Identification system and method for authenticating user transaction requests from end terminals

US 20010044900A1
Filed: 05/15/2001
Published: 11/22/2001
Est. Priority Date: 05/16/2000
Status: Active Grant

First Claim

Patent Images

1. An identification system comprising:

a plurality of end terminals, each of the end terminals transmitting a transaction request message containing biometrics data of a user and a user identifier of said user to a communications network;

at least one electronic commerce service provider (ECSP) unit for receiving said transaction request message via said network and transmitting an authentication request message containing said biometrics data and said user identifier to said network; and

an authentication server having a database for mapping a plurality of registered biometrics data to a plurality of corresponding registered user identifiers, the authentication server receiving the authentication request message via said network, comparing the received biometrics data to one of the registered biometrics data which is mapped in said database to the user identifier contained in said authentication request message and returning a reply to said ECSP unit via said network indicating that said transaction request message is authenticated if the received biometrics data coincides with said mapped biometrics data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an identification system for electronic commerce, an end terminal transmits a transaction request message containing biometrics data of a user to a communications network, At least one electronic commerce service provider unit is provided which receives the transaction request message via the network and transmits an authentication request message containing the biometrics data to the network. An authentication server having a database for storing registered biometrics data receives the authentication request message and determines whether the received biometrics data has corresponding biometrics data in the database and returns a reply to the ECSP unit via the network indicating that the transaction request message is authenticated if the received biometrics data coincides with one of the registered biometrics data of the database.

106 Citations

29 Claims

1. An identification system comprising:
- a plurality of end terminals, each of the end terminals transmitting a transaction request message containing biometrics data of a user and a user identifier of said user to a communications network;
  
  at least one electronic commerce service provider (ECSP) unit for receiving said transaction request message via said network and transmitting an authentication request message containing said biometrics data and said user identifier to said network; and
  
  an authentication server having a database for mapping a plurality of registered biometrics data to a plurality of corresponding registered user identifiers, the authentication server receiving the authentication request message via said network, comparing the received biometrics data to one of the registered biometrics data which is mapped in said database to the user identifier contained in said authentication request message and returning a reply to said ECSP unit via said network indicating that said transaction request message is authenticated if the received biometrics data coincides with said mapped biometrics data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The identification system of claim 1, wherein each of said end terminals is configured to cipher the biometrics data so that the biometrics data contained in said transaction request message and said authentication request message is the ciphered biometrics data, and wherein said authentication server is configured to decipher the ciphered biometrics data contained in the received authentication request message.
  - 3. The identification system of claim 1, wherein said ECSP unit includes a conversion table for mapping a first plurality of user identifiers to a second plurality of user identifiers, wherein said first plurality of user identifiers are used by said plurality of end terminals and said second plurality of user identifiers are the user identifiers registered in said database, said ECSP unit converting the user identifier contained in the received transaction request message to one of the second plurality of user identifiers which is mapped to the received user identifier and transmitting said authentication request message containing the converted user identifier.
  - 4. The identification system of claim 1, wherein each of said end terminals is configured to cipher the biometrics data with a secret key generated by a variable secret key generator which generates secret keys which vary with time, the generated secret key being agreed-upon with said authentication server.
  - 5. The identification system of claim 4, wherein said variable secret key generator is located at said authentication server and wherein each of said end terminals is configured to transmit a key request message to said authentication server via said ECSP unit to receive said secret key from the secret key generator and ciphering the biometrics data with the received secret key before said transaction request message is transmitted.
  - 6. The identification system of claim 5, wherein said authentication server comprises a variable secret key generator which generates a secret key which varies with time, and a description unit for deciphering the received ciphered biometrics data by using the secret key generated by said secret key generator.
  - 7. The identification system of claim 1, wherein each of said end terminals comprises a user terminal exclusively owned by said user.
  - 8. The identification system of claim 1, wherein each of said end terminals comprises a sales terminal to which a plurality of user'"'"'s handheld personal units can be connected, wherein said sales terminal transparently transmits a transaction request messaged received from each of the personal units to said ECSP unit.
  - 9. The identification system of claim 1, wherein said biometrics data of said user is a fingerprint of said user.
  - 10. The identification system of claim 1, wherein said biometrics data of said user is an extracted feature of a fingerprint of said user.

11. An identification system comprising:
- a plurality of end terminals respectively identified by user identifiers, each of the end terminals transmitting a transaction request message containing biometrics data of a user to a communications network;
  
  at least one electronic commerce service provider (ECSP) unit for receiving said transaction request message via said network and transmitting an authentication request message containing said biometrics data to said network; and
  
  an authentication server having a database for mapping a plurality of registered biometrics data to a plurality of corresponding registered user identifiers, the authentication server receiving the authentication request message via said network, comparing the received biometrics data to all of the registered biometrics data in said database, detecting the user identifier mapped to the biometrics data which coincides with the received biometrics data, and retuning a reply to said ECSP unit via said network indicating that a user identified by the detected user identifier is authenticated.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The identification system of claim 11, wherein each of said end terminals is configured to cipher the biometrics data so that the biometrics data contained in said transaction request message and said authentication request message is the ciphered biometrics data, and wherein said authentication server is configured to decipher the ciphered biometrics data contained in the received authentication request message.
  - 13. The identification system of claim 12, wherein each of said end terminals is configured to cipher the biometrics data with a secret key generated by a variable secret key generator which generates secret keys which vary with time, the generated secret key being agreed-upon with said authentication server.
  - 14. The identification system of claim 13, wherein said variable secret key generator is located at said authentication server and wherein each of said end terminals is configured to transmit a key request message to said authentication server via said ECSP unit to receive said secret key from the secret key generator and ciphering the biometrics data with the received secret key before said transaction request message is transmitted.
  - 15. The identification system of claim 14, wherein said authentication server comprises a variable secret key generator which generates a secret key which varies with time, and a decryption unit for deciphering the received ciphered biometrics data by using the secret key generated by said variable secret key generator.
  - 16. The identification system of claim 12, wherein each of said end terminals comprises a user terminal exclusively owned by said user.
  - 17. The identification system of claim 12, wherein each of said end terminals comprises a sales terminal to which a plurality of user'"'"'s handheld personal units can be connected, wherein said sales terminal transparently transmits a transaction request messaged received from each of the personal units to said ECSP unit.
  - 18. The identification system of claim 12, wherein said biometrics data of said user is a fingerprint of said user.
  - 19. The identification system of claim 12, wherein said biometrics data of said user is an extracted feature of a fingerprint of said user.

20. An identification method comprising the steps of:
- a) transmitting, from an end terminal a transaction request message containing biometrics data of a user to a communications network;
  
  b) receiving at an electronic commerce service provider, said transaction request message via said network;
  
  c) transmitting, from the electronic commerce service provider, an authentication request message containing said biometrics data to said network;
  
  d) receiving said authentication request message via said network at a user authenticator having a database for storing a plurality of registered biometrics data;
  
  e) determining whether the received biometrics data has corresponding biometrics data in said database; and
  
  f) returning a reply from said user authenticator to said electronic commerce service provider via said network indicating that said transaction request message is authenticated if the received biometrics data coincides with one of the registered biometrics data of the database.
- View Dependent Claims (21)
- - 21. The identification method of claim 20, wherein the step (a) further comprises ciphering the biometrics data and transmitting said transaction request message containing the ciphered biometrics data to said network, and wherein the step (d) further comprises the step of deciphering the biometrics data contained in the received authentication request message.

22. An identification method comprising the steps of:
- a) transmitting, from an end terminal, a transaction request message containing biometrics data of a user and a user identifier of said user to a communications network;
  
  b) receiving, at an electronic commerce service provider, said transaction request message via said network;
  
  c) transmitting, from the electronic commerce service provider, an authentication request message containing said biometrics data and said user identifier to said network;
  
  d) receiving said authentication request message at a user authenticator via said network, the authenticator having a database in which a plurality of registered biometrics data are mapped to a plurality of corresponding registered user identifiers;
  
  e) comparing the received biometrics data to one of the registered biometrics data which is mapped in said database to the user identifier contained in said authentication request message; and
  
  f) returning, from the user authenticator, a reply to said electronic commerce service provider via said network indicating that said transaction request message is authenticated if the received biometrics data coincides with said mapped biometrics data.
- View Dependent Claims (23, 24, 25)
- - 23. The identification method of claim 22, wherein the user identifiers stored in said database are different from the user identifiers of said end terminals, further comprising converting, at said service provider, the user identifier contained in the received transaction request message to a second user identifier which is contained in said authentication request message as the first-mentioned user identifier.
  - 24. The identification method of claim 22, wherein the step (a) further comprises ciphering the biometrics data and transmitting said transaction request message containing the ciphered biometrics data to said network, and wherein the step (d) further comprises the step of deciphering the biometrics data contained in the received authentication request message.
  - 25. The identification method of claim 24, wherein the biometrics data contained in the transaction request message is ciphered by using a secret key which varies with time and agrees with the secret key with which the ciphered biometrics data is deciphered at said user authenticator.

26. An identification method comprising the steps of:
- a) transmitting, from an end terminal, a transaction request message containing biometrics data of a user to a communications network;
  
  b) receiving, at an electronic commerce service provider, said transaction request message via said network;
  
  c) transmitting from said service provider, an authentication request message containing said biometrics data to said network;
  
  d) receiving, at a user authenticator having a database in which a plurality of registered biometrics data are mapped to a plurality of corresponding registered user identifiers, said authentication request message via said network;
  
  e) comparing the received biometrics data to all of the registered biometrics data in said database to detect coincidence;
  
  f) detecting the user identifier mapped to the biometrics data which coincides with the received biometrics data; and
  
  g) returning a reply from the user authenticator to said service provider via said network indicating that said user having the detected user identifier is authenticated.
- View Dependent Claims (27)
- - 27. The identification method of claim 26, wherein the step (a) further comprises ciphering the biometrics data and transmitting said transaction request message containing the ciphered biometrics data to said network, and wherein the step (d) further comprises the step of deciphering the biometrics data contained in the received authentication request message.

28. An identification system comprising:
- a plurality of end terminals, each of the end terminals transmitting to a communications network a registration request message and a transaction request message, each of said messages containing biometrics data of a user and a user identifier of said user;
  
  at least one electronic commerce service provider (ECSP) unit for receiving said registration request message via said network to retransmitting the registration request message to said network and receiving said transaction request message via said network and transmitting an authentication request message containing said biometrics data and said user identifier to said network; and
  
  an authentication server for receiving said registration request message from said ECSP unit via said network, mapping in a database a plurality of biometrics data contained in a plurality of said registration request messages to a plurality of corresponding user identifiers contained in said registration request messages, the authentication server further receiving the authentication request message via said network, comparing the received biometrics data to one of the biometrics data which is mapped in said database to the user identifier contained in said authentication request message and returning a reply to said ECSP unit via said network indicating that said transaction request message is authenticated if the received biometrics data coincides with said mapped biometrics data.

29. An identification system comprising:
- a plurality of end terminals, each of the end terminals transmitting a registration request message containing biometrics data of a user and a user identifier of the user to a communications network and transmitting a transaction request message containing said biometrics data to the communications network;
  
  at least one electronic commerce service provider (ECSP) unit for receiving said registration request message via said network and retransmitting the registration request message to said network and receiving said transaction request message and transmitting an authentication request message containing said biometrics data to said network; and
  
  an authentication server for receiving said registration request message from said ECSP unit via said network, mapping a plurality of biometrics data contained in a plurality of said registration request messages to a plurality of corresponding user identifiers contained in said registration request messages, the authentication server receiving the authentication request message via said network, comparing the received biometrics data to all of the biometrics data in said database, detecting the user identifier mapped to the biometrics data which coincides with the received biometrics data, and returning a reply to said ECSP unit via said network indicating that a user identified by the detected user identifier is authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Uchida, Kaoru

Granted Patent

US 7,246,243 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G07C 9/37   using biometric data, e.g. ...

Identification system and method for authenticating user transaction requests from end terminals

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

106 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Identification system and method for authenticating user transaction requests from end terminals

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links