Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security

US 6,016,476 A
Filed: 01/16/1998
Issued: 01/18/2000
Est. Priority Date: 08/11/1997
Status: Expired due to Term

First Claim

Patent Images

1. A portable information and transaction processing device, comprising:

a central processing unit;

a memory device, operatively coupled to said central processing unit, for storing transaction information comprising one of financial information, personal information, and a combination thereof;

communication means for establishing a communication link with a central server of a service provider, disposed at a remote location, to download a temporary digital certificate issued by said service provider;

a user interface, operatively coupled to said central processing unit, for selecting at least a portion of said transaction information;

a card reader;

a universal card having a unique card number designated to a subscribing user of said service provider, wherein the universal card is inserted into said card reader to receive said selected portion of said transaction information; and

programming means, executable by said central processing unit, for determining if said temporary digital certificate is valid, for writing said selected portion of said transaction information to said universal card if said temporary digital certificate is deemed valid, and for preventing said selected portion of said transaction information from being written to said universal card when said temporary digital certificate is deemed invalid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a portable client PDA with a touch screen or other equivalent user interface and having a microphone and local central processing unit (CPU) for processing voice commands and for processing biometric data to provide user verification. The PDA also includes a memory for storing financial and personal information of the user and I/O capability for reading and writing information to various cards such as smartcards, magnetic cards, optical cards or EAROM cards. The PDA includes a Universal Card, which is common generic smartcard with a unique imprint provided by a service provider, on which selected financial or personal information stored in the PDA can be downloaded to perform certain consumer transactions. The PDA includes a modem, a serial port and/or a parallel port so as to provide direct communication capability with peripheral devices (such as POS and ATM terminals) and is capable of transmitting or receiving information through wireless communications such as radio frequency (RF) and infrared (IR) communication. The present invention is preferably operated in two modes, i.e., a client/server mode and a local mode. The client/server mode is periodically performed to download a temporary digital certificate (which is necessary to access selected information stored in the PDA and to write such information to the Universal Card) from a central server of the service provider of the PDA and Universal Card. Next, the local mode of operation is performed by providing the PDA with biometric data and selecting one of the pre-enrolled credit cards that are stored in the PDA. Upon biometric verification, the Universal Card is written with the selected card information, which is then used to initiate a consumer transaction. In the absence of an unexpired digital certificate, however, the selected card information will not be written to the Universal Card, notwithstanding that the user may have passed local biometric verification.

1353 Citations

20 Claims

1. A portable information and transaction processing device, comprising:
- a central processing unit;
  
  a memory device, operatively coupled to said central processing unit, for storing transaction information comprising one of financial information, personal information, and a combination thereof;
  
  communication means for establishing a communication link with a central server of a service provider, disposed at a remote location, to download a temporary digital certificate issued by said service provider;
  
  a user interface, operatively coupled to said central processing unit, for selecting at least a portion of said transaction information;
  
  a card reader;
  
  a universal card having a unique card number designated to a subscribing user of said service provider, wherein the universal card is inserted into said card reader to receive said selected portion of said transaction information; and
  
  programming means, executable by said central processing unit, for determining if said temporary digital certificate is valid, for writing said selected portion of said transaction information to said universal card if said temporary digital certificate is deemed valid, and for preventing said selected portion of said transaction information from being written to said universal card when said temporary digital certificate is deemed invalid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device according to claim 1, further comprising verification means for verifying if a user of said device is an authorized user and wherein said programming means comprises means for preventing said selected portion of said transaction information from being written to said universal card if the user of said device is not verified.
  - 3. The device according to claim 2, wherein said verification means includes one of biometric verification means, PIN (personal identification number) verification means, and a combination thereof.
  - 4. The device according to claim 3, wherein said biometric verification means includes:
    - biometric sensor means for receiving biometric data from a user of said device; and
      
      biometric processing means for processing said biometric data to determine if said user of said device is an authorized user.
  - 5. The device according to claim 4, wherein said biometric data is derived from one of a finger, thumb or palm print, a voice print, a handwriting sample and a retinal vascular patter and a combination thereof.
  - 6. The device according to claim 4, wherein said biometric verification means performs speaker verification and said biometric data is voice data.
  - 7. The device according to claim 6, wherein said speaker verification is text-independent speaker verification.
  - 8. The device according to claim 1, further comprising encrypting/decrypting means, operatively coupled to said central processing unit, for encrypting said transaction information prior to said transaction information being stored in said memory device and for decrypting said selected portion of said transaction information.
  - 9. The device according to claim 1, further comprising speech recognition means, operatively coupled to said central processing unit, for processing voice commands from an authorized user of said device.
  - 10. The device of claim 1, wherein the temporary digital certificate includes one of an expiration date, the unique card number of the universal card, transaction limitation data, and a combination thereof.

11. An information and transaction processing system, comprising:
- a central server associated with a service provider of a subscribing user;
  
  a transaction terminal; and
  
  a portable communication device comprising;
  
  a central processing unit;
  
  a memory device, operatively coupled to said central processing unit, for storing transaction information comprising one of financial information, personal information, and a combination thereof;
  
  communication means for establishing a communication link with said central server to download a temporary digital certificate from said central server;
  
  a user interface, operatively coupled to said central processing unit, for selecting at least a portion of said stored transaction information;
  
  a card reader;
  
  a universal card having a unique card number designated to the subscribing user by said service provider, which is inserted in said card reader to receive said selected portion of said transaction information; and
  
  programming means, executable by said central processing unit, for determining if said temporary digital certificate is valid, for writing said selected portion of the transaction information to said universal card if said temporary digital certificate is deemed valid, and for preventing said selected portion of the transaction information from being written to said universal card if said temporary digital certificate is deemed invalid;
  
  whereby said universal card is presented to said transaction terminal for initiating a user-desired transaction if said selected transaction information is written to said universal card.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11, wherein said central server comprises verification means for receiving and processing verification data of a user of said portable device, which is transmitted from said portable device, to verify if the user of said portable device is a subscribing user, whereby said digital certificate is transmitted to said portable device only if said user is verified.
  - 13. The system of claim 11, wherein said portable communication device further comprises verification means for verifying if a user of said portable communication device is authorized to use said portable communication device, and wherein said programming means comprises means for preventing said selected transaction information from being written to said universal card if the user of said portable communication device is not verified.

14. A method for performing an electronic transaction, comprising the steps of:
- using a portable communication device to establish a communication link with a central server of a service provider;
  
  verifying, by the central server, the identity of a user of the portable communication device to determine if the user is a subscribing user of the service provider;
  
  downloading a temporary digital certificate from the central server to the portable communication device, the temporary digital certificate being issued by the service provider if the user is verified as a subscribing user;
  
  selecting, by the user of said portable communication device, desired transaction information stored in the device to perform an electronic transaction;
  
  verifying, by the portable communication device, if the user is an authorized user of said device;
  
  determining, by the portable communication device, if the downloaded temporary digital certificate is valid; and
  
  providing the selected transaction information to an electronic transaction terminal to perform an electronic transaction, if the user is deemed an authorized user and the temporary digital certificate is deemed valid.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the step of providing the selected transaction information to an electronic transaction terminal comprises the steps of:
    - retrieving said selected transaction information stored in said portable device;
      
      decoding the selected transaction information using a key from the temporary digital certificate;
      
      establishing a transaction communication link with said electronic transaction terminal; and
      
      transmitting said decoded transaction information over said transaction communication link to said electronic transaction terminal.
  - 16. The method of claim 14, wherein the step of providing the selected transaction information to an electronic transaction terminal comprises the steps of:
    - retrieving said selected transaction information stored in said portable device;
      
      decoding the selected transaction information using a key from the temporary digital certificate;
      
      writing the decoded transaction information to a universal card in a card reader of the portable device; and
      
      providing the universal card with the decoded transaction information to the electronic transaction terminal.
  - 17. The method of claim 14, further comprising the steps of:
    - generating an authorization number associated with the temporary digital certificate; and
      
      verifying the transaction by the transaction terminal, wherein the step of verifying the transaction comprises the steps of establishing a communication link with the central server by the electronic transaction terminal, and transmitting the authorization number and an account number of said subscribing user to said central server.
  - 18. The method of claim 14, wherein the temporary digital certificate includes one of an expiration date, an account number of the subscribing user, transaction limitation data, and a combination thereof.
  - 19. The method of claim 18, wherein one of the expiration date, transaction limitation data, and a combination thereof, of the temporary digital certificate is selected by the user of said portable communication device, if the user is verified by the central server as a subscribing user.
  - 20. The method of claim 14, wherein the steps of verifying by the central server and the portable communication device are performed using one of biometric verification, PIN (personal identification number) verification, and a combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toshiba Global Commerce Solutions Holdings Corporation (Toshiba Corporation)
Original Assignee
International Business Machines Corporation
Inventors
Maes, Stephane Herman, Sedivy, Jan
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
Nguyen, Cuong H.

Application Number

US09/008,122
Time in Patent Office

732 Days
Field of Search

704/270, 704/275, 705/26, 705/35-38, 710/11, 713/200, 380/21, 380/25, 380/30, 380/24, 380/9, 380/23
US Class Current

705/18
CPC Class Codes

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/206   comprising security or oper...

G06Q 20/326   Payment applications instal...

G06Q 20/327   Short range or proximity pa...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3576   Multiple memory zones on card

G06Q 20/367   involving electronic purses...

G06Q 20/3821   Electronic credentials

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 30/0601   Electronic shopping [e-shop...

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

H04N 21/4126   The peripheral being portab...

H04N 21/43637   involving a wireless protoc...

Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

1353 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1353 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links