Security check provision
First Claim
1. An authentication apparatus comprising:
- a user partial biometric data set input means;
an authentication signal output means;
one or more storage media having recorded therein one or more authorised person entire biometric data sets, and processor readable code executable to verify that a remote user is an authorised person, said code comprising;
user partial biometric data set input code executable to read a user partial biometric data set via said input means;
authorised person partial biometric data set acquisition code executable to obtain one or more authorised person partial biometric data sets on the basis of one or more of said authorised person entire biometric data sets, said obtaining of said one or more authorised person partial biometric data sets involving a predetermined selection of elements from the user entire biometric data set, said selection of elements being performed so as to select different elements, between obtainings, of authorised person partial biometric data sets from an authorised person entire biometric data set;
data set comparison code executable to establish whether the user partial biometric data set and the authorised person partial biometric data set are sufficiently similar to verify that the remote user is an authorised person; and
authentication signal generation code operable to cause an authentication signal to be output via said output means on said data sets being sufficiently similar.
1 Assignment
0 Petitions
Accused Products
Abstract
Security check method and apparatus reduces problmes that can arise if the user security data set becomes known by unauthorized persons. To address this problem only part of the user data set is recorded in insecure sections of the system. For example, a security check preventing unauthorized remote access to a shared computer is provided by capturing a user data set representing a user'"'"'s iris, operating the user'"'"'s personal computer to select only a portion of the captured data set requested by the shared computer and transmitting the portion along a telecommunications line. The shared computer derives partial data sets from stored user data sets using a similar selection to that used by personal computer and compares the partial data set it has derived with the partial data set transmitted by the personal computer in deciding whether to grant access. Point-of-sale devices and cards recording only partial user data sets are also disclosed.
62 Citations
14 Claims
-
1. An authentication apparatus comprising:
-
a user partial biometric data set input means;
an authentication signal output means;
one or more storage media having recorded therein one or more authorised person entire biometric data sets, and processor readable code executable to verify that a remote user is an authorised person, said code comprising;
user partial biometric data set input code executable to read a user partial biometric data set via said input means;
authorised person partial biometric data set acquisition code executable to obtain one or more authorised person partial biometric data sets on the basis of one or more of said authorised person entire biometric data sets, said obtaining of said one or more authorised person partial biometric data sets involving a predetermined selection of elements from the user entire biometric data set, said selection of elements being performed so as to select different elements, between obtainings, of authorised person partial biometric data sets from an authorised person entire biometric data set;
data set comparison code executable to establish whether the user partial biometric data set and the authorised person partial biometric data set are sufficiently similar to verify that the remote user is an authorised person; and
authentication signal generation code operable to cause an authentication signal to be output via said output means on said data sets being sufficiently similar. - View Dependent Claims (2)
-
-
3. A method of providing an automatic security check, said method comprising the steps of:
-
(a) operating a user data capture device to obtain, from a user attempting to pass the security check, a user entire biometric data set representing an entire biometric of the user;
(b) obtain a user partial biometric data set from the user entire biometric data set without obtaining additional biometric data from the user, the obtaining including a predetermined selection of elements from the user entire biometric data set, wherein said selection of elements is performed so as to select different elements from the user entire biometric data set each time a user attempts to pass the security check;
(c) transmitting said user partial biometric data set via a communications link to an authentication apparatus operable to provide one or more authorised person partial biometric data sets;
(d) operating said authentication apparatus to compare said user partial biometric data set with at least one authorised person partial biometric data set obtained from a corresponding authorised person entire biometric data set using a selection process similar to that used in obtaining the user partial biometric data set from the user entire biometric data set; and
(e) determining that said user is a person authorised to pass said security check on said user partial biometric data set and authorised person partial biometric data set being sufficiently similar to verify that the user is an authorised person. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for more securely using biometric data in performing an automated security check via a communications link, said method comprising:
-
capturing a complete first biometric data set from a proposed user at a security check point;
selecting a predetermined subset of independent elements of said first biometric data set to create a partial second biometric data set from which it is impossible to infer said complete first biometric data set without obtaining additional biometric data from the user;
transmitting said second biometric data set over a communications link to an authentication processor where it is compared in a security check to a similar first subset of at least one of previously stored complete biometric data sets for authorised users; and
returning the result of said security check comparison back to the security check point;
wherein said selecting step is performed so as to select a different subset of independent elements of said first biometric data set each time a proposed user attempts to pass the security check point. - View Dependent Claims (14)
-
Specification