WO2016005759A1 - Système et procédé de gestion d'accès - Google Patents

Système et procédé de gestion d'accès Download PDF

Info

Publication number
WO2016005759A1
WO2016005759A1 PCT/GB2015/051994 GB2015051994W WO2016005759A1 WO 2016005759 A1 WO2016005759 A1 WO 2016005759A1 GB 2015051994 W GB2015051994 W GB 2015051994W WO 2016005759 A1 WO2016005759 A1 WO 2016005759A1
Authority
WO
WIPO (PCT)
Prior art keywords
template
captured
stored
biometric data
biometric
Prior art date
Application number
PCT/GB2015/051994
Other languages
English (en)
Inventor
Jonathan GRATTON
Original Assignee
Nationwide Retail Systems Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nationwide Retail Systems Limited filed Critical Nationwide Retail Systems Limited
Publication of WO2016005759A1 publication Critical patent/WO2016005759A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/98Detection or correction of errors, e.g. by rescanning the pattern or by human intervention; Evaluation of the quality of the acquired patterns
    • G06V10/993Evaluation of the quality of the acquired pattern
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1365Matching; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/50Maintenance of biometric data or enrolment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • This invention relates generally to an access management system and method. More specifically, although not exclusively, this invention relates to access management systems and methods that incorporate biometric authentication to selectively control access to, for example, one or more elements, features or aspects in a network or system.
  • Biometric authentication relies on one or more unique immutable human characteristics that are not susceptible to such issues. Biometrics therefore provide a superior level of security, convenience and ease of use.
  • Access management systems incorporating biometric authentication are known and generally include one or more biometric scanners configured to capture a biometric sample from a user, for example, fingerprints, retinal patterns, facial patterns, voice patterns, echocardiographic patterns and so on. The captured biometric sample is then compared to a database of registered templates to associate the captured sample with a registered individual and to provide the user with access characteristics associated with that registered individual. In order to populate the database, user templates are captured and stored by a process commonly referred to as enrolment.
  • a biometric scan is captured and processed to isolate certain features and to provide a synthesis of relevant characteristics extracted from those features. For example, where the biometric data is a fingerprint an image is captured and fingerprint ridge outlines are isolated from which minutiae data is extracted and used to generate a template. Similar processes are used to create templates for retinal, facial, voice and/or echocardiographic patterns.
  • the quality of the biometric data acquired during a scan will depend on the properties of the source as well as the fidelity and utility of the scan.
  • Properties of the source that can affect the quality of the biometric data include, for example, finger scars in the case of fingerprints.
  • the fidelity of the scan can be affected by, for example, the quality of the scanner or the distortion of features in a captured image.
  • Utility is dependent upon the extent or size of the scan, for example the proportion or extent of requisite features actually captured during the scan.
  • One measure that provides an indication of overall quality is the minutiae data, for example the number of useable minutia points.
  • minutiae, minutiae data and minutia points refer not only to data comparators derived from fingerprint scans, but also to those derived from any other type of biometric data, such as retinal patterns, facial patterns, voice patterns, echocardiographic patterns and the like.
  • the accuracy of or confidence in a match between a captured biometric sample and the template in the database is dependent upon the quality of both the template and the sample. For example, if the useable minutiae data in each of the template and the sample is extensive then more data points are available for comparison, leading to a greater level of confidence in the result of the comparison. Conversely, where the quality of one or both of the sample and/or the template is low then less data points are available for comparison, leading to a lower level of accuracy or confidence.
  • the quality of the template generated during enrolment is as high as possible in order to maximise the accuracy of or confidence in subsequent authentications.
  • many factors can affect the quality of the template including not only features of the system, such as the quality of the scanner, the template extraction algorithm or the matching algorithm, but also features or actions of the user.
  • the biometric data relates to fingerprints
  • the user may have wet or dry fingers or may not place their finger or thumb on the scanner correctly.
  • the user may, for example, be unable to remain steady or may have a drooping eye lid.
  • the minimum confidence values for authentication are often set lower than desirable in order to avoid false rejections.
  • reducing these threshold values increases the likelihood of false acceptances, which adversely affects the reliability of the authentication and results in diminished security levels.
  • a first aspect of the invention provides a method for managing access to a network or system and/or for updating an access management system, the method comprising the steps of:
  • the method or comparing step may further comprise determining a confidence level or value, for example associated with the correspondence or match between the captured and stored templates or with the determination, e.g. of whether the user corresponds to or matches a registered individual.
  • the method may comprise finding a determination of correspondence or of a match if, e.g. only if, the determined confidence level or value is higher than a predetermined level or value, for example a threshold level or value, e.g. a minimum threshold level or value.
  • the method may comprise authorising or permitting access if, e.g. only if, the determined confidence level or value is higher than a predetermined, threshold or minimum threshold level or value.
  • the minimum threshold value is at least partially dependent upon the quality of the stored template or an average quality of all stored templates or a group thereof.
  • the quality of the stored templates is therefore improved continuously through use of the system and without the need for supervision by authorised staff.
  • the applicants have discovered that not only does this reduce the administrative burden during the enrolment stage, but the system can be upgraded to improve security without the need for re- enrolment.
  • more advanced scanning equipment and/or template extraction or matching algorithms offering improved template generation and/or increased security may be incorporated into the system with stored templates being upgraded during normal use, rather than requiring re-enrolment.
  • the method may further comprise authorising or permitting or prohibiting or denying access to one or more elements, features, aspects, devices or locations of the or a network or system or to one or more features thereof or of the network or system.
  • the network or system may comprise a protected network or system, for example a network or system whose access is controlled, in use, by the method or by the access management system.
  • the method may comprise authorising or allowing or permitting access if, e.g. only if, a correspondence or match is found.
  • the method or comparing step may further comprise comparing user privileges associated with a registered individual, e.g. determined to correspond to or match the captured biometric data or template, with the access desired or required or requested by the user. Additionally or alternatively, the method or comparing step may comprise authorising or permitting access if, e.g. only if, such user privileges comprise or permit or enable such access.
  • the capturing step may comprise capturing biometric data from a user, e.g. via or using a biometric data capture means, e.g. a biometric data capture input, element, device, apparatus, scanner or reader.
  • the biometric capture means may be associated with a device or location or a group of devices or locations of the network or system, for example to which access is required or desired or requested by the user.
  • the capturing step comprises capturing biometric data from a user, e.g. via or using one of two or more, such as a plurality of, biometric data capture means.
  • Each of the biometric data capture means may be associated with a device or location, or a group of devices or locations, of the network or system, e.g. to which access is required or desired or requested by the user.
  • the one or more devices may, for example comprise one or more or any combination of photocopiers and/or printers and/or point of sale terminals and/or cash revaluation terminals and/or credit replenishment terminals and/or access doors or associated with a group selected therefrom.
  • the one or more devices with which the one or more biometric data capture means comprises a plurality of photocopiers and/or printers and/or point of sale terminals and/or cash revaluation terminals and/or credit replenishment terminals and/or access doors.
  • the method may further comprise tracking a usage by the user of a device, for example a device to which access is permitted, and/or updating a usage and/or transaction database with the usage, e.g. one or more details or features of the usage. Additionally or alternatively, the method may further comprise calculating a transaction fee, which may be associated with the tracked usage or with a usage by the user of a device.
  • the method may further comprise updating the or a usage and/or transaction database with the transaction fee.
  • the method comprises updating the usage and/or transaction database with one or more details or features of the tracked usage and a transaction fee associated with such usage.
  • the quality may comprise or be determined or measured by a quality value.
  • the quality or quality value of the captured biometric data and/or of at least one of the captured and/or stored templates may be dependent on or comprise or measured or determined by the number of data points, for example usable data points, which may be available for comparison.
  • the quality or quality value of the captured biometric data and/or of the stored template comprises, or is measured or compared with respect to, the minutiae data or the number of useable minutia points, e.g. available therefor or derived or derivable therefrom and/or available for comparison.
  • the method may further comprise comparing quality values of the biometric data captured from the user or of the captured template with that of the stored template, for example in order to determine whether the quality of the captured template is higher or superior to the quality of the stored template.
  • the comparison of quality values may comprise comparing quality values of the biometric data captured from the user or of the captured template with that of a stored template determined to correspond or match the biometric data captured from the user or a template generated therefrom.
  • At least one or each of the captured and/or stored templates may comprise a template format, which may comprise a predetermined number of available data points or comparison points or comparison data points.
  • One or more or each template and/or the template format may further include one or more positions and/or directions, for example a position and direction in respect of each minutia point.
  • One or more of the quality values may comprise or be determined by comparing the data points (or useable data points) thereof with the data points or comparison points or comparison data points of the template format, e.g. the maximum such points, for example by comparing the number of such points in each of the captured template and the template format.
  • one or more of the quality values may comprise or be determined by calculating the ratio of data points or useable data points or minutia points or useable minutia points thereof with the number, e.g. maximum number, of data points or comparison points or comparison data points available in the template format.
  • the method may further comprise the step of determining a quality value for one or more or each of the biometric data captured from the user and/or the captured template and/or one or more of the stored templates.
  • the method comprises the step of determining a quality value for one or more of the stored templates, for example to which the user corresponds or matches, if and/or only if a correspondence or match is found.
  • the database may include a quality value in respect of each stored template that is also preferably associated therewith.
  • the predetermined, threshold or minimum threshold level or value may be, for example 50% or 60% or 70% or 80% or 90%.
  • the minimum threshold value may be increased or altered if and/or when the or at least one of the stored templates is updated or replaced or overwritten.
  • at least one or each of the stored templates may comprise a minimum threshold value that is different from the or at least one of the other stored templates.
  • the confidence level or value is determined by calculating the ratio of the number of data points or minutia points that match or correspond, e.g. substantially, between the captured and stored template and the number of data points or comparison points or comparison data points, e.g. the maximum such points, available in the template format.
  • the step of generating a captured template may be carried out using a template extraction algorithm.
  • the comparing step may be carried out using a comparison or matching or identification algorithm and/or may comprise comparing the template generated from the captured biometric data, or the captured biometric template, with the at least one of the one or more stored templates.
  • the comparing step may comprise comparing or matching minutia points, e.g. of the captured template, on position and direction against the minutia points, e.g. of one or more of the stored templates, and/or determining whether the captured template comprises the same and/or a mirror reflection of the stored template or one of the stored templates.
  • the method may further comprise enrolling at least one of the one or more registered individuals.
  • the method or the enrolling step comprises capturing biometric data from one or more individuals to be registered and/or generating a template or respective template from the biometric data captured from the or the respective individual and/or for the or each individual to be registered, for example using the or a template extraction algorithm.
  • the method or the enrolling step may further comprise storing the template generated and/or its quality value, for example if the quality thereof or of the biometric data captured from the individual to be registered or of the template generated therefrom is greater than or superior to a predetermined minimum enrolment threshold, for example 50% or 60% or 70% or 80% or 90%.
  • a predetermined minimum enrolment threshold for example 50% or 60% or 70% or 80% or 90%.
  • the capturing step preferably comprises capturing one or more fingerprints, but may additionally or alternatively comprise capturing one or more or any combination of retinal patterns, facial patterns, voice patterns, echocardiographic patterns.
  • At least one or each of the templates may comprise minutiae data, for example one or more minutia points.
  • the or each template is generated using a template format, which may comprise 20 minutia points, but preferably comprises at least 20 minutia points, for example at least 40, 50, 60 70 or 80 minutia points.
  • the template format comprises at least 90 minutia points, for example 92 minutia points. Where technology permits, the template format may comprise more than 100 minutia points.
  • the database may comprise a plurality of biometric templates and/or be stored on a memory or memory means and/or one or more of the comparing and/or determining and/or updating or replacing or overwriting steps may be carried out using a processor or processing means. At least a portion of the biometric data capture means may be located remotely with respect to the memory means and/or processing means.
  • Another aspect of the invention provides an access management system comprising biometric data capture means, a processor and a memory operatively connected to the processor and/or on which is stored a database of one or more biometric templates each associated with a registered individual, the processor being configured to carry out one or more steps according to the method described above.
  • an access management system e.g. for managing access to a network of devices, the system comprising a memory on which is stored a database of one or more biometric templates each associated with a registered individual, a processor operatively connected to the memory and a biometric data capture means, e.g. for association with at least one device whose access is to be managed, wherein the system is configured to:
  • biometric data capture means biometric data from a user and/or generate a captured template from or based on biometric data captured from a user;
  • the system may also be configured to permit or deny access to one or more features of a device of the network or system or to one or more features thereof based on the determination of the comparison.
  • the system may comprise a comparison module or algorithm or element, e.g. for comparing or configured to compare the captured biometric data or template with at least one of the one or more stored templates, for example in order to determine whether the user corresponds to or matches a registered individual.
  • the comparison module or algorithm or element may further be for determining or configured to determine a confidence value associated with the correspondence or match between the captured and stored templates.
  • the system or comparison module or algorithm or element or processor may be configured to find a correspondence or match if, e.g.
  • the system or comparison module or algorithm or element may be configured to set or determine or calculate the or a predetermined, threshold or minimum threshold value at least partially in dependence upon the quality of the stored template or an average quality of all stored templates or a group thereof.
  • a further, more specific aspect of the invention provides an access management system for managing access to a network of devices, the system comprising a memory on which is stored a database of one or more biometric templates each associated with a registered individual, a processor operatively connected to the memory, a comparison module for comparing the captured template with one or more stored templates and a biometric data capture means for association with at least one device whose access is to be managed, wherein the system is configured to:
  • system is configured to set the minimum threshold value at least partially in dependence upon the quality of the stored template or an average quality of all stored templates or a group thereof.
  • any of the features described herein apply equally to any aspect of the invention.
  • any of the features of the method described above may be incorporated within the system and/or the system may be configured or programmed or adapted to carry out any one or more steps or features of the method.
  • the system may be configured to instruct or cause the device in respect of which access is requested to permit or deny access to one or more features thereof based on the determination of the comparison.
  • the system may further comprise a template extraction module or algorithm or element, e.g. for generating or configured to generate a captured template from or based on biometric data captured, in use, from a user via the biometric data capture means.
  • a template extraction module or algorithm or element e.g. for generating or configured to generate a captured template from or based on biometric data captured, in use, from a user via the biometric data capture means.
  • the predetermined, threshold or minimum threshold value may comprise 50% or 60% or 70% or 80% or 90%.
  • the comparison module or algorithm or element may additionally or alternatively be suitable for or configured to carry out one or more steps or features of the comparison step of the method described above.
  • the biometric data capture means may comprises one or more biometric scanners, for example each for association with one or more, for example one of two or more or a plurality of devices of a network, e.g. whose access is to be managed, or for association with a group of such devices.
  • the one or more biometric scanners may comprise a plurality of biometric scanners, for example each associated with or mounted adjacent to a respective device of the network whose access is to be managed.
  • the one or more devices may comprise one or more photocopiers and/or printers and/or point of sale terminals and/or cash revaluation terminals and/or credit replenishment terminals and/or access doors or any group selected therefrom.
  • the system may further comprise a transaction module or algorithm or element, e.g. for tracking or configured to track a usage by the user of a device to which access is permitted. Additionally or alternatively, the transaction module or algorithm or element may be for updating or configured to update a usage and/or transaction database stored on the memory, for example with one or more details or features of the usage and/or one or more values calculated or determined therefrom. The one or more values may comprise one or more transaction fees that may be calculated based on or from the usage or from one or more details or features thereof.
  • the system may further comprise an enrolment biometric scanner, e.g. for capturing biometric data from an individual to be registered, wherein the system may be configured to carry out one or more of the enrolment steps of the method described above.
  • At least one or each of the biometric data capture means or scanners may comprise a fingerprint scanner. Additionally or alternatively, at least one or each of the biometric data capture means or scanners may comprise one or more of a retinal scanner, a camera, a voice recorder and echocardiograph.
  • a further aspect of the invention provides a computer program element comprising computer readable program code means for causing a processor to execute a procedure to implement the aforementioned method.
  • a yet further aspect of the invention provides the computer program element embodied on a computer readable medium.
  • a yet further aspect of the invention provides a computer readable medium having a program stored thereon, where the program is arranged to make a computer execute a procedure to implement the aforementioned method.
  • a yet further aspect of the invention provides a retrofit kit for adapting an existing access management system to function as an access management system as described above, the retrofit kit comprising a computer program element and/or a computer readable medium as described above.
  • a yet further aspect of the invention provides a biometric scanner, e.g. specifically adapted for incorporation into an access management system as described above, which scanner may be configured to carry out at least a portion of one or more steps of the method.
  • Figure 1 is a schematic representation of a network of devices whose access is controlled by an access management system according to one embodiment of the invention.
  • Figure 2 is a flow chart illustrating the enrolment process using the access management system of Figure 1 ;
  • Figure 3 is a schematic of part of a fingerprint highlighting examples of minutiae data
  • Figure 4 illustrates three examples of fingerprints having associated quality issues
  • Figure 5 illustrates the effect of the orientation of a finger during a scan
  • Figure 6 illustrates the correct orientation of a finger during a scan
  • Figure 7 illustrates examples of incorrect orientations of a finger during a scan
  • Figure 8 is a flow chart illustrating a method according to one embodiment of the invention using the access management system of Figure 1.
  • the access management system 1 for managing access to a network 2 of devices 3, 4, 5.
  • the devices 3, 4, 5 include printer/photocopiers 3, point of sale (POS) terminals 4, and access doors 5.
  • the access management system 1 includes a central computer 10 incorporating a processor 11 , a template extraction module 12, a comparison module 13 and a memory 14 on which is stored a registration database of biometric templates each associated with a registered individual.
  • the access management system also incorporates a transaction module 15 for tracking details of the usage of the devices 3, 4, 5 by users of the system 1 and updating a usage database also stored on the memory 14.
  • the access management system 1 includes a plurality of biometric scanners 6, 7, which are fingerprint scanners 6, 7, although other types of biometric scanners are envisaged without departing from the scope of the invention.
  • the scanners 6, 7 include an enrolment scanner 6 mounted adjacent to the central computer 10 and a plurality of remote biometric scanners 7 each mounted adjacent to and associated with a respective device 3, 4, 5.
  • Each of the remote scanners 7 and each of the device 3, 4, 5 is operatively connected to the central computer 10 via respective network cables 7a, 3a, 4a, 5a in this embodiment, although wireless connections are also envisaged, such as wireless network connections.
  • the access management system 1 incorporates a computer network through which each of the devices 3, 4, 5 and remote scanners 7 are connected to the central computer 10 and are allocated individual addresses, for example internet protocol addresses.
  • a biometric scan 80 is carried out, which is a fingerprint scan 80 using the enrolment scanner 6 in this embodiment.
  • the biometric data derived from the scan 80 is then sent from the enrolment scanner 6 to the template extraction module 12 for minutiae data extraction 81 and template generation 82.
  • the processor 11 carries out a quality value calculation 83 for the generated template by dividing the number of useable minutia points in the generated template by the maximum number of data comparison points available for the template format.
  • the template format includes 92 data comparison points, each of which includes position and direction data.
  • the processor 11 then carries out a quality threshold determination 84 such that if the calculated quality value is greater than a predetermined threshold value, in this case 50%, then the template is stored 85 in the registration database together with its quality value, but if it is not the template is rejected 86 and the process must be repeated.
  • a predetermined threshold value in this case 50%
  • Figure 3 illustrates a series of features of a fingerprint 87 from which minutiae data may be extracted and templates may be generated. These include, for example, ridge endings 87a, enclosures 87b, bifurcations 87c and islands 87d. Such techniques are known in the art and will not be described further herein.
  • Figure 4 illustrates three examples of fingerprint scans 88a, 88b, 88c.
  • the first scan 88a was carried out on a dry finger and shows faint ridge definition which is unlikely to provide much, if any, useable minutiae data.
  • the second scan 88b was carried out on a finger that was excessively wet and exhibits merging ridges which is also unlikely to provide much useable minutiae data.
  • These two scans illustrate examples of scenarios that can affect the fidelity of the scan.
  • the third scan 88c is of a finger having excessive scarring, which are properties of the source of biometric data and will also affect the extent of useable minutiae data.
  • These scans 88a, 88b, 88c show examples of how scan quality can be affected by factors independent of the quality of the equipment used.
  • Figure 5 illustrates the effect of different finger orientations about an axis perpendicular to the scan plane.
  • minutiae data extraction algorithms are able to cope with some variation in orientation, for example up to 45°, but excessive variation can also cause a reduction in the quality of the templates generated from the data.
  • Figures 6 and 7 illustrate respectively acceptable and unacceptable finger orientations during the scan, wherein the orientation shown in Figure 7 adversely affects the utility of the scan.
  • the orientation shown in Figure 7 would only result in a scan of the fingertip, which provides a considerably less extensive image from which to extract the minutiae data, while the orientation shown in Figure 6 enables the scanner to capture a much more extensive image of the finger.
  • the user places their finger on the relevant remote scanner 7 and a biometric scan 90 is carried out.
  • the biometric data derived from the scan 90 is sent from the remote scanner 7 to the template extraction module 12 for minutiae data extraction 91 and template generation 92.
  • the processor 11 carries out a quality value calculation 93 for the captured template by dividing the number of useable minutia points in the captured template by 92, i.e. the number of data comparison points available for the template format.
  • the processor 11 then carries out a quality threshold determination 94 such that if the calculated quality value is greater than a predetermined threshold value, in this case 50%, then a comparison 95 is carried out by the comparison module 13 between the captured template and one or more templates stored in the registration database, but if it is not the template is rejected 96 and the process must be repeated.
  • a predetermined threshold value in this case 50%
  • a comparison 95 is carried out by the comparison module 13 between the captured template and one or more templates stored in the registration database, but if it is not the template is rejected 96 and the process must be repeated.
  • a quality threshold value in this case 50%
  • identification There are two distinct approaches to biometric recognition, the first is commonly referred to as verification and the second is generally referred to as identification.
  • the verification approach is a one-to-one matching process in which the user identifies themselves and a biometric sample is captured and compared to a previously registered or stored template. If the sample matches the template, the user is "verified" as the individual and granted the privileges and
  • the identification approach is a one-to- many matching process in which the user need not identify themselves. Rather the captured biometric sample is compared to a registration database of existing templates of registered or stored users and, when a match is found, the user is "identified" as the individual and granted the privileges and access of the identified individual.
  • This embodiment of the invention involves an identification based biometric recognition approach, although it is envisaged that the system 1 of the invention may be configured to carry out a verification based biometric recognition.
  • the comparison 95 is therefore carried out against all of the stored templates. This process is simplified by suitable categorisation or classification of the templates, thereby saving processing time. Specifically, the comparison 95 is carried out by an identification algorithm which orders the stored templates based on the enrolled templates statistics by order of position and direction as well as number of points within the templates. The matching process uses a compartmental process or binary listing to lower the time to match.
  • the comparison 95 involves comparing the minutia points of the captured template on position and direction against the minutia points of the stored templates to determine the degree of correspondence between the minutia points. A confidence value is calculated based on the degree of correspondence. In this embodiment, the confidence value is determined by calculating the ratio of the number of minutia points that match or correspond between the captured and stored templates and the number of data points available in the template format.
  • the processor 11 then carries out a match determination 97, which involves assessing the confidence value or values determined by the comparison module 13 to establish first whether a match has been found that meets the minimum confidence value, which is 50% in this embodiment. If such a match is found, the processor 11 determines whether the registered individual associated with that stored template is authorised to access the requested device or feature or location. If a match is found that meets the minimum confidence value and the registered individual is found to be authorised for the requested access, then access is permitted 98, but if no match is found or if the privileges of the matched individual do not permit such access, then access is denied 99.
  • a match determination 97 involves assessing the confidence value or values determined by the comparison module 13 to establish first whether a match has been found that meets the minimum confidence value, which is 50% in this embodiment. If such a match is found, the processor 11 determines whether the registered individual associated with that stored template is authorised to access the requested device or feature or location. If a match is found that meets the minimum confidence value and the registered individual is found to be
  • the transaction module 15 tracks the usage of the devices 3, 4, 5 by the user and updates the usage database. For example, where an item is purchased from the POS terminal 4 or a file is printed by the printer/photocopier 3, the transaction module 15 calculates a transaction fee and updates the usage database with details of the usage (e.g. items purchased and/or number of pages printed) together with the transaction fee calculated by the transaction module 15.
  • the system 1 in this embodiment communicates with an account management system (not shown), which manages payments and credit limits.
  • the processor carries out a quality comparison 100 between the captured template and the stored template. If and only if the quality of the captured template is greater than that of the stored template, the stored template is overwritten 101 with the captured template and its quality value. Thus, the quality of the templates stored in the registration database is improved any time a valid authorisation is 98 occurs. This continuous improvement is independent of the enrolment process and does not require additional resources, since it is carried out automatically by the system 1.
  • the quality may be measured or the quality value calculated in a different way and/or the quality value threshold may be set to any suitable value.
  • the system 1 may be configured to increase the threshold value as the quality of the stored templates improves.
  • the biometric scanners 6, 7 need not comprise fingerprint scanners 6, 7 and may additionally or alternatively be configured to capture one or more other biometric characteristics or data.
  • the system 1 need not incorporate a transaction module 15 as this may be incorporated within the account management system (not shown) or usage may not be tracked and/or the account management system (not shown) may be omitted.
  • the template extraction, comparison and transaction modules 12, 13, 15 are illustrated as components in Figure 1 , it is envisaged and indeed intended that such modules are incorporated as software modules, rather than hardware modules. However, including them as hardware modules is also envisaged within the scope of the invention. Indeed, it will be appreciated that any features of the system 1 may be incorporated within existing hardware.
  • the biometric scanners 6 may be incorporated within the hardware of the central computer, e.g. wherein an integral camera may be configured to capture a fingerprint and/or an integral microphone may be configured to capture a voice pattern.
  • the biometric scanners 7 associated with the devices 3, 4, 5 may be incorporated within one or more hardware elements thereof. It will also be appreciated by those skilled in the art that any number of combinations of the aforementioned features and/or those shown in the appended drawings provide clear advantages over the prior art and are therefore within the scope of the invention described herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

L'invention concerne un procédé permettant de gérer l'accès à un réseau de dispositifs (3, 4, 5) au moyen d'une identification biométrique et d'un système de gestion d'accès associé (1). Le système et le procédé gèrent l'accès en capturant des données biométriques d'un utilisateur à l'aide d'un scanner biométrique (7), en générant un modèle capturé sur la base des données à l'aide d'un module d'extraction de modèles (12) et en comparant à l'aide d'un module de comparaison (13) le modèle capturé avec une base de données de modèles stockés dans une mémoire (14), chacun étant associé à un utilisateur enregistré. Si une correspondance est trouvée, la qualité du modèle capturé est comparée avec la qualité du modèle stocké en mémoire et le modèle stocké en mémoire est remplacé par le modèle capturé si la qualité du modèle capturé est plus élevée.
PCT/GB2015/051994 2014-07-09 2015-07-09 Système et procédé de gestion d'accès WO2016005759A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1412244.4 2014-07-09
GB1412244.4A GB2511467B (en) 2014-07-09 2014-07-09 Access management system and method

Publications (1)

Publication Number Publication Date
WO2016005759A1 true WO2016005759A1 (fr) 2016-01-14

Family

ID=51292741

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2015/051994 WO2016005759A1 (fr) 2014-07-09 2015-07-09 Système et procédé de gestion d'accès

Country Status (2)

Country Link
GB (1) GB2511467B (fr)
WO (1) WO2016005759A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107025434A (zh) * 2017-03-08 2017-08-08 广东欧珀移动通信有限公司 一种指纹注册方法及移动终端
SE1750762A1 (en) * 2017-06-15 2018-12-16 Fingerprint Cards Ab Template matching of a biometric object

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7542590B1 (en) * 2004-05-07 2009-06-02 Yt Acquisition Corporation System and method for upgrading biometric data
US8483450B1 (en) * 2012-08-10 2013-07-09 EyeVerify LLC Quality metrics for biometric authentication

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008065572A (ja) * 2006-09-07 2008-03-21 Konica Minolta Business Technologies Inc 生体認証システムに用いる生体情報の更新方法および生体認証システム
JP4403426B2 (ja) * 2007-01-09 2010-01-27 サイレックス・テクノロジー株式会社 生体認証装置及び生体認証プログラム
JP2010061528A (ja) * 2008-09-05 2010-03-18 Fujitsu Ltd 生体認証装置、生体認証プログラム及び生体認証方法
WO2010116470A1 (fr) * 2009-03-30 2010-10-14 富士通株式会社 Dispositif d'authentification biometrique, procede d'authentification biometrique, et support de stockage
WO2011092828A1 (fr) * 2010-01-28 2011-08-04 富士通株式会社 Dispositif d'authentification, système d'authentification et procédé d'authentification
US9491167B2 (en) * 2012-09-11 2016-11-08 Auraya Pty Ltd Voice authentication system and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7542590B1 (en) * 2004-05-07 2009-06-02 Yt Acquisition Corporation System and method for upgrading biometric data
US8483450B1 (en) * 2012-08-10 2013-07-09 EyeVerify LLC Quality metrics for biometric authentication

Also Published As

Publication number Publication date
GB2511467B (en) 2015-03-11
GB201412244D0 (en) 2014-08-20
GB2511467A (en) 2014-09-03

Similar Documents

Publication Publication Date Title
CN111133433B (zh) 使用面部识别用于访问控制的自动认证
Ross et al. Handbook of multibiometrics
AU2016214084B2 (en) Systems and methods for performing fingerprint based user authentication using imagery captured using mobile devices
Bolle et al. Guide to biometrics
US10509943B2 (en) Method of processing fingerprint information
US9355236B1 (en) System and method for biometric user authentication using 3D in-air hand gestures
Gofman et al. Multimodal biometrics for enhanced mobile device security
US20140059675A1 (en) Biometric authentication
WO2006012132A2 (fr) Generation d'informations de champ directionnel dans le contexte d'un traitement d'image
WO2006012053A2 (fr) Generation d'informations de champ de qualite dans le cadre du traitement d'images
WO2014097340A2 (fr) Procédé de reconnaissance biométrique évolutive présentant des caractéristiques de vitesse et de sécurité appropriées pour des applications pos/atm)
US20240086513A1 (en) Adjusting biometric detection thresholds based on recorded behavior
JP6855266B2 (ja) 顔認証システム、顔認証方法、及び顔認証プログラム
CN112861082A (zh) 用于被动认证的集成***和方法
US9773150B1 (en) Method and system for evaluating fingerprint templates
WO2016005759A1 (fr) Système et procédé de gestion d'accès
WO2021148844A1 (fr) Procédé et système biométriques permettant une analyse de la main
Arjona et al. A dual-factor access control system based on device and user intrinsic identifiers
KR100456463B1 (ko) 지문 영상의 전역적 정보 및 지역적 특성 정보의 조합을이용한 지문 인증방법
US20080290991A1 (en) Procedure for the determination of an authorization
US10984085B2 (en) Biometric recognition for uncontrolled acquisition environments
JP6346359B1 (ja) 署名照合システム
JP6795480B2 (ja) 生体認証システムおよび生体認証方法
US8577090B2 (en) Biometric authentication method, authentication system, corresponding program and terminal
KR20080109118A (ko) 스마트카드를 이용한 지문정보 인증방법 및 그 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15738446

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15738446

Country of ref document: EP

Kind code of ref document: A1