Biometric Transponder System Field of invention
The invention relates to the field of remote control systems.
Background
Presently, a biometric device controlling access to premises or to data requires use of a biometric authentication device coupled to the premises or the source of data. The authentication technology may be fingerprint recognition, IRIS, voice recognition or the like. Upon identification of a person as an authorised entrant, the biometric device will unlock or open the entrance for the person. Such biometric authentication is desirable because every person has a unique biometric identity. This offers better security than systems based on mere password or magnetic card authentication, as a password or a magnetic card may be stolen but biometric data has to be obtained from the authorised entrant in his physical presence.
Such biometric authentication device is always coupled to the premises by being hardwired to the premises' entrance. The near location of the authentication device to the premises is necessary, as having it otherwise would make little security sense; an authorised person could open an access to the premises at a distance only to risk an unauthorised person slipping in to the premises first. Thus, if a person is to have biometric-based access to several premises, each of these premises must be installed with a biometric sensor. However, to implement a biometric reader at every one of a plurality of premises results in multiplied costs.
Biometric authentication systems suffer from further disadvantages. For example, if the person has his finger used for authentication badly scratched, injured or bandaged (or is suffering from a loss of voice, etc.), the biometric authentication system cannot authenticate the person.
Furthermore, in a biometric authentication device, a biometrics reader/scanner has to be physically accessible to the person to be authenticated. In other words, a biometric detector must be readily accessible if the protected premises is to be selectively accessible. For example, a fingerprint reader must be available by the entrance to the premises to read the entrant's fingerprint. Other techniques of biometric identification such as IRIS or voice recognition also require detectors to be within reach of the entrant. However, as the biometric detector is necessarily exposed for human contact, the biometric detector is exposed to vandalism or environmental wear and tear. For example, the lens of a fingerprint scanner may be scratched.
Therefore, it is desirable to have a biometric authentication system that allows access to a premises and which overcomes the problems as mentioned above. For example, the new system, or method, should not be as subjected to vandalism as the prior art. Furthermore, it should be a less costly method of offering biometric-based permission to enter a plurality of premises. Furthermore, where the entrant's biometric identity is not useable due to injury, for example, a badly scratched finger, it should have a way of re-registering the person's identify, e.g. by recording the print of another finger, easily.
Statements of Invention
In general terms, the invention provides a portable biometric authentication device. The portable biometric authentication device providing a one-to-many application wherein one portable biometrics authentication device wireless allows access to a plurality of premises.
In a first aspect, the invention provides a biometric authentication system comprising a portable biometric reading device for reading a biometric identity of a user, a plurality of base devices in wireless communication with said biometric reading device, an authentication means for receiving the biometric identity from the biometric reading device and outputting an authentication result to at least one of said base devices wherein on receipt of said result, the at least one base device perform a pre-determined action, said action determined by the result.
The wireless communication can be RF signals, sound waves, IR, the likes or any combination thereof. Therefore, the invention provides a possible advantage wherein the biometric reader is physically detached from a plurality of base devices, instead of being hardwire thereto, and is useable to authenticate access to a plurality of base devices. When a. user's biometric identity is authenticated by the portable biometric authentication device, and the authentication is communicated to any of the base devices, the base device is activated to perform an operation, for example, to unlock doors. This leads to reduced costs as only one portable biometric authentication device is needed to activate any one of a plurality of base devices.
As wireless communication may pass through physical barriers, a base device may be installed at a premises and yet may be protectively shielded from wear and vandalism without compromising its accessibility, thus lengthening the life span of the base device. The base device may even be hidden from sight for security reasons.
The invention may provide the possibility of authorising and monitoring access to a physical premises, such as a room or a vehicle. Alternatively, the invention may monitor authorised access to a data source, such as a computer.
In one embodiment, the biometric identity of a user may be authenticated by an authentication routine inside the portable biometric authentication device, before permission is sent from the portable biometric authentication device to any of the base devices. This provide a possible advantage that if the portable biometric authentication device is lost and retrieved by an unauthorised person, the unauthorised person cannot activate the base devices as his biometrics identity cannot be authorised. The authorised user need only configure another portable biometric authentication device to gain entry to one of the protected premises.
In another embodiment, the biometric identity of a user may be authenticated by an authentication routine inside each of the base devices. This provides an advantage that if the portable biometric authentication device is lost, the authorised person may use a replacement portable biometric authentication device to activate any of the base devices without needing to configure the replacement portable biometric authentication device, as his authentication information is within the base devices.
In another embodiment, the portable biometric authentication device may be further incorporated with an RFID system. In this embodiment, access to low security premises may be automatically allowed by mere detection of the transponder which already has its own identity, and biometric authentication is required only for accessing premises requiring tighter security. This applies to typical office environments wherein access to main entrance is open by use of a transponder card, whereas access to more secure area such as computer room is limited to certain personnel via use of biometric device. In yet another embodiment, the portable biometric authentication device may further comprises a password authentication means as an alternative to the biometric authentication. This provides a possible advantage of the user having a password access if his. biometric identity is temporarily unusable, such as when his finger is scarred or if the biometric scanner is defaced.
In yet another embodiment, the password may be required despite positive biometric authentication, leading to a further layer of security.
In yet a further embodiment, the password authentication may be activated when authentication of a user's biometric identity is negative.
In yet another embodiment, the portable biometric authentication device may cause the base devices to operate an alarm when authentication of a user's identity fails after one or more attempts.
In yet another embodiment, the portable biometric authentication device may have a movable cover which protects the portable biometric authentication device from wear and tear when closed over the biometric sensor, and allows the biometric sensor to be accessed when opened.
In yet another embodiment, the biometric sensor may have a sleep mode which is activated after an period of non-activity. This provides an energy saving advantage. Optionally, the sensor may only be activated by signals sent from the base device when the device is within distance of 1 metre from the base device.
In yet another embodiment, biometric registration for a user may be performed remotely via the portable biometric authentication device. This provides convenience, ease and, to a certain extent, secrecy, as a person need not stand next to the base device to register himself with the base device.
In yet another embodiment, the transmission from the portable biometric authentication device to any of the base devices may be via code hopping or encryption, to be decrypted by the recipient base device.
In yet another embodiment, both the base devices and the portable biometric authentication device may perform a 2-way authentication of an encrypted biometric identity of the user. This adds a further level of security which prevents hacking into the embodiment to obtain the authorised user's biometric identity.
In a second aspect, the invention provides a portable device comprising an RFID transponder; and a biometric reader module; wherein the RFID transponder is useable for identification of the portable device, the biometric reader module is useable for authentication of the owner of the portable device by biometric authentication and the biometric reader is a sleep mode until the RFID transponder is interrogated by RFID signals. An embodiment of the second aspect of the invention may provide an advantage of selective level of security and configurable access to a plurality of premises or data using one portable device.
The invention in the second aspect may also provide an advantage in which, in the event the portable device is lost, the portable device may be more easily located by the RFID transponder.
In a further embodiment, password authentication of an authorised person may be required despite positive biometric authentication and the RFID transponder must be one which is registered with the base device, leading to a 3-factor security.
Therefore, in this embodiment, the invention may provide the possible advantage of a key-less security system, such as by RFID auto-unlocking of a premises or a vehicle. Furthermore, remote auto-start of a vehicle may be possible by fingerprint reading.
Brief description of the drawings
Embodiments of the invention will now be described, by way of non-limitative example, with reference to the accompanying drawings, in which:
Figure 1 is an illustration of a portable device which is a part of an embodiment of the present invention;
Figure 2 illustrates how the portable device of Figure 1 is used in an embodiment of the present invention, which allows access to a vehicle and to a room; and
Figure 3 is a schematic of the modules making up the embodiment of Figure 2.
Description
Figure 1 shows a portable biometrics device 110 comprising an RFID transponder 111 incorporated with a biometric sensor module 112.
The portable biometric device 110 corresponds to a base device 120 which comprises an RFID reader 123, i.e. the transponder 111 in the portable biometrics device is registered with an RFID reader 123 in the base device 120, as known in the art of RFID technology. Therefore, the RFID reader 123 in the base device 120 is able to detect the presence of the transponder 111 by RFID when the portable biometric device 110 is brought within a distance of the base device 120.
The base device 120 is pre-programmed to execute operations in response when the RFID reader 123 in the base device detects the transponder 111.
Figure 2 illustrates a system 100 comprising a plurality of base devices 120 and the portable biometric device 110 above-described. The system 100 is used to control access to, in this example, two premises; a vehicle 301 and a landed premises 302 such as a room. In other words, the same transponder 111 may be used in one-to-many applications, wherein access to several premises is permitted by using one portable biometric device 110 and a plurality of base devices 120.
By default, the premises 301 , 302 are locked from access. Each of the premises 301 , 302 is installed with a base device 120 and access to the premises is given when the base device 120 is activated by the portable biometrics device 110 to unlock the premises 301 , 302.
When an authorised user carrying a portable biometric device 110 comes within a certain distance of the first, premises, i.e. the vehicle 301 , the base device 120 in the vehicle 301 picks up the presence of the transponder 111 , at 123b, in the portable biometric device 110 by RFID. The presence of the transponder 111 then triggers the base device 120 to activate a relay 122 to unlock the vehicle 301 , automatically allowing access into the vehicle 301. Thus, as access to the vehicle 301 depends on the base device 120 installed within the vehicle 301 , vandalism or wear and tear to the base device 120 is prevented or reduced.
If the authorised user carrying the portable biometric device 110 does not linger near the vehicle 301 but moves away and the reader 123 no longer detects the presence of the transponder 111 by RFID, the base device 120 will re-lock the vehicle 301 , preferably after a predetermined time has lapsed.
Operations automatically executed by the base device are known herein as Passive Mode operations, as activation does not require user intervention. Thus, the automatic unlocking of the vehicle 301 triggered by the presence of the RFID transponder 111 being within a distance of the base device 120 is a Passive Mode operation.
The portable biometrics device 110 is also capable of mobilising and/or igniting the engine of the vehicle 301. To ignite the engine of the vehicle 301 , the owner of the vehicle 301 has to place his finger on the fingerprint scanner module 112 such that his fingerprint can be captured and authenticated in the portable biometric device 110. Upon positive authentication, the portable biometric device 110 sends a signal to the base device 120, causing the base device 120 to ignite the engine. In other words, the base device 120 is wired to the engine such that it is able to trigger the ignition. In this case, where the operation by the base device 120 is not automatic and user intervention or authentication is required before an operation is executed, the operation is known herein as an Active Mode operation.
Typically, an Active Mode operation is required when automatic triggering of a routine by mere detection of the transponder 111 is undesirable. In general, the Active Mode is used for situations where greater security or safety measures by user intervention are required. Being activated by biometrics recognition, there is no danger of the portable device being accidentally activated to start a vehicle, as may happen in a button-activated wireless key kept in a crowded pocket.
Therefore, access to the vehicle 301 and mobilising/igniting the engine in the vehicle may be protected by different pre-determined security levels, i.e. the engine may be mobilised/ignited only when the biometric identity of the authorised user is authenticated by the portable biometric device 110, while the unlocking of the vehicle for access may be automatic by RFID detection of the . transponder 111.
Similarly, when the authorised user carrying the portable biometrics device 110 approaches the landed premises 302, the base device 120 installed at the landed premises 302 detects the RFID transponder 111 in the portable biometrics device 110. Depending on whether the base device 120 at the landed premise 302 is programmed for high level or casual level security, the base device 120 may either wait for positive biometric authentication of the authorised user by the portable biometrics device 110 before unlocking the premise for entry (Active Mode) or may automatically unlock the entry for access (Passive Mode) on RFID detection of the transponder 111.
Figure 3 is a schematic diagram showing an example operation of the portable biometric device 110 and the base device 120.
The portable biometric device 110 and the base device 120 are, in general, made up of five main modules.
Three of the modules forming the base device 120 are an ultra-high frequency (UHF) module 121 , a base device 122 and a low frequency (LF) RFID reader 123. The base device 122 in the base device 120 further comprises a microcontroller unit (MCU) 122a and a relay/driver module 122b operable by the MCU 122a.
The other two modules, a typical RFID transponder 111 and a biometric sensor, such as a fingerprint scanner module 112, make up the portable biometric device 110. The RFID transponder 111 further comprises a central microcontroller unit (MCU) 111 b, a UHF Transmitter 111 a, an LF Transceiver 111c and a power management circuitry (not shown). The power management circuit, for example batteries, is to provide power for operation of the portable biometric device 110 The fingerprint scanner module 112 may be of a known type which typically comprises a fingerprint sensor for reading fingerprints, a dedicated DSP (Digital Signal Processor) to process and store fingerprint templates, perform registration and authentication, and a flash memory in which fingerprint templates are stored.
RFID technology is known to in the art and thus its operation will not be discussed in detail here. In a nutshell, RFID technology typically operates by using an RFID reader 123 to send out, at 123a, activation or challenge signals via FSK (Frequency Shift Keying) modulation at regular intervals while listening for any response signals, 123b, of the challenge signals from a corresponding transponder 111.
If the transponder 111 is within sufficient distance to pick up the challenge signals, an LF transceiver 111c in the corresponding transponder 111 demodulates the signal by an inductor-capacitor circuit (LC). If the demodulated challenge signal matches with an identity stored in the LF transceiver 111c, the transponder 111 will respond to the challenge signal by activating the MCU 111b in the transponder 111 to transmit a response signal using ASK (Amplitude Shift Keying) modulation via a UHF transmitter 111a.
The use of UHF is to prevent interference with the LF signals used in RFlD. Typically, RFID uses LF signals in the range of 100KHz to 135KHz while the UHF signal is in the range of 430MHz to 440 MHz. Alternative to UHF1 any kind of wireless communication that does not interfere with RFID may be used.
The ASK response signal may then be picked up by the RFID reader 123 in the base device 120 via a UHF receiver 121 , by which the base device 120 knows that the transponder 111 is within a distance. Subsequently, the MCU 122a in the base device 120 may be triggered to execute a pre-programmed operation, such as unlocking and allowing access to a premises 301 , 302.
Typically, an RFID transponder 110 may issue a response signal carrying a unique identification of itself to the RFID reader in the base device 123. Thus, a plurality of transponders 110 may be registered with a single RFID reader 123 for automatic identification of one or more authorised users carrying the transponder 110 to carry out wireless operations.
Therefore, in this embodiment, the RFID reader 123 reports the presence of the transponder 111 to the MCU 122a in the base device 122, and causes the MCU 122a in the base device 122 to automatically activate a suitable driver program, relay or another device 122b to perform a specific operation, such as unlocking the vehicle 301.
Furthermore, the base device 120 can also respond to positive authentication of the authorised user by the MCU 122a causing a relay 122b to perform an operation, such as igniting the engine of the vehicle 301 , i.e. Active Mode operation. In this case, the authorised user has to press his finger on the fingerprint scanner 112 in order to have his biometrics identity is obtained by the fingerprint scanner module 110 and authenticated by the MCU 111 b in the portable biometrics device 110. Upon positive authentication, the UHF transceiver 111a in the portable biometrics device 110 sends a UHF signal to the UHF receiver 121 in the base device 120 to indicate positive biometrics authentication of the authorised user and to cause the micro-controller in the base device 120 to execute a specific routine, such as igniting the vehicle engine.
Optionally, the biometric sensor module 112 in the portable biometric devicel 10 may be kept in a sleep mode until the challenge signal from the RFID reader 123 is received by the transponder's 111 LF transceiver 111c. Thus, in order to activate the biometric module 112, the portable biometric device 110 has to be within range of the base device 120 for RFID detection. Only when RFID challenge signals sent out by the base device 120 to search for the presence of the transponder 111 is picked up by the transponder's 111 RFID transceiver 111c will the MCU 111 b in the portable biometrics device 110 activates the fingerprint reading module 112, putting the fingerprint module in a standby mode.
In one variation of the embodiment, the authentication of the biometrics identity of the user is performed in the portable biometrics device 110. For example, a template of the user's fingerprint is stored in the portable biometrics device 110 to be compared with a captured fingerprint, such that if the captured fingerprint matches the stored, i.e. positive identification, the portable biometrics sensor 110 sends a UHF signal to the base device 120 indicating a positive user authentication. The base device 120 is then triggered to perform an operation that it is pre-programmed to perform when biometrics authentication of the user is positive. To prevent any theft of signal during UHF transmission due to code grabbing or scanning, additional signal security can be achieved by use of hopping code instead of fixed code.
In another variation of the embodiment, the fingerprint is not authenticated in the portable device and is sent to the base device 120 to match a template of authorised users' fingerprints stored in the base device 120. As the base device 120 may be physically protected within a locked premise 301 , 302, this prevents physical tampering of the system 100 to obtain biometrics identities of authorised users. Optionally, the system 100 may work with encrypted biometrics data to further prevent misappropriation the authorised user's biometrics identity.
Other than engine immobiliser, ignitors and locks, the MCU 122 in the base device 120 may include programs which operate to check door and brakes status and control sirens, lights, buzzers and so on, and to raise alarm to the authorised user if anything is amiss. In case of door access, the base device 120 may also be connected to a computer to track and log user identity and time of access. Furthermore, the embodiment may also be used to track the authorised user's movements between premises using RFID, while allowing him to use the biometric authentication module to access high security premises. In an organisation where security level is high and personnel needs to be located easily, the embodiment provides an ideal system for doing so.
Furthermore, if the biometrics authentication of a user is negative, a safety operation may be triggered by the MCU 122a in the base device 122, such as sounding an alarm or alerting the police.
Optionally, there is one or more control buttons 203 included in the portable biometric device for implementing button-operated operations or functions, such as triggering an alarm to help locate the vehicle 301 or, using UHF to send vehicle locator signal or panic signal at a distance.
In a further embodiment, a user may be authorised biometrically by scanning his fingerprint into the portable biometrics device 110 and causing the portable biometric device to execute a program which registers the user's fingerprint with the authentication program in the biometrics device 110 or in the base device 120. Therefore, this embodiment provides the possible advantage of remote registration of a newly authorised user.
In a further embodiment, the portable biometrics device 110 further comprises LED or other display for indicating successful unlocking of a premises, user authentication or ignition of a vehicle's 301 engine. In a further embodiment, Passive Mode operations in the event of low battery or no battery operations, do not involve the use of UHF signals sent by a UHF transceiver 111a in response to challenge signals sent by the base device 120. This is possible if the transponder is at close proximity of few tens cm to the RFID reader. In this case, the base device will regularly sends charging signals to power up the transponder, then followed by the RFID signals. The RFID signals sent out from the base device 120 (at whichever frequency although in this embodiment, they are LF signals) are merely reflected by the RFID transponder 111 in the portable biometrics device 110 within detection distance, e.g. by electrical resonant effect of an LC circuit, as known in the art. The signal reflections are detected by the RFID reader, at 123b, which causes the MCU 122a in the base station 120 to automatically execute predetermined Passive Mode operations. As typical in the art, the reflected signals may be modified on reflection to include an identity of the transponder 111 such that the base device 120 is able to identify the particular portable biometrics device 110 comprising the transponder 111.
Therefore, the embodiment provides the possible advantage of having a biometric transponder system that has a unique, user-friendly, wireless,, mid- range distance one-to-many application and has high security. The embodiment may be used to control physical access to premises and to provide automotive security. As the portable biometrics device 102 is wireless, there is advantageously no need for physical installation, i.e. drilling etc, of the biometrics module. There is consequently an possible advantage of cost effectiveness when implementing the embodiment.
It should be understood that the embodiments described herein are but embodiments of underlying concepts of the invention. Alternatives to the embodiments, though not described, are intended to be within the scope of this invention as claimed.
For example, it should be understood that the examples given herein of UHF or LF signals are merely examples and are not limitative examples of the operational communication frequencies. For example, the UHF module may instead be a LF module and vice versa. Furthermore, other wireless communication technologies such as Bluetooth or microwave frequency detection may be used for the communication between the portable biometrics device 110 and the base device 120.