WO2009055303A1 - Biometric secure transaction card - Google Patents

Biometric secure transaction card Download PDF

Info

Publication number
WO2009055303A1
WO2009055303A1 PCT/US2008/080182 US2008080182W WO2009055303A1 WO 2009055303 A1 WO2009055303 A1 WO 2009055303A1 US 2008080182 W US2008080182 W US 2008080182W WO 2009055303 A1 WO2009055303 A1 WO 2009055303A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
data
biometric
fingerprint
stored
Prior art date
Application number
PCT/US2008/080182
Other languages
French (fr)
Inventor
Rodolphe J. Simon
Original Assignee
Simon Rodolphe J
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Simon Rodolphe J filed Critical Simon Rodolphe J
Publication of WO2009055303A1 publication Critical patent/WO2009055303A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B42BOOKBINDING; ALBUMS; FILES; SPECIAL PRINTED MATTER
    • B42DBOOKS; BOOK COVERS; LOOSE LEAVES; PRINTED MATTER CHARACTERISED BY IDENTIFICATION OR SECURITY FEATURES; PRINTED MATTER OF SPECIAL FORMAT OR STYLE NOT OTHERWISE PROVIDED FOR; DEVICES FOR USE THEREWITH AND NOT OTHERWISE PROVIDED FOR; MOVABLE-STRIP WRITING OR READING APPARATUS
    • B42D25/00Information-bearing cards or sheet-like structures characterised by identification or security features; Manufacture thereof
    • B42D25/20Information-bearing cards or sheet-like structures characterised by identification or security features; Manufacture thereof characterised by a particular use or purpose
    • B42D25/22Information-bearing cards or sheet-like structures characterised by identification or security features; Manufacture thereof characterised by a particular use or purpose for use in combination with accessories specially adapted for information-bearing cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0716Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising a sensor or an interface to a sensor
    • G06K19/0718Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising a sensor or an interface to a sensor the sensor being of the biometric kind, e.g. fingerprint sensors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/26Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

Definitions

  • the invention relates to the field of electronically scanned transaction cards. More particularly, the invention relates to transaction cards encoded with biometric data for security purposes.
  • An authorized bearer of a magnetic strip card that is used for cash withdrawal at an ATM must remember extraneous information, such as a personal identification number (PIN) and/or password in order to execute a transaction. If the card bearer forgets the PIN and makes multiple attempts to complete the transaction, the card will generally be retracted into the ATM. In some cases, these retracted cards are destroyed, in other cases, the institution that owns or operates the ATM returns the card to the issuing bank. These are security measures to prevent what appears to be an unauthorized person from completing a transaction and they inevitably result in an inconvenience for the authorized card bearer, who now has to go the bank to retrieve the card or have a new card issued, which involves time and expense.
  • PIN personal identification number
  • the card bearer In order to avoid such mishaps, the card bearer often writes the PIN on a slip of paper and keeps it in his wallet, in close proximity to the card itself. This defeats the purpose of having a PIN, which is to protect against unauthorized use, should the wallet fall into the hands of an unauthorized person. Furthermore, the traditional magnetic strip card offers little security should an authorized user be forced to execute a transaction under threat of bodily injury.
  • the magnetic strip card is also frequently used to transact business, whereby the only source of identification required is a comparison of the signature on the back of the card with a signature on a transaction slip. This provides very little security, because the person comparing the signatures frequently does so only superficially. Furthermore, signatures are easily forged. In some cases, a photo-ID is required to confirm the identity of the person named on the magnetic strip card. This security measure may be thwarted by a person, who changes his or her appearance to look like the image in the photo-ID.
  • Radio-frequency (RF) technology is widely used now for radio frequency identification (RFI) cards.
  • RFID technology is a contactless technology, that is, the data is transmitted via radio broadcast, and enables very fast data transmission, because the card does not need to come into contact with the card scanner, in order to transmit data.
  • RFI cards are used in many different types of transactions, such as speed passes for highway toll booths or gas stations, product tracking, animal identification, etc.
  • the RFI card is just as vulnerable to unauthorized use as is the magnetic strip card.
  • RF technology has a greater weakness for misuse than the magnetic strip card, though, because information on RFI cards can be surreptitiously and fraudulently obtained by RF decryption equipment.
  • the present invention is a method of verifying the identity of a card bearer of a biom ⁇ trically secured transaction card, such as a credit card or ID card, prior to enabling a transaction.
  • a biom ⁇ trically secured transaction card such as a credit card or ID card
  • the biometrically secured transaction card according to the invention shall be referred to hereinafter as "biometric transaction card” or "BTC.”
  • Enablement allows data to be transmitted between the biometric transaction card and a processing unit, such as a card reader.
  • the verification method of the present application enables data transmission only upon determination of a match between biometric data that is stored on the biometric transaction card and biometric data that is scanned onto the card at the transactional location.
  • the physical embodiment of the transaction card is disclosed in the co-pending US patent application number 11/601 ,237, filed on November 17, 206, by the inventor of the present application.
  • the biometric transaction card is a self-powered card that includes a power source incorporated into the card, a biometric sensor, a data storage device, a microprocessor, data release circuitry, and conventional contacts for communication with standard commercial card reader components.
  • the power source is a battery, such as a ribbon battery, that is either permanently or replaceably incorporated into the card.
  • the self-powered BTC requires that a verification match be made with contemporaneously scanned biometric data and stored biometric data, before any data is transmitted between the transaction card and the card reader or other external equipment. If a mismatch is determined, data transmission is not enabled.
  • the method of the present application allows a higher-level verification operation to that disclosed in the 11/601237 patent application by combining two completely unrelated biometric features to create a third, unique identifier.
  • the card bearer or user must first be enrolled in order to use the BTC.
  • Conventional user enrollment involves recording and storing a scan of a fingerprint of the card user in the storage device on the BTC and adding additional biographical and other pertinent data, as necessary.
  • the term "fingerprint" shall also include a thumb print.
  • Enrollment according to the method of the present application requires that a prospective card user scan a fingerprint with the biometrics sensor on the biometric transaction card.
  • the fingerprint scan is stored in the storage device on the card.
  • Biographical data is added, as necessary, to complete the biometric and biographical data stored on the card for identification purposes.
  • Fingerprints are defined by whorl, loop, and arch patterns on the surfaces of the first section of each finger. These patterns are formed by ridges and furrows. Minutiae points are local ridge characteristics, typically defined by ridge endings and ridge bifurcations, but may also include other unusual features, such as the points where a scar begins and terminates. Every fingerprint has minutiae. They vary from finger to finger and are unique to an individual. Generally, when a fingerprint is obtained from a person, the precise locations of the minutiae points are recorded for each finger in the form of numerical coordinates. The points and coordinates are stored in electronic data form, so as to provide a basis for computerized comparison of fingerprints. At the time of enrollment, this minutiae-point data is converted to a digital format, encrypted and stored in the storage device on the biometric , transaction card.
  • the prospective card user also provides a DNA sample.
  • This sample is analyzed by conventional DNA analysis methods and apparatus, external to the biometric transaction card.
  • Such methods include those used to analyze and store DNA data in a format that is electronically searchable, such as the methods used to store DNA data in CODIS, the Combined DNA Index System of the FBI.
  • These DNA data are encrypted, and then stored in the storage device on the biometric transaction card.
  • An algorithm stored in the microprocessor on the card randomly selects minutiae data and DNA data. The algorithm then combines the two groups of randomly collected data to create a set of unique identifiers that are different from the separate characteristics of the fingerprint minutiae and the DNA data.
  • the 18 th minutiae point from the fingerprint could be matched to the 3 rd marker from the DNA analysis, to create a 1 st marker for the higher-level security code.
  • This list of unique identifiers is then encrypted and stored in the storage device on the card as the higher-level-security code.
  • a higher-level verification program provided in the microprocessor decrypts the higher-level-security code and compares the stored minutiae data with the fingerprint data scanned at the time of verification and compares the stored DNA data with the DNA sample from an analysis performed for the higher-level verification.
  • the speed and efficacy of this type of higher-level security check is dependent on the technology available for DNA analysis. Currently, DNA analysis requires an extended period of time.
  • a higher-level security check according to the invention requires that the card bearer provide a DNA sample and a fingerprint scan, which are then analyzed with methods and apparatus external to the biometric transaction card. The same algorithms that are used to generate the minutiae data and to match minutiae points with DNA markers are applied to the newly collected data.
  • the method may combine the minutiae data from the fingerprint data collected at the time of verification with the same random selection of DNA data that is the basis for the set of unique identifiers at the time of enrollment, and then compare this contemporaneous set of unique identifiers with that stored in the storage device.
  • the secure transaction card according to the invention is a single-user only card, whereby only one user's biometric information is stored on the card. It is possible to transfer ownership of the card from one person to another, by enrolling biometric and other data for a subsequent card bearer onto the card, after deleting the enrollment data for the previous card owner.
  • FlG. 1 is a front view of the biometrics-secured transaction card according to the invention, showing a biometrics sensor.
  • FIG. 2 is an illustration of the rear view of the card of FIG. 1 , showing a magnetic strip and an RF transmitter.
  • FIG. 3 shows a layout of the various components embedded in the card substrate.
  • FIG. 4 is a block diagram of the biometrics-secured transaction card of FIG. 1.
  • FIG. 5 shows a battery pack for RF data transmission being inserted into the biometrics-secured transaction card according to the invention.
  • FIG. 6 shows a method of mapping the minutiae points from a fingerprint scan to certain locations on a DNA sample.
  • FIGS. 1 - 5 illustrate the physical embodiment of biometric transaction card 100 that is disclosed in co-pending US patent application no. 11/601 ,237.
  • FIG. 6 illustrates the method according to the invention of providing additional security.
  • the DNA sample is represented as the lab result showing the alleles.
  • These results are converted to data searchable electronic format, for example, the conventional format that is used to store DNA data in CODIS.
  • the method according to the invention requires the use of a self-powered biometric transaction card (BTC), such as, for example, the one disclosed in FIGS. 1 - 5.
  • BTC biometric transaction card
  • the storage device 110 stores 288 Kilobyte of memory. Any biometric information may be stored in the storage device 110.
  • the card bearer or user must first enroll on the card, before the verification method according to the invention may be implemented. Enrollment requires a user to provide a scan of a fingerprint. A computer algorithm analyzes the fingerprint to find up to 36 minutiae points M. The points are converted to a digital format, encrypted and stored in the storage device 110. Prior to the enrollment process, a sample of the card bearer's DNA is collected, analyzed, and the results converted to a digital electronic format.
  • a computer algorithm randomly matches the minutiae with the DNA data, to create a set of unique identifiers, MD1 - MD6.
  • FlG. 6 shows a fingerprint F with minutiae points M being matched to certain data points on a DNA sample D.
  • the DNA test sample D is illustrated here schematically as the lab results, for illustration purposes, rather than as a print out of digitized information.
  • This set of unique identifiers This is then encrypted and stored in the storage device on the card as the higher-level-security code.
  • the unique identifiers may be used in cases of heightened security risk to verify that the card bearer is, in fact, the enrolled user.
  • the method according to the invention was illustrated above by a description of combining a random selection of minutiae points M with a random selection of DNA data points D to create a set of unique identifiers. The method is, however, not limited to the combination of minutiae and DNA data. It is understood that any combination of biometric information may be used to create a set of unique identifiers. For example, a retinal scan of the card user's eye and digitized DNA results may be combined in an analogous manner to create a set of unique identifiers.
  • biometric data stored on the biometric transaction card 100 is encrypted and remains on the card until deleted.
  • the biometric data may be encrypted in a 1024 bit RSA encryption format, which has been used to encrypt public key and digital signatures.

Abstract

Method of providing additional security verification, using an independently powered, biometric transaction card, such as a credit card or an ID card that is equipped with a biometric sensor. Storage device, microprocessor, data release circuitry, and contacts for communication with standard card reader components are incorporated into the card, as is a battery for providing power to the components on the card. A fingerprint of the card bearer is scanned and stored on the card. An algorithm analyzes the fingerprint data to define a plurality of minutiae points. The minutiae point data are digitized and stored on the card. The results of a DNA test are converted to electronic format and stored on the card. An algorithm randomly matches the minutiae point data to selections of DNA data, thereby creating a set of unique identifiers.

Description

BIOMETRIC SECURE TRANSACTION CARD
BACKGROUND INFORMATION [0001] FIELD OF THE INVENTION
[0002] The invention relates to the field of electronically scanned transaction cards. More particularly, the invention relates to transaction cards encoded with biometric data for security purposes.
[0003] DESCRIPTION OF THE PRIOR ART
[0004] Financial institutions, governmental communities, businesses, hospitals and other such facilities require a means to execute transactions in a secure and expedited manner. Today, the electronically scanned magnetic strip card is typically used as a transaction card. This type of transaction card offers many advantages — it is inexpensive to manufacture, small enough to fit easily in a small wallet, lightweight, durable, and suitable for myriad applications. The magnetic strip card has been in use for decades now, worldwide, and a vast worldwide network of automated teller machines (ATMs) and other types of card processors exists for processing such cards. There are certain disadvantages, however, to using the conventional magnetic strip card. An authorized bearer of a magnetic strip card that is used for cash withdrawal at an ATM must remember extraneous information, such as a personal identification number (PIN) and/or password in order to execute a transaction. If the card bearer forgets the PIN and makes multiple attempts to complete the transaction, the card will generally be retracted into the ATM. In some cases, these retracted cards are destroyed, in other cases, the institution that owns or operates the ATM returns the card to the issuing bank. These are security measures to prevent what appears to be an unauthorized person from completing a transaction and they inevitably result in an inconvenience for the authorized card bearer, who now has to go the bank to retrieve the card or have a new card issued, which involves time and expense. In order to avoid such mishaps, the card bearer often writes the PIN on a slip of paper and keeps it in his wallet, in close proximity to the card itself. This defeats the purpose of having a PIN, which is to protect against unauthorized use, should the wallet fall into the hands of an unauthorized person. Furthermore, the traditional magnetic strip card offers little security should an authorized user be forced to execute a transaction under threat of bodily injury.
[0005] The magnetic strip card is also frequently used to transact business, whereby the only source of identification required is a comparison of the signature on the back of the card with a signature on a transaction slip. This provides very little security, because the person comparing the signatures frequently does so only superficially. Furthermore, signatures are easily forged. In some cases, a photo-ID is required to confirm the identity of the person named on the magnetic strip card. This security measure may be thwarted by a person, who changes his or her appearance to look like the image in the photo-ID.
[0006] Radio-frequency (RF) technology is widely used now for radio frequency identification (RFI) cards. RF technology is a contactless technology, that is, the data is transmitted via radio broadcast, and enables very fast data transmission, because the card does not need to come into contact with the card scanner, in order to transmit data. RFI cards are used in many different types of transactions, such as speed passes for highway toll booths or gas stations, product tracking, animal identification, etc. The RFI card is just as vulnerable to unauthorized use as is the magnetic strip card. RF technology has a greater weakness for misuse than the magnetic strip card, though, because information on RFI cards can be surreptitiously and fraudulently obtained by RF decryption equipment.
[0007] What is needed, therefore, is a transaction card that provides greater security without requiring a PIN or other extraneous information. What is further needed is such a transaction card that is adaptable for both magnetic strip and RF transactions.
BRIEF SUMMARY OF THE INVENTION
[0008] The present invention is a method of verifying the identity of a card bearer of a biomβtrically secured transaction card, such as a credit card or ID card, prior to enabling a transaction. The biometrically secured transaction card according to the invention shall be referred to hereinafter as "biometric transaction card" or "BTC." Enablement allows data to be transmitted between the biometric transaction card and a processing unit, such as a card reader. The verification method of the present application enables data transmission only upon determination of a match between biometric data that is stored on the biometric transaction card and biometric data that is scanned onto the card at the transactional location. The physical embodiment of the transaction card is disclosed in the co-pending US patent application number 11/601 ,237, filed on November 17, 206, by the inventor of the present application. The biometric transaction card is a self-powered card that includes a power source incorporated into the card, a biometric sensor, a data storage device, a microprocessor, data release circuitry, and conventional contacts for communication with standard commercial card reader components. The power source is a battery, such as a ribbon battery, that is either permanently or replaceably incorporated into the card. The self-powered BTC requires that a verification match be made with contemporaneously scanned biometric data and stored biometric data, before any data is transmitted between the transaction card and the card reader or other external equipment. If a mismatch is determined, data transmission is not enabled. This eliminates the need for sensitive identification data of the card bearer to be transmitted to any other location or device, in order to enable a transaction, which provides greater security for the card user. [0009] The method of the present application allows a higher-level verification operation to that disclosed in the 11/601237 patent application by combining two completely unrelated biometric features to create a third, unique identifier. As with a conventional biometrics card, the card bearer or user must first be enrolled in order to use the BTC. Conventional user enrollment involves recording and storing a scan of a fingerprint of the card user in the storage device on the BTC and adding additional biographical and other pertinent data, as necessary. The term "fingerprint" shall also include a thumb print. Enrollment according to the method of the present application requires that a prospective card user scan a fingerprint with the biometrics sensor on the biometric transaction card. The fingerprint scan is stored in the storage device on the card. Biographical data is added, as necessary, to complete the biometric and biographical data stored on the card for identification purposes.
[0010] Fingerprints are defined by whorl, loop, and arch patterns on the surfaces of the first section of each finger. These patterns are formed by ridges and furrows. Minutiae points are local ridge characteristics, typically defined by ridge endings and ridge bifurcations, but may also include other unusual features, such as the points where a scar begins and terminates. Every fingerprint has minutiae. They vary from finger to finger and are unique to an individual. Generally, when a fingerprint is obtained from a person, the precise locations of the minutiae points are recorded for each finger in the form of numerical coordinates. The points and coordinates are stored in electronic data form, so as to provide a basis for computerized comparison of fingerprints. At the time of enrollment, this minutiae-point data is converted to a digital format, encrypted and stored in the storage device on the biometric , transaction card.
[0011] The prospective card user also provides a DNA sample. This sample is analyzed by conventional DNA analysis methods and apparatus, external to the biometric transaction card. Such methods include those used to analyze and store DNA data in a format that is electronically searchable, such as the methods used to store DNA data in CODIS, the Combined DNA Index System of the FBI. These DNA data are encrypted, and then stored in the storage device on the biometric transaction card. An algorithm stored in the microprocessor on the card randomly selects minutiae data and DNA data. The algorithm then combines the two groups of randomly collected data to create a set of unique identifiers that are different from the separate characteristics of the fingerprint minutiae and the DNA data. For example the 18th minutiae point from the fingerprint could be matched to the 3rd marker from the DNA analysis, to create a 1st marker for the higher-level security code. This list of unique identifiers is then encrypted and stored in the storage device on the card as the higher-level-security code.
[0012] A higher-level verification program provided in the microprocessor decrypts the higher-level-security code and compares the stored minutiae data with the fingerprint data scanned at the time of verification and compares the stored DNA data with the DNA sample from an analysis performed for the higher-level verification. The speed and efficacy of this type of higher-level security check is dependent on the technology available for DNA analysis. Currently, DNA analysis requires an extended period of time. A higher-level security check according to the invention requires that the card bearer provide a DNA sample and a fingerprint scan, which are then analyzed with methods and apparatus external to the biometric transaction card. The same algorithms that are used to generate the minutiae data and to match minutiae points with DNA markers are applied to the newly collected data. The same set of unique identifiers should result. In the alternative, the method may combine the minutiae data from the fingerprint data collected at the time of verification with the same random selection of DNA data that is the basis for the set of unique identifiers at the time of enrollment, and then compare this contemporaneous set of unique identifiers with that stored in the storage device. [0013] Typically, the secure transaction card according to the invention is a single-user only card, whereby only one user's biometric information is stored on the card. It is possible to transfer ownership of the card from one person to another, by enrolling biometric and other data for a subsequent card bearer onto the card, after deleting the enrollment data for the previous card owner.
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] The present invention is described with reference to the accompanying drawings. In the drawings, like reference numbers indicate identical or functionally similar elements.
[0015] FlG. 1 is a front view of the biometrics-secured transaction card according to the invention, showing a biometrics sensor.
[0016] FIG. 2 is an illustration of the rear view of the card of FIG. 1 , showing a magnetic strip and an RF transmitter.
[0017] FIG. 3 shows a layout of the various components embedded in the card substrate.
[0018] FIG. 4 is a block diagram of the biometrics-secured transaction card of FIG. 1.
[0019] FIG. 5 shows a battery pack for RF data transmission being inserted into the biometrics-secured transaction card according to the invention.
[0020] FIG. 6 shows a method of mapping the minutiae points from a fingerprint scan to certain locations on a DNA sample. DETAILED DESCRIPTION OF THE INVENTION
[0021] The present invention will now be described more fully in detail with reference to the accompanying drawings, in which the preferred embodiments of the invention are shown. This invention should not, however, be construed as limited to the embodiments set forth herein; rather, they are provided so that this disciosure will be complete and will fully convey the scope of the invention to those skilled in the art.
[0022] FIGS. 1 - 5 illustrate the physical embodiment of biometric transaction card 100 that is disclosed in co-pending US patent application no. 11/601 ,237. FIG. 6 illustrates the method according to the invention of providing additional security. The DNA sample is represented as the lab result showing the alleles. These results are converted to data searchable electronic format, for example, the conventional format that is used to store DNA data in CODIS.
[0023] The method according to the invention requires the use of a self-powered biometric transaction card (BTC), such as, for example, the one disclosed in FIGS. 1 - 5. The storage device 110 stores 288 Kilobyte of memory. Any biometric information may be stored in the storage device 110. The card bearer or user must first enroll on the card, before the verification method according to the invention may be implemented. Enrollment requires a user to provide a scan of a fingerprint. A computer algorithm analyzes the fingerprint to find up to 36 minutiae points M. The points are converted to a digital format, encrypted and stored in the storage device 110. Prior to the enrollment process, a sample of the card bearer's DNA is collected, analyzed, and the results converted to a digital electronic format. These DNA results are then encrypted and also stored in the storage device 110, A computer algorithm randomly matches the minutiae with the DNA data, to create a set of unique identifiers, MD1 - MD6. FlG. 6 shows a fingerprint F with minutiae points M being matched to certain data points on a DNA sample D. The DNA test sample D is illustrated here schematically as the lab results, for illustration purposes, rather than as a print out of digitized information.
[0024] This set of unique identifiers This is then encrypted and stored in the storage device on the card as the higher-level-security code. The unique identifiers may be used in cases of heightened security risk to verify that the card bearer is, in fact, the enrolled user. The method according to the invention was illustrated above by a description of combining a random selection of minutiae points M with a random selection of DNA data points D to create a set of unique identifiers. The method is, however, not limited to the combination of minutiae and DNA data. It is understood that any combination of biometric information may be used to create a set of unique identifiers. For example, a retinal scan of the card user's eye and digitized DNA results may be combined in an analogous manner to create a set of unique identifiers.
[0025] All biometric data stored on the biometric transaction card 100 is encrypted and remains on the card until deleted. The biometric data may be encrypted in a 1024 bit RSA encryption format, which has been used to encrypt public key and digital signatures.
[0026] It is understood that the embodiments described herein are merely illustrative of the present invention. Variations in the construction of the biometric secured transaction card may be contemplated by one skilled in the art without limiting the intended scope of the invention herein disclosed and as defined by the following claims.

Claims

What is claimed is:
Claim 1 : A method of verifying the identity of a card bearer of a biometrically secured transaction card, the card being an electronically processible card that has a power source incorporated into the card, the method characterized by: a) scanning a fingerprint of the card bearer; b) analyzing the fingerprint to determine a plurality of minutiae points; c) storing the minutiae points in digital format on the biometrically secured transaction card; d) analyzing a sample of a biomethc feature of the card bearer that is other than a fingerprint to obtain biomethc data; e) storing the biomethc data in digital format on the biometrically secured transaction card; f) using a computer algorithm to randomly match a minutiae point with a datum of the biomethc data to obtain a unique identifier; and g) storing the unique identifier on the biometrically secured transaction card.
Claim 2: The method of claim 2, wherein the biometric data are DNA data.
Claim 3: The method of claim 1 , wherein the biometric data are data from a retinal scan.
PCT/US2008/080182 2007-10-24 2008-10-16 Biometric secure transaction card WO2009055303A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US98217707P 2007-10-24 2007-10-24
US60/982,177 2007-10-24

Publications (1)

Publication Number Publication Date
WO2009055303A1 true WO2009055303A1 (en) 2009-04-30

Family

ID=40579932

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2008/080182 WO2009055303A1 (en) 2007-10-24 2008-10-16 Biometric secure transaction card

Country Status (1)

Country Link
WO (1) WO2009055303A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013032869A1 (en) * 2011-08-26 2013-03-07 Life Technologies Corporation Systems and methods for identifying an individual
WO2014015346A1 (en) * 2012-07-20 2014-01-23 Life Technologies Corporation Systems and methods for identifying an individual
US20150220918A1 (en) * 2014-02-04 2015-08-06 Lenovo (Singapore) Pte. Ltd. Biometric account card
US9235698B2 (en) 2013-08-30 2016-01-12 Cylon Global Technology Inc. Data encryption and smartcard storing encrypted data
US9330511B2 (en) 2013-08-30 2016-05-03 Cylon Global Technology Inc. Apparatus and methods for identity verification
US9489502B2 (en) 2014-02-04 2016-11-08 Lenovo (Singapore) Pte. Ltd. Biometric authentication display
US9697342B2 (en) 2014-02-04 2017-07-04 Lenovo (Singapore) Pte. Ltd. Biometric authentication stripe
CN107944332A (en) * 2016-10-13 2018-04-20 卡诺爱股份有限公司 Fingerprint recognition card and the method for operating fingerprint recognition card
US10043180B2 (en) 2010-09-30 2018-08-07 The Western Union Company System and method for secure transactions at a mobile device
CN114978763A (en) * 2022-06-30 2022-08-30 深圳千方智通科技有限公司 Examinee information rapid login system based on transportation safety examination software

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060079059A (en) * 2004-12-31 2006-07-05 삼성전자주식회사 Card storing biological information, user identification method and apparatus using the card
EP1693774A2 (en) * 2005-02-21 2006-08-23 Hitachi-Omron Terminal Solutions, Corp. Biometric authentication apparatus, terminal device and automatic transaction machine
KR20070025110A (en) * 2005-08-31 2007-03-08 황춘홍 Dna identification card
US20070094512A1 (en) * 2005-10-26 2007-04-26 Masatsugu Nomiya Storage media issuing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060079059A (en) * 2004-12-31 2006-07-05 삼성전자주식회사 Card storing biological information, user identification method and apparatus using the card
EP1693774A2 (en) * 2005-02-21 2006-08-23 Hitachi-Omron Terminal Solutions, Corp. Biometric authentication apparatus, terminal device and automatic transaction machine
KR20070025110A (en) * 2005-08-31 2007-03-08 황춘홍 Dna identification card
US20070094512A1 (en) * 2005-10-26 2007-04-26 Masatsugu Nomiya Storage media issuing method

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10043180B2 (en) 2010-09-30 2018-08-07 The Western Union Company System and method for secure transactions at a mobile device
US11263691B2 (en) 2010-09-30 2022-03-01 The Western Union Company System and method for secure transactions at a mobile device
US10861012B2 (en) 2010-09-30 2020-12-08 The Western Union Company System and method for secure transactions at a mobile device
US11636190B2 (en) 2011-08-26 2023-04-25 Life Technologies Corporation Systems and methods for identifying an individual
WO2013032869A1 (en) * 2011-08-26 2013-03-07 Life Technologies Corporation Systems and methods for identifying an individual
US9520999B2 (en) 2011-08-26 2016-12-13 Life Technologies Corporation Systems and methods for identifying an individual
US10733277B2 (en) 2011-08-26 2020-08-04 Life Technologies Corporation Systems and methods for identifying an individual
WO2014015346A1 (en) * 2012-07-20 2014-01-23 Life Technologies Corporation Systems and methods for identifying an individual
US9330511B2 (en) 2013-08-30 2016-05-03 Cylon Global Technology Inc. Apparatus and methods for identity verification
US9704312B2 (en) 2013-08-30 2017-07-11 Cylon Global Technology Inc. Apparatus and methods for identity verification
US9235698B2 (en) 2013-08-30 2016-01-12 Cylon Global Technology Inc. Data encryption and smartcard storing encrypted data
US10162954B2 (en) * 2014-02-04 2018-12-25 Lenovo (Singapore) Pte. Ltd. Biometric account card
US9697342B2 (en) 2014-02-04 2017-07-04 Lenovo (Singapore) Pte. Ltd. Biometric authentication stripe
US9489502B2 (en) 2014-02-04 2016-11-08 Lenovo (Singapore) Pte. Ltd. Biometric authentication display
US20150220918A1 (en) * 2014-02-04 2015-08-06 Lenovo (Singapore) Pte. Ltd. Biometric account card
CN107944332A (en) * 2016-10-13 2018-04-20 卡诺爱股份有限公司 Fingerprint recognition card and the method for operating fingerprint recognition card
CN107944332B (en) * 2016-10-13 2021-11-19 卡诺爱股份有限公司 Fingerprint identification card and method for operating a fingerprint identification card
CN114978763A (en) * 2022-06-30 2022-08-30 深圳千方智通科技有限公司 Examinee information rapid login system based on transportation safety examination software

Similar Documents

Publication Publication Date Title
WO2009055303A1 (en) Biometric secure transaction card
US9298905B1 (en) Biometric personal data key (PDK) authentication
US8694793B2 (en) Biometric access control transactions
Matyáš et al. Biometric authentication—security and usability
US7773779B2 (en) Biometric systems
US10076920B2 (en) Card with integrated fingerprint authentication
KR101120091B1 (en) Card storing biological information, user identification method and apparatus using the card
US20080120509A1 (en) Biometrics-secured transaction card
US20050188213A1 (en) System for personal identity verification
US20030139984A1 (en) System and method for cashless and clerkless transactions
WO2015028772A1 (en) Data encryption and smartcard storing encrypted data
US20090145972A1 (en) Biometric authorization transaction
US20080172733A1 (en) Identification and verification method and system for use in a secure workstation
WO2008021428A2 (en) Portable magnetic stripe reader for criminality security applications
US20030172027A1 (en) Method for conducting a credit transaction using biometric information
WO2009152677A1 (en) Payment system and payment method thereof
JPH1139483A (en) Fingerprint authentication card, memory card, authentication system, authentication device and portable equipment
KR20070046757A (en) System for automatic teller machine and automatic cash transaction device
JP2007528035A (en) Smart card for storing invisible signatures
US20030048175A1 (en) Portable biometric verification and storage device
JP5075675B2 (en) Biometric authentication system and biometric authentication device
AliBabaee et al. Biometric authentication of fingerprint for banking users, using stream cipher algorithm
Hussain et al. BSC: A Novel Scheme for Providing Security using Biometric Smart Card
JP2003308302A (en) Biometrics system
Jain Biometric system security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08843121

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08843121

Country of ref document: EP

Kind code of ref document: A1