[go: nahoru, domu]

WO2012101389A1 - Biometric identity verification system using a success signal and interacting with a portable object - Google Patents

Biometric identity verification system using a success signal and interacting with a portable object Download PDF

Info

Publication number
WO2012101389A1
WO2012101389A1 PCT/FR2012/050175 FR2012050175W WO2012101389A1 WO 2012101389 A1 WO2012101389 A1 WO 2012101389A1 FR 2012050175 W FR2012050175 W FR 2012050175W WO 2012101389 A1 WO2012101389 A1 WO 2012101389A1
Authority
WO
WIPO (PCT)
Prior art keywords
individual
biometric verification
portable object
biometric
signal
Prior art date
Application number
PCT/FR2012/050175
Other languages
French (fr)
Inventor
François Grieu
André AMPELAS
Original Assignee
Spirtech
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Spirtech filed Critical Spirtech
Priority to EP12706637.1A priority Critical patent/EP2668738A1/en
Priority to MX2013008675A priority patent/MX2013008675A/en
Priority to BR112013018631A priority patent/BR112013018631A2/en
Publication of WO2012101389A1 publication Critical patent/WO2012101389A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • Biometric identity verification system with a success signal cooperating with a portable object
  • the invention relates to biometric systems for verification of identity, where a physical characteristic of a person is automatically compared to a reference to verify his identity.
  • a sensor acquires data representative of a physical characteristic of an individual, the resultant data is compared to a reference datum, and the individual is authenticated if the two data have sufficiently similar characteristics.
  • fingerprints commonly referred to as “fingerprints”
  • WO 2009/097604 A1 discloses a biometric system capable of being temporarily coupled to another system and selectively providing it with certain information in the event of successful authentication (and also a biometric system in which graphic information is disclosed or hidden according to the result of the authentication).
  • the WO 2010/022129 A1 describes a biometric system integrated into an identification card that can be temporarily coupled to a terminal, such that the success of the authentication is necessary for the activation of the functions of the card, and therefore its use.
  • WO 2005/096214 A1 discloses a biometric system integrated into an identification card that may be temporarily coupled by radio to another device subject to successful authentication.
  • WO 2008/137206 A1 describes a biometric system integrated into an RFID transponder provided with a memory that can be accessed by this means subject to successful authentication.
  • US 7,360,688 B1 as well as EP 1 840 788 A2 describe a biometric system of which at least the sensor is integrated in an identification card that can be temporarily coupled to a terminal (without precise indication of what is produced by the device). authentication).
  • a particular example is the situation encountered when a customer rides a taxi.
  • the customer is supposed to check that the taxi in which he rides is operated by a driver holding a valid license, based on a plate attached to the vehicle and / or a driver's authorization card.
  • This is sometimes insufficient: these elements of identification are difficult to verify, may be counterfeit, or be stolen from their legitimate holder, for example with the vehicle, in order to strip the customers of this fake taxi with the complicity of the false driver.
  • the problem is so acute that various embassies (France, USA, ...) indicate: "In town, it is strongly discouraged to hail a taxi at random and to borrow free taxis".
  • the driver used a conventional biometric system to prove his identity to the customer, the risk would be that a device of identical appearance is used by a false driver and gives false assurance to the customer that the driver holds a valid license.
  • the invention proposes, essentially, to solve this difficulty by completing the biometric verification system of the identity by a success signal of a nature to bring the proof to the second individual (the person requesting the verification) that the identification of the first individual (that which is the object of the verification) is validly carried out, this signal of success cooperating with a portable object held by the second individual and in which he can have confidence. It could possibly be a pre-existing secure portable object such as transport card, passport or contactless identity card, mobile phone, etc.
  • the customer will see for example a sentence he has chosen, from a card he holds, displayed on the housing performing the biometric authentication, the system of the invention ensuring that this is possible only if the identity of the driver has been validly verified.
  • the system of the invention can also validate a flow of the race by means of electronic money, which reduces the risk of aggression of the driver by an unscrupulous customer, since the latter has no way to recover the dematerialized currency held by the chauffeur.
  • the invention proposes a biometric system for verifying identity of the general type disclosed by the aforementioned WO 2009/097604 A1, that is to say comprising:
  • biometric verification subsystem of the identity of a first individual
  • the biometric verification subsystem is held by the first individual and the portable object is held by the second individual;
  • the means for selectively delivering a success signal are means included in the biometric verification subsystem
  • the cryptographic protocol is a protocol capable of producing a result determining a characteristic of the success signal and representative of the concordance between a secret datum and a datum contained in the portable object;
  • the means for restoring in visual or auditory form the success signal are means controlled by a circuit of the biometric verification subsystem held by the first individual, so that the perception of this signal by the second individual assures him that the identity of the first individual is validly verified.
  • the invention also relates to a biometric method for verifying the identity of a first individual by a second individual, comprising the following steps:
  • biometric verification subsystem selective issuance of a successful success signal: (i) a biometric verification and (ii) a verification of the authenticity of the biometric verification subsystem by a cryptographic protocol between it and the portable object,
  • this cryptographic protocol being a protocol capable of producing a result determining a characteristic of the success signal and representative of the concordance between a secret datum and a datum contained in the portable object;
  • FIG. 1 illustrates in block diagram form functional the system of the invention in its most general form.
  • FIG. 2 illustrates a particular embodiment of the invention.
  • FIG 1 illustrates the system of the invention in its most general form.
  • the system of the invention comprises a subsystem 100 for biometric verification of the identity of a first individual.
  • a sensor 101 produces a biometric 102 characteristic of the first individual.
  • This datum is compared with a reference datum 103 by an automatic comparison device 104 which produces a comparison result 105 capable of taking at least two distinct values, True or False, depending on whether the data have, or do not have, sufficiently similar characteristics.
  • the system further comprises a portable object 300 held by a second individual to whom proof of the identity of the first individual is to be provided; the portable object 300 comprises a means 350 for temporary coupling and information exchange with a coupler 250 for portable objects, a microcircuit 307 forming information processing means, in particular data 306 previously introduced and stored in this portable object.
  • the portable object 300 may be, for example, a contact (ISO / IEC 7816) or non-contact (proximity) magnetic proximity card according to ISO / IEC 14443 standards or Near Field Communication (NFC) standards, or magnetic neighborhood coupling according to ISO / IEC ISO / IEC 15693 standards), or a mobile phone with an NFC interface.
  • the temporary coupling of the portable object 300 with the rest of the system may be for example an inductive coupling between the coupler 250 and the coupling means 350.
  • the system of the invention implements a cryptographic protocol, between the microcircuit 307 for an operation concerning the data 306, and a microcircuit 207 for an operation concerning a secret datum 206; the messages of this protocol are exchanged through the coupler 250 collaborating with the microcircuit 207, and the coupling means 350 collaborating with the microcircuit 307, the coupler 250 and the coupling means 350 carrying out their temporary coupling and transfer function. infor- mation; the result 201 of the cryptographic protocol depends on the concordance between the secret datum 206 and the datum 306.
  • the system of the invention comprises a success signal 202 accessible to the senses (visual, auditory, etc.) of the second individual, activated according to the result 201 AND that the comparison result 105 is True.
  • a good way to achieve this result is to produce the result 201 and selectively transfer it to the success signal 202 when the comparison result 105 is True, as shown in FIG. 1.
  • An equivalent means is that the microcircuit 207 does not implement the cryptographic protocol only selectively if the comparison result 105 is True, and the microcircuit 207, or respectively the microcircuit 307, controls the success signal 202 as a function of the result 201 when the cryptographic protocol comes to its normal end.
  • this success signal 202 is obtained in the manner that will be described below.
  • the success signal 202 is in the form of a characteristic such as the text of a message or the notes of a melody chosen by the second individual. This characteristic is recognizable by the second individual but is initially unknown to the first individual. It is determined from the result 201 and that the result of the comparison 105 is True.
  • This embodiment is well suited to the case where the presentation of the success signal 202 is carried out by the first individual and controlled by the microcircuit 207. Since the result 201 depends on the concordance between the secret datum 206 and the datum 306, the signal expected success is produced only if the secret data 206 is concordant with the data 306 and the result of the comparison 105 is True, that is to say if the identity of the first individual has been validly verified.
  • FIG. 2 illustrates a particular form of this embodiment of the system of the invention.
  • the cryptographic protocol is that the microcircuit 207 decrypts the data 306 with the key formed by the secret data 206 selectively when the result of the comparison 105 is True.
  • Each letter of the data item 306 is, for example, shifted in the alphabet, especially since the corresponding figure of the secret data item 206, and the result 201 of the tocole, generated by the microcircuit 207, is presented by a display revealing the success signal 202 to the second individual, who for example recognizes a text ("monica") to which he expects. It will be appreciated that if the secret datum 206 is altered or absent, this text would not be displayed. The display of the expected text is therefore for the second individual a factor of assurance that the system used is not counterfeit.
  • the physical implementation should ensure that an alteration of the comparison device 104, the result 105 of the comparison, or the microcircuit 207, as well as, as far as possible, an alteration of the sensor 101, the data 102, or reference datum 103, would destroy the secret datum 206 and / or prevent by a similar means the normal activation of the success signal 202.
  • the elements 102 to 207 can be made for example by means of a SecurCore ARM security microcontroller connected closer to the sensor 101 and collaborating closely with it, for example by operating its mechanical, optical elements or / and electronic.
  • the secret data 206 may constitute the secret key of a cryptographic algorithm, the data 306 being the same key, a paired public key, or a value encrypted by the key constituted by the secret data 206.
  • the data item 306 is written into the portable object during its manufacture or subsequently by appropriate input for example on dedicated equipment, and results from an encryption operation according to a symmetric cryptographic algorithm (for example AES, described by the FIPS publication No. 197 NIST) of a message chosen by the second individual, with a key whose value coincides with the secret data 206.
  • a symmetric cryptographic algorithm for example AES, described by the FIPS publication No. 197 NIST
  • the data 306 is transferred from the portable object through the coupling means 350 and the coupler 250, and decrypted by the microcircuit 207 under control of the key formed by the secret data 206, producing the result 201 constituting the success signal that is displayed, this selectively when the result of the comparison 105 is right.
  • the expected message is observable by the second individual selectively only if the cryptographic protocol has succeeded and the identity of the first individual has been verified.
  • the activation of the success signal 202 is advantageously conditioned on the fact that the use of the sensor 101 has occurred within a time period below a predetermined threshold. This prevents a circumvention of the system where the identity of the first individual is verified, then usurped later by a third individual.
  • a system element is advantageously recorded in a newspaper and / or broadcast remotely, each record of the newspaper or each broadcast being accompanied by at least one item of data from a system element, such as a serial number, part of the reference data 103, secret data 206, and / or data 306, and transferred through the coupling means 350 and the coupler 250; the cryptographic protocol used can also ensure the integrity of this data.
  • the recording can for example be done in a cyclic file of a microcircuit, as described in the ISO / IEC 7816, part 4.
  • the diffusion can be done by a data telecommunication system (SMS, MMS, GPRS, ).
  • a payment system by means of the portable object 300 held by the second individual, which system can be activated only if the success of the cryptographic protocol makes it available, selectively if the result of the Comparison 105 is true, flow-through information transferred from the portable object through the coupling means 350 and the coupler 250.
  • the flow rate is conditioned on the activation of a confirmation signal of the flow authorization in a predetermined time window relative to the implementation of a system element, and / or the flow rate with flow-through information. is inhibited by a new implementation of an element of the system. This helps to prevent unauthorized flow.
  • the data 306 evolves so that the success signal 202 evolves in a predetermined manner.
  • the evolution may consist, for example, in the increment of a usage counter directly displayed by the success signal 202, or / and the selection of one of several messages or melody in a cyclic list. This gives increased assurance on the confidentiality of the expected value for the success signal 202.
  • the driver holds a biometric authentication box including the biometric verification subsystem 100, the secret data 206, the microcircuit 207, the coupler 250 and the success signal 202.
  • the customer holds a portable object including including information 306 known to the customer, such as an account number or / and a message he has chosen.
  • the driver presents his finger on the sensor 101, and its identity is verified by the biometric system on the basis of the characteristics of the dermatoglyphs of the finger compared to the reference characteristics 103.
  • the client approaches his portable object 300 of the reader 250 and the temporary coupling is established with the coupling means 350.
  • the data item 306 is read, decrypted under control of the key formed by the secret data item 206 selectively if the result 105 of the comparison is True, as described above, and the activation signal 202 is revealed by displaying the message known to the client on a screen of the box.
  • a record is added to the on-demand log of the microcircuit 207 and / or the microcircuit 307, including the serial number of the portable object of the client read through the coupler 250 and the coupling means 350, as well as the date.
  • this information is broadcast, for example by an SMS message sent on command of the microcircuit 207 and / or the microcircuit 307.
  • This record which can be used in the case of an inquiry, constitutes an indication of the support for this customer in this taxi at this precise moment, and this as soon as the intention of the customer to use the taxi is constituted, that the identity of the driver is checked or not. This also deters a legitimate taxi driver from becoming an accomplice to wrongdoing.
  • the system can be connected to the taximeter, the activation of its "support” mode constituting the confirmation signal of the debit authorization. If this activation occurs within a predetermined time window relative to the activation of the activation signal 202 or some other element of the system, the credentials of the customer, such as the account number, are used for debiting the amount of money. the race, which can come from the taximeter, or otherwise be obtained via an ad hoc keyboard. This credential information is then cleared, as is the case where another customer's support occurs without a debit, preventing the new customer from being charged to the previous customer.
  • the reference data item 103 may be searched automatically among a plurality; and / or the reference datum 103 may be derived from an additional portable object held by the identified individual, which may collaborate with the coupler 250 or the like; in the example of application to taxis, it may be for example several drivers sharing the same vehicle.
  • the sensor 101 and / or the automatic comparison device 104 and / or the secret key 206 and / or the log support can be integrated with this additional portable object.
  • the reference datum 103 may be protected by a cryptographic certificate, and / or be associated with a validity expiry date, and / or with a known carrier code of the first individual.
  • two individuals each equipped with NFC mobile phones can demonstrate to each other their identity, provided that one (at least) of the two mobile phones, or an intermediate device, includes a biometric verification subsystem.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to a system including: a subsystem (100) for the biometric verification of the identity of a first person, and a portable object (300) which is carried by a second person and which can be temporarily coupled to the biometric verification subsystem. According to the invention, a success signal (202) is selectively activated when the biometric verification is successful and when the authenticity of the biometric verification subsystem has been confirmed by a cryptographic protocol implemented between the portable object and a coupler (250), a microcircuit (207) and a secret datum (206). The signal can be activated directly by the portable object and/or can comprise a feature (text, melody, etc.) such that observation of said signal by the second person is a guarantee that the secret datum (206) matches a reference datum (306) previously stored in the portable object, and therefore that the identity of the first person is validly verified. A subsequent financial transaction can be selectively authorised in the event of success.

Description

Système biométrique de vérification de l'identité avec un signal de réussite, coopérant avec un objet portatif  Biometric identity verification system with a success signal cooperating with a portable object
L'invention se rapporte aux systèmes biométriques de vérification de l'identité, où une caractéristique physique d'une personne est automatiquement comparée à une référence afin de vérifier son identité. The invention relates to biometric systems for verification of identity, where a physical characteristic of a person is automatically compared to a reference to verify his identity.
Dans de tels systèmes, un capteur acquiert une donnée représentative d'une caractéristique physique d'un individu, la donnée résultante est comparée à une donnée de référence, et l'individu est authentifié si les deux données ont des caractéristiques suffisamment proches. De tels systèmes, par exemple basés sur les caractéristiques des dermatogly- phes du doigt, communément désignés par "empreinte digitale", sont connus depuis longtemps, par exemple d'après le US 4 151 5 2 A.  In such systems, a sensor acquires data representative of a physical characteristic of an individual, the resultant data is compared to a reference datum, and the individual is authenticated if the two data have sufficiently similar characteristics. Such systems, for example based on the characteristics of finger dermatoglyphs, commonly referred to as "fingerprints", have been known for a long time, for example according to US 4 151 5 2 A.
Le WO 2009/097604 A1 décrit un système biométrique susceptible d'être temporairement couplé à un autre système et de lui fournir sélectivement certaines informations en cas de succès de l'authentification (et par ailleurs un système biométrique dans lequel des informations graphiques sont révélées ou masquées selon le résultat de l'authentification).  WO 2009/097604 A1 discloses a biometric system capable of being temporarily coupled to another system and selectively providing it with certain information in the event of successful authentication (and also a biometric system in which graphic information is disclosed or hidden according to the result of the authentication).
Le WO 2010/022129 A1 décrit un système biométrique intégré à une carte d'identification susceptible d'être temporairement couplée à un terminal, tel que le succès de l'authentification est nécessaire à l'activation des fonctions de la carte, donc à son utilisation. The WO 2010/022129 A1 describes a biometric system integrated into an identification card that can be temporarily coupled to a terminal, such that the success of the authentication is necessary for the activation of the functions of the card, and therefore its use.
Le WO 2005/096214 A1 décrit un système biométrique intégré à une carte d'identification susceptible d'être temporairement couplée par radio à un autre dispositif sous réserve du succès de l'authentification.  WO 2005/096214 A1 discloses a biometric system integrated into an identification card that may be temporarily coupled by radio to another device subject to successful authentication.
Le WO 2008/137206 A1 décrit un système biométrique intégré à un transpondeur RFID muni d'une mémoire susceptible d'être accédée par ce moyen sous réserve du succès de l'authentification. WO 2008/137206 A1 describes a biometric system integrated into an RFID transponder provided with a memory that can be accessed by this means subject to successful authentication.
Le US 7 360 688 B1 ainsi que le EP 1 840 788 A2 décrivent un système biométrique dont au moins le capteur est intégré à une carte d'identification susceptible d'être temporairement couplée à un terminal (sans indication précise de ce que produit l'authentification). US 7,360,688 B1 as well as EP 1 840 788 A2 describe a biometric system of which at least the sensor is integrated in an identification card that can be temporarily coupled to a terminal (without precise indication of what is produced by the device). authentication).
La mise en uvre de tels systèmes pose une difficulté quand il s'agit d'apporter la preuve de l'identité d'un premier individu à un second individu qui ne détient pas le système biométrique de vérification de l'identité. Le problème est notamment celui de la reconnaissance des vrais conducteurs de taxi, agents de police, de services publics, ou d'une manière plus générale des personnels "autorisés" ou "accrédités". The implementation of such systems poses a challenge when it comes to providing proof of the identity of a first individual to a second individual who does not hold the biometric verification system. The problem is in particular the recognition of true taxi drivers, police officers, public services, or, more generally, "authorized" or "accredited" personnel.
Cela peut s'avérer utile dans de nombreuses applications où les systèmes biométriques de vérification de l'identité actuellement connus ne sont pas utilisables.  This may be useful in many applications where currently known biometric identity verification systems are not usable.
Un tel besoin existe, compte tenu du sentiment croissant d'insécurité, du vieillissement de la population, de ce que nombre d'agressions sont perpétrées par usurpation d'apparence.  Such a need exists, given the growing feeling of insecurity, the aging of the population, that many assaults are perpetrated by usurpation of appearance.
Un exemple particulier est la situation rencontrée lorsqu'un client monte dans un taxi. Le client est supposé vérifier que le taxi dans lequel il monte est opéré par un chauffeur titulaire d'une licence valide, sur la base d'une plaque fixée au véhicule et/ou d'une carte d'habilitation du chauffeur. Cela est parfois insuffisant : ces éléments d'identification sont difficiles à vérifier, peuvent être contrefaits, ou être dérobés à leur titulaire légitime, par exemple avec le véhicule, ce dans le but de dépouiller les clients de ce faux taxi avec la complicité du faux chauffeur. Dans certaines villes le problème est si aigu que diverses ambassades (France, USA, ...) indiquent : "En ville, il est vivement déconseillé de héler un taxi au hasard et d'emprunter les taxis libres".  A particular example is the situation encountered when a customer rides a taxi. The customer is supposed to check that the taxi in which he rides is operated by a driver holding a valid license, based on a plate attached to the vehicle and / or a driver's authorization card. This is sometimes insufficient: these elements of identification are difficult to verify, may be counterfeit, or be stolen from their legitimate holder, for example with the vehicle, in order to strip the customers of this fake taxi with the complicity of the false driver. In some cities the problem is so acute that various embassies (France, USA, ...) indicate: "In town, it is strongly discouraged to hail a taxi at random and to borrow free taxis".
Si le chauffeur utilisait un système biométrique classique pour démontrer son identité au client, le risque existerait qu'un dispositif d'apparence identique soit utilisé par un faux chauffeur et donne une fausse assurance au client que le chauffeur est titulaire d'une licence valide.  If the driver used a conventional biometric system to prove his identity to the customer, the risk would be that a device of identical appearance is used by a false driver and gives false assurance to the customer that the driver holds a valid license.
L'invention propose, essentiellement, de résoudre cette difficulté en complétant le système biométrique de vérification de l'identité par un signal de réussite de nature à apporter la preuve au second individu (celui qui demande la vérification) que l'identification du premier individu (celui qui fait l'objet de la vérification) est valablement effectuée, ce signal de réussite coopérant avec un objet portatif détenu par le second individu et dans lequel il peut avoir confiance. Il pourra éventuellement s'agir d'un objet portable sécurisé préexistant tel que carte de transport, passeport ou carte d'identité sans contact, téléphone mobile, etc. The invention proposes, essentially, to solve this difficulty by completing the biometric verification system of the identity by a success signal of a nature to bring the proof to the second individual (the person requesting the verification) that the identification of the first individual (that which is the object of the verification) is validly carried out, this signal of success cooperating with a portable object held by the second individual and in which he can have confidence. It could possibly be a pre-existing secure portable object such as transport card, passport or contactless identity card, mobile phone, etc.
Dans un mode particulier de mise en œuvre de l'invention, le client verra par exemple une phrase qu'il a choisie, issue d'une carte qu'il détient, s'afficher sur le boîtier réalisant l'authentification biométrique, le système de l'invention assurant que cela n'est possible que si l'identité du chauffeur a été valablement vérifiée. In a particular mode of implementation of the invention, the customer will see for example a sentence he has chosen, from a card he holds, displayed on the housing performing the biometric authentication, the system of the invention ensuring that this is possible only if the identity of the driver has been validly verified.
Le système de l'invention peut aussi valider un débit de la course au moyen de monnaie électronique, ce qui diminue le risque d'agression du chauffeur par un client indélicat, puisque ce dernier n'a aucun moyen de récupérer la monnaie dématérialisée détenue par le chauffeur.  The system of the invention can also validate a flow of the race by means of electronic money, which reduces the risk of aggression of the driver by an unscrupulous customer, since the latter has no way to recover the dematerialized currency held by the chauffeur.
Plus précisément, l'invention propose un système biométrique de vérification d'identité du type général divulgué par le WO 2009/097604 A1 précité, c'est-à-dire comprenant :  More specifically, the invention proposes a biometric system for verifying identity of the general type disclosed by the aforementioned WO 2009/097604 A1, that is to say comprising:
- un sous-système de vérification biométrique de l'identité d'un premier individu ;  a biometric verification subsystem of the identity of a first individual;
- un objet portatif susceptible d'être temporairement couplé au sous- système de vérification biométrique ;  a portable object that can be temporarily coupled to the biometric verification subsystem;
- des moyens pour délivrer sélectivement un signal de réussite sous condition : i) que la vérification biométrique réussisse et ii) que l'authenticité du sous-système de vérification biométrique ait été assurée par un protocole cryptographique entre celui-ci et l'objet portatif ; et  means for selectively issuing a success signal under the condition that: i) the biometric verification succeeds; and ii) that the authenticity of the biometric verification subsystem has been ensured by a cryptographic protocol between the biometric verification subsystem and the portable object. ; and
- des moyens pour restituer sous forme visuelle ou auditive le signal de réussite de manière perceptible par un second individu.  means for reproducing in a visual or auditory form the success signal perceptibly by a second individual.
De façon caractéristique de l'invention :  Characteristically, the invention
- le sous-système de vérification biométrique est détenu par le premier individu et l'objet portatif est détenu par le second individu ;  the biometric verification subsystem is held by the first individual and the portable object is held by the second individual;
- les moyens pour délivrer sélectivement un signal de réussite sont des moyens inclus dans le sous-système de vérification biométrique ;  the means for selectively delivering a success signal are means included in the biometric verification subsystem;
- le protocole cryptographique est un protocole apte à produire un résultat déterminant une caractéristique du signal de réussite et représentatif de la concordance entre une donnée secrète et une donnée contenue dans l'objet portatif ; et  the cryptographic protocol is a protocol capable of producing a result determining a characteristic of the success signal and representative of the concordance between a secret datum and a datum contained in the portable object; and
- les moyens pour restituer sous forme visuelle ou auditive le signal de réussite sont des moyens commandés par un circuit du sous-système de vérification biométrique détenu par le premier individu, de sorte que la perception de ce signal par le second individu lui assure que l'identité du premier individu est valablement vérifiée. L'invention a également pour objet un procédé biométrique de vérification de l'identité d'un premier individu par un second individu, comprenant les étapes suivantes : the means for restoring in visual or auditory form the success signal are means controlled by a circuit of the biometric verification subsystem held by the first individual, so that the perception of this signal by the second individual assures him that the identity of the first individual is validly verified. The invention also relates to a biometric method for verifying the identity of a first individual by a second individual, comprising the following steps:
a) mise à disposition du premier individu d'un sous-système de vérification biométrique ;  a) providing the first individual with a biometric verification subsystem;
b) mise à disposition du second individu d'un objet portatif ;  b) providing the second individual with a portable object;
c) couplage temporaire de l'objet portatif au sous-système de vérification biométrique ;  c) temporary coupling of the portable object to the biometric verification subsystem;
d) exécution i) d'une vérification biométrique et ii) d'une vérification de l'authenticité du sous-système de vérification biométrique par un protocole cryptographique entre celui-ci et l'objet portatif ;  (d) performing (i) a biometric verification and (ii) verifying the authenticity of the biometric verification subsystem by a cryptographic protocol between the biometric verification subsystem and the portable object;
e) par le sous-système de vérification biométrique, délivrance sélective d'un signal de réussite sous condition de réussite : i) d'une vérification biométrique et ii) d'une vérification de l'authenticité du sous-système de vérification biométrique par un protocole cryptographique entre celui-ci et l'objet portatif,  (e) by the biometric verification subsystem, selective issuance of a successful success signal: (i) a biometric verification and (ii) a verification of the authenticity of the biometric verification subsystem by a cryptographic protocol between it and the portable object,
ce protocole cryptographique étant un protocole apte à produire un résultat déterminant une caractéristique du signal de réussite et représentatif de la concordance entre une donnée secrète et une donnée contenue dans l'objet portatif ; et  this cryptographic protocol being a protocol capable of producing a result determining a characteristic of the success signal and representative of the concordance between a secret datum and a datum contained in the portable object; and
f) par un circuit du sous-système de vérification biométrique détenu par le premier individu, restitution sous forme visuelle ou auditive du signal de réussite de manière perceptible par le second individu, de sorte que la perception de ce signal par le second individu lui assure, par le fait que ce signal possède les caractéristiques attendues, que l'identité du premier individu est valablement vérifiée.  f) by a circuit of the biometric verification subsystem held by the first individual, visually or audibly returning the success signal in a manner perceptible by the second individual, so that the perception of this signal by the second individual ensures by the fact that this signal has the expected characteristics, that the identity of the first individual is validly verified.
0 0
On va maintenant décrire un exemple de mise en oeuvre du dispositif de l'invention, en référence aux dessins annexés où les mêmes références numériques désignent d'une figure à l'autre des éléments identiques ou fonctionnellement semblables. An embodiment of the device of the invention will now be described with reference to the appended drawings in which the same reference numerals designate identical or functionally similar elements from one figure to another.
La Figure 1 illustre sous forme de schéma par blocs fonctionnels le système de l'invention dans sa forme la plus générale. La Figures 2 illustre un mode de réalisation particulier de l'invention. Figure 1 illustrates in block diagram form functional the system of the invention in its most general form. FIG. 2 illustrates a particular embodiment of the invention.
0 0
La Figure 1 illustre le système de l'invention dans sa forme la plus générale. Figure 1 illustrates the system of the invention in its most general form.
Le système de l'invention comprend un sous-système 100 de vérification biométrique de l'identité d'un premier individu. Un capteur 101 produit une donnée biométrique 102 caractéristique du premier individu. Cette donnée est comparée à une donnée de référence 103 par un dispositif automatique de comparaison 104 qui produit un résultat de comparaison 105 susceptible de prendre au moins deux valeurs distinctes, Vrai ou Faux, selon que les données ont, ou n'ont pas, des caractéristiques suffisamment similaires.  The system of the invention comprises a subsystem 100 for biometric verification of the identity of a first individual. A sensor 101 produces a biometric 102 characteristic of the first individual. This datum is compared with a reference datum 103 by an automatic comparison device 104 which produces a comparison result 105 capable of taking at least two distinct values, True or False, depending on whether the data have, or do not have, sufficiently similar characteristics.
Le système comprend en outre un objet portatif 300 détenu par un second individu, à qui la preuve de l'identité du premier individu doit être apportée ; l'objet portatif 300 comprend un moyen 350 de couplage temporaire et d'échange d'information avec un coupleur 250 pour objets portatifs, un microcircuit 307 formant moyen de traitement de l'information, en particulier d'une donnée 306 introduite préalablement et stockée dans cet objet portatif. L'objet portatif 300 peut être par exemple une carte à puce à contact (normes ISO/IEC 7816) ou sans contact (couplage magnétique de proximité selon normes ISO/IEC 14443 ou normes Near Field Communication dites NFC, ou couplage magnétique de voisinage selon normes ISO/IEC 15693), ou un téléphone mobile avec une interface NFC. Le couplage temporaire de l'objet portatif 300 avec le reste du système peut être par exemple un couplage inductif entre le coupleur 250 et le moyen de couplage 350.  The system further comprises a portable object 300 held by a second individual to whom proof of the identity of the first individual is to be provided; the portable object 300 comprises a means 350 for temporary coupling and information exchange with a coupler 250 for portable objects, a microcircuit 307 forming information processing means, in particular data 306 previously introduced and stored in this portable object. The portable object 300 may be, for example, a contact (ISO / IEC 7816) or non-contact (proximity) magnetic proximity card according to ISO / IEC 14443 standards or Near Field Communication (NFC) standards, or magnetic neighborhood coupling according to ISO / IEC ISO / IEC 15693 standards), or a mobile phone with an NFC interface. The temporary coupling of the portable object 300 with the rest of the system may be for example an inductive coupling between the coupler 250 and the coupling means 350.
Le système de l'invention met un oeuvre un protocole cryptographique, entre le microcircuit 307 pour une opération concernant la donnée 306, et un microcircuit 207 pour une opération concernant une donnée secrète 206 ; les messages de ce protocole sont échangés au travers du coupleur 250 collaborant avec le microcircuit 207, et le moyen de couplage 350 collaborant avec le microcircuit 307, le coupleur 250 et le moyen de couplage 350 réalisant leur fonction de couplage temporaire et de transfert d'infor- mation ; le résultat 201 du protocole cryptographique dépend de la concordance entre la donnée secrète 206 et la donnée 306. The system of the invention implements a cryptographic protocol, between the microcircuit 307 for an operation concerning the data 306, and a microcircuit 207 for an operation concerning a secret datum 206; the messages of this protocol are exchanged through the coupler 250 collaborating with the microcircuit 207, and the coupling means 350 collaborating with the microcircuit 307, the coupler 250 and the coupling means 350 carrying out their temporary coupling and transfer function. infor- mation; the result 201 of the cryptographic protocol depends on the concordance between the secret datum 206 and the datum 306.
Le système de l'invention comprend un signal de réussite 202 accessible aux sens (visuel, auditif, etc.) du second individu, activé en fonction du résultat 201 ET de ce que le résultat de comparaison 105 est Vrai. Un bon moyen de parvenir à ce résultat est de produire le résultat 201 et de le transférer sélectivement au signal de réussite 202 quand le résultat de comparaison 105 est Vrai, comme illustré Figure 1. Un moyen équivalent est que le microcircuit 207 ne mette en œuvre le protocole cryptographique que sélectivement si le résultat de comparaison 105 est Vrai, et que le microcircuit 207, ou respectivement le microcircuit 307, commande le signal de réussite 202 en fonction du résultat 201 quand le protocole cryptographique arrive à son terme normal.  The system of the invention comprises a success signal 202 accessible to the senses (visual, auditory, etc.) of the second individual, activated according to the result 201 AND that the comparison result 105 is True. A good way to achieve this result is to produce the result 201 and selectively transfer it to the success signal 202 when the comparison result 105 is True, as shown in FIG. 1. An equivalent means is that the microcircuit 207 does not implement the cryptographic protocol only selectively if the comparison result 105 is True, and the microcircuit 207, or respectively the microcircuit 307, controls the success signal 202 as a function of the result 201 when the cryptographic protocol comes to its normal end.
Avantageusement, ce signal de réussite 202 est obtenu de la manière que l'on va décrire ci-après.  Advantageously, this success signal 202 is obtained in the manner that will be described below.
Dans ce mode de réalisation particulier, le signal de réussite 202 se présente sous forme d'une caractéristique telle que le texte d'un message ou les notes d'une mélodie choisis par le second individu. Cette caractéristique est reconnaissable par le second individu mais elle est initialement inconnue du premier individu. Elle est déterminée à partir du résultat 201 et de ce que le résultat de la comparaison 105 est Vrai.  In this particular embodiment, the success signal 202 is in the form of a characteristic such as the text of a message or the notes of a melody chosen by the second individual. This characteristic is recognizable by the second individual but is initially unknown to the first individual. It is determined from the result 201 and that the result of the comparison 105 is True.
Ce mode de réalisation est bien adapté au cas où la présentation du signal de réussite 202 est réalisée par le premier individu et commandée par le microcircuit 207. Puisque le résultat 201 dépend de la concordance entre la donnée secrète 206 et la donnée 306, le signal de réussite attendu n'est produit que si la donnée secrète 206 est concordante avec la donnée 306 et que le résultat de la comparaison 105 est Vrai, c'est-à-dire si l'identité du premier individu a été valablement vérifiée. This embodiment is well suited to the case where the presentation of the success signal 202 is carried out by the first individual and controlled by the microcircuit 207. Since the result 201 depends on the concordance between the secret datum 206 and the datum 306, the signal expected success is produced only if the secret data 206 is concordant with the data 306 and the result of the comparison 105 is True, that is to say if the identity of the first individual has been validly verified.
La Figure 2 illustre une forme particulière de ce mode de réalisation du système de l'invention. Figure 2 illustrates a particular form of this embodiment of the system of the invention.
Le protocole cryptographique consiste à ce que le microcircuit 207 déchiffre la donnée 306 avec la clé formée par la donnée secrète 206 sélectivement quand le résultat de la comparaison 105 est Vrai. Chaque lettre de la donnée 306 est par exemple décalée dans l'alphabet d'autant que le chiffre correspondant de la donnée secrète 206, et le résultat 201 du pro- tocole, généré par le microcircuit 207, est présenté par un afficheur révélant le signal de réussite 202 au second individu, qui par exemple reconnaît un texte ( "monica") auquel il s'attend. On appréciera que, si la donnée secrète 206 était altérée ou absente, ce texte ne serait pas affiché. L'affichage du texte attendu est donc pour le second individu un facteur d'assurance que le système utilisé n'est pas contrefait. The cryptographic protocol is that the microcircuit 207 decrypts the data 306 with the key formed by the secret data 206 selectively when the result of the comparison 105 is True. Each letter of the data item 306 is, for example, shifted in the alphabet, especially since the corresponding figure of the secret data item 206, and the result 201 of the tocole, generated by the microcircuit 207, is presented by a display revealing the success signal 202 to the second individual, who for example recognizes a text ("monica") to which he expects. It will be appreciated that if the secret datum 206 is altered or absent, this text would not be displayed. The display of the expected text is therefore for the second individual a factor of assurance that the system used is not counterfeit.
Pour une meilleure sécurité, la réalisation physique devrait assurer qu'une altération du dispositif de comparaison 104, du résultat 105 de la comparaison, ou du microcircuit 207, ainsi que, dans la mesure du possible, une altération du capteur 101 , de la donnée biométrique 102, ou de la donnée de référence 103, détruirait la donnée secrète 206 et/ou empêcherait par un moyen similaire l'activation normale du signal de réussite 202.  For better security, the physical implementation should ensure that an alteration of the comparison device 104, the result 105 of the comparison, or the microcircuit 207, as well as, as far as possible, an alteration of the sensor 101, the data 102, or reference datum 103, would destroy the secret datum 206 and / or prevent by a similar means the normal activation of the success signal 202.
Pour ce faire, les éléments 102 à 207 peuvent être par exemple réalisés au moyen d'un microcontrôleur de sécurité ARM SecurCore connecté au plus près du capteur 101 et collaborant étroitement avec celui-ci, par exemple en opérant ses éléments mécaniques, optiques ou/et électroniques. En outre, la donnée secrète 206 peut constituer la clé secrète d'un algorithme cryptographique, la donnée 306 étant la même clé, une clé publique appariée, ou une valeur chiffrée par la clé constituée par la donnée secrète 206.  To do this, the elements 102 to 207 can be made for example by means of a SecurCore ARM security microcontroller connected closer to the sensor 101 and collaborating closely with it, for example by operating its mechanical, optical elements or / and electronic. In addition, the secret data 206 may constitute the secret key of a cryptographic algorithm, the data 306 being the same key, a paired public key, or a value encrypted by the key constituted by the secret data 206.
La donnée 306 est inscrite dans l'objet portatif lors de sa fabrication ou ultérieurement par une saisie adéquate par exemple sur un équipement dédié, et résulte d'une opération de chiffrement selon un algorithme cryptographique symétrique (par exemple AES, décrit par la publication FIPS n°197 du NIST) d'un message choisi par le second individu, avec une clé dont la valeur coïncide avec la donnée secrète 206. Lors de la mise en œuvre du système, la donnée 306 est transférée depuis l'objet portatif à travers le moyen de couplage 350 et le coupleur 250, et déchiffrée par le microcircuit 207 sous contrôle de la clé formée par la donnée secrète 206, produisant le résultat 201 constituant le signal de réussite qui est affiché, ceci sélectivement quand le résultat de la comparaison 105 est Vrai. Le message attendu n'est observable par le second individu sélectivement que si le protocole cryptographique a réussi et que l'identité du premier individu a été vérifiée.  The data item 306 is written into the portable object during its manufacture or subsequently by appropriate input for example on dedicated equipment, and results from an encryption operation according to a symmetric cryptographic algorithm (for example AES, described by the FIPS publication No. 197 NIST) of a message chosen by the second individual, with a key whose value coincides with the secret data 206. In the implementation of the system, the data 306 is transferred from the portable object through the coupling means 350 and the coupler 250, and decrypted by the microcircuit 207 under control of the key formed by the secret data 206, producing the result 201 constituting the success signal that is displayed, this selectively when the result of the comparison 105 is right. The expected message is observable by the second individual selectively only if the cryptographic protocol has succeeded and the identity of the first individual has been verified.
L'homme de l'art en matière de cryptographie appliquée pourra aisément définir un protocole utilisant une cryptographie de type asymétrique (telle que RSA, DSA ou ECDSA, décrits par la publication FIPS n°186-3 du NIST), ce qui permet à la donnée 306 d'être une donnée publique correspondant à la donnée secrète 206. Those skilled in the art in applied cryptography can easily define a protocol using asymmetric type cryptography (such as RSA, DSA or ECDSA, described by FIPS publication NIST 186-3), which allows data 306 to be a public datum corresponding to the secret datum 206.
Divers perfectionnements peuvent être apportés au système que l'on vient de décrire.  Various improvements can be made to the system just described.
Ainsi, l'activation du signal de réussite 202 est avantageusement conditionnée à ce que l'utilisation du capteur 101 soit intervenue dans un délai inférieur à un seuil prédéterminé. Cela empêche un contournement du système où l'identité du premier individu est vérifiée, puis usurpée ultérieurement par un troisième individu.  Thus, the activation of the success signal 202 is advantageously conditioned on the fact that the use of the sensor 101 has occurred within a time period below a predetermined threshold. This prevents a circumvention of the system where the identity of the first individual is verified, then usurped later by a third individual.
De plus, les mises en œuvre d'un élément du système sont avantageusement enregistrées dans un journal ou/et diffusées à distance, chaque enregistrement du journal ou chaque diffusion étant accompagné d'au moins une donnée issue d'un élément du système, telle qu'un numéro de série, une partie de la donnée de référence 103, de la donnée secrète 206, et/ou de la donnée 306, et transférée à travers le moyen de couplage 350 et le coupleur 250 ; le protocole cryptographique utilisé peut aussi assurer l'intégrité de cette donnée. L'enregistrement peut par exemple se faire dans un fichier cyclique d'un microcircuit, tel que décrit dans la norme ISO/IEC 7816, partie 4. La diffusion peut se faire par un système de télécommunication de données (SMS, MMS, GPRS, ...).  In addition, the implementations of a system element are advantageously recorded in a newspaper and / or broadcast remotely, each record of the newspaper or each broadcast being accompanied by at least one item of data from a system element, such as a serial number, part of the reference data 103, secret data 206, and / or data 306, and transferred through the coupling means 350 and the coupler 250; the cryptographic protocol used can also ensure the integrity of this data. The recording can for example be done in a cyclic file of a microcircuit, as described in the ISO / IEC 7816, part 4. The diffusion can be done by a data telecommunication system (SMS, MMS, GPRS, ...).
Avantageusement, il est prévu un système de paiement au moyen de l'objet portatif 300 détenu par le second individu, système qui ne puisse être activé qu'à condition de la réussite du protocole cryptographique, lequel rend disponible, sélectivement si le résultat de la comparaison 105 est Vrai, des informations accréditives transférée depuis l'objet portatif à travers le moyen de couplage 350 et le coupleur 250. Ceci ne permet le débit de l'objet portatif 300 que si l'identité du premier individu est vérifiée. Avantageusement, le débit est conditionné à l'activation d'un signal de confirmation de l'autorisation de débit dans une fenêtre de temps prédéterminée relativement à la mise en œuvre d'un élément du système, et/ou le débit avec des informations accréditives antérieures est inhibé par une nouvelle mise en œuvre d'un élément du système. Ceci contribue à empêcher un débit non autorisé. Pour une sécurité accrue, avantageusement, à chaque mise en œuvre d'un certain élément du système la donnée 306 évolue de sorte que le signal de réussite 202 évolue de manière prédéterminée. L'évolution peut consister par exemple en l'incrément d'un compteur d'utilisation directement affiché par le signal de réussite 202, ou/et la sélection d'un message ou d'une mélodie parmi plusieurs dans une liste cyclique. Cela donne une assurance accrue sur la confidentialité de la valeur attendue pour le signal de réussite 202. Advantageously, there is provided a payment system by means of the portable object 300 held by the second individual, which system can be activated only if the success of the cryptographic protocol makes it available, selectively if the result of the Comparison 105 is true, flow-through information transferred from the portable object through the coupling means 350 and the coupler 250. This allows the flow of the portable object 300 only if the identity of the first individual is verified. Advantageously, the flow rate is conditioned on the activation of a confirmation signal of the flow authorization in a predetermined time window relative to the implementation of a system element, and / or the flow rate with flow-through information. is inhibited by a new implementation of an element of the system. This helps to prevent unauthorized flow. For increased security, advantageously, at each implementation of a certain element of the system the data 306 evolves so that the success signal 202 evolves in a predetermined manner. The evolution may consist, for example, in the increment of a usage counter directly displayed by the success signal 202, or / and the selection of one of several messages or melody in a cyclic list. This gives increased assurance on the confidentiality of the expected value for the success signal 202.
On va maintenant décrire un mode opératoire du système de l'invention dans un exemple d'application aux taxis, à titre illustratif du mode de réalisation précité et de certains des perfectionnements ci-dessus.  An embodiment of the system of the invention will now be described in an exemplary application to taxis, as an illustration of the aforementioned embodiment and some of the above improvements.
Dans ce système, le chauffeur détient un boîtier d'authentification biométrique comprenant le sous-système 100 de vérification biométrique, la donnée secrète 206, le microcircuit 207, le coupleur 250 et le signal de réussite 202. Le client, quant à lui, détient un objet portatif comprenant notamment une information 306 connue du client, telle un numéro de compte ou/et un message qu'il a choisi.  In this system, the driver holds a biometric authentication box including the biometric verification subsystem 100, the secret data 206, the microcircuit 207, the coupler 250 and the success signal 202. The customer, meanwhile, holds a portable object including including information 306 known to the customer, such as an account number or / and a message he has chosen.
À la prise en charge du client, le chauffeur présente son doigt sur le capteur 101 , et son identité est vérifiée par le système biométrique sur la baée des caractéristiques des dermatoglyphes de ce doigt comparées aux caractéristiques de référence 103.  In the care of the customer, the driver presents his finger on the sensor 101, and its identity is verified by the biometric system on the basis of the characteristics of the dermatoglyphs of the finger compared to the reference characteristics 103.
Le client approche son objet portatif 300 du lecteur 250 et le couplage temporaire est établi avec le moyen de couplage 350. La donnée 306 est lue, déchiffrée sous contrôle de la clé formée par la donnée secrète 206 sélectivement si le résultat 105 de la comparaison est Vrai, comme décrit plus haut, et le signal d'activation 202 est révélé par l'affichage du message connu du client sur un écran du boîtier.  The client approaches his portable object 300 of the reader 250 and the temporary coupling is established with the coupling means 350. The data item 306 is read, decrypted under control of the key formed by the secret data item 206 selectively if the result 105 of the comparison is True, as described above, and the activation signal 202 is revealed by displaying the message known to the client on a screen of the box.
Dès le transfert de la donnée 306 à travers le coupleur 250, un enregistrement est ajouté au journal des prises en charge sur commande du microcircuit 207 et/ou du microcircuit 307, comprenant le numéro de série de l'objet portatif du client lu à travers le coupleur 250 et le moyen de couplage 350, ainsi que la date. En variante ou en complément, ces informations sont diffusées, par exemple par un message SMS émis sur commande du microcircuit 207 et/ou du microcircuit 307. Cet enregistrement, exploitable en cas d'enquête, constitue un indice de la prise en charge de ce client dans ce taxi à ce moment précis, et ceci dès que l'intention du client d'utiliser le taxi est constituée, que l'identité du chauffeur soit vérifiée ou non. Ceci dissuade aussi un chauffeur de taxi légitime de devenir complice de malversations. As soon as the data 306 is transferred through the coupler 250, a record is added to the on-demand log of the microcircuit 207 and / or the microcircuit 307, including the serial number of the portable object of the client read through the coupler 250 and the coupling means 350, as well as the date. As a variant or in addition, this information is broadcast, for example by an SMS message sent on command of the microcircuit 207 and / or the microcircuit 307. This record, which can be used in the case of an inquiry, constitutes an indication of the support for this customer in this taxi at this precise moment, and this as soon as the intention of the customer to use the taxi is constituted, that the identity of the driver is checked or not. This also deters a legitimate taxi driver from becoming an accomplice to wrongdoing.
Le système peut être relié au taximètre, l'activation de son mode "prise en charge" constituant le signal de confirmation de l'autorisation de débit. Si cette activation survient dans une fenêtre de temps prédéterminée relativement à l'activation du signal d'activation 202 ou d'un autre élément du système, les informations accréditives du client, telles le numéro de compte, sont employées pour le débit du montant de la course, qui peut provenir du taximètre, ou à défaut être obtenu via un clavier ad hoc. Ces informations accréditives sont ensuite effacées, de même que si la prise en charge d'un autre client intervient sans qu'il y ait eu débit, ce qui empêche que la nouvelle course soit débitée au client précédent.  The system can be connected to the taximeter, the activation of its "support" mode constituting the confirmation signal of the debit authorization. If this activation occurs within a predetermined time window relative to the activation of the activation signal 202 or some other element of the system, the credentials of the customer, such as the account number, are used for debiting the amount of money. the race, which can come from the taximeter, or otherwise be obtained via an ad hoc keyboard. This credential information is then cleared, as is the case where another customer's support occurs without a debit, preventing the new customer from being charged to the previous customer.
Dans certaines applications où il faut identifier plusieurs individus (plutôt qu'un unique premier individu) avec le même système, la donnée de référence 103 peut être recherchée automatiquement parmi une pluralité ; et/ou la donnée de référence 103 peut être issue d'un objet portatif supplémentaire détenu par l'individu identifié, qui peut collaborer avec le coupleur 250 ou un autre similaire ; dans l'exemple d'application aux taxis, il peut s'agir par exemple de plusieurs chauffeurs partageant le même véhicule. Le capteur 101 et/ou le dispositif automatique de comparaison 104 et/ou la clé secrète 206 et/ou le journal des prises en charge peuvent être intégré à cet objet portatif supplémentaire. Par ailleurs, la donnée de référence 103 peut être protégée par un certificat cryptographique, et/ou être associée à une date limite de validité, et/ou à un code porteur connu du premier individu.  In some applications where more than one individual (rather than a single first individual) must be identified with the same system, the reference data item 103 may be searched automatically among a plurality; and / or the reference datum 103 may be derived from an additional portable object held by the identified individual, which may collaborate with the coupler 250 or the like; in the example of application to taxis, it may be for example several drivers sharing the same vehicle. The sensor 101 and / or the automatic comparison device 104 and / or the secret key 206 and / or the log support can be integrated with this additional portable object. Moreover, the reference datum 103 may be protected by a cryptographic certificate, and / or be associated with a validity expiry date, and / or with a known carrier code of the first individual.
Il est possible de rendre mutuelle la vérification de l'identité des deux individus, en employant deux fois le système. Par exemple, deux individus équipé chacun de téléphones mobiles NFC peuvent se démontrer mutuellement leur identité, pourvu que l'un (au moins) des deux téléphones mobiles, ou un dispositif intermédiaire, comprenne un sous-système de vérification biométrique.  It is possible to make mutual verification of the identity of the two individuals, by using the system twice. For example, two individuals each equipped with NFC mobile phones can demonstrate to each other their identity, provided that one (at least) of the two mobile phones, or an intermediate device, includes a biometric verification subsystem.

Claims

REVENDICATIONS
1. Un système biométrique de vérification de l'identité d'un premier individu par un second individu, comprenant : 1. A biometric system for verifying the identity of a first individual by a second individual, comprising:
- un sous-système de vérification biométrique de l'identité du premier individu ;  a biometric verification subsystem of the identity of the first individual;
- un objet portatif susceptible d'être temporairement couplé au sous- système de vérification biométrique ;  a portable object that can be temporarily coupled to the biometric verification subsystem;
- des moyens pour délivrer sélectivement un signal de réussite sous condition : i) que la vérification biométrique réussisse et ii) que l'authenticité du sous-système de vérification biométrique ait été assurée par un protocole cryptographique entre celui-ci et l'objet portatif ; et  means for selectively issuing a success signal under the condition that: i) the biometric verification succeeds; and ii) that the authenticity of the biometric verification subsystem has been ensured by a cryptographic protocol between the biometric verification subsystem and the portable object. ; and
- des moyens pour restituer sous forme visuelle ou auditive le signal de réussite de manière perceptible par le second individu,  means for reproducing in visual or auditory form the success signal in a manner perceptible to the second individual,
caractérisé en ce que :  characterized in that
- le sous-système de vérification biométrique (101 , 102, 103, 104, 201 , 206, 207) est détenu par le premier individu et l'objet portatif (300) est détenu par le second individu ;  the biometric verification subsystem (101, 102, 103, 104, 201, 206, 207) is held by the first individual and the portable object (300) is held by the second individual;
- les moyens pour délivrer sélectivement un signal de réussite (202) sont des moyens inclus dans le sous-système de vérification biométrique ; the means for selectively delivering a success signal (202) are means included in the biometric verification subsystem;
- le protocole cryptographique est un protocole apte à produire un résultat (201 ) déterminant une caractéristique du signal de réussite et représentatif de la concordance entre une donnée secrète (206) et une donnée (306) contenue dans l'objet portatif ; et the cryptographic protocol is a protocol capable of producing a result (201) determining a characteristic of the success signal and representative of the concordance between a secret datum (206) and a datum (306) contained in the portable object; and
- les moyens pour restituer sous forme visuelle ou auditive le signal de réussite (202) sont des moyens commandés par un circuit (207) du sous-système de vérification biométrique détenu par le premier individu, de sorte que la perception de ce signal par le second individu lui assure, par le fait que ce signal possède les caractéristiques attendues, que l'identité du premier individu est valablement vérifiée.  the means for restoring in visual or auditory form the success signal (202) are means controlled by a circuit (207) of the biometric verification subsystem held by the first individual, so that the perception of this signal by the the second individual assures him, by the fact that this signal possesses the expected characteristics, that the identity of the first individual is validly verified.
2. Un procédé biométrique de vérification de l'identité d'un premier individu par un second individu, comprenant les étapes suivantes : 2. A biometric method for verifying the identity of a first individual by a second individual, comprising the steps of:
a) mise à disposition du premier individu d'un sous-système de vérification biométrique (101 , 102, 103, 104, 201 , 206, 207) ; b) mise à disposition du second individu d'un objet portatif (300) ; a) providing the first individual with a biometric verification subsystem (101, 102, 103, 104, 201, 206, 207); b) providing the second individual with a portable object (300);
c) couplage temporaire de l'objet portatif au sous-système de vérification biométrique ; c) temporary coupling of the portable object to the biometric verification subsystem;
d) exécution i) d'une vérification biométrique et ii) d'une vérification de l'authenticité du sous-système de vérification biométrique par un protocole cryptographique entre celui-ci et l'objet portatif ; (d) performing (i) a biometric verification and (ii) verifying the authenticity of the biometric verification subsystem by a cryptographic protocol between the biometric verification subsystem and the portable object;
e) par le sous-système de vérification biométrique, délivrance sélective d'un signal de réussite (202) sous condition de réussite : i) d'une vérification biométrique et ii) d'une vérification de l'authenticité du sous- système de vérification biométrique par un protocole cryptographique entre celui-ci et l'objet portatif, (e) by the biometric verification subsystem, selective issuance of a success signal (202) subject to success: (i) biometric verification and (ii) verification of the authenticity of the biometric verification subsystem. biometric verification by a cryptographic protocol between the latter and the portable object,
ce protocole cryptographique étant un protocole apte à produire un résultat (201 ) déterminant une caractéristique du signal de réussite et représentatif de la concordance entre une donnée secrète (206) et une donnée (306) contenue dans l'objet portatif ; et  said cryptographic protocol being a protocol capable of producing a result (201) determining a characteristic of the success signal and representative of the concordance between a secret datum (206) and a datum (306) contained in the portable object; and
f) par un circuit (207) du sous-système de vérification biométrique détenu par le premier individu, restitution sous forme visuelle ou auditive du signal de réussite de manière perceptible par le second individu, de sorte que la perception de ce signal par le second individu lui assure, par le fait que ce signal possède les caractéristiques attendues, que l'identité du premier individu est valablement vérifiée. f) by a circuit (207) of the biometric verification subsystem held by the first individual, visually or audibly restoring the success signal perceptibly by the second individual, so that the perception of this signal by the second individual individual assures him, by the fact that this signal has the expected characteristics, that the identity of the first individual is validly verified.
PCT/FR2012/050175 2011-01-28 2012-01-27 Biometric identity verification system using a success signal and interacting with a portable object WO2012101389A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP12706637.1A EP2668738A1 (en) 2011-01-28 2012-01-27 Biometric identity verification system using a success signal and interacting with a portable object
MX2013008675A MX2013008675A (en) 2011-01-28 2012-01-27 Biometric identity verification system using a success signal and interacting with a portable object.
BR112013018631A BR112013018631A2 (en) 2011-01-28 2012-01-27 biometric identity verification system with a successful sign cooperating with a portable object

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1150662A FR2971109B1 (en) 2011-01-28 2011-01-28 BIOMETRIC SYSTEM FOR VERIFYING IDENTITY WITH SUCCESS SIGNAL, COOPERATING WITH A PORTABLE OBJECT
FR1150662 2011-01-28

Publications (1)

Publication Number Publication Date
WO2012101389A1 true WO2012101389A1 (en) 2012-08-02

Family

ID=44312327

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2012/050175 WO2012101389A1 (en) 2011-01-28 2012-01-27 Biometric identity verification system using a success signal and interacting with a portable object

Country Status (5)

Country Link
EP (1) EP2668738A1 (en)
BR (1) BR112013018631A2 (en)
FR (1) FR2971109B1 (en)
MX (1) MX2013008675A (en)
WO (1) WO2012101389A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4151512A (en) 1976-09-10 1979-04-24 Rockwell International Corporation Automatic pattern processing system
WO2005096214A1 (en) 2004-03-22 2005-10-13 Raytheon Company Personal authentication device
EP1840788A2 (en) 2006-03-29 2007-10-03 STMicroelectronics, Inc. System and method for sensing biometric and non-biometric smart card devices
US7360688B1 (en) 2000-10-16 2008-04-22 Harris Scott C Intelligent credit card system
WO2008137206A1 (en) 2007-05-07 2008-11-13 Bloomberg Finance L.P. Dynamically programmable rfid transponder
WO2009097604A1 (en) 2008-01-31 2009-08-06 Priva Technologies Inc. System and method for self-authenticating token
WO2010022129A1 (en) 2008-08-20 2010-02-25 Xcard Holdings Llc Secure smart card system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4151512A (en) 1976-09-10 1979-04-24 Rockwell International Corporation Automatic pattern processing system
US7360688B1 (en) 2000-10-16 2008-04-22 Harris Scott C Intelligent credit card system
WO2005096214A1 (en) 2004-03-22 2005-10-13 Raytheon Company Personal authentication device
EP1840788A2 (en) 2006-03-29 2007-10-03 STMicroelectronics, Inc. System and method for sensing biometric and non-biometric smart card devices
WO2008137206A1 (en) 2007-05-07 2008-11-13 Bloomberg Finance L.P. Dynamically programmable rfid transponder
WO2009097604A1 (en) 2008-01-31 2009-08-06 Priva Technologies Inc. System and method for self-authenticating token
WO2010022129A1 (en) 2008-08-20 2010-02-25 Xcard Holdings Llc Secure smart card system

Also Published As

Publication number Publication date
FR2971109B1 (en) 2016-06-24
MX2013008675A (en) 2013-10-30
EP2668738A1 (en) 2013-12-04
BR112013018631A2 (en) 2016-10-18
FR2971109A1 (en) 2012-08-03

Similar Documents

Publication Publication Date Title
EP0426541B1 (en) Method of protection against fraudulent use of a microprocessor card and device for its application
EP2048814A1 (en) Biometric authentication method, corresponding computer program, authentication server, terminal and portable object.
EP0719438A1 (en) Access control system for restricting access to authorised hours and renewing it using a portable storage medium
EP1055203B1 (en) Protocol between an electronic key and a lock
WO2007012583A1 (en) Method for controlling secure transactions using a single physical device, corresponding physical device, system and computer programme
FR2972830A1 (en) SYSTEM FOR CONTROLLING VALIDATION OF TRANSPORT TITLES
EP2369780B1 (en) Method and system for validating a transaction, and corresponding transactional terminal and programme
FR2932914A1 (en) APPARATUS AND METHOD FOR GENERATING A SECURE TITLE FROM AN OFFICIAL TITLE
FR2832829A1 (en) Authentication of data sent or received by a user, uses mobile terminal and smart card carried by user to connect to authentication server
FR3052895B1 (en) METHOD FOR SENDING SECURITY INFORMATION
FR3032292B1 (en) SECURE ELEMENT AND METHOD IMPLEMENTED IN SAFE SUCH ELEMENT
EP1354288B1 (en) Method using electronic banking cards for making secure transactions
WO2012101389A1 (en) Biometric identity verification system using a success signal and interacting with a portable object
FR2730076A1 (en) Authentication by server of holder of object incorporating microprocessor
FR2922395A1 (en) METHOD OF TRANSMITTING A CONFIDENTIAL CODE, CARD READER TERMINAL, MANAGEMENT SERVER AND CORRESPONDING COMPUTER PROGRAM PRODUCTS
WO2005079079A2 (en) Methods of securing devices such as mobile terminals, and secured assemblies comprising such devices
WO2005050419A1 (en) Method for securing an image of a biometric authentication feature and method for authentication of a user with an image of a biometric authentication feature
EP2747041B1 (en) Method for securing a device capable of communicating with a reader according to two authentication protocols
EP1802026A2 (en) Method of unblocking a resource using a contactless device
WO2017005644A1 (en) Method and system for controlling access to a service via a mobile media without a trusted intermediary
WO2021249950A1 (en) Method for digital disclosure of at least one item of security data of a smart card and uses of said method
EP3032450B1 (en) Method for checking the authenticity of a payment terminal and terminal thus secured
FR2980012A1 (en) Method for authenticating user to access bank payment terminal, involves authorizing realization of function if result of comparison of symbols of secret codes provided by user and by secure terminal is positive
WO2004063999A1 (en) Method for the secure personalisation of an object
FR2984648A1 (en) Method for providing response to request by individual electronic system for banking transaction, involves analyzing specific signature using cryptographic unit, where part of unit is selected based on result of analysis of signature

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12706637

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2012706637

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: MX/A/2013/008675

Country of ref document: MX

NENP Non-entry into the national phase

Ref country code: DE

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112013018631

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112013018631

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20130719