Security Device, Method and System For Financial Transactions, Based on the Identification of an Individual Using a Biometric Profile and a Smart Card

US 20080282334A1
Filed: 02/21/2006
Published: 11/13/2008
Est. Priority Date: 03/07/2005
Status: Active Grant

First Claim

Patent Images

1-9. -9. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device to secure payments or transactions made with a smart card and validate the identity of the smart card holder using a client/server biometric control operation, regardless of whether the payments or transactions are made directly at a point of sale or indirectly. A client/server-type system authenticates the identity of a smart card holder, based on the use of the smart card and on the identification of the holder by biometric data which are stored on an extended memory smart card and compared with biometric data from an external, remote database that is secured and operated by the third-party authentication server or by the financial institution, but which, for reasons of security and performance, are not transferred over the telecommunication network.

Citations

18 Claims

1-9. -9. (canceled)

10. A system designed to provided biometric authentication of a smart card holder which performs an electronic transaction in which biometrics are involved from the point generating said transaction, said smart card holder being connected to a communication means and to a biometric payment terminal, or any other transactional terminal comprising a smart card reader, designed to receive dedicated software operating as a communication gateway to the remote servers of the authentication third party, and comprising a link to one or more biometric sensors, incorporated or not in the terminal, which is connected to a computer linked to said communication means, the system is characterized in that it comprises:
- a first device (X00100) suitable for storing on the microprocessor of the personal smart card delivered by a financial institution, one or more encrypted biometric data items supplied by the card holder, and associated with a convergence identifier obtained from a second device, the biometric data, are of a morphological nature—
  
  fingertip, face, iris, retina, voice or other imprints, being encrypted before storage in the microprocessor memory included in the smart card;
  
  a second device (X00200) suitable for receiving the biometric data from the first device, and computing a convergence identifier associated with these biometric data and the convergence identifier to the remote server, and suitable for informing the biometric database of the remote server, and suitable for checking the identity using files, from both a file obtained from taking biometric imprints in real time (mobile or fixed payment terminals or personal computer or computer server) as well as from a central database containing, for each individual, a stable master file on remote server containing the source convergence identifiers that can be used to perform the correlation of the identities by comparison of the two files;
  
  a third device (X00300) suitable for receiving the biometric data from the sensors of the payment or identification terminals, data intended to inform the central database, and suitable for computing a temporary convergence identifier based on these data, and suitable for transferring the biometric data stored by the financial institutions or the identification centers to the remote servers of the authentication third party, these data comprising for each of the transactions, a temporary convergence identifier, generated by the software supplied by the authentication third party to the financial institution or to the identification center; and
  
  a fourth device (X00400) suitable for encrypting the biometric data and the convergence identifier and used for biometric authentication, and suitable for performing a correlation and comparison between the data of the files obtained from taking biometric imprints in real time (mobile or fixed payment server) and encrypted, and the encrypted data resident on the remote servers of the authentication third party—
  
  in other words, the stable master file of each individual, via a local computation, the results of which are forwarded to the remote servers of the authentication third party, or of the financial institution or of the identification center, which performs the same computations and reanalyzes their results, these results are accompanied by the encrypted convergence identifier, and by the part of Java®
  
  (Sun) or .net®
  
  (Microsoft) code, or of any other available language, stored on the smart card, as well as information relating to the transaction itself.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system as claimed in claim 10 is characterized in that the smart card reading terminal can be a mobile, personal and portable terminal, in which the means of communication with the remote authentication server is the Internet network, or any other wired or wireless (GSM, UMTS, Bluetooth, WiFi or other) telecommunication network, the smart card reading terminal can be a cell phone, a portable computer (also known as a portable PC or laptop), a PDA (Personal Digital Assistant) or other computer, or even any other mobile or fixed device, that can be connected via any telecommunication network.
  - 12. The system as claimed in claim 10 is characterized in that the physical medium of the invention is both the smart card, as well as a remote authentication server, the smart card holder can be any individual authorized by a financial institution to use a smart card as a personal payment means, or even an employee authorized by said financial institution performing an inter-bank transfer or a transaction in the course of his professional business, or even an employee of the civil service or of an international organization performing electronic funds transfers between countries, between groups of countries, between groups of countries and countries and between international organizations and countries.
  - 13. The system as claimed in claim 10 is characterized in that said dedicated software can be modified or parameterized in time, by successive changes, and/or by parameterizing, in order to avoid piracy and defrauding of the computation results.
  - 14. The system as claimed in claim 10 characterized in that only the authentication third party, or the financial institution, knows the programming of the embedded and remotely-operable software, and can recognize the validity of said computations as a function of the time;
    - several versions of the software will be deployed and installed in the network, and the series of the terminals holding an identified version of the software will be recorded in the database of the authentication third party, or of the financial institution.
  - 15. The system as claimed in claim 10 is characterized in that the first tile contains a sequence of the type:
    - convergence number (also called convergence identifier), name, first name, national identity number, date of birth, bank, branch number, account number, and any other information necessary to the correct operation of the financial and banking services, on creation, the convergence identifier will be a temporary identifier, the final identifier being supplied only on completion of the acknowledgement of the validity of the data by the authentication third party.
  - 16. The system as claimed in claim 10 is characterized in that the second file contains a sequence of the type convergence number (also called convergence identifier) linked to the biometric information stored on the biometric database of the remote servers of the authentication third party.
  - 17. A biometric authentication method designed to be implemented by a device as claimed in claim 10, is characterized in that it comprises steps of:
    - according to a device (X00100), establishing biometric identification criteria for a smart card holder in order to prepare the storage format. According to a device (X00200), storing biometric data of an individual in the memory of the smart card (or even the smart card) according to a device [X00100];
      
      constructing/compiling a database of convergence identifiers computed from biometric data, for each card holder, according to a device (X00200);
      
      the assignment of a convergence identifier computed and associated with any biometric data item in the first file stored on the smart card, this first file containing bank data concerning the holder, his biometric data, and the computed convergence data identifier, enabling the data to point towards each other in order to obtain extremely short response times, independently of the size of the database, these data are transferred, so that they can be compared to the master file (second file), in real time, after transfer using a communication network to the systems of an authentication third party, correlated by the convergence identifier, identical to the one stored on the smart card, this master file (second file) contains only biometric data and the convergence identifier computed on the server according to the same algorithm as on the smart card at the time of manufacture of the smart card, the comparison between the biometric data of the first and the second files, converged using the convergence identifier, guarantees or refutes, depending on the case, the strict equivalence of the data, the authentication third party validating or refusing the identity of the holder;
      
      transferring the biometric data of the individuals, stored by the financial institutions, to the remote servers of the authentication third party;
      
      generating a biometric authentication request according to a device, from a transactional terminal of any type, and operating on any type of network, wired terrestrial, optical, wireless terrestrial, satellite, hybrid, or another kind;
      
      carrying out a correlation between a file resulting from computations, transmitted by the transactional terminal, and the database of convergence identifiers, the latter being linked to biometric data;
      
      checking the authentication and searching for the biometric identity filing antecedents, not only for all the branches of a single financial institution and for all countries, but also for all the different financial institutions of the same country or of different countries;
      
      transmitting results of computations linked to biometric data corroborating the identity of an individual, and associated with a payment, or with a transaction; and
      
      transmitting an instruction in return according to a device [X00400], following on from the results of the authentication, to a financial institution, or other, in order that in turn the latter can authorize, or refuse, the transaction at the point of sale or on the Internet, or on any other communication network, or using another transactional means, this transaction can be a bank transaction, an inter-bank transaction (between financial institutions), or a transaction between countries, between groups of countries, between groups of countries and countries and between international organizations and countries and reciproquely.
  - 18. The biometric authentication method designed to be implemented by a device as claimed in claim 10, between a person holding or requesting a smart card, a financial institution and an authentication third party, characterized in that it comprises the following steps:
    - the financial institution receives a request from a holder to issue a smart card;
      
      the financial institution asks the future smart 5 card holder to submit to having his biometric imprints captured;
      
      the financial institution stores the biometric imprints on the server of the bank branch, then, in a second stage, transfers them to the central server of the financial institution, with the data present on the branch server being deleted for security reasons;
      
      the authentication third party stores the biometric imprints on its own remote, secure and redundant servers, assigning them the convergence identifiers;
      
      the financial institution asks for the identity to be validated by sending a request to the remote servers of the authentication third party;
      
      the preceding request is accepted, no similar biometric imprint previously having been filed by the person requesting the issue of a smart card;
      
      the financial institution decides to issue the card in the name of the requesting person, and the biometric imprint or imprints supplied, the convergence Identifier, the results of the local computation, the part of Java®
      
      (Sun) or .net®
      
      (Microsoft) code, or of any other available language, are stored on the microcontroller associated with a flash memory, or any other equivalent device, included, in the smart card;
      
      the smart card holder goes to a point of sale and wants to purchase goods;
      
      the holder'"'"'s smart card is inserted into the payment terminal, and the holder, is asked to place his finger, or any other part of the body (fingertip, face, iris, retina, voice or other imprint), on or facing the appropriate biometric sensor, depending on the part of the body that needs to be validated, this smart card can also be inserted into a biometric imprint card reader, being linked to a personal computer, in order to perform a transaction via the Internet, from the home, for example;
      
      in local mode, the payment terminal validates the consistency of the two imprints, that of the card and that of the sensor;
      
      having locally validated the consistency of the two imprints (the one stored on the, smart card and the one that is the living part of the body), the payment terminal sends, in remote mode, a single request comprising two parts, one being addressed to the financial institution and the other being addressed to the servers of the authentication third party;
      
      the authentication third party in turn validates the consistency of the biometric identity of the smart card holder and the biometric identity stored on his servers;
      
      it then sends, in return, an identity validation or rejection code to the financial institution; and
      
      the financial institution authorizes or refuses the transaction, according to the financial solvency data, by sending a positive or negative instruction to the payment terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chemla Yves, Richard Christophe
Original Assignee
Chemla Yves, Richard Christophe
Inventors
Yves, Chemla, Christophe, Richard

Granted Patent

US 9,728,028 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/009
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G07C 9/257   electronically G07C9/26 tak...

G07F 7/1008   Active credit-cards provide...

H04L 9/3231   Biological data, e.g. finge...

Y04S 40/20   Information technology spec...

Security Device, Method and System For Financial Transactions, Based on the Identification of an Individual Using a Biometric Profile and a Smart Card

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Security Device, Method and System For Financial Transactions, Based on the Identification of an Individual Using a Biometric Profile and a Smart Card

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links