1. Technical Field
The present disclosure relates to a security system and a security certification method thereof, and more particularly to, a certification system using a smart card and fingerprint recognition.
2. Discussion of Related Art
Fingerprint recognition or fingerprint authentication refers to the automated method of verifying a match between two human fingerprints. Fingerprints are one of many forms of biometrics used to identify an individual and verify their identity. A conventional security certification system can validate the identify of an owner by comparing previously stored fingerprint information of the owner with currently entered fingerprint information of a user claiming to be owner. The security certification systems may store the fingerprint information of registered users in a smart card. The systems may be classified into store on card systems and match on card systems.
FIG. 1A is a view of a conventional store on card system. Referring to FIG. 1A, the conventional store on card system includes a smart card terminal 110 and a smart card 120. The smart card terminal 110 includes a user fingerprint feature information unit 111 and a fingerprint certification engine 113. The smart card 120 includes an owner fingerprint feature information unit 121.
The smart card 120 stores fingerprint data of the owner in the owner fingerprint information unit 121. When a user requests security certification, the smart card terminal 110 receives data stored in the smart card 120 and executes a certification operation to determine whether currently entered fingerprint information of the user matches with the owner fingerprint information stored in the smart card 120. For example, if the terminal 110 finds a match, the terminal 110 may certify the user as the registered smart card owner.
The user fingerprint information unit 111 of the smart card terminal 110 extracts the fingerprint information of a user who requests security certification, and then stores the extracted fingerprint information.
The fingerprint certification engine 113 of the smart card terminal 110 determines whether the fingerprint information transmitted from the smart card 120 matches with the stored fingerprint information. When a match occurs, the fingerprint certification engine 113 may certify that the user is the registered owner of the smart card 120.
However, the fingerprint information stored in the conventional store on card system 100 includes all of the information of a user's fingerprint. When security certification is requested, the smart card 120 transmits this fingerprint information to the smart card terminal 110. If an unauthorized device (not shown), i.e. not the smart card terminal 120, reads the transmitted fingerprint information, personal fingerprint information may be compromised.
FIG. 1B is a view of a conventional match on card system. Referring to FIG. 1B, the conventional match on card system 150 includes a smart card terminal 160 and a smart card 170. The smart card terminal 160 includes a user fingerprint feature information unit 161. The smart card 170 includes a fingerprint certification engine 171 and an owner fingerprint feature information unit 173.
The user fingerprint feature information unit 161 obtains a fingerprint of a user who requests security certification, and extracts fingerprint information of the user to transmit the extracted information to the smart card 170.
The owner fingerprint information unit 173 stores the fingerprint feature information of the smart card user. When security certification is requested, the owner fingerprint feature information unit 173 transmits the owner fingerprint information to the fingerprint certification engine 171.
The fingerprint certification engine 171 determines whether the user fingerprint information transmitted from the smart card terminal 160 matches the stored owner fingerprint. If a match occurs, the fingerprint certification engine 171 may certify the user as the owner of the smart card 160.
The conventional match on card system 150 does not directly transmit the owner fingerprint information, which is stored in the smart card 170. Therefore, the owner fingerprint information is not revealed. Due to complexities in the certification process performed by the fingerprint certification engine 171, the smart card 170 may need additional memory or a more powerful central processing unit (CPU).
However, since the memory capacity of the smart card 170 may be low and the processing power of the CPU on the smart card 170 may be poor, the fingerprint certification process may take a long time. Further, due to the hardware limitations of the smart card 170, a fingerprint certification engine with a less than adequate accuracy may be employed therein.
Thus, there is a need for more efficient methods and systems for verifying a user's fingerprints that reduce the likelihood that the user's personal fingerprint information will be compromised by an unauthorized party.