'
`
`llllllllllllll|||lllll||||||||||l||||ll|l|lllll|||||lllllllllllllllllllllll
`USOOS615277A
`
`United States Patent
`
`[19]
`
`[11] Patent Number:
`
`5,615,277
`
`
`Hoffman
`[45] Date of Patent:
`Mar. 25, 1997
`
`[54] TOKENLESS SECURITY SYSTEM FOR
`AUTHORIZING ACCESS TO A SECURED
`COMPUTER SYSTEM
`
`[76]
`
`Inventor: Ned Hoffman, 2529A College Ave.,
`Berkeley, Calif. 94704
`
`[21]
`
`Appl. No.: 345,523
`
`[22]
`
`Filed:
`
`Nov. 28, 1994
`
`[51]
`[52]
`[58]
`
`[56]
`
`Int. Cl.6 ....................................................... G06K 9/00
`US. Cl.
`................................................. 382/115; 902/3
`Field of Search ......................... 340/825.34, 825.33,
`340/825.31; 382/115, 116, 117, 118, 119,
`124, 128; 902/1, 2, 3, 4, 5,6, 8, 9, 10,
`12, 13, 22, 23, 24, 25, 26, 27, 31, 32, 33,
`34, 35, 37; 235/375, 376, 379, 380, 381,
`382, 382.5, 383, 384, 385, 386
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`............................ 364/408
`4,961,142 10/1990 Elliott et a1.
`
`7/1991 Elliott et a1. .................... 364/408
`5,036,461
`7/1993 Matchett et a1. ................... 340/825.34
`5,229,764
`
`Prima'y Examiner—JOSE L- (301180
`Assistant Examiner—Bijan Tadayon
`Attorney, Agent, or Firm—Ali Kamarei
`[57]
`ABSTRACT
`
`A tokenless security system and method for preventing
`unauthorized access to one or more secured computer sys-
`tems is shown. The security system and method are princi-
`pally based on a correlative comparison of a unique bio-
`metric sample, such as a finger print or voice recording,
`gathered directly from the person of an unknown user with
`an authenticated unique biometric sample of the same type
`obtained from each authorized user. The security system and
`method may be integrated with and dedicated to a single
`computer system, or may be configured as a non—dedicated,
`stand-alone entity capable of and intended to perform secu-
`rity functions simultaneously for more than one computer
`system. Further, the stand alone configuration can be net-
`worked to act as a full or partial intermediary between a
`secured computer system and its authorized users, or may be
`interactive solely with and act as a consultant to the com-
`puter systems. The security system and method further
`contemplate the use of personal codes to confirm identifi—
`cations determined from biometric comparisons, and the use
`of one or more variants in the personal identification code
`for alerting authorities in the event of coerced access.
`
`113 Claims, 3 Drawing Sheets
`
`Secured Terminal
`
`Sensor Means
`
`
`P/C Input Means
`
`
`/n terconnecting Means
`
`
`
`
`
`
`
`
`
`
`Computer System
`
`
`
`Memory Means for '
`Strong Biometrics
`and PICS
`
`
`Comparison Means
`
`
`
`Evaluation Means
`
`
`
`Stored Biometrics
`
`
`
`
`Police or
`
`
`Designated
`Not/tying Means
`Authorities
`
`
`
`Stored P/Cs
`
`|PR2018-00067
`
`Unified EX1011 Page 1
`
`IPR2018-00067
`Unified EX1011 Page 1
`
`

`

`US. Patent
`
`Mar. 25, 1997
`
`Sheet 1 of 3
`
`5,615,277
`
`.68me
`
`b£ut®me
`
`mmfitofizi
`
`«GEbmgogwm
`
`atom:mE§BZ
`
`n.GE
`
`moEmEQm$6.6
`
`
`
`atom:cotoggm
`
`
`
`mpEmEoE39cm,
`
`
`
`moi.26
`
`8*menu:boEmS
`
`
`mace::omtoquo
`
`
`
`Eflmx‘msyquoo
`
`|PR2018—OOO67
`
`Unified EX1011 Page 2
`
`)
`
`
`
`mtg:mSEmEoEfiS
`
`
`
`$8:330%
`
`
`
`atom:.SQS91
`
`
`
`\DSEkabkaUQW
`
`IPR2018-00067
`Unified EX1011 Page 2
`
`
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Mar. 25, 1997
`
`Sheet 2 ofv3
`
`5,615,277
`
`Gather Biometric Sample
`
`Gather Personal Code
`
`Transmit
`
`to Computer
`
`Stored Ple
`
`Compare Gathered
`Biometric and PIC
`With the Previous/y Stored
`Biometrics and Ple
`
`Stored Biometrics
`
`Evaluate Comparisons
`'
`to Produce 0
`
`Correlation Factor
`
`Does
`
`
`
`
`
`
`
`Correlation
`
`Factor Indicate
`
`
`a Match
`
`
`N0
`
`Failed ID
`
`Yes Reduced Access
`to System
`
`Notify
`Authorities
`
`Successful ID
`To Coerced User
`
`Does
`
`
`
`PIC Variant
`
`
`
`
`
`
`Indicate Coerced
`
`
`
`Access
`?
`
`
`No
`
`Complete Access
`to System
`
`Successful ID
`
`FIG. 2
`
`|PR2018—00067
`
`Unified EX1011 Page 3
`
`IPR2018-00067
`Unified EX1011 Page 3
`
`

`

`US. Patent
`
`Mar. 25, 1997
`
`Sheet 3 of 3
`
`5,615,277
`
`
`
`meow:55.83583E
`
`
`
`Bxgum:Em3mt.Eoumt
`
`gt96€35on
`
`mbgoumm
`
`
`
`moEmEoEbEBm
`
`
`
`moibmgowm
`
`.6extol
`
`938$me
`
`mmttofiav‘
`
`:8:8582
`
`
`
`m..@E
`
`
`
`torSQEQv‘830mm,
`
`
`
`mmmou<80:me
`
`«28.6%«55¢
`:otoéqu‘
`
`
`
`589mm.3.53:8
`
`|PR2018—OOO67
`
`Unified EX1011 Page 4
`
`$0.6quQR.otu
`
`
`
`menu:tohcsgm
`
`
`gommmooimungKmtméobQ\<%935.89%\Equ
`
`
`
`
`358ng838%
`
`
`
`Emwmxmbtaumm.
`
`bum2E
`
`
`
`uEmEoE.Sx
`
`
`
`
`
`mtg:boEm:mtg::OMtDQEob
`
`IPR2018-00067
`Unified EX1011 Page 4
`
`
`
`
`
`
`
`
`

`

`1
`TOKENLESS SECURITY SYSTEM FOR
`AUTHORIZING ACCESS TO A SECURED
`COMPUTER SYSTEM
`
`FIELD OF THE INVENTION
`
`The invention relates generally to security systems
`designed to control access to restricted areas, and more
`specifically to security systems for controlling individual
`access to secured computer systems.
`
`BACKGROUND OF THE INVENTION
`
`The rapid, efiicient and secure transaction of financial and
`other services is becoming critical to the competitiveness of
`individual businesses and national economies. In the past,
`financial transactions were necessarily slow and cumber-
`some, generally requiring an individual to verify his identity
`by meeting with a representative of the financial institution
`responsible for executing the transaction. Although incon-
`venient and somewhat inflexible, such systems were useful
`in reducing transaction fraud because they predicated veri-
`fication of the individual’s identity based on certain unique
`biometric data, such as one’s signature, physical appearance,
`voice character, etc, in addition to the individual’s personal
`knowledge of his financial account numbers and secret
`codes.
`
`With the advent of computerized financial networks, the
`problem of transaction fraud has become keenly acute,
`facing not only private business, but local, state and federal
`governments as well. In order to cut costs and increase the
`flexibility of making financial transactions, many financial
`institutions have greatly reduced staff and oflice hours in
`favor of automated teller machines (“ATM”s), which pro-
`vide the consumer with round the clock access to his various
`accounts and allow the consumer to make financial trans-
`actions without visiting a bank. More recently, retail estab-
`lishments have taken advantage of the existence of such
`computerized banking services by installing apparatus
`capable of reading a consumer’s ATM card and making a
`direct debit from the consumer’s account at the point of
`purchase. Unfortunately,
`the use of ATMs and similar
`devices has greatly increased transaction fraud because in
`such systems verification of a user’s identity is not predic—
`tated on unique biometric data. Rather, all that is required for
`verification is the presentation of a token, such as a credit
`card or ATM, and the entry of the personal identification
`number (“PIN”) encoded in a magnetic strip on the token. It
`is estimated that billions of dollars are lost annually through
`transaction fraud. Ultimately, these costs are passed back to
`the consumer in the form of higher prices for goods and
`services, and in the form of higher taxes.
`Today, a considerable proportion of financial transactions,
`stock trading, commodity trading, business purchases and
`billings are transacted electronically. In these systems, the
`necessary data for identifying and locating the user’s
`accounts are magnetically recorded on a token that user must
`insert into the ATM or similar device to initiate access to his
`accounts. The token is further provided with a personal
`identification number (“PIN”), which ideally is known only
`to the user and the financial
`institution controlling the
`account. Although the combination of an account number
`and PIN will be unique to the user, the ability to possess and
`communicate such data will not be unique to the user.
`Rather, existing security systems of computer networks will
`recognize anyone capable of entering the appropriate
`account and PIN as the authorized user of those accounts.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`5,615,277
`
`2
`
`Further, in most instances, access will be dependant upon the
`physical presentation of the appropriate token. Known secu-
`rity systems for limiting access to secured computer systems
`require that authorized user to possess and present a unique
`(but reproducible) token, such as a credit card or ATM card,
`and require the user to know and present a personal identi-
`fication code, which is generally numeric in character.
`Unfortunately, this almost universal system of access to
`secured systems has very serious flaws. First, access can be
`gained by anyone possessing the appropriate token and
`knowledge of the PIN linked to the token and ultimately to
`the user’s account. The rapid increases in ATM crime and
`counterfeit credit card scares are testament to this point.
`Although token and code security systems do reduce the risk
`of unauthorized access, such security systems are neverthe-
`less significantly susceptible to fraud. Because verification
`of user identity is based solely on data that can be easily
`reproduced and transferred between individuals, as opposed
`to data that is unique to and irreproducible from the user,
`such security systems must rely on both the diligence and the
`luck of the authorized user in maintaining this information
`as proprietary. The significant increase in ATM crime and
`counterfeit credit card seams are testament to the weak-
`nesses of these systems, as are the plaintiff cries of the head
`of household who unwisely tendered both token and code to
`a less than thrifty friend or family member.
`In addition to the significant ongoing risk of fraud, token
`and code security systems are frequently cumbersome for
`consumers to use. First,
`the consumer must physically
`possess the token in order to initiate access to the desired
`account. This inconvenience is greatly compounded by the
`fact
`that consumer often maintains a variety of active
`financial accounts, each issuing its own unique token and
`code. This requires the consumer not only to carry numerous
`tokens, but to remember each specific code for each specific
`token. Of course, a proliferation of tokens decreases the
`ability of the consumer to maintain the high degree of
`proprietary control upon which the token and code system
`relies.
`
`Recently, various workers have attempted to overcome
`problems inherent in the token and code security system.
`One major focus has been to encrypt, variabilize or other-
`wise modify the PIN code to make it more difiicult for an
`unauthorized user to carry out more than one transaction,
`largely by focusing on manipulation of the PIN access code
`to make such code more fraud resistant. A variety of
`approaches have been suggested, such introducing an algo-
`rithm that varies the PIN in a predictable way known only
`to the user, thereby requiring a different PIN code for each
`subsequent accessing of an account. For example, the PIN
`code can be varied and made specific to the calendar day or
`date of the access attempt.
`In yet another approach, a
`time-variable element
`is introduced to generate a non-
`predictable PIN code that is revealed only to an authorized
`user at the time of access. Although more resistant to fraud
`that systems incorporating non-variable codes, such an
`approach is not virtually fraud-proof because it still relies on
`data that is not uniquely and irreproducibly personal to the
`authorized user. Further, such systems further inconvenience
`consumers that already have trouble remembering constant
`codes, much less variable ones. Examples of
`these
`approaches are disclosed in U.S. Pat. Nos. 4,837,422 to
`Dethloff et al.; U.S. Pat. No. 4,998,279 to Weiss; U.S. Pat.
`No. 5,168,520 to Weiss; U.S. Pat. No. 5,251,259 to Mosley;
`U.S. Pat. No. 5,239,538 to Parrillo; U.S. Pat. No. 5,276,314
`to Martino et al.; and U.S. Pat. No. 5,343,529 to Goldfine et
`31. all of which are incorporated herein by reference.
`
`|PR2018-00067
`
`Unified EX1011 Page 5
`
`IPR2018-00067
`Unified EX1011 Page 5
`
`

`

`5,615,277
`
`3
`More recently, some workers turned their attention from
`the use PIN codes to the use of unique biometric data as the
`basis of identity verification, and ultimately computer
`access. In this approach, an authenticated biocharacteristic is
`voluntarily recorded from a user of known identity and
`stored for future reference.
`In every subsequent access
`attempt, the user is required to enter physically the requested
`biocharacteristic, which is then compared to the authenti—
`cated biocharacteristic to determine if the two match in order
`to verify user identity. Because the biocharacteristic is
`uniquely personal to the user and because the act of physi—
`cally entering the biocharacteristic is virtually irreproduc-
`ible, a match is putative of actual identity, thereby decreas—
`ing the risk of fraud. Various biocharacteristics have been
`suggested, such as finger prints, hand prints, voice prints,
`retinal images, handwriting samples and the like. However,
`because the biocharacteristic is generally stored in electronic
`(and thus reproducible) form on a token and because the
`comparison and verification process is not isolated from the
`hardware and software directly used by the individual
`attempting access, a significant risk of fraudulent access still
`exists. Examples of this approach to system security are
`described in U.S. Pat. Nos. 4,821,118 to Lafreniere; U.S.
`Pat. No. 4,993,068 to Piosenka et al.; U.S. Pat. No. 4,995,
`086 to Lilley et al.; U.S. Pat. No. 5,054,089 to Uchida et al.;
`U.S. Pat. No. 5,095,194 to Barbanell; U.S. Pat. No. 5,109,
`427 to Yang; U.S. Pat. No. 5,109,428 to Igaki eta1.; U.S. Pat.
`No. 5,144,680 to Kobayashi et al.; U.S. Pat. No. 5,146,102
`to Higuchi eta1.; U.S. Pat. No. 5,180,901 to Hiramatsu; U.S.
`Pat. No. 5,210,588 to Lee; U.S. Pat. No. 5,210,797 to Usui
`et al.; U.S. Pat. No. 5,222,152 to Fishbine et al.; U.S. Pat.
`No. 5,230,025 to Fishbine et al.; U.S. Pat. No. 5,241,606 to
`Horie; U.S. Pat. No. 5,265,162 to Bush et al.; U.S. Pat. No.
`5,321,242 to Heath, Jr; U.S. Pat. No. 5,325,442 to Knapp;
`U.S. Pat. No. 5,351,303 to Willmore, all of which are
`incorporated herein by reference.
`As will be appreciated from the foregoing discussion, a
`dynamic but unavoidable tension arising in attempting to
`design a security system that is highly fraud resistant, but
`nevertheless easy and convenient for the consumer to use.
`Unfortunately, none of
`the above-disclosed proposed
`improvements to the token and code system adequately
`address, much less attempt to balance, this tension. Such
`systems generally store the authenticated biocharacteristic in
`electronic form directly on the token that can easily be
`copied. Further, such systems do not adequately isolate the
`identity verification process from tampering by someone
`attempting to gain unauthorized access.
`An example of token-based security system which relies
`on a biocharacteristic of a user can be found in U.S. Pat. No.
`5,280,527 to Gullman et al. In Gullman’s system, the user
`must carry and present a credit card sized token (referred to
`as a biometric security apparatus) containing a microchip in
`which is recorded characteristics of the authorized user’s
`voice. In order to initiate the access procedure, the user must
`insert the token into a terminal such as an ATM, and then
`speak into the terminal to provide a biocharacteristic input
`for comparison with an authenticated input stored in the
`microchip of the presented token. The process of identity
`verification is generally not isolated from potential tamper—
`ing by one attempting unauthorized access. If a match is
`found, the remote terminal may then signal the host com-
`puter that access should be permitted, or may prompt the
`user for an additional code, such as a PIN (also stored on the
`token), before sending the necessary verification signal to
`the host computer.
`-
`Although Gullman’s reliance of comparison of stored and
`input biocharacteristics potentially reduces the risk of unau-
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`4O
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`
`thorized access as compared to numeric codes, Gullman’s
`use of the token as the repository for the authenticating data
`combined with Gullman’s failure to isolate the identity
`verification process from the possibility of tampering greatly
`diminishes any improvement to fraud resistance resulting
`from the replacement of a numeric code with a biocharac-
`teristic. Further, the system remains somewhat cumbersome
`and inconvenient to use because it too requires the presen—
`tation of a token in order to initiate an access request.
`Thus, it will be appreciated that there has long been a need
`for a computer access security system that is both highly
`fraud-resistant and that is convenient and eflicient for the
`user to operate.
`There is also a need for a security system that is capable
`of verifying a user’s personal identity, based upon an irre—
`producible biocharacteristic that is unique and physically
`personal to an authorized user, as opposed to verifying an
`individual’s possession of physical objects and information
`that can be transferred freely between different individuals.
`Such a biocharacteristic must be easily and non-intrusively
`obtained; must be easy and cost—effective to store and
`analyze; and must not unduly invade the user’s privacy
`rights.
`A further need in computer access security system design
`is user convenience. It is highly desirable for a consumer to
`able to access the system spontaneously, particularly when
`unexpected needs arise, with a minimum of eifort. In par-
`ticular, there is a need for a security system greatly reduces
`or eliminates the need to memorize numerous or cumber—
`
`some codes, and that eliminates the need the need to possess,
`carry, present a proprietary object in order to initiate an
`access request.
`Such systems must be simple to operate, accurate and
`reliable. There is also a need for a computer security access
`system that can allow a user to access all accounts and
`procure all services authorized to the user, such as access
`and carry out
`transactions in and between all financial
`accounts, make point of purchase payments, receive various
`services, etc.
`
`There is further a great need for a computer security
`access system that affords an authorized user the ability to
`alert authorities that a third party is coercing the user to
`request access without the third party being aware that an
`alert has been undertaken. There is also a need for such a
`system that is nevertheless able to effect, unknown to the
`coercing third party, temporary restrictions on the types and
`amounts of transactions that can be undertaken once access
`is granted.
`Finally, the security system must be affordable and flex—
`ible enough to be operatively compatible with existing
`networks having a variety of transaction devices and system
`configurations.
`
`SUMMARY OF THE INVENTION
`
`It is an object of the invention therefore to provide a
`computer access security system that eliminates the need for
`a user to possess and present a physical object, such as a
`token, in order to initiate a system access request.
`It is another object of the invention to provide a computer
`access security system that is capable of verifying a user’s
`identity, as opposed to verifying possession of proprietary
`objects and information.
`It is yet another object of the invention to verify user
`identity based upon one or more unique and irreproducible
`characteristics physically personal to the user.
`
`|PR2018-00067
`
`Unified EX1011 Page 6
`
`IPR2018-00067
`Unified EX1011 Page 6
`
`

`

`5
`
`6
`
`5,615,277
`
`Yet another object of the invention is to provide a system
`of secured access that is convenient and easy use.
`Still another object of the invention is to provide a system
`of secured access to a computer system that
`is highly
`resistant to fraudulent access attempts by non-authorized
`users.
`
`Yet another object of the invention is to provide a com-
`puter access security system that enables a user to notify
`authorities that a particular access request is being coerced
`by a third party without giving notice to the third party of the
`notification.
`
`There is also a need for a computer access security system
`that automatically restricts a user’s transactional capabilities
`on the computer system according a desired configuration
`provided by the user indicates that a particular access
`request has been coerced or is otherwise involuntary.
`The invention meets these and other objects by providing
`tokenless system and method for verifying the identity of
`user requesting access to a secured computer network,
`eliminating the need to present an object in order to initiate
`and carry out an access request.
`The invention also meets these objects by providing a
`significantly improved system and method for determination
`of the identity of a user based on the user’s direct input of
`unique, irreproducible biometric data, as opposed to less
`reliable existing systems that determine the identity of a user
`based upon the presentation of a correct combination of
`token and one or more codes and the assumption that the
`individual presenting the token and codes is the individual
`authorized to possess them.
`Further, these objects are met by providing a security
`system and method in which certain programs and data
`within the computer access verification system are isolated
`from and inaccessable to the user, at least until the access
`requested has been granted. According to the invention,
`actual verification of user identity is isolated from possible
`tampering by the user requesting access. More importantly,
`all stored authenticated biometric data used in the verifica-
`
`tion process is also isolated from access by the user until the
`user’s identity has been verified,
`thereby preventing the
`counterfeiting and reuse of the authenticated data to gain
`fraudulent access.
`
`According to one embodiment of the invention, the secu—
`rity system is incorporated as a subroutine or program within
`the host computer system that the user desires to access. In
`this embodiment, the system comprises a means for gath-
`ering and recording one or more desired types of biometric
`data directly from the person of the individual requesting
`computer access; a memory means for recording, storing and
`retrieving authenticated biometric data of users authorized
`for access to the secured computer system; comparison
`means for comparing the input biometric data with authen-
`ticated biometric data of authorized users and verifying user
`identity based upon the comparison; and transmission means
`for transmitting the input biometric data to the comparison
`means.
`
`In operation, the user enters biometric data directly from
`his person, such as by pressing a finger or thumb print onto
`a sensor pad. This input data is then transmitted to another
`part of the system that is operatively isolated from the user.
`Here the input biometric data collected from the user is
`compared to authenticated biometric data collected from
`each individual authorized to obtain access to the secured
`computer system. If the input biometric data matches the
`authenticated biometric data, the identity of the user request-
`ing access will be verified and the host system directed to
`provide access.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`According to another embodiment of the invention, the
`security system operates as a stand alone entity. The system
`may be positioned in series between the user and secured
`computer network, thereby acting as an interface, or it may
`be positioned in parallel with the user relative to the secured
`computer system.
`It will be appreciated that in the former system, the user
`tenders an access request directly to the security system of
`the invention, which ideally is operationally interactive with
`numerous independent secured computer systems. The secu-
`rity system would therefore maintain authenticated biomet-
`ric data samples for all authorized users of each secured
`computer system that
`it serviced. These data would be
`cross-referenced by each authorized user. Thus, after iden-
`tity verification was completed, the security system would
`provide to the user a listing of systems that he is authorized
`to access, and prompt the user to select the desired network.
`The security system would then forward the access request
`along with its identity verification to the selected secured
`computer system, ultimately connecting the user to the
`requested secure computer system.
`In the later system, a user tenders an access request
`directly to the secured computer system that he wishes to
`use. Generally, it is contemplated that the request would be
`made at a terminal specifically dedicated to the desired
`computer system. Upon receipt of the input biometric data
`from the user, the secured computer network would forward
`said data to the security system of the invention, where a
`verification of the user’s identity would be determined from
`comparison with authenticated biometric data from autho-
`rized users of the secured computer system. The result of the
`comparison would then be returned to the secured computer
`network and access granted if the identity of the user
`requesting access was determined to be the same as one of
`the authorized users of the secured computer system.
`In addition to the comparison of input and pre-recorded
`biocharacteristics, the invention further contemplates the use
`of one or more confirmation codes to be known to and
`entered by the user requesting access after entry of the
`biometric data discussed above. A determination of identity
`could then proceed in a single or multi-step fashion. The
`software of the system may be configured to combine the
`input biometric data with the one or more codes requested,
`and thereby generate a single profile for comparison against
`pre-recorded profiles of authorized users. Alternatively, the
`system may verify identity in a linear, stepawise fashion,
`making a first determination of identity based upon similar—
`lity of biometric data, thereafter confirming this deterrnina—
`tion by prompting the user to enter a code, which the security
`system would then compare to the code assigned to identity
`determined in the first step.
`According to a further embodiment of the invention, a
`means is provided for alerting predesignated authorities
`during an access attempt that the user has been coerced to
`request access by a third party. In such an embodiment, an
`authorized user would have a number of codes, one of which
`would be recognized by the security system as the standard
`access code, and the remainder of which would be recog—
`nized as emergency codes. The comparison means of the
`security system of the invention would be configured to
`accept and recognize more than one code per authorized
`user, and to activate the emergency alert means whenever
`the code entered by the user matched an emergency code. At
`the same time, the determination of an authorized identity
`for the user would result in the user being afforded access to
`the requested secured computer system, thereby preventing
`the coercing third party from knowing that an emergency
`
`|PR2018—OOO67
`
`Unified EX1011 Page 7
`
`IPR2018-00067
`Unified EX1011 Page 7
`
`

`

`5,615,277
`
`7
`notification had been entered by the user. Ideally, the emer—
`gency code would be entered as a part of or simultaneously
`with the user’s secret code.
`
`According to another embodiment of the invention, an
`access limiting means is contemplated for use where access
`has been coerced by a third party. As discussed above, the
`invention includes an emergency alert means. The well-
`being of the user requesting access might be jeopardized if
`the coercing party discovered that the user was attempting to
`notify authorities. Thus, it is critical that the access proce—
`dure continue uninterruptedly and that access be granted to
`an authorized user so that the coercing party believes that
`everything is proceeding normally. However,
`it will be
`appreciated that the coercing party’s full and unfettered
`access to the secured computer system may cause the
`authorized user serious harm as well, particularly if access
`permits the coercing party access to make transactions from
`the authorized user’s financial accounts. Thus, according to
`the invention, the security system is provided with means for
`limiting access when the request
`for access has been
`coerced. In such instances, the security system would not
`only forward verification of identity to the secured computer
`system to be accessed, but also a request for limited access.
`The secured computer system would thereafter grant access,
`but with limitations that would be transparent to the coercive
`party. For example, if the authorized user had more than one
`checking account, under coerced access mode, only the
`account with the least money would be accessed. Altema—
`tively, the system could be configured to prohibit transac-
`tions above a particular monetary threshold. In such a case,
`the secured computer system would also generate temporary
`dummy accounts to reflect only enough money or credit to
`transact a particular transaction. Further, the secured com-
`puter may be configured to display that a particular trans-
`action has taken place, but then abort the transaction, such
`as charging an item to a line of credit or wire transferring
`funds to another account. The system may also generate and
`appropriate malfunction screen indicating that the type of
`transaction selected is not presently available due to
`mechanical or some other plausible failure. As with the
`emergency notification means, however, it is imperative that
`any access limitation that is imposed be transparent to the
`coercing party.
`The present invention is clearly advantageous over the
`prior art in a number of ways. First, it is extremely easy and
`efficient for the user, particularly where the user is accessing
`financial accounts, because it eliminates the need to carry
`and present a unique token in order to access one’s accounts.
`The present
`invention eliminates all
`the inconveniences
`associated with carrying,
`safeguarding and locating a
`desired token. And because each token is often specific to a
`particular computer system that further requires remember-
`ing a secret code assigned to the particular token,
`the
`elimination of tokens reduces the amount of memorization
`and diligence required increasingly of consumers, who are
`see everything from banking transactions and long distance
`telephone calling to point of purchase debits being con-
`ducted electronically using tokens and secret codes. Rather,
`in a single, seamless,
`tokenless, and optionally codeless
`transaction, the consumer, by mere entry of a biocharacter-
`istic such as a fingerprint and the selection of a desired
`account, can conduct virtually any commercial exchange
`transaction, from withdrawing cash from a bank account to
`paying the babysitter, from making a telephone call to Fiji to
`paying local property taxes.
`The invention is clearly advantageous from a convenience
`standpoint to retailers and financial institutions by making
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`4o
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`
`purchases and other financial transactions less cumbersome
`and more spontaneous. The paper work of financial trans-
`actions is significantly reduced as compared to current
`systems, such as credit card purchase wherein separate
`receipts are generated for use by the credit card company, the
`merchant and the consumer. Such electronic transactions
`also save merchants and banks considerable time and
`
`expense by greatly reducing operational costs. Because the
`system of the invention is designed to provide a consumer
`with simultaneous direct access to all of his financial
`accounts, the need for transactions involving money, checks,
`commercial paper and the like will be greatly reduced,
`thereby reducing the cost of equipment and staff required to
`collect and account for such transactions. Further, the manu-
`facturing and distributing costs of issuing and reissuing
`credit cards, ATM cards, calling cards and the like will be
`eliminated, thereby providing further economic savings to
`merchants and banks. In fact, the system of the invention
`will
`likely encourage consumer spending since all of a
`consumer’s electronic financial resources will be available at
`the mere input of his fingerprint or other biocharacteristic.
`The invention is markedly advantageous and superior to
`existing systems in being highly fraud resistant. As dis-
`cussed above, present security systems are inherently unre—
`liable because they base determination of a user’ s identity on
`the physical presentation of a unique object and unique
`information that is intended to be and by the security system
`presumed to be within the proprietary possession of the
`authorized user. Unfortunately, both the unique token and
`information can be transferred to another, through loss, theft
`or by voluntary action of the authorized user. Thus, unless
`the loss or unintended transfer of these