WO2020067990A1 - Biometric identification method - Google Patents

Biometric identification method Download PDF

Info

Publication number
WO2020067990A1
WO2020067990A1 PCT/SG2018/050492 SG2018050492W WO2020067990A1 WO 2020067990 A1 WO2020067990 A1 WO 2020067990A1 SG 2018050492 W SG2018050492 W SG 2018050492W WO 2020067990 A1 WO2020067990 A1 WO 2020067990A1
Authority
WO
WIPO (PCT)
Prior art keywords
biometric data
template
biometric
user
person
Prior art date
Application number
PCT/SG2018/050492
Other languages
French (fr)
Inventor
German Ruiz ILLANA
Original Assignee
Coolpay Pte. Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Coolpay Pte. Ltd. filed Critical Coolpay Pte. Ltd.
Priority to PCT/SG2018/050492 priority Critical patent/WO2020067990A1/en
Publication of WO2020067990A1 publication Critical patent/WO2020067990A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/98Detection or correction of errors, e.g. by rescanning the pattern or by human intervention; Evaluation of the quality of the acquired patterns
    • G06V10/993Evaluation of the quality of the acquired pattern
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/13Sensors therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1382Detecting the live character of the finger, i.e. distinguishing from a fake or cadaver finger

Definitions

  • the present invention relates to a method for identifying a person by means of bio metric data.
  • A1 a method for biometric authorization of an electronic pay ment between the customer and the merchant is disclosed.
  • the method comprises the following steps: A consumer enrollment step, an invoice submittal step, a con sumer notification step, a consumer authentication step, an invoice retrieval step, an invoice deposition step, a payment authorization step and an invoice payment pro ceeding step.
  • US 2013/0006784 A1 relates to a method and a system of authentication of a person is disclosed.
  • the method comprises the receiving of biometric information and is transmitting this information to a service provider, determination of the biometric sig nature, receiving a biometric authentication result, determination a biometric authen tication tests score and facilitating use of the biometric authentication tests score.
  • a method for authenticating a user by means of a fingerprint is known. Two candidate fingerprint images are acquired. If the evaluation of the first candidate fingerprint image is not successful then the second candidate finger print image will be evaluated.
  • the object of the invention is to provide a method for generating fast, reliable and secure biometric data template of a person.
  • An additional object of the invention is to provide a method for fast identifying a per son reliable and secure by means of biometric data.
  • an object of the invention is to provide a method of carrying out a cer tain action which needs a fast, secure and reliable identification of a person.
  • an object of the invention is to provide a device for generating fast and high-quality biometric data template.
  • an object of the invention is to provide a device for secure identifying a person by means of biometric data.
  • a method for generating a biometric data template of a person according to the pre sent invention comprises the steps of scanning raw biometric data of a user with a biometric sensor and carrying out at least two of the following three processes in parallel. These processes are:
  • a biometric data template is a digital file which contains the characteristic data points of raw biometric data. This could be, for example, the minutiae of fingerprints.
  • the raw biometric data is scanned with a biometric sensor such as fingerprints sensors.
  • the template can be used, for example, to compare it with other templates.
  • the first process validates the quality of the raw biometric data. Only if the quality of the raw biometric data is above a certain threshold, the generated template will be used in further process steps. For example, the raw biometric data is evaluated by the bright/dark-ratio. If the image is too bright or too dark, it will be impossible to lo cate the distinctive features of the biometric sample and to convert to a template, and compare the templates later on. The same is valid for the contrast level of the bio metric data. If the biometric data is an image, a centroid can be calculated by the weighted mean of each pixel. The centroid of the raw biometric data should be inside of a predefined area.
  • centroid is outside of this area it might be an indicator that, for example, not the correct part of a finger is on the sensor.
  • area size is important. If the area size of the recorded raw biometric data is below a certain threshold, it is an indicator that, for example, a finger is not placed completely on the sensor.
  • the quality of the raw biometric data can also be evaluated by minimum area, mini mum minutiae number, quality index estimator and finger placement index estimator to accept the identification attempt or enrolment reference valid in the quality of im age assurance procedure. More information to clarify why it is important to have high level of uniqueness is available from On The Uniqueness of Fingerprints”, Anil K. Jain.
  • a second process is checking whether the raw biometric data is a fraud data.
  • Many conventional biometric sensors can be outwitted by biometric dummies. For example, fingerprints can be printed out or can be reformed by using imprints. Therefore, due to one of the following described steps a process of fraud detection is scaled out.
  • the position of the biometric data can be checked. For example, if two neighbouring fingerprints are used for the biometric data there are certain positions of these finger prints which are not achievable without dislocating or breaking a finger.
  • the mean colour of the raw biometric data can be evaluated, if the biometric data comprises an image, particularly, if the biometric data comprises an image of a fin gerprint.
  • the human skin colour may vary, there are certain colours which are not part of this spectrum, such as bright blue, green or pure white.
  • Another fraud attempt might be detected by comparing two data sets in a sequence of data sets. If they are too similar, it is a hint that the original data is fake.
  • Real bio metric data vary from scan to scan above a certain threshold of a value, which de scribed the difference between two biometric data sets.
  • the electric resistivity can be measured. For example, if fingerprints are measured, the sweat of the fingers will result in a certain electric conductivity. Also, the temperature might be an indicator of a fraud detection. If it is beyond a cer tain range, it might be a fraud attempt.
  • a light resistivity of the biometric data can be validated.
  • a light diode can illuminate the finger and it can be measured how much light is going through the finger.
  • the blood oximetry can be measured and evaluated. If we have a temporal profile even a heartbeat can be de tected and evaluated.
  • Another fraud detection can be scaled out by the pressure, which is measured by a pressure sensor, for example as they are built in pressure sensitive touchscreens.
  • the pressure of a finger on a hard device is very characteristic.
  • the first contact of the skin and the fat of the finger is very soft while on a later stage of the contact process the pressure is increasing due to the bones.
  • a fake finger made out of rubber has another contact pressure profile than the finger made out of skin, fat, muscles, blood vessels and bones.
  • the capacitance can be measured.
  • Most modern fingerprint sensors are using capacitance sensors.
  • the advantage is that capacitance sensors does not need contact to the detecting object. Such sensors are cheap as well since they are often used in modern smartphones.
  • the process of extracting a biometric data template of the raw biometric data com prises the rotation and shifting of the biometric data in such way that the centroid and the orientation of all biometric data is comparable to each other and/or detection and write out of characteristics of the biometric data.
  • these characteristics can be the minutiae features.
  • the major minutia features of fingerprints, especially their ridges patterns, are friction, valleys, core, delta, bifurcation and ending.
  • the raw biometric data are pre-scanned before the parallel process, which is described above. Especially the evaluation of the contrast and the bright/dark ratio of the raw biometric data can be determined very fast. Only data sets which achieve the minimum level of quality will enter the parallel phase. For example, if we scan fingerprints, a scan can be taken even before the finger touches the sen sor. These empty scans will be sourced out before the parallel process.
  • a user does not need to rely on one perfect scan. For example, if one scan has a duration of around 100 ms, 20 or more scans can be taken during one scan event. The probability that at least one set of raw biometric data is valid is high. Furthermore, due to the comparison of the individual raw biometric data sets, the fraud detection can be improved.
  • a favourable method for generating a biometric data template of a person is carried out in a sensor unit can be scaled out in a microprocessor.
  • a further aspect of the present invention relates to a method for identifying a person by means of biometric data comprising the steps of:
  • the biometric data templates are encrypted and sent via a network to a central serv er, where the biometric data template is compared with biometric data templates of previously enrolled users stored in a secure database.
  • the amount of data which has to be transferred to the security server is reduced.
  • the inventors have realized that the reduced amount of data allows to“outsource” the processing of the biometric data to a central server. This provides a number of advantages. So, it is easier to protect a central server against spoofing than a local sensor device or client device. With this kind of outsourcing the comparison of the scanned biometric data template with a stored biometric data template it is easy to use a combination of sophisticated hardware and algorithm for the comparison. Additionally, to update and check software component integrity of the comparison module is easier than do it for each local device remotely.
  • biometric database which consist the biometric data templates of known users, is stored on the server as well which in creases the security.
  • the aspects of the biometric templates are structured such that a biometric data cannot be deduced by reversing the process.
  • the reversal of the template to biometric data doesn’t hold good for biometric identification when it in cludes anti-spoofing and liveness detection in the authentication and authorization procedure.
  • the storage of biometric template over biometric data reduces the risk of misemploy in case of security breach and/or an impact of hacking.
  • a person is identified and authenticated, access to a person related entry in a se cure database is permitted to the authenticator, for example a payment application running in the device.
  • Such person related entry may contain personal data infor mation such as name and/or age but may also contain more sensible information such as payment method credentials.
  • all credential information that allow access to a good or service which are included in a physical wallet can be transferred to the secure database as a digital asset. This includes, but not limited, emulations of debit and credit cards, cryptocurrency hierarchical deterministic master seeds, cre dentials for loyalty program currency-points, credentials for loyalty program member ships access control, emulation of national identity cards, etc.
  • the system will not only identify and authenticate a user, it will also recog nize and save the purchased goods and services. In combination with personal iden tifiable information of the user, this is very valuable information for a merchant. Simi lar to the presentation of goods and services with a reduced price offered to a user based on the shopping history, a merchant can observe and analyse the purchase pattern of a user to generate personalized offers or allowing the earning of digital as sets that can be fully or partially exchanged by goods and services rather than a con ventional and not targeted offer. During the identification, personalized rewards can be redeemed or earned during the payment procedure without any other form of identification and authentication needed to be done by the user.
  • the template is a list of selected standardized features contained in the raw biometric data. This results in a reduced amount of data compared to the raw biometric data. Standardized features could be, for example, the minutiae features in fingerprints.
  • a template can be readily compared with other templates of the same type, because the standardized features of the templates can be easily mapped to each other.
  • a further aspect of the present invention relates to a method for identifying a person by means of biometric data comprising the comparison of the biometric data template generated from biometric data scanned on an unknown person with templates of known persons stored in the database.
  • biometric data template generated from biometric data scanned on an unknown person with templates of known persons stored in the database.
  • the database several biometric data tem plates are available for each known person. If the data base comprises more than one biometric data template for one person it is more likely that the search algorithm will find a correct match.
  • One single stored several biometric data template might not contain all biometric characteristics, which are present in the current scanned bio metric data template.
  • the biometric data templates which are stored on the database were scanned at different scan events. Additionally, the threshold which will describe how likely a match occurs, can be high so that the comparison is specif ic. Due to the fact that several comparisons are carried out with a plurality of bio metric data templates it is very likely that the correct match is detected although each comparison is very specific.
  • a generated template will be added to the data base template after detecting a coincidence between the generated template with a data base template. Therefore, the quality of the data base increases each time a user will use this meth od. It is beneficial if two or more similar biometric data templates of the same person are stored in the database to average at least some of them. This will reduce the amount of stored data, while the quality of the stored biometric data templates increase with the number of templates. A high quality stored biometric data template will result in a higher recognition accuracy performance. Additionally, an already correlated bio metric data template can be again correlated with a new biometric data template. Preferable, the correlation factor is weighted due to the number of templates.
  • An inventive method of carrying out a certain action which needs the identification of a person comprises the steps of:
  • a fraud attempt can be recognized by verifying an ID of the point of interaction device (POI) to exclude manipulated POIs.
  • POI point of interaction device
  • a biometric data template is considered for checking the probability of a fraud of this action.
  • a first validation on a possible fraud might be done on the hand-held device, it is beneficial to do another validation on the device which will perform the identifying.
  • the stored biometric data templated can be used for a validation of the probability of a fraud as well. For example, if fingerprints and the skin colon are stored the colour can be verified as well. It is possible that fake finger prints tend to have specific patterns, which can be detected with the identifying unit.
  • a fraud pattern database is therefore beneficial. Using artificial intelligence software might help to identify fraud attempts as well. Furthermore, past actions of the user will be considered for the fraud detection such as travel or consume behaviour. For example, it is unlikely that a long-term country resident, who recently bought diapers, will try to buy an expensive watch on another continent understanding the purchase pattern with the time difference and travel time.
  • the coinci- dence of the biometric data template with the entry of the biometric data database and/or the behavior validation a value is extracted.
  • the fraud detection value de scribes the probability of a fraud attempt at the client device.
  • the coincidence value describes the quality of the coincidence and the behaviour value describes the likeli ness of the user behaviour.
  • Each value has to be in a predefined range. If each value is near out of range, it is possible that, although each verification step is passed, in combination the further procedure is declined. It might be possible, that for example, the biometric coincidence value is near out of the predefined range, but as long as the other values do not show a critical behavior, the process will be proceeded. On the other hand, if, for example, the fraud detection and the behavior validation detect both a critical but in range value, the process can be stopped, if the two values are validated in combination.
  • this fraud scoring value is sent along the biometric data template to the secure server.
  • biometric data are fingerprints.
  • Other biometric physical or be havioural data such as voice patterns, image of the iris, the face geometry, the retina pattern, the signature or others can be used alternatively or in combination.
  • the certain action which needs the identification, is a financial transaction.
  • Financial transactions are often time-consuming and unsecure.
  • the problems with classic financial transaction are manifold.
  • One issue is the necessity to carry a financial instrument around.
  • Other issue is the hassle to remember a Person al Identification Number in order to authenticate that you are the owner of the finan cial instrument. Both are sensitive to be stolen and therefore proclive to fail to au thenticate genuinely the true account holder.
  • a financial transaction can be carried out, wherever the system is used. The us er need to register at least once using the POI.
  • a pre-condition might be an automated know your customer procedure where physical identity token like id card, passport or driver license will be use as reference to check biometrically if the person present is who claims in the verified presented document, for example using photo id and performing a verification with the real captured face.
  • personal information extracted from the verified document might be stored. The user did not need to register at a merchant that he has never visited before as long as any merchant or institution with the solution is able to enrol the user to the system a pri ori.
  • a financial instrument which is stored on a secure storage, is used to perform the financial transaction.
  • Most financial transactions need a financial instru ment, like cash money, checks, debit or credit cards.
  • Some of these financial instru ments can be digitalized and stored on the server as access controls credentials.
  • the financial instrument is encrypted as a token by a tokenization service provider.
  • the tokenization service provider is an external service, which receives in formation of a financial instrument and encrypt these information with the authoriza tion of the issuing bank to generate the token and cryptograms, if they are needed.
  • a tokenization service provider can be identical to the issuing bank.
  • the token includes information of the secure server itself, for example IP address or operation system.
  • IP address for example IP address or operation system.
  • One advantage of using a token instead of a complete description of the financial instrument is the increased security. If the secure data base is hacked and the stored data is compromised, it cannot be used for illegal fi nancial transactions, because the token is encrypted and the corresponding user and financial instrument is unknown to the thief and it is very difficult for the thief to emu late the secure server parameter, which are stored in the token as well.
  • a cryptogram is stored on the central server as well.
  • a cryptogram is a dy namic file which is connected to the financial instrument of a user.
  • the file contains additionally limitation information such as an expiry date of the cryptogram, the amount of money which can be used in one financial transaction and/or a limit to the localization where the financial transaction can be carried out.
  • the cryptogram is depleted and a new cryptogram has to be received by the tokenization service provider.
  • a token with a dynamic cryptogram stored on a central server is very effective to protect the financial information of a user. It has the securi ty of a dynamic token, which is described further below, but has not the challenges for card networks, merchants, and processors. It is known that some issuing banks have difficulties to deploy dynamic tokens to the key management configurations in their authentication systems.
  • a static token without a cryptogram on the other hand is less secure than the other two embodiments, because a putative thief has more up to unlimited time to emulate the secure server and perform financial transactions for his own good. However, from a static token it is easier to read out a transaction history, which might be necessary in some embodiments of the invention.
  • a user can enroll to the system to perform afterwards an identifica tion process.
  • a biometric data template of a person is created as described above.
  • the template is sent to a central server.
  • the central server tries to identify the person. It the server fails it create a new entry including the biometric template and a biometric ID in its biometric database.
  • corre sponding entries in at least one of the following databases are created:
  • the user profile database comprises the personal data information, e.g. name, birth day, and address.
  • the user wallet database comprises information about the finan cial instruments and the user interaction database comprises interactions with third party companies, e.g. good or services exchanged for any form of currency payment or points, access records, subscriptions, surveys answers and/or achievements.
  • each entry of the above mentioned databases includes the common iden- tifier Cl. Therefore the common identifier entry can be linked to the other databases, such as the user biometric, profile, wallet or interaction database. Therefore, if one of the databases is hacked, the thief has no information from other database content.
  • a user integrity validation is performed during the enrollment process.
  • the user integrity validation is an additional security step.
  • the enrollee performs two, beneficially three, or more sequential scans of his biometric data. From each scan event the best data is selected. Best data describe the data set with the most bio metric features. After all scans are done, these best data sets are compared to each other to identify a possible fraud event like the intent of enrolling a multiple pair of fingerprints that are different samples in each scan. Additionally the best data set of all three scan events can be proceeded further.
  • a device of generating a biometric data template according to the present invention as it is described above comprises a biometric sensor unit, a user interaction inter face, an external communication unit and a computation unit.
  • the device is capable of recording the raw biometric data and generating a template out of the raw data as described above. Additionally, a user interaction interface can be used to confirm process steps and/or adding additional information. It is beneficial if the device is a handheld device with an internal battery and a wireless connection to the internet.
  • a device for identifying a person by means of biometric data comprises a server, a data base, an external com munication unit and a computation unit. This device will be stored in a central place and will communicate with all these handheld devices which will scan the biometric data via internet.
  • Figure 1 a user, a point of interaction device (POI), a network connection and a secure server in a block diagram,
  • POI point of interaction device
  • Figure 5 an enrollment procedure for various applications in a block diagram
  • Figure 6 an identification procedure for various applications in a block diagram
  • Figure 7 an enrollment procedure of a user to access various databases in a block diagram
  • Figure 8 an identification procedure of a user to access various databases in a block diagram.
  • a system for identifying a person by means of biometric data forms an exemplary embodiment of the present invention.
  • This identification system comprises a point of interaction device (POI) 1 to scan raw biometric data 3 and a secure server 2 to ana lyze biometric data templates 4.
  • the devices of the identification system are embod ied for performing a method according to the invention for identifying a user 5 (figure 1 and 8).
  • the POI 1 is a handheld device and in possession of a person who wants to identify another person 5. This could be for example a merchant or an agent of the govern ment. However, it is also conceivable that the user utilizes a POI 1 for himself, for example, to verify himself on the Internet. Users 5 can interact with these POI 1.
  • the POI 1 are connected to the secure server 2 over a wide area network (WAN) 6, for example the internet. A various number of POI 1 is connected to the same secure server 2.
  • WAN wide area network
  • the POI 1 comprises four main components:
  • a biometric sensor component 8 for example a fingerprint sensor
  • a central program module 10 which coordinates the tasks of the modules of the POI and comprises a secure interface 11 for communicating with the se cure server 2 and a en-/decrypting unit 19 for en- or decrypting data.
  • module means a software element
  • part means a hardware element
  • a component can comprise both a software element as well as a hardware element and the generic term component comprises all modules and all parts.
  • Each component is embodied in a separated shell to increase the security.
  • the shell is a software enclosure of the component which reduces the possible input and out put channels of the corresponding component, so that a communication with each of the components of the identification system can only be carried out via the central program unit 10.
  • the POI 1 comprises at least one processor and memory unit to execute the software modules.
  • the user interface 7 is a touchscreen which forms a dis play for communicating the information and an input device for acquiring the infor mation.
  • the user interface can be embodied as an interface to an external input- and output-device, such as a smart phone or a tablet which acts as the input- and output device.
  • the biometric sensor module 8 comprises a biometric sensor, such as a fingerprint sensor 13.
  • the biometric sensor module 8 creates raw biometric data 3.
  • the finger print sensor 13 can be a solid-state fingerprint sensor or optical fingerprint sensor, wherein the later one are preferred. In the present embodiment the fingerprint sensor 13 scans two fingerprints at the same time.
  • the biometric sensor module 8 comprise a temperature sensor 14 and a pressure sensor 15. These sensors are provided to detect a fraud attempt as it is explained later in detail.
  • the temperature sensor 14 and the pressure sensor 15 are integrated in a transparent layer on a glass plate covering the fingerprint sensor 13.
  • Such kind of pressure sensors are known from touchscreens of smart phones.
  • the secure processing module 9 is also module shielded by a separate shell to ana lyze the scanned raw biometric data 3 and to extract a biometric fingerprint 4 from the raw biometric data 3.
  • the secure processing unit 9 is designed such that it can operate two, preferable three or more processes in parallel. Pro cessing certain processes in parallel means that these processes are carried out e.g. on a multi task operating segments so that these processes can be carried out quasi- simultaneously on a single processer.
  • a multi-core processor is provided for real parallel processing.
  • the central program module 10 is in the present embodiment a main task which communicates with the other components. It comprises an encrypting and decrypting unit 12 for encrypting and decrypting data to send it to the other components of the POI 1 and for sending and receiving data via the secure interface 11.
  • the secure interface 11 is using special ports and protocols to establish a secure data connec tion to the secure server 2 via the Internet 6.
  • the secure server 2 is a network server, for example an internet server, and can be accessed from the POI 1 via specific network protocols.
  • the secure sever 2 is a computer system comprising a processor unit and a memory unit to execute the software modules and is part of a colocation center.
  • the secure server 2 comprises three main components:
  • a server program module 16 to coordinate the process and comprising a serv er secure interface 17 to interact with the POI,
  • biometric engine 18 to perform a matching procedure, which comprise a se cure template biometric database 19, and
  • a secure database 20 which comprises sensitive information about the user 5, such as wallet information.
  • the server program module 16 forms the outer shell of the secure server 2 and coor dinates the interaction with all POIs 2 as well as the individual process steps of the identifying procedure. Additionally, the server program module 16 is coordinating the process flow at the secure server 2.
  • the present embodiment is used for executing payment orders. Therefore, the se cure server 2 is connected via the network 6 to third party platforms (not shown) such as financial institutes.
  • the biometric engine 18 is a module which evaluates biometric data generated by one of the POIs 1 on the basis of data of the secure template database 19 as it will be explained below in more detail.
  • the secure template biometric database 19 comprises data of registered users. These data comprise biometric data and data characterizing the corresponding user, such e.g. an ID and/or family name, first name, date of birth, etc.
  • the secure template biometric database 19 may comprises more than one sub database. Each sub-database contains one set of biometric data template 4. There fore, for each known user 5 several biometric data templates 4 are available. It is beneficial to exchange the oldest biometric data template 4 with the new biometric data template 4 and/or add the biometric data template 4 to an averaged biometric data template 4.
  • the secure database 20 comprises sensitive information about registered users 5 which are needed to carry out a special action such as executing a payment. Usually this information are not relevant for the biometric evaluation. This includes for exam ple credit card information, IDs and bonus point numbers.
  • the server program module 16 gets ac cess to the secure database 20.
  • the secure database 20 com prises several sub-databases which contain different kind of information, such as a user wallet database 21 , user profile database 22 or user interaction database 23. Other kinds of databases are feasible.
  • the content of the sub-databases of the secure database 20 is filled preferably dur ing the enrollment process, when an enrollee 24 subscribes to the system. The pro cess is described in detail below.
  • the profile database 22 comprises demographic data 25, which are personal infor mation linked to the user 5 e.g. ID numbers, certificates, licenses, names, addresses, contact details, photos, links to other users, internal ratings, and/or records of behav ior.
  • the interaction database 23 comprises information to interact with third party compa nies, e.g. member-IDs, grade records, subscriptions, and/or achievements.
  • the user wallet database 21 comprises wallet information 24, which are all infor mation that are needed to authorize a financial transaction, e.g. credit card infor mation, online banking information and/or login details for financial institutes. Prefer able these wallet information are encrypted.
  • the wallet information 24 contains a token 30 and a cryptogram 31.
  • the token 30 is a data file, which contains encrypted information of the financial in strument for being transmitted to a customer of the financial institute to carry out an action with the financial instrument.
  • the financial instrument may be e.g. a credit card or any other debit card.
  • the token 30 includes information of the secure server itself, for example IP address or operation system.
  • a corresponding cryptogram 31 is a dynamic data file, which contains an authoriza tion to use a certain financial instrument.
  • the cryptogram 31 contains additionally limitation information such as an expiry date of the cryptogram 31 , the amount of money which can be used in one financial transaction and/or a limit to the localization where the financial transaction can be carried out.
  • Both, the token 30 as well as the cryptogram 31 are generated on a tokenization service provider 29.
  • an issuing bank 28 which issued the financial instrument, allows a tokenization service provider 29 to create a token 30 and a crypto gram 31.
  • a customer has to re- ceive both the token 30 comprising the information of the financial instrument as well as the cryptogram 31 comprising the authorization of the specific financial instrument.
  • Only the tokenization service provider 29 is able to read the token 30 and the crypto gram 31.
  • the tokenization service provider 29 will sent a request to perform a trans action to the issuing bank 28.
  • a cryptogram 31 can only be used once. After a cryp togram 31 is used for a financial transaction, the cryptogram 31 is depleted and a new cryptogram 31 has to be received by the tokenization service provider 29.
  • the cryptogram 31 is encrypted.
  • biometric data template 4 of the user 5 is stored in a biometric secure template bio metric database 19.
  • the enrolment is described afterwards.
  • biometric data templates 4 and personal information of an unknown user is added to the secure server databases.
  • these characteristic biometric features are fingerprints.
  • the identification process starts with a request, that someone wants a user 5 to be identified at the POI 1. This request is initiated either by pressing a certain button on the POI 1or by touching the fingerprint sensor 8 with a finger (S1).
  • the secure processing module 9 establishes (S2) a secure channel by means of the central program module 10.
  • the secure channel is provided for the communication between biometric sensor component 8 and the cen tral program module 10.
  • the biometric sensor component 8 is activated with a session key in a sensor pro cessor security authentication (S3).
  • the session key is a randomly generated time- dependent key that is used only once for one identification process. With this session key the data of the within the POI 1 is encrypted symmetric.
  • the identification pro cess is performed within a stipulated time frame, similarly the authentication for the payment will be time-dependent as aligned to the session key.
  • a measurement is carried out by means of the biometric sensor component 8.
  • the biometric sensor component 8 captures the fingerprint (S4). Preferably several scans are carried out when the finger once touches the biometric sensor component 8.
  • Each scan takes roughly 100 ms, so during a whole scan event couple of images are taken.
  • Each of the images forms a raw biometric data 3.
  • the biometric sensor module 8 encrypts the raw biometric data 3 afterwards and send the information to the central program module 10 (S5).
  • the central program module 10 decrypts the raw biometric data 3 (S6) and send it to the secure pro cessing unit 9.
  • the secure processing module 9 carries out a pre-quality assessment (S7) of the raw biometric data 3.
  • a pre-quality check comprises a check of contrast and/or a black/white ratio and/or size of the biometric scan area and/or two discreet biometric patches in the case dual fingerprint scan.
  • This pre-quality assessment comprises on ly checks which can be carried out very fast.
  • the pre-quality assessment ensures that only data with a certain quality is forwarded.
  • the quality of the fingerprint images depends e.g. on the time progress of the interaction. In the beginning, where the fin ger starts to touch the sensor the quality is very poor. When the finger comes to rest on the sensor, the quality improves. At the end, when the finger leaves the sensor, the quality of the image gets poor again. With the pre-quality assessment only imag es with a certain quality is handed over to the next process step.
  • the pre-quality checked biometric raw data 3 are processed in parallel by the follow ing three non-sequential processes:
  • the quality assessment process checks again the quality of the scan of the charac teristics in more detail (S8). For example, it verifies that the images of the sensor is not blurred or the image contains enough information to verify the user. The process might check if the area, which the finger contains, is large enough and in the correct position. Eventually, the quality assessment checks the clarity of the crucial biometric features scanned required for identification. If the contrast of the image is too high or too low, errors might occur. If the quality assessment comes to the conclusion that the quality of the scan is too poor, the scan is not used for the identification proce dure. If all raw biometric data 3 from one scan event fail the quality assessment the user 5 have to redo the scan.
  • the spoofing detection verifies if the person is a real living person.
  • the spoofing detection analyzes the raw image of the fingerprint.
  • Image recognition algorithms identifies skin characteristics such as pores and/or macules.
  • a reflection index can be measured from the raw data image.
  • data from the additional sensors such as the temperature sensor 13 and/or the pressure sensor 15 can be used as well. If somebody tries to spoof the system via an artificial finger, the spoofing detection detects it and aboard the whole process. Addi tionally, the spoofing detection is an extended biometric processing methodology.
  • the raw images captured from the sensor 8 are subjected to analytical procedures by drawing reference to the intricacies of living tissues that are distinctive from non living material. Thereby exhibiting the ability to differentiate actual biometrics against fabricated or manipulated replicas. With different features of the biometrics, a score is derived to determine the genuineness of the biometrics.
  • the temperature sensor 13 measures the heat of the finger and if the temperature is below a certain threshold, preferable 55 °C, the finger is not real.
  • the pressure sensor 14 measures the pressure of the finger on the sensor. As de scribed above the first contact of the skin and the fat of the finger is very soft while on a later stage of the contact process the pressure is increasing due to the bones. A fake finger made out of rubber has another contact pressure profile than the finger made out of skin, fat, muscles, blood vessels and bones.
  • Another example is the measurement of the electric resistance of the human skin by another sensor.
  • Another possibility is a blood pressure check which is done via a method, where light is sent from an LED through the skin and again is detected with a further light-sensor. Due to the fluctuation in the light, a computer can calculate the pressure and the level of oxygen of the blood inside the skin. If the spoofing detection founds one or more hints that the identification attempt is a fraud, the identification is aborted and the user 5 is receiving a corresponding mes sage. Eventually the user 5 can restart the whole identification process.
  • the spoofing detection generates a value, which determines the likeliness of a spoof attempt. It is feasible that this value is a weighted mean or a mathematical expression of different sub-values, which correspond to the spoofing detection methods.
  • the value is stored in the biometric data template 4.
  • the template extraction module generates (S10) a template of the fingerprint of the biometric raw data, wherein a selected list of characteristics of the fingerprint is ex tracted and stored as biometric data template 4.
  • the template is a reduced amount of data of the biometric raw data which represents the biometric characteristics of the user 5.
  • these characteristics are e.g. minutiae.
  • the minutia features of fingerprints can comprise their ridges, short ridges, bifurcations, and ridge endings. If other types of biometric sensor components are used the of course other characteristics are extracted to a template.
  • biometric data template 4 is encrypted (S11).
  • the encrypted data template is sent to the central program module 10, where a pro cessor server sends the biometric data templates 4 over the network 6 to the secure server 2 (S12).
  • the network is, for example, the public internet 6.
  • the secure server 2 receives the encrypted biometric data template 4 (S13).
  • the server program module 16 decrypts the encrypted biometric data template 4 (S14).
  • the secure server interface 10 sends the decrypted biometric data template 4 to the biometric engine 18 which carries out a biometric matching procedure (S15).
  • the secure template biometric database 19 comprises at least two sets of biometric data templates 4 for each user: The initial biometric data template 4 from the enrollment and the biometric data template 4 from the last scan, which might be identical to the one from the enrollment in the second use.
  • a value of the coincidence is created, which corresponds to the coincidence of the biometric data template 4 of the current scan to the biometric data template 4 of the secure template biometric database 19.
  • the server program mod ule 16 sends this information to the POI 1 where the user 5 has the chance to enroll to the system.
  • each val ue should be in a predefined range and the weighted mean or the mathematical ex pression of the values should be in a predefined range, too.
  • the values are: the value of the coincidence (from S15), the spoofing detection value (from S9) and the behavior value, which describes how likely it is that the user 3 is performing the current transaction.
  • each verification step S9 and/or S15
  • the further procedure is declined.
  • a user biometric ID is created.
  • the user 5 gains excess to his stored financial information, which are stored in a user wallet database 21 within the secure database 20 (S17).
  • the server program module 16 encrypts and transmits the list of financial instruments of the user 5 and sends it via the network 6 to the POI 1 (S19).
  • the central program module 10 of the POI 1 receives and encrypts the list of finan cial instruments of the user 5 (S20).
  • the user interface 7 presents the list of financial instruments to the user 5, who will select the financial instrument he wants to use (S21).
  • the choice of the user 5 is encrypted and transmitted over the network 6 to the se cure server 2 (S22).
  • the server program 16 of the secure server 2 receives and encrypts the choice of the financial instrument (S23).
  • the server program module 16 of the secure server 2 sends a request to the tokenization service provider 29 to carry out the financial transaction (S25).
  • the request is encrypted and sent via the network 6.
  • the request includes the token 30, the cryptogram 31 and further information, which are necessary to carry out the fi nancial transaction. If the token 30, the cryptogram 31 and the other financial infor mation are valid, the tokenization service provider 29 sends the request further to the issuing bank 28. The issuing bank 28 will then carry out the financial transaction.
  • the secure server 2 will receive a new cryptogram 31 from the tokeniza- tion service provider 29 (S26).
  • the secure server 2 will store the new cryptogram 31 in the user wallet database 21 (S27) to be able to perform a new financial transac tion, if this is requested.
  • the server program module 16 encrypts the response (S28) and send with a proces sor server the encrypted information to the central program module 10 via the net work 6 (S29).
  • the central program module 10 receive the encrypted information (S30) decrypts the information (S31) and send the response to the user interface 7.
  • the user interface 7 shows the response (S32).
  • an enrolment process is described, where a non-registered user, an en- rollee 24, add his biometric and other information to the databases of the secure server 2 (Fig. 1, 3, 4 and 5).
  • the enrolment has on the POI 1 side similar steps as the identification process.
  • the enrollment process begins with the request that somebody wants a user 5 to be registered at the secure server 2. This request is initiated either by pressing a certain button on the PIO 1 or by a failed biometric search at the identification process (E1).
  • the secure processing module 9 establishes the secure channel by means of the central program module 10 (E2).
  • the biometric sensor component 8 is activated with a session key in a sensor processor security identification (E3).
  • the session key is, as described above, a symmetric key to decrypt the data within the POI 1 for each scan event.
  • a measurement is carried out by means of the biometric sensor component 8 (E4).
  • the biometric sensor component 8 captures the fingerprints. As it is done at the iden- tification process several scans are carried out when the finger once touches this bi ometric sensor component 8. During a whole scan, couple of images are taken. Each of the images forms the raw biometric data 3.
  • the biometric sensor model 8 encrypts each raw biometric data 3 and sends this en crypted data to the central program module 10 (E5).
  • the central program module 10 decrypts the raw biometric data 3 (E6) and sends it to the secure processing unit 9.
  • the secure processing module 9 carries out a pre-quality assessment of the raw bi ometric data 3 as it is done at the identification process (E7). With the pre-quality as sessment only raw biometric data 3 with a certain quality is handed over to the next process step.
  • the pre-quality checked biometric raw data 3 are processed in parallel by the follow ing three non-sequential processes:
  • the quality assess ment process checks again the quality of the scan in more detail (E8).
  • the spoofing detection verifies the person as a real living person (E9).
  • the template extraction module generates a template of the fingerprint of the biometric raw data (E10).
  • the raw biometric data 3 is checked with respect to a user integrity validation (E11).
  • a user integrity validation three data sets of raw biometric data are compared (Fig. 3). Each raw biometric data 3 is the highest quality date of one scan event. If the dif ference of the individual data sets is above a predefined threshold, the enrolment process is stopped, because the quality of one or more raw biometric data 3 might be too poor. Additionally it verifies, that the same pair of biometric data i.e. same set of fingers are used each time for a dual fingerprint enrolment. If the difference of the individual data sets below a predefined threshold, the enrollment process is stopped, too. As the two or more data sets are too equal it is a hint that the enrollment process is a spoofing attempt. This attempt might be recorded and send to the secure server 2. Eventually the user 5 is able to restart the enrollment process from the beginning.
  • the biometric data template 4 is encrypted (E12) and send to the secure server 2 via the network 6 (E13).
  • the secure server 2 receives the encrypted biometric data template 4 (E14).
  • the server program module 16 decrypts the encrypted biometric data template 4 (E15).
  • the secure server interface 10 sends the decrypted biometric data template 4 to the biometric engine 18 which carries out a biometric matching procedure (E16).
  • E16 a biometric matching procedure
  • the biometric engine 18 has access to a biometric database, which contains entries of users that are not allowed to enroll at all. These persons could be, for example, criminals, former users, which are expelled, and us ers under disability.
  • the biometric data template 4 will be stored in the secure template biometric database 19 and a match ing biometric ID is generated, which is linked to the biometric data template 4 (E17).
  • the user is registered to the database with a minimum of 3 set of biometric data i.e. fingerprint templates.
  • the secure server 2 will transmit a request of personal information over the network 6 to the POI 1 (E18).
  • the POI 1 will receipt this request (E19) and present the request on the user inter face 7.
  • the user 5 enters personal information such as full name, address, e-mail address, phone number, identification number and/or social medial account infor mation (E20). Thereafter, the personal information is encrypted and transmitted to the secure serv er 2 over the network 6 (E21).
  • the secure server 2 receives and decrypts the personal information (E22).
  • the per sonal information is connected to the biometric ID and stored in the secure database 20 (E23).
  • the secure server transmits a request of instrument information via the network 6 to the POI 1 (E24).
  • the instrument is a financial instrument such as a credit card.
  • the POI 1 receives this request (E25) and presents it on the user interface 7.
  • Information of the financial instruments is for example credit card number, name of the account holder, expiry date and/or the secure code (E26).
  • the instrument information is decrypted on the secure processing module 9 of the POI 1 (E27).
  • the encrypted instrument information is sent from the central program module 10 of the POI 1 via the network 6 to the secure server 2 (E28).
  • the secure server 2 receives the encrypted instrument information (E29).
  • the encrypted instrument information will be forwarded to the issuing bank 28, which will validate the instrument (E30).
  • the issuing bank 28 will verifies, if, for example, the credit card exists, if the card holder exists and if the credit card is not expired.
  • the server program module 16 opens the biometric ID corresponding database entry (E31).
  • the secure server verifies if the account holder of the financial instrument is the same as the user 5 (E32). After the user 5 is validated, the secure server 2 initiates the secure host card emulator (SHOE) (E33). Hereinafter, the server program module 16 will send a request for a token 30 to the issuing bank 28 (E34). The request includes the encrypted instrument information.
  • SHOE secure host card emulator
  • the issuing bank authorize the creation of a token 30 (E35) and sends the authoriza tion to the tokenization service provider 29.
  • the tokenization service provider 29 cre ates a token 30 based on the encrypted instrument information (E36).
  • the created token 30 is sent to the secure server 2.
  • the secure server 2 receives the token 30 (E37) and stores the token 30 in the user wallet database 21 (E38).
  • the secure server 2 will send a request for a cryptogram 31 to the to kenization service provider 29 (E39).
  • the tokenization service provider 29 will create a cryptogram 31 (E40).
  • the secure server 2 After the secure server 2 receives the cryptogram 31 (E41), the cryptogram 31 is stored in the user wallet database 21 (E42). At this moment all information to carry out a financial transaction is stored on the secure database 20 of the secure server 2.
  • the secure server 2 will create a positive response, which will be transmitted in an encrypted form over the network 6 to the POI 1 (E43).
  • the POI 1 receives the encrypted response (E44) and decrypts this response (E45).
  • a system for identifying a user 5 by means of biometric data forms an exem plary embodiment of the present invention.
  • this identification system comprises a point of interaction device 1 and a secure server 2.
  • a user 5 cap tures raw biometric data 3 of biometric characteristics with the POI 1.
  • the POI 1 will extract a biometric data template 4 and sent this biometric data template 4 to a se cure database 20 which is located on the secure server 2.
  • On the secure server an algorithm validates the biometric data template 4 with respect to the entries of the secure template biometric database 19.
  • the secure server 2 grants access to a user wallet database 21 and/or a user profile database 22.
  • the secure template bio metric database 19, the user wallet database 21 and the user profile database 22 are sub-databases of the secure database 20. They are described above.
  • the enrolment of this embodiment is similar to the enrolment described above (Fig.
  • the second embodiment differs from the first embodiment in particular in that there is no validation of the raw biometric data 3 and that the secure template biometric data base 19 is part of the secure database 20.
  • the secure template biometric database 19 contains sub-databases, where different sets of biometric data templates 4 are stored.
  • the first biometric data template 4 is stored in one database
  • the biometric data template 4 of a second scan event is stored in another secure template biometric databases 19. Beside the in creasing gain of information which allows a better identification process it is helpful for crime investigation. Because the biometric data templates 4 of the last scan event are stored as well, they can be used for police enforcements, where, in case of spoofing, the police can analyze the data.
  • the raw biometric data 3 can be combined with other biometric sensors.
  • a camera can ana lyze the face of the user and the image of the user can be analyzed as well.
  • the template of the face recognition data can be sent to the secure server as well.
  • Mo bile phones are common and modern devices have already a biometric scanner as well as a multi-core processor.
  • the initial enrolment can be done everywhere, where the connections between the biometric data and the secure server 2 can be made.
  • a camera at the device can scan the ID of the person as well.
  • the device might compare the biometric image on the ID to the biometric image of the user who is present.
  • secondary processes can be performed in the secure database 20.
  • the prime process might be for example to pay a bill
  • a secondary process might run like a connection to a social media network or a reward company.
  • Another possibility of the invention consists of a notification, which is sent from the secure server 2 to the POI 1 to inform the user 5, which step is performed on the se cure server 2.
  • the secure server 2 validates the POI 1 , which sent the encrypted bio metric data template 4. By the validation, an I D of the POI 1 is checked, if the device is known, registered and does not have a negative entry.
  • a dynamic token is used instead of a static token 30 and a dynamic cryptogram 31.
  • the dynamic token is, similar to the static token, a data file, which contains encrypted information of the financial instrument for being transmitted to a customer of the financial institute to carry out an action with the fi nancial instrument.
  • the financial instrument may be e.g. a credit card or any other debit card.
  • the token includes information of the secure server itself, for example IP address or operation system. Additionally, it has the same purpose as the cryptogram 31 and contains additionally limitation information such as an expiry date of the cryptogram 31 , the amount of money which can be used in one financial transaction and/or a limit to the localization where the financial transaction can be carried out.
  • the dynamic token is generated on a tokenization service provider 29.
  • a dynamic token can only be used once or for a very low number of transactions. After a dynamic token is depleted, a new dynamic token has to be received by the tokeni zation service provider 29. Each time the issuing bank 28 has to authorize the crea tion of the tokenization service provider 29. A dynamic token is only valid within a very short duration. Therefore, a dynamic token has no value to a theft, because at the time a theft wants to use the dynamic token it is already expired.
  • the financial instrument is an instrument to trade cryptocurrencies.
  • the advantage of a cryptocurrency is the decentralized control.
  • a cryptocur rency such as bitcoin the system will not need to use external companies such as a tokenization service provider 29 or an issuing bank 28.
  • the cryptocurrency can be stored in the wallet database 21 of the secure server 2 independently to any issuing bank 28.
  • databases as the profile, user and interaction are conceivable. These databases could be for example a consumer database, in which the consumer be havior is recorded. It might be beneficially to grant third party companies access to this consumer behavior database.
  • the advantage is the anonymization as long as no personal information is stored as well.
  • Another additional database is a solvency database, which stores information about the solvency of the user. For example, if a user has often difficulties to pay off debts a negative entry can be added. Future merchants might ask the user 5 to grant ac cess to this solvency database to estimate the degree of creditworthiness of the user. Additional entries might be added by the issuing bank 28.
  • a database might comprise the loca tion of the user 5.
  • Modern smartphones track constantly the current location. This information could be added to a location database.
  • each new entry can be made without the identification of the user 5.
  • identification processes can be restricted. For example, an hour old entry of the user is within a place in Singapore, the same user cannot perform an identification process in New York.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Quality & Reliability (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention comprises a method for generating a biometric data template of a per- son, a method for identifying a person by means of biometric data, a method of carry-ing out a certain action which needs the identification of a person, as well as devices to perform these methods.

Description

Biometric Identification Method
The present invention relates to a method for identifying a person by means of bio metric data.
In US 6,591 ,249 B2 a method and device is described where a user, a merchant and a third party company perform a transaction which is secured by biometrics. In a first step the user will enroll to the third party company by adding credit card information and the fingerprints. If the user wants to perform a transaction, he enters his credit card information again including his fingerprints which both will be sent to the third party company. There it will be checked if the fingerprints correlates to the credit card. If the information belongs to each other, this information will be sent to the mer chant.
In US 2008/0082451 A1 a method for biometric authorization of an electronic pay ment between the customer and the merchant is disclosed. The method comprises the following steps: A consumer enrollment step, an invoice submittal step, a con sumer notification step, a consumer authentication step, an invoice retrieval step, an invoice deposition step, a payment authorization step and an invoice payment pro ceeding step.
US 2013/0006784 A1 relates to a method and a system of authentication of a person is disclosed. The method comprises the receiving of biometric information and is transmitting this information to a service provider, determination of the biometric sig nature, receiving a biometric authentication result, determination a biometric authen tication tests score and facilitating use of the biometric authentication tests score.
In US 2016/0125416 A1 a method for a user having a computer hardware device is described. For authorization biometric information and a device specific pseudoran dom number will be sent to a server where it is validated.
From WO 2017/196228 A1 a method is known for authenticating a user by means of a fingerprint. Two candidate fingerprint images are acquired. If the evaluation of the first candidate fingerprint image is not successful then the second candidate finger print image will be evaluated.
In On The Uniqueness of Fingerprints”, Anil K. Jain, Dept of Computer Science and Engineering, Michigan State University, Jain@cse.msu.edu, downloaded on Sep tember 24, 2018,
(http://biometiics.cse. msu.edu/Presentations/AniiJain_UniquenessQfFingerprints_NA SQ5.pdf) some aspects of the discrimination of fingerprints are shown.
LivDet 2017 Fingerprint Liveness Detection Competition, 2017, Valerio Mura et al., March 15, 2018, downloaded on September 24, 2018
(https://arxiv.org/pdf/1803.05210.pdf), relates to a Fingerprint Presentation Attack Detector or Fingerprint Liveness Detector (FLD) which is a machine learning-based system able to prevent direct attacks to the scanner, by discriminating images cap tured from live fingers and those coming from fake ones.
The object of the invention is to provide a method for generating fast, reliable and secure biometric data template of a person.
An additional object of the invention is to provide a method for fast identifying a per son reliable and secure by means of biometric data.
Furthermore, an object of the invention is to provide a method of carrying out a cer tain action which needs a fast, secure and reliable identification of a person.
Additionally, an object of the invention is to provide a device for generating fast and high-quality biometric data template.
Moreover, an object of the invention is to provide a device for secure identifying a person by means of biometric data.
One or more of the above mentioned objects are achieved by the subject matter of one of the independent claims. Advantageous developments and preferred embodi ments form the subject of the corresponding sub claims. A method for generating a biometric data template of a person according to the pre sent invention comprises the steps of scanning raw biometric data of a user with a biometric sensor and carrying out at least two of the following three processes in parallel. These processes are:
- checking the quality of the raw biometric data,
- checking whether the raw biometric data are fraud data and/or spoofed, and
- extracting a biometric data template of the raw biometric data.
A biometric data template is a digital file which contains the characteristic data points of raw biometric data. This could be, for example, the minutiae of fingerprints. The raw biometric data is scanned with a biometric sensor such as fingerprints sensors. The template can be used, for example, to compare it with other templates.
By using parallel processes, which means that these processes are done simultane ously, the over-all process time is reduced. By using the same duration as conven tional biometric sensors the quality of generating a biometric data template is in creased.
It is advantageous to carry out even all three processes in parallel. The processing time is decreased even further.
The first process validates the quality of the raw biometric data. Only if the quality of the raw biometric data is above a certain threshold, the generated template will be used in further process steps. For example, the raw biometric data is evaluated by the bright/dark-ratio. If the image is too bright or too dark, it will be impossible to lo cate the distinctive features of the biometric sample and to convert to a template, and compare the templates later on. The same is valid for the contrast level of the bio metric data. If the biometric data is an image, a centroid can be calculated by the weighted mean of each pixel. The centroid of the raw biometric data should be inside of a predefined area. If the centroid is outside of this area it might be an indicator that, for example, not the correct part of a finger is on the sensor. Also, the area size is important. If the area size of the recorded raw biometric data is below a certain threshold, it is an indicator that, for example, a finger is not placed completely on the sensor.
The quality of the raw biometric data can also be evaluated by minimum area, mini mum minutiae number, quality index estimator and finger placement index estimator to accept the identification attempt or enrolment reference valid in the quality of im age assurance procedure. More information to clarify why it is important to have high level of uniqueness is available from On The Uniqueness of Fingerprints”, Anil K. Jain.
A second process is checking whether the raw biometric data is a fraud data. Many conventional biometric sensors can be outwitted by biometric dummies. For example, fingerprints can be printed out or can be reformed by using imprints. Therefore, due to one of the following described steps a process of fraud detection is scaled out.
This comprises at least one of the following steps.
The position of the biometric data can be checked. For example, if two neighbouring fingerprints are used for the biometric data there are certain positions of these finger prints which are not achievable without dislocating or breaking a finger.
The mean colour of the raw biometric data can be evaluated, if the biometric data comprises an image, particularly, if the biometric data comprises an image of a fin gerprint. Although the human skin colour may vary, there are certain colours which are not part of this spectrum, such as bright blue, green or pure white.
Another fraud attempt might be detected by comparing two data sets in a sequence of data sets. If they are too similar, it is a hint that the original data is fake. Real bio metric data vary from scan to scan above a certain threshold of a value, which de scribed the difference between two biometric data sets.
Furthermore, the electric resistivity can be measured. For example, if fingerprints are measured, the sweat of the fingers will result in a certain electric conductivity. Also, the temperature might be an indicator of a fraud detection. If it is beyond a cer tain range, it might be a fraud attempt.
Additionally, a light resistivity of the biometric data can be validated. For fingerprints, for example, a light diode can illuminate the finger and it can be measured how much light is going through the finger. With a similar method the blood oximetry can be measured and evaluated. If we have a temporal profile even a heartbeat can be de tected and evaluated.
Another fraud detection can be scaled out by the pressure, which is measured by a pressure sensor, for example as they are built in pressure sensitive touchscreens.
For example, if we detect fingerprints, the pressure of a finger on a hard device is very characteristic. The first contact of the skin and the fat of the finger is very soft while on a later stage of the contact process the pressure is increasing due to the bones. A fake finger made out of rubber has another contact pressure profile than the finger made out of skin, fat, muscles, blood vessels and bones.
Additionally, the capacitance can be measured. Most modern fingerprint sensors are using capacitance sensors. The advantage is that capacitance sensors does not need contact to the detecting object. Such sensors are cheap as well since they are often used in modern smartphones.
Also, digital image processing using deep learning techniques like convolutional neu ral networks methods with pre-trained models on natural images and fine-tuned with fingerprint images.
The process of extracting a biometric data template of the raw biometric data com prises the rotation and shifting of the biometric data in such way that the centroid and the orientation of all biometric data is comparable to each other and/or detection and write out of characteristics of the biometric data. For fingerprints these characteristics can be the minutiae features. The major minutia features of fingerprints, especially their ridges patterns, are friction, valleys, core, delta, bifurcation and ending. It is advantageous that the raw biometric data are pre-scanned before the parallel process, which is described above. Especially the evaluation of the contrast and the bright/dark ratio of the raw biometric data can be determined very fast. Only data sets which achieve the minimum level of quality will enter the parallel phase. For example, if we scan fingerprints, a scan can be taken even before the finger touches the sen sor. These empty scans will be sourced out before the parallel process.
It is beneficial that during one scan event several sets of raw biometric data are scanned. These individual sets can be processed simultaneously or cascaded.
Therefore, a user does not need to rely on one perfect scan. For example, if one scan has a duration of around 100 ms, 20 or more scans can be taken during one scan event. The probability that at least one set of raw biometric data is valid is high. Furthermore, due to the comparison of the individual raw biometric data sets, the fraud detection can be improved.
A favourable method for generating a biometric data template of a person is carried out in a sensor unit can be scaled out in a microprocessor.
A further aspect of the present invention relates to a method for identifying a person by means of biometric data comprising the steps of:
a) scanning of raw biometric data of a user with a biometric sensor,
b) extracting a biometric data template of a raw biometric data,
c) transmitting the biometric data template to a central server,
d) comparing the biometric data templates of known persons stored in a data base for identifying the person.
The biometric data templates are encrypted and sent via a network to a central serv er, where the biometric data template is compared with biometric data templates of previously enrolled users stored in a secure database.
By extracting a biometric data template out of the raw biometric data, the amount of data which has to be transferred to the security server is reduced. The inventors have realized that the reduced amount of data allows to“outsource” the processing of the biometric data to a central server. This provides a number of advantages. So, it is easier to protect a central server against spoofing than a local sensor device or client device. With this kind of outsourcing the comparison of the scanned biometric data template with a stored biometric data template it is easy to use a combination of sophisticated hardware and algorithm for the comparison. Additionally, to update and check software component integrity of the comparison module is easier than do it for each local device remotely. Furthermore, the biometric database, which consist the biometric data templates of known users, is stored on the server as well which in creases the security. The aspects of the biometric templates are structured such that a biometric data cannot be deduced by reversing the process. The reversal of the template to biometric data doesn’t hold good for biometric identification when it in cludes anti-spoofing and liveness detection in the authentication and authorization procedure. The storage of biometric template over biometric data reduces the risk of misemploy in case of security breach and/or an impact of hacking.
If a person is identified and authenticated, access to a person related entry in a se cure database is permitted to the authenticator, for example a payment application running in the device. Such person related entry may contain personal data infor mation such as name and/or age but may also contain more sensible information such as payment method credentials. In principle all credential information that allow access to a good or service which are included in a physical wallet can be transferred to the secure database as a digital asset. This includes, but not limited, emulations of debit and credit cards, cryptocurrency hierarchical deterministic master seeds, cre dentials for loyalty program currency-points, credentials for loyalty program member ships access control, emulation of national identity cards, etc.
Therefore, the system will not only identify and authenticate a user, it will also recog nize and save the purchased goods and services. In combination with personal iden tifiable information of the user, this is very valuable information for a merchant. Simi lar to the presentation of goods and services with a reduced price offered to a user based on the shopping history, a merchant can observe and analyse the purchase pattern of a user to generate personalized offers or allowing the earning of digital as sets that can be fully or partially exchanged by goods and services rather than a con ventional and not targeted offer. During the identification, personalized rewards can be redeemed or earned during the payment procedure without any other form of identification and authentication needed to be done by the user.
Advantageously, the template is a list of selected standardized features contained in the raw biometric data. This results in a reduced amount of data compared to the raw biometric data. Standardized features could be, for example, the minutiae features in fingerprints. A template can be readily compared with other templates of the same type, because the standardized features of the templates can be easily mapped to each other.
It is beneficial that the quality of the raw biometric data is checked and/or is checked whether the raw biometric data are fraud data. These processes can be done simul taneously and/or on a local device as it is described above.
A further aspect of the present invention relates to a method for identifying a person by means of biometric data comprising the comparison of the biometric data template generated from biometric data scanned on an unknown person with templates of known persons stored in the database. In the database several biometric data tem plates are available for each known person. If the data base comprises more than one biometric data template for one person it is more likely that the search algorithm will find a correct match. One single stored several biometric data template might not contain all biometric characteristics, which are present in the current scanned bio metric data template. Preferably, the biometric data templates which are stored on the database were scanned at different scan events. Additionally, the threshold which will describe how likely a match occurs, can be high so that the comparison is specif ic. Due to the fact that several comparisons are carried out with a plurality of bio metric data templates it is very likely that the correct match is detected although each comparison is very specific.
Advantageously, a generated template will be added to the data base template after detecting a coincidence between the generated template with a data base template. Therefore, the quality of the data base increases each time a user will use this meth od. It is beneficial if two or more similar biometric data templates of the same person are stored in the database to average at least some of them. This will reduce the amount of stored data, while the quality of the stored biometric data templates increase with the number of templates. A high quality stored biometric data template will result in a higher recognition accuracy performance. Additionally, an already correlated bio metric data template can be again correlated with a new biometric data template. Preferable, the correlation factor is weighted due to the number of templates.
An inventive method of carrying out a certain action which needs the identification of a person comprises the steps of:
a) identifying the person by a method according to one of the above mentioned methods and
b) checking the probability of a fraud of this action.
By adding a step of checking the probability of a fraud the level of security is in creased. For example, a fraud attempt can be recognized by verifying an ID of the point of interaction device (POI) to exclude manipulated POIs.
Advantageously, a biometric data template is considered for checking the probability of a fraud of this action. Although a first validation on a possible fraud might be done on the hand-held device, it is beneficial to do another validation on the device which will perform the identifying. Thus, the stored biometric data templated can be used for a validation of the probability of a fraud as well. For example, if fingerprints and the skin colon are stored the colour can be verified as well. It is possible that fake finger prints tend to have specific patterns, which can be detected with the identifying unit.
A fraud pattern database is therefore beneficial. Using artificial intelligence software might help to identify fraud attempts as well. Furthermore, past actions of the user will be considered for the fraud detection such as travel or consume behaviour. For example, it is unlikely that a long-term country resident, who recently bought diapers, will try to buy an expensive watch on another continent understanding the purchase pattern with the time difference and travel time.
Favourably, the results of prior verification validation are considered in combination.
For example for each of the fraud detection of the raw biometric data, the coinci- dence of the biometric data template with the entry of the biometric data database and/or the behavior validation a value is extracted. The fraud detection value de scribes the probability of a fraud attempt at the client device. The coincidence value describes the quality of the coincidence and the behaviour value describes the likeli ness of the user behaviour. Each value has to be in a predefined range. If each value is near out of range, it is possible that, although each verification step is passed, in combination the further procedure is declined. It might be possible, that for example, the biometric coincidence value is near out of the predefined range, but as long as the other values do not show a critical behavior, the process will be proceeded. On the other hand, if, for example, the fraud detection and the behavior validation detect both a critical but in range value, the process can be stopped, if the two values are validated in combination.
Beneficially, a scoring value, which describes the likeliness of a fraud attempt, will be stored. Advantageously, this fraud scoring value is sent along the biometric data template to the secure server.
It is beneficial that the biometric data are fingerprints. Other biometric physical or be havioural data such as voice patterns, image of the iris, the face geometry, the retina pattern, the signature or others can be used alternatively or in combination.
Advantageously, the certain action, which needs the identification, is a financial transaction. Financial transactions are often time-consuming and unsecure. The problems with classic financial transaction are manifold. One issue is the necessity to carry a financial instrument around. Other issue is the hassle to remember a Person al Identification Number in order to authenticate that you are the owner of the finan cial instrument. Both are sensitive to be stolen and therefore proclive to fail to au thenticate genuinely the true account holder. By using a global biometric identifica tion, a financial transaction can be carried out, wherever the system is used. The us er need to register at least once using the POI. Favourably, a pre-condition might be an automated know your customer procedure where physical identity token like id card, passport or driver license will be use as reference to check biometrically if the person present is who claims in the verified presented document, for example using photo id and performing a verification with the real captured face. Advantageously, personal information extracted from the verified document might be stored. The user did not need to register at a merchant that he has never visited before as long as any merchant or institution with the solution is able to enrol the user to the system a pri ori.
Beneficially, a financial instrument, which is stored on a secure storage, is used to perform the financial transaction. Most financial transactions need a financial instru ment, like cash money, checks, debit or credit cards. Some of these financial instru ments can be digitalized and stored on the server as access controls credentials.
Favourably, the financial instrument is encrypted as a token by a tokenization service provider. The tokenization service provider is an external service, which receives in formation of a financial instrument and encrypt these information with the authoriza tion of the issuing bank to generate the token and cryptograms, if they are needed. A tokenization service provider can be identical to the issuing bank.
The token can be one of the following embodiments:
- Static token,
- Dynamic token, or
- Static token and dynamic cryptogram.
Preferable, the token includes information of the secure server itself, for example IP address or operation system. One advantage of using a token instead of a complete description of the financial instrument is the increased security. If the secure data base is hacked and the stored data is compromised, it cannot be used for illegal fi nancial transactions, because the token is encrypted and the corresponding user and financial instrument is unknown to the thief and it is very difficult for the thief to emu late the secure server parameter, which are stored in the token as well.
Usefully, a cryptogram is stored on the central server as well. A cryptogram is a dy namic file which is connected to the financial instrument of a user. The file contains additionally limitation information such as an expiry date of the cryptogram, the amount of money which can be used in one financial transaction and/or a limit to the localization where the financial transaction can be carried out. After a cryptogram is used for a financial transaction, the cryptogram is depleted and a new cryptogram has to be received by the tokenization service provider.
Especially the combination of a token with a dynamic cryptogram stored on a central server is very effective to protect the financial information of a user. It has the securi ty of a dynamic token, which is described further below, but has not the challenges for card networks, merchants, and processors. It is known that some issuing banks have difficulties to deploy dynamic tokens to the key management configurations in their authentication systems. A static token without a cryptogram on the other hand is less secure than the other two embodiments, because a putative thief has more up to unlimited time to emulate the secure server and perform financial transactions for his own good. However, from a static token it is easier to read out a transaction history, which might be necessary in some embodiments of the invention.
Nevertheless, the token, which is used for the invention, can be any of the above mentioned embodiments.
Advantageously, a user can enroll to the system to perform afterwards an identifica tion process. During the enrollment process a biometric data template of a person is created as described above. The template is sent to a central server. The central server tries to identify the person. It the server fails it create a new entry including the biometric template and a biometric ID in its biometric database. Additionally, corre sponding entries in at least one of the following databases are created:
- user profile or personal data database,
- user wallet or access control credentials database, and
- user behaviour or interaction database.
Other kind of databases are conceivable.
The user profile database comprises the personal data information, e.g. name, birth day, and address. The user wallet database comprises information about the finan cial instruments and the user interaction database comprises interactions with third party companies, e.g. good or services exchanged for any form of currency payment or points, access records, subscriptions, surveys answers and/or achievements.
Preferably, each entry of the above mentioned databases includes the common iden- tifier Cl. Therefore the common identifier entry can be linked to the other databases, such as the user biometric, profile, wallet or interaction database. Therefore, if one of the databases is hacked, the thief has no information from other database content.
Beneficially, during the enrollment process a user integrity validation is performed. The user integrity validation is an additional security step. The enrollee performs two, beneficially three, or more sequential scans of his biometric data. From each scan event the best data is selected. Best data describe the data set with the most bio metric features. After all scans are done, these best data sets are compared to each other to identify a possible fraud event like the intent of enrolling a multiple pair of fingerprints that are different samples in each scan. Additionally the best data set of all three scan events can be proceeded further.
A device of generating a biometric data template according to the present invention as it is described above comprises a biometric sensor unit, a user interaction inter face, an external communication unit and a computation unit. The device is capable of recording the raw biometric data and generating a template out of the raw data as described above. Additionally, a user interaction interface can be used to confirm process steps and/or adding additional information. It is beneficial if the device is a handheld device with an internal battery and a wireless connection to the internet.
A device for identifying a person by means of biometric data according to the present invention as it is described above comprises a server, a data base, an external com munication unit and a computation unit. This device will be stored in a central place and will communicate with all these handheld devices which will scan the biometric data via internet.
Subsequently, exemplarily an embodiment of the invention will be described by ref erence to the illustrations.
The illustrations show schematically in:
Figure 1 a user, a point of interaction device (POI), a network connection and a secure server in a block diagram,
Figure 2 procedure of an identification scan in a block diagram, Figure 3 procedure of an identification in a POI in a swim lane,
Figure 4 procedure of an identification in a swim lane,
Figure 5 an enrollment procedure for various applications in a block diagram,
Figure 6 an identification procedure for various applications in a block diagram,
Figure 7 an enrollment procedure of a user to access various databases in a block diagram, and
Figure 8 an identification procedure of a user to access various databases in a block diagram.
A system for identifying a person by means of biometric data forms an exemplary embodiment of the present invention. This identification system comprises a point of interaction device (POI) 1 to scan raw biometric data 3 and a secure server 2 to ana lyze biometric data templates 4. The devices of the identification system are embod ied for performing a method according to the invention for identifying a user 5 (figure 1 and 8).
The POI 1 is a handheld device and in possession of a person who wants to identify another person 5. This could be for example a merchant or an agent of the govern ment. However, it is also conceivable that the user utilizes a POI 1 for himself, for example, to verify himself on the Internet. Users 5 can interact with these POI 1. The POI 1 are connected to the secure server 2 over a wide area network (WAN) 6, for example the internet. A various number of POI 1 is connected to the same secure server 2.
The POI 1 comprises four main components:
- a user interface 7 for interaction with a user,
- a biometric sensor component 8, for example a fingerprint sensor,
- a secure processing module 9 to analyze the data and
- a central program module 10, which coordinates the tasks of the modules of the POI and comprises a secure interface 11 for communicating with the se cure server 2 and a en-/decrypting unit 19 for en- or decrypting data.
In the present description the term module means a software element, part means a hardware element, and a component can comprise both a software element as well as a hardware element and the generic term component comprises all modules and all parts.
Each component is embodied in a separated shell to increase the security. The shell is a software enclosure of the component which reduces the possible input and out put channels of the corresponding component, so that a communication with each of the components of the identification system can only be carried out via the central program unit 10. The POI 1 comprises at least one processor and memory unit to execute the software modules.
In the present embodiment the user interface 7 is a touchscreen which forms a dis play for communicating the information and an input device for acquiring the infor mation. The user interface can be embodied as an interface to an external input- and output-device, such as a smart phone or a tablet which acts as the input- and output device.
The biometric sensor module 8 comprises a biometric sensor, such as a fingerprint sensor 13. The biometric sensor module 8 creates raw biometric data 3. The finger print sensor 13 can be a solid-state fingerprint sensor or optical fingerprint sensor, wherein the later one are preferred. In the present embodiment the fingerprint sensor 13 scans two fingerprints at the same time.
The biometric sensor module 8 comprise a temperature sensor 14 and a pressure sensor 15. These sensors are provided to detect a fraud attempt as it is explained later in detail. In combination with the optical fingerprint sensors 13 the temperature sensor 14 and the pressure sensor 15 are integrated in a transparent layer on a glass plate covering the fingerprint sensor 13. Such kind of pressure sensors are known from touchscreens of smart phones.
Basically it is also possible to use additionally or alternatively other types of sensors for fraud detection such as optical sensors, such as photodiodes, current or volt me ter or capacitance sensor. The secure processing module 9 is also module shielded by a separate shell to ana lyze the scanned raw biometric data 3 and to extract a biometric fingerprint 4 from the raw biometric data 3. Advantageously, the secure processing unit 9 is designed such that it can operate two, preferable three or more processes in parallel. Pro cessing certain processes in parallel means that these processes are carried out e.g. on a multi task operating segments so that these processes can be carried out quasi- simultaneously on a single processer. Preferably a multi-core processor is provided for real parallel processing.
The central program module 10 is in the present embodiment a main task which communicates with the other components. It comprises an encrypting and decrypting unit 12 for encrypting and decrypting data to send it to the other components of the POI 1 and for sending and receiving data via the secure interface 11. The secure interface 11 is using special ports and protocols to establish a secure data connec tion to the secure server 2 via the Internet 6.
The secure server 2 is a network server, for example an internet server, and can be accessed from the POI 1 via specific network protocols.
In this embodiment the secure sever 2 is a computer system comprising a processor unit and a memory unit to execute the software modules and is part of a colocation center.
The secure server 2 comprises three main components:
- a server program module 16 to coordinate the process and comprising a serv er secure interface 17 to interact with the POI,
- a biometric engine 18 to perform a matching procedure, which comprise a se cure template biometric database 19, and
- a secure database 20, which comprises sensitive information about the user 5, such as wallet information.
The server program module 16 forms the outer shell of the secure server 2 and coor dinates the interaction with all POIs 2 as well as the individual process steps of the identifying procedure. Additionally, the server program module 16 is coordinating the process flow at the secure server 2.
The present embodiment is used for executing payment orders. Therefore, the se cure server 2 is connected via the network 6 to third party platforms (not shown) such as financial institutes.
The biometric engine 18 is a module which evaluates biometric data generated by one of the POIs 1 on the basis of data of the secure template database 19 as it will be explained below in more detail.
The secure template biometric database 19 comprises data of registered users. These data comprise biometric data and data characterizing the corresponding user, such e.g. an ID and/or family name, first name, date of birth, etc.
The secure template biometric database 19 may comprises more than one sub database. Each sub-database contains one set of biometric data template 4. There fore, for each known user 5 several biometric data templates 4 are available. It is beneficial to exchange the oldest biometric data template 4 with the new biometric data template 4 and/or add the biometric data template 4 to an averaged biometric data template 4.
The secure database 20 comprises sensitive information about registered users 5 which are needed to carry out a special action such as executing a payment. Usually this information are not relevant for the biometric evaluation. This includes for exam ple credit card information, IDs and bonus point numbers.
After the biometric engine 18 found a match, the server program module 16 gets ac cess to the secure database 20. In this embodiment the secure database 20 com prises several sub-databases which contain different kind of information, such as a user wallet database 21 , user profile database 22 or user interaction database 23. Other kinds of databases are feasible. The content of the sub-databases of the secure database 20 is filled preferably dur ing the enrollment process, when an enrollee 24 subscribes to the system. The pro cess is described in detail below.
The profile database 22 comprises demographic data 25, which are personal infor mation linked to the user 5 e.g. ID numbers, certificates, licenses, names, addresses, contact details, photos, links to other users, internal ratings, and/or records of behav ior.
The interaction database 23 comprises information to interact with third party compa nies, e.g. member-IDs, grade records, subscriptions, and/or achievements.
The user wallet database 21 comprises wallet information 24, which are all infor mation that are needed to authorize a financial transaction, e.g. credit card infor mation, online banking information and/or login details for financial institutes. Prefer able these wallet information are encrypted. In this embodiment of the invention the wallet information 24 contains a token 30 and a cryptogram 31.
The token 30 is a data file, which contains encrypted information of the financial in strument for being transmitted to a customer of the financial institute to carry out an action with the financial instrument. The financial instrument may be e.g. a credit card or any other debit card. Preferable, the token 30 includes information of the secure server itself, for example IP address or operation system.
A corresponding cryptogram 31 is a dynamic data file, which contains an authoriza tion to use a certain financial instrument. The cryptogram 31 contains additionally limitation information such as an expiry date of the cryptogram 31 , the amount of money which can be used in one financial transaction and/or a limit to the localization where the financial transaction can be carried out.
Both, the token 30 as well as the cryptogram 31 , are generated on a tokenization service provider 29. Usually, an issuing bank 28, which issued the financial instru ment, allows a tokenization service provider 29 to create a token 30 and a crypto gram 31. For carrying out an action with a financial instrument a customer has to re- ceive both the token 30 comprising the information of the financial instrument as well as the cryptogram 31 comprising the authorization of the specific financial instrument. Only the tokenization service provider 29 is able to read the token 30 and the crypto gram 31. The tokenization service provider 29 will sent a request to perform a trans action to the issuing bank 28. A cryptogram 31 can only be used once. After a cryp togram 31 is used for a financial transaction, the cryptogram 31 is depleted and a new cryptogram 31 has to be received by the tokenization service provider 29. The cryptogram 31 is encrypted.
Hereinafter, a process is illustrated for performing a method according to the inven tion for identifying a registered user 5 (figure 1 , 2 and 6).
In this embodiment it is assumed, that the user 5 is already enrolled. Therefore, a biometric data template 4 of the user 5 is stored in a biometric secure template bio metric database 19. The enrolment is described afterwards. During the enrollment process biometric data templates 4 and personal information of an unknown user is added to the secure server databases.
In the present embodiment of the invention, these characteristic biometric features are fingerprints. The identification process starts with a request, that someone wants a user 5 to be identified at the POI 1. This request is initiated either by pressing a certain button on the POI 1or by touching the fingerprint sensor 8 with a finger (S1).
After the request of the user 5, the secure processing module 9 establishes (S2) a secure channel by means of the central program module 10. The secure channel is provided for the communication between biometric sensor component 8 and the cen tral program module 10.
The biometric sensor component 8 is activated with a session key in a sensor pro cessor security authentication (S3). The session key is a randomly generated time- dependent key that is used only once for one identification process. With this session key the data of the within the POI 1 is encrypted symmetric. The identification pro cess is performed within a stipulated time frame, similarly the authentication for the payment will be time-dependent as aligned to the session key. A measurement is carried out by means of the biometric sensor component 8. The biometric sensor component 8 captures the fingerprint (S4). Preferably several scans are carried out when the finger once touches the biometric sensor component 8.
Each scan takes roughly 100 ms, so during a whole scan event couple of images are taken. Each of the images forms a raw biometric data 3.
The biometric sensor module 8 encrypts the raw biometric data 3 afterwards and send the information to the central program module 10 (S5). The central program module 10 decrypts the raw biometric data 3 (S6) and send it to the secure pro cessing unit 9.
The secure processing module 9 carries out a pre-quality assessment (S7) of the raw biometric data 3. Such a pre-quality check comprises a check of contrast and/or a black/white ratio and/or size of the biometric scan area and/or two discreet biometric patches in the case dual fingerprint scan. This pre-quality assessment comprises on ly checks which can be carried out very fast. The pre-quality assessment ensures that only data with a certain quality is forwarded. The quality of the fingerprint images depends e.g. on the time progress of the interaction. In the beginning, where the fin ger starts to touch the sensor the quality is very poor. When the finger comes to rest on the sensor, the quality improves. At the end, when the finger leaves the sensor, the quality of the image gets poor again. With the pre-quality assessment only imag es with a certain quality is handed over to the next process step.
The pre-quality checked biometric raw data 3 are processed in parallel by the follow ing three non-sequential processes:
- quality assignment (S8)
- spoofing detection (S9) and
- template extraction (S10).
The quality assessment process checks again the quality of the scan of the charac teristics in more detail (S8). For example, it verifies that the images of the sensor is not blurred or the image contains enough information to verify the user. The process might check if the area, which the finger contains, is large enough and in the correct position. Eventually, the quality assessment checks the clarity of the crucial biometric features scanned required for identification. If the contrast of the image is too high or too low, errors might occur. If the quality assessment comes to the conclusion that the quality of the scan is too poor, the scan is not used for the identification proce dure. If all raw biometric data 3 from one scan event fail the quality assessment the user 5 have to redo the scan.
The spoofing detection (S9) verifies if the person is a real living person. In this em bodiment the spoofing detection analyzes the raw image of the fingerprint. Image recognition algorithms identifies skin characteristics such as pores and/or macules. Furthermore, a reflection index can be measured from the raw data image. Addition ally, data from the additional sensors, such as the temperature sensor 13 and/or the pressure sensor 15 can be used as well. If somebody tries to spoof the system via an artificial finger, the spoofing detection detects it and aboard the whole process. Addi tionally, the spoofing detection is an extended biometric processing methodology.
The raw images captured from the sensor 8 are subjected to analytical procedures by drawing reference to the intricacies of living tissues that are distinctive from non living material. Thereby exhibiting the ability to differentiate actual biometrics against fabricated or manipulated replicas. With different features of the biometrics, a score is derived to determine the genuineness of the biometrics.
The temperature sensor 13 measures the heat of the finger and if the temperature is below a certain threshold, preferable 55 °C, the finger is not real.
The pressure sensor 14 measures the pressure of the finger on the sensor. As de scribed above the first contact of the skin and the fat of the finger is very soft while on a later stage of the contact process the pressure is increasing due to the bones. A fake finger made out of rubber has another contact pressure profile than the finger made out of skin, fat, muscles, blood vessels and bones.
Another example is the measurement of the electric resistance of the human skin by another sensor. Another possibility is a blood pressure check which is done via a method, where light is sent from an LED through the skin and again is detected with a further light-sensor. Due to the fluctuation in the light, a computer can calculate the pressure and the level of oxygen of the blood inside the skin. If the spoofing detection founds one or more hints that the identification attempt is a fraud, the identification is aborted and the user 5 is receiving a corresponding mes sage. Eventually the user 5 can restart the whole identification process.
In this embodiment the spoofing detection generates a value, which determines the likeliness of a spoof attempt. It is feasible that this value is a weighted mean or a mathematical expression of different sub-values, which correspond to the spoofing detection methods. The value is stored in the biometric data template 4.
It is beneficial, if the possible fraud attempt is reported to the secure server 2. If too many fraud attempts occur in a predefined period of time the POI 1 is locked.
The template extraction module generates (S10) a template of the fingerprint of the biometric raw data, wherein a selected list of characteristics of the fingerprint is ex tracted and stored as biometric data template 4. The template is a reduced amount of data of the biometric raw data which represents the biometric characteristics of the user 5. In case of a fingerprint these characteristics are e.g. minutiae. The minutia features of fingerprints can comprise their ridges, short ridges, bifurcations, and ridge endings. If other types of biometric sensor components are used the of course other characteristics are extracted to a template.
Because the accuracy depends on the analyzed time, it is advantageous to spend as much time as possible on the template extraction. Therefore, to increase the preci sion and to gain more time, it is convenient to make all these three processes in par allel.
After the non-sequential processes the biometric data template 4 is encrypted (S11).
The encrypted data template is sent to the central program module 10, where a pro cessor server sends the biometric data templates 4 over the network 6 to the secure server 2 (S12). The network is, for example, the public internet 6.
The secure server 2 receives the encrypted biometric data template 4 (S13). The server program module 16 decrypts the encrypted biometric data template 4 (S14).
The secure server interface 10 sends the decrypted biometric data template 4 to the biometric engine 18 which carries out a biometric matching procedure (S15). The secure template biometric database 19 comprises at least two sets of biometric data templates 4 for each user: The initial biometric data template 4 from the enrollment and the biometric data template 4 from the last scan, which might be identical to the one from the enrollment in the second use. The advantage of storing the biometric data template 4 from the last scan in a higher probability to find a matching biometric data template 4 of the user 5 and that aging effects of the biometric data have no or little impact on the result. In this embodiment a value of the coincidence is created, which corresponds to the coincidence of the biometric data template 4 of the current scan to the biometric data template 4 of the secure template biometric database 19.
If the biometric engine 18 fails to find a matching template, the server program mod ule 16 sends this information to the POI 1 where the user 5 has the chance to enroll to the system.
On the other hand, if the biometric matching procedure finds a matching template, the found user 3 is validated in the biometric engine 18 (S16). Therefore, various val ues are considered to verify, if the identification process is a fraud attempt. Each val ue should be in a predefined range and the weighted mean or the mathematical ex pression of the values should be in a predefined range, too. In this embodiment the values are: the value of the coincidence (from S15), the spoofing detection value (from S9) and the behavior value, which describes how likely it is that the user 3 is performing the current transaction.
If each value is near out of range, it is possible that, although each verification step (S9 and/or S15) is passed, in combination the further procedure is declined. At the end of the user validation process a user biometric ID is created. In this embodiment of the invention the user 5 gains excess to his stored financial information, which are stored in a user wallet database 21 within the secure database 20 (S17).
After the wallet of the user 5 is opened an inventory of all financial instruments is car ried out (S18).
The server program module 16 encrypts and transmits the list of financial instruments of the user 5 and sends it via the network 6 to the POI 1 (S19).
The central program module 10 of the POI 1 receives and encrypts the list of finan cial instruments of the user 5 (S20).
The user interface 7 presents the list of financial instruments to the user 5, who will select the financial instrument he wants to use (S21).
The choice of the user 5 is encrypted and transmitted over the network 6 to the se cure server 2 (S22).
The server program 16 of the secure server 2 receives and encrypts the choice of the financial instrument (S23).
From the chosen financial instrument the token 30 and the cryptogram 31 are read out from the user wallet database 21 (S24).
Afterwards the server program module 16 of the secure server 2 sends a request to the tokenization service provider 29 to carry out the financial transaction (S25). The request is encrypted and sent via the network 6. The request includes the token 30, the cryptogram 31 and further information, which are necessary to carry out the fi nancial transaction. If the token 30, the cryptogram 31 and the other financial infor mation are valid, the tokenization service provider 29 sends the request further to the issuing bank 28. The issuing bank 28 will then carry out the financial transaction. Afterwards, the secure server 2 will receive a new cryptogram 31 from the tokeniza- tion service provider 29 (S26). The secure server 2 will store the new cryptogram 31 in the user wallet database 21 (S27) to be able to perform a new financial transac tion, if this is requested.
The server program module 16 encrypts the response (S28) and send with a proces sor server the encrypted information to the central program module 10 via the net work 6 (S29).
The central program module 10 receive the encrypted information (S30) decrypts the information (S31) and send the response to the user interface 7. The user interface 7 shows the response (S32).
If one of the validation processes of the POI 1 or the secure server 2 cancels the identification process, a negative response is shown on the user interface 7 (S33).
Hereinafter, an enrolment process is described, where a non-registered user, an en- rollee 24, add his biometric and other information to the databases of the secure server 2 (Fig. 1, 3, 4 and 5). The enrolment has on the POI 1 side similar steps as the identification process.
The enrollment process begins with the request that somebody wants a user 5 to be registered at the secure server 2. This request is initiated either by pressing a certain button on the PIO 1 or by a failed biometric search at the identification process (E1).
As it is done at the identification process the secure processing module 9 establishes the secure channel by means of the central program module 10 (E2).
Afterwards, the biometric sensor component 8 is activated with a session key in a sensor processor security identification (E3). The session key is, as described above, a symmetric key to decrypt the data within the POI 1 for each scan event.
A measurement is carried out by means of the biometric sensor component 8 (E4).
The biometric sensor component 8 captures the fingerprints. As it is done at the iden- tification process several scans are carried out when the finger once touches this bi ometric sensor component 8. During a whole scan, couple of images are taken. Each of the images forms the raw biometric data 3.
The biometric sensor model 8 encrypts each raw biometric data 3 and sends this en crypted data to the central program module 10 (E5). The central program module 10 decrypts the raw biometric data 3 (E6) and sends it to the secure processing unit 9.
The secure processing module 9 carries out a pre-quality assessment of the raw bi ometric data 3 as it is done at the identification process (E7). With the pre-quality as sessment only raw biometric data 3 with a certain quality is handed over to the next process step.
The pre-quality checked biometric raw data 3 are processed in parallel by the follow ing three non-sequential processes:
- Quality assignment (E8)
- Spoofing detection (E9) and
- Template extraction (E10).
These three parallel processes are described in detail above. The quality assess ment process checks again the quality of the scan in more detail (E8). The spoofing detection verifies the person as a real living person (E9). The template extraction module generates a template of the fingerprint of the biometric raw data (E10).
As a further verification step after the non-sequential processes (E8 - E10) the raw biometric data 3 is checked with respect to a user integrity validation (E11). During the user integrity validation three data sets of raw biometric data are compared (Fig. 3). Each raw biometric data 3 is the highest quality date of one scan event. If the dif ference of the individual data sets is above a predefined threshold, the enrolment process is stopped, because the quality of one or more raw biometric data 3 might be too poor. Additionally it verifies, that the same pair of biometric data i.e. same set of fingers are used each time for a dual fingerprint enrolment. If the difference of the individual data sets below a predefined threshold, the enrollment process is stopped, too. As the two or more data sets are too equal it is a hint that the enrollment process is a spoofing attempt. This attempt might be recorded and send to the secure server 2. Eventually the user 5 is able to restart the enrollment process from the beginning.
After the user integrity validation, the biometric data template 4 is encrypted (E12) and send to the secure server 2 via the network 6 (E13).
The secure server 2 receives the encrypted biometric data template 4 (E14).
Afterwards, the server program module 16 decrypts the encrypted biometric data template 4 (E15).
The secure server interface 10 sends the decrypted biometric data template 4 to the biometric engine 18 which carries out a biometric matching procedure (E16). Alt hough the user 5 is not enrolled yet, the steps verifies that the user 5 is not enrolled under another name. Preferable the biometric engine 18 has access to a biometric database, which contains entries of users that are not allowed to enroll at all. These persons could be, for example, criminals, former users, which are expelled, and us ers under disability.
With the biometric matching procedure validated the template, the biometric data template 4 will be stored in the secure template biometric database 19 and a match ing biometric ID is generated, which is linked to the biometric data template 4 (E17).
The user is registered to the database with a minimum of 3 set of biometric data i.e. fingerprint templates.
Afterwards the secure server 2 will transmit a request of personal information over the network 6 to the POI 1 (E18).
The POI 1 will receipt this request (E19) and present the request on the user inter face 7. The user 5 enters personal information such as full name, address, e-mail address, phone number, identification number and/or social medial account infor mation (E20). Thereafter, the personal information is encrypted and transmitted to the secure serv er 2 over the network 6 (E21).
The secure server 2 receives and decrypts the personal information (E22). The per sonal information is connected to the biometric ID and stored in the secure database 20 (E23).
Hereafter the secure server transmits a request of instrument information via the network 6 to the POI 1 (E24). In this embodiment of the invention the instrument is a financial instrument such as a credit card.
The POI 1 receives this request (E25) and presents it on the user interface 7.
The user 5 enters information of the financial instrument. Information of the financial instruments is for example credit card number, name of the account holder, expiry date and/or the secure code (E26).
The instrument information is decrypted on the secure processing module 9 of the POI 1 (E27). The encrypted instrument information is sent from the central program module 10 of the POI 1 via the network 6 to the secure server 2 (E28).
The secure server 2 receives the encrypted instrument information (E29).
The encrypted instrument information will be forwarded to the issuing bank 28, which will validate the instrument (E30). The issuing bank 28 will verifies, if, for example, the credit card exists, if the card holder exists and if the credit card is not expired.
After the validation of the financial instrument the server program module 16 opens the biometric ID corresponding database entry (E31).
The secure server verifies if the account holder of the financial instrument is the same as the user 5 (E32). After the user 5 is validated, the secure server 2 initiates the secure host card emulator (SHOE) (E33). Hereinafter, the server program module 16 will send a request for a token 30 to the issuing bank 28 (E34). The request includes the encrypted instrument information.
The issuing bank authorize the creation of a token 30 (E35) and sends the authoriza tion to the tokenization service provider 29. The tokenization service provider 29 cre ates a token 30 based on the encrypted instrument information (E36). The created token 30 is sent to the secure server 2.
Afterwards the secure server 2 receives the token 30 (E37) and stores the token 30 in the user wallet database 21 (E38).
Subsequently, the secure server 2 will send a request for a cryptogram 31 to the to kenization service provider 29 (E39). The tokenization service provider 29 will create a cryptogram 31 (E40).
After the secure server 2 receives the cryptogram 31 (E41), the cryptogram 31 is stored in the user wallet database 21 (E42). At this moment all information to carry out a financial transaction is stored on the secure database 20 of the secure server 2.
The secure server 2 will create a positive response, which will be transmitted in an encrypted form over the network 6 to the POI 1 (E43).
The POI 1 receives the encrypted response (E44) and decrypts this response (E45).
The response of the successful storage of the financial instrument will be shown on the user interface 7 (E46).
If one of the validation processes of the POI 1 or the secure server 2 cancels the en rollment process, a negative response is shown on the user interface 7 (E47).
Hereinafter, a second embodiment of the invention is described, wherein same ele ments are provided with the same reference numbers as in the first embodiment. The above description applies to the same elements unless otherwise stated below (Fig. 8). Again, a system for identifying a user 5 by means of biometric data forms an exem plary embodiment of the present invention. As described above, this identification system comprises a point of interaction device 1 and a secure server 2. A user 5 cap tures raw biometric data 3 of biometric characteristics with the POI 1. The POI 1 will extract a biometric data template 4 and sent this biometric data template 4 to a se cure database 20 which is located on the secure server 2. On the secure server an algorithm validates the biometric data template 4 with respect to the entries of the secure template biometric database 19.
If the biometric data template 4 is validated, the secure server 2 grants access to a user wallet database 21 and/or a user profile database 22. The secure template bio metric database 19, the user wallet database 21 and the user profile database 22 are sub-databases of the secure database 20. They are described above.
The enrolment of this embodiment is similar to the enrolment described above (Fig.
7). It starts with enrollee 24 whose biometric characteristics are captured with a POI 1. The raw biometric data 3 id extracted to biometric data template 4. Additionally, demographic data 25 and wallet information 26 of the enrollee 24 will be recorded as well. The biometric data template 4, the demographic data 25 and the wallet infor mation 26 will be comprised in an applicant data file 27. This applicant data file 27 will be sent to the secure database 20. The applicant data file 27 will be split up in the sub-databases of the secure database 20. The sub-databases are the secure tem plate biometric database 19, the user wallet database 21 and the user profile data base 22.
The second embodiment differs from the first embodiment in particular in that there is no validation of the raw biometric data 3 and that the secure template biometric data base 19 is part of the secure database 20.
In the following, further embodiments and possibilities of the invention will be de scribed. Advantageously, the secure template biometric database 19 contains sub-databases, where different sets of biometric data templates 4 are stored. The first biometric data template 4 is stored in one database, the biometric data template 4 of a second scan event is stored in another secure template biometric databases 19. Beside the in creasing gain of information which allows a better identification process it is helpful for crime investigation. Because the biometric data templates 4 of the last scan event are stored as well, they can be used for police enforcements, where, in case of spoofing, the police can analyze the data.
Beneficial, to increase the security, the raw biometric data 3 can be combined with other biometric sensors. For example, during the fingerprint scan, a camera can ana lyze the face of the user and the image of the user can be analyzed as well. The template of the face recognition data can be sent to the secure server as well.
Another possibility of the invention consists of using mobile phones for POIs 1. Mo bile phones are common and modern devices have already a biometric scanner as well as a multi-core processor.
In an alternative embodiment, the initial enrolment can be done everywhere, where the connections between the biometric data and the secure server 2 can be made.
On a mobile application and/or at home the web browser a user can add more per sonal information.
Advantageously, during the enrolment process, a camera at the device can scan the ID of the person as well. The device might compare the biometric image on the ID to the biometric image of the user who is present.
Beneficially, after the user 5 is identified, secondary processes can be performed in the secure database 20. Although the prime process might be for example to pay a bill a secondary process might run like a connection to a social media network or a reward company.
In an alternative embodiment, other people might be connected to the user account.
Therefore, it is possible to create a company account, where a certain amount of people is registered and several people can pay via this company account. Addition ally, user accounts can be connected in such that family members get a family re ward. There will be awards for a group of friends or partners as well.
Furthermore, it is beneficial that some interactions with some merchants can be hid den from partners. Birthday or Christmas presents, which are bought online or in shops can be specially marked and will be treated in such that the partner will not recognize it on the bill. On the other side, it is advantageous that parents check the accounts of their children. Therefore, they can control what their children are buying. Additionally, this can be connected to a pocket money account. This pocket money account can be even split up. For example, the children are allowed to buy every thing from the school cafeteria while at the kiosk they have only a certain amount of money at disposal. The same can be done for companies where employees are pay ing with the payment method of the company and where there are only certain amounts of expenses are allowed.
Another possibility of the invention consists of a notification, which is sent from the secure server 2 to the POI 1 to inform the user 5, which step is performed on the se cure server 2.
Beneficially, the secure server 2 validates the POI 1 , which sent the encrypted bio metric data template 4. By the validation, an I D of the POI 1 is checked, if the device is known, registered and does not have a negative entry.
In an alternative embodiment a dynamic token is used instead of a static token 30 and a dynamic cryptogram 31. The dynamic token is, similar to the static token, a data file, which contains encrypted information of the financial instrument for being transmitted to a customer of the financial institute to carry out an action with the fi nancial instrument. The financial instrument may be e.g. a credit card or any other debit card. Preferable, the token includes information of the secure server itself, for example IP address or operation system. Additionally, it has the same purpose as the cryptogram 31 and contains additionally limitation information such as an expiry date of the cryptogram 31 , the amount of money which can be used in one financial transaction and/or a limit to the localization where the financial transaction can be carried out. The dynamic token is generated on a tokenization service provider 29. A dynamic token can only be used once or for a very low number of transactions. After a dynamic token is depleted, a new dynamic token has to be received by the tokeni zation service provider 29. Each time the issuing bank 28 has to authorize the crea tion of the tokenization service provider 29. A dynamic token is only valid within a very short duration. Therefore, a dynamic token has no value to a theft, because at the time a theft wants to use the dynamic token it is already expired.
Similar to a transaction advice for non-biometric transaction, every transaction that is authenticated through biometric, the transaction is recorded with the score from spoofing detection module and truncated version of the biometric data or template.
Advantageously, the financial instrument is an instrument to trade cryptocurrencies. The advantage of a cryptocurrency is the decentralized control. By using a cryptocur rency such as bitcoin the system will not need to use external companies such as a tokenization service provider 29 or an issuing bank 28. The cryptocurrency can be stored in the wallet database 21 of the secure server 2 independently to any issuing bank 28.
Other kind of databases as the profile, user and interaction are conceivable. These databases could be for example a consumer database, in which the consumer be havior is recorded. It might be beneficially to grant third party companies access to this consumer behavior database. The advantage is the anonymization as long as no personal information is stored as well.
Another additional database is a solvency database, which stores information about the solvency of the user. For example, if a user has often difficulties to pay off debts a negative entry can be added. Future merchants might ask the user 5 to grant ac cess to this solvency database to estimate the degree of creditworthiness of the user. Additional entries might be added by the issuing bank 28.
Beneficially, some entries of some databases of the secure server 2 might be added without a constant identification. For example, a database might comprise the loca tion of the user 5. Modern smartphones track constantly the current location. This information could be added to a location database. Advantageously, each new entry can be made without the identification of the user 5. Based on the entries of the loca tion database identification processes can be restricted. For example, an hour old entry of the user is within a place in Singapore, the same user cannot perform an identification process in New York.
Reference sign
1 Point of interaction device (POI)
2 Secure Server
3 Raw biometric data
4 Biometric data template
5 User
6 Network
7 User interface
8 Biometric sensor component
9 Secure processing module
10 Central program module
11 Secure interface
12 En-/decrypting unit
13 Fingerprint sensor
14 Temperature sensor
15 Pressure sensor
16 Server program module
17 Server secure interface
18 Biometric engine
19 Secure template biometric database
20 Secure database
21 User wallet database
22 User profile database
23 User interaction database
24 Enrollee
25 Demographic data
26 Wallet information
27 Applicant data file
28 Issuing bank
29 Tokenization service provider
30 Token
31 Cryptogram 51 User request
52 Initiation
53 Sensor initiation
54 Biometric capture
55 Biometric encryption
56 Biometric decryption
57 Pre-Quality assessment
58 Quality assessment
59 Spoofing detection
510 Template extraction
511 Template encryption
512 Template transmission
513 Template reception
514 Template decryption
515 Biometric Matching Procedure
516 User validation and biometric ID confirmation
517 Wallet access
518 Inventory of instruments
519 Encryption and transmission of instrument list
520 Reception and encryption of instrument list
521 Presentation of instrument list
522 Encryption and transmission of instrument choice
523 Reception and encryption of instrument choice
524 Providing of token and cryptogram
525 Transmitting request
526 Receiving new cryptogram
527 Storage of new cryptogram
528 Response encryption
529 Response transmission
530 Transmission reception
531 Response decryption
532 Response
533 False Response E1 User request
E2 Initiation
E3 Sensor initiation
E4 Biometric capture
E5 Biometric encryption
E6 Biometric decryption
E7 Pre-Quality assessment
E8 Quality assessment
E9 Spoofing detection
E10 Template extraction
E11 User integrity validation
E12 Template encryption
E13 Template transmission
E14 Template reception
E15 Template decryption
E16 Biometric matching procedure
E17 User biometric ID confirmation and template storage
E18 Transmission of personal information request
E19 Reception of personal information request
E20 Gathering of personal information
E21 Encryption and transmission of personal information
E22 Reception and decryption of personal information
E23 Creation of empty wallet/data base entry
E24 Transmission of instrument information request
E25 Reception of instrument information request
E26 Gathering of instrument information
E27 Decryption of instrument information
E28 Transmission of encrypted instrument information
E29 Reception of encrypted instrument information
E30 Validation of instrument
E31 Wallet access
E32 Validation of account holder
E33 Initiation of SHCE
E34 Request for token E35 Authorization for token
E36 Creation of token
E37 Reception of token
E38 Provisioning of token in wallet E39 Request for cryptogram
E40 Creation of cryptogram
E41 Reception of cryptogram
E42 Provisioning of cryptogram in wallet E43 Transmission of encrypted response E44 Reception of encrypted response
E45 Response decryption
E46 Response
E47 False response

Claims

Claims
1. Method for generating a biometric data template of a person comprising the steps of:
a) scanning of raw biometric data of a user with a biometric sensor
b) carrying out at least two of the following three processes in parallel
- checking the quality of the raw biometric data;
- checking whether the raw biometric data are fraud data;
- extracting an biometric data template of the raw biometric data.
2. Method according to claim 1 ,
characterized in that
all three processes under b) are carried out in parallel.
3. Method according to claim 1 or 2,
characterized in that
checking the quality of the raw biometric data comprises the evaluation of one or more of the following:
- the positioning of the raw biometric data,
- the area of the raw biometric data
- the contrast level and/or the bright/dark ratio
4. Method according to one of the claims 1 to 3,
characterized in that
checking whether the raw biometric data are fraud data with biometric features that are distinctive, distinguishing from synthesized biometric replicas comprises the evaluation of one or more of the following:
- the analysis of biometric profile by generating a 3-dimensional model during im age / data acquisition process,
- the characterizing and/or categorization of raw biometric data
- the position of the biometric data,
- the mean color
- the difference of two temporal fallowing raw biometric data sets,
- a measured mean skin pore size, - a counted numbers of skin pores,
- a measured reflectivity index of the skin,
- a measured light resistivity,
- a measured temperature,
- a measured electric resistivity,
- a measured temporal pressure profile,
- a measured blood oximetry,
- a measured capacitance,
- a measured heart beat profile.
5. Method according to one of the claims 1 to 4,
characterized in that
extracting an biometric data template of the raw biometric data comprises:
- rotating and shifting the biometric data in such, that the mean and the orienta tion of all biometric data is comparable to each other and/or
- detection and write out of characteristics, such as Minutiae features.
6. Method according to one of the claims 1 to 5,
characterized in that
the raw biometric data are pre-screened before the parallel processing according to b).
7. Method according to claim 6,
characterized in that
the evaluation of one or more of the following:
- the detection of multiple raw biometric data,
- the area of biometric capture for processing,
- the mean color and/or
- the clarity and/or
- the bright/dark ratio.
8. Method according to one of the claims 1 to 7,
characterized in that several sets of raw biometric data are scanned of the same biological object and are processed simultaneously or cascaded.
9. Method according to one of the claims 1 to 8,
characterized in that
the method is carried out in a sensor unit comprising a microprocessor.
10. Method for identifying a person by means of biometric data comprising the steps of
a) scanning of raw biometric data of a user with a biometric sensor,
b) extracting a biometric data template of the raw biometric data,
c) transmitting the biometric data template to a central server,
d) comparing the biometric data template with templates of known persons stored in a database for identifying the person.
11. Method according to claim 10,
characterized in that
the template is a list standardized features contained in the raw biometric data, so that the template comprises a reduced amount of data in comparison to the raw biometric data.
12. Method according to claim 10 or 11 ,
characterized in that
the quality of the raw biometric data is checked, and/or it is checked whether the raw biometric data are fraud data.
13. Method according to one of the claims 10 to 12,
characterized in that
in c) a scoring value, which describes the likeliness of a spoofing attempt accord ing to claim 4, is transmitted along with the biometric data template to a central server.
14. Method according to one of the claims 10 to 13,
characterized in that the biometric data template is generated according to a method of the claims 1 to 9.
15. Method for identifying a person by means of biometric data, particularly accord ing to one of the claims 10 to 14, comprising the steps of
comparing a biometric data template generated from biometric data scanned of an unknown person and with templates of known persons stored in a database for identifying the person, wherein
the database comprises for each person several biometric data templates.
16. Method according to claim 15,
characterized in that
after a coincidence of the generated template with a database- tern plate with high correlation matching score during a transaction, the generated template or bio metric data in parts or full is added to the database documenting the identity of the person pursuing the transaction.
17. Method for documenting a transaction authenticated through biometrics of a per son comprising one or two below components:
a) documenting the details of transaction
b) documenting the identity of the person.
18. Method according to claim 17,
characterized in that
under a) documenting the details of transaction consists one or more of the fol lowing:
- the type of transaction,
- the reference or transaction code or ID,
- the service or goods transacted,
- Monetary value of transaction,
- Identification of merchant or seller,
- Identification of user or buyer,
- Date of transaction, - Time of transaction,
- Location of transaction.
19. Method according to claim 17, characterized in that
under b) documenting the identity of the person pursuing the transaction consists one or more of the following:
- the mathematical expression or score derived from the parallel or non sequential processing,
- the ID of the device/POI (point of interaction) employed for the transaction,
- the mathematical expression or score derived for spoof detection,
- the template generated during the transaction for identification,
- the truncated version of the generated template,
- the calibrated or standardized scaled down version of the biometric data.
20. Method according to claim 16,
characterized in that,
if a generated template is added to the database an average template is gener ated by at least two templates identifying this person.
21. Method of carrying out a certain action which needs the identification of a person comprising the steps of
- identifying the person by a method according to one of the claims 10 to 20, and
- checking the probability of a fraud of this action.
22. Method according to claim 21 ,
characterized in that
by checking the probability of a fraud of this action the biometric data template is considered.
23. Method according to claim 21 ,
characterized in that
by checking the probability of a fraud of this action the mathematical expression derived in spoofing module is considered.
24. Method according to claim 21 or 23,
characterized in that
the certain action, which needs the identification, is a financial transaction.
25. Method according to one of the claims 21 to 24,
characterized in that
a financial instrument, which is stored on the central server, is used to perform the financial transaction.
26. Method according to one of the claims 21 to 25,
characterized in that
the financial instrument is encrypted by a tokenization service provider.
27. Method according to one of the claims 21 to 26,
characterized in that
a cryptogram, which is provided by a tokenization service provider, is stored on the central server.
28. Method according to one of the claims 21 to 27,
characterized in that
a digitized financial instrument issued by an issuing organization or an individual to a user can be directly allocated into the user’s wallet database after authenti cation with user biometrics
29. Method according to claim 28,
characterized in that
the transaction with such instruments can be authenticated with biometrics with out the need of the tokenization process.
30. Method to enroll a person to a central server, particularly according to one of the claims 10 to 16 and 20 to 23, comprising the steps of:
a) generating a biometric data template of a person, particularly according to one of the claims 1 to 9,
b) identifying a person by means of biometric data, particularly according to one of the claims 10 to 18,
c) creating an entry in a biometric database comprising:
- biometric data template of the person
- biometric ID number
d) creating an entry in at least on further databases:
- profile database,
- user wallet database,
- interaction database.
31. Method according to claim 30,
characterized in that
during the enrollment process of step a) a user integrity validation is performed.
32. Method according to one of the claims 1 to 31 ,
characterized in that
the biometric data are fingerprints.
33. Device for generating a biometric data template,
in particular according to one of the claims 1 to 9,
comprising:
- a biometric sensor unit embodiment,
- a user interaction interface,
- an external communication unit and
a computation unit.
34. Device for identifying a person by means of biometric data,
in particular according to one of the claims 10 to 30,
comprising:
- a server,
- a database,
- an external communication unit, and
- a computation unit.
PCT/SG2018/050492 2018-09-27 2018-09-27 Biometric identification method WO2020067990A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SG2018/050492 WO2020067990A1 (en) 2018-09-27 2018-09-27 Biometric identification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG2018/050492 WO2020067990A1 (en) 2018-09-27 2018-09-27 Biometric identification method

Publications (1)

Publication Number Publication Date
WO2020067990A1 true WO2020067990A1 (en) 2020-04-02

Family

ID=69952421

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2018/050492 WO2020067990A1 (en) 2018-09-27 2018-09-27 Biometric identification method

Country Status (1)

Country Link
WO (1) WO2020067990A1 (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6591249B2 (en) * 2000-03-26 2003-07-08 Ron Zoka Touch scan internet credit card verification purchase process
WO2005109310A1 (en) * 2004-05-07 2005-11-17 Yarg Biometrics Ltd Biometric identification system
US20090164797A1 (en) * 2007-12-21 2009-06-25 Upek, Inc. Secure off-chip processing such as for biometric data
US20100095130A1 (en) * 2008-10-13 2010-04-15 Global Financial Passport, Llc Smartcards for secure transaction systems
US20110083173A1 (en) * 2009-10-06 2011-04-07 Validity Sensors, Inc. Secure Transaction Systems and Methods
US20160232401A1 (en) * 2015-02-06 2016-08-11 Hoyos Labs Ip Ltd. Systems and methods for performing fingerprint based user authentication using imagery captured using mobile devices
US20170262853A1 (en) * 2016-03-14 2017-09-14 Mastercard International Incorporated Method and system for biometric confirmation of suspect transactions
US20170330020A1 (en) * 2016-05-13 2017-11-16 Fingerprint Cards Ab Fingerprint authentication with parallel processing
US20170357981A1 (en) * 2016-06-13 2017-12-14 Mastercard International Incorporated Systems and Methods for Use in Approving Transactions, Based on Biometric Data
CN107944330A (en) * 2016-11-01 2018-04-20 深圳信炜科技有限公司 Electronic equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6591249B2 (en) * 2000-03-26 2003-07-08 Ron Zoka Touch scan internet credit card verification purchase process
WO2005109310A1 (en) * 2004-05-07 2005-11-17 Yarg Biometrics Ltd Biometric identification system
US20090164797A1 (en) * 2007-12-21 2009-06-25 Upek, Inc. Secure off-chip processing such as for biometric data
US20100095130A1 (en) * 2008-10-13 2010-04-15 Global Financial Passport, Llc Smartcards for secure transaction systems
US20110083173A1 (en) * 2009-10-06 2011-04-07 Validity Sensors, Inc. Secure Transaction Systems and Methods
US20160232401A1 (en) * 2015-02-06 2016-08-11 Hoyos Labs Ip Ltd. Systems and methods for performing fingerprint based user authentication using imagery captured using mobile devices
US20170262853A1 (en) * 2016-03-14 2017-09-14 Mastercard International Incorporated Method and system for biometric confirmation of suspect transactions
US20170330020A1 (en) * 2016-05-13 2017-11-16 Fingerprint Cards Ab Fingerprint authentication with parallel processing
US20170357981A1 (en) * 2016-06-13 2017-12-14 Mastercard International Incorporated Systems and Methods for Use in Approving Transactions, Based on Biometric Data
CN107944330A (en) * 2016-11-01 2018-04-20 深圳信炜科技有限公司 Electronic equipment

Similar Documents

Publication Publication Date Title
US7953670B2 (en) Biometrically secured identification authentication and card reader device
US9544309B1 (en) System and method for enrolling in a biometric system
US7802723B2 (en) System and method for nameless biometric authentication and non-repudiation validation
Das et al. Designing a biometric strategy (fingerprint) measure for enhancing ATM security in Indian e-banking system
US20080005578A1 (en) System and method for traceless biometric identification
AU2017221747B2 (en) Method, system, device and software programme product for the remote authorization of a user of digital services
US20100174914A1 (en) System and method for traceless biometric identification with user selection
US20120032782A1 (en) System for restricted biometric access for a secure global online and electronic environment
BR112019009519A2 (en) biometric transaction system
US20230177508A1 (en) Contactless Biometric Authentication Systems and Methods Thereof
US20160283944A1 (en) Method and apparatus for personal virtual authentication and authorization using digital devices and as an alternative for chip card or smart card
Juan et al. A model for national electronic identity document and authentication mechanism based on blockchain
WO2020261545A1 (en) Authentication system, authentication device, authentication method, and program
Raina Integration of Biometric authentication procedure in customer oriented payment system in trusted mobile devices.
WO2020067990A1 (en) Biometric identification method
Barral Biometrics & [and] Security: Combining Fingerprints, Smart Cards and Cryptography
Hussain et al. BSC: A Novel Scheme for Providing Security using Biometric Smart Card
US20230308436A1 (en) Systems and methods for authentication and validation based on user credential and biometric data
JP7190081B1 (en) Authentication system, authentication method, and program
Kumar et al. Design and development of biometrics secure person detection system for E-passport using cryptographic security protocols
Hung et al. An Enhanced security for government base on multifactor biometric authentication
Saharan et al. Issues and Advantages of Biometric In Online Payment of E-Commerce
BADOVINAC et al. Biometric Authentication Model Based on Transformation of Face Image into a PIN Number Usable During the Covid-19 Pandemic
Abdullahi et al. Biometric Approach as a Means of Preventing Identity Theft
Asani A review of trends of authentication mechanisms for access control

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18934602

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18934602

Country of ref document: EP

Kind code of ref document: A1