System and method for performing secure online transactions
First Claim
Patent Images
1. A method for performing a requested secure online transaction based on challenge/response procedures executed by a terminal of a customer and by a terminal of a service provider, the terminal of the customer and the terminal of the service provider being connected to a network, the method comprising:
- a) using the terminal of the service provider for capturing biometric elements from the customer during an enrolment procedure;
b) storing the biometric elements in a database that is accessible by the terminal of the service provider;
c) forwarding a set of processing instructions in a machine readable or in a non-machine readable format to the terminal of the customer for every transaction or for a number of transactions, the processing instructions defining operations to be performed on transaction data contained within a transaction summary that contains the customer'"'"'s requested transaction;
d) based on the processing instructions executing synchronized challenge procedures for each transaction in a first challenge module provided in the terminal of the service provider and in a second challenge module provided in the terminal of the customer, thus producing identical random challenges based on current transaction data and identical processing instructions;
e) capturing, with a capturing module provided in the terminal of the customer, biometric data from a customer'"'"'s response provided for the challenge established by the second challenge module;
f) delivering the transaction data and the biometric data of the customer'"'"'s response to the terminal of the service provider;
g) retrieving from the database and assembling, in a response module provided in the terminal of the service provider, biometric elements according to the challenge established by the first challenge module in order to create a separate response; and
h) comparing, with a biometric authentication module provided in the terminal of the service provider, the biometric data of the customer'"'"'s response with the data of the assembled separate response and performing the requested transaction in the event that the responses match.
2 Assignments
0 Petitions
Accused Products
Abstract
The system and method performing secure online-transactions based on challenge/response procedures executed by a terminal of at least one customer and by a terminal of a service provider, such as a bank, which terminals are connected to a network, preferably the Internet. The inventive method including:
- capturing biometric elements, such as audio and video samples or related biometric data, from the customer during an enrollment procedure and storing the biometric elements in a database, which is accessible by the service provider'"'"'s terminal;
- executing synchronized challenge procedures for each transaction in order to produce identical challenges based on current transaction data;
- capturing biometric data from the customer'"'"'s response to the challenge with the customer'"'"'s terminal;
- delivering transaction data together with the biometric data of the customer'"'"'s response to the service provider'"'"'s terminal;
- retrieving and assembling biometric elements according to the challenge in order to assemble response in the service provider'"'"'s terminal; and
- comparing the biometric data of customer'"'"'s response with the data of the assembled response and performing the requested transaction in the event that the data of the responses match.
-
Citations
17 Claims
-
1. A method for performing a requested secure online transaction based on challenge/response procedures executed by a terminal of a customer and by a terminal of a service provider, the terminal of the customer and the terminal of the service provider being connected to a network, the method comprising:
-
a) using the terminal of the service provider for capturing biometric elements from the customer during an enrolment procedure; b) storing the biometric elements in a database that is accessible by the terminal of the service provider; c) forwarding a set of processing instructions in a machine readable or in a non-machine readable format to the terminal of the customer for every transaction or for a number of transactions, the processing instructions defining operations to be performed on transaction data contained within a transaction summary that contains the customer'"'"'s requested transaction; d) based on the processing instructions executing synchronized challenge procedures for each transaction in a first challenge module provided in the terminal of the service provider and in a second challenge module provided in the terminal of the customer, thus producing identical random challenges based on current transaction data and identical processing instructions; e) capturing, with a capturing module provided in the terminal of the customer, biometric data from a customer'"'"'s response provided for the challenge established by the second challenge module; f) delivering the transaction data and the biometric data of the customer'"'"'s response to the terminal of the service provider; g) retrieving from the database and assembling, in a response module provided in the terminal of the service provider, biometric elements according to the challenge established by the first challenge module in order to create a separate response; and h) comparing, with a biometric authentication module provided in the terminal of the service provider, the biometric data of the customer'"'"'s response with the data of the assembled separate response and performing the requested transaction in the event that the responses match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A network-based system designed for performing a secure online transaction based on challenge/response procedures executed with a terminal of a customer, which is equipped with audio- and video-recording devices, and with a terminal of a service provider, which is connected to a database that contains biometric elements, including audio and video samples captured from the customer during an enrollment procedure or biometric data related to the audio and video samples, the system comprising:
-
a) a first challenge module that is provided in the terminal of the service provider and a second challenge module that is provided in the terminal of the customer, wherein the first and second challenge modules allow randomly producing identical challenges for each transaction based on synchronized processing instructions, the processing instructions defining operations to be performed on transaction data contained within a transaction summary that contains the customer'"'"'s requested transaction; b) a response module provided in the terminal of the service provider that allows assembling biometric elements according to a challenge established by the first challenge module in order to assemble a response; c) a capturing module provided in the terminal of the customer that allows capturing biometric data from a customer'"'"'s response to a challenge established by the second challenge module; and d) a biometric authentication module provided in the terminal of the service provider that allows comparing data of the assembled response with data of the customer'"'"'s response that has been received from the terminal of the customer who provided the response to the challenge established by the second challenge module in order to determine whether the assembled response and the customer'"'"'s response match. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification