KR100591743B1 - Secure access system - Google Patents

Abstract

This identifier authentication system is used for commerce at the POS terminal. The system includes a device (signature pad or smart pen) that captures a customer signature, a sensor that captures the biometric characteristics of the customer during the transaction, a local processor, a wireless device carried by the customer, a device reader located at a POS terminal. And host computer. The customer informs the system of the customer account to be used for payment. The customer also submits a digital signature (name script written) and digital signature for fingerprint reference purposes. The customer is then issued a wireless device having a memory. The memory may be an ID card, credit card, smart card, transponder, bar code or a combination of these memories. Identification device readers (such as card readers, interrogators, scanners) are located in a POS terminal that is compatible with the wireless device. Thereafter, when the customer submits data written using a stylus, an electronic signature is generated. Similarly, the sensor in the stylus captures the data used to generate the digital signature. The reference print is then accessed through the memory in the wireless device carried by the customer. The digital and electronic descriptions are then compared with the reference data to authenticate an identifier.

Description

Secure Access System {SECURITY ACCESS SYSTEM}

FIELD OF THE INVENTION The present invention generally relates to various systems for verifying an identifier of an individual, in particular the individual carries a wireless device for use in point-of-sale terminals, the wireless device being an example. For example, ID cards, credit cards, smart cards, transponders, memories in a barcode or a combination of these memories.

Many identifier systems are known in the art. In some cases, an ID is attached to a person's photo or his fingerprint pattern. Alternatively, various methods are used to store image or password information in a light encoded image or pattern in a magnetic stripe that is a physical part of the identification card. Still other approaches use "smart cards" with semiconductor memory characteristics for information storage.

US Patent No. 6,175,922 (Wang) discloses an electronic transaction system for completing a transaction request at a POS terminal using a portable electronic authentication device carried by a user. The device first receives digital data representing the transaction request. The electronic authentication device provides information regarding the ability to approve the transaction request. If the transaction is approved, the electronic authentication device receives additional data indicative of the electronic service authentication token.

US Patent No. 6,140,939 (Flick) discloses a biometric security system for automobiles. The control system includes a controller that learns the intrinsic biometric characteristics of the individual and then defines a learned individual that can perform vehicle related functions. The vehicle function control system includes a biometric characteristic sensor and a controller for controlling the vehicle function in response to the biometric characteristic sensor in the vehicle.

US Patent No. 5,857,152 (Everett) discloses an electronic system for toll payment. The system identifies the electronic wallet and achieves a charge transfer through the communication system without the vehicle having to stop. The system provides a royalty payment by use of a communication device and an electronic wallet associated with the device. The telecommunications system communicates with mobile devices to achieve a royalty payment by sending and receiving cryptographic secure messages.

US Patent No. 5,706,349 to Aditham et al. Discloses a system for authenticating remote users in a distributed environment. Initially, once the security mechanism determines that the remote user has requested a payment, a token is issued to that remote user. Prior to accessing the connection between the remote user and the application server, the system verifies that the token associated with the connection request has been issued by the security mechanism.

US Patent No. 6,202,055 (Houvener et al.) Discloses a system for processing financial instruments. At the identification terminal, the customer initially submits the goods-perhaps a check. The checking account number is passed to a remote database containing digital photographic images of authorized users of checking accounts. The remote database is retrieved and any photographic images associated with the checking account number are sent to the identification terminal. The images are displayed and compared with the physical appearance of the customer. The local employee then determines whether at least one of the displayed digital images matches the appearance of the person who initiated the transaction.

U.S. Patent No. 5,903,225 to Schmitt et al. Discloses an access control system by fingerprint sensor registration. The system includes a station that registers an individual when authenticated based on the detected fingerprint. The system also includes a wireless device carried by the authenticated person and an access controller that grants access to the authenticated person. The wireless device cooperates with the registration station to store data for an authenticated individual based on the detected fingerprint. The authenticated individual carrying the wireless device is carefully granted access by accessing an access location.

US Pat. No. 5,973,731 (Schwab) discloses an identification system that provides two-way communication of text and image information between a central server and a plurality of remote terminals. The central server maintains a separate centralized database of data compressed images of subject individuals, and subsequently sends the data compressed images to local terminals upon request during the transactions. The image includes a copy of the certified signature, which copy is used by the transaction terminal to compare the scanned image of the signature on the pre-authentication table.

Although signatures are still seen as a desirable way for an individual to express their approval and legal vows, there is an absolute need to ensure that the customer can be assured that he or she is an authorized person to sign.

What is needed is a system that uses wireless technology in any value commerce that is acceptable to all parties that capture the digital signature (written text) while simultaneously capturing the digital signature (which is an international standard of identification). The signed signature cannot be challenged and is a pen-based system that is compatible with both card based systems and other systems unrelated to these card-based systems.

The system of the present invention is directed to meeting these needs. For the purpose, a list of key terms is presented below to clarify the scope of the authentication payment system of the present invention.

Transponder: This is a wireless device that is a receiver-transmitter. The transponder is part of a transponder system, the system also includes an interrogator. The transponder can respond to the request of the interrogator by sending the appropriate response. The transponders receive and transmit data in a wireless manner, generally over low frequency radio waves. Such transponders generally include ID cards, keytags, cordless phones, PDAs or any other device that a customer may carry in a purse, wallet, keychain or pocket. The transponder can be active or passive. This definition explicitly excludes any data transfer by swiping or inserting the card into a conventional card reader.

Stylus: This refers to any device that is compatible with the user's hand or finger for the purpose of writing on essentially flat surfaces. The flat surface may be a digital surface or a piece of paper. The drawings show a stylus of a conventional shape, but other shapes within the scope of the present invention, such as any accessory or thimble-like device for a finger or any tool that can be held for this purpose. Or designs are also included. The stylus may or may not include an ink cartridge.

Dynamic registration: This refers to the process by which an existing customer can register an identifier with a new system by engaging in a normal transaction. For example, if an electronic or digital signature is used for reference purposes, this signature is captured when the customer grabs the stylus and signs his name. The registration is seamless to the customer and is essentially invisible to the customer.

The authentication payment system of the present invention includes a wireless device carried by a customer, a device reader for accessing customer data through the wireless device, a device for generating an electronic signature, a sensor for capturing a digital signature during a commerce process, and an electronic device. A POS processor for processing signature data and digital signature data from the device reader, and a host computer in digital communication with the POS processor.

The payment authentication method of the present invention includes the steps of accessing a product to be purchased by a customer to a POS terminal, generating an electronic signature as an expression for the customer to trade, and capturing the digital signature of the customer when the electronic signature is generated And comparing the captured digital signature of the customer with a reference digital signature, and whenever the predetermined limit for the authentication is met and the customer has sufficient reserve to be responsible for the transaction. Approving the step.

A first preferred embodiment of the identifier proof system of the present invention is for use in commerce. The system includes a host computer, interrogator device, transponder device and stylus.

The host computer accesses data linking the customer to the customer's payment account. The interrogator is linked with the host computer arranged in the POS terminal. The transponder is wireless, carried by the customer and sends data to the interrogation device upon request. The transmitted data is associated with the customer's identifier. The stylus is attached to the POS terminal, and includes a sensor disposed on the stylus handle. The sensor captures the digital signature of the customer when the customer signs. Access to the customer's payment account is only possible when the detected digital signature matches the reference digital signature.

To use for commerce at a POS terminal, the customer selects and registers a customer account to be used for payment. The customer also submits a digital signature-preferably a fingerprint-for reference purposes. The customer is then issued a transponder that links the customer to the customer account and the reference digital signature. When the customer is at the POS terminal to pay, the interrogator placed on the POS terminal transmits a radio signal requesting proof of identifier. The wireless transponder submits data to the interrogation device. Then, when the customer submits data (signature, etc.) written using a stylus, the sensor of the stylus performs ancillary capture of biometric data that allows the interrogator to verify the customer identifier. Similarly, the system can be used to prove an identifier when the customer wants to cash a personal check.

Centrally located in the process is a stylus having any of a number of biometrics or having one or more metering sensors. The identifier verification processes of the present invention provide a variety of methods for accessing a computer network for applications such as pen-based computers and smart-pens as conventional writing tools and multipurpose writing tools for electronic commerce. It can be used in POS terminals in control environments.

Although the systems have been described herein in connection with POS terminals for purposes of illustration, the principles described herein include internet and intranet commerce, access control, administrative activities (voting, driver registration, receipt of administrative benefits), It should be understood that they are all applicable for use in a wide variety of other activities and control environments (hospitals, banks, etc.) where writing or signature is required or desirable.

Various methods of generating a digital signature can be used.

PCT Application No. PCT / US99 / 17900, filed April 7, 1999, entitled “Identification Confirmation System”; US Patent Application No. 09 / 490,687, filed Jan. 24, 2000, entitled "Writing Implement and Identity Verification Systems"; US Patent Application No. 09 / 535,411, filed March 20, 2000, entitled "Method for Identity Verification"; And PCT Application No. PCT / US00 / 19652, "Identity Authentication System and Method," filed July 18, 2000, describe fingerprint sensors placed on a barrel of a stylus used to generate an electronic signature, such as a preferred digital signature. Initiate use.

US Pat. No. 6,064,751 (Smithies) discloses a method of generating a digital signature by the use of various metering and biometric sensors placed in a barrel of a stylus. Computer-based systems capture and verify electronic handwritten signatures. The system includes a stylus having a plurality of sensors that capture the biometric characteristics of the user, and a database of signature templates that store verified signature information. When signing, a digital signature that includes certain characteristics of the signer during the signature operation, such as the size, shape, and relative position of the signature's curve, loop, line, point, intersection, and other features as well as the speed at which the feature is delivered Is generated. The captured composite digital signature of the signature measurements is compared with a reference set of stored measurements to obtain a similarity score.

The interrogator is in digital communication with a host computer, and the interrogator is arranged in a POS terminal. The wireless device is preferably a transponder. The stylus may be attached to the POS terminal via a pen-based computer or signature pad. Digital signatures, such as fingerprints, are captured during the registration process and stored in a file associated with the registrant or on the wireless device.

The customer informs the system of the customer account to be used for payment. The customer also submits an electronic signature (script of the written name) and a digital signature-fingerprint-for reference purposes. The customer is then issued a wireless device with a memory. The memory may be an ID card, credit card, smart card, transponder, bar code or a combination of these memories. An identification device reader (card reader, interrogator, scanner, etc.) that is compatible with the wireless device is located at the POS terminal. Then, when the customer submits the written data using the stylus, an electronic signature is generated. Similarly, the stylus's sensor captures the data used to generate the digital signature. A reference print is then accessed through the memory in the wireless device carried by the customer. The digital and electronic signatures are then compared with the reference data to authenticate an identifier.

The stylus includes one or more fingerprint sensors that capture an image of a customer's finger when the stylus is squeezed. While fingerprint sensors are used herein for purposes of illustration, it should be clearly understood that the principles of the present invention are also applicable to the detection of DNA and other life science characteristics, including cell capture or cell analysis sensors. During the daily use of the stylus, the sensor captures the data needed to compare with the digital signature to determine an identifier proof.

A preferred embodiment of the authenticated commerce system of the present invention may be compatible with the following systems.

Fingerprint sensors (card readers, POS counters, cards) on anything other than stylus

Fingerprint sensors attached to stylus w / POS

Credit cards

Stored values, ATM, check cards

Reference print, bank and account number on card, keytag or wallet

Bank and account number in card, keytag or wallet

Personal identifier in the card, key tag or wallet

Fingerprint sensors attached to smart pen w / POS

Credit cards

Stored values, ATM, check cards

Reference print, bank and account number on card, keytag or wallet

Bank and account number in card, keytag or wallet

Personal identifier in the card, key tag or wallet

Wireless smart pen w / customer's fingerprint sensors

Reference print, bank and account number in smart pen

Bank and account number in smart pen

Personal identifier in the smart pen

For a more complete understanding of the authentication payment system of the present invention, reference is made to the accompanying drawings in which the following detailed description and presently preferred embodiments of the invention are shown by way of example. Since the invention can be embodied in many forms without departing from the spirit of its basic characteristics, it should be clearly understood that the drawings are for purposes of illustration and description only, and are not intended to limit the invention. Throughout the description, like reference numerals refer to like elements throughout the several views.

1A shows a wireless device (RFID memory containing a unique customer record number), a stylus that captures biometric characteristics during the signature process, and a local processor (authenticating an identifier based on a comparison of captured customer data with reference customer data). -Shows one preferred embodiment of the payment processing RFID system of the present invention comprising a query device and a host computer (storing customer records and transaction records and generating monthly statements);

FIG. 1B illustrates a wireless device (RFID memory including reference biometric data, metering data and signature data), a stylus that captures biometric characteristics during the signature process, and an identifier based on a comparison of captured customer data with reference customer data. A second preferred embodiment of the payment processing RFID system of the present invention comprising a local processor-questioning device authenticating) and a host computer (storing transaction records and generating monthly bills);

1C illustrates a stylus that captures biometric characteristics during a signature process, a smart card reader, a smart card (the smart card memory includes reference biometric data, metered data and signature data), and the captured data that occurs in the smart card memory. A third preferred embodiment of the payment processing system of the present invention comprising an identifier authentication based on a comparison of customer data and reference customer data and a host computer (storing transaction records);

1D shows a wireless device (RFID memory containing a unique customer record number), a stylus capturing biometric characteristics during the signature process, a local processor-question apparatus (capturing data from the wireless device and the stylus) and (capture) Fourth preferred of a payment processing RFID system of the present invention comprising a host computer for authenticating an identifier based on a comparison of the reference customer data with reference customer data, storing customer records and transaction records, and generating monthly bills An embodiment;

2A illustrates a wireless device (RFID memory containing a unique user record number), a stylus that captures biometric characteristics during the signature process, and a local (authenticating user identifier based on comparison of captured customer data with reference customer data). One preferred embodiment of the secure RFID processing system of the present invention comprising a processor-question apparatus and a host computer (stores secure access codes and access requests);

2B shows a wireless device (user biometric data, user metering data and user signature data, and a RFID memory containing a unique user record number), a stylus that captures biometric characteristics during the signing process, (captured customer data and reference) A second preferred embodiment of the secure RFID processing system of the present invention includes a local processor-questioning device that authenticates a user identifier based on a comparison of customer data and a host computer (which stores secure access codes and access requests). Shown;

3 shows a wireless device (barcode memory containing a unique customer record number), a stylus that captures biometric characteristics during the signature process, and a local processor (authenticating an identifier based on a comparison of captured customer data with reference customer data). One preferred embodiment of the payment processing barcode system of the present invention comprising a barcode reader and a host computer (storing customer records and transaction records, generating monthly bills);

4 is a customer ID card (RFID memory containing a unique customer record number), a user credit or debit card whose amount is withdrawn for payment for goods or services, a stylus to capture biometric characteristics during the signing process, ( At a POS terminal, comprising a local processor-questioning device for authenticating the identifier based on the comparison of the captured customer data and the reference customer data and a host computer (storing customer records and transaction records and generating monthly bills) One preferred embodiment of a system for processing conventional payments for goods and services, wherein the transaction is blocked if the ID card reference data does not match the biometric, metering or signature data captured from the stylus ;

5A shows a simplified logic diagram of a preferred method of registering new users with the access (account, network data, physical) security system of the present invention;

FIG. 5B shows a simplified logic diagram of a preferred method of registering existing users with the access (account, network data, physical) security system of the present invention, wherein registration that occurs dynamically as a local access request is processed;

FIG. 6A shows a simplified logic diagram of a preferred method of enabling account, network data or physical access with lower security identifier authentication, wherein two streams of sensed data are compared to two streams of reference data, and FIG. Access is made if either stream of sensed data matches the corresponding stream of reference data;

6B shows a simplified logic diagram of a preferred method of enabling account, network data or physical access with intermediate security identifier authentication, where one stream of sensed data is compared to one stream of reference data and FIG. Access is made if the detected data matches the reference data;

FIG. 6C shows a simplified logic diagram of a preferred method of enabling account, network data or physical access involving higher security identifier authentication, wherein two streams of sensed data are compared to two streams of reference data and FIG. Access is made only if and only if each stream of sensed data matches its corresponding stream of reference data;

7A and 7C show a simplified logic diagram of a preferred method for the security system of the present invention that enables access of network data with remote users involving higher security identifier authentication, network high security requests, and Here, the acceptance threshold is adjusted (see FIGS. 18A and 18B), two streams of data are captured and processed, and each stream of sensed data matches its corresponding stream of reference data. And only if that is the case;

7B and 7C show a simplified logic diagram of a preferred method for the security system of the present invention that allows access to network data and remote users involving higher security identifier authentication, network high security requests, where Access limits are adjusted (see FIGS. 18A and 18B), two streams of data are captured and processed, and only if and when each stream of sensed data matches its corresponding stream of reference data Data misleading is provided to the user if identifier authentication is not confirmed;

8 shows a simplified logic diagram for another embodiment of the security system of the present invention, wherein reference data is used for the purpose of authenticating a user identifier to cash a check;

9 shows a simplified logic diagram of a preferred method of enabling access to a secure area, wherein a user carries a wireless device with an RFID memory, and one stream of sensed data is one stream of reference data. And if the sensed data and the reference data match, access is made;

10A and 11A show one preferred embodiment of a brief RFID memory and a brief customer record of the host computer for the payment processing system of FIG. 1A;

10B and 11B illustrate one preferred embodiment of a brief RFID memory and a brief customer record of the host computer for the payment processing system of FIG. 1B;

12A shows one preferred embodiment of the stylus of the security system of the present invention that provides images of any finger image touching the handle area of the stylus, and an ultrasonic sensor along the axis of the stylus Is located, the sensor rotates to capture finger images (such as a sonar), and provides a wrap-around sensor configuration to capture fingerprint images;

12B illustrates another preferred embodiment of the stylus of the security system of the present invention that provides images of any finger image touching the stylus area of the stylus, with six elongated silicones on the handle surface. Chip sensors are mounted to provide a wrap-around sensor configuration to capture fingerprint images;

13A and 13B show exploded views of other preferred embodiments of wrap-around fingerprint sensor configurations that provide a wrap-around sensor configuration to capture fingerprint images;

14A and 14B show a list of brief user record data and secure access sites for use in a financial institution;

Figures 15A and 15B illustrate a variant of a wireless stylus for use with the secure access system of the present invention, wherein the wireless stylus includes a living hinge that opens and closes a central flap in which a fingerprint sensor, a magnetic stripe and the magnetic stripe are located. a living hinge;

Figure 16A shows a customer identification device for the secure access system of the present invention, wherein the customer identification device is a card, the card comprising an active transponder;

16B shows a customer identification device for the secure access system of the present invention, wherein the customer identification device is a card, the card comprising a magnetic stripe credit card;

Figure 16C shows a customer identification device for the secure access system of the present invention, wherein the customer identification device is a card, the card comprising a barcode;

16D shows a customer identification device for the secure access system of the present invention, where the customer identification device is a card with two memories, the first memory is a passive transponder, and the second memory is a barcode;

Figure 16E illustrates a customer identification device for the secure access system of the present invention, where the customer identification device is a card with three memories, the first memory is a magnetic stripe, the second memory is a passive transponder, and the third is The memory is a barcode;

Fig. 16F shows a customer identification device for the secure access system of the present invention, where the customer identification device is a card with two memories, the first memory is a magnetic stripe, and the second memory is a barcode;

17 shows another preferred embodiment of the wireless device of the present invention, wherein the wireless device is a commercial paper with an RFID memory disposed therein, the memory enabling tracking of the commercial paper, Enable identifier authentication at the transmission points. For purposes of explanation herein, there are two types of RFID devices, where (1) one type is a token issued to a party for use by that party, and (2) another type is issued (money). There are tokens that can be exchanged easily and freely between the parties. The latter type can take the form of plastic cards, bills or coins;

18A shows a simplified threshold graph for authenticating low risk commerce; And

18B shows a simplified limit graph that authenticates high risk commerce.

Referring now to the drawings, Figures 1A, 1B and 1C generally illustrate a secure access system of the present invention. An authenticated commerce system includes a wireless device carried by a customer, a device reader that accesses customer data through the wireless device, a device that generates an electronic signature, a sensor that captures a digital signature during the commerce process, and electronic signature data. And a POS processor for processing digital signature data from the device reader, and a host computer in digital communication with the POS processor.

Preferred embodiments of the identifier proof system of the present invention are for accessing account data, for accessing network data, and for physical access. The host computer accesses data linking the customer and their payment account. The interrogation device is linked to the host computer arranged at the POS terminal. The transponder is wireless, carried by the customer and sends data to the interrogation device upon request. The data sent from the transponder allows the system to create an original customer identifier. The stylus is attached to the POS terminal and includes a sensor disposed on the stylus handle. While the customer is signing, the sensor captures and generates the customer's digital signature. Access to the customer's payment account is only possible after the identifier is verified by matching the digital and / or electronic signatures with the reference data previously submitted by the customer.

In the two-step process of the identifier verification process of the present invention, a customer identifier is created by the data initially transmitted from the transponder to the interrogator. The second step involves the capture of the data used to generate the digital and electronic signatures. Only after the captured data is compared with the reference data will the transaction proceed.

The method for commerce authentication of the present invention includes the steps of accessing an item to be purchased by a customer to a POS terminal, generating an electronic signature as an expression that the customer wants to commerce, and capturing the digital signature of the customer when the electronic signature is generated. And comparing the captured digital signature of the customer with a reference digital signature, and whenever the predetermined limit for the authentication is met and the customer has sufficient reserve to be responsible for the transaction. Approving the step.

This identifier authentication system is used for transactions at the POS terminal. The customer informs the system of the customer account to be used for payment. The customer also submits an electronic signature (script of the written name) and a digital signature-fingerprint-for reference purposes. The customer is then issued a wireless device with a memory. The memory may be an ID card, credit card, smart card, transponder, bar code or a combination of these memories. An identification device reader (card reader, interrogator, scanner, etc.) that is compatible with the wireless device is located at the POS terminal. Then, when the customer submits the written data using the stylus, an electronic signature is generated. Similarly, the stylus's sensor captures the data used to generate the digital signature. A reference print is then accessed through the memory in the wireless device carried by the customer. The digital and electronic signatures are then compared with the reference data to authenticate an identifier.

2A and 2B show simplified registration methods for each new and existing customer. For new customers, a customer record should be created. For existing customers, customer records already exist. One major advantage of having reference data in the customer record (not transponder) is that the amount of memory available for storing the reference signature is not a major issue. If reference signature data is stored in the transponder, the amount of memory in the transponder may not be sufficient to store such data. For the existing customer, the customer record already exists, but an authorization confirmation is required to confirm that the customer has authenticated access to the account.

The method eliminates the inconvenience of re-registering all existing customers, and existing customers can use "dynamic registration" during routine transactions. Digital and electronic signatures are captured during everyday commerce using stylus. Then, during the transaction, the sensed print is compared with a reference print as part of the identifier verification process each time the card is submitted through a card reader. Similarly, when a transponder is used, to purchase gasoline and other items of convenience stores affiliated with gas stations, the stylus captures the digital signature and uses that digital signature as a reference print.

For example, at a bank branch, the iron pens of the present invention are placed at the tellers of all tellers, at all ATMs and at the desks of all employees. New customers are given a debit / credit / ATM card as soon as they complete the application. The customer uses a stylus similar to the stylus at the teller's counters. The customer's reference print is preferably captured during registration at the bank's branch, and the digital and electronic signature data is encrypted and stored in the customer's bank record. These cards are actually issued and distributed to customers once their registration is completed, and in places such as hotels, they are used to issue a room key as soon as they are registered, and the cards are pre-printed, so that any data is stored on the card before it is issued. Is loaded.

The stylus may be attached to a POS terminal, attached to a pen-based computer, or attached to a signature pad. In addition, the stylus may be wireless, so that the transponder is integrated into the wireless stylus (see FIGS. 1B and 1C). Each stylus also includes one or more fingerprint sensors that capture an image of the customer's finger when the stylus is held in hand.

The transponder responds to the radio signal by sending its own radio signal. Each transponder is given a unique serial number. The serial number can be linked with a credit or debit account. A typical sales transaction may require the matching of digital signatures, may require matching of digital signatures, and may require matching of both digital signatures and electronic signatures. The customer selects the goods and takes them to the POS terminal. The POS terminal indicates that the transaction will be paid via a transponder. The interrogator arranged at the POS terminal collects data from the transponder. The light informs the customer that the payment has been accepted. Payment is made immediately from the customer's registered account. The interrogator device generally emits low frequency transmission through its antenna. The transponder is inactive until the transponder is activated by the interrogation device. If a transponder passes within range, the transponder is excited to cause the transponder to transmit its data in response to the inquiry. The interrogator submits the inquiry to the transponder and receives the data back from the transponder.

In one preferred embodiment, the transponder has an enhanced memory (similar to a smart card), in which case an encrypted reference fingerprint is stored in the transponder memory. The memory may also include account numbers, balances and customer data to be stored in the transponder memory. 6A shows the corresponding customer bank record. A comparison of the sensed print and the reference print for the purpose of identifier authentication preferably takes place in the transponder. One important advantage to this system is that the transaction can be completed at the POS terminal with minimal access / input from the driver. Another advantage is that driver and account data are updated after the transaction is completed.

In another preferred embodiment, the transponder has a finite memory (similar to a magnetic stripe). The writing device is a tethered stylus attached to the POS terminal, and digital and electronic signatures are stored in customer records. The transponder has the customer bank and account number. Reference signatures are in the customer record of the customer bank. The comparison of detected signatures with reference signatures for the purpose of identifier authentication preferably takes place at the driver (to which the detected print is sent) or to the POS terminal (to which the reference print is sent). In a variation of this embodiment, the transponder has an index reference to the customer bank and account number. To increase security, the index reference number in the account index and on the transponder is changed for each transaction. The reference print is on the customer record of the customer bank. One important advantage is that since there is minimal information about the transponder device, even if the transponder is lost or stolen, the transponder is rarely used by thieves and hackers. Even if thieves and hackers find out the customer's bank and account number (obtained from personal checks), they will still be able to achieve access to these reserves because the digital and / or electronic signatures do not match. Can not. Another advantage is that the transfer of data is via wired connections (better security).

The passive transponder (not including power source) carried by the customer is placed on a card held in a wallet or keychain, and when used, is removed from the wallet and passed through a card reader or near the interrogator. Active transponders (including power supplies) may also be PDAs, precious metals, glass, clothing, or the like.

One transponder to choose from is commercially available from AMSKAN, Victoria Watergrave, Australia, while InfraRed Datalinks are available through a series of windscreens between the vehicle and high-reliability roadsides in daylight. It is currently used to enable data transmission and to capture information from vehicles when they are refueling, reloading, or running at high speeds. The IRD consists of two main components, the interrogation device and the wireless transponder. The interrogation device is attached to the POS terminal. The size of the transponder is 130x80x50 mm.

Another transponder to choose from is Miotec's mPollux, which is developed on SIM cards, and its integrated security solutions provide a flexible and secure platform with sufficient capacity for wireless PKI systems. The SIM platform is a flash microcontroller with a separate RISC processor for RSA operations. The MioCOS operating system is compatible with both GSM and PKI standards. In addition, integrated biometric functions enable, among other things, to replace a PIN code in an electronic ID with a fingerprint match.                 

In another preferred embodiment of the pen-based attestation systems of the present invention, a transponder is used in a smart card. The smart is compatible with both contactless and contact transactions. Such cards are currently commercially available and are known as "Digital Pusan Cards." The digital Busan card is one of the first to functionally mix contact and contactless smart cards on a single chip. It combines credit, debit and prepaid card functions to support multiple services. The card, which is compatible with smart pagers, is one of the existing and used in the Hanaro Transportation scheme. Cardholders can recharge their electronic wallets at reloading machines and ATMs. Dual interface technology that operates in both contacted and contactless modes has proven safe. The card can be loaded by its contact or contactless interface. This enables many of the recharging possibilities included in bank terminals, bus stops, or PC and card readers over the Internet, which also enables electronic purchases over the Internet.

The use of such transponders as a component of the pen-based attestation system of the present invention allows the transponders to be compatible with both card-based and cardless systems. In the card based system, the device is drawn through a card reader at a POS terminal and the customer signs with a fingerprint stylus. The reference fingerprint image is stored on the smart card / transponder device and also the match of the detected print (from the pen) on the smart card / transponder device is compared with the reference fingerprint image. This embodiment, which enables compatibility with both card readers and transponders, is also a solution to enable trading for non-carded systems.

A preferred embodiment of the secure access system of the present invention is compatible with the following systems.

Fingerprint sensors (card readers, POS counters, cards) on anything other than stylus

Fingerprint sensors attached to stylus w / POS

Credit cards

Stored values, ATM, check cards

Reference print, bank and account number on card, keytag or wallet

Bank and account number in card, keytag or wallet

Personal identifier in the card, key tag or wallet

Fingerprint sensors attached to smart pen w / POS

Credit cards

Stored values, ATM, check cards

Reference print, bank and account number on card, keytag or wallet

Bank and account number in card, keytag or wallet

Personal identifier in the card, key tag or wallet

Wireless smart pen w / customer's fingerprint sensors

Reference print, bank and account number in smart pen

Bank and account number in smart pen                 

Personal identifier in the smart pen

When wireless devices are used, system security becomes even more important because the system's integrator (in this case a transponder) is not attached to the system but is wireless and carried by the customer. Reference digital and electronic signature data is stored in both the transponder and the customer record. During a POS transaction request, a comparison of reference data in the transponder is compared with reference data in the customer record to determine if the transponder has been changed or replaced with a counterfeit transponder. These checks need not be performed each time, but may need to be done arbitrarily or if the transaction involves a large amount. Other cases also exist. When the reference print is stored inside a transponder carried by the customer, any of the following techniques may also be used.

US Patent No. 5,619,025 (Hickman et al.) Discloses a method of anti-strain identification using photo refractive crystals. The method for document authentication utilizes a temporary variable physical process to produce a reproducible effect that cannot be copied. A certificate, such as a credit card, is provided with a spot or stripe incorporating at least one, and preferably a large number of optically refractive crystals. The certificate authentication device includes a coherent light source such as a diode laser to illuminate the photorefractive crystals and a photosensor for receiving light scattered from the photorefractive crystal. The arbitrary distribution and orientation of the light refraction crystals includes the uniqueness for each card or certificate, which is not based on any assignment number or code. The response of the optical refraction crystals to the coherent illumination includes time varying depending on the intensity and temporality of the illumination itself. The input to the laser illuminator is varied to differ from the responses from the photorefractive crystals, and this factor is very difficult for the counterfeiter to find out. Also, for any given illumination intensity or temporal pattern, the image received by the light sensor changes over time. The time for which the optical sensor signal is sampled to obtain the identification image can also vary, making it more difficult for counterfeiters to overcome. The majority of "snapshots" of the time-varying image of the deed are electronically captured, digitized, and stored in electronic media. The photosensor signal is compared with the stored data to indicate a valid certificate if it matches, and to indicate an invalid or uncertified certificate if it does not match. The image recognition process can be improved by comparing the rate of change in the sequence of images induced by the laser illuminator.

US Pat. No. 5,834,748 to Litman discloses a card comprising a magnetic material and which is difficult to forge. The signal length, period, amplitude and / or arrangement of magnetic fields can be read as coded information by the magnetic read head. The encoding of such information can make it very difficult to imitate or falsify by changing parameters within these (and other) mechanically readable descriptions. Device readable (mechanically readable) security means preventing counterfeiting of identification cards (including new smart cards with readable chips therein) and pens. The security of the pens is improved by the implementation of a mechanically readable security system that includes a mechanically readable magnetic marking embedded in the transaction item. The marking may also be visually perceptible or readable, but the marking should be readable by a read head capable of reading at least the passage of the magnetic material by the head. The marking is preferably in the form of at least two magnetic filaments or stripes, preferably comprising a plurality of filaments of different high pressure, magnetic field length, magnetic field arrangement, size or spacing, wherein the stylus is defined Preferably, when passing through the reading device at a constant speed, approval is only given when the proper signal is provided by the aligned arrangement of the appropriate magnetic components in the pen.

When a digital signature is generated via fingerprint data, registration can also occur with a fingerprint sensor that captures the essentially complete fingerprint of the finger for reference purposes, without a pen. Subsequently, when the stylus is used, a partial print is compared with the complete fingerprint for matching purposes.

The transponder compatible with existing card readers makes the system of the present invention compatible with the card-based systems and pen-based (non-card-type) systems shown above, and is compatible with existing card readers. The use of a stylus can provide many similar advantages to a wireless stylus that is compatible with card-based systems and pen-based systems. 15A and 15B show a first preferred embodiment of a stylus handle for use with the identifier authentication system of the present invention, wherein the handle includes a rotatable flap that includes a magnetic stripe that can be read by a conventional card reader. Have

The optional fingerprint sensors are any of the following.

Infineon's FingerTIP _™ sensor benefits from replacing PCs, notebook computers, handheld devices, set-top boxes, ATMs, POS terminals, ticketing kiosks, building access systems, or PIN and password identifiers with biometric-based proof. It allows the integration of miniaturized fingerprint sensors into a variety of end products including any other application. The chip is compact, reliable, and robust enough to convert a foreign technology biometric user ID into everyday reality. The FingerTIP chip is a compact (18mm x 21mm x1.5mm) IC with an 288 x 224 pixel contact sensor array that images lines and ridges of the fingerprint when the user touches the device. Each pixel has an 8-bit data length, which allows for the evaluation of the minute gradations of the fingertips (256 shades of gray) and their conversion into a set of indices, the key identifying the characteristics of the individual's fingerprint. Imprint imaging and data transfer take only 100 milliseconds.

STMicroelectronics has used capacitive-sensor-array technology and has developed a fingerprint sensor that is substantially the same size as the Infineon sensor; Building silicon ICs include an array of sensor plates. ST's TouchChip technology uses capacitive sensing technology to capture high resolution images of fingerprints less than 10 per second when a finger is applied directly to the chip surface. The output of the chip is a digital representation of the fingerprint and can be processed by algorithms developed by 5AGEM, immediately verifying or validating the recognition of pre-identified individuals, and then further processing by application dependent software.

One transponder to choose from is commercially available from AMSKAN, Victoria Watergrave, Australia, while InfraRed Datalinks are available through a series of windscreens between the vehicle and high-reliability roadsides in daylight. It is currently used to enable data transmission and to capture information from vehicles when they are refueling, reloading, or running at high speeds. The IRD consists of two main components, the interrogation device and the wireless transponder. The interrogation device is attached to the POS terminal. The size of the transponder is 130x80x50 mm.

Another transponder to choose from is Miotec's mPollux, which is developed on SIM cards, and its integrated security solutions provide a flexible and secure platform with sufficient capacity for wireless PKI systems. The SIM platform is a flash microcontroller with a separate RISC processor for RSA operations. The MioCOS operating system is compatible with both GSM and PKI standards. In addition, integrated biometric functions enable, among other things, to replace a PIN code in an electronic ID with a fingerprint match.

One of ordinary skill in the art recognizes the application to electronic commerce where a party to the principles of the security attestation system of the present invention enters or accesses data, or simply wishes to correspond with each other. When the party wishing to transact is away from the host computer terminal (second party), the remote party is generally invisible and therefore unable to identify the national, ethnic, gender or even race. In these cases, the need for identifier proof has increased. Accordingly, the identifier verification process of the present invention requires the remote party to access a signature pad, which has means for generating digital and digital signatures. The digital and / or electronic signatures are compared with reference data before proceeding with the transaction, and the digital and electronic descriptions are captured and kept in a transaction record.

Throughout this specification, various US patents, US applications, and PCT applications have been cited with reference to numbers and inventors. The disclosures of these patents and applications are hereby incorporated by reference in this application in order to explain in more detail the latest technology relating to this technology.

Throughout this specification, various US patents, US applications, and PCT applications have been cited with reference to numbers and inventors. The disclosures of these patents and applications are hereby incorporated by reference in this application in order to explain in more detail the latest technology relating to this technology. It is evident that many alternatives, modifications and variations of the authenticated commerce system of the present invention will become apparent to those skilled in the art in light of the present disclosure. The boundary of the present invention is determined by the appended claims rather than by the language of the specification, and all such alternatives, modifications and variations that form a joint combination equivalent are included within the spirit and scope of these claims.

Claims (10)

An access request processing method, a. Capturing user reference fingerprint data from a wireless device carried by the user, wherein the user reference fingerprint data is submitted during user registration; b. Capturing user sensed fingerprint data when the user grabs the stylus; c. Transmitting the user sensed fingerprint data and the user captured data to a processor, wherein the user reference data is transmitted to the processor by radio frequency transmission; d. Comparing the user sensed fingerprint data with the user referenced fingerprint data at the processor; e. Authenticating the identifier of the user based on a result of the comparison; And f. If the processor verifies the user identifier and other system criteria (stack availability, network payment or physical payment) confirm that the access request should be granted, then the user can access the account, network data or physical secure location. And requesting an access request processing method. An access request processing method, a. Capturing a user record number from the wireless device carried by the user, the user record number being submitted in a registration process; b. Capturing user sensed fingerprint data when the user grabs the stylus; c. Transmitting the user sensed data and the user record number, the user record number being transmitted to the processor by radio frequency transmission; d. Retrieving user reference data (including user biometric data, user metering data or user signature data) using the user record number; e. Comparing the user sensed fingerprint data with the user reference data in the processor; f. Authenticating the identifier of the user based on a result of the comparison; And g. If the processor verifies the user identifier and other system criteria (stack availability, network payment or physical payment) confirm that the access request should be granted, then the user can access the account, network data or physical secure location. And requesting an access request processing method. An access request processing method, a. Capturing user reference data (including user biometric data or user metering data) from a wireless device carried by the user, wherein the user reference data is embedded in a barcode and the user reference data is submitted in a registration process Wow; b. Capturing user sensed fingerprint data when the user grabs the stylus; c. Transmitting the user sensed fingerprint data and the user captured data to a processor system, wherein the user reference data is sent to the processor by a barcode reader; d. Comparing the user sensed fingerprint data with the user reference data in the processor; e. Authenticating the identifier of the user based on a result of the comparison; And f. If the processor verifies the user identifier and other system criteria (stack availability, network payment or physical payment) confirm that the access request should be granted, then the user can access the account, network data or physical secure location. And requesting an access request processing method. An access request processing method, a. Capturing a user record number from the wireless device carried by the user, wherein the user record number is embedded in a barcode and is submitted in a registration process; b. Capturing user sensed fingerprint data when the user grabs the stylus; c. Transmitting the user sensed fingerprint data and the user record number to a processor system, the user record number being transmitted to the processor by a barcode scanner; d. Retrieving user reference data (including user biometric data, user metering data or user signature data) using the user record number; e. Comparing the user sensed fingerprint data with the user reference data in the processor; f. Authenticating the identifier of the user based on a result of the comparison; And g. If the processor verifies the user identifier and other system criteria (stack availability, network payment or physical payment) confirm that the access request should be granted, then the user can access the account, network data or physical secure location. And requesting an access request processing method. a. A stylus for capturing user fingerprint data, the stylus including a fingerprint sensor; b. The wireless device carried by the user, the wireless device having a memory, the memory containing user data, the user data comprising a user data record number; And c. A processing system for capturing the user data record number from the wireless device by radio frequency transmission, wherein the radio frequency transmission occurs from the wireless device to the processor, wherein the processing system is enabled by use of the user record number. Access to user reference data, the user data record including reference data comprising user biometric data, user metering data or user signature data, the processing system using the captured fingerprint data processed from the stylus Compare the user reference data processed from the wireless device, user authentication is based on the comparison, and user access to an account, network data or physical secure location is determined by the processor to verify the user identifier, and System criteria (i.e. reserve availability, network payment or physical payment) are allowed when confirming that the access request should be approved. a. A stylus for capturing user fingerprint data, the stylus including a fingerprint sensor; b. The wireless device carried by the user, the wireless device having a memory, the memory including user reference data (including user biometric data, user metering data or user signature data); And c. A processing system for capturing the user reference data from the wireless device by radio frequency transmission, wherein the radio frequency transmission occurs from the wireless device to the processor, the processing system processing captured fingerprint data from the stylus Compares the user reference data processed from the wireless device using the user authentication, wherein user authentication is based on the comparison, and user access to an account, network data, or physical secure location is determined by the processor to verify the user identifier, and other systems. An access request processing system, wherein a criterion (such as reserve availability, network payment, or physical payment) is allowed when confirming that the access request should be approved. a. A stylus for capturing user fingerprint data, the stylus including a fingerprint sensor; b. The wireless device carried by the user, the wireless device having a memory, the memory including user data, the user data comprising a user data record number, and the user data embedded in a barcode; And c. A processing system for capturing said user data record number from said wireless device by a barcode reader, said processing system accessing user reference data by use of said user record number, said user data record being user biometric data; Reference data comprising user metering data or user signature data, wherein the processing system compares the user reference data processed from the wireless device with captured fingerprint data processed from the stylus, wherein user authentication is performed by the user. Based on the comparison, user access to an account, network data or physical data is determined by the processor verifying the user identifier, and other system criteria (such as reserve availability, network payment or physical payment). When confirming that the bus request should be approved by the access request processing system, characterized in that allowed for. a. A stylus for capturing user fingerprint data, the stylus including a fingerprint sensor; b. The wireless device carried by the user, the wireless device having a memory, the memory including user reference data (including user biometric data, user metering data or user signature data); c. A processing system for capturing the user data record number from the wireless device by a barcode reader, the processing system comparing the user reference data processed from the wireless device using captured fingerprint data processed from the stylus; , User authentication is based on the comparison, and user access to an account, network data or physical secure location is determined by the processor to verify the user identifier and other system criteria (such as reserve availability, network payment or physical payment) Wherein the access request processing system is allowed when confirming that the access request should be granted. delete delete

Images