United States Patent [19]
`Drexler et al.
`
`lllllllllllllllllllllll||||l||||llllllllll||I||llllllllllllllllllllllllllll
`5,457,747
`Oct. 10, 1995
`
`US005457747A
`Patent Number:
`[11]
`[45] Date of Patent:
`
`[54] ANTI-FRAUD VERIFICATION SYSTEM
`USING A DATA CARD
`
`5,259,025 11/1993 Monroe et a1. ......................... .. 380/23
`OTHER PUBLICATIONS
`
`[75] Inventors: Jel'qme Drexler’ L05 Altos Hills;
`Chnswpher J - Dyball, Half Moon Bay,
`both of Calif.
`
`[73] Assignee: Drexler Technology Corporation,
`M t ' V' , C ‘i.
`on“ am ‘cw all
`
`“Smart Credit Cards-The Answer to Cashless Shopping”;
`Stephen B. Weinstein; IEEE Spectrum Feb. 1994 pp. 43-49.
`
`Primary Examiner—Tod R. Swann
`Attorney, Agent, or Firm—Schneck & McHugh
`[57]
`ABSTRACT
`
`[21] Appl. N0.: 181,697
`.
`_
`Jan‘ 14’ 1994
`[22] F?ed‘
`[51] Int. Cl.6 ..................................................... .. H04K 1/00
`[52] U_S_ CL __
`380/24; 380/23; 340/825‘33
`[58] Field of Search
`380/23 24 25,
`33 ’ 825 34’
`825 3’5. 235/38'0 582
`'
`’
`’
`’
`References Cited
`
`[56]
`
`’
`
`U.S. PATENT DOCUMENTS
`235,380 X
`3 761 683 9/1973 Rogers
`_ 235/487
`4’683’371
`7/1987 Drexler
`. . . I. 235/380 X
`4:745:268
`5/1988 Drexler . . . . . .
`340/32534 X
`4,811,408
`3/1989 Goldman __________ __
`........ .. 380/23
`4,879,747 11/1989 Leighton et a1. ..
`381/42
`4,961,229 10/1990 Takahashi -------- --
`330/23
`4,993,068
`2/ 1991 piQsenka et a1- --
`.... .. 380/23
`4,995,081
`2/1991 Lelghton et al_ ..
`235/380
`5,053,608 10/1991 Senanayake
`364/409 X
`5,070,452 12/1991 Doyle, Jr. et al
`5,241,165
`8/1993 Drexler ............................. .. 235/380 X
`
`A system for deterring fraudulent use of wallet-size cards in
`local bene?t dispensing terminals has a permanent data
`storage medium and a temporary data storage medium
`disposed on each card- A ?rst card Writing device has means
`for acquiring biometric information from a person and for
`writing a template of that information on the permanent
`storage medium. A veri?cation terminal has similar means
`for acquiring biometric information from a possessor of the
`card, and also has a means for reading the biometric infor
`mation from the permanent storage medium of the card.
`Upon inputting biometric information from both the card
`and the possessor of the card, the veri?cation terminal
`compares the information, and, if they match, writes data
`allowing limited bene?ts on the temporary data storage
`medium of the card- This data can be read by a plurality of
`existing bene?t dispensers at other locations, such as auto~
`mated teller machines, which can then dispense bene?ts
`authorized by the data. The limitation on bene?ts and the
`required repeated veri?cation enhances security of the cards
`and the bene?t dispensing System.
`
`27 Claims, 3 Drawing Sheets
`
`ACQUIRE BIOMETRIC
`INFORMATION
`FROM A PERSON
`
`D‘ 70
`
`COMPARE
`WITH
`LIBRARY
`
`(3)
`
`72
`
`RECORD BIOMETRIC
`lgfléglflhglég 181131 A CARD
`
`“r 75 M
`3
`
`P
`
`N L “7
`
`73
`8
`
`DENY
`AUTHORIZATION’
`INITIATE
`APPREHENSION
`
`K C»
`
`G _,~
`
`110
`f
`DISPENSE BENEFITS
`ACCORDING TO DATA
`ALLOWING LIMITED
`USE
`
`STORE IN
`/~ LIBRARY
`74
`90
`
`COMPARE
`
`95
`
`C‘Q??“
`LIBRARY
`
`ACQUIRE BIOMETRIC 78°
`INFORMATION FROM
`CARD POSSESSOR
`
`READ BIOMETRIC
`INFORMATION
`F ROM CARD
`85 J 100
`f
`RECORD DATA
`ALLOWING LIMITED
`USE ON CARD
`
`105 \
`READ DATA
`ALLOWING LIMITED
`USE FROM CARD
`
`1/10
`
`DOJ EX. 1013
`
`

`
`US. Patent
`
`Oct. 10, 1995
`
`Sheet 1 of 3
`
`5,457,747
`
`15
`
`6
`
`—-§-->
`Z
`
`20
`F
`WEIIRTSING
`DEVICE
`
`Y
`
`R
`
`37 \ ‘
`23
`18
`LPgIIE/IARTY IOF m
`B
`E RC E
`INFORMATION
`v m
`I
`I
`so
`
`26
`
`Q
`
`15
`
`\ ~
`VERIFICATION
`T TERMINAL
`
`I m
`
`T m
`{35
`LOCAL / 30
`BENEFIT
`DISPENSER
`
`FIG. 1
`
`2/10
`
`DOJ EX. 1013
`
`

`
`US. Patent
`
`Oct. 10, 1995
`
`Sheet 2 of 3
`
`FIG. 2
`
`3/10
`
`DOJ EX. 1013
`
`

`
`U.S. Patent
`
`Oct. 10, 1995
`
`Sheet 3 of 3
`
`5,457,747
`
`K
`
`.ZO:.<NHmOE.HD<
`
`zo8zmmmm.E<
`
`m.H<H.:ZH
`
`FZMD
`
`mmézou
`
`EHH?
`
`3:335
`
`E
`
`E
`
`
`
`uzfimzozmmSdu<
`zoE<2momz_
`
`zommma<205
`
`>m<mm:._
`
`
`
`7:mmohu,9:3<zoSmdmmvz
`
`
`
`zoE<2momzH2E025202amoumm
`
`<.H<.DOHUZHQ¢OUU<
`
`
`
`09:25UZER/0444
`
`
`
`mbmmzmmmmzmmflo
`
`mmb
`
`mmaazou
`
`EEK?
`
`.§<mm3
`
`
`
`93:25UZ§?OA.H<
`
`9:5293mm:
`
`
`
`<.H<Do<mm
`
`
`
`292zoE<2momzH3025203mm5du<
`
`mommmmmom3:6
`
`mQmH:>:.._UZ§POA..H<
`
`
`
`<.H<QOMOUMM
`
`9:5ZOmmb
`
`
`
`02,5208Q<mm
`
`ZO:.<2mOmZH
`
`
`
`Q,m<U30mm
`
`2:mm
`
`m.0:
`
`4/10
`
`DOJ EX. 1013
`
`4/10
`
`DOJ EX. 1013
`
`
`
`
`
`
`
`
`
`
`
`
`

`
`5,457,747
`
`1
`ANTI-FRAUD VERlFICATION SYSTEM
`USING A DATA CARD
`
`TECHNICAL FIELD
`
`The present invention relates to a system for deterring
`fraud in the use of personal identi?cation cards.
`
`BACKGROUND ART
`
`Plastic cards carrying magnetic stripes are widely used as
`credit cards, debit cards, automatic teller machine (ATM)
`cards, telephone payment cards, etc. It is believed that
`billions of these cards are used throughout the world.
`Typically, these cards hold approximately 200 alphanu
`meric characters, which is the same as 200 bytes of data in
`computer language. The magnetic stripe is erasable and is
`read and written by a wide variety of commercial devices.
`A variety of methods are used to enhance the security of
`such cards and to discourage fraudulent use. Holograms are
`a?ixed to the cards to make card counterfeiting more di?i
`cult. Color face photographs of the registered card owner are
`a?ixed to the card for con?rmation that the possessor of the
`card is the rightful owner. Personal identi?cation numbers
`(PIN) are memorized by the card owner and entered into
`terminals such as bank ATM terminals to prove card own
`ership prior to cash payments to the card possessor.
`In U.S. Pat. No. 4,683,371, Drexler teaches a dual strip
`card having both prerecorded data on a non-erasable strip
`and temporary data on a spaced apart, erasable strip.
`In U.S. Pat. Nos. 4,879,747 and 4,995,081, Leighton et a1.
`teach a method and system of encoding a password into a
`digital signature. The password may include a digitized
`photograph of the authorized cardholder which may be
`displayed at the transaction terminal.
`U.S. Pat. No. 4,961,229 to Takahashi teaches a speech
`recognition system utilizing an IC card, and IC card reader,
`a microphone, and analyzer and a collating circuit, which are
`used together for identi?cation of a person.
`U.S. Pat. No. 4,993,068 to Piosenka et al. discloses a
`system for identifying users at remote access sites that
`encrypts physical characteristics of a user and stores the
`encrypted information in a computer, and then compares
`information received from a person requesting access at a
`remote site with that of the user to determine whether to
`allow access.
`In U.S. Pat. No. 5,053,608, Senanayake discloses a per
`sonal identi?cation system in which a user’s ?ngerprint is
`recorded in encoded form permanently on an identi?cation
`card and also temporarily in one of the secretly designated
`areas known only to the card holder and reader. This
`permanently encoded ?ngerprint is then compared with that
`of a ?ngerprint temporarily recorded at the time of use in one
`of the designated areas.
`Finally, in U.S. Pat. No. 5,259,025, Monroe et al. teach a
`method of verifying the personal identity of an individual at
`a remote location by comparing video information received
`at the remote location with that previously recorded and
`stored at a central location.
`In spite of all the anti~fraud methods currently used for
`obtaining credit, receiving cash, receiving miscellaneous
`bene?ts, etc., fraudulent use of magnetic stripe cards results
`in losses estimated at from many hundreds of millions of
`dollars to billions of dollars annually. The fraudulent meth
`ods involve a variety of techniques. Magnetic stripe cards
`
`15
`
`25
`
`45
`
`55
`
`60
`
`65
`
`2
`are stolen. Lost cards are found and used. Cards are coun
`terfeited. A person may apply for and have cards issued in
`the names of unsuspecting credit-worthy individuals. PIN
`numbers may be obtained by observing an ATM user enter
`ing his number or ?nding a PIN number noted in a lost or
`stolen wallet.
`It is a current trend for welfare bene?ts to be paid out by
`electronic means. A number of states, including New Jersey
`and Maryland, have adopted Electronic Bene?t Transfer
`(EBT) programs and many other states are considering EBT
`systems. The Health Security Act being proposed by the
`President and by some in Congress advocates the use of a
`plastic identi?cation card which could evolve as a magnetic
`stripe card for health care providers to obtain payment from
`the health insurance alliances.
`A recent analysis of the British total welfare program
`indicates that of $120 billion dispensed annually, $7 billion
`is obtained fraudulently. In Australia, an extensive study of
`welfare fraud indicates at least 5% to 15% of the welfare
`bene?ts are obtained fraudulently.
`An objective of the present invention is to devise an
`anti~fraud veri?cation, reveri?cation, validation or authori
`zation terminal for magnetic stripe cards to deter fraudulent
`use of such cards in Electronic Bene?t Transfer systems for
`welfare programs, state entitlement programs, govemment
`mandated healthcare programs, and the like.
`
`SUMMARY OF THE INVENTION
`
`The above objective is met by a system which includes a
`card having two data storage areas. In the ?rst storage area,
`biometric identifying information of an individual is perma
`nently recorded. The second area is used to write data
`authorizing limited use of the card to obtain bene?ts. This
`authorization data is written in the second area after match
`ing the biometric information of the card holder with that
`stored on the ?rst area of the card at a veri?cation terminal.
`The ?rst area may be an optical medium stripe or a semi
`conductor memory chip, and the second area preferably may
`be a magnetic stripe but the same optical medium stripe
`could also be the second area. The biometric information,
`which is stored at a ?rst terminal, and later compared at the
`veri?cation terminal, may be a ?ngerprint template, a tem
`plate of a hand scan, signature data, a voice print, a retina
`scan, or a face photo. The use authorized by the data stored
`on the second area at widely available bene?t dispensing
`terminals such as (EBT) terminals may be limited in time to
`a period of days, weeks or months or may be limited in the
`amount of bene?t, form of bene?t, starting date of the
`bene?t, designation of family members who may use the
`card, or geography of the EBT terminals.
`When the second area, such as a magnetic stripe is to be
`re-veri?ed, the card is inserted into the veri?cation terminal
`which reads the appropriate biometric data stored in the
`optical stripe or semiconductor memory chip. The veri?ca
`tion terminal requires the possessor of the card to provide
`one or more of appropriate biometric types of information
`mentioned above. This newly acquired biometric data is
`compared to that previously stored on the card to determine
`if the card possessor is the same person as the registered
`owner. If this is con?rmed in the veri?cation terminal, the
`magnetic stripe is validated and authorized to provide ben
`e?ts at EBT terminals for a given period of time, amount of
`use or other limit.
`A veri?cation, validation, or authorization code number
`and/or alphabet sequence can be modi?ed based upon some
`
`5/10
`
`DOJ EX. 1013
`
`

`
`5,457,747
`
`10
`
`3
`information about the registered card owner. The modi?ca
`tion could be based upon the name, biometric information,
`or other personal information. Thus, that veri?cation code
`sequence could not be used by someone else. This type of
`individualized veri?cation code thus would contain what is
`similar to a digital signature. This described veri?cation
`procedure not only con?rms the rightful owner, but also
`prevents a lost or stolen card from being re-validated. This
`procedure is conducted off-line.
`The above procedure does not prevent someone from
`having a number of cards issued in different names so as to
`fraudulently obtain additional bene?ts. A second procedure
`can be followed by the veri?cation terminal to prevent
`claiming bene?ts under a variety of names. Under this
`procedure, the biometric information entered into the veri
`?cation terminal would also be sent by telecommunications
`to a central point where, for example, the electronic ?nger
`print would be compared with all ?ngerprints of all entitle
`ment recipients ‘to determine whether the same ?ngerprints
`have been used with other registered names. This procedure
`may be conducted on-line, or the biometric data may be
`periodically, electronically or physically collected from the
`veri?cation terminals.
`An advantage of the present invention is that it permits the
`installed base of magnetic stripe card equipment and sys
`tems to be used as is. Some or all of the magnetic stripe cards
`would be upgraded to a higher security level, where
`required, by replacing them with cards having a magnetic
`stripe and either an optical stripe or a semiconductor
`30
`memory chip, which would not interfere with normal mag
`netic stripe operation. Although more expensive than EBT
`terminals, the number of veri?cation terminals could repre
`sent only about 1 to 10 percent of the number of EBT
`terminals in use. They could be located in post o?ices,
`regional government buildings, shopping malls, selected
`supermarkets, and the like.
`
`20
`
`25
`
`35
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a diagram illustrating procedural steps in the
`system of the present invention.
`FIG. 2 is a plan view of devices used for acquiring,
`storing, reading and comparing biometric information of the
`invention of FIG. 1.
`FIG. 3 is a ?ow chart illustrating use of the system shown
`in FIG. 1.
`
`45
`
`BEST MODE FOR CARRYING OUT THE
`INVENTION
`
`50
`
`Referring now to FIG. 1, a person 15 for which a personal
`identi?cation card 18, preferably wallet size, is to be made,
`presents biometric information to a ?rst writing device 20.
`The biometric information of the person 15 may include
`individual characteristics such as a ?ngerprint or ?nger
`prints, a handprint, a voice~print, a facial picture, a retinal
`scan or a signature. The ?rst writing device 20 has means for
`acquiring this biometric information from the person, rep
`resented by arrow Z.
`The means for acquiring biometric information from a
`person used by ?rst writing device 20 are not shown in this
`?gure but may include commercially available electronic
`devices for receiving information relating to the person’s
`face, ?ngerprint, handprint, retinal scan or signature. A
`microphone may be used for acquiring voice print informa
`65
`tion. A video recording device may be used for recording
`information in a manner which allows viewing and listening
`
`55
`
`60
`
`4
`to such information over a period of time. With any of these
`acquisition means, the biometric information to be stored
`may be converted to a template or templates offering a
`compressed version of the data containing essential identi
`fying features. The biometric information, or a compressed
`version of that information, may also be stored in an
`encoded form for enhanced security. The information which
`is stored may be any of the above listed types of biometric
`information or may be a combination of the above listed
`types of information.
`The ?rst writing device 20, after acquiring biometric
`information from the person, writes that information indel
`ibly on a permanent data storage medium 23 of the card 18.
`This information is preferably written in a compressed or
`template form. The permanent data storage medium 23 may
`be an optically re?ective strip which can be written by a
`laser recording device, the written areas thereafter read by
`the same or another laser at reduced power or a light
`emitting diode in order to retrieve the stored information.
`Alternatively, the permanent storage medium 23 may be a
`non-erasable memory such as a semiconductor chip which is
`recorded in a programmable read only memory (PROM),
`adapted for permanent recording. Any other medium which
`can store moderate to large amounts of information in a thin
`area which can be indelibly written upon and later retrieved
`can instead be used as the permanent storage medium 23,
`although an optical data storage device as described above
`is preferred as it affords a high data storage density, e.g.
`more than 2 k bytes is low cost and commercially available.
`After writing a template of the biometric information indel‘
`ibly on pennanent storage medium 23, ?rst writing device
`20 dispenses card 18 as shown by arrow Y. First writing
`device 20 may be located in an o?ice that is responsible for
`dispensement of bene?ts, such as a welfare or social security
`of?ce, or a bank associated with a credit or debit card.
`In order to use the card 18 to obtain bene?ts, the person
`15 takes the card 18 to a veri?cation terminal 26. The
`veri?cation terminal 26 has means for acquiring biometric
`information from the person 15 indicated by arrow X which
`is similar to the biometric information acquisition means
`utilized by ?rst writing device 20. That is, any type of
`biometric information recorded by ?rst writing device 20
`can also be acquired from the person 15 by veri?cation
`terminal 26. In fact, the invention may be practiced without
`a ?rst writing device 20, by using the veri?cation terminal
`26 to perform the functions of the ?rst writing device 20 as
`well as the other described functions of the veri?cation
`terminal 26.
`Veri?cation terminal 26 receives the card 18 containing
`biometric information written indelibly on the permanent
`storage medium 23, as indicated by arrow V. Veri?cation
`terminal 26 has a means for reading the template of bio
`metric information stored on permanent storage medium 23.
`For example, if permanent storage medium 23 is an optical
`storage strip that has been recorded with a laser beam to
`store the template data, veri?cation terminal 26 has a less
`powerful laser or light emitting diode beam that is directed
`at the medium 23 and a detector of re?ected, transmitted or
`refracted light is used to read the data stored on the medium
`23.
`Veri?cation terminal 26 also has a means for comparing
`the biometric template read from permanent storage medium
`23 with the biometric information that the veri?cation
`terminal 26 has acquired from the person 15. This means for
`comparing biometric information will typically include a
`microprocessor, not shown in this ?gure. If the biometric
`information from the card 18 matches that from the person
`
`6/10
`
`DOJ EX. 1013
`
`

`
`5 ,45 7 ,747
`
`5
`15, the identity of the person 15 has been veri?ed, and the
`veri?cation terminal 26 writes authorization data on a tem
`porary storage medium 30 of the card 18, as indicated by
`arrow U. Typically the capacity of storage medium 30 is low,
`typically about 200 bytes. The data written on temporary
`storage medium 30 is authorization data which allows the
`card 18 to be used to obtain limited bene?ts. The bene?t
`which can be obtained by the card 18 is limited in order to
`maintain the integrity of the card 18 by frequent veri?cation
`of the identity of the possessor of the card 18. Should the
`person 15 have different biometric information than that
`indelibly recorded on the permanent storage medium 23, the
`comparison would not match and the card would not be
`imprinted with authorization data allowing limited use. The
`comparison would be made several times before a negative
`conclusion is reached. Alternately storage medium stripe 23
`and storage medium stripe 30 could be two parts of one
`optical medium stripe.
`In addition, other measures may be employed by the
`veri?cation terminal 26 in response to a con?rmed mis
`match, such as surreptitiously photographing the person 15
`or activating an alarm to enable apprehension of the person
`15. There is, however, a possibility of inaccuracy in match
`ing biometric information. The use of ?ngerprints for match
`ing of biometric information permits approximately one
`unauthorized person to be accepted out of 100,000 accep
`tances. Handprint matching is faster, but the chance of
`unauthorized acceptance may be one chance in one thou
`sand. To improve handprint accuracy, matching of hand
`prints may be combined with matching biometric informa
`tion of another individual feature. Further combination of
`matching would yield further reduction in this type of error.
`Temporary storage medium 30 is typically a magnetic
`storage stripe a?ixed to a plastic card, which can be read and
`rewritten, and for which a large base of terminals which can
`read data from the temporary storage medium are already in
`place. Such previously installed bene?t terminals include
`automatic teller machines (ATM), credit card type readers
`and the like.
`After temporary storage medium 30 of card 18 has been
`written with data allowing limited use, the card 18 can be
`brought to a local bene?t dispenser 35 as depicted by arrow
`T. Local bene?t dispenser 35 reads the card 18, and there
`upon dispenses bene?ts as shown by arrow S to the extent
`allowed by the data written on temporary storage medium
`30. Local bene?t dispenser 35 may be an existing ATM or
`credit card reader, as described above, or it may be a
`machine installed for the use of the present invention.
`One such local bene?t dispenser 35 may be located in the
`general vicinity of each veri?cation terminal 26 used as ?rst
`writing devices, but many other distal bene?t dispensers 35
`may exist for each veri?cation terminal 26. The veri?cation
`terminals 26 may be installed in secure, convenient loca
`tions, such as post of?ces, shopping centers or city, county,
`state or federal buildings. Local bene?t dispensers 35 may
`outnumber veri?cation terminals 26 by a factor of ten or
`more to one. For example, in the State of Ohio, there will be
`an estimated 25,000 EBT terminals. The veri?cation and
`reveri?cation terminals might total 250 to 2500.
`The form of bene?ts authorized by the data written on
`temporary medium 30 may include cash, payments for
`goods or services, vouchers, food stamps, Aid to Families
`with Dependent Children (AFDC) payments, Woman, Infant
`and Children (WIC) programs, General Assistance (GA)
`bene?ts, Child Immunization bene?ts, Medicaid, Medicare
`and Health Security Act program categories. The geography
`
`25
`
`35
`
`45
`
`55
`
`65
`
`6
`in which bene?ts are authorized may include speci?c cities,
`states, countries, or speci?c EBT terminals within those
`regions.
`The authorization data written on temporary storage
`medium 30 may allow use that is limited in amount, limited
`in time, limited in form, limited in geography, or have a
`combination of these limits. For example, that data may only
`allow bene?ts to be dispensed from a local bene?t dispenser
`for a day, a week or a month from a starting time. On the
`other hand, the data may allow only one hundred dollars
`worth of food stamps to be dispensed, or may allow up to
`that amount of food stamps to be dispensed for one month
`after the time of veri?cation. This limit on the bene?ts which
`can be obtained from the card 18 before re-veri?cation
`creates a ceiling on the bene?ts that can be fraudulently
`obtained.
`In order to circumvent fraudulent use of multiple cards 18
`by a person entitled to use only one card 18, a library of
`biometric information 37 can be maintained. The library 37
`can be in communication with both the ?rst writing devices
`20 and veri?cation terminals 26 used as ?rst writing devices,
`as shown by arrows R and Q, respectively. When biometric
`information is acquired from a person 15 at ?rst writing
`device 20, that information is checked against the other
`biometric information on ?le at the library 37. Should
`matching biometric information exist at the library 37 under
`another name, the issuance of a card 18 written indelibly
`with such information on permanent storage medium 23 is
`averted, and apprehension measures may additionally be
`actuated. Upon receiving biometric information which does
`not match that already on ?le at the library 37, that infor
`mation is added to the library 37 along with corresponding
`common identi?cation data such as the person’s name,
`social security number, bene?t program, etc. Since compar
`ing the biometric information with what is in the library
`takes considerable time it would preferably be done with the
`?rst writing device.
`Communication between the veri?cation terminals 26
`when used as a ?rst writing device and the library 37,
`illustrated by arrow Q, can also be used to circumvent fraud.
`Should biometric information contained on permanent stor
`age medium 23 match with such information on ?le at the
`library under another person’s name, data allowing limited
`bene?ts to be obtained would be denied, and apprehension
`measures may additionally be employed. In these examples,
`apprehension may be aided by the fact that a name and
`address used by the person is on ?le.
`Referring now to FIG. 2, ?ve types of biometric recording
`devices are illustrated, each connected to a computer 40
`including a monitor 43 and a keyboard 46. Only one type of
`biometric data is needed, but several possibilities are illus
`trated in FIG. 2. Also connected to the computer 40 is a card
`read/write device 50. The keyboard 46 and computer 40 are
`also used for acquiring common identi?cation from the
`person, such as the person’s name, social security number,
`date of birth, etc., to be recorded on the permanent storage
`medium 23.
`An electronic camera 53 for taking a picture of a person’s
`face or a retinal scan may be employed for acquiring
`biometric information. Such a camera may utilize a charge
`coupled device (CCD) capable of sending a digital repre
`sentation of the picture to the computer 40, which may in
`turn extract characteristic information from the picture to be
`recorded as a template on the permanent storage medium 23
`or compared with template information read from the per~
`manent storage medium 23. A ?ngerprint reader 56 can
`
`7/10
`
`DOJ EX. 1013
`
`

`
`5 ,45 7,747
`
`20
`
`30
`
`7
`similarly scan a person’s ?ngerprint, and may acquire a two
`or three dimensional picture of the ?ngerprint for transmis
`sion to the computer 40.
`An electronic signature reader 60 can electronically
`record and transmit to the computer 40 a digital represen
`tation of a person’s signature. That signature can be enlarged
`and displayed on the monitor 43 adjacent a previously
`recorded signature for visual comparison. Alternatively, the
`computer 40 can compare the signatures to determine
`whether they match, or both a human determined and
`computer 40 determined comparison can be made. A hand
`print reader 63 can also be connected to the computer 40 to
`capture and compare a three dimensional digital represen~
`tation of a person’s hand. A microphone 65 can capture a
`person’s voice, and a sound card within the computer 40 can
`store a digital voice print.
`The computer 40 is also able to communicate with a
`central library 37, which may be housed within a mainframe
`computer 67 having extensive memory capacity. Altema
`tively, the library 37 may be comprised of an interconnected
`network of veri?cation terminals 26 and ?rst writing devices
`20.
`All of the devices shown in FIG. 2 except for the
`mainframe computer 67 may together constitute a veri?ca
`tion terminal 26, including one or any combination of the ,
`?ve biometric recording devices shown. A ?rst writing
`device 20 may be comprised of one or any combination of
`the ?ve biometric information recording devices shown, in
`connection with a card read/write device 50.
`FIG. 3 shows an outline of the steps and system of the
`present invention. At either a ?rst writing device or veri?
`cation terminal used as a ?rst writing device, biometric
`information is acquired from a person, as illustrated by block
`70. A digital representation of this information, as provided
`by biometric recording device, is sent via telecommunica
`tions such as radio waves or phone lines to the library, as
`shown by arrow P, where it is compared, as shown by block
`72, with the biometric information at the library. If this
`comparison yields a match with biometric information under
`a different name, social security number or other common
`identi?cation, as shown by arrow 0, authorization for ben~
`e?ts is denied, and apprehension measures may be initiated,
`as shown in block 73. If the biometric information given by
`the person does not match any such information at the
`library 74, with input along line N, it is stored at the library,
`along with the name and any other commonly used identi
`?cation data. A signal is also sent from the library to the
`terminal where this information was acquired, as shown by
`arrow M, authorizing recording of this information on a
`card. According to block 75, this information is then
`recorded indelibly on a card. If the biometric information
`acquired from the person matches such information on ?le
`at the library, and the name and other common identi?cation
`is identical with that given, indicating a lost or stolen card,
`as indicated by arrow L, additional information is stored at
`the library 74 indicating that a replacement card has issued,
`and a signal is sent, shown by arrow M, to the terminal,
`where the biometric information was acquired authorizing
`recording, as illustrated in block 75, of the biometric infor
`mation indelibly on a card, along with the common identi
`?cation information and the information that the card is a
`replacement card.
`At a veri?cation terminal, biometric information is
`acquired from the possessor of the card, as shown in block
`80. Biometric information is also read from the card, accord
`ing to block 85. The order of performance of blocks 80 and
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`85 is immaterial. The biometric information of the card and
`of the possessor of the card is then compared 90. If the
`biometric information on the card and that of the possessor
`of the card do not match, steps 80, 85 and 90 are repeated
`to con?rm a mismatch. If a mismatch is con?rmed, as shown
`by arrow K, authorization is denied, as shown by block 73,
`and apprehension measures may be initiated. Most veri?
`cation terminals would not be connected through telecom
`munications to the library. In the event that there is such a
`connection then additional steps may be taken as follows. If
`the information of the card and the possessor of the card
`match, that information is then sent by telecommunications
`to the library, as shown by arrow H, where it is compared 95.
`If the information matches biometric information at the
`library corresponding to a different name or other common
`identi?cation, as indicated by arrow G, authorization is
`denied and apprehension may be initiated 73. Similarly, if
`the information matches that at the library but the library
`indicates that a replacement card has been issued and the
`information on the card lacks the additional information
`indicating that it is a replacement card, authorization is
`denied and apprehension may be initiated 73. If, on the other
`hand, the information sent to the library matches that at the
`library under the same name and other common identi?ca
`tion, as shown by arrow F, a signal is sent to the veri?cation
`terminal authorizing limited bene?ts, which are recorded
`100 on the'card on the temporary storage medium.
`At a local bene?t dispenser the data authorizing limited
`use that has been recorded on the temporary storage medium
`of the card is read 105. The local bene?t dispenser thereupon
`dispenses bene?ts according to that allowed by the data on
`the temporary storage medium 110.
`Once those bene?ts have been exhausted, a possessor of
`the card must revisit the veri?cation terminal in order to
`obtain further bene?ts. In this manner the security of the
`card and the bene?t dispensing system are enhanced.
`We claim:
`1. A personal bene?t card system comprising,
`a personal identi?cation card having a ?rst and a second
`data storage medium, said ?rst medium capable of
`being written with data indelibly, said second medium
`capable of being written repeatedly,
`a veri?cation terminal having means for acquiring bio
`metric identi?cation and common identi?cation infor
`mation from a person, for indelibly writing said ?rst
`medium with said biometric identi?cation information,
`for subsequently reading said biometric identi?cation
`information of said ?rst medium, for comparing said
`biometric identi?cation information read from said ?rst
`medium with that of a possessor of said card, and for
`writing data on said seco