Security Device, Method and System For Financial Transactions, Based on the Identification of an Individual Using a Biometric Profile and a Smart Card
0 Assignments
0 Petitions
Accused Products
Abstract
A device to secure payments or transactions made with a smart card and validate the identity of the smart card holder using a client/server biometric control operation, regardless of whether the payments or transactions are made directly at a point of sale or indirectly. A client/server-type system authenticates the identity of a smart card holder, based on the use of the smart card and on the identification of the holder by biometric data which are stored on an extended memory smart card and compared with biometric data from an external, remote database that is secured and operated by the third-party authentication server or by the financial institution, but which, for reasons of security and performance, are not transferred over the telecommunication network.
-
Citations
18 Claims
-
1-9. -9. (canceled)
-
10. A system designed to provided biometric authentication of a smart card holder which performs an electronic transaction in which biometrics are involved from the point generating said transaction, said smart card holder being connected to a communication means and to a biometric payment terminal, or any other transactional terminal comprising a smart card reader, designed to receive dedicated software operating as a communication gateway to the remote servers of the authentication third party, and comprising a link to one or more biometric sensors, incorporated or not in the terminal, which is connected to a computer linked to said communication means, the system is characterized in that it comprises:
-
a first device (X00100) suitable for storing on the microprocessor of the personal smart card delivered by a financial institution, one or more encrypted biometric data items supplied by the card holder, and associated with a convergence identifier obtained from a second device, the biometric data, are of a morphological nature—
fingertip, face, iris, retina, voice or other imprints, being encrypted before storage in the microprocessor memory included in the smart card;
a second device (X00200) suitable for receiving the biometric data from the first device, and computing a convergence identifier associated with these biometric data and the convergence identifier to the remote server, and suitable for informing the biometric database of the remote server, and suitable for checking the identity using files, from both a file obtained from taking biometric imprints in real time (mobile or fixed payment terminals or personal computer or computer server) as well as from a central database containing, for each individual, a stable master file on remote server containing the source convergence identifiers that can be used to perform the correlation of the identities by comparison of the two files;
a third device (X00300) suitable for receiving the biometric data from the sensors of the payment or identification terminals, data intended to inform the central database, and suitable for computing a temporary convergence identifier based on these data, and suitable for transferring the biometric data stored by the financial institutions or the identification centers to the remote servers of the authentication third party, these data comprising for each of the transactions, a temporary convergence identifier, generated by the software supplied by the authentication third party to the financial institution or to the identification center; and
a fourth device (X00400) suitable for encrypting the biometric data and the convergence identifier and used for biometric authentication, and suitable for performing a correlation and comparison between the data of the files obtained from taking biometric imprints in real time (mobile or fixed payment server) and encrypted, and the encrypted data resident on the remote servers of the authentication third party—
in other words, the stable master file of each individual, via a local computation, the results of which are forwarded to the remote servers of the authentication third party, or of the financial institution or of the identification center, which performs the same computations and reanalyzes their results, these results are accompanied by the encrypted convergence identifier, and by the part of Java®
(Sun) or .net®
(Microsoft) code, or of any other available language, stored on the smart card, as well as information relating to the transaction itself. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification