Personal biometric authentication and authorization device

US 20040188519A1
Filed: 03/31/2003
Published: 09/30/2004
Est. Priority Date: 03/31/2003
Status: Active Grant

First Claim

Patent Images

1. A personal authorization device for authorizing portable tokens for transactions, comprising:

a sensor adapted to receive a biometric input;

a data storage adapted to hold stored biometric data to be compared with the biometric input; and

a magnetic stripe writer, adapted to write valid magnetic stripe data to a magnetic stripe of a portable token responsive to the biometric input corresponding to the stored biometric data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal biometric authentication and authorization device (PAD) provides protection for portable tokens such as magnetic stripe cards and smart cards. The PAD enables portable tokens upon engagement with the PAD and comparison of a biometric input on the PAD with a stored biometric data. The PAD can be used for biometrically authenticated transactions with or without a portable token. Multiple user account data can be stored in the PAD. The PAD can write the magnetic stripe of a magnetic stripe portable token. The PAD can be enrolled with an enrollment system to associate the PAD, an individual, and the portable tokens to be used with the PAD. The PAD can be used for e-commerce transactions.

Citations

77 Claims

1. A personal authorization device for authorizing portable tokens for transactions, comprising:
- a sensor adapted to receive a biometric input;
  
  a data storage adapted to hold stored biometric data to be compared with the biometric input; and
  
  a magnetic stripe writer, adapted to write valid magnetic stripe data to a magnetic stripe of a portable token responsive to the biometric input corresponding to the stored biometric data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 2. The personal authorization device of claim 1, further comprising:
    - a data storage for storing a plurality of account data, wherein the magnetic stripe writer can selectively write one of the plurality of account data to the magnetic stripe.
  - 3. The personal authorization device of claim 2, further comprising:
    - wherein the plurality of account data comprises account data corresponding to a plurality of multiple portable tokens, wherein the magnetic stripe writer can selectively write account data corresponding to one of the plurality of multiple portable tokens to the magnetic stripe.
  - 4. The personal authorization device of claim 2, the account data comprising:
    - an account number; and
      
      a personal identification number associated with the account number.
  - 5. The personal authorization device of claim 4, the account number comprising:
    - an account type field, the account type field indicating whether the account number is a prevalidated account number.
  - 6. The personal authorization device of claim 2, the account data comprising:
    - a plurality of account numbers; and
      
      an equal plurality of personal identification numbers, each of the plurality of personal identification numbers associated with one of the plurality of account numbers.
  - 7. The personal authorization device of claim 1, further comprising:
    - a portable token identification input;
      
      a stored portable token identification data, wherein the magnetic stripe writer writes the magnetic stripe responsive to matching the stored portable token identification data to the portable token identification input.
  - 8. The personal authorization device of claim 1, wherein the biometric data storage is further adapted to hold a plurality of stored biometric data, each of the plurality of stored biometric data corresponding to one of a plurality of individuals, wherein the magnetic stripe writer is adapted to write valid magnetic stripe data to a magnetic stripe of a portable token responsive to the biometric input corresponding to one of the plurality of stored biometric data.
  - 9. The personal authorization device of claim 1, the magnetic stripe writer further adapted to write invalid magnetic stripe data to the magnetic stripe upon engagement of the portable token with the personal authorization device.
  - 10. The personal authorization device of claim 1, the magnetic stripe writer further adapted to write the magnetic stripe data such that the magnetic stripe data self-invalidates after a predetermined time.
  - 11. The personal authorization device of claim 1, the biometric sensor comprising a fingerprint sensor.
  - 12. The personal authorization device of claim 1, the biometric sensor comprising a retinal scan sensor.
  - 13. The personal authorization device of claim 1, the biometric input comprising an audio sensor.
  - 14. The personal authorization device of claim 1, wherein the biometric input is directly compared with the stored biometric data.
  - 15. The personal authorization device of claim 1, wherein the biometric input is correlated with the stored biometric data to a predetermined degree of certainty.
  - 16. The personal authorization device of claim 1, further comprising:
    - a processor; and
      
      a firmware for execution by the processor.
  - 17. The personal authorization device of claim 1, further comprising:
    - a magnetic stripe reader, adapted to read the magnetic stripe data from the portable token.
  - 18. The personal authorization device of claim 17, wherein the magnetic stripe reader reads the magnetic stripe data prior to the magnetic stripe writer writing the magnetic stripe data.
  - 19. The personal authorization device of claim 1, wherein the portable token is swiped through the personal authentication device for writing the magnetic stripe.
  - 20. The personal authorization device of claim 1, wherein the portable token is inserted into the personal authentication device for writing the magnetic stripe.
  - 21. The personal authorization device of claim 1, wherein the magnetic stripe data comprises:
    - a transaction authorization data, the transaction authorization data modified each time the valid magnetic stripe data is written to the magnetic stripe.
  - 22. The personal authorization device of claim 1, further comprising:
    - a data storage, adapted to store an account data associated with the portable token;
      
      an external connector; and
      
      a logic adapted for enrollment of the personal authorization device, comprising;
      
      a personal authorization device identification data;
      
      logic to receive a portable token identification data from the user;
      
      logic to send the personal authorization device identification data to an enrollment system via the external connector;
      
      logic to associate the portable token with the biometric input and the portable token identification data.
  - 23. The personal authorization device of claim 22, the logic to send the personal authorization device identification data to the issuer system using a public key infrastructure encryption.
  - 24. The personal authorization device of claim 22, the personal authorization device identification data comprising a personal authorization device media access control address data.
  - 25. The personal authorization device of claim 22, the enrollment logic further comprising:
    - logic to receive an account data from the enrollment system via the external connector and associate the account data with the portable token and the biometric input.
  - 26. The personal authorization device of claim 22, the external connector comprising a wireless transceiver.
  - 27. The personal authorization device of claim 22, the external connector comprising a universal serial bus (USB) connector.
  - 28. The personal authorization device of claim 6, wherein each of the plurality of account numbers is valid for only a single use.
  - 29. The personal authorization device of claim 1, further comprising:
    - a smart card writer, adapted to write data to a smart card memory valid smart card account data responsive to the biometric input corresponding to the stored biometric data.
  - 30. The personal authorization device of claim 29, further comprising:
    - a smart card reader, adapted to read a user account data from the smart card memory.
  - 31. The personal authorization device of claim 29, the smart card writer further adapted to modify a transaction counter data in the smart card memory, such that the smart card writer disables the smart card if the modified transaction counter data is a predetermined value.

32. An integrated personal authorization device for authorizing transactions, comprising:
- a biometric sensor adapted to receive a biometric input;
  
  a biometric data storage adapted to hold stored biometric data to be compared with the biometric input;
  
  an account information storage adapted to hold user account information for a user account that corresponds to the stored biometric data; and
  
  an interface for authorizing transactions responsive to the biometric input corresponding to the stored biometric data.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 33. The integrated personal authorization device of claim 32, wherein the interface is a wired interface.
  - 34. The integrated personal authorization device of claim 32, wherein the interface is a wireless interface.
  - 35. The integrated personal authorization device of claim 32, wherein the interface is a visual display.
  - 36. The integrated personal authorization device of claim 32, further comprising:
    - an internal server, adapted to communicate over the interface to a wide area network.
  - 37. The integrated personal authorization device of claim 36, the internal server comprising:
    - an internal web server.
  - 38. The integrated personal authorization device of claim 36, the internal server adapted to encrypt communications via the interface.
  - 39. The integrated personal authorization device of claim 36, the internal server having an IP address.
  - 40. The integrated personal authorization device of claim 32, further comprising:
    - a processor;
      
      a memory coupled to the processor, the memory providing storage for executable instructions adapted to cause the processor to;
      
      communicate with an enrollment system via the interface to enroll the integrated personal authorization device and the portable token with the enrollment system;
      
      receive a plurality of account data from the enrollment system for storage in the account information storage;
      
      select one of the plurality of account data stored in the account information storage responsive to the biometric input corresponding to the stored biometric data; and
      
      transmit a portion of the selected one of a plurality of account data via the interface for a transaction with an external system.
  - 41. The integrated personal authorization device of claim 40, the executable instructions further adapted to cause the processor to:
    - intercept communications with the external system;
      
      transmit a portion of the selected one of a plurality of account data via the interface to the external system for a first transaction.
  - 42. The integrated personal authorization device of claim 41, the executable instructions further adapted to cause the processor to:
    - perform a validation transaction with a transaction authorization system via the interface.
  - 43. The integrated personal authorization device of claim 41, the executable instructions further adapted to cause the processor to:
    - perform a second transaction with a transaction authorization system via the interface, the second transaction comprising information about the first transaction.
  - 44. The integrated personal authorization device of claim 41, the executable instructions further adapted to cause the processor to:
    - log the first transaction in a transaction storage on the integrated personal authorization device.
  - 45. The integrated personal authorization device of claim 40, the executable instructions further adapted to cause the processor to:
    - transmit a portion of the selected one of a plurality of account data via the interface to a user computer for display on the user computer.
  - 46. The integrated personal authorization device of claim 32, wherein the account data storage is adapted to store a plurality of user account data, and wherein one of the plurality of user account data is selected responsive to the biometric input corresponding to the stored biometric data.
  - 47. The integrated personal authorization device of claim 32, the user account data comprising telephone calling card account data.
  - 48. The integrated personal authorization device of claim 32, the user account data comprising credit card account data.
  - 49. The integrated personal authorization device of claim 32, wherein the user account data is encrypted using an encryption technique.
  - 50. The integrated personal authorization device of claim 49, wherein prevalidated user account data is encrypted using a first encryption technique and non-prevalidated user account data is encrypted using a second encryption technique.
  - 51. The integrated personal authorization device of claim 32, the user account data comprising:
    - an account number, formed according to a predetermined account number standard; and
      
      a personal identification number corresponding to the account number.
  - 52. The integrated personal authorization device of claim 51, further comprising:
    - a visual display, wherein the personal identification number is displayed in the visual display responsive to the biometric input corresponding to the stored biometric data.

53. A method of enrolling a personal authorization device, comprising:
- opening communications between the personal authorization device and an enrollment system;
  
  authenticating the personal authorization device to the enrollment system;
  
  obtaining biometric data on the personal authorization device from a user;
  
  storing the biometric data on the personal authorization device; and
  
  closing communications with the enrollment system.
- View Dependent Claims (54, 56, 57, 58, 59, 60)
- - 54. The method of claim 53, further comprising:
    - engaging a portable token with the personal authorization device; and
      
      providing a personal identification code from the user to the personal authorization device associated with the portable token.
  - 56. The method of claim 53, further comprising:
    - sending a user-supplied data to the enrollment system and sending a portable token data to the enrollment system.
  - 57. The method of claim 53, further comprising:
    - sending a plurality of user account data to the personal authorization device from the enrollment system; and
      
      storing the plurality of user account data in the personal authorization device.
  - 58. The method of claim 57, each of the plurality of user account data comprising:
    - a user account code; and
      
      a personal identification code.
  - 59. The method of claim 58, wherein the account code is a one-time use account code.
  - 60. The method of claim 57, further comprising obtaining an additional account data from the enrollment system, comprising:
    - opening communications between the personal authorization device and the enrollment system;
      
      authenticating the personal authorization device to the enrollment system;
      
      obtaining biometric data on the personal authorization device from a user;
      
      if the biometric input corresponds to the stored biometric data, sending an additional account data to the personal authorization device from the enrollment system.

55. The method of 53, authenticating the personal authorization device comprising:
- sending a media access control (MAC) address for the personal authorization device to the enrollment system;
  
  verifying the MAC address by the enrollment system; and
  
  refusing enrollment of the personal authorization device if verification fails.

61. A biometric protection system, comprising:
- a smart card, adapted to store;
  
  a master account data; and
  
  an application for providing an additional account data to the personal authorization device if the biometric input corresponds to the stored biometric data; and
  
  a personal authorization device, comprising;
  
  a biometric sensor adapted to receive a biometric input;
  
  a biometric data storage adapted to hold stored biometric data to be compared with the biometric input; and
  
  a smart card interface for communicating with the smart card if the biometric input corresponds to the stored biometric data.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
- - 62. The biometric protection system of claim 61, the application adapted to generate the additional account data according to a predetermined algorithm for transmittal to the personal authorization device.
  - 63. The biometric protection system of claim 61, the application adapted to select on of a plurality of user account data for transmittal to the personal authorization device.
  - 64. The biometric protection system of claim 63, wherein the plurality of user account data is created on the smart card by a provider of the smart card.
  - 65. The biometric protection system of claim 63, wherein the plurality of user account data is transmitted from the personal authorization device to the smart card.
  - 66. The biometric protection system of claim 61, further comprising:
    - an enrollment system, comprising;
      
      a processor;
      
      a communications interface, adapted to communicate between the personal authorization device and the enrollment system;
      
      a database coupled to the processor, adapted to store;
      
      a personal authorization device identifier data; and
      
      a user account data; and
      
      an enrollment software, when executed on the processor, causing the processor to perform;
      
      receiving the personal authorization device identifier from the personal authorization device;
      
      locating the personal authorization device in the database, using the personal authorization device identifier; and
      
      validating the personal authorization device, responsive to locating the personal authorization device in the database.
  - 67. The biometric protection system of claim 66, wherein the personal authorization device communicates with the enrollment system to obtain an additional user account data, and wherein the personal authorization device communicates with the smart card to store the additional user account data on the smart card upon validation of the personal authorization device by the enrollment system.
  - 68. The biometric protection system of claim 66, the enrollment software, when executed, further causing the processor to perform:
    - adding the personal authorization device to the database if the personal authorization device is not located in the database; and
      
      validating the personal authorization device responsive to adding the personal authorization device to the database.
  - 69. The biometric protection system of claim 66, validating the personal authorization device comprising:
    - informing the personal authorization device of success or failure of the validation.
  - 70. The biometric protection system of claim 63, the personal authorization device further comprising:
    - an account data storage adapted to store a copy of the plurality of user account data, wherein upon receipt of the additional account data from the smart card, the corresponding account data is cancelled in the account data storage.
  - 71. The biometric protection system of claim 61, further comprising:
    - a magnetic stripe writer, adapted to write valid magnetic stripe data to the smart card corresponding to the additional account data.

72. A method of performing e-commerce transactions, comprising:
- storing a biometric data on a personal authorization device;
  
  comparing a biometric input on the personal authorization device to the stored biometric data;
  
  engaging a portable token with the personal authorization device, the portable token containing a user account data;
  
  providing the user account data via the personal authorization device for use by a transaction system, responsive to the stored biometric data corresponding to the biometric input.
- View Dependent Claims (73, 74, 75, 76, 77)
- - 73. The method of claim 72, further comprising:
    - communicating between the personal authorization device and a transaction authorization system independent of the transaction system, responsive to the stored biometric data corresponding to the biometric input;
      
      validating the personal authorization device on the transaction authorization system; and
      
      validating the user account data on the transaction authorization system.
  - 74. The method of claim 73, further comprising:
    - receiving a validation information from the transaction authorization system; and
      
      transmitting the validation information to the transaction system.
  - 75. The method of claim 73, wherein the user account data is a one-time use user account data.
  - 76. The method of claim 72, wherein the user account data is displayed on a user computer in a pop-up window, and wherein the user copies the user account data to the transaction system.
  - 77. The method of claim 72, wherein the user account data is transmitted by the personal authorization device to the transaction system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kepler Ltd.
Original Assignee
Kepler Ltd.
Inventors
Cassone, Jean

Granted Patent

US 6,983,882 B2
Time in Patent Office

Days
Field of Search
US Class Current

235/382
CPC Class Codes

G06Q 10/02   Reservations, e.g. for tick...

G06Q 20/027   involving a payment switch ...

G06Q 20/10   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/342   Cards defining paid or bill...

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/40145   Biometric identity checks

G06Q 30/0601   Electronic shopping [e-shop...

G07C 9/257   electronically G07C9/26 tak...

G07F 7/025   by means, e.g. cards, provi...

G07F 7/1008   Active credit-cards provide...

Personal biometric authentication and authorization device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

77 Claims

Specification

Solutions

Use Cases

Quick Links

Personal biometric authentication and authorization device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

77 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links