AU2001255978B2 - Secure biometric identification - Google Patents
Secure biometric identification Download PDFInfo
- Publication number
- AU2001255978B2 AU2001255978B2 AU2001255978A AU2001255978A AU2001255978B2 AU 2001255978 B2 AU2001255978 B2 AU 2001255978B2 AU 2001255978 A AU2001255978 A AU 2001255978A AU 2001255978 A AU2001255978 A AU 2001255978A AU 2001255978 B2 AU2001255978 B2 AU 2001255978B2
- Authority
- AU
- Australia
- Prior art keywords
- biometric data
- data
- terminal
- identification
- person
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Description
WO 01/90962 PCT/AU01/00453 1 TITLE: SECURE BIOMETRIC
LOOP
THIS INVENTION relates to the provision of a secure method for the positive identification of an individual, particularly, but not exclusively, as a means for the authentication of a purchase of goods or services or for cash withdrawals over a telecommunication medium. The invention finds particular, but not exclusive, use as a means for secure purchasing of goods or services over a visual medium such as television or other visual display medium or the Internet or as part of an EFTPOS system (electronic funds transfer at point of sate).
However, the invention is not to be regarded as limited to such applications.
The advertising of goods and services over media such as television and the Internet is now commonplace. With television advertising, the public can often purchase the goods or services so-advertised over the telephone using a credit card facility. With the Internet now well known as an electronic medium and powerful communications tool the seamless system (World Wide Web) linking information on different computers, the general public can readily access the Internet for a wide variety of purposes, including to order numerous consumer goods and/or services online. Once again, payment for these goods and/or services is often by a credit card facility. Yet again, payment of goods at their point of sale by credit or debit cards (EFTPOS) is now common in the marketplace.
A significant disadvantage of telecommunication purchasing is that it does not provide positive identification of individuals which is important for preventing unauthorized access to bank account or credit card details by a person wishing to purchase goods or services fraudulently.
Possibly the most common method of positive identification before a sale is authorized over a telecommunication medium is the use of a code specificfor WO 01/90962 PCT/AU01/00453 2 a particular account. These codes, often numeric but can be alphabetical or alphanumeric, are known as PIN numbers (Personal Identification Number) and are used in combination with the particular account number. However, as PIN and account numbers are not dependent on any cross-checking to ensure that they are being quoted over the telecommunication medium by the true proprietor of that PIN number and its associated credit card or bank account, this type of secure transaction is not too difficult to circumvent.
In particular, in current systems utilizing such a magnetic strip credit or debit card, both the user's account identification and PIN number are stored on the card. While this data is encoded, the card can be easily duplicated and then used fraudulently in at least two ways: 1. If the fraudulent user holds the card, a transaction can be completed, without a signature or PIN number, by several methods including over the telephone and the Internet using the card number, card name and expiry date.
2. If the fraudulent user knows the PIN number, then a substitute card can be used in ATM's, EFTPOS terminals, etc.
These fraudulent transactions create liability for both the issuing authority which may be a bank building society or other financial institution and the cardholder leading to subsequent disputes between the two parties.
Positive identification of an individual is also important for preventing unauthorized access to, or passage from, selected locations or facilities such as international destinations, bank vaults and other restricted areas which include secure buildings, jails, airport terminals, etc.
WO 01/90962 PCT/AU01/00453 3 However, this positive identification of an individual can lead to delays for travellers crossing international borders as officials attempt to confirm the identity of the individual by, for example, manual interrogation, comparison of visual features with photographs in passports, or comparing names with lists of restricted individuals who may be banned from entering or leaving a particular country.
One prior art solution proposed for these particular problems is to adopt methodologies relying on a physical attribute of the individual. Such methodologies, commonly referred to as biometric techniques, include fingerprint analysis, thermograms and DNA analysis. These methodologies are considered less vulnerable to mistaken identity.
One such method includes comparing the biometric data on a card proffered by an individual to a previously created database of biometric data of authorized individuals. However, this system can still be foiled by individuals who have obtained a biometric card from its rightful owner. Alternatively, a fraudulent user of the card may partially duplicate the card, retaining any credit details but substituting his/her own biometric data for that of the rightful owner of the card. Further, the data obtained from the individual is usually compared to a vast remote databank of such information which is usually difficult and/or slow to locate and access.
The presently available methods to overcome the above discussed disadvantages can conveniently be summarized as possession of a passport, knowledge of a password, possession of a restricted article such as a pass key, and biometric techniques comparing data on a card by an individual to a remote databank of such information.
WO 01/90962 PCT/AU01/00453 4 However, such security methods are readily circumvented and do not provide satisfactory methods for the positive and expedient identification of an individual.
It is thus a general object of the present invention to overcome, or at least ameliorate, one or more of the above problems andlor disadvantages.
According to a first aspect of the present invention, there is provided a method for the positive identification of an individual, said method including: providing a unique description forsaid individual, said unique description including biometric data of said individual; encrypting said unique description with an encryption key, said encryption key determined from said biometric data; providing identification means adapted for carriage with said individual, said identification means containing said unique description; providing a reading means to obtain verification biometric data from a person offering said identification means; determining an encryption key from said verification biometric data; using said encryption key from said verification biometric data to decrypt said biometric data included in said unique description; and comparing said verification biometric data with said thus decrypted biometric data; WO 01/90962 PCT/AU01/00453 wherein identification of said person is deemed positive if said verification biometric data from said person is identical with said biometric data of said individual included in said unique description.
Preferably, said encryption key is determined from only a part of said biometric data.
Preferably, said biometric data is a fingerprint analysis.
Preferably, said identification means is a card of the type capable of holding information in a machine-readable form.
Optionally, after said reading means has obtained said verification biometric data from said person and said person has been initially positively identified, said verification biometric data is transmitted to a remote databank for further comparison with biometric data held in said databank.
In one embodiment of the present invention, said individual attends a point of issue for said identification means, such as a bank, where normal identification procedures for banking or credit card facilities must be met before said identification means is issued.
According to a second aspect of the present invention, there is provided a device for use in a method for the positive identification of an individual as hereinbefore described, said device including: a facility to obtain said verification biometric data from a person offering said identification means; reading means to read said identification means; WO 01/90962 PCT/AU01/00453 6 decoding means to obtain biometric data from said identification means; and comparison means to compare said biometric data with said verification biometric data.
Preferably, said facility is a fingerprint reader.
Preferably, said reading means is a smart card reader assembly.
Preferably, said reading means is, or is incorporated as part of, a computer, mobile telephone, EFTPOS terminal, ATM, or similar terminal.
In those embodiments where said reading means is incorporated into a mobile telephone, said identification means is incorporated into the SIM card of the mobile telephone.
Optionally, said device will allow a maximum of three consecutive attempts to obtain said verification biometric data and compare with said biometric data included within said identification means. If positive identification does not occur within those three attempts, the identification is deemed negative.
In a third aspect of the present invention, there is provided a method for a secure transfer of data over a telecommunication medium, said method including: providing a transmission means to transmit said data from a person desirous of undertaking a transaction to a party requiring to verify said data in order to validate said data before said transaction can be undertaken; and WO 01/90962 PCT/AU01/00453 7 providing a validation means to ensure that said person is authorized to undertake said transaction; wherein said transaction is authorized upon positive identification of said person determined by the method for positive identification as hereinbefore described.
Preferably, said data is financial data of said person.
Preferably, said transmission means includes a terminal remote from said party whereby said person can supply said data to said party and which includes a cellular telephone or wireless data transmission link.
Thus, according to a fourth aspect of the present invention, there is provided a terminal for use in a method for a secure transfer of data as hereinbefore described, said terminal including: transmission means to transmit identification details relevant to said person to said party; and a facility for said person to provide verification biometric data of said person with said identification details.
Preferably, said transmission means further includes a credit or debit card slot assembly.
Preferably, said facility includes: procuring means to obtain said verification biometric data from an individual offering said identification means; WO 01/90962 PCT/AU01/00453 8 reading means to read said identification means; decoding means to obtain biometric data from said identification means; comparison means to compare said biometric data with said verification biometric data; and authentication means to authenticate said transfer of data.
Preferably, said procuring means is a fingerprint reader.
Preferably, said reading means is a smart card slot assembly wherein said smart card contains said biometric data.
More preferably, said facility further includes a printout means to produce a hard copy for recording details of said transfer of data.
In one embodiment of this aspect of the present invention, said printout means is a printer either integral with, or separate from, said facility.
In another embodiment of this aspect of the present invention, said printout means is located within said smart card slot assembly. A print head assembly, which may be of a mechanical, thermal, laser or inkjet type, prints a receipt when the receipt is entered (or withdrawn) from the slot assembly subsequent to the completion of the transfer of data and removal of the smart card from the slot assembly. A sensor of either optical or magnetic type detects the presence of the inserted blank receipt and activates the printing process.
WO 01/90962 PCT/AU01/00453 9 Preferably, said receipt is a single, duplicate or triplicate receipt in the form of a "tear off pad".
More preferably, said receipt is a multiple copy receipt of comparable size to a credit or debit card.
Most preferably, said receipt is in triplicate.
A preferred embodiment of the present invention will now be described with reference to the accompanying drawings, wherein:.
FIG. 1 is a diagrammatic simplistic representation of a terminal which incorporates the present invention for the positive identification of an individual wishing to undertake a financial transaction over that terminal; FIG. 2a is a top plan view schematic representation of the terminal of the present invention; and FIG. 2b is a top edge view schematic representation of the terminal of FIG. 2a.
With reference to FIG. 1, there is a central processing unit connected to a cellular telecommunications network A fingerprint reader is connected to a smart card issuing terminal which can communicate with the network It will be appreciated by those skilled in the art that each of these components are known and their interconnection possible by any suitable means known in the art. A transaction terminal placed at a merchant's place of business, is also in communication with the network As illustrated in FIGS. 2a b, the terminal includes a keyboard to enter details of a transaction, a screen to display the thus-entered details, a fingerprint WO 01/90962 PCT/AU01/00453 reader a smart card reader assembly (10) and a printhead assembly (not illustrated) incorporated within the card reader assembly The operating software of the terminal includes code to decrypt encrypted information read from the smart card Once again, it will be appreciated by those skilled in the art that each component of the terminal is known and interconnection of the various components can be undertaken by known methods.
An individual wishing to undertake a secure financial transaction using a machine-readable card first obtains a card which incorporates encrypted biometric and financial data of that individual. This is achieved by presenting him- or herself to an institution such as a bank which issues machine-readable "smart" cards. As is usual when applying for a credit or debit card at such an institution, the individual must first provide positive identification which meets the requirements of the institution before proceeding. Once assigned a smart card, biometric data, in particular, fingerprint data, of the individual is taken at the institution using any suitable fingerprint reader known in the art. Although not essential, data can be taken from two fingerprints to minimize any subsequent false rejection that may occur when the present invention is in use at a merchant's place of business. The scanned image of the fingerprint(s), which is represented by a mathematical representation of the ridge pattern, is then compressed and encrypted using any appropriate encryption algorithm known in the art of financial transactions to ensure that it can only be read or compared by first decrypting the data. This encrypted biometric data and the financial details of the individual are stored in the memory of the smart card.
To undertake a secure purchase using this card at the point of intended purchase, the card is placed in the reader assembly (10) of the terminal (6) whereby the value of the transaction is enter by the merchant using the WO 01/90962 PCT/AU01/00453 11 keyboard The value of the purchase is displayed on the visual display screen The account details and encrypted biometric data are also read by the terminal The appropriate fingerprint of the individual is then taken at the fingerprint reader of the terminal from which the encryption key is determined. The encrypted fingerprint data read from the card is then decrypted using the encryption key just determined and the thus-decoded fingerprint data from the card is compared with the fingerprint data obtained at the terminal if the thus-read fingerprint data is identical with that decoded from the card identification is deemed positive and the financial transaction proceeds. If the comparison is deemed negative, the customer represents the finger, or alternative finger if two such fingerprints have been stored on the card for a second scan whereby the comparison process described above is repeated. Although this procedure could be repeated several times, in practice, it is expected that the terminal will be set to allow only a maximum of three consecutive attempts to obtain the verification biometric data and compare with the biometric data included within the smart card If validation does not occur within those three attempts, the identification is deemed negative.
Upon a positive transaction, a receipt is inserted in the reader/printer slot and the details of the transaction are recorded on the receipt. Details of the transaction are also transmitted to the central processing facilities for record purposes.
Although in no way limiting, this embodiment is particularly suitable for point of sale purchasing of goods or services in all markets. The terminal can be a self-contained stand-alone unit, or used in cooperation with a palmtop, laptop or desktop computer or any other unit which includes a visual display unit.
Further, the terminal can utilise any convenient telecommunication network, and can be any combination of cellular, satellite, microwave or hard wire WO 01/90962 PCT/AU01/00453 12 telephone or other communication network although, preferably, the terminal will be a wireless communication device incorporating the functionality and convenience of a mobile cellular telephone.
Also, the secure transfer features of the present invention can be attached to existing ATM machines (Automatic Teller Machines) thus increasing the security of withdrawals therefrom.
By using the present invention, a number of advantages are obtainable including: As verification of the identity of the person offering the identification means can be undertaken without accessing a remote database, this verification can be undertaken quickly and in significantly less time than the 20 to 30 seconds required by present means where a central database has to be accessed.
Fraudulent use of a credit or debit card can be eliminated. Although a partial duplicate of smart card data can be made keeping the credit data, replacing biometric data of the true owner of the card with that of the fraudulent user is insufficient to create a valid card as the encryption key is different being based on the original biometric data.
Thus the present invention, with its use of an encryption key based on biometric data of the person originally issued with a credit or debit card or other machine-readable identification means, prevents card fraud or other false identification with a high level of security, ease of use and application.
It will be appreciated that the above described embodiments are only exemplification of the various aspects of the present invention and that WO 01/90962 PCT/AU01/00453 modifications and alterations can be made thereto without departing from the inventive concept as defined in the following claims.
Claims (26)
1. A method for the positive identification of an individual, said method including: providing a unique description for said individual, said unique description including biometric data of said individual; encrypting said unique description with an encryption key, said encryption key determined from said biometric data; providing identification means adapted for carriage with said individual, said identification means containing said unique description; providing a reading means to obtain verification biometric data from a person offering said identification means; determining an encryption key from said verification biometric data; using said encryption key from said verification biometric data to decrypt said biometric data included in said unique description; and comparing said verification biometric data with said thus decrypted biometric data; wherein identification of said person is deemed positive if said verification biometric data from said person is identical with said WO 01/90962 PCT/AU01/00453 biometric data of said individual included in said unique description.
2. A method as defined in Claim 1, wherein said encryption key is determined from only a part of said biometric data.
3. A method as defined in Claim 1 or Claim 2, wherein said biometric data is a fingerprint analysis.
4. A method as defined in any one of Claims 1 to 3, wherein said identification means is a card of the type capable of holding information in a machine-readable form.
A method as defined in any one of Claims 1 to 4, wherein after said reading means has obtained said verification biometric data from said person and person has been initially positively identified, said verification biometric data is transmitted to a remote databank for further comparison with biometric data held in said databank.
6. A device for use in a method for the positive identification of an individual as defined in any one of Claims 1 to 5, said device including: a facility to obtain said verification biometric data from a person offering said identification means; reading means to read said identification means; decoding means to obtain biometric data from said identification means; and WO 01/90962 PCT/AU01/00453 16 comparison means to compare said biometric data with said verification biometric data.
7. A device as defined in Claim 6, wherein said facility is a fingerprint reader.
8. A device as defined in Claim 6 or Claim 7, wherein said reading means is a smart card reader assembly.
9. A device as defined in any one of Claims 6 to 8, wherein said reading means is, or is incorporated as part of, a computer, mobile telephone, EFTPOS terminal, ATM, or similar terminal.
A device as defined in Claim 9 wherein said reading means is, or is incorporated as part of, a mobile telephone.
11. A device as defined in Claim 10, wherein said identification means is incorporated into the SIM card of said mobile telephone.
12. A method for a secure transfer of data over a telecommunication medium, said method including: providing a transmission means to transmit said data from a person desirous of undertaking a transaction to a party requiring to verify said data in order to validate said data before said transaction can be undertaken; and providing a validation means to ensure that said person is authorized to undertake said transaction; WO 01/90962 PCT/AU01/00453 17 wherein said transaction is authorized upon positive identification of said person determined by the method for positive identification as defined in any one of Claims 1 to
13. A method as defined in Claim 12, wherein said data is financial data of said person.
14. A method as defined in Claim 12 or Claim 13, wherein said transmission means includes a terminal remote from said party whereby said person can supply said data to said party and which includes a cellular telephone or wireless data transmission link.
A terminal for use in a method for a secure transfer of data as defined in any one of Claims 12 to 14, said terminal including: transmission means to transmit identification details relevant to said person to said party; and a facility for said person to provide verification biometric data of said person with said identification details.
16. A terminal as defined in Claim 15, wherein said transmission means further includes a credit or debit card slot assembly.
17. A terminal as defined in Claim 15 or Clam 16, wherein said facility includes: procuring means to obtain said verification biometric data from an individual offering said identification means; WO 01/90962 PCT/AU01/00453 18 reading means to read said identification means; decoding means to obtain biometric data from said identification means; comparison means to compare said biometric data with said verification biometric data; and authentication means to authenticate said transfer of data.
18. A terminal as defined in Claim 17, wherein said procuring means is a fingerprint reader.
19. A terminal as defined in Claim 17 or Claim 18, wherein said reading means is a slot assembly for a smart card wherein said smart card contains said biometric data.
A terminal as defined in any one of Claims 15 to 19, wherein said facility further includes a printout means to produce a hard copy for recording details of said transfer of data.
21. A terminal as defined in Claim 20, wherein said printout means is a printer either integral with, or separate from, said facility.
22. A terminal as defined in Claim 20 or Claim 21, wherein said printout means is located within said slot assembly for said smart card.
23. A terminal as defined in Claim 22, wherein said printout means prints a receipt when said receipt is entered into said slot assembly subsequent WO 01/90962 PCT/AU01/00453 19 to the completion of the transfer of data and removal of said smart card from said slot assembly.
24. A terminal as defined in Claim 22, wherein said printout means prints a receipt when said receipt is removed from said slot assembly subsequent to the completion of the transfer of data and removal of said smart card from said slot assembly.
A terminal as defined in Claim 23 or Claim 24, wherein said receipt is a single, duplicate or triplicate receipt in the form of a "tear off' pad.
26. A terminal as defined in any one of Claims 23 to 25, wherein said receipt is of comparable size to a credit or debit card.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AUPQ7029A AUPQ702900A0 (en) | 2000-04-20 | 2000-04-20 | Secure biometric loop |
| AUPQ7029 | 2000-04-20 | ||
| AU5597801A AU5597801A (en) | 2000-04-20 | 2001-04-19 | Secure biometric identification |
| PCT/AU2001/000453 WO2001090962A1 (en) | 2000-04-20 | 2001-04-19 | Secure biometric identification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU2001255978A1 AU2001255978A1 (en) | 2002-02-21 |
| AU2001255978B2 true AU2001255978B2 (en) | 2006-04-06 |
Family
ID=25631055
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2001255978A Ceased AU2001255978B2 (en) | 2000-04-20 | 2001-04-19 | Secure biometric identification |
| AU5597801A Pending AU5597801A (en) | 2000-04-20 | 2001-04-19 | Secure biometric identification |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU5597801A Pending AU5597801A (en) | 2000-04-20 | 2001-04-19 | Secure biometric identification |
Country Status (1)
| Country | Link |
|---|---|
| AU (2) | AU2001255978B2 (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998001820A1 (en) * | 1996-07-05 | 1998-01-15 | Dynamic Data Systems Pty. Ltd. | Identification storage medium and system and method for providing access to authorised users |
| US5712912A (en) * | 1995-07-28 | 1998-01-27 | Mytec Technologies Inc. | Method and apparatus for securely handling a personal identification number or cryptographic key using biometric techniques |
| EP0924655A2 (en) * | 1997-12-22 | 1999-06-23 | TRW Inc. | Controlled access to doors and machines using fingerprint matching |
| US5995630A (en) * | 1996-03-07 | 1999-11-30 | Dew Engineering And Development Limited | Biometric input with encryption |
| US6038666A (en) * | 1997-12-22 | 2000-03-14 | Trw Inc. | Remote identity verification technique using a personal identification device |
-
2001
- 2001-04-19 AU AU2001255978A patent/AU2001255978B2/en not_active Ceased
- 2001-04-19 AU AU5597801A patent/AU5597801A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5712912A (en) * | 1995-07-28 | 1998-01-27 | Mytec Technologies Inc. | Method and apparatus for securely handling a personal identification number or cryptographic key using biometric techniques |
| US5995630A (en) * | 1996-03-07 | 1999-11-30 | Dew Engineering And Development Limited | Biometric input with encryption |
| WO1998001820A1 (en) * | 1996-07-05 | 1998-01-15 | Dynamic Data Systems Pty. Ltd. | Identification storage medium and system and method for providing access to authorised users |
| EP0924655A2 (en) * | 1997-12-22 | 1999-06-23 | TRW Inc. | Controlled access to doors and machines using fingerprint matching |
| US6038666A (en) * | 1997-12-22 | 2000-03-14 | Trw Inc. | Remote identity verification technique using a personal identification device |
Also Published As
| Publication number | Publication date |
|---|---|
| AU5597801A (en) | 2001-12-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| NZ522686A (en) | Secure biometric identification | |
| US20060174134A1 (en) | Secure steganographic biometric identification | |
| US6182894B1 (en) | Systems and methods for authorizing a transaction card | |
| US7155416B2 (en) | Biometric based authentication system with random generated PIN | |
| US4357529A (en) | Multilevel security apparatus and method | |
| CN101069187B (en) | Secure cards and methods | |
| US20070078780A1 (en) | Bio-conversion system for banking and merchant markets | |
| KR20010025234A (en) | A certification method of credit of a financing card based on fingerprint and a certification system thereof | |
| WO2001008055A9 (en) | Secure transaction and terminal therefor | |
| US6513709B1 (en) | Optical transaction card system | |
| US20120091199A1 (en) | Multi-account card system | |
| US6412690B1 (en) | Credit card security method and credit card | |
| AU2001255978B2 (en) | Secure biometric identification | |
| JP2001266088A (en) | Card and its forger-preventing method | |
| WO2007006084A1 (en) | Card processing apparatus and method | |
| AU2001255978A1 (en) | Secure biometric identification | |
| JP2002158655A (en) | Certifying device, collating device and electronic certificate system with which these devices are connected | |
| RU2208247C2 (en) | Method for authenticating plastic card user | |
| KR100542596B1 (en) | The ID authentication system ? method of the bank's ATM ? card verification terminal. | |
| US20200097976A1 (en) | Advanced finger biometric purchasing | |
| KR100655696B1 (en) | Method of security for money card using finger print acknowledge and system thereof | |
| KR20040070413A (en) | The security system of the credit card & the cash card. | |
| JP2002190005A (en) | Multifunctional ic card | |
| KR20020033274A (en) | Sytem for the acceptance of payment through IC typed credit card and identifier of fingerprint | |
| WO2004012112A1 (en) | Financial account card and financial account card system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PC1 | Assignment before grant (sect. 113) |
Owner name: BIOLOOP PTY LTD Free format text: FORMER APPLICANT(S): GROSVENOR LEISURE INCORPORATED |
|
| FGA | Letters patent sealed or granted (standard patent) | ||
| MK14 | Patent ceased section 143(a) (annual fees not paid) or expired |