The applying of the recognition of biometric characteristics for access monitoring is a well-known technique per se, as much for access to a site or a protected room as for data stored in a database. Such systems comprise a sensor, for example to read an image of a fingerprint, and means of processing and analyzing this image, deciding on the positive or negative recognition of the individual.
On first impressions, this technique is convincing, as it seems to guarantee that the individual present is the individual that the system has identified, and not an ill-intentioned third party. A more thorough analysis, however, demonstrates that this is not the case. Indeed, it is relatively simple, for a hacker, to bypass the system, for example by picking up the signal transmitted by the sensor during the recognition of an authorized individual, and then reproducing the same signal to give it to the means of processing and analysis. The latter thus conclude on a positive recognition, in the absence of the authorized individual.
It is therefore clear that the known systems do not provide a sufficient level of security for a variety of applications. That is principally due to the fact that these systems use separate elements, which implies the transmitting of sensitive data easily accessible and re-exploitable between these elements.
We considered bringing together within one box, or on one printed circuit, these separate elements. However, that does not alter the problem, even if it does render it slightly more complicated. The sensitive data flows on a bus, for example between the sensor which picks up the imprint and the microprocessor which processes and analyses it. It is now possible, for an ill-intentioned person, with relatively uncomplicated means, to detect the signals flowing on this bus, or to transmit via this bus false data to the microprocessor. It is to be noted that the identification and analysis of this problem are an integral part of this invention.
Over and above this high vulnerability of the current systems, there is also the major problem of protecting private and highly confidential information which constitute the biometric information. Indeed, due to the accessibility of the flows of data coding the biometric characteristics, it is possible to illicitly create a database, for use prohibited by legislation. It would, for example, be conceivable to use such a database to extract individual characteristics, which would allow commercial targeting not authorized by the individual.
As long as these problems have not been resolved, it is naturally neither desirable nor conceivable that these biometric techniques are widely used, for example in governmental or banking applications.
The invention notably has as an objective to offer a solution to these problems of prior art techniques.
More precisely, an objective of the invention is to provide a technique that allows the usage of biometric characteristics in a safe and reliable manner. Notably, the invention has the objective of providing such a technique, which does not allow a potential hacker to collect and reuse the biometric data of a third party.
Another objective of the invention is to provide such a technique, guaranteeing the confidentiality of the biometric imprints of an individual.
The invention also has the objective of providing such a technique, which can be industrially implemented on a large scale, with an acceptable production cost.