WO2017148506A1

WO2017148506A1 - Method for user authentication

Info

Publication number: WO2017148506A1
Application number: PCT/EP2016/054253
Authority: WO
Inventors: Steinar Pedersen
Original assignee: Steinar Pedersen
Priority date: 2016-02-29
Filing date: 2016-02-29
Publication date: 2017-09-08

Abstract

The invention constitutes an authentication method employing a frame with touch detectors ("code frame"), wherein the code frame (3) wholly or partially surrounds an electronic fingerprint sensor (4). Authentication implies that the user enters a user- specific code by means of the code frame, where code entry is performed by the user employing a fingertip (8) to sequentially touch same or different points or regions ("code entry points") (6) along the perimeter of the code frame. The code entry points are equipped with touch detectors (7). A particular touch sequence constitutes a user- specific code(10) ("432") and the user is authenticated if the entered user-specific code matches stored information. The user-specific code authentication may be used alone or in conjunction with authentication by means of the fingerprint sensor.

Description

Method for User Authentication

TECHNICAL FIELD The present disclosure relates to a user authentication method and in particular to a new method and system used for one- or two-factor authentication where a graphic code entered by means of a touch-sensitive frame is used as backup for fingerprints to authenticate a user.

BACKGROUND ART

We see an increased demand for secure identification of individuals, e.g. as part of access control and user authorization. With an anticipated growing use of personal computers, lap-tops, tablet computers and smart phones for financial transactions, the need for a reliable method for authorization of users is mandatory. In this context, different biometric principles have been tried out or employed for identification and authentication, for instance fingerprints, hand prints, ear shape, face shape, voice profile, iris characteristics, etc. Recognition of fingerprints is by far the most popular identification method, where various electronic scanning principles (optoelectronic, capacitive and thermal) are now in wide use for obtaining and storing biometric fingerprint information.

Use of fingerprints alone has the inherent weakness that it is possible to prepare replicas of fingerprints or fingers belonging to individuals subject to impersonation, e.g. in connection with fraud. Such replicas may be provided with the same or similar properties as genuine fingerprints or fingers and may thus be used to provide a fingerprint pattern that will be accepted by a sensor system.

With modern smart phones and tablet computers, touch screens are used for entering information and for operating programs and applications. A consequence of using the touch screen as user/program interface is that the screen will contain an abundance of fingerprint residues stemming from legitimate user(s), where "readable" fingerprints may be easily "lifted off the screen, e.g. after the equipment has been stolen or lost. Fingerprints thus obtained may be used to spoof the system, either by printing a simple picture or by more sophisticated techniques such as using a laser operated 3-D printer to prepare a "skin-like" structure that may be attached to a fingertip.

For this reason, fingerprint registrations alone are often inadequate and will have to be supplemented with input of a user specific code, assuming that this code is secret and only known to authorized users.

Some currently used systems combine a fingerprint with a personal access code, which is entered by means of a numeric or alphanumeric keypad. In some instances, it is inconvenient to use a separate keypad for input of a user specific code, both because this requires extra equipment and also because this implies separation of steps involved in the routine for identification and authentication on two different input entities. A separate, often permanently installed keypad may allow application of utilities such as keystroke loggers that permit illegitimate "reading" of the code during input. Many people also find it difficult to memorize a numeric or alphanumeric code, particularly if the user is required to remember a whole series of such codes.

Some applications that are dependent on reliable user identification still count on fingerprint scanning as the sole authentication method, either due to space limitations or in order to maximize user convenience (e.g. credit cards, access cards, etc.). Such applications would benefit from having a backup authentication system that could be put into use if, for some reason a legitimate user fails in using fingerprint scanning as authentication method (damage to finger used for enrolment, damage to sensor, temporary inaptness of finger surface to provide consistent scan, e.g. due to excessive moisture, extreme temperatures, etc.). A suitable backup method should preferably be able to employ the fingerprint sensor itself or a utility closely associated with the sensor for entering backup authentication parameters.

An appropriate backup method that may also serve to provide a second authentication factor is disclosed in WO 2014206505. Here, the user enters a user-specific code pattern by moving a fingertip along the perimeter of the sensor surface, guided by a perceptible (tactile or visual) frame surrounding the sensor. Graphic code patterns thus generated are easy to memorize, can easily be translated into a number code and are easily stored in memory for comparison with subsequent code entries. Graphic code patterns generated according to this disclosure employ the fingerprint sensor's own detector system (capacitive, RF, active thermal, optoelectronic, ultrasound, etc.)- A reliable code entry is dependent on a certain minimum sensor area (in order to allow precise fingertip movement from corner to corner of sensor), in addition to a minimum sensing speed (in order to detect rapid finger movements along the perimeter of the sensor surface). Those two requirements are not always fulfilled with modern fingerprint sensors, either due to capacitive/RF touch sensors being too small or because active thermal sensors are too "slow" for recording rapid finger movements across the sensor surface. The latter drawback may be eliminated, however, by reducing the active pixel density, e.g. by employing each fifth column and/or row of the sensor matrix when recording code input.

An alternative to relying on the fingerprint sensor system itself for providing auxiliary information input is to mount a separate, dedicated touch sensitive detector system in close vicinity of the fingerprint sensor. Such system with associated methodology is disclosed in US 2014270414 A1 , where the disclosure describes a sensor structure that includes both a fingerprint sensor and one or more touch sensors. A user input is received as a finger is moving across the sensor structure, thus providing auxiliary functionality to a device based on the pattern of movement and at the same time authenticating a user based on fingerprint data sensed by the fingerprint sensor during the finger movement. In addition to employing various arrangements of touch sensors close to the fingerprint sensor, the fingerprint sensor itself may also be subdivided into sections, with the possibility of dynamically assigning one or more of the multiple sections to sensing fingerprint data or sensing movement of the finger across the fingerprint sensor. The versatility or the device is based on multiple auxiliary functionality modules that respond to different patterns of movement, providing e.g. (sound) volume control, game control, cursor control, scroll control, menu control, photography control, or phone call control.

Although US 2014270414 A1 offers a solution for auxiliary information input in addition to biometric authentication, the method and system provided by this disclosure are not intended to be used for secondary authentication beyond a fingerprint and is consequently unsuitable for this purpose. There are several reasons for this, of which the most important are that a) the system is mainly constructed for tracking direction and extent of finger movements, b) it lacks compactness and is therefore unsuitable for incorporation into small area devices; c) it relies on a detection system that comprises both a fingerprint sensor and touch sensors; d) it does not provide facilities enabling reproducible code pattern input; and e) patterns of movement are not easily transformed into numerical code.

Present disclosure provides solutions that remedy above deficits by describing an authentication method that employs a system that is constructed specifically for entry of an authentication code. It is very compact and is operated independently of the fingerprint sensor, it allows a very precise and reproducible code pattern input and the code pattern is easily transformed into number code. Additionally, the disclosed system provides a code entry response that is extremely fast and involves signal processing facilities that are simple and easily embedded together with the fingerprint sensor electronics.

SUMMARY OF THE INVENTION

According to a first aspect of the disclosure there is provided a user authentication method employing a code frame with touch detectors and a perceptible guide frame provided upon or along the perimeter of the code frame, wherein: a user enters a code by employing a fingertip to sequentially touch one or more code entry points along the perimeter of the code frame, wherein the code entry points are equipped with touch detectors; code entry is guided by the guide frame; and a particular touch sequence constitutes a user-specific code and wherein the user is authenticated if the entered user-specific code matches stored information.

The code entry points are different points or regions of the code frame.

The guide frame serves to:

• guide an exact and reproducible fingertip placement at or upon various code entry points,

• guide a precise movement of the fingertip from one code entry point to another; and

• provide a graphic code pattern that is easy to memorize. Optionally, the code frame wholly or partially surrounds an electronic fingerprint sensor, and a user is authenticated only if both the entered user-specific code and a sensed fingerprint match stored information.

Optionally, an entry of a user-specific code is performed by the user sliding the fingertip along the contact surface from one code entry point to another, or briefly back-and- forth into same code entry point.

Optionally, an entry of a user-specific code is performed by the user temporarily lifting the fingertip from the contact surface at one code entry point and repositioning the fingertip on the contact surface at same or different code entry point. Optionally, when entering a user-specific code or other code-related instructions the user may apply increased pressure one or more times while the fingertip resides upon a code entry point.

According to a second aspect of the disclosure, there is provided a user authentication system comprising: a code frame with touch detectors located at defined code entry points along the perimeter of the frame, wherein the touch detectors can sense placement of a fingertip upon, above or near each code entry point, whereby a user- specific code can be entered by placing the fingertip at or upon various code entry points in a defined sequence; a perceptible guide frame is provided upon or along the perimeter of the code frame; memory means for storing user-specific code data associated with at least one user; and a processor coupled with said code frame for receiving user-specific code data and coupled with said memory means for comparing said received data with said stored data; and arranged to return an authentication result based on said comparison, wherein a user is authenticated if the entered user- specific code matches stored information. The code entry points are defined points or regions along the perimeter of the frame.

The guide frame acts in order to:

• guide a precise movement of the fingertip from one code entry point to another; and • provide a graphic code pattern that is easy to memorize;

Optionally, the code frame wholly or partially surrounds an electronic fingerprint sensor, a user is authenticated only if both the entered user-specific code and a sensed fingerprint match stored information. Optionally, the code frame is square, rectangular, polygonal, or round - either circular or essentially elliptical.

Optionally, the touch sensors of the code frame are based on capacitive, RF, active thermal, optoelectronic or resistive principles.

Optionally, the guide frame is square, rectangular, or polygonal, preferably with rounded corners, or round - either circular or essentially elliptical.

Optionally, the fingerprint sensor is based on capacitive, RF, optoelectronic or active thermal principles.

Optionally, the code frame or guide frame comprise pressure sensitive devices at code entry points. Optionally, the code frame or guide frame comprise light emitting facilities.

Optionally, there is provided a host device comprising the user authentication system according to the second aspect of the disclosure.

Optionally, the host device is a computer, a mobile computing device, a mobile telephone, a smartphone, a computer tablet, a credit card, a financial transaction card, an identity card and other equipment utilizing fingerprints for identification and/or access control.

According to a third aspect of the disclosure there is provided a computer program product or algorithm encoded with instructions that, when run on a computing device or on sensor-embedded computation facilities enables it to receive user-specific code data comprising a particular sequence of fingertip placement at or upon code entry points along the code frame, and wherein the program compares the received data to stored data, and returns an authentication result based on said comparison. BRIEF DESCRIPTION OF THE DRAWINGS

The invention will now be described, by way of example only, with reference to the accompanying drawings, in which:

The Fig. 1 series illustrates a laptop and a smartphone incorporating a fingerprint sensor surrounded by a code frame used for entering fingerprints and code patterns.

The Fig. 2 series illustrates a fingerprint sensor surrounded by a code frame incorporating sensing utilities for detecting the presence of a fingertip, and steps involved in entering an authentication code.

The Fig. 3 series illustrates a fingerprint sensor system and fingertip positions attained during fingerprint scanning and entry of user-specific code.

The Fig. 4 series illustrates various code frame configurations, detector arrangements and indication of code entry points.

The Fig. 5 series illustrates a fingerprint sensor surrounded by three different code frame and guide frame configurations.

The Fig. 6 series illustrates various fingertip movements employed during entry of a user-specific code.

The Fig. 7 series illustrates entry of a user-specific code on a square code frame with eight code entry points.

The Fig. 8 series illustrates entry of a user-specific code on a circular code frame with eight code entry points.

The Fig. 9 series illustrates entry of complex user-specific codes on square and circular code frames with different detector arrangements.

The Fig. 10 series illustrates a smartphone with the fingerprint sensor system incorporated in the display region and sequential entry of fingerprint scan and authentication code.

The Fig. 1 1 series illustrates a transaction card with fingerprint sensor system and alternative modes of entering an authentication code. The Fig. 12 series illustrates use of micro-switches or pressure sensors at code entry points of the code frame, and use of said facilities for various signaling purposes.

The Fig. 13 series illustrates use of light emitting utilities associated with the code frame to convey messages to the user.

The Fig. 14 series illustrates a square code frame incorporating alternative touch detectors.

DETAILED DESCRIPTION OF THE INVENTION The present disclosure provides a method used as authentication backup or as secondary authentication method for users of electronic fingerprint sensors that are based on optical, optoelectronic, ultrasonic, pressure based, radiofrequency (RF) based, thermal, capacitive and other physical principles used for scanning of fingerprints. The method is particularly adapted to the input of an authentication code in combination with a fingerprint. The authentication code may in preferred embodiments be user-specific, and preferably personal and user-defined. The terms "authentication code", "user code", "user-specific code" and "user pattern" will be used interchangeably throughout this document.

The disclosure provides a method employing a frame with touch detectors ("code frame"), wherein the code frame wholly or partially surrounds an electronic fingerprint sensor. Authentication implies that the user enters a user-specific code by means of the code frame, wherein code entry is performed by the user employing a fingertip to sequentially touch same or different points or regions ("code entry points") along the perimeter of the code frame. The code entry points are equipped with touch detectors. A perceptible frame ("guide frame") is provided upon or along the perimeter of the code frame in order to guide an exact and reproducible fingertip placement at or upon various code entry points, to guide a precise movement of the fingertip from one code entry point to another and to provide a graphic code pattern that is easy to memorize. A particular touch sequence constitutes a user-specific code and the user is authenticated if the entered user-specific code matches stored information. Such user- specific code authentication may be used alone or in conjunction with authentication by means of the fingerprint sensor. The code frame may be of any chosen shape, for example (and without limitation), square, rectangular, polygonal or round (the latter being precisely or substantially circular, elliptical or oval). The code entry may comprise drawing or tapping a user- specific pattern, optionally in combination with other code elements such as selective application of pressure by a user's finger.

A code frame that surrounds the fingerprint sensor offers many advantages. Said co- location will e.g. increase the speed of a combined fingerprint and code entry. It will also facilitate correct positioning of a fingertip during fingerprint and code entry, simplify design of electronic circuits and utilities used for signal processing related to the two input devices and enable design of an integrated, multi-purpose authentication system providing a high degree of security. The "surround" concept when used in this context implies that the frame is located wholly or partially outside the perimeter of the fingerprint sensor, essentially in the same or parallel plane as the sensor surface. The frame outline may for certain embodiments include gaps between frame segments, without this aspect altering the validity of the "surround" feature.

In order to enhance control when drawing or tapping a code pattern, it is advantageous if the user is kept constantly aware of his finger's position relative to the code frame - for some embodiments even without visual contact with the finger. For this reason, according to preferred modes of operation there is provided a perceptible (visually or tactile) "guide frame" that may be located along the outside or inside perimeter of the code frame, or alternatively on top of the code frame with essentially same frame outline. The user may thus maintain a fingertip in continuous contact with, or kept at close vicinity of the code frame during entry of the authentication code. The guide frame may also provide an indication of the positions of code entry points. When using square, rectangular or polygonal code frames, the corners, or segments between corners serving as code entry points can easily be located by means of the guide frame, and also facilitate fingertip "jumping" from one code entry point to another.

Since round frames are devoid of any recognizable features (like corners) that indicate a particular position on its circumference, round code frames or guide frames may advantageously incorporate one or more position markers (PMs) that can be perceived or sensed by the user while entering the user-specific code. The upper limit of the number of PMs will depend on the size of the frame, and must be small enough so that a user can tell the difference between the position of one PM and an adjacent PM.

Even with as few as one perceptible (visual or tactile) PM on a circular frame, most users are capable of easily identifying an additional three or seven virtual (non- perceptible), evenly spaced PMs along the frame's circumference, which may also serve as code entry points.

Corners and PMs, or segments between corners and PMs serving as code entry points may be equipped with touch detectors, also referred to as "entry point detectors". The use of frames with corners or position markers serve to guide finger movements during entry of an authentication code, permitting use of moderate to small area sensors and enabling a high degree of precision and reproducibility during entry of user patterns. The user pattern may be drawn starting in one corner or at one of the PMs, and also end in a corner or at a PM.

Some embodiments involve arrangements in which the user touches polygonal frame segments between corners, or moves a fingertip across such frame segments. Other embodiments involve arrangements in which the user touches defined segments of round frames, or moves a fingertip across such segments. In such instances, the whole polygonal frame segments and round frame segments serve as code entry points. The code frame is furnished with a sensor system that detects the presence of a fingertip at each code entry point, without involving the detection principles of the fingerprint scanner. This recording principle has many advantages since it can be operated independently of the fingerprint sensor and utilize far less sophisticated electronics. It may be used in combination with fingerprint sensors that employ a whole range of different recording principles (capacitive, RF, thermal, optoelectronic, ultrasonic, etc.) without involving the fingerprint sensor in the code drawing process. It may furthermore be used with sensors that have a size and shape that deviate substantially from the size and shape of the code frame and thus be used to enclose very small touch sensors (e.g. 4 x 4 mm) where the frame may be considerably larger (e.g. 15 x 15 mm) and thus be well suited for precise input of user code. A separate frame with detector utilities may also be used in conjunction with linear (swipe) sensors. Swipe sensors are often less precise than area sensors, but when used together with code drawing facilities according to present disclosure, this added security more than compensates for the inferior sensor precision. A swipe sensor will typically be surrounded by a square or rectangular frame with rounded corners. The described code frame approach for entering user-specific drawing patterns implies use of fairly simple electronics (e.g. microcontrollers or FPGAs) and algorithms for processing code pattern inputs. Code patterns can therefore be processed at a much higher speed and at lower power consumption than fingerprint scans.

Devices suitable for application of a frame-based authentication procedure according to the invention are illustrated in the Fig. 1 series, where a fingerprint sensor system

2 comprising a fingerprint sensor 4 and a code frame 3 is incorporated in a laptop computer 1 (Fig. 1 a) and on the backside of a smartphone 3 (Fig. 1 b). In this particular embodiment, the sensor system 2 is mounted in a square aperture of the laptop and phone chassis (Fig. 1 d), creating a recess suitable for receiving a fingertip during fingerprint scan and code entry. While the code frame itself is mounted flush with the sensor surface and not easily perceivable, the slanting walls of the aperture serve as guide frame 5, making the sensor system easily recognizable even when located on the backside of the smartphone 3 and out of sight of the user during normal operation.

The Fig. 2 series illustrates the process of entering an authentication code by means of a code frame. Fig. 2a indicates that the square code frame 3 surrounding a fingerprint sensor 4 is equipped with detectors 7 in each corner, coinciding with the code entry points 6 of the frame. Each code entry point is labelled, here numbered from 1 to 4. Entry of a user-specific code starts with the user placing a fingertip upon a code entry point, here indicated by the hatched oval 8 in the lower left corner of the code frame (representing the contact area of the fingertip). In Fig. 2b, the user moves the fingertip to the code entry point at the lower right corner in a straight line 9. In Fig. 2c, the finger is moved upwards to upper right corner, thus creating a user-specific code pattern 10 that may be abbreviated as "432".

The Fig. 3 series illustrates different fingertip positions attained during fingerprint scanning and input of user-specific code. The fingerprint sensor 4 and the code frame

3 are mounted in an aperture of the equipment chassis and form a recess relative to the surrounding surface. In this particular embodiment, the code frame is square and made perceptible by a guide frame 5 constituting the slanting aperture walls. This configuration allows a rapid location of the sensor system 2, even when the equipment is out of sight of the user, for instance when located in a pocket or in a handbag. Fig. 3a illustrates the position taken by a finger 11 when depositing a fingerprint 12 (Fig. 3b) upon a sensor surface 4. When entering a user-specific code as shown in Fig. 3c, the finger 11 takes a more erect position. The fingertip is partially overlaying both the sensor surface 4, the code frame 3 and the guide frame 5, as indicated by the hatched oval 8 in Fig. 3d. The user starts code entry by placing the fingertip 8 in the lower left corner of the code frame and thereafter sliding it along the frame to the lower right corner. The sliding movement is continued to the upper right corner, back again to the lower right corner, then to the upper right corner, whereupon code entry is finalized by moving the fingertip to the upper left corner. In order to avoid lengthy verbal descriptions of code entries and to simplify notation of authentication codes, code entry points are preferably labelled, e.g. with numbers as shown in the Fig. 2 series. The complete authentication code 13 shown in Fig. 3d may therefore be referred to as "432321 ", which can be written down by a user and kept in a secret place. While this number code may not be too difficult to remember, the actual finger movement along the code frame is regarded by most users to be even simpler to memorize. The Fig. 4 series illustrates various code frames with associated entry point detectors. Fig. 4a is a schematic, conceptual presentation of a capacitor-based sensor configuration, where pairs of capacitor plates 7 are incorporated at each code entry point in the corners of a square code frame 3. The plate couples are connected to a microcontroller 15 via a printed set of connectors 14. When a user puts a fingertip on top of a particular corner detector, this will change the capacitance of plate couples located underneath and thus be recorded by the microcontroller and associated hardware/software as a positive position input for that particular code entry point. Sequential positioning of a fingertip on top of the various entry point detectors, e.g. by sliding the fingertip along frame segments or jumping from one code entry point to another will thus generate the complete authentication code. The capacitor plates 7 at each code entry point may be varied in size, shape and position, which again will affect the sensitivity and precision of the system. Using the capacitor-based example as described above, both the detector configuration and code frame construction may be varied and provide many different solutions. The code frame may e.g. take shape as rectangular 16 (Fig. 4b), octagonal 17 (Fig. 4c) and circular 18 (Fig. 4d), in addition to many other regular and irregular polygonal and round forms with defined code entry points 6. Preferred code frame shapes are, however, square, rectangular and circular.

In Fig. 4e, the four frame segments will serve as code entry points 6 in addition to corners. Since a low precision level is sufficient when using frame segments as code entry points, the capacitor-based detectors comprise merely two elongated capacitor plates 20 at each sector of the code frame 19. This detector arrangement also allows detection of fingertip touch in corners. Capacitor plates may also be mounted pair- wise along the circumference of the code frame 21 (Fig. 4f). In addition to assigning addresses to groups of capacitor couples and thereby locating a limited number of code entry points around the frame, this capacitor-configuration also permits the sensor system to monitor movement of a fingertip along code frame segments. This configuration may equip the code frame with auxiliary functionality in addition to authentication, as e.g. cursor control and selective program activation. A similar capacitor-configuration may also be used with round or circular frames 32, as shown in Fig. 8a. In embodiments discussed above, the slanting walls of a chassis aperture have constituted a suitable, tactile guide frame 5 allowing input of a user code without visual contact. According to these embodiments, the code frame 3 may be mounted on top of the fingerprint sensor 4, outside the sensing surface as illustrated in Fig. 5a and Fig. 5b. Alternative solutions to providing a tactile guide frame are illustrated in the Fig. 5c - Fig. 5f series. In the sensor arrangement illustrated in Fig. 5c and Fig. 5d, the guide frame 23 is put on top of the code frame 3, which again is mounted on the fingerprint sensor 4, suitable for mounting as a compact unit 22 in the chassis aperture. An alternative embodiment is shown in Fig. 5e and Fig. 5f, where dimensions of the code frame 3 and guide frame 23 are somewhat larger than the fingerprint sensor 4. With this sensor system 24, the code frame is mounted on top of the chassis, independently of the fingerprint sensor. This construction allows incorporation of the sensor system in very thin devices, e.g. in access cards and transaction cards as illustrated in the Fig. 1 1 series.

Input of user-specific code on sensor systems described above may be performed in different ways depending to the operational context, as illustrated in the Fig. 6 series. When the sensor system 24 is out of sight of the user (e.g. when located on the backside of a smartphone; Fig. 1 b), code input is advantageously made by sliding a finger 11 along the guide frame located outside or on top of the code frame 3, as illustrated in the Fig. 6a - Fig. 6d series. This allows the user full control of finger position relative to code entry points, e.g. in order to draw a line 25 (Fig. 6d) encoded "14". An alternative mode of code input is illustrated in the Fig. 6e - Fig. 6i series, where the finger "jumps" from one code entry point to another. Examples are given in Fig. 6h, providing a vertical line 26 encoded "14" and in Fig. 6i, providing a diagonal line 27 encoded "13". This fingertip jumping procedure is recommended when the user is allowed to visually inspect code entry. An alternative way of entering a diagonal line 28 is illustrated in the Fig. 6j - Fig. 6m series. Here, the user is sliding a finger along the sensor surface from one corner to the opposite corner, thus allowing some degree of position control even without visual contact. The Fig. 6n - Fig. 6q series illustrates a repeated input at same code entry point. This may be performed by lifting the fingertip (Fig. 6o) and reposition the finger upon same code entry point (Fig. 6p), which may be illustrated graphically by the broken line 29 shown in Fig. 6q. Repeated input may alternatively be performed by moving the fingertip briefly away from the code entry point along the code or guide frame (Fig. 6s) - and back into same entry point (Fig. 6t). This repeated code entry point input may be illustrated graphically by the broken line 30 shown in Fig. 6u. In order to verbally describe the various code entry procedures discussed above in a simple manner, the procedure whereby the user is sliding a finger either along and in contact with the surface of a code frame, along the surface of a guide frame or along the surface of a fingerprint sensor, this is commonly referred to as "sliding the finger along the contact surface" (Fig. 6a - Fig. 6d; Fig. 6j - Fig. 6m). The alternative way of code input whereby the finger is "jumping" from one code entry point to same or to a different code entry point, is commonly referred to as "lifting the finger from the contact surface" and "reposition the finger on the contact surface" (Fig. 6e - Fig. 6i; Fig. 6n - Fig. 6u).

Some embodiments of the invention may allow use of fairly large frames, as illustrated in the Fig. 7 series where a square code frame 19 comprises pair of capacitance detectors 20 along the sides of the frame. In such instances, an in particular where the user has visual control with code input, both corners and regions between corners may serve as code entry points, as illustrated by entry of a two-legged line pattern 31 in Fig. 7b. This may consequently allow positioning of eight code entry points 6 along the frame circumference, as illustrated in Fig. 7c. Similarly, round code frames 32 (Fig. 8a) incorporating sensors evenly distributed along its circumference may allow use of multiple code entry points, as illustrated by entry of a two-legged line pattern 33 in Fig. 8b and positioning of eight code entry points 6 in Fig. 8c.

In general, four code entry points will suffice for most applications, allowing entry of code patterns that are easy to memorize. Examples are given in the Fig. 9a - Fig. 9c series, showing a simple pattern 35 ("432321 ") in Fig. 9a and a more complex pattern 36 ("41222343") in Fig. 9b and 37 ("1222431 ") in Fig. 9c. In some instances, when there is a need for entry of more extensive codes (e.g. serving as PUK codes for unlocking a system after shutdown), and where the user can fully inspect code entry, eight code entry points as illustrated in the Fig. 9d - Fig. 9i series may be employed. Examples are the pattern 38 ("8234548") in Fig. 9d, 39 ("12334187") in Fig. 9e, 40 ("1234555284") in Fig. 9f, 41 ("321234") in Fig. 9g, 42 ("64371 1 15") in Fig. 9h and 43 ("121433362") in Fig. 9i. (The number codes associated with code patterns 38, 39 and 40 presume that code entry is performed with a fingertip sliding along the frame surface). The frame surrounding the fingerprint sensor does not have to be tactile in order to provide fingertip guidance, and may alternatively be made perceptible by visual means, e.g. by being printed, illuminated or appearing on a graphic display. One example is shown in the Fig. 10 series, where a smartphone 44 incorporates a fingerprint sensor 45 within or under the glass covering a touch-sensitive display. The sensor or its position may not be visible to the user during most operational conditions, but will appear on a conditional basis when a fingerprint input is needed (Fig. 10a), e.g. in connection with startup, resume operation or for approval of a financial transaction. A fingerprint scan 46 is shown in Fig. 10b. If an authentication code input is also required, a visually demarcated code frame 47 may appear on the screen around the sensor area (Fig. 10c), allowing the user to enter a user-specific code pattern 48 along the perimeter of the frame. The frame may in this particular instance optionally employ same position detection system as is used by the touch display.

Use of access cards and transaction cards commonly involve "single hand" operations (particularly when used in conjunction with NFC technology), with the thumb resting on the top surface and the index finger supporting the card from the underside. Authentication code entry according to present disclosure is well suited for this kind of operation, as illustrated in the Fig. 1 1 series. Here, a transaction card 49 equipped with a fingerprint sensor 4 (Fig. 1 1 d) is held by a thumb 11 and an index finger (not shown), where the tip of the thumb is resting on the fingerprint sensor 4 ready for a fingerprint scan. After a successful fingerprint entry, the thumb may easily touch code entry points on the guide frame 23 overlaying the code frame 3 (Fig. 1 1 d) in order to enter an authentication code 50 (Fig. 1 1 b; "414323"). Both fingerprint and code entry can be performed as a single, continuous operation while the card is held in the vicinity of the NFC receiver. An alternative code input is illustrated in Fig. 1 1 c and Fig. 1 1 e, where the thumb instead of touching frame corners is just crossing the guide frame 23 and code frame 3 segments representing code entry points, either by an up-down, down-up, right-left or left-right movement. The code 51 entered this way byfirst moving the thumb up-down, then down-up and finally right-left-right is denoted "1322". Although this embodiment may work very well with a plain, visually demarcated code frame on the card surface, it may be helpful for guiding thumb if a guide frame 23 protrudes slightly from the surface (as shown in Figs. 1 1 d and 1 1 e). A separate, independent code frame with an associated guide frame may also be equipped with ancillary utilities that may be helpful when executing the authentication procedure, both for code-related input and for conveying messages to the user with respect to the status of the authentication process. Some examples are illustrated in the Fig. 12 and Fig. 13 series. The code frame 23 shown in Fig. 12a is equipped with pressure sensors or micro-switches 52 in the corners of the frame, allowing the user to employ this facility to signal end of code entry by depressing the last corner 53, as in Fig. 12b, or to signal start (single push) 53 and end (double push) 55 of code entry as shown in Fig. 12c. This downward push may alternatively be used for entering single or multiple position repeats in a code pattern 56. Pressure sensors may e.g. be based on electromagnetic or piezoelectric principles that will be known to people skilled in the art. When using fingerprint sensors and code input utilities in the dark, it is helpful if the system can provide some guidance with respect to where to put a finger for fingerprint scanning and for entering an authentication code. This may be achieved by incorporating light-emitting devices (e.g. LEDs) within or under the code frame or guide frame. A light configuration that illuminates the whole frame 58 shown in Fig. 13a is useful for indicating the positions of the frame and fingerprint sensor, but may also be used to convey signals to the user regarding authentication status, result and input requirements. Increased versatility of the signal repertoire can be achieved by using light of different colors, intermittent (pulsed) light emission of varying frequency and duration, etc. Another option is illustrated in Fig. 13b, where light emitters 58 are associated with the code entry points, utilizing same light emission options as above.

Signals may also be conveyed to the user in a tactile manner, e.g. by incorporating vibrating devices in the code or guide frame. Vibration may be continuous at alternate frequencies, or pulsed at varying duration and strength, each conveying a different message. Suitable vibrators may e.g. be based on piezoelectric or electromagnetic principles and will be known to people skilled in the art.

Other detector configurations than the capacitance-based system described above may also be used to serve the intended purpose. Two such systems are indicated in Figs. 14a - 14b, where the code frame according to Fig. 14a employs an optoelectronic detector 61 comprising a light emitter and a sensor detecting reflected light. Another solution is illustrated in Fig. 14b, where the detector 62 is based on resistor principles and comprising two exposed leads 63 in each corner, or alternatively an impedance-based detection system constructed according to similar principles. Other detector solutions may also be employed, and will be known to people skilled in the art. For the present disclosure, capacitor-based sensor systems are advantageous (price, simplicity, robustness) compared to other solutions. It should be emphasized that drawings used in various figures of this disclosure are grossly simplified relative to actual construction details of devices and parts of devices. This is done intentionally in order to emphasize basic principles of the invention. Electronic fingerprint sensors 4 are e.g. commonly ultrathin (< 0.1 mm) and comprise a set of electrical connectors and dedicated processors (ASICs, etc.), which for simplicity are not included in the drawings. Fingerprint sensors are generally mounted in chassis apertures (like in Fig. 1 c - Fig. 1d; Fig. 3a - Fig 3d; etc.), and will not constitute part of the chassis as the Fig. 6 drawings appear to imply.

Various improvements and modifications may be made to the above embodiments without departing from the scope of the invention. For example, while reference has been made throughout the disclosure to using the fingertip as code input vehicle, other solid objects may also function for the same purpose. Similarly, when referring to fingerprint sensors and specific electronic components associated with fingerprint and authentication code recording and processing, it is to be understood that terms used to describe the invention do not preclude employment of other electronic components, circuitry, software or other gadgetry needed for an optimal performance of the described system, most of which will be known to people skilled in the art.

In the following claims, various reference numerals have been incorporated in parentheses. The sole function of these reference numerals is to make the claims easier to understand. They do not limit the scope of the subject matter being claimed in any way. In particular, where reference numerals in the claims relate to any particular illustrated embodiment or embodiments the scope of the claim is not limited to those embodiments. The invention in the form of the claims with the exclusion of the reference numerals is also hereby claimed.

Claims

A user authentication method employing a code frame (3) with touch detectors (7) and a perceptible guide frame (5, 23, 47) provided upon or along the perimeter of the code frame, wherein:

a user enters a code by employing a fingertip to sequentially touch one or more code entry points (6) along the perimeter of the code frame, wherein the code entry points (6) are equipped with touch detectors (7);

code entry is guided by the guide frame (5, 23, 47); and

a particular touch sequence constitutes a user-specific code (10, 13) and wherein the user is authenticated if the entered user-specific code matches stored information.

A user authentication method according to claim 1 , wherein the code frame (3) wholly or partially surrounds an electronic fingerprint sensor (4), and a user is authenticated only if both the entered user-specific code (13) and a sensed fingerprint (12) match stored information.

A user authentication method according to claim 1 or claim 2; wherein entry of a user-specific code is performed by the user sliding the fingertip along the contact surface from one code entry point to another (25, 28) or briefly back-and-forth into same code entry point (30).

A user authentication method according to any preceding claim; wherein entry of a user-specific code is performed by the user temporarily lifting the fingertip from the contact surface at one code entry point and repositioning the fingertip on the contact surface at same (29) or different code entry point (26, 27).

A user authentication method according to any preceding claim; wherein entering a user-specific code or other code-related instructions involves the user applying increased pressure one or more times while the fingertip resides upon a code entry point (53, 54).

6. A user authentication system comprising: a code frame (3) with touch detectors (7) located at defined code entry points (6) along the perimeter of the frame, wherein the touch detectors can sense placement of a fingertip upon, above or near each code entry point, whereby a user-specific code can be entered by placing the fingertip at or upon various code entry points in a defined sequence; a perceptible guide frame (5, 23, 47) is provided upon or along the perimeter of the code frame; memory means for storing user-specific code data associated with at least one user; and a processor coupled with said code frame for receiving user-specific code data and coupled with said memory means for comparing said received data with said stored data; and arranged to return an authentication result based on said comparison, wherein a user is authenticated if the entered user-specific code matches stored information.

7. The system of claim 6, further comprising an electronic fingerprint sensor (4) and wherein the code frame (3) wholly or partially surrounds the electronic fingerprint sensor, a user is authenticated only if both the entered user-specific code (13) and a sensed fingerprint (12) match stored information.

8. The system of claim 6 or claim 7, wherein the code frame is square, rectangular, polygonal or round - either circular or essentially elliptical.

9. The system of any of claims 6 to claim 8, wherein the touch sensors of the code frame are based on capacitive (7, 20, 21 ), RF, optoelectronic (61 ), active thermal or resistive (63) principles.

10. The system of any of claims 6 to claim 9, wherein the guide frame is square, rectangular, or polygonal, preferably with rounded corners, or round - either circular or essentially elliptical.

1 1 .The system of any of claims 6 to claim 10, wherein the fingerprint sensor is based on capacitive, RF, optoelectronic or active thermal principles.

12. The system of any of claims 6 to claim 1 1 , wherein the code frame or guide frame comprise pressure sensitive devices (52) at code entry points.

13. The system of any of claims 6 to claim 12, wherein the code frame or guide frame comprise light emitting facilities (58, 59).

14. A host device comprising the user authentication system of any of claims 6 to claim 13.

15. The host device of claim 14, being a computer, a mobile computing device, a mobile telephone, a smartphone, a computer tablet, a credit card, a financial transaction card, an identity card and other equipment utilizing fingerprints for identification and/or access control.

16. A computer program product or algorithm encoded with instructions that, when run on a computing device or on sensor-embedded computation facilities enables it to receive user-specific code data comprising a particular sequence of fingertip placement at or upon code entry points along the code frame, and wherein the program compares the received data to stored data, and returns an authentication result based on said comparison.