`
`(19) World Intellectual Property
`Organization
`International Bureau
`
`1111111111111111 IIIIII IIIII 11111111111111111111 lllll 111111111111111 lllll 11111111111111111111111
`
`( 43) International Publication Date
`1 July 2004 (01.07.2004)
`
`PCT
`
`(10) International Publication Number
`WO 2004/055738 Al
`
`(51) International Patent Classification 7:
`G06K 9/00
`
`G07C 9/00,
`
`(21) International Application Number:
`PCT/NO2003/000421
`
`(22) International Filing Date:
`1 7 December 2003 (17.12.2003)
`
`(81) Designated States (national): AE, AG, AL, AM, AT, AU,
`AZ, BA, BB, BG, BR, BW, BY, BZ, CA, CH, CN, CO, CR,
`CU, CZ, DE, DK, DM, DZ, EC, EE, EG, ES, FI, GB, GD,
`GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, KR,
`KZ, LC, LK, LR, LS, LT, LU, LV, MA, MD, MG, MK, MN,
`MW, MX, MZ, NI, NO, NZ, OM, PG, PH, PL, PT, RO, RU,
`SC, SD, SE, SG, SK, SL, SY, TJ, TM, TN, TR, TT, TZ, UA,
`UG, US, UZ, VC, VN, YU, ZA, ZM, ZW.
`
`(25) Filing Language:
`
`(26) Publication Language:
`
`English
`
`English
`
`(30) Priority Data:
`20026097
`
`18 December 2002 (18.12.2002) NO
`
`(71) Applicants and
`(72) Inventors: MATHIASSEN, Svein [NO/NO]; Homans(cid:173)
`byveien 4, N-1389 Heggedal (NO). MATHIASSEN, Ivar
`[NO/NO]; Gaupeveien 21, N-8515 Narvik (NO).
`
`(84) Designated States (regional): ARIPO patent (BW, GH,
`GM, KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZM, ZW),
`Eurasian patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM),
`European patent (AT, BE, BG, CH, CY, CZ, DE, DK, EE,
`ES, Fl, FR, GB, GR, HU, IE, IT, LU, MC, NL, PT, RO, SE,
`SI, SK, TR), OAPI patent (BF, BJ, CF, CG, CI, CM, GA,
`GN, GQ, GW, ML, MR, NE, SN, TD, TG).
`
`Published:
`with international search report
`
`(74) Agent: ABC-PATENT, SIVILING. ROLF CHR. B.
`LARSEN A.S; Postboks 6150 Etterstad, N-0602 Oslo
`(NO).
`
`For two-letter codes and other abbreviations, refer to the "Guid(cid:173)
`ance Notes on Codes and Abbreviations" appearing at the begin(cid:173)
`ning of each regular issue of the PCT Gazette.
`
`(54) Title: DEVICES FOR COMBINED ACCESS AND INPUT
`
`~ ~--~~;~~~~-~~;i~-~-7
`\J ~ i __ with S:ftware
`~•~--:.:..=.;----------' : ___ _
`,---
`Portable Device _________ !
`with integral
`Sensor
`
`Integral
`Device
`embedded in
`Terminal
`
`iiiiiiii
`
`---iiiiiiii
`----iiiiiiii -iiiiiiii
`
`iiiiiiii -
`
`---i
`
`iiiiiii
`iiiiiiii
`
`- 0
`
`0
`~ r--...
`" ' (57) Abstract: A portable or embedded access device is provided for being coupled to, and for allowing only authorized users access
`" ' to, an access-limited apparatus, device, network or system, e.g. a computer terminal, an internet bank or a corporate or government
`~ intranet. The access device comprises an integrated circuit (IC) (1) providing increased security by bridging the functionality of
`"" fingerprint input from a user and, upon positive authentication of the user's fingerprint to provide secure communication with the
`0
`said access-limited apparatus, device, network or system. A corresponding method of using the portable device the embedded device
`~ is disclosed for providing a bridge from biometrics input to a computer, into secure communication protocol responses to a non-
`biometrics network.An embedded access control and user input device or apparatus for being a built-in part of stand alone appliances
`0 with some form of access control, e.g. hotel safes, medicine cabinet or the like, and for providing increased security, is also provided.
`> Further, a method of providing secured access control and user input in stand-alone appliances having an embedded access control
`
`;;, or user input device according to the invention is also explained.
`
`ASSA ABLOY Ex. 1018 - Page 1
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`1
`
`DEVICES FOR COMBINED ACCESS AND INPUT
`This invention is in general related to access and input
`devices for giving access and allowing user input in access
`
`apparatuses,
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`appliances,
`
`systems or
`
`limited devices,
`networks.
`In particular the invention is related to a portable and
`an embedded access or input devices and methods of using
`these in order to obtain a high level of security.
`Automated access from a device or terminal to another
`device or a network/ server is subject to authentication of
`authorized users. Such automated access eliminates manual
`authentication of the user by human recognition, and has to
`rely on some form of electronic identification of the user.
`One way to resolve such electronic identification of the
`user is to issue a secret password to the user. Another
`method is to issue a physical token to the user. In both
`cases the system relies on the assumption that the person
`knowing
`such password, or alternatively carrying
`such
`physical token, has proved his identity, assuming that this
`has authenticated the authorized user. This is not the case,
`as passwords, or tokens, may intentionally be passed away to
`a third person, or non-intentionally and illegally acquired
`by such third person. Despite these obvious shortcomings of
`such identification by something you know (e.g. a password)
`or something you carry (e.g. a token) this method is still
`the dominating method of user identification to networks/
`servers, etc. because it is practical, but mainly because no
`better alternative is still commercially available in greater
`scale.
`An alternative identification method is by something you
`are, meaning
`some
`sort of
`secure
`identification by
`biometrics, such as fingerprints. Al though biometrics is
`gaining ground, this happens slowly and is not employed in a
`greater scale. There are several reasons for this slow growth
`in biometrics identification for access to networks and
`
`ASSA ABLOY Ex. 1018 - Page 2
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`servers;
`
`2
`
`5
`
`10
`
`a.
`
`Biometrics has to gain wide public acceptance.
`
`from
`the benefit
`the case as soon as
`This will be
`biometrics identification outranks assumed disadvantages.
`This
`includes
`lack of knowledge about, and
`lack of
`available biometrics solutions. Very
`few users will
`
`acquire biometrics solutions per se, if such biometrics do
`not
`form part of an overall solution that provides
`substantial benefits to the user in the form of increased
`convenience and availability. Basically this item will be
`resolved when items (b) and (c) are resolved.
`The unit cost of biometrics sensors still needs to be
`
`b.
`
`reduced, to achieve widespread commercial solutions. This
`is partly pending on cost-efficient designs, which are
`
`15
`
`continuously evolving, but mainly pending on volume. This
`
`item will accordingly be resolved when
`resolved.
`
`item
`
`(c)
`
`is
`
`c.
`
`The major obstacle against secure access authentication
`by biometrics is that the systems and solution providers
`
`20
`
`25
`
`30
`
`must embed biometrics access control in their systems. The
`major obstacle to this is that there are still no commonly
`
`accepted international standards of biometrics. A system
`or solution provider must therefore choose between several
`
`alternative emerging biometrics standards, at the risk of
`choosing the wrong one, or one of the standard proposals
`that will not be the dominating winner. Most major system
`providers are reluctant to make a choice on this basis,
`because of the grave consequences from a wrong selection;
`- The costs involved by modifying software on servers
`
`etc. are considerable, especially if the non-winning
`standard is selected, and the software modification
`
`process has to be repeated in the near future. The price
`of biometrics hardware adds to this.
`
`ASSA ABLOY Ex. 1018 - Page 3
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`3
`
`- The negative public relation effects from selecting the
`non-winning biometrics standard may be serious, and
`shall not be under-emphasized.
`- The
`time
`to market will be severely prolonged if
`selecting a non-winning biometrics standard. This is
`further aggravated by the lead this will give any major
`competitors having selected
`the winning biometrics
`standard from the outset. This may upset the entire
`ranking between major solution providers.
`Prior-art attempts to resolve this problem have been to
`enforce biometrics standards. However, there are currently
`several alternative standards battling side-by-side without
`any clear winner yet. Some known attempts to resolve the
`
`5
`
`10
`
`problems have been to use extracted specifics of biometrics
`to form encryption keys. One such solution is described in US
`
`15
`
`identical biometrics
`it requires
`patent 5,995,630 as
`representation at the receiving end (e.g. a network server).
`A similar approach is described in US patent 5,991,408.
`However, none of these resolves the problem of avoiding the
`need to choose a biometrics standard as they both pose an
`even more
`serious problem
`that will delay biometrics
`implementation even further; namely proprietary solutions.
`Other attempts
`to
`resolve
`the problem are
`focused on
`improving the communication security by the concept of public
`key cryptosystems, as e.g. per European patent EP O 225 010
`Bl. Though such systems enhances the security of network
`communication over insecure communication lines, the public
`key cryptosystems do not prove that the bearer of electronic
`certificates (checksums of keys and other identity features)
`is actually the right person. In addition these systems do
`still require a PIN code for the user to access the PKI
`system with electronic certificates. This means that yet
`another PIN code has to be remembered by the user. Moreover,
`the system security is no better than the protection of this
`PIN code. As a countermeasure to breaking PIN codes,
`the
`
`20
`
`25
`
`30
`
`35
`
`ASSA ABLOY Ex. 1018 - Page 4
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`4
`
`industry tends to make longer and longer PIN codes, making it
`even more difficult for the user to remember these. The
`natural response of the users is to write down the PIN codes,
`leaving the potential security breach wide open.
`Accordingly the present two main directions of prior-art
`attempts to resolve the problems (biometrics encryption, and
`biometrics representation on servers, on one hand and the
`concept of public key cryptosystems on the other hand) do not
`really solve the above problems in network communication, and
`certainly not for secure access to devices and apparatuses.
`Apparent competitors to the portable embo,diments of the
`present invention are so-called USB Dongles with memory
`onboard (up to 1 Gb). Some of these USB Dongle memory devices
`are even equipped with fingerprint sensors
`to prevent
`
`unauthorized access to the information stored onboard the USB
`Dongle. While these devices may physically look somewhat
`-alike one of
`the preferred embodiments of
`the present
`invention, there is no similarity in their functionality at
`all. The USB Dongles presently on the market are purely
`portable storage means, while the present invention focuses
`on
`secure
`communication
`triggered by
`an
`authorized
`fingerprint on such portable devices.
`On this basis the major solution providers are hesitant
`to make an early move, though there is a general consensus
`that biometrics access control is far more secure, and
`convenient,
`than password-based or
`token-based access
`control. However, when the market leaders are hesitant to
`provide biometrics access methods widely offered to the
`market, the lack of availability to the general public will
`
`continue to restrain the growth of biometrics access control
`systems.
`It is one object of the present invention to overcome the
`above limitations by providing a portable access device for
`being coupled to, and for allowing only authorized users
`access to, an access-limited apparatus, device, network or
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`ASSA ABLOY Ex. 1018 - Page 5
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`5
`
`system, e.g. a computer terminal, an internet bank or a
`corporate or government
`intranet comprising
`a device
`interface, being electronic or mechanical or both,
`for
`coupling the device to the access-limited unit, e.g. a
`computer terminal port.
`It is a
`second object of
`invention to
`the present
`overcome
`the above
`limitations
`by providing an embedded
`access device for integration into peripherals of networked
`computers or
`communication
`terminals,
`to
`allow only
`authorized users access to all types of proprietary networks
`(LAN, WAN, etc.) typically represented by internet banking
`applications,
`corporate
`and government
`intranets,
`and
`similar.
`It is a third object to provide a method of using a
`portable access device or an embedded access device for
`providing a bridge from biometrics input to a computer, into
`secure communication protocol responses, to a non-biometrics
`network.
`It is yet another object to provide a portable or
`embedded access device and methods of using these, which
`provides improved security as compared to present technology.
`It is a
`further objective of the present
`invention
`provide a portable or embedded access device and methods of
`using such which does not require a transfer of biometrics
`fingerprint information over otherwise open and insecure
`parts of communication systems using such devices.
`It is yet another object of the present invention provide
`a portable or embedded access device and methods of using
`such which does not rely on the development on international
`biometrics standards.
`It is a further object of the invention to provide a
`combined embedded access control and user input device or
`apparatus and use of such a device which can be a built-in
`part of stand-alone appliances with some
`form of access
`control which also satisfies the objectives set out above.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`ASSA ABLOY Ex. 1018 - Page 6
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`6
`
`It is yet a further object of the invention to provide a
`
`method of improved secure access control and user input in
`
`stand-alone appliances having an embedded access control or
`user input device as given above.
`
`5
`
`The objects of the invention as set forth above are
`
`obtained with a portable device as given in independent claim
`
`1.
`
`Preferable embodiments of the portable device are given
`
`in the dependent claims 2-6.
`
`10
`
`The objectives of the invention are also obtained with an
`
`embedded access device as given in independent claim 7.
`
`Preferable embodiments of the embedded access device are
`
`given in the dependent claims 8-9.
`
`The objectives of the invention are also obtained with a
`
`15
`
`method of using a portable access device according to claim 1
`
`or an embedded access device according to claim 7 in a way as
`
`given in the independent claim 10.
`
`Preferable embodiments of the method are given in the
`
`dependent claims 11-17.
`
`20
`
`The objectives of the invention are also obtained with an
`
`embedded access control and user input device or apparatus
`
`having the features as given in the independent claim 18.
`
`Preferable embodiments of the embedded access control and
`
`user input device or apparatus are given in the dependent
`
`25
`
`claims 19-21.
`
`The objectives of the invention are also obtained with a
`
`method of secured access control and user input in stand(cid:173)
`
`alone appliances as given in the independent claim 22.
`
`The
`
`invention will now be described
`
`in detail by
`
`30
`
`references to the accompanying figures where
`
`Fig. la
`
`Shows
`
`a
`
`network
`
`(N)
`
`or
`
`a
`
`system using
`
`a
`
`fingerprint sensor according to prior art.
`
`Fig. lb
`
`Shows
`
`a network
`
`(N) or a
`
`system of devices
`
`35
`
`employing a biometrics device according to the
`invention.
`
`ASSA ABLOY Ex. 1018 - Page 7
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`7
`
`Fig. 2b
`
`Fig. 2a
`
`Shows a first realization of an integrated circuit
`that is an integral part of the invention.
`Shows
`a
`second realization of an
`integrated
`circuit that is an integral part of the invention.
`Figs. 3a,3b
`Shows a portable access device according to
`the invention in the form of a USB dongle.
`
`Fig. 5
`
`Fig. 9
`
`Illustrates how an access control and user input
`device or apparatus according to the invention can
`
`be embedded in the gear stick or steering wheel of
`a car.
`traditional biometrics approach, as per current
`The
`methods, is illustrated in Figure lA. The User places, or
`swipes his finger
`(A) over the access/input device with a
`fingerprint sensor (B). The entire image from the sensor (B)
`
`Shows a portable access device according to
`Figs. 4a,4b
`the invention in the form of a PCMCIA card
`PCMCIA
`card where
`Figs. 4c Shows
`the
`integrated
`a
`fingerprint sensor
`is protected underneath
`a
`sliding lid,
`for mechanical protection of
`the
`sensor.
`Illustrates how an access device according to the
`invention may be embedded as part of the keyboard
`or mouse of
`a
`computer
`terminal or
`laptop
`computer.
`Illustrates how an access control and user input
`device or apparatus according to the invention may
`be arranged as a built-in part of a hotel safe.
`Illustrates how. an access control and user input
`device or apparatus according to the invention may
`be arranged as a built-in part of a medicine
`cabinet.
`Illustrates how an access control and user input
`device or apparatus according to the invention can
`be applied in a portable door control unit for the
`electronic systems in automotive applications.
`
`Fig. 6
`
`Fig. 7
`
`Fig. 8
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`ASSA ABLOY Ex. 1018 - Page 8
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`8
`
`is transmitted from the access/input device to the processor
`(C)
`(e.g. a PC) where
`implemented Software Module(s)
`(D)
`acquires the sensor signals and processes them to reconstruct
`a 2-dimensional fingerprint image, and thereafter extracts
`the particulars of
`the fingerprint, and finally either
`perform a matching locally at the PC
`(C) or transmits the
`interpreted fingerprint essentials to a server in a network
`
`(E) •
`
`In an access-limited apparatus, device, network or system
`(N), e.g.
`a computer
`terminal, an
`internet bank or a
`corporate or government intranet, ~ portable access device
`for allowing only authorized users access is preferably
`arranged as shown schematically in Figure lB. A biometrics
`
`(B), or
`processor (Fl) may be integrated with the sensor
`alternatively mounted as a separate integrated circuit (F2)
`next
`to or closely coupled
`to
`the
`sensor
`(B),
`or
`alternatively be embedded in a PC or its peripherals (F3).
`The sensor (B) and the biometrics processor (F; referring to
`Fl, F2, or F3) may work ih a stand-alone mode (e.g. in a
`hotel safe without connection to a network) or be may be
`connected to another device (C) and optionally networked (E).
`The biometrics processor as an
`integrated circuit
`is
`exemplified in Figures 2A and 2B. The advantages of this
`configuration are multiple. As the biometrics processor (F)
`is directly connected to he sensor
`(B)
`the biometrics
`processor
`(F) can be tailored to optimize the interaction
`between the sensor (B) and the biometrics processor (F). Such
`tailoring of the biometrics processor (F) to the sensor (B)
`combined with is direct connection to the sensor
`(B), or
`integration
`therein, enables
`inclusion of methods and
`procedures that severely constrains interception of the
`signals between the sensor (B) and the biometrics processor
`( F) . It further significantly reduces the network traffic
`between the sensor
`(B)
`/ biometrics processor (F) and the
`other networked processors (C and N). The major advantage is,
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`ASSA ABLOY Ex. 1018 - Page 9
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`9
`
`that the biometrics processor can transform the
`however,
`biometrics from the sensor
`(B)
`to general communication
`security measures in a network, such as including Secure Key
`Generation (SKG) as basis for encryption into the biometrics
`processor (F). By this method biometrics sensors (B) may be
`connected to a network (C and N)
`in a secure manner according
`
`the
`that
`infrastructure, without requiring
`to existing
`the network system architecture makes any
`supplier of
`decision on which biometrics standard will evolve in the
`future as the winning standard. By this method the biometrics
`processor (F) becomes a bridge between biometrics sensors (B)
`and current infrastructure of networks (E).
`A biometrics sensor in the form of a fingerprint sensor
`(5) is coupled with a biometrics processor in the form of an
`integrated circuit -
`IC (1) that is the core device of the
`invention. Two versions of the IC are shown in Figures 2A and
`2B. The details of the ICs will now be explained.
`The sensor
`( 5)
`is connected to a fingerprint sensor
`signal capturing and pre-processing block (SC) via a first
`interface block (SA) as well as a wake-up circuit (SB), the
`function of the latter being to power up all other blocks of
`
`( 5)
`( 1) . When a finger is detected on the sensor
`the IC
`surface, the output signals from the sensor (5) will raise
`beyond a pre-set threshold, triggering the wake-up circuit
`( 5B)
`to power up
`the rest of the
`IC
`( 1)
`in a pre-set
`sequence. The first blocks to be powered up are the Image
`Capture and Pre-processing block (SC) as well as the high(cid:173)
`speed bus (3) and the volatile memory (6 or 6C), all of which
`are connected to the high-speed bus (3). The pre-processing
`block
`is designed
`to perform
`the
`initial, heavy-duty
`p~ocessing of the captured raw images from the sensor (5).
`The intermediate results are stored in the volatile memory
`(6A or 6C) that is interfaced via the high speed bus (3) to a
`first memory interface block (6B or 6D). The volatile memory
`(6A or 6C) thus provides working memory that is available to
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`ASSA ABLOY Ex. 1018 - Page 10
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`10
`
`5
`
`10
`
`other modules on the IC (1).
`Meanwhile the remaining blocks of the IC (1) are powered
`
`up in a pre-set sequence, starting with the central processor
`(2) being a powerful processor, such as ARM 9, or equivalent.
`The processor unit (2) is also connected to the high-speed
`bus
`(3) for allowing communication with the other on-chip
`
`components or modules. When the pre-processing block (SC) has
`
`crunched the captured raw images to an intermediate stage of
`
`i.e. a dataset of
`information,
`significantly compressed
`reduced size, denoted intermediate fingerprint data. The
`intermediate
`fingerprint data are
`fed
`to
`the central
`processor (2) for final reduction of the captured fingerprint
`image
`to
`compact
`fingerprint
`representations,
`called
`minutiae. Such minutiae are distinct points where fingerprint
`
`15
`
`lines (ridges) starts or stops, or locations of bifurcation
`
`of the ridges and may be described by at least a vector
`comprising X and Y coordinates,
`and direction of
`the
`
`individual minutiae, stored as an alphanumeric string in non(cid:173)
`volatile memory (7, 7A or 7C). The non-volatile memory (7, 7A
`
`20
`
`or 7E) being coupled to the high-speed bus (3) via a second
`memory interface block
`(7B or 7D), is typically used for
`
`25
`
`storing program code, e.g. administrative software, tailored
`security output responses, secret information like seed and
`
`key number(s) for the encryption, electronic certificates and
`fingerprint
`representations
`in
`the
`form of so-called
`minutiae. These fingerprint representations (master minutiae)
`are compared by
`the central processor
`(2) with master
`fingerprint representations stored in non-volatile memory (7,
`7A or 7C). If a positive match is established, the chip may
`
`30
`
`proceed with generating a secure key (SKG) either processed
`by a special algorithm on the central processor (2) based on
`
`a seed pre-stored in the non-volatile memory (7, 7A or 7C),
`or alternatively embedded in hardware block (8A). If the same
`
`SKG algorithm is run on two separate computers (e.g. a server
`(30) and the central processor
`(2) on the IC (1)) it will
`
`35
`
`ASSA ABLOY Ex. 1018 - Page 11
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`11
`
`yield the same key, or password, when the identical algorithm
`
`on both of the
`
`two separate computers is fed with the
`
`identical seed. While the algorithms normally are assumed
`
`5
`
`known, and may be the same for all computers in a network
`(N), or for a user sub-set, the seed is individual and secret
`and only known by the system administrator and the user. The
`
`SKG algorithm may be constructed to produce a pseudo-random
`
`identical key on both computers
`
`(2 and 30) that is either
`
`valid for a time frame, or alternatively changes for each
`
`10
`
`transaction. This may require that the present key number as
`
`well as the past key number is stored in the non-volatile
`
`memory (7, 7A or 7C). Secret information such as seed, key
`
`numbers, IP address, etc. may either be scrambled by block
`
`(8) and stored on a regular Flash memory (7), or securely
`
`15
`
`stored in SmartCard environments
`
`(7A or 7C). When a key is
`
`generated, as per above, the administrative software, stored
`
`( 7, 7A or 7C) and run on the
`in the non-volatile memory
`central processor (2) may then combine information to be part
`of a secure communication between the IC (1) and the network
`
`20
`
`server (30). The information to be encrypted may comprise
`
`hardware blocks
`
`User ID, password and other info. Encryption is performed in
`(8 or BB or BC). The rules of secure
`communication enforced on the prevailing network
`(N) are
`
`25
`
`embedded in the administrative software executed on
`the
`central processor
`( 2) , and may be adapted to include PKI
`biometrics verification and hand-shake
`encryption blocks (8, BB or BC) may also be used to encrypt
`
`sequences. The
`
`general information transactions between the IC (1) and the
`
`network server (30), if desirable. Access to such extended
`
`30
`
`encryption will be given to the user pending a positive match
`
`of his
`
`fingerprint with
`
`an
`
`authorized
`
`fingerprint
`
`representation by compact minutiae tables, pre-stored in the
`
`non-volatile memory (7, 7A or 7C). The IC (1) also comprises
`
`hardware and/or software required to supply output signals to
`
`35
`
`a number of second interface blocks (9A, 9B, 9C or 9D) for
`
`ASSA ABLOY Ex. 1018 - Page 12
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`12
`
`transferring data to other devices and networks (N) external
`
`to the IC (1). In the present invention the IC (1) is adapted
`
`to provide data to the external access-limited apparatus,
`
`device or system. This second interface block may comprise
`
`5
`
`hardware and software for supporting a USB
`
`(9A), Ethernet
`
`(9B), GPIO
`
`(9C), PCMCIA/UART
`
`(90) and/or SmartCard
`
`(7C)
`
`interface. Except from the USB and the Ethernet interfaces,
`
`the second interface blocks are serviced by a bus
`
`(4) with
`
`lower bandwidth and capacity than the high-speed bus (3). The
`
`10
`
`two buses (3 and 4) are connected by a bus bridge (llC). The
`
`hardware blocks that are not dependent on high speed are
`
`connected to the slower bus (4). The hardware blocks of the
`
`IC
`
`(1) are designed to perform their respective tasks in a
`
`minimum of time, and to interact with each other with a
`
`15
`
`minimum of delays and queuing. In addition to the hardware
`
`blocks the central processor (2) executing the administrative
`
`software renders a high degree of flexibility in adapting the
`
`programming to secure communication with external devices and
`
`networks (N) .
`
`20
`
`Thereby the IC (1) is designed as a multi-purpose tool
`
`that can service a fingerprint sensor (5) in a stand-alone
`
`mode, but it can also communicate with external devices and
`
`networks (N) by bridging the biometrics from the sensor (5)
`
`to a non-biometrics representation into the network (N) and
`
`25
`
`onto
`
`its server(s)
`
`(30). The
`
`IC
`
`(1)
`
`transforms
`
`the
`
`fingerprint, under prevailing secure communication rules, to
`
`a regular representation by e.g. password and User ID on a
`
`server (30).
`
`The main difference between the ICs (1) of Figure 2A and
`
`30
`
`2B is that the version in Figure 2B has volatile memory (6C)
`
`and non-volatile memory (7A) as integrated blocks in the IC
`
`(1) thus reducing the demand for data exchange with external
`
`memory and thus further enhancing the security and speed of
`
`operation of
`
`the device by containing almost all data
`
`35
`
`processing of the fingerprints, and therefrom automatically
`
`ASSA ABLOY Ex. 1018 - Page 13
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`13
`
`triggered security responses, internally within the IC (1).
`The utilization of the IC
`(1) for authentication of an
`authorized user to access an intranet comprising a server
`( 30)
`in a network
`(N) will first be explained for
`the
`alternative where the IC
`( 1)
`is a portable device to be
`plugged into a terminal (31) of the network, either as USB
`dongle, as illustrated in Figure 3A and 3B, or as a PCMCIA
`card, as illustrated in Figure 4A and 4B.
`In one embodiment of the invention, the portable device
`has an IC (1) being mounted on a small printed circuit board
`PCB
`(12B) also carrying a fingerprint sensor (5). The PCB
`(12B) is connected to at least one of a USB interface (12C)
`or a PCMCIA mechanical interface (13B). Electronic surface
`components to support at least one of the USB mechanical
`interface (12C) and the PCMCIA mechanical interface (13B) are
`mounted on the PCB
`(12B). An SDRAM chip (6), typically at
`least with 4 MB capacity, is also mounted on the same PCB
`(12B). Further
`a non-volatile serial Flash chip
`(7),
`typically with at least 256 Kbytes capacity, is also mounted
`on the same PCB
`(12B). In this embodiment all preceding
`components and chips are protected inside a housing (12A or
`13C).
`In another alternative embodiment of the invention the
`portable device has a housing designed with a recess thus
`enabling a finger
`(A)
`to be placed on, or swiped over the
`sensor (5). With the sensor arranged in the bottom of the
`recess, it will be have some protection, while still being
`conveniently accessible by the finger (A).
`In yet another embodiment of the invention the portable
`device is designed with a housing which is equipped with a
`sliding lid (13D) enabling a finger (A) to be placed on, or
`swiped over the sensor (5) being protected under said sliding
`lid, but still conveniently accessible by the finger (A).
`The sliding lid (13D) may be forced into closed position
`by a spring, thus fully covering the sensor
`(5) when the
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`ASSA ABLOY Ex. 1018 - Page 14
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`WO 2004/055738
`
`PCT/NO2003/000421
`
`14
`
`(A) when a
`sliding lid is not pushed aside by a finger
`fingerprint image is to be captured. A finger guide structure
`(13E) is placed adjacent to the sliding lid (13D) when the
`sliding lid (13E) is in closed position, fully covering the
`sensor (5). The purpose of the finger guide
`(13E)
`is to
`intuitively guide the finger (A) in correct position to open
`the sliding lid
`(13D) and thereby swipe the finger
`(A)
`correctly over the sensor (5) if the sensor (5) is of the
`swipe type. In this embodiment the UART interface (9D) on the
`IC (1) typically supports the PCMCIA port (13B).
`In a further embodiment of the invention the portable
`device is equipped with non-volati