WO2007141728A1 - Système de sécurité destiné à être utilisé avec les performances d'une opération restreinte - Google Patents

Système de sécurité destiné à être utilisé avec les performances d'une opération restreinte Download PDF

Info

Publication number
WO2007141728A1
WO2007141728A1 PCT/IB2007/052083 IB2007052083W WO2007141728A1 WO 2007141728 A1 WO2007141728 A1 WO 2007141728A1 IB 2007052083 W IB2007052083 W IB 2007052083W WO 2007141728 A1 WO2007141728 A1 WO 2007141728A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
fingerprint
security system
memory
person
Prior art date
Application number
PCT/IB2007/052083
Other languages
English (en)
Inventor
Ganasen Naidoo
Original Assignee
Ganasen Naidoo
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ganasen Naidoo filed Critical Ganasen Naidoo
Publication of WO2007141728A1 publication Critical patent/WO2007141728A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks

Definitions

  • THIS INVENTION relates to a security system for use with the performance of a restricted action.
  • the invention relates in particular to a security system for use with the performance of a restricted action that must be at least partially authorized by the use of a token that has an electronic memory.
  • An electronic token as envisaged can take many different forms, an electronic card, often referred to as a smart card and serving the purpose of a credit card, a debit card, a medical aid card, a loyalty card, and the like, constituting a token of the type envisaged. Still different forms of electronic tokens also are known.
  • a token as envisaged generally is associated with at least one person who is authorized to use it and has a memory in which it carries information including a unique code.
  • a restricted action which may be a financial transaction
  • security requires a card reader to read the unique code from a token presented to it prior to authorizing the restricted action, i.e. the restricted action only can proceed in response to the unique code having been read from the token presented.
  • a token can be similarly used for access control where the token is presented to a reader which reads the unique code and permits access in response thereto.
  • any reference hereinafter to a token must be interpreted as a reference to a token of the above general type and which is provided for fulfilling an authorization function as part of a security system as envisaged.
  • a security system for use with the performance of a restricted action that must be at least partially authorized by the use of a token that has an electronic memory, which includes
  • a card reader to read the unique code stored in the memory of the token
  • a fingerprint scanner to scan a fingerprint of the person presenting the token
  • a processor to compare the fingerprint scanned with the fingerprint stored and to identify the fingerprints as matching.
  • the security system of the invention may include providing at a location where a restricted action is to be performed and for enabling the use of a token for authorizing the restricted action, authorizing means that includes a card reader, for reading the unique code stored in the memory of the token, and a fingerprint scanner, for scanning the fingerprint of a person presenting the token, and that permits a processor to compare a fingerprint scanned by the fingerprint scanner with the fingerprint stored in the memory of a token and to identify whether fingerprints match.
  • authorizing means that includes a card reader, for reading the unique code stored in the memory of the token, and a fingerprint scanner, for scanning the fingerprint of a person presenting the token, and that permits a processor to compare a fingerprint scanned by the fingerprint scanner with the fingerprint stored in the memory of a token and to identify whether fingerprints match.
  • each token issued to a person may include therein input means and a processor and the authorizing means may include means to transmit to the processor of a token via the input means thereof an electronic representation of a fingerprint scanned by the fingerprint scanner thereof, the processor of the token permitting the fingerprint scanned and the fingerprint stored in the memory of the token to be compared and a match to be identified.
  • the authorizing means may include a reader for reading the electronic representation of a fingerprint stored in the memory of the token and means to transmit the representation and an electronic representation of a fingerprint scanned by the fingerprint scanner thereof to a processor for comparing the two representations and for identifying a match.
  • the security system may include a processor as part thereof, that may be remotely located from the authorizing means, or that may form a part of the authorizing means, and that can serve to compare an electronic representation of a fingerprint scanned with an electronic representation of a fingerprint stored in the memory of a token and to identify a match.
  • the security system may provide for each token issued to a person to include disabling means for disabling the use of the token in response to fingerprints compared not identifying a match. As such, the possible use of a lost or stolen token can be completely eliminated. Still further according to the invention, the security system may provide, for each token issued to a person, storing in the memory of the token unique information associated with the person, permitting use of the information for overriding the requirement of a fingerprint match for authorizing the performance of a restricted action with the use of the token.
  • the unique information associated with a person to whom a token is issued typically may be the identity number of the person or the passport number of the passport of the person, the provision of this information to the processor of the system, typically via a keypad associated with the fingerprint scanner, providing for a restricted action to be authorized in a situation in which the person to whom the relevant token has been issued cannot have his fingerprints scanned due to injury or due to being otherwise incapacitated.
  • the security system of the invention can be integrated with the use of a computer for making financial transactions via the internet, an authorizing means as envisaged thus being associated with a computer and requiring a fingerprint match as envisaged for authorizing the financial transaction via the internet with the use of the computer.
  • the security system of the invention can be similarly integrated with other financial transactions to be performed by a different means and where authorization is necessary.
  • a bank has a server which is a processor that serves to authorize and perform actions in the form of certain types of payment transactions made via the use of tokens in the form of debit or credit cards issued by the bank to customers.
  • Each card so issued to a customer is linked to at least one account of the customer with the bank.
  • Each such card may then be used to pay for purchases at remote points of sale of merchants, each of which is provided with a point of sale terminal.
  • Only one such terminal 14 is shown in the diagram, this terminal including a central processor 16, a card reader 18, a fingerprint scanner 20 and a keypad 22.
  • the server 10 and the point of sale terminal 14 form part of a payment transaction authorization system.
  • Each card issued to a customer is a smart card and, as such, each card has a processor and an electronic memory.
  • the electronic memory of each card has a unique code stored therein which is linked to at least one account with the bank.
  • a customer Prior to the bank issuing a customer with a card, be it a debit card or a credit card, the customer is required to present himself at the bank to have a scan of the print of a particular finger performed. An electronic representation of the fingerprint as scanned is then stored in the memory of the card. The customer clearly is the person authorized to use the card to make payments from the account to which the card is linked.
  • a card is an example of a token as herein envisaged and insofar as such a card may be used by more than one customer, it will be understood that in such a case a representation of a fingerprint scan of each customer must be stored in the memory of the card.
  • the card Upon a customer wishing to pay for a purchase via the point of sale terminal using his debit or credit card, which clearly is a restricted action as herein envisaged insofar as such a payment only should be permitted if the card is presented by the person to whom it has been issued, the card is inserted into the card reader 18.
  • the customer also presents the finger which has an electronic representation of its print stored in the memory of the card to the fingerprint scanner for scanning and the scanner performs a scan thereof.
  • the card reader 18 then reads from the memory of the card the electronic fingerprint representation stored in the memory and transmits it to the central processor 16.
  • the fingerprint scanner 20 also transmits the electronic representations of the fingerprint scanned to the processor 16, the processor hence running an algorithm which compares the fingerprint scanned with the stored fingerprint representation and, upon finding a match, permits the reader 20 to read the unique code of the card and to transmit it to the processor.
  • the restricted action can proceed insofar as the use of the card for performing the restricted action is then authorized.
  • the restricted action will proceed via the keypad 22, this process involving details of the purchase and payment option exercised to be entered and transmitted via the processor 16 to the server 10, which then accepts the payment transaction on the account associated with the code.
  • the comparison of the fingerprint representation stored in the card and the fingerprint scanned may be performed via an algorithm run on a remote server such as the server 10.
  • the processor of the card used to perform a transaction may run an algorithm which does the comparison. This will require the fingerprint scanned to be transmitted via the card reader, or any other reader, to the processor of the card.
  • a token need not necessary be in the form of a card, it thus being envisaged that a token can have various other physical properties that will render it suitable for particular applications.
  • an access control system e.g. a system which controls an electronic lock on a door that provides access to a restricted area.
  • a system may require, prior to unlocking the lock, the presentation of both a token, in the form of an access card that has a code and an electronic representation of a fingerprint stored therein, for reading via a reader, and the corresponding finger, for scanning via a fingerprint scanner.
  • a correct code being read by the reader and a fingerprint match clearly will then permit unlocking of the lock and, as such, access through the door controlled thereby.
  • the security system of the invention can be associated with many other applications including different financial applications, particularly such applications where restricted actions are involved and where a token is used for performing these actions.
  • the memory of the associated token may have personal information stored therein, e.g. an identity number or a passport number, and by providing this number to a processor via a suitable keypad, use of the token for performing a required action can be authorized.
  • personal information e.g. an identity number or a passport number
  • the security system of the invention also can be associated with many other security precautions which may be associated with the performance of restricted actions in combination with the authorization of the use of a token as herein envisaged.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un système de sécurité destiné à être utilisé avec les performances d'une opération restreinte qui doit être autorisée au moins en partie par l'utilisation d'un jeton qui possède une mémoire électronique, tel qu'une carte à puce. Lorsque le jeton est délivré à une personne, en plus d'avoir un code usuel unique dans sa mémoire, il a en lui une représentation électronique d'une empreinte digitale de la personne en mémoire. Sur sa présentation, en lançant une opération restreinte telle qu'une transaction financière, afin que l'opération restreinte soit autorisée, un lecteur de carte doit lire le code unique, un lecteur d'empreintes digitales doit scanner l'empreinte digitale de la personne et un processeur doit comparer l'empreinte digitale scannée à l'empreinte digitale en mémoire dans le jeton et identifier une correspondance.
PCT/IB2007/052083 2006-06-08 2007-06-04 Système de sécurité destiné à être utilisé avec les performances d'une opération restreinte WO2007141728A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA200604712 2006-06-08
ZA2006/04712 2006-06-08

Publications (1)

Publication Number Publication Date
WO2007141728A1 true WO2007141728A1 (fr) 2007-12-13

Family

ID=38515732

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/052083 WO2007141728A1 (fr) 2006-06-08 2007-06-04 Système de sécurité destiné à être utilisé avec les performances d'une opération restreinte

Country Status (2)

Country Link
WO (1) WO2007141728A1 (fr)
ZA (1) ZA200810151B (fr)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000055800A1 (fr) * 1999-03-18 2000-09-21 Unnikrishnan, K. P. Terminaux de point de vente (pos) a verification biometrique
US6325285B1 (en) * 1999-11-12 2001-12-04 At&T Corp. Smart card with integrated fingerprint reader
US20020021001A1 (en) * 2000-04-07 2002-02-21 Micro Dot Security Systems, Inc. Biometric authentication card, system and method
US20020138438A1 (en) * 2001-02-23 2002-09-26 Biometric Security Card, Inc. Biometric identification system using biometric images and copy protect code stored on a magnetic stripe and associated methods
US20020178124A1 (en) * 2001-05-22 2002-11-28 Lewis Shawn Michael Credit card verification system
US20030195842A1 (en) * 2002-04-15 2003-10-16 Kenneth Reece Method and device for making secure transactions
US20040103061A1 (en) * 2002-11-25 2004-05-27 Wood Richard Glee Smart card for accelerated payment of medical insurance

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000055800A1 (fr) * 1999-03-18 2000-09-21 Unnikrishnan, K. P. Terminaux de point de vente (pos) a verification biometrique
US6325285B1 (en) * 1999-11-12 2001-12-04 At&T Corp. Smart card with integrated fingerprint reader
US20020021001A1 (en) * 2000-04-07 2002-02-21 Micro Dot Security Systems, Inc. Biometric authentication card, system and method
US20020138438A1 (en) * 2001-02-23 2002-09-26 Biometric Security Card, Inc. Biometric identification system using biometric images and copy protect code stored on a magnetic stripe and associated methods
US20020178124A1 (en) * 2001-05-22 2002-11-28 Lewis Shawn Michael Credit card verification system
US20030195842A1 (en) * 2002-04-15 2003-10-16 Kenneth Reece Method and device for making secure transactions
US20040103061A1 (en) * 2002-11-25 2004-05-27 Wood Richard Glee Smart card for accelerated payment of medical insurance

Also Published As

Publication number Publication date
ZA200810151B (en) 2010-10-27

Similar Documents

Publication Publication Date Title
CA2381807C (fr) Systeme de carte multi-applications protege
US7427019B2 (en) Biometric identification system, method and medium for point of sale environment
KR101667388B1 (ko) 지정맥과 지문을 동시에 스캐닝하여 사용자 인증을 처리하는 다중 안전 잠금 기능을 갖는 금융 거래 중계 시스템 및 그의 처리 방법
US20020169720A1 (en) Method for cardholder to place use restrictions on credit card at will
US10504104B2 (en) Multifunction card including biometric data, card payment terminal, and card payment system
US7773780B2 (en) Augmented biometric authorization system and method
KR101543222B1 (ko) 다중 안전 잠금 기능을 구비하는 금융 거래 중계 시스템 및 그의 처리 방법
US20180225669A1 (en) Financial transaction relay system having multi-safety lock function of processing user authentication by scanning both finger pulse and fingerprint, and processing method therefore
EP1208489A1 (fr) Transactions electroniques de debit et credit sans jeton
US20190147684A1 (en) Biometric data registration system and payment system
JP4500760B2 (ja) Icカード内認証システム
CN105229709A (zh) 安全性系统
US20030046555A1 (en) Identity verification using biometrics
JP2007164423A (ja) 個人認証システム及び個人認証方法
JP2000215279A (ja) Icカ―ド決済装置
Onyesolu et al. Improving security using a three-tier authentication for automated teller machine (ATM)
Alhothaily et al. Towards more secure cardholder verification in payment systems
JP4834785B2 (ja) 現金自動預払システム及び装置
JP2006155636A (ja) Icカード決済装置
US8316050B2 (en) Identification and authorization system
JP2007072777A (ja) 取引処理システム
WO2002005077A2 (fr) Procede et systeme d'utilisation d'un echantillon biometrique destines a l'acces electronique a des comptes et a l'autorisation de transactions
US20100038418A1 (en) Method for biometric authorization for financial transactions
WO2007141728A1 (fr) Système de sécurité destiné à être utilisé avec les performances d'une opération restreinte
JP4500834B2 (ja) Icカード内認証システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07736079

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 07736079

Country of ref document: EP

Kind code of ref document: A1