on, the processing start (ON state start) signal 55 inherent to the apparatus is notified to the CMPU 53.

At this point, the challenge code (random number) shown at 11 in FIG. 1 is generated for the first time, and normal communication with the terminal device begins.

When the terminal device disconnects the IC card from the terminal device upon completion of the series of procedures shown in FIG. 1, a termination signal is sent to the I / O device 35 of the CMPU 53, and the CMPU 53 terminates the processing and turns off. to go into.

In addition, when communicating confirmation that the user of the device is a legitimate owner to the transmission / reception means with the terminal device, an encryption function is provided so that the communication content is not known to a third party. You may do it.

On the other hand, in the time counting control 57e, the fingerprint exemption time 58b is read and the elapsed time is compared with the fingerprint exemption time 57e and monitored so as not to elapse.

When the fingerprint exemption time 57e elapses, it may be assumed that the process of the CMPU 53 is forcibly terminated by sending a control signal for turning the CMPU 53 off from the ASIC 56 side.

For example, when the fingerprint exemption time 58e has elapsed, for example, when the fingerprint reading 57a is not responded for a long time, when the fingerprint collation 57d fails, or when a malicious third party sees information or sees confidential information (authentication key or password). A trial and error is assumed.

As described above, even if power is supplied to the IC card so that the owner does not notice it by the above skimming, it does not respond to communication with a fake terminal device. The IC card to which the invention is applied does not have to worry about communication.

The same applies to the case of a car key or access control using an employee ID card, and it does not proceed to the original processing as a device until a valid owner is confirmed by fingerprint authentication.

In the case of car keys, the fingerprint authentication exemption time is set based on the time interval until the engine starts after the door is opened and closed, and the convenience of the owner is obtained through multiple fingerprint authentications. It is possible to minimize the damage.

In addition, in the entrance / exit management of multiple locations in the office of a company or factory, if the fingerprint authentication exemption time of the device once fingerprint-authenticated is defined as, for example, within working hours, one fingerprint authentication is performed at the time of leaving the office. After the implementation, the function of the conventional employee ID card is maintained in the ON state. In other words, if it is in the premises of an office or factory, fingerprint authentication is performed with a mechanism that allows entry / exit checking by holding the employee card in the ON state over the terminal that controls the opening and closing of the door of the room where access is controlled. There is no need to repeat.

On the other hand, when going out from the premises, it is normal to leave or go out with an employee ID card over the entrance / exit management terminal that manages the opening and closing of the gate, for example for attendance management and safety management of the remainder. In this case, when the employee card once turned on is held over the management terminal, the management terminal senses that it goes out from the gate, communicates with the CMPU 53 of the employee card, and resets the timing control unit 57e. The function can be turned off.

Further, as an auxiliary power source 59 indicated by a dotted line in FIG. 3, a function such as a battery is provided inside the apparatus, and only the fingerprint sensor 51 and the ASIC 56 are always in an operating state, fingerprint authentication is performed in advance, and the CMPU 53 is turned on in advance. By setting the authentication exemption time to a long time, the IC card is put in an operating state in advance without waiting for the power supply 4 from the terminal device side to the device, for example, the IC card is inserted into the insertion slot of the financial service terminal In this case, it is not necessary to modify the terminal device, and the conventional terminal device can be used as it is even after the IC card of the present invention is adopted.

In short, according to the present invention, it is possible to provide a portable device such as an IC card which is not used for a crime by a malicious third party without impairing the original convenience of the device.

Is a flowchart for explaining a communication procedure between a conventional IC card device and a terminal device Is a block diagram showing the configuration of a conventional IC card device FIG. 2 is a block diagram and processing diagram showing the configuration of an IC card device according to the present invention.

Claims (1)

A portable device that performs its purpose by transmitting and receiving data to and from a plurality of terminal devices arranged in a predetermined site, and the device transmits data between the terminal devices. Fingerprint authentication is performed by collating the fingerprint information read by the sensor, the means for transmitting and receiving, the fingerprint reading sensor, the means for registering and storing the fingerprint information of the legitimate owner, and the fingerprint information of the legitimate owner registered. Means to send and receive data to and from the terminal device in an inactive state at normal times, and to enable data sending and receiving to and from the terminal device only when fingerprint authentication is successful as a result of collation In a portable device equipped with a fingerprint authentication function, after setting a time for exempting fingerprint authentication for a predetermined time, and providing a means for storing the exemption time and a timing control unit for controlling the exemption time, after successful fingerprint authentication Within the fingerprint authentication exemption time, without sending fingerprint authentication, data transmission / reception with the terminal device can be operated any number of times, and after the authentication exemption time has passed, data transmission / reception with the terminal device is inactive And when it goes out of the predetermined site, it communicates with the terminal device that manages the opening and closing of the gate of the site even during the fingerprint authentication exemption time, A portable device equipped with a fingerprint authentication function, wherein the remaining exemption time recorded on the terminal device is reset to return data transmission / reception to / from the terminal device to an inactive state .

Images