HK1058979B - Method and device for secure biometric identification - Google Patents
Method and device for secure biometric identification Download PDFInfo
- Publication number
- HK1058979B HK1058979B HK04101689.0A HK04101689A HK1058979B HK 1058979 B HK1058979 B HK 1058979B HK 04101689 A HK04101689 A HK 04101689A HK 1058979 B HK1058979 B HK 1058979B
- Authority
- HK
- Hong Kong
- Prior art keywords
- biometric data
- individual
- data
- terminal
- card
- Prior art date
Links
Description
Technical Field
The present invention relates to a secure method for confident identification of an individual, particularly (but not exclusively) as a confirmation means of shopping or services or cash withdrawal on a telecommunications medium. The invention has particular, but not exclusive, application as a secure means of shopping or services on visual media such as a television or other visual display medium or the internet or as part of an EFTPOS (electronic funds transfer on sale) system. The present invention should not be considered as limited to such use.
Background
It is now very common to advertise goods and services through media such as television and the internet. With television advertising, people can purchase advertised goods or services, usually over the phone using a credit card. The internet is now well known as an electronic media and powerful communication tool, a seamless system of information linked to different computers (the world wide web), and is readily accessible to the public for a variety of purposes, including ordering various consumer goods and/or services online. These goods and/or services are then typically paid for by credit card. Also, it is now common to pay for goods when sold in stores using credit or debit cards (EFTPOS).
One significant drawback of telecom shopping is that: the individual cannot be confidently identified which is important to prevent unauthorized access to bank account or credit card details by a person attempting to fraudulently shop or service.
The most common method by which confident identification can be made before a sale is approved through the telecommunications media is to use a specific code for a particular account. These codes are usually numeric but may be alphabetic or alphanumeric, such as a PIN number (personal identification number) for association with a particular account number. But it is not too difficult to circumvent this type of secure transaction as the PIN and account number are not cross-checked to ensure that they are used on the telecommunications medium by the very owner of the PIN number and associated credit card or bank account.
Specifically, in existing systems that employ magnetic stripe credit or debit cards, the user's account identity and PIN number are stored on the card. Although the data is encoded, it is easy to copy the card and then fraud can be done in at least two ways:
1. if a counterfeit user holds the card, the transaction can be completed without the need for a signature or PIN number, by several methods including the use of the card number, card name and expiration date on the phone and the internet.
2. If the PIN number is known to a fake user, a token may be used on an ATM, EFTPOS terminal, or the like.
These fraudulent transactions may cause debt to the card issuing authority (which may be a bank or other financial institution) and the card holder, which may then result in a dispute between the two parties.
Confident identification of an individual's identity is also important to prevent unauthorized access to or passage through certain specific locations or facilities, including, for example, International destinations (International destinations), bank vaults, and other restricted areas including security buildings, prisons, airport terminals, and the like.
But when an official attempts to confirm the identity of an individual by, for example, manual interrogation, comparison of visual characteristics with a photograph on a passport, or comparison of a name with a list of restricted persons banned from entering or leaving a particular country, such proper identification of the individual may delay travel across national borders.
One solution proposed in the prior art to these particular problems is to employ a method that is dependent on the physical characteristics of the individual. This method is commonly referred to as biometric techniques and includes fingerprint analysis, thermography and DNA analysis. It is generally believed that these methods are less prone to false identifications.
One such method includes comparing biometric data on a card provided by the individual with a pre-generated database of biometric data of licensed individuals. But a person who obtains a biometric card from the correct owner would still defeat such a system. Alternatively, a counterfeit user of such a card may partially copy the card, retaining any credit card information, but replacing the biometric data of the correct owner of the card with his/her own biometric data. In addition, data obtained from individuals is often compared to large remote databases of such information, which are difficult and/or slow to locate and access.
The method capable of overcoming the defects can be summarized as follows: possession of a passport, knowledge of a password, possession of a limited product, such as by a key, and biometric techniques that compare personal data on the card to a remote database of such information.
These security methods are however easy to defeat and do not provide a satisfactory correct and convenient method of personal identification.
Disclosure of Invention
It is therefore a general object of the present invention to overcome or at least ameliorate one or more of the problems and/or disadvantages described above.
According to a first aspect of the present invention, there is provided a method for correctly identifying the identity of an individual, the method comprising:
providing a unique characterization (a unique description) for said individual, said unique characterization including biometric data of said individual;
encrypting the unique representation using an encryption key (an encryption key), the encryption key being determined from the biometric data;
providing an identification device for carrying by said individual, the identification device comprising said unique representation;
providing an acquisition device to acquire verification biometric data from the identification device submitted by the individual;
determining an encryption key from the verification biometric data;
decrypting the biometric data included in the unique representation using the encryption key obtained from the verification biometric data;
comparing the verification biometric data with the decrypted biometric data;
wherein the identity of the individual is deemed correct when the verified biometric data from the individual is consistent with the biometric data of the individual included in the unique representation.
Preferably, the encryption key is determined from only a portion of the biometric data.
Preferably, the biometric data is a fingerprint analysis.
Preferably, the identification means is a card of a type which is capable of holding information in machine-readable form.
Optionally, after the obtaining means has obtained the verification biometric data from the individual and has initially confidently identified the identity of the individual, the verification biometric data is transmitted to a remote database for further comparison with the biometric data stored in the database.
In one embodiment of the invention, the individual travels to an issuing site, such as a bank or the like, to obtain the identification device, and the bank or credit card institution must perform a regular identification procedure before issuing the identification device.
According to a second aspect of the present invention, there is provided an apparatus for use in a method of correctly identifying the identity of an individual as described above, the apparatus comprising:
a facility for obtaining the verification biometric data from an individual providing the identification device;
reading means for reading said identification means;
decoding means for obtaining biometric data from the identification means; and
comparison means for comparing the biometric data with the verification biometric data.
Preferably, the facility is a fingerprint reader.
Preferably, the reading device is a smart card reader combination.
Preferably, the reading device is a computer, a mobile phone, an EFTPOS terminal, an ATM or the like, or is incorporated as part thereof.
When the reading device is installed in a mobile phone, the identification device is installed in a SIM card of the mobile phone.
Optionally, the device will allow up to three consecutive attempts to obtain the verification biometric data and compare it with the biometric data comprised in the identification means. If no confident identification can be made in these three attempts, the identity is considered wrong.
According to a third aspect of the present invention there is provided a method for securely transferring data over a telecommunications medium, the method comprising:
providing a transfer means for transferring said data from an individual wishing to conduct a transaction to a party requiring verification of said data to validate said data before said transaction can be conducted; and
providing a verification means to ensure that the person is entitled to perform the transaction;
wherein the transaction is allowed to proceed after the correct identity of the person has been determined by the correct identity recognition method described above.
Preferably, the data is financial data of the individual.
Preferably said transfer means comprises a terminal remote from said party whereby said individual may provide said data to said party, the means comprising a cellular telephone or a wireless data transfer line.
Therefore, according to a fourth aspect of the present invention, there is provided a terminal for use in the above method of securely transferring data, the terminal comprising:
a transmitting means for transmitting the identity details of the individual to the party; and
means for the individual to provide verified biometric data of the individual using the identity details.
Preferably, the transfer device further comprises a credit card or debit card slot assembly (slotlassment).
Preferably, the facility comprises:
obtaining means for obtaining the verification biometric data from an individual providing the identification means;
reading means for reading the identification means;
decoding means for obtaining biometric data from the identification means;
comparing means for comparing said biometric data with said verification biometric data; and
authentication means (authentication means) for authenticating the transfer of the data.
Preferably, the acquisition device is a fingerprint reader.
Preferably, the reading device is a smart card slot assembly, wherein the smart card comprises the biometric data.
More preferably, the facility further comprises a printout device to generate a hard copy for recording details of the data transfer.
In one embodiment of this aspect of the invention, the printout device is a printer, either integral with or separate from the facility.
In another embodiment of this aspect of the invention, the printout device is located in a slot assembly of the smart card. The printhead assembly may be of the mechanical, thermal, laser or inkjet type, printing a receipt as it enters (or exits) the slot assembly after data transfer is completed and the smart card is ejected from the slot assembly. An optical or magnetic type sensor may be used to detect the presence or absence of an inserted blank receipt and activate the printing process.
Preferably, the receipt is a one, two or three receipt in the form of a "tear-off paper sheet".
More preferably, the receipt is a multiple copy receipt comparable in size to a credit or debit card.
More preferably, the receipt is triple.
Drawings
Preferred embodiments of the present invention will now be described with reference to the accompanying drawings, in which:
figure 1 is a schematic simplified representation of a terminal embodying the present invention for confident identification of an individual wishing to conduct a financial transaction through the terminal.
Fig. 2a is a top plan view schematically illustrating the terminal of the present invention.
Fig. 2b is a top side view schematically illustrating the terminal of fig. 2 a.
Detailed Description
Referring to fig. 1, a central processing unit (1) is connected to a cellular telecommunications network (2). The fingerprint reader (3) is connected to a smart card (4) issuing terminal (5), the smart card issuing terminal (5) being connectable to the network (2). It will be appreciated by those skilled in the art that all of these devices are known and that they may be interconnected by any method known in the art. A transaction terminal (6) located at the trading business is also associated with the network (2). As shown in fig. 2a and 2b, the terminal (6) comprises: a keyboard (7) for entering transaction details; a display screen (8) for displaying details input thereby; a fingerprint reader (9); a smart card reader assembly (10); and a printhead assembly (not shown) housed within the card reader assembly (10). The operating software of the terminal (6) includes a code for decrypting the encrypted information read from the smart card (4). It will be appreciated by those skilled in the art that all of the devices of the terminal (6) are known and that known methods may be employed to interconnect the various devices.
When an individual wishes to conduct a secure financial transaction using a machine-readable card, he first needs to obtain a card with his personal encrypted biometric data and financial data. He or she may go to an organization, such as a bank, that issues machine-readable "smart" cards to obtain such cards. When applying for a credit or debit card at such an institution, the individual must typically first provide the correct identity to meet the needs of the institution prior to issuing the card. Once the smart card is issued, the institution extracts the biometric data (particularly the fingerprint data) of the individual using any suitable fingerprint reader known in the art. Data may be extracted from both fingerprints to reduce any false rejects that may occur when the present invention is used at a trading business, although this is not required. The scanned fingerprint image is represented as a mathematical representation of a ridge pattern that is compressed and encrypted using any suitable encryption algorithm known in the art of financial transactions to ensure that it can only be read or compared if the data is first decrypted. This encrypted biometric data and financial details of the individual are stored in the memory of the smart card.
In order to make a secure purchase using the card (4) at a place where a purchase is desired, the card (4) is placed in a reader set (10) of a terminal (6) and a transaction value is entered by a merchant using a keypad (7). The purchase value is displayed on a visual display screen (8). Account details and encrypted biometric data are also read by the terminal (6). The appropriate fingerprint of the individual is then read at a fingerprint reader (9) of the terminal (6), thereby determining its encryption key. Then decrypting the encrypted fingerprint data read from the card (4) using the encryption key just determined and comparing the thus decoded fingerprint data of the card (4) with the fingerprint data obtained at the terminal; when the fingerprint data thus read coincides with the data decoded from the card (4), the identity is considered correct and the financial transaction is carried out. When the comparison is negative, the consumer reinserts the finger, or replaces it [ if two fingerprints are stored in the card (4) ], performs a second scan and repeats the comparison process. Although the process can be repeated several times, it is in fact desirable to set the terminal (6) such that at most three consecutive attempts are allowed to obtain the verification biometric data and to compare it with the biometric data stored in the smart card (4). When no confirmation occurs in these three attempts, the identity is considered erroneous.
After a correct transaction, a receipt is inserted in the reader/printer slot (10) and transaction details are recorded on the receipt. The details of the transaction are also transmitted to the central processing facility (1) for recording.
Although not particularly limited, the present embodiment is applicable to sales sites where shopping or services are made in all stores. The terminal may be a self-contained stand-alone unit or used in conjunction with a palmtop, laptop or desktop computer or any other unit that includes a visual display unit. In addition, the terminal may utilize any suitable telecommunications network, and may be any combination of cellular, satellite, microwave, or hard-wired telephones or other communications networks, although the terminal preferably utilizes the functionality and convenient wireless communications facilities of a mobile cellular telephone.
The security transfer feature of the present invention can be connected to existing ATMs (automated teller machines) thus increasing the security of withdrawals from the ATM.
By using the present invention, a number of advantages can be obtained, including:
since the identification of the person providing the identification means can be performed without accessing a remote database, the identification can be performed quickly, significantly reducing the time of 20-30 seconds compared to prior art devices that have to access a central database.
Fraudulent use of credit or debit cards can be avoided. Although it is possible to make a partial copy of the smart card data to retain the credit data and replace the biometric data of the card's true owner with the biometric data of the imposter, it is not sufficient to produce a valid card because the encryption key is not the same as that obtained from the original biometric data.
Thus, the present invention employs an encryption key derived from biometric data originally submitted by an individual issuing a credit or debit card or other machine readable identification device, prevents card fraud or other false identifications, is highly secure and convenient to use and apply.
It will be understood that the embodiments described above are merely exemplary of various aspects of the invention, which may be modified and changed without departing from the scope of the invention as defined in the following claims.
Claims (26)
1. A method for correctly identifying an identity of an individual, the method comprising:
providing a unique characterization for the individual, the unique characterization including biometric data of the individual;
encrypting the unique representation using an encryption key, the encryption key determined from the biometric data;
providing an identification device for carrying by said individual, the identification device comprising said unique representation;
providing an acquisition device to acquire verification biometric data from the identification device submitted by the individual;
determining an encryption key from the verification biometric data;
decrypting the biometric data included in the unique representation using the encryption key obtained from the verification biometric data;
comparing said verified biometric data with said decrypted biometric data;
wherein the identity of the individual is deemed correct when the verified biometric data from the individual is consistent with the biometric data of the individual included in the unique representation.
2. The method of claim 1, wherein the encryption key is determined from only a portion of the biometric data.
3. The method of claim 1 or 2, wherein the biometric data is a fingerprint analysis.
4. The method of claim 1, wherein the identification device is a card of a type that is capable of holding information in machine-readable form.
5. The method of claim 1, wherein after said obtaining means has obtained said verification biometric data from said individual and has initially confidently identified the identity of the individual, said verification biometric data is transmitted to a remote database for further comparison with biometric data stored in said database.
6. An apparatus for use in a method of correctly identifying the identity of an individual as claimed in claim 1, the apparatus comprising:
a facility for obtaining the verification biometric data from an individual providing the identification device;
reading means for reading said identification means;
decoding means for obtaining biometric data from the identification means; and
comparison means for comparing the biometric data with the verification biometric data.
7. The apparatus of claim 6, wherein the facility is a fingerprint reader.
8. The apparatus of claim 6, wherein the reading device is a smart card reader assembly.
9. The apparatus of claim 6, wherein the reading means is incorporated into a computer, a telephone, an EFTPOS terminal, or an ATM terminal.
10. The apparatus of claim 9, wherein the reading means is incorporated into a mobile phone.
11. The apparatus of claim 10, wherein said identification means is housed in a SIM card of said mobile telephone.
12. A method for securely transferring data over a telecommunications medium, the method comprising:
providing a transfer means for transferring said data from an individual wishing to conduct a transaction to a party who needs to verify said data to validate said data before said transaction can be conducted; and
providing a verification means to ensure that the person is entitled to perform the transaction;
wherein the transaction is allowed to proceed after the correct identification of the person is determined by a method comprising the steps of:
providing a unique characterization for the individual, the unique characterization including biometric data of the individual;
encrypting the unique representation using an encryption key, the encryption key determined from the biometric data;
providing an identification device for carrying by said individual, the identification device comprising said unique representation;
providing a reading device to obtain verification biometric data from the identification device submitted by the individual;
determining an encryption key from the verification biometric data;
decrypting the biometric data included in the unique representation using the encryption key obtained from the verification biometric data;
comparing said verified biometric data with said decrypted biometric data;
wherein the identity of the individual is deemed correct when the verified biometric data from the individual is consistent with the biometric data of the individual included in the unique representation.
13. The method of claim 12, wherein the data is financial data of the person.
14. A method as claimed in claim 12 or 13, wherein said transmitting means comprises a terminal remote from said party whereby said individual may provide said data to said party, the means comprising a cellular telephone or a wireless data transmission line.
15. A terminal for use in the method of securely transferring data of claim 12, the terminal comprising:
a transmitting means for transmitting the identity details of the individual to the party; and
means for the individual to provide verified biometric data of the individual using the identity details.
16. The terminal of claim 15, wherein the transfer device further comprises a credit card or debit card slot assembly.
17. The terminal of claim 15, wherein the facility comprises:
obtaining means for obtaining the verification biometric data from an individual providing the identification means;
reading means for reading the identification means;
decoding means for obtaining biometric data from the identification means;
comparing means for comparing said biometric data with said verification biometric data; and
an authentication device for authenticating the transfer of the data.
18. The terminal of claim 17, wherein the acquisition device is a fingerprint reader.
19. The terminal of claim 17, wherein the reading device is a card slot assembly for a smart card, wherein the smart card includes the biometric data.
20. The terminal of claim 19, wherein the facility further comprises a printout device to generate a hard copy for recording details of the data transfer.
21. A terminal as claimed in claim 20, wherein said printout means is a printer, either integral with or separate from said facility.
22. The terminal of claim 20, wherein said printout means is located in said card slot assembly for said smart card.
23. The terminal of claim 22, wherein the printout means prints a receipt when the receipt enters the card slot assembly after the data transfer is completed and the smart card is removed from the card slot assembly.
24. The terminal of claim 22, wherein the print head assembly prints a receipt upon removal of the receipt from the card slot assembly after completion of the data transfer and removal of the smart card from the card slot assembly.
25. A terminal as claimed in claim 23 or 24, wherein the receipt is a one, two or three way receipt in the form of a "tear-off slip".
26. The terminal of claim 23, wherein the receipt is sized to correspond to a credit card or debit card.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AUPQ7029 | 2000-04-20 | ||
| AUPQ7029A AUPQ702900A0 (en) | 2000-04-20 | 2000-04-20 | Secure biometric loop |
| PCT/AU2001/000453 WO2001090962A1 (en) | 2000-04-20 | 2001-04-19 | Secure biometric identification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1058979A1 HK1058979A1 (en) | 2004-06-11 |
| HK1058979B true HK1058979B (en) | 2006-03-24 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1208737C (en) | Secure biometric identification method and device | |
| US5673320A (en) | Method and apparatus for image-based validations of printed documents | |
| EP0772530B1 (en) | Unalterable self-verifying articles | |
| US20060174134A1 (en) | Secure steganographic biometric identification | |
| ES2230897T3 (en) | TERMINAL WITH BIOMETRIC IDENTITY CONTROL. | |
| US20070291995A1 (en) | System, Method, and Apparatus for Preventing Identity Fraud Associated With Payment and Identity Cards | |
| US20020018585A1 (en) | System and method for cardless secure credit transaction processing | |
| US20100084462A1 (en) | Systems and methods for secure photo identification at point of sale | |
| CN1672180A (en) | System and method for credit and debit card transactions | |
| WO2001008055A9 (en) | Secure transaction and terminal therefor | |
| US20070078780A1 (en) | Bio-conversion system for banking and merchant markets | |
| US7069584B1 (en) | Process and apparatus for improving the security of authentication procedures using a new “Super PIN” | |
| EP0772929B1 (en) | Methods and systems for creating and authenticating unalterable self-verifying articles | |
| JP4890774B2 (en) | Financial transaction system | |
| KR20070036491A (en) | ID verification system and method | |
| US20100038418A1 (en) | Method for biometric authorization for financial transactions | |
| JP2005038020A (en) | Fingerprint authentication device, computer system and network system | |
| JP2010079515A (en) | Authentication system, key for use in the same, authentication method, and program | |
| EP1578615A2 (en) | Document with user authentication | |
| HK1058979B (en) | Method and device for secure biometric identification | |
| CN1633665A (en) | Method of sending and validating documents | |
| AU2001255978B2 (en) | Secure biometric identification | |
| JP2002158655A (en) | Authentication device, verification device and electronic authentication system connecting them | |
| RU2208247C2 (en) | Method for authenticating plastic card user | |
| AU2001255978A1 (en) | Secure biometric identification |