Personal biometric authentication and authorization device

US 6,983,882 B2
Filed: 03/31/2003
Issued: 01/10/2006
Est. Priority Date: 03/31/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A personal authorization device for authorizing portable tokens for transactions, comprising:

a sensor adapted to receive a biometric input;

a biometric data storage adapted to hold stored biometric data to be compared with the biometric input; and

a magnetic stripe writer, adapted to write valid magnetic stripe data to a magnetic stripe of a portable token responsive to the biometric input corresponding to the stored biometric data;

a logic adapted for enrollment of the personal authorization device, comprising;

a personal authorization device identification data;

logic to receive a portable token identification data from the user;

logic to send the personal authorization device identification data to an enrollment system; and

logic to associate the portable token with the biometric input and the portable token identification data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal biometric authentication and authorization device (PAD) provides protection for portable tokens such as magnetic stripe cards and smart cards. The PAD enables portable tokens upon engagement with the PAD and comparison of a biometric input on the PAD with a stored biometric data. The PAD can be used for biometrically authenticated transactions with or without a portable token. Multiple user account data can be stored in the PAD. The PAD can write the magnetic stripe of a magnetic stripe portable token. The PAD can be enrolled with an enrollment system to associate the PAD, an individual, and the portable tokens to be used with the PAD. The PAD can be used for e-commerce transactions.

Citations

70 Claims

1. A personal authorization device for authorizing portable tokens for transactions, comprising:
- a sensor adapted to receive a biometric input;
  
  a biometric data storage adapted to hold stored biometric data to be compared with the biometric input; and
  
  a magnetic stripe writer, adapted to write valid magnetic stripe data to a magnetic stripe of a portable token responsive to the biometric input corresponding to the stored biometric data;
  
  a logic adapted for enrollment of the personal authorization device, comprising;
  
  a personal authorization device identification data;
  
  logic to receive a portable token identification data from the user;
  
  logic to send the personal authorization device identification data to an enrollment system; and
  
  logic to associate the portable token with the biometric input and the portable token identification data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The personal authorization device of claim 1, further comprising:
    - an account data storage for storing a plurality of account data,wherein the magnetic stripe writer can selectively write one of the plurality of account data to the magnetic stripe.
  - 3. The personal authorization device of claim 2, further comprising:
    - wherein the plurality of account data comprises account data corresponding to a plurality of multiple portable tokens,wherein the magnetic stripe writer can selectively write account data corresponding to one of a plurality of multiple portable tokens to the magnetic stripe.
  - 4. The personal authorization device of claim 2, each of the plurality of account data comprising:
    - an account number; and
      
      a personal identification number associated with the account number.
  - 5. The personal authorization device of claim 4, the account number comprising:
    - an account type field, the account type field indicating whether the account number is a prevalidated account number.
  - 6. The personal authorization device of claim 2, the plurality of account data comprising:
    - a plurality of account numbers; and
      
      an equal plurality of personal identification numbers, each of the plurality of personal identification numbers associated with one of the plurality of account numbers.
  - 7. The personal authorization device of claim 6, wherein each of the plurality of account numbers is valid for only a single use.
  - 8. The personal authorization device of claim 1, further comprising:
    - a portable token identification input;
      
      a stored portable token identification data,wherein the magnetic stripe writer writes the magnetic stripe responsive to matching the stored portable token identification data to the portable token identification input.
  - 9. The personal authorization device of claim 1,wherein the biometric data storage is further adapted to hold a plurality of stored biometric data, each of the plurality of stored biometric data corresponding to one of a plurality of individuals,wherein the magnetic stripe writer is adapted to write valid magnetic stripe data to a magnetic swipe of a portable token responsive to the biometric input corresponding to one of the plurality of stored biometric data.
  - 10. The personal authorization device of claim 1, the magnetic stripe writer further adapted to write invalid magnetic stripe data to the magnetic stripe upon engagement of the portable token with the personal authorization device.
  - 11. The personal authorization device of claim 1, the magnetic stripe writer further adapted to write the magnetic stripe data such that the magnetic stripe data self-invalidates alter a predetermined time.
  - 12. The personal authorization device of claim 1, the biometric sensor comprising a fingerprint sensor.
  - 13. The personal authorization device of claim 1, the biometric sensor comprising a retinal scan sensor.
  - 14. The personal authorization device of claim 1, the biometric input comprising an audio sensor.
  - 15. The personal authorization device of claim 1, wherein the biometric input is directly compared with the stored biometric data.
  - 16. The personal authorization device of claim 1, wherein the biometric input is correlated with the stored biometric data to a predetermined degree of certainty.
  - 17. The personal authorization device of claim 1, further comprising:
    - a processor; and
      
      a firmware for execution by the processor.
  - 18. The personal authorization device of claim 1, further comprising:
    - a magnetic stripe reader, adapted to read the magnetic stripe data from the portable token.
  - 19. The personal authorization device of claim 18, wherein the magnetic stripe reader reads the magnetic stripe data prior to the magnetic stripe writer writing the magnetic stripe data.
  - 20. The personal authorization device of claim 1, wherein the portable token is swiped through the personal authorization device for writing the magnetic stripe.
  - 21. The personal authorization device of claim 1, wherein the portable token is inserted into the personal authorization device for writing the magnetic stripe.
  - 22. The personal authorization device of claim 1, wherein the magnetic stripe data comprises:
    - a transaction authorization data, the transaction authorization data modified each time the valid magnetic stripe data is written to the magnetic stripe.
  - 23. The personal authorization device of claim 1, the logic to send the personal authorization device identification data to the issuer system using a public key infrastructure encryption.
  - 24. The personal authorization device of claim 1, the personal authorization device identification data comprising a personal authorization device media access control address data.
  - 25. The personal authorization device of claim 1, the enrollment logic further comprising:
    - logic to receive an account data from the enrollment system via the external connector and associate the account data with the portable taken and the biometric input.
  - 26. The personal authorization device of claim 1, the external connector comprising a wireless transceiver.
  - 27. The personal authorization device of claim 1, the external connector comprising a universal serial bus (USB) connector.
  - 28. The personal authorization device of claim 1, further comprising:
    - a smart card writer, adapted to write data to a smart card memory valid smart card account data responsive to the biometric input corresponding to the stored biometric data.
  - 29. The personal authorization device of claim 28, further comprising:
    - a smart card reader, adapted to read a user account data from the smart card memory.
  - 30. The personal authorization device of claim 28, the smart card writer further adapted to modify a transaction counter data in the smart card memory such that the smart card writer disables the smart card if the modified transaction counter data is a predetermined value.

31. An integrated personal authorization device for authorizing transactions, comprising:
- a biometric sensor adapted to receive a biometric input;
  
  a biometric data storage adapted to hold stored biometric data to be compared with the biometric input;
  
  an account information storage adapted to hold a plurality of user account data for a plurality of user accounts that correspond to the stored biometric data; and
  
  an interface for authorizing transactions responsive to the biometric input corresponding to the stored biometric data;
  
  a logic adapted for enrollment of the personal authorization device, comprising;
  
  a personal authorization device identification data; and
  
  logic to send the personal authorization device identification data to an enrollment system,wherein one of the plurality of user account data is selected responsive to the biometric input corresponding to the stored biometric data,wherein the user account data is encrypted using an encryption technique, andwherein prevalidated user account data is encrypted using a first encryption technique and non-prevalidated user account data is encrypted using a second encryption technique.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 32. The integrated personal authorization device of claim 31, wherein the interface is a wired interface.
  - 33. The integrated personal authorization device of claim 31, wherein the interface is a wireless interface.
  - 34. The integrated personal authorization device of claim 31, wherein the interface is a visual display.
  - 35. The integrated personal authorization device of claim 31, further comprising:
    - an internal server, adapted to communicate over the interface to a wide area network.
  - 36. The integrated personal authorization device of claim 35, the internal server comprising:
    - an internal web server.
  - 37. The integrated personal authorization device of claim 35, the internal server adapted to encrypt communications via the interface.
  - 38. The integrated personal authorization device of claim 35, the internal server having an IP address.
  - 39. The integrated personal authorization device of claim 31, the user account data comprising telephone calling card account data.
  - 40. The integrated personal authorization device of claim 31, the user account data comprising credit card account data.
  - 41. The integrated personal authorization device of claim 31, the user account data comprising:
    - an account number, formed according to a predetermined account number standard; and
      
      a personal identification number corresponding to the account number.
  - 42. The integrated personal authorization device of claim 41, further comprising:
    - a visual display,wherein the personal identification number is displayed in the visual display responsive to the biometric input corresponding to the stored biometric data.

43. An integrated personal authorization device for authorizing transactions, comprising:
- a biometric sensor adapted to receive a biometric input;
  
  a biometric data storage adapted to hold stored biometric data to be compared with the biometric input;
  
  an account information storage adapted to hold user account information for a user account that corresponds to the stored biometric data; and
  
  an interface for authorizing transactions responsive to the biometric input corresponding to the stored biometric data;
  
  a processor,a memory coupled to the processor, the memory providing storage for executable instructions adapted to cause the processor to;
  
  communicate with an enrollment system via the interface to enroll the integrated personal authorization device and the portable token with the enrollment system;
  
  send a personal authorization device identification data to the enrollment system via the interface to enroll the integrated personal authorization device with the enrollment system;
  
  receive a plurality of account data from the enrollment system for storage in the account information storage;
  
  select one of the plurality of account data stored in the account information storage responsive to the biometric input corresponding to the stored biometric data; and
  
  transmit a portion of the selected one of a plurality of account data via the interface for a transaction with an external system.
- View Dependent Claims (44, 45, 46, 47, 48)
- - 44. The integrated personal authorization device of claim 43, the executable instructions further adapted to cause the processor to:
    - intercept communications with the external system;
      
      transmit a portion of the selected one of a plurality of account data via the interface to the external system for a first transaction.
  - 45. The integrated personal authorization device of claim 44, the executable instructions further adapted to cause the processor to:
    - perform a validation transaction with a transaction authorization system via the interface.
  - 46. The integrated personal authorization device of claim 44, the executable instructions further adapted to cause the processor to:
    - perform a second transaction with a transaction authorization system via the interface, the second transaction comprising information about the first transaction.
  - 47. The integrated personal authorization device of claim 44, the executable instructions further adapted to cause the processor to:
    - log the first transaction in a transaction storage on the integrated personal authorization device.
  - 48. The integrated personal authorization device of claim 43, the executable instructions further adapted to cause the processor to:
    - transmit a portion of the selected one of a plurality of account data via the interface to a user computer for display on the user computer.

49. A method of enrolling a personal authorization device, comprising:
- opening communications between the personal authorization device and an enrollment system;
  
  authenticating the personal authorization device to the enrollment system, comprising;
  
  sending a personal authorization device identification data to the enrollment system from the personal authorization device;
  
  verifying the personal authorization device identification data by the enrollment system; and
  
  refusing enrollment of the personal authorization device if verification fails,obtaining biometric data on the personal authorization device from a user;
  
  storing the biometric data on the personal authorization device; and
  
  closing communications with the enrollment system,wherein the personal authorization device identification data is a media access control (MAC) address for the personal authorization device.
- View Dependent Claims (50, 51)
- - 50. The method of claim 49, further comprising:
    - engaging a portable token with the personal authorization device; and
      
      providing a personal identification code from the user to the personal authorization device associated with the portable token.
  - 51. The method of claim 49, further comprising:
    - sending a user-supplied data to the enrollment system andsending a portable token data to the enrollment system.

52. A method of enrolling a personal authorization device comprising:
- opening communications between the personal authorization device and an enrollment system;
  
  authenticating the personal authorization device to the enrollment system, comprising;
  
  sending a personal authorization device identification data to the enrollment system from the personal authorization device;
  
  verifying the personal authorization device identification data by the enrollment system;
  
  obtaining biometric data on the personal authorization device from a user;
  
  storing the biometric data on the personal authorization device;
  
  closing communications with the enrollment system;
  
  sending a plurality of user account data to the personal authorization device from the enrollment system;
  
  storing the plurality of user account data in the personal authorization device; and
  
  obtaining an additional account data from the enrollment system, comprising;
  
  opening communications between the personal authorization device and the enrollment system;
  
  authenticating the personal authorization device to the enrollment system;
  
  obtaining biometric data on the personal authorization device from a user;
  
  if the biometric input corresponds to the stored biometric data, sending an additional account data to the personal authorization device from the enrollment system.
- View Dependent Claims (53, 54)
- - 53. The method of claim 52, each of the plurality of user account data comprising:
    - a user account code; and
      
      a personal identification code.
  - 54. The method of claim 53, wherein the account code is a one-time use account code.

55. A biometric protection system, comprising:
- a personal authorization device, comprising;
  
  a biometric sensor adapted to receive a biometric input;
  
  a biometric data storage adapted to bold stored biometric data to be compared with the biometric input; and
  
  a smart card interface; and
  
  a smart card, adapted to store;
  
  a master account data; and
  
  an application for providing an additional account data to the personal authorization device if the biometric input corresponds to the stored biometric data; and
  
  an enrollment system, comprising;
  
  a processor;
  
  a communications interface, adapted to communicate between the personal authorization device and the enrollment system;
  
  a database coupled to the processor, adapted to store;
  
  a personal authorization device identifier data; and
  
  a user account data; and
  
  an enrollment software, when executed on the processor, causing the processor to perform;
  
  receiving the personal authorization device identifier from the personal authorization device;
  
  locating the personal authorization device in the database, using the personal authorization device identifier; and
  
  validating the personal authorization device, responsive to locating the personal authorization device in the database,wherein the smart card interface is adapted for communicating with the smart card if the biometric input corresponds to the stored biometric data.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 56. The biometric protection system of claim 55, the application adapted to generate the additional account data according to a predetermined algorithm for transmittal to the personal authorization device.
  - 57. The biometric protection system of claim 55, the application adapted to select one of a plurality of user account data for transmittal to the personal authorization device.
  - 58. The biometric protection system of claim 57, wherein the plurality of user account data is created on the smart card by a provider of the smart card.
  - 59. The biometric protection system of claim 57, wherein the plurality of user account data is transmitted front the personal authorization device to the smart card.
  - 60. The biometric protection system of claim 57, the personal authorization device further comprising:
    - an account data storage adapted to store a copy of the plurality of user account data,wherein upon receipt of the additional account data from the smart card, the corresponding account data is cancelled in the account data storage.
  - 61. The biometric protection system of claim 55,wherein the personal authorization device communicates with the enrollment system to obtain an additional user account data, andwherein the personal authorization device communicates with the smart card to store the additional user account data on the smart card upon validation of the personal authorization device by the enrollment system.
  - 62. The biometric protection system of claim 55, the enrollment software, when executed, further causing the processor to perform:
    - adding the personal authorization device to the database if the personal authorization device is not located in the database; and
      
      validating the personal authorization device responsive to adding the personal authorization device to the database.
  - 63. The biometric protection system of claim 55, validating the personal authorization device comprising:
    - informing the personal authorization device of success or failure of the validation.
  - 64. The biometric protection system of claim 55, further comprising:
    - a magnetic stripe writer, adapted to write valid magnetic stripe data to the smart card corresponding to the additional account data.

65. A method of performing e-commerce transactions, comprising:
- sending a personal authorization device identification data from a personal authorization device to an enrollment system;
  
  enrolling the personal authorization device responsive to receipt by the enrollment system of the personal authorization device identification datastoring a biometric data on the personal authorization device responsive to enrolling the personal authorization device;
  
  comparing a biometric input on the personal authorization device to the stored biometric data,engaging a portable token with the personal authorization device, the portable token containing a user account data;
  
  providing the user account data via the personal authorization device for use by a transaction system, responsive to the stored biometric data corresponding to the biometric input.
- View Dependent Claims (66, 67, 68, 69, 70)
- - 66. The method of claim 65, further comprising:
    - communicating between the personal authorization device and a transaction authorization system independent of the transaction system, responsive to the stored biometric data corresponding to the biometric input;
      
      validating the personal authorization device on the transaction authorization system; and
      
      validating the user account data on the transaction authorization system.
  - 67. The method of claim 66, further comprising:
    - receiving a validation information from the transaction authorization system; and
      
      transmitting the validation information to the transaction system.
  - 68. The method of claim 66, wherein the user account data is a one-time use user account data.
  - 69. The method of claim 65, wherein the user account data is displayed on a user computer in a pop-up window, andwherein the user copies the user account data to the transaction system.
  - 70. The method of claim 65, wherein the user account data is transmitted by the personal authorization device to the transaction system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kepler Ltd.
Original Assignee
Kepler Ltd.
Inventors
Cassone, Jean
Primary Examiner(s)
Fureman, Jared J.
Assistant Examiner(s)
TRAIL, ALLYSON NEEL

Application Number

US10/403,934
Publication Number

US 20040188519A1
Time in Patent Office

1,016 Days
Field of Search

235/382, 235/380, 235/462.09, 235/379, 235/375, 705/5, 705/79, 705/39, 705/44, 705/26, 705/64, 382/124, 382/115, 340/825.31, 340/382.31, 439/65
US Class Current

235/382
CPC Class Codes

G06Q 10/02   Reservations, e.g. for tick...

G06Q 20/027   involving a payment switch ...

G06Q 20/10   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/342   Cards defining paid or bill...

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/40145   Biometric identity checks

G06Q 30/0601   Electronic shopping [e-shop...

G07C 9/257   electronically G07C9/26 tak...

G07F 7/025   by means, e.g. cards, provi...

G07F 7/1008   Active credit-cards provide...

Personal biometric authentication and authorization device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

70 Claims

Specification

Solutions

Use Cases

Quick Links

Personal biometric authentication and authorization device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

70 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links