O
`
`United States Patent (19)
`Pare, Jr. et al.
`
`USOO5870723A
`Patent Number:
`11
`(45) Date of Patent:
`
`5,870,723
`Feb. 9, 1999
`
`54) TOKENLESS BIOMETRIC TRANSACTION
`AUTHORIZATION METHOD AND SYSTEM
`
`St. Apt. R7, Berkeley, Calif. 94703;
`
`76 Inventors: David Ferrin Pare, Jr., 1430 Josephine
`Ned Hoffman, 1252A Pleasant Hill
`Ave., Sebastopol, Calif. 94721;
`Jonathan Alexander Lee, 1430
`Josephine St. Apt. R7, Berkeley, Calif.
`94.703
`
`21 Appl. No.: 705.399
`22 Filed:
`Aug. 29, 1996
`
`5,251,259 10/1993 Mosley - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 380/23
`
`5,229,764 7/1993 Matchett et al. ................... 340/825.34
`5,230,025 7/1993 Fisfbine et al.
`... 38.2/4
`5,239,583 8/1993 Parrillo .....
`... 380/23
`5,241,606 8/1993 Horie ...
`... 38.2/4
`E. A. Bush et al. ................................ 380/24
`24
`Y-2
`f1994 Martino et al. .
`... 235/380
`5,280,527
`1/1994 Gullman et al. .......................... 380/23
`5,321,242 6/1994 Heath, Jr. ................................ 235/382
`5,325,442 6/1994 Knapp ......
`... 38.2/4
`5,335,288 8/1994 Faulkner ......
`... 381/2
`5,343,529 8/1994 Goldfine et al.
`380/23
`5,351,303 9/1994 Willmore .................................... 382/4
`5,359,669 10/1994 Shanley et al.
`382/117
`5,745,555 4/1998 Mark ......................................... 379/95
`Primary Examiner Edward R. Cosimano
`Assistant Examiner Barton L. Bainbridge
`Attorney, Agent, or Firm Ali Kamarei
`57
`ABSTRACT
`A method and System for tokenleSS authorization of com
`mercial transactions between a buyer and a Seller using a
`computer System. A transaction is proposed by a Seller, and
`the buyer signals his acceptance by entering his personal
`authentication information comprising a PIN and at least one
`biometric Sample, forming a commercial transaction mes
`Sage. The commercial transaction message is forwarded to
`the computer System, where the computer System compares
`the personal authentication information in the commercial
`U.S. PATENT DOCUMENTS
`transaction message with previously registered buyer bio
`metric Samples. If the computer System Successfully iden
`4,821,118 4/1989 Lafreniere ............................... 358/108
`4,837,422 6/1989 Dethloff et al. ........................ 364/408
`tifies the buyer, a financial account of the buyer is debited
`4,961,142 10/1990 Elliott et al. ......
`. 364/408
`and a financial account of the Seller is credited, and the
`4,993,068 2/1991 Piosenka et al.
`... 380/23
`results of the transaction are presented to both buyer and
`4,995,086
`2/1991 Lilley et al. ................................ 382/4
`Seller. As a result of the invention, a buyer can conduct
`4,998.279 3/1991 Weiss .........
`340/825
`commercial transactions without having to use any tokens
`5,036,461
`7/1991 Elliot et al. .
`. 364/408
`Such as portable man-made memory devices Such as Smart
`5,054,089 10/1991 Uchida et al. .............................. 382/4
`cards or Swipe cards. The invention allows buyers to quickly
`5,095,194 3/1992 Barbanell ................................ 235/379
`Select one of a group of different financial accounts from
`5,109,427 4/1992 Yang ........................................ 382/4
`SE 3: SN et al.
`r 35 y
`to transfer funds. The invention further indicates to
`5,146,102 9/1992 Higuchi et al. ...
`250/556
`e user that the authentic computer system was accessed by
`5,168,520 12/1992 Weiss .........
`... 380/23
`the use of a private code that is returned to the buyer after
`5,180,901
`1/1993 Hiramatsu ............................... 235/380
`the identification is complete. The invention additionally
`5,191,611
`3/1993 Lang ......................................... 380/25
`permits an authorized buyer to alert authorities in the event
`5,210,588 5/1993 Lee ..........
`... 356/71
`of an emergency, Such as when a transaction is coerced.
`5,210,797 5/1993 Usui et al. .................................. 382/4
`5,222,152 6/1993 Fishbine et al. ............................ 382/2
`66 Claims, 16 Drawing Sheets
`
`Related U.S. Application Data
`63 Continuation-in-part of Ser. No. 442,895, May 17, 1995,
`Pat. No. 5,613,012, which is a continuation-in-part of Ser.
`No. 345,523, Nov. 28, 1994, Pat. No. 5,615,217.
`6
`51) Int. Cl. ...................................................... G06F 17/60
`52) U.S. Cl. ................................................................ 705/39
`58 Field of Search .................................. 705/26, 35,39;
`380/24, 25, 23, 49
`
`56)
`
`References Cited
`
`(derisy raved fron Boyer Account
`gig.: i:
`
`
`
`
`
`ap
`
`PRES&NA33, SSES
`
`
`
`IPR2018-00067
`Unified EX1004 Page 1
`
`
`
`United States Patent (19)
`Pare, Jr. et al.
`
`USOO5870723A
`Patent Number:
`11
`(45) Date of Patent:
`
`5,870,723
`Feb. 9, 1999
`
`54) TOKENLESS BIOMETRIC TRANSACTION
`AUTHORIZATION METHOD AND SYSTEM
`
`St. Apt. R7, Berkeley, Calif. 94703;
`
`76 Inventors: David Ferrin Pare, Jr., 1430 Josephine
`Ned Hoffman, 1252A Pleasant Hill
`Ave., Sebastopol, Calif. 94721;
`Jonathan Alexander Lee, 1430
`Josephine St. Apt. R7, Berkeley, Calif.
`94.703
`
`21 Appl. No.: 705.399
`22 Filed:
`Aug. 29, 1996
`
`5,251,259 10/1993 Mosley - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 380/23
`
`5,229,764 7/1993 Matchett et al. ................... 340/825.34
`5,230,025 7/1993 Fisfbine et al.
`... 38.2/4
`5,239,583 8/1993 Parrillo .....
`... 380/23
`5,241,606 8/1993 Horie ...
`... 38.2/4
`E. A. Bush et al. ................................ 380/24
`24
`Y-2
`f1994 Martino et al. .
`... 235/380
`5,280,527
`1/1994 Gullman et al. .......................... 380/23
`5,321,242 6/1994 Heath, Jr. ................................ 235/382
`5,325,442 6/1994 Knapp ......
`... 38.2/4
`5,335,288 8/1994 Faulkner ......
`... 381/2
`5,343,529 8/1994 Goldfine et al.
`380/23
`5,351,303 9/1994 Willmore .................................... 382/4
`5,359,669 10/1994 Shanley et al.
`382/117
`5,745,555 4/1998 Mark ......................................... 379/95
`Primary Examiner Edward R. Cosimano
`Assistant Examiner Barton L. Bainbridge
`Attorney, Agent, or Firm Ali Kamarei
`57
`ABSTRACT
`A method and System for tokenleSS authorization of com
`mercial transactions between a buyer and a Seller using a
`computer System. A transaction is proposed by a Seller, and
`the buyer signals his acceptance by entering his personal
`authentication information comprising a PIN and at least one
`biometric Sample, forming a commercial transaction mes
`Sage. The commercial transaction message is forwarded to
`the computer System, where the computer System compares
`the personal authentication information in the commercial
`U.S. PATENT DOCUMENTS
`transaction message with previously registered buyer bio
`metric Samples. If the computer System Successfully iden
`4,821,118 4/1989 Lafreniere ............................... 358/108
`4,837,422 6/1989 Dethloff et al. ........................ 364/408
`tifies the buyer, a financial account of the buyer is debited
`4,961,142 10/1990 Elliott et al. ......
`. 364/408
`and a financial account of the Seller is credited, and the
`4,993,068 2/1991 Piosenka et al.
`... 380/23
`results of the transaction are presented to both buyer and
`4,995,086
`2/1991 Lilley et al. ................................ 382/4
`Seller. As a result of the invention, a buyer can conduct
`4,998.279 3/1991 Weiss .........
`340/825
`commercial transactions without having to use any tokens
`5,036,461
`7/1991 Elliot et al. .
`. 364/408
`Such as portable man-made memory devices Such as Smart
`5,054,089 10/1991 Uchida et al. .............................. 382/4
`cards or Swipe cards. The invention allows buyers to quickly
`5,095,194 3/1992 Barbanell ................................ 235/379
`Select one of a group of different financial accounts from
`5,109,427 4/1992 Yang ........................................ 382/4
`SE 3: SN et al.
`r 35 y
`to transfer funds. The invention further indicates to
`5,146,102 9/1992 Higuchi et al. ...
`250/556
`e user that the authentic computer system was accessed by
`5,168,520 12/1992 Weiss .........
`... 380/23
`the use of a private code that is returned to the buyer after
`5,180,901
`1/1993 Hiramatsu ............................... 235/380
`the identification is complete. The invention additionally
`5,191,611
`3/1993 Lang ......................................... 380/25
`permits an authorized buyer to alert authorities in the event
`5,210,588 5/1993 Lee ..........
`... 356/71
`of an emergency, Such as when a transaction is coerced.
`5,210,797 5/1993 Usui et al. .................................. 382/4
`5,222,152 6/1993 Fishbine et al. ............................ 382/2
`66 Claims, 16 Drawing Sheets
`
`Related U.S. Application Data
`63 Continuation-in-part of Ser. No. 442,895, May 17, 1995,
`Pat. No. 5,613,012, which is a continuation-in-part of Ser.
`No. 345,523, Nov. 28, 1994, Pat. No. 5,615,217.
`6
`51) Int. Cl. ...................................................... G06F 17/60
`52) U.S. Cl. ................................................................ 705/39
`58 Field of Search .................................. 705/26, 35,39;
`380/24, 25, 23, 49
`
`56)
`
`References Cited
`
`(derisy raved fron Boyer Account
`gig.: i:
`
`
`
`
`
`ap
`
`PRES&NA33, SSES
`
`
`
`IPR2018-00067
`Unified EX1004 Page 1
`
`
`
`Internet
`
`Terrnindl
`
`2
`
`1.
`
`GE 3.
`
`C
`DP
`
`5
`
`Firewall
`Mochine
`
`Gateway
`Machine
`
`6
`
`C C
`Bornetric
`Database
`
`C C
`Bionnetric
`Database
`
`C D
`Bornetric
`Database
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 1 of 16
`
`5,870,723
`
`2
`
`Internet
`
`Coble TV
`Set-top box
`
`Cable TV
`Seller
`
`|C. /
`erriff G
`
`Phone
`Seller
`
`Retail POS
`Termind/
`
`Registration
`Termind/
`
`Support
`Terrnind/
`
`Cable TV
`Wet Wor
`
`
`
`3.
`2
`Telephone
`Network
`
`As
`2
`74cquirer
`Networks
`3.
`
`2
`
`2
`
`Moster
`
`4
`
`4
`
`MC issuer
`Network
`
`VISA issuer
`Network
`
`Credit/Debit
`Issuer
`
`Credit/Debit
`Issuer
`
`FIG f
`
`IPR2018-00067
`Unified EX1004 Page 2
`
`
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 2 of 16
`
`5,870,723
`
`DPC
`
`issuer
`Database
`
`Rernote
`Seller
`Database
`
`Authorized
`Individual
`Database
`
`
`
`
`
`
`
`
`
`
`
`
`
`7
`
`MAC
`Module
`
`Sequence
`Number
`Module
`
`Message
`Decrypt
`Module
`
`Cached Data
`fronn
`VAD + AOD
`
`DUKPT
`Key Table
`
`Firewol/
`Mochine
`
`Gateway
`Mochine
`
`
`
`Prior Froud
`Database
`
`PIN Group
`
`10
`
`
`
`
`
`Bornetric
`Database
`
`Bornetric
`Database
`
`Bornetric
`Database
`
`FIG 2
`
`IPR2018-00067
`Unified EX1004 Page 3
`
`
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 3 of 16
`
`5,870,723
`
`G l ~~
`
`
`
`
`
`
`
`
`
`
`
`
`
`301/100 ?ndu? ou?auuongOZ
`
`IPR2018-00067
`Unified EX1004 Page 4
`
`
`
`US. Patent
`
`Feb. 9, 1999
`
`Sheet 4 0f 16
`
`5,870,723
`
`
`
`EN20%kath
`
`£qu
`
`mummmm:
`
`:68ng
`
`«Smmuummm3“20.5%:
`
`
`
`
`
`mmommm:EEK
`
`25muommm:
`
`
`
`gmoEzz853mm.
`
`oEmEQm
`
`9x3
`
`memm
`
`IIIR
`kamacaw:
`Aukmmtonmkl
`«3E§S
`bfiqbutm
`
`muommm:
`
`
`
` cotoomtotBEmEEOQHSEQ
`
`
`
`9%:\5BS5-ta:83¢th
`
`kaEDCmot®3~®m
`
`38¢ch
`
`
`
`Amkmmconmm
`
`
`
`mmummmiEASE
`
`.33:3.6:
`
`wkKlkbq
`
`
`
`9“:963030
`
`
`
`mocmaumm30be
`
`53:32
`
`mmommmfimuommm:
`
`
`
`cotEmtmw
`
`mEEEou
`
`V.GE
`
`|PR2018-00067
`
`Unified EX1004 Page 5
`
`IPR2018-00067
`Unified EX1004 Page 5
`
`
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`5,870,723
`
`$252S338onamagmasI«mgqbgmV2E
`gEgtm
`
`mmmgbbv‘QmEoZ
`
`
`
`notowtofisv‘
`
`tam?
`
`UV:
`
`83mm
`
`
`
`20.6%“:\82El
`
`
`
`m..N$.0mmm:
`
`Q\@5330ka
`
`
`
`ngEzzmucusrum
`
`uEmEoE
`
`mmtonmm
`
`m33M383:
`
`PSQw.mmommmé%bGE
`55.96823\u.‘EmEEob
`
`
`.0onSEW”Ii9wk.19%il,Am9.when385
`
`«bmwkmwfimg2Ew:Smb83%FcpcuNtofiav‘9.x:
`x3muummmE«b03595.Vmmmwrnow:
`
`
`
`5.3%:ch\EEmEEob
`
`mmommmi
`
`BSEE
`
`BoQ
`
`m.GE
`
`|PR2018-00067
`
`Unified EX1004 Page 6
`
`IPR2018-00067
`Unified EX1004 Page 6
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 6 of 16
`
`5,870,723
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Begin Encryption
`Gt BIA
`
`Sequence
`Nurnber
`
`Retrieve
`Sequence Number
`
`Generate next
`LUKPT Key using
`Sequence Number
`
`Encrypt Message
`Data using
`DUKPT Key
`
`CO/Culote MAC
`using MAC Key
`
`Set MAC field
`in message
`
`
`
`Update
`Sequence Number
`
`Encryption at
`BIA Complete
`
`FIG. 7
`
`IPR2018-00067
`Unified EX1004 Page 7
`
`
`
`US. Patent
`
`Feb. 9, 1999
`
`Sheet 7 0f 16
`
`5,870,723
`
`SRagga:
`
`
`
`295$.383$
`
`.25gamma:
`
`QQQu@333
`
`.28ybquSmm
`
`Eat<5SSE
`
`3333
`
`Q99531
`
`963::
`
`kmnEazmoan:.mm
`
`
`gunsazmuzmgmm«Em:A2m2.86%?
`auxEsq:8:6SE
`53:5853%823qu
`
`
`
`km.E:8553
`
`SSuits:
`
`
`
`
`
`mmommmE~96qu«9%
`
`
`
`tozoumtut\EEmEEoQ
`
`
`
`mmommmx‘Nunavut
`
`kgmmEmEmt
`
`
`
`”2283‘36:25
`
`98mmQov‘Eat
`
`£3§§EB35qu
`
`393:89%.6
`
`2E
`
`\mkmwcoqmmk
`
`Aukmacaw»:
`
`whom63m.
`
`
`
`go».9‘:303039
`
`3Ԥ3.6:muwmmE
`
`Ex:EuEco
`
`muommmESPEPE9‘5.5
`
`am:9.:
`
`Qimm
`
`Pack9:
`
`0.35265ukaSQ.5ka
`
`
`
`58‘mBEAuk
`
`0.x:
`
`mémmmESwhen
`ismmH£§Baumm3
`
`
`vacuum:aQSim.Eucuctmmuqfloq
`Boa2383‘30$
`323%Stag9him323%
`
`Sm:SSSwhenmemfi$55
`
`m.GE
`
`|PR2018-00067
`
`Unified EX1004 Page 8
`
`IPR2018-00067
`Unified EX1004 Page 8
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Feb. 9, 1999
`
`Sheet 8 0f 16
`
`5,870,723
`
`
`
`«Aukumtoowum»
`
`
`
`.8qu85uwuk.E09
`
`uuuuuux.
`
`EuQ
`
`>5qucohuNtufiav‘
`
`Suuu:o:u~.to£:<
`
`
`ubob809:1
`
`muou2.3m
` tuzuuucutEEuEEuQ%Bum
`
`
`
`umuuuu:
`
`
`
`3.5m:k803i
`
`uqbuuuumu:
`
`
`
`uunEzzuutuzuumS29%qu
`
`uEqukm
`
`H
`
`Euum
`
`umuuuu:untoQuuk
`
`SumbaaEASE
`
`QQQMu
`
`
`uncookuukEASFQ
`Auwkuutoquuk
`Sm:Sub
`
`03“uwukzukuu
`
`uk93.Su:
`
`«ukukxutkAuk
`uuuuuu:Sm:
`
`£3EASE
`
`
`
`Rut9x:“um.
`
`Euukkuml3$3
`
`Begum9:
`
`ESQ
`
`wasA“:
`
`KunEuZuucuzuumS33.0qu
`
`336%?
`umunSuQ
`
`big
`
`«33
`
`umuuuukeBum.otuRAGE
`
`Una“uuntoQuum
`
`
`
`uuumuu:uncuqmuk
`
`
`
`:ocuuugtBkuquEou%
`
`«Aukumumuué
`b89905
`
`
`
`m..GE
`
`|PR2018-00067
`
`Unified EX1004 Page 9
`
`IPR2018-00067
`Unified EX1004 Page 9
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 9 of 16
`
`5,870,723
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Protocol Version
`Message Type
`Hardware ID
`Sequence Number
`Biometric Samples
`
`PIN
`Mandatory
`Dato
`Optional
`Data
`MAC
`Registration Message
`
`
`
`
`
`
`
`
`
`
`
`Primary
`Bionnetric
`sample
`Secondary
`Bonnetric
`sample
`
`Private Code
`Account
`Index
`Code List
`
`Account
`Nurnber
`List
`Emergency
`Index Code
`IBD Record
`
`FIG 10
`
`Individual
`Bionnetric
`Database
`(IBD)
`
`Begin
`Registration
`
`Encryption/Sealing
`Process of BA
`(Fig. 7)
`Decryption/Validation
`Process at DPC
`(Fig. 8)
`
`Store Bionnetric and
`P/W in IBD Record
`in proper PIN basket
`
`
`
`Store Private
`Code and Other
`Optional data
`
`Retrieve
`Private Code
`
`Encryption/Sealing
`Process at DPC
`(Fig. 9)
`
`Display
`Results
`
`Registration
`Complete
`
`IPR2018-00067
`Unified EX1004 Page 10
`
`
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 10 of 16
`
`5,870,723
`
`Begin Commercial
`Transaction
`
`Forrn Cornrnercial
`Transaction
`Message
`
`Encryption/Sealing
`Process of BIA
`(Fig. 7)
`Decryption/Walidation
`Process at DPC
`(Fig. 8)
`
`Bornetric ID
`Process
`(Fig. 12)
`
`Protocol Version
`Message lype
`Hardware ID
`Sequence Number
`
`Bionnetric
`
`PIN
`Account Index Code
`Response Key
`Message Key
`Seller Code
`Message
`Data
`
`Get Account Nurnber
`from IBD using
`Account Index Code
`
`MAC
`Cornrnercial Transaction
`Message
`
`Index Code the N YES
`Emergency Index
`
`
`
`
`
`Emergency
`Code Process
`(Fig. 13)
`
`DPC Transaction
`Execution
`(Figs. 14-15)
`
`Response Message
`Construction
`(Fig. 16)
`Encryption/Sealing
`Process at DPC
`(Fig. 9)
`
`Biometrics
`PIN
`
`4:2:
`Code List
`
`
`
`Account
`Nurnber
`List
`Emergency
`Index Code
`Private Code
`IBD Record
`IBD Record
`
`
`
`individual
`Bionnetric
`Database
`(IBD)
`
`FIG ff
`
`Connercial
`Transaction
`Complete
`
`IPR2018-00067
`Unified EX1004 Page 11
`
`
`
`US. Patent
`
`w
`
`5,870,723
`
`~56ngBugSQ
`
`
`
`«“55mmummmé
`
`983681
`
`
`
`ngEzz853mm
`
`880iQotEEoE£me
`
`92Eg8EVRDQM.3meonS8.35505h\\0ngmM
`
`umtoqakSEmeonEmotSt?amEQEo%3Q.g~.Q\\u
`Auk
`
`
`
`mubmmmESoEmEoB pmmwcmmméDmkawm@009gmhmm%Aukgamma:
`
`
`mESQ«5on
`
`SEEKQoEmEQmm3
`
`Be§ss
`
`MEEEQE
`
`mmoQBoQ
`
`nss
`
`m.
`
`MEmEoE
`
`Ev‘moc2E
`
`IIoEmEoE
`oEmEoE
`
`
`
`Si
`
`EOQBSEE
`
`
`
`20.3855EGSEES
`
`mmommm:
`
`
`
`3&QEQQ$8ch903,0255
`
`N5:32commie.
`
`£3me
`
`muMKK
`
`|PR2018—OOO67
`
`Unified EX1004 Page 12
`
`IPR2018-00067
`Unified EX1004 Page 12
`
`
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Feb. 9, 1999
`
`Sheet 12 0f 16
`
`5,870,723
`
`Aoq:8gmxzmh35‘5me38$
`
`
`
`mmmuozmmESm:av
`
`Snack,5
`
`33$
`
`«33m?
`
`
`
`\oEmwxmSmmm
`
`
`
`5&3me:ohuomtot
`
`889i
`
`333:8
`
`
`
`tonnage:\oEmwxm
`
`
`
`mmommmEEgo?
`
`“\Emzot
`
`
`
`Ego?teammate:
`
`muommmE
`
`
`
`bmt.\EmcE.~£3me
`
`9%e«8e
`
`gmamfl
`
`«6:32
`
`
`
`:oboomcut$.5qu
`
`
`
`whentam:
`
`
`
`5.5820:.05qu
`
`mmummmE8:0qu2when
`
`tam:
`
`BEflxm.
`
`
`
`cotaomxm:otoomcut
`
`
`
`EmEEobmmmooi
`
`3GE
`
`2.3mm.
`
`Ego?Ema
`
`mEmmmoEm
`
`Ema,
`
`
`
`EKD\V\wtmhlm.
`
`€02
`
`mmctofisv‘
`
`983$
`
`
`
`coauomtotEu$t<
`
`mtoxwotfis
`
`S02
`
`2:Bism
`
`ES?Ema,
`
`
`
`mick38¢ch
`
`
`
`whenfight
`
`ESEEma.
`
`uSmmmoEl
`
`9532.60
`
`mgGE
`
`|PR2018—OOO67
`
`Unified EX1004 Page 13
`
`IPR2018-00067
`Unified EX1004 Page 13
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 13 of 16
`
`5,870,723
`
`Reject
`transOction
`
`
`
`
`
`Begin Internal
`Transaction Execution
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Does
`armount
`exceed balance
`available to
`buyer?
`
`Transfer armount
`from buyer account
`to seller account
`
`Accept
`transaction
`
`Append transaction
`result code to
`response message
`
`
`
`
`
`
`
`Internal
`Transaction Execution
`Complete
`
`FIG 15
`
`IPR2018-00067
`Unified EX1004 Page 14
`
`
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 14 of 16
`
`5,870,723
`
`Response Message
`Construction
`
`
`
`
`
`
`
`
`
`
`
`
`
`Buyer
`Identified?
`
`
`
`Transaction
`succeeded?
`
`Set
`Status Code: OK
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Append authorization
`status and authorization
`detail to Response
`
`Set Norne de Address
`if Send-Address
`indicator present
`in Transaction
`
`Retrieve Private Code
`fronn IBD Record
`and set field in
`response message
`
`
`
`
`
`
`
`
`
`
`
`
`
`Response Message
`Construction Complete
`
`
`
`Error Message: 'buyer
`not identified"
`Status Code: foiled
`
`Set Error: "transaction
`failed"
`Status Code foiled
`
`Status Code
`Error Message
`Authorizotion
`status
`
`Authorization
`detail
`
`Norne & Address
`
`Private
`Code
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`MAC
`CornrnerCiol Transaction
`Response Message
`
`FIG. f6
`
`IPR2018-00067
`Unified EX1004 Page 15
`
`
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 15 of 16
`
`5,870,723
`
`
`
`PROPOSAL STEP
`Seller Proposes Transaction
`including Seller ID info, Transaction
`Amount and Transaction Data
`
`PRESENTATION STEP
`Indicate
`Transaction Cancelled
`to Buyer and Seller
`
`PRESENTATION STEP
`Indicate
`Transaction Failed
`to Buyer and Seller
`
`
`
`
`
`Buyer Accept2
`
`NO
`
`YES
`ACCEPTANCE STEP
`Buyer Enters
`Biometric, PIN
`
`TRANSMISSION STEP
`Transnission forwarded
`to computer system
`
`BUYER IDENTIFICATION STEP
`Biometric and PIN compared
`With other Borretric-PIN
`records on system
`
`
`
`
`
`ldentification NO
`Successful?
`
`YES
`PAYMENT STEP
`Money moved from
`Buyer Account to
`Seller Account
`
`PRESENTATION STEP
`Indicate
`Transaction Success
`to Buyer and Seller
`
`FIG. 17
`
`
`
`
`
`
`
`
`
`
`
`IPR2018-00067
`Unified EX1004 Page 16
`
`
`
`U.S. Patent
`
`Feb. 9, 1999
`
`Sheet 16 of 16
`
`5,870,723
`
`FIG. 18
`PROPOSAL STEP
`Seller Proposes
`Transaction Armount
`
`
`
`
`
`Does Buyer
`Approve?
`
`PRESENTATION STEP
`Indicate
`Transaction Cancelled
`to Buyer and Seller
`
`
`
`
`
`
`
`
`
`
`
`
`
`Yes
`ACCEPTANCE STEP
`Buyer Enters
`Biometric, PINAccount Index Code,
`transmits transaction to system
`
`BUYER DENTIFICATION STEP
`Biometric and PIN compared
`with other Borretric-PIN
`records on system
`
`ldentification
`Successful?
`
`No
`
`
`
`PRESENTATION STEP
`Indicate
`Transaction Failed
`to Buyer and Seller
`
`Yes
`ACCOUNT RETRIE VAL STEP
`Retrieve financial account
`using Account Index Code
`
`
`
`
`
`ls
`Account Index Code
`Emergency
`Code?
`
`Yes Notify Authorities;
`Trigger Silent Alarm
`
`RESOURCE DETERMINATION STEP
`Retrieve account balance,
`check resources against
`transaction amount
`
`
`
`
`
`
`
`
`
`account?
`
`PRESENTATION STEP
`Indicote
`Transaction Failure
`to Buyer and Seller,
`Present Private Code
`
`Yes
`PAYMENT STEP
`Money moved from Buyer Account
`to Seller Account
`
`
`
`
`
`PRESENTATION STEP
`Indicate
`Transaction Success
`to Buyer and Seller,
`Present Private Code
`
`Wo
`
`Silent
`Aldrrn?
`
`
`
`Yes
`
`PRESENTATION STEP
`Indicote
`Transaction Success
`to Buyer and Seller,
`Indicate DURESS to Seller
`
`IPR2018-00067
`Unified EX1004 Page 17
`
`
`
`1
`TOKENLESS BIOMETRIC TRANSACTION
`AUTHORIZATION METHOD AND SYSTEM
`
`The present application is a continuation-in-part of U.S.
`patent application Ser. No. 08/442,895, filed May 17, 1995,
`now U.S. Pat. No. 5,613,012, which is a continuation-in-part
`of U.S. patent application Ser. No. 08/345,523, filed Nov.
`28, 1994, now U.S. Pat. No. 5,615,217, which are incorpo
`rated herein by reference.
`BACKGROUND OF THE INVENTION
`The use of a token, an inanimate object which conferS a
`capability to the buyer presenting it, is pervasive in today's
`financial World. Whether a consumer is buying groceries
`with a debit card or Shopping in a department Store with a
`credit card, at the heart of that transaction is a money transfer
`enabled by a token, which acts to identify both the consumer
`as well as the financial account being accessed.
`From their inception in the late 1950s, token-based finan
`cial transactions have grown increasingly more prevalent at
`the point of Sale. However, as token-based transferS have
`become more popular with consumers, they have also
`become more popular with criminals intent on fraud.
`Currently, fraud losses in the industry Stem from many
`different areas, but they are mainly either lost, Stolen, or
`counterfeit cards.
`Credit cards operate without the use of a personal iden
`tification number (PIN). This means that a lost credit card
`can easily be turned into cash if the card falls into the wrong
`hands. While theft of a token constitutes the majority of
`fraud in the System, fraud from counterfeit credit cards is
`rising rapidly. Counterfeit credit cards are manufactured by
`a more technically Sophisticated criminal who acquires a
`cardholder's valid account number, produces a valid
`looking counterfeit card, encodes the magnetic Strip, and
`embosses the counterfeit plastic card with the account
`number. The card is then repeatedly presented to merchants
`until the account's credit limit is reached. Another form of
`loSS is caused by a criminal Seller or his employees who
`Surreptitiously obtains the cardholder's account number and
`enter fictitious transactions against the card and then take
`cash out of the till. It is estimated that losses due to all types
`of fraud exceeds one billion dollars annually.
`Generally, debit cards are used in conjunction with a
`personal identification number (PIN). Lost debit cards do
`not generally result in fraud, unless the owner of the card
`wrote his PIN on the card. Furthermore, successfully coun
`terfeiting a debit card is more difficult than with a credit
`card, Since the criminal must acquire not only the account
`number, but also the PIN, and then manufacture the card as
`in the credit card example. However, various Strategies have
`been used to obtain PINs from unwary cardholders; these
`range from Trojan horse automated teller machines (ATMs)
`in shopping malls that dispense cash but record the PIN, to
`fraudulent Seller point of Sale devices that also record the
`PIN, to criminals with binoculars that watch cardholders
`enter PINs at ATMs. The subsequently manufactured coun
`terfeit debit cards are then used in various ATM machines
`until the unlucky account is emptied.
`Customer fraud, for both credit and debit cards, is also on
`the rise. Customers intent on this sort of fraud will claim that
`they lost their card, say that their PIN was written on the
`card, and then withdraw money from their account using
`card, and then refuse to be responsible for the loss. The
`financial industry is well aware of the trends in fraud, and is
`constantly taking Steps to improve the Security of the card.
`
`5
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`5,870,723
`
`2
`However, the linkage between the buyer and his token is
`tenuous, and that is the fundamental reason behind card
`fraud today
`One possible Solution to Stolen-card fraud involves plac
`ing PIN protection for magnetic Stripe credit cards, much as
`debit cards have PINs today. This will raise the administra
`tive costs for each card, Since cardholders will undoubtedly
`wish to select their own PIN for each of their 3.4 cards. In
`addition, this solution still doesn't address the problem of
`counterfeit cards.
`Another Solution that solves both stolen-card fraud and
`greatly reduces counterfeit-card fraud involves using a
`Smartcard that includes either a biometric or a PIN. In this
`approach, authenticated biometricS are recorded from a user
`of known identity and Stored for future reference on a token.
`In every Subsequent acceSS attempt, the user is required to
`physically enter the requested biometric, which is then
`compared to the authenticated biometric on the token to
`determine if the two match in order to verify user identity.
`Various biometrics have been Suggested, Such as
`fingerprints, hand prints, Voice prints, retinal images, hand
`Writing Samples and the like. However, because the biomet
`rics are generally stored in electronic (and thus reproducible)
`form on a token and because the comparison and Verification
`process is not isolated from the hardware and Software
`directly used by the buyer attempting access, a significant
`risk of fraud Still exists. Examples of this approach to System
`security are described in U.S. Pat. Nos. 4,821,118 to Lafre
`niere; 4,993,068 to Piosenka et al.; 4.995,086 to Lilley et al.;
`5,054,089 to Uchida et al.; 5,095,194 to Barbanell; 5,109,
`427 to Yang; 5,109,428 to Igaki et al.; 5,144,680 to Koba
`yashi et al.; 5,146,102 to Higuchi et al.; 5,180,901 to
`Hiramatsu; 5,210,588 to Lee; 5,210,797 to Usui et al.;
`5,222,152 to Fishbine et al.; 5,230,025 to Fishbine et al.;
`5,241,606 to Horie; 5,265,162 to Bush et al.; 5,321,242 to
`Heath, Jr.; 5,325,442 to Knapp; 5,351,303 to Willmore, all
`of which are incorporated herein by reference.
`An example of another token-based biometric Smartcard
`system can be found in U.S. Pat. No. 5,280,527 to Gullman
`et al. In Gullman's System, the user must carry and present
`a credit card sized token (referred to as a biometric Security
`apparatus) containing a microchip in which is recorded
`characteristics of the authorized user's voice. In order to
`initiate the access procedure, the user must insert the token
`into a terminal Such as an ATM, and then Speak into the
`terminal to provide a biometric Sample for comparison with
`an authenticated Sample Stored in the microchip of the
`presented token. If a match is found, the remote terminal
`Signals the host computer that the transaction should be
`permitted, or may prompt the user for an additional code,
`Such as a PIN which is also stored on the token, before
`authorizing the transaction.
`Although Gullman's reliance of comparison biometrics
`reduces the risk of unauthorized acceSS as compared to PIN
`codes, Gullman's use of the token as the repository for the
`authenticating data combined with Gullman's failure to
`isolate the identity verification proceSS from the possibility
`of tampering greatly diminishes any improvement to fraud
`resistance resulting from the replacement of a numeric code
`with a biometric. Further, the System remains inconvenient
`to the consumer because it too requires the presentation of
`a token in order to authorize a transaction.
`Uniformly, the above patents that disclose commercial
`transaction Systems teach away from biometric recognition
`without the use of tokens. Reasons cited for Such teachings
`range from Storage requirements for biometric recognition
`
`IPR2018-00067
`Unified EX1004 Page 18
`
`
`
`3
`Systems to Significant time lapses in identification of a large
`number of individuals, even for the most powerful comput
`CS.
`Unfortunately, any Smartcard-based System will cost Sig
`nificantly more than the current magnetic Stripe card Systems
`currently in place. A PIN Smartcard costs perhaps S3, and a
`biometric Smartcard will cost S5. In addition, each point of
`Sale Station would need a Smartcard reader, and if biometrics
`are required, a biometric Scanner will also have to be
`attached to the reader as well. With 120 million cardholders
`and 5 million Stations, the initial conversion cost is from two
`to five times greater than the current annual fraud losses.
`This large price tag has forced the industry to look for new
`ways of using the power in the Smartcard in addition to
`Simple commercial transaction. It is envisioned that in
`addition to Storing credit and debit account numbers and
`biometric or PIN authentication information, Smart cards
`may also store phone numbers, frequent flyer miles, coupons
`obtained from Stores, a transaction history, electronic cash
`uSable at tollbooths and on public transit Systems, as well as
`the buyer's name, Vital Statistics, and perhaps even medical
`records.
`The net result of “smartening” the token is centralization
`of function. This looks good during design, but in actual use
`results in increased Vulnerability for the consumer. Given
`the number of functions that the Smartcard will be
`performing, the loSS or damage of this monster card will be
`excruciatingly inconvenient for the cardholder. Being with
`out Such a card will financially incapacitate the cardholder
`until it is replaced. Additionally, losing a card full of
`electronic cash will also result in a real financial loSS as well.
`Thus, after Spending vast Sums of money, the resulting
`system will definitely be more secure, but will result in
`heavier and heavier penalties on the consumer for destruc
`tion or loSS of the card.
`To date, the consumer financial transaction industry has
`had a simple equation to balance: in order to reduce fraud,
`the cost of the card must increase. As a result, there has long
`been a need for a commercial transaction System that is
`highly fraud-resistant, practical, convenient for the
`consumer, and yet cost-effective to deploy.
`There is also a need for a commercial transaction System
`that uses a strong link to the perSon being identified, as
`opposed to merely verifying a buyer's possession of any
`physical objects that can be freely transferred. This will
`result in a dramatic decrease in fraud, as only the buyer can
`authorize a transaction.
`A further need in a commercial transaction System is
`ensuring consumer convenience by providing authorization
`without forcing the consumer to possess, carry, and present
`one or more proprietary objects in order to authorize a
`transaction. All parties intent on fighting fraud recognize
`that any System that Solves the fraud problem must take the
`issue of convenience into account, however the fundamental
`yet unrecognized truth of the Situation is, the card itself can
`be very inconvenient for the consumer. This may not be
`initially obvious, but anyone who has lost, left at home, or
`had a card Stolen knows well the keenly and immediately
`felt inconvenience during the cards absence.
`Yet another need in the industry is for a transaction System
`that greatly reduces or eliminates the need to memorize
`multiple or cumberSome codes. Such a System must allow a
`user to acceSS all of his accounts, procure all Services to
`which he is entitled, and carry out transactions in and
`between all financial accounts, make point of purchase
`payments, etc.
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`5,870,723
`
`4
`There is further a need for a commercial transaction
`System that affords a consumer the ability to alert authorities
`that a third party is coercing the transaction without the third
`party being aware that an alert has been generated. There is
`also a need for a System that is nevertheless able to effect,
`unknown to the coercing third party, temporary restrictions
`on the types and amounts of transactions that can be under
`taken.
`Lastly, such a system must be affordable and flexible
`enough to be operatively compatible with existing networks
`having a variety of electronic transaction devices and System
`configurations.
`SUMMARY OF THE INVENTION
`The present invention Satisfies these needs by providing
`an improved commercial transaction method between a
`buyer and a Seller using a computer System that comprises
`the following StepS.
`First, there is a buyer registration Step where a buyer
`registers a PIN, at least one biometric Sample, and at least
`one buyer financial account. Each financial account has an
`asSociated account indeX code that is assigned by the buyer
`during registration. The biometric samples, the PIN, the
`financial accounts, and the indeX codes are Stored in the
`computer System
`Then, the Seller is registered in a Seller registration Step.
`The Seller registers at least one financial account with the
`computer System, and is given a Seller identification code.
`Once both buyer and Seller are registered, transactions can
`take place. A Seller offers a proposed commercial transaction
`to a buyer in a proposal Step, describing the product or
`Service being Sold, the price, and the Seller's identification
`code.
`The buyer can then accept the proposed transaction in an
`acceptance Step by adding his buyer's personal authentica
`tion information to the commercial transaction proposed by
`the seller. The authentication information includes the buy
`er's biometric sample and a PIN. In addition, the buyer must
`Submit his account indeX code, which specifies which of the
`buyer's financial accounts to debit. This accepted transac
`tion is called a commercial transaction, which is forwarded
`to the computer System in a transmission Step.
`After receiving the commercial transaction, the computer
`System attempts to identify the buyer. The computer System
`compares the biometric samples and the PIN added by the
`buyer to the commercial transaction with previously regis
`tered biometric samples and PINs in a buyer identification
`Step. If a match is found, the buyer is identified Successfully,
`otherwise the buyer is not identified and the transaction fails.
`Once the buyer is identified, the computer System in a
`payment Step determines the financial account of the buyer
`using the buyer's account indeX code as well as the financial
`account of the Seller using the Seller identification code, both
`of which are provided by the commercial transaction. Once
`both accounts are identified, the computer System debits the
`account of the buyer and credits the account of the seller. If
`there are insufficient resources in the buyer's financial
`account, the transaction fails.
`In an alternate embodiment, the computer System con
`Structs a transaction given the buyer and Seller financial
`accounts, the transaction amount, and the associated trans
`action information, and forwards the transaction to an exter
`nal computer System, Such as one operated by VISA
`International, where the money transfer occurs and any
`Status of Success or failure returned by the external computer
`System is forwarded by the computer System to the buyer
`and Seller.
`
`IPR2018-00067
`Unified EX1004 Page 19
`
`
`
`S
`When the computer System completes an operation, Such
`as a registration of a buyer or a Seller, or a particular
`transaction Succeeds or fails, a presentation Step provides the
`results of the operation to the buyer and/or the seller.
`In this manner, commercial transactions are conducted
`without the buyer having to use any portable man-made
`memory tokens Such as Smartcards or magnetic Stripe cards.
`In a preferred embodiment of the invention, the identifi
`cation Step occurs in less than two Seconds, which is a
`commercially acceptable timeframe.
`For situations where the buyer is coerced into making a
`transaction, an embodiment of the invention provides a
`mechanism for a buyer to Signal that the transaction is being
`performed under dureSS. Multiple emergency methods are
`provided. One method is an emergency account indeX code
`which, when employed by the buyer during the acceptance
`Step, allows the transaction to proceed, but in addition sends
`a Silent alarm to the authorities during the payment Step. The
`other method allows the buyer to select an emergency PIN
`which, when entered during the acceptance Step and detected
`by the computer System during the buyer identification Step,
`results in a Successful transaction while at the same time
`Sending a Silent alarm.
`In both emergency methods, the buyer can specify the
`Steps that the computer System will take or cause to be taken
`when a Silent alarm occurs, including placing artificial
`financial resource limits on the buyer's accounts, the pre
`Sentation of false information or financial data, the presen
`tation of a different private code at the end of the transaction,
`the rejection of the transaction, the notification of the alarm
`to the authorities, or the notification of the alarm to the seller.
`In Some situations, it may be possible for people intent on
`fraud to Substitute fake transaction Stations for actual trans
`action Stations in order to capture an unsuspecting buyer's
`biometric and PIN. To counter this, another embodiment of
`the invention provides a way for the buyer to authenticate
`the System. During registration, the buyer Selects a private
`code in addition to biometric, PIN, financial accounts
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
