AU2005222560A1

AU2005222560A1 - Authentication apparatus

Info

Publication number: AU2005222560A1
Application number: AU2005222560A
Authority: AU
Original assignee: Palaci Edgardo David
Current assignee: Palaci Edgardo David
Priority date: 2004-10-14
Filing date: 2005-10-14
Publication date: 2006-05-04

Description

O

AUSTRALIA

PATENTS ACT 1990 COMPLETE SPECIFICATION

(N

NAME OF APPLICANT(S):: SEdgardo David Palaci ADDRESS FOR SERVICE: DAVIES COLLISON CAVE Patent Attorneys Level 10, 10 Barrack Street, Sydney, New South Wales, Australia, 2000 INVENTION TITLE: Authentication apparatus The following statement is a full description of this invention, including the best method of performing it known to me/us:- 5102 Authentication Apparatus o Technical Field [001] The present invention relates to an authentication apparatus, and in particular, to an authentication apparatus having a memory card reader, a biometric device, and a locating Sdevice, adapted to authenticate a user.

IND

Background Art t [002] Presently, there has been an increase in the amount of transactions carried out through networked systems, and with further technical advancements, there may be a continued increase in the amount of computerised transactions. Transactions such as bank and file transfers, and the transfer of confidential and personal information means that increasingly secure systems are required, such that these transactions can occur without the interference of third parties.

[003] There are currently security systems and processes available which aim to provide users with a way of transferring and accessing information privately. Examples of these include Internet Banking and ATM machines, which require PINs or passwords, with Login Names or IDs to ensure that the user is the authorised user. However, the current systems and processes do not have any mechanism to check the physical location of a user accessing a system. For example, an unauthorised third party may have accessed unauthorised information and may have obtained a user's Login name and password, and are accessing a user's information.

[004] Fraud is classified as an unsolicited transaction against a solicited transaction.

Currently there is no known mechanism to identify or differential between a fraudulent transaction and legitimate transaction.

[005] There are many issues problems that financial and non-financial institutions face when trying to keep electronic transactions safe with unauthorised activity taking place before, after or while the current transaction is being executed. Fraudsters Perpetuators have devised many ways to fool or overcome detection systems deployed by financial and non-financial institutions to overcome such activity. The biggest issue involves transactions that take place over the Internet, commonly know as e-com transfers. Below is a list of technical methods used by fraudsters to overcome and penetrate systems for their benefit.

O

Keystroke Logger [006] Software programs that enables one Internet user to monitor the actual keystrokes in real time of another Internet user.

IND

C Phishing t [007] A process by which fraudsters are able to replicate the "look and feel" of a legitimate financial services company's e-mail or Web site for the purposes of tricking customers into divulging personal identification, passwords and financial data.

Shoulder Surfing [008] Stealing a computer password or access code by peeking over a person's shoulder while he types in the characters.

Sniffing [009] The watching, displaying and logging of another Internet user's computer traffic.

Spoofing [010] The forging of an e-mail header to make it appear as if it came from someone or some-where other than the actual source.

Synthetic Identity [011] A false identity made up of stolen components.

Trojan horses [012] Programs in which malicious or harmful code is concealed or hidden inside apparently harmless programming or data, the purpose of which is to get control of the breached computer and do damage.

Know Solutions [013] Although fraud has infiltrated through the above-mentioned methods, institutions have only recently outlined the importance to combat or minimise this through risk

O

O mitigation. This means that complete solutions have not been introduced at this stage, only simple solutions to minimise risk.

[014] The following are examples of known risk mitigation concepts.

(NO

,I [015] The use of tokens: A small token device is issued to high-risk customers who log V) in with the allocated client number. This may overcome this issue of fraudsters obtaining their customer number and password but are still at high risk to phishing, spoofing, Trojan horses and keystroke logger.

[016] Therefore a short-term solution that is only issued as a deterrent, definitely far from an enterprise solution.

[017] SMS verifications: Verification is sent to the customer when Internet Banking or ecom transfers take place. This is a good notification system but is only a notification system. Does not detect the initial fraud can only stop future fraud, considering the customer has a mobile and calls the institution quick enough to cancel their facility. This faces the following issues Trojan horses, synthetic identity, spoofing, sniffing, shoulder surfing, phishing and keystroke logger and fundamentally the assumption is made that each and every customer has a mobile phone.

[018] An example of the need to improve security mechanisms includes the use of Internet Banking. Internet Banking allows a user to conveniently perform his or her banking online, without the hassle of waiting in a bank. However, depending on the computer which a user is using to access his or her banking information, and whether or not the user's connection to the bank's server is secure, Internet Banking may have detrimental consequences. A hacker, anywhere in the world, may be able to access the user's information. As long as encryption/decryption methods exists, there may be ways in which unauthorised user's can access the information by discovering the encryption/decryption methods. Thus, a system which doesn't entirely rely on encryption/decryption methods is required.

[019] In a networked information or data communications system, a user has access to 0 one or more terminals which are capable of requesting and/or receiving information or data from local or remote information sources. In such a communications system, a terminal may be a type of processing system, computer or computerised device, personal computer mobile, cellular or satellite telephone, mobile data terminal, portable computer,

INO

SPersonal Digital Assistant (PDA), pager, thin client, or any other similar type of digital Selectronic device. The capability of such a terminal to request and/or receive information Sor data can be provided by software, hardware and/or firmware. A terminal may include or be associated with other devices, for example a local data storage device such as a hard disk drive or solid state drive.

[020] An information source can include a server, or any type of terminal, that may be associated with one or more storage devices that are able to store information or data, for example in one or more databases residing on a storage device. The exchange of information the request and/or receipt of information or data) between a terminal and an information source, or other terminal(s), is facilitated by a communication means. The communication means can be realised by physical cables, for example a metallic cable such as a telephone line, semi-conducting cables, electromagnetic signals, for example radio-frequency signals or infra-red signals, optical fibre cables, satellite links or any other such medium or combination thereof connected to a network infrastructure.

[021] The network infrastructure can include devices such as a telephone switch, base station, bridge, router, or any other such specialised network component, which facilitates the connection between a terminal and an information source. Collectively, an interconnected group of terminals, communication means, infrastructure and information sources is referred to as a network. The network itself may take a variety of forms. For example, it may be a computer network, telecommunications network, data communications network, Local Area Network (LAN), Wide Area Network (WAN), wireless network, Internetwork, Intranetwork, the Internet and developments thereof, transient or temporary networks, combinations of the above or any other type of network providing for communication between computerised, electronic or digital devices. More than one distinct network can be provided, for example a private and a public network. A network as referenced in this specification should be taken to include any type of terminal Sor other similar type of electronic device, or part thereof, which is rendered such that it is O capable of communicating with at least one other terminal.

[022] This identifies a need for a system and/or process for the authentication of a user which overcomes or at least ameliorates problems inherent in the prior art.

INC

[023] The reference to any prior art in this specification is not, and should not be taken as, an acknowledgment or any form of suggestion that such prior art forms part of the common general knowledge.

Disclosure Of Invention [024] According to a first broad form, the present invention provides an apparatus for authentication of a user, the apparatus including: a memory card reader adapted to read a memory card having user identification information and user biometric identification information stored therein; a biometric device, the biometric device able to read biometric information from the user; a locating device, the locating device able to determine the physical location of the apparatus and thereby provide user location information; a processing system adapted to compare the stored user biometric identification information with the read user biometric information, and to transmit the stored user identification information and the user location information to a remote processing system or a database.

[025] According to another aspect of the invention, the present invention provides user identification information, which includes any one or combination of: user name; user login name; user encrypted login information; user PIN; user address information; user password; and, single sign on information.

O [026] In other particular, but non-limiting, forms the present invention further provides the memory card including a memory element and/or a processor.

[027] In accordance with a specific embodiment, provided by way of example only, the t user biometric identification information includes at least one fingerprint template.

S[028] The present invention, according to yet another aspect provided by way of example only, provides the user biometric information including fingerprint information which is sensed or scanned by the biometric device.

[029] Preferably, but not necessarily, the fingerprint information includes at least one digital image of at least one fingerprint.

[030] In another embodiment, the fingerprint information and the fingerprint image are compared such that they are matched by a match on card system.

[031] The present invention, in accordance with another aspect, provides the user identification information and the user location information are transmitted to the remote processing system or database once the user biometric identification information and the user biometric information are matched.

[032] Preferably, but not necessarily, the locating device determines the physical location of the user by the use of a global positioning system.

[033] In accordance with a specific embodiment, provided by way of example only, the user can receive authentication information via a user interface.

[034] Preferably, but not necessarily, the user interface is a website.

-7- [035] The present invention, according to yet another aspect provided by way of example Sonly, provides the user identification information and the user location information are 0 transmitted to the remote processing system by any one or combination of:

USB;

cables; Infra red; t' -Bluetooth; satellite; and, wireless networks.

[036] According to a second broad form, the present invention provides a system for authentication of a user, the system including: a storage device to house a database, the database storing indicating data, indicative of the user's identity; a processing system, the processing system adapted to: receive: user identification information; user biometric identification information; user biometric information; and, user location information; (ii) compare the user biometric information and the user biometric identification information; (ii) transmit the user identification information and the user location information to the database; and, (iii) receive indicating data indicative of the user's identity, from the database for authentication of the user.

[037] According to a third broad form, the present invention provides a system for authentication of a user, the system including: a storage device to house a database, the database storing indicating data, indicative of the user's identity; a first processing system, the first processing system being adapted to communicate with an apparatus, the apparatus having: -a memory card reader adapted to read a memory card having user identification information and user biometric identification information O stored therein; a biometric device, the biometric device able to read biometric information from the user; a locating device, the locating device able to determine the physical location of the apparatus and thereby provide user location information; and, n a second processing system adapted to compare the stored user biometric identification information with the read user biometric information, and to transmit the stored user identification information and the user location information to a remote processing system, wherein the first processing system. is adapted to: receive the user identification information, and the user location information, from the apparatus; (ii) send the user identification information and the user location information to the database; (iii) receive indicating data indicative of the user's identity, from the database, for authenticating the user.

[038] According to a fourth broad form, the present invention provides a method of authentication of a user, the method including: receiving from a memory card user identification information and user biometric identification information; (ii) receiving from a biometric device, user biometric information; (iii) receiving from a locating device, user location information, indicative of the physical location of the user; (iv) comparing the user biometric identification information to the user biometric information; transmitting the user identification information and the user location information to a database or a remote processing system; (vi) receiving authentication information.

[039] According to a fifth broad form, the present invention provides a method including: S(i) receiving: O user identification information; user biometric identification information; user biometric information; and, user location information; S(ii) comparing the user biometric identification information to the user biometric ,IC information; S(iii) transmitting the user identification information and the user location information to a database or a remote processing system; and, (iv) receiving authentication information from the database or the remote processing system.

[040] According to a sixth broad form, the present invention provides a method including: receiving in a processor: user identification information; user biometric identification information; user biometric information; and, user location information; (ii) comparing the user biometric identification information to the user biometric information; (iii) transmitting the user identification information and the user location information to a database or a remote processing system; and, (iv) receiving authentication information from the database or the remote processing system.

[041] According to a seventh broad form, the present invention provides a method including: receiving user identification information and user location information from a processing system; (ii) comparing the user identification information and the user location information to data stored in a database; and, (iii) providing authentication information.

0 Brief Description Of Figures [042] The present invention should become apparent from the following description, which is given by way of example only, of a preferred but non-limiting embodiment thereof, described in connection with the accompanying figures.

IND

N, [043] Fig. 1 illustrates an example functional block diagram of a processing system that t can be utilised to embody or give effect to a particular aspect of the present invention; [044] Fig. 2 illustrates an example network infrastructure that can be utilised to embody or give effect to a particular aspect of the present invention; [045] Fig. 3A illustrates anexample of an apparatus for authentication of a user; [046] Fig. 3B illustrates an example of a memory card; [047] Fig 4 illustrates an example of an apparatus for authentication of a user, communicating with a processing system; [048] Fig. 5 illustrates an example flow diagram of a process that can be utilised to embody or give effect to a particular aspect of the present invention; [049] Fig 6. illustrates an example flow diagram of a process that can be utilised to embody or give effect to a particular aspect of the present invention; [050] Fig 7. illustrates another example of an apparatus for authentication of a user; [051] Fig 8. illustrates an example flow diagram of a process that can be utilised to embody or give effect to a particular aspect of the present invention; [052] Fig 9. illustrates an example diagram of a process that can be utilised to embody or give effect to a particular aspect of the present invention; -11-

O

[053] Fig 10. illustrates another example of a memory card system.

C.)

0 Modes for Carrying Out The Invention [054] The following modes, given by way of example only, are described in order to provide a more precise understanding of the subject matter of the present invention.

IND

C Preferred embodiment V)[055] In the figures, incorporated to illustrate features of an embodiment of the present invention, like reference numerals are used to identify like parts throughout the figures.

[056] A particular embodiment of the present invention can be realised using a processing system, an example of which is shown in Figure 1. In particular, the processing system 100 generally includes at least one processor 102, or processing unit or plurality of processors, memory 104, at least one input device 106 and at least one output device 108, coupled together via a bus or group of buses 110. In certain embodiments, input device 106 and output device 108 could be the same device. An interface 112 can also be provided for coupling the processing system 100 to one or more peripheral devices, for example interface 112 could be a PCI card or PC card. At least one storage device 114 which houses at least one database 116 can also be provided. The memory 104 can be any form of memory device, for example, volatile or non-volatile memory, solid state storage devices, magnetic devices, etc. The processor 102 could include more than one distinct processing device, for example to handle different functions within the processing system 100. Input device 106 receives input data 118 and can include, for example, a keyboard, a pointer device such as a pen-like device or a mouse, audio receiving device for voice controlled activation such as a microphone, data receiver or antenna such as a modem or wireless data adaptor, data acquisition card, etc. Input data 118 could come from different sources, for example keyboard instructions in conjunction with data received via a network. Output device 108 produces or generates output data 120 and can include, for example, a display device or monitor in which case output data 120 is visual, a printer in which case output data 120 is printed, a port for example a USB port, a peripheral component adaptor, a data transmitter or antenna such as a modem or wireless network adaptor, etc. Output data 120 could be distinct and derived from different output devices, -12for example a visual display on a monitor in conjunction with data transmitted to a network. A user could view data output, or an interpretation of the data output, on, for O example, a monitor or using a printer. The storage device 114 can be any form of data or information storage means, for example, volatile or non-volatile memory, solid state storage devices, magnetic devices, etc.

NO

tn [057] In use, the processing system 100 is adapted to allow data or information to be stored in and/or retrieved from, via wired or wireless communication means, the at least In one database 116. The interface 112 may allow wired and/or wireless communication between the processing unit 102 and peripheral components that may serve a specialised purpose. The processor 102 receives instructions as input data 118 via input device 106 and can display processed results or other output to a user by utilising output device 108.

More than one input device 106 and/or output device 108 can be provided. It should be appreciated that the processing system 100 may be any form of terminal, server, specialised hardware, or the like.

[058] The processing system 100 may be a part of a networked communications system 200, as shown in Figure 2. Processing system 100 could connect to network 202, for example the Intemrnet or a WAN. Input data 118 and output data 120 could be communicated to other devices via network 202. Other terminals, for example, thin client 204, further processing systems 206 and 208, notebook computer 210, mainframe computer 212, PDA 214, pen-based computer 216, server 218, etc., can be connected to network 202. A large variety of other types of terminals or configurations could be utilised.

The transfer of information and/or data over network 202 can be achieved using wired communications means 220 or wireless communications means 222. Server 218 can facilitate the transfer of data between network 202 and one or more databases 224. Server 218 and one or more databases 224 provide an example of an information source.

[059] Other networks may communicate with network 262. For example, telecommunications network 230 could facilitate the transfer of data between network 202 and mobile or cellular telephone 232 or a PDA-type device 234, by utilising wireless communication means 236 and receiving/transmitting station 238. Satellite communications network 240 could communicate with satellite signal receiver 242 which -13receives data signals from satellite 244 which in turn is in remote communication with satellite signal transmitter 246. Terminals, for example further processing system 248, O notebook computer 250 or satellite telephone 252, can thereby communicate with network 202. A local network 260, which for example may be a private network, LAN, etc., may also be connected to network 202. For example, network 202 could be connected with ethernet 262 which connects terminals 264, server 266 which controls the transfer of data t to and/or from database 268, and printer 270. Various other types of networks could be utilised.

[060] The processing system 100 is adapted to communicate with other terminals, for example further processing systems 206, 208, by sending and receiving data, 118, 120, to and from the network 202, thereby facilitating possible communication with other components of the networked communications system 200.

[061] Thus, for example, the networks 202, 230, 240 may form part of, or be connected to, the Internet, in which case, the terminals 206, 212, 218, for example, may be web servers, Internet terminals or the like. The networks 202, 230, 240, 260 may be or form part of other communication networks, such as LAN, WAN, ethernet, token ring, FDDI ring, star, etc., networks, or mobile telephone networks, such as GSM, CDMA or 3G, etc., networks, and may be wholly or partially wired, including for example optical fibre, or wireless networks, depending on a particular implementation.

[062] In one broad form, the present invention includes an apparatus 300, an example of which is shown in Figure 3A. The apparatus 300 may includes a memory card reader 310, a biometric device 330, a locating device 340, and a processing system 320.

[063] The memory card reader 310 may be adapted to read a memory card 400, which may include at least one memory element 420 and/or at least one processor 410, an example of which is shown in Figure 3B. The memory card 400 may be used to have or store user identification information and user biometric identification information.

[064] The user identification information may include any one or combination of a userrelated information such as the user's name, login name, encrypted login information, PIN, -14address information, at least one password, or single sign on information. The user N_ biometric identification information may include at least one fingerprint template, although O it may also include retina scan data, or any other physical characteristic or personal behaviour trait data.

[065] The biometric device 330, is able to read biometric information from the user. In t' particular, the biometric information may include fingerprint information which is sensed N or scanned by the biometric device, wherein the fingerprint information may be at least one t' digital image of at least one fingerprint. The biometric information may also include other types of information such as retinal scan images or the like, such that the biometric information can be matched or compared with the biometric identification information, stored on the memory card 400. In one particular example, the fingerprint information, which may be a fingerprint template and the fingerprint image may be compared or matched by a match on card system. In another example, the apparatus 300 may include a processing system 320 which is adapted to compare the biometric identification information and the biometric information.

[066] The apparatus 300 may also include a locating device 340, wherein the locating device 340 is able to determine the physical location of the apparatus 300 and thereby provide user location information. In one example, as shown in Figure 4, the location information and the user identification information may be transmitted to the processing system 100 or database 116, which may be a remote system, once the user biometric identification information and the user biometric information are matched. In one preferred embodiment, although variations will be apparent to persons skilled in the art, the physical location of the apparatus 300 may be determined by the use of the global positioning system.

[067] The apparatus 300 may be connected to able to communicate with the remote processing system 100 or database 116, in order to transmit user identification information and user location information by any one or combination of USB, cables, Infra red, Bluetooth, satellite, and other wireless networks. In another embodiment the apparatus 300 may be incorporated or be a part of the processing system 100. It will be apparent to persons skilled in the art, that the processing system 100 may be a mobile phone, or a part of a mobile network, a laptop, a PDA, or any other communication device.

O

[068] Thus, the apparatus 300 may be able to communicate authentication information to the user in a variety of ways. The apparatus 300 may include an interface, or be connected to an interface such as a monitor or mobile display or the like. The user interface may also

INO

be a website. Furthermore, the authentication information which the user receives may be r whether or not user authentication was successful. This may include displayed text, or the V) use of lights on the apparatus, variations of which will be apparent to persons skilled in the art.

[069] An example of the process for the authentication of a user can be explained with reference to Figure 5. As shown in Figure 5, at steps 500, 510, 520, and 530 the apparatus 300 is adapted to receive user identification information, user biometric identification information, user biometric information, and user location information respectively. The apparatus 300 then compares the user biometric identification information with the user biometric information, as shown at step 540 and then transmits the user identification information and the user location information to a processing system or database, as shown at step 550. The apparatus 300 may then receive user authentication information.

[070] In one particular example, an example of the process for the authentication of a user can be explained with reference to Figure 6. As shown at step 600, the apparatus 300 reads the user identification information from the memory card 400, by the memory card reader 310. At step 610, the user fingerprint template can also be read from the memory card 400. The apparatus 300 can then scan an image of a fingerprint by the use of the biometric device 330, as shown at step 620. At step 630, the fingerprint template is compared with the scanned fingerprint image. The apparatus then determines if the fingerprint template matches the scammed fingerprint image, as shown at step 640, and whether the user authentication has failed, as shown at step 650. If the user authentication was successful, then the apparatus 300 can receive user location information from the global positioning system as shown at step 660, and as shown at step 670, may then transmit the user location information and the user identification information to a remote -16processing system. The apparatus 300 can then receive user authentication, as shown at step 680.

O

[071] In one embodiment of the present invention, once the global position of the user is determined, there may be in place a form of geo-fencing mechanism, which may allow a certain user from a certain location in the world to access the information. Thus, for t example, an Internet hacker who may have illegally obtained a user's identification and r, password would only be able to access the user's information, if they are located in an In authorised location.

Further example [072] The following example provides a more detailed discussion of a particular embodiment of the present invention. The example is intended to be merely illustrative and not limiting to the scope of the present invention.

[073] The integration of a Global positioning system into the biometric smart card authentication systems adds a precise pinpointing mechanism to the high security applications where there is a demand on location of user to confirm identity. Integrating a memory card reader, a biometric device, and a location device, in an apparatus provides the advantages of, portability, low power consumption, ease of installation, ruggedness in actual operating environment, and easy Integration into existent systems, as the apparatus may be a compact standalone device. It is thus possible to choose peripheral systems for this system, such that the apparatus may provide the advantages described.

[074] Global positioning System GPS systems conforming to industry standards like NMEA, SBAS (WAAS EGNOS), DGPS High positional accuracy in varied environments Ease of integration with GIS systems and network enhancing software's Uses popular SIRF chipsets [075] Smart Card Reader/Writer Conformation to IS07816 standard -17- Tested for ruggedness for read/write cycles N Built in data encryption for enhanced security

O

[076] Fingerprint recognition System Built in high speed fingerprint recognition Compact size -n Tested for small-size/wet/dry fingerprint.

Ci High processing capability ARM CPU [077] The integration of information from these peripheral systems and their control can be implemented in three different configurations, wherein the client and server side software features are implemented with the latest security protocols. The apparatus 300 can use active directory based Single Sign ON (SSO) systems and can be implemented by various algorithms, to provide high level of encryption. The system can also provide fingerprint templates for digital identity databases instead of normal user information, and cross-platform conformance in the network architecture.

[078] In one example, the Global Positioning system may be based on Sirf StarIIe/LP chipset, which is widely accepted in the industry. The architecture sets the standard for high volume GPS performance. The chip uses 1,920 corrolators and 12 channels to provide fast acquisition and reacquisition times, while keeping peak current to less than 65 mA.

Trickle Power extends battery life even further by reducing average current to under The GPS may include features such as the SingleSat and Snaplock, FoliageLock, Dual multipath rejection, reduced power consumption, SiRFXtrac, and the like.

[079] When driving in an urban area, a car's satellite visibility is often blocked by intervening buildings. For other GPS systems, when less than three satellites are visible, no positioning calculations can be made. However, SiRF's SingleSat positioning mode allows positioning calculations, for short periods, when only a single satellite is visible. SingleSat positioning works by using a single satellite's data to determine how far along a current path the car has traveled. Any errors in position can be corrected as soon as SnapLock reacquires three or more satellite signals when the car passes through an intersection).

1 -18- Car navigation systems employing SiRFstar technology can thus provide more position fixes than other systems when navigating in an urban setting.

[080] SiRF's SnapLock acquisition feature provides re-acquisition of satellite signals in only 100 milliseconds, as well as fast initial search. SnapLock acquisition results from a parallel spectrum search to find code correlation, involving 20 code samples. Alternative Sdevices take typically two to three seconds to re-acquire a lost signal, and may take minutes to do the initial search.

[081] SnapLock acquisition is a critically important feature for automobile navigation.

Cars lose satellite visibility in cities because they are blocked by tall buildings and tunnels, but they get a clear view in intersections, or when exiting a tunnel. The average time in an intersection is one to three seconds, but a re-acquisition time of two or three seconds leaves no time for collecting signal data. SnapLock acquisition re-acquires the signal and collects a measurement for a position update in one-tenth of a second. Thus, an intersection offers enough time for both re-acquisition and positioning when a system is based on SiRFstar technology. This high-speed re-acquisition is also a key part of the power management scheme. Since the signal can be re-acquired in lOOms the chipset can be power cycled at a rate faster than the standard 1Hz update rate, causing no apparent loss of data but at greatly reduced power consumption.

[082] The GPS standard signal threshold is -160 dBW. It allows for receiving a signal that is much reduced in power. However, car navigation and personal navigation products used in tree lined or wooded areas can often receive satellite signals that are below this threshold. FoliageLock sensitivity is 20 dB lower than the threshold standard. Thus, signals that are indistinguishable to other GPS receivers are detectable with those based on SiRFstar technology.

[083] The chipset consists of the GSP2e/LP, a highly integrated digital chip with MIPS of processing power and the GRF2i/LP, a lower power version of the GRF2i integrated front end. The GSW2 software completes the package providing flexible system architecture for standalone GPS based products. The chip can be coupled with network enhancing software's to provide very good indoor and outdoor coverage.

-19- [084] Multipath errors occur when signals reach a receiver along an indirect path. Low O level reflected signals bouncing off of far-away objects may be eliminated. Errors caused by nearby reflected signals may be filtered. Without such a rejection scheme, multipathinduced errors often cause random, large-scale errors in positioning for car navigation systems being used in urban areas. SiRFstar's Dual Multipath Rejection capabilities

INO

V) significantly reduce multipath errors eliminating these large-scale deviations.

[085] The LX extensions to the original SiRFstar architecture reduce power through new hardware and software. New foundry technology and peripheral integration in both chips reduce the overall system power consumption in hardware. The GSP1/LX may also contain high-precision real time clock that allows the software to keep very accurate time (to a few microseconds) during power down to enable very fast restarts. In addition, new software in Trickle Power mode may put the power to the GPS chipset under software control. By using the SnapLock reacquisition capabilities, the chipset can be turned off for up to 800ms of every second and still reacquire, track and produce a new solution in the remaining 200ms. This allows the receiver to provide a continuous 1Hz update and only use approximately 1/5 of the power. In addition, the software has a push-to-fix mode, which allows the receiver to autonomously turn on and collect the necessary data to provide a SnapStart position fix in under 2 seconds. The background consumption of the push-to-fix mode has the chipset operating only 2% of the time.

[086] SiRFXTrac is a high sensitivity GPS stand alone software solution. SiRFXTrac extends the operating range in which GPS can be used dramatically increasing the versatility of GPS-enabled products. If loaded with SiRFXTrac high sensitivity software, GPS-enabled mobile consumer devices may be able to continue operating in far more locations than ever before possible.

[087] The solution can offer the integration of contact based smart readers into the system. This contains all information that pertains to user identity as well as information to carry out Single Sign On sessions. Following is a summary of such systems, such as Contact Smart Cards.

[088] Contact smart cards may be the size of a conventional credit or debit card with a single embedded integrated circuit chip that contains just memory or memory plus a 0 microprocessor. Memory-only chips are functionally similar to a small floppy disk. They are less expensive than microprocessor chips, but they also offer less security so they should not be used to store sensitive or valuable information.

t [089] Chips that contain both memory and a microprocessor are also similar to a small floppy disk, except they contain an "intelligent" controller used to securely add, delete, t' change, and update information contained in memory. The more sophisticated microprocessor chips have state-of-the-art security features built in to protect the contents of memory from unauthorized access. Contact smart cards may be inserted into a card acceptor device where pins attached to the reader make "contact" with pads on the surface of the card to read and store information in the chip. This type of e-card is used in a wide variety of applications including network security, vending, meal plans, loyalty, electronic cash, government IDs, campus IDs, e-conimerce, health cards, and many more.

[090] The parameters to be stored in Smart Cards include Login Names, Passwords, Fingerprint Templates, Single Sign On Information.

[091] The Smart card Reader/Writer conforming to IS07816 standard may be integrated into the system, which provides a direct means to read write biometric and other user information. The general architecture for information exchange between the cards and the applications is illustrated below. Depending on the configuration of the client side hardware the card reader/writers may be either directly accessed by software applications on the PC or they may be accessed by intermediate embedded controllers. An example of a Smart card system is shown in Figure [092] Example of a Smart Card Reader Specifications Smart Card Support 1S07816 T=0, T=I, EMV, 2/3 BUSI2C/Extended I2C memory cards.

Host Interface RS-232 115,200 bps.

Card-Reader Up to 230 Kbps at 4, 8 and 16 MHz.

Communication -21-

C.)

0 1 c, 1 1 2 Smart Card Acceptor ISO 8 contacts. Landing type, 200,000 cycles.

Card operating voltage 5V (ISO7816 Class 3 V (ISO07816 Class B) Power Source PC COM Port or Bluetooth Safety Environmental FCC Class B, VCCI, CE Standard Card operating 4, 8 and 16 MHz frequency Operating System Windows 98, 98SE, Me, NT, 2000, XP, Server Support 2003, Linux Smart Card Reader Microsoft WHQL Me, 2000, XP, PC/SC Approvals Compliant, EMV Level 1 Example of a Fingerprint Identification Optical Sensor Based [093] Standalone fingerprint recognition modules consisting of optical sensor and processing board can be integrated into the system to provide enrollment, deletion and authentication of user fingerprints. Its works on low voltage (3.3V) .A series of 23,000 authentications can be done before consuming 4 pieces of AA batteries and performs a high speed authentication in average of 1.2 seconds. As CPU and highly upgraded algorithm are embedded into a module, it provides high recognition ratio even to smallsize, wet, dry, calloused fingerprint.

0 [094] When used in conjunction with Smart card reader it can perform fingerprint template matching from template stored on smart card. It can also send templates for matching with databases over LAN networks. Thus it gives both local and remote fingerprint template matching capabilities to proposed system.

[095] The features of the Fingerprint Identification include: Built-in fingerprint authentication.

Various authentication using 1:1/1: N matching and Password.

Convenient DK without a connection to PC.

0 Accurate authentication ratio even to small-size/wet/dry fingerprint.

Fast acquisition of difficult finger types under virtually any condition.

Economical due to low voltage consumption.

-22- [096] Applications of the Fingerprint Identification system include S- Door Lock System Safe Box Simple Access Controller Vehicle Control t- ATM, POS, and etc.

S[097] Technical Specifications include: Board Spec ARM9, 8MB SDRAM, 1M Flash ("1 Dimension 43X63[mm] Fingerprint Sensor OPP02MM1(Optic) Supply Voltage 3.3 ±0.1[V] Current Consumption 60(idle)-200(Op.)[mA] Usage Circumstances Temperature -20-60[oC] Humidity RH Capture Speed 0.4(Normal)/0.7(Secure) [sec] Boot Up Time <0.4[sec] Authentication Time 1.2[sec] (Capture+Extract+Match)-Average Rate FRR:0.1%, FAR:0.001% Method 1:1, 1:N, Password User No. 100 (2 templates per 1 person) External Interface RS232(1 channel): 9600-115200[BPS] In(3): Enrollment, deletion, Authentication Out(2): Pass, Fail Data Encryption Method AES Example Fingerprint recognition module: FDA01M [098] The FDA01M (Stand-alone with built-in CPU) is independent fingerprint recognition module composed of an optical sensor and a processing board. It offers high recognition ratio, fast recognition speed by built-in CPU and remarkable algorithm.

-23- 0 [099] It is easily deployed in various application products owing to simple and robust hardware design.

O

0 [0100] CPU and memory are embedded in a processing board so that user's registration and authentication process occur by itself without interfacing with PC Built-in fingerprint authentication S- 8,000 log entries storage and search C System setup options (Security level, sensor, communication speed, etc.).

1:1 matching, 1:N matching

O

S 10 Applications Include: Access controller Door lock Safes ATM, POS Personal computer/workstation security Network/enterprise security SInternet content security E-commerce B2B transactions Electronic transactions Bank and financial systems Medical information systems Feature Details: CPU Board spec: 32 bit RISC CPU, 1M RAM, 1M Flash No. of user: 640/1920/4,000 persons (Depends on the flash memory installed) Size: 43 x 93 (mm) Communication: RS232 Input/Output port: Input x 2, Output x 2 (Wiegand output multiplexed) Fingerprint Sensor: Optical sensor (OPP01) Verification Time: 1 second Error rate: FRR: 1/1000, FAR: 1/100000 Operating Temperature: 0 40 -24- Current consumption: Normal: 260 mA Max: 320 mA Voltage: 5 0.2 (V) O Any password-based application Example Fingerprint Recognition Sensor: High-performance, maintenance-free optical fingerprint sensor IN Resistance to scratches, impact, vibration and electrostatic shock I Fast and accurate verification Latent print image removal (does not accept prints left behind) Encryption of fingerprint templates (cannot be used to reconstruct fingerprint images) One year warranty Example of the integration of Peripherals the Biometric sensor for authentication with smart cards: [0101] Biometrics adds an additional security layer to a smart card system. Fingerprints are a good credential for logical access control to computer networks.

[0102] Integrating a fingerprint scanner into a smart card reader increases security by adding "something you are" to the authentication process. Smart cards provide the "something you have" factor. The third factor, "something you know" is usually represented by a PIN.

[0103] Integrating a biometric sensor with a smart card reader adds to the privacy of someone using this system for authentication because the fingerprint template resides on the smart card. It can be directly matched with the scanned fingerprint rather than travelling though a network to be matched on the backend. This process is called match on card (MOC). If both local and network authentication are provided, it can increase the security of the system.

[0104] The biometric fingerprint sensor takes a digital picture of a fingerprint. This fingerprint scan detects ridges and valleys of the fingerprint and converts them into ones and zeroes. Complex algorithms analyze this raw biometric scan to identify characteristics of the fingerprint, the so-called minutiae. Minutiae are stored in a so-called fingerprint template, a data file usually smaller than the initial scan. Up to 200 minutiae are stored in a O template, but only a subset of these has to match for identification or verification, in most systems, if 10 to 20 minutiae match, the fingerprint is considered a match. In today's smart card systems typically about 40 minutiae are stored, because of the space restrictions.

f Example Application Scenario (1 Home Banking (-i S[0105] A user may store his or her online banking login ID's, passwords and fingerprint on the bank's multi-application smart card. The user may then follow a simple process to access online banking services via the Internet. First, they open the log-in web page for these services, insert their smart card into a portable authentication unit. To complete the biometric security authentication process, the user then places their finger on a optical scanner on the portable authentication unit. The GPS software transmits the current location of the user to the web site and the location of the place from which the session was initiated is logged. A restriction on the logging in based on location can be implemented using GPS geofencing. The b:iometric software matches the fingerprint image from the scanner against the image already stored on the smart card's chip. A fingerprint match unlocks the chip containing the participant's online banking login ID and password automatically launching them onto the first web page for bank's home banking site. From this web page users are authorized to make transactions. It can also be used to transfer value from their checking account onto the Visa Cash stored value application on their smart card. This card can then be used for purchases with participating merchants in the physical and virtual worlds.

Client Hardware Configurations [0106] An example of the client hardware configurations is shown in Figure 7. Part of the design may include a bluetooth connection 700 in lieu of the USB connector 710. This facilitates the notion of wireless communication giving the system the capability of being used in conjunction with a mobile phone.

-26- [0107] The client hardware configuration may also include a system controller 720, GPS antenna interface 730, GPS unit 740, smartcard reader 750 and a fingerprint module 760, O which may be adapted to communicate with each other via a system bus.

Software Implementation [0108] In designing an authentication and authorization system we have to consider the

INO

t following standard steps as indicated in the flowchart. We then go on to describe the prime ri benefits of implementing the Microsoft Identity and Access management server integrating V) into it databases of fingerprint templates and other user identification for matching. An example of an authentication and authentication assessment flowchart is shown in Figure 8.

The Apparatus and/or System for the authentifation of the user, may be implemented in conjunction with Microsoft Identity and Access Management Platform [0109] An example of the Microsoft Identity and Access Management Platform is shown in Figure 9.

Directory Services [0110] Microsoft Windows ServerTM 2003 includes support for the Microsoft Active Directory® directory service, and for an application directory service called Active Directory Application Mode (ADAM). The following figure shows the central role Active Directory plays, and how it integrates with other Microsoft and ISV technologies.

Active Directory integration with other network components [0111] Active Directory has the following features that make it suitable for both the intranet and extranet directory service role: A central location for network administration and delegation of administrative authority [0112] Administrators have access to objects representing all network users, devices, and resources, as well as the ability to group objects for ease of management, and apply security and Group Policy.

-27- Information security and SSO for user access to network resources [0113] Tight integration with security eliminates costly tracking of accounts for 0 authentication and authorization between systems. A single user name and password combination can identify each network user, and this identity follows the user throughout the network.

NO

In Scalability C, [0114] Active Directory includes one or more domains, each with one or more domain In controllers, which enables a user to scale the directory to meet any network requirements.

Flexible and global searching [0115] Users and administrators can use desktop tools to search Active Directory. By default, searches are directed to the global catalog, which provides forest-wide search capabilities.

Storage for application data [0116] Active Directory provides a central location to store data that is shared between applications, and for applications that need to distribute their data across entire Windowsbased networks.

Systematic synchronization of directory updates [0117] Updates are distributed throughout the network through secure and cost-efficient replication between domain controllers.

Remote administration [0118] Users can connect to any domain controller remotely from any Windows-based computer that has administrative tools installed. Alternatively, a user can use the Remote Desktop feature to log on to a domain controller from a remote computer.

Single, modifiable, and extensible schema [0119] The schema is a set of objects and rules that provide the structure requirements for Active Directory objects. Users can modify the schema to implement new types of objects or object properties.

-28- Integration of object names with Domain Name System (DNS), the Internet-standard

O

O computer location system [0120] Active Directory uses DNS to implement an IP based naming system so that Active Directory services and domain controllers are locatable over standard IP both on intranets and the Intemret.

INC

C-i LDAP support t [100] Lightweight Directory Access Protocol (LDAP) is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.

Active Directory Application Mode [101] Active Directory Application Mode (ADAM) has the following features that make it suitable for the application directory service role: Ease of deployment [102] Developers, end users, and ISVs can easily deploy ADAM as a lightweight directory service on most Windows Server2003 platforms and on clients running Microsoft Windows® XP Professional. Users can easily install, reinstall, or remove the ADAM application directory, making it the ideal directory service to deploy with an application.

Reduced infrastructure costs [103] By using a single directory technology for both the network operating system (NOS) and application directory needs, a user can reduce overall infrastructure costs.

Additional investment is not required for training, administration, or management of the application directory.

Standardized application programming interfaces (APIs) [104] LDAP, Active Directory Service Interfaces (ADSI), and Directory Services Markup Language (DSML) are implemented in both ADAM and Active Directory. These -29capabilities enable you to build applications on ADAM, and then migrate them to Active SDirectory as needed, with minimal change.

Increased security [105] Because ADAM is integrated with the Windows security model, any application that is deployed using ADAM can authenticate access against Active Directory across the t enterprise.

I Increased flexibility 10 [106] An application owner can easily deploy directory-enabled applications without (-i affecting the directory schema for the entire organization, while continuing to use the identity information and credentials that are stored in the organization's NOS directory.

Reliability and scalability [107] Applications that use ADAM have the same reliability, scalability, and performance that they have with deployments of Active Directory in the NOS environment.

[108] The following security services are integrated with Windows application servers, Windows client operating systems, and computers running Windows 2000 Server and Windows Server 2003 acting as domain controllers: The Kerberos version 5 protocol supports authentication, including APIs for use by client/server applications, as well as a Kerberos Key Distribution Center (KDC) that is integrated with Active Directory.

The Microsoft Security Support Provider Interface (SSPI) is a well-defined common API for obtaining integrated security services for authentication, message integrity, message privacy, and security quality of service for any distributed application protocol.

The X.509 based Public Key Certificate Server built into Windows Server lets Sorganizations issue public-key certificates for authentication to their users, without O depending on commercial certification authority (CA) services.

Secure Socket Layer (SSL) and Transport Layer Security (TLS) use client/server X.509 digital certificates to support strong, mutual authentication and secure Scommunications.

SSmart cards provide tamper-resistant storage for protecting private keys, account numbers, passwords, and other forms of personal information and are a key component of the public-key infrastructure (PKI) that Microsoft integrates into the Windows® platform.

Microsoft Passport provides an SSO user experience for customer authentication to an organization's extranet applications.

Access Control Lists (ACL's) on static resources. The Microsoft Windows ServerTM object-based security model allows administrators to grant access rights to a user or group rights that govern who can access a specific object.

Authorization Manager supports RBAC in custom applications.

Security auditing allows changes to directory objects and access events to be reported through the Security Event log.

[109] Microsoft Identity Integration Server 2003, Enterprise Edition (MIIS 2003) includes the following features that a user can use to streamline identity and access management across an organization: [110] Identity aggregation, synchronization, and provisioning across heterogeneous identity stores.

[111] Management agents for connection to multiple identity stores, including directory services, databases, and e-mail systems.

-31-

O

A self-service Web application for password resets.

O No connector footprint on the connected identity stores.

"Event or state-based synchronization processing.

Easy extensibility using the Microsoft Visual Studio® .NET programming environment.

t- A reduced feature set version called the Identity Integration Feature Pack for Active Directory offers: ,In Client Operating System [112] Organizations that standardize on Windows XP Professional can realize these benefits: [113] Support for Windows-Integrated Authentication with platform services to achieve SSO for file, print and Web application services.

[114] Domain-level Group Policy to enforce increased security.

[115] Additional SSO capabilities between different organizations using passwords, X.509 digital certificates, and Microsoft Passport accounts through Windows Credential Manager.

Development Platform [116] Microsoft Visual Studio.NET and the .NET Framework provide the capability to: [117] Develop identity-aware applications that use the power of the Microsoft Identity and Access Management Platform.

[118] Reduce application development costs.

Platform Benefits [119] Implementing the Microsoft Identity and Access Management Platform to achieve the following benefits: A single, secure, trusted source of identity information -32- [120] Administrators have a reliable, up-to-date view of all applications and systems, as well as all users and their entitlements.

Seamless application integration [121] The Microsoft development platform provides secure, standards-based authentication, authorization, and data protection mechanisms.

IND

Improved security and provisioning t [122] Identities across multiple systems in the organization for employees, customers, or partners are removed as soon as their relationships with the organization end.

Simplified administration and reduced administrative costs [123] Administrators can add, change, and remove digital identities and entitlements quickly and easily in a centralized place.

Fine-grained access control [124] Administrators can control more precisely what resources users can access, what they can do with those resources, and how security policies are applied to users and resources at a detailed level.

Using fewer passwords and better password management [125] Users can access applications more conveniently and Helpdesk personnel can spend less time managing password problems.

Interoperability among identity systems and operating systems [126] The solution provides interoperability through standards-based access and authentication mechanisms that reduce the time it takes to integrate and administer multiple systems.

Secure, reliable auditing [127] Auditing provides the necessary trail to explain who, what, when, where, and how resources are accessed across the network.

I

-33- Local Credential Management [128] Strong protection of locally stored password credentials using Windows Credential O Manager.

Intranet Access Management Direct integration with Microsoft Windows®-based server and client operating Ssystems.

Custom integration with Windows-based directory and security services.

Integration through the Lightweight Directory Access Protocol (LDAP).

Credential mapping techniques using Enterprise Single Sign On (ESSO) products.

Synchronized user accounts and passwords across multiple systems.

Extranet Access Management [129] It focuses on the following issues and concepts that are essential to an effective external-facing access management strategy: Web SSO.

Strong authentication over the Internet.

Roles-based authorization.

Securing data sent over the Internet.

Employee access management with extranet directory services.

Partner access management with extranet directory services.

Customer access management with extranet directory services.

[130] The application improves customer satisfaction through a better user experience; while improving administration processes and reducing customer support costs associated with public access to their data and applications. This scenario can demonstrate the use of: Self-registration for new accounts in Active Directory.

Passport Services for customer authentication and SSO.

Active Directory and Microsoft Windows Authorization Manager for role-based access control.

-34- [131] Web SSO through Passport Services meets the organizational challenge of reducing support costs for customer remote access to an environment.

O

[132] Thus, the framework for implementing proposed the apparatus and system for authentication has been designed to be modular in nature with emphasis on ease of operation for the user. It may provide comprehensive features for ensuring secure t environment for developed applications to run as well as a hassle free user experience with Ci integration of Single Sign On technology. The peripheral systems i.e. GPS, smart card In reader/writer and fingerprint identification system that are integrated into the product may conform to latest industry standards and the integration of the software solution into heterogeneous networks has been implemented using design guidelines.

Keystroke Logger [133] According to a particular aspect of the present invention, the method requires a customer to type in their details via the Internet to access their facility. With the use of biometrics and the smart card, a user simply place a finger on the reader, this is then verified against the record on the smart card. If the verification process is successful the customer is then able to use their Internet Banking e-com facility as the authentication string is sent in encrypted format to the residing banking server. Highlighting no need to use the keyboard, overcoming the possibility to be targeted by keystroke login.

Phishing [134] A sophisticated approach, that is a mock of the real thing but redirected to another site that captures the clients details. With the use of the smart card, there are certain characteristics of the original website that can be entered into the memory, and can only be activated when a positive match exists. So no matter where the website is directed, if it is not the same URL as the legitimate financial services company's website, no verification can take place.

Shoulder Surfing [135] Occurs when a perpetrator oversees a Client number and password. With the introduction of biometrics and a smart card to verify access onto Internet Banking e-com no physical data is entered therefore eliminated the possibility to oversees personal access details.

0 Sniffing [136] A sophisticated approach, but once again can only be infiltrated if actual keystrokes t are performed, since the data i.e. personal access details are encrypted, kept on the smart N card which are sent through only when the verification process is successful (biometric t fingerprint verification) the data captured is not readable and sent through undetected.

Spoofing [137] Similar approach to that of Phishing but once again with the smart card only receptive to authentic financial services websites via the URL the user does not have to know which sites are authentic and which ones aren't. The smart card does this verification.

Synthetic Identity [138] Even if the device is stolen the user's unique fingerprint is required to access the Internet Banking e-com website. Which is a major vulnerability in relation to token authentication process.

Trojan horses [139] By far the most sophisticate approach and one that is difficult to overcome. One way to eliminate this threat is by encrypting the data sent via the smart card. Even if the perpetrators are able to capture the feed, they must be able to decrypt the data otherwise the signal is useless. And considering the use of industry standard encryption algorithms this is an impossibility.

[140] If the above methods are compromised, a GPS tracking system is a feature that identifies the point of compromise. There may be 2 timestamps sent to the financial institutions login server. The first may contain the encrypted login detail of the user in addition to the GPS location, and on completion of the service a disconnect timestamp may also be issued. This gives the financial institution and law enforcement agencies the -36capability to associate a location with the unsolicited transaction something that would be extremely beneficial.

O

[141] Finally in relation to user friendliness and convenience access onto the computer is via a USB port or blue tooth for wireless communication.

NO

S[142] Thus, there has been provided in accordance with the present invention, an apparatus, system and/or method for the authentication of a user.

In [143] The invention may also be said to broadly consist in the parts, elements and features referred to or indicated herein, individually or collectively, in any or all combinations of two or more of the parts, elements or features, and wherein specific integers are mentioned herein which have known equivalents in the art to which the invention relates, such known equivalents are deemed to be incorporated herein as if individually set forth.

[144] Although a preferred embodiment has been described in detail, it should be understood that various changes, substitutions, and alterations can be made by one of ordinary skill in the art without departing from the scope of the present invention. Thus, all such variations and modifications which become apparent to persons skilled in the art, should be considered to fall within the spirit and scope that the invention broadly appearing before described.

[145] Throughout this specification and the claims which follow, unless the context requires otherwise, the word "comprise", and variations such as "comprises" or "comprising", will be understood to imply the inclusion of a staged integer or step or group of integers or steps but not the exclusion of any other integer or step or group of integers or steps.

Claims

2. The apparatus of claim 1, wherein the user identification information, which includes any one or combination of: user name; user login name; user encrypted login information; user PIN; user address information; user password; and, single sign on information.
3. The apparatus of any one of claims 1 or 2, wherein the memory card includes any one or combination of: a memory element; and, a processor.
4. The apparatus of any one of claims 1 to 3, wherein the user biometric identification information includes at least one fingerprint template. The apparatus of any one of claims 1 to 4, wherein the user biometric information including fingerprint information which is sensed or scanned by the biometric device. -38-
6. The apparatus of claim 5, wherein the fingerprint information includes at least one digital image of at least one fingerprint. O
7. The apparatus of claim 6, wherein the fingerprint information and the fingerprint image are compared such that they are matched by a match on card system. NO tt 8. The apparatus of claim 7, wherein the user identification information and the user ,I location information are transmitted to the remote processing system or database once the In user biometric identification information and the user biometric information are matched.
9. The apparatus of any one of claims 1 to 8, wherein the locating device determines the physical location of the user by the use of a global positioning system. The apparatus of any one of claims 1 to 9, wherein the user can receive authentication information via a user interface.
11. The apparatus of claim 10, wherein the user interface is a website.
12. The apparatus of any one of claims 1 to 11, wherein the user identification information and the user location information are transmitted to the remote processing system by any one or combination of: USB; cables; Infra red; Bluetooth; satellite; and, wireless networks.
13. A system for authentication of a user, the system including: a storage device to house a database, the database storing indicating data, indicative of the user's identity; a processing system, the processing system adapted to: receive: -39- user identification information; S- user biometric identification information; O O user biometric information; and, user location information; (ii) compare the user biometric information and the user biometric identification information; (ii) transmit the user identification information and the user location information to the database; and, (iii) receive indicating data indicative of the user's identity, from the database for authentication of the user.
14. A system for authentication of a user, the system including: a storage device to house a database, the database storing indicating data, indicative of the user's identity; a first processing system, the first processing system being adapted to communicate with an apparatus, the apparatus having: a memory card reader adapted to read a memory card having user identification information and user biometric identification information stored therein; a biometric device, the biometric device able to read biometric information from the user; and, a locating device, the locating device able to determine the physical location of the apparatus and thereby provide user location information; and, a second processing system adapted to compare the stored user biometric identification information with the read user biometric information, and to transmit the stored user identification information and the user location information to a remote processing system, wherein the first processing system is adapted to: receive the user identification information, and the user location information, from the apparatus; (ii) send the user identification information and the user location information to the database; and, (iii) receive indicating data indicative of the user's identity, from the database, for authenticating the user. O A method of authentication of a user, the method including: receiving from a memory card user identification information and user biometric identification information; (ii) receiving from a biometric device, user biometric information; (iii) receiving from a locating device, user location information, indicative of the physical location of the user; (iv) comparing the user biometric identification information to the user biometric information; transmitting the user identification information and the user location information to a database or a remote processing system; and, (vi) receiving authentication information.
16. A method for authentication of a user, the method including: receiving: user identification information; user biometric identification information; user biometric information; and, user location information; (ii) comparing the user biometric identification information to the user biometric information; (iii) transmitting the user identification information and the user location information to a database or a remote processing system; and, (iv) receiving authentication information from the database or the remote processing system.
17. A method for receiving authentication information of a user, the method including: receiving in a processor: user identification information; user biometric identification information; user biometric information; and, -41- user location information; (ii) comparing the user biometric identification information to the user biometric O information; (iii) transmitting the user identification information and the user location information to a database or a remote processing system; and, (iv) receiving authentication information from the database or the remote tt' processing system. tIt 18. A method for providing authentication information, the method including: receiving user identification information and user location information from a processing system; (ii) comparing the user identification information and the user location information to data stored in a database; and, (iii) providing authentication information.
19. An apparatus for authentication of a user, the apparatus being substantially as hereinbefore described, with reference to the accompanying figures. A method for authentication of a user, the method being substantially as hereinbefore described with reference to the accompanying figures.
21. A system for authentication of a user, the system being substantially as hereinbefore described with reference to the accompanying figures. DATED this 14 th day of October 2005. EDGARDO DAVID PALACI By His Patent Attorneys DAVIES COLLISON CAVE