Identification system and method for authenticating user transaction requests from end terminals

US 7,246,243 B2
Filed: 05/15/2001
Issued: 07/17/2007
Est. Priority Date: 05/16/2000
Status: Active Grant

First Claim

Patent Images

1. An identification system comprising:

a plurality of end terminals,a plurality of electronic commerce service provider (ECSP) units, wherein each one of the plurality of ECSP units receives a transaction request message containing ciphered biometrics data of a user and a user identifier of said user transmitted from the plurality of end terminals via a communications network and for each received transaction request message, one of the plurality of ECSP units transmits an authentication request message containing said ciphered biometrics data and said user identifier to said network; and

an authentication server comprising a database for mapping a plurality of registered biometrics data to a plurality of corresponding registered user identifiers, wherein the authentication server receives the authentication request messages from the plurality ECSP units via said network, and for each of the received authentication request messages, the authentication server decipheres the ciphered biometrics data and compares the deciphered biometrics data to one of the registered biometrics data which is mapped in said database to the user identifier contained in the received authentication request message and returns a reply to the plurality of ECSP units via said network indicating that said transaction request message is authenticated if the received biometrics data coincides with said mapped biometrics data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an identification system for electronic commerce, an end terminal transmits a transaction request message containing biometrics data of a user to a communications network, At least one electronic commerce service provider unit is provided which receives the transaction request message via the network and transmits an authentication request message containing the biometrics data to the network. An authentication server having a database for storing registered biometrics data receives the authentication request message and determines whether the received biometrics data has corresponding biometrics data in the database and returns a reply to the ECSP unit via the network indicating that the transaction request message is authenticated if the received biometrics data coincides with one of the registered biometrics data of the database.

81 Citations

View as Search Results

26 Claims

1. An identification system comprising:
- a plurality of end terminals,a plurality of electronic commerce service provider (ECSP) units, wherein each one of the plurality of ECSP units receives a transaction request message containing ciphered biometrics data of a user and a user identifier of said user transmitted from the plurality of end terminals via a communications network and for each received transaction request message, one of the plurality of ECSP units transmits an authentication request message containing said ciphered biometrics data and said user identifier to said network; and
  
  an authentication server comprising a database for mapping a plurality of registered biometrics data to a plurality of corresponding registered user identifiers, wherein the authentication server receives the authentication request messages from the plurality ECSP units via said network, and for each of the received authentication request messages, the authentication server decipheres the ciphered biometrics data and compares the deciphered biometrics data to one of the registered biometrics data which is mapped in said database to the user identifier contained in the received authentication request message and returns a reply to the plurality of ECSP units via said network indicating that said transaction request message is authenticated if the received biometrics data coincides with said mapped biometrics data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The identification system of claim 1, wherein each one of the plurality of ECSP units includes a conversion table for mapping a first plurality of user identifiers to a second plurality of user identifiers, wherein said first plurality of user identifiers are used by said plurality of end terminals and said second plurality of user identifiers are the user identifiers registered in said database, each one of the plurality of ECSP units converts the user identifier contained in the received transaction request message to one of the second plurality of user identifiers which is mapped to the received user identifier and transmits said authentication request message containing the converted user identifier.
  - 3. The identification system of claim 1, wherein each of said end terminals comprises a user terminal exclusively owned by said user.
  - 4. The identification system of claim 1, wherein each of said end terminals comprises a sales terminal to which a plurality of user'"'"'s handheld personal units can be connected, wherein said sales terminal transparently transmits a transaction request messaged received from each of the personal units to said plurality of ECSP units.
  - 5. The identification system of claim 1, wherein said biometrics data of said user is a fingerprint of said user.
  - 6. The identification system of claim 1, wherein said biometrics data of said user is an extracted feature of a fingerprint of said user.
  - 7. The identification system of claim 1, wherein each of said end terminals is configured to generate said ciphered biometrics data with a secret key generated by a variable secret key generator which generates secret keys which vary with time, the generated secret key being agreed-upon with said authentication server.
  - 8. The identification system of claim 7, wherein said variable secret key generator is located at said authentication server and wherein each of said end terminals is configured to transmit a key request message to said authentication server via said plurality of ECSP units, to receive said secret key from the secret key generator:
    - and to ciphering a biometrics data with the received secret key before said transaction request message is transmitted.
  - 9. The identification system of claim 8, wherein said authentication server comprises a variable secret key generator which generates a secret key which varies with time, and a decryption unit for deciphering the received ciphered biometrics data by using the secret key generated by said secret key generator.

10. An identification system comprising:
- a plurality of end terminalsa plurality of electronic commerce service provider (ECSP) units, wherein each one of the plurality of ECSP units receives a transaction request message containing ciphered biometrics data of a user and a user identifier of said user transmitted from the plurality of end terminals via a communications network and for each received transaction request message, one of the plurality of ECSP units transmits an authentication request message containing said ciphered biometrics data to said network; and
  
  an authentication server comprising a database for mapping a plurality of registered biometrics data to a plurality of corresponding registered user identifiers, wherein the authentication server receives the authentication request messages from the plurality of ECSP units via said network, comparing and for each of the received authentication request messages, the authentication server deciphers the ciphered biometrics data and compares the deciphered biometrics data to all of the registered biometrics data in said database, detects the user identifier mapped to the registered biometrics data which coincides with the deciphered biometrics data, and returns a reply to the plurality of ECSP units via said network indicating that a user identified by the detected user identifier is authenticated.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The identification system of claim 10, wherein each of said end terminals comprises a user terminal exclusively owned by said user.
  - 12. The identification system of claim 10, wherein each of said end terminals comprises a sales terminal to which a plurality of user'"'"'s handheld personal units can be connected, wherein said sales terminal transparently transmits a transaction request messaged received from each of the personal units to said plurality of ECSP units.
  - 13. The identification system of claim 10, wherein said biometrics data of said user is a fingerprint of said user.
  - 14. The identification system of claim 10, wherein said biometrics data of said user is an extracted feature of a fingerprint of said user.
  - 15. The identification system of claim 10, wherein each of said end terminals is configured to generate said ciphered biometrics data with a secret key generated by a variable secret key generator which generates secret keys which vary with time, the generated secret key being agreed-upon with said authentication server.
  - 16. The identification system of claim 15, wherein said variable secret key generator is located at said authentication server and wherein each of said end terminals is configured to transmit a key request message to said authentication server via said plurality of ECSP units to receive said secret key from the secret key generator:
    - and to cipher a biometrics data with the received secret key before said transaction request message is transmitted.
  - 17. The identification system of claim 16, wherein said authentication server comprises a variable secret key generator which generates a secret key which varies with time, and a decryption unit for deciphering the received ciphered biometrics data by using the secret key generated by said variable secret key generator.

18. An identification method comprising the steps of:
- a) transmitting, from a plurality of end terminals, transaction request messages, containing ciphered biometrics data of a user to a communications network;
  
  b) receiving, at each one of a plurality of electronic commerce service providers, one of the transaction request messages via said network;
  
  c) for each received transaction request message, transmitting, an authentication request message containing said ciphered biometrics data from one of the plurality of electronic commerce service provider units to said network;
  
  d) receiving said authentication request messages via said network at a user authenticator having a database for storing a plurality of registered biometrics data and the ciphered biometrics data contained in the received authentication request messages;
  
  e) for each of the received authentication request messages, determining whether the deciphered biometrics data has corresponding biometrics data in said database; and
  
  f) for each of the received authentication request messages, returning a reply from said user authenticator to said plurality of electronic commerce service provider via said network indicating that said transaction request message is authenticated if the received deciphered biometrics data coincides with one of the registered biometrics data of the database.

19. An identification method comprising the steps of:
- a) transmitting, from a plurality of end terminals, transaction request messages, each transaction request message containing ciphered biometrics data of a user and a user identifier of said user to a communications network;
  
  b) receiving, at each one of a plurality of electronic commerce service providers, one of said transaction request messages via said network;
  
  c) for each of the received transaction request messages, transmitting, an authentication request message containing said ciphered biometrics data and said user identifier from one of the plurality of electronic commerce service provider units to said network;
  
  d) receiving said authentication request messages at a user authenticator via said network, the authenticator having a database in which a plurality of registered biometrics data are mapped to a plurality of corresponding registered user identifiers and deciphering the ciphered biometrics data contained in the received authentication request messages;
  
  e) for each of the received authentication request messages, comparing the deciphered biometrics data to one of the registered biometrics data which is mapped in said database to the user identifier contained in said authentication request message; and
  
  f) for each of the received authentication request messages, returning, from the user authenticator, a reply to said plurality of electronic commerce service providers via said network indicating that said transaction request message is authenticated if the received biometrics data coincides with said mapped biometrics data.
- View Dependent Claims (20, 21)
- - 20. The identification method of claim 19, wherein the user identifiers stored in said database are different from the user identifiers of said end terminals, further comprising converting, at each one of the plurality of electronic commerce service providers, the user identifier contained in the received transaction request message to a second user identifier which is contained in said authentication request message as the first-mentioned user identifier.
  - 21. The identification method of claim 19, wherein a biometrics data contained in the transaction request message is ciphered by using a secret key which varies with time and agrees with the secret key with which the ciphered biometrics data is deciphered at said user authenticator.

22. An identification method comprising the steps of:
- a) transmitting, from a plurality of end terminals, transaction request messages, each transaction request message containing ciphered biometrics data of a user to a communications network;
  
  b) receiving, at each one of a plurality of electronic commerce service providers, one of said transaction request message via said network;
  
  c) for each of the received transaction request messages, transmitting, an authentication request message containing said ciphered biometrics data from one of the plurality of electronic commerce service providers to said network;
  
  d) receiving, at a user authenticator having a database in which a plurality of registered biometrics data are mapped to a plurality of corresponding registered user identifiers, said authentication request messages via said network and deciphering the ciphered biometrics data contained in the received authentication request messages;
  
  e) for each of the received authentication request messages, comparing the deciphered biometrics data to all of the registered biometrics data in said database to detect coincidence;
  
  f) for each of the received authentication request messages, detecting the user identifier mapped to the biometrics data which coincides with the deciphered biometrics data; and
  
  g) for each of the received authentication request messages, returning a reply from the user authenticator to said plurality of electronic commerce service providers via said network indicating that said user having the detected user identifier is authenticated.

23. An identification system comprising:
- a plurality of terminals,a plurality of electronic commerce service provider (ECSP) units, wherein each one of the plurality of ECSP units receives a registration request message containing ciphered biometrics data of a user and a user identifier of said user transmitted from the plurality of end terminals via a communications network, retransmits the registration request message to said network, receives a transaction request message containing said ciphered biometric data and user identifier transmitted from the plurality of end terminals via said network, and for each received transaction request message, transmits an authentication request message containing said biometrics data and said user identifier to said network; and
  
  an authentication server for receiving said registration request messages from said plurality of ECSP units via said network, mapping in a database a plurality of biometric data contained in a plurality of said registration request messages to a plurality of corresponding user identifiers contain in said registration request messages, the authentication server further receiving the authentication request messages from the plurality of ECSP units via said network, and for each of the received authentication request messages, the authentication server deciphers the ciphered biometrics data and compares, the received deciphered biometrics data to one of the biometrics data which is mapped in said database to the user identifier contained in the received authentication request message and returns a reply to said the plurality of ECSP units via said network indicating that said transaction request message is authenticated if the received biometrics data coincides with said mapped biometrics data.

24. An identification system comprising:
- a plurality of end terminals,a plurality of electronic commerce service provider (ECSP) units, wherein each one of the plurality of ECSP units receives a registration request message containing ciphered biometrics data of a user and a user identifier of said user transmitted from the plurality of end terminals via a communications network, retransmits the registration request message to said network, receives a transaction request message containing said ciphered biometrics data transmitted from the plurality of end terminals via said network, and for each received transaction request message, transmits an authentication request message containing said ciphered biometrics data and said user identifier to said network; and
  
  an authentication server for receiving said registration request messages from said plurality of ECSP units via said network, mapping a plurality of biometrics data contained in a plurality of said registration request messages to a plurality of corresponding user identifiers contained in said registration request messages, the authentication server receiving the authentication request messages from the plurality of ECSP units via said network, and for each of the received authentication request messages, the authentication server decipheres the ciphered biometrics data and compares comparing the received and deciphered biometrics data to all of the biometrics data in said database, detects the user identifier mapped to the biometrics data which coincides with the received biometrics data, and r4mmain˜
  
  returns a reply to said plurality of ECSP units via said network indicating that a user identified by the detected user identifier is authenticated.

25. An authentication server comprising:
- a database for mapping a plurality of registered biometrics data to a plurality of corresponding registered user identifiers;
  
  an interface unit for receiving authentication request messages from a plurality of electronic commerce service provider (ECSP) units via a network, each authentication request message containing ciphered biometrics data of a user and a user identifier of said user;
  
  a deciphering unit which deciphers the ciphered biometrics data; and
  
  a processor, wherein for each of the received authentication request messages, the processor compares the deciphered biometrics data to one of the registered biometrics data which is mapped in said database to the user identifier contained in the received authentication request message,wherein the interface unit returns a reply to the plurality of ECSP units via said network indicating that the transaction request message is authenticated if the deciphered biometrics data coincides with the said mapped biometrics data,wherein each authentication request message corresponds to a transaction request message transmitted to one of the plurality of ECSP units from one of a plurality of user terminals via said network.

26. An authentication server comprising:
- a database for mapping a plurality of registered biometrics data to a plurality of corresponding registered user identifiers;
  
  an interface unit for receiving authentication request messages from a plurality of electronic commerce service provider (ECSP) units via a network, each authentication request message containing ciphered biometrics data of a user and a user identifier of said user;
  
  a deciphering unit which deciphers the ciphered biometrics data; and
  
  a processor, wherein for each of the received authentication request messages, the processor compares the deciphered biometrics data to all of the registered biometrics data in said database and detects the user identifier mapped to the biometrics data which coincides with the deciphered biometrics data,wherein the interface unit returns a reply to the plurality of ECSP units via said network indicating that a user identified by the detected user identifier is authenticated,wherein each authentication request message corresponds to a transaction request message transmitted to one of the plurality of ECSP units from one of a plurality of user terminals via said network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Uchida, Kaoru
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tran; Ellen C.

Application Number

US09/854,666
Publication Number

US 20010044900A1
Time in Patent Office

2,254 Days
Field of Search

713/170, 713/186, 382/115, 726/2, 726/3
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G07C 9/37   using biometric data, e.g. ...

Identification system and method for authenticating user transaction requests from end terminals

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Identification system and method for authenticating user transaction requests from end terminals

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others