WO2001008055A1 - Secure transaction and terminal therefor - Google Patents

Secure transaction and terminal therefor Download PDF

Info

Publication number
WO2001008055A1
WO2001008055A1 PCT/AU2000/000880 AU0000880W WO0108055A1 WO 2001008055 A1 WO2001008055 A1 WO 2001008055A1 AU 0000880 W AU0000880 W AU 0000880W WO 0108055 A1 WO0108055 A1 WO 0108055A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
data
biometric data
person
card
Prior art date
Application number
PCT/AU2000/000880
Other languages
French (fr)
Other versions
WO2001008055A9 (en
Inventor
Barry John Taylor
Original Assignee
Grosvenor Leisure Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AUPQ1786A external-priority patent/AUPQ178699A0/en
Priority claimed from AUPQ7029A external-priority patent/AUPQ702900A0/en
Application filed by Grosvenor Leisure Incorporated filed Critical Grosvenor Leisure Incorporated
Priority to AU59542/00A priority Critical patent/AU5954200A/en
Publication of WO2001008055A1 publication Critical patent/WO2001008055A1/en
Publication of WO2001008055A9 publication Critical patent/WO2001008055A9/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Definitions

  • THIS INVENTION relates to the provision of a secure method for the positive identification of an individual, particularly as a means for the authentication of a purchase of goods or services or for cash withdrawals over a telecommunication medium.
  • the invention finds particular, but not exclusive, use as a means for secure purchasing of goods or services over a visual medium such as television or other visual display medium or the Internet or as part of an EFTPOS system (electronic funds transfer at point of sale).
  • EFTPOS system electronic funds transfer at point of sale.
  • the invention is not to be regarded as limited to such applications and includes within its scope the secure transfer of any data between two or more distanced stations.
  • a significant disadvantage of telecommunication purchasing is that it does not provide positive identification of individuals which is important for preventing unauthorized access to bank account or credit card details by a person wishing to purchase goods or services fraudulently.
  • a code specific for a particular account are known as PIN numbers (Personal Identification Number) and are used in combination with the particular account number.
  • PIN numbers Personal Identification Number
  • PIN and account numbers are not dependent on any cross-checking to ensure that they are being quoted over the telecommunication medium by the true proprietor of that PIN number and its associated credit card or bank account, this type of secure transaction is not too difficult to circumvent.
  • both the user's account identification and PIN number are stored on the card. While this data is encoded, the card can be easily duplicated and then used fraudulently in at least two ways:
  • a transaction can be completed, without a signature or PIN number, by several methods including over the telephone and the Internet using the card number, card name and expiry date.
  • biometric techniques include fingerprint analysis, thermograms and DNA analysis. These methodologies are considered less vulnerable to mistaken identity.
  • One such method includes comparing the biometric data on a card proffered by an individual to a previously created database of biometric data of authorized individuals.
  • this system can still be foiled by individuals who have obtained a biometric card from its rightful owner.
  • a fraudulent user of the card may partially duplicate the card, retaining any credit details but substituting his/her own biometric data for that of the rightful owner of the card.
  • the data obtained from the individual is usually compared to a vast remote databank of such information which is usually difficult and/or slow to locate and access.
  • a method for a secure transfer of data over a telecommunication medium including:
  • said validation means includes biometric data of said person but, more preferably, includes only a part of said biometric data together with a date and time stamp.
  • said validation means includes:
  • identification means adapted for carriage with said person, said identification means containing said unique description
  • said encryption key is determined from only a part of said biometric data.
  • said biometric data is a fingerprint analysis.
  • said identification means is a card of the type capable of holding information in a machine-readable form.
  • said verification biometric data is transmitted to a remote databank for further comparison with biometric data held in said databank.
  • said person attends a point of issue for said identification means, such as a bank, where normal identification procedures for banking or credit card facilities must be met before said identification means is issued.
  • said identification means such as a bank
  • said transmission means includes a terminal remote from said party whereby said person can supply said data to said party and which includes a cellular telephone or wireless data transmission link.
  • a terminal for use in a method for a secure transfer of data as hereinbefore described, said terminal including: transmission means to transmit identification details relevant to said person to said party; and
  • said transmission means further includes a credit or debit card slot assembly.
  • said facility includes:
  • reading means to read said identification means
  • decoding means to obtain biometric data from said identification means
  • comparison means to compare said biometric data with said verification biometric data
  • authentication means to authenticate said transfer of data.
  • said procuring means is a fingerprint reader.
  • said reading means is a smart card slot assembly wherein said smart card contains said biometric data.
  • said reading means is, or is incorporated as part of, a computer, mobile telephone, EFTPOS terminal, ATM, or similar terminal.
  • said identification means is preferably incorporated into the SIM card of the mobile telephone.
  • said facility further includes a printout means to produce a hard copy for recording details of said transfer of data.
  • said printout means is a printer either integral with, or separate from, said facility.
  • said printout means is located within said smart card slot assembly.
  • a print head assembly which may be of a mechanical, thermal, laser or inkjet type, prints a receipt when the receipt is entered (or withdrawn) from the slot assembly subsequent to the completion of the transfer of data and removal of the smart card from the slot assembly.
  • a sensor of either optical or magnetic type detects the presence of the inserted blank receipt and activates the printing process.
  • said receipt is a single, duplicate or triplicate receipt in the form of a "tear off pad”.
  • said receipt is a multiple copy receipt of comparable size to a credit or debit card.
  • said receipt is in triplicate.
  • FIG. 1 is a diagrammatic simplistic representation of all features of the present invention
  • FIG. 2a is a top plan view schematic representation of the terminal of the present invention.
  • FIG. 2b is a top edge view schematic representation of the terminal of FIG. 2a.
  • FIG. 1 there is a central processing unit (1) connected to a cellular telecommunications network (2).
  • a fingerprint reader (3) is connected to a smart card (4) issuing terminal (5) which can communicate with the network (2).
  • a transaction terminal (6) placed at a merchant's place of business, is also in communication with the network (2).
  • the terminal (6) includes a keyboard (7) to enter details of a transaction, a screen (8) to display the thus-entered details, a fingerprint reader (9), a smart card reader assembly (10) and a printhead assembly (not illustrated) incorporated within the card reader assembly (10).
  • the operating software of the terminal (6) includes code to decrypt encrypted information read from the smart card (4).
  • An individual wishing to undertake a secure financial transaction using a machine-readable card first obtains a card which incorporates encrypted biometric and financial data of that individual. This is achieved by presenting him- or herself to an institution such as a bank which issues machine-readable "smart" cards. As is usual when applying for a credit or debit card at such an institution, the individual must first provide positive identification which meets the requirements of the institution before proceeding.
  • biometric data in particular, fingerprint data
  • fingerprint data of the individual is taken at the institution using any suitable fingerprint reader known in the art. Although not essential, data can be taken from two fingerprints to minimize any subsequent false rejection that may occur when the present invention is in use at a merchant's place of business.
  • the scanned image of the fingerprint(s), which is represented by a mathematical representation of the ridge pattern, is then compressed and encrypted using any appropriate encryption algorithm known in the art of financial transactions to ensure that it can only be read or compared by first decrypting the data.
  • This encrypted biometric data and the financial details of the individual are stored in the memory of the smart card.
  • the card (4) is placed in the reader assembly (10) of the terminal (6) whereby the value of the transaction is enter by the merchant using the keyboard (7).
  • the value of the purchase is displayed on the visual display screen (8).
  • the account details and encrypted biometric data are also read by the terminal (6).
  • the appropriate fingerprint of the individual is then taken at the fingerprint reader (9) of the terminal (6) from which the encryption key is determined.
  • the encrypted fingerprint data read from the card (4) is then decrypted using the encryption key just determined and the thus-decoded fingerprint data from the card (4) is compared with the fingerprint data obtained at the terminal (6); if the thus-read fingerprint data is identical with that decoded from the card (4), identification is deemed positive and the financial transaction proceeds. If the comparison is deemed negative, the customer represents the finger, or alternative finger if two such fingerprints have been stored on the card (4), for a second scan whereby the comparison process described above is repeated. Although this procedure could be repeated several times, in practice, it is expected that the terminal (6) will be set to allow only a maximum of three consecutive attempts to obtain the verification biometric data and compare with the biometric data included within the smart card (4). If validation does not occur within those three attempts, the identification is deemed negative.
  • a receipt is inserted in the reader/printer slot (10) and the details of the transaction are recorded on the receipt. Details of the transaction are also transmitted to the central processing facilities (1) for record purposes.
  • the method and terminal of the present invention are particularly suitable for point of sale purchasing of goods or services in all markets.
  • the terminal can be a self-contained stand-alone unit, or used in cooperation with a palmtop, laptop or desktop computer or any other unit which includes a visual display unit.
  • the terminal of the present invention can utilise any convenient telecommunication network, and can be any combination of cellular, satellite, microwave or hard wire telephone or other communication network although, preferably, the terminal will be a wireless communication device incorporating the functionality and convenience of a mobile cellular telephone.
  • secure transfer features of the present invention can be attached to existing ATM machines (Automatic Teller Machines) thus increasing the security of withdrawals therefrom.
  • Fraudulent use of a credit or debit card can be eliminated. Although a partial duplicate of smart card data can be made keeping the credit data, replacing biometric data of the true owner of the card with that of the fraudulent user is insufficient to create a valid card as the encryption key is different being based on the original biometric data.

Abstract

A method and apparatus are disclosed for the positive identification of an individual of use for the secure purchasing of goods or services over a visual medium such as television, the Internet and EFTPOS systems. The apparatus is a point-of-sale terminal (6) which includes a keyboard (7), a screen (8), a fingerprint reader (9), a smart card reader assembly (10) and a printhead assembly incorporated within the card reader assembly (10). The operating software of the terminal (6) includes code to decrypt encrypted information read from the smart card (4). An individual wishing to undertake a secure financial transaction first obtains a smart card (4) which incorporates encrypted biometric data and financial data of that individual. At the point of intended purchase, the card (4) is placed in the reader assembly (10) of the terminal (6). The account details and encrypted biometric data are read by the terminal (6). The appropriate fingerprint of the individual is then taken at the fingerprint reader (9) of the terminal (6) from which the encryption key is determined. The encrypted fingerprint data read from the card (4) is then decrypted using the encryption key just determined and the thus-decoded fingerprint data from the card (4) is compared with the fingerprint data obtained at the terminal (6). If the thus-read fingerprint data is identical with that decoded from the card (4), identification is deemed positive and the financial transaction proceeds.

Description

TITLE: SECURE TRANSACTION AND TERMINAL THEREFOR
THIS INVENTION relates to the provision of a secure method for the positive identification of an individual, particularly as a means for the authentication of a purchase of goods or services or for cash withdrawals over a telecommunication medium. The invention finds particular, but not exclusive, use as a means for secure purchasing of goods or services over a visual medium such as television or other visual display medium or the Internet or as part of an EFTPOS system (electronic funds transfer at point of sale). However, the invention is not to be regarded as limited to such applications and includes within its scope the secure transfer of any data between two or more distanced stations.
The advertising of goods and services over media such as television and the Internet is now commonplace. With television advertising, the public can often purchase the goods or services so-advertised over the telephone using a credit card facility. With the Internet now well known as an electronic medium and powerful communications tool the seamless system (World Wide Web) linking information on different computers, the general public can readily access the Internet for a wide variety of purposes, including to order numerous consumer goods and/or services online. Once again, payment for these goods and/or services is often by a credit card facility. Yet again, payment of goods at their point of sale by credit or debit cards (EFTPOS) is now common in the marketplace.
A significant disadvantage of telecommunication purchasing is that it does not provide positive identification of individuals which is important for preventing unauthorized access to bank account or credit card details by a person wishing to purchase goods or services fraudulently. Possibly the most common method of positive identification before a sale is authorized over a telecommunication medium is the use of a code specific for a particular account. These codes, often numeric but can be alphabetical or alphanumeric, are known as PIN numbers (Personal Identification Number) and are used in combination with the particular account number. However, as PIN and account numbers are not dependent on any cross-checking to ensure that they are being quoted over the telecommunication medium by the true proprietor of that PIN number and its associated credit card or bank account, this type of secure transaction is not too difficult to circumvent.
In particular, in current systems utilizing such a magnetic strip credit or debit card, both the user's account identification and PIN number are stored on the card. While this data is encoded, the card can be easily duplicated and then used fraudulently in at least two ways:
1. If the fraudulent user holds the card, a transaction can be completed, without a signature or PIN number, by several methods including over the telephone and the Internet using the card number, card name and expiry date.
2. If the fraudulent user knows the PIN number, then a substitute card can be used in ATM's, EFTPOS terminals, etc.
These fraudulent transactions create liability for both the issuing authority - which may be a bank building society or other financial institution - and the cardholder leading to subsequent disputes between the two parties.
One prior art solution proposed for this particular problem is to adopt methodologies relying on a physical attribute of the individual. Such methodologies, commonly referred to as biometric techniques, include fingerprint analysis, thermograms and DNA analysis. These methodologies are considered less vulnerable to mistaken identity.
One such method includes comparing the biometric data on a card proffered by an individual to a previously created database of biometric data of authorized individuals. However, this system can still be foiled by individuals who have obtained a biometric card from its rightful owner. Alternatively, a fraudulent user of the card may partially duplicate the card, retaining any credit details but substituting his/her own biometric data for that of the rightful owner of the card. Further, the data obtained from the individual is usually compared to a vast remote databank of such information which is usually difficult and/or slow to locate and access.
The presently available methods to overcome the above discussed disadvantages thus are readily circumvented and do not provide satisfactory methods for the positive and expedient identification of an individual necessary to authentic a proposed financial transaction.
It is thus a general object of the present invention to overcome, or at least ameliorate, one or more of the above problems and/or disadvantages.
Therefore, according to a first aspect of the present invention, there is provided a method for a secure transfer of data over a telecommunication medium, said method including:
providing a transmission means to transmit said data from a person desirous of undertaking a transaction to a party requiring to verify said data in order to validate said data before said transaction can be undertaken; and providing a validation means to ensure that said person is authorized to undertake said transaction, said validation means being unique for said person.
In a first embodiment of the present invention, said validation means includes biometric data of said person but, more preferably, includes only a part of said biometric data together with a date and time stamp.
In this first embodiment, when said validation means is transmitted as a code which has not been formulated in any conventional manner, any unauthorized user who intercepts that information only receives a coded form of the biometric data which cannot be used for a later, fraudulent, transaction.
In a second embodiment of the present invention, said validation means includes:
providing a unique description for said person, said unique description including biometric data and financial data of said person;
encrypting said unique description with an encryption key, said encryption key determined from said biometric data;
providing identification means adapted for carriage with said person, said identification means containing said unique description;
providing a reading means to obtain verification biometric data from an individual offering said identification means;
comparing said verification biometric data with said biometric data included in said unique description; and authenticating said transfer of data if said verification biometric data from said individual is identical with said biometric data of said person included in said unique description.
Preferably, said encryption key is determined from only a part of said biometric data.
Preferably, said biometric data is a fingerprint analysis.
Preferably, said identification means is a card of the type capable of holding information in a machine-readable form.
Optionally, after said reading means has obtained said verification biometric data from said individual and said transfer of data has been initially authenticated, said verification biometric data is transmitted to a remote databank for further comparison with biometric data held in said databank.
Preferably, said person attends a point of issue for said identification means, such as a bank, where normal identification procedures for banking or credit card facilities must be met before said identification means is issued.
Preferably, said transmission means includes a terminal remote from said party whereby said person can supply said data to said party and which includes a cellular telephone or wireless data transmission link.
Thus, according to a second aspect of the present invention, there is provided a terminal for use in a method for a secure transfer of data as hereinbefore described, said terminal including: transmission means to transmit identification details relevant to said person to said party; and
a facility for said person to provide verification biometric data of said person with said identification details.
Preferably, said transmission means further includes a credit or debit card slot assembly.
Preferably, said facility includes:
procuring means to obtain said verification biometric data from an individual offering said identification means;
reading means to read said identification means;
decoding means to obtain biometric data from said identification means;
comparison means to compare said biometric data with said verification biometric data; and
authentication means to authenticate said transfer of data.
Preferably, said procuring means is a fingerprint reader.
Preferably, said reading means is a smart card slot assembly wherein said smart card contains said biometric data.
More preferably, said reading means is, or is incorporated as part of, a computer, mobile telephone, EFTPOS terminal, ATM, or similar terminal. In those embodiments where said reading means is incorporated into a mobile telephone, said identification means is preferably incorporated into the SIM card of the mobile telephone.
More preferably, said facility further includes a printout means to produce a hard copy for recording details of said transfer of data.
In a third embodiment of the present invention, said printout means is a printer either integral with, or separate from, said facility.
In a fourth embodiment of the present invention, said printout means is located within said smart card slot assembly. A print head assembly, which may be of a mechanical, thermal, laser or inkjet type, prints a receipt when the receipt is entered (or withdrawn) from the slot assembly subsequent to the completion of the transfer of data and removal of the smart card from the slot assembly. A sensor of either optical or magnetic type detects the presence of the inserted blank receipt and activates the printing process.
Preferably, said receipt is a single, duplicate or triplicate receipt in the form of a "tear off pad".
More preferably, said receipt is a multiple copy receipt of comparable size to a credit or debit card.
Most preferably, said receipt is in triplicate.
A preferred embodiment of the present invention will now be described with reference to the accompanying drawings, wherein: FIG. 1 is a diagrammatic simplistic representation of all features of the present invention;
FIG. 2a is a top plan view schematic representation of the terminal of the present invention; and
FIG. 2b is a top edge view schematic representation of the terminal of FIG. 2a.
With reference to FIG. 1 , there is a central processing unit (1) connected to a cellular telecommunications network (2). A fingerprint reader (3) is connected to a smart card (4) issuing terminal (5) which can communicate with the network (2). It will be appreciated by those skilled in the art that each of these components are known and their interconnection possible by any suitable means known in the art. A transaction terminal (6), placed at a merchant's place of business, is also in communication with the network (2). As illustrated in FIGS. 2a & b, the terminal (6) includes a keyboard (7) to enter details of a transaction, a screen (8) to display the thus-entered details, a fingerprint reader (9), a smart card reader assembly (10) and a printhead assembly (not illustrated) incorporated within the card reader assembly (10). The operating software of the terminal (6) includes code to decrypt encrypted information read from the smart card (4). Once again, it will be appreciated by those skilled in the art that each component of the terminal (6) is known and interconnection of the various components can be undertaken by known methods.
An individual wishing to undertake a secure financial transaction using a machine-readable card first obtains a card which incorporates encrypted biometric and financial data of that individual. This is achieved by presenting him- or herself to an institution such as a bank which issues machine-readable "smart" cards. As is usual when applying for a credit or debit card at such an institution, the individual must first provide positive identification which meets the requirements of the institution before proceeding. Once assigned a smart card, biometric data, in particular, fingerprint data, of the individual is taken at the institution using any suitable fingerprint reader known in the art. Although not essential, data can be taken from two fingerprints to minimize any subsequent false rejection that may occur when the present invention is in use at a merchant's place of business. The scanned image of the fingerprint(s), which is represented by a mathematical representation of the ridge pattern, is then compressed and encrypted using any appropriate encryption algorithm known in the art of financial transactions to ensure that it can only be read or compared by first decrypting the data. This encrypted biometric data and the financial details of the individual are stored in the memory of the smart card.
To undertake a secure purchase using this card (4), at the point of intended purchase, the card (4) is placed in the reader assembly (10) of the terminal (6) whereby the value of the transaction is enter by the merchant using the keyboard (7). The value of the purchase is displayed on the visual display screen (8). The account details and encrypted biometric data are also read by the terminal (6). The appropriate fingerprint of the individual is then taken at the fingerprint reader (9) of the terminal (6) from which the encryption key is determined. The encrypted fingerprint data read from the card (4) is then decrypted using the encryption key just determined and the thus-decoded fingerprint data from the card (4) is compared with the fingerprint data obtained at the terminal (6); if the thus-read fingerprint data is identical with that decoded from the card (4), identification is deemed positive and the financial transaction proceeds. If the comparison is deemed negative, the customer represents the finger, or alternative finger if two such fingerprints have been stored on the card (4), for a second scan whereby the comparison process described above is repeated. Although this procedure could be repeated several times, in practice, it is expected that the terminal (6) will be set to allow only a maximum of three consecutive attempts to obtain the verification biometric data and compare with the biometric data included within the smart card (4). If validation does not occur within those three attempts, the identification is deemed negative.
Upon a positive transaction, a receipt is inserted in the reader/printer slot (10) and the details of the transaction are recorded on the receipt. Details of the transaction are also transmitted to the central processing facilities (1) for record purposes.
Although in no way limiting, the method and terminal of the present invention are particularly suitable for point of sale purchasing of goods or services in all markets. The terminal can be a self-contained stand-alone unit, or used in cooperation with a palmtop, laptop or desktop computer or any other unit which includes a visual display unit.
Further, the terminal of the present invention can utilise any convenient telecommunication network, and can be any combination of cellular, satellite, microwave or hard wire telephone or other communication network although, preferably, the terminal will be a wireless communication device incorporating the functionality and convenience of a mobile cellular telephone.
Also, the secure transfer features of the present invention can be attached to existing ATM machines (Automatic Teller Machines) thus increasing the security of withdrawals therefrom.
By using the present invention, a number of advantages are obtainable including: As authentication of a proposed financial transaction can be undertaken without accessing a remote database, this authentication can be undertaken quickly and in significantly less time than the 20 to 30 seconds required by present means where a central database has to be accessed.
Fraudulent use of a credit or debit card can be eliminated. Although a partial duplicate of smart card data can be made keeping the credit data, replacing biometric data of the true owner of the card with that of the fraudulent user is insufficient to create a valid card as the encryption key is different being based on the original biometric data.
It will be appreciated that the above described embodiments are only exemplification of the various aspects of the present invention and that modifications and alterations can be made thereto without departing from the inventive concept as defined in the following claims.

Claims

1. A method for a secure transfer of data over a telecommunication medium, said method including:
providing a transmission means to transmit said data from a person desirous of undertaking a transaction to a party requiring to verify said data in order to validate said data before said transaction can be undertaken; and
providing a validation means to ensure that said person is authorized to undertake said transaction, said validation means being unique for said person.
2. A method as defined in Claim 1 , wherein said validation means includes biometric data of said person.
3. A method as defined in Claim 2, wherein said validation means includes only a part of said biometric data together with a date and time stamp.
4. A method as defined in Claim 1 , wherein said validation means includes:
providing a unique description for said person, said unique description including biometric data and financial data of said person;
encrypting said unique description with an encryption key, said encryption key determined from said biometric data; providing identification means adapted for carriage with said person, said identification means containing said unique description;
providing a reading means to obtain verification biometric data from an individual offering said identification means;
comparing said verification biometric data with said biometric data included in said unique description; and
authenticating said transfer of data if said verification biometric data from said individual is identical with said biometric data of said person included in said unique description.
5. A method as defined in Claim 4, wherein said encryption key is determined from only a part of said biometric data.
6. A method as defined in any one of Claims 2 to 5, wherein said biometric data is a fingerprint analysis.
7. A method as defined in any one of Claims 4 to 6, wherein said identification means is a card of the type capable of holding information in a machine-readable form.
8. A method as defined in any one of Claims 4 to 7, wherein after said reading means has obtained said verification biometric data from said individual and said transfer of data has been initially authenticated, said verification biometric data is transmitted to a remote databank for further comparison with biometric data held in said databank.
9. A method as defined in any one of Claims 1 to 8, wherein said transmission means includes a terminal remote from said party whereby said person can supply said data to said party and which includes a cellular telephone or wireless data transmission link.
10. A terminal for use in a method for a secure transfer of data as defined in any one of Claims 1 to 9, said terminal including:
transmission means to transmit identification details relevant to said person to said party; and
a facility for said person to provide verification biometric data of said person with said identification details.
11. A terminal as defined in Claim 10, wherein said transmission means further includes a credit or debit card slot assembly.
12. A terminal as defined in Claim 10 or Clam 11 , wherein said facility includes:
procuring means to obtain said verification biometric data from an individual offering said identification means;
reading means to read said identification means;
decoding means to obtain biometric data from said identification means;
comparison means to compare said biometric data with said verification biometric data; and authentication means to authenticate said transfer of data.
13. A terminal as defined in Claim 12, wherein said procuring means is a fingerprint reader.
14. A terminal as defined in Claim 12 or Claim 13, wherein said reading means is a slot assembly for a smart card wherein said smart card contains said biometric data.
15. A terminal as defined in any one of Claims 12 to 14, wherein said reading means is, or is incorporated as part of, a computer, mobile telephone, EFTPOS terminal, ATM, or similar terminal.
16. A terminal as defined in Claim 15 wherein said reading means is, or is incorporated as part of, a mobile telephone.
17. A terminal as defined in Claim 16, wherein said identification means is incorporated into the SIM card of said mobile telephone.
18. A terminal as defined in any one of Claims 10 to 17, wherein said facility further includes a printout means to produce a hard copy for recording details of said transfer of data .
19. A terminal as defined in Claim 18, wherein said printout means is a printer either integral with, or separate from, said facility.
20. A terminal as defined in Claim 18 or Claim 19, wherein said printout means is located within said slot assembly for said smart card.
PCT/AU2000/000880 1999-07-23 2000-07-21 Secure transaction and terminal therefor WO2001008055A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU59542/00A AU5954200A (en) 1999-07-23 2000-07-21 Secure transaction and terminal therefor

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AUPQ1786 1999-07-23
AUPQ1786A AUPQ178699A0 (en) 1999-07-23 1999-07-23 Secure transaction and terminal therefor
AUPQ7029A AUPQ702900A0 (en) 2000-04-20 2000-04-20 Secure biometric loop
AUPQ7029 2000-04-20

Publications (2)

Publication Number Publication Date
WO2001008055A1 true WO2001008055A1 (en) 2001-02-01
WO2001008055A9 WO2001008055A9 (en) 2002-09-06

Family

ID=25646109

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2000/000880 WO2001008055A1 (en) 1999-07-23 2000-07-21 Secure transaction and terminal therefor

Country Status (1)

Country Link
WO (1) WO2001008055A1 (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002067172A1 (en) * 2001-02-22 2002-08-29 Direktgiro Ab System for effecting orders for payment with identification by means of card data and fingerprint
WO2002091291A1 (en) * 2001-05-04 2002-11-14 Velasquez Leon Carlos Guillerm Complete personal identification system
WO2003003282A1 (en) * 2001-06-28 2003-01-09 Trek 2000 International Ltd. A portable device having biometrics-based authentication capabilities
DE10135527A1 (en) * 2001-07-20 2003-02-13 Infineon Technologies Ag Mobile station for mobile communications system with individual protection code checked before access to requested service or data is allowed
WO2003019484A2 (en) * 2001-08-31 2003-03-06 Websmart.Com Communications Inc. Cardholder transaction control methods, apparatus, signals and media
GB2382207A (en) * 2001-11-19 2003-05-21 Muhammad Alhamdani Fingerprint recognition
GB2391988A (en) * 2002-08-14 2004-02-18 Scient Generics Ltd An identity verification system
GB2375637B (en) * 2000-02-23 2004-09-15 Sony Electronics Inc Method of conducting transactions and a method of access over a network
US6880054B2 (en) 2000-02-21 2005-04-12 Trek Technology (Singapore) Pte. Ltd. Portable data storage device having a secure mode of operation
US6950939B2 (en) 2000-12-08 2005-09-27 Sony Corporation Personal transaction device with secure storage on a removable memory device
EP1715617A2 (en) 2005-04-21 2006-10-25 Giesecke & Devrient GmbH Method for operating a system with a portable data carrier and a terminal device
WO2006117768A1 (en) * 2005-05-03 2006-11-09 Lincor Solutions Limited An information management and entertainment system
US7207480B1 (en) * 2004-09-02 2007-04-24 Sprint Spectrum L.P. Certified digital photo authentication system
WO2008113110A1 (en) * 2007-03-16 2008-09-25 Microlatch Pty Ltd Method and apparatus for performing a transaction using a verification station
US7650470B2 (en) 2001-06-28 2010-01-19 Trek 2000 International, Ltd. Method and devices for data transfer
US9728028B2 (en) * 2005-03-07 2017-08-08 Yves Chemla Security device, method and system for financial transactions, based on the identification of an individual using a biometric profile and a smart card
CN110503430A (en) * 2019-07-15 2019-11-26 捷德(中国)信息科技有限公司 Transaction processing method, safety element and smart card

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1991006920A1 (en) * 1989-11-02 1991-05-16 Tms, Incorporated Non-minutiae automatic fingerprint identification system and methods
WO1998001820A1 (en) * 1996-07-05 1998-01-15 Dynamic Data Systems Pty. Ltd. Identification storage medium and system and method for providing access to authorised users
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system
US5832464A (en) * 1995-05-08 1998-11-03 Image Data, Llc System and method for efficiently processing payments via check and electronic funds transfer
US5870723A (en) * 1994-11-28 1999-02-09 Pare, Jr.; David Ferrin Tokenless biometric transaction authorization method and system
EP0924655A2 (en) * 1997-12-22 1999-06-23 TRW Inc. Controlled access to doors and machines using fingerprint matching

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1991006920A1 (en) * 1989-11-02 1991-05-16 Tms, Incorporated Non-minutiae automatic fingerprint identification system and methods
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system
US5870723A (en) * 1994-11-28 1999-02-09 Pare, Jr.; David Ferrin Tokenless biometric transaction authorization method and system
US5832464A (en) * 1995-05-08 1998-11-03 Image Data, Llc System and method for efficiently processing payments via check and electronic funds transfer
WO1998001820A1 (en) * 1996-07-05 1998-01-15 Dynamic Data Systems Pty. Ltd. Identification storage medium and system and method for providing access to authorised users
EP0924655A2 (en) * 1997-12-22 1999-06-23 TRW Inc. Controlled access to doors and machines using fingerprint matching

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6880054B2 (en) 2000-02-21 2005-04-12 Trek Technology (Singapore) Pte. Ltd. Portable data storage device having a secure mode of operation
US8209462B2 (en) 2000-02-21 2012-06-26 Trek 2000 International Ltd. Portable data storage device
US8838502B2 (en) 2000-02-23 2014-09-16 Sony Corporation Method of using personal device with internal biometric in conducting transactions over a network
GB2375637B (en) * 2000-02-23 2004-09-15 Sony Electronics Inc Method of conducting transactions and a method of access over a network
US6950939B2 (en) 2000-12-08 2005-09-27 Sony Corporation Personal transaction device with secure storage on a removable memory device
WO2002067172A1 (en) * 2001-02-22 2002-08-29 Direktgiro Ab System for effecting orders for payment with identification by means of card data and fingerprint
WO2002091291A1 (en) * 2001-05-04 2002-11-14 Velasquez Leon Carlos Guillerm Complete personal identification system
WO2003003282A1 (en) * 2001-06-28 2003-01-09 Trek 2000 International Ltd. A portable device having biometrics-based authentication capabilities
US7650470B2 (en) 2001-06-28 2010-01-19 Trek 2000 International, Ltd. Method and devices for data transfer
DE10135527A1 (en) * 2001-07-20 2003-02-13 Infineon Technologies Ag Mobile station for mobile communications system with individual protection code checked before access to requested service or data is allowed
US7657287B2 (en) 2001-07-20 2010-02-02 Infineon Technologies Ag Mobile station in a mobile communication system and method for accessing a service and/or a data record in the mobile station's standby mode
WO2003019484A3 (en) * 2001-08-31 2003-08-28 Websmart Com Comm Inc Cardholder transaction control methods, apparatus, signals and media
WO2003019484A2 (en) * 2001-08-31 2003-03-06 Websmart.Com Communications Inc. Cardholder transaction control methods, apparatus, signals and media
GB2382207A (en) * 2001-11-19 2003-05-21 Muhammad Alhamdani Fingerprint recognition
GB2391988A (en) * 2002-08-14 2004-02-18 Scient Generics Ltd An identity verification system
US7207480B1 (en) * 2004-09-02 2007-04-24 Sprint Spectrum L.P. Certified digital photo authentication system
US9728028B2 (en) * 2005-03-07 2017-08-08 Yves Chemla Security device, method and system for financial transactions, based on the identification of an individual using a biometric profile and a smart card
DE102005018561A1 (en) * 2005-04-21 2006-11-02 Giesecke & Devrient Gmbh Method for operating a system with a portable data carrier and a terminal
EP1715617A2 (en) 2005-04-21 2006-10-25 Giesecke & Devrient GmbH Method for operating a system with a portable data carrier and a terminal device
WO2006117768A1 (en) * 2005-05-03 2006-11-09 Lincor Solutions Limited An information management and entertainment system
US8065330B2 (en) 2005-05-03 2011-11-22 Lincor Solutions Limited Information management and entertainment system
WO2008113110A1 (en) * 2007-03-16 2008-09-25 Microlatch Pty Ltd Method and apparatus for performing a transaction using a verification station
CN110503430A (en) * 2019-07-15 2019-11-26 捷德(中国)信息科技有限公司 Transaction processing method, safety element and smart card

Also Published As

Publication number Publication date
WO2001008055A9 (en) 2002-09-06

Similar Documents

Publication Publication Date Title
WO2001090962A1 (en) Secure biometric identification
US20060174134A1 (en) Secure steganographic biometric identification
US6182894B1 (en) Systems and methods for authorizing a transaction card
CA2665417C (en) Proxy authentication methods and apparatus
US4357529A (en) Multilevel security apparatus and method
US4304990A (en) Multilevel security apparatus and method
US4328414A (en) Multilevel security apparatus and method
US5163098A (en) System for preventing fraudulent use of credit card
CN101069187B (en) Secure cards and methods
WO2001008055A1 (en) Secure transaction and terminal therefor
US20070078780A1 (en) Bio-conversion system for banking and merchant markets
KR20010025234A (en) A certification method of credit of a financing card based on fingerprint and a certification system thereof
US20120091199A1 (en) Multi-account card system
JP2001266088A (en) Card and its forger-preventing method
AU2001255978B2 (en) Secure biometric identification
WO2007006084A1 (en) Card processing apparatus and method
AU2001255978A1 (en) Secure biometric identification
JP2002158655A (en) Certifying device, collating device and electronic certificate system with which these devices are connected
RU2208247C2 (en) Method for authenticating plastic card user
KR20040070413A (en) The security system of the credit card & the cash card.
KR100655696B1 (en) Method of security for money card using finger print acknowledge and system thereof
KR20020033274A (en) Sytem for the acceptance of payment through IC typed credit card and identifier of fingerprint
KR20040068834A (en) The ID authentication system & method of the bank's ATM & card verification terminal.

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
COP Corrected version of pamphlet

Free format text: PAGES 1/2-2/2, DRAWINGS, REPLACED BY NEW PAGES 1/2-2/2; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

NENP Non-entry into the national phase

Ref country code: JP