GB2399668A - Remotely authenticating and logging a transaction - Google Patents

Remotely authenticating and logging a transaction Download PDF

Info

Publication number
GB2399668A
GB2399668A GB0403599A GB0403599A GB2399668A GB 2399668 A GB2399668 A GB 2399668A GB 0403599 A GB0403599 A GB 0403599A GB 0403599 A GB0403599 A GB 0403599A GB 2399668 A GB2399668 A GB 2399668A
Authority
GB
United Kingdom
Prior art keywords
logging
transaction
remotely authenticating
user
web page
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0403599A
Other versions
GB0403599D0 (en
Inventor
Archie Mcintosh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GAZER TECHNOLOGIES Ltd
Original Assignee
GAZER TECHNOLOGIES Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GAZER TECHNOLOGIES Ltd filed Critical GAZER TECHNOLOGIES Ltd
Publication of GB0403599D0 publication Critical patent/GB0403599D0/en
Publication of GB2399668A publication Critical patent/GB2399668A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/38Individual registration on entry or exit not involving the use of a pass with central registration

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Apparatus for remotely authenticating and logging a transaction has an operating system including control software, memory 3 and a webserver having at least one web page loaded thereon. A bimoetric sensor 7 records biometric information of the user on the memory and this newly recorded information is compared against pre-recorded secure biometric information stored on the memory for authentication. The control software transfers input data from the memory to the web page and logs it thereon in response to user authentication.

Description

AN APPARATUS FOR REMOTELY AUTHENTICATING
AND LOGGING A TRANSACTION
s The present invention relates to an apparatus for remotely authenticating and logging a transaction and in particular to an apparatus for remotely authenticating and logging a financial transaction.
It is a common occurrence for financial institutions to authorise financial transactions such as the purchase of a large quantity of shares solely on the basis of a facsimile reproduction of the signature of a third party sending the purchase order by fax. This is clearly an unsecure procedure for performing large volume/value financial transactions because the financial institute does not see and has no way of verifying the identity of the third party. The system is prone to fraudulent purchases by non-identified third parties using copies of signatures which have been obtained deceptively.
There are other situations such as card-not-present credit card transactions occurring during on-line purchasing, e-commerce and TV based buying where a simple system of remotely authenticating the third party sending the purchase order would be a major benefit in the fight against fraudulent financial transactions.
It is an object of the present invention to obviate or mitigate the problems associated with fraudulent financial transactions where the person sending the purchase order is not physically present at the point of sale or financial institution.
Accordingly, the present invention provides an apparatus for remotely authenticating and logging a transaction, the apparatus comprising an operating system including control software, memory and a webserver having at least one web page loaded thereon, the apparatus having 2s user interface means allowing a user to input data to the memory, a biometric sensor for recording biometric information of the user onto the memory, the control software comparing this newly recorded biometric information against pre-recorded secure biometric information pre- recorded on the memory of the apparatus for user authentication, the control software transferring the input data from the memory to the web page and logging it thereon in response to user authentication.
Preferably, the apparatus has an ethernet interface allowing predetemmined third parties to access the web page.
s Ideally, the operating system is embedded.
Preferably, the or each web page is a dynamic HTML web page.
Ideally, the apparatus has serial, parallel and USB (Universal Serial Bus) ports.
Ideally, the user interface means comprises a keypad and a LCD screen.
Preferably, the biometric sensor is selected from a group consisting of a fingerprint scanner, a retina scanner, a skin chemistry sensor, a voice recognition sensor, a face recognition sensor and a hand geometry recognition sensor.
Ideally, the authentic user of the apparatus is enrolled at a financial institution or card issuing authority in order to securely record the finger print data or other biometric signature of the user on the apparatus. This allows the financial institution or card-issuing authority to be satisfied that 1S the person who is using the apparatus remotely and the person who they enrolled are one and the same person.
Preferably, the initially authenticated biometric information of the user is recorded on non-volatile memory.
Ideally, the ethernet interface is a 10/100 interface permitting the apparatus to be connected to the Internet.
Preferably, an audio device is provided on the apparatus to deliver instructions to the user.
Ideally, the audio device is a piezo-electric based device.
Preferably, the operating system is running on an embedded ethernetnetworked 2s microcontroller application.
Ideally, the Linux operating system is used in conjunction with u cLinux patches.
Preferably, the web page is text based. The text based web page is created on the embedded operating system and the page will provide a record of transaction entries, time and date of entry, transaction details and any user messages to the predetermined third parties such as financial institutions.
Ideally, a power supply is integrated into the apparatus.
Preferably, the apparatus has an Uninterruptable Power Supply (UPS) ensuring the integrity of the stored data and ensuring access to the apparatus at all times.
Ideally, the authenticated input data entered into the web page is also substantially immediately transferred onto a secure server via the web via a software module incorporated to initiate an Intemet connection and transmit the text of input data to a secure server on receipt of user authentication and receipt of the message on the web page. This means that any authenticated purchase orders from a user are accessible by the predetermined third parties from the secure server, even in the event of an apparatus power failure.
Preferably, the apparatus is portable.
Preferably, the keypad is an integrated QWERTY keypad.
Preferably, an audio device is provided on the portable device. This device is used to prompt the user to supply biometric information for example.
Advantageously, the cLinux patches allow the Linux operating system to be used with a processor without a Memory Management Unit (MMU). Many embedded applications have no disk and limited memory so complex memory management is not required.
Preferably, the HTML web page on the embedded operating system is accessible via the ethernet interface of the apparatus using a standard P. C. which is on-line and has web browser software installed thereon.
Ideally, the web page is displayed on the standard P. C. as a list of events such as transactions, dates, etc. with a hyperlink to the text body of the remote user's message.
Preferably, the LCD screen is capable of displaying alphanumeric characters and graphicsAogos. The screen is of sufficient size to permit on-screen editing and entry of messages and the screen has a clear backlit display.
Ideally, suitable fingerprint scanners manufactured by Fujitsu and Infineon are used and s a fingerprint recognition algorithm provided by Acter Biolib is used. The Biolib module has been optimised for running on embedded applications.
The invention will now be described with reference to the accompanying drawings, which show by way of example only, one embodiment of apparatus for remotely authenticating and logging a transaction in accordance with the invention. In the drawings: o Fig. 1 is a schematic drawing of the apparatus; Fig. 2 is a top plan view of the apparatus; Fig. 3 is a rear end view of the apparatus of Fig. 2; and Fig. 4 is a schematic representation of a system for financial transactions using the apparatus.
Referring to the drawings and initially to Figs. 1 to 3, there is shown an apparatus for remotely authenticating and logging a transaction indicated generally by the reference numeral 1. The apparatus 1 comprises a processor 2 in communication with a non volatile memory 3, a speaker 4, a keypad 5, an LCD screen 6, a finger print scanner 7 and an ethernet access port 8 in the form of a RJ45 socket. The apparatus 1 has an integrally formed power supply 9. The casing 10 of the apparatus 1 had a red L.E.D. 11 and a green L.E.D. 12 which indicates that identification has been authenticated (green) or has been refused (red). Referring to Fig. 3, a Universal Serial Bus (U.S.B.) port 14 and a socket 21 for an external power supply are shown incorporated into the apparatus 1. The Linux operating system is modified for use on the processor 2 in order to facilitate operation of the system without a memory management unit 2s and the operating system has web server software running thereon providing access to the text based HTML embedded web pages.
In use, a person plugs the apparatus 1 into a personal computer, laptop or other similar device via the USE port 14. A text message is typed into the apparatus 1 via the keypad 5 and it is displayed on the LCD screen 6 so that the person can verify the accuracy of the message.
When the user submits the message to the memory of the apparatus 1, they are prompted to s supply their fingerprint information for user authentication by locating it on the finger print sensor / scanner 7. The processor 2 reads the user's fingerprint information and the software running on the processor 2 compares the information just received from the scanner 7 against securely recorded fingerprint information which was taken during enrolment of the or each user. If the recently received information matches the initially recorded biometric information, then the lo processor 2 powers the green L.E.D. and transfers the text message from the memory of the apparatus 1 to the embedded web page. The web page provides a record of transaction entries, time and date of entry, transaction details and the user's message. When one message has been logged, the processor 2 will require further biometric authentication before another message can be logged. Referring now to figure 4, a worker in a financial institution can periodically access the web 23 from a personal computer 22 and more specifically access the web page 24 on the embedded operating system of the apparatus 1. (This means that the apparatus needs to be connected to the web all the times or at predetermined times). The worker can access all authenticated purchase orders which are saved on the web page 24 on the embedded operating system of the apparatus 1 and process the transaction in the knowledge that it is a valid transaction request.
Variations and modifications can be made without departing from the scope of the invention as defined in the appended claims.

Claims (20)

1. An apparatus for remotely authenticating and logging a transaction, the apparatus comprising an operating system including control software, memory and a webserver s having at least one web page loaded thereon, the apparatus having user interface means allowing a user to input data to the memory, a biometric sensor for recording biometric information of the user onto the memory, the control software comparing this newly recorded biometric information against pre-recorded secure biometric information pre-recorded on the memory of the apparatus for user authentication, the control lo software transferring the input data from the memory to the web page and logging it thereon in response to user authentication.
2. An apparatus as claimed in Claim 1, wherein the apparatus has an ethernet interface allowing predetermined third parties to access the web page.
3. An apparatus as claimed in Claim 1 or Claim 2, wherein the operating system is embedded.
4. An apparatus as claimed in any one of the preceding claims, wherein the or each web page is a dynamic HTML web page.
5. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the apparatus has serial, parallel and USE (Universal Serial Bus) ports. 2s
6. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the user interface means comprises a keypad and an LCD screen.
7. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the biometric sensor is selected from a group consisting of a fingerprint scanner, a retina scanner, a skin chemistry sensor, a voice recognition sensor, a face recognition sensor and a hand geometry recognition sensor.
lo
8. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the authentic user of the apparatus is enrolled at a financial institution or card issuing authority in order to securely record the finger print data or other biometric signature of the user on the apparatus.
9. An apparatus for remotely authenticating and logging a transaction as claimed in Claim 8, wherein the initially authenticated biometric information of the user is recorded on non-volatile memory.
10. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the ethernet interface is a 10/100 interface permitting the apparatus to be connected to the Internet.
11. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein an audio device is provided on the apparatus to deliver instructions to the user.
12. An apparatus for remotely authenticating and logging a transaction as claimed in Claim 11, wherein the audio device is a piezo-electric based device.
13. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the operating system is running on an embedded ethemet-networked microcontroller application.
14. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the Linux operating system is used in conjunction lo with u cLinux patches.
15. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein the web page is text based.
16. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding claims, wherein a power supply is integrated into the apparatus.
17. An apparatus for remotely authenticating and logging a transaction as claimed in Claim 16, wherein the apparatus has an Uninterruptable Power Supply (UPS) ensuring the integrity of the stored data and ensuring access to the apparatus at all times.
18. An apparatus for remotely authenticating and logging a transaction as claimed in any one of the preceding Claims, wherein the authenticated input data entered into the web page is also substantially immediately transferred onto a secure server via the web via a software module incorporated to initiate an Intemet connection and transmit the text of input data to a secure server on receipt of user authentication and receipt of the message on the web page.
19. An apparatus for remotely authenticating and logging a transaction as claimed in any s one of the preceding claims, wherein the apparatus is portable.
20. An apparatus for remotely authenticating and logging a transaction substantially as hereinbefore described with reference to and as shown in the accompanying drawings.
GB0403599A 2003-02-18 2004-02-18 Remotely authenticating and logging a transaction Withdrawn GB2399668A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GBGB0303702.5A GB0303702D0 (en) 2003-02-18 2003-02-18 Transactor

Publications (2)

Publication Number Publication Date
GB0403599D0 GB0403599D0 (en) 2004-03-24
GB2399668A true GB2399668A (en) 2004-09-22

Family

ID=9953227

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB0303702.5A Ceased GB0303702D0 (en) 2003-02-18 2003-02-18 Transactor
GB0403599A Withdrawn GB2399668A (en) 2003-02-18 2004-02-18 Remotely authenticating and logging a transaction

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB0303702.5A Ceased GB0303702D0 (en) 2003-02-18 2003-02-18 Transactor

Country Status (1)

Country Link
GB (2) GB0303702D0 (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998057247A1 (en) * 1997-06-09 1998-12-17 Koninklijke Philips Electronics N.V. Web-based, biometric authentication system and method
WO2000042577A1 (en) * 1999-01-18 2000-07-20 Iridian Technologies, Inc. Method and apparatus for securely transmitting and authenticating biometric data over a network
GB2346239A (en) * 1999-01-26 2000-08-02 Ibm Card security and Web sites
WO2001050428A1 (en) * 2000-01-05 2001-07-12 Colin Mitchell Method and apparatus for authenticating financial transactions
EP1158467A2 (en) * 2000-05-26 2001-11-28 Biocentric Solutions, Inc. Integrating biometric devices in time and attendance applications
WO2002006924A2 (en) * 2000-07-18 2002-01-24 Bitarts Limited Transaction verification
US20020062291A1 (en) * 2000-03-26 2002-05-23 Ron Zoka Touch scan internet credit card verification purchase process
WO2004001562A2 (en) * 2001-12-20 2003-12-31 Stevens Lawrence A Systems and methods for storage of user information and for verifying user identity
GB2391992A (en) * 2002-08-12 2004-02-18 Domain Dynamics Ltd Method of authentication

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998057247A1 (en) * 1997-06-09 1998-12-17 Koninklijke Philips Electronics N.V. Web-based, biometric authentication system and method
WO2000042577A1 (en) * 1999-01-18 2000-07-20 Iridian Technologies, Inc. Method and apparatus for securely transmitting and authenticating biometric data over a network
GB2346239A (en) * 1999-01-26 2000-08-02 Ibm Card security and Web sites
WO2001050428A1 (en) * 2000-01-05 2001-07-12 Colin Mitchell Method and apparatus for authenticating financial transactions
US20020062291A1 (en) * 2000-03-26 2002-05-23 Ron Zoka Touch scan internet credit card verification purchase process
EP1158467A2 (en) * 2000-05-26 2001-11-28 Biocentric Solutions, Inc. Integrating biometric devices in time and attendance applications
WO2002006924A2 (en) * 2000-07-18 2002-01-24 Bitarts Limited Transaction verification
WO2004001562A2 (en) * 2001-12-20 2003-12-31 Stevens Lawrence A Systems and methods for storage of user information and for verifying user identity
GB2391992A (en) * 2002-08-12 2004-02-18 Domain Dynamics Ltd Method of authentication

Also Published As

Publication number Publication date
GB0403599D0 (en) 2004-03-24
GB0303702D0 (en) 2003-03-19

Similar Documents

Publication Publication Date Title
US7107454B2 (en) Signature system presenting user signature information
US6122737A (en) Method for using fingerprints to distribute information over a network
US6594759B1 (en) Authorization firmware for conducting transactions with an electronic transaction system and methods therefor
US7155416B2 (en) Biometric based authentication system with random generated PIN
US20020095389A1 (en) Method, apparatus and system for identity authentication
US20170103196A1 (en) System and method for sharing of data securely between electronic devices
US20120032782A1 (en) System for restricted biometric access for a secure global online and electronic environment
US20020153424A1 (en) Method and apparatus of secure credit card transaction
US20100258625A1 (en) Dynamic Card Verification Values and Credit Transactions
KR100745625B1 (en) Biometric authentication apparatus, terminal device and automatic transaction machine
WO2006120365A1 (en) Secure transactions using a personal computer
WO2002012983A2 (en) Method and apparatus for secure identification for networked environments
CN106688004A (en) Transaction authentication method, device, mobile terminal, POS terminal and server
US20060213970A1 (en) Smart authenticating card
JP4911595B2 (en) Identification device, identification system and identification method
JP2001351047A (en) Method for authenticating person
JP2002312326A (en) Multiple authentication method using electronic device with usb interface
JP2007528035A (en) Smart card for storing invisible signatures
GB2399668A (en) Remotely authenticating and logging a transaction
JP7573455B2 (en) Authentication device and authentication method
Srivastava Is internet security a major issue with respect to the slow acceptance rate of digital signatures?
KR20170118382A (en) System and method for electronically managing certificate of real name confirmation
TWI860076B (en) Coded credit card information security and verification system and method using the same
KR100485137B1 (en) Authentication system and method using note sign and smart card
KR20060043953A (en) Access method for electronic certificate stored in storage medium

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)