[go: up one dir, main page]

AU2003266822A1 - A smartcard security system for protecting a computer system - Google Patents

A smartcard security system for protecting a computer system Download PDF

Info

Publication number
AU2003266822A1
AU2003266822A1 AU2003266822A AU2003266822A AU2003266822A1 AU 2003266822 A1 AU2003266822 A1 AU 2003266822A1 AU 2003266822 A AU2003266822 A AU 2003266822A AU 2003266822 A AU2003266822 A AU 2003266822A AU 2003266822 A1 AU2003266822 A1 AU 2003266822A1
Authority
AU
Australia
Prior art keywords
smartcard
biometric data
computer
encoder
reader
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
AU2003266822A
Other versions
AU2003266822A2 (en
Inventor
Christopher Ian Blake
Bradley James Blake
Belinda Mae Naujok
Karthik Sivaram
James Lawrence Fuary
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BQT Solutions Australia Pty Ltd
Original Assignee
BQT Solutions Australia Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2002951755A external-priority patent/AU2002951755A0/en
Application filed by BQT Solutions Australia Pty Ltd filed Critical BQT Solutions Australia Pty Ltd
Priority to AU2003266822A priority Critical patent/AU2003266822A1/en
Publication of AU2003266822A2 publication Critical patent/AU2003266822A2/en
Publication of AU2003266822A1 publication Critical patent/AU2003266822A1/en
Assigned to BQT SOLUTIONS (AUSTRALIA) PTY LTD reassignment BQT SOLUTIONS (AUSTRALIA) PTY LTD Amend patent request/document other than specification (104) Assignors: BQT SOLUTIONS PTY LTD
Pending legal-status Critical Current

Links

Landscapes

  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Description

WO 2004/031920 PCT/AU2003/001302 -1 A SMARTCARD SECURITY SYSTEM FOR PROTECTING A COMPUTER SYSTEM Field of the Invention 5 The present invention relates generally to security systems and in particular to security systems utilising smartcards and/or biometric sensors. Background Existing security systems are of several different types. One type of security 10 system utilises a smartcard as a key for access to a secure location or secure equipment. The smartcard contains security information providing access via a smartcard reader at the access point. A user presents the reader with the smartcard. If the smartcard is authorised, the reader actuates a control mechanism to provide access. Thus, for example, the reader may signal a controller that controls operation of a latch mechanism controlling 15 access to a door or provide access to a computer terminal. One example of a relevant reader that may be used in such a system is a Wiegand reader. One significant disadvantage of such systems is that the smartcard if stolen or otherwise in the possession of an unauthorised person may allow the unauthorised person to access the secure location or equipment. 20 Another security system utilises a biometric sensor to control access. A user must provide biometric data, normally a fingerprint, speech, or an eye scan via a sensor at the access point. Other forms of biometric data include facial details and hand geometry. Biometrics is a physical characteristic of a person used as a form of identification. The 25 biometrics data is used in place of, or in addition to a security key, such as a key, card or PIN. A database or central repository of stored biometric data is maintained in a computer, with which the sensor can communicate. The scanned biometric data is compared with the stored biometric data, and if a match is found the user is permitted access. This system is generally more secure than that of the smartcard system, but is 30 disadvantageous in that a central repository of biometric data must be maintained and updated. Further, significant time may be required to conduct such a comparison of the scanned biometric data against the database or central repository to determine whether or not there is a match.
WO 2004/031920 PCT/AU2003/001302 -2 Computer systems may also require security. In such systems, the BIOS of a computer system may be configured to require an operator to provide a password using a keyboard to type text to access the computer system and load the operating system. Alternatively, the operating system and/or application software may require the operator 5 to provide a password to load the operating system or use the application software. However, security based on text password protection may be defeated in numerous ways. For example, another person may learn of a user's text password, or generate the password using automated techniques. One of the difficulties with password security techniques is that such a password can be readily transferred or acquired by another 10 person. Thus, a need clearly exists for an improved security system for protecting a computer system from access by an unauthorised person. 15 Summary In accordance with an aspect of the invention, there is provided a method of controlling access to a computer using a smarteard reader or encoder coupled to the computer. Preferably, the smartcard reader or encoder is a biometric smartcard reader or encoder. A smartcard encoded with data is read using the smartcard reader or encoder. 20 Preferably, the data read from the smartcard is stored biometric data. Authentication data from the smartcard reader or encoder is checked to determine whether access to the computer is granted or prohibited. If a determination is made to grant access, access to the computer is granted. The method preferably includes the step of locking all inputs of the computer other than a communications port of the computer to which said reader or 25 encoder is coupled.. The granting step includes the step of unlocking the inputs. Preferably, the method further includes the step of obtaining scanned biometric data using a sensor of the biometric smartcard reader or encoder. The authentication data may generate by the biometric smartcard reader or encoder dependent upon a comparison 30 of the stored biometric data and the scanned biometric data. Access is granted to the computer if the stored biometric data and the scanned biometric data match. Preferably, the steps of the method are carried out using the computer in a process selected from the WO 2004/031920 PCT/AU2003/001302 -3 group consisting of a BIOS login process, an operating system login process, a resource access process, a network resource access process, and a stop/resume process. In accordance with further aspects of the invention, an apparatus and a computer 5 program product are provided for controlling access to a computer using a smartcard reader or encoder coupled to the computer. In accordance with yet another aspect of the invention, a system for controlling access to a computer is provided. The computer has a communications port and 10 implements at least one process selected from the group consisting of a BIOS login process, an operating system login process, a resource access process, a network resource access process, and a stop/resume process. A smartcard reader or encoder is coupled to the computer via the communications port for reading a smartcard encoded with data. A module is provided for checking authentication data from the smartcard reader or encoder 15 to determine whether access to the computer is granted or prohibited in the process. A module is also provided for, if a determination is made to grant access, granting access to the computer in the process. Brief Description of the Drawings 20 A small number of embodiments are described hereinafter with reference to the drawings, in which: Fig. 1 is a high-level flow diagram illustrating an enrolment operation of a biometric smartcard system including a biometric smarteard reader or encoder in accordance with an embodiment of the invention; 25 Fig. 2 is a flow diagram illustrating a process of enrolling a fingerprint on a smartcard using a biometric smartcard encoder, providing further details of the embodiment of Fig. 1; Fig. 3 is a flow diagram illustrating a process of verifying a finger on the biometric smartcard encoder, providing further details of the embodiment of Fig. 1; 30 Fig. 4A is a block diagram illustrating the structure of storage or memory in a smartcard in accordance with the embodiment of the invention; Fig. 4B is a table illustrating an arrangement of security keys used in the smartcard of Fig. 4A in accordance with the embodiment of the invention; WO 2004/031920 PCT/AU2003/001302 -4 Fig. 5 is a functional block diagram showing modules of a biometric smartcard reader or encoder in accordance with the embodiment of the invention; Fig. 6 is a perspective view of a biometric smartcard reader or encoder in accordance with the embodiment of the invention shown in Fig. 5; 5 Fig. 7 is a flow diagram illustrating a process of providing security in which software controls authentication where BIOS loop is not active but a BIOS start occurred; Figs. 8A and 8B are a flow diagram illustrating another process of providing security in which software controls authentication where BIOS loop is active; Fig. 9 is a flow diagram illustrating yet another process of providing security in 10 which a BIOS start occurred and a BIOS loop is active; Figs. 10 A and 10B are a flow diagram illustrating a further process of providing security in which software only controls authentication where a BIOS loop is not active and a BIOS login did not occur; and Fig. 11 is a block diagram of a security system for controlling access to a computer 15 system utilising a smartcard reader or encoder coupled to the computer system in accordance with the embodiments of the invention. Detailed Description A method and a security system for protecting a computer system utilising 20 smartcards and/or biometric sensors are described hereinafter. Numerous specific details are set forth. However, it will be apparent to those skilled in the art in the light of this disclosure that various modifications may be made without departing from the scope and spirit of the invention. Embodiments of the invention provide equipment that utilise biometric and smartcard technologies. As the smartcard preferably holds the biometric 25 information, the requirement of central repositories of biometric data and associated security issues are obviated. Significant applications of such an reader or encoder is as an access control device at security point, whether for access via a door or other portal, or to a computer, network, or other secure equipment or installation. 30 Some portions of the description that follows are explicitly or implicitly presented in tenns of algorithms and symbolic representations of operations on data within a computer memory. These algorithmic descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the WO 2004/031920 PCT/AU2003/001302 -5 substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of 5 being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, termnns, numbers, or the like. It should be borne in mind, however, that the above and similar terms are to be 10 associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise, and as apparent from the following, it will be appreciated that throughout the present specification, discussions utilizing terms such as "scaming", "reading", "analyzing", "determining", "accessing", "generating" "initializing", "resetting", or the like, refer to the action and processes of a 15 computer system, or similar electronic device, that manipulates and transforms data represented as physical (electronic) quantities within the registers and memories of the computer system into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices. 20 The present specification also discloses apparatus for performing the operations of the methods. Such apparatus may be specially constructed for the required purposes, or may include a general-purpose computer or other device selectively activated or reconfigured by a computer program stored in the computer. The algorithms and displays 25 presented herein are not inherently related to any particular computer or other apparatus. Various general-purpose machines may be used with programs in accordance with the teachings herein. Alternatively, the construction of more specialized apparatus to perform the required method steps may be appropriate. The structure of a conventional general purpose computer appears from the description below. 30 In addition, the present invention also implicitly discloses a computer program, in that it would be apparent to the person skilled in the art that the individual steps of the preferred method described herein may be put into effect by computer code. The WO 2004/031920 PCT/AU2003/001302 -6 computer program is not intended to be limited to any particular programming language and implementation thereof. It will be appreciated that a variety of programming languages and coding thereof may be used to implement the teachings of the disclosure contained herein. Moreover, the computer program is not intended to be limited to any 5 particular control flow. There are many other variants of the computer program, which can use different control flows without departing the spirit or scope of the invention. Furthermore one or more of the steps of the computer program may be performed in parallel rather than sequentially. 10 Such a computer program may be stored on any computer readable medium. The computer readable medium may include storage devices such as magnetic or optical disks, memory chips, or other storage devices suitable for interfacing with a general purpose computer. The computer readable medium may also include a hard-wired medium such as exemplified in the Internet system, or wireless medium such as 15 exemplified in the GSM mobile telephone system. The computer program when loaded and executed on such a general-purpose computer effectively results in an apparatus that implements the steps of the preferred method. The preferred method(s) comprise a particular control flow. There are many 20 other variants of the preferred method(s) which use different control flows without departing the spirit or scope of the invention. Furthermore one or more of the steps of the preferred method(s) may be performed in parallel rather sequential. Overview 25 Generally, the embodiments of the invention relate to a technique of controlling access to a computer using a smartcard reader or encoder. Fig. 11 is a block diagram of such a computer system including a computer 1102 and a monitor 1104, with which the embodiments of the invention may be practiced. Preferably, the technique is implemented as a BIOS login process, a software login process, a resource access 30 process, a network resource access process, or a stop/resume process, all of which are described in greater detail hereinafter. The smartcard reader or encoder 1120 is coupled to the computer 1102 via a communications port 1140 (depicted by cable in Fig. 11) and preferably is a biometric smartcard reader or encoder 1120. The smartcard reader or WO 2004/031920 PCT/AU2003/001302 -7 encoder 1120 reads the data encoded in the smartcard 1130, which is preferably stored biometric data. Authentication data from the smartcard reader or encoder 1120 is checked to determine whether access to the computer 1102 is granted or prohibited. If a determination is made to grant access, access to the computer 1102 is granted. The 5 method preferably includes the step of locking all inputs of the computer 1102 other than the communications port 1140. The granting step includes the step of unlocking the inputs. In the following description, the embodiments of the invention are described 10 with reference to a biometric smartcard reader or encoder, although the scope of the invention has broader application to smartcard readers or encoders generally. With reference to a biometric smartcard reader or encoder, a reader is a device that is able to scan a person's biometric data and read a smartcard to obtain stored biometric data. The biometric data is preferably a fingerprint. The smartcard is presented to or inserted into 15 the reader (preferably, 10 mm to 40 mm away), and write/read operations are communicated from the reader to the smartcard. The reader then compares the scanned biometric data and stored biometric data to determine if there is a match. The reader may be located at an access point to provide access to a location or equipment in a security system dependent on the results of the comparison. An encoder is able to perform the 20 functions of a reader including contactless communications with the smartcard, but also is able to encode a smartcard with personal details and biometric data. More particularly, the encoder preferably includes a logical access system where all access in a facility is controlled using a card, i.e. for doors, for PC access, etc. Such a smarteard access system by its nature almost ensures that the user does not forget to leave the smarteard behind. 25 Preferably, an encoder has an appropriate interface to enable the encoder to be connected with a computer to enrol a person's details and biometric data on the smarteard using software running on the computer. The encoder stores biometric data in a two dimensional structure or template and card holder details on the smartcard. The encoder 30 may have an insert slot in the housing body to receive such a smartcard. The slot allows detection of the smartcard during an encoding process. A reader cannot be used for enrolment of biometric data and other associated information on a smartcard as can an encoder. For ease of description, the following text uses the two terms biometric WO 2004/031920 PCT/AU2003/001302 -8 smartcard reader and biometric smartcard encoder substantially interchangeably, but the noted distinctions should be borne in mind. Before proceeding with a detailed description of the smartcard security system or 5 technique for protecting a computer system, a description is provided of the some of the components of the system or technique. Biometric Smartcard Reader or Encoder Fig. 5 is a block diagram illustrating a smartcard 540 and a biometric smartcard 10 reader 500 in accordance with an embodiment of the invention. This biometric smartcard reader 500 is smaller than other biometric units. The biometric smartcard reader 500 includes a biometric sensor 510 coupled to a sensor control module or printed circuit board 520. The sensor PCB 520 contains modules for processing and encoding scanned biometric data into a suitable digital representation using a given coding algorithm (e.g., 15 Sagem). The fingerprint is stored as a template preferably and not as a digital image. An algorithm is used to generate the template. For fingerprints, examples of relevant algorithms use minutiae reference points, or ridge recognition patterns, for example. In turn, the sensor PCB 520 is coupled to a smartcard reader PCB 530 and sends fingerprint data in a given template to the smartcard reader PCB 530, which is also able to interrogate 20 and obtain data from a smartcard 540. This is preferably done by presenting the smartcard reader PCB 530 with the smartcard 540, in which the smartcard reader PCB 530 energises the smartcard 540 if in close proximity and communicates with the smartcard 540. Preferably, the smartcard reader PCB 530 is a contactless reader using a Philips Mifare® Chip, and the PCB 530 utilises the RS232 or USB format for its output. 25 Communication between the smartcard 540 and the smartcard reader PCB 530 is encrypted. The encryption utilised with this embodiment involves a proprietary encryption method of Mifare®, which is embedded in the Mifare® smartcards. Another option is to use 3-DES encryption. However, it will be apparent to those skilled in the art in the light of this disclosure that other encryption techniques may be used without 30 departing from the scope and spirit of the invention. More preferably, the biometric smartcard reader 500 incorporates a biometric finger scan sensor 510 (e.g., for scanning fingerprints) with an accompanying sensor PCB WO 2004/031920 PCT/AU2003/001302 -9 520. The fingerprint sensor technology may be optical, capacitive, thermal, tactile, or a combination of the foregoing. An example of a sensor arrangement that may be used is a Bioscrypt product provided by Bioscrypt Inc. including an Authentic sensor, a Bioscrypt PCB, and Bioscrypt's own encoding algorithm. Alternatively, the sensor arrangement 5 may be implemented using an ST sensor, a Yuean PCB provided by Yuean Biometrics, and the Sagem algorithm, or a SecuGen product provided by SecuGen Corporation including a SecuGen sensor, a SecuGen PCB, and the SecuGen algorithm. Still further, a SecuGen optical solution may be practiced that enables a rugged and robust design. However, it will be apparent to those skilled in the art in the light of this disclosure that 10 other biometric sensors may be practiced without departing from the scope and spirit of the invention. The sensor 510 and associated PCB 520 scan a person's fingerprint and generate a digital representation of that fingerprint as digital biometric data. Fig. 6 is a perspective view of a biometric smartcard encoder 600, which embodies the reader or encoder 500 of Fig. 5 including a biometric sensor 610/510, an associated sensor PCB 15 520 (not shown), and a Mifare® smartcard reader PCB 530 (not shown) in a single unit. The encoder 600 also includes a receptacle or socket 620 into which a smartcard can be inserted. Inside the receptacle is a latch or switch (not shown) for detecting the presence of the smartcard. Any of a number of mechanisms in addition to a latch or switch may be practiced without departing from the scope and spirit of the invention. 20 The smartcard 540 is adapted to store a digital representation of the biometric data. Preferably, the smartcard is a Mifare® smartcard for use with the contactless Mifare® reader. Preferably, the smartcard 540 has approximately 1 Kbyte of storage or memory. Smartcards with different memory sizes may be practiced, e.g. 2 KB, 4 KB, and 25 8 KB. Fig. 4A is a block diagram illustrating the structure of the storage 400 in the Mifare® smartcard, which is organised into 16 separate sectors 410-414 - 0 sector 410, 1 sector 412, ..., 15 sector 414. The sectors may be equally sized or may be variably sized (e.g., for 16 KB cards). Each of the sectors 410-414 has two keys, Key A and Key B as shown in Fig. 4B. These keys can be designated as read and read/write keys. The keys 30 may also be designated write only keys. The keys A and B for each sector are initialised by the manufacturer (e.g. 10 hexadecimal characters each) and can be changed when the sectors are written to to contain biometric data in accordance with the embodiment of the invention. Each Mifare® smartcard 540 also has a unique serial number or identifier.
WO 2004/031920 PCT/AU2003/001302 -10 Preferably, the 15 th sector 414 contains one or more of the following security parameters for use in the system of Fig. 5: a facility code, a company code, an access code, and an issue code. The facility code can identify a facility that the smartcard permits access to for a given entity or company, which is identified by the company code. The issue code 5 identifies how many smarteards have been issued to a person. For example, if the issue code is 3, the system may hotlist corresponding smartcards for the person with issue codes of 1 or 2. Dependent upon the format of the digital biometric data, the smartcard 540 stores 10 such data across two or more sectors with corresponding keys for each sector of data. In the preferred embodiment, 5 to 6 sectors are used to store a digital fingerprint representation or template. For example, an ST sensor and an Yuean PCB produce a digital fingerprint representation that is approximately 320 bytes long. The length of the representation may vary depending on the different biometric sensor products and 15 algorithms used. As noted above, each sector needs a customer specific key to unlock the information. Preferably, the reader 500/600 incorporates a switch or latch internally for detecting the presence or insertion of a smartcard into the reader. 20 As described in greater detail below, use of the biometrics smartcard encoder 500 enables authorised persons using a properly enrolled smartcard to access to a secure location or equipment, for example. Lost or stolen smartcards 540 are unusable as the person with the lost or stolen smartcard 540 does not have the correct biometrics data 25 (e.g., fingerprint) to match that stored on the smartcard 540. Still further, another advantage of this embodiment is that the biometric smartcard reader 500 of Fig. 5 obviates the need for a central database or repository of biometric data, since the biometrics data is stored on the smartcard 540. 30 In combination with a computer (not shown), a biometrics smartcard encoder 500 can also be used to enrol a person's fingerprint on a smartcard 540. The biometrics smarteard encoder 500 uses an RS232 or USB communications port, in conjunction with software, to enrol the person's fingerprint onto the smartcard 540. Generally, software or WO 2004/031920 PCT/AU2003/001302 - 11 a computer program(s) running on the computer in combination with the biometrics smartcard encoder 500 obtains personal details for a person, scans and records a fingerprint for the person, and then writes the personal details and fingerprint representation to the smartcard 540. Preferably, this embodiment does not permit 5 fingerprint information to travel to the computer. Instead, the biometric smartcard encoder 500 stores the information and writes the information directly to the smartcard 540. The information is then erased from the memory of the biometric smartcard encoder 500. When enrolling a person's fingerprint, the detail level for scanning by the biometric smartcard encoder 500 can be changed to enable persons with scarred hands or other 10 aberrations to use the encoder 500. This process is set forth in greater detail with reference to Fig. 1. Fig. 1 is a high-level flow diagram illustrating details of a process 100 of obtaining and storing biometric information in a smartcard 540 using the biometric 15 smartcard encoder (i.e., biometric unit) 500/600. In state 110, the biometric smartcard encoder 500 is initially idle. In step 112, a command is sent to the biometric smartcard encoder 500 to capture a person's fingerprint. This is preferably done by the computer using a communications port. In step 114, the sensor 510/610 of the biometric sminartcard encoder 500 captures a fingerprint image. The sensor 510/610 analyses the scarmed 20 fingerprint and creates an image. In step 116, the image is coded and the data to be stored is created. This is preferably done by the sensor PCB 520 in combination with the sensor 510. In step 118, the smartcard 540 is presented to or inserted into the smartcard reader PCB 530, and the biometric data from the sensor PCB 520 is written into the smartcard 540 by the smartcard reader PCB 530. State 120 at the end of the process 100 shows that 25 the digital fingerprint representation is stored on the smartcard 540. This smartcard 540 can then be used as a security key in relation to a biometric security system. Generally, when verification or access is required using a biometric smartcard reader 500/600, the smartcard 540 is presented to or inserted into the biometric smartcard 30 reader 500/600 and the fingerprint information is read off the smartcard 540 by the biometric smartcard reader 500/600. The person then presents their finger to the sensor 510/610 of the biometric smartcard reader 500/600 for scanning. The fingerprint representation read off the smartcard 540 is compared by the biometric smarteard reader WO 2004/031920 PCT/AU2003/001302 - 12 500/600 with the fingerprint currently obtained using the sensor 510/610. If there is a match within the detail level set at enrolment, the biometric smartcard reader 500/600 checks access privileges using the access code from the smartcard 540 and if the holder has appropriate access privileges, access is granted by the biometric smartcard reader 5 500/600 to the smarteard holder. Verification is strongly dependent on enrolment. A score of 100 applies for a high quality and content template. A medium threshold level may look for a score of 60, for example. The threshold level may be varied to adjust quality and content of a template. 10 Details of Enrolment Process Fig. 2 is a more detailed flow diagram of a process 200 of enrolling a fingerprint using a biometric smartcard encoder, based on Fig. 1. In an initial state 210, a biometric software application is run or launched. As noted above, this software is run on a computer connected to a biometric smartcard encoder 500/600, preferably using a RS232 15 or USB communications port. In step 212, a relevant RS232 or USB port is selected by the software. Other interfaces may be practiced without departing from the scope and spirit of the invention. In step 214, the communications link (COM port) is tested to ensure the communications link is operating properly. Communication between the smartcard reader PCB 530 and the computer is preferably triple DES or Skipjack 20 encrypted. Therefore, the information sent for access to the computer is highly difficult to compromise. In step 216, enrolment of a person's fingerprint is commenced. Preferably, this is done by clicking on an enrolment tab in the software application to commence enrolment processing. In step 218, personal details of the person whose fingerprint is to be enrolled are obtained and the type of smartcard being written to is 25 specified. The relevant information may include one or more of the person's name, facility code, company code, access code, and issue code. Alternatively, the smartcard may be pre-encoded with some or all of this information. In step 220, the desired detail level of the fingerprint is specified using the 30 software application. In particular, this is done using a quality meter in the software where the detail level for the sensor 510 and PCB 520 is specified. Ordinarily, the quality is set as high as possible to avoid misreads. However, the quality can be adjusted downwardly to avoid or reduce the effects of scar tissue and other aberrations on the WO 2004/031920 PCT/AU2003/001302 - 13 person's finger. In step 222, the person's fingerprint is presented to the sensor 510/610 of the biometric smartcard encoder 500/600, and the person's fingerprint is scanned. The data stream for the scanned fingerprint is sent from the sensor 510/610 to the sensor PCB 520. The information is then coded with the specific algorithm within the sensor PCB 5 520. The coded information is then sent to the smartcard reader PCB 530 and from there encoded onto the smartcard 540. In decision block 224, a check is made to determine if the quality of the scanned fingerprint image from the sensor 510/610 is adequate. The sensor 510 and PCB 520 10 determines quality. The biometric smartcard encoder 500/600 indicates this to the computer, since the fingerprint is preferably not transferred to the computer. If the quality is inadequate (NO), the quality is reduced to enable enrolment in step 226 and processing continues at step 222. This may occur multiple times. If decision block 224 determines that the quality is adequate (YES), processing continues at step 228. 15 In step 228, a smarteard 540 is presented to or inserted into the smartcard reader PCB 530 of the biometric smartcard encoder 500/600. Presentation or insertion of the smartcard 540 to the smartcard reader PCB 530 results in the encoded fingerprint template and related keys for each sector being downloaded onto the smartcard 540. The 20 communication between the smartcard 540 and the reader PCB 530 is encrypted. As noted above, the encrypted, encoded fingerprint representation is normally stored across several sectors in the storage of the smartcard. Also personal details and other information may be stored on the smartcard 540. In step 230, a check is made to determnnine if the encoding of the smartcard 540 was successful. If decision block 230 25 returns true (YES), the fingerprint template has been encoded successfully on the smartcard 540 using the encoder 500. If decision block 230 returns false (NO), processing continues at decision block 232. In decision block 232, a check is made to determine if the smartcard type details are correct. For example, the smartcard 540 may be a new or used smartcard. A new smartcard has default values in its storage, while a 30 used smartcard has changed keys A and B for example. Further, or alternatively, a different type of smartcard may be used, for example, from different manufacturers. If decision block 232 returns false (NO) indicating the card type details are incorrect, processing continues at step 234 and the correct smartcard type must be specified to the WO 2004/031920 PCT/AU2003/001302 -14 software. This may be done by clicking on the correct smartcard type in the software. Processing then continues at step 236. If decision block 232 returns true (YES), processing continues at step 236. In step 236, another smartcard is tried or obtained for presentation or insertion instead of the smartcard previously presented to or inserted into 5 the smartcard reader PCB 530 of the encoder 500/600. Processing then continues at step 228. Details of Verification Process After a fingerprint representation and associated information are enrolled on a 10 smartcard 540, verification of the enrolment on the smartcard 540 may be required. Fig. 3 is a flow diagram illustrating a process 300 of verifying a fingerprint scanned by the biometric smartcard encoder 500/600 and enrolled on the smartcard 540. In state 310, the biometric application software is loaded. In step 312, the communications link (e.g., COM port or USB) between the computer and the biometric smartcard encoder 500 is 15 selected. In step 314, the communications link is tested to ensure the link is operating properly. In step 316, a verification application module in the software is activated. Preferably, this is done by clicking on a verify tab in the biometric application software. In step 318, the smartcard 540 with enrolled fingerprint information is presented to or inserted into the encoder 500/600, which reads and stores the fingerprint information from 20 the smarteard 540. In step 320, the person's finger is presented to sensor 510/610 of the biometric smartcard encoder 500, and the person's fingerprint is scamed and stored. The biometric smnarteard encoder 500 then compares in the smartcard reader PCB 530 the scanned fingerprint template from the sensor 510/610 and the uploaded fingerprint template from the smartcard 540. 25 In decision block 322, a check is made to determine if the verification passed (OK). The encoder 500/600 provides the comparison result to the computer to establish verification. If decision block 322 returns true (YES), processing continues at state 324 and the fingerprint on the smartcard is verified as that of the fingerprint obtained at the 30 sensor 510/610. Otherwise, if decision block 322 returns false (NO), processing continues at step 326. In step 326, a check is made to determine if the verification bar in the software was raised. Preferably, a quality bar and a verification bar showing current levels are depicted graphically to an operator of the application software on opposite sides WO 2004/031920 PCT/AU2003/001302 -15 of a graphical image of a fingerprint icon, which indicates to the operator when a fingerprint has been properly scanned by the encoder 500/600. Raising the verification bar indicates a better match between the scanned fingerprint and the one from the smartcard 540. Verification is dependent on the quality level at enrolment. If decision 5 block 326 returns true (YES), processing continues at step 332 and the finger must be positioned correctly for verification, before processing continues at step 320. Otherwise, if decision block 326 returns false (NO), processing continues at step 328. A determination is made that the incorrect finger has been used in relation to the recorded fingerprint information on the smartcard. In step 330, the correct finger is determined 10 before proceeding to step 320. Alternative Biometric Smartcard Reader or Encoder In an alternate embodiment, the biometric smartcard reader or encoder may have both contacless Mifare smartcard and contact smartcard technology. Such a hybrid 15 biometric smarteard reader or encoder may assist in situations where the smartcards currently used are of the contact type but the needs of a business will ultimately demand a contactless solution. Security System for Computer System 20 Advantageously, an embodiment of the invention utilises a smartcard reader or encoder to control access to a personal computer (PC). The embodiment of the invention may be practiced with other forms of computer systems. More preferably, a biometric smartcard reader or encoder is used to control access to a PC. Each device provides an authentication service as a peripheral device to the PC. The request for authentication and 25 the authentication are communicated to and from the reader or encoder using serial or USB communications. In the case of a polling loop option, the device keeps monitoring the status of card presence in the encoder or reader and communicates the removal of the smarteard frodfi there to the PC. The BIOS is modified to check the latch of the reader or encoder via RS232, in a BIOS loop mode, while software and the operating system uses 30 polling running in the background that can user RS232 or USB communications port. It will be apparent to those skilled in the art in the light of this disclosure that the embodiments of the invention have application to other computer systems, as well as personal computers. For ease of description, the embodiments of the invention are WO 2004/031920 PCT/AU2003/001302 -16 described hereinafter with reference to a biometric smartcard reader or encoder. The device locks and unlocks all inputs of the PC (similar in manner to operation of a screen saver). All inputs are hooked and input activity suspended until the unlock is performed. This type of functionality is well known to those skilled in the art. Relevant inputs 5 include one or more of a keyboard, a mouse, and the like. The BIOS/operating system may activate a standby mode (in PCs like laptops) and come out of that mode (lock/unlock). The biometric smartcard reader or encoder can be used in security areas as a 10 BIOS login device for access to the PC. The biometric smarteard reader or encoder uses RS232 communications (COM port). Alternatively, the biometric smartcard reader or encoder may be coupled to the PC using a USB port. Software drivers enable access via the USB port. A hard line (usually DTR, or RTS in the case of RS232) in the cable may be used that monitors whether the smartcard has been retracted. Alternatively, the 15 information may be transmitted within a 3DES encrypted signal. BIOS code or software for the PC is modified to add code for the bios login. The chipsets of the PC are replaced with the updated BIOS version. This may be done for different bios chipsets. 20 When access is needed to use the PC through the biometric smartcard reader or encoder, the smartcard is inserted into the base of the biometric smartcard reader or encoder, which is coupled to the PC. Fingerprint information is read off the smartcard and the person seeking access to the PC then presents their finger to the biometric 25 smartcard reader or encoder. The fingerprint off the card is compared with the fingerprint on the sensor. If there is a match within the detail level set at enrolment, then the PC determines whether the user has access. The software can be made to check the person's identity as often as needed. 30 Once the personal computer is powered on, standard detects (POST) are completed and before there is a chance to use the PC with any operating system, the BIOS login is enacted. A text message or screen prompt the user to insert a smartcard and apply finger to the sensor of the biometric smartcard reader or encoder. In the manner WO 2004/031920 PCT/AU2003/001302 -17 described above, the scanned biometric data is compared with the stored biometric data from the smartcard to determine if the scanned and stored biometric data match. If the two match indicating a valid login, the computer continues loading the operating system. However, if the login is invalid, the computer does not load the operating system. 5 In a similar manner, the operating system and other software may be modified to provide similar security as that provided by the biometric BIOS login procedure, with appropriate modifications. As an alternative, the operating system may incorporate such functionality. Still further, the BIOS login procedure may be invoked to start the 10 computer, but similar checks may be performed by the operating system and/or before loading an application software. Periodically the operating system and/or application software may require successful completion of a biometric login procedure for continued use of the computer and/or software. Retraction of the smartcard from the reader or encoder invokes re-verification, as well. Further specifics of these alternate arrangements 15 are set forth below. The PC or any other host shall use the authentication service in either of the following levels: 20 BIOS level The BIOS boot up sequence when nearing completion shall communicates to the device and requests an authentication. Once the device supplies a confirmation, authenticating a user via the authentication methods, the BIOS continues the boot sequence. A time limit may be implemented in the BIOS to limit the duration for 25 successful completion of a login. A smartcard may be written to while in Bios level. Accordingly, blacklisting or similar restrictions may be imposed on the smarteard if a given number (e.g. 3) of failures to login occur. OS login level 30 The operating system (OS) during the Login sequence communicate to the device and request an authentication, the authentication may either be locally validated or remotely validated (network logon) and the user granted permission to use the machine (logon).
WO 2004/031920 PCT/AU2003/001302 - 18 Resource access level Access to certain resources (files or others) may be protected and/or encrypted. When access is required, an authentication may be requested from the device and if 5 authentication is provided, then the access may be granted. The device may also perform encryption and/or decryption services. The device may also provide resources like private/secure information storage. Software services may use these resources. The device may also provide resources like Purse and the like that might be used by software services. Cashless systems may utilise the smartcard as an electronic Purse. 10 Network resource access level Access to network resources may also be protected as above. The authentication in this case may be reader or encoder only, device and local computer, device and remote server, device and local and remote computers, and other combinations thereof. To go 15 anywhere, re-verification may be required involving presentation of the smartcard, biometrics data, or both. Stop/Resume level The BIOS or application software/operating system, dependent upon the reader 20 or encoder, may also be used to LOCK and UNLOCK the PC to allow users to temporarily stop and resume. This may also be activated automatically. Flow Diagrams of Processes Figs. 7 -10 are flow diagrams illustrating processes in accordance with 25 embodiments of the invention. BIOS Login and BIOS Loop Fig. 9 illustrates a process 900 for protecting a computer system utilising smartcards and/or biometric sensors where a BIOS login and/or BIOS loop is activated. 30 In step 902, the computer is turned on. In step 904, the BIOS runs through most checks and routines. In step 906, the BIOS requests authentication confirmation from the device. In step 908, a check is made to determine if a smartcard is present. If step 908 returns false (NO), processing continues at step 910. In step 910, the BIOS waits for the WO 2004/031920 PCT/AU2003/001302 -19 smartcard to be inserted. Processing then continues at step 908. If step 908 returns true (YES), processing continues at step 912. In step 912, a check is made to determine if the authentication is valid (OK). If 5 step 912 returns false (NO), processing continues at step 914. In step 914, the BIOS halts. Processing then continues at decision step 920. In step 920, a check is made to determine if the failure number has reached a predetermined number, preferably three (3). If step 920 returns false (NO), processing continues at step 918. In step 918, the failed number is incremented. Processing then continues at step 912. Otherwise if step 920 10 returns true (YES), processing continues at step 922. In step 922, the computer is shutdown or resets. Otherwise, if step 912 returns true (YES), processing continues at step 924. In step 924, the failure number is set equal to zero (0). In step 926, the BIOS completes its 15 checks and routines. In step 928, the BIOS implements a loop to ensure that authentication stays active. In step 930, the BIOS hands over operation of the computer to the operating system with the BIOS loop remaining in the background. If the smartcard is retracted, the BIOS loop restarts the computer. 20 Software Login While BIOS Loop Continues Figs. 8A and 8B illustrate a process 800 for protecting a computer system utilising smartcards and/or biometric sensors where software controls re-verfication while a BIOS loop remains activated. This applies where the computer is not rebooted, but the software in conjunction with the operating system controls re-verification. For example, 25 this processing may be carried out following execution of the process 900 of Fig. 9. In step 802, software (S/W) takes control of authentication, but the BIOS loop is still in place. In decision step 804, a check is made to determine if a smartcard is present in the smartcard reader or encoder. If step 804 returns false (NO), processing continues at step 806. In step 806, the BIOS loop is broken, which results from software issuing a 30 command that authentication has failed. In step 808, the computer is reset. Otherwise, if step 804 returns true (YES), processing continues at step 810.
WO 2004/031920 PCT/AU2003/001302 - 20 In decision step 810, a check is made to determine if the first software login or a re-verification is occurring. If step 810 returns false (NO), processing continues at step 816. Otherwise, if step 810 returns true (YES), processing continues at step 812. 5 In decision step 812, a check is made to determine if a first login authentication is required. If decision step 812 returns false (NO), processing continues at step 814. In step 814, access to the computer system is granted. Processing then continues at step 824. Otherwise if decision step 812 returns true (YES), processing continues at step 816. In step 816, a state is entered where a password or device authentication is required. 10 In decision step 818, a check is made to determine if the authentication obtained from step 816 is valid (OK). If step 818 returns false (NO), processing continues at step 820. In step 820, the software (S/W) initiates a re-verification. The failure number is also incremented. Processing then continues at decision step 822. In step 822, a check is 15 made to determine if the failure number has reached a predetermined nmunber, preferably three (3). If step 822 returns false (NO), processing continues at step 816. Otherwise if step 822 returns true (YES), processing continues at step 808. Otherwise, if step 818 returns true (YES), processing continues at step 824. 20 In step 824, the failure number is set to zero (0). In decision step 826, a check is made to determine if the smart card is still inserted in the device. This may be done by checking the state of the latch or switch in the reader or encoder. Again, the smartcard in the reader or encoder may be read at intervals for a smartcard number. The smartcard present signal may preferably be sent by hardwire or as an encrypted signal. If step 826 25 returns false (NO), processing continues at step 820. If decision block 826 returns true (YES), processing continues at step 830. In step 830, a screen saver is activated, or a verification timeout is activated. Re-verification is needed. In decision step 832, a check is made to determine if the authentication is valid 30 (OK). If step 832 returns true (YES), processing continues at step 824. Otherwise if step 832 returns false (NO), processing continues at step 834. In step 834, the operating system initiates a re-verification, and increments the failure number. Processing then continues at decision step 836. In step 836, a check is made to determine if the failure WO 2004/031920 PCT/AU2003/001302 -21 number has reached a predetermined number, preferably three (3). If step 836 returns false (NO), processing continues at step 830. Otherwise if step 836 returns true (YES), processing continues at step 808. 5 BIOS Loop Not Active, But BIOS Start Occurred Fig. 7 illustrates a process 700 for protecting a computer system utilising smartcards and/or biometric sensors using a software process where a BIOS loop is not activated but a BIOS start did occur. That is there is no external BIOS loop, with only software in conjunction with the operating system controlling authentication and re 10 verification. In step 702, the software (S/W) takes control of authentication. In decision step 704, a check is made to determnnine if a smartcard is present in the smartcard reader or encoder. If step 704 returns false (NO), processing continues at step 706. In step 706, the software waits for a smarteard to be inserted into the reader or encoder. Processing then continues at step 704. Otherwise, if step 704 returns true (YES), processing continues at 15 step 708. In decision step 708, a check is made to determine if the first software (S/W) login is occurring. If step 708 returns false (NO), processing continues at step 714. Otherwise, if step 708 returns true (YES), processing continues at step 710. In decision 20 step 710, a check is made to determine if a first software login authentication is required. If decision step 710 returns false (NO), processing continues at step 712. In step 712, access to the computer system is granted. Processing then continues at step 726. Otherwise if decision step 710 returns true (YES), processing continues at step 714. 25 In step 714, a state is entered where a password or device authentication is required. To do so, the smartcard must be presented to or inserted into the device, and biometrics data generated. If there is a match between the smartcard data and the scanned biometrics data, the encoder or reader generates an authentication signal In decision step 716, a check is made to determine if the authentication obtained from step 714 is valid 30 (OK). If step 716 returns true (YES), processing continues at step 726. In step 726, the software waits for a timeout, or for the smartcard to be retracted from the reader or encoder. The smartcard in the reader or encoder may be read at intervals for a smartcard number. The smartcard present signal may preferably be sent by hardwire or as an WO 2004/031920 PCT/AU2003/001302 - 22 encrypted signal. In step 728, the software initiates a re-authentication. Processing then continues at step 706. If step 716 returns false (NO), processing continues at step 718. In step 718, the software 5 initiates a re-verification. The failure number is also incremented. Processing then continues at decision step 720. In step 720, a check is made to determine if the failure number has reached a predetermined number, preferably three (3). If step 720 returns false (NO), processing continues at step 714. Otherwise if step 720 returns true (YES), processing continues at step 722. In step 722, the software requests an input lock. In step 10 724, the user must wait a pre-determined time, or be reactivated by an administrator. Software Only, No BIOS Loop or BIOS Start Figs. 10A and 10OB illustrate a process 1000 for protecting a computer system utilising smartcards and/or biometric sensors where software controls authentication 15 and/or re-verfication. That is, there is no BIOS loop or BIOS start involved. In step 1002, software (S/W) takes control of authentication, as the operating system loads. In step 1004, the computer inputs are locked until a smartcard is presented to or inserted into the device, i.e. the reader or encoder with the smartcard detection mechanism. In step 1006, a password or device authentication is required. 20 In decision step 1008, a check is made to determine if the authentication obtained from step 1006 is valid (OK). If step 1008 returns false (NO), processing continues at step 1010. In step 1010, the software (S/W) initiates a re-verification. The failure number is also incremented. Processing then continues at decision step 1012. In step 25 1012, a check is made to determine if the failure number has reached a predetermined number, preferably three (3). If step 1012 returns false (NO), processing continues at step 1006. Otherwise if step 1016 returns true (YES), processing continues at step 1014. In step 1014, the computer is reset or shutdown. Otherwise, if step 1008 returns true (YES), processing continues at step 1016. 30 In step 1016, the failure number is set to zero (0). In decision step 1018, a check is made to determine if the smart card is still inserted or present in the device. This may be done by checking the state of the latch or switch in the reader or encoder. Again, the WO 2004/031920 PCT/AU2003/001302 -23 smartcard in the reader or encoder may be read at intervals for a smartcard number. The smartcard present signal may preferably be sent by hardwire or as an encrypted signal. If step 1018 returns false (NO), processing continues at step 1010. If decision block 1018 returns true (YES), processing continues at step 1020. In step 1020, a screen saver is 5 activated, or a verification timeout is activated. Re-verification is needed. In decision step 1022, a check is made to determine if the authentication is valid (OK). If step 1022 returns true (YES), processing continues at step 1016. Otherwise if step 1022 returns false (NO), processing continues at step 1024. In step 1024, the 10 operating system initiates a re-verification, and increments the failure number. Processing then continues at decision step 1026. In step 1026, a check is made to determine if the failure number has reached a predetermined number, preferably three (3). If step 1026 returns false (NO), processing continues at step 1020. Otherwise if step 1026 returns true (YES), processing continues at step 1014. 15 Computer Implementation The method of protecting a computer system utilising smartcards and/or biometric sensors is preferably practiced using a general-purpose computer system, in which the processes of Figs. 1-3 and 7-11 may be implemented as firmware in the BIOS 20 chip(s) and/or software, such as an application program executing within the computer system. In particular, the steps of method of protecting a computer system utilising smartcards and/or biometric sensors are effected, at least in part, by instructions in the software that are carried out by the computer. The instructions may be formed as one or more code modules, each for performing one or more particular tasks. The software may 25 be stored in a computer readable medium, including the storage devices described below, for example. The software is loaded into the computer from the computer readable medium, and then executed by the computer. A computer readable medium having such software or computer program recorded on it is a computer program product. The use of the computer program product in the computer preferably effects an advantageous 30 apparatus for protecting a computer system utilising smartcards and/or biometric sensors. Examples of computers on which the described arrangements can be practised include IBM-PC's and compatibles, Sun Sparcstations or alike computer systems. Still WO 2004/031920 PCT/AU2003/001302 - 24 further, the software can also be loaded into the computer system from other computer readable media. The term "computer readable medium" as used herein refers to any storage or transmission medium that participates in providing instructions and/or data to the computer system for execution and/or processing. Examples of storage media include 5 floppy disks, magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, a magneto-optical disk, or a computer readable card such as a PCMCIA card and the like, whether or not such devices are internal or external of the computer module. Examples of transmission media include radio or infra-red transmission channels as well as a network connection to another computer or networked device, and the Internet or Intranets 10 including e-mail transmissions and information recorded on Websites and the like. A small number of embodiments of the invention regarding a method and a security system for protecting a computer system utilising smartcards and/or biometric sensors have been described. In the light of the foregoing, it will be apparent to those 15 skilled in the art in the light of this disclosure that various modifications may be made without departing from the scope and spirit of the invention.

Claims (40)

  1. 2. The method according to claim 1, further including the step of locking all inputs of said computer other than a communications port of said computer to which said reader or encoder is coupled. 15
  2. 3. The method according to claim 2, wherein said granting step includes the step of unlocking said inputs.
  3. 4. The method according to claim 1, wherein said smartcard reader or 20 encoder is a biometric smartcard reader or encoder.
  4. 5. The method according to claim 4, wherein said data read from said smartcard is stored biometric data. 25 6. The method according to claim 5, further including the step of obtaining scanned biometric data using a sensor of said biometric smartcard reader or encoder.
  5. 7. The method according to claim 6, wherein said authentication data is generated by said biometric smartcard reader or encoder dependent upon a comparison of 30 said stored biometric data and said scanned biometric data.
  6. 8. The method according to claim 7, wherein access is granted to said computer if said stored biometric data and said scanned biometric data match. WO 2004/031920 PCT/AU2003/001302 -26 9. The method according to claim 4, further including the step of verifying said biometric data encoded on said smartcard is correct. 5 10. The method according to claim 4, further including the step of enrolling biometric data on said smartcard.
  7. 11. The method according to claim 10, wherein said enrolling step further includes the steps of: 10 scanning a source of biometric data associated with said smartcard; encoding said scanned biometric data; and storing said encoded biometric data on said smartcard.
  8. 12. The method according to claim 5 or 6, wherein said biometric data 15 includes a fingerprint.
  9. 13. The method according to claim 11, further including the step of specifying a detail level for scanning said biometric data. 20 14. The method according to claim 1, wherein said steps are carried out using said computer in a process selected from the group consisting of a BIOS login process, an operating system login process, a resource access process, a network resource access process, and a stop/resume process. 25 15. An apparatus for controlling access to a computer using a smartcard reader or encoder coupled to said computer, said apparatus including: a smartcard reader or encoder for reading a smartcard encoded with data; means for checking authentication data from said smartcard reader or encoder to determine whether access to said computer is granted or prohibited; and 30 means for, if a determination is made to grant access, granting access to said computer. WO 2004/031920 PCT/AU2003/001302 - 27 16. The apparatus according to claim 15, further including means for locking all inputs of said computer other than a communications port of said computer to which said reader or encoder is coupled. 5 17. The apparatus according to claim 16, wherein said granting means includes means for unlocking said inputs.
  10. 18. The apparatus according to claim 15, wherein said smartcard reader or encoder is a biometric smartcard reader or encoder. 10
  11. 19. The apparatus according to claim 18, wherein said data read from said smartcard is stored biometric data.
  12. 20. The apparatus according to claim 19, wherein said biometric smartcard 15 reader or encoder includes a scanner for obtaining scanned biometric data.
  13. 21. The apparatus according to claim 20, wherein said authentication data is generated by said biometric smartcard reader or encoder dependent upon a comparison of said stored biometric data and said scanned biometric data. 20
  14. 22. The apparatus according to claim 21, wherein access is granted to said computer if said stored biometric data and said scanned biometric data match.
  15. 23. The apparatus according to claim 18, further including means for 25 verifying said biometric data encoded on said smartcard is correct.
  16. 24. The apparatus according to claim 18, further including means for enrolling biometric data on said smartcard. 30 25. The apparatus according to claim 24, wherein said enrolling means further includes: means for scanning a source of biometric data associated with said smartcard; means for encoding said scanned biometric data; and WO 2004/031920 PCT/AU2003/001302 -28 means for storing said encoded biometric data on said smartcard.
  17. 26. The apparatus according to claim 19 or 20, wherein said biometric data includes a fingerprint. 5
  18. 27. The apparatus according to claim 25, further including means for specifying a detail level for scanning said biometric data.
  19. 28. The apparatus according to claim 15, wherein said processing is carried 10 out using said computer in a process selected from the group consisting of a BIOS login process, an operating system login process, a resource access process, a network resource access process, and a stop/resume process.
  20. 29. A computer program product having a computer readable medium with 15 a computer program recorded thereon for controlling access to a computer using a smartcard reader or encoder coupled to said computer, said computer program product including: computer program code means for reading a smartcard encoded with data using said smartcard reader or encoder; 20 computer program code means for checking authentication data from said smartcard reader or encoder to determine whether access to said computer is granted or prohibited; and computer program code means for, if a determination is made to grant access, granting access to said computer. 25
  21. 30. The computer program product according to claim 29, further including computer program code means for locking all inputs of said computer other than a communications port of said computer to which said reader or encoder is coupled. 30 31. The computer program product according to claim 30, wherein said computer program code means for granting includes computer program code means for unlocking said inputs. WO 2004/031920 PCT/AU2003/001302 - 29 32. The computer program product according to claim 29, wherein said smartcard reader or encoder is a biometric smartcard reader or encoder.
  22. 33. The computer program product according to claim 32, wherein said data 5 read from said smartcard is stored biometric data.
  23. 34. The computer program product according to claim 33, wherein said biometric smartcard reader or encoder includes a scanner for obtaining scanned biometric data. 10
  24. 35. The computer program product according to claim 34, wherein said authentication data is generated by said biometric smartcard reader or encoder dependent upon a comparison of said stored biometric data and said scanned biometric data. 15 36. The computer program product according to claim 35, wherein access is granted to said computer if said stored biometric data and said scanned biometric data match.
  25. 37. The computer program product according to claim 32, further including 20 computer program code means for verifying said biometric data encoded on said smartcard is correct.
  26. 38. The computer program product according to claim 32, further including computer program code means for enrolling biometric data on said smartcard. 25
  27. 39. The computer program product according to claim 38, wherein said computer program code means for enrolling further includes: computer program code means for scanning a source of biometric data associated with said smartcard; 30 computer program code means for encoding said scanned biometric data; and computer program code means for storing said encoded biometric data on said smartcard. WO 2004/031920 PCT/AU2003/001302 -30
  28. 40. The computer program product according to claim 33 or 34, wherein said biometric data includes a fingerprint.
  29. 41. The computer program product according to claim 39, further including 5 computer program code means for specifying a detail level for scanning said biometric data.
  30. 42. The computer program product according to claim 29, wherein said processing is carried out using said computer in a process selected from the group 10 consisting of a BIOS login process, an operating system login process, a resource access process, a network resource access process, and a stop/resume process.
  31. 43. A system for controlling access to a computer, said system including: a computer with a communications port, said computer implementing at least one 15 process selected from the group consisting of a BIOS login process, an operating system login process, a resource access process, a network resource access process, and a stop/resume process. a smartcard reader or encoder coupled to said computer via said communications port for reading a smartcard encoded with data; 20 means for checking authentication data from said smartcard reader or encoder to determine whether access to said computer is granted or prohibited in said process; and means for, if a determination is made to grant access, granting access to said computer in said process. 25 44. The system according to claim 43, further including means for locking all inputs of said computer other than said communications port.
  32. 45. The system according to claim 44, wherein said granting means includes means for unlocking said inputs. 30
  33. 46. The system according to claim 43, wherein said smartcard reader or encoder is a biometric smartcard reader or encoder. WO 2004/031920 PCT/AU2003/001302 -31 47. The system according to claim 46, wherein said data read from said smatcard is stored biometric data.
  34. 48. The system according to claim 47, wherein said biometric smartcard 5 reader or encoder includes a scanner for obtaining scanned biometric data.
  35. 49. The system according to claim 48, wherein said authentication data is generated by said biometric smartcard reader or encoder dependent upon a comparison of said stored biometric data and said scanned biometric data. 10
  36. 50. The system according to claim 49, wherein access is granted to said computer if said stored biometric data and said scanned biometric data match.
  37. 51. The system according to claim 46, further including means for verifying 15 said biometric data encoded on said smartcard is correct.
  38. 52. The system according to claim 46, further including means for enrolling biometric data on said smartcard. 20 53. The system according to claim 52, wherein said enrolling means further includes: means for scanning a source of biometric data associated with said smartcard; means for encoding said scanned biometric data; and means for storing said encoded biometric data on said smartcard. 25
  39. 54. The system according to claim 47 or 48, wherein said biometric data includes a fingerprint.
  40. 55. The system according to claim 53, further including means for 30 specifying a detail level for scanning said biometric data.
AU2003266822A 2002-10-03 2003-10-02 A smartcard security system for protecting a computer system Pending AU2003266822A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003266822A AU2003266822A1 (en) 2002-10-03 2003-10-02 A smartcard security system for protecting a computer system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AU2002951755 2002-10-03
AU2002951755A AU2002951755A0 (en) 2002-10-03 2002-10-03 A smartcard security system for protecting a computer system
PCT/AU2003/001302 WO2004031920A1 (en) 2002-10-03 2003-10-02 A smartcard security system for protecting a computer system
AU2003266822A AU2003266822A1 (en) 2002-10-03 2003-10-02 A smartcard security system for protecting a computer system

Publications (2)

Publication Number Publication Date
AU2003266822A2 AU2003266822A2 (en) 2004-04-23
AU2003266822A1 true AU2003266822A1 (en) 2004-04-23

Family

ID=34275682

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2003266822A Pending AU2003266822A1 (en) 2002-10-03 2003-10-02 A smartcard security system for protecting a computer system

Country Status (1)

Country Link
AU (1) AU2003266822A1 (en)

Also Published As

Publication number Publication date
AU2003266822A2 (en) 2004-04-23

Similar Documents

Publication Publication Date Title
AU2002101053B4 (en) Biometric smartcard system
US7255282B2 (en) PCMCIA-complaint smart card secured memory assembly for porting user profiles and documents
US7549161B2 (en) Portable device having biometrics-based authentication capabilities
US20030005337A1 (en) Portable device having biometrics-based authentication capabilities
US20080109895A1 (en) Method and System for Multi-Authentication Logon Control
US20080244734A1 (en) Information processing apparatus and method, program, and information processing system
CA2591751A1 (en) Biometric personal data key (pdk) authentication
JP2012043208A (en) Security management system, information processor, offline device, security management method, and program
WO2004031920A1 (en) A smartcard security system for protecting a computer system
CN1195275C (en) Security arrangement
KR100991191B1 (en) Computer security module and computer device applying the same
JP4950337B2 (en) Fingerprint reader reset system and method
JP3422472B2 (en) Personal computer system
KR102248132B1 (en) Method, apparatus and program of log-in using biometric information
AU2003266822A1 (en) A smartcard security system for protecting a computer system
CN101169811A (en) Contactless Digital Security System
KR20020078771A (en) Power on control apparatus and method of computer systems using biometric recognition
JP2004185255A (en) Floppy (registered trademark) disk type biometric information authentication device that has both personal information management and biometric authentication
JP2006351015A (en) Storage and method for protecting stored data thereof
JP2007241800A (en) Removable memory unit and computer device
JP3641382B2 (en) Security system and security method
JP2001331375A (en) Program startup method, method and device for preventing unauthorized access, encoding/decoding system and card
KR20070109488A (en) Fingerprint recognition mouse with built-in security flash memory
KR20060087000A (en) Access control device for integrated circuit card and access control method using same

Legal Events

Date Code Title Description
TC Change of applicant's name (sec. 104)

Owner name: BQT SOLUTIONS (AUSTRALIA) PTY LTD

Free format text: FORMER NAME: BQT SOLUTIONS PTY LTD

DA3 Amendments made section 104

Free format text: THE NATURE OF THE AMENDMENT IS: APPLICATION IS TO PROCEED UNDER THE NUMBER 2003101083

Free format text: THE NATURE OF THE AMENDMENT IS AS SHOWN IN THE STATEMENT(S) FILED 06 OCT 2005