Abstract: A method and apparatus for authenticating a user In dependence upon biometric Input information is disclosed. According to the method when a user is identified, their biometric information or data derived therefrom is automatically stored. The data is then used in subsequent user identification attempts as a template. The original templates are not replaced but those templates that are automatically stored are replaced at intervals.

Abstract: Disclosed is a biometric imaging device a method of processing images of biometric surfaces that are captured using said imaging device. According to the instant invention, an image of a biometric surface presented by an individual is captured by a sensor of the imaging device, either as a single image or as a plurality of overlapping image portions that are combinable to form a single composite image. The imaging device also includes a memory buffer for retrievably storing image data relating to the image of the biometric surface. A processor of the imaging device is provided for analyzing the stored image data to determine a location of a feature of interest and for providing an output image of a known size and shape for use by a host system that is in communication with the imaging device for identifying the individual.

Abstract: A method for matching biometric data is disclosed. A biometric information source is sensed to provide an image thereof. The image is then analysed to extract features thereform. A feature is selected as a first feature and a plurality of polygons are generated with a location of the first feature as a vertex of each. The polygons are then used to search a lookup table in order to determine an orientation and translation of the image relative to stored reference data.

Abstract: System and method for optimizing communications using a communications pipe over a network. This invention provides means to locally execute an APDU script and collect APDU responses locally for batch transfer to a remote server.

Abstract: A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorisation methods each requiring data only from available user information entry devices. The user then selects one of the determined authorisation methods for use in user authorisation. Optionally, each authorisation method is associated with a security level relating to user access to resources. Once the authorisation method is selected, the user provides user authorisation information in accordance with a determined user authorisation method and registration proceeds.

Abstract: A security system for securing an entity or a service from indiscriminate access and a method for operating the same is disclosed. Each designated person of M designated persons is provided with a portable biometric device. Biometric data in dependence upon a biometric characteristic of each of the M designated persons is stored in memory of the respective portable biometric device. Biometric information representative of a biometric characteristic of each of a subset of 1<N<M persons is captured in response to each of the N persons presenting said information to the respective portable biometric device. The biometric information is encoded and biometric data in dependence thereupon is provided to the processor of each respective portable biometric device. Using the processor of each respective portable biometric device the captured biometric data is then compared with the stored biometric data to produce a comparison result.

Abstract: A data processing system and method for generating and installing a master key replacement key and a new master key post issuance without using a potentially compromised master key to access a PSD's security executive.

Abstract: A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate.

Abstract: A method of hash string extraction from biometric information is disclosed. The method comprises the steps of providing a biometric information sample in the form of a fingerprint for example, extracting features from the biometric information sample and encoding the features based on their location within the biometric information sample; and, generating a string of values based on the extracted features and their determined locations. The method further comprises the steps of hashing the string of symbols to produce a plurality of hash values for comparing the plurality of hash values against a stored hash value for identifying a user.

Abstract: Disclosed is a method for detecting a latent fingerprint image provided to a biometric input device of a fingerprint based security system. First and second images of the fingerprint are captured during a time period interval ?t. At least one of the first and second images are analyzed to identify an extractable feature within a global reference frame, the extractable feature useable for authenticating an individual. The first and second images are compared one with the other to determine differences indicative of motion about the identified extractable feature within a local reference frame during the time period interval ?t. Absent motion about the identified extractable feature being detected, the fingerprint is registered as a latent fingerprint and cannot be used to authenticate the individual who is seeking authorization.

Abstract: This invention provides a system and method for implementing a middleware caching arrangement to minimize device contention, network performance and synchronization issues associated with enterprise security token usage. The invention comprises a token API mapped to a cache API. Logic associated with the token API preferentially retrieves information from a memory cache managed by the cache API. Mechanisms are included to periodically purge the memory cache of unused information.

Abstract: A method of hash string extraction from biometric information is disclosed. The method comprises the steps of providing a biometric information sample in the form of a fingerprint for example, extracting features from the biometric information sample and encoding the features based on their location within the biometric information sample; and, generating a string of values based on the extracted features and their determined locations. The method further comprises the steps of hashing the string of symbols to produce a plurality of hash values for comparing the plurality of hash values against a stored hash value for identifying a user.

Abstract: This system for executing a program to which access by a user is controlled by credentials includes a terminal (T), first memory means (F) associated with said program for storing at least first credentials specific to said user, access control means for authorizing access to said program in response to a match between said first credentials and second credentials applied via said terminal, and a security device (PSD) personal to said user, associated with said terminal and including second memory means (M) for secure storage of said second credentials. The terminal (T) includes at least some of credentials management means (CMP) including means for reading said second credentials and transmitting them to said access control means in response to presentation of a request to access said program, and credentials updating means for selectively commanding the generation and loading into said first and second memory means (F, M) of new credentials replacing the credentials previously stored.

Abstract: A data processing method and system for generating a unique symmetric key inside a PSD having limited trust relationships between PSD manufacture, PSD issuer, subsequent service providers and a trusted third party.

Abstract: A method and computer program product which comprises storing at least one data file inside a portable device such as security token or flash memory drive associated with a security badge. The data file includes sufficient information to allow a third party to verify the identity of an assignee of the security badge. The identity of the assignee is based at least in part on the information included in the data file by the third party without having to rely on a presentation affixed to one or more exterior surfaces of the security badge. Other embodiments of the invention comprises operatively coupling the security token to a security system, authenticating the assignee to the security token, generating a digital signature of the data file using a private key, and sending the digital signature, the data file and a digital certificate associated with the private key to said security system.

Abstract: A method of compensating for distortion within a composite image is disclosed. A biometric surface is sensed with a swipe imager. The images so provided are assembled into a composite image of the biometric surface. The composite image is then adjusted by insertion or deletion of rows therein to result in an image with a different number of rows.

Abstract: In the past, a contact imaging device was physically secured to prevent tampering. When used with network computer systems or communications systems, securing a contact imager is difficult. According to the invention, a method is proposed for securing a contact imaging device from tampering and for ensuring a contact imaging device is an authorised contact imaging device for use with a personal computer, a network application, or a communications application.

Abstract: Smartcards are gaining acceptance as a secure medium for storing information, typically of a personal and confidential nature. Unfortunately, the process of storing information to the smartcard is a time consuming task, often taking much longer than to read the same amount of information from the card. The non-volatile memory within the smartcard is typically of the FLASH type and does not facilitate fast writing a fast writing process thereto. In order to speed up this process, a comparative writing algorithm is utilized which only writes changed data to the smartcard memory, thus eliminating the need for storing duplicate information.

Abstract: A portable biometric device enables a designated person to unlock any one portal exclusive of other portals of a secure entity and or a secure service by choosing which of their personal biometric characteristics is presented to the portable biometric device. The portable biometric device includes a biometric sensor such that a biometric characteristic of a person for example a finger pattern is read dependent upon the person presenting the biometric characteristic to the biometric sensor. The reading is encoded in order for a processor to determine if the biometric characteristic has been predesignated for access via a predesignated one of the plurality of portals. If so, the processor selects an appropriate authorization code which is communicated by wireless transmission for unlocking the predesignated one of the portals, to the exclusion of any other of the portals. In an alternate example the processor is a central controller remote from the biometric device.

Abstract: The present application discloses a wireless hand held portable security device in the form of a wireless hand held portable biometric device in communication with a plurality of ubiquitous items for receiving information from, and sending information to the plurality of ubiquitous items, comprising a processor for selecting at least one item of the plurality of ubiquitous items and for sending information to the selected item in order to activate or deactivate or send a programming to the selected item. The level of security and the personalization is achieved by using a fingerprint or a combination of fingerprints for accessing communication with a selected item.