Bio-metric smart card, bio-metric smart card reader, and method of use
First Claim
1. A device for preventing the unauthorized use of proprietary data, the apparatus comprising:
- a user authentication device configured to provide the user an authentication data input for proving the user is authorized to use the account number;
a transaction counting mechanism configured to track authorized device access events;
a processor device in electrical communication with the user authenticator and counter, the processor being programmed to generate a security key in response to authentication data received via the user authenticator, the security key being derived at least in part from the contents of the counter; and
a display unit configured to display the security key on the apparatus.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for increasing transaction security across existing infrastructure is provided. An activation mechanism sends an activation signal or a signal providing a PIN and/or other data to a processing device. If the data is verifiable, the processing device performs verification. A display unit provides a key, preferably encrypted, upon successful utilization of the sensor device. Included in the key generation mechanism is an indicator of the transaction number or other sequential count indicative of card use. An authorization service reads the key from a transaction communication PIN field and decrypts based on a second sequential count maintained in sync with the first count to determine whether the use is authorized. In one embodiment a clocking mechanism is also utilized in encrypting and decrypting the key. A separate reader may be similarly configured to read existing smart cards utilizing the process of the present invention.
166 Citations
36 Claims
-
1. A device for preventing the unauthorized use of proprietary data, the apparatus comprising:
-
a user authentication device configured to provide the user an authentication data input for proving the user is authorized to use the account number;
a transaction counting mechanism configured to track authorized device access events;
a processor device in electrical communication with the user authenticator and counter, the processor being programmed to generate a security key in response to authentication data received via the user authenticator, the security key being derived at least in part from the contents of the counter; and
a display unit configured to display the security key on the apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for securely processing transactions, the system comprising:
-
a security key device, comprising, a user authenticator configured to provide a user an authentication data input for proving the user is authorized to use an account associated with the security device, a first counter in communication with the user authenticator, a key generator in communication with the user authenticator and first counter, the key generator being programmed to generate a security key in response to authentication data received via the user authenticator, the security key being derived at least in part from contents of the first counter, and an electronic display in electrical communication with the key generator, for displaying the security key in a manner visible upon the structure; and
an authorization device, comprising, a second counter, and a key confirmation processor programmed to confirm an authenticity of the security key in a manner at least partially dependent upon the contents of the second counter. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
18. A method of securely authorizing a transaction utilizing an account, the method comprising:
-
confirming an authorized use of an account card via a PIN provided by a user;
maintaining a first count indicative of a number of instances of such authorized uses;
generating a security key in a manner at least partially dependent upon the count;
transmitting the security key to an authorizing authority;
processing the security key at the authorizing authority;
maintaining a second count indicative of a number of transmissions received by the authorizing authority for the account;
confirming that the security key was generated by an authorized user at least in part through use of the second count; and
authorizing the transaction if the security key was generated by an authorized user.
-
-
25. A smart card, comprising,
an activation device configured to produce a signal in response to a user action; -
a display mechanism;
a processing device coupled to the display device and configured to receive said signal; and
programming executed by the processing device, said programming configured to produce an encrypted key and display the encrypted key on the display mechanism.
-
-
36. A smart card, comprising,
an activation device configured to produce a signal in response to a user action; -
a display mechanism;
a processing device coupled to the display device and configured to receive said signal; and
programming executable by the processing device upon receipt of said signal and configured to produce an encrypted key and display the encrypted key on the display mechanism;
wherein;
said smart card comprises a credit card sized enclosure;
said display mechanism is disposed on a face of the credit card sized enclosure;
said programming is stored on a computer readable media disposed on or within the credit card sized enclosure;
said credit card sized enclosure in a solid flexible material;
said activation device is a numeric entry system disposed on a face of the credit card sized enclosure;
said numeric entry system includes a ten key type entry system and said user action is entry of a PIN via the numeric entry system;
said programming is further configured to verify said user action prior to displaying the encrypted key;
if said programming is unable to verify said user action, then, displaying one of an error message and a non-authentic value on the display mechanism;
said smart card further comprises a bio-metric sensing device coupled to said processing device;
said programming is further configured to retrieve a bio-metric input from said bio-metric sensing device and compare the bio-metric input to a stored bio-metric value prior to one of calculating and displaying the encrypted key, said bio-metric sensing device is a fingerprint scanner;
said smart card further comprises a transaction counter configured to track authorized transactions associated with the smart card and a clocking mechanism configured to produce a time varying clock value;
said encrypted key is derived, at least in part, based on the transaction counter and time varying clock value; and
said smart card is capable of communicating with an authorization device that, retrieves the encrypted key from a PIN field of a transaction communication, decrypts the encrypted key using a count from a second transaction counter and a second time varying clock value from a second clocking mechanism synchronized with the first clocking mechanism, and authorizes a transaction if the decrypted key is valid;
the decrypted key being valid if produced by the smart card with a valid PIN and the first and second transaction counters are synchronized within a predetermined number of transactions.
-
Specification