Access to information, to a room or the like must in many cases be limited to certain individuals. This may be the case, for example, when electronic money transactions are to be done on the Internet, when in a hospital the access to records is to be limited, or when only certain individuals in a workplace are allowed to have access to certain information or certain rooms. In these contexts portable data carriers are frequently used, for instance intelligent cards or smart cards. A smart card can be described as a card the size of a credit card with an integrated processor or a signal processing means, a storage and a communication interface.
Sensitive information is stored on all smart cards that are used in the above cases. Such sensitive information contains at least a so-called template, which can be described as prestored reference information about the card user. In each attempted use, the card user's right to use the card is verified by this template. Depending on the context in which a smart card is intended to be used, other sensible information may also be stored in the card storage.
The template above may correspond to, for instance, a PIN code (PIN=Personal Identification Number). When the card holder wants to verify his/her right to use the card, he/she places it in a terminal and enters a PIN code. The card holder's card user right is verified if the PIN code entered corresponds to the template stored in the storage. According to another example, the above template can be biometric, i.e. correspond to body-related, individual-specific information, such as the pattern of a user's fingers, palm, iris or the user's voice. A method where a card holder or card user identifies himself by biometric information according to prior art typically proceeds as follows:
The user places his smart card in a terminal and a finger on a sensor which generates a digital image, i.e. a digital representation, of the finger. The digital image of the finger then proceeds to an external processor, for instance a personal computer, where it is preprocessed. In preprocessing, the information quantity in the image is reduced so that, for instance, a binarised image or parts of a binarised image is/are generated. A corresponding preprocessed image is stored on the card as a template. The external processor retrieves the template from the card and compares this with the preprocessed image of the finger. The card holder's card user right is verified if the image matches the template.
When using the portable data carriers described above, a user must arrange them in physical contact with a terminal for them to be able to communicate with the same. This means that under normal circumstances the user of such a portable data carrier thus is always aware of when his/her data carrier communicates with the terminal. The physical contact between terminal and data carrier that is required for communication is, however, sometimes a source of problems, inter alia because of the risk of a loose contact, corrosion on the contact surfaces etc. To solve these problems, it is known to use wireless communication between a portable data carrier and a terminal.
U.S. Pat. No. 6,111,506 discloses, for example, a system where a card-shaped data carrier in the form of a personal identification document communicates wirelessly with a terminal. When the identification document receives a signal from the terminal, it checks whether the terminal is entitled to communicate with the identification document. If this is the case, the terminal is allowed to read data from the identification document. The data read can be biometric data which represent, for example, a fingerprint of the holder of the identification document. In a biometric identification check, the individual showing the identification document is asked to interact with a device, connected to the terminal, for recording of biometric data. In a computer connected to the terminal, said biometric data read from the identification document are then compared with said recorded biometric data. If there is a match between them, it is verified that the individual showing the identification document is the rightful holder of the same. In the case involving this system, the identification document is thus activated to be read by the terminal as soon as it has been established that the terminal is entitled to communicate with the identification document. This means that the data of the identification document are open for reading independently of whether it is the rightful holder of the identification document who shows the same or someone who, for instance, has stolen the identification document. The construction of the system above further causes the problem that communication with the data carrier without its carrier's knowledge is made possible. A terminal in wrong hands may be arranged in secret, for instance, in the vicinity of, for example, a bag or a pocket containing the data carrier and from there read data stored in, or in other ways interact with, the data carrier. This results in a great problem in many situations. One example is if the identification document is a passport and the holder of the passport for some reason does not want to reveal his nationality or other information stored in the passport. The holder of the passport may even want to keep the mere possession of the passport secret. The latter reasoning may also be applied in connection with identification documents in the form of membership cards for different organisations, when it is desirable to keep the membership secret. Finally, if a system corresponding to that stated above should be applied in connection with a data carrier in the form of a bank card, this could mean that someone with a portable terminal could relatively easily steal money directly from the account connected with the bank card.
U.S. Pat. No. 5,484,997 discloses a system, in which a card-shaped data carrier in the form of an identity card communicates wirelessly with a terminal. The identity card is activated to automatically transmit data stored in the same when photocells on the identity card are irradiated. If the identity card is not protected, for example in a wallet or purse when it is not intended to be used, it can thus in an undesirable way transmit data to terminals in the neighbourhood. Moreover sufficient irradiation must be available when using the data carrier to make it function. There is thus a risk that the data carrier cannot be used if it is not arranged in a certain way in relation to the source of radiation, or if the user by mistake puts his fingers over the photocells. Finally, it is difficult to manufacture a durable and practically designed data carrier of the above-mentioned type.