EP3271854A2 - System and method for selectively initiating biometric authentication for enhanced security of transactions - Google Patents

System and method for selectively initiating biometric authentication for enhanced security of transactions

Info

Publication number
EP3271854A2
EP3271854A2 EP16767815.0A EP16767815A EP3271854A2 EP 3271854 A2 EP3271854 A2 EP 3271854A2 EP 16767815 A EP16767815 A EP 16767815A EP 3271854 A2 EP3271854 A2 EP 3271854A2
Authority
EP
European Patent Office
Prior art keywords
access
transaction
access control
portable
control device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP16767815.0A
Other languages
German (de)
French (fr)
Other versions
EP3271854A4 (en
Inventor
Michael Gardiner
Adriano Canzi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tactilis Sdn Bhd
Original Assignee
Tactilis Sdn Bhd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/664,573 external-priority patent/US10229408B2/en
Application filed by Tactilis Sdn Bhd filed Critical Tactilis Sdn Bhd
Publication of EP3271854A2 publication Critical patent/EP3271854A2/en
Publication of EP3271854A4 publication Critical patent/EP3271854A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction

Definitions

  • the present invention relates to electronic transactions. More specifically, the present invention relates to system and method for selectively initiating biometric authentication for enhanced security of electronic transactions.
  • a smart card is a device that includes an embedded integrated circuit chip that can be either a secure processing module (e.g., microprocessor, microcontroller or equivalent intelligence) operating with an internal or external memory or a memory chip alone.
  • Smart cards can serve as credit or ATM debit cards, phone or fuel cards, and high-security access-control cards for granting access to a computer or a physical facility.
  • Smart cards can authenticate identity of the user by employing a token, such as public key infrastructure (PKI) and one-time- password (OTP).
  • PKI public key infrastructure
  • OTP one-time- password
  • smart cards can be configured for a biometric authentication to provide an additional layer of security.
  • mobile devices such as smartphones, PDAs, tablets, and laptops can provide a platform for electronic transactions.
  • a user of a mobile device can conduct an electronic transaction for purchase of a product or service using an application that communicates with a mobile payment service.
  • Mobile devices can be configured for a token- based authentication and/or a biometric authentication.
  • Additional layers of security may not always be necessary, or desired.
  • biometric authentication may not need to occur for low-value or routine transactions, such as purchases below a certain amount. What is needed is a method of enhanced security that may be selectively applied based on the nature of the transaction.
  • Various embodiments of the present disclosure are directed to selectively enhancing security of electronic transactions through the use of authentication thresholds.
  • a method of selectively initiating biometric authentication in an access control system comprises comparing an access permission level associated with a portable access control device to an access security level associated with an access domain; and initiating a biometric authentication process if the access security level associated with the access domain is higher than the access permission level associated with the electronic portable transaction device.
  • a method of selectively initiating biometric authentication for financial transactions comprises identifying a transaction amount associated with an electronic transaction involving an electronic portable transaction device; retrieving a threshold amount from a data storage device; comparing the transaction amount from a data storage device; and initiating a biometric authentication process if the transaction amount matches or exceeds the threshold amount.
  • a portable access control device comprises a processing module configured to execute a program configured to: receive an indication of an access security level associated with an access domain from a fixed access control device associated with the access domain, and initiate a biometric authentication process if the access security level associated with the access domain is higher than an access permission level associated with the portable access control device; and a memory configured to store the program.
  • a device for selectively initiating biometric authentication for financial transactions comprises a processing module configured to execute a program configured to: identify a transaction amount associated with an electronic transaction involving an electronic portable transaction device; retrieve a threshold amount from a data storage device; compare the transaction amount and the threshold amount; and initiate a biometric authentication process if the transaction amount exceeds the threshold amount; and a memory configured to store the program.
  • a fixed access control device comprises a processing module configured to execute a program configured to: receive an indication of an access permission level associated with a portable access control device, and initiate a biometric authentication process if the access permission level associated with the portable transaction device is higher than an access security level associated with an access domain; and a memory configured to store the program.
  • Figure 1 is a block diagram of an example electronic transaction system within which various embodiments of the technology disclosed herein may be implemented.
  • Figure 2 is another block diagram of an example electronic transaction system within which various embodiments of the technology disclosed herein may be implemented.
  • FIG. 3 is a block diagram of an example electronic transaction system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
  • FIG. 4 is a block diagram of another example electronic transaction system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
  • FIG. 5 is a block diagram of another example electronic transaction system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
  • Figure 6 is a block diagram of an example computer access control system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
  • Figure 7 is a block diagram of an example facility within which a facility access control system according to certain aspects of the present disclosure may be implemented.
  • Figure 8 is a block diagram of an example facility access control system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
  • Figure 9 is a flowchart illustrating an example biometric security utilizing thresholds for financial transactions according to certain aspects of the present disclosure.
  • Figure 10 is a flowchart illustrating an example biometric security utilizing thresholds for access control transactions according to certain aspects of the present disclosure.
  • Figure 1 1 is a flowchart illustrating an example of biometric security utilizing thresholds implemented in a portable access control device according to certain aspects of the present disclosure.
  • Figure 12 is a flowchart illustrating an example of biometric security utilizing threshold implemented in a portable access control device according to certain aspects of the present disclosure.
  • the present disclosure addresses this and other problems associated with enhanced layers of security for electronic transactions by providing a procedure for selectively initiating biometric authentication of an electronic portable transaction device.
  • the selective initiation of biometric authentication can be based on thresholds associated with the need for biometric authentication (hereinafter "threshold-based authentication procedure").
  • threshold-based authentication procedure For financial transactions, biometric authentication can be initiated based on a comparison between a transaction amount of a transaction involving an electronic portable transaction device and a threshold amount associated with the user's account.
  • biometric authentication can be initiated based on a comparison between an access security level associated with an access domain and an access permission level associated with an electronic portable transaction device.
  • FIG. 1 is a block diagram of an example electronic transaction system 100 that can implement a threshold-based authentication procedure according to certain aspects of the present disclosure.
  • the system 100 includes an electronic portable transaction device (PTD) 1 10, a transaction processing system (TPS) 130, and an interface device 120 that facilitates communications between the PTD 1 10 and the TPS 130.
  • PTD electronic portable transaction device
  • TPS transaction processing system
  • the PTD 1 10 can be, for example, a smart card, a smart key, a smart fob, or a mobile device.
  • the PTD 1 10 can include a biometric authentication module (not shown) for biometric authentication.
  • the PTD 1 10 can conduct various types of electronic transactions with the TPS 130 via the interface device 120.
  • the PTD 1 10 can be a smart payment card such as a smart credit, debit, and/or prepaid card, or a smartphone with a payment transaction application.
  • the TPS 130 can be a payment processing system of a merchant (e.g., Target ® ), a bank (e.g., Bank of America ® ), or a card issuer (e.g., Visa ® ).
  • the interface device 120 can be a point of sale (POS) terminal that can communicate with the PTD 1 10 using a contact method (e.g., matching male and female contact pads) or a contactless method (e.g., RFID, Bluetooth, NFC, Wi-Fi, ZigBee).
  • POS point of sale
  • contactless method e.g., RFID, Bluetooth, NFC, Wi-Fi, ZigBee
  • the PTD 110 can be a smart access card for providing access to a facility or computer.
  • the TPS 130 can be a server in a central computer system, or a dedicated access controller that controls an access to a facility or computer.
  • Interface device 120 can be a card reader that can communicate with the PTD 1 10 using a contact method (e.g., contact pads) or a contactless method (e.g., RPID, Bluetooth, NFC, Wi-Fi, ZigBee).
  • a contact method e.g., contact pads
  • a contactless method e.g., RPID, Bluetooth, NFC, Wi-Fi, ZigBee
  • the PTD 1 10 includes a processing module 1 12 and a data storage device 1 14; the interface device 120 includes a processing module 122 and a data storage device 124; and the TPS 130 includes a processing module 132 and a data storage device 134.
  • the PTD 1 10 can include a biometric authentication module (not shown) that includes a biometric sensor and a controller.
  • the processing modules 1 12, 122, and 132 depending on the application, may be a microprocessor, microcontroller, application- any combination of components or devices configured to perform and/or control the functions of the PTD 110, interface device 120, and TPS 130, respectively.
  • the data storage devices 114, 124, and 134 may be a read-only memory (ROM), such as EPROM or EEPROM, flash, a hard disk, a database, or any other storage component capable of storing executory programs and information for use by the processing modules 112, 122, and 132, respectively.
  • ROM read-only memory
  • EPROM electrically erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • flash a hard disk
  • a database or any other storage component capable of storing executory programs and information for use by the processing modules 112, 122, and 132, respectively.
  • FIG. 2 is a block diagram of an example electronic transaction system 200 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure
  • electronic transactions occur between a portable transaction device (PTD) 11 OA and a transaction processing system (TPS) 130A without an interface device.
  • PTD portable transaction device
  • TPS transaction processing system
  • a shopper may use a smartphone equipped with a camera to capture an image of a code (e.g., bar or QR code) to make a payment for a product or service by transmitting payment information to a card payment processing system via a cellular network.
  • a code e.g., bar or QR code
  • an access card reader at a facility may store information (e.g., passwords and/or security tokens) associated with employees authorized to enter the facility and, upon reading an access card, may compare security information received from the card with the stored information and grant or deny access depending on the outcome of the comparison.
  • information e.g., passwords and/or security tokens
  • FIG. 3 is a block diagram of an example electronic transaction system 300 that can implement a threshold-based authentication procedure according to certain aspects of the present disclosure.
  • the system 300 includes an electronic portable transaction device (PTD) 310, an interface device 320, and a transaction processing system (TPS) 330.
  • PTD electronic portable transaction device
  • TPS transaction processing system
  • the PTD 310 is a smart card, in which case the interface device 320 can be a card reader.
  • the PTD 310 is a mobile device such as a smart phone, PDA, or tablet, in which case the interface device 320 can be an optical scanner or camera that can read a code presented on a display of the mobile device, or a Bluetooth, Wi-Fi or a near field communication (NFC) device that can communicate authentication- and/or transaction-related data between the mobile device and the TPS 330.
  • the PTD 310 is a smart card and the interface device 320 is a mobile device, in which case the smart card can perform authentication-related functions and the mobile device can provide a communication link [034]
  • the PTD 310 includes a processor 112, a memory 1 14, and an interface 1 16.
  • the memory 114 can store a program that performs various communication and transaction functions of the PTD 310.
  • the memory 1 14 can also store a password, token, and/or other identification information unique to the PTD 310.
  • the memory 1 14 can be part of the processor 1 12.
  • the PTD 310 may include a second memory.
  • the second memory may store one or more of the data items discussed above with regard to memory 1 14.
  • the second memory can store a record of previous transactions involving the PTD 310 and implement a reconciliation-based authentication for extra security of the PTD 310, such as the process disclosed in U.S. Patent Application No. 14/596,508, U.S. Patent Application No.
  • the more than one memory may be a single memory component.
  • the interface device 320 includes a processor 122, a memory 124, and an interface 126.
  • the TPS 330 includes one or more processing modules including a server 132, one or more data storage devices including a user database 134, and an interface 136 for communicating with the interface device 320 via a communication network 302.
  • the user database 134 can store various data items relating to the PTD 310, including a password and data items relating to previously completed transactions involving the PTD 310.
  • the interface 1 16 and the interface 126 provide a communication link between the PTD 310 and the interface device 320. Using this communication link, the PTD 110 can communicate authentication- and/or transaction-related data with the interface device 120 and/or the TPS 130. In some embodiments, the PTD 1 10 can also receive power in the form of a voltage and/or current from the interface device 120 via the interfaces 1 16, 126. In certain embodiments, the interfaces 1 16, 126 can include a pair of male and female contact pads provided in the PTD (e.g., a smart card) and the interface device (e.g., a POS terminal).
  • the interfaces 1 16, 126 can include a pair of transceivers supporting wireless standards such as RFID, Bluetooth, Wi-Fi, NFT, and ZigBee.
  • the interface 1 16 can be a display of the mobile terminal that presents a code (e.g., a bar code or QR code) and the interface 126 can be an optical/infrared code scanner coupled to a POS terminal.
  • the interfaces 1 16,126 are a pair of wireless transceivers in a mobile device (e.g., a smartphone) and a POS terminal, respectively.
  • the interfaces 1 16, 126 can include a pair of wireless transceivers in the contactless smart card and the mobile device, respectively.
  • the PTD 1 10 is a mobile device that communicates with the TPS 130 via a wide area wireless network, such as a 3G UMTS or 4G LTE network, without the need for an interface device 120.
  • the PTD 110 is a smart card having a wireless capability that allows the card to communicate with the TPS 130 via a cellular network, such as a 3G UMTS or 4G LTE network, without the need for an interface device 120.
  • the processor 1 12 is configured to perform an authentication procedure using a security token stored in the memory 114.
  • a token-based authentication procedure is known in the art, and an exemplary procedure is described in "EMV ® Payment Tokenisation Specification, Technical Framework” version 1.0, March 2014, which is incorporated herein by reference for all purposes.
  • the PTD 1 10 can include a biometric authentication module 350 that includes a control 352 and a biometric sensor 355.
  • the biometric authentication module 350 can be in the interface device (e.g., a POS terminal) instead of in the PTD 1 10.
  • Biometric authentication can begin with the collection of a digital biometric sample (e.g., bitmap image of user's fingerprint) using the biometric sensor 355. Useful features contained in the collected sample are then extracted and formatted into a template record that can be matched against other template records.
  • the template is stored at registration (and when combined with identity vetting, establishes an identity) in a memory (not shown) inside the biometric authentication module 350 or in one of the first and second memories 1 13, 1 14.
  • the biometric sensor 355 can measure the same biometric characteristic and the control 352 can process the measured biometric characteristic into a template format, and compare the template to the previously registered template.
  • Biometric measurements may vary slightly from one measurement to the next. This mechanism and environment in which the data are captured. Therefore, a biometric sample measured at registration may not precisely match the results of the live sample measurement. As a result of this variability, in various embodiments a similarity score is generated and this score is compared against a pre-determined threshold value to determine what constitutes an acceptable match.
  • Enhanced security may be applied to electronic transactions only when the nature of the electronic transaction breaches a certain threshold associated with electronic transactions, such as financial transactions or access control transactions.
  • the threshold in a threshold-based authentication procedure for a financial transaction, the threshold may be a threshold amount related to a PTD 310 can be stored in memory 114 of the PTD 310, memory 124 of the interface device 320, or the memory 134 of the TPS 330.
  • a transaction amount associated with the transaction is determined. The transaction amount is the total value of all the goods and/or services a user is purchasing at a given time.
  • the threshold amount is retrieved from the memory 114, 124, or 134, and compared with the determined transaction amount.
  • the comparison is performed by the processing module 132 at the TPS 330. In other embodiments, the comparison is performed by the processing module 122 at the interface device 120. In some embodiments, the comparison is performed by the processing module 1 12 at the PTD 310. In some embodiments, the comparison can be performed by more than one device.
  • the PTD 310 is a smart card (e.g., a smart card payment)
  • the TPS 330 is a payment processing system
  • the interface device is a mobile terminal (e.g., a smartphone) that communicates with the smart card (using e.g., RFID, Bluetooth, NFC, Wi-Fi, or ZigBee) and the TPS 330 (using e.g., a cellular network)
  • the smart card can perform one comparison and the mobile terminal can perform another comparison as described further below with respect to Figure 5.
  • the threshold may be an access security level.
  • the access security level is a value indicative of a security level associated with an access control domain (e.g., a lab in a facility).
  • the access security level associated with an access control domain is compared with an access level, access security level, or both may be stored in one of the memory 114, 124, and 134.
  • the comparison is performed by the processing module 132 at the TPS 330.
  • the comparison is performed by the processing module 122 at the interface device 120.
  • the comparison is performed by the processing module 112 at the PTD 310.
  • the comparison can be performed by more than one device.
  • the PTD 310 is a smart card (e.g., a smart card payment)
  • the TPS 330 is a payment processing system
  • the interface device is a mobile terminal (e.g., a smartphone) that communicates with the smart card (using e.g., RFID, Bluetooth, NFC, Wi-Fi, or ZigBee) and the TPS 330 (using e.g., a cellular network)
  • the smart card can perform one comparison and the mobile terminal can perform another comparison as described further below with respect to Figure 5.
  • a threshold-based authentication procedure can be requested by a device that is different from a device that performs the threshold-based authentication procedure (e.g., comparison of the threshold amount and transaction amount).
  • the TPS 330 can send a request for a threshold-based authentication procedure in connection with a new financial transaction involving the PTD 310.
  • the TPS 330 can also send the threshold amount associated with PTD 310 stored in database 134.
  • the processor 122 at the interface device 320 can receive the request and the threshold amount from the TPS 330, determine a transaction amount for the current transaction involving the PTD 310, and compare the threshold amount and the transaction amount for a match.
  • the interface device 320 passes the request and the threshold amount received from the TPS 330 to the PTD 310, and the processor 112 at the PTD 310 receives the request and the threshold amount from the interface device 320, determine a transaction amount for the current transaction involving the PTD, and compare the threshold amount and the transaction amount for a match.
  • the PTD 310 e.g., a smartphone
  • the PTD 310 can receive the request and the threshold amount from the TPS 330 via the cellular network without involving an interface device such as a POS terminal.
  • the PTD 310 can send a request for a threshold-based In some embodiments, the PTD 310 can also send a threshold amount involving the PTD 310 that are stored in the memory 114.
  • the processor 122 at the interface device 320 can receive the request and the threshold amount from the PTD 310, determine a transaction amount associated with the current transaction, and compare the threshold amount and transaction amount for a match.
  • the interface device 320 passes the request and the threshold amount received from the PTD 310 to the TPS 330, and the processor (e.g., server) 132 at the TPS 330 receives the request and the threshold from the interface device 320, determines a transaction amount associated with the current transaction involving the PTD 310, and compares the threshold amount and the transaction amount for a match.
  • the PTD 310 e.g., a smartphone
  • the PTD 310 can send the request and the first record to the TPS 330 via the cellular network without involving an interface device such as a POS terminal.
  • the interface device 320 can request a threshold-based authentication procedure related to a financial transaction by sending a request to either the PTD 310 or the TPS 330. If the request is sent to the PTD 310, the processing module 122 at the interface device 320 can retrieve a threshold amount for transactions involving the PTD 310 from the user database 134 at the TPS 330 and send the threshold amount to the PTD 310. The processing module 112 at the PTD 310 can receive the request and the threshold amount from the interface device 320, determine a transaction amount for the current transaction involving the PTD 310, and perform a comparison between the threshold amount and the transaction amount for a match.
  • the processing module 122 at the interface device 320 can retrieve a threshold amount involving the PTD 310 from the memory 114 at the PTD 310 and send the threshold amount to the TPS 330.
  • the server 132 at the TPS 330 can receive the request and the threshold amount from the interface device 320, determine a transaction amount for the current transaction involving the PTD 310, and perform a comparison between the threshold amount and the transaction amount for a match.
  • the TPS 330 may already store the threshold amount in memory 134
  • FIG. 4 depicts an example electronic payment transaction system 400 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure.
  • the system 400 includes a payment processing system 430 that includes one or more servers 432 and a user database 434 coupled to the servers 432.
  • the user database 434 can store various data items relating to card holders, including passwords, threshold amounts, and records of previously completed payment transactions.
  • the system 400 may include an internal or proprietary payment transaction system 401 of a merchant (e.g., Target ® ).
  • Payment transaction system 401 may include various types of interface devices 420A- E that facilitate transaction-related communications between various types of portable payment transaction devices 410A-E and the server(s) 432 at the payment processing system 430.
  • the portable payment transaction devices 410A-E are smart payment cards that can communicate with the interface devices 420A-E.
  • Each of the portable payment transaction devices 410A-E can include all or some of the components 1 12, 1 14, 1 16, 350, 352, and 355 of the PTD 310 depicted in Figure 3.
  • Each of the interface devices 420 A-E can include all or some of the components 122, 124, and 126 of the interface device 320 depicted in Figure 3.
  • the merchant's internal payment transaction system 401 further includes a server 442 and a database 444 that can store data items relating to the merchant's customers including threshold amounts, passwords, tokens, and transaction records.
  • the interface devices 420A-E and the server 442 in the internal payment transaction system 401 have wired or wireless connections to an internal communication network 404 (e.g., Intranet), which is in turn connected a wide area network 406 (e.g., Internet).
  • an internal communication network 404 e.g., Intranet
  • a wide area network 406 e.g., Internet
  • the interface device 420A is a fixed point of sale (POS) terminal that is configured to operate with a contact smart payment card 41 OA and has a wired connection (e.g., wired Ethernet) to the internal communication network 404.
  • POS point of sale
  • the contact smart payment card 41 OA is inserted into the POS terminal 420 A for data communication.
  • the contact smart payment card 41 OA can be equipped with male contact pads and the POS terminal 420A can be equipped with corresponding female contact pads or vice versa.
  • Other methods of providing contact-based communication coupling between the contact smart payment card 41 OA and the POS terminal 420A, including micro connectors, can be utilized.
  • the interface device 420B is a fixed POS terminal that is configured to operate with a contactless smart payment card 410B and has a wired connection (e.g., wired Ethernet) to the internal communication network 404.
  • the contactless smart payment card 410B is placed adjacent to the POS terminal 420B for wireless data communication.
  • the contactless smart payment card 410B and the POS terminal 420B can be equipped with transceivers based on a wireless standard or technology, such as RFID, Bluetooth, NFC, Wi-Fi, and ZigBee.
  • the interface device 420C is a portable POS terminal that is configured to operate with a contact smart payment card 4 IOC, and the portable POS terminal 420C has a wireless connection (e.g., wireless Ethernet) to the internal communication network 404.
  • the contact smart payment card 4 IOC is inserted into the portable POS terminal 420C for data communication.
  • the contact smart payment card 4 IOC can be equipped with male contact pads and the POS terminal 420C can be equipped with corresponding female contact pads or vice versa.
  • Other methods of providing contact-based communication coupling between the contact smart payment card 4 IOC and the POS terminal 420C including, micro connectors, can be utilized.
  • the interface device 420D is a portable POS terminal that is configured to operate with a contactless smart payment card 410D, and POS terminal 420D has a wireless connection (e.g., wireless Ethernet) to the internal communication network 404.
  • the contactless smart payment card 410D is placed adjacent to the portable POS terminal 420D for wireless data communication.
  • the contactless smart payment card 410D and the POS terminal 420D can be equipped with transceivers based on a wireless standard or technology, such as RFID, Bluetooth, NFC, Wi-Fi, and ZigBee.
  • the interface device 420E is a fixed POS terminal that is configured to operate with a mobile device (e.g., a smartphone, PDA, tablet), and has either a wired connection (e.g., wired Ethernet) or a wireless connection (e.g., Wi-Fi) to the internal communication network 404.
  • a mobile device e.g., a smartphone, PDA, tablet
  • a wireless connection e.g., wired Ethernet
  • Wi-Fi wireless connection
  • the mobile terminal 410E is placed adjacent to the POS terminal 420E for wireless data communication.
  • the mobile terminal 410E and the POS terminal 420E can be equipped with transceivers based on a wireless standard or technology such as RFID, Bluetooth, NFC, Wi-Fi, and ZigBee.
  • the POS terminal 420E can have a wireless connection (e.g., wireless Ethernet) to the internal communication network 404.
  • the POS terminal 420E can be equipped with an optical scanner or camera that can read a code (e.g., bar code or QR code) displayed on a display of the mobile terminal 410E.
  • a new transaction is initiated when a user presents the smart payment card 41 OA at the POS terminal 420A to pay for products and/or services by, for example, inserting the card 41 OA into the POS terminal 421 as shown in Figure 4.
  • a threshold-based authentication procedure may be performed to determine whether the transaction is of sufficient worth and importance to require additional authentication of the user.
  • card 41 OA in coordination with the POS terminal 420A and/or the payment processing system 432 can determine whether the nature of the transaction required additional security and, if so, initiate a token-based authentication procedure.
  • a biometric authentication procedure may be initiated.
  • a reconciliation-based authentication procedure may be performed before, during, or after a token-based authentication and/or a biometric based-authentication.
  • a threshold-based authentication procedure is performed at the payment processing system 430.
  • the POS terminal 420A can retrieve (e.g., request and receive) a threshold amount from the card 41 OA.
  • the POS terminal 420A can also determine a transaction amount for the current transaction involving the card 41 OA.
  • the POS terminal 420A can send a request for approval of the new transaction to the payment processing system 430 along with the threshold amount retrieved from the card 41 OA and the determined transaction amount.
  • the server(s) 432 at the payment processing system 420 receives the request, the threshold amount, and the transaction amount, and performs a comparison of the threshold amount and the transaction amount.
  • the threshold-based authentication procedure is performed at the POS terminal 420 A.
  • the POS terminal 420 A can retrieve a threshold amount and a transaction amount from the card 410A.
  • the processor 122 at the POS terminal 420A performs a threshold-based authentication by determining whether the transaction amount received from the card 41 OA matches or exceeds the threshold amount.
  • the POS terminal 420A can determine the transaction amount instead of receiving the transaction amount from card 41 OA. .
  • the threshold-based authentication is performed at the smart payment card 41 OA.
  • the POS terminal 420A can retrieve a threshold amount from server(s) 432 at the payment processing system 420.
  • the POS terminal 420A upon receiving the threshold amount from the payment processing system, sends the threshold amount to the card 41 OA.
  • the processor 112 at the card 41 OA performs a threshold-based authentication by comparing a transaction amount associated with the current transaction determined by the card 41 OA with the threshold amount received from the payment processing system 430 via the POS terminal 420A.
  • FIG. 5 depicts another example electronic payment transaction system 500 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure.
  • the system 500 includes a payment processing system 530 that includes one or more servers 532 and a user database 534 coupled to the server(s) 532.
  • the sever(s) 532 conduct different types of electronic payment transactions 501 , 502, 503 with mobile terminals 520A-C via a cellular network 506.
  • the first electronic payment transaction 501 involves a contact smart payment card 51 OA coupled to the mobile terminal 520A via a smart card reader 525 and conducting a payment transaction with the payment processing system 530 via the cellular network 506.
  • the second electronic payment transaction 502 involves a contactless smart payment card 510B wirelessly coupled to the mobile terminal 520B and conducting a payment transaction with the payment processing system 530 via the cellular network 506.
  • the third electronic payment transaction 503 involves the mobile terminal 5 IOC as a portable transaction device and an interface device.
  • mobile terminal 510 can capture an image of a code (e.g., a bar or QR code) associated with a product printed on a package of the product, in a catalog, or advertisement using an image capture device (e.g., a camera) and conducting a payment transaction for the product with the payment processing system 530 via the cellular network 506.
  • a code e.g., a bar or QR code
  • an image capture device e.g., a camera
  • a threshold-based authentication procedure similar to the threshold-based authentication procedures described above with respect to Figures 1-4 can be performed prior to initiating token-based or biometric-based authentication procedures.
  • a comparison of a threshold amount and a transaction amount involving the smart payment card 51 OA can be performed by the server(s) 532 at the payment processing system 530, a processor in the mobile terminal 520A, or a processor in the smart payment card 51 OA.
  • the threshold amount can be stored in a memory in the smart payment card 51 OA, in the database 534 at the payment processing system 530, or in a memory in the mobile terminal 520A.
  • a comparison of a threshold amount and a transaction amount involving the smart payment card 510B can be performed by server(s) 532 at the payment processing system 530, a processor in the mobile terminal 520B, or a processor in the smart payment card 51 OB.
  • the first record can be stored in a memory in the smart payment card 51 OB, the database 534 at the payment processing system 530, or in a memory in the mobile terminal 520B.
  • a comparison of a threshold amount and a transaction amount involving the mobile terminal 5 IOC can be performed by server(s) 532 at the payment processing system 530 or a processor in the mobile terminal 5 IOC.
  • the first record can be stored in a memory in the mobile terminal 510C, and the second record can be stored in the database 534.
  • the threshold-based authentication procedure may be implemented in an access control system.
  • the access control system may be implemented for access to a facility, one or more rooms within the facility, a computing device, a computer network, or a combination thereof.
  • Figure 6 illustrates an example facility implementing a threshold-based authentication procedure in accordance with the present disclosure.
  • each access domain within the facility is assigned an access security level.
  • the access domain may be an entry way to a lab or office within a facility and/or the exterior doors of the facility.
  • a facility that includes work under government contracts with varying levels of security may designate labs for each level of security applicable (e.g., confidential, secret, top secret).
  • each security level is given a numerical value to indicate the level of security required.
  • the access security level may be text-based.
  • the access domain may include one or more computing device, such as a desktop, laptop, or other computing equipment implemented in a facility.
  • the access domain may be one or more computing networks implemented within an access control system. For example, a facility operator may employ multiple computer networks, one for each of various security levels.
  • FIG. 7 depicts an exemplary facility access control system 700 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure.
  • a card reader 720 A and a second facility access transaction 720 involving a smart access fob 71 OB and a fob reader 720B.
  • the system 700 further includes a central facility access controller 730 that includes a processing module 732 and a data storage 734 coupled to the processing module 732.
  • the processing module 732 is communicatively connected to the card reader 720A and the fob reader 620B via a communication network 708, which can be a local area network (LAN) or a wide area network (WAN).
  • LAN local area network
  • WAN wide area network
  • a user presents the smart access card 71 OA to the card reader 720B to gain access to a facility.
  • the card reader 720B can communicate with the card 71 OA using one of various contact or contactless methods, including non-limiting examples described above.
  • a user presents the smart access fob 71 OA to the fob reader 720B to gain access to the facility.
  • a threshold-based authentication procedure similar to the threshold-based authentication procedures described above with respect to Figures 1-4 can be performed to determine if a token-based authentication and/or a biometric- based authentication is required.
  • a comparison of an access security level associated with an access domain and an access permission level associated with the smart access card 71 OA can be performed by the processing module 732 at the central facility access controller 730, a processor in the card reader 720 A, or a processor in the smart access card 71 OA.
  • the access security level and the access permission level can be stored in a memory in the smart access card 71 OA, the databased 734, in a memory in the card reader 73 OA, or a combination thereof.
  • a comparison of an access security level associated with an access domain and an access permission level associated with the smart access fob 710B can be performed by the processing module 732 at the central facility access controller 730, a processor in the fob reader 720B, or a processor in the smart access fob 710B.
  • the access security level and the access permission level can be stored in a memory in the smart access fob 710B, the database 734, in a memory in the fob reader 720B, or a combination thereof.
  • Figure 8 depicts an exemplary computer access control system 800 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure.
  • Figure 8 illustrates a first computer access transaction 801 involving a contact smart access card 81 OA and a card reader 820 A, and a second computer access transaction 802 involving a contactless smart access card 81 OB and a card reader 820B.
  • the system 800 further includes a central computer system 830 that includes one or more servers 832 and a database 834 coupled to the server(s) 832.
  • the sever(s) 832 is connected to the computers 850A, 820B via a network 808, which can be a local area network (LAN) or a wide area network (WAN).
  • LAN local area network
  • WAN wide area network
  • the system 800 can allow a first group of users to access files and applications stored in and running on the computers 850A, 850B and allow a second group of users to access files and applications stored in and running on the computers 850A, 850B and the server(s) 832 and the database 834 in the central computer system 830.
  • a user can insert a contact smart access card 81 OA into a card reader 820A coupled to the desktop computer 850A for access to the desktop computer 850A and/or the central computer system 832.
  • the desktop computer 85 OA is coupled to the network 808 via a wired connection.
  • a user can place a contactless smart access card 810B adjacent to a card reader 820B coupled to a laptop computer 850B for access to the laptop computer 850B and/or the server (s) 832 and the database 834 in the central computer system 830.
  • the laptop computer 850B is coupled to the network 808 via a wireless connection.
  • a threshold-based authentication procedure similar to the threshold-based authentication procedures described above with respect to Figures 1 -4 can be performed to determine whether a token-based authentication and/or a biometric-based authentication is required.
  • a comparison of an access security level associated with an access domain and an access permission level associated with the smart access card 81 OA can be performed by server(s) 832 at the central Computer system 830, a processor in the card reader 820 A, a processor in the smart access card 81 OA, or a processor in the desktop computer 850A.
  • the access security level and the access permission level can be stored in a memory in the smart access card 81 OA, the database 834, in a memory in a desktop computer 850A, or a combination thereof.
  • a comparison of an access security access card 81 OB can be performed by server(s) 832 at the central computer system 830, a processor in the card reader 820B, a processor in the smart access card 81 OB, or a processor in the laptop computer 850B.
  • the access security level and the access permission level can be stored in a memory in the smart access card 61 OB, the database 834, in a memory in the laptop computer 850B, or a combination thereof.
  • a dedicated computer access controller (not shown) can be employed to control access to the computers 850A, 850B and/or the central computer system 830, a processing module (e.g., a processor) in the controller can perform one or more of a token-based authentication, a biometric-based authentication, and a reconciliation-based authentication, and a data storage device (e.g., a memory) in the controller can store records of computer access transactions for different users.
  • a processing module e.g., a processor
  • a data storage device e.g., a memory
  • a parameter associated with the electronic transaction involving an electronic portable transaction device is compared with a threshold (threshold amount/access permission level). If the parameter exceeds the threshold, additional authentication procedures may be initiated. If the parameter does not exceed the threshold, the transaction may be completed without further authentication of the user.
  • Figure 9 is a flowchart illustrating an example process 900 for a threshold-based authentication procedure for financial transactions according to certain aspects of the present disclosure.
  • the process 900 starts at state 901 and proceeds to operation 910, in which a processing module in a device identifies a transaction amount associated with an electronic transaction involving an electronic portable transaction device.
  • the transaction amount is a total of all the goods and/or services a user is requesting to purchase during the transaction.
  • the identification may be performed by an electronic portable transaction device, a transaction processing system configured to process financial transactions involving the electronic portable transaction device, or an interface device configured to facilitate communications between the electronic portable transaction device and the transaction processing system.
  • Non-limiting examples of the electronic portable transaction device a smart payment card or a mobile terminal configured for payment transactions.
  • Non-limiting examples of the interface device include a fixed or portable POS terminal, a mobile terminal, and a contract or contactless smart card or smart fob readers.
  • the process 900 proceeds to operation 920, in which a processing module in the authentication device retrieves a threshold amount from a data storage device.
  • the data storage device can be a memory (e.g., database) at the transaction processing system, a memory in the electronic portable transaction device, or a memory in the interface device.
  • the data storage device may be in the authentication device or in another device in the electronic transaction system.
  • the threshold amount may be a predetermined amount above which biometric authentication is required before the transaction is allowed to be completed.
  • the process 900 proceeds to operation 930, in which a processing module in the authentication device compares the identified transaction amount and the threshold amount.
  • the process 900 proceeds to query state 940, in which a processing module in the authentication device determines if the transaction amount matches or exceeds the threshold amount. If the answer to the query is "yes" (i.e., the transaction amount exceeds the threshold), the process 900 proceeds to operation 850, in which the processing module initiates biometric authentication.
  • the authentication device may include a biometric authentication module, such as the module discussed above with regards to Figure 3, and initiating biometric authentication includes requesting the user to enter biometric data through the biometric sensor.
  • the biometric authentication module may be included in a device other than the authentication device, and initiating biometric authentication includes sending a request to another device to obtain biometric data through the biometric sensor.
  • FIG. 10 is a flowchart illustrating an example process 1000 for a threshold-based authentication procedure for access control transactions according to certain aspects of the present disclosure.
  • the process 1000 starts at state 1001 and proceeds to operation 101, in which a processing module in a device compares an access permission associated with an electronic portable transaction device and an access security level associated with an access domain.
  • the process 1000 proceeds to query state 1020, in which the device determined if the access security level associated with the access domain is higher than the access permission level associated with the electronic portable transaction device. . If the answer to the query is "yes" (i.e., the access security level exceeds the access permission level), the process 1000 proceeds to operation 1030, in which the processing module initiates biometric authentication.
  • the device may include a biometric authentication module, such as the module discussed above with regards to Figure 3, and initiating biometric authentication includes requesting the user to enter biometric data through the biometric sensor.
  • the biometric authentication module may be included in a device other than the device performing the threshold-based authentication procedure, and initiating biometric authentication includes sending a request to the other device to obtain biometric data through the biometric sensor.
  • the process 1000 proceeds to operation 1040, in which a processing module in the device permits access to the access domain without requiring additional biometric authentication.
  • the process 1000 ends a state 1050.
  • the requesting device can be one of the interface devices 420A-E and the authentication device can be the corresponding one of the portable transaction devices 410A-E, or vice versa.
  • the requesting device can be one of the portable transaction devices 410A-E and the authentication device can be server(s) 432 at the payment processing system 430, or vice versa.
  • the requesting device can be the server(s) 432 at the payment processing system 430 and the authentication device can Figure 5, the requesting device can be one of the mobile terminals 520A-B and the authentication device can be one of the smart payment cards 510A-B, or vice versa.
  • the requesting device can be one of the mobile terminals 520A-C and the authentication device can be the server(s) 532 at the payment processing system 530, or vice versa.
  • the requesting device can be the server(s) 532 at the payment processing system 530 and the authentication device can be one of the smart payment cards 510A-B, or vice versa.
  • Figure 1 1 is an example embodiment the access transaction threshold-based authentication procedure of Figure 10 where the authentication device is an electronic portable transaction device.
  • the process 1100 begins at 1101 and proceeds to 1110, where the electronic portable transaction device receives an indication of the access security level from a fixed access control device associated with the access domain.
  • the fixed access control device may be a smart access card or smart fob reader connected to the locking mechanism of an entry way to a facility or area of a facility, or connected to a computer or computing system.
  • the fixed access control device may be connected with an access control system and have access to a database of the access control system.
  • the process 1 100 proceeds to operation 1 120, where the access security level and the access permission level are compared to determine if biometric authentication is required.
  • Operations 1 120, 1 130, 1 140, and 1 150 operate in a similar fashion as operations 1010, 120, 1030, and 1040 of Figure 10.
  • Figure 12 is an example embodiment the access transaction threshold-based authentication procedure of Figure 10 where the authentication device is a fixed access control device.
  • the process 1200 begins at 1201 and proceeds to 1210, where the fixed access control device receives a request to access an access domain from a portable access control device.
  • the fixed access control device may be a smart access card or smart fob reader connected to the locking mechanism of an entry way to a facility or area of a facility, or connected to a computer or computing system.
  • the fixed access control device may be connected with an access control system and have access to a database of the access control system.
  • the process 1200 proceeds to operation 1220, where the fixed access control device receives an indication of an access permission level associated with the electronic portable transaction device from the electronic portable transaction device.
  • the access permission level may be stored in a memory within the electronic portable transaction device.
  • the process 1200 proceeds to operations 1230, 1240, 1250, and 1260, which operate in a similar way to operations 1010, 1020, 1030, and 1040 of Figure 10.

Abstract

A method and system of selectively initiation biometric security based on thresholds is described. One method includes retrieving an access security level associated with an access domain and an access permission level associated with an electronic portable transaction device, comparing the access security level and access permission level, and, if the access security level exceeds the access permission level, initiating a biometric authentication process. Another method includes determining a transaction amount of a current transaction involving an electronic portable transaction device, retrieving a threshold amount from a data storage device, comparing the transaction amount and threshold amount, and, if the transaction amount matches or exceeds the threshold amount, initiating a biometric authentication process.

Description

SYSTEM AND METHOD FOR SELECTIVELY INITIATING BIOMETRIC AUTHENTICATION FOR ENHANCED SECURITY OF TRANSACTIONS
CROSS-REFERENCE TO RELATED APPLICATIONS
[001] The present application claims priority to U.S. Application No. 14/664,573 filed March 20, 2015 and U.S. Application No. 14/664,429 filed March 20, 2015, which are related to co-pending U.S. Patent Application No. 14/596,508, filed January 14, 2015, entitled "System and Method for Requesting Reconciliation of Electronic Transaction Records for Enhanced Security"; U.S. Patent Application No. 14/596,472, filed January 14, 2015, entitled "System and Method for Comparing Electronic Transaction Records for Enhanced Security"; U.S. Patent Application No. 14/596,420, filed January 14, 2015, entitled "System and Method for Reconciling Electronic Transaction Records for Enhanced Security"; U.S. Patent Application No. 14/596,572, filed January 14, 2015, entitled "Smart Card Systems Comprising a Card and a Carrier"; and U.S. Patent Application No. 14/616,069, filed February 6, 2015 entitled "Smart Card Systems and Methods Utilizing Multiple ATR Messages," which are all incorporated herein by reference in their entirety.
FIELD OF THE INVENTION
[002] The present invention relates to electronic transactions. More specifically, the present invention relates to system and method for selectively initiating biometric authentication for enhanced security of electronic transactions.
BACKGROUND
[003] Electronic transactions— such as for payments or access to a facility or computer— can be conducted using electronic portable transaction devices, such as smart cards or mobile devices. A smart card is a device that includes an embedded integrated circuit chip that can be either a secure processing module (e.g., microprocessor, microcontroller or equivalent intelligence) operating with an internal or external memory or a memory chip alone. Smart cards can serve as credit or ATM debit cards, phone or fuel cards, and high-security access-control cards for granting access to a computer or a physical facility. Smart cards can authenticate identity of the user by employing a token, such as public key infrastructure (PKI) and one-time- password (OTP). In addition, smart cards can be configured for a biometric authentication to provide an additional layer of security.
[004] Similarly, mobile devices such as smartphones, PDAs, tablets, and laptops can provide a platform for electronic transactions. For example, a user of a mobile device can conduct an electronic transaction for purchase of a product or service using an application that communicates with a mobile payment service. Mobile devices can be configured for a token- based authentication and/or a biometric authentication.
[005] Additional layers of security, however, may not always be necessary, or desired. For example, biometric authentication may not need to occur for low-value or routine transactions, such as purchases below a certain amount. What is needed is a method of enhanced security that may be selectively applied based on the nature of the transaction.
BRIEF SUMMARY OF THE INVENTION
[006] Various embodiments of the present disclosure are directed to selectively enhancing security of electronic transactions through the use of authentication thresholds.
[007] In accordance with the technology described herein, a method of selectively initiating biometric authentication in an access control system comprises comparing an access permission level associated with a portable access control device to an access security level associated with an access domain; and initiating a biometric authentication process if the access security level associated with the access domain is higher than the access permission level associated with the electronic portable transaction device.
[008] In accordance with the technology described herein, a method of selectively initiating biometric authentication for financial transactions comprises identifying a transaction amount associated with an electronic transaction involving an electronic portable transaction device; retrieving a threshold amount from a data storage device; comparing the transaction amount from a data storage device; and initiating a biometric authentication process if the transaction amount matches or exceeds the threshold amount.
[009] In accordance with the technology described herein, a portable access control device comprises a processing module configured to execute a program configured to: receive an indication of an access security level associated with an access domain from a fixed access control device associated with the access domain, and initiate a biometric authentication process if the access security level associated with the access domain is higher than an access permission level associated with the portable access control device; and a memory configured to store the program.
[010] In accordance with the technology described herein, a device for selectively initiating biometric authentication for financial transactions comprises a processing module configured to execute a program configured to: identify a transaction amount associated with an electronic transaction involving an electronic portable transaction device; retrieve a threshold amount from a data storage device; compare the transaction amount and the threshold amount; and initiate a biometric authentication process if the transaction amount exceeds the threshold amount; and a memory configured to store the program.
[011] In accordance with the technology described herein, a fixed access control device comprises a processing module configured to execute a program configured to: receive an indication of an access permission level associated with a portable access control device, and initiate a biometric authentication process if the access permission level associated with the portable transaction device is higher than an access security level associated with an access domain; and a memory configured to store the program.
[012] Other features and aspects of the disclosed technology will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, which illustrate, by way of example, the features in accordance with embodiments of the disclosed technology. The summary is not intended to limit the scope of any inventions described herein, which are defined solely by the claims attached hereto. BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS
[013] The technology disclosed herein, in accordance with one or more various embodiments, is described in detail with reference to the following figures. The drawings are provided for purposes of illustration only and merely depict typical or example embodiments of the disclosed technology. These drawings are provided to facilitate the reader's understanding of the disclosed technology and shall not be considered limiting of the breadth, scope, or applicability thereof. It should be noted that for clarity and ease of illustration these drawings are not necessarily made to scale.
[014] Figure 1 is a block diagram of an example electronic transaction system within which various embodiments of the technology disclosed herein may be implemented.
[015] Figure 2 is another block diagram of an example electronic transaction system within which various embodiments of the technology disclosed herein may be implemented.
[0 6] Figure 3 is a block diagram of an example electronic transaction system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
[017] Figure 4 is a block diagram of another example electronic transaction system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
[018] Figure 5 is a block diagram of another example electronic transaction system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
[019] Figure 6 is a block diagram of an example computer access control system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
[020] Figure 7 is a block diagram of an example facility within which a facility access control system according to certain aspects of the present disclosure may be implemented. [021] Figure 8 is a block diagram of an example facility access control system implementing biometric security utilizing thresholds according to certain aspects of the present disclosure.
[022] Figure 9 is a flowchart illustrating an example biometric security utilizing thresholds for financial transactions according to certain aspects of the present disclosure.
[023] Figure 10 is a flowchart illustrating an example biometric security utilizing thresholds for access control transactions according to certain aspects of the present disclosure.
[024] Figure 1 1 is a flowchart illustrating an example of biometric security utilizing thresholds implemented in a portable access control device according to certain aspects of the present disclosure.
[025] Figure 12 is a flowchart illustrating an example of biometric security utilizing threshold implemented in a portable access control device according to certain aspects of the present disclosure.
DETAILED DESCRIPTION
[026] The present disclosure addresses this and other problems associated with enhanced layers of security for electronic transactions by providing a procedure for selectively initiating biometric authentication of an electronic portable transaction device. In certain aspects of the present disclosure, the selective initiation of biometric authentication can be based on thresholds associated with the need for biometric authentication (hereinafter "threshold-based authentication procedure"). For financial transactions, biometric authentication can be initiated based on a comparison between a transaction amount of a transaction involving an electronic portable transaction device and a threshold amount associated with the user's account. For access control transactions, biometric authentication can be initiated based on a comparison between an access security level associated with an access domain and an access permission level associated with an electronic portable transaction device.
[027] In the following detailed description, numerous specific details are set forth to provide a full understanding of various aspects of the subject disclosure. It will be apparent, however, to one ordinarily skilled in the art that various aspects of the subject disclosure may be practiced without some of these specific details. In other instances, well-known structures and techniques have not been shown in detail to avoid unnecessarily obscuring the subject disclosure.
[028] Figure 1 is a block diagram of an example electronic transaction system 100 that can implement a threshold-based authentication procedure according to certain aspects of the present disclosure. The system 100 includes an electronic portable transaction device (PTD) 1 10, a transaction processing system (TPS) 130, and an interface device 120 that facilitates communications between the PTD 1 10 and the TPS 130. The PTD 1 10 can be, for example, a smart card, a smart key, a smart fob, or a mobile device. In some embodiments, the PTD 1 10 can include a biometric authentication module (not shown) for biometric authentication.
[029] The PTD 1 10 can conduct various types of electronic transactions with the TPS 130 via the interface device 120. For financial transaction applications, the PTD 1 10 can be a smart payment card such as a smart credit, debit, and/or prepaid card, or a smartphone with a payment transaction application. The TPS 130 can be a payment processing system of a merchant (e.g., Target®), a bank (e.g., Bank of America®), or a card issuer (e.g., Visa®). The interface device 120 can be a point of sale (POS) terminal that can communicate with the PTD 1 10 using a contact method (e.g., matching male and female contact pads) or a contactless method (e.g., RFID, Bluetooth, NFC, Wi-Fi, ZigBee).
[030] For access control applications, the PTD 110 can be a smart access card for providing access to a facility or computer. The TPS 130 can be a server in a central computer system, or a dedicated access controller that controls an access to a facility or computer. Interface device 120 can be a card reader that can communicate with the PTD 1 10 using a contact method (e.g., contact pads) or a contactless method (e.g., RPID, Bluetooth, NFC, Wi-Fi, ZigBee).
[031] In the illustrated example of Figure 1, the PTD 1 10 includes a processing module 1 12 and a data storage device 1 14; the interface device 120 includes a processing module 122 and a data storage device 124; and the TPS 130 includes a processing module 132 and a data storage device 134. In some embodiments, the PTD 1 10 can include a biometric authentication module (not shown) that includes a biometric sensor and a controller. The processing modules 1 12, 122, and 132, depending on the application, may be a microprocessor, microcontroller, application- any combination of components or devices configured to perform and/or control the functions of the PTD 110, interface device 120, and TPS 130, respectively. The data storage devices 114, 124, and 134, depending on the application, may be a read-only memory (ROM), such as EPROM or EEPROM, flash, a hard disk, a database, or any other storage component capable of storing executory programs and information for use by the processing modules 112, 122, and 132, respectively.
[032] Figure 2 is a block diagram of an example electronic transaction system 200 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure As illustrated in Figure 2, electronic transactions occur between a portable transaction device (PTD) 11 OA and a transaction processing system (TPS) 130A without an interface device. By way of example, a shopper may use a smartphone equipped with a camera to capture an image of a code (e.g., bar or QR code) to make a payment for a product or service by transmitting payment information to a card payment processing system via a cellular network. By way of another example, an access card reader at a facility may store information (e.g., passwords and/or security tokens) associated with employees authorized to enter the facility and, upon reading an access card, may compare security information received from the card with the stored information and grant or deny access depending on the outcome of the comparison.
[033] Figure 3 is a block diagram of an example electronic transaction system 300 that can implement a threshold-based authentication procedure according to certain aspects of the present disclosure. In the illustrated example, the system 300 includes an electronic portable transaction device (PTD) 310, an interface device 320, and a transaction processing system (TPS) 330. In some embodiments, the PTD 310 is a smart card, in which case the interface device 320 can be a card reader. In some embodiments, the PTD 310 is a mobile device such as a smart phone, PDA, or tablet, in which case the interface device 320 can be an optical scanner or camera that can read a code presented on a display of the mobile device, or a Bluetooth, Wi-Fi or a near field communication (NFC) device that can communicate authentication- and/or transaction-related data between the mobile device and the TPS 330. In some embodiments, the PTD 310 is a smart card and the interface device 320 is a mobile device, in which case the smart card can perform authentication-related functions and the mobile device can provide a communication link [034] In the illustrated embodiment of Figure 3, the PTD 310 includes a processor 112, a memory 1 14, and an interface 1 16. In certain embodiments, the memory 114 can store a program that performs various communication and transaction functions of the PTD 310. The memory 1 14 can also store a password, token, and/or other identification information unique to the PTD 310. In some embodiments, the memory 1 14 can be part of the processor 1 12. In various embodiments, the PTD 310 may include a second memory. In such embodiments, the second memory may store one or more of the data items discussed above with regard to memory 1 14. In other embodiments, the second memory can store a record of previous transactions involving the PTD 310 and implement a reconciliation-based authentication for extra security of the PTD 310, such as the process disclosed in U.S. Patent Application No. 14/596,508, U.S. Patent Application No. 14/596,472, and U.S. Patent Application No. 14/596,420, the disclosures of which are herein incorporated by reference in their entirety. In various embodiments, the more than one memory may be a single memory component. The interface device 320 includes a processor 122, a memory 124, and an interface 126. The TPS 330 includes one or more processing modules including a server 132, one or more data storage devices including a user database 134, and an interface 136 for communicating with the interface device 320 via a communication network 302. In some embodiments, the user database 134 can store various data items relating to the PTD 310, including a password and data items relating to previously completed transactions involving the PTD 310.
[035] The interface 1 16 and the interface 126 provide a communication link between the PTD 310 and the interface device 320. Using this communication link, the PTD 110 can communicate authentication- and/or transaction-related data with the interface device 120 and/or the TPS 130. In some embodiments, the PTD 1 10 can also receive power in the form of a voltage and/or current from the interface device 120 via the interfaces 1 16, 126. In certain embodiments, the interfaces 1 16, 126 can include a pair of male and female contact pads provided in the PTD (e.g., a smart card) and the interface device (e.g., a POS terminal). In some embodiments, the interfaces 1 16, 126 can include a pair of transceivers supporting wireless standards such as RFID, Bluetooth, Wi-Fi, NFT, and ZigBee. In some embodiments, the interface 1 16 can be a display of the mobile terminal that presents a code (e.g., a bar code or QR code) and the interface 126 can be an optical/infrared code scanner coupled to a POS terminal. In some embodiments, the interfaces 1 16,126 are a pair of wireless transceivers in a mobile device (e.g., a smartphone) and a POS terminal, respectively. In some embodiments, where the PTD 1 10 is a contactless smart card and the interface device 120 is a mobile device (e.g., a smartphone), the interfaces 1 16, 126 can include a pair of wireless transceivers in the contactless smart card and the mobile device, respectively.
[036] In some embodiments, the PTD 1 10 is a mobile device that communicates with the TPS 130 via a wide area wireless network, such as a 3G UMTS or 4G LTE network, without the need for an interface device 120. In some embodiments, the PTD 110 is a smart card having a wireless capability that allows the card to communicate with the TPS 130 via a cellular network, such as a 3G UMTS or 4G LTE network, without the need for an interface device 120.
[037] In certain embodiments, the processor 1 12 is configured to perform an authentication procedure using a security token stored in the memory 114. Such a token-based authentication procedure is known in the art, and an exemplary procedure is described in "EMV® Payment Tokenisation Specification, Technical Framework" version 1.0, March 2014, which is incorporated herein by reference for all purposes.
[038] In certain embodiments, the PTD 1 10 can include a biometric authentication module 350 that includes a control 352 and a biometric sensor 355. In other embodiments, the biometric authentication module 350 can be in the interface device (e.g., a POS terminal) instead of in the PTD 1 10. Biometric authentication can begin with the collection of a digital biometric sample (e.g., bitmap image of user's fingerprint) using the biometric sensor 355. Useful features contained in the collected sample are then extracted and formatted into a template record that can be matched against other template records. In various embodiments, the template is stored at registration (and when combined with identity vetting, establishes an identity) in a memory (not shown) inside the biometric authentication module 350 or in one of the first and second memories 1 13, 1 14. When a transaction takes place, the biometric sensor 355 can measure the same biometric characteristic and the control 352 can process the measured biometric characteristic into a template format, and compare the template to the previously registered template.
[039] Biometric measurements may vary slightly from one measurement to the next. This mechanism and environment in which the data are captured. Therefore, a biometric sample measured at registration may not precisely match the results of the live sample measurement. As a result of this variability, in various embodiments a similarity score is generated and this score is compared against a pre-determined threshold value to determine what constitutes an acceptable match.
[040] Enhanced security may be applied to electronic transactions only when the nature of the electronic transaction breaches a certain threshold associated with electronic transactions, such as financial transactions or access control transactions. With a reference to the embodiment of Figure 3, in a threshold-based authentication procedure for a financial transaction, the threshold may be a threshold amount related to a PTD 310 can be stored in memory 114 of the PTD 310, memory 124 of the interface device 320, or the memory 134 of the TPS 330. When a user attempts a new financial transaction involving the PTD 310, a transaction amount associated with the transaction is determined. The transaction amount is the total value of all the goods and/or services a user is purchasing at a given time. In addition, the threshold amount is retrieved from the memory 114, 124, or 134, and compared with the determined transaction amount. In various embodiments, the comparison is performed by the processing module 132 at the TPS 330. In other embodiments, the comparison is performed by the processing module 122 at the interface device 120. In some embodiments, the comparison is performed by the processing module 1 12 at the PTD 310. In some embodiments, the comparison can be performed by more than one device. For example, in an embodiment where the PTD 310 is a smart card (e.g., a smart card payment), the TPS 330 is a payment processing system, and the interface device is a mobile terminal (e.g., a smartphone) that communicates with the smart card (using e.g., RFID, Bluetooth, NFC, Wi-Fi, or ZigBee) and the TPS 330 (using e.g., a cellular network), the smart card can perform one comparison and the mobile terminal can perform another comparison as described further below with respect to Figure 5.
[041] For access transactions, the threshold may be an access security level. The access security level is a value indicative of a security level associated with an access control domain (e.g., a lab in a facility). When a user attempts new access transaction involving the PTD 310, the access security level associated with an access control domain is compared with an access level, access security level, or both may be stored in one of the memory 114, 124, and 134. In various embodiments, the comparison is performed by the processing module 132 at the TPS 330. In other embodiments, the comparison is performed by the processing module 122 at the interface device 120. In some embodiments, the comparison is performed by the processing module 112 at the PTD 310. In some embodiments, the comparison can be performed by more than one device. For example, in an embodiment where the PTD 310 is a smart card (e.g., a smart card payment), the TPS 330 is a payment processing system, and the interface device is a mobile terminal (e.g., a smartphone) that communicates with the smart card (using e.g., RFID, Bluetooth, NFC, Wi-Fi, or ZigBee) and the TPS 330 (using e.g., a cellular network), the smart card can perform one comparison and the mobile terminal can perform another comparison as described further below with respect to Figure 5.
[042] In some embodiments, a threshold-based authentication procedure can be requested by a device that is different from a device that performs the threshold-based authentication procedure (e.g., comparison of the threshold amount and transaction amount). For example, the TPS 330 can send a request for a threshold-based authentication procedure in connection with a new financial transaction involving the PTD 310. In some embodiments, the TPS 330 can also send the threshold amount associated with PTD 310 stored in database 134. The processor 122 at the interface device 320 can receive the request and the threshold amount from the TPS 330, determine a transaction amount for the current transaction involving the PTD 310, and compare the threshold amount and the transaction amount for a match. In other embodiments, the interface device 320 passes the request and the threshold amount received from the TPS 330 to the PTD 310, and the processor 112 at the PTD 310 receives the request and the threshold amount from the interface device 320, determine a transaction amount for the current transaction involving the PTD, and compare the threshold amount and the transaction amount for a match. In some embodiments where the PTD 310 (e.g., a smartphone) has the capability to communicate with a cellular network, such as a 3G UMTS or 4G LTE network, the PTD 310 can receive the request and the threshold amount from the TPS 330 via the cellular network without involving an interface device such as a POS terminal.
[043] In some embodiments, the PTD 310 can send a request for a threshold-based In some embodiments, the PTD 310 can also send a threshold amount involving the PTD 310 that are stored in the memory 114. The processor 122 at the interface device 320 can receive the request and the threshold amount from the PTD 310, determine a transaction amount associated with the current transaction, and compare the threshold amount and transaction amount for a match. In other embodiments, the interface device 320 passes the request and the threshold amount received from the PTD 310 to the TPS 330, and the processor (e.g., server) 132 at the TPS 330 receives the request and the threshold from the interface device 320, determines a transaction amount associated with the current transaction involving the PTD 310, and compares the threshold amount and the transaction amount for a match. In some embodiments where the PTD 310 (e.g., a smartphone) has the capability to communicate with a cellular network, such as a 3G UMTS or 4G LTE network, the PTD 310 can send the request and the first record to the TPS 330 via the cellular network without involving an interface device such as a POS terminal.
[044] In some embodiments, the interface device 320 can request a threshold-based authentication procedure related to a financial transaction by sending a request to either the PTD 310 or the TPS 330. If the request is sent to the PTD 310, the processing module 122 at the interface device 320 can retrieve a threshold amount for transactions involving the PTD 310 from the user database 134 at the TPS 330 and send the threshold amount to the PTD 310. The processing module 112 at the PTD 310 can receive the request and the threshold amount from the interface device 320, determine a transaction amount for the current transaction involving the PTD 310, and perform a comparison between the threshold amount and the transaction amount for a match. In various embodiments, if the request is sent to the TPS 330, the processing module 122 at the interface device 320 can retrieve a threshold amount involving the PTD 310 from the memory 114 at the PTD 310 and send the threshold amount to the TPS 330. The server 132 at the TPS 330 can receive the request and the threshold amount from the interface device 320, determine a transaction amount for the current transaction involving the PTD 310, and perform a comparison between the threshold amount and the transaction amount for a match. In other embodiments, the TPS 330 may already store the threshold amount in memory 134
[045] Although the above threshold-based authentication procedure has been described in regards to financial transactions, the same embodiments are applicable to access transactions. 310, TPS 330, or interface device 320 may retrieve an access permission level associated with the PTD 310, described above. The same comparison process would occur.
[046] Various example arrangements of electronic transaction systems implementing a threshold-based authentication procedure are described below with respect to Figures 4-7. Figure 4 depicts an example electronic payment transaction system 400 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure. The system 400 includes a payment processing system 430 that includes one or more servers 432 and a user database 434 coupled to the servers 432. In some embodiments, the user database 434 can store various data items relating to card holders, including passwords, threshold amounts, and records of previously completed payment transactions. In various embodiments, the system 400 may include an internal or proprietary payment transaction system 401 of a merchant (e.g., Target®). Payment transaction system 401 may include various types of interface devices 420A- E that facilitate transaction-related communications between various types of portable payment transaction devices 410A-E and the server(s) 432 at the payment processing system 430. In the illustrated example, the portable payment transaction devices 410A-E are smart payment cards that can communicate with the interface devices 420A-E. Each of the portable payment transaction devices 410A-E can include all or some of the components 1 12, 1 14, 1 16, 350, 352, and 355 of the PTD 310 depicted in Figure 3. Each of the interface devices 420 A-E can include all or some of the components 122, 124, and 126 of the interface device 320 depicted in Figure 3. In the illustrated embodiment, the merchant's internal payment transaction system 401 further includes a server 442 and a database 444 that can store data items relating to the merchant's customers including threshold amounts, passwords, tokens, and transaction records.
[047] To enable communication between the payment processing system 430 and the merchant's internal payment transaction. system 401, the interface devices 420A-E and the server 442 in the internal payment transaction system 401 have wired or wireless connections to an internal communication network 404 (e.g., Intranet), which is in turn connected a wide area network 406 (e.g., Internet). In this manner, the POS terminals 420A-E, the smart payment cards 410A-E, and the server 442 can engage in data communication with the server(s) 432 at the payment processing system 430. [048] In the illustrated example of Figure 4, the interface device 420A is a fixed point of sale (POS) terminal that is configured to operate with a contact smart payment card 41 OA and has a wired connection (e.g., wired Ethernet) to the internal communication network 404. During a payment transaction, the contact smart payment card 41 OA is inserted into the POS terminal 420 A for data communication. For this purpose, the contact smart payment card 41 OA can be equipped with male contact pads and the POS terminal 420A can be equipped with corresponding female contact pads or vice versa. Other methods of providing contact-based communication coupling between the contact smart payment card 41 OA and the POS terminal 420A, including micro connectors, can be utilized.
[049] The interface device 420B is a fixed POS terminal that is configured to operate with a contactless smart payment card 410B and has a wired connection (e.g., wired Ethernet) to the internal communication network 404. During a payment transaction, the contactless smart payment card 410B is placed adjacent to the POS terminal 420B for wireless data communication. For this purpose, the contactless smart payment card 410B and the POS terminal 420B can be equipped with transceivers based on a wireless standard or technology, such as RFID, Bluetooth, NFC, Wi-Fi, and ZigBee.
[050] The interface device 420C is a portable POS terminal that is configured to operate with a contact smart payment card 4 IOC, and the portable POS terminal 420C has a wireless connection (e.g., wireless Ethernet) to the internal communication network 404. During a payment transaction, the contact smart payment card 4 IOC is inserted into the portable POS terminal 420C for data communication. In various embodiments, the contact smart payment card 4 IOC can be equipped with male contact pads and the POS terminal 420C can be equipped with corresponding female contact pads or vice versa. Other methods of providing contact-based communication coupling between the contact smart payment card 4 IOC and the POS terminal 420C including, micro connectors, can be utilized.
[051] The interface device 420D is a portable POS terminal that is configured to operate with a contactless smart payment card 410D, and POS terminal 420D has a wireless connection (e.g., wireless Ethernet) to the internal communication network 404. During a payment transaction, the contactless smart payment card 410D is placed adjacent to the portable POS terminal 420D for wireless data communication. For this purpose, the contactless smart payment card 410D and the POS terminal 420D can be equipped with transceivers based on a wireless standard or technology, such as RFID, Bluetooth, NFC, Wi-Fi, and ZigBee.
[052] The interface device 420E is a fixed POS terminal that is configured to operate with a mobile device (e.g., a smartphone, PDA, tablet), and has either a wired connection (e.g., wired Ethernet) or a wireless connection (e.g., Wi-Fi) to the internal communication network 404. During a payment transaction, the mobile terminal 410E is placed adjacent to the POS terminal 420E for wireless data communication. For this purpose, the mobile terminal 410E and the POS terminal 420E can be equipped with transceivers based on a wireless standard or technology such as RFID, Bluetooth, NFC, Wi-Fi, and ZigBee. In certain alternative embodiments, the POS terminal 420E can have a wireless connection (e.g., wireless Ethernet) to the internal communication network 404. In some embodiments, the POS terminal 420E can be equipped with an optical scanner or camera that can read a code (e.g., bar code or QR code) displayed on a display of the mobile terminal 410E.
[053] For ease of illustration only, without any intent to limit the scope of the present disclosure in any way, various aspects of operation of the electronic payment transaction system 400 will be described with respect to a financial transaction involving the contact smart payment card 41 OA and the POS terminal 420 A. It shall be appreciated by those skilled in the art in view of the present disclosure that the described operation is applicable to other portable transaction devices (e.g., 410B-E) and interface devices (e.g., 420B-E), and for different types of transactions, such as access transactions (e.g., access to a facility or computer).
[054] In operation, a new transaction is initiated when a user presents the smart payment card 41 OA at the POS terminal 420A to pay for products and/or services by, for example, inserting the card 41 OA into the POS terminal 421 as shown in Figure 4. Before authorizing the new transaction, a threshold-based authentication procedure may be performed to determine whether the transaction is of sufficient worth and importance to require additional authentication of the user. For example, card 41 OA in coordination with the POS terminal 420A and/or the payment processing system 432 can determine whether the nature of the transaction required additional security and, if so, initiate a token-based authentication procedure. Optionally, the card 41 OA, a biometric authentication procedure may be initiated. To further enhance security of the transaction, a reconciliation-based authentication procedure may be performed before, during, or after a token-based authentication and/or a biometric based-authentication.
[055] In certain embodiments, such additional authentication procedures may not be needed or desired. In various embodiments, a threshold-based authentication procedure is performed at the payment processing system 430. By way of example, after making a data connection with the card 41 OA, the POS terminal 420A can retrieve (e.g., request and receive) a threshold amount from the card 41 OA. The POS terminal 420A can also determine a transaction amount for the current transaction involving the card 41 OA. The POS terminal 420A can send a request for approval of the new transaction to the payment processing system 430 along with the threshold amount retrieved from the card 41 OA and the determined transaction amount. The server(s) 432 at the payment processing system 420 receives the request, the threshold amount, and the transaction amount, and performs a comparison of the threshold amount and the transaction amount.
[056] In certain embodiments, the threshold-based authentication procedure is performed at the POS terminal 420 A. By way of example, after making a data connection with the card 41 OA, the POS terminal 420 A can retrieve a threshold amount and a transaction amount from the card 410A. The processor 122 at the POS terminal 420A performs a threshold-based authentication by determining whether the transaction amount received from the card 41 OA matches or exceeds the threshold amount. In some embodiments, the POS terminal 420A can determine the transaction amount instead of receiving the transaction amount from card 41 OA. .
[057] In certain embodiments, the threshold-based authentication is performed at the smart payment card 41 OA. By way of example, after making a data connection with the card 41 OA, the POS terminal 420A can retrieve a threshold amount from server(s) 432 at the payment processing system 420. The POS terminal 420A, upon receiving the threshold amount from the payment processing system, sends the threshold amount to the card 41 OA. The processor 112 at the card 41 OA performs a threshold-based authentication by comparing a transaction amount associated with the current transaction determined by the card 41 OA with the threshold amount received from the payment processing system 430 via the POS terminal 420A. [058] Figure 5 depicts another example electronic payment transaction system 500 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure. The system 500 includes a payment processing system 530 that includes one or more servers 532 and a user database 534 coupled to the server(s) 532. The sever(s) 532 conduct different types of electronic payment transactions 501 , 502, 503 with mobile terminals 520A-C via a cellular network 506.
[059] The first electronic payment transaction 501 involves a contact smart payment card 51 OA coupled to the mobile terminal 520A via a smart card reader 525 and conducting a payment transaction with the payment processing system 530 via the cellular network 506. The second electronic payment transaction 502 involves a contactless smart payment card 510B wirelessly coupled to the mobile terminal 520B and conducting a payment transaction with the payment processing system 530 via the cellular network 506. The third electronic payment transaction 503 involves the mobile terminal 5 IOC as a portable transaction device and an interface device. In some embodiments, mobile terminal 510 can capture an image of a code (e.g., a bar or QR code) associated with a product printed on a package of the product, in a catalog, or advertisement using an image capture device (e.g., a camera) and conducting a payment transaction for the product with the payment processing system 530 via the cellular network 506.
[060] In each of these payment transactions 501, 502, 503, a threshold-based authentication procedure similar to the threshold-based authentication procedures described above with respect to Figures 1-4 can be performed prior to initiating token-based or biometric-based authentication procedures. In the first payment transaction 501, a comparison of a threshold amount and a transaction amount involving the smart payment card 51 OA can be performed by the server(s) 532 at the payment processing system 530, a processor in the mobile terminal 520A, or a processor in the smart payment card 51 OA. The threshold amount can be stored in a memory in the smart payment card 51 OA, in the database 534 at the payment processing system 530, or in a memory in the mobile terminal 520A.
[061] For the second payment transaction 502 a comparison of a threshold amount and a transaction amount involving the smart payment card 510B can be performed by server(s) 532 at the payment processing system 530, a processor in the mobile terminal 520B, or a processor in the smart payment card 51 OB. The first record can be stored in a memory in the smart payment card 51 OB, the database 534 at the payment processing system 530, or in a memory in the mobile terminal 520B.
[062] For the third payment transaction 503, a comparison of a threshold amount and a transaction amount involving the mobile terminal 5 IOC can be performed by server(s) 532 at the payment processing system 530 or a processor in the mobile terminal 5 IOC. The first record can be stored in a memory in the mobile terminal 510C, and the second record can be stored in the database 534.
[063] The threshold-based authentication procedure may be implemented in an access control system. The access control system may be implemented for access to a facility, one or more rooms within the facility, a computing device, a computer network, or a combination thereof. Figure 6 illustrates an example facility implementing a threshold-based authentication procedure in accordance with the present disclosure. As illustrated in Figure 6, each access domain within the facility is assigned an access security level. In various embodiments, the access domain may be an entry way to a lab or office within a facility and/or the exterior doors of the facility. For example, a facility that includes work under government contracts with varying levels of security may designate labs for each level of security applicable (e.g., confidential, secret, top secret). In the illustrated embodiment, each security level is given a numerical value to indicate the level of security required. In other embodiments, the access security level may be text-based.
[064] In other embodiments, the access domain may include one or more computing device, such as a desktop, laptop, or other computing equipment implemented in a facility. In other embodiments, the access domain may be one or more computing networks implemented within an access control system. For example, a facility operator may employ multiple computer networks, one for each of various security levels.
[065] Figure 7 depicts an exemplary facility access control system 700 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure. a card reader 720 A, and a second facility access transaction 720 involving a smart access fob 71 OB and a fob reader 720B. In the illustrated example, the system 700 further includes a central facility access controller 730 that includes a processing module 732 and a data storage 734 coupled to the processing module 732. The processing module 732 is communicatively connected to the card reader 720A and the fob reader 620B via a communication network 708, which can be a local area network (LAN) or a wide area network (WAN).
[066] In the first facility access transaction 701, a user presents the smart access card 71 OA to the card reader 720B to gain access to a facility. The card reader 720B can communicate with the card 71 OA using one of various contact or contactless methods, including non-limiting examples described above. In the second facility access transaction 702, a user presents the smart access fob 71 OA to the fob reader 720B to gain access to the facility.
[067] In each of these facility access transactions 701 , 702, a threshold-based authentication procedure similar to the threshold-based authentication procedures described above with respect to Figures 1-4 can be performed to determine if a token-based authentication and/or a biometric- based authentication is required. For the first facility access transaction 701, a comparison of an access security level associated with an access domain and an access permission level associated with the smart access card 71 OA can be performed by the processing module 732 at the central facility access controller 730, a processor in the card reader 720 A, or a processor in the smart access card 71 OA. The access security level and the access permission level can be stored in a memory in the smart access card 71 OA, the databased 734, in a memory in the card reader 73 OA, or a combination thereof. For the second facility access transaction 702, a comparison of an access security level associated with an access domain and an access permission level associated with the smart access fob 710B can be performed by the processing module 732 at the central facility access controller 730, a processor in the fob reader 720B, or a processor in the smart access fob 710B. The access security level and the access permission level can be stored in a memory in the smart access fob 710B, the database 734, in a memory in the fob reader 720B, or a combination thereof.
[068] Figure 8 depicts an exemplary computer access control system 800 that implements a threshold-based authentication procedure according to certain aspects of the present disclosure. Figure 8 illustrates a first computer access transaction 801 involving a contact smart access card 81 OA and a card reader 820 A, and a second computer access transaction 802 involving a contactless smart access card 81 OB and a card reader 820B. In the illustrated example, the system 800 further includes a central computer system 830 that includes one or more servers 832 and a database 834 coupled to the server(s) 832. The sever(s) 832 is connected to the computers 850A, 820B via a network 808, which can be a local area network (LAN) or a wide area network (WAN). In certain embodiments, the system 800 can allow a first group of users to access files and applications stored in and running on the computers 850A, 850B and allow a second group of users to access files and applications stored in and running on the computers 850A, 850B and the server(s) 832 and the database 834 in the central computer system 830.
[069] In the first computer access transaction 801, a user can insert a contact smart access card 81 OA into a card reader 820A coupled to the desktop computer 850A for access to the desktop computer 850A and/or the central computer system 832. In the illustrated example, the desktop computer 85 OA is coupled to the network 808 via a wired connection. In the second computer access transaction 802, a user can place a contactless smart access card 810B adjacent to a card reader 820B coupled to a laptop computer 850B for access to the laptop computer 850B and/or the server (s) 832 and the database 834 in the central computer system 830. The laptop computer 850B is coupled to the network 808 via a wireless connection.
[070] In each of these computer access transactions 801, 802, a threshold-based authentication procedure similar to the threshold-based authentication procedures described above with respect to Figures 1 -4 can be performed to determine whether a token-based authentication and/or a biometric-based authentication is required. For the first computer access transaction 801 , a comparison of an access security level associated with an access domain and an access permission level associated with the smart access card 81 OA can be performed by server(s) 832 at the central Computer system 830, a processor in the card reader 820 A, a processor in the smart access card 81 OA, or a processor in the desktop computer 850A. The access security level and the access permission level can be stored in a memory in the smart access card 81 OA, the database 834, in a memory in a desktop computer 850A, or a combination thereof. For the second computer access transaction 802, a comparison of an access security access card 81 OB can be performed by server(s) 832 at the central computer system 830, a processor in the card reader 820B, a processor in the smart access card 81 OB, or a processor in the laptop computer 850B. The access security level and the access permission level can be stored in a memory in the smart access card 61 OB, the database 834, in a memory in the laptop computer 850B, or a combination thereof. In certain embodiments, a dedicated computer access controller (not shown) can be employed to control access to the computers 850A, 850B and/or the central computer system 830, a processing module (e.g., a processor) in the controller can perform one or more of a token-based authentication, a biometric-based authentication, and a reconciliation-based authentication, and a data storage device (e.g., a memory) in the controller can store records of computer access transactions for different users.
[071] Although financial transactions and access control transactions have been described separately, the same basic threshold-based authentication process applies. A parameter associated with the electronic transaction involving an electronic portable transaction device (transaction amount/access security level) is compared with a threshold (threshold amount/access permission level). If the parameter exceeds the threshold, additional authentication procedures may be initiated. If the parameter does not exceed the threshold, the transaction may be completed without further authentication of the user.
[072] Figure 9 is a flowchart illustrating an example process 900 for a threshold-based authentication procedure for financial transactions according to certain aspects of the present disclosure.
[073] The process 900 starts at state 901 and proceeds to operation 910, in which a processing module in a device identifies a transaction amount associated with an electronic transaction involving an electronic portable transaction device. The transaction amount is a total of all the goods and/or services a user is requesting to purchase during the transaction. The identification may be performed by an electronic portable transaction device, a transaction processing system configured to process financial transactions involving the electronic portable transaction device, or an interface device configured to facilitate communications between the electronic portable transaction device and the transaction processing system. Non-limiting examples of the electronic portable transaction device a smart payment card or a mobile terminal configured for payment transactions. Non-limiting examples of the interface device include a fixed or portable POS terminal, a mobile terminal, and a contract or contactless smart card or smart fob readers.
[074] The process 900 proceeds to operation 920, in which a processing module in the authentication device retrieves a threshold amount from a data storage device. The data storage device can be a memory (e.g., database) at the transaction processing system, a memory in the electronic portable transaction device, or a memory in the interface device. The data storage device may be in the authentication device or in another device in the electronic transaction system. The threshold amount may be a predetermined amount above which biometric authentication is required before the transaction is allowed to be completed.
[075] The process 900 proceeds to operation 930, in which a processing module in the authentication device compares the identified transaction amount and the threshold amount.
[076] The process 900 proceeds to query state 940, in which a processing module in the authentication device determines if the transaction amount matches or exceeds the threshold amount. If the answer to the query is "yes" (i.e., the transaction amount exceeds the threshold), the process 900 proceeds to operation 850, in which the processing module initiates biometric authentication. In various embodiments, the authentication device may include a biometric authentication module, such as the module discussed above with regards to Figure 3, and initiating biometric authentication includes requesting the user to enter biometric data through the biometric sensor. In other embodiments, the biometric authentication module may be included in a device other than the authentication device, and initiating biometric authentication includes sending a request to another device to obtain biometric data through the biometric sensor.
[077] On the other hand, if the answer to the query at the state 940 is "no" (i.e., the transaction amount is less than the threshold amount), the process 900 proceeds to operation 960, in which a processing module in the authentication device allows the transaction to continue without requiring additional biometric authentication. The process 900 ends a state 970. [078] Figure 10 is a flowchart illustrating an example process 1000 for a threshold-based authentication procedure for access control transactions according to certain aspects of the present disclosure. The process 1000 starts at state 1001 and proceeds to operation 101, in which a processing module in a device compares an access permission associated with an electronic portable transaction device and an access security level associated with an access domain. The process 1000 proceeds to query state 1020, in which the device determined if the access security level associated with the access domain is higher than the access permission level associated with the electronic portable transaction device. . If the answer to the query is "yes" (i.e., the access security level exceeds the access permission level), the process 1000 proceeds to operation 1030, in which the processing module initiates biometric authentication. In various embodiments, the device may include a biometric authentication module, such as the module discussed above with regards to Figure 3, and initiating biometric authentication includes requesting the user to enter biometric data through the biometric sensor. In other embodiments, the biometric authentication module may be included in a device other than the device performing the threshold-based authentication procedure, and initiating biometric authentication includes sending a request to the other device to obtain biometric data through the biometric sensor.
[079] On the other hand, if the answer to the query at the state 1020 is "no" (i.e., access security level is less than the access permission level), the process 1000 proceeds to operation 1040, in which a processing module in the device permits access to the access domain without requiring additional biometric authentication. The process 1000 ends a state 1050.
[080] It shall be appreciated by those skilled in the art in view of the present disclosure that there are numerous possible pairs of a requesting device and an authentication device. In the electronic payment system 400 of Figure 4, for example, the requesting device can be one of the interface devices 420A-E and the authentication device can be the corresponding one of the portable transaction devices 410A-E, or vice versa. Alternatively, the requesting device can be one of the portable transaction devices 410A-E and the authentication device can be server(s) 432 at the payment processing system 430, or vice versa. Alternatively, the requesting device can be the server(s) 432 at the payment processing system 430 and the authentication device can Figure 5, the requesting device can be one of the mobile terminals 520A-B and the authentication device can be one of the smart payment cards 510A-B, or vice versa. Alternatively, the requesting device can be one of the mobile terminals 520A-C and the authentication device can be the server(s) 532 at the payment processing system 530, or vice versa. Alternatively, the requesting device can be the server(s) 532 at the payment processing system 530 and the authentication device can be one of the smart payment cards 510A-B, or vice versa.
[081] Figure 1 1 is an example embodiment the access transaction threshold-based authentication procedure of Figure 10 where the authentication device is an electronic portable transaction device. The process 1100 begins at 1101 and proceeds to 1110, where the electronic portable transaction device receives an indication of the access security level from a fixed access control device associated with the access domain. In various embodiments, the fixed access control device may be a smart access card or smart fob reader connected to the locking mechanism of an entry way to a facility or area of a facility, or connected to a computer or computing system. In various embodiments, the fixed access control device may be connected with an access control system and have access to a database of the access control system. The process 1 100 proceeds to operation 1 120, where the access security level and the access permission level are compared to determine if biometric authentication is required. Operations 1 120, 1 130, 1 140, and 1 150 operate in a similar fashion as operations 1010, 120, 1030, and 1040 of Figure 10.
[082] Figure 12 is an example embodiment the access transaction threshold-based authentication procedure of Figure 10 where the authentication device is a fixed access control device. The process 1200 begins at 1201 and proceeds to 1210, where the fixed access control device receives a request to access an access domain from a portable access control device. In various embodiments, the fixed access control device may be a smart access card or smart fob reader connected to the locking mechanism of an entry way to a facility or area of a facility, or connected to a computer or computing system. In various embodiments, the fixed access control device may be connected with an access control system and have access to a database of the access control system. [083] The process 1200 proceeds to operation 1220, where the fixed access control device receives an indication of an access permission level associated with the electronic portable transaction device from the electronic portable transaction device. The access permission level may be stored in a memory within the electronic portable transaction device. The process 1200 proceeds to operations 1230, 1240, 1250, and 1260, which operate in a similar way to operations 1010, 1020, 1030, and 1040 of Figure 10.
[084] It shall be appreciated by those skilled in the art in view of the present disclosure that various described operations of the exemplary processes 900, 1000, 1100, and 1200 may be performed in different orders, optionally skipped, and/or removed.
[085] The description of the technology is provided to enable any person skilled in the art to practice the various embodiments described herein. While the technology has been particularly described with reference to the various figures and embodiments, it should be understood that these are for illustration purposes only and should not be taken as limiting the scope of the various embodiments.
[086] There may be many other ways to implement the various embodiments. Various functions and elements described herein may be partitioned differently from those shown without departing from the spirit and scope of the technology disclosed. Various modifications to these embodiments will be readily apparent to those skilled in the art, and generic principles defined herein may be applied to other embodiments. Thus, many changes and modifications may be made to the various embodiments, by one having ordinary skill in the art, without departing from the spirit and scope of the various embodiments.
[087] A reference to an element in the singular is not intended to mean "one and only one" unless specifically stated, but rather "one or more." The term "some" refers to one or more. Underlined and/or italicized headings and subheadings are used for convenience only, do not limit the scope of the various embodiments, and are not referred to in connection with the interpretation of the description of the embodiment. All structural and functional equivalents to the elements of the various embodiments of the technology described throughout this disclosure that are known or later come to be known to those of ordinary skill in the art are expressly Moreover, nothing disclosed herein is intended to be dedicated to the public regardless of whether such disclosure is explicitly recited in the above description.

Claims

We Claim:
1. A method of selectively initiating biometric authentication in an access control system, comprising:
(a) comparing an access permission level associated with a portable access control device to an access security level associated with an access domain; and
(b) initiating a biometric authentication process if the access security level associated with the access domain is higher than the access permission level associated with the electronic portable transaction device.
2. The method of claim 1 , wherein the portable access control device is a smart card or a mobile terminal.
3. The method of claim 1 , wherein the access permission level comprises a numerical value representing a security clearance level of a plurality of security clearance levels and the access security level comprises a numerical value
representing a security clearance level of the plurality of security clearance levels.
4. The method of claim 1 , wherein the steps (a) and (b) are performed at the portable access control device.
5. The method of claim 4, further comprising receiving an indication of the access security level from a fixed access control device associated with the access domain.
6. The method of claim 4, wherein the step of initiating a biometric authentication comprises requesting a user to enter biometric data via a biometric scanner of the portable access control device.
7. The method of claim 4, wherein the step of initiating a biometric authentication comprises requesting a user to enter biometric data via a biometric scanner coupled to a fixed access control device associated with the access domain.
8. The method of claim 1 , wherein the steps (a) and (b) are performed at a fixed access control device associated with the access domain.
9. The method of claim 8, wherein the access domain is a controlled access point in a facility and the fixed access control device is located at the controlled access point;
10. The method of claim 8, further comprising receiving a request to access the access domain from the portable access control device.
11. The method of claim 8, further comprising receiving an indication of the access permission level from the portable access control device.
12. The method of claim 8, wherein the access control device comprises a biometric scanner and the step of initiating a biometric authentication comprises requesting a user to input biometric data via the biometric scanner of the access control device.
13. The method of claim , wherein the access domain may be one or more of a facility, an area within a facility, a computer, a computer network, or a combination thereof.
14. A portable access control device, comprising:
a processing module configured to execute a program configured to:
(a) receive an indication of an access security level associated with an access domain from a fixed access control device associated with the access domain, and
(b) initiate a biometric authentication process if the access security level associated with the access domain is higher than an access permission level associated with the a memory configured to store the program.
15. The portable access control device of claim 14, wherein the portable access control device is a smart card.
16. The portable access control device of claim 15, wherein the processing module and the memory are part of the smart card.
17. The portable access control device of 16, further comprising a data storage device for storing data indicative of the access permission level, wherein the data storage device is part of the smart card. 8. The portable access control device of 17, wherein the data storage device and the memory comprise the same component. 9. The portable access control device of 15, wherein the smart card further comprises a set of contact pads configured to engage with a set of contact pads at the fixed access control device.
20. The portable access control device of claim 15, wherein the smart card further comprises a biometric authentication module.
21. The portable access control device of claim 14, wherein the portable access control device comprises a transceiver configured to engage in wireless data
communication with the fixed access control device.
22. The portable access control device of claim 14, wherein the portable access control device further comprises a biometric authentication module.
23. The portable access control device of claim 14, wherein the fixed access control permission level associated with the portable access control device, and the processing module is further configured to receive an indication of the access permission level.
24. A fixed access control device comprising:
a processing module configured to execute a program configured to:
(a) receive an indication of an access permission level associated with a portable access control device, and
(b) initiate a biometric authentication process if the access permission level associated with the portable transaction device is higher than an access security level associated with an access domain; and ,
a memory configured to store the program.
25. A method of selectively initiating biometric authentication for financial
transactions, comprising:
(a) identifying a transaction amount associated with an electronic transaction involving an electronic portable transaction device;
(b) comparing the transaction amount and a threshold amount; and
(c) initiating a biometric authentication process if the transaction amount exceeds the threshold amount.
26. The method of claim 25, wherein the electronic portable transaction device is a smart card or a mobile terminal.
27. The method of claim 25, wherein the steps (a)-(c) are performed at the electronic portable transaction device.
28. The method of claim 27, wherein initiating a biometric authentication comprises requesting a user to enter biometric data via a biometric scanner of the electronic portable transaction device.
29. The method of claim 27, wherein initiating a biometric authentication comprises requesting biometric data associated with a user from an interface device for facilitating communication between the electronic portable transaction device and a payment processing system, wherein the interface device comprises a biometric scanner.
30. The method of claim 25, wherein the steps (a)-(c) are performed at a payment processing system.
31. The method of claim 30, further comprising receiving a request to conduct an electronic financial transaction.
32. The method of claim 25, wherein the steps (a)-(c) are performed at an interface device for facilitating communication between the electronic portable transaction device and a payment processing system.
33. The method of claim 32, wherein the electronic portable transaction device comprises a biometric scanner, and initiating a biometric authentication comprises requesting biometric data associated with a user from the electronic portable transaction device.
34. The method of claim 32, wherein the interface device comprises a biometric scanner and initiating a biometric authentication comprises requesting a user to input biometric data via the biometric scanner.
35. The method of claim 25, wherein a data storage device is located at the electronic portable transaction device, at a payment processing system, or at an interface device for facilitating communication between the electronic portable
transaction device and a payment processing system.
36. A device for selectively initiating biometric authentication for financial a processing module, configured to execute a program configured to:
(a) identify a transaction amount associated with an electronic transaction involving an electronic portable transaction device,
(b) compare the transaction amount and a threshold amount, and
(c) initiate a biometric authentication process if the transaction amount exceeds the threshold amount; and
a memory configured to store the program.
37. The device of claim 36, wherein the electronic portable transaction device is a smart card comprising the processing module and the memory.
38. The device of claim 36, wherein a data storage device is part of the smart card, and the data storage device is configured to store the threshold amount.
39. The device of claim 38, wherein the data storage device and the memory comprise the same component.
40. The device of claim 36, wherein the smart card further comprises a set of contact pads configured to engage with a set of contact pads at an interface device for facilitating communication between the electronic portable transaction device and a payment processing system.
41. The device of claim 36 wherein the smart card further comprises a biometric authentication module.
42. The device of claim 35, wherein the electronic portable transaction device comprises a transceiver configured to engage in wireless data communication with an interface device for facilitating communication between the electronic portable
transaction device and a payment processing system.
43. The device of claim 42, wherein the electronic portable transaction device further comprises the processing module and the memory.
44. The device of claim 42, wherein the electronic portable transaction device further comprises a biometric authentication module.
45. The device of claim 36, wherein the threshold amount is stored in a data storage device located at the interface device, and the processing module is further configured to retrieve the threshold amount from the data storage device.
46. The device of claim 36, wherein the threshold amount is stored in a data storage device located at the payment processing system, and the processing module is further configured to retrieve the threshold amount from the data storage device.
EP16767815.0A 2015-03-20 2016-03-18 System and method for selectively initiating biometric authentication for enhanced security of transactions Withdrawn EP3271854A4 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/664,573 US10229408B2 (en) 2015-01-14 2015-03-20 System and method for selectively initiating biometric authentication for enhanced security of access control transactions
US14/664,429 US10275768B2 (en) 2015-01-14 2015-03-20 System and method for selectively initiating biometric authentication for enhanced security of financial transactions
PCT/IB2016/000324 WO2016151386A2 (en) 2015-03-20 2016-03-18 System and method for selectively initiating biometric authentication for enhanced security of transactions

Publications (2)

Publication Number Publication Date
EP3271854A2 true EP3271854A2 (en) 2018-01-24
EP3271854A4 EP3271854A4 (en) 2018-08-08

Family

ID=56979291

Family Applications (1)

Application Number Title Priority Date Filing Date
EP16767815.0A Withdrawn EP3271854A4 (en) 2015-03-20 2016-03-18 System and method for selectively initiating biometric authentication for enhanced security of transactions

Country Status (2)

Country Link
EP (1) EP3271854A4 (en)
WO (1) WO2016151386A2 (en)

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0288859A (en) * 1988-09-26 1990-03-29 Hitachi Maxell Ltd Systematized control for entering or leaving room with ic card
US5796832A (en) * 1995-11-13 1998-08-18 Transaction Technology, Inc. Wireless transaction and information system
US6968453B2 (en) * 2001-01-17 2005-11-22 International Business Machines Corporation Secure integrated device with secure, dynamically-selectable capabilities
US7270265B2 (en) * 2001-07-06 2007-09-18 France Telecom Process for managing an electronic transaction by chip card terminal and chip card implementing this process
JP4313171B2 (en) * 2003-12-09 2009-08-12 株式会社日立製作所 Authentication control apparatus and authentication control method
JP2007048118A (en) * 2005-08-11 2007-02-22 Oki Electric Ind Co Ltd Automatic teller machine and automatic transaction system
US20100161488A1 (en) * 2008-12-22 2010-06-24 Paul Michael Evans Methods and systems for biometric verification

Also Published As

Publication number Publication date
EP3271854A4 (en) 2018-08-08
WO2016151386A3 (en) 2016-11-24
WO2016151386A2 (en) 2016-09-29

Similar Documents

Publication Publication Date Title
US10275768B2 (en) System and method for selectively initiating biometric authentication for enhanced security of financial transactions
US10715520B2 (en) Systems and methods for decentralized biometric enrollment
US20160203478A1 (en) System and method for comparing electronic transaction records for enhanced security
US10706136B2 (en) Authentication-activated augmented reality display device
US20230130755A1 (en) Biometric transaction system
US11068894B2 (en) Systems and methods for tokenless authentication of consumers during payment transactions
US11824642B2 (en) Systems and methods for provisioning biometric image templates to devices for use in user authentication
US20220122051A1 (en) Method and system for securing transactions in a point of sale
US20180225669A1 (en) Financial transaction relay system having multi-safety lock function of processing user authentication by scanning both finger pulse and fingerprint, and processing method therefore
CN104769622A (en) Method for authentication using biometric data for mobile device e-commerce transactions
CN109426963B (en) Biometric system for authenticating biometric requests
US20160012408A1 (en) Cloud-based mobile payment system
US20170186014A1 (en) Method and system for cross-authorisation of a financial transaction made from a joint account
US20170169424A1 (en) Delegation of transactions
US10395227B2 (en) System and method for reconciling electronic transaction records for enhanced security
US20160203492A1 (en) System and method for requesting reconciliation of electronic transaction records for enhanced security
WO2016113630A1 (en) System and method for requesting reconciliation of electronic transaction records for enhanced security
EP3271854A2 (en) System and method for selectively initiating biometric authentication for enhanced security of transactions
EP3332370A1 (en) Systems and methods for interaction authentication using dynamic wireless beacon devices
EP3248129A1 (en) Biometric device utilizing finger sequence for authentication
TWM571549U (en) System for verifying online banking services by using mobile devices in combination with inductive financial cards

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20171020

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20180705

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/32 20060101ALI20180629BHEP

Ipc: G06Q 20/32 20120101ALI20180629BHEP

Ipc: G06F 21/32 20130101AFI20180629BHEP

Ipc: G06F 21/34 20130101ALI20180629BHEP

Ipc: G07F 7/08 20060101ALI20180629BHEP

Ipc: G06Q 20/20 20120101ALI20180629BHEP

Ipc: G06Q 20/40 20120101ALI20180629BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20201001