GB2399668A - Remotely authenticating and logging a transaction - Google Patents
Remotely authenticating and logging a transaction Download PDFInfo
- Publication number
- GB2399668A GB2399668A GB0403599A GB0403599A GB2399668A GB 2399668 A GB2399668 A GB 2399668A GB 0403599 A GB0403599 A GB 0403599A GB 0403599 A GB0403599 A GB 0403599A GB 2399668 A GB2399668 A GB 2399668A
- Authority
- GB
- United Kingdom
- Prior art keywords
- logging
- transaction
- remotely authenticating
- user
- web page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/38—Individual registration on entry or exit not involving the use of a pass with central registration
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Human Computer Interaction (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Apparatus for remotely authenticating and logging a transaction has an operating system including control software, memory 3 and a webserver having at least one web page loaded thereon. A bimoetric sensor 7 records biometric information of the user on the memory and this newly recorded information is compared against pre-recorded secure biometric information stored on the memory for authentication. The control software transfers input data from the memory to the web page and logs it thereon in response to user authentication.
Description
AN APPARATUS FOR REMOTELY AUTHENTICATING
AND LOGGING A TRANSACTION
s The present invention relates to an apparatus for remotely authenticating and logging a transaction and in particular to an apparatus for remotely authenticating and logging a financial transaction.
It is a common occurrence for financial institutions to authorise financial transactions such as the purchase of a large quantity of shares solely on the basis of a facsimile reproduction of the signature of a third party sending the purchase order by fax. This is clearly an unsecure procedure for performing large volume/value financial transactions because the financial institute does not see and has no way of verifying the identity of the third party. The system is prone to fraudulent purchases by non-identified third parties using copies of signatures which have been obtained deceptively.
There are other situations such as card-not-present credit card transactions occurring during on-line purchasing, e-commerce and TV based buying where a simple system of remotely authenticating the third party sending the purchase order would be a major benefit in the fight against fraudulent financial transactions.
It is an object of the present invention to obviate or mitigate the problems associated with fraudulent financial transactions where the person sending the purchase order is not physically present at the point of sale or financial institution.
Accordingly, the present invention provides an apparatus for remotely authenticating and logging a transaction, the apparatus comprising an operating system including control software, memory and a webserver having at least one web page loaded thereon, the apparatus having 2s user interface means allowing a user to input data to the memory, a biometric sensor for recording biometric information of the user onto the memory, the control software comparing this newly recorded biometric information against pre-recorded secure biometric information pre- recorded on the memory of the apparatus for user authentication, the control software transferring the input data from the memory to the web page and logging it thereon in response to user authentication.
Preferably, the apparatus has an ethernet interface allowing predetemmined third parties to access the web page.
s Ideally, the operating system is embedded.
Preferably, the or each web page is a dynamic HTML web page.
Ideally, the apparatus has serial, parallel and USB (Universal Serial Bus) ports.
Ideally, the user interface means comprises a keypad and a LCD screen.
Preferably, the biometric sensor is selected from a group consisting of a fingerprint scanner, a retina scanner, a skin chemistry sensor, a voice recognition sensor, a face recognition sensor and a hand geometry recognition sensor.
Ideally, the authentic user of the apparatus is enrolled at a financial institution or card issuing authority in order to securely record the finger print data or other biometric signature of the user on the apparatus. This allows the financial institution or card-issuing authority to be satisfied that 1S the person who is using the apparatus remotely and the person who they enrolled are one and the same person.
Preferably, the initially authenticated biometric information of the user is recorded on non-volatile memory.
Ideally, the ethernet interface is a 10/100 interface permitting the apparatus to be connected to the Internet.
Preferably, an audio device is provided on the apparatus to deliver instructions to the user.
Ideally, the audio device is a piezo-electric based device.
Preferably, the operating system is running on an embedded ethernetnetworked 2s microcontroller application.
Ideally, the Linux operating system is used in conjunction with u cLinux patches.
Preferably, the web page is text based. The text based web page is created on the embedded operating system and the page will provide a record of transaction entries, time and date of entry, transaction details and any user messages to the predetermined third parties such as financial institutions.
Ideally, a power supply is integrated into the apparatus.
Preferably, the apparatus has an Uninterruptable Power Supply (UPS) ensuring the integrity of the stored data and ensuring access to the apparatus at all times.
Ideally, the authenticated input data entered into the web page is also substantially immediately transferred onto a secure server via the web via a software module incorporated to initiate an Intemet connection and transmit the text of input data to a secure server on receipt of user authentication and receipt of the message on the web page. This means that any authenticated purchase orders from a user are accessible by the predetermined third parties from the secure server, even in the event of an apparatus power failure.
Preferably, the apparatus is portable.
Preferably, the keypad is an integrated QWERTY keypad.
Preferably, an audio device is provided on the portable device. This device is used to prompt the user to supply biometric information for example.
Advantageously, the cLinux patches allow the Linux operating system to be used with a processor without a Memory Management Unit (MMU). Many embedded applications have no disk and limited memory so complex memory management is not required.
Preferably, the HTML web page on the embedded operating system is accessible via the ethernet interface of the apparatus using a standard P. C. which is on-line and has web browser software installed thereon.
Ideally, the web page is displayed on the standard P. C. as a list of events such as transactions, dates, etc. with a hyperlink to the text body of the remote user's message.
Preferably, the LCD screen is capable of displaying alphanumeric characters and graphicsAogos. The screen is of sufficient size to permit on-screen editing and entry of messages and the screen has a clear backlit display.
Ideally, suitable fingerprint scanners manufactured by Fujitsu and Infineon are used and s a fingerprint recognition algorithm provided by Acter Biolib is used. The Biolib module has been optimised for running on embedded applications.
The invention will now be described with reference to the accompanying drawings, which show by way of example only, one embodiment of apparatus for remotely authenticating and logging a transaction in accordance with the invention. In the drawings: o Fig. 1 is a schematic drawing of the apparatus; Fig. 2 is a top plan view of the apparatus; Fig. 3 is a rear end view of the apparatus of Fig. 2; and Fig. 4 is a schematic representation of a system for financial transactions using the apparatus.
Referring to the drawings and initially to Figs. 1 to 3, there is shown an apparatus for remotely authenticating and logging a transaction indicated generally by the reference numeral 1. The apparatus 1 comprises a processor 2 in communication with a non volatile memory 3, a speaker 4, a keypad 5, an LCD screen 6, a finger print scanner 7 and an ethernet access port 8 in the form of a RJ45 socket. The apparatus 1 has an integrally formed power supply 9. The casing 10 of the apparatus 1 had a red L.E.D. 11 and a green L.E.D. 12 which indicates that identification has been authenticated (green) or has been refused (red). Referring to Fig. 3, a Universal Serial Bus (U.S.B.) port 14 and a socket 21 for an external power supply are shown incorporated into the apparatus 1. The Linux operating system is modified for use on the processor 2 in order to facilitate operation of the system without a memory management unit 2s and the operating system has web server software running thereon providing access to the text based HTML embedded web pages.
In use, a person plugs the apparatus 1 into a personal computer, laptop or other similar device via the USE port 14. A text message is typed into the apparatus 1 via the keypad 5 and it is displayed on the LCD screen 6 so that the person can verify the accuracy of the message.
When the user submits the message to the memory of the apparatus 1, they are prompted to s supply their fingerprint information for user authentication by locating it on the finger print sensor / scanner 7. The processor 2 reads the user's fingerprint information and the software running on the processor 2 compares the information just received from the scanner 7 against securely recorded fingerprint information which was taken during enrolment of the or each user. If the recently received information matches the initially recorded biometric information, then the lo processor 2 powers the green L.E.D. and transfers the text message from the memory of the apparatus 1 to the embedded web page. The web page provides a record of transaction entries, time and date of entry, transaction details and the user's message. When one message has been logged, the processor 2 will require further biometric authentication before another message can be logged. Referring now to figure 4, a worker in a financial institution can periodically access the web 23 from a personal computer 22 and more specifically access the web page 24 on the embedded operating system of the apparatus 1. (This means that the apparatus needs to be connected to the web all the times or at predetermined times). The worker can access all authenticated purchase orders which are saved on the web page 24 on the embedded operating system of the apparatus 1 and process the transaction in the knowledge that it is a valid transaction request.
Variations and modifications can be made without departing from the scope of the invention as defined in the appended claims.
Claims (20)
1. An apparatus for remotely authenticating and logging a transaction, the apparatus comprising an operating system including control software, memory and a webserver s having at least one web page loaded thereon, the apparatus having user interface means allowing a user to input data to the memory, a biometric sensor for recording biometric information of the user onto the memory, the control software comparing this newly recorded biometric information against pre-recorded secure biometric information pre-recorded on the memory of the apparatus for user authentication, the control lo software transferring the input data from the memory to the web page and logging it thereon in response to user authentication.
2. An apparatus as claimed in Claim 1, wherein the apparatus has an ethernet interface allowing predetermined third parties to access the web page.
3. An apparatus as claimed in Claim 1 or Claim 2, wherein the operating system is embedded.
4. An apparatus as claimed in any one of the preceding claims, wherein the or each web page is a dynamic HTML web page.
5. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the apparatus has serial, parallel and USE (Universal Serial Bus) ports. 2s
6. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the user interface means comprises a keypad and an LCD screen.
7. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the biometric sensor is selected from a group consisting of a fingerprint scanner, a retina scanner, a skin chemistry sensor, a voice recognition sensor, a face recognition sensor and a hand geometry recognition sensor.
lo
8. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the authentic user of the apparatus is enrolled at a financial institution or card issuing authority in order to securely record the finger print data or other biometric signature of the user on the apparatus.
9. An apparatus for remotely authenticating and logging a transaction as claimed in Claim 8, wherein the initially authenticated biometric information of the user is recorded on non-volatile memory.
10. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the ethernet interface is a 10/100 interface permitting the apparatus to be connected to the Internet.
11. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein an audio device is provided on the apparatus to deliver instructions to the user.
12. An apparatus for remotely authenticating and logging a transaction as claimed in Claim 11, wherein the audio device is a piezo-electric based device.
13. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the operating system is running on an embedded ethemet-networked microcontroller application.
14. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the Linux operating system is used in conjunction lo with u cLinux patches.
15. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the web page is text based.
16. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein a power supply is integrated into the apparatus.
17. An apparatus for remotely authenticating and logging a transaction as claimed in Claim 16, wherein the apparatus has an Uninterruptable Power Supply (UPS) ensuring the integrity of the stored data and ensuring access to the apparatus at all times.
18. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding Claims, wherein the authenticated input data entered into the web page is also substantially immediately transferred onto a secure server via the web via a software module incorporated to initiate an Intemet connection and transmit the text of input data to a secure server on receipt of user authentication and receipt of the message on the web page.
19. An apparatus for remotely authenticating and logging a transaction as claimed in any s one of the preceding claims, wherein the apparatus is portable.
20. An apparatus for remotely authenticating and logging a transaction substantially as hereinbefore described with reference to and as shown in the accompanying drawings.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB0303702.5A GB0303702D0 (en) | 2003-02-18 | 2003-02-18 | Transactor |
Publications (2)
Publication Number | Publication Date |
---|---|
GB0403599D0 GB0403599D0 (en) | 2004-03-24 |
GB2399668A true GB2399668A (en) | 2004-09-22 |
Family
ID=9953227
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB0303702.5A Ceased GB0303702D0 (en) | 2003-02-18 | 2003-02-18 | Transactor |
GB0403599A Withdrawn GB2399668A (en) | 2003-02-18 | 2004-02-18 | Remotely authenticating and logging a transaction |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB0303702.5A Ceased GB0303702D0 (en) | 2003-02-18 | 2003-02-18 | Transactor |
Country Status (1)
Country | Link |
---|---|
GB (2) | GB0303702D0 (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998057247A1 (en) * | 1997-06-09 | 1998-12-17 | Koninklijke Philips Electronics N.V. | Web-based, biometric authentication system and method |
WO2000042577A1 (en) * | 1999-01-18 | 2000-07-20 | Iridian Technologies, Inc. | Method and apparatus for securely transmitting and authenticating biometric data over a network |
GB2346239A (en) * | 1999-01-26 | 2000-08-02 | Ibm | Card security and Web sites |
WO2001050428A1 (en) * | 2000-01-05 | 2001-07-12 | Colin Mitchell | Method and apparatus for authenticating financial transactions |
EP1158467A2 (en) * | 2000-05-26 | 2001-11-28 | Biocentric Solutions, Inc. | Integrating biometric devices in time and attendance applications |
WO2002006924A2 (en) * | 2000-07-18 | 2002-01-24 | Bitarts Limited | Transaction verification |
US20020062291A1 (en) * | 2000-03-26 | 2002-05-23 | Ron Zoka | Touch scan internet credit card verification purchase process |
WO2004001562A2 (en) * | 2001-12-20 | 2003-12-31 | Stevens Lawrence A | Systems and methods for storage of user information and for verifying user identity |
GB2391992A (en) * | 2002-08-12 | 2004-02-18 | Domain Dynamics Ltd | Method of authentication |
-
2003
- 2003-02-18 GB GBGB0303702.5A patent/GB0303702D0/en not_active Ceased
-
2004
- 2004-02-18 GB GB0403599A patent/GB2399668A/en not_active Withdrawn
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998057247A1 (en) * | 1997-06-09 | 1998-12-17 | Koninklijke Philips Electronics N.V. | Web-based, biometric authentication system and method |
WO2000042577A1 (en) * | 1999-01-18 | 2000-07-20 | Iridian Technologies, Inc. | Method and apparatus for securely transmitting and authenticating biometric data over a network |
GB2346239A (en) * | 1999-01-26 | 2000-08-02 | Ibm | Card security and Web sites |
WO2001050428A1 (en) * | 2000-01-05 | 2001-07-12 | Colin Mitchell | Method and apparatus for authenticating financial transactions |
US20020062291A1 (en) * | 2000-03-26 | 2002-05-23 | Ron Zoka | Touch scan internet credit card verification purchase process |
EP1158467A2 (en) * | 2000-05-26 | 2001-11-28 | Biocentric Solutions, Inc. | Integrating biometric devices in time and attendance applications |
WO2002006924A2 (en) * | 2000-07-18 | 2002-01-24 | Bitarts Limited | Transaction verification |
WO2004001562A2 (en) * | 2001-12-20 | 2003-12-31 | Stevens Lawrence A | Systems and methods for storage of user information and for verifying user identity |
GB2391992A (en) * | 2002-08-12 | 2004-02-18 | Domain Dynamics Ltd | Method of authentication |
Also Published As
Publication number | Publication date |
---|---|
GB0403599D0 (en) | 2004-03-24 |
GB0303702D0 (en) | 2003-03-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7107454B2 (en) | Signature system presenting user signature information | |
US6122737A (en) | Method for using fingerprints to distribute information over a network | |
US6594759B1 (en) | Authorization firmware for conducting transactions with an electronic transaction system and methods therefor | |
US7155416B2 (en) | Biometric based authentication system with random generated PIN | |
US20020095389A1 (en) | Method, apparatus and system for identity authentication | |
US20170103196A1 (en) | System and method for sharing of data securely between electronic devices | |
US20120032782A1 (en) | System for restricted biometric access for a secure global online and electronic environment | |
US20020153424A1 (en) | Method and apparatus of secure credit card transaction | |
US20100258625A1 (en) | Dynamic Card Verification Values and Credit Transactions | |
KR100745625B1 (en) | Biometric authentication apparatus, terminal device and automatic transaction machine | |
WO2006120365A1 (en) | Secure transactions using a personal computer | |
WO2002012983A2 (en) | Method and apparatus for secure identification for networked environments | |
CN106688004A (en) | Transaction authentication method, device, mobile terminal, POS terminal and server | |
US20060213970A1 (en) | Smart authenticating card | |
JP4911595B2 (en) | Identification device, identification system and identification method | |
JP2001351047A (en) | Method for authenticating person | |
JP2002312326A (en) | Multiple authentication method using electronic device with usb interface | |
JP2007528035A (en) | Smart card for storing invisible signatures | |
GB2399668A (en) | Remotely authenticating and logging a transaction | |
JP7573455B2 (en) | Authentication device and authentication method | |
Srivastava | Is internet security a major issue with respect to the slow acceptance rate of digital signatures? | |
KR20170118382A (en) | System and method for electronically managing certificate of real name confirmation | |
TWI860076B (en) | Coded credit card information security and verification system and method using the same | |
KR100485137B1 (en) | Authentication system and method using note sign and smart card | |
KR20060043953A (en) | Access method for electronic certificate stored in storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |