SMARTCARD AND METHOD FOR CONTROLLING A SMARTCARD

Abstract

A smart card may include a processor for controlling operation of the smartcard and a biometric sensor for identification of an authorised user, wherein the processor is arranged to permit access to one or more secure feature(s) of the smartcard in response to a multifactor authentication process requiring both: (i) confirmation of the identity of the smartcard based on a physically unclonable characteristic of the smartcard and (ii) authentication of the user' identity via the biometric sensor.

Claims

1. A smartcard comprising: a processor for controlling operation of the smartcard; and a biometric sensor for identification of an authorised user; wherein the processor is arranged to permit access to one or more secure feature(s) of the smartcard based on a multifactor authentication process requiring both: (i) confirmation of the identity of the smartcard based on a physically unclonable characteristic of the smartcard, and (ii) authentication of the user's identity via the biometric sensor.

2. A smartcard as claimed in claim 1, wherein the physically unclonable characteristic is recorded by the smartcard during an enrolment process.

3. A smartcard as claimed in claim 1, comprising a memory for storing data representing the physically unclonable characteristic, wherein the processor is arranged to compare the stored data for the physically unclonable characteristic with newly obtained data purporting to represent the same physically unclonable characteristic in order to check that the smartcard is the same smartcard that provided the originally recorded data for the physically unclonable characteristic.

4. A smartcard as claimed in claim 1, wherein the physically unclonable characteristic of the smartcard is a characteristic that can be measured based on a physical entity of the smartcard.

5. A smartcard as claimed in claim 1, wherein the physically unclonable characteristic takes the form of a physical reaction of the smartcard to an external stimulus or internal stimulus.

6. A smartcard as claimed in claim 1, wherein the physically unclonable characteristic is a physically unclonable characteristic of an electrical component of the smartcard, such as a function that can be defined as a reaction of the electrical component to an input signal.

7. A smartcard as claimed in claim 6, wherein the physically unclonable characteristic of an electrical component includes at least one of a physically unclonable characteristic of a semiconductor device and a physically unclonable characteristic of the biometric sensor.

8. A smartcard as claimed in claim 1, wherein the physically unclonable characteristic is based on a vibration pattern of the smartcard measured via an accelerometer on the smartcard.

9. A smartcard as claimed in claim 1, wherein the multifactor authentication process includes a requirement for identification of the smartcard based on a combination of multiple different physically unclonable characteristics.

10. A smartcard as claimed in claim 1, wherein the multifactor authentication process includes weighting applied to the physically unclonable characteristic(s) and the biometric authentication.

11. A smartcard as claimed in claim 1, wherein the multifactor authentication process includes an accuracy threshold for the confirmation of the identity of the smartcard and/or for the authentication of the user's identity.

12. A smartcard as claimed in claim 1, wherein the processor is arranged to adapt the multifactor authentication process over time in order to account for variations with time in relation to the biometric data from the sensor and/or in relation to the physically unclonable characteristic of the smartcard.

13. A smartcard as claimed in claim 1, wherein the multifactor authentication process includes monitoring the biometric authentication and/or the identification of the physically unclonable characteristic over time by recording data over a set number of the most recent authentications, such as at least 10, at least 20 or at least 50 recent authentications.

14. A smartcard as claimed in claim 13, wherein the processor is arranged to use the recorded data for past authentications to identify variations over time and/or to update the acceptance criteria of the multifactor authentication process.

15. A smartcard as claimed in claim 13, wherein the processor is arranged to use recorded data from past authentications to detect potential fraudulent use of the smartcard by checking for data from the biometric sensor and/or the physically unclonable characteristic that is identical to recorded data from an earlier authentication and rejecting the authentication attempt if one or both of the data from the biometric sensor and/or the data from the physically unclonable characteristic is identical to data from an earlier authentication.

16. A method for controlling a smartcard, the smartcard comprising: a processor for controlling operation of the smartcard; and a biometric sensor for identification of an authorised user; wherein the method comprises: controlling operation of the smartcard to permit access to one or more secure feature(s) of the smartcard based on a multifactor authentication process; and wherein the multifactor authentication process requires both: (i) confirming the identity of the smartcard based on a physically unclonable characteristic of the smartcard, and (ii) authenticating the user's identity via the biometric sensor.

17. A method as claimed in claim 16, comprising using a smartcard as claimed in claim 15.

18. A computer programme product comprising instructions that, when executed on a processor in a smartcard as claimed in claim 1, will cause the processor to control operation of the smartcard to permit access to one or more secure feature(s) of the smartcard based on a multifactor authentication process, wherein the multifactor authentication process requires both: (i) confirming the identity of the smartcard based on a physically unclonable characteristic of the smartcard, and (ii) authenticating the user's identity via the biometric sensor.

Description

[0042] Certain preferred embodiments of the present invention will now be described in greater detail, by way of example only and with reference to the accompanying drawings, in which:

[0043] FIG. 1 is a diagram of a circuit for a smartcard incorporating an accelerometer along with a biometric sensor in the form of a fingerprint area sensor;

[0044] FIG. 2 illustrates a smartcard with an external housing; and

[0045] FIG. 3 shows an example laminated type smartcard.

[0046] By way of example the invention is described in the context of a smartcard that uses contactless technology and, in the illustrated embodiment, uses power harvested from the reader. These features are envisaged to be advantageous features of the proposed movement sensitive smartcards, but are not seen as essential features. The smartcard may hence alternatively use a physical contact and/or include a battery providing internal power, for example.

[0047] FIG. 1 shows the architecture of a smartcard 102 with an optional accelerometer 16. A powered card reader 104 transmits a signal via an antenna 106. The signal is typically 13.56 MHz for MIFARE and DESFire systems, manufactured by NXP Semiconductors, but may be 125 kHz for lower frequency PROX products, manufactured by HID Global Corp. This signal is received by an antenna 108 of the smartcard 102, comprising a tuned coil and capacitor, and then passed to a communication chip 110. The received signal is rectified by a bridge rectifier 112, and the DC output of the rectifier 112 is provided to processor 114 that controls the messaging from the communication chip 110.

[0048] A control signal output from the processor 114 controls a field effect transistor 116 that is connected across the antenna 108. By switching on and off the transistor 116, a signal can be transmitted by the smartcard 102 and decoded by suitable control circuits 118 in the reader 104. This type of signaling is known as backscatter modulation and is characterised by the fact that the reader 104 is used to power the return message to itself.

[0049] The accelerometer 16, where present, is connected in an appropriate way to the processor 114. The accelerometer 16 can be a Tri-axis Digital Accelerometer as provided by Kionix, Inc. of Ithaca, N.Y., USA and in this example it is the Kionix KXCJB-1041 accelerometer. The accelerometer 16 senses movements of the card and provides an output signal to the processor 114, which is arranged to detect and identify movements that are associated with required operating modes on the card as discussed below. The accelerometer 16 can also be used to obtain a physically unclonable characteristic of the smartcard 102 for use in a multifactor authentication process as discussed below. The accelerometer 16 may be used only when power is being harvested from the powered card reader 104, or alternatively the smartcard 102 may be additionally provided with a battery (not shown in the Figures) allowing for the accelerometer 16, and also the related functionalities of the processor 114 and other features of the device to be used at any time.

[0050] A fingerprint authentication engine 120 is connected to the processor 114 in order to allow for biometric authentication of the user based on a finger or thumb print. The fingerprint authentication engine 120 can be powered by the antenna 108 so that the card is a fully passive smartcard 102. In that case the fingerprint identification of an authorised user is only possible whilst power is being harvested from the card reader 104. In an alternative arrangement the smartcard 102 may be additionally provided with a battery (not shown in the Figures) allowing for the fingerprint authentication engine 120, and also the related functionalities of the processor 114 to be used at any time.

[0051] As used herein, the term passive smartcard should be understood to mean a smartcard 102 in which the communication chip 110 is powered only by energy harvested from an excitation field, for example generated by the card reader 118. That is to say, a passive smartcard 102 relies on the reader 118 to supply its power for broadcasting. A passive smartcard 102 would not normally include a battery, although a battery may be included to power auxiliary components of the circuit (but not to broadcast); such devices are often referred to as semi-passive devices.

[0052] Similarly, the term passive fingerprint/biometric authentication engine should be understood to mean a fingerprint/biometric authentication engine that is powered only by energy harvested from an excitation field, for example the RF excitation field generated by the card reader 118.

[0053] It should be noted that in alternative embodiments battery powered and hence non-passive smartcards may be provided and may have the same features in relation to the accelerometer, fingerprint sensor, multifactor authentication process, and so on. With these alternatives the smartcard can have the same features aside from that the use of harvested power is replaced by the power from a battery that is contained within the card body.

[0054] The card body can be a card housing 134 as shown in FIG. 2 or a laminated card body 140 as shown in FIG. 3. It will be appreciated that there are significant constraints on the size of the smartcard 102.

[0055] The antenna 108 comprises a tuned circuit including an induction coil and a capacitor, which are tuned to receive an RF signal from the card reader 104. When exposed to the excitation field generated by the reader 104, a voltage is induced across the antenna 108.

[0056] The antenna 108 has first and second end output lines 122, 124, one at each end of the antenna 108. The output lines of the antenna 108 are connected to the fingerprint authentication engine 120 to provide power to the fingerprint authentication engine 120. In this arrangement, a rectifier 126 is provided to rectify the AC voltage received by the antenna 108. The rectified DC voltage is smoothed using a smoothing capacitor and supplied to the fingerprint authentication engine 120.

[0057] The fingerprint authentication engine 120 includes a fingerprint processor 128 and a fingerprint reader 130, which can be an area fingerprint reader 130, mounted on a card housing 134 as shown in FIG. 2 or fitted so as to be exposed from a laminated card body 140 as shown in FIG. 3. The card housing 134 or the laminated body 140 encases all of the components of FIG. 1, and is sized similarly to conventional smartcards. The fingerprint authentication engine 120 can be passive and hence powered only by the voltage output from the antenna 108, or there may be battery power as mentioned above. The fingerprint processor 128 comprises a microprocessor that is chosen to be of very low power and very high speed, so as to be able to perform biometric matching in a reasonable time.

[0058] The fingerprint authentication engine 120 is arranged to scan a finger or thumb presented to the fingerprint reader 130 and to compare the scanned fingerprint of the finger or thumb to pre-stored fingerprint data using the fingerprint processor 128. A determination is then made as to whether the scanned fingerprint matches the pre-stored fingerprint data. In a preferred embodiment, the time required for capturing a fingerprint image and authenticating the bearer of the card 102 is less than one second.

[0059] If a biometric match is determined and/or if appropriate movements are detected via the accelerometer 16, then the processor 114 takes appropriate action depending on its programming. In this example a fingerprint authorisation process is used along with a requirement for at least one further authorisation in a multifactor authorisation process. With this multifactor authentication process then full access to secure features of the smartcard requires both a biometric authorisation (embodied by the fingerprint authorisation in this example) and identification of the smartcard via a physically unclonable characteristic. If the multifactor authentication process finds a match with both the biometric and the physically unclonable characteristic then the processor 114 permits use of the smartcard 104 with the contactless card reader 104. Thus, the communication chip 110 is only authorised to transmit a signal to the card reader 104 when the multifactor authentication process is satisfied. The communication chip 110 transmits the signal by backscatter modulation.

[0060] The physically unclonable characteristic may for example be a physically unclonable function of a semiconductor device on the smartcard. Alternatively or additionally the multifactor authentication process may make use of a physically unclonable characteristic based on the biometric sensor 130, such as an output from the sensor when subject to predefined electrical or physical stimulus. The physically unclonable characteristic might be based on both of the biometric sensor 130 and also on the processor 114, or the fingerprint processor 128. Electrical components such as semiconductor devices are nominally identical but in reality have numerous small variations that can be used as the basis for one or more physically unclonable characteristic(s) in relation to the multifactor authentication process required by the proposed smartcard 102.

[0061] Where an accelerometer 16 is used the processor 114 receives the output from the accelerometer 16 and this allows the processor 114 to determine what movements of the smartcard 102 have been made. The processor 114 may identify pre-set movements that are linked with required changes to the operating mode of the smartcard 102. As discussed above, the movements may include any type of or combination of rotation, translation, acceleration, jerk, impulse and other movements detectable by the accelerometer 16.

[0062] The movements detected by the accelerometer 16 are further influenced by the construction and geometry of the smartcard 102. For example, a smartcard 102 with a housing 134 as in FIG. 2 will behave differently to a smartcard 102 with a laminated body 140 as in FIG. 3 in terms of their natural frequency and their dynamic reaction to a given movement. The same will apply to differently manufactured cards of the same basic type, so that laminated cards produced by different manufacturers and or by different processes will react differently.

[0063] This means that accelerometer 16 may be used in relation to a physically unclonable characteristic based on a vibration pattern of the smartcard 102. This could be instead of or in addition to physically unclonable characteristics from electrical components such as those mentioned above. If a fake card is produced fraudulently and the fraudster has managed to copy data concerning the smartcard's vibration patterns, with this data being injected into the microprocessor of the fake card, the resonance of the new card is different from the original card, so therefore it cannot be hacked since it cannot correctly identify itself. Thus, movement patterns that are detected via the accelerometer 16 can be unique to both the user and to the individual smartcard 102.

[0064] The movement patterns enrolled via the accelerometer 16 may be stored in a memory at the card 102 (for example as a part of the processor 114) and/or in an external database. Since the accelerometer output signal for the movement patterns can be unique to each card then it unlike biometric data the risk to security from permitting the data to be stored off the card is less, and an additional check on the authenticity of the card itself can be performed by checking the accelerometer data in an external database with accelerometer data on the card.

[0065] The operating modes that the processor 114 activates or switches to in response to an identified movement associated with the require change in operating mode may include any mode of operation as discussed above, including turning the card on or off, activating secure aspects of the card 102 such as contactless payment and/or communications with the card reader 104, or changing the basic functionality of the card 102 for example by switching between operating as an access card, a payment card, a transportation smartcard, switching between different accounts of the same type (e.g. two bank accounts), switching between communications protocols (such as blue tooth, Wifi, NFC) and/or activating a communication protocol, activating a display such as an LCD or LED display, obtaining an output from the smartcard 102, such as a one-time-password or the like, or prompting the card 102 to automatically perform a standard operation of the smartcard 102. It will be appreciated that the smartcard 102 can readily be programmed with any required characteristics in terms of the action taken in reaction to events detected by the accelerometer 16.

[0066] The processor 114 has a learn mode to allow for the user to specify which movements (including combinations of movements) should activate particular operating modes. In the learn mode the processor 114 prompts the user to make the desired sequence of movements, and to repeat the movements for a predetermined set of times. These movements are then allocated to the required operating mode.

[0067] The processor 114 can implement a dropped card mode and/or a biometric failure back up mode as discussed above.

[0068] In some circumstances, the owner of the biometric smartcard 102 may suffer an injury resulting in damage to the finger that has been enrolled on the card 102. This damage might, for example, be a scar on the part of the finger that is being evaluated. Such damage can mean that the owner will not be authorised by the card 102 since a fingerprint match is not made. In this event the processor 114 may prompt the user for a back-up identification/authorisation check via a sequence of movements. The user can hence have a password entered using movements of the card to be used in the event that the biometric authorisation fails.

[0069] After such a back-up authorisation the card 102 could be arranged to be used as normal, or it could be provided with a degraded mode in which fewer operating modes or fewer features of the cards 102 are enabled. For example, if the smartcard 102 can act as a bank card then the back-up authorisation might allow for transactions with a maximum spending limit lower than the usual maximum limit for the card.

SMARTCARD AND METHOD FOR CONTROLLING A SMARTCARD

Inventors

Cpc classification

Classification Explorer

G09C1/00

PHYSICS

Classification Explorer

G06V40/12

PHYSICS

Classification Explorer

H04L63/0861

ELECTRICITY

Classification Explorer

G06K19/07354

PHYSICS

Classification Explorer

G06V20/80

PHYSICS

Classification Explorer

G06K19/0723

PHYSICS

Classification Explorer

G06F21/34

PHYSICS

Classification Explorer

H04L9/50

ELECTRICITY

Classification Explorer

G06V40/20

PHYSICS

Classification Explorer

G06F21/32

PHYSICS

Classification Explorer

H04L63/0853

ELECTRICITY

Classification Explorer

G06V40/1365

PHYSICS

Classification Explorer

G06K19/0718

PHYSICS

Classification Explorer

H04L9/3278

ELECTRICITY

International classification

Classification Explorer

G06K19/073

PHYSICS

Classification Explorer

G06K19/07

PHYSICS

Abstract

Claims

Description