MXPA99009658A - A fingerprint recognition system - Google Patents

Abstract

A method and apparatus for fingerprint recognition is provided. A fingerprint is detected on a sensor (520). The fingerprint is digitized (525). A digitized background is subtracted from the fingerprint, resulting in a difference print (530). The difference print is matched with a data base of fingerprint templates (660).

Description

A DIFFERENT FOOTPRINT RECOGNITION SYSTEM FIELD OF THE INVENTION The present invention relates to biometrics, and more specifically, to the verification and electronic identification of individuals using biometrics. BACKGROUND OF THE INVENTION Making computer systems and electronic transactions secure becomes more and more important as we enter the electronic age. The existing password and cryptography techniques seem correct to solve the security problems of computer systems, electronic commerce and electronic transactions. These solutions ensure that the set of digital identification keys associated with an individual can safely carry out electronic transactions and exchanges of information. However, little has been done to ensure that identification keys can be used only by their rightful owners. This is a critical link that needs to be made secure if secure access to computers, e-commerce, home banking, point of sale, electronic transactions and similar mechanisms becomes truly secure. Currently, passwords handle the majority of these topics. For example, most electronic transactions, such as accessing computer systems, withdrawing money from ATM machines, processing debit cards, electronic banking and transactions similar ones require passwords. Passwords are an imperfect solution because more and more systems trying to become secure require a user to memorize a list of always-expanding passwords. In addition, passwords are relatively easy to obtain when observing an individual when he or she is entering the password. In addition, there is no guarantee that users will not communicate their passwords to one another, lose passwords or be stolen. 20 As a result, passwords are not considered sufficiently secure for many functions. Increasingly, fingerprint identification is considered. Fingerprints have the advantage of being unique for a individual person, without requiring memorization, and - being relatively difficult to appropriate. Therefore, some secure systems are changing to fingerprint recognition. Fingerprint recognition generally requires a user to place their finger on a fingerprint detection device. Each fingerprint consists of a unique installation of wrinkles and furrows. The fingerprint detection device transmits an analogous image of the user's fingerprint, through a coaxial cable, to a computer system. The computer system then compares the fingerprint with a database of fingerprint patterns in the computer system. However, there are several problems with the fingerprint identification methods of the prior art. First, in the fingerprint detection devices, the devices in which the finger is placed are generally bulky. This means that the devices can not be adapted for use with laptops, public electronics, or in situations where space is precious. In addition, fingerprint devices - - In general, they require a connection to an electrical outlet in addition to the connection to the computer system. This means that if the fingerprint device needs to be used, it occupies an additional power socket. Accordingly, such devices can not be adapted for use in situations where extra energy intakes are not available. In addition, because conventional fingerprint devices generally transmit an analogous image of the fingerprint, through a coaxial cable, security can be violated. The analogous fingerprint image can be obtained by intercepting the image transmitted by the coaxial cable. Consequently, if a fake user has an image capture device, he or she may be able to impersonate an original user, by forwarding a captured image. This reduces security in cases where the actual fingerprint detection procedure is not observed by anyone. In addition, because fingerprint processing in conventional systems generally takes place in the computer system, the computer system itself can - Corrupt to defeat the security provided by the fingerprint detection device. In the end, the computer system decides if the fingerprint received from the device is matched with an impression in the database. The database can be altered or the process that compares the print with the database can be altered to send a false positive indication. In this way, the advantages of the fingerprint detection system can be lost. In addition, in conventional systems the user is required to interact with the fingerprint detection system. Generally, the prior art process of detecting a fingerprint is as follows. First, the user places his finger on the fingerprint sensor plate. An image of the fingerprint is displayed on the computer monitor, with a reticle filament. The user is asked to place their finger so that the reticule filaments are centered, and the print is displayed clearly. When the user has determined that the finger is in the appropriate position, the user must press a button to - - indicate that this is the image to be transmitted. Once the user has selected the appropriate fingerprint, the device takes an image and sends it to the computer system for processing. However, this complicated and error-prone procedure requires active participation and control by the user. It would be advantageous if such interaction were not required. In addition, conventional fingerprint devices are not very accurate if the user's finger is very dry or greasy, or if the sensing plate on which the finger is placed is dirty. This happens for various reasons. Generally, conventional fingerprint devices take a picture of the finger that was placed on the detector plate. Places where there is something that contacts the detector plate, such as a wrinkle on a finger, do not reflect the light, but absorb it. The places where there is nothing that contacts the detector plate, such as the grooves in the fingerprint, reflect the light. This produces an image of light absorbed and reflected on the detector stage. However, dirt and stains on the detector stage can also absorb light, thus producing a false image. This image represents all the dirt and stains on the detector plate, in addition to showing the real fingerprint. One method to solve this, in the prior art, is to reflect a more intense light on the finger while capturing the image. The more intense light is intense enough to break through the spots on the detector stage and consequently the light is reflected even if there is some residue on the detector stage. However, using a more intense light causes other problems. Brighter light also requires more energy. Brighter light is also less likely to receive fingerprints that are not perfectly clear. If, for example, the user's finger is dry, the wrinkles are not well defined and the brightest light may not receive them. Accordingly, a more accurate fingerprint detection method is needed, which is not adversely impacted by a dirty detector plate and which does not violate the safety of the prior art. SUMMARY OF THE INVENTION The method and apparatus for fingerprint recognition is provided. A fingerprint is detected in a detector. The fingerprint is digitized. A digitalized antecedent of the fingerprint is subtracted, resulting in an impression of distinction. The distinction print is compared to a database of digital printing patterns. The antecedent is obtained by taking an image of the detector plate when the computer is turned on and after each digital print is detected. Consequently, the current state of the antecedent is detected and subtracted, including the spots, the unevenness of illumination and other factors of the digital fingerprint. BRIEF DESCRIPTION OF THE DRAWINGS The present invention is illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which the reference numbers refer to similar elements and in which: Figure 1 illustrates a general level diagram of a sample system in which one embodiment of the present invention can be implemented.

Figure 2 is a functional block diagram of a digital processing system and detector. Figure 3 is a functional block diagram of a mode of a network-connected detector and server. Figure 4 is a functional block diagram of a modality of a portfolio. Figure 5 is a general flow diagram illustrating the process that occurs in the detector. Figures 6A and 6B are a general flow chart illustrating the process that occurs in the digital system. Figure 7 is a flow chart illustrating one embodiment of the security process in the present invention. Figures 8A and 8B are a diagram of one embodiment of the detector of the present invention. Figure 9 is an FPGA diagram of Figure 8. Figure 10 is a diagram of one embodiment of the digital system of the present invention. Figures HA and 11B are a flow diagram illustrating the process of registering a fingerprint.

Figure 12A is a flow chart illustrating the process of capturing a fingerprint image. Figure 12B is an illustration of the filtering process used in the present invention. Figure 12C is an illustration of the fingerprint snapshots taken progressively during the process of capturing the fingerprint image. Figure 13 is a flow diagram illustrating the self-launch process. Fig. 14 is a flow diagram illustrating the process of using a smart card in conjunction with the fingerprint recognition system of the present invention. DETAILED DESCRIPTION OF THE PREFERRED MODALITY A method and apparatus for electronic verification and identification of individuals using biometrics is described. In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a detailed understanding of the present invention. However, it will be apparent to one skilled in the art that the present invention can be practiced without these specific details. In other cases, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the present invention. General view Figure 1 illustrates a general view level diagram of a sample system in which one embodiment of the present invention can be implemented. A digital system 110 is a computer system that has the processing capability to compare a received scanned image with a database of scanned patterns and control a digital connection to receive the scanned image. In the preferred embodiment, the digital connection is a data bus that forms a standard universal serial bus (USB), as it is well known by those of ordinary experience in the field. In this figure the digital system 110 is represented as a computer system. The computer system 110 includes a body 120, which contains the processing power of the computer system 110. The computer system 110 also includes a screen 130.

- The screen 130 may be a liquid crystal display (LCD), a cathode ray tube (CRT) or similar deployment mechanisms. The computer system 110 includes a data entry mechanism 140. In this case, a keyboard 140 is illustrated. The keyboard 140 allows a user to interact with the computer system 110. A conventional cursor control device 145 is illustrated in detail. The cursor control device 145 can be a mouse, tracking sphere, stylus or the like. In one embodiment, the detector 150 is coupled to the computer system 110 via a cable 170. Alternatively, the detector 150 may be coupled to a computer system 110 through infrared, radio frequency, modem, network or any other digital connection direct or indirect. The detector 150 of the present invention includes a detector stage 160, on which the finger is placed for the recognition of the fingerprint. In one embodiment, cable 170 is a universal serial bus (USB) connection. It will be apparent to those skilled in the art that other digital connections can be used. The detector 150 may also have a connection to the power source. However, if the cable 170 is a USB connection, no such additional power connection is required as long as the USB connection supplies power. It should be understood that Figure 1 is merely an illustration of one embodiment of a system in which the present invention is practiced. Alternate configurations can be used, such as a portable computer 110, a digital system which does not have all the components illustrated or a detector 150 having a different shape or dimension. Figure 2 is a functional block diagram of digital system 210 and detector 250 of the present invention. In one embodiment, the digital system 210 may be incorporated into a computer system 110. The digital system 210 includes a temporary data store 215, for storing data temporarily. Temporary data storage 215 may include random access memory (RAM) and various registers. The digital system 210 further includes a database 220. The database 220 is for storing fingerprint patterns, identification data, etc. for each individual person who registers with that system. The comparator 225 is for comparing the fingerprint data. In one embodiment, the comparator 225 is able to compare the data stored in the database 220 with data stored in the temporary data storage 215. The comparator 225 has an output that determines whether the data provided is equalized or not. Security unit 230 is used to encrypt and decrypt messages sent between digital system 210 and detector 250 on line 290 and to determine, maintain and use session keys. The security unit 250 is described in detail below. An interface 235 interacts with the user and with other programs in the digital system 210 and with the detector 250. The interface 235 can display various windows in a WINDOWS or MACINTOSH environment. Windows is a registered trademark of Microsoft Corporation and Macintosh is a registered trademark of Apple Computers, Inc. The card receiving unit 240 can be integral with the digital system 210 or can be coupled to a digital system 210 through a bus, cable , infrared, or other connection methods.

The card receiving unit 240 is for receiving a signal, a smart card, a bar code, a floppy disk or a similar means which can store personal information about the card holder and may contain fingerprint information. The card receiving unit 240 may be used to verify the identity of the cardholder with respect to the fingerprint information stored on the card. The registration unit 245 allows the user to register with the digital system 210, in such a way that the user's fingerprint identification is placed in the database 220. The digital system 210 may further include a universal serial bus controller ( USB) 205. In one embodiment, the universal serial bus controller 205 couples the digital system 210 with the detector 250. The universal serial bus controller 205 provides a data conduit as well as power for the detector 250. The operation of the Universal serial bus controller 205 can be found in more detail in the Universal Serial Bus Specification, Revision 1.0, January 15, 1996.

The detector 250 is coupled to the digital system 210 through the connection 290. In one embodiment, the connection 290 is USB, which provides both data and power connections. Alternatively, the detector 250 may have a separate power connection. The detector 250 includes a data storage unit 255. The data storage unit 255 may include RAM, registers, as well as a memory. The data storage unit 255 stores intermediate values of impressions, patterns, sums, session keys, permanent detector identification and similar data. The detector 250 further includes a detection mechanism 260. The detection mechanism 260 may include a detector stage, on which a user may place his fingers for recognition. The detection mechanism 260 may be a conventional fingerprint detection mechanism, consisting of a light, which illuminates at least one prism, which reflects the impression on the detector stage. The reflected print is received through a detector facility Alternatively, the detection mechanism 260 can use other detection methods, including capacitive detectors The detector 250 also includes a digitizer 265. The digitalizer 265 digitizes received images from of the detection mechanism 260. The mechanisms that can be used to digitize an image are known in the art In one embodiment, a conventional analog to digital converter is used The detector 250 further includes a subtractor 270. The subtractor 270 is used to filter a digitized fingerprint image and subtract an antecedent image from a printout, as described below: The security unit 275 in the detector 250 corresponds to the security unit 230 in the digital system 210. However, it can also store the detector's private key, its identification, in an environment that is not tamper-proof. Finally, the detector 250 includes a unit for making the decision 280. The unit for making the decision 280 can be used to make a final determination if a fingerprint is matched with the printing in the database 220. The unit for making a decision 280 may be used when the digital system 210 is not secure, and strict security is reed. The operation of the previously described components is elaborated in detail below. In one embodiment, the digital system 210 may be a computer system, a PCMCIA card, a portable computer, a network and server station, a handheld computer, or any other system that may be capable of processing the reed data. In addition, the detector 250 can be located within the digital system 210. In such case, non-duplicative memories, security units and USB drivers would be required. Figure 3 illustrates a network in which the present invention can be used. The detector 310 is coupled to the host 320. The host 320 is enabled to connect to a network 330, which couples a plurality of systems 320, 340, 350 together. A server 340 contains the database that is compared to the fingerprint received by the detector 310. Other systems 350 may be used for its processing power. In this way, the actual fingerprint recognition process can - distributed over a plurality of systems 320, 340, 350. Such distributed processing can be used to access remote data through a network. Because neither the server 340 nor the other systems 350 are secure, for security purposes the final comparison can be made at the detector 310. This would be done by sending the processed data back to the detector 310. Consequently, the detector 310 receives the compared elements and the original fingerprint. Verifying that the compared elements truly match the original fingerprint is a process that can be performed in the detector 310. In this way, the detector 310 can send out the matched / unmatched signal, thus creating a secure system over a insecure network 330. Figure 4 illustrates a block diagram of a system embodiment that combines the functionality of detector 250 and digital system 210 into a single unit, called a wallet 400. A wallet 400 can be implemented with different configurations of software and hardware. For example, the entire portfolio 400 can reside on a smart card or can be implemented as a distributed system which can include a smart card, a database and a comparison / control software distributed in a network. The detection unit 410 has a detector plate 415 on which a finger is placed. The detection unit 410 receives the image and passes it to the digitizer 420. The digitizer 420 digitizes the fingerprint image and passes it to a comparison unit 425. The comparison unit 425 further has access to a storage unit 430, the which stores a database of patterns. The comparison unit 425 compares the characteristics of the received fingerprint with the patterns in the storage unit 430. In one embodiment, the portfolio 400 belongs only to an individual, whose printing is stored in the storage unit 430. The unit of comparison 425 passes a yes / no decision, if the print is matched, to a data flow control unit 435. The data flow control unit 435 controls access to the data stored in a data unit of data. user 440. The data flow control unit 435 may further allow the user to upload information to the portfolio 400 once the user's access to the portfolio 400 is verified.

The user data unit 440 may contain information such as the credit card number, the social security number and the identity of the user. The user data unit 440 may further contain any information that a user wishes to store in the user data unit 440. The portfolio 400 may further include a control mechanism 445, such as a keyboard, a mouse, a tracking sphere , a tactile bearing, etc. The user can use the control mechanism 445 to add data to the portfolio 400. Figure 5 is a flow chart illustrating the overview of the process occurring in the detector 250. In block 505, the detector is turned on. This may occur when the digital system 210 is turned on first. Alternatively, because the universal serial bus 290 permits self-identification, this may occur when the detector is first connected to the digital system 210. In block 510, initialization and a security communications establishment occurs. Because the connection between the digital system 210 and the detector 250 is designated to be a secure connection, an establishment of - Safety communications ensures that the detector 250 has not been replaced and that the digital system 210 has not been tampered with in an unauthorized manner. A security communications establishment can be implemented using conventional encryption or public / private key methods. In block 515, an antecedent image is captured and digitized. When the detector 250 is initialized, the optical light source in the detection unit 260 is turned on and the image is captured. At this time, there is no fingerprint on the detector plate, therefore this image is a background image. The digitized antecedent is temporarily stored in the data storage 255. Alternatively, the background image can be sent to the digital system 210 and stored in the data storage unit 315. The background image can also be used to estimate the image noise of antecedent and estimate the total antecedent. In one embodiment, each captured antecedent image is further processed to create an average antecedent, which can be used by the detector. The learning process will be discussed in more detail below.

In block 520, the system tests whether a fingerprint was detected on the detector stage. In one embodiment, the fingerprint detection is a measure of the energy level of the received light from the detector stage. If the energy level falls below a certain level, the fingerprint is detected. Alternatively, a fingerprint may be detected as a result of a pressure detector, a heat detector or a similar device. If no fingerprint is detected on the detector stage, the process returns to block 515 and a new background image is captured and digitized. In one embodiment, if a fingerprint is not detected, a new background image is captured approximately every 2 seconds. Alternatively, the original antecedent is maintained. If a fingerprint is detected, the process continues to block 525. In block 525, the fingerprint image is captured and digitized. As described above, the detection unit 250 receives an image of the fingerprint placed on the detector stage which is captured by a detector installation. The captured fingerprint - it is digitized and stored. The digitized print can be stored in the detector 250 or in the digital system 210. In the block 530, the digitized antecedent image is subtracted from the digitized fingerprint, resulting in a differential print. Subtracting the background image from the fingerprint image decreases the level of image corruption due to spots and dirt on the detector stage or to non-uniform lighting conditions. By subtracting the background image, the differential print is a clear representation of the fingerprint that is placed on the detector plate. Subtraction means here taking the difference of the acquired impression minus the background image or any function of the image and the background that diminishes the effect of the imperfections in the conditions of optics and image. In one embodiment, during subtraction, if the pixel value of the antecedent is higher than the value of the fingerprint, the result is set to an understood value. Consequently, for example, if the pixel value of the antecedent is 150 and the pixel value of the fingerprint is 30, the result can be - set to O, 30, or to another understood value understood. In this way, false subtractions and negative numbers are avoided. In block 535, an antecedent image is captured and digitized. Because the finger is removed from the detector, the image of the new antecedent is captured again, the result of the last finger spots added to the previous antecedent. In block 540, a momentary signal is received from digital system 210. A momentary signal is a signal or code used only for a particular occasion and is not reused. The momentary signal includes a date / time stamp, and possibly other data. In block 545, a random check of the differential print is created. The random check, sent with the print, ensures that the compared print is in fact the print that was captured by the detector 250. Furthermore, by including the momentary signal in the random check, the time / date of the fingerprint compared is verified . This prevents the user from resending an older print to obtain a false positive indication.

In block 550, random checking and differential printing are sent to digital system 210. Digital system 210 is used to further process the fingerprint, as described in more detail below. Figures 6A and 6B are a general flow chart illustrating the process occurring in the digital system 210. The digital system 210 can be a computer system, a server coupled to a computer system, an independent PCMCIA card, a network, or similar device or devices which have the processing power to compare fingerprints. In block 605, the system is turned on and / or coupled to the detector. In one embodiment, this occurs automatically when the computer system or other hardware on which the digital system 210 is implemented is first turned on. Alternatively, a user can initiate the present system by oppressing a key, selecting a mouse, or by coupling the detector 250 to the digital system 210 through a self-identification connection or a similar action.

- - In block 610, the universal serial bus is initialized. The universal serial bus is a communications architecture that provides a data and power connection. The universal serial bus controller 205 must be initialized in accordance with the USB specification. Alternatively, if the connection is not a USB connection, this step can be discarded or another digital connection initialization stage can be performed. In block 615, an initialization and energy signal is sent to the detector 250. This turns on the detector 250, as described above with respect to Figure 5. A protocol initializes the information that is necessary for secure transactions. This process is described in more detail below. In block 620, it is determined if a signal has been received that a fingerprint has been detected by the detector 250. When the detector 250 detects a fingerprint, it sends a signal to the digital system 210. If it does not receive the signal, the process waits for this signal. When the signal is received, the process continues to block 625. Although this process is illustrated as a circuit in Figure 6A, in one embodiment, this may be a process directed by interruptions, in which the system can perform other activities while "waiting". The arrival of a signal from the detector 250 generates an event (interruption) in the digital system, by which the appropriate software is activated in the digital system 210, to respond to the signal. The handling of the interruption is well known in the art. In block 625, a momentary signal is sent to detector 250. The momentary signal includes a time / date entry, the current session key and other information. It is used to verify the identity of the detector as well as the acceptance of the fingerprint. In block 630, a differential print is received from detector 250. This, again, may be an interruption. The random check is a combination of the momentary signal, and the differential print. As described previously. In block 635, the random check is decoded, and the momentary signal is verified. In addition, the session key can be verified. In block 640, the differential print is compared to a pattern database. The pattern database includes all users who register with this system. The received impression is compared with the impressions in the database. Such methods are known in the art. Processing continues in block A shown in Figure 6B. Referring to FIG. 6B, in block 645, the process of the present invention tests whether a preliminary match was found. If an equalization was not found, the process continues directly to block 670. If preliminary matching was found, the process proceeds to block 650 and both equalization and random checking are returned to the detector for final comparison. This is necessary if the digital system, in which the actual analysis is done, is not safe. By returning the printing and comparison features to the detector, the process can be made secure. Alternatively, the final comparison can be made in digital system 210. In block 655, an equalization / non-equalization verification signal is received from the detector. Because the detector is a closed and safe system, the final decision, - Regarding whether the matching was found or not, it is left for the detector. In this way, the possible unauthorized manipulation with the digital system 210 does not result in a false positive signal. In block 660, it is determined whether the final answer is a yes or a no, that is, whether the impressions are matched or not. If the impressions do not match, in block 670, access is declined. If the impressions are equal, in the block 665 access to the program, file or information is allowed. further, if the impressions are matched, in block 675, the pattern registered for the user that was recognized is updated. The update can be done by executing a comparison process in both directions, resulting in a comparison number, that is, a number that represents the percentage of matched characteristics. Based on this number, the best print can be selected as the new pattern print. Alternatively, back propagation can be used to update the current pattern by adding information obtained in the new print. Alternatively, an unsupervised Kahonen-type learning process can be used to update the current pattern. The Kahonen learning process is well known to those experts in the field. The complete comparison process, illustrated in figures 5 and 6, is very fast. In one embodiment, the comparison procedure takes approximately half a second. Security Features Figure 7 is a flow diagram illustrating one embodiment of the security features that may be utilized by the present invention. As discussed above, because the digital system 210 is not necessarily secure, security procedures are important in order to avoid unauthorized manipulation of the system. One of the security procedures is to have the final comparison in a secure system. This secure system can be the detector, which has secure digital keys and data, or a secure processor. In one embodiment, such processors and integrated circuits can be made secure by covering the integrated circuit with epoxy or a material difficult to remove similar. Alternatively, in the detector, the security systems can be coded non-flexibly in the system. In addition, a public key private key system can be used to communicate between the detector and the systems used in more secure procedures. In one mode, the Diffie-Hellman key exchange that uses a session key is used. Other methods of data encryption can be used and are well known in the art. The encryption of all data transferred between the detector and the digital system, provided by the present invention. The encryption allows the present invention to be used in a wider range of unsafe environments. Figure 7 illustrates the key exchange of Dif f ie-Hellma. In block 710, the system is operated and the detector is coupled to the digital system. In block 720, the digital system requests a certificate. The certificate is an identifier that is associated with a specific detector. In one embodiment, the certificate can be stored in the detector at the time of manufacture. Each detector can have a unique certificate. Alternatively, multiple detectors can have a unique certificate, if they are associated with the same system. For example, a large corporation can - buy multiple detectors which have the same certificate and are consequently interchangeable. In block 720, the detector responds with the certificate. Note that at this point the detector and the digital system are interconnected, but their connections are not verified to be still secure. In block 730, the digital system tests the validity of the certificate using a public key. The detector has a private key that is part of the certificate. The public key is used to decode the document encoded with a private key. If the certificate can not be decoded using the known public key, this means that the detector is not the appropriate detector, because the certificate was not encoded with the appropriate private key. In block 740, the digital system encrypts a random number and a time stamp using the public key and sends it to the detector. This means that only the detector can decrypt the number. The random number, in one modality, is 56 digits long. In block 750, the detector decrypts the random number and the time stamp with the private key. The time stamp is the momentary signal described above. In block 760, the random number, decrypted by the detector, is the session key used in this session for security. Therefore, each time a session is established, security is restored. In addition, even if a thief accesses the system once the session is over, the thief can not use the data originally obtained to access a second session. Detector and Digital System. Figure 8 is a diagram of one embodiment of the detector of the present invention. A central processing unit (CPU) 810 is used to interface with the universal serial bus (USB) 885 connection. The 810 CPU is also used to control the 845 power switch and through the power switch, the source of light 840. In one embodiment, the light source 840 is a light emitting diode (LED). The CPU 810 also controls the power to all other components. The CPU 810 is coupled to an installation of - - field programmable gate (FPGA) 815. FPGA 815 implements most of the functionality of the detector 250 of a modality and may include a random access memory (RAM). The FPGA 815 and the CPU 810 act together as the subtractor, the filter, the USB interface, the digitizer and security system. A glass 830 can be coupled to the FPGA 815 to provide a clock signal for the FPGA 815. An erasable programmable read-only memory (EPROM) 820 is coupled between the FPGA 815 and the CPU 810. The EPROM 820 contains the necessary information for initiating the detector 250. The EPROM 820 may also contain a private key which is associated with that particular detector 250, which permanently labels the identity of the detector. A coupled charge device (CCD) detector 860 is also coupled to the FPGA 815. The CCD detector 860 is an electronic device sensitive to light, which can detect black and white color. In one embodiment, the CCD detector 860 is a detector that detects a gray scale. Each CCD 860 detector consists of an installation of photocells sensitive to light. In one embodiment, the photocell is sensitized by giving it an electrical charge prior to exposure. Support electronics 850 are coupled to the CCD detector 860, to provide the electronics that activate the CCD detector 860. The output of the CCD detector 860 is passed through an operational amplifier 870 and a low pass filter 875 to clear the signal . Then, the clean output of the CCD detector 860 is passed through an analog-to-digital converter 880 to digitize the fingerprint. The digitized fingerprint image is passed to FPGA 815. Figure 9 illustrates one embodiment of the FPGA configuration 815 of Figure 8. The random access memory (RAM) controller 905 controls access to RAM 910. The RAM 910 is used to store fingerprint images, in optical form as well as in digital form. The RAM controller 905 further passes information to the stability calculator 920. The stability calculator 920 is used to calculate when a received fingerprint is stable, as described below. The RAM controller 905 receives data from the analog-to-digital converter 880. The RAM controller 905 is synchronized by a synchronization received through a sync control 945. The FPGA 815 further includes a multiplexer (MUX) 915. The MUX 915 it is used to access address and data lines in the CPU 810, as shown in FIG. 8. The RAM controller 905 includes a subtractor 990, which is used to subtract an antecedent image from a digital print, to determine an impression. differential. The output of the subtractor is coupled to the stability calculator 920. The output of the stability calculator 920 is coupled to a stability data record 970, which is a state record, which indicates when the digital printing is stable. The compressor 925 compresses the image of the digital print before transmitting it through the parallel port interface 930. Alternatively, the compressed image can be transmitted through the USB 935 interface. In one embodiment, the 925 compressor uses the Huffman compression. , which is a conventional data compression technique that varies the length of the coded symbol in proportion to its information content, that is, the more a symbol or a signal is used, the shorter the binary string used to represent it in the compressed current. The general peripheral interface or universal serial bus interface 935 is used to pass data to the universal serial bus. In one mode, USB access is made through the CPU 810. However, the USB 935 interface can be located in the FPGA 815. A status register 940 is coupled to the MUX 915 and to the CPU interface. The state register 940 indicates the general state of the communication devices, which include the parallel port, the USB port, and the structures. The status register 940 is controlled by the CPU 810 and passes its information to the RAM controller 905. A control register 950 is also coupled to the MUX 915. The control register is established by the CPU 810 to control the functions of the FPGA. 815. The address register 955 contains the address of the RAM data in RAM 910, allowing access of the CPU 810 to the RAM data. In one embodiment, the address register 955 is automatically incremented when the data has been written in one direction. The address register is controlled by a control register 950. The read data register 965 and the write data register 960 buffer the data read from or written to the RAM 910. The threshold register 975 includes the threshold numbers required for stability calculations by stability calculator 920. These threshold numbers are described in more detail below. In one embodiment, the threshold register 975 can be written by the CPU 810. The port data register 985 is a register for the data sent from the CPU 810 to be sent by the parallel port interface. The USB 980 data record is a data record from the USB interface. In one embodiment, the USB data record is a read-only register, which stores the system information. Figure 10 is a diagram of one embodiment of the digital system of the present invention. The digital system 1000 comprises a system bus 1010 or other communication means for communicating the information and a processor 1020 coupled with the bus of the system 1010 for processing the information. The digital system 1000 also comprises a read-only memory (ROM) and / or other static storage device 1035 coupled to the system bus 1010 for storing static information and instructions for the processor 1020. The digital system 1000 further comprises a main memory 1030 , a dynamic storage device to store information and instructions to be executed. The main memory 1030 is also used to store temporary variables or other intermediate information during the execution of the instructions. In one embodiment, the main memory 1030 is a dynamic random access memory (DRAM). The digital system 1000 further comprises a universal serial bus (USB) 1080 controller, a bus controller for controlling a universal serial bus (USB) 1085. The USB 1085 is for attaching the USB 1090 devices to the digital system 1000. The detector 250 may be one of the USB devices 1090 coupled to the digital system 1000 via the USB 1085. The digital system 1000 may also be coupled via the system bus 1010 to a deployment device 1050, such as a tube of - cathode rays (CRT) or a liquid crystal display (LCD) screen, to display the information to a user. An alphanumeric input device 1055 is typically coupled to the system bus 1010 for information communication and command selection to the processor 1020. Another type of user input device is the cursor control device 1060, such as a mouse, a tracking sphere, ball bearing or cursor direction keys for communicating the direction information and command selection to the processor 1020 and for controlling the movement of the cursor on the deployment device 1050. Alternatively, others may be used Input devices such as a stylus or stylus to interact with the screen. The digital system 1000 can also be coupled via the system bus 1010 to a network communication device 1065. The network communication device 1065 can be used to couple the digital system to other digital systems, servers and networks. Registration Figure HA and 11B are a flow diagram illustrating the process of recording a fingerprint print. The registration is initiated by the user when opening a registration interface. Alternatively, when the present system starts first, the registration process can open automatically. In block 1110, an identity of a person attempting to register is required. The identity can be initial, or some other identifier which can then be associated with the fingerprint. In one mode, the full name of the user is requested here. Alternatively, for a portfolio, or similar "own" system, no identity is requested and it is assumed that the individual registering with this process is the owner of the item in question. In block 1115, a fingerprint is requested. This can be done by displaying a window, with a text like "please place your finger on the detector now to record", or a similar text. Alternatively, the system can only wait for a fingerprint, without displaying a request. In block 1120, a number of different impressions are taken. As described above, the CCD detector 860 detects the fingerprint - fingerprint and copy the optical image in a RAM. In this case, a plurality of impressions may be taken, even if the user places his finger on the detector plate once. In block 1125, each of the fingerprints is digitized. These impressions are temporarily stored in the detector. Alternatively, they can be stored in the system in the digital system. In block 1130, an image of digitized antecedent of each of the digitized impressions is subtracted, resulting in differential impressions. As described above, a digitized background image is obtained when the detector was initially turned on and each time a fingerprint is obtained. In block 1135, impressions are compared. This can be done using the known techniques of fingerprint evaluation. For example, three or more impressions can be compared, finding how many equal points exist between the impressions. The comparison will determine which print has the best quality.

In block 1140, the best printing is selected. Because the registration print is the one that is compared to the subsequent fingerprints, it should be the best possible impression. Therefore, the print that displays the characteristics of the fingerprint is selected more clearly. Alternatively, information from all record impressions can be assembled into a single composite print which is stored in the database. Alternatively, in addition to selecting the best impression, the best impression is also improved, using a learning process by learning from the other impressions. In addition, as described above with respect to block 675, the pattern can be updated each time a new user impression is received. This process is known in the art. Alternatively, this step can be avoided. In block 1145, shown in the figure 11B, the differential print is stored in the database. Alternatively, this selection process can be avoided and all the prints can be stored in the database as a record data set.

- - In block 1150, the system requests any of the files and applications that the user wishes to associate with the fingerprint and identity. The user can associate files and applications which can be opened automatically after a successful fingerprint validation process. If no file is associated, the fingerprint merely validates the user, or allows the user to access the stored data owned by the user in the digital system 210 or any other system coupled to the digital system 210. In block 1155, it is determined if any file was identified by the user. If no files were identified, the process continues to block 1180. If files were identified, the process continues to block 1160. In block 1160, the system determines what kind of security exists in the selected file. The user can select program files, application files or files as specific data files or word processor files. Some files may already be password protected. For example, Word for Windows allows the protection of - password of a data file. Word for Windows is a registered trademark of Microsoft Corporation. If the selected file has no security or has an easily alterable security, the process continues to block 1165. In block 1165, the boot sector of the selected file is altered to allow verification or identification of the fingerprint. Therefore, when the user wants to access that file he will have to show his fingerprint in order to access that file. The alterations of a starting sector are known in the matter. The format of the boot sector is dependent on the platform and consequently is known and is alterable for each platform. Thus, the process accesses the boot sector of the selected file and alters it. In one embodiment, this alteration consists of pointing the boot process towards a fingerprint identification subroutine. The end of the fingerprint identification subroutine points back to the boot sector. Consequently, during the execution, the fingerprint verification subroutine is called and executed. In block 1160, if the selected file is already password protected and such protection is not easily alterable, the process continues back to block 1170. In block 1170, the password associated with that password protected file is requested. The user has to enter the password associated with that file. And, in block 1175, the password associated with that file is stored in the database, associated with the fingerprint and identity of the user. As a result, the next time the user selects the file and uses the fingerprint, the system automatically inserts the password associated with that file and individual and opens the file. In block 1155, if no file is listed, the process continues to block 1180. In block 1180, any understood access is identified and associated with the fingerprint. Under-understood access can be provided, for example, to allow access to a special area on a server or system which stores the user's personal files. Consequently, for example, fingerprint identification can provide automatic access to a list of special files. In one modality, the user - You can define such area. Alternatively, the user identification, entered in block 1110, can be used to determine the area access understood. Alternatively, if the area does not exist, the process continues directly to block 1185. In block 1185, the registration process is completed. Capturing Fingerprint Figure 12A is a flow chart illustrating the process of fingerprint image capture. This is a more detailed illustration of the functionality described with respect to blocks 535, 540 and 545 in Figure 5, that is, capturing the fingerprint, digitizing the print and subtracting the background from the print. In block 1200, the presence of an initial impression is detected. As described above, this can be detected as a result of the change in the energy arriving at the detector stage of the detector. In block 1205, a sum is set to zero. The use of this sum will become apparent next. In block 1210, an impression is captured and digitized. This process was described above in more detail. In block 1215, an image of digitalized antecedent of the digitized print is subtracted. This results in a clearer representation of the actual impression on the detector stage. In block 1210, the image is filtered, taking each X-th row and Y-th column and taking only those pixels that are in those columns and rows. This reduces processing in detail considerably, because only 1 X * Y-th requires as many pixels as necessary to evaluate. Figure 12 B illustrates this filtering process. Photography A is the image with all the pixels, represented by small boxes. Actually, because this is a digitized image, each of those boxes corresponds to a factor of intensity of that particular pixel. Photo B represents the image that shows how the 0-th and the 3rd column and row of the pixels are selected. And Photography C represents the filtered image, with only those pixels that are in the filtered Photography represented by boxes. In one modality, X and Y are both four. As a result, only 1 of 16 pixels is evaluated. The detailed process is executed on the - - filtered image. This block can be avoided in some modalities. Returning to Figure 12A, in block 1225, the sum of the intensity of the pixels over the threshold is determined for the filtered image. In one embodiment, the digitized figure is a gray scale figure, which means that the pixels can have a variety of intensities. In one embodiment, the pixel intensity can vary between 0 and 6. The threshold in this case is the average energy intensity of a fingerprint. Consequently, for example, the threshold can be 3. For three pixels which are 2, 4 and 6, the results would be 0, +1, +3, consequently the sum would be four (4). In block 1230, the derivative of the sum is taken. This determines the rate of growth of the sum, compared to the previous sum. In a modality, the derivative is determined by subtracting the previous sum from the current sum. In block 1235, it is determined if the derivative is below a certain threshold. This threshold can be determined based on the overall quality of the fingerprint of the detector. If the derivative is not below the threshold, in other words, the sum is still growing, the process returns to block 1210 and the next image is captured. If the derivative is below the threshold, the process continues to block 1240. In block 1240, it is determined whether the sum is above a certain minimum threshold. The threshold is the average contrast wrinkle to be worth for a fingerprint taken with that particular detector. In a modality, this threshold can be updated in the system based on subsequent results. If the sum is not above the threshold, the process returns to block 1210 and the next image is taken. If the sum is above the minimum threshold, the fingerprint is sufficiently large and intense and the process continues to block 1245 and block 1250. In block 1245, the final print is captured and passed for further processing. Figure 12C represents an illustration of this process. For example, Photograph D represents an image which is barely visible. Because the first image is captured when the energy level decreases, it is only a partial photograph of the finger. Photographs D, E, F, G and H show the gradual increase in the size of the fingerprint during the successive photographs that are captured. When Photograph I is captured, the system determines that it is decreasing in size. The size of the fingerprint is represented by the previous image. Photography H is captured and retained as the optimal fingerprint image. Returning to Figure 12A, in block 1250, the sum is reset to zero. In block 1255, the next image is captured and digitized. The antecedent is subtracted from the image in block 1260. In block 1265, the image is filtered and in block 1270, the sum of the intensity of the pixels above a threshold intensity is added. A derivative of this sum is taken in block 1275. In block 1280, it is determined whether the derivative is below a threshold. This threshold is similar to the threshold described above with respect to Figure 1235. When the images stop decreasing, the derivative of the images approaches zero and this derivative finds the threshold. If the derivative is not below the threshold, the process returns to block 1255. If the derivative is below the threshold, the - - process continues to block 1285. In block 1285, it is determined whether the sum is below a certain threshold. If the sum is not below the threshold, the process returns to block 1255. If the sum is below the threshold, the process continues to block 1290. In block 1290, the new antecedent is captured. As noted, blocks 1255 to 1285 are the inverse of blocks 1210 to 1240. Accordingly, this process is executed in reverse to obtain a new background image. This background image is used in the following process. Self-Launching Feature Figure 13 is a flow chart illustrating the self-launching process of an application or document. In block 1310, the application is started. The application can be started by the user when selecting the file, by the user when placing his fingerprint on the detector or other means. In block 1315, it is determined if there is a file associated with the fingerprint in the database as described above. In other words, if the file that was started does not have a request for verification / identification of - - associated fingerprint, the process continues to block 1320, where it aborts the self-launching process. If the user selected a file that does not have fingerprint verification / identification, the process continues to block 1325. In block 1325, the process expects a fingerprint. The process can display a note, requesting a fingerprint. If the user started the process by placing his finger on the detector, the process goes directly to this block. In one embodiment, the process starts here and blocks 1310 and 1315 are avoided. This may be applicable when a user wishes to access the user's special storage area or an implied file using fingerprint recognition. In block 1330, the fingerprint is processed for recognition. This process was described above. In block 1335, the database is consulted to determine if the user is authorized to access the selected file or application. The identification of the user is determined in block 1330, consequently, this can be automated. If the user is not authorized to access the selected file, the process continues to block 1340 and access to the file is denied. In one mode, the system displays the message "User not authorized to access the selected file" or a similar message. If the user is authorized to access the selected file, the process continues to block 1345. In block 1345, the file / application is initialized. If this is an application program, the application program is selected.

If it is a file, to be opened by an application program, the file is found and selected. In block 1350, what type of autostart is associated with the selected file / application is determined. As described above with respect to the registration, Figure 11, the file can be self-released by a loader or self-signed password program. Returning to figure 13, in block 1350, if the process is self-signed by password, the process continues to block 1355. In block 1360, the password associated with the file and the fingerprint in the database are searched. As described above, in Figure 11, for password-enabled files / applications the password is stored in the database. In block 1365, the password is inserted into the file, in the appropriate location and the file is opened / accessed. In block 1350, if the process is direct auto-lane, the process continues to block 1370. In block 1370, the loader program is used to execute the application or access the file. As described above with respect to Figure 11, the boot sector of the file can be altered to enable fingerprint access. Consequently, when the fingerprint is received it is automatically called to the file / application. Signal Interface Figure 14 is a flow diagram illustrating the process of using a signal in conjunction with the fingerprint recognition system of the present invention. The signal can be a key, bar code, diskette, smart card or similar external data container. In block 1410, the user inserts the signal. In one modality, the signal requires coupling to the digital system. In one modality - Alternatively, the digital system can be incorporated into the signal and consequently the signal only needs to be coupled to the detector. In block 1415, the processor checks whether fingerprint validation is enabled. The signal may be usable without fingerprint validation. If fingerprint validation is not enabled, the process continues to block 1420. In block 1420, the process ends, since no fingerprint validation is enabled. If fingerprint validation is enabled, the process continues to block 1425. In block 1425, a fingerprint is requested. This can occur through the system when displaying a message such as "place your finger on the detector" or alternatively it can be an internal wait state for fingerprint validation. Therefore, the user places his finger on the detector here. In block 1430, the validity of the pattern over the signal is confirmed. The signal contains a fingerprint pattern of the authorized user. The process checks if the pattern has been manipulated in an unauthorized manner. In one modality, an exchange of private key identification key is used to verify that the pattern is secure. In block 1435, the fingerprint is compared to the patterns in the signal. The signal is "own" for one or more users. In this stage, the process checks if a user who owns the signal is using it. In block 1445, the process checks whether the fingerprint is an impression of the owner of the signal. The impressions of the owner of the signal are recorded within the signal. If the fingerprint is not the impression of the owner of the signal, the process continues to block 1450 and the signal is disabled. In addition, an alert may be sent indicating that the signal is being used by an unauthorized user. If the fingerprint is the impression of the owner of the signal, the process continues to block 1455. In block 1455, the signal is enabled and the user can access data stored in the signal. For example, if a user owns a smart card that is a credit card, this process can be used to verify that the smart card is not stolen and actually belongs to the user in question. A thief could not activate the smart card and therefore obtain access to the confidential information stored on the card. In the above specification, the invention has been described with reference to the specific embodiments thereof. However, it will be evident that various modifications and changes can be made without departing from the broad spirit and scope of the invention. The specification and the drawings are, therefore, to be considered in an illustrative rather than restrictive sense. The present invention should not be construed as limited to such embodiments and example, but construed in accordance with the following claims.

Claims (2)

NOVELTY OF THE INVENTION Having described the present invention it is considered as novelty and therefore the property described in the following claims is claimed as:

1. A method of fingerprint recognition comprising: Detecting the fingerprint; digitize the fingerprint; subtract a digitalized antecedent of the fingerprint, resulting in an impression of difference; identify an individual associated with the impression of difference. The method according to claim 1, characterized in that it further comprises: detecting an antecedent; and digitize the antecedent, resulting in the digitized antecedent. The method according to claim 1, characterized in that it further comprises: initiating a fingerprint recognition system when the fingerprint recognition system is initially turned on; detect a first antecedent when the fingerprint recognition system is started; digitize the first antecedent; and detect a new antecedent after the fingerprint is detected; and digitize the new antecedent.