SMART CARD FOR PASSPORT, ELECTRONIC PASSPORT, AND METHOD, SYSTEM, AND APPARATUS FOR AUTHENTICATING PERSON HOLDING SMART CARD OR ELECTRONIC PASSPORT
A smart card authenticates a cardholder. The smart card includes a substrate, a sensor module, a wireless transceiver module, and a power circuit. The sensor module includes (a) a biometric sensor adapted to detect biometric information from a person's body, (b) a processor unit adapted to authenticate the person in response to the detected biometric information and generate an authentication signal representing an authentication result, and (c) a memory adapted to store biometric information of a specific individual associated with the smart card. The wireless transceiver module transmits signals received from the processor unit and receives a wirelessly-transmitted power signal. The power circuit generates at least one supply voltage from the received power signal and provides the supply voltage to the sensor module. An electronic passport is embedded with the smart card, and a terminal module is used for wirelessly transmitting power to and receiving signals from the electronic passport.
The present invention relates to smart cards and electronic passports. More particularly, the present invention relates to smart cards and electronic passports including a biometric sensor, and method, system, and apparatus for authenticating a person holding the smart card or the electronic passport.
BACKGROUND OF THE INVENTIONSmart cards, which are also referred to as integrated circuit (IC) cards, typically include a microprocessor and memory on their plastic body, and are capable of data processing required for the specific purpose of the cards. The conventional smart cards are typically “credit-card” sized, and ranging from simple memory-type smart cards storing user identification information to high-end smart cards with a sophisticated computational capacity. Typically, a card reader is used to read the stored information associated with the cardholder, such as a user name, account number, personal identification number (PIN), password, and the like. The card reader may be contact type or contactless type. The authentication process is typically performed after the necessary information is read from the smart card to the card reader, using the card reader or other authentication device communicating with the card reader, such as a local or remote authentication sever.
However, such smart cards can be stolen or counterfeited, and the authentication/verification system on which the smart cards are operating can be hacked, and the conventional smart card system is still vulnerable to identity theft and fraud. The ever increasing terrorist threat as well as the explosive rise in the crime of identity theft calls for more robust and protected security systems to authenticate and verify identity of individuals using or holding smart cards. In addition, it is desirable to protect the privacy of the personal information associated with the smart card while providing such a tamper-proof security system.
BRIEF DESCRIPTION OF THE INVENTIONA smart card authenticates a cardholder. The smart card includes a substrate, a sensor module, a wireless transceiver module, and a power circuit. The sensor module includes (a) a biometric sensor adapted to detect biometric information from a person's body, (b) a processor unit adapted to authenticate the person in response to the detected biometric information and generate an authentication signal representing an authentication result, and (c) a memory adapted to store biometric information of a specific individual associated with the smart card. The wireless transceiver module transmits signals received from the processor unit and receives a wirelessly-transmitted power signal. The power circuit generates at least one supply voltage from the received power signal and provides the supply voltage to the sensor module. An electronic passport is embedded with the smart card, and a terminal module is used for wirelessly transmitting power to and receiving signals from the electronic passport or the smart card.
The accompanying drawings, which are incorporated into and constitute a part of this specification, illustrate one or more embodiments of the present invention and, together with the detailed description, serve to explain the principles and implementations of the invention.
In the drawings:
Embodiments of the present invention are described herein in the context of a smart card for passport, an electronic passport, and a method, system, and apparatus for authenticating a person holding a smart card or electronic passport. Those of ordinary skill in the art will realize that the following detailed description of the present invention is illustrative only and is not intended to be in any way limiting. Other embodiments of the present invention will readily suggest themselves to such skilled persons having the benefit of this disclosure. Reference will now be made in detail to implementations of the present invention as illustrated in the accompanying drawings. The same reference indicators will be used throughout the drawings and the following detailed description to refer to the same or like parts.
In the interest of clarity, not all of the routine features of the implementations described herein are shown and described. It will, of course, be appreciated that in the development of any such actual implementation, numerous implementation-specific decisions must be made in order to achieve the developer's specific goals, such as compliance with application- and business-related constraints, and that these specific goals will vary from one implementation to another and from one developer to another. Moreover, it will be appreciated that such a development effort might be complex and time-consuming, but would nevertheless be a routine undertaking of engineering for those of ordinary skill in the art having the benefit of this disclosure.
In accordance with one embodiment of the present invention, the components, process steps, and/or data structures may be implemented using various types of operating systems (OS), computing platforms, firmware, computer programs, computer languages, and/or general-purpose machines. The method can be implemented as a programmed process running on processing circuitry. The processing circuitry can take the form of numerous combinations of processors and operating systems, or a stand-alone device. The process can be implemented as instructions executed by such hardware, hardware alone, or any combination thereof. The software may be stored on a program storage device readable by a machine.
In addition, those of ordinary skill in the art will recognize that devices of a less general purpose nature, such as hardwired devices, field programmable logic devices (FPLDs), including field programmable gate arrays (FPGAs) and complex programmable logic devices (CPLDs), application specific integrated circuits (ASICs), or the like, may also be used without departing from the scope and spirit of the inventive concepts disclosed herein.
The wireless transceiver module 18 is coupled to the sensor module 14 and the power module 16. The wireless transceiver module 18 is adapted to transmit signals received from the sensor module 14, including the authentication signal, and also adapted to receive a wirelessly-transmitted power signal. The wireless transceiver module 18 is capable of transmitting and receiving electromagnetic waves. However, the wireless transceiver module 18 may also be implemented such that it is capable of transmitting and receiving ultrasonic waves, optical waves, infrared waves, and the like.
As shown in
In addition, in accordance with one embodiment of the present invention, each of the plurality of power antennas 44 may have a turn number less than five (5). Preferably, each of the power antennas 44 has equal to or less than two (2) turns. Antennas with a lower turn number have a lower self inductance, allowing a higher current supply and a faster current ramp up (i.e., higher frequency response). Each of the plurality of power antennas 44 may also have approximately the same length. In addition, the power antennas may be arranged such that the inside area of the antenna coil or loop (i.e., the cross section of the magnetic field generated by the power antennas 44) is maximized. For example, the power antennas are placed along the edges of the smart card. The connection points of the power antennas may be located closely to each other. Each of the power antennas 44 may be formed as an etched or printed pattern on a plastic or paper material. Each of the power antennas 44 may have a width equal to or greater than 2 mm.
Referring back to
Furthermore, since the smart card and/or the passport are to be flexible in certain applications, a fingerprint sensor thereon are also preferably flexible. In such an application, the fingerprint sensor may be made using a polymer material as its insulator or substrate, or the both, for example, polyimide, polyethylene terepthalate (PET), Polypropylene (PPT), Polycarbonate, Butadiene, Epoxy, Nylon, Teflon® (polymers of tetrafluoroethylene (PTFE) or polymers of fluorinated ethylene-propylene (FEP)), and the like. However, it is not limited to the polymer material, but a thinned silicon wafer or substrate may also be used, where the wafer may be made of crystalline, polycrystalline, or amorphous silicon. For example, the thickness of the thinned silicon wafer or substrate is preferably less than 200 micron, and more preferably, less than 100 micron. The thinned silicon substrate is adapted to detect and digitize fingerprint patterns, by measuring capacitance, resistance, and the like. The thinning process may included chemical etching or gas-plasma etching. In addition, the thinned silicon waver may be backed up with a mechanical stiffener such as hard polymer, glass epoxy, copper clad glass epoxy, BT resin, copper clad BT resin, stainless steal clad or sheet, aluminum clad, or anodized aluminum clad or sheet, or the like. It should be noted that surface profile sensor and flexibility may not always be satisfied at the same time.
Referring back to
As described above, the processor unit 32 performs authentication of the person by comparing the detected biometric information with the stored biometric information, and determines if the person holding the smart card is the same person as the specific individual associated with the smart card. The processor unit 32 may also include an encryption circuit (not shown in
As shown in
Since a fingerprint sensor captures two-dimensional patterns from a three-dimensional surface of a finger, the detected pattern might be deformed to yield a false result although the person is a rightful owner of the smart card. Thus, by visually indicating the current status or result of the authentication, the rightful owner can adjust his/her finger pressed on the sensor such that the fingerprint patterns are correctly detected. On the other hand, the indication of unsuccessful authentication would dissuade an illegitimate holder of the smart card.
The indicator 36 is not limited to LEDs. In accordance with one embodiment of the present invention, the indicator 36 may be a liquid crystal display (LCD) adapted to display the authentication result, such as “success”, “authenticated”, “error”, “contact authority”, and other suitable messages. The LCD may also display some icons or symbols. The indicator may also be a sound player adapted to play an audio signal corresponding to the authentication result. For example, the audio signal has a different frequency, different voice message, or different melody depending on the authentication result.
As shown in
In addition, additional personal information of the specific individual, such as personal identification information and other personal information related to the user and/or purpose of the smart card may be stored in the memory 34. For example, such personal identification information includes the name, user name, password, personal identification number (PIN), date of birth, place of birth, driver's license number, and the like. A photographic image of the person may also be stored. In addition, other related information, for example, the issue date of the smart card, the expiration date of the smart card, contact information of the specific individual, and the like, can be stored, If the smart cared is used for a passport, for example, the history of travel or port entries, visa status, and the like may also stored.
The external connections to the control interface 38 may be disabled after configuring the processor unit 32 and storing the desired information in the memory 34. For example, the external access to the control interface 38 may be physically disconnected. Such physical disconnection may be permanent. Such a disconnection is preferable to prevent unauthorized access and alteration of the configuration and stored data. However, if update of the stored information is necessary or desirable, the external connection to the control interface 38 may be enabled only if the person is successfully authenticated.
Referring back to
In accordance with one embodiment of the present invention, the system may be compatible with the International Organization for Standardization (ISO) standards. For example, the communication bus 62 may be compatible with ISO 7816, and the dual mode interface circuit 58 may be an ISO dual mode interface chip which is compatible with ISO 7816 (for the wired communication) and ISO 14443 (for the wireless communication). However, other ISO standards may be used depending on the application.
As described above, in accordance with one embodiment of the present invention, the additional personal information may be store in the memory 34, 60, or 90. Such additional information can be read and transmitted when the person holding the smart cared is successfully authenticated. For example, the processor unit 32, the authentication CPU 56, or the dual mode CPU 80 may further include a retrieval circuit adapted to retrieve the stored additional personal information from the memory if the detected biometric information is determined to match the stored biometric information. In this case, the processor unit 32, the authentication CPU 56, or the dual mode CPU 80 further generates a personal information signal representing the personal information of the specific individual. The personal information signal is being encrypted and transmitted via the signal antenna in the similar manner as the authentication signal described above.
In accordance with one embodiment of the present invention, the biosensor 124 may be one of, or any combination of, an oxygen detector, a carbon dioxide detector, a thermometer, a moisture sensor, an infrared sensor, a voice sensor, a brainwave sensor, an electrocardiogram sensor, an electromagnetic filed sensor, a Chi sensor, and the like. In addition, the biosensor 124 may also be an elasticity sensor adapted to detect elasticity of a member in contact therewith, or a blood flow sensor adapted to detect a blood flow in a body part in contact therewith. These biosensors may also be used alone or combined with one or more of the above described biosensors. Furthermore, the biosensor 124 may include a bio-response detector adapted to capture a reflex response of the person to a given stimulus. For example, a reflex reaction such as a change in an iris aperture in response to light intensity illuminated thereon can be used, and the biosensor 124 may include an image sensor adapted to capture an image of the iris, and a light emitter adapted to illuminate an eye of the person. If the biometric sensor 116 also includes an image sensor to capture the image of the person for biometric authentication, the biometric sensor 116 and the biosensor 124 may be integrated into one image sensor. For example, a static image may be processed for the pattern matching, and a motion (reaction) image responding to the stimulus may be processed for the “alive” test.
The processor unit 114 generates a positive authentication only if the person is successfully authenticated and also determined to be alive. The authentication result and the alive-test result may be indicated using the indicator 120 in a similar manner as described above.
In accordance with one embodiment of the present invention, the smart card 100 may further include a display 126, as shown in
In accordance with one embodiment of the present invention, the biometric sensor 116 and the display 126 may be integrated into one element. For example, the biometric sensor 116 may be substantially transparent and laid on the display 112. In addition, since the display 126 is activated and display the image only if the holder of the smart card is successfully authenticated (including passing the live test), the display 112 also functions as an indicator.
In accordance with one embodiment of the present invention, the smart cards described in the above embodiments are adapted to be embedded in a passport.
Preferably, the signal antenna 154 is substantially smaller than the power antenna 152. For example, the signal antenna 154 (and signal antennas 24 and 64 in the above embodiments) is made small enough to be placed right upon or very close to the loop and/or trace of a terminal module antenna 194 or 199 (see
The control interface 162 is depicted as an external connection (lead bus) 166 is still enabled. This is typical when the electronic passport 130 is first issued to a specific individual and the smart card 150 embedded therein is under an initial configuration, in which necessary and/or desirable data, information, and/or software such as authentication program, encryption program, are uploaded and stored in a memory through the control interface 166. After such configuration and uploading, the external connection 166 may be cut off to disable access to the control interface 162.
In accordance with one embodiment of the present invention, the smart card 150 may be used as a card-type electronic passport without being embedded in a conventional paper passport. Since all information related to the passport holder and usage of the passport, which are typically printed or stamped on a conventional passport can be electronically or digitally stored in a memory provided on the smart card, the smart card itself may be implemented as an electronic passport. In this case, an additional surface layer may be provided on the substrate 164 so as to protect antennas and other electronic circuits, and also to provide a space to place visible information on the surface of the smart card. In addition, similarly to the passport 130, the biometric sensor and the optional indicate can be visibly arranged on the surface layer. This card-type electronic passport is also applicable to the following embodiments. That is, the passport or electronic passport described in the embodiments may be either a paper passport embedded with the smart card, or paperless electronic passport implemented as a smart card.
In accordance with one embodiment of the present invention, the terminal module 190 is designed to used with an electronic passport such as the electronic passport 130 embedded with the smart card 150 as described above. If the electronic passport 130 includes the power antenna 152 and the signal antenna 154, for example, the antenna 194 is adapted to wirelessly transmit the power signal to be received by the power antenna 152, and also to receive the wireless signal transmitted from the signal antenna 154. Preferably, the terminal module antenna 194 is provided on the support plate 192 such that when the electronic passport (or smart card) is placed on the support plate 192 the signal transmission antenna 154 substantially aligns on the terminal module antenna 194. Typically, the terminal module antenna 194 is substantially larger than the signal antenna 154 of the electronic passport, the signal antenna 145 will be placed on a portion 196 of the antenna 194, as shown in
As described above, in accordance with embodiments of the present invention, the biometric information detection and the authentication process using the biometric information are performed on-board (on-card) by the smart card or the electronic passport. That is, the authentication of a cardholder/passport holder is performed without externally communicating the sensitive information such as fingerprint patterns and personal information, and such sensitive information is confined within the smart card or the electronic passport. In the case where the authentication result and related personal information is wirelessly transmitted, the transmission signal has a very short range, typically the order of millimeters, and thus is only received by the terminal module on which the smart card or electronic passport is properly placed. Accordingly, the authentication process and personal information retrieval can be done locally, and the sensitive information does not have to fly over the air or travel through the network system such as the Internet. In addition, since the full authentication can be performed locally (on-board), it is not affected by any accident or unavailability of access to an external network system or a central database.
However, under certain circumstances, it may be preferable to communicate the biometric information and/or personal information of an individual with an external system beyond the terminal module. For example, in the airport, the authentication result may be monitored by the airport security personnel, and the authentication result and necessary personal information may be transmitted to a monitoring device/terminal within a local computer network. In addition, in some suspicious cases, the biometric information such as fingerprints may need to be screened against that contained in a criminal record, terrorist list database, immigration records, and the like, which are typically maintained in a government central database. For example, when the smart card or electronic passport might have been counterfeited, all of the information stored in the suspicious smart card or passport may need to be examined and compared against the corresponding information of a legitimate individual as claimed to be. Thus, the terminal module may also have a capability of communicating with outside computer system in accordance with one embodiment of the present invention
Since the electronic passport (or the smart card therein) is powered by the power wirelessly transmitted from the terminal module, as the electronic passport leaves the power range of the terminal module, the supply voltage reduces and eventually shuts down, turning off the sensor module of the electronic passport. Thus, in accordance with one embodiment of the present invention, the sensor module of the electronic passport (smart card) is automatically initialized in response to a predetermined level of an increasing supply voltage after the supply voltage was shut down. The initialization is typically done by initializing the processor unit of the smart card. If the processor unit includes an authentication CPU and a dual mode interface circuit, for example, the authentication CPU may be initialized using the threshold voltage of the increasing supply voltage, and then the dual mode interface circuit may be initialized using a reset signal supplied from the authentication CPU.
While embodiments and applications of this invention have been shown and described, it would be apparent to those skilled in the art having the benefit of this disclosure that many more modifications than mentioned above are possible without departing from the inventive concepts herein. The invention, therefore, is not to be restricted except in the spirit of the appended claims.
Claims
1.-195. (canceled)
196. A smart passport for authenticating a person presenting the passport, the passport comprising:
- a passport substrate;
- a power circuit, integrated with the passport substrate, having a power antenna to receive a wirelessly-transmitted power signal and a power output to generate at least one supply voltage from the received power signal;
- a biometric sensor, integrated with the passport substrate and powered by the at least one supply voltage, the biometric sensor detecting biometric information from a purported skin site of the person's body and determining whether the purported skin site is living tissue;
- a processor unit, integrated with the passport substrate and powered by the at least one supply voltage, the processor unit having a biometric input coupled with the biometric sensor, and having an authentication signal output,
- a signal antenna, integrated with the passport substrate and in communication with the authentication signal output to wirelessly transmit the authentication signal,
- wherein the authentication signal output is generated to indicate whether the person is authenticated according to the detected biometric information and whether the person is determined to be alive.
197. The smart passport of claim 196, wherein:
- the passport substrate has a passport holder's photograph and personal data disposed thereon; and
- the biometric sensor is located away from the passport holder's photograph and personal data.
198. The smart passport of claim 196, wherein the biometric sensor is located near an edge of the passport.
199. The smart passport of claim 196, further including an indicator coupled with the authentication signal output to indicate whether the person is authenticated using at least one of:
- a light emitting diode (LED);
- a liquid crystal display (LCD); or
- a sound player.
200. The smart passport of claim 196, wherein the biometric sensor is substantially transparent.
201. The smart passport of claim 196, further comprising:
- a display, integrated with the passport substrate and powered by the at least one supply voltage, the display showing an image associated with a passport holder according to whether the person is authenticated.
202. The smart passport of claim 196, wherein the biometric sensor is substantially transparent and overlaid on the display.
203. The smart passport of claim 196, wherein the power antenna comprises a plurality of power antennas coupled with a regulator, each of the plurality of power antennas having a turn number less than 5.
204. The smart passport of claim 196, further comprising:
- a clock circuit that generates a clock signal from the received power signal.
205. The smart passport of claim 196, wherein the wherein the authentication signal output is generated as an encrypted authentication signal output.
206. The smart passport of claim 205, wherein the wireless module transmits the encrypted authentication signal.
207. The smart passport of claim 196, further comprising:
- a memory that stores biometric information of a passport holder,
- wherein the authentication signal output is generated to indicate whether the person is authenticated according to the detected biometric information by comparing the detected biometric information against the stored biometric information of the passport holder.
208. A terminal module for authenticating a person holding a smart card, the terminal module comprising:
- a support plate sized to receive the smart card;
- a processor unit;
- a power antenna coupled with the processor unit; and
- a signal antenna coupled with the processor unit,
- wherein, when the smart card is in proximity to the support plate, the signal antenna wirelessly receives an authentication signal from the powered smart card in response to the smart card wirelessly receiving power from the power antenna, and
- wherein the signal antenna wirelessly transmits a result signal to the smart card in accordance with the received authentication signal, the received authentication signal generated by the smart card to indicate whether the person is authenticated according to biometric information detected by a biometric sensor of the smart card and whether the person is determined to be alive according to a liveness sensor of the smart card.
209. The terminal module of claim 208, wherein the received authentication signal is encrypted, and further comprising:
- a decryption circuit that is coupled to the processor unit and decrypts the encrypted authentication signal and outputs a decrypted authentication signal;
- an encryption circuit that is coupled to the processor unit and encrypts the result signal prior to the signal antenna wirelessly transmitting the result signal to the smart card.
Type: Application
Filed: Nov 5, 2014
Publication Date: Feb 16, 2017
Inventor: Tamio Saito (San Jose, CA)
Application Number: 14/533,388