United States Patent
`
`5,613,012
`[11] Patent Number:
`
`Hoffman et al.
`[45] Date of Patent:
`Mar. 18, 1997
`
`[19]
`
`Hill llllllll III III" Illll ||||| Illll "III “III ||l|| ll||| l|||l| Ill |||l| ||I|
`U5005613012A
`
`[54] TOKEBIESS IDENTIFICATION SYSTEM
`FOR AUTHORIZATION OF ELECTRONIC
`TRANSACTIONS AND ELECTRONIC
`TRANSMISSIONS
`
`175]
`
`['13 I
`
`[21]
`
`Inventors: Ned Hofl'man; David F. Pare, J n;
`Jouathan A. Lee, all of Berkeley, Calif.
`
`Assignee: Smarttouch, LLC., Berkeley, Calif.
`
`Appl. No.: 442,895
`
`[22]
`
`filed:
`
`May 17, 1995
`
`5,210,191
`5222152
`5,229,764
`5.230.025
`5,239,583
`5,241,606
`5,251,259
`5,265,152
`5,276,314
`5,280,527
`5,321,242
`5,325,442
`5,335,233
`5,343,529
`5,351,303
`
`
`
`511993 Usui et al.
`38214
`611993 Fishbine et a1.
`38212
`711993 Matched. et a1.
`340182534
`
`.. 38214
`711993 Fisfbine el al.
`
`380123
`811993 Parri]10..........
`
`...... 33214
`311993 Horie
`1011993 Mosley ......
`330123
`
`.....
`1111993 Bush et a].
`380124
`111994 Martino et a1.
`., 2351330
`
`111994 Gullrnan et a1.
`..
`380123
`.. 2351332
`511994 Heath, Ir.
`
`511994 Knapp ............. 38214
`...... 33112
`811994 Faulkner
`
`311994 Goldfine eta].
`330123
`
`911994 Willmore
`38214
`
`Related US. Application Data
`
`OTHER PUBLICATIONS
`
`[63]
`
`[51]
`[521
`[53]
`
`Continuation-impart of Ser. No. 345,523, Nov. 28. 1994.
`
`G06K 9100
`Int. Cl.”
`US. Cl. ................................ 3821115; 2351380; 90213
`Field of Search
`340182534, 825.33,
`3440182531; 3821115, 116, 117, 118, 119.
`124, 128; 90211, 2, 3, 4-, 5, 6. 8, 9, 10,
`l2, 13, 22, 23. 24, 25, 26. 27, 31, 32, 33.
`34, 35, 3?; 2351375, 376, 379, 380, 381,
`382, 382.5, 383, 384, 385, 386
`
`[561
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`3581108
`411989 Lafreniere
`4,821,113
`. 3641408
`611989 Dethlofl‘ eta].
`4,331,422
`
`380123
`511990 Chaum
`4,926,480
`3641408
`1011990 Elliott et a1.
`4,961,142
`
`.. 380123
`211991 Piosenka et 3].
`4,993,063
`38214
`
`211991 Lilley et a1.
`4,995,086
`
` 4,998,279 311991 Weiss . 3401825
`
`5,036,461
`711991 Elliott er. a1.
`3641408
`5,054,089
`1011991 Uchida eta].
`38214
`5,095,194
`311992 Barbanell
`. 2351379
`
`5,109,427
`411992 Yang ..........
`38214
`
`411992 Igaki et al .....
`5,109,428
`38215
`
`911992 Kobayashi et a].
`5,144,680
`38214
`
`911992 Higuchi et 21.1.
`. 2501556
`5,146,102
`
`380123
`5,168,520
`1211992 Weiss
` . 2351380
`
`111993 Hiramatsu ..
`5,180,901
`380125
`
`5,191,611
`311993 Lang
`356171
`5,210,588
`511993 Lee
`
`1993}:1'1—19
`(Nov.
`Security Management, V. 37, n 11
`Anderson et 31., American Society For Industrial Security
`1993, “Security Works”, Senior Editor: Harowitz. (Address,
`Security Management, 1655 N. Fl‘. Myer Dr, Suite 1200,
`Arlington, VA, 22209.).
`
`Primary Examiner—Leo Boudreau
`Assistant ExaminerwBijan Tadayon
`Attorney. Agent, or Firm—Ali Kamarei
`
`[5'1]
`
`ABSTRACT
`
`A tokenless identification system and method for authoriza-
`tion of transactions and transmissions. The tokeniess system
`and method are principally based on a correlative compari*
`son of a unique biometrics sample, such as a finger print or
`voice recording. gathered directly from the person of an
`unknown user, with an authenticated biometrics sample of
`the same type obtained and stored previously. It can be
`networked to act as a full or partial intermediary between
`other independent computer systems, or may be the sole
`computer systems carrying out all necessary executions. It
`further contemplates the use of a private code that is returned
`to the user after the identification has been complete, authen—
`ticating and indicating to the user that the computer system
`was accessed. The identification system and method of
`additionally include emergency notification to permit an
`authorized user to alert authorities an access attempt
`is
`coerced.
`
`170 Claims, 14 Drawing Sheets
`
`
`
`Page 1 of 67
`Page 1 of 67
`
`FIS Exhibit 1016
`FIS Exhibit 1016
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 1 of 14
`
`5,613,012
`
`mzotmmfih
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:21)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`
`E96Nmoan.
`
`n.GE
`
`
` kaE2
`
`Esauumu
`
`mzollmm...“
`
`
`
`

`

`US. Patent
`
`2
`
`n..._m¢.‘.Ir',l.vCOOM“”O"””HQVKDQ“waUBQEQbUQN
`
`
`
`
`
`moumaumm«333%.aa"w{+10¢9‘04uto.QuvaQOQB2%do:.0555}???10...>0...
`n33$WSun3:63uthu;
`6:EEQEQQ5bugPEEfli
`1«manta0g9”kgNBHangman
`
`
`flammfiButton:0pmm:962E«mumI.2Sa.aquaa«BanguimgmfiaogobflD
`IM.c3‘99‘axm.u3..3.
`9.6.>nk
`mac.3o.IonSoSn99.5on.5e3“.93‘
`
`
`2.3.£9»ch“Sauna
`
`Us:3%.quPact32muncommum
`HHHMWMDHJ“...mWO...O.§.O.I“a?NSt
`
`
`buntcfiat35%...
`
`3°23;Mg.z.”
`
`
`
`xuahébtx@333;
`
`a.”98mm
`
`Eocene:.5»..,
`
`"gm.a..ono“
`Tuba-1’."-
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:22)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)E9
`
`6mmoan.
`
`3&8:
`
`38%.»?E
`mmunuuua
`
`\Gk
`
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 3 0f 14
`
`5,613,012
`
`'|\‘mh
`l‘mmmummux
`
`chEo...m
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:23)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`
`5,6wmoan.
`
`
`
`m..GE
`
`
`
`33mm:Buck
`
`
`
`uncommmkharm.
`
`“muck
`
`
`
`“932:1£uh¢§
`
`
`
`335$.:Qmm—x
`
`N.“
`
`
`
`8.3mm3&5uEmEpfi
`
`m:
`
`
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 4 of 14
`
`5,613,012
`
`
`
`Roman.)EOUOMEQ
`
`"magma:
`
`28¢.qu
`
`
`
`mh@9382“Eon
`
`..B:.__EL.£
`
`canvacuum:
`
`
`
`
`
`nabBahama}\fle‘umcgmmk
`
`
`
`
`
`LmnfiazmucoaummhoEbQ38¢chQ$3..
`
`aux5.30.829:
`
`
`
`MEEEDEbubnoowm.
`
`939503bufitl
`
`auxmmtohmmm
`
`\amkmagma:
`
`En.
`
`“carat
`
`
`
`vacuum}.Eben.»
`
`8%Lu“Maum
`
`3%33.5%..01.:ham1
`
`no.
`
`5Vhumane
`
`
`.33.02uncuaumm
`
`m...anan
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:24)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`
`596mmoan.
`
`VGE
`
`
`
`
`
`LunEaz.833.3%
`
`hQEhQ
`
`
`
`Auktabuumtbh
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 5 of 14
`
`5,613,012
`
`333%..
`
`\flNW/Qflwa
`m
`
`\//j
`
`.7
`
`.33
`
`§7/////A®%x/////,
`
` hmfibucm. :QEQQbaa: twang.
`
`
`Bxfitfigagemummmmzwucmzomm.
`:DfiolAukgamma:
`£8..0283
`
`
`
`
`ammonmmQEmEoE
`
`62.QqAukHeath:
`
`
`
`3.30hm“abound
`
`
`
`amtmagma:
`
`bmwubocm 33mm.as:
`
`aka:
`
`Aukumcuqmmm
`
`383$
`
`cQEu;
`
`mGE
`
`Eta,xuu.RExmm
`
`magma:3303.65£3536
`
`
`
`cuwummumps.02“web$9.me
`
`«mama»:
`
`.:38a:.EE£29,“qu~3mey“mmmfitmmEhbM‘bmy
`
`
`be:.02aneumtofiatmEuz
`
`accumum
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:25)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`
`E96mmoan.
`
`mGt
`
`nEmRem
`
`d...
`
`9Qwhom
`
`29E
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 6 of 14
`
`5,613,012
`
`3.3381
`
`UnaEE5%
`
`
`
`22359cm.
`
`Sun“a
`
`35.:
`
`momfiuum.
`
`“3.3%uncommuk
`
`:93
`
`33.:th8Hana
`
`m.@\h\
`
`
`
`hascomuqbucm
`
`“amanual933mm.
`
`Ems.utwmficmm
`
`
`
`katBaum
`
`~35uEuEnfi
`
`ookoa
`
`chauukacob‘
`
`to...”$0qu
`
`mama:
`
`36$“
`
`$3.
`
`32m.
`
`atomEamon
`
`
`
`age?“can“
`
`magnum
`
`
`
`“Equal~83un
`
`kactfi
`
`
`
`m..GE
`
`9m.
`
`“N
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:26)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`
`596Nmoan.
`
`myEmcee
`
`333%.
`
`.02
`
`EfiumEa:
`
`Hum62nucuauum.
`
`Aux3an
`
`p.28
`
`35%?
`
`Sum.
`
`
`
`tenantBum.
`
`
`
`mafiaExact
`
`DE
`
`kGE
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Mar. 18, 199’?
`
`Sheet 7 of 14
`
`5,613,012
`
`PIC
`
`Sample +
`
`Biome tn'c
`
`Mandatory
`Data
`
`Opb'onol
`Data
`
`EacorpHon/Seating
`Process at Biometric
`Input Device
`
`Fry. 7
`
`Decryption/Coonfor
`Party 1.0. Process
`Fig. 8
`
`Store Biometric
`Sompies in Proper
`
`PIC—Basket
`
`Store Private
`Codes and Other w.
`Optional Data
`
`Registration
`Complete
`
`Further Processing
`F912
`
`Encorpttbn/
`Sealing
`Process
`
`Fig. 9
`
`Get
`Private
`Code
`
`Fig. 10
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:27)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`Page 8 of 67
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 8 of 14
`
`5,613,012
`
`FIG
`
`Sompie 4-
`
`Biometric
`
`Mondatory
`Do to
`
`Optionoi
`Data
`
`.0
`
`
`
`Encarption/Seaiing
`Process at Biometric
`input Device
`Fig. 7
`
`Decqption/Caun ter
`Party LD. Process
`fig. 8
`
`identify Pic
`Basket Associated
`with Entered Pic
`PGL
`
`iMi.
`
`Comparison of
`Biometric Sampies
`in PIC—basket
`with Entered Bio
`Sampie
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Securibr
`
`
`
`
`individuai
`identification
`
`
`N0
`
`Encqptian/
`Seating
`Process
`Fig.
`.9
`
`is
`There a
`Match?
`
`YES
`
`Compiete
`
`Further Processing
`Fig. 72
`
`Fig. 11
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:28)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`Page 9 of 67
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 9 of 14
`
`5,613,012
`
`“macawm“
`
`Autmmgmfimd2
`
`2:30un
`
`
`
`mahtafiatthat
`
`
`
`AucmamEm.3
`
`cabana.
`
`$3235‘EmmAccumgmfimh
`
`
`
`.3ESQEQQ«cum
`
`
`
`Lo».Aucmmgmfim
`
`
`
`0393......«cam
`
`magabmuagn‘
`
`gamma.
`
`mowaxgbh
`
`ufimmuooi
`
`mgGE
`
`Una
`
`203:0.me
`
`afim
`
`
`
`fight”mu
`
`v.80
`
`\EE$0.05
`33%
`
`$320.
`
`mat
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:19)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`
`$962moan.
`
`cofimmM
`
`cohoEaten
`
`mfifimmuogn‘
`
`NuGE
`
`33338:“
`
`fiaBEEfi
`
`“$991
`
`:.mm
`
`€32
`
`.02“amount
`
`Emmuuuc‘
`
`“2:031a“
`
`Recumgufim62
`
`$23031
`
`Eta.
`
`m£mmmuEm
`
`Eat
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 10 of 14
`
`5,613,012
`
`
`
`BanactSunni.“
`
`mmmamwmad.dmmm.‘
`
`«63m?
`
`Bantam3E3s.
`
`
`
`0.8%quuEmmi
`
`9.GE
`
`$53
`
`mymEmk
`
`“enema:
`
`“amtgnu:
`
`an8“gamut
`
`fiUhmmUUv‘
`
`
`
`urummwunimmm
`
`
`
`62.“amount
`
`$.anno»
`
`L3.2quan:En.
`
`“amountAtom
`
`
`
`mayuncontoxcx
`
`$.20
`
`5.3no
`
`
`
`when»:93“...th£31
`
`magma
`
`mofightto
`
`a:Bahama
`
`3.20he:
`
`cmmmmmm
`
`no...“3.:th
`
`mfimmmmEo.
`
`
`
`3.65:“;358mm.
`
`
`
`Emanct.653s.
`
`3.33pa3me
`
`
`
`
`
`emu90ng.6me
`
`«Sigma
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:20)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`
`596:moan.
`
`
`
`Enactbangs
`
`2.362
`
`bummmuut
`
`
`
`Emmt£39m
`
`.92“548%
`
`“$53...anme
`
`Atomfinancebum
`
`commukccmk
`
`.5.a?““amount
`
`anambsum
`
`£28
`
`3.08Emfizosé
`
`363......
`
`
`
`cube£25k
`
`uEmmmuEm
`
`3.GE
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`
`
`
`
`identity Asset
`Account
`to be
`
`Accessed
`
`
`US. Patent
`
`Mar. 13, 1997
`
`Sheet 11 of 14
`
`5,613,012
`
`
` identify individual
`
`
`
`Submitting Batch
`Request
`
`
`
`individual Identification
`Process Fig.
`ii
`
`
`
`
`
`
`
`Validate individuai's
`Authorization to
`Submit Batch
`Requests
`
`Ven'fii individual
`identification,
`Hardware, AD. No.
`and Counter Party
`
` Vaiidate that
`
`Account No.
`to be
`
`
`Modified is Owned
`
`by Counter Party
`
`
`Proceed with
`Modification of
`Account
`info.
`
`
`
`
`
` Session
`Termmation
`
`Processing
`
`FIG. 17
`
` Session
`
`Termination
`
`
`Processing
`
`
`FIG. 16
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:21)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`Page 12 of 67
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 12 of 14
`
`5,613,012
`
`SEE
`
`dz~35:qu
`
`
`
`“5.830%takeout
`
`
`
`EuEaqunumb
`
`
`
`3:03..qu3mafia?“but?
`
`
`
`bméma£me:
`
`
`
`$963k932%
`
`beamafifiuum
`
`.6bmqumm
`
`an96:
`
`$5.8:qu
`
`
`
`buyuumvk.
`
`33mm.833mEa.
`
`Q.@E
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:22)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`
`$962moan.
`
`62~55:quaqumcub
`
`£36
`
`“$5:qu
`
`Enact
`
`
`
`.5.:83»...
`
`EmfiGmk
`
`anaestp‘n‘
`
`tweenQ32
`
`”$53qu“8
`
`62
`
`commmom
`
`upcufiEgfl
`
`magnum
`
`muGE
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Mar. 18,1997
`
`Sheet 13 of 14
`
`5,613,012
`
`Head Portion
`
`% §
`
`\\\\\\\\\\\\\\\\\\\\\\\\\\\\W/////////////A§
`
`”5333”“
`
`“$3....
`
`FIG. 20A
`
`
`
`WWI/l ///////////////////////////////A
`
`P5133?
`
`Signature String
`
`FIG. 203
`
`Head Portion
`
`f—gfi
`
`Signature String
`
`FIG. 200
`
`\\\////////////////////////1A\\\\V
`
`Private
`Code
`
`Signature String
`
`Status
`
`FIG. 200
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:23)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`Page 14 of 67
`
`

`

`US. Patent
`
`Mar. 18, 1997
`
`Sheet 14 of 14
`
`5,613,012
`
`~ka«Eel
`
`tohudwcmmmfimm
`
`
`
`mem.Efiocnfi
`
`ESQamm:
`0.2qu
`
`batmfinammngEoo
`
`
`
`mfism.Efiucnfi
`
`93£3
`
`ufiEmmgawunfifi
`
`
`
`mESm.teamm
`
`on:QMEUQEQQac
`
`goymgomk
`
`NN.GE
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:24)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`
`$963moan.
`
`£838
`
`62”$53qu9EEEQW
`
`:0.38.6
`
`300mm9mm
`
`62EmEaqumomma
`
`
`
`umcohomm“mm.
`
`
`
`a...9.3396
`
`Eoumm
`
`gmbcmm2Eamm
`
`
`
`3:323?qu“km:
`
`92.5%Efiunum.
`
`“NGE
`
`
`
`
`
`
`
`
`
`
`
`

`

`5,613,012
`
`2
`
`1
`TOKENLESS IDENTIFICATION SYSTEM
`FOR AUTHORIZATION OF ELECTRONIC
`TRANSACTIONS AND ELECTRONIC
`TRANSMISSIONS
`
`CROSS-REFERENCE
`
`The present application is a continuation—in-part of US.
`patent application SCI". No. 081345.523, filed Nov. 28. 1994,
`which is incorporated herein by reference.
`
`to
`
`BACKGROUND
`
`hands. While theft of a token constitutes the majority of
`fraud in the system, the use of counterfeit credit cards has
`been on the rise. Counterfeit credit cards are manufactured
`by a more technically sophisticated criminal by acquiring a
`cardholder's valid account number and then producing a
`counterfeit card using that valid number. The counterfeiter
`encodes the magnetic strip. and cmbosscs the counterfeit
`plastic card with the account number. The card is then
`presented to merchants and charged up to the rightful
`cardholder‘s account. Another form of loss is by a. criminal
`merchant who surreptitiously obtains
`the cardholder‘s
`account number. Yet another type of fraud is committed by
`the authorized cardholder when the token is used for making
`purchases and thereafter a claim is made that the token was
`either lost or stolen. It is estimated thatlosses due to all types
`of fraud exceeds $950 million dollars annually.
`Generally, debit cards are used in conjunction with a
`personal identification code (PIC). Counterfeiting :1 debit
`card is more difficult as the criminal must acquire not only
`the account number, but also the PIC. and then manufacture
`the card as in the credit card example. However. various
`strategies have been used to obtain Ple from unwary
`cardholders; these range from Trojan horse automated teller
`machines, orATMs. in shopping malls that dispense cash but
`record the PIC, to merchant point of sale devices that also
`record the PIC. to individuals with binoculars that watch
`cardholders enter PICs at A'I'Ms. The subsequently manu-
`factured counterfeit debit cards are then used in various
`ATM machines until the unlucky account is emptied.
`The financial industry is well aware of the trends in fraud
`expense. and is constantly taking steps to improve the
`security of the card. Thus fraud and theft of token have an
`indirect impact on the cost to the system.
`Card blanks are manufactured under very tight security.
`Then they are individualized with the account number,
`expiration date, and are then mailed to the cardholder.
`Manufacturing and distributing Ihe card alone costs the
`industry approximately one billion dollars annually. The
`standard card costs the financial industry $2 for each. but
`only $0.30 of this 32 is associated with actual manufacturing
`£051.
`
`Over the last ten years, the industry has altered the tokens
`because of counterfeiting fraud. without any fundamental
`changes in the use of the credit transaction system. The
`remedy has been mostly administrative changes such as
`having customers call the issuer to activate their card. Other
`changes include addition of a hologram. a picture ID, or an
`improved signature area. These type of changes in particular.
`are an indication that the systems susceptibility to fraud is
`due to lack of true identification of the individual. It is
`estimated that this could double the manufacturing cost to
`two billion dollars annually.
`In the near future, the banking industry expects to move
`to an even more expensive card. called a “smart card". Smart
`cards contain as much computing power as did some of the
`first home computers. Current cost projections for a first-
`generation sman card is estimated at approximately $3.50,
`not including distribution costs, which is significantly higher
`than the $0.30 plastic card blank.
`This significant increase in cost has forced the industry to
`look for new ways of using the power in the smart card in
`addition to simple transaction authorization. It is envisioned
`that in addition to storing credit and debit account numbers,
`smart cards may also store phone numbers, frequent dyer
`miles, coupons obtained from stores, a transaction history,
`electronic cash usable at tollbooths and on public transit
`
`15
`
`'20
`
`30
`
`The use of tokens and credit cards in today‘s financial
`world is pervasive. A token would be any inanimate object
`which coffers a capability to the individual presenting the
`object. Remote access of every financial account is through
`the use of tokens or plastic cards. Whether buying groceries
`with debit cards or consumer goods with credit cards. at the
`heart of that transaction is a money transfer enabled by a
`token, which acts to identify an individual and the financial
`account he is accessing.
`The reason for the migration from metal coins to plastic
`cards is simple and straightforward: access to money in this
`money transfer system is vastly safer and more convenient on
`for both merchants and consumers than handling large
`quantities of coins and notes.
`Unformnately, current
`technology in combination with
`this convenient token-based money transfer system results in
`a system that is prone to theft and fraud.
`As verification of user identity is based solely on data
`placed on the token. which can be easily reproduced and
`transferred between individuals, such security must rely on
`both the diligence and the luck of the authorized user and
`merchant in maintaining this information as proprietary.
`However, by their very nature. tokens do not have a very
`strong connection with the individual. identification of the
`rightful owner of the token through the token is tenuous at
`best. This is easily demonstrated by the fact that individuals
`other than the rightful owners of the tokens have been using
`these tokens to defraud merchants and other consumer goods
`suppliers.
`The mammoth expansion of the consumer credit industry
`during the 19805 brought with itlarge profits for issuers. and
`ncwfound convenience for consumers. However, as con—
`sumer credit became easier for consumers to acquire, it also
`became a target for criminals. Much as the mobility of the
`automobile led to a rash of bank robberies in the late 1920's
`and early 1930‘s. so too did the ubiquity of consumer credit
`lead to vastly increased opportunitiea for criminals.
`Initially, the banking industry was willing to accept a
`certain amount of loss due to fraud, passing the cost on to the
`consumer. However, as criminals became more organized,
`more technically adept, and as credit retail stations began to 55
`be manned by people who were more and more poorly
`trained in credit card security matters. the rate of increase of
`fraud losses skyrocketed. The staggering statistics on fraud
`and cost of preventive steps. has forced the credit card
`companies in particular. to look for other solutions to the
`problem.
`Fraud losses in the credit card industry stem from many
`difi’erent areas due to the highly vulnerable nature of the
`system, but they are mainly due to either lost. stolen, or
`counterfeit cards. Credit cards operate without the use of a 65
`personal identification code (PIC), dicrefore a lost credit
`card can be turned into cash if the card falls into the wrong
`
`50
`
`6!}
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:25)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`Page 16 of 67
`
`

`

`5.613.012
`
`3
`systems. as well as the customer’s name, vital statistics. and
`perhaps even medical records. Clearly. the financial industry
`trend is to further establish use of tokens.
`
`The side clfect of increasing the capabilities of the smart
`card is centralization of functions. The flip side of increased
`functionality is increased vulnerability. Given the number of
`Functions that the smart card will be performing. the loss or
`damage of this monster card will be excruciatingly incon-
`venient for the cardholder. Being without such a card will
`financially incapacitate the cardholder until it is replaced.
`Additionally. losing a card full of electronic cash will also
`result in a real financial loss as well. Furthermore. ability of
`eounterfeiters to one day copy a smartcard is not addressed.
`Unfortunately. because of the projected concentration of
`functions onto the smart cmd, the cardholder is left more
`vulnerable to the loss or destruction of the card itself. Thus,
`after spending vast sums of money, the resulting system will
`he more secure, but threatens to levy heavier and heavier
`penalties for destruction or loss of this card on the consumer.
`The financial industry recognizes the security issues asso
`ciatcd with smartcards, and efforts are currently underway to
`make each plastic card difficult to counterfeit. Billions of
`dollars will be spent in the next five years in attempts to
`make plastic ever more secure. To date.
`the consumer
`financial transaction industry has had a simple equation to
`balance: in order to reduce fraud. the cost of the card must
`increase.
`
`In addition to and associated with the pervasiveness of
`electronic financial transactions, there is now the widespread
`use of electronic facsimiles, electronic mail messages and
`similar electronic communications. Similar to the problem
`of lack of proper identification of individuals for financial
`transactions is the problem of lack ofproper identification of
`individuals for electronic transmissions. The case and speed
`of electronic communication. and its low cost compared to
`conventional mail, has made it a method of choice for
`communication between individuals and businesses alike.
`This type of communication has expanded greatly and is
`expected to condone to expand. However. millions of elec-
`tronic messages such as facsimiles and electronic mail (or
`“Ii-mail" or “cmail") messages are sent without knowing
`whether they arrive at their true destination or whether a
`certain individual actually sent or received that electronic
`message. Furthermore. there is no way to verify the identify
`the individual who sent or who received an electronic
`message.
`Recently, various attempts have been made to ovcrcornc
`problems inherent in the token and code security system.
`One major focus has been to encrypt. variablice or otherwise
`modify the PIC to make it more difficult for an unauthorized
`user to carry out more than one transaction.
`largely by
`focusing on manipulation of the PIC to make such code
`more fraud resistant. A variety of approaches have been
`suggested. such as introducing an algorithm that varies the
`PIC in a predictable way knovm only to the user, thereby
`requiring a dilferent PIC code for each subsequent accessing
`of an account. For example. the PIC code can be varied and
`made specific to the calendar day or date of the access
`attempt. In yet another approach, a time-variable element is
`introduced to generate a non—predictable personal identifi-
`cation codc that is revealed only to an authorized user at the
`time of access. Although more resistant to fraud that systems
`incorporating non-variable codes, such an approach is not
`virtually fraud-proof because it still relies on data that is not
`uniquely and irreproducibly personal to the authorized user.
`Furthermore. such systems further inconvenience consum—
`
`10
`
`15
`
`2O
`
`30
`
`35
`
`45
`
`5!}
`
`55
`
`till
`
`65
`
`4
`crs that already have trouble remembering constant codes,
`much less variable ones. Examples of these approaches are
`disclosed in US. Pat. No. 4,837,422 to Dethlofi‘ et. at; U.S.
`Pat. No. 4.993.279 to Weiss; U.S. Pat. No. 5.168.520 to
`Weiss; U.S. Pat. No. 5,251,259 to Mosley; U.S. Pat. No.
`5.239.538 to Parrillo; U.S. Pat. No. 5,276,314 to Martino el.
`al.; and U.S. Pat. No. 5.343.529 to Goldfine et 51. all of
`which are incorporated herein by reference.
`More recently. some have turned their attention from the
`use of personal
`identification codes to the use of unique
`biomeu-ics as the basis of identity verification, and ulti-
`matcly computer access. In this approach. authenticated
`biometrics are recorded from a user of known identity and
`stored for future reference on a token. In every subsequent
`access attempt, the user is required to enter physically the
`requested biometrics, which are then compared to the
`authenticated biometrics on the token to determine if the two
`match in order to verify user identity. Because the biometrics
`are uniquely personal to the user and because the act of
`physically entering the biometrics are virtually irreproduc-
`iblc. a match is putative of actual identity, thereby decreas-
`ing the risk of fraud. Various biometrics have been sug-
`gested. such as finger prints, hand prints. voice prints. retinal
`images. handuniting samples and the like. However. because
`the biometrics are generally stored in electronic (and thus
`reproducible) form on a token and because die comparison
`and verification process is not isolated from the hardware
`and software directly used by the individual attempting
`access. a significant risk of fraudulent access still exists.
`Examples of this approach to system security are described
`in U.S. Pat. No. 4.821.118 to Lafreniere; U.S. Pat. No.
`4,993,068 to Piosenka et al.; U.S. Pat. No. 4.995.086 to
`Lilley ct 31.; U.S. Pat. No. 5,054,089 to Uchida ct a].; U.S.
`Pat. No. 5,095,194 to Barbancll; U.S. Pat. No. 5,109,427 to
`Yang; U.S. Pat. No. 5,109,423 to Igaki et 3.1.; U.S. Pat. No.
`5.144.680 to Kobayashi et at; 11.8. Pat. No. 5,146,102 to
`Higuchi et 31.; U.S. Pat. No. 5.180.901 to Hiramatsu; U.S.
`Pat. No. 5,210,588 to Lee; U.S. Pat. No- 5,210,297 to Usui
`et al.; U.S. Pat. No. 5,222,152 to Fishbine et at; U.S. Pat.
`No. 5.230.025 to Fishbine et 31.; U.S. Pat. No. 5,241,606 to
`Horic; U.S. Pat. No. 5,265,162 to Bush at 31.: U.S. Pat. No.
`5.321.242 to Heath. Jr; U.S. Pat. No. 5.325.442 to Knapp;
`US. Pat. No. 5,351,303 to Willmore. all of which are
`incorporated herein by reference.
`As will be appreciated from the foregoing discussion. a
`dynamic but unavoidable tension arises in attempting to
`design a security system that is highly fraud resistant, but
`nevertheless easy and convenient for thc consumer to use.
`Unfortunately. none of
`the
`above-disclosed proposed
`improvements to the token and code system adequately
`address. much less attempt to balance. this tension. Such
`systems generally store the authenticated biometrics in elec-
`tronic form directly on the token that can presumably be
`copied. Further. such systems do not adequately isolate the
`identity verification process from tampering by someone
`attempting to gain unauthorized access.
`An example of token—based security system which relies
`on a biometrics of a user can be found in U.S. Pat. No.
`5.230.527 to Gullman et a]. In Gullman's system. the user
`must carry and present a credit card sized token [referred to
`as abiometrics security apparatus) containing amicrochip in
`which is recorded characteristics of the authorized user’s
`voice. In order to initiate the access procedure. the user must
`insert the token into a terminal such as an ATM. and then
`speak into the terminal to provide a biometrics input for
`comparison with an authenticated input stored in the micro-
`chip of the presented token. The process of identity verifi-
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:26)(cid:3)(cid:82)(cid:73)(cid:3)(cid:25)(cid:26)
`Page 17 of 67
`
`

`

`5
`
`6
`
`5.613.012
`
`cation is generally not isolated from potential tampering by
`one attempting unauthorized access. If a match is found. the
`remote terminal may then signal
`the host computer that
`access should be permitted, or may prompt the user for an
`additional code, such as a PIN (also stored on the token),
`before sending the necessary verification signal to the host
`computer.
`Although Gullman’s reliance of comparison of stored and
`input biometrics potentially reduces the risk of unauthorized
`access as compared to numeric codes. Gullman’s use of the
`token as the repository for the authenticating data combined
`with Gullmart’s failure to isolate the identity verification
`process from the possibility of tampering greatly diminishes
`any improvement
`to fraud resistance resulting from the
`replacement of a numeric code with a biometrics. Further.
`the system remains somewhat cumbersome and inconve-
`nient to use because it too requires the presentation of a
`token in order to initiate an access request.
`Almost uniformly, patents that disclose token—based sys-
`tems teach away From biometrics recognition without the
`use of tokens. Reasons cited for such teachings range from
`storage requirements for biometrics recognition systems to
`significant time lapses in identification of a large number of
`individuals, oven for the most powerful computers,
`In view of the foregoing. there has long been a need for
`a computer access system that is highly fraud—resistant,
`porches], and efficient for the user to operate and carry out
`electronic transactions and transmissions expeditiously.
`is
`There is also a need for a computer system that
`completely tokenless and that is capable of verifying a user‘s
`personal identity. based solely upon a personal identification
`code and biometrics that is unique and physically personal
`to an authorized user, as opposed to verifying an individual‘s
`possession of any physical objects that can be freely trans-
`ferred between different individuals. Such biometrics must
`be easily and non-intrusively obtained; must be easy and
`cost—cifcctive to store and to analyze: and must not unduly
`invade the user’s privacy rights.
`A further need in computer access system design is user
`convenience. It is highly desirable for a consumer to able to
`access the sySLem spontaneously. particularly when uncr-
`pected needs arise. with a minimum of effort. In particular.
`there is a need for a system that greatly reduces or eliminates
`the need to memorize numerous or cumbersome codes, and
`that eliminates the need to possess. carry, and present a
`proprietary object in order to initiate an access request.
`Such systems must be simple to operate, accurate and
`reliable. There is also a need for a computer access system
`that can allow a user to access multiple accounts and procure
`all services authorized to the user, and carry out transactions
`in and between all financial accounts, make point of pur-
`chase payments. receive various services. etc.
`There is further a great need for a computer access system
`that affords an authorized user the ability to alert authorities
`that a third party is coercing the user to request access
`without the third party being aware that an alert has been
`generated. There is also a need for a system that is never-
`theless able to effect. unknown to the coercing third party,
`temporary resu-ictions on the types and amounts of transac-
`tions that can be undertaken once access is granted.
`Furthermore, the computer system must be affordable and
`flexible enough to be operatively compatible with existing
`networks having a variety of electronic transaction and
`transmission devices and system configurations.
`Finally. there is a need for secured sending and receipt of
`electronic mail messages and electronic facsimiles. where
`
`Hi
`
`It}
`
`15
`
`25
`
`30
`
`40
`
`45
`
`is
`
`fill
`
`65
`
`content of the electronic message is protected from disclo-
`sure to unauthorized individuals. and the identity of the
`sender or recipient can be obtained with a high degree of
`certainty.
`
`SUMMARY OF THE INVENTION
`
`The present invention satisfies these needs by providing
`an improved identification system for determining an indi-
`vidual's identity from a comparison of an individual‘s
`biometrics sample and personal identification code gathered
`during a bid stop with biometrics sample and personal
`identification code for that
`individual gathered during a
`registration step and stored at a remote site wherein there is
`a data processing center. The invention comprises a com-
`puter network host system with means for comparing the
`entered biometrics sample and personal identification code,
`and is equipped with various data bases and memory mod—
`ules. Furthermore, the invention is provided with biometrics
`and personal identification code input apparatus and tenni—
`rrals for entering data to provide information for execution of
`the requested transactions and transmissions by the host
`system once the identity of the individual is determined. The
`invention is also provided with means [or connecting the
`host system with the terrains] and the biometrics input
`apparatus.
`The computer also has means for execution of various
`transactions and transmission in addition to traditional stor—
`ing of and modification of data. Additionally. the computer
`can output the evaluation of the biometrics-PIC (“personal
`identification code") comparison. and the determination of
`an identification evaluation. or status of any execution of
`transactions or transmissions. Furthermore, the computer
`system notifies and authenticates to the individual being
`identified that the computer system was accessed, by return—
`ing to the individual a private code which was previously
`selected by that individual during the registration step.
`Preferably, the computer system is protected from elec-
`tronic eavesdropping and electronic intrusion and viruses.
`Further, the devices used by the computer for gathering
`biometric samples and personal identification codes would
`comprise: a} at least one biometric input device for gathering
`biometric samples, which would have a hardware and a
`software component; b) at least one terminal device that is
`fiinctionally partially or fully integrated with the biometric
`input means for input of and appending ancillary informa-
`tion;