WO1998001820A1 - Identification storage medium and system and method for providing access to authorised users - Google Patents

Identification storage medium and system and method for providing access to authorised users Download PDF

Info

Publication number
WO1998001820A1
WO1998001820A1 PCT/AU1997/000426 AU9700426W WO9801820A1 WO 1998001820 A1 WO1998001820 A1 WO 1998001820A1 AU 9700426 W AU9700426 W AU 9700426W WO 9801820 A1 WO9801820 A1 WO 9801820A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
user
card
biometric data
access
Prior art date
Application number
PCT/AU1997/000426
Other languages
French (fr)
Inventor
Hector Daniel Elbaum
Original Assignee
Dynamic Data Systems Pty. Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dynamic Data Systems Pty. Ltd. filed Critical Dynamic Data Systems Pty. Ltd.
Priority to AU32489/97A priority Critical patent/AU3248997A/en
Publication of WO1998001820A1 publication Critical patent/WO1998001820A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/50Maintenance of biometric data or enrolment thereof
    • G06V40/55Performing matching on a personal external card, e.g. to avoid submitting reference information

Definitions

  • This invention relates to an identification storage medium and to a system and method for providing access to authorised users .
  • EFTPOS Electronic Funds Transfer Point
  • EFTPOS terminals have operated for many years whereby a card is swiped through the device so a card reader can read data on the card to obtain account details.
  • a card is swiped through the device so a card reader can read data on the card to obtain account details.
  • an account type and a personal identification number are entered by the user and the information is transmitted to a facility, usually a bank or other finance establishment, for electronic authorisation.
  • the information is processed through a pin pad which encrypts the personal identification number details for data security.
  • the data is sent via a modem through specialised phone lines to a transactions switching network, where it is switched through the correct banks, host computers to obtain bank authorisation.
  • a financial transaction is allowed to proceed whereby a user may purchase goods or obtain cash.
  • Cards including encrypted data are also used for providing access to secure premises or secure areas as well as for conducting financial transactions.
  • a user may swipe the card through a card reader and enter a pin number which, if a match is obtained with information read from the card, grants access to the secure area.
  • the object of this invention is to provide a storage medium and system and method for providing access which are cost effective and which also provide the required security.
  • the reference to the provision of access in this specification should be understood to mean access to a financial transaction by way of transfer of funds to purchase goods or receipt of cash, personal identification such as date of birth, licence details etc, or physical access to secured premises or areas.
  • the invention may be said to reside in an identification storage medium, including: a support member; and circuit means supported by the support member for storing biometric data relating to an authorised user of the medium.
  • the biometric data is a fingerprint template of the user.
  • the biometric data may comprise other biological information such as DNA information and/or iris information or the like which may be stored and compared.
  • the storage medium comprises a plastic card similar in size and shape to a credit card.
  • the circuit means comprises an integrated circuit chip supported by the body of the credit card.
  • the invention may also be said to reside in an identification system for providing access to an authorised user, including: a storage medium having a support member, and circuit means supported by the support member for storing biometric data relating to the authorised user; a sensor for access by a user to provide biometric data to the system; and processing means for comparing the biometric data stored in the circuit means with that detected by the sensor and for providing an access signal in the case of a match to thereby grant access to the authorised user.
  • the invention may also be said to reside in an identification method for providing access to an authorised user, including: storing biometric data relating to an authorised user on a storage medium; comparing the biometric data stored on the storage medium with biometric data provided by a user; and granting access to the authorised user in the case of a match between the data stored on the storage medium and that provided by the user.
  • the storage medium comprises a financial transaction identification card and the card may include additional data relating to account details.
  • the additional data may be included in the circuit means which contains the biometric data or may be included on a magnetic strip or the like separate from the circuit means which contains the biometric data.
  • the ability of a particular transaction to be finalised may depend on other parameters and not merely the authenticity of the user, including sufficient funds in a user's bank account to complete a transaction or general credit rating details in respect of the user.
  • the senor for access by the user to provide biometric data may be coupled by a hard wire system to a transaction switching network such as specialised phone lines such as those associated with the EFTPOS system.
  • a transaction switching network such as specialised phone lines such as those associated with the EFTPOS system.
  • a wireless transmission system may be utilised and the sensor may be provided on a mobile transaction device such as that disclosed in our copending international patent application no. PCT/AU94/00247, the contents of which are incorporated into this specification by this reference.
  • the device in our aforementioned international application may be modified to include a sensor for detecting a user's fingerprint and that data may be transmitted over a wireless transmission system with the information on the storage medium for comparison, may be compared in the device or may be compared in the card, and an access signal generated for transmission over the wireless transmission system to a host computer so that the financial transaction may continue or the data in the storage medium and that provided by the user may be transmitted to the host computer or the matching process could resident in the reading device for comparison in the host computer so that the host computer can generate the access signal to continue the transaction in the event of a match.
  • the support member includes a plurality of separate storage locations for storing data parcels, each data parcel being accessible separately upon receipt of an authorisation code so that only data contained in one or more data parcel, which relates to the authorisation code, is accessible.
  • This embodiment of the invention enables data parcels which relate to the individual who owns the card to be stored on the card such as vehicle licence details, credit card details, EFTPOS banking details, medical data, passport data and the like and to be accessible only when an appropriate authorisation code is presented to the card.
  • a card reader with which the card is used will present an authorisation code which will gain access only to the storage location containing the passport data so that only passport data can be read from the card and no other data contained in the card can be read.
  • other readers would be able to present authorisation codes which will gain access to other data parcels so that only data in that or those packages can be read by that reader.
  • a single card can be used which contains a number of data parcels to allow a user to use a single card for credit card/EFTPOS transactions, as a driver's licence, passport or the like.
  • the plurality of separate storage locations are included in the circuit means.
  • each storage location is accessible by corresponding separate control programs stored in the circuit means so that when the storage medium is used with a reader, the reader supplies the authorisation code to the circuit means to cause one or more of the programs corresponding to that authorisation code to access data in the data parcel stored in the storage location or locations which said one or more programs is able to access.
  • the circuit means is in the form of a chip and the chip architecture is designed in such a way as to ensure that each program has access only to the memory location corresponding to that program where data relating to that program is to be held.
  • This compartmentalising of the memory is to be controlled by the circuit means architecture and should ensure that it is impossible for the software to get around this feature so that one program can access memory in a storage location which does not correspond to that program.
  • Preferably communication between the storage medium and a reader is by a secure channel is created by a public key cryptograph system such as RSA.
  • a public key cryptograph system such as RSA.
  • This system ensures secure communication between the card and the reader by the exchange of public keys from a randomly generated key set occurring between the storage medium and the reader for each and every communications session.
  • the public keys are used to encrypt all subsequent communicated data between the card and the reader.
  • the reader which receives the encrypted communication data must use the private key of its key set to gain access to the data. In this fashion, a secure communications layer is established between the storage medium and the reader rendering all transmitted data unintelligible to a third party observer.
  • the reader must present the identification medium with a digital certificate as proof of its entitlement to communicate with the storage medium. This should occur before transfer of any data commences.
  • a message authentication code may also be used to validate the data throughout the duration of the communications session between the storage medium and the reader.
  • the digital certificate may be included in the authentication code which activates the program for accessing data in the data parcels or may be a separate code to the authorisation code which activates the programs for accessing data.
  • a further aspect of the invention may be said to reside in an identification storage medium for storing data relating to a user, including: a support member; circuit means supported by the support member; a plurality of separate data parcel storage locations in the circuit means for storing separate data parcels; the circuit means also being for containing a plurality of access programs corresponding to the plurality of separate storage locations each for accessing data only in one of the storage locations corresponding to one of the programs ; and wherein, in use, when an authorisation code is received by the storage medium, one or more of the programs relating to that authorisation code is/are activated to cause the program to access data in one or more of the data parcels stored in the corresponding storage location or locations.
  • the circuit means is also for storing biometric data relating to the user of the medium.
  • This aspect of the invention may also be said to reside in an identification system for providing access to an authorised user, including: a storage medium having a support member circuit means supported by the support member, a plurality of separate data parcel storage locations in the circuit means for storing separate data parcels, the circuit means also being for containing a plurality of access programs corresponding to the plurality of separate storage locations each for accessing data only in one of the storage locations corresponding to one of the programs and wherein, in use, when an authorisation code is received by the storage medium, one or more of the programs relating to that authorisation code is/are activated to cause the program to access data in one or more of the data parcels stored in the corresponding storage location or locations; and a reader for receiving the storage medium and supplying an authentication code to the card, the authentication code including a certificate which establishes the entitlement of the reader to communicate with the storage medium and an authorisation code for activating one or more of the programs.
  • the circuit means also stores biometric data relating to an authorised user of the storage medium and the reader includes an input means for receiving biometric data from the user and for comparing the biometric data stored on the storage medium with the biometric data provided by the user to establish the entitlement of the user to use the storage medium.
  • the invention may also be said to reside in an identification method for providing access to an authorised user, including storing data relating to the user in the form of a plurality of separate data parcels: supplying an authorisation code to the storage locates so that the authorisation code causes only data in those storage locations which correspond to the authorisation code to be accessed.
  • the method also includes the step of storing biometric data relating to the authorised user of the storage medium and comparing the biometric data stored on the storage medium with biometric data provided by a user to establish the user's entitlement to use the storage medium.
  • the invention in a further aspect may be said to reside in a mobile funds transaction device for transferring funds between one facility and another facility, including: an input unit having: a card reader for reading data in or on a requester's card; an input pad for the input of data relating to a transaction; and an output report device for providing details of the transaction; coupling means for electronically coupling the input unit to a wireless communication device; a sensor for receiving biometric data from a user and producing an output signal indicative of the biometric data; and wherein the input device, in use, provides an information signal including data relating to the transaction and data relating to the operator of the transaction device so that the coupling means can transfer the information signal to the wireless communication device so that the wireless communication device can, in turn, transmit the signal to a central facility to cause funds to be transferred from said one facility relating to the requester to said another facility relating to the operator, and wherein the funds transaction device is mobile and portable and therefore can be moved from one location to another in view of the coupling means which couples the input unit to the wireless communication device
  • the device includes a processor means for comparing the biometric data provided by the user with biometric data stored in the card and for providing a signal upon match to enable the transaction to proceed.
  • the biometric data stored in the card and that output signal indicative of the biometric data produced by the sensor may be transmitted to the central facility for comparison and production of an access signal.
  • the processor also controls the card reader, the input pad, the output report device and the coupling means.
  • the invention in a further aspect may also be said to reside in a funds transaction device for transferring funds between one card and another, including: first input means for receiving a first card; second input means for receiving a second card; a sensor for receiving biometric data from at least one user and producing an output signal indicative of the biometric data; and processing means for comparing the biometric data received by the sensor with biometric data included in at least one of the cards and for transferring funds from one of the cards to the other of the cards .
  • Figure 1 is a view of a card embodying the invention
  • Figure 2 is a view of a device used in the preferred embodiment
  • FIG. 3 is a diagram of a system according to the invention.
  • Figure 4 is a diagram of a second embodiment of the invention.
  • the card 10 may be any type of credit or identification card such as a stored value card, smart card, access card, id card, relationship card, medical card, merchant card, loyalty card, proprietary card or transport card etc .
  • the integrated circuit 12 forms a smart card chip which may include usual data relating to point of sale functions such as bank account details and the like. However, according to the preferred embodiment of the invention the chip which forms the integrated circuit 12 also include a digitised fingerprint of the authorised user so as to give it a high degree of portability and also enhanced security features.
  • the card 10 is intended to be used with a point of sale or access device 20 shown in figure 2. However, the card 10 could also be used with a device for card to card transfer of funds so that a credit balance in one person's card is transferred to another person's card without going through a banking facility or host computer.
  • the device 20 includes a card reader 22 which may be slot into which the card 10 is inserted for reading data in the integrated circuit 12.
  • the device 20 also has a key pad 24, a display 26, a printer 28 and a biometric scanner 30.
  • the user's fingerprint is digitally recorded in the integrated circuit 12 on the card 10 and is read from the integrated circuit 12 by the card reader 22.
  • the user places his or her finger on the bio-recognition scanner 30 so that a digital template of the user's finger can be obtained and that template is compared with that stored in integrated circuit 12 on the card 10 by a processor 32. If a match is determined an access signal is produced by the processor 32. Alternatively, the comparison may take place in the circuit 12 on the card 10 rather than in the device 20 and if a match is established, data on the card can then be accessed or transferred.
  • the bio-recognition scanner 30 may also include additional security features to ensure that it is actually the authorised user ' s thumbprint which is being placed on the scanner and not some representation. This is done by looking at blood flow characteristics and determining changes in colour intensity when a person's finger is placed on the scanner to ensure that the actual finger is on the scanner and not a representation of the authorised user's finger.
  • the device 20 transmits an access signal A to a host computer 50 associated with a bank or other facility so that a transaction can proceed.
  • the keypad 24 may be accessed by the user or a vendor to insert details relating to a transaction such as the price of a product or amount of cash required and that data together with the access signal is transmitted to the host computer 50 for further processing so that the transaction can be authorised by the host computer 50 and an appropriate authorisation signal be transmitted back to the device 20 so that a receipt can be produced by the printer 28 or so that cash can be dispensed from a dispenser (not shown) .
  • the transmission of the signals A and B in figure 3 may be by hard wire over the conventional EFTPOS telephone system or may be a wireless transmission over the mobile telephone cellular network or via radio packet modem or the like.
  • the device 20 may be a mobile transaction device similar to that disclosed in our abovementioned international application which provides wireless transmission of data and therefore is portable and can be used in the field without the need to be hard wired.
  • the addition to the device of our international application is the bio- recognition scanner 30 which provides the digitised fingerprint of the user's finger for matching with the data concerning the finger template in the integrated circuit 12 of the card 10.
  • the bio-recognition scanner 30 may be separate from the device 20 and electronically linked to the device.
  • the device 20 therefore is for use with the card 20 which may be a smart card and includes the pin pad 24, a modem 41 which is coupled to the processor 32, a communication interface device 43 connected to the modem 41 with the processor 32 controlling the operation of the pin pad 24, the display 26, the printer 28 and the scanner 30 and also controlling operation of the wireless communication device 51, the modem 43 and the interface 41 to produce the wireless transmission of data to the host computer 50.
  • the wireless communication device 51 may be a connection for connecting to a mobile telephone (not shown) so the mobile telephone network can be used for the transmission of data to the host computer 50 or the modem device 41, communication interface 43 and connection 51 may be replaced by a radio packet modem or the like (not shown) for wireless communication.
  • the authorisation could also include a personal identification number which the user must key into the keypad 24 so that conventional personal identification number authorisation may be obtained in the event that the card is used with a point of sale device or automatic teller which does not have fingerprint scan facilities.
  • old machines are replaced with new machines which include facilities that comparison of the stored finger scan image and the image read by the terminal from the user's fingerprint the need to use a personal identification number can be eliminated.
  • the card according to the preferred embodiment of this invention can be regarded as an electronic wallet in which you would have cash (the stored cash value in the integrated circuit 12) and various credit, debit and charge account details also stored in the integrated circuit 12 along with the fingerprint template. Normally when purchasing something the user can choose a method of payment by either the cash stored value or the credit/debit or charge facilities.
  • Figure 4 shows a further embodiment of the invention.
  • the card 10 carries an integrated circuit 12 as per the previous embodiment .
  • the integrated circuit 12 may include biometric data relating to the user of the card as previously described with reference to Figures 1 to 3 and which is accessed and compared in the same way as in the embodiment of Figures 1 to 3.
  • the integrated circuit 12 includes a plurality of separate storage locations Dl to Dn for storing separate data parcels which contain data relating to the user.
  • Each of the separate data parcels may include data relating to: credit card information; EFTPOS banking information; vehicle licence information; passport information, medical data; social welfare or security data.
  • a card reader 70 is intended to read data from only one or some of the data parcels mentioned above. For example, if the card reader 70 is located at an airport for processing passport applications, the reader 70 would only access the data parcel relating to the passport information. If the reader is in a hospital or the like, the reader may access only the medical data. If a credit card transaction is taking place, the reader 70 would access only the data relating to the relevant credit provider which is being used by the user or if an EFTPOS transaction is taking place, only the EFTPOS data.
  • a single reader 70 may be desirable for a single reader 70 to access several of the data packages.
  • police or security organisations may access all of the data on the card from a single reader 70 and other organisations or bodies may require data from several of the data parcels and therefore the reader 70 may access several of the data parcels.
  • the integrated circuit 12 is shown schematically on the left hand side of Figure 4 and includes interface or front end 25 and the plurality of separate storage locations Dl to Dn for storing the data parcels.
  • Each of the storage locations Dl to Dn has a corresponding program Pl to Pn stored in the integrated circuit 12 which can access only the corresponding storage location.
  • program Pl accesses only storage location Dl
  • program Pn accesses only storage location Dn.
  • n independent secure parcels of information are contained with the integrated circuit 12 at any one time.
  • the different parcels of data included in the storage locations Dl to Dn require different access codes to be presented and validated before encrypted data parcels are supplied from the storage locates Dl to Dn to the card reader 70.
  • Each storage location Dl to Dn not only requires a different access code but may also involve an entirely different encryption key for the securing of the data in that location and also possibly a different encryption algorithm could be used in the application of that key.
  • the different access codes may be interpreted from the biometric data stored in the circuit 12.
  • Each data parcel in the storage locations Dl to Dn is therefore only accessible through an independent program Pl to Pn which resides in the circuit 12.
  • Each program Pl to Pn has access only to its own storage location Dl to Dn and is unable to retrieve information from any other storage location.
  • the architecture of the circuit 12 is designed in such as way to ensure that each program Pl to Pn has access only to its own memory location Dl to Dn where its own data parcel is to be held. This compartmentalising of the memory is controlled by the architecture of the circuit 12 so that it cannot be got around to ensure the security and integrity of the different data parcels.
  • a program could access the contents of a data parcel not intended for use by it, it would not be possible for that program to use the information in any way due to the nature of its separate encryption.
  • a secure communication channel 90 shown schematically in Figure 4.
  • the card 10 is located in a slot 74 and the user locates his or her thumb on scanner 72 so that the biometric data received by the scanner 72 can be compared with the data stored on the card 10 to establish the user's authenticity.
  • the comparison most preferably takes place within the circuit 12 on the card 10 by the reader 70 transmitting data from the scanner 72 to the circuit 12. However, in other embodiments, the comparison could take place in the reader 70.
  • the indication over the channel 90 is preferably under a public key cryptograph system with the exchange of public keys from a randomly generated key set occurring between the card 10 and the reader 70 for each and every communication session.
  • the architecture of the chip 12 prevents lucid examination of the contents of the memory locations Dl to Dn, program execution and encryption function. Any evasive attack upon the security of the card preferably causes the erasure of all sensitive information.
  • the secure channel 90 is established by the card 10 generating random key-sets each having a private key which is basically a code retained within the card 12 and a public key which is corresponding to that private key an which is passed with data to the reader 70.
  • the reader 70 also sends data back with the public key and uses its own private key to decrypt the data supplied with the public key supplied by the card 10.
  • data supplied back from the reader 70 with its public key is decrypted by the private key in the card 10.
  • the reader 70 Before any data is transmitted from the card 12 to the reader 70, the reader 70 must present a digital certificate which is a code which proves the authenticity of the reader 70 to the card before any data is transmitted.
  • the digital certificate may include or comprise the authorisation code which activates one of the programs Pl to Pn to access the data parcel contained in the storage locations Dl to Dn or once the digital certificate is received and verified by the card 12, the authorisation code may be a separate code which is then supplied by the reader 70 for accessing one or more of the data parcels in the storage locations Dl to Dn.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Multimedia (AREA)
  • Collating Specific Patterns (AREA)

Abstract

An identification storage medium such as a card (10) is disclosed. The card (10) contains data relating to a user such as credit card information, EFTPOS information, licence information or the like. The card (10) includes and integrated circuit (12) which contains biometric data relating to the user and which can be read from the card by a reader (20, 70). The reader also includes a scanner for scanning the biometric data such as a thumbprint of the user so that the scan data can be compared with the data read from the card to establish the user's authenticity. The comparison can take place in the circuit (12) or in the reader. The integrate circuit (12) preferably also includes a plurality of separate data storage locations D1 to Dn for storing separate data parcels and includes separate programs P1 to Pn each for accessing one of the storage locations D1 to Dn. Upon receipt of an appropriate authorisation code, one or more of the programs P1 to Pn is activated to access only data in the corresponding storage location D1 to Dn so that only that data is read from the card.

Description

IDENTIFICATION STORAGE MEDIUM AND SYSTEM AND METHOD FOR PROVIDING ACCESS TO AUTHORISED USERS
This invention relates to an identification storage medium and to a system and method for providing access to authorised users .
EFTPOS (Electronic Funds Transfer Point) terminals have operated for many years whereby a card is swiped through the device so a card reader can read data on the card to obtain account details. Usually an account type and a personal identification number are entered by the user and the information is transmitted to a facility, usually a bank or other finance establishment, for electronic authorisation. The information is processed through a pin pad which encrypts the personal identification number details for data security. The data is sent via a modem through specialised phone lines to a transactions switching network, where it is switched through the correct banks, host computers to obtain bank authorisation. Once authorisation is provided a financial transaction is allowed to proceed whereby a user may purchase goods or obtain cash.
Cards including encrypted data are also used for providing access to secure premises or secure areas as well as for conducting financial transactions. In order to provide access to a secured area a user may swipe the card through a card reader and enter a pin number which, if a match is obtained with information read from the card, grants access to the secure area.
As the worldwide use of financial transaction cards such as credit/debit cards has increased the incidence of card fraud has also increased. This fraud results in a multi- million dollar loss to both the banks and the credit companies, which in turn is passed on to users in the form of charges. To combat this fraud, card manufacturers have utilised a number of different methods to assure security, including tamper-proof signature strips, holograms, personal identification numbers (as discussed above) and photo identification. Unfortunately, all of these methods have only managed to provide a brief respite and have had no significant effect on the operations of the organised counterfeiting rings.
The object of this invention is to provide a storage medium and system and method for providing access which are cost effective and which also provide the required security.
The reference to the provision of access in this specification should be understood to mean access to a financial transaction by way of transfer of funds to purchase goods or receipt of cash, personal identification such as date of birth, licence details etc, or physical access to secured premises or areas.
The invention may be said to reside in an identification storage medium, including: a support member; and circuit means supported by the support member for storing biometric data relating to an authorised user of the medium.
Preferably the biometric data is a fingerprint template of the user. However, in other embodiments the biometric data may comprise other biological information such as DNA information and/or iris information or the like which may be stored and compared. Preferably the storage medium comprises a plastic card similar in size and shape to a credit card.
Preferably the circuit means comprises an integrated circuit chip supported by the body of the credit card.
The invention may also be said to reside in an identification system for providing access to an authorised user, including: a storage medium having a support member, and circuit means supported by the support member for storing biometric data relating to the authorised user; a sensor for access by a user to provide biometric data to the system; and processing means for comparing the biometric data stored in the circuit means with that detected by the sensor and for providing an access signal in the case of a match to thereby grant access to the authorised user.
The invention may also be said to reside in an identification method for providing access to an authorised user, including: storing biometric data relating to an authorised user on a storage medium; comparing the biometric data stored on the storage medium with biometric data provided by a user; and granting access to the authorised user in the case of a match between the data stored on the storage medium and that provided by the user.
In preferred embodiments of the invention the storage medium comprises a financial transaction identification card and the card may include additional data relating to account details. The additional data may be included in the circuit means which contains the biometric data or may be included on a magnetic strip or the like separate from the circuit means which contains the biometric data.
After access has been granted by comparison of the biometric data contained in the storage medium and provided by the user, the ability of a particular transaction to be finalised may depend on other parameters and not merely the authenticity of the user, including sufficient funds in a user's bank account to complete a transaction or general credit rating details in respect of the user.
In one preferred embodiment of the invention the sensor for access by the user to provide biometric data may be coupled by a hard wire system to a transaction switching network such as specialised phone lines such as those associated with the EFTPOS system. However, in other embodiments a wireless transmission system may be utilised and the sensor may be provided on a mobile transaction device such as that disclosed in our copending international patent application no. PCT/AU94/00247, the contents of which are incorporated into this specification by this reference. Thus, the device in our aforementioned international application may be modified to include a sensor for detecting a user's fingerprint and that data may be transmitted over a wireless transmission system with the information on the storage medium for comparison, may be compared in the device or may be compared in the card, and an access signal generated for transmission over the wireless transmission system to a host computer so that the financial transaction may continue or the data in the storage medium and that provided by the user may be transmitted to the host computer or the matching process could resident in the reading device for comparison in the host computer so that the host computer can generate the access signal to continue the transaction in the event of a match. Preferably the support member includes a plurality of separate storage locations for storing data parcels, each data parcel being accessible separately upon receipt of an authorisation code so that only data contained in one or more data parcel, which relates to the authorisation code, is accessible.
This embodiment of the invention enables data parcels which relate to the individual who owns the card to be stored on the card such as vehicle licence details, credit card details, EFTPOS banking details, medical data, passport data and the like and to be accessible only when an appropriate authorisation code is presented to the card. Thus, at an airport, where only passport data is required, a card reader with which the card is used will present an authorisation code which will gain access only to the storage location containing the passport data so that only passport data can be read from the card and no other data contained in the card can be read. Similarly, other readers would be able to present authorisation codes which will gain access to other data parcels so that only data in that or those packages can be read by that reader. Thus, a single card can be used which contains a number of data parcels to allow a user to use a single card for credit card/EFTPOS transactions, as a driver's licence, passport or the like.
Preferably the plurality of separate storage locations are included in the circuit means.
Preferably each storage location is accessible by corresponding separate control programs stored in the circuit means so that when the storage medium is used with a reader, the reader supplies the authorisation code to the circuit means to cause one or more of the programs corresponding to that authorisation code to access data in the data parcel stored in the storage location or locations which said one or more programs is able to access.
Preferably, the circuit means is in the form of a chip and the chip architecture is designed in such a way as to ensure that each program has access only to the memory location corresponding to that program where data relating to that program is to be held. This compartmentalising of the memory is to be controlled by the circuit means architecture and should ensure that it is impossible for the software to get around this feature so that one program can access memory in a storage location which does not correspond to that program.
Preferably communication between the storage medium and a reader is by a secure channel is created by a public key cryptograph system such as RSA. This system ensures secure communication between the card and the reader by the exchange of public keys from a randomly generated key set occurring between the storage medium and the reader for each and every communications session. The public keys are used to encrypt all subsequent communicated data between the card and the reader. The reader which receives the encrypted communication data must use the private key of its key set to gain access to the data. In this fashion, a secure communications layer is established between the storage medium and the reader rendering all transmitted data unintelligible to a third party observer.
Once the secured communication layer has been established, the reader must present the identification medium with a digital certificate as proof of its entitlement to communicate with the storage medium. This should occur before transfer of any data commences. In some embodiments, a message authentication code may also be used to validate the data throughout the duration of the communications session between the storage medium and the reader.
The digital certificate may be included in the authentication code which activates the program for accessing data in the data parcels or may be a separate code to the authorisation code which activates the programs for accessing data.
A further aspect of the invention may be said to reside in an identification storage medium for storing data relating to a user, including: a support member; circuit means supported by the support member; a plurality of separate data parcel storage locations in the circuit means for storing separate data parcels; the circuit means also being for containing a plurality of access programs corresponding to the plurality of separate storage locations each for accessing data only in one of the storage locations corresponding to one of the programs ; and wherein, in use, when an authorisation code is received by the storage medium, one or more of the programs relating to that authorisation code is/are activated to cause the program to access data in one or more of the data parcels stored in the corresponding storage location or locations.
Preferably the circuit means is also for storing biometric data relating to the user of the medium.
This aspect of the invention may also be said to reside in an identification system for providing access to an authorised user, including: a storage medium having a support member circuit means supported by the support member, a plurality of separate data parcel storage locations in the circuit means for storing separate data parcels, the circuit means also being for containing a plurality of access programs corresponding to the plurality of separate storage locations each for accessing data only in one of the storage locations corresponding to one of the programs and wherein, in use, when an authorisation code is received by the storage medium, one or more of the programs relating to that authorisation code is/are activated to cause the program to access data in one or more of the data parcels stored in the corresponding storage location or locations; and a reader for receiving the storage medium and supplying an authentication code to the card, the authentication code including a certificate which establishes the entitlement of the reader to communicate with the storage medium and an authorisation code for activating one or more of the programs.
Preferably the circuit means also stores biometric data relating to an authorised user of the storage medium and the reader includes an input means for receiving biometric data from the user and for comparing the biometric data stored on the storage medium with the biometric data provided by the user to establish the entitlement of the user to use the storage medium.
The invention may also be said to reside in an identification method for providing access to an authorised user, including storing data relating to the user in the form of a plurality of separate data parcels: supplying an authorisation code to the storage locates so that the authorisation code causes only data in those storage locations which correspond to the authorisation code to be accessed.
Preferably the method also includes the step of storing biometric data relating to the authorised user of the storage medium and comparing the biometric data stored on the storage medium with biometric data provided by a user to establish the user's entitlement to use the storage medium.
The invention in a further aspect may be said to reside in a mobile funds transaction device for transferring funds between one facility and another facility, including: an input unit having: a card reader for reading data in or on a requester's card; an input pad for the input of data relating to a transaction; and an output report device for providing details of the transaction; coupling means for electronically coupling the input unit to a wireless communication device; a sensor for receiving biometric data from a user and producing an output signal indicative of the biometric data; and wherein the input device, in use, provides an information signal including data relating to the transaction and data relating to the operator of the transaction device so that the coupling means can transfer the information signal to the wireless communication device so that the wireless communication device can, in turn, transmit the signal to a central facility to cause funds to be transferred from said one facility relating to the requester to said another facility relating to the operator, and wherein the funds transaction device is mobile and portable and therefore can be moved from one location to another in view of the coupling means which couples the input unit to the wireless communication device to thereby enable the funds transaction device to be used without the need to be hard wired into a transmission system.
Preferably the device includes a processor means for comparing the biometric data provided by the user with biometric data stored in the card and for providing a signal upon match to enable the transaction to proceed. In other embodiments the biometric data stored in the card and that output signal indicative of the biometric data produced by the sensor may be transmitted to the central facility for comparison and production of an access signal.
Preferably the processor also controls the card reader, the input pad, the output report device and the coupling means.
The invention in a further aspect may also be said to reside in a funds transaction device for transferring funds between one card and another, including: first input means for receiving a first card; second input means for receiving a second card; a sensor for receiving biometric data from at least one user and producing an output signal indicative of the biometric data; and processing means for comparing the biometric data received by the sensor with biometric data included in at least one of the cards and for transferring funds from one of the cards to the other of the cards .
A preferred embodiment of the invention will be described, by way of example, with reference to the accompanying drawings in which:
Figure 1 is a view of a card embodying the invention; Figure 2 is a view of a device used in the preferred embodiment; and
Figure 3 is a diagram of a system according to the invention; and
Figure 4 is a diagram of a second embodiment of the invention.
With reference to figure 1 a card 10 is shown which include an integrated circuit 12. The card 10 may be any type of credit or identification card such as a stored value card, smart card, access card, id card, relationship card, medical card, merchant card, loyalty card, proprietary card or transport card etc .
The integrated circuit 12 forms a smart card chip which may include usual data relating to point of sale functions such as bank account details and the like. However, according to the preferred embodiment of the invention the chip which forms the integrated circuit 12 also include a digitised fingerprint of the authorised user so as to give it a high degree of portability and also enhanced security features.
The card 10 is intended to be used with a point of sale or access device 20 shown in figure 2. However, the card 10 could also be used with a device for card to card transfer of funds so that a credit balance in one person's card is transferred to another person's card without going through a banking facility or host computer. The device 20 includes a card reader 22 which may be slot into which the card 10 is inserted for reading data in the integrated circuit 12. The device 20 also has a key pad 24, a display 26, a printer 28 and a biometric scanner 30. Thus, the user's fingerprint is digitally recorded in the integrated circuit 12 on the card 10 and is read from the integrated circuit 12 by the card reader 22. The user then places his or her finger on the bio-recognition scanner 30 so that a digital template of the user's finger can be obtained and that template is compared with that stored in integrated circuit 12 on the card 10 by a processor 32. If a match is determined an access signal is produced by the processor 32. Alternatively, the comparison may take place in the circuit 12 on the card 10 rather than in the device 20 and if a match is established, data on the card can then be accessed or transferred.
The bio-recognition scanner 30 may also include additional security features to ensure that it is actually the authorised user ' s thumbprint which is being placed on the scanner and not some representation. This is done by looking at blood flow characteristics and determining changes in colour intensity when a person's finger is placed on the scanner to ensure that the actual finger is on the scanner and not a representation of the authorised user's finger.
As shown in figure 3, the device 20 transmits an access signal A to a host computer 50 associated with a bank or other facility so that a transaction can proceed. The keypad 24 may be accessed by the user or a vendor to insert details relating to a transaction such as the price of a product or amount of cash required and that data together with the access signal is transmitted to the host computer 50 for further processing so that the transaction can be authorised by the host computer 50 and an appropriate authorisation signal be transmitted back to the device 20 so that a receipt can be produced by the printer 28 or so that cash can be dispensed from a dispenser (not shown) .
The transmission of the signals A and B in figure 3 may be by hard wire over the conventional EFTPOS telephone system or may be a wireless transmission over the mobile telephone cellular network or via radio packet modem or the like. The device 20 may be a mobile transaction device similar to that disclosed in our abovementioned international application which provides wireless transmission of data and therefore is portable and can be used in the field without the need to be hard wired. The addition to the device of our international application is the bio- recognition scanner 30 which provides the digitised fingerprint of the user's finger for matching with the data concerning the finger template in the integrated circuit 12 of the card 10. In other embodiments, the bio-recognition scanner 30 may be separate from the device 20 and electronically linked to the device.
The device 20 therefore is for use with the card 20 which may be a smart card and includes the pin pad 24, a modem 41 which is coupled to the processor 32, a communication interface device 43 connected to the modem 41 with the processor 32 controlling the operation of the pin pad 24, the display 26, the printer 28 and the scanner 30 and also controlling operation of the wireless communication device 51, the modem 43 and the interface 41 to produce the wireless transmission of data to the host computer 50. The wireless communication device 51 may be a connection for connecting to a mobile telephone (not shown) so the mobile telephone network can be used for the transmission of data to the host computer 50 or the modem device 41, communication interface 43 and connection 51 may be replaced by a radio packet modem or the like (not shown) for wireless communication. In the preferred embodiment of the invention the authorisation could also include a personal identification number which the user must key into the keypad 24 so that conventional personal identification number authorisation may be obtained in the event that the card is used with a point of sale device or automatic teller which does not have fingerprint scan facilities. As old machines are replaced with new machines which include facilities that comparison of the stored finger scan image and the image read by the terminal from the user's fingerprint the need to use a personal identification number can be eliminated.
Furthermore, a single card could be used instead of numerous cards since the integrated circuit 12 could be encrypted with not only the fingerprint template of the user but also bank account details for a number of financial institutions and also possibly with a credit amount for direct cash dealings from the card without access to the financial institution. Thus, the card according to the preferred embodiment of this invention can be regarded as an electronic wallet in which you would have cash (the stored cash value in the integrated circuit 12) and various credit, debit and charge account details also stored in the integrated circuit 12 along with the fingerprint template. Normally when purchasing something the user can choose a method of payment by either the cash stored value or the credit/debit or charge facilities.
Figure 4 shows a further embodiment of the invention.
In this embodiment of the invention the card 10 carries an integrated circuit 12 as per the previous embodiment . The integrated circuit 12 may include biometric data relating to the user of the card as previously described with reference to Figures 1 to 3 and which is accessed and compared in the same way as in the embodiment of Figures 1 to 3.
In this embodiment of the invention, the integrated circuit 12 includes a plurality of separate storage locations Dl to Dn for storing separate data parcels which contain data relating to the user. Each of the separate data parcels may include data relating to: credit card information; EFTPOS banking information; vehicle licence information; passport information, medical data; social welfare or security data.
The above mentioned kinds of data are listed merely by way of example and are not intended to be complete or exhaustive.
In this embodiment of the invention, a card reader 70 is intended to read data from only one or some of the data parcels mentioned above. For example, if the card reader 70 is located at an airport for processing passport applications, the reader 70 would only access the data parcel relating to the passport information. If the reader is in a hospital or the like, the reader may access only the medical data. If a credit card transaction is taking place, the reader 70 would access only the data relating to the relevant credit provider which is being used by the user or if an EFTPOS transaction is taking place, only the EFTPOS data.
In some embodiments, it may be desirable for a single reader 70 to access several of the data packages. For example, police or security organisations may access all of the data on the card from a single reader 70 and other organisations or bodies may require data from several of the data parcels and therefore the reader 70 may access several of the data parcels.
The integrated circuit 12 is shown schematically on the left hand side of Figure 4 and includes interface or front end 25 and the plurality of separate storage locations Dl to Dn for storing the data parcels. Each of the storage locations Dl to Dn has a corresponding program Pl to Pn stored in the integrated circuit 12 which can access only the corresponding storage location. For example, program Pl accesses only storage location Dl and program Pn accesses only storage location Dn. Thus, n independent secure parcels of information are contained with the integrated circuit 12 at any one time. The different parcels of data included in the storage locations Dl to Dn require different access codes to be presented and validated before encrypted data parcels are supplied from the storage locates Dl to Dn to the card reader 70. Each storage location Dl to Dn not only requires a different access code but may also involve an entirely different encryption key for the securing of the data in that location and also possibly a different encryption algorithm could be used in the application of that key.
The different access codes may be interpreted from the biometric data stored in the circuit 12.
Each data parcel in the storage locations Dl to Dn is therefore only accessible through an independent program Pl to Pn which resides in the circuit 12. Each program Pl to Pn has access only to its own storage location Dl to Dn and is unable to retrieve information from any other storage location. The architecture of the circuit 12 is designed in such as way to ensure that each program Pl to Pn has access only to its own memory location Dl to Dn where its own data parcel is to be held. This compartmentalising of the memory is controlled by the architecture of the circuit 12 so that it cannot be got around to ensure the security and integrity of the different data parcels. However, even if a program could access the contents of a data parcel not intended for use by it, it would not be possible for that program to use the information in any way due to the nature of its separate encryption.
Communication between the reader 70 and the card 10 is via a secure communication channel 90 shown schematically in Figure 4. When the card is used with the reader 70, the card 10 is located in a slot 74 and the user locates his or her thumb on scanner 72 so that the biometric data received by the scanner 72 can be compared with the data stored on the card 10 to establish the user's authenticity. The comparison most preferably takes place within the circuit 12 on the card 10 by the reader 70 transmitting data from the scanner 72 to the circuit 12. However, in other embodiments, the comparison could take place in the reader 70. The indication over the channel 90 is preferably under a public key cryptograph system with the exchange of public keys from a randomly generated key set occurring between the card 10 and the reader 70 for each and every communication session. These public keys will then be used to encrypt all subsequent communicated data between the card 10 and the reader 70 or its applications. The reader 70 which receives the encrypted communication must use the private key of its key-set to gain access to the data. In this fashion, a secure communication layer is established between the card 10 and the reader 74 rendering all transmitted data unintelligible to a third observer.
In the preferred embodiment of the invention, the architecture of the chip 12 prevents lucid examination of the contents of the memory locations Dl to Dn, program execution and encryption function. Any evasive attack upon the security of the card preferably causes the erasure of all sensitive information.
Thus, the secure channel 90 is established by the card 10 generating random key-sets each having a private key which is basically a code retained within the card 12 and a public key which is corresponding to that private key an which is passed with data to the reader 70. The reader 70 also sends data back with the public key and uses its own private key to decrypt the data supplied with the public key supplied by the card 10. Similarly, data supplied back from the reader 70 with its public key is decrypted by the private key in the card 10.
The above mentioned form of public key encryption is known and therefore will not be described in further detail hereinafter.
Before any data is transmitted from the card 12 to the reader 70, the reader 70 must present a digital certificate which is a code which proves the authenticity of the reader 70 to the card before any data is transmitted. The digital certificate may include or comprise the authorisation code which activates one of the programs Pl to Pn to access the data parcel contained in the storage locations Dl to Dn or once the digital certificate is received and verified by the card 12, the authorisation code may be a separate code which is then supplied by the reader 70 for accessing one or more of the data parcels in the storage locations Dl to Dn.
Since modifications within the spirit and scope of the invention may readily be effected by persons skilled within the art, it is to be understood that this invention is not limited to the particular embodiments described by way of example hereinabove .

Claims

THE CLAIMS DEFINING THE INVENTION ARE AS FOLLOWS:
1. An identification storage medium, including: a support member; and circuit means supported by the support member for storing biometric data relating to an authorised user of the medium.
2. The medium of claim 1, wherein the biometric data is a fingerprint template of the user.
3. The medium of claim 1, wherein the circuit means comprises an integrated circuit chip supported by the body of the credit card.
4. An identification system for providing access to an authorised user, including: a storage medium having a support member, and circuit means supported by the support member for storing biometric data relating to the authorised user; a sensor for access by a user to provide biometric data to the system; and processing means for comparing the biometric data stored in the circuit means with that detected by the sensor and for providing an access signal in the case of a match to thereby grant access to the authorised user.
5. An identification method for providing access to an authorised user, including: storing biometric data relating to an authorised user on a storage medium; comparing the biometric data stored on the storage medium with biometric data provided by a user; and granting access to the authorised user in the case of a match between the data stored on the storage medium and that provided by the user.
6. The medium of claim 1, wherein the support member includes a plurality of separate storage locations for storing data parcels, each data parcel being accessible separately upon receipt of an authorisation code so that only data contained in one or more data parcel, which relates to the authorisation code is accessible.
7. The medium of claim 6, wherein the plurality of separate storage locations are included in the circuit means .
8. The medium of claim 6, wherein each storage location is accessible by corresponding separate control programs stored in the circuit means so that when the storage medium is used with a reader, the reader supplies the authorisation code to the circuit means to cause one or more of the programs corresponding to that authorisation code to access data in the data parcel stored in the storage location or locations which said one or more programs is able to access.
9. The medium of claim 6, wherein the circuit means is in the form of a chip and the chip architecture is designed in such a way as to ensure that each program has access only to the memory location corresponding to that program where data relating to that program is to be held. This compartmentalising of the memory is to be controlled by the secure-microcontrollers hardware architecture and should ensure that it is impossible for the software to get around this feature so that one program can access memory in a storage location which does not correspond to that program.
10. An identification storage medium for storing data relating to a user, including: a support member; circuit means supported by the support member; a plurality of separate data parcel storage locations in the circuit means for storing separate data parcels; the circuit means also being for containing a plurality of access programs corresponding to the plurality of separate storage locations each for accessing data only in one of the storage locations corresponding to one of the programs; and wherein, in use, when an authorisation code is received by the storage medium, one or more of the programs relating to that authorisation code is/are activated to cause the program to access data in one or more of the data parcels stored in the corresponding storage location or locations.
11. The medium of claim 10, wherein the circuit means is also for storing biometric data relating to the user of the medium.
12. An identification system for providing access to an authorised user, including: a storage medium having a support member circuit means supported by the support member, a plurality of separate data parcel storage locations in the circuit means for storing separate data parcels, the circuit means also being for containing a plurality of access programs corresponding to the plurality of separate storage locations each for accessing data only in one of the storage locations corresponding to one of the programs and wherein, in use, when an authorisation code is received by the storage medium, one or more of the programs relating to that authorisation code is/are activated to cause the program to access data in one or more of the data parcels stored in the corresponding storage location or locations; and a reader for receiving the storage medium and supplying an authentication code to the card, the authentication code including a certificate which establishes the entitlement of the reader to communicate with the storage medium and an authorisation code for activating one or more of the programs.
13. The system of claim 12, wherein the circuit means also stores biometric data relating to an authorised user of the storage medium and the reader includes an input means for receiving biometric data from the user and for comparing the biometric data stored on the storage medium with the biometric data provided by the user to establish the entitlement of the user to use the storage medium.
14. An identification method for providing access to an authorised user, including storing data relating to the user in the form of a plurality of separate data parcels : supplying an authorisation code to the storage locates so that the authorisation code causes only data in those storage locations which correspond to the authorisation code to be accessed.
15. The method of claim 14, wherein the method also includes the step of storing biometric data relating to the authorised user of the storage medium and comparing the biometric data stored on the storage medium with biometric data provided by a user to establish the user's entitlement to use the storage medium.
16. A mobile funds transaction device for transferring funds between one facility and another facility, including: an input unit having: a card reader for reading data in or on a requester's card; an input pad for the input of data relating to a transaction; and an output report device for providing details of the transaction; coupling means for electronically coupling the input unit to a wireless communication device; a sensor for receiving biometric data from a user and producing an output signal indicative of the biometric data; and wherein the input device, in use, provides an information signal including data relating to the transaction and data relating to the operator of the transaction device so that the coupling means can transfer the information signal to the wireless communication device so that the wireless communication device can, in turn, transmit the signal to a central facility to cause funds to be transferred from said one facility relating to the requester to said another facility relating to the operator, and wherein the funds transaction device is mobile and portable and therefore can be moved from one location to another in view of the coupling means which couples the input unit to the wireless communication device to thereby enable the funds transaction device to be used without the need to be hard wired into a transmission system.
17. The device of claim 16, wherein the device includes a processor means for comparing the biometric data provided by the user with biometric data stored in the card and for providing a signal upon match to enable the transaction to proceed. In other embodiments the biometric data stored in the card and that output signal indicative of the biometric data produced by the sensor may be transmitted to the central facility for comparison and production of an access signal.
18. The device of claim 17, wherein the processor also controls the card reader, the input pad, the output report device and the coupling means.
19. A funds transaction device for transferring funds between one card and another, including: first input means for receiving a first card; second input means for receiving a second card; a sensor for receiving biometric data from at least one user and producing an output signal indicative of the biometric data; and processing means for comparing the biometric data received by the sensor with biometric data included in at least one of the cards and for transferring funds from one of the cards to the other of the cards .
PCT/AU1997/000426 1996-07-05 1997-07-03 Identification storage medium and system and method for providing access to authorised users WO1998001820A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU32489/97A AU3248997A (en) 1996-07-05 1997-07-03 Identification storage medium and system and method for providing access to authorised users

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUP00848 1996-07-05
AUPO0848A AUPO084896A0 (en) 1996-07-05 1996-07-05 Identification storage medium and system and method for providing access to authorised users

Publications (1)

Publication Number Publication Date
WO1998001820A1 true WO1998001820A1 (en) 1998-01-15

Family

ID=3795164

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU1997/000426 WO1998001820A1 (en) 1996-07-05 1997-07-03 Identification storage medium and system and method for providing access to authorised users

Country Status (2)

Country Link
AU (1) AUPO084896A0 (en)
WO (1) WO1998001820A1 (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999027500A1 (en) * 1997-11-19 1999-06-03 Orga Consult Gmbh Method and device for processing biometric data
WO1999048056A1 (en) * 1998-03-16 1999-09-23 Giesecke & Devrient Gmbh Method and device for verifying a biometric characteristic
FR2780797A1 (en) * 1998-07-03 2000-01-07 Gerard Bonnet Method of user authentication for banking, payment or access control
WO2000010459A2 (en) * 1998-08-25 2000-03-02 Schlueter Gert Device and method for preparing and preserving a personal cell bank, especially for genetic analyses involving dna analyses
EP1045346A2 (en) * 1999-03-18 2000-10-18 Omron Corporation Personal identification device and method
WO2001008055A1 (en) * 1999-07-23 2001-02-01 Grosvenor Leisure Incorporated Secure transaction and terminal therefor
WO2001011577A1 (en) * 1999-08-06 2001-02-15 Precise Biometrics Ab Checking of right to access
WO2001067399A1 (en) * 2000-03-10 2001-09-13 Gemplus Biometric identification method, portable electronic device and electronic device acquiring biometric data therefor
WO2001090962A1 (en) * 2000-04-20 2001-11-29 Grosvenor Leisure Incorporated Secure biometric identification
EP1207503A2 (en) * 2000-11-09 2002-05-22 Jinsam Kim System and method of authenticating a credit card using a fingerprint
EP1237091A1 (en) * 1999-12-10 2002-09-04 Fujitsu Limited Personal authentication system and portable electronic device having personal authentication function using body information
NL1017856C2 (en) * 2001-04-17 2002-10-18 Hendricus Hermanus Van Velden S4U (Safety for you).
EP1326217A2 (en) * 2001-08-16 2003-07-09 Systemneeds, Inc. Memory rental service system in intelligent authentication unit
EP1391075A1 (en) * 2001-05-25 2004-02-25 Gerald R. Black Security access system
US6719200B1 (en) 1999-08-06 2004-04-13 Precise Biometrics Ab Checking of right to access
EP1265121A3 (en) * 2001-06-07 2004-06-16 Systemneeds Inc. Fingerprint authentication unit and authentication system
WO2005078647A1 (en) * 2004-02-12 2005-08-25 Precise Biometrics Ab Portable data carrier, external arrangement, system and methods for wireless data transfer
AU2001255978B2 (en) * 2000-04-20 2006-04-06 Bioloop Pty Ltd Secure biometric identification
WO2007036648A1 (en) * 2005-09-30 2007-04-05 Ellen Investments Ltd Secure system for multiple management of data concerning people
US7278025B2 (en) 2002-09-10 2007-10-02 Ivi Smart Technologies, Inc. Secure biometric verification of identity
EP2131336A1 (en) * 2008-06-06 2009-12-09 Sony Corporation Information processing device, information processing method, program and communication system
US8918900B2 (en) 2004-04-26 2014-12-23 Ivi Holdings Ltd. Smart card for passport, electronic passport, and method, system, and apparatus for authenticating person holding smart card or electronic passport
US9141951B2 (en) 2009-07-02 2015-09-22 Biometric Payment Solutions Electronic transaction verification system with biometric authentication
US12131315B2 (en) 2023-09-06 2024-10-29 Biometric Payment Solutions, Llc Electronic transaction verification system with biometric authentication

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1983003694A1 (en) * 1982-04-05 1983-10-27 Benton, William, M. Funds transfer system using optically coupled, portable modules
DE3706466A1 (en) * 1987-02-27 1988-09-08 Siemens Ag Portable operating unit for smart cards
WO1989012287A1 (en) * 1988-05-31 1989-12-14 Tripeau Jean Pierre Method for enabling a portable object and pre-paying access control system for controlling the access to a private place by means of a portable object thus enabled
FR2634570A1 (en) * 1988-07-22 1990-01-26 Reitter Renaud Multi-biometric authentication system
WO1991006920A1 (en) * 1989-11-02 1991-05-16 Tms, Incorporated Non-minutiae automatic fingerprint identification system and methods
FR2694421A1 (en) * 1992-07-28 1994-02-04 Bertin & Cie Biological data acquisition and processing appts. e.g. blood pressure from patient - inputs data to microprocessor with alarm and message system and stores readings on smart card
US5294782A (en) * 1991-09-27 1994-03-15 Khyber Technologies Corporation Integrated portable device for point of sale transactions
US5408513A (en) * 1993-09-24 1995-04-18 Busch, Jr.; Charles Portable credit card terminal interface

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1983003694A1 (en) * 1982-04-05 1983-10-27 Benton, William, M. Funds transfer system using optically coupled, portable modules
DE3706466A1 (en) * 1987-02-27 1988-09-08 Siemens Ag Portable operating unit for smart cards
WO1989012287A1 (en) * 1988-05-31 1989-12-14 Tripeau Jean Pierre Method for enabling a portable object and pre-paying access control system for controlling the access to a private place by means of a portable object thus enabled
FR2634570A1 (en) * 1988-07-22 1990-01-26 Reitter Renaud Multi-biometric authentication system
WO1991006920A1 (en) * 1989-11-02 1991-05-16 Tms, Incorporated Non-minutiae automatic fingerprint identification system and methods
US5294782A (en) * 1991-09-27 1994-03-15 Khyber Technologies Corporation Integrated portable device for point of sale transactions
FR2694421A1 (en) * 1992-07-28 1994-02-04 Bertin & Cie Biological data acquisition and processing appts. e.g. blood pressure from patient - inputs data to microprocessor with alarm and message system and stores readings on smart card
US5408513A (en) * 1993-09-24 1995-04-18 Busch, Jr.; Charles Portable credit card terminal interface

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
FINANCIAL TECHNOLOGY INSIGHT, (August 1994), REES F., "Intags Smartcard Set to Incorporate Biometrics", page 5. *
THE STEPHEN COBB COMPLETE BOOK OF PC AND LAN SECURITY, 1992, STEPHEN COBB, pages 194-201. *

Cited By (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6345761B1 (en) 1997-11-19 2002-02-12 Orga Kartensysteme Gmbh Method and device for processing biometric data
WO1999027500A1 (en) * 1997-11-19 1999-06-03 Orga Consult Gmbh Method and device for processing biometric data
US6798334B1 (en) 1998-03-16 2004-09-28 Giesecke & Devrient Gmbh Method and device for verifying a biometric characteristic
WO1999048056A1 (en) * 1998-03-16 1999-09-23 Giesecke & Devrient Gmbh Method and device for verifying a biometric characteristic
FR2780797A1 (en) * 1998-07-03 2000-01-07 Gerard Bonnet Method of user authentication for banking, payment or access control
WO2000010459A3 (en) * 1998-08-25 2000-05-18 Gert Schlueter Device and method for preparing and preserving a personal cell bank, especially for genetic analyses involving dna analyses
WO2000010459A2 (en) * 1998-08-25 2000-03-02 Schlueter Gert Device and method for preparing and preserving a personal cell bank, especially for genetic analyses involving dna analyses
EP1045346A2 (en) * 1999-03-18 2000-10-18 Omron Corporation Personal identification device and method
EP1045346A3 (en) * 1999-03-18 2000-11-29 Omron Corporation Personal identification device and method
US6907134B1 (en) 1999-03-18 2005-06-14 Omron Corporation Personal identification device and method
WO2001008055A1 (en) * 1999-07-23 2001-02-01 Grosvenor Leisure Incorporated Secure transaction and terminal therefor
WO2001011577A1 (en) * 1999-08-06 2001-02-15 Precise Biometrics Ab Checking of right to access
AU755933B2 (en) * 1999-08-06 2003-01-02 Precise Biometrics Ab Checking of right to access
US6719200B1 (en) 1999-08-06 2004-04-13 Precise Biometrics Ab Checking of right to access
EP1959369A1 (en) 1999-12-10 2008-08-20 Fujitsu Limited User verification system, and portable electronic device with user verification function utilising biometric information
EP1237091A1 (en) * 1999-12-10 2002-09-04 Fujitsu Limited Personal authentication system and portable electronic device having personal authentication function using body information
EP1237091A4 (en) * 1999-12-10 2006-08-23 Fujitsu Ltd Personal authentication system and portable electronic device having personal authentication function using body information
FR2806187A1 (en) * 2000-03-10 2001-09-14 Gemplus Card Int Biometric identification method has an additional step for authenticating the origin of a biometric signature to ensure that it was correctly acquired rather than fraudulently introduced
WO2001067399A1 (en) * 2000-03-10 2001-09-13 Gemplus Biometric identification method, portable electronic device and electronic device acquiring biometric data therefor
US7289959B2 (en) 2000-03-10 2007-10-30 Gemplus Biometric identification method, portable electronic device and electronic device acquiring biometric data therefor
WO2001090962A1 (en) * 2000-04-20 2001-11-29 Grosvenor Leisure Incorporated Secure biometric identification
AU2001255978B2 (en) * 2000-04-20 2006-04-06 Bioloop Pty Ltd Secure biometric identification
EP1207503A3 (en) * 2000-11-09 2002-11-27 Jinsam Kim System and method of authenticating a credit card using a fingerprint
EP1207503A2 (en) * 2000-11-09 2002-05-22 Jinsam Kim System and method of authenticating a credit card using a fingerprint
NL1017856C2 (en) * 2001-04-17 2002-10-18 Hendricus Hermanus Van Velden S4U (Safety for you).
WO2002084602A1 (en) * 2001-04-17 2002-10-24 Van Der Velden Hendrikus Herma Method and system for identifying a person by using biometric characteristics
EP1391075A1 (en) * 2001-05-25 2004-02-25 Gerald R. Black Security access system
EP1391075A4 (en) * 2001-05-25 2006-05-31 Gerald R Black Security access system
EP1265121A3 (en) * 2001-06-07 2004-06-16 Systemneeds Inc. Fingerprint authentication unit and authentication system
US7174321B2 (en) 2001-08-16 2007-02-06 Systemneeds Inc. Memory rental service system in intelligent authentication unit
EP1326217A3 (en) * 2001-08-16 2004-03-03 Systemneeds, Inc. Memory rental service system in intelligent authentication unit
EP1326217A2 (en) * 2001-08-16 2003-07-09 Systemneeds, Inc. Memory rental service system in intelligent authentication unit
US6938020B2 (en) 2001-08-16 2005-08-30 Systemneeds Inc. Memory rental service system in intelligent authentication unit
US8904187B2 (en) 2002-09-10 2014-12-02 Ivi Holdings Ltd. Secure biometric verification of identity
US7278025B2 (en) 2002-09-10 2007-10-02 Ivi Smart Technologies, Inc. Secure biometric verification of identity
US7961913B2 (en) 2004-02-12 2011-06-14 Precise Biometrics Ab Portable data carrier, external arrangement, system and methods for wireless data transfer
WO2005078647A1 (en) * 2004-02-12 2005-08-25 Precise Biometrics Ab Portable data carrier, external arrangement, system and methods for wireless data transfer
US8918900B2 (en) 2004-04-26 2014-12-23 Ivi Holdings Ltd. Smart card for passport, electronic passport, and method, system, and apparatus for authenticating person holding smart card or electronic passport
FR2891640A1 (en) * 2005-09-30 2007-04-06 Franklin Devaux Data e.g. bank data, management system for e.g. shopping center, has smart card including side made of polycarbonate permitting to print, erase and update data written on side based on application currently used by owner/administrator
WO2007036648A1 (en) * 2005-09-30 2007-04-05 Ellen Investments Ltd Secure system for multiple management of data concerning people
EP2131336A1 (en) * 2008-06-06 2009-12-09 Sony Corporation Information processing device, information processing method, program and communication system
US9141951B2 (en) 2009-07-02 2015-09-22 Biometric Payment Solutions Electronic transaction verification system with biometric authentication
US9846875B2 (en) 2009-07-02 2017-12-19 Biometric Payment Solutions Electronic transaction verification system with biometric authentication
US10304054B2 (en) 2009-07-02 2019-05-28 Biometric Payment Solutions Electronic transaction verification system with biometric authentication
US10664834B2 (en) 2009-07-02 2020-05-26 Biometric Payment Solutions Electronic transaction verification system with biometric authentication
US11138594B2 (en) 2009-07-02 2021-10-05 Biometric Payment Solutions, Llc Electronic transaction verification system with biometric authentication
US11783320B2 (en) 2009-07-02 2023-10-10 Biometric Payment Solutions, Llc Electronic transaction verification system with biometric authentication
US12131315B2 (en) 2023-09-06 2024-10-29 Biometric Payment Solutions, Llc Electronic transaction verification system with biometric authentication

Also Published As

Publication number Publication date
AUPO084896A0 (en) 1996-07-25

Similar Documents

Publication Publication Date Title
WO1998001820A1 (en) Identification storage medium and system and method for providing access to authorised users
US6011858A (en) Memory card having a biometric template stored thereon and system for using same
JP4833481B2 (en) Electronic credit card
US8103881B2 (en) System, method and apparatus for electronic ticketing
US5917913A (en) Portable electronic authorization devices and methods therefor
US5591949A (en) Automatic portable account controller for remotely arranging for payment of debt to a vendor
US5943423A (en) Smart token system for secure electronic transactions and identification
US7778935B2 (en) System for secure payment and authentication
US5623547A (en) Value transfer system
US6270011B1 (en) Remote credit card authentication system
US20080126260A1 (en) Point Of Sale Transaction Device With Magnetic Stripe Emulator And Biometric Authentication
US20070131759A1 (en) Smartcard and magnetic stripe emulator with biometric authentication
US5986565A (en) Individual recognition system
US20020095389A1 (en) Method, apparatus and system for identity authentication
US6978380B1 (en) System and method for secure authentication of a subscriber of network services
US20040188519A1 (en) Personal biometric authentication and authorization device
US20020158747A1 (en) Bio-metric smart card, bio-metric smart card reader and method of use
US20140114861A1 (en) Hand-held self-provisioned pin ped communicator
AU2007354267A1 (en) Point0f sale transaction device with magnetic stripe emulator and biometric authentication
US20060161789A1 (en) System, method and apparatus for enabling transactions using a user enabled programmable magnetic stripe
US7044368B1 (en) Multi-functional data card
JPH11328295A (en) System for executing financial transaction by using smart card
JP2003527714A (en) Electronic transaction system and method
CN102713920A (en) A personalized multifunctional access device possessing an individualized form of authenticating and controlling data exchange
AU2015384259A1 (en) Multi-function transaction card

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WPC Withdrawal of priority claims after completion of the technical preparations for international publication
NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 98504579

Format of ref document f/p: F

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: CA

122 Ep: pct application non-entry in european phase