Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
  • G06Q20/401—Transaction verification
  • G06Q20/4014—Identity check for transactions
  • G06Q20/40145—Biometric identity checks
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
  • G07C9/00—Individual registration on entry or exit
  • G07C9/30—Individual registration on entry or exit not involving the use of a pass
  • G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
  • G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Definitions

• THIS INVENTION relates to the provision of a secure method for the positive identification of an individual, particularly, but not exclusively, as a means for the authentication of a purchase of goods or services or for cash withdrawals over a telecommunication medium.
• the invention finds particular, but not exclusive, use as a means for secure purchasing of goods or services over a visual medium such as television or other visual display medium or the Internet or as part of an EFTPOS system (electronic funds transfer at point of sale).
• EFTPOS system electronic funds transfer at point of sale.
• the invention is not to be regarded as limited to such applications.
• a significant disadvantage of telecommunication purchasing is that it does not provide positive identification of individuals which is important for preventing unauthorized access to bank account or credit card details by a person wishing to purchase goods or sen/ices fraudulently.
• PIN numbers Personal Identification Number
• PIN and account numbers are not dependent on any cross-checking to ensure that they are being quoted over the telecommunication medium by the true proprietor of that PIN number and its associated credit card or bank account, this type of secure transaction is not too difficult to circumvent.
• both the user's account identification and PIN number are stored on the card. While this data is encoded, the card can be easily duplicated and then used fraudulently in at least two ways:
• a transaction can be completed, without a signature or PIN number, by several methods including over the telephone and the Internet using the card number, card name and expiry date.
• Positive identification of an individual is also important for preventing unauthorized access to, or passage from, selected locations or facilities such as international destinations, bank vaults and other restricted areas which include secure buildings, jails, airport terminals, etc.
• this positive identification of an individual can lead to delays for travellers crossing international borders as officials attempt to confirm the identity of the individual by, for example, manual interrogation, comparison of visual features with photographs in passports, or comparing names with lists of restricted individuals who may be banned from entering or leaving a particular country.
• biometric techniques include fingerprint analysis, thermograms and DNA analysis. These methodologies are considered less vulnerable to mistaken identity.
• One such method includes comparing the biometric data on a card proffered by an individual to a previously created database of biometric data of authorized individuals.
• this system can still be foiled by individuals who have obtained a biometric card from its rightful owner.
• a fraudulent user of the card may partially duplicate the card, retaining any credit details but substituting his/her own biometric data for that of the rightful owner of the card.
• the data obtained from the individual is usually compared to a vast remote databank of such information which is usually difficult and/or slow to locate and access.
• a method for the positive identification of an individual including:
• identification means adapted for carriage with said individual, said identification means containing said unique description
• said encryption key is determined from only a part of said biometric data.
• said biometric data is a fingerprint analysis.
• said identification means is a card of the type capable of holding information in a machine-readable form.
• said verification biometric data is transmitted to a remote databank for further comparison with biometric data held in said databank.
• said individual attends a point of issue for said identification means, such as a bank, where normal identification procedures for banking or credit card facilities must be met before said identification means is issued.
• a device for use in a method for the positive identification of an individual as hereinbefore described said device including:
• reading means to read said identification means
• decoding means to obtain biometric data from said identification means
• comparison means to compare said biometric data with said verification biometric data.
• said facility is a fingerprint reader.
• said reading means is a smart card reader assembly.
• said reading means is, or is incorporated as part of, a computer, mobile telephone, EFTPOS terminal, ATM, or similar terminal.
• said reading means is incorporated into a mobile telephone
• said identification means is incorporated into the SIM card of the mobile telephone.
• said device will allow a maximum of three consecutive attempts to obtain said verification biometric data and compare with said biometric data included within said identification means. If positive identification does not occur within those three attempts, the identification is deemed negative.
• a method for a secure transfer of data over a telecommunication medium including:
• said data is financial data of said person.
• said transmission means includes a terminal remote from said party whereby said person can supply said data to said party and which includes a cellular telephone or wireless data transmission link.
• a terminal for use in a method for a secure transfer of data as hereinbefore described said terminal including:
• transmission means to transmit identification details relevant to said person to said party
• said transmission means further includes a credit or debit card slot assembly.
• said facility includes:
• decoding means to obtain biometric data from said identification means
• comparison means to compare said biometric data with said verification biometric data
• authentication means to authenticate said transfer of data.
• said procuring means is a fingerprint reader.
• said reading means is a smart card slot assembly wherein said smart card contains said biometric data.
• said facility further includes a printout means to produce a hard copy for recording details of said transfer of data.
• said printout means is a printer either integral with, or separate from, said facility.
• said printout means is located within said smart card slot assembly.
• a print head assembly which may be of a mechanical, thermal, laser or inkjet type, prints a receipt when the receipt is entered (or withdrawn) from the slot assembly subsequent to the completion of the transfer of data and removal of the smart card from the slot assembly.
• a sensor of either optical or magnetic type detects the presence of the inserted blank receipt and activates the printing process.
• said receipt is a single, duplicate or triplicate receipt in the form of a "tear off pad".
• said receipt is a multiple copy receipt of comparable size to a credit or debit card.
• said receipt is in triplicate.
• FIG. 1 is a diagrammatic simplistic representation of a terminal which incorporates the present invention for the positive identification of an individual wishing to undertake a financial transaction over that terminal;
• FIG. 2a is a top plan view schematic representation of the terminal of the present invention.
• FIG. 2b is a top edge view schematic representation of the terminal of FIG. 2a.
• FIG. 1 there is a central processing unit (1) connected to a cellular telecommunications network (2) .
• a fingerprint reader (3) is connected to a smart card (4) issuing terminal (5) which can communicate with the network (2).
• a transaction terminal (6) placed at a merchant's place of business, is also in communication with the network (2).
• the terminal (6) includes a keyboard (7) to enter details of a transaction, a screen (8) to display the thus-entered details, a fingerprint reader (9), a smart card reader assembly (10) and a printhead assembly (not illustrated) incorporated within the card reader assembly (10).
• the operating software of the terminal (6) includes code to decrypt encrypted information read from the smart card (4).
• An individual wishing to undertake a secure financial transaction using a machine-readable card first obtains a card which incorporates encrypted biometric and financial data of that individual. This is achieved by presenting him- or herself to an institution such as a bank which issues machine-readable
• biometric data in particular, fingerprint data
• fingerprint data of the individual is taken at the institution using any suitable fingerprint reader known in the art.
• data can be taken from two fingerprints to minimize any subsequent false rejection that may occur when the present invention is in use at a merchant's place of business.
• the scanned image of the fingerprint(s) which is represented by a mathematical representation of the ridge pattern, is then compressed and encrypted using any appropriate encryption algorithm known in the art of financial transactions to ensure that it can only be read or compared by first decrypting the data.
• This encrypted biometric data and the financial details of the individual are stored in the memory of the smart card.
• the card (4) is placed in the reader assembly (10) of the terminal (6) whereby the value of the transaction is enter by the merchant using the keyboard (7).
• the value of the purchase is displayed on the visual display screen (8).
• the account details and encrypted biometric data are also read by the terminal (6).
• the appropriate fingerprint of the individual is then taken at the fingerprint reader (9) of the terminal (6) from which the encryption key is determined.
• the encrypted fingerprint data read from the card (4) is then decrypted using the encryption key just determined and the thus-decoded fingerprint data from the card (4) is compared with the fingerprint data obtained at the terminal (6); if the thus-read fingerprint data is identical with that decoded from the card (4), identification is deemed positive and the financial transaction proceeds. If the comparison is deemed negative, the customer re- presents the finger, or alternative finger if two such fingerprints have been stored on the card (4), for a second scan whereby the comparison process described above is repeated. Although this procedure could be repeated several times, in practice, it is expected that the terminal (6) will be set to allow only a maximum of three consecutive attempts to obtain the verification biometric data and compare with the biometric data included within the smart card (4). If validation does not occur within those three attempts, the identification is deemed negative.
• a receipt is inserted in the reader/printer slot (10) and the details of the transaction are recorded on the receipt. Details of the transaction are also transmitted to the central processing facilities (1) for record purposes.
• the terminal can be a self-contained stand-alone unit, or used in cooperation with a palmtop, laptop or desktop computer or any other unit which includes a visual display unit.
• the terminal can utilise any convenient telecommunication network, and can be any combination of cellular, satellite, microwave or hard wire telephone or other communication network although, preferably, the terminal will be a wireless communication device incorporating the functionality and convenience of a mobile cellular telephone.
• secure transfer features of the present invention can be attached to existing ATM machines (Automatic Teller Machines) thus increasing the security of withdrawals therefrom.
• Fraudulent use of a credit or debit card can be eliminated. Although a partial duplicate of smart card data can be made keeping the credit data, replacing biometric data of the true owner of the card with that of the fraudulent user is insufficient to create a valid card as the encryption key is different being based on the original biometric data.
• the present invention with its use of an encryption key based on biometric data of the person originally issued with a credit or debit card or other machine-readable identification means, prevents card fraud or other false identification with a high level of security, ease of use and application.

Applications Claiming Priority (3)

Publications (2)

Family

ID=3821121

Family Applications (1)

Country Status (6)

Families Citing this family (34)

Citations (2)

Family Cites Families (5)

• 2000
  • 2000-04-20 AU AUPQ7029A patent/AUPQ702900A0/en not_active Abandoned
• 2001
  • 2001-04-19 CN CNB018113540A patent/CN1208737C/zh not_active Expired - Fee Related
  • 2001-04-19 EP EP01929095A patent/EP1305749A4/de not_active Withdrawn
  • 2001-04-19 NZ NZ522686A patent/NZ522686A/en active IP Right Revival
  • 2001-04-19 WO PCT/AU2001/000453 patent/WO2001090962A1/en active IP Right Grant
• 2004
  • 2004-03-08 HK HK04101689A patent/HK1058979A1/xx not_active IP Right Cessation

Patent Citations (2)

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events