WO2019123291A1 - System and method for user authentication using biometric data - Google Patents

System and method for user authentication using biometric data Download PDF

Info

Publication number
WO2019123291A1
WO2019123291A1 PCT/IB2018/060304 IB2018060304W WO2019123291A1 WO 2019123291 A1 WO2019123291 A1 WO 2019123291A1 IB 2018060304 W IB2018060304 W IB 2018060304W WO 2019123291 A1 WO2019123291 A1 WO 2019123291A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
atm
challenge
biometric data
biometric
Prior art date
Application number
PCT/IB2018/060304
Other languages
French (fr)
Inventor
Nikhilesh Manoj WANI
Original Assignee
Wani Nikhilesh Manoj
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wani Nikhilesh Manoj filed Critical Wani Nikhilesh Manoj
Publication of WO2019123291A1 publication Critical patent/WO2019123291A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/206Software aspects at ATMs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response

Definitions

  • the present disclosure relates to authentication systems.
  • it relates to a system that uses non-duplicable biometric data for authentication.
  • the machine communicates with a backend server storing relevant data, authenticates the user on matching of the user’s account number and associated PIN as stored in the server with corresponding data supplied by the user on the ATM/PoS machine (wherein the account information is usually stored in a magnetic strip at back of the debit/credit card, and this information is retrieved by a reader in the ATM/PoS machine as the user‘swipes’ his card through the reader) and in case of a match, proceeds further with execution of the transaction desired by the user (for instance, a cash withdrawal).
  • a backend server storing relevant data
  • Skimming is identity theft mainly used for debit cards.
  • a counterfeit card reader scans and stores all information written on the magnetic strip of a debit card as the card is slid into an ATM that has the counterfeit card reader placed over the ATM’s real card slot.
  • Tiny spy cameras are positioned to get a clear view of the keypad and record all the actions being made by the user as the user withdraws money and thereby capture the PIN information.
  • fake keypads can be put over the real keypad of the ATM and capture the PIN information. Over a billion dollars are lost every year due to skimming related frauds.
  • biometric inputs such as fingerprints at an appropriately configured ATM/PoS machine to reduce such frauds.
  • a fingerprint scanner is used for providing such biometric inputs.
  • a fingerprint is analyzed for very specific features called minutiae, where the lines in a fingerprint terminate or split in two.
  • the scanner measures the distances and angles between these features and then uses an algorithm (mathematical process) to turn this information into a unique numeric code.
  • Authenticating a user is then simply a matter of comparing these codes based upon fingerprint scanning done at different times.
  • a user’s fingerprint data is stored at a central server while during authentication the fingerprint data being provided at the time is compared with that stored during registration. If the two match, the user is granted access to his account.
  • various biometric data-facial features for instance - can be reduced to unique numeric codes that can be used for authentication.
  • biometric data is stored remote from the user and so, such systems require appropriate data communication networks, mostly Internet. This further increases cost of deployment. Further, biometric data if not held secure can be stolen with damaging consequences if such data is misused.
  • OTP One Time Pin
  • RMN registered mobile number
  • the numbers expressing quantities or dimensions of items, and so forth, used to describe and claim certain embodiments of the invention are to be understood as being modified in some instances by the term“about.” Accordingly, in some embodiments, the numerical parameters set forth in the written description and attached claims are approximations that can vary depending upon the desired properties sought to be obtained by a particular embodiment. In some embodiments, the numerical parameters should be construed in light of the number of reported significant digits and by applying ordinary rounding techniques. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of some embodiments of the invention are approximations, the numerical values set forth in the specific examples are reported as precisely as practicable. The numerical values presented in some embodiments of the invention may contain certain errors necessarily resulting from the standard deviation found in their respective testing measurements.
  • the present disclosure mainly relates to an authentication system that uses non- duplicable biometric data for authentication.
  • it relates to an authentication system that uses a mobile device for authenticating a user at an ATM/PoS machine to enable the user make a financial transaction.
  • the system can be similarly deployed for any other purpose requiring user authentication based upon biometric data.
  • a method for authenticating a user can include : receiving, at a central computing device, a challenge value (CV) from an automated teller machine (ATM) that the central computing device is operatively coupled with, the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM; matching, at the central computing device, using a database that is operatively coupled with the central computing device, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and authenticating the user if a match is found between the CV and the TV.
  • CV challenge value
  • ATM automated teller machine
  • the central computing device can be a server or cloud.
  • the challenge can be received by the user from a user computing device or from the ATM, and the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC.
  • the challenge can pertain to a sequence in which inputs for the biometric data are to be provided.
  • the biometric data can be obtained from any or a combination of fingerprint scanner, iris scanner, and facial scanner.
  • the CV can be submitted to the ATM by the user after scanning of a debit/credit card at the ATM by the user within a defined time period of the CV generation.
  • ATM PIN of the user can be presented to the user or provided directly to the ATM for processing the transaction, the ATM PIN being stored as a part of the user’s profile along with the authentic biometric data.
  • the biometric device can be uniquely associated with the user.
  • a system to authenticate a user including: a non-transitory storage device having embodied therein one or more routines operable to authenticate a user; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines, wherein the one or more routines can include: a challenge value receive module, which when executed by the one or more processors, can receive a challenge value (CV) from an automated teller machine (ATM), the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM; a challenge value based matching module, which when executed by the one or more processors, can match , using a database, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and a matching output based authentication module, which when executed by the
  • the challenge can be received by the user from a user computing device or from the ATM, wherein the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC, wherein the challenge can pertain to a sequence in which inputs for the biometric data are to be provided, and wherein the CV can be submitted to the ATM by the user after scanning of a debit/credit card at the ATM by the user within a defined time period of the CV generation.
  • FIGs 1A and 1B illustrate overall architecture of system proposed to illustrate its working, in accordance with an exemplary embodiment of the present disclosure.
  • FIG. 2 illustrates functional modules of system proposed, in accordance with an exemplary embodiment of the present disclosure.
  • FIGs. 3A and 3B illustrate working of the present disclosure using a sequence diagram, in accordance with an exemplary embodiment of the present disclosure.
  • FIGs. 4A and 4B illustrate how user profile can be maintained at a user mobile device and at a centralized database respectively, in accordance with an exemplary embodiment of the present disclosure.
  • FIGs. 5A to 5C illustrate functioning of the proposed system, in accordance with an exemplary embodiment of the present disclosure.
  • FIG. 6 illustrates a method of implementing the proposed system, in accordance with an exemplary embodiment of the present disclosure.
  • Embodiments of the present invention include various steps, which will be described below.
  • the steps may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special- purpose processor programmed with the instructions to perform the steps.
  • steps may be performed by a combination of hardware, software, and firmware and/or by human operators.
  • Embodiments of the present invention may be provided as a computer program product, which may include a machine-readable storage medium tangibly embodying thereon instructions, which may be used to program a computer (or other electronic devices) toperform a process.
  • the machine-readable medium may include, but is not limited to, fixed (hard) drives, magnetic tape, floppy diskettes, optical disks, compact disc read-only memories (CD-ROMs), and magneto-optical disks, semiconductor memories, such as ROMs, PROMs, random access memories (RAMs), programmable read-only memories (PROMs), erasable PROMs (EPROMs), electrically erasable PROMs (EEPROMs), flash memory, magnetic or optical cards, or other type of media/machine-readable medium suitable for storing electronic instructions (e.g., computer programming code, such as software or firmware).
  • Various methods described herein may be practiced by combining one or more machine-readable storage media containing the code according to the present invention with appropriate standard computer hardware to execute the code contained therein.
  • An apparatus for practicing various embodiments of the present invention may involve one or more computers (or one or more processors within a single computer) and storage systems containing or having network access to computer program(s) coded in accordance with various methods described herein, and the method steps of the invention could be accomplished by modules, routines, subroutines, or subparts of a computer program product.
  • embodiments may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof.
  • the program code or code segments to perform the necessary tasks may be stored in a machine-readable medium.
  • a processor(s) may perform the necessary tasks.
  • systems depicted in some of the figures may be provided in various configurations.
  • the systems may be configured as a distributed system where one or more components of the system are distributed across one or more networks in a cloud computing system.
  • the present disclosure mainly relates to an authentication system that uses non- duplicable biometric data for authentication.
  • it relates to an authentication system that uses a mobile device for authenticating a user at an ATM/PoS machine to enable the user make a financial transaction.
  • the system can be similarly deployed for any other purpose requiring user authentication based upon biometric data.
  • a method for authenticating a user can include : receiving, at a central computing device, a challenge value (CV) from an automated teller machine (ATM) that the central computing device is operatively coupled with, the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM; matching, at the central computing device, using a database that is operatively coupled with the central computing device, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and authenticating the user if a match is found between the CV and the TV.
  • CV challenge value
  • ATM automated teller machine
  • the central computing device can be a server or cloud.
  • the challenge can be received by the user from a user computing device or from the ATM, and the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC.
  • the challenge can pertain to a sequence in which inputs for the biometric data are to be provided.
  • the biometric data can be obtained from any or a combination of fingerprint scanner, iris scanner, and facial scanner.
  • the CV can be submitted to the ATM by the user after scanning of a debit/credit card at the ATM by the user within a defined time period of the CV generation.
  • ATM PIN of the user can be presented to the user or provided directly to the ATM for processing the transaction, the ATM PIN being stored as a part of the user’s profile along with the authentic biometric data.
  • the biometric device can be uniquely associated with the user.
  • a system to authenticate a user including: a non-transitory storage device having embodied therein one or more routines operable to authenticate a user; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines, wherein the one or more routines can include: a challenge value receive module, which when executed by the one or more processors, can receive a challenge value (CV) from an automated teller machine (ATM), the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM; a challenge value based matching module, which when executed by the one or more processors, can match , using a database, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and a matching output based authentication module, which when executed by the
  • the challenge can be received by the user from a user computing device or from the ATM, wherein the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC, wherein the challenge can pertain to a sequence in which inputs for the biometric data are to be provided, and wherein the CV can be submitted to the ATM by the user after scanning of a debit/credit card at the ATM by the user within a defined time period of the CV generation.
  • FIG. 1 illustrates overall architecture of system proposed to illustrate its working, in accordance with an exemplary embodiment of the present disclosure.
  • proposed system can use one or more biometric input devices configured to be in operative communication with a mobile device (for instance a smartphone) of a user via any communication technology such as NFC, Bluetooth, Wi-Fi and the like.
  • the biometric input device can be part of the mobile device itself (for instance, a fingerprints scanner or a facial scanner that can be part of the mobile device itself), to reduce overall cost of deployment of the proposed system.
  • Each biometric input device can be identified with its own unique biometric ID (UBID).
  • the mobile device can also carry a unique device ID (UDID).
  • each type of biometric data that can be generated by a biometric input device can be given a unique code for its further identification later on, as elaborated hereunder.
  • a left thumb scan be indicated by TH_L
  • a left index finger scan as I_L and so on. It can be readily understood this is purely exemplary and any unique code can be assigned to different categories of biometric inputs.
  • a biometric input device/biometric device can be uniquely associated with its user.
  • the system (or its mobile application that can be configured on a user mobile device) can enable a user (a user being a person allowed to legitimately use the system being elaborated herein) to create a user profile by providing his user name as usual and further using the biometric input devices and his/her mobile device to provide his/her biometric data.
  • Proposed system can associate each biometric data with corresponding UDID, UBID and user ID so as to clearly identify its origin.
  • biometric data can form part of a user profile that can be stored offline at the mobile device of the user, as well as online in a centralized database communicatively coupled to the proposed system wherein the database can be in the cloud or at a server, for example.
  • the centralized database can contain user profiles of all users of the proposed system.
  • the user can be provided means (such as a weblink that can be sent to his email id automatically during the process of user’s registration) using which the user can download his/her user profile data on to his/her mobile device later and the user provided a facility to delete any of his user profile data stored on the guest mobile device.
  • means such as a weblink that can be sent to his email id automatically during the process of user’s registration
  • a user can further add to his/her user profile various financial instruments (for instance debit card, credit card etc.) the user wishes to use the proposed system for as well as PIN (personal identification number) of each financial instrument.
  • various financial instruments for instance debit card, credit card etc.
  • PIN personal identification number
  • the proposed system can ask, after the user has added a financial instrument details (such as a credit card), the current PIN of the card. Thereafter the proposed system can query the authority who has issued the financial instrument (for example the bank who issues the credit card) and verify whether details provided are authentic. Upon proper verification, the financial instrument details and its PIN can be added to the user’s profile.
  • the user can be enabled to provide multiple such cards that can be added to the user’s profile.
  • different users can be associated with same financial instrument as well .
  • the head of the family that can be termed as the user
  • the other members of the family can be termed as sub-users herein
  • Proposed system can store and associate such data with corresponding UBID and UDID in such a manner that each user/sub-user can use the associated financial instrument(s) independent of another.
  • the user can set various limits (for example, frequency and amount of withdrawals in a month) for each sub-user.
  • proposed system can check if the biometric data has been provided earlier, either with the same UBID/UDID or another one. If so, proposed system can stop the registration process and proceed only if the older user profile is deleted. Similarly, proposed system can be configured to accept only a limited number of registrations (or enable the user to stop creation of further user profiles at any time). Thereafter if anyone attempts a new registration using the mobile device or the biometric input devices (for instance when the mobile device/biometric input devices get stolen) the proposed system can raise an alert. In this manner, firmware manipulation can be avoided.
  • all user profile details as elaborated above can be provided in an encrypted format both on the mobile device of the user as well as the centralized database so as to avoid their misuse by unauthorized persons. Proper algorithms can be deployed to decrypt the data as and when needed.
  • the proposed system can compute and provide/display a random challenge to the person.
  • the challenge can comprise biometric data and their sequence the person should provide using biometric input devices operatively connected to the mobile device/proposed system. Accordingly, the person can provide his/her biometric data to the system.
  • the proposed system can compute a numerical value based on data provided (hereinafter termed challenge value or CV).
  • the system can prepend/append challenge information using the underlying unique codes provided for each type of biometric data as elaborated above, and further a date/time stamp the CV was computed to the CV and in his manner create a One Time Biometric PIN (OTBPIN) For instance, if the challenge was a right hand thumb scan ( code TH_R) followed by a left hand thumb scan ( Code TH_L) that created a challenge value of 1835, and the CV was computed on 23 rd February 2017 at 10:30 AM, the OTBPIN can be TH RTH Ll 8352302171030.
  • OTBPIN One Time Biometric PIN
  • the OTBPIN carries information regarding the type of biometric inputs provided, their sequence, based upon biometric data accordingly received the computed challenge value, and the date/time of creation of the challenge value. Since the challenge has been randomly generated, it can be appreciated that the OTBPIN will also be completely random.
  • proposed system can convert the OTBPIN as created above into a format more convenient using appropriate tables for the purpose that can be provided both at the mobile device as well as at the centralized database.
  • the tables can be referred to by the proposed system to extract relevant information from the OTBPIN as and when required.
  • the person can go to an ATM machine/PoS machine operatively connected to the proposed system and provide account number the person wants to use the OTBPIN for.
  • the account number can be that of a debit card the person has.
  • the person can simply swipe the debit card at an ATM machine as usual wherein the machine can extract/retrieve the account information from the debit card.
  • the person can be asked the PIN on the display of the ATM machine.
  • the person can provide OTBPIN generated as above.
  • an appropriate data network such as Internet
  • proposed system can receive the account number and the OTBPIN.
  • proposed system can extract from the OTBPIN date/time of creation of the CV and in case the pre-determined period has expired stop the authentication process there itself and display an appropriate message on the ATM machine. For instance, the message can say“Your OTBPIN has expired. Please create a new OTBPIN and provide it here within . minutes”.
  • proposed system can access the user profile details maintained at the centralized database. Further, from the OTBPIN the system can extract the challenge information (for instance, the challenge was right hand thumb scan followed by left hand thumb scan, as elaborated above) and the challenge value (CV). Using the challenge information and the biometric data of the user stored in the centralized database, the proposed system can compute a numerical value based upon the biometric data of the user, such value being termed as true value (interchangeably termed as TV herein).
  • proposed system can determine if the TV is same as CV.In case the TV is the same as CV, it can be concluded that the person who has provided the biometric data is same as the user authorized to operate the account from which a withdrawal is being attempted at the ATM machine. If so, proposed system can determine from the user profile the PIN number of the account and pass the PIN number to the financial institution (bank ,for instance) in such a manner that the user can proceed as normal to make a withdrawal from the ATM machine.
  • the TV is not the same as CV
  • the person who has provided the biometric data on the mobile device is not the user authorized to operate the corresponding account.
  • proposed system can raise an alert that can be used for various purposes.
  • the alert can be sent to the user using an alternate means of communication already provided by the user (such as an email address or an alternate mobile number), it can warn the bank/ police etc. that an unauthorized withdrawal is being attempted, it can be used for security analysis purposes and can constitute a security log.
  • the user profile can also be provided offline in the user’s mobile device itself.
  • the device can verify at its own end itself whether the TV matches the CV and take actions as elaborated above accordingly. For instance, if the TV matches the CV, corresponding PIN can be displayed on the mobile device itself, and the user can provide the same to the ATM/PoS.
  • an alert can be displayed on the mobile device.
  • even in case of a mismatch alert need not be displayed on the mobile device but the user / bank/police etc. informed automatically using communication systems available in the mobile device that an unauthorized financial transaction (for instance a withdrawal) has been attempted.
  • the user has access to his/her biometric data and associated information that can reside in his/her mobile device and hence, can use such data as elaborated hereunder for various transactions using his financial instruments even when the user does not have access to Internet using one time biometric PINs that can be randomly generated.
  • proposed system can be configured to use the offline user profile details stored in the user’s mobile device and attempt to use the centralized database stored at the server end only if the offline database is not available.
  • proposed system can be configured in a vice versa fashion. That is, firstly access to the centralized database can be attempted and if, for any reason the same is not accessible (for instance, due to Internet problems), after a pre-determined time, proposed system can make use of the local/offline data stored in the user’s mobile device.
  • proposed system can select the right user/sub-user profile to enable proper match of the TV with the CV.
  • proposed system can display on the PoS machine associated user names/IDs, allow the user to select one and consequent to that selection proceed further as already elaborated.
  • proposed system can be configured to make it essential for the user to use the same mobile device and/or the same biometric input devices. In this manner various levels of security can be configured by the proposed system.
  • a user 102 can desire to use the proposed system H2wherein user mobile device (UMD) 104 can provide a challenge 106 for the user, the challenge comprising various biometric data to be provided by the user 102 and their sequence. Accordingly the user 102 can provide his/her challenge based biometric data using biometric input devices operatively connected to the UMD 104 or configured within the UMD 104 itself, as shown at 108.
  • UMD user mobile device
  • proposed system 112 can enable the UMD 104 to generate a onetime biometric personal identification number(OTBPIN) in the form of a code including challenge information, challenge value (CV) computed on basis of challenge based biometric data provided by the user 102, and the date/time stamp the CV was computed, as shown at 110.
  • OTBPIN onetime biometric personal identification number
  • CV challenge value
  • the OTBPIN may be alphanumeric although it is being termed as a personal identification number herein in accordance with common use terminology.
  • user 102 can provide the OTBPIN at an ATM 122 (or a PoS machine) configured to work with the proposed system 112 as illustrated at 124 (FIG.1B), the ATM 122 being one on which user 102 wants to make a cash withdrawal transaction.
  • ATM 122 can automatically extract the account information from a corresponding debit card that the user 102 can swipe at the ATM, as is usually done.
  • System 112 can receive the account number and the OTBPIN from ATM 122, as shown at 126.
  • system 112 Upon receipt of account number from ATM 122, system 112 can retrieve the biometric data provided by the user at the time of registration with the system. Further, the system 112 can extract from the OTBPIN the challenge information. Based upon the challenge information and the biometric data provided by the user at the time of registration with the system, system 112 can compute a true value (TV).
  • TV true value
  • proposed system can compare the CV with the TV. In case the two match, it can be concluded that the user now providing the biometric data is the same as that registered with the proposed system (i.e. both are user 102 only). In this case, proposed system can provide the ATM PIN provided by the user 102 at the time of registration to the ATM 122 as illustrated at 128 and the ATM 122 can accordingly proceed further with the cash withdrawal transaction. In another exemplary embodiment, system 112 can provide the ATM PIN to UMD 104, as illustrated at 130 and thereafter user 102 can provide the same to the ATM 122 to continue with the cash withdrawal transaction.
  • the system can send the computed TV to the ATM 122.
  • the ATM 122 will then extract the CV from OTBPIN entered by the user and will match the TV with CV. If the both values match, the ATM 122 will allow the user to withdraw money or perform any other operations such as checking the account balance, etc. This method will eliminate the risk of the centralized database being hacked for getting the Account PIN.
  • FIG. 2 illustrates functional modules of system proposed, in accordance with an exemplary embodiment of the present disclosure.
  • relevant modules of the proposed system can be configured to be operatively connected to a website, or can be configured at a central computing device /cloud.
  • the modules being described herein can also operatively communicate with a mobile application that can be downloaded on a mobile device that can connect to Internet or any other similar data transmission system suitable for operating the proposed system as elaborated hereunder. In such manner the proposed system can be available 24*7 to its users. Any other manner of implementation of the proposed system or a part thereof is well within the scope of the present disclosure/invention.
  • modules being described herein are only exemplary modules and any other module or sub-module can be included as part of the proposed system. These modules too can be merged or divided into super-modules or sub-modules as may be configured and can be spread across one or more computing devices operatively connected to each other using appropriate communication technologies
  • proposed system 112 to authenticate a user can contain a challenge value receive module 202, a challenge value based matching module 204, and a matching output based authentication module 206.
  • the proposed system with these modules can be configured at a central computing device.
  • the central computing device can be a server or the cloud.
  • the system can also have additional modules, or be operatively coupled to appropriate modules that may be implemented using a mobile application to enable features as elaborated hereunder.
  • module 202 can receive a challenge value (CV) from an ATM that the central computing device is operatively coupled with, the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received (by module 202) during a transaction being attempted by the user at the ATM.
  • CV challenge value
  • the challenge can be received by the user from a user computing device or from the ATM, wherein the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC.
  • the challenge can pertain to a sequence in which inputs for the biometric data are to be provided.
  • module 202 can enable the CV to be submitted to the ATM by the user after the user has scanned his/her debit/credit card at the ATM by the user.
  • module 202 can enable the CV to be submitted to it within a defined time period of its generation.
  • module 202 can be operatively connected to challenge creation module that can create a random challenge when required, the challenge information comprising biometric inputs to be provided and their sequence (for instance, left hand thumb scan followed by right hand index finger scan), when initiated by a user wanting to use the proposed system to authenticate himself/herself for various purposes as elaborated above (for instance, for making a withdrawal at an ATM).
  • the challenge creation module can be configured within module 202 itself, enabling the user to get the challenge information (interchangeably termed as challenge herein) on his computing device operatively connected to the proposed system.
  • the challenge creation module may be a part of the mobile application, enabling the user to get the challenge on his mobile device.
  • the ATM’s display device itself can provide the challenge information and various biometric devices operatively coupled to the ATM itself can receive corresponding biometric data from the user to generate the CV.
  • the challenge creation module can be part of the mobile application.
  • the user prior to going to the ATM can run the mobile application wherein the application can provide the challenge on the user mobile device (HMD).
  • the user can then use biometric devices in/operatively connected to the mobile device to provide various biometric data that the mobile application can then use to generate the CV that can be provided to module 202.
  • the CV can be retrieved from an One Time Biometric Pin that can be generated as elaborated above
  • module 202 can receive challenge information/challenge from the challenge creation module and accordingly enable the user to provide his/her biometric data to finally create the OTBPIN as elaborated above.
  • the OTBPIN can include challenge information, challenge value (CV) and date/time the CV was computed.
  • the user can provide the biometric data on a mobile device that may/may not be the same upon which the user had provided his/her biometric data (during registration).
  • module 204 can match, using a database that is operatively coupled with module 204, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database (interchangeably termed herein as centralized database).
  • a database that is operatively coupled with module 204, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database (interchangeably termed herein as centralized database).
  • TV true value
  • the centralized database can store various users’ authentic biometric data in the centralized database wherein the users’ authentic biometric data can be included in a user profile that can be created using a user profile module.
  • the authentic biometric data can be provided by the user during an initial registration process.
  • the user profile module can be part of the mobile application that a user can download on his/her mobile device, and can create complete user profile (including the user’s authentic biometric data) based upon various inputs received from the user. It can interface with various biometric input devices (such as fingerprint scanners, iris scanners, facial scanners and the like) and accordingly enable the user to provide various biometric data pertaining to himself/herself.
  • the user profile module can associate the user’s authentic biometric data with various other data pertaining to the user to create a user profile table (UPT) as illustrated in FIG.4A.
  • data can include, for example, the user’s bank account number and associated ATM PIN for executing a transaction using the account at an ATM machine.
  • user profile tables for each can be created accordingly.
  • the user profile module can send a user profile data to the centralized database that can be operatively coupled to module 204 as elaborated above.
  • the centralized database can maintain the user profile data in a row and thereby a plurality of user profiles can be stored in corresponding rows. Each row can have, for instance, associated account number of the user on basis of which the user profile can be retrieved when required.
  • module 204 can receive account number of the user that can be provided by the user at an ATM Machine (for instance, by swiping the user debit card at the ATM, as elaborated above) and, using the challenge information extracted from the OTBPIN created as above and the authentic biometric data of the user (as stored at the centralized database), can compute a numerical value based upon the authentic biometric data of the user, such value being termed as the true value (TV). Further module 204 can extract the challenge value (CV) from the OTBPIN and compare it to the TV and provide matching output to module 206 for authentication therein as elaborated further.
  • CV challenge value
  • module 204 can select the right user/sub-user profile to enable proper match of the TV with the CV.
  • module 204 can display on the PoS machine associated user names/IDs, allow the user to select one and consequent to that selection proceed further as already elaborated.
  • module 204 can enable the matching of the CV to the TV only for a pre- determined time period after computation/generation of the CV and thereafter can enable a message to be displayed on mobile device of the user(UMD) requesting the person to initiate again the authentication process.
  • module 206 can authenticate the user if a match is found between the CV and the TV, based upon the matching output that module 206 can receive from module 204.
  • the matching output can be in form of an alert signal that can be used for various purposes as elaborated.
  • the matching output can include ATM pin of the user that can be provided to the user or provided directly to the ATM for processing the transaction, the ATM PIN being stored as a part of the user’s profile along with the authentic biometric data.
  • module 204 can verify at the mobile device itself whether the TV matches the CV and generate the matching output for module 206. Accordingly, if the TV matches the CV, corresponding PIN can be displayed on the mobile device itself, and the user can provide the same to the ATM/PoS. In case of a mismatch, an alert can be displayed on the mobile device. In another exemplary embodiment, even in case of a mismatch alert need not be displayed on the mobile device but the user / bank/police etc. informed automatically using communication systems available in the mobile device that an unauthorized financial transaction (for instance a withdrawal) has been attempted.
  • HMD mobile device
  • module 204 can be configured to use the offline user profile details stored in the user’s mobile device and attempt to use the centralized database stored at the server end only if the offline database is not available.
  • module 204 can be configured in a vice versa fashion. That is, firstly access to the centralized database can be attempted and if, for any reason the same is not accessible (for instance, due to Internet problems), after a pre-determined time, proposed system can make use of the local/offline data stored in the user’s mobile device.
  • the proposed system has access to the user’s biometric data and associated information and can use such data to authenticate the user as elaborated above and so enable the user execute various financial transactions using his financial instruments even when the user does not have access to Internet.
  • FIG. 3A illustrates working of the present disclosure using a sequence diagram, in accordance with an exemplary embodiment of the present disclosure.
  • proposed system 112 can enable a user 102 to provide user profile data including biometric data using a user mobile device (UMD) 104.
  • the user profile data can be stored at the UMD 104 as well at a centralized database that can be configured in the system 112 itself, or be in operative communication with the system 112.
  • the user profile data can include biometric data of the user 102 that can be generated by various biometric input devices in operative communication with the UMD 104, or configured within the UMD 104 itself.
  • UMD 104 can generate a challenge as shown at step 2.
  • the challenge can be passed on to user 102 as shown at step 3.
  • the challenge can be displayed at UMD 104.
  • User 102 can provide challenge based biometric data to UMD 104 as illustrated at step 4.
  • the user 102 can use various biometric input devices in operative communication with the UMD, or configured within UMD 104. Accordingly, as shown at step5, UMD 104 can generate a One Time Biometric PIN (OTBPIN), the OTBPIN including challenge information, challenge value and date/time stamp of computation of challenge value.
  • OTBPIN One Time Biometric PIN
  • the OTBPIN can be passed on to user 102 as shown at step 6.
  • user 102 can swipe his/her debit card at an ATM 122 configured to work with the proposed system and when asked, can provide the OTBPIN to ATM 122 as shown at step 7.
  • ATM 122 can extract/retrieve account information and can forward the account number and the OTBPIN to the proposed system 112, as shown at step 8.
  • Proposed system 112 can extract the challenge value (CV) and challenge information from the OTBPIN as shown at step 9. Using the account information, the system can access biometric data provided by user 102 user during registration (that is part of the user profile stored at centralized database) . Using this biometric data and the challenge information, proposed system 112 can compute a true value (TV) as shown at step 10.
  • CV challenge value
  • TV true value
  • proposed system 112 can match the TV with the CV. Upon a successful match, it can be concluded that the user is the same as that registered and so, the proposed system can provide the ATM PIN stored in the user profile data at the centralized database to the ATM as shown at step 12 and the transaction can proceed further.
  • the ATM PIN can be displayed on the UMD as shown at step 13 and the user can manually provide the ATM PIN to the ATM to proceed further with the transaction.
  • FIG. 3B illustrates an alternate working of the present disclosure using a sequence diagram, in accordance with an exemplary embodiment of the present disclosure.
  • the system upon computing the TV at step 10, the system send the computed TV to the ATM 122 in step lOa.
  • the ATM 122 will then extract the CV from OTBPIN entered by the user at step lOb and will match the TV with CV at step 11. If the both values match, the ATM 122 will allow the user to withdraw money or perform any other operations such as checking the account balance, etc. at step 12. This method will eliminate the risk of the centralized database being hacked for getting the Account PIN.
  • FIGs. 4A and 4B illustrate how user profile can be maintained at a user mobile device and at a centralized database respectively, in accordance with an exemplary embodiment of the present disclosure.
  • proposed system can enable a user to provide, using his/her mobile device and various biometric input devices operatively configured with the user mobile device various biometric data of the user that can be further associated with various user information such as user name, number of the account user wants to use with the proposed system, and the account number’s PIN that is presently being used to operate the account for various transactions using an ATM machine. All such information can be stored in a user profile table that the proposed system can maintain at the user mobile devices (UMD). Besides the unique device identification (UDID) as well as unique biometric input device identification (UBID) can also be stored along with above information as illustrated. All such data can be collectively termed as user profile. In case the same mobile device is being used for multiple users, various user profile data can be stored in a database similar to as elaborated in FIG. 4B, each row of the database pertaining to one account.
  • the proposed system can also enable the UMD to send all information to a centralized database that can receive information from all users of the proposed system.
  • the centralized database can contain all user profile data in a table format, each row pertaining to one unique account. As can be readily understood, if a user has multiple accounts, he will have multiple rows but all information therein except for the account number may remain the same.
  • the centralized database can be configured within the system itself, or be configured at a remote server/cloud and be in operative communication with the proposed server.
  • proposed system can use the local/offline user profile data as stored in the user mobile device, or can access the online/remote user profile data as configured at the centralized database.
  • FIGs. 5A to 5C illustrate functioning of the proposed system, in accordance with an exemplary embodiment of the present disclosure.
  • a user upon starting an authentication procedure a user (that has already registered with the proposed system and so has provided his/her biometric data to the proposed system) can be shown a challenge on the user mobile device (UMD).
  • UMD user mobile device
  • the user can use a biometric input device such as a scanner shown to provide the biometric data required.
  • the biometric input device can be configured within the UMD itself as shown, thereby lowering the overall cost of the proposed system.
  • proposed system can generate an OTBPIN as elaborated above and can display the OTBPIN to the user on the UMD as illustrated at FIG. 5B. Also, the user can be advised to provide the OTBPIN to an appropriately configured ATM within a pre-determined period, as shown at FIG. 5B.
  • proposed system can proceed with authentication as elaborated above. If the user is the same as that registered with the proposed system (for the account from which the user is presently attempting a withdrawal from the ATM, for example), proposed system can display an appropriate message at the UMD, as illustrated at FIG. C.
  • FIG. 6 illustrates a method of implementing the proposed system, in accordance with an exemplary embodiment of the present disclosure.
  • the proposed method can be described in general context of computer executable instructions.
  • computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types.
  • the method can also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network.
  • computer executable instructions may be located in both local and remote computer storage media, including memory storage devices.
  • a method for user authentication using biometric data can include, at step 602, receiving, at a central computing device, a challenge value (CV) from an ATM that the central computing device is operatively coupled with, said CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM.
  • CV challenge value
  • the method can further include, at step 604, matching, at the central computing device, using a database that is operatively coupled with the central computing device, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and at step 606, authenticating the user if a match is found between the CV and the TV.
  • step 604 matching, at the central computing device, using a database that is operatively coupled with the central computing device, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database.
  • the user can be asked (on user mobile device or the ATM prior to generation of the OTBPIN) the amount to be withdrawn ( transaction amount) and based upon that the challenge information can be varied, a higher transaction amount asking for more challenge information so as to generate a more/less complex OTBPIN.
  • the transaction amount can be included in the OTBPIN.
  • the ATM/PoS machine can then extract the CV and Transaction amount from the OTBPIN itself.
  • the extracted CV and transaction amount can be sent to the server and the server generates the TV based upon the transaction amount and the CV. This mechanism enables to reduce the hassle of the user to enter the amount and the security level for more transaction amount can also be increased. All such embodiments and their equivalents are completely within the scope of the present disclosure.
  • the term“coupled to” is intended to include both direct coupling (in which two elements that are coupled to each other or in contact each other) and indirect coupling (in which at least one additional element is located between the two elements). Therefore, the terms“coupled to” and“coupled with” are used synonymously. Within the context of this document terms“coupled to” and“coupled with” are also used euphemistically to mean“communicatively coupled with” over a network, where two or more devices are able to exchange data with each other over the network, possibly via one or more intermediary device.
  • the present disclosure provides for a system for user authentication that uses biometric data in form of a random challenge thereby making it highly secure.
  • the present disclosure provides for a system for user authentication that uses existing biometric input devices so as to reduce cost of deployment.
  • the present disclosure provides for a system for user authentication that can be used both in an offline as well as an online mode.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A system using biometric data for authentication of a user is disclosed. The system stores the user's authentic biometric data and thereafter creates a random challenge comprising biometric inputs to be provided by the user and their sequence. Upon completion of the challenge by the user, the system computes a challenge value (CV). The system further computes a true value (TV) based upon the user's authentic biometric data accessible to it. Thereafter the system authenticates the user if the CV matches the TV. In an exemplary embodiment, the system can be used for ATM/PoS transactions wherein the system provides the user's personal identification (PIN) number for the ATM/PoS to the user upon authentication as above to enable the user execute financial transactions on the ATM/PoS machine.

Description

SYSTEM AND METHOD FOR USER AUTHENTICATION USING BIOMETRIC DATA
FIELD OF DISCLOSURE
[0001] The present disclosure relates to authentication systems. In particular, it relates to a system that uses non-duplicable biometric data for authentication.
BACKGROUND OF THE DISCLOSURE
[0002] The background description includes information that may be useful in understanding the present invention. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed invention, or that any publication specifically or implicitly referenced is prior art.
[0003] The most common use of financial instruments such as debit cards and credit cards is at ATMs (Automated Teller Machines) or PoS( Point of Sale)machines to withdraw cash or to pay for goods purchased. Typically, the procedure requires a user to swipe his/her debit card/credit card at an appropriately configured ATMZPoS machine and then provide at the machine a PIN (Personal Identification Number). The PIN is granted to the user initially by the card issuance authority (for example, a Bank to which the debit card belongs) which the user thereafter changes in a manner that not even the Bank knows his/her PIN. As the user provides his/her PIN to the ATM/PoS machine, the machine communicates with a backend server storing relevant data, authenticates the user on matching of the user’s account number and associated PIN as stored in the server with corresponding data supplied by the user on the ATM/PoS machine (wherein the account information is usually stored in a magnetic strip at back of the debit/credit card, and this information is retrieved by a reader in the ATM/PoS machine as the user‘swipes’ his card through the reader) and in case of a match, proceeds further with execution of the transaction desired by the user ( for instance, a cash withdrawal). However, people do not change their PIN frequently and this can lead to cases of skimming as elaborated hereunder.
[0004] Skimming is identity theft mainly used for debit cards. A counterfeit card reader scans and stores all information written on the magnetic strip of a debit card as the card is slid into an ATM that has the counterfeit card reader placed over the ATM’s real card slot. Tiny spy cameras are positioned to get a clear view of the keypad and record all the actions being made by the user as the user withdraws money and thereby capture the PIN information. Or fake keypads can be put over the real keypad of the ATM and capture the PIN information. Over a billion dollars are lost every year due to skimming related frauds.
[0005] Some recent technologies require providing biometric inputs such as fingerprints at an appropriately configured ATM/PoS machine to reduce such frauds. Most commonly a fingerprint scanner is used for providing such biometric inputs.. During fingerprint scanning, a fingerprint is analyzed for very specific features called minutiae, where the lines in a fingerprint terminate or split in two. The scanner measures the distances and angles between these features and then uses an algorithm (mathematical process) to turn this information into a unique numeric code. Authenticating a user is then simply a matter of comparing these codes based upon fingerprint scanning done at different times. During a registration process a user’s fingerprint data is stored at a central server while during authentication the fingerprint data being provided at the time is compared with that stored during registration. If the two match, the user is granted access to his account. In a similar manner, various biometric data-facial features for instance - can be reduced to unique numeric codes that can be used for authentication.
[0006] Biometric inputs however require extra devices thereby increasing the cost.
Typically biometric data is stored remote from the user and so, such systems require appropriate data communication networks, mostly Internet. This further increases cost of deployment. Further, biometric data if not held secure can be stolen with damaging consequences if such data is misused.
[0007] Another technique requires generation of an OTP (One Time Pin) that is sent to the user to validate/authenticate the user, such OTP being sent to the user’s RMN (registered mobile number). Typically this requires the user to have an Internet enabled computing device (that can be his/her mobile device as well) and, of course, a mobile connection on his/her mobile device. In case of theft of mobile phone or if any malware is unknowingly installed on the mobile device, this method poses a serious risk as hackers may easily get user credentials.
[0008] As elaborated above, present techniques require an Internet connection, are prone to frauds like skimming and identity theft, may need additional hardware/software with consequent increase in cost, and may require a mobile connection as well. Hence there is a need in the art for a technique and a method that obviates these difficulties.
[0009] All publications herein are incorporated by reference to the same extent as if each individual publication or patent application were specifically and individually indicated to be incorporated by reference. Where a definition or use of a term in an incorporated reference is inconsistent or contrary to the definition of that term provided herein, the definition of that term provided herein applies and the definition of that term in the reference does not apply.
[00010] In some embodiments, the numbers expressing quantities or dimensions of items, and so forth, used to describe and claim certain embodiments of the invention are to be understood as being modified in some instances by the term“about.” Accordingly, in some embodiments, the numerical parameters set forth in the written description and attached claims are approximations that can vary depending upon the desired properties sought to be obtained by a particular embodiment. In some embodiments, the numerical parameters should be construed in light of the number of reported significant digits and by applying ordinary rounding techniques. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of some embodiments of the invention are approximations, the numerical values set forth in the specific examples are reported as precisely as practicable. The numerical values presented in some embodiments of the invention may contain certain errors necessarily resulting from the standard deviation found in their respective testing measurements.
[00011] As used in the description herein and throughout the claims that follow, the meaning of “a,”“an,” and“the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of“in” includes“in” and“on” unless the context clearly dictates otherwise.
[00012] The recitation of ranges of values herein is merely intended to serve as a shorthand method of referring individually to each separate value falling within the range. Unless otherwise indicated herein, each individual value is incorporated into the specification as if it were individually recited herein. All methods described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The use of any and all examples, or exemplary language (e.g.“such as”) provided with respect to certain embodiments herein is intended merely to better illuminate the invention and does not pose a limitation on the scope of the invention otherwise claimed. No language in the specification should be construed as indicating any non-claimed element essential to the practice of the invention.
[00013] Groupings of alternative elements or embodiments of the invention disclosed herein are not to be construed as limitations. Each group member can be referred to and claimed individually or in any combination with other members of the group or other elements found herein. One or more members of a group can be included in, or deleted from, a group for reasons of convenience and/or patentability. When any such inclusion or deletion occurs, the specification is herein deemed to contain the group as modified thus fulfilling the written description of all groups used in the appended claims.
OBJECTS OF THE INVENTION
[00014] Some of the objects of the present disclosure, which at least one embodiment herein satisfies are as listed herein below.
[00015] It is an object of the present disclosure to provide for a system for user authentication that is highly secure.
[00016] It is an object of the present disclosure to provide for a system for user authentication that has low cost of deployment.
[00017] It is an object of the present disclosure to provide for a system for user authentication that can be used both in an offline as well as an online mode.
SUMMARY
[00018] The present disclosure mainly relates to an authentication system that uses non- duplicable biometric data for authentication. In an exemplary embodiment elaborated herein, it relates to an authentication system that uses a mobile device for authenticating a user at an ATM/PoS machine to enable the user make a financial transaction. The system, however, can be similarly deployed for any other purpose requiring user authentication based upon biometric data.
[00019] In an aspect, a method for authenticating a user is disclosed wherein the method can include : receiving, at a central computing device, a challenge value (CV) from an automated teller machine (ATM) that the central computing device is operatively coupled with, the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM; matching, at the central computing device, using a database that is operatively coupled with the central computing device, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and authenticating the user if a match is found between the CV and the TV.
[00020] In another aspect, the central computing device can be a server or cloud.
[00021] In yet another aspect, the challenge can be received by the user from a user computing device or from the ATM, and the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC.
[00022] In another aspect, the challenge can pertain to a sequence in which inputs for the biometric data are to be provided.
[00023] In yet another aspect, the biometric data can be obtained from any or a combination of fingerprint scanner, iris scanner, and facial scanner.
[00024] In another aspect, the CV can be submitted to the ATM by the user after scanning of a debit/credit card at the ATM by the user within a defined time period of the CV generation.
[00025] In yet another aspect, once the user is successfully authenticated, ATM PIN of the user can be presented to the user or provided directly to the ATM for processing the transaction, the ATM PIN being stored as a part of the user’s profile along with the authentic biometric data.
[00026] In an aspect, the biometric device can be uniquely associated with the user.
[00027] In an aspect, a system to authenticate a user is disclosed, the system including: a non-transitory storage device having embodied therein one or more routines operable to authenticate a user; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines, wherein the one or more routines can include: a challenge value receive module, which when executed by the one or more processors, can receive a challenge value (CV) from an automated teller machine (ATM), the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM; a challenge value based matching module, which when executed by the one or more processors, can match , using a database, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and a matching output based authentication module, which when executed by the one or more processors, can authenticate the user if a match is found between the CV and the TV. [00028] In another aspect of the system, the challenge can be received by the user from a user computing device or from the ATM, wherein the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC, wherein the challenge can pertain to a sequence in which inputs for the biometric data are to be provided, and wherein the CV can be submitted to the ATM by the user after scanning of a debit/credit card at the ATM by the user within a defined time period of the CV generation.
[00029] Various objects, features, aspects and advantages of the present disclosure will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like features.
BRIEF DESCRIPTION OF DRAWINGS
[00030] The accompanying drawings are included to provide a further understanding of the present disclosure, and are incorporated in and constitute a part of this specification. The drawings illustrate exemplary embodiments of the present disclosure and, together with the description, serve to explain the principles of the present disclosure. The diagrams are for illustration only, which thus is not a limitation of the present disclosure, and wherein:
[00031] FIGs 1A and 1B illustrate overall architecture of system proposed to illustrate its working, in accordance with an exemplary embodiment of the present disclosure.
[00032] FIG. 2 illustrates functional modules of system proposed, in accordance with an exemplary embodiment of the present disclosure.
[00033] FIGs. 3A and 3B illustrate working of the present disclosure using a sequence diagram, in accordance with an exemplary embodiment of the present disclosure.
[00034] FIGs. 4A and 4B illustrate how user profile can be maintained at a user mobile device and at a centralized database respectively, in accordance with an exemplary embodiment of the present disclosure.
[00035] FIGs. 5A to 5C illustrate functioning of the proposed system, in accordance with an exemplary embodiment of the present disclosure.
[00036] FIG. 6 illustrates a method of implementing the proposed system, in accordance with an exemplary embodiment of the present disclosure. DETAILED DESCRIPTION
[00037] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. However, the amount of detail offered is not intended to limit the anticipated variations of embodiments; on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the present disclosure as defined by the appended claims.
[00038] In the following description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the present invention. It will be apparent to one skilled in the art that embodiments of the present invention may be practiced without some of these specific details.
[00039] Embodiments of the present invention include various steps, which will be described below. The steps may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special- purpose processor programmed with the instructions to perform the steps. Alternatively, steps may be performed by a combination of hardware, software, and firmware and/or by human operators.
[00040] Embodiments of the present invention may be provided as a computer program product, which may include a machine-readable storage medium tangibly embodying thereon instructions, which may be used to program a computer (or other electronic devices) toperform a process. The machine-readable medium may include, but is not limited to, fixed (hard) drives, magnetic tape, floppy diskettes, optical disks, compact disc read-only memories (CD-ROMs), and magneto-optical disks, semiconductor memories, such as ROMs, PROMs, random access memories (RAMs), programmable read-only memories (PROMs), erasable PROMs (EPROMs), electrically erasable PROMs (EEPROMs), flash memory, magnetic or optical cards, or other type of media/machine-readable medium suitable for storing electronic instructions (e.g., computer programming code, such as software or firmware).
[00041] Various methods described herein may be practiced by combining one or more machine-readable storage media containing the code according to the present invention with appropriate standard computer hardware to execute the code contained therein. An apparatus for practicing various embodiments of the present invention may involve one or more computers (or one or more processors within a single computer) and storage systems containing or having network access to computer program(s) coded in accordance with various methods described herein, and the method steps of the invention could be accomplished by modules, routines, subroutines, or subparts of a computer program product.
[00042] If the specification states a component or feature“may”, “can”, “could”, or “might” be included or have a characteristic, that particular component or feature is not required to be included or have the characteristic.
[00043] As used in the description herein and throughout the claims that follow, the meaning of “a,”“an,” and“the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of“in” includes“in” and“on” unless the context clearly dictates otherwise.
[00044] Exemplary embodiments will now be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments are shown. These exemplary embodiments are provided only for illustrative purposes and so that this disclosure will be thorough and complete and will fully convey the scope of the invention to those of ordinary skill in the art. The invention disclosed may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Various modifications will be readily apparent to persons skilled in the art. The general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the invention. Moreover, all statements herein reciting embodiments of the invention, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future (i.e., any elements developed that perform the same function, regardless of structure). Also, the terminology and phraseology used is for the purpose of describing exemplary embodiments and should not be considered limiting. Thus, the present invention is to be accorded the widest scope encompassing numerous alternatives, modifications and equivalents consistent with the principles and features disclosed. For purpose of clarity, details relating to technical material that is known in the technical fields related to the invention have not been described in detail so as not to unnecessarily obscure the present invention. [00045] Thus, for example, it will be appreciated by those of ordinary skill in the art that the diagrams, schematics, illustrations, and the like represent conceptual views or processes illustrating systems and methods embodying this invention. The functions of the various elements shown in the figures may be provided through the use of dedicated hardware as well as hardware capable of executing associated software. Similarly, any switches shown in the figures are conceptual only. Their function may be carried out through the operation of program logic, through dedicated logic, through the interaction of program control and dedicated logic, or even manually, the particular technique being selectable by the entity implementing this invention. Those of ordinary skill in the art further understand that the exemplary hardware, software, processes, methods, and/or operating systems described herein are for illustrative purposes and, thus, are not intended to be limited to any particular named element.
[00046] Furthermore, embodiments may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware or microcode, the program code or code segments to perform the necessary tasks (e.g., a computer-program product) may be stored in a machine-readable medium. A processor(s) may perform the necessary tasks.
[00047] Systems depicted in some of the figures may be provided in various configurations. In some embodiments, the systems may be configured as a distributed system where one or more components of the system are distributed across one or more networks in a cloud computing system.
[00048] Each of the appended claims defines a separate invention, which for infringement purposes is recognized as including equivalents to the various elements or limitations specified in the claims. Depending on the context, all references below to the "invention" may in some cases refer to certain specific embodiments only. In other cases it will be recognized that references to the "invention" will refer to subject matter recited in one or more, but not necessarily all, of the claims.
[00049] All methods described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The use of any and all examples, or exemplary language (e.g.,“such as”) provided with respect to certain embodiments herein is intended merely to better illuminate the invention and does not pose a limitation on the scope of the invention otherwise claimed. No language in the specification should be construed as indicating any non-claimed element essential to the practice of the invention.
[00050] Various terms as used herein are shown below. To the extent a term used in a claim is not defined below, it should be given the broadest definition persons in the pertinent art have given that term as reflected in printed publications and issued patents at the time of filing.
[00051] The present disclosure mainly relates to an authentication system that uses non- duplicable biometric data for authentication. In an exemplary embodiment elaborated herein, it relates to an authentication system that uses a mobile device for authenticating a user at an ATM/PoS machine to enable the user make a financial transaction. The system, however, can be similarly deployed for any other purpose requiring user authentication based upon biometric data.
[00052] In an aspect, a method for authenticating a user is disclosed wherein the method can include : receiving, at a central computing device, a challenge value (CV) from an automated teller machine (ATM) that the central computing device is operatively coupled with, the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM; matching, at the central computing device, using a database that is operatively coupled with the central computing device, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and authenticating the user if a match is found between the CV and the TV.
[00053] In another aspect, the central computing device can be a server or cloud.
[00054] In yet another aspect, the challenge can be received by the user from a user computing device or from the ATM, and the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC.
[00055] In another aspect, the challenge can pertain to a sequence in which inputs for the biometric data are to be provided.
[00056] In yet another aspect, the biometric data can be obtained from any or a combination of fingerprint scanner, iris scanner, and facial scanner. [00057] In another aspect, the CV can be submitted to the ATM by the user after scanning of a debit/credit card at the ATM by the user within a defined time period of the CV generation.
[00058] In yet another aspect, once the user is successfully authenticated, ATM PIN of the user can be presented to the user or provided directly to the ATM for processing the transaction, the ATM PIN being stored as a part of the user’s profile along with the authentic biometric data.
[00059] In an aspect, the biometric device can be uniquely associated with the user.
[00060] In an aspect, a system to authenticate a user is disclosed, the system including: a non-transitory storage device having embodied therein one or more routines operable to authenticate a user; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines, wherein the one or more routines can include: a challenge value receive module, which when executed by the one or more processors, can receive a challenge value (CV) from an automated teller machine (ATM), the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM; a challenge value based matching module, which when executed by the one or more processors, can match , using a database, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and a matching output based authentication module, which when executed by the one or more processors, can authenticate the user if a match is found between the CV and the TV.
[00061] In another aspect of the system, the challenge can be received by the user from a user computing device or from the ATM, wherein the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC, wherein the challenge can pertain to a sequence in which inputs for the biometric data are to be provided, and wherein the CV can be submitted to the ATM by the user after scanning of a debit/credit card at the ATM by the user within a defined time period of the CV generation.
[00062] FIG. 1 illustrates overall architecture of system proposed to illustrate its working, in accordance with an exemplary embodiment of the present disclosure.
[00063] In an aspect, proposed system can use one or more biometric input devices configured to be in operative communication with a mobile device (for instance a smartphone) of a user via any communication technology such as NFC, Bluetooth, Wi-Fi and the like. In an exemplary embodiment, the biometric input device can be part of the mobile device itself (for instance, a fingerprints scanner or a facial scanner that can be part of the mobile device itself), to reduce overall cost of deployment of the proposed system. Each biometric input device can be identified with its own unique biometric ID (UBID). In another aspect, the mobile device can also carry a unique device ID (UDID). Further, each type of biometric data that can be generated by a biometric input device (interchangeably termed as biometric device herein) can be given a unique code for its further identification later on, as elaborated hereunder. For instance, a left thumb scan be indicated by TH_L, a left index finger scan as I_L and so on. It can be readily understood this is purely exemplary and any unique code can be assigned to different categories of biometric inputs. Using the UBID, a biometric input device/biometric device can be uniquely associated with its user.
[00064] During an initial registration process, the system (or its mobile application that can be configured on a user mobile device) can enable a user (a user being a person allowed to legitimately use the system being elaborated herein) to create a user profile by providing his user name as usual and further using the biometric input devices and his/her mobile device to provide his/her biometric data. Proposed system can associate each biometric data with corresponding UDID, UBID and user ID so as to clearly identify its origin. Such biometric data can form part of a user profile that can be stored offline at the mobile device of the user, as well as online in a centralized database communicatively coupled to the proposed system wherein the database can be in the cloud or at a server, for example. The centralized database can contain user profiles of all users of the proposed system.
[00065] In another aspect, if the mobile device does not belong to the user (such a mobile device being termed guest mobile device), the user can be provided means (such as a weblink that can be sent to his email id automatically during the process of user’s registration) using which the user can download his/her user profile data on to his/her mobile device later and the user provided a facility to delete any of his user profile data stored on the guest mobile device.
[00066] In another aspect, a user can further add to his/her user profile various financial instruments (for instance debit card, credit card etc.) the user wishes to use the proposed system for as well as PIN (personal identification number) of each financial instrument. For the purpose proposed system can ask, after the user has added a financial instrument details (such as a credit card), the current PIN of the card. Thereafter the proposed system can query the authority who has issued the financial instrument (for example the bank who issues the credit card) and verify whether details provided are authentic. Upon proper verification, the financial instrument details and its PIN can be added to the user’s profile. The user can be enabled to provide multiple such cards that can be added to the user’s profile.
[00067] In another aspect, different users (and accordingly their biometric data) can be associated with same financial instrument as well .For instance, if a family of four wants to use same credit card, the head of the family (that can be termed as the user) can associate his/her biometric data with the card and thereafter can enable the other members of the family (interchangeably termed as sub-users herein) to provide their biometric data as well as PINs etc. Proposed system can store and associate such data with corresponding UBID and UDID in such a manner that each user/sub-user can use the associated financial instrument(s) independent of another. In an exemplary embodiment, the user can set various limits (for example, frequency and amount of withdrawals in a month) for each sub-user.
[00068] In yet another aspect, each time a biometric data is provided during an initial registration process as elaborated above, proposed system can check if the biometric data has been provided earlier, either with the same UBID/UDID or another one. If so, proposed system can stop the registration process and proceed only if the older user profile is deleted. Similarly, proposed system can be configured to accept only a limited number of registrations (or enable the user to stop creation of further user profiles at any time). Thereafter if anyone attempts a new registration using the mobile device or the biometric input devices (for instance when the mobile device/biometric input devices get stolen) the proposed system can raise an alert. In this manner, firmware manipulation can be avoided.
[00069] In an exemplary embodiment, all user profile details as elaborated above can be provided in an encrypted format both on the mobile device of the user as well as the centralized database so as to avoid their misuse by unauthorized persons. Proper algorithms can be deployed to decrypt the data as and when needed.
[00070] In an aspect, upon a person initiating an authentication sequence using, for instance, a mobile device configured with a mobile application of the proposed system, the proposed system can compute and provide/display a random challenge to the person. The challenge can comprise biometric data and their sequence the person should provide using biometric input devices operatively connected to the mobile device/proposed system. Accordingly, the person can provide his/her biometric data to the system. Thereafter, the proposed system can compute a numerical value based on data provided (hereinafter termed challenge value or CV). Further, the system can prepend/append challenge information using the underlying unique codes provided for each type of biometric data as elaborated above, and further a date/time stamp the CV was computed to the CV and in his manner create a One Time Biometric PIN (OTBPIN) For instance, if the challenge was a right hand thumb scan ( code TH_R) followed by a left hand thumb scan ( Code TH_L) that created a challenge value of 1835, and the CV was computed on 23rd February 2017 at 10:30 AM, the OTBPIN can be TH RTH Ll 8352302171030. As can be readily understood, the OTBPIN carries information regarding the type of biometric inputs provided, their sequence, based upon biometric data accordingly received the computed challenge value, and the date/time of creation of the challenge value. Since the challenge has been randomly generated, it can be appreciated that the OTBPIN will also be completely random.
[00071] In an exemplary embodiment, proposed system can convert the OTBPIN as created above into a format more convenient using appropriate tables for the purpose that can be provided both at the mobile device as well as at the centralized database. The tables can be referred to by the proposed system to extract relevant information from the OTBPIN as and when required.
[00072] Within a pre-determined period of OTBIN created as above, the person can go to an ATM machine/PoS machine operatively connected to the proposed system and provide account number the person wants to use the OTBPIN for. For instance, the account number can be that of a debit card the person has. In an exemplary embodiment, the person can simply swipe the debit card at an ATM machine as usual wherein the machine can extract/retrieve the account information from the debit card.
[00073] Thereafter, as usual, the person can be asked the PIN on the display of the ATM machine. Instead of the PIN, the person can provide OTBPIN generated as above. Using an appropriate data network (such as Internet), proposed system can receive the account number and the OTBPIN.
[00074] In an aspect, proposed system can extract from the OTBPIN date/time of creation of the CV and in case the pre-determined period has expired stop the authentication process there itself and display an appropriate message on the ATM machine. For instance, the message can say“Your OTBPIN has expired. Please create a new OTBPIN and provide it here within . minutes”.
[00075] Otherwise, using the account number, proposed system can access the user profile details maintained at the centralized database. Further, from the OTBPIN the system can extract the challenge information (for instance, the challenge was right hand thumb scan followed by left hand thumb scan, as elaborated above) and the challenge value (CV). Using the challenge information and the biometric data of the user stored in the centralized database, the proposed system can compute a numerical value based upon the biometric data of the user, such value being termed as true value (interchangeably termed as TV herein).
[00076] In yet another aspect, proposed system can determine if the TV is same as CV.In case the TV is the same as CV, it can be concluded that the person who has provided the biometric data is same as the user authorized to operate the account from which a withdrawal is being attempted at the ATM machine. If so, proposed system can determine from the user profile the PIN number of the account and pass the PIN number to the financial institution (bank ,for instance) in such a manner that the user can proceed as normal to make a withdrawal from the ATM machine.
[00077] On the other hand, in case the TV is not the same as CV, it can readily be understood that the person who has provided the biometric data on the mobile device is not the user authorized to operate the corresponding account. In this case, proposed system can raise an alert that can be used for various purposes. For instance, the alert can be sent to the user using an alternate means of communication already provided by the user (such as an email address or an alternate mobile number), it can warn the bank/ police etc. that an unauthorized withdrawal is being attempted, it can be used for security analysis purposes and can constitute a security log.
[00078] In an alternate exemplary embodiment, as already elaborated, the user profile can also be provided offline in the user’s mobile device itself. In this case, the device can verify at its own end itself whether the TV matches the CV and take actions as elaborated above accordingly. For instance, if the TV matches the CV, corresponding PIN can be displayed on the mobile device itself, and the user can provide the same to the ATM/PoS. In case of a mismatch, an alert can be displayed on the mobile device. In another exemplary embodiment, even in case of a mismatch alert need not be displayed on the mobile device but the user / bank/police etc. informed automatically using communication systems available in the mobile device that an unauthorized financial transaction (for instance a withdrawal) has been attempted.
[00079] In this manner, the user has access to his/her biometric data and associated information that can reside in his/her mobile device and hence, can use such data as elaborated hereunder for various transactions using his financial instruments even when the user does not have access to Internet using one time biometric PINs that can be randomly generated.
[00080] In another exemplary embodiment, proposed system can be configured to use the offline user profile details stored in the user’s mobile device and attempt to use the centralized database stored at the server end only if the offline database is not available. In yet another exemplary embodiment, proposed system can be configured in a vice versa fashion. That is, firstly access to the centralized database can be attempted and if, for any reason the same is not accessible (for instance, due to Internet problems), after a pre-determined time, proposed system can make use of the local/offline data stored in the user’s mobile device.
[00081] In another aspect, in case there are more than one user profiles associated with same financial instrument (for instance, all family members using one credit card as elaborated above), proposed system can select the right user/sub-user profile to enable proper match of the TV with the CV. For the purpose when a user provides the account details (by swiping at a PoS machine a credit card associated with multiple sub-users for instance), proposed system can display on the PoS machine associated user names/IDs, allow the user to select one and consequent to that selection proceed further as already elaborated.
[00082] As can be understood, it may not be necessary for a user to use the same mobile device or the same biometric input devices via which the user has registered. In alternate exemplary embodiments, proposed system can be configured to make it essential for the user to use the same mobile device and/or the same biometric input devices. In this manner various levels of security can be configured by the proposed system.
[00083] As illustrated in FIG.1A, a user 102 can desire to use the proposed system H2wherein user mobile device (UMD) 104 can provide a challenge 106 for the user, the challenge comprising various biometric data to be provided by the user 102 and their sequence. Accordingly the user 102 can provide his/her challenge based biometric data using biometric input devices operatively connected to the UMD 104 or configured within the UMD 104 itself, as shown at 108. [00084] Upon receipt of the challenge based biometric data, proposed system 112 can enable the UMD 104 to generate a onetime biometric personal identification number(OTBPIN) in the form of a code including challenge information, challenge value (CV) computed on basis of challenge based biometric data provided by the user 102, and the date/time stamp the CV was computed, as shown at 110. It can be appreciated that the OTBPIN may be alphanumeric although it is being termed as a personal identification number herein in accordance with common use terminology.
[00085] Within a pre-determined time period from computation of the CV, user 102 can provide the OTBPIN at an ATM 122 (or a PoS machine) configured to work with the proposed system 112 as illustrated at 124 (FIG.1B), the ATM 122 being one on which user 102 wants to make a cash withdrawal transaction. ATM 122 can automatically extract the account information from a corresponding debit card that the user 102 can swipe at the ATM, as is usually done. System 112 can receive the account number and the OTBPIN from ATM 122, as shown at 126.
[00086] Upon receipt of account number from ATM 122, system 112 can retrieve the biometric data provided by the user at the time of registration with the system. Further, the system 112 can extract from the OTBPIN the challenge information. Based upon the challenge information and the biometric data provided by the user at the time of registration with the system, system 112 can compute a true value (TV).
[00087] Thereafter, proposed system can compare the CV with the TV. In case the two match, it can be concluded that the user now providing the biometric data is the same as that registered with the proposed system (i.e. both are user 102 only). In this case, proposed system can provide the ATM PIN provided by the user 102 at the time of registration to the ATM 122 as illustrated at 128 and the ATM 122 can accordingly proceed further with the cash withdrawal transaction. In another exemplary embodiment, system 112 can provide the ATM PIN to UMD 104, as illustrated at 130 and thereafter user 102 can provide the same to the ATM 122 to continue with the cash withdrawal transaction.
[00088] In another aspect, the system can send the computed TV to the ATM 122. The ATM 122 will then extract the CV from OTBPIN entered by the user and will match the TV with CV. If the both values match, the ATM 122 will allow the user to withdraw money or perform any other operations such as checking the account balance, etc. This method will eliminate the risk of the centralized database being hacked for getting the Account PIN. [00089] FIG. 2 illustrates functional modules of system proposed, in accordance with an exemplary embodiment of the present disclosure.
[00090] In an aspect, relevant modules of the proposed system can be configured to be operatively connected to a website, or can be configured at a central computing device /cloud. The modules being described herein can also operatively communicate with a mobile application that can be downloaded on a mobile device that can connect to Internet or any other similar data transmission system suitable for operating the proposed system as elaborated hereunder. In such manner the proposed system can be available 24*7 to its users. Any other manner of implementation of the proposed system or a part thereof is well within the scope of the present disclosure/invention.
[00091] It would be appreciated that modules being described herein are only exemplary modules and any other module or sub-module can be included as part of the proposed system. These modules too can be merged or divided into super-modules or sub-modules as may be configured and can be spread across one or more computing devices operatively connected to each other using appropriate communication technologies
[00092] In an aspect, proposed system 112 to authenticate a user can contain a challenge value receive module 202, a challenge value based matching module 204, and a matching output based authentication module 206. The proposed system with these modules can be configured at a central computing device. In an exemplary embodiment, the central computing device can be a server or the cloud. In various exemplary embodiments, the system can also have additional modules, or be operatively coupled to appropriate modules that may be implemented using a mobile application to enable features as elaborated hereunder.
Challenge Value Receive Module 202,
[00093] In an aspect, module 202 can receive a challenge value (CV) from an ATM that the central computing device is operatively coupled with, the CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received (by module 202) during a transaction being attempted by the user at the ATM.
[00094] In another aspect, the challenge can be received by the user from a user computing device or from the ATM, wherein the user computing device can be selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC. The challenge can pertain to a sequence in which inputs for the biometric data are to be provided.
[00095] In yet another aspect, module 202 can enable the CV to be submitted to the ATM by the user after the user has scanned his/her debit/credit card at the ATM by the user.
[00096] In an aspect, module 202 can enable the CV to be submitted to it within a defined time period of its generation.
[00097] In an aspect, module 202 can be operatively connected to challenge creation module that can create a random challenge when required, the challenge information comprising biometric inputs to be provided and their sequence (for instance, left hand thumb scan followed by right hand index finger scan), when initiated by a user wanting to use the proposed system to authenticate himself/herself for various purposes as elaborated above (for instance, for making a withdrawal at an ATM). The challenge creation module can be configured within module 202 itself, enabling the user to get the challenge information (interchangeably termed as challenge herein) on his computing device operatively connected to the proposed system. The challenge creation module may be a part of the mobile application, enabling the user to get the challenge on his mobile device.
[00098] In an exemplary embodiment, when the user attempts to withdraw an amount at an ATM, the ATM’s display device itself can provide the challenge information and various biometric devices operatively coupled to the ATM itself can receive corresponding biometric data from the user to generate the CV.
[00099] In yet another exemplary embodiment, the challenge creation module can be part of the mobile application. The user prior to going to the ATM can run the mobile application wherein the application can provide the challenge on the user mobile device (HMD). The user can then use biometric devices in/operatively connected to the mobile device to provide various biometric data that the mobile application can then use to generate the CV that can be provided to module 202.
[000100] In an exemplary embodiment, the CV can be retrieved from an One Time Biometric Pin that can be generated as elaborated above
[000101] For the purpose, module 202 can receive challenge information/challenge from the challenge creation module and accordingly enable the user to provide his/her biometric data to finally create the OTBPIN as elaborated above. The OTBPIN can include challenge information, challenge value (CV) and date/time the CV was computed. The user can provide the biometric data on a mobile device that may/may not be the same upon which the user had provided his/her biometric data (during registration).
Challenge Value Based Matching Module 204
[000102] In an aspect, module 204 can match, using a database that is operatively coupled with module 204, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database (interchangeably termed herein as centralized database).
[000103] In an exemplary embodiment, the centralized database can store various users’ authentic biometric data in the centralized database wherein the users’ authentic biometric data can be included in a user profile that can be created using a user profile module. The authentic biometric data can be provided by the user during an initial registration process. The user profile module can be part of the mobile application that a user can download on his/her mobile device, and can create complete user profile ( including the user’s authentic biometric data) based upon various inputs received from the user. It can interface with various biometric input devices (such as fingerprint scanners, iris scanners, facial scanners and the like) and accordingly enable the user to provide various biometric data pertaining to himself/herself.
[000104] Further, the user profile module can associate the user’s authentic biometric data with various other data pertaining to the user to create a user profile table (UPT) as illustrated in FIG.4A. Such data can include, for example, the user’s bank account number and associated ATM PIN for executing a transaction using the account at an ATM machine. In case the same bank account number is being used by multiple users (members of a family, for instance), user profile tables for each can be created accordingly.
[000105] In another aspect, the user profile module can send a user profile data to the centralized database that can be operatively coupled to module 204 as elaborated above. The centralized database can maintain the user profile data in a row and thereby a plurality of user profiles can be stored in corresponding rows. Each row can have, for instance, associated account number of the user on basis of which the user profile can be retrieved when required.
[000106] In an exemplary embodiment, module 204 can receive account number of the user that can be provided by the user at an ATM Machine (for instance, by swiping the user debit card at the ATM, as elaborated above) and, using the challenge information extracted from the OTBPIN created as above and the authentic biometric data of the user (as stored at the centralized database), can compute a numerical value based upon the authentic biometric data of the user, such value being termed as the true value (TV). Further module 204 can extract the challenge value (CV) from the OTBPIN and compare it to the TV and provide matching output to module 206 for authentication therein as elaborated further.
[000107] In another aspect, in case there is more than one user profiles associated with same financial instrument (for instance, all family members using one credit card as elaborated above), module 204 can select the right user/sub-user profile to enable proper match of the TV with the CV. For the purpose when a user provides the account details (by swiping at a PoS machine a credit card associated with multiple sub-users for instance), module 204 can display on the PoS machine associated user names/IDs, allow the user to select one and consequent to that selection proceed further as already elaborated.
[000108] In an exemplary embodiment, module 204 can enable the matching of the CV to the TV only for a pre- determined time period after computation/generation of the CV and thereafter can enable a message to be displayed on mobile device of the user(UMD) requesting the person to initiate again the authentication process.
Matching Output Based Authentication Module 206
[000109] In an aspect, module 206 can authenticate the user if a match is found between the CV and the TV, based upon the matching output that module 206 can receive from module 204.
[000110] In another aspect, in case the CV does not match the TV, the matching output can be in form of an alert signal that can be used for various purposes as elaborated.
[000111] In yet another aspect, in case the CV matches the TV, the matching output can include ATM pin of the user that can be provided to the user or provided directly to the ATM for processing the transaction, the ATM PIN being stored as a part of the user’s profile along with the authentic biometric data.
[000112] In an alternate exemplary embodiment, various modules as elaborated above, and the user’s authentic biometric data can be configured/stored in the user’s mobile device (HMD) itself In this case, module 204 can verify at the mobile device itself whether the TV matches the CV and generate the matching output for module 206. Accordingly, if the TV matches the CV, corresponding PIN can be displayed on the mobile device itself, and the user can provide the same to the ATM/PoS. In case of a mismatch, an alert can be displayed on the mobile device. In another exemplary embodiment, even in case of a mismatch alert need not be displayed on the mobile device but the user / bank/police etc. informed automatically using communication systems available in the mobile device that an unauthorized financial transaction (for instance a withdrawal) has been attempted.
[000113] In another exemplary embodiment, module 204 can be configured to use the offline user profile details stored in the user’s mobile device and attempt to use the centralized database stored at the server end only if the offline database is not available. In yet another exemplary embodiment, module 204 can be configured in a vice versa fashion. That is, firstly access to the centralized database can be attempted and if, for any reason the same is not accessible (for instance, due to Internet problems), after a pre-determined time, proposed system can make use of the local/offline data stored in the user’s mobile device.
[000114] In this manner, the proposed system has access to the user’s biometric data and associated information and can use such data to authenticate the user as elaborated above and so enable the user execute various financial transactions using his financial instruments even when the user does not have access to Internet.
[000115] Although the proposed system has been elaborated as above to include all the main modules, it is completely possible that actual implementations may include only a part of the proposed modules or a combination of those or a division of those into sub-modules in various combinations across multiple devices that can be operatively coupled with each other, including in the cloud. Further the modules can be configured in any sequence to achieve objectives elaborated. Also, it can be appreciated that proposed system can be configured in a computing device or across a plurality of computing devices operatively connected with each other, wherein the computing devices can be any of a computer, a laptop, a mobile device, an Internet enabled mobile device and the like. Therefore, all possible modifications, implementations and embodiments of where and how the proposed system is configured are well within the scope of the present invention.
[000116] FIG. 3A illustrates working of the present disclosure using a sequence diagram, in accordance with an exemplary embodiment of the present disclosure.
[000117] In an aspect, as shown at step 1 during a registration process proposed system 112 can enable a user 102 to provide user profile data including biometric data using a user mobile device (UMD) 104. The user profile data can be stored at the UMD 104 as well at a centralized database that can be configured in the system 112 itself, or be in operative communication with the system 112. The user profile data can include biometric data of the user 102 that can be generated by various biometric input devices in operative communication with the UMD 104, or configured within the UMD 104 itself.
[000118] Thereafter, when user 102 wants to use the proposed system for a transaction at an ATM configured to work with the proposed system, UMD 104 can generate a challenge as shown at step 2. The challenge can be passed on to user 102 as shown at step 3. In an exemplary embodiment, the challenge can be displayed at UMD 104.
[000119] User 102 can provide challenge based biometric data to UMD 104 as illustrated at step 4. For the purpose the user 102 can use various biometric input devices in operative communication with the UMD, or configured within UMD 104. Accordingly, as shown at step5, UMD 104 can generate a One Time Biometric PIN (OTBPIN), the OTBPIN including challenge information, challenge value and date/time stamp of computation of challenge value. The OTBPIN can be passed on to user 102 as shown at step 6.
[000120] Thereafter, user 102 can swipe his/her debit card at an ATM 122 configured to work with the proposed system and when asked, can provide the OTBPIN to ATM 122 as shown at step 7. ATM 122 can extract/retrieve account information and can forward the account number and the OTBPIN to the proposed system 112, as shown at step 8.
[000121] Proposed system 112 can extract the challenge value (CV) and challenge information from the OTBPIN as shown at step 9. Using the account information, the system can access biometric data provided by user 102 user during registration (that is part of the user profile stored at centralized database) .Using this biometric data and the challenge information, proposed system 112 can compute a true value (TV) as shown at step 10.
[000122] Thereafter, as shown at step 11, proposed system 112 can match the TV with the CV. Upon a successful match, it can be concluded that the user is the same as that registered and so, the proposed system can provide the ATM PIN stored in the user profile data at the centralized database to the ATM as shown at step 12 and the transaction can proceed further. In an alternate embodiment, the ATM PIN can be displayed on the UMD as shown at step 13 and the user can manually provide the ATM PIN to the ATM to proceed further with the transaction.
[000123] FIG. 3B illustrates an alternate working of the present disclosure using a sequence diagram, in accordance with an exemplary embodiment of the present disclosure. [000124] Even though the steps 1-9 are similar to that of work as illustrated in FIG. 3 A, upon computing the TV at step 10, the system send the computed TV to the ATM 122 in step lOa. The ATM 122 will then extract the CV from OTBPIN entered by the user at step lOb and will match the TV with CV at step 11. If the both values match, the ATM 122 will allow the user to withdraw money or perform any other operations such as checking the account balance, etc. at step 12. This method will eliminate the risk of the centralized database being hacked for getting the Account PIN.
[000125] FIGs. 4A and 4B illustrate how user profile can be maintained at a user mobile device and at a centralized database respectively, in accordance with an exemplary embodiment of the present disclosure.
[000126] As illustrated in FIG. 4A, during a registration process proposed system can enable a user to provide, using his/her mobile device and various biometric input devices operatively configured with the user mobile device various biometric data of the user that can be further associated with various user information such as user name, number of the account user wants to use with the proposed system, and the account number’s PIN that is presently being used to operate the account for various transactions using an ATM machine. All such information can be stored in a user profile table that the proposed system can maintain at the user mobile devices (UMD). Besides the unique device identification (UDID) as well as unique biometric input device identification (UBID) can also be stored along with above information as illustrated. All such data can be collectively termed as user profile. In case the same mobile device is being used for multiple users, various user profile data can be stored in a database similar to as elaborated in FIG. 4B, each row of the database pertaining to one account.
[000127] The proposed system can also enable the UMD to send all information to a centralized database that can receive information from all users of the proposed system. As illustrated in FIG.4B, the centralized database can contain all user profile data in a table format, each row pertaining to one unique account. As can be readily understood, if a user has multiple accounts, he will have multiple rows but all information therein except for the account number may remain the same. The centralized database can be configured within the system itself, or be configured at a remote server/cloud and be in operative communication with the proposed server. [000128] As already elaborated, proposed system can use the local/offline user profile data as stored in the user mobile device, or can access the online/remote user profile data as configured at the centralized database.
[000129] FIGs. 5A to 5C illustrate functioning of the proposed system, in accordance with an exemplary embodiment of the present disclosure.
[000130] As shown at FIG. 5A, upon starting an authentication procedure a user (that has already registered with the proposed system and so has provided his/her biometric data to the proposed system) can be shown a challenge on the user mobile device (UMD). The user can use a biometric input device such as a scanner shown to provide the biometric data required. The biometric input device can be configured within the UMD itself as shown, thereby lowering the overall cost of the proposed system.
[000131] Thereafter, proposed system can generate an OTBPIN as elaborated above and can display the OTBPIN to the user on the UMD as illustrated at FIG. 5B. Also, the user can be advised to provide the OTBPIN to an appropriately configured ATM within a pre-determined period, as shown at FIG. 5B.
[000132] Upon providing the OTBPIN at the appropriately configured ATM, proposed system can proceed with authentication as elaborated above. If the user is the same as that registered with the proposed system (for the account from which the user is presently attempting a withdrawal from the ATM, for example), proposed system can display an appropriate message at the UMD, as illustrated at FIG. C.
[000133] FIG. 6 illustrates a method of implementing the proposed system, in accordance with an exemplary embodiment of the present disclosure.
[000134] In an aspect, the proposed method can be described in general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. The method can also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, computer executable instructions may be located in both local and remote computer storage media, including memory storage devices. [000135] The order in which the method as described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method or alternate methods. Additionally, individual blocks may be deleted from the method without departing from the spirit and scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof. However, for ease of explanation, in the embodiments described below, the method may be considered to be implemented in the above described system.
[000136] In an aspect, a method for user authentication using biometric data can include, at step 602, receiving, at a central computing device, a challenge value (CV) from an ATM that the central computing device is operatively coupled with, said CV being generated based on biometric data provided by the user using a biometric device in response to a challenge received by the user, and the CV being received during a transaction being attempted by the user at the ATM.
[000137] The method can further include, at step 604, matching, at the central computing device, using a database that is operatively coupled with the central computing device, the CV with a true value (TV), the TV being generated based on running the challenge on authentic biometric data of the user stored in the database; and at step 606, authenticating the user if a match is found between the CV and the TV.
[000138] While the system has been elaborated as above with reference to its application for an ATM/PoS transaction, it can readily be understood that it can as well be applied to any other application that requires user authentication. Such applications can include, but are not limited to, websites login, e-commerce payments, internet banking login and the like. Even secure physical areas (such as restricted areas) that require authentication of a user before access is granted to the user can deploy system proposed. All such embodiments and their equivalents are completely within the scope of the present disclosure.
[000139] While one method of generating an OTBPIN is elaborated above, many other similar methods can be used. For instance, the user can be asked (on user mobile device or the ATM prior to generation of the OTBPIN) the amount to be withdrawn ( transaction amount) and based upon that the challenge information can be varied, a higher transaction amount asking for more challenge information so as to generate a more/less complex OTBPIN. The transaction amount can be included in the OTBPIN. Thus it may be appreciated that, when the user actually initiates a transaction at ATM/PoS terminal, the user does not have to enter the amount at the ATM/PoS terminal. Instead, the user can enter only OTBPIN. The ATM/PoS machine can then extract the CV and Transaction amount from the OTBPIN itself. The extracted CV and transaction amount can be sent to the server and the server generates the TV based upon the transaction amount and the CV. This mechanism enables to reduce the hassle of the user to enter the amount and the security level for more transaction amount can also be increased. All such embodiments and their equivalents are completely within the scope of the present disclosure.
[000140] As used herein, and unless the context dictates otherwise, the term“coupled to” is intended to include both direct coupling (in which two elements that are coupled to each other or in contact each other) and indirect coupling (in which at least one additional element is located between the two elements). Therefore, the terms“coupled to” and“coupled with” are used synonymously. Within the context of this document terms“coupled to” and“coupled with” are also used euphemistically to mean“communicatively coupled with” over a network, where two or more devices are able to exchange data with each other over the network, possibly via one or more intermediary device.
[000141] Moreover, in interpreting both the specification and the claims, all terms should be interpreted in the broadest possible manner consistent with the context. In particular, the terms“comprises” and“comprising” should be interpreted as referring to elements, components, or steps in a non-exclusive manner, indicating that the referenced elements, components, or steps may be present, or utilized, or combined with other elements, components, or steps that are not expressly referenced. Where the specification claims refers to at least one of something selected from the group consisting of A, B, C ....and N, the text should be interpreted as requiring only one element from the group, not A plus N, or B plus N, etc.
[000142] While some embodiments of the present disclosure have been illustrated and described, those are completely exemplary in nature. The disclosure is not limited to the embodiments as elaborated herein only and it would be apparent to those skilled in the art that numerous modifications besides those already described are possible without departing from the inventive concepts herein. All such modifications, changes, variations, substitutions, and equivalents are completely within the scope of the present disclosure. The inventive subject matter, therefore, is not to be restricted except in the spirit of the appended claims. [000143] While the system proposed herein has been explained using mostly male gender, it can be readily appreciated that such usage is only for ease in expression and has no bearing on the system provided by the embodiments herein. System proposed can be used as effectively irrespective of gender.
ADVANTAGES OF THE INVENTION
[000144] The present disclosure provides for a system for user authentication that uses biometric data in form of a random challenge thereby making it highly secure.
[000145] The present disclosure provides for a system for user authentication that uses existing biometric input devices so as to reduce cost of deployment.
[000146] The present disclosure provides for a system for user authentication that can be used both in an offline as well as an online mode.

Claims

We Claim:
1. A method for authenticating a user, said method comprising:
receiving, at a central computing device, a challenge value (CV) from an automated teller machine (ATM) that said central computing device is operatively coupled with, said CV being generated based on biometric data provided by said user using a biometric device in response to a challenge received by said user, and said CV being received during a transaction being attempted by said user at said ATM;
matching, at said central computing device, using a database that is operatively coupled with said central computing device, said CV with a true value (TV), said TV being generated based on running said challenge on authentic biometric data of said user stored in said database; and
authenticating said user if a match is found between said CV and said TV.
2. The method of claim 1, wherein said challenge is received by said user from a user computing device or from said ATM, and the said user computing device is selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC.
3. The method of claim 1, wherein said challenge pertains to a sequence in which inputs for said biometric data are to be provided.
4. The method of claim 1, wherein said biometric data is obtained from any or a combination of fingerprint scanner, iris scanner, and facial scanner.
5. The method of claim 1, wherein said CV is submitted to said ATM by said user after scanning of a debit/credit card at said ATM by said user within a defined time period of the said CV generation.
6. The method of claim 1, wherein once said user is successfully authenticated, ATM PIN of said user is presented to said user or provided directly to said ATM for processing said transaction, said ATM PIN being stored as a part of said user’s profile along with said authentic biometric data.
7. The method of claim 1, wherein said biometric device is uniquely associated with the user.
8. The method of claim 1, wherein the method is adapted to be implementable for ay or combination of a website login, an e -commerce payments, an internet banking login.
9. A system to authenticate a user, said system comprising:
a non-transitory storage device having embodied therein one or more routines operable to authenticate a user; and
one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines, wherein the one or more routines include:
a challenge value receive module, which when executed by the one or more processors, receives a challenge value (CV) from an automated teller machine (ATM), said CV being generated based on biometric data provided by said user using a biometric device in response to a challenge received by said user, and said CV being received during a transaction being attempted by said user at said ATM;
a challenge value based matching module, which when executed by the one or more processors, matches, using a database, said CV with a true value (TV), said TV being generated based on running said challenge on authentic biometric data of said user stored in said database; and
a matching output based authentication module, which when executed by the one or more processors, authenticates said user if a match is found between said CV and said TV.
10. The system of claim 9, wherein said challenge is received by said user from a user computing device or from said ATM, wherein said user computing device is selected from any or a combination of a laptop, a mobile phone, a smart phone, a wearable device, a tablet PC, and a desktop PC, wherein said challenge pertains to a sequence in which inputs for said biometric data are to be provided, and wherein said CV is submitted to said ATM by said user after scanning of a debit/credit card at said ATM by said user within a defined time period of the said CV generation.
PCT/IB2018/060304 2017-12-20 2018-12-19 System and method for user authentication using biometric data WO2019123291A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201721045928 2017-12-20
IN201721045928 2017-12-20

Publications (1)

Publication Number Publication Date
WO2019123291A1 true WO2019123291A1 (en) 2019-06-27

Family

ID=66992536

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/060304 WO2019123291A1 (en) 2017-12-20 2018-12-19 System and method for user authentication using biometric data

Country Status (1)

Country Link
WO (1) WO2019123291A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1791073A1 (en) * 2005-11-24 2007-05-30 Hitachi, Ltd. Processing device, helper data generating device, terminal device, authentication device and biometrics authentication system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1791073A1 (en) * 2005-11-24 2007-05-30 Hitachi, Ltd. Processing device, helper data generating device, terminal device, authentication device and biometrics authentication system

Similar Documents

Publication Publication Date Title
AU2023200067B2 (en) Systems and methods for smartcard biometric enrollment
US11552945B2 (en) Transaction authentication
CA2751789C (en) Online user authentication
US20190087825A1 (en) Systems and methods for provisioning biometric templates to biometric devices
US11824642B2 (en) Systems and methods for provisioning biometric image templates to devices for use in user authentication
US20150227937A1 (en) Random biometric authentication method and apparatus
US10453050B1 (en) Systems and methods for flexible checkout
EP3129935A1 (en) Systems and methods for transacting at an atm using a mobile device
KR102479454B1 (en) Mobile communication terminal for personal authentification, personal authentification system and personal authentification method using the mobile communication terminal
US20160092876A1 (en) On-device shared cardholder verification
WO2020076845A1 (en) Tokenized contactless transaction enabled by cloud biometric identification and authentication
US20210065165A1 (en) Systems, methods and computer program products for securing otps
US20230185898A1 (en) Systems and methods for authentication code entry using mobile electronic devices
US20200184451A1 (en) Systems and methods for account event notification
WO2019123291A1 (en) System and method for user authentication using biometric data
US20220051241A1 (en) Systems and methods for user verification via short-range transceiver
Suruthi et al. Efficient handwritten passwords to overcome spyware attacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18891254

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18891254

Country of ref document: EP

Kind code of ref document: A1