Method and device for determining authenticity of system user

IPC classes for russian patent Method and device for determining authenticity of system user (RU 2371763):

H04L9/32 - including means for verifying the identity or authority of a user of the system (security arrangements for protecting computers or computer systems against unauthorised activity G06F0021000000; dispensing apparatus actuated by coded identity card orcredit card G07F0007080000; specially adapted for wireless communication networks H04W0012000000)

G06K9/62 - Methods or arrangements for recognition using electronic means

G06F21/20 - ELECTRIC DIGITAL DATA PROCESSING (computers in which a part of the computation is effected hydraulically or pneumatically G06D, optically G06E; computer systems based on specific computational models G06N; impedance networks using digital techniques H03H)

Another patents in same IPC classes:

Interacting module facilities for collection of authenticators and access / 2369025
Invention is related to the field of machine access, in particular to identification and authentication of object, user or principal with authenticator for logical entry into local and/or remote machine with operating system. Authenticators are transformed by means of one of multiple different modules of authenticator provides, every of which transforms according different type of authenticators into common protocol. Transformed authenticators are sent through application programming interface (API) to user interface module (UI) of logical entry to operating system (OS) of local machine, which is called by UI module of logical entry for authentication of transformed authenticators according to database of authenticators. User identified with transformed authenticator realises a logical entry for access to local machine in case of successful authentication.

Method of controlling access to cdma network / 2367099
Invention relates to mobile radio systems. For a CDMA network, which comprises not less than one base station, a control device and i mobile stations, where i=1, 2, …, N, binary identifier sequences I_i are generated for i mobile stations, which are stored in the control device of the CDMA network and in the i-th mobile station. A binary call sequence is generated in the i-th mobile station from the binary identifier sequence I_i of the i-th mobile station and the number of the called subscriber. The binary call sequence of the i-th mobile station is sent to the base station. The received binary identifier sequence is separated in the base station from the received binary call sequence and the i-th mobile station is granted access to the CDMA network. Binary secret key sequences K_i , where i=1, 2, …, N, for mobile stations are generated for the sender and the recipient, and stored in the control device of the CDMA network and in the i-th mobile station. A function F₁ is generated for generation of a code sequence and a function F₂ for generation of a call key for the mobile station.

Cdma network access control system / 2366096
Invention relates to mobile radio systems. In a known CDMA network access control system, comprising an authentication centre, base station and a mobile station, during reception and authentication at the base station of a received binary call sequence, it is determined right away, without additional verification, whether the said sequence is a binary call sequence for a serviced or non-serviced mobile station.

Provision for protected input into system with highly reliable program execution environment / 2365988
Invention relates to computer engineering, and generally to computer security. The method of providing for protected input comprises stages on which: a data stream entered by a user is received from a trusted input device in a second program execution environment; the received stream is sent from the second program execution environment to a protected program execution environment; determination is made of whether the protected program execution environment is in standard input mode; the initial data stream entered by the user is sent to the protected program execution environment based on the input mode of the latter; if the protected environment is in standard input mode, then at least the first part of data entered by the user is sent to the second program execution environment; determination is made of whether the data entered by the user contain user instruction for highly reliable input mode (NIM) and if so, and the protected program execution environment is not in highly reliable input mode, the protected program execution environment is switched to highly reliable input mode.

Three-way checking and authentication of boot files, transferred from server to client / 2365987
Invention relates to systems and methods of checking and authenticating clients, servers and boot files. A server authenticates a client. The client authenticates the server. Boot files are transferred from the authenticated server to the authenticated client. The client can authenticate boot files before execution to create an operating system.

System and method of use of packed compressed buffers for improved data transfer between client and server / 2365049
Invention concerns computer systems, in particular, to ways of data transfer between client and server applications, such as e-mail applications. A method of grouping of numerous sets of responses on a server and sending of responses to the client in one group (i.e. "generated chain" or "packed" group). Each set of responses can be changed and-or compressed. If the client accepts group each set is processed separately. The client can be executed with possibility of handing on of the size of not compressed set of responses with which it can operate. The server can use this information for creation of sets of responses of the resolved size and can compress or not compress sets of responses. The server can form chains of sets of responses and can continue forming of a chain of the compressed or uncompressed sets until the server buffer will not be full or close to filling. The set of responses generated by a chain can be sent then to the client and can process each set of responses separately.

Method of forming of electronic documents and device for its realisation / 2365047
Invention concerns area of electronic document circulation. The essence of the invention consists in a preliminary presentation of a biometric image of the person, wishing to generate an electronic digital signature, and subsequent neuron network transformation of the submitted biometric image in a confidential key of electronic digital signature. Electronic digital signature check is carried out on an open key and in case of an incorrect electronic digital signature code a biometric image of the signing person is submitted again. The method under item 2 consists that attributes of biometric safety, such as: number of attempts of a biometric image submission at forming of a electronic digital signature, number of wrong bits in error codes of a confidential key, current time of each attempt of electronic digital signature forming, description of a pattern of system of electronic digital signature forming at the moment of time to each attempt of electronic digital signature forming are brought in the created electronic document.

Route tips / 2365046
Invention concerns route tips, in particular, to provide route tips from hosts for their use at the network gateway. The device providing route tips to the client contains, at least, one processor and the machine-readable carrier including the instructions executed by the processor, intended for management of a host for performance of the actions containing: formulation and preservation of the message of the host containing the information about session identifier, with the session identifier which is created dependent on the host identifier; sending of the formulated and kept message of the host containing the information on the identifier of a session which includes the session identifier, from a device; reception of the message from the client; and definition, whether the received message includes a received session identifier. The network gateway contains, at least, one of the following devices: a router, a firewall, an intermediary module, a network load equalising device.

Call-based authentication, without need for knowledge of secret authentication data / 2363985
Invention relates to authentication. The method has stages on which secret key data are generated by an authenticating computer object, which are not known to an additional authenticating, authenticated or additional authenticated computer objects; the secret key data are sent to the additional authenticating computer object; secret key data, known to the additional authenticating and authenticated computer objects, are encrypted; the encrypted secret key data are sent as a call to the authenticating computer object, authenticated computer object, additional authenticated computer object; encrypted secret key data are decrypted; using secret data, the secret key data are sent as a reply to the authenticated computer object; a reply is sent the authenticating computer object; and the authenticated computer object is authenticated by the authenticating computer object using the said reply.

Method of flow control in wireless data-transmission networks / 2361372
Invention relates to wireless communications. In wireless data-transmission network, first flow data is transmitted during the first part of recurring time period, and note that first dataflow is with at least one remote device. Also control data is transmitted during the second part of recurring time period with control data containing first dataflow identifying code. There is adhered preset time interval when transmission of the second dataflow by at least one remote device using reserved identifying code is prohibited. This time interval follows first dataflow. And in receiving such transmissions this dataflow is considered to be active till the moment by which this dataflow is absent during the second part of recurring time period for at least preset time interval.

Image processing device, image processing method, program for image processing method and recording medium for program for image processing method / 2367021
Present invention can be used, for instance, in resolution transformation. In the device and method for processing images, gradient direction v1 of the edges with the largest gradient of pixel values is detected, as well as direction v2 of the edges, orthogonal to the gradient direction v1 of the edges. Processing is done for improving and smoothing out in the gradient direction v1 and direction v2 of the edges, respectively, so as to generate image output data D2.

Method of scanning image of skin lines and device to this end / 2363049
Invention relates to computer engineering and can be used for biometric personal identification. In the method of scanning an image of skin lines, radiation flux is generated using at least two sources at different wavelengths, and radiation from each source is directed to a receiving surface at different angles of incidence. The device for realising the method has a radiation-transparent cylinder, which can turn about a fixed axis by an angle, which provides for complete movement of the analysed section of the skin relative the radiation flux from the radiation sources. The radiation sources and receiver are immovable with respect to the cylinder.

Device for detecting contours of objects on images / 2362210
Invention relates to object recognition and can be used in computer vision systems during image pre-processing. In the device for detecting contours of objects comprising an image sensor, unit for selecting horizontal and vertical pulses, analogue-to-digital converter, generator, digital signal processor, random access memory, there is also a selector, filter unit, spatial differentiation unit, buffer memory for the filter unit, buffer memory for the spatial differentiation unit, connected to each other as indicated in the formula of invention. Faster operation is achieved due to hardware implementation of filtering and spatial differentiation operations in corresponding units of the device.

Method and device for identifying object images / 2361273
Invention relates to computer engineering and can be used in computer vision systems for identifying objects on images. Technical outcome is achieved due to that, the standard is stored not as a series of flat projections, which contain different aspect angles of the object, but its three-dimensional representation in vector form. During identification, the three-dimensional image is rotated, each time with generation of a series of flat images until a match is found. When solving the given task through direct search for all versions, computing time is long, therefore a series of parametres of the object are used, the class of which relates to the given object, overall dimensions. This set of parametres is determined for each model taking into account complexity of its shape. An image is sent to the input of the analyser, presented by an array of pixels in grey gradations, i.e. each element of the array assumes a value from 0 to 255. The array dimension depends on sampling parametres of the image.

Ink separator and interface for corresponding application program / 2358316
Present invention relates to methods of communication between an application program and electronic ink. The method of supporting communication between an application and an object for separating ink (which stores ink lines, which are going to be separated into groups), can include the following stages: (a) a request for separation is sent to the ink separation object, possibly using an application; (b) in response to the request for separation, a separation method is called, which groups stored ink lines into one or more groups of lines, with the first pre-determined level of detail (for example, words, lines, indents, sentences, drawings etc.); and (c) making information, related to one or more groups of lines, accessible to the application. This information, which is made accessible to the application, can include, for instance existing groups of lines, number of groups of lines, with the first pre-determined level of detail, machine generated text, corresponding to the groups of lines, or similar information.

Method of identifying living finger / 2358315
Present invention relates to dactylography and can be used for preventing unauthorised access to a protected system by random persons. The method of identifying a living finger is based on comparing distinctive features of a papillary figure when a finger is pressed twice to the receiving surface of a scanner. The degree of linearity of displacement of coordinates of the distinctive features of the papillary figure determines whether the finger is living.

Synchronous comprehension of semantic objects for highly active interface / 2352979
Invention is related to access to information in computer system with application of recognition and comprehension. Invention provides for realisation of user input recognition prior to completion of user input, i.e. at user, but not system stage, which makes it possible to avoid alternating character of plain-text dialog with computer. Semantic analyses may be assessed on result that is immediately reported to user.

Method of protecting personal biometrical identification and authentification data / 2346397
Invention deals with techniques employed for protection of data in the course of biometrical identification and authentification and is highly relevant for e-transaction conclusion, e-trade and Internet-banking. In case of neuron network storage of the user personal key and biometrical parameters encryption of the neuron network description tables is done with segments of the key located within the neuron network proper.

Associative identification device / 2342702
Present invention pertains to associative identification devices. The device contains P parallel adders and P units for calculating the activation function, P groups of units for generating membership function values.

Method of comparison of imprint of capillary patterns / 2331108
Invention relates to the field of identifying fingerprints, palm-prints and footprints and can be used in criminology, in systems of averting unauthorised access to protected premises. The technical result is the increase in the speed of comparison of fingerprints. The result is reached by building a nest for each feature, which contains the geometric and topological characteristics of the vicinity of a feature, comparing the nests of different patterns first with respect to the topological characteristics, and then according to geometric characteristics, separating the best pairs of nests and, from each chosen pair of nests, developing in parallel the fragments of the compared patterns by the method of passage from one pair of nests to another along the way of the best comparison of nests, accumulating the estimations of the comparison of nests for each way of the development of fragment and selecting the best estimation.

Safety connection to keyboard or related device / 2371756
First initial value is known both to the keyboard and the component. Keyboard and component exchange time values. Both the keyboard and the component compute the second initial value and the third initial value on the basis of time values and the first initial value. Both the keyboard and the component make one and the same computation so that both the keyboard and the component have one and the same second and third initial values. The keyboard encodes keystrokes meant for the component by using CBC-3DES method on the basis of the key and the second initial component, as well as creates message authentication code for each keystroke by using CBC-3DESMAC on the basis of the key and the third initial value. The component encodes and verifies keystrokes by using the key and the second and the third initial values.

FIELD: information technologies.

SUBSTANCE: method and device for determining authenticity of the system user is based on comparing coordinates of peculiar features of papillary patterns of fingers at double finger touch of the receiving scanner surface. During the first registration there obtained are pictures of at least two fingerprints, and during the second registration there obtained is the picture of at least one fingerprint, at that, the second registration is performed upon "request-answer" protocol command. Authenticity is considered confirmed in case of non-linear dependence of coordinate offsets of peculiar features of the first and the second pictures. Device for implementing the method consists of a scanner, picture processing unit, database, comparing unit, protocol forming unit connected to the scanner, and comparing unit. Protocol forming unit display panel is located on the scanner front surface.

EFFECT: ensuring high accuracy of authenticity and excluding the access of occasional persons to the protected system.

3 cl, 3 dwg

The invention relates to a method and apparatus for determining the authenticity of a user (or user group) of the protected system and can be used to prevent access to the system of unregistered persons, or persons intending to commit illegal actions in respect of the protected system. By system we mean a communication channel with the Bank, facility, office of public authorities... the Method is based on the comparison of fingerprints (or hands) of the user of the protected system with data stored in a database of electronic images of fingerprints or their models, for example in the form of coordinates (or coordinates and vectors) features of papillary lines.

Known analogue of the invention, such as method and device for verification transaction (application WO 9618169 A1, IPC 7 G06K 9/00, priority from 01.12.1995,), which consists in the following. Through the device of "live" scanner (hereinafter referred to as scanner) get the fingerprint of the person conducting the transaction, after which convert the received fingerprint in the electronic image and remember it. Then the stored electronic image is compared with the electronic image corresponding to the fingerprint image of the person conducting the transaction. The transaction is permitted only when the electronic image is a fingerprint of a person, conducting the transaction, mainly corresponds to the stored fingerprint image of an individual who is authorized to conduct the transaction. In case of discrepancy between the image resolution on the transaction is not given.

The disadvantage of this method is that it does not allow to distinguish the dummy coated with a papillary relief pattern from a live finger client and, in the absence of additional visual control, in the protected system can penetrate the attacker.

Also known a method and a device for verifying the identity of the person, where the coordinate system of the device, the constant for fingerprint, is a control (application US 2004/0175023 A1, IPC G06K 9/00, publ. 09.09.2004 year). This invention is based on the idea of using a fingerprint in a permanent system of coordinates in such a way as to make possible the comparison of private attributes (features) of papillary pattern in a continuous coordinate system while checking the identity of the person.

The disadvantage of this method is that it is not possible to distinguish the fake from the real (live) finger client.

Also known a method of restricting access to the protected system described in the patent of Russian Federation №2289845, IPC G06F 21/20, G06F 21/06, publ. 20.12.2006, How is that getting a first fingerprint image of the user the system I, identify the user's identity by comparing the first image with a set of images from the database system, first determine the coordinates of the features of the first image in the coordinate system located on the receiving surface of the scanner, and put the first coordinates of the features in the database system, then get a second (repeated) the fingerprint image of the user in the same coordinate system, determine the second coordinates of the features of the second image, and enter the second coordinates of the features in the database system. Then determine the difference between the first and second coordinates for the same features of the first and second images, and in case of equality in difference to zero take a negative decision to admit a user to the system, and when zero is a positive decision.

In comparison with the known technical solutions, this method provides a higher degree of system protection, but it also does not allow to distinguish the fake from the real one finger of the user of the system. Quite the same model with offset or with some rotation (relative to the coordinate system of the scanner) to enter into the system, and it identifies the attacker as a user and passes it to the system. This is the disadvantage of this method.

Closest to izobreteny what is the method and the device, described in the patent of the Russian Federation No. 2216114 "Method, device, SIM card and system for determining the authenticity of a user or group of users, IPC NM 1/675, publ. 10.11.2003, the Method includes the entry and temporary storage of video data on the physical characteristics (fingerprints, eyes, voice, and so on) of the user (users group) at the entry point in the network (system), processing said information, resulting produce certain signs as biometric codes, storing biometric codes in tables biometric server and on the SIM card of the user, and at least one code in one table assign the appropriate user, the user input the SIM card containing at least one personal biometric code to the communication terminal, write, and temporary storage of the current video information at least one physical characteristic of the user by the image sensor, processing the temporarily stored current video information about the user in the result set and temporarily retain at least one specific characteristic as a biometric code, the determination of authenticity by comparing at least one current biometric user code with at least one stored biometric code,and when a positive comparison, the authenticity is confirmed, negative comparison authenticity is unconfirmed. This method is chosen as a prototype.

The method is implemented using mobile devices for telephony, which contains the interface for placing the SIM card and the image sensor, memory means for storing biometric codes, processing tools for the establishment of specific characteristics, and means for comparing these certain characteristics with stored biometric codes. For the communication terminal uses a SIM card, a memory which stores at least one biometric code to determine the authenticity of a user. This device is selected as a prototype.

The disadvantage of this method and device, it performs is the fact that they are vulnerable to imitation, i.e. there is the possibility of penetration into the system the attacker via the communication terminal. In addition, as a result of loss or theft of the SIM card, it contains information about biometric codes can be decoded by experts in the mercenary purposes.

The problem solved by the present invention is to increase the degree of system protection and communication devices from accessing the system of unregistered persons.

This is achieved by the fact that in the known method, based on the comparison of fingerprint images according to the of the invention:

- when you first sign images are at least two fingerprints of the user, and when the second registration receive an image of at least one fingerprint, the same with one finger (or the same with fingerprints, if several) when you first register;

the second registered fingerprint of the user of the system is done according to the command Protocol "challenge-response";

in the coordinate system of the scanner determine the direction and magnitude of displacement of the coordinates of the same features of the first and second images of the same fingerprint;

in the case of the nonlinear dependence of the direction and magnitude of displacement of the coordinates of the same features of the authenticity of the user is considered confirmed, and in the case of a linear dependence of the authenticity of the user is considered unconfirmed.

To solve the problem in the device for determining the authenticity of a user of the protected system containing electrically connected the scanner to register papillary pattern, the block image processing, database Comparer additionally contains a block formation Protocol "challenge - response", is electrically associated with the unit of comparison and a scanner, and a display panel command processing unit Protocol from Agena on the front panel of the scanner. Preferably, the device for determining the authenticity of a user of the protected system runs in a single package.

The invention is illustrated in the drawings.

Figure 1 shows the block diagram of a device that implements the inventive method.

Figure 2 (a and b) shows the possible magnitude and direction of displacement of the coordinates of the same features of papillary pattern for identical fingerprints.

A device for determining the authenticity of a user of the system contains (variant) the scanner 1 to the receptor surface 2 which follow the 3 fingers. In the device processing unit 4 converts images black and white picture of papillary lines of the fingers 3 in the electronic image, segmenting a single image to image individual fingerprints, if more than one, determines the coordinates of the features for each of papillary pattern of the finger (the end of papillary lines, split or merge lines) in the coordinate system of the scanner. The coordinate system of the scanner is on the receiving surface 2 of the scanner 1. The device contains a database 5 (memory), which stores previously registered electronic images of fingerprints of users and their models (in the form of coordinates of the features vectors of features...) and the active image, the floor is aimie during registration at the time of a user accessing the protected system. In addition, the device includes a Comparer 6, in which the comparison is stored in the database 5 images with an active image of the fingerprint, such as coordinates and vectors of features, the power generation Protocol "challenge - response" 7 forming teams for the user, for example, in the form of text that can fit on the display panel, for example, a miniature screen 8, located on the front (facing the viewer) panel of the scanner 1. Comparison of fingerprint images or the corresponding coordinates and/or vectors of the features described in the book: "Davide Maltoni, Dario Maio, Anil K. Jain. Handbook of Fingerprint Recognition. Springer-Verlag New York, 2003. pp.131-170". Blocks 1, 4, 5, 6 and 7 of the claimed device interconnected electrical connections 9 and can be made in a single body, including in the form of a mobile device (figure 1 case not shown).

The implementation of the method using the device is as follows. Using the scanner 1 receives the first image of the at least two fingerprints of a user of the system (for example, four fingers of one hand, excluding the thumb). For convenience, the fingers can be numbered sequentially, starting with the thumb, i.e. in the specific example applied to the fingers from the 2nd to the 5th. The electrical signal from the scanner 1 to tie the 9 is transmitted to the processing unit 4, convert black and white drawings papillary patterns fingers in electronic images, which are then entered into the database 5. One electronic image may be segmented into multiple electronic images, if it contains images of several fingers. Then when you first sign up (when the first image) in the database 5 may be listed several individual images one finger each. The identity of the user identified by comparing the results of the first registration of four fingers with the existing database 5 the set of images in the unit of comparison 6. Identification methods are described in the same book and can be implemented as self-images, and the results of their computer processing. If the identification is found that the identity of the user registered in the system, then perform the subsequent steps of the method, otherwise, the system issues a denial of access. It should be noted here that when the user identification is not yet known, was applied to the scanner living finger or dummy. After identification of the user in the processing unit 4 in the coordinate system of the scanner first determine the coordinates of the features of the first (initial registration) images of fingers and put them into the database 5. Then with the help of block 7 in the Protocol call - reply to" form a team, for example, the phrase "Attach to the scanner 2nd and 3rd fingers"or "Attach to the scanner of the 3rd and 5th fingers, or other combination of one to three fingers and this phrase is displayed to the user on the display panel 8, which is located on the front panel of the scanner 1. The user applies the specified his fingers to the receptive surface 2 scanner 1 (second register), resulting in a second image of the fingerprint of the user, process it in unit 4, segments the image into images of individual fingers, if necessary, determine the second coordinates of features for the second finger image or for each finger separately in the coordinate system of the scanner 1, and enter the second coordinates in the database 5. The luminescence (audio message) command block 7 formation Protocol "challenge - response" is necessary to protect the system from hackers and intruders, who somehow took the fingerprints of real users. Registering the image, the system identifies the attacker as a real user and "miss" him to commit to them for further action. The presence of unit 7 makes it difficult for the attacker, since it is a priori not known which of the fingers need to put the scanner in the second register.

Later in the coordinate system of the scanner determine the direction and magnitude of displacement of the coordinates of the same features of the first and second images of the same finger and in case of their non-linear dependence of the authenticity of the user is considered confirmed, and in the case of linear dependence is unconfirmed. The sameness of the fingers can be verified by comparison of the fingers, for example, after image segmentation of multiple fingers on images of individual fingers. The sequence of method completed.

The following should be noted. The fake finger made on its surface relief pattern of papillary lines is usually made from rubber. When the application of the model to the receptive surface of the scanner to get an image on the basis of which define the characteristics of papillary pattern. In a double application of the model to the scanner and the subsequent combining of the received images of the same features may not match due to displacement and deformation of the model. If the shift dummy is formed in a natural way, the deformation is manifested by differences in the direction of pressing of the model. However, as studies have shown, the direction and magnitude of displacement of the coordinates of the features for the model are almost linear dependence. It shows AESA is the direction and magnitude of displacements of the features of papillary pattern of dummy equal. For a living finger, the skin of which has a greater elasticity, a zone-inhomogeneous elasticity, the direction and magnitude of displacement of the coordinates of the features of papillary pattern with double application of the finger to the receptive surface of the scanner with the following combination of images is clearly non-linear. Coordinate shift characteristics are significantly different or direction, or magnitude, and usually one and the other together. This fact is known. For rubber dummy (figa) on the example of two points of features shows the direction and displacement of their movements in a double latch finger to the receptive surface of the scanner. One feature from point a moves to point A1, and the other from point To point B1. For dummy takes place ravnopravnosti point displacements, and the approximate equality of displacements. It is estimated by the values of the arguments and modules of the vectors A-A1 and b-B1 formed by the coordinates of the same features. For dummy finger characteristic linear dependence of directions and displacements of points. For live finger (fig.2b) are significantly different as the direction of movement of the coordinates of the features, and the magnitude of their displacement, especially in obestochivanija, close to the periphery of the fingerprint. The vectors A-A1 and b-B1 characterized by a noticeable difference between the values of the arguments and modules, i.e. the observed nonlinear dependence of the directions and/or displacements of points. The applicant developed a criterion for evaluating the nonlinearity of the directions and/or displacements of the features of papillary pattern, allowing you to confidently distinguish the fake finger from a live finger. If you do not consciously apply extra effort to sameness touch your finger to the receptive surface of the scanner, the nonlinear dependence of the directions and magnitudes of displacements confidently observed.

Thus, the proposed applicant's method and apparatus for determining the authenticity of a user of the system can significantly improve the security of the system against the ingress of attackers and with a high degree of certainty to authenticate identity. Furthermore, the method allows to detect the presence of dummy fingers, which currently nullify the protection special protective systems. It should be noted that the proposed method is based on fingerprinting, although some modifications instead of papillary patterns can be used and other biometrics, such as iris, voice, face, and other Important advantage of the proposed method which is also the that "key" to the protected system (fingers) is always with the user in contrast to the SIM card, which can be stolen or lost.

According to the applicant, the proposed solution has novelty, distinctive signs, industrial applicability, not obvious from the prior art and may be protected by a patent for an invention.

1. The method of determining the authenticity of a user of the system, namely, that at the entry point into the system using a scanner to register the first image of a fingerprint of at least two fingers of a user of the system, identify the user's identity by comparing the first image with a set of images from the database system, the coordinate system of the scanner first determine the coordinates of the features of papillary pattern of the first image and store them in the database system registering a second image of a fingerprint of at least one finger of a user of the system, in the coordinate system of the scanner determine the second coordinate features of papillary pattern of the second image and store them in a database system the second check is done according to the command generated by the Protocol "challenge - response", then in the coordinate system of the scanner determine the direction and magnitude of displacement of the coordinates is the same person who values the first and second images of the same finger of the user of the system and in case of the nonlinear dependence of the fields and/or values of the displacements of the authenticity of the user is considered confirmed, and in the case of a linear dependence of the fields and/or values of the displacements of the authenticity of the user is considered unconfirmed.

2. A device for determining the authenticity of a user of the system containing electrically connected the scanner to register papillary pattern, the block image processing, database Comparer, characterized in that the device further comprises a unit for generating Protocol "challenge - response", is electrically associated with the unit of comparison and a scanner, and a display panel of the command block for the formation of the Protocol is located on the front panel of the scanner.

3. A device for determining the authenticity of a user of the system according to claim 2, characterized in that its constituent blocks are made in a single package.