WO2002088931A1 - Carte a microprocesseur biometrique, lecteur de carte a microprocesseur biometrique, et procede d'utilisation - Google Patents

Carte a microprocesseur biometrique, lecteur de carte a microprocesseur biometrique, et procede d'utilisation Download PDF

Info

Publication number
WO2002088931A1
WO2002088931A1 PCT/US2002/013262 US0213262W WO02088931A1 WO 2002088931 A1 WO2002088931 A1 WO 2002088931A1 US 0213262 W US0213262 W US 0213262W WO 02088931 A1 WO02088931 A1 WO 02088931A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
user
transaction
smart card
security key
Prior art date
Application number
PCT/US2002/013262
Other languages
English (en)
Inventor
Christopher M. Mcgregor
Travis M. Mcgregor
D. Scott Mcgregor
Original Assignee
Audlem, Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/843,572 external-priority patent/US6816058B2/en
Application filed by Audlem, Ltd. filed Critical Audlem, Ltd.
Publication of WO2002088931A1 publication Critical patent/WO2002088931A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/26Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically

Definitions

  • BIO-METRIC SMART CARD READER BIO-METRIC SMART CARD READER
  • the present invention relates generally to the field of credit card security, and more particularly to a bio-metric smart card, a bio-metric smart card reader and a method of use for the card and reader.
  • FIG. 1 there is illustrated an available system 100 for credit card processing.
  • a credit or debit card 110 there is permanently displayed on a front face surface 112 a multi- (typically sixteen) digit number representative of the card holder's debit or credit account. Also displayed on the surface 112 are the expiration date and card holder's name.
  • a magnetic strip (not shown) is typically found on the back surface of card 110 and contains at least the information displayed on the front surface 112.
  • a seller might use a magnetic strip reader 120 (such as available from Magtec, Inc.) by sliding the upper portion of card 110 through slot 122 to read the information stored within the magnetic strip.
  • a returned authorization number or denial message is displayed across display area 124.
  • the user might read aloud over a telephone connection or otherwise transmit the account number, name and expiration information to a seller, who requests a transaction authorization from a central transaction authority across network 125.
  • the present invention is a system for increasing transaction security across existing credit card processing infrastructure.
  • a user bio-metric sensor device is integrated into a credit or debit "smart card".
  • a display unit provides a key, preferably encrypted, upon successful utilization of the sensor device. Included in the key generation mechanism is an indicator of the transaction number or other sequential count indicative of card use.
  • An authorization service decrypts the key in a manner at least partially dependent upon a second sequential count maintained in sync with the first count to determine whether the use is authorized.
  • a separate reader may be similarly configured to read existing smart cards utilizing the process the present invention.
  • the present invention may be embodied in a device for preventing the unauthorized use of proprietary data
  • the apparatus comprising, a user authentication device configured to provide the user an authentication data input for proving the user is authorized to use the account number, a transaction counting mechanism configured to track authorized device access events, a processor device in electrical communication with the user authenticator and counter, the processor being programmed to generate a security key in response to authentication data received via the user authenticator, the security key being derived at least in part from the contents of the counter, and a display unit configured to display the security key on the apparatus.
  • the present invention is a smart card style apparatus including a PIN entry system providing the user ability to enter a PIN to authenticate the user, a transaction counter for tracking authorized device access events, a processor in electrical communication with the user authenticator and counter, wherein the processor is programmed to generate a security key in response to the PIN or other authentication data, and a display unit to display the security key on the face of the card.
  • the security key is derived at least in part from the contents of the counter and a clocking mechanism, hi another embodiment, the present invention is configured as a portable reader for reading and authorizing purchases using existing smart cards.
  • the present invention may also be configured as a peripheral device to a computer system.
  • the present invention is a smart card, comprising, an activation device configured to produce a signal in response to a user action, a display mechanism, a processing device coupled to the display device and configured to receive said signal, and programming executed by the processing device, said programming configured to produce an encrypted key and display the encrypted key on the display mechanism.
  • the present invention includes a system for securely processing transactions, the system comprising, a security key device, comprising, a user authenticator configured to provide a user an authentication data input for proving the user is authorized to use an account associated with the security device, a first counter in communication with the user authenticator, a key generator in communication with the user authenticator and first counter, the key generator bemg programmed to generate a security key in response to authentication data received via the user authenticator, the security key being derived at least in part from the content of the first counter, and an electronic display in electrical communication with the key generator, for displaying the security key in a manner visible upon the structure, and an authorization device, comprising, a second counter, and a key confirmation processor programmed to confirm an authenticity of the key in a manner at least partially dependent upon the contents of the second counter.
  • a security key device comprising, a user authenticator configured to provide a user an authentication data input for proving the user is authorized to use an account associated with the security device, a first counter in communication with the user authenticator,
  • a method of securely authorizing a transaction utilizing an account comprises confirming an authorized use of an account card via a PIN provided by a user, maintaining a first count indicative of a number of instances of such authorized uses, generating a security key in a manner at least partially dependent upon the count, transmitting the security key to an authorizing authority, processing the security key at the authorizing authority, maintaining a second count indicative of a number of transmissions received by the authorizing authority for the account, confirming that the security key was generated by an authorized user at least in part through use of the first count and the second count, and authorizing the transaction if the security key was generated by a valid user.
  • FIG. 1 is a block diagram illustrating an available credit card and transaction processing system
  • FIG. 2 is a diagram of one embodiment of the present invention.
  • FIG. 3 is a flow-chart illustrating the operation of the present system
  • FIG. 4 is a diagram of an alternate embodiment of the present invention
  • FIG. 5 is a diagram of an alternate embodiment of the present invention
  • FIG. 6 is diagram illustrating the use of the present invention for purchasing goods over the Internet
  • FIG. 7 is a diagram of another embodiment of the present invention using a button for activation of an encrypted key
  • FIG. 8 is a diagram of another embodiment of the present invention having a touchpad for entry of a user PIN;
  • FIG. 9 is a flow chart illustrating operation of a touchpad embodiment of the present invention.
  • FIG. 10 is a diagram of yet another embodiment of the present invention.
  • FIG. 11 is a flow chart illustrating an example process flow of implementing data transfer according to an embodiment of the present invention.
  • FIG. 12A is a block diagram illustrating an example data flow according to an embodiment of the present invention.
  • FIG. 12B is a block diagram illustrating an example data flow according to an embodiment of the present invention.
  • FIG. 12C is a block diagram illustrating an example data flow according to an embodiment of the present invention
  • FIG. 13 is a block diagram illustrating an example data flow and data validation according to an embodiment of the present invention
  • FIG. 14A is an example embodiment of the present invention having a surface of the smart card coated in digital ink.
  • FIG. 14B is another example embodiment of the present invention having a surface of the smart card coated in digital ink.
  • FIG. 2 One embodiment of the present invention is illustrated in FIG. 2.
  • a bio-metric smart card 210 is shown.
  • the bio-metric smart card 210 preferably has substantially the same shape and form factor as available plastic credit and debit cards such as card 110 in FIG.
  • card 210 might be thicker as needed to accommodate newly-introduced internal components.
  • a bio-metric reading apparatus such as fingerprint scanner 218 in electrical communication with a microprocessor 216.
  • a ROM 222 preferably an EEPROM, stores the fingerprint or other bio-metric data, the encryption keys, and a transaction counter.
  • a battery 214 is connected to provide power to microprocessor 216, preferably within card 210. In the alternative, the energy needed to run microprocessor 216 might be provided through movement of card 210 (as with an automatic watch) or contact of the card or reading apparatus by the user's finger.
  • the finger print scanner 218 is accessibly disposed upon surface 212 of card 210 and connected to microprocessor 216 to provide an input signal triggered by the user placing a thumb or finger upon the surface of scanner 218.
  • microprocessor 216 to provide an input signal triggered by the user placing a thumb or finger upon the surface of scanner 218.
  • a security key display 220 is configured to display dynamic numeric and/or textual data forwarded by microprocessor 216, and intended to accompany the account number for all transactions in the manner outlined below with reference to FIG. 3.
  • a user's bio-metric indicator here, a thumb or finger print
  • another user-derived input mechanism triggers in microprocessor 216 the generation of a dynamic security key code displayed in the security key display region 220.
  • the display region 220 preferably comprises an LED array, LCD, or other similar, low-cost display mechanism.
  • the displayed security key is then communicated or transmitted to the credit card authorization service either through a reader, or through a telephone or other remote connection (e.g., entry by the user in a web page interface for an online transaction).
  • the security key display region 220 is configured to display dynamic numeric and/or textual data forwarded by microprocessor 216.
  • step 302 the user places his or her thumb or finger upon fingerprint scanner 218.
  • step 302 might be replaced with any other form of bio-metric authentication that provides positive identification that an authorized user is, in fact, attempting to use the account number found on the card.
  • the results of scan step 302 are then compared (either by scanner 218 alone or in cooperation with microprocessor 216) at step 304 to a reference file representative of the user's actual print.
  • the reference file might be stored in scanner 218, in microprocessor 216, or in a separate memory unit (ROM 222). If no match is found, an error message or other message indicating an attempted use by other than the authorized user is forwarded at step 306 to display 220.
  • the displayed error code might indicate to the user that an error has been detected with an easily discemable message such as "ERR,” or might make such a message recognizable only to the seller, bank or authorization service to better provide an opportunity to recapture a stolen card or detain an unauthorized user (e.g., a non-authentic value that looks like an authentic encrypted key).
  • the microprocessor 216 increments an activation/ transaction counter at step 307 and generates therewith a numeric or alphanumeric security key.
  • the alphanumeric security key is then preferably encrypted at step 308 and forwarded at step 310 to display 220.
  • the operator of a card reader 230, or a remote seller communicating with the user then inputs or forwards at step 312 the displayed, encrypted security key along with the other information found on surface 212 and any other required information.
  • an authorization-side activation counter is then incremented at step 314, thereby remaining synchronized to the activation counter of the bio-metric smart card 210.
  • the key is then decrypted at steps 316 in a manner utilizing the incremented activation count to determine at step 318 whether the authorized user initiated the requested purchase authorization. If the activation counter is sufficiently aligned with the counter reading from the card (within an allowed “window" of transaction counter numbers to allow for transactions being processed slightly out of order) and other easily understood criteria are met (i.e., sufficient credit or funds available, no lost or stolen card alert reported), an authorization signal is returned across network 125 at step 320. If any of the new or available criteria are not met, a "transaction rejected" code or signal is returned at step 322.
  • the card reader 410 preferably has substantially the same shape and form factor as available plastic credit and debit cards such as card 110 in FIG. 1 , although it is generally thicker to accommodate the additional components.
  • the card reader 410 may be formed as a "wallet" such that a smart card can be inserted into the reader as shown in FIG. 4.
  • a bio-metric reading apparatus such as fingerprint scanner 418 in electrical communication with a microprocessor 416.
  • a ROM 422 preferably an EEPROM, stores the fingerprint or other bio-metric data, the encryption keys, and a transaction counter.
  • a battery may also be connected to provide power to microprocessor 416.
  • the energy needed to run microprocessor 416 might be provided through movement of card reader 410 (as with an automatic watch) or contact of the card or by a solar panel.
  • the card reader 410 further includes an alpha-numeric display, such as an LED or LCD display 420.
  • Finger print scanner 418 is accessibly disposed upon surface 412 of the card reader 410 and is connected to the microprocessor 416 to provide an input signal triggered by the user placing a thumb or finger upon the surface of the scanner 418.
  • the display 420 is configured to display dynamic numeric and/or textual data forwarded by microprocessor 416, and is intended to accompany the account number for all transactions in the manner outlined above with reference to FIG. 3.
  • the wallet may include an IR or wireless transmitter to automatically transmit the security code to a transaction network.
  • the present bio-metric reader (“wallet”) may be used with existing smart cards, which lack an incorporated microprocessor and/or display.
  • the present invention may be configured in an alternative embodiment as a traditional credit card reader 500 for attachment to a computer or point-of-sale (POS) device, such as an electronic cash register.
  • the card reader includes a microprocessor 510, a display 512, and a bio-metric sensor 514. It also further includes an electrical connection 516 for transferring the security code directly from the reader 500 to the POS device or computer.
  • POS point-of-sale
  • a user inserts a credit card or smart card into the reader. Once the user places an appropriate finger or thumb on the finger-print sensor 514, the security code is generated by the microprocessor 520 and is displayed on the card reader display 512 or electronically transferred to a network. This security code may then be used to authorize a transaction as described above.
  • a merchant server 602 forwards the security key transmitted by the reader 608 to an authorization server 604. If the authorization server 604 validates the transaction, the merchant server 602 then processes the purchase request.
  • the present invention provides a greater level of security to credit card transactions, by requiring a bio-metric input, and further by producing a unique security key code for each transaction.
  • the present invention may be incorporated into a new smart card design, including a bio-metric sensor and a display, or may be incorporated as a portable "wallet" that can also be used with standard credit cards.
  • each bio-metric smart card contains a unique cryptographic key, KCARD, which is 80 bits or 10 bytes in length.
  • KCARD unique cryptographic key
  • KDOMAIN unique key
  • KCARD is derived cryptographically from KDOMAIN respectively as follows:
  • KCARD left-hand 10 bytes of SHA ( KDOMAIN
  • BSEED is a bio-metrically generated value that is 80 bits or 10 bytes in length for each subscriber. In a preferred embodiment, the BSEED value is generated from a user's fingerprint data.
  • the Secure Hash Algorithm, SHA is defined in the Federal information Processing Standards publications 180-1, herein incorporated by reference.
  • KDOMAIN is a random value that is set by the service provider.
  • the authentication message is encrypted data that is communicated from the bio-metric smart card to the service provider for the purpose of authenticating the subscriber and the transaction.
  • the bio-metric smart card communicates this message via the display on the front of the card, or the data is directly sent via IR or other wireless technology, or by a smart card reader that has an electrical connection to the network.
  • the authentication message is comprised of base 10 values so that it will support most current infrastructures (i.e. telephone, Internet, zone machmes, etc.). This message is also cryptographically designed so that the number of digits in the message will comply with industries standards (i.e. Visa, MasterCard, Amex, AT&T, MCI, etc.).
  • the authentication message contains a transaction (serial) number that is incremented for each transaction. This transaction number is incremented for each transaction so that it will only be accepted once.
  • the transaction number is initially set to zero and when it reaches the value of 999999 the card becomes inoperable, or the transaction number is reset.
  • the bio-metric smart card increments the transaction number stored in the EEPROM of the card for each authentication message.
  • the authentication message is encrypted using the KCARD encryption key and using the MD2 or DES encryption algorithm. This method allows for each authentication message to be unique for each subscriber and for each transaction. For example, performing MD2(KCARD + transaction number) produces a unique base 10 number. The next transaction increments the transaction number by 1, and thereby produces a different base 10 number, which is not simply the first security code plus one. This provides increased security against fraud, since even if someone has access to one security code, this will not authorize future transactions.
  • the authentication message is decrypted using the KCARD key and the MD2 or DES algorithm.
  • the decryption key KCARD is generated for each transaction, so that there is no need for transferring this data.
  • the transaction number contained in the authentication message is then referenced to validate the transaction. This is to prevent duplicate transactions.
  • the authentication server may use a transaction number "window" to authorize each transaction in order to accommodate transactions being processed out of order. For example, transactions that are plus five transaction numbers from the current count may be approved.
  • the smart card or wallet incorporating the present invention must be initialized prior to use in order to store the KDOMAIN value and the user's fingerprint data. This step may be performed at a user's local bank branch, as is currently done to initialize ATM PIN numbers.
  • FIG. 7 is a diagram of another embodiment of the present invention.
  • a button or other activation device 700 is placed on a smart card 710.
  • the smart card 710 contains components similar to the bio-metric smart card 210, including a microprocessor, 716, battery 714, ROM 722, and display 720. Also similar to the bio-metric smart card, other arrangements of these components may also be utilized.
  • the battery 214 provides an energy source for operation of the microprocessor 216. Alternatively, a solar or light sensitive panel provides the energy source.
  • the button or other activation device 700 provides a signal that initiates production of an encrypted key that is displayed on display 720.
  • the button 700 may be a physical button having contacts, a pressure sensitive or light sensitive switch, a heat sensitive button, or another activation device.
  • the display 720 may be an LCD device (including displays similar to palm- type computers, but adjusted for size to fit the credit card like dimensions of the smart card 710).
  • the ROM 222 contains programming or other data executed/used by the microprocessor to calculate the encrypted key to be displayed.
  • the programming stored in ROM 722 is executed on the microprocessor 716 (In one alternative, the programming is hardwired into other electronics of the smart card).
  • the microprocessor receives the initiation signal from the button 700, calculates the encrypted key, and then displays the encrypted key on display 720.
  • FIG. 8 is a diagram of another embodiment of the present invention, hi Fig. 8, a touchpad 800 is provided for entry of a user PIN.
  • the touchpad is a 10 key type touch pad having buttons for digits 0-1, and a delete button 810.
  • the touchpad might also contain alpha numerals in various forms including telephone style numerals, shift key and shift key activate numerals, or a full keyboard.
  • the touchpad may be constructed of a set of heat or pressure sensitive switches or other devices. The touch pad may be activated by finger touching the corresponding keys of the user's pin, or, via a stylus device.
  • both the display and keypad are consolidated on a single touch sensitive screen that has facilities for inputting numerals, alpha, and/or other characters consistent with a user's PIN (including, but not limited to symbols, punctuation, and/or foreign language alpha and characters).
  • Handwriting recognition or a displayed keyboard similar to those found on Palm and Handspring devices may be utilized to input the user's PIN.
  • Additional programming stored in ROM 822 and executed on Microprocessor 816 may be utilized to facilitate entry of the PIN. The additional programming may alternatively be embedded in the microprocessor or other electronics of the smart card.
  • FIG. 9 is a flow chart illustrating operation of a touchpad embodiment of the present invention.
  • the microprocessor e.g. microprocessor 716/1016
  • receives a user's PIN that had been entered by the user e.g., via touchpad 800.
  • the entered PIN is then compared, at step 904, against a stored PIN (e.g., stored in ROM 822) to determine is a match has occurred. If a match does not occur, an error message or other message indicating an attempted use by other than the authorized user is forwarded at step 906 to the display.
  • a stored PIN e.g., stored in ROM 822
  • the displayed message (e.g., an error code) might indicate to the user that an error has been detected with an easily discemable message such as "ERR,” or might make such a message recognizable only to the seller, bank or authorization service to better provide an opportunity to recapture a stolen card or detain an unauthorized user.
  • the microprocessor increments an activation/transaction counter at step 907 and generates therewith a numeric or alphanumeric security key.
  • the alphanumeric security key is then preferably encrypted at step 908 and forwarded at step 910 to the display.
  • the operator of a card reader 230, or a remote seller communicating with the user then inputs or forwards at step 912 the displayed, encrypted security key along with the other information found on the surface of the smart card and/or any other required information.
  • an authorization-side activation counter is then incremented at step 914, thereby remaining synchronized to an activation counter of the smart card.
  • the key is then decrypted at steps 916 in a manner utilizing the incremented activation count to determine at step 918 whether the authorized user initiated the requested purchase authorization. If the activation counter is sufficiently aligned with the counter reading from the card (within an allowed “window" of transaction counter numbers to allow for transactions being processed slightly out of order) and other easily understood criteria are met (i.e., sufficient credit or funds available, no lost or stolen card alert reported), an authorization signal is returned across network 125 at step 920. If any of the new or available criteria are not met, a "transaction rejected" code or signal is returned at step 922.
  • the smart card uses both a bio-metric reading apparatus and a touchpad for entry of the user's PIN.
  • Steps 902 and 904, and Steps 302 and 304 are each executed before performing other steps related to production/determination of the encrypted key.
  • FIG. 10 is a diagram of yet another embodiment of the present invention formed in conjunction with an alternative device.
  • the present invention is embedded and placed upon an alternative device, a wallet, 1010.
  • the wallet 1010 preferably has substantially the same shape and form factor as available plastic credit and debit cards such as card 110 in FIG. 1, although it is generally thicker to accommodate the additional components.
  • a smart card, credit card, or other device 1028 may be fitted and held inside the wallet 1010.
  • On the front surface 1012 there is provided a touchpad 1018 for entry of a user's PIN (or alternatively, both a touchpad and bio-metric sensing device).
  • the touchpad and/or bio- metric sensing device is in electrical communication with a microprocessor 1016.
  • a ROM 1022 preferably an EEPROM, stores at least one of the fingerprint or other bio-metric data, the encryption keys, a transaction counter, and a user's PIN, as required to test inputs (either bio- metric or PINs) and produce an encrypted key.
  • a battery 1024 may also be connected to provide power to microprocessor 1016. Again, the power may be provided through movement, solar cells, or other energy sources.
  • the card reader includes a display 1020.
  • the wallet 1010 includes an IR or other wireless transmitter to automatically transmit the security code to a transaction network.
  • the present bio-metric reader (“wallet”) may be used with existing smart cards, which lack an incorporated microprocessor and/or display.
  • a clocking mechanism 1100 is coupled to the microprocessor (e.g., microprocessor 716).
  • the clocking mechanism (preferably internal to the smart card, e.g. smart card 710) continually generates a clock authorization number.
  • Programming executed on the microprocessor e.g., microprocessor 716) uses the clock authorization number in production of the encrypted key.
  • CAS Card Authorization Server
  • another clocking mechanism 1150 (See FIG. 6) is synched to the clocking mechanism 1100, and, an output of the synched clocking mechanism 1150 is used to decrypt the encrypted key.
  • the decrypted key is then examined to verify that a proper transaction has been initiated.
  • the clocking mechanisms are clocks based on current time, and the clock authorization number is a value produced via an algorithm using the time and a clock authorization key.
  • the clocking mechanisms are unrelated to the current time, but progressively changes values in at least one direction (for example, any combination of count-up, count-down devices, or other time varying devices), and preferably encrypted with the clock authorization key.
  • Use of internal clocks in producing the key, and hence the encrypted key, on both the device (e.g. smart card) and back end (e.g. CAS server) may be utilized in any of the other embodiments discussed further above.
  • the present inventors have realized that the present invention may integrated into existing credit card approval infrastructure.
  • Most credit card approval systems today include a card reader (e.g. reader 120) which includes a keypad.
  • Software operating the reader generally already has facilities for entry of a PIN, particularly for ATM card transactions that require a PIN.
  • the present invention may be integrated into the existing infrastructure by using the existing software and prompts for collection of ATM PBSTs for collection and transfer of the encrypted key to a clearing house or other financial institution that approves use of the credit card. Transfer of the encrypted key is performed via a transaction communication in which the encrypted key is passed to the authorizing authority in the PIN field. Other data may also be communicated in the transaction communication.
  • step 11 is a flow chart illustrating an example process flow of implementing data transfer according to an embodiment of the present invention.
  • the user swipes a credit card or otherwise enters the credit card number into a card reader, web page, or other device that captures the user's credit card number.
  • the user initiates production of the encrypted key.
  • the encrypted key is initiated according to any of the embodiments discussed above, pressing a button, entering a user PIN, or generated according to another triggering event (e.g., reading the card).
  • the user also enters the encrypted key into the reader when prompted.
  • the prompt may simply be to enter the user's PIN, to which the user responds by entering the encrypted key generated by the smart card (not the user's PIN, which, in the previously discussed embodiments is required for production of the encrypted key).
  • entry of the encrypted key is entry of the user's PIN for the transaction being processed.
  • the users card number and encrypted key may be entered into the system via other procedures, hi one alternative, at step 1101, the user initiates production of the encrypted key.
  • the alternative procedures may not fit as easily into the existing infrastructures and may require some reprograimning of current readers.
  • the encrypted key is entered into the system and placed in the existing PIN field of the data transaction between the card reader (e.g. retailer) and the first clearing house in the credit card transaction approval chain.
  • the users card number and encrypted key, along with other necessary information are then sent via a transaction communication to a clearing house or other financial institution for processing (Step 1115).
  • a return message from the financial institution/clearing house indicates whether the transaction is approved (i.e., the account is in good standing and the encrypted key matches). If approved, an accept message is sent to the retailer (step 1130), if declined, the disapproval is sent to the retailer (step 1125).
  • FIG. 12A is a block diagram illustrating an example data flow according to an embodiment of the present invention.
  • Fig. 12A presents an example credit card transaction approval chain.
  • the card number (card #) 1205 and other transaction data (price, etc) and the encrypted key (preferably placed in the PIN field) 1210 are sent to a primary clearing house.
  • the primary clearing house is the first financial institution in the credit card transaction clearing house chain.
  • the combined fields 1205 and 1210 comprise a transaction communication and may be a single message or multiple messages containing information needed to complete a transaction.
  • the primary clearing house checks the transaction like a normal credit card transaction and passes all the data (e.g. 1205/1210, now 1225/1230) to a middle clearing house 1240.
  • the middle clearing house 1240 represents all the intermediary financial institutions between the primary clearing house and the banks or backing institution 1260 of the credit card (smart card). The middle clearing house also passes all the data on to the bank 1260. The bank 1260 then checks the account status, decrypts the encrypted key, and sends a status message 1255 back through the credit card transaction approval chain. If the account and key check out ok, the status message is an accept. If not, the status message is a decline.
  • the bank 1260 performs the primary financial and account checking to verify and approve the transaction.
  • any of the primary and middle clearing houses may also perform similar functions. If this occurs, then the data flow through the credit card transaction approval chain may be modified accordingly.
  • the middle clearing house 1240 decrypts the encrypted key and checks it for validity. The credit card number is still passed on to the bank 1260 for account validation.
  • the primary clearing house decrypts the encrypted key and checks it for validity. The credit card number is still passed on to the middle clearing house and bank 1260 for account validation. Any number of variations of checking and approval may be implemented once the card number, other transaction data, and the encrypted key are entered into the data communications representing the transaction to be approved.
  • FIG. 13 is a block diagram illustrating an example data flow and data validation according to an embodiment of the present invention.
  • a primary clearing house 1221 receives the card # and other transaction data 1205 and an encrypted key packed in a PIN field.
  • the clearing house sends the card number to an authorization device 1300 that include authorization server 604.
  • the authorization server 604 uses the card number to reference any needed user data 1310, retrieves a clock signal (if needed for the particular embodiment), decrypts the encrypted key, and determines if it is valid. If the decrypted key is valid, and an accept status signal 1235 is received from the subsequent institution (e.g., bank, credit union, etc.), then the clearing house 1221 forward an accept status 1215. If either the decrypted key is invalid, or a decline is received in status 1235, the clearing house forwards a decline in status message 1215.
  • the subsequent institution e.g., bank, credit union, etc.
  • the smart card of the present invention is produced on an Electronic Ink surface such as a Thin and Flexible Microelectronics (TFM) substrate.
  • Example surfaces are produced by Power PaperTM.
  • the principal components of electronic ink are millions of tiny microcapsules, about the diameter of a human hair, hi one incarnation, each microcapsule contains positively charged white particles and negatively charged black particles suspended in a clear fluid. hen a negative electric field is applied, the white particles move to the top of the microcapsule where they become visible to the user. This makes the surface appear white at that spot. At the same time, an opposite electric field pulls the black particles to the bottom of the microcapsules where they are hidden.
  • microprocessor 716 (or other electronics comiected thereto) include drivers that charge the electronic circuitiy that to form the pattern of pixels for the display on the smart card 710 or smart card wallet 1010.
  • the LCD display 720, 820, and 1020 is replaced with an electronic ink surface. Any display imaginable may be produced. Some example displays include those presented previously, and alternatives may include those shown in Fig. 14A and 14B. Each of Figs 14A and 14B represent an entire surface of the smart card coated in digital ink.
  • a card number space 1400 is provided.
  • a logo space 1410 is provided, and programming of the microprocessor and/or display drivers produces a logo of the card or backing financial institution displayed in the logo space 1410.
  • Fig. 14B a keypad including digits 1-9, 0, clear, and enter are provided in digital ink. Underlying electronics, including any of heat sensitive, pressure sensitive, or mechanical activation switches are provided to register user inputs on the key pad.
  • Logo space 1430 is a digital ink representation of the credit card company, and expiration date/user information is provided in space 1440.
  • Portions of the present invention may be conveniently implemented using a conventional general purpose or a specialized digital computer or microprocessor programmed according to the teachings of the present disclosure, as will be apparent to those skilled in the computer art.
  • that computer is embodied in a microprocessor embedded in a wallet or smart card device.
  • the present invention includes a computer program product which is a storage medium (media) having instructions stored thereon/in which can be used to control, or cause, a computer to perform any of the processes of the present invention.
  • the storage medium can include, but is not limited to, any type of disk including floppy disks, mini disks (MD's), optical discs, DVD, CD-ROMS, micro-drive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices (including flash cards), magnetic or optical cards, nanosystems (including molecular memory ICs), RAID devices, remote data storage/ archive/warehousing, or any type of media or device suitable for storing instructions and/or data.
  • the present invention includes software for controlling both the hardware of the general purpose/specialized computer or microprocessor, and for enabling the computer or microprocessor to interact with a human user or other mechanism utilizing the results of the present invention.
  • software may include, but is not limited to, device drivers, operating systems, and user applications.
  • computer readable media further includes software for performing the present invention, as described above.

Landscapes

  • Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un système permettant d'accroître la sécurité de transaction dans une infrastructure existante. Un mécanisme d'activation émet un signal d'activation ou un signal fournissant un PIN et/ou d'autres données à un dispositif de traitement. Si les données sont vérifiables, le dispositif de traitement effectue la vérification. Une unité d'affichage (124) fournit une clé, de préférence cryptée, en vue d'utiliser efficacement le dispositif détecteur. Un mécanisme de génération prévu dans la clé, constitue un indicateur du nombre de transactions ou d'autres comptes séquentiels d'utilisation de cartes. Un service d'autorisation (120) lit la clé à partir d'un champ PIN de communication de transaction et décrypte en se basant sur un second compte séquentiel maintenu en synchronisation avec le premier compte, en vue de déterminer si l'utilisation est autorisée. Selon une forme d'exécution, un mécanisme à horloge est également utilisé dans le cryptage et le décryptage de la clé. Un lecteur séparé peut être configuré de façon similaire pour lire des cartes à microprocesseur existantes en utilisant le procédé selon l'invention.
PCT/US2002/013262 2001-04-26 2002-04-26 Carte a microprocesseur biometrique, lecteur de carte a microprocesseur biometrique, et procede d'utilisation WO2002088931A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US09/843,572 2001-04-26
US09/843,572 US6816058B2 (en) 2001-04-26 2001-04-26 Bio-metric smart card, bio-metric smart card reader and method of use
US10/040,156 2001-12-19
US10/040,156 US6954133B2 (en) 2001-04-26 2001-12-19 Bio-metric smart card, bio-metric smart card reader, and method of use

Publications (1)

Publication Number Publication Date
WO2002088931A1 true WO2002088931A1 (fr) 2002-11-07

Family

ID=26716783

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/013262 WO2002088931A1 (fr) 2001-04-26 2002-04-26 Carte a microprocesseur biometrique, lecteur de carte a microprocesseur biometrique, et procede d'utilisation

Country Status (1)

Country Link
WO (1) WO2002088931A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009142590A1 (fr) * 2008-05-20 2009-11-26 Swecard Ab Carte à puce
GB2478702A (en) * 2010-03-15 2011-09-21 Mohammed Ayub Ullah Secure biometric card device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5686904A (en) * 1991-05-29 1997-11-11 Microchip Technology Incorporated Secure self learning system
US5774065A (en) * 1994-08-05 1998-06-30 Nippondenso Co., Ltd. Remote control system and method using variable ID code
US6163771A (en) * 1997-08-28 2000-12-19 Walker Digital, Llc Method and device for generating a single-use financial account number

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5686904A (en) * 1991-05-29 1997-11-11 Microchip Technology Incorporated Secure self learning system
US5774065A (en) * 1994-08-05 1998-06-30 Nippondenso Co., Ltd. Remote control system and method using variable ID code
US6163771A (en) * 1997-08-28 2000-12-19 Walker Digital, Llc Method and device for generating a single-use financial account number

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009142590A1 (fr) * 2008-05-20 2009-11-26 Swecard Ab Carte à puce
GB2478702A (en) * 2010-03-15 2011-09-21 Mohammed Ayub Ullah Secure biometric card device

Similar Documents

Publication Publication Date Title
US6954133B2 (en) Bio-metric smart card, bio-metric smart card reader, and method of use
US4357529A (en) Multilevel security apparatus and method
US6662166B2 (en) Tokenless biometric electronic debit and credit transactions
US6983882B2 (en) Personal biometric authentication and authorization device
EP0385400B1 (fr) Appareil et méthode à plusieurs niveaux de sécurité avec clef personnelle
US4304990A (en) Multilevel security apparatus and method
Hendry Smart card security and applications
US5892211A (en) Transaction system comprising a first transportable integrated circuit device, a terminal, and a security device
US7536352B2 (en) Tokenless biometric electronic financial transactions via a third party identicator
US8201747B2 (en) Auto-sequencing financial payment display card
US5163098A (en) System for preventing fraudulent use of credit card
US6192142B1 (en) Tokenless biometric electronic stored value transactions
US7837121B2 (en) Secure credit card adapter
US20100123002A1 (en) Card printing verification system
IE990240A1 (en) Credit card system and method
WO2003065318A2 (fr) Systeme de paiement
CA2359676A1 (fr) Verifications electroniques biometriques sans jeton
CA2817431A1 (fr) Systeme et methode de demande et de traitement de donnees de numero d'identification personnel au moyen d'un sous-ensemble de chiffres aux fins d'une authentification de numero d'identification personnel subsequente
WO2002088931A1 (fr) Carte a microprocesseur biometrique, lecteur de carte a microprocesseur biometrique, et procede d'utilisation
AU2002308486A1 (en) A bio-metric smart card, bio-metric smart card reader, and method of use

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION UNDER RULE 69 EPC (EPO FORM 1205A DATED 17.02.2004)

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP