(12) Umted States Patent
`(10) Patent N0.:
`US 6,453,301 B1
`
`Niwa
`(45) Date of Patent:
`Sep. 17, 2002
`
`US006453301B1
`
`(54) METHOD OF USING PERSONAL DEVICE
`WITH INTERNAL BIOMETRIC IN
`
`CONDUCTING TRANSACTIONS OVER A
`NETWORK
`
`WO
`WO
`
`FOREIGN PATENT DOCUMENTS
`WO—95/13591 A1 *
`5/1995
`WO 99/06928 A1 ,
`2,1999
`OTHER PUBLICATIONS
`
`Inventor: KlyOhlkO lea, Haworth, NJ (US)
`(75)
`(73) Assignees: Sony Corporation (JP); Sony
`Electronics Inc. Park Ridge NJ (US)
`’
`’
`’
`
`Drury: “Demand jumps for high—tech ID producer”; Busi-
`neSS First, Oct. 22, 2001, vol. 18, No. 3, p. 1.*
`Pack:
`“Traditional Retailers Plan Interactive Stores”;
`Orlando Sentinel, May 25, 1995*
`
`( * ) Notice:
`
`Subject. to any disclaimer, the term of this
`patent IS extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.2 09/510,811
`(22)
`Filed:
`Feb. 23, 2000
`(51)
`Int Cl 7
`(52) US. Cl.
`
`G06F 17/60
`............................. 705/26; 705/17; 705/18;
`705/50. 705/65. 705/75
`’ 705/17’ 18 26
`..............................
`,
`,
`,
`705/27, 50, 65, 74, 75, 76, 77
`
`ld f S
`0
`
`earc
`
`h
`
`.
`References Clted
`US. PATENT DOCUMENTS
`
`583/1135)
`1
`t
`fiéfftfberg
`431/133:
`272???? 2 *
`
`/
`0 man 6 a’
`/
`”
`’
`’
`382/124
`4/1997 Lane ....................
`5,623,552 A
`4/1998 Rosenthal et a1.
`.......... 455/411
`5,737,701 A *
`11/1999 Koyama ................ 340/82534
`5,990,804 A
`............... 382/125
`6,002,787 A * 12/1999 Takhar et a1.
`
`6,105,010 A *
`8/2000 Musgrave ......
`705/44
`6,119,096 A *
`9/2000 Mann et a1.
`................... 705/5
`
`(58) F'
`1e
`
`(56)
`
`>I< cited by examiner
`
`.
`Primary Examiner—Edward R. COSImano
`(74) Attorney, Agent, or Firm—Lerner, David, Littenberg,
`KmthIZ & Memm" LLP
`(57)
`ABSTRACT
`A method of authorizing a commercial transaction between
`a customer and a provider of goods or services over a
`.
`.
`.
`network, wherein the prov1der of goods or serv1ceS requests
`that the customer provide authentication by activating a
`fingerprint identification device, and the provider of goods
`or services receives at least an authentication code of the
`
`customer over the network from the fingerprint identification
`device, the method comprising the steps of: providing the
`customer with the fingerprint identification device which
`produces the authentication code when a fingerprint of the
`customer matches a stored fingerprint within the fingerprint
`identification device; receiving at least the authentication
`d
`f
`th
`.d
`f
`d
`.
`th
`6
`CO 6
`“3m
`6 Prov? 8r 0
`goo S “.569me over
`netW0r1?> afld authOFIZIHg the transacnon If at lea“ the
`authentlcatlon code 15 Va11d~
`
`50 Claims, 6 Drawing Sheets
`
`
`
`
`
`DATA TRANSFER TO PAYOR BANK:
`AUTHENTICATION CODE, PAYOR
`NUMBER, PURCHASE AMOUNT
`—’ BANKID,CUSTOMERACCOUNT
`L
`118
`“6
`
`VALID
`
`1007
`CUSTOMER CONNECTS
`TOONALINEPROVIDEROF
`GOODSORSERVICES
`
`102 _'— PAYORVBANKID
`k CUSTOMERSELECTS
`'
`
`GOODS/SERVICES
`
`CUSTOMER PROMPTED
`104L
`I
`—— TOAUTHENTICATE
`
`HIMSELF
`
`'
`106
`CUSTOMERACTIVATES
`L FINGERPRINT
`RECOGNITION DEVICE
`
`
`I
`108
`
`RECOGNITION DEVICE
`k/
`FINGERPRINT
`126?
`AUTHORIZATION
`COMPARES PRESENT vs
`
`
`STORED FINGERPRINT
`CONDITION
`
`110
`I
`NEGATIVE
`
`L CUSTOMERINSERTS
`FINGERPRINT
`RECOGNITION DEVICE
`
`INTOINTERFACE
`DATA TRANSFER TO PROVIDER:
`I
`AUTHENTICATION CODE, PAYOR
`BANK ID, CUSTOMER ACCOUNT
`NUMBER, DELIVERV ADDRESS
`
`AUTHORIZATION
`CONDITION
`POSITIVE
`
`7
`
`
`
`
`TESIiIEI'E‘I”
`“228$?“
`
`
`
`112
`\
`
`
`
`
`AUTHENTICATION
`CODE RECEIVED
`
`7
`
`
`
`
`
`
`
`120
`
`ER
`CUETOIM
`ACCOUNT
`
`PAYOR BANK TRANSMITS
`128
`\J AUTHORIZATON
`%‘§I;D$38§‘3%§ESII3E§
`TSAQAETTON
`
`
`
`Apple 1017
`
`

`

`US. Patent
`
`Sep. 17, 2002
`
`Sheet 1 0f 6
`
`US 6,453,301 B1
`
`mm
`
`35
`
`go
`
`m
`
`HzEmmmsz
`
`tizomw
`
`8%.
`
`328%
`
`2::m
`
`12.5.!
`
`SEES
`
`mwmmA
`
`3:382
`
`EmeEmm
`
`#58285
`
`.on
`
`._<t15mngmmoSoEommz_._-zoHszmmSz
`
`
`
`
`$21321.._.2_Emmwz_u_
`
`.232:32023$8558.96onwas:Emzomm
`
`
`
`
`
`
`
`Qz<mmo><n_\._.2m_§m_._._.._.m_mwxz<mow20m
`
`._.z_mn_mm_oz_n_
`
`>._._m50mm
`
`
`
`
`
`meImmooi83.5.5
`
`._.z_~_n_mmwz_n_
`
`Cfiamw
`
`®
`
`._.z_m_n_m_m_ozfim
`
`>._._m:omm®
`
`Nm
`
`mm
`
`ofw
`
`xz<m._.z<_._om_m_s_
`
`mm
`
`_..OE
`
`mz_._-zo
`
`wmo_>mmm
`
`mz_._.zo
`
`mooow
`
`mz:-zo
`
`mwémxomm
`
`5M8.oEESQm
`
`:23_8_:§8_$
`Gm528.9623
`
`ona2
`
`Q
`
`5:22wfirm
`
`mmo_>m_m_m
`
`
`
`2388:Jaime
`
`Hz<onm2
`
`309688.585
`5E:ax25
`
`
`
`
`
`EfimmzmwzmmEEmmozm52%;:aExammmm@on8525562:@
`
`
`
`Emamm>55on
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Sep. 17, 2002
`
`Sheet 2 0f 6
`
`US 6,453,301 B1
`
` FIG.2
`
`
`
`

`

`US. Patent
`
`Sep. 17, 2002
`
`Sheet 3 0f 6
`
`US 6,453,301 B1
`
`FIG. 3
`
`100
`
`
`
`
`DATA TRANSFER TO PAYOR BANK:
`AUTHENTICATION CODE, PAYOR
`BANK ID, CUSTOMER ACCOUNT
`NUMBER, PURCHASE AMOUNT
`
`
`
`
`
`
`
`
`CUSTOMER CONNECTS
`
`TO ON-LINE PROVIDER OF
`
`
`
`GOODS OR SERVICES
`
`102
`
`104
`
`CUSTOMER SELECTS
`
`GOODS/SERVICES
`
`CUSTOMER PROMPTED
`
`TO AUTHENTICATE
`
`
`
`HIMSELF
`
`
`
`CUSTOMER ACTIVATES
`
`FINGERPRINT
`
`
`
`RECOGNITION DEVICE
`
`
`
` FINGERPRINT
`
`RECOGNITION DEVICE
`
`
`
`COMPARES PRESENT vs
`
`
`
`STORED FINGERPRINT
`
`
`
`CUSTOMER INSERTS
`
`FINGERPRINT
`
`RECOGNITION DEVICE
`
`INTO INTERFACE
`
`DATA TRANSFER TO PROVIDER:
`
`
`
`
`AUTHENTICATION CODE, PAYOR
`
`BANK ID, CUSTOMER ACCOUNT
`
`NUMBER, DELIVERY ADDRESS
`
`
`
`
`AUTHENTICATION
`CODE RECEIVED
`
`
`'2
`
`118
`
`VALID
`
`PAYOR BANK ID
`
`
`?
`
`116
`
`120
`
`122
`
`
` VALID
`
`CUSTOMER
`ACCOUNT
`
`NO. ?
`
`
`ACCEPTABL
`
`PURCHASE AMOUNT
`
`?
`
`
`
`126
`
`
`124
`
`AUTHORIZATION
` VALID
`AUTHENTICATION
`CONDITION
`
`
`CODE
`NEGATIVE
`
`?
`
`128
`
`134
`
`PAYOR BANK TRANSMITS
`AUTHORIZATION
`CONDITION TO PROVIDER
`OF GOODS OR SERVICES
`TO COMPLETE
`
`TRANSACTION
`
`130
`
`
`
`
`
`AUTHORIZATION
`CONDITION
`POSITIVE
`?
`
`
`
`132
`
`TRANSACTION
`
`COMPLETED
`
`TRANSACTION
`
`REFUSED
`
`

`

`US. Patent
`
`Sep. 17, 2002
`
`Sheet 4 0f 6
`
`US 6,453,301 B1
`
`F I G. 4
`
`15°
`
`TRANSACTION
`SETTLEMENT
`
`156
`
`TRANSACTION
`IS
`152
`
`
`
`
`
`RECEIPT
`PROVIDER'S BANK
`
`TRANSMITTED
`SAME AS PAYOR
`
`
`
`TO PROVIDER'S
`BANK
`
`
`BANK
`?
`
`
`
`
`
`
`TRANSACTION
`RECEIPT
`
`TRANSMITTED
`
`TO PAYOR BANK
`
`
`PAYOR BANK
`
`
`
`DEBITS
`
`CUSTOMER
`
`ACCOUNT
`
`158
`
`160
`
`Y
`
`162
`
`
`
`N
`
`IS
`PROVIDER'S BANK
`SAME AS PAYOR
`BANK
`?
`
`164
`
`166
`
`
`
`
`
`BANK
`
`
`PROVIDER'S
`
`
`
`
`
`
`PROVIDER'S
`BANK CREDITS
`
`
`PROVIDER'S
`
`
`
`ACCOUNT ,
`
`
`
`
`
`
`
`
`
`PAYOR BANK
`
`CREDITS
`
`PROVIDER'S
`ACCOUNT
`
`
`
`
`
`
`
`PAYOR BANK
`
`TRANSMITS
`
`CREDIT TO
`
`

`

`US. Patent
`
`Sep. 17, 2002
`
`Sheet 5 0f 6
`
`US 6,453,301 B1
`
`FIG. 5
`
`CUSTOMER PROVIDES
`INVESTMENT
`
`INSTRUCTIONS
`
`200
`
`CUSTOMER ACCESSES
`SETTLEMENT BANK
`
`202
`
`CUSTOMER
`
`PROMPTED TO
`
`AUTHENTICATE
`HIMSELF
`
`
`CUSTOMER ACTIVATES
`
`FINGERPRINT
`
`
`
`RECOGNITION DEVICE
`
`
`
`FINGERPRINT
`RECOGNITION DEVICE
`
`STORED FINGERPRINT
`
`
` CUSTOMER INSERTS
`FINGERPRINT
`
`
`RECOGNITION DEVICE
`
`
`INTO INTERFACE
`
`
`COMPARES PRESENT vs
`
`DATA TRANSFER TO SETTLEMENT
`
`
`
`
`BANK: AUTHENTICATION CODE,
`CUSTOMER ACCOUNT NUMBER
`
`AUTHENTICATION
`
`
`
`
`CODE RECEIVED
`
`2‘4
`
`216
`
`218
`
`220
`
`224
`
`226
`
`SETTLEMENT BANK
`
`TRANSMITS
`
`INSTRUCTIONS TO
`
`INVESTMENT PROVIDER
`INSTRUCTIONS
`
`INVESTMENT PROVIDER
`EXECUTES
`
`(anonomous) INVESTMENT
`
`TRANSACTION RECEIPT
`
`TRANSMITTED TO
`
`SETTLEMENT BANK
`
`SETTLEMENT BANK
`
`DEBITS/CREDITS
`
`CUSTOMER ACCOUNT
`
`
`
`SETTLEMENT BANK
`
`DEBITS/CREDITS
`
`INVESTMENT PROVIDER‘S
`
`
`
`ACCOUNT
`
`
`

`

`US. Patent
`
`Sep. 17, 2002
`
`Sheet 6 0f 6
`
`US 6,453,301 B1
`
`FIG. 6
`
`CUSTOMER ACCESSES
`BANK
`
`
`CUSTOMER
`PROMPTED TO
`
`
`AUTHENTICATE
`
`HIMSELF
`
`
`
`
`CUSTOMERACTWAJES
`HNGERPHNT
`RECOGNITION DEVICE
`
`302
`
`304
`
`306
`
`
`
`
`
`
`FINGERPRINT
`RECOGNITION DEVICE
`
`COMPARES PRESENT vs
`
`STORED FINGERPRINT
` 308
`
`
`
`
`
`
`CUSTOMER INSERTS
`FINGERPRINT
`
`RECOGNITION DEVICE
`
`INTO INTERFACE
`
`310
`
`DATA TRANSER TO BANK:
`AUTHENTICATION CODE,
`CUSTOMER ACCOUNT NUMBER
`
`
`
`
`
`
`AUTHENTICATIO
`
`312
`
`314
`
`316
`
` Y
`
`CUSTOMER REQUESTS
`ACCESS TO ELECTRONIC
`
`SAFETY DEPOSIT BOX
`
`
`
`BANK GRANTS REQUEST
`AND ELECTRONIC FILES
`
`
`
`ARE TRANSMITTED TO
`AND FROM CUSTOMER
`
`
`

`

`US 6,453,301 B1
`
`1
`METHOD OF USING PERSONAL DEVICE
`WITH INTERNAL BIOMETRIC IN
`CONDUCTING TRANSACTIONS OVER A
`NETWORK
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`The present invention relates to a method and system for
`authorizing a transaction between two parties over a network
`and, more particularly, to authorizing a transaction over the
`network when an authorization code has been received by an
`authorizing entity, the authorization code being produced by
`a fingerprint identification device in response to comparing
`a fingerprint of one of the parties to a stored fingerprint in the
`device.
`2. Related Art
`
`As the use of networks, for example the Internet, become
`more prevalent, an ever expanding quantum of electronic
`commerce will be conducted between users over these
`
`networks. Typically, a consumer of goods and/or services
`electronically connects to a provider of goods and/or ser-
`vices over a network, for example, by way of a website.
`Using known website browser software, the consumer may
`review and select goods or services and request that such
`goods or services be delivered to a specified address.
`The provider of goods or services, of course, expects to be
`paid for any goods or services requested by the consumer.
`Typically, this is accomplished by asking the consumer to
`enter his or her credit card number and expiration date.
`Sometime thereafter, and most likely after the consumer has
`disconnected from the provider’s website, the provider tele-
`phones an authorizing entity (e.g., the originator or manag-
`ing entity) of the credit card and requests authorization to
`complete the transaction. In particular, the provider of goods
`and/or services transmits the credit card number, expiration
`date, consumer name, and purchase amount to the authoriz-
`ing entity and awaits authorization. The authorizing entity
`accesses the consumer’s credit card account and verifies that
`
`the consumer is in good standing and that the purchase
`amount will not cause the consumer’s credit balance to
`
`exceed his or her credit limit. If the authorizing entity’s
`review of the consumer’s credit account is favorable, then
`authorization is transmitted to the provider of goods and/or
`services to complete the transaction with the consumer.
`As the provider of goods and/or services never actually
`sees the consumer and cannot assess the consumer in terms
`
`of whether or not the consumer is attempting to fraudulently
`utilize the credit card, both the provider of goods and/or
`services and the authorizing entity (originator of the credit
`card) must assume that the consumer is the authorized user
`of the credit card. It is only when the authorized user of a lost
`or stolen credit card calls the authorizing entity (or its
`representative) to report the lost and/or stolen card, that
`fraudulent uses of the credit card may be avoided.
`Similar problems occur when goods and/or services are
`requested and confirmed by a user of the network simply by
`connecting with the provider’s website. For example, when
`a provider of goods and/or services requires an initial
`registration with a particular consumer that authorizes bill-
`ing the consumer for use of the website, accidental (or
`fraudulent) use of the website is likely by non-authorized
`users. More particularly, a parent (authorized user) may
`contract with a provider of goods and/or services to permit
`the authorized consumer to utilize the website. The terms of
`
`the contract (or registration) may be that the consumer’s
`credit card will be charged for an amount representing use
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`of the website by the authorized consumer (e.g., obtaining
`information from the website or purchasing goods).
`Unfortunately,
`the only way that
`the provider of goods
`and/or services knows that a user of the website is an
`authorized consumer is by way of an identification number
`(e.g., password etc.) given by the authorized consumer or
`automatically transmitted by the authorized consumer’s per-
`sonal computer. Thus, any user of the authorized consumer’s
`personal computer who obtains the password (if employed)
`may access the website and incur charges without
`the
`knowledge of the authorized consumer.
`Accordingly, there is a need in the art for a new method
`and system for facilitating and authorizing transactions
`between parties over a network which provides all parties to
`the transaction with confidence that
`the initiator of the
`transaction is authorized to enter into the transaction.
`
`SUMMARY OF THE INVENTION
`
`In order to overcome the disadvantages of the prior art,
`the present invention provides a method of conducting a
`commercial transaction between a customer and a provider
`of goods or services over a network. The method includes
`the steps of:
`providing the customer with a fingerprint identification
`device which produces an authentication code when a
`fingerprint of the customer matches a stored fingerprint
`within the fingerprint identification device;
`maintaining an electronic site on the network over which
`the customer may request goods or services from the
`provider of goods or services;
`requesting that the customer provide authentication by
`activating the fingerprint identification device;
`receiving at least the authentication code and a account
`number of the customer at the provider of goods or
`services over the network from the fingerprint identi-
`fication device;
`transmitting the authentication code and the account num-
`ber from the provider of goods or services to a man-
`aging entity of the account over
`the network in
`encrypted form, and requesting authorization to com-
`plete the transaction; and
`completing the transaction if the managing entity of the
`account provides the authorization.
`Preferably, the stored fingerprint is in an encrypted format
`and at least one of the authentication code and account
`
`number are received over the network in an encrypted form.
`The method of the present invention also contemplates
`permitting the customer to access the account. The steps
`according to this aspect of the invention include: establish-
`ing an electronic connection over the network between the
`customer and a managing entity of the account; requesting
`that the user provide authentication to the managing entity of
`the account by activating the fingerprint
`identification
`device; receiving at least the authentication code and the
`account number of the customer at the managing entity of
`the account over the network from the fingerprint identifi-
`cation device; and permitting access to the account if the
`authentication code is valid.
`
`The customer is permitted to at least one of (i) transfer
`funds from the account; and (ii) deposit funds into the
`account, when the managing entity of the account has
`permitted access thereto.
`According to another aspect of the invention, the cus-
`tomer is permitted access to an electronic safety deposit box.
`The steps according to this aspect of the invention further
`include establishing an electronic connection over the net-
`
`

`

`US 6,453,301 B1
`
`3
`work between the customer and a managing entity of the
`electronic safety deposit box; requesting that the customer
`provide authentication to the managing entity of the elec-
`tronic safety deposit box by activating the fingerprint iden-
`tification device; receiving at least the authentication code at
`the managing entity of the electronic safety deposit box over
`the network from the fingerprint identification device; and
`permitting access to the electronic safety deposit box if at
`least the authentication code is valid.
`
`the
`According to yet another aspect of the invention,
`customer is permitted to conduct an investment transaction
`over the network. The steps according to this aspect of the
`invention include: establishing an electronic connection
`over the network between the customer and a settlement
`
`bank over which the investor may provide investment
`instructions; requesting that the customer provide authenti-
`cation to the settlement bank by activating the fingerprint
`identification device; receiving at least the authentication
`code at
`the settlement bank over the network from the
`
`receiving investment
`identification device;
`fingerprint
`instructions at the settlement bank over the network from the
`
`customer; and transmitting the investment instructions to a
`third party if at least the authentication code is valid.
`Other objects,
`features, and advantages will become
`apparent to those skilled in the art in light of the description
`herein taken in conjunction with the accompanying drawing.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`For the purposes of illustrating the invention, there are
`shown in the drawings forms which are presented preferred,
`it being understood, however,
`that
`the invention is not
`limited to the precise arrangements and instrumentalities
`shown.
`
`FIG. 1 is a block diagram illustrating a preferred system
`for carrying out the invention.
`FIG. 2 is a schematic diagram of a fingerprint identifica-
`tion device which is connectable to a computer in accor-
`dance with the present invention.
`FIG. 3 is a flow diagram illustrating process steps for
`authorizing a transaction between a consumer and a provider
`of goods and/or services over a network in accordance with
`one aspect of the invention.
`FIG. 4 is a flow diagram illustrating a settlement sequence
`following the transaction process of FIG. 3.
`FIG. 5 is a flow diagram illustrating process steps for
`facilitating an investment
`transaction over a network in
`accordance with another aspect of the present invention.
`FIG. 6 is a flow diagram illustrating process steps for
`facilitating access to an electronic account, such as an
`electronic safety deposit box, in accordance with another
`aspect of the present invention.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`Reference is now made to FIG. 1 which illustrates a block
`
`diagram of a system suitable for carrying out the present
`invention. The system preferably includes a bank 10, such as
`a payor bank, settlement bank, originating bank, etc. The
`payor bank 10 preferably includes a processing unit 22 (such
`as a central computer, distributed computer, networked
`computer, etc.) in communication with one or more interface
`units 20 (for example, network interfaces, wireless
`interfaces, network servers, etc.). The processing unit 22 is
`also in communication with a plurality of back office and/or
`electronic functional units, including, for example, one or
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`more electronic safety deposit boxes 24, bank accounts 26,
`settlement credit/debit accounts 28, lease accounts 30, and
`finance accounts 32. Each of the functional units preferably
`includes one or more databases containing information
`concerning the accounts thereof and the customers utilizing
`them.
`
`Preferably, the payor bank 10 issues a plurality of finger-
`print identification devices 50 to a plurality of customers 52.
`The fingerprint identification devices 50 may take any of a
`number of forms, e.g., a card, a smart card, a cellular phone,
`and a universal serial bus stick. It is preferred that each
`fingerprint identification device 50 is associated with one or
`more of the functional accounts of the payor bank 10. For
`example, the payor bank 10 may issue a fingerprint identi-
`fication device 50 to a customer 52 which is associated with
`
`a bank account 26. That customer 52 may be issued another
`fingerprint identification device 50 associated with an elec-
`tronic safety deposit box 24. It is understood, however, that
`the payor bank 10 may issue a single fingerprint identifica-
`tion device 50 which is associated with both the bank
`
`account 26 and electronic safety deposit box 24 (and any
`other functional account) without departing from the scope
`of the invention.
`
`the fingerprint identification
`With reference to FIG. 2,
`device 50 is preferably in the form of a card or thin box
`which contains information about the owner of the device,
`the payor bank,
`the functional account number, etc. The
`fingerprint
`identification device 50 includes a
`microprocessor, memory, and fingerprint sensor 51 which
`are interconnected and programmed in order to compare a
`fingerprint of the customer 52 with a stored fingerprint of
`that customer 52. The card issues an authorization code only
`when the fingerprint of the customer 52 matches the stored
`fingerprint. Those skilled in the art will appreciate that any
`of the known hardware suitable to implement the fingerprint
`identification device 50 may be employed, such as that
`disclosed in US. patent application Ser. No. 09/466,965,
`entitled AUTHENTICATION SYSTEM, FINGERPRINT
`IDENTIFICATION UNIT, AND AUTHENTICATION
`METHOD, the entire disclosure of which is hereby incor-
`porated by reference.
`It is most preferred that the stored fingerprint and other
`information regarding the customer 52 are in encrypted form
`(e.g., using known PKI technology) and that this encrypted
`information remain encrypted when transmitted from the
`device 50 to any other device.
`It
`is preferred that
`the
`fingerprint identification device 50 is connectable to a com-
`puter 54 (such as a PC) through an interface 56. The
`fingerprint identification device 50 may include a connector
`57 which is matable with a corresponding connector 58 on
`the interface 56. The interface 56 preferably receives infor-
`mation from the fingerprint identification device 50 through
`the connectors 57, 58 and transfers at least some of this
`information to the PC 54 by way of the universal serial bus
`(USB) interface.
`the device 50 may include an integral
`Alternatively,
`interface for connecting to the computer 54 by way of the
`universal serial bus (USB). Thus, the information on the
`fingerprint identification device 50 may be transmitted over
`a network (e.g., the Internet) from the computer 54, prefer-
`ably in encrypted form (e.g., using API data transfer, PKS
`11).
`Most preferably, the fingerprint identification device 50 is
`a small, stand alone unit (e.g., measuring about 8.5 cm><5 .4
`cm><0.9 cm and weighting about 35 grams). It
`is most
`preferred that the fingerprint sensor 51 include a matrix of
`
`

`

`US 6,453,301 B1
`
`5
`pixels formed in a semiconductor chip, a 128x192 matrix of
`pixels being preferred. Any of the known fingerprint match-
`ing algorithms may be employed, such as pattern matching.
`See, for example, US. Pat. No. 4,582,985, entitled DATA
`CARRIER, the entire disclosure of which is hereby incor-
`porated by reference.
`In an alternative embodiment, the fingerprint identifica-
`tion device may be integral with the interface 56 or the
`interface 56 may contain separate fingerprint identification
`circuitry (including sensor 51) such that the device 50 is not
`required to execute fingerprint recognition and matching. In
`another alternative embodiment of the invention, the com-
`puter 54 may contain fingerprint
`identification circuitry
`(including sensor 51) integrally disposed therein such that
`neither the device 50 nor the interface 56 is required to
`execute fingerprint recognition and matching.
`Referring to FIG. 1, any of the customers 52 may conduct
`transactions with one or more providers of goods and/or
`services, such as on-line brokerages 60, on-line goods
`providers 62, on-line services service providers 64, on-line
`investment account providers 66, providers of large capital
`purchases 68, brick and mortar merchants 70 or brick and
`mortar service providers 72.
`Reference is now made to FIG. 3 which is a flow diagram
`illustrating process steps which are preferably carried out in
`accordance with the invention. In particular,
`the process
`steps illustrated in FIG. 3 relate to a commercial transaction
`conducted over a network (such as the Internet) between a
`customer 52 and an on-line provider of goods and/or
`services, such as the on-line brokerage 60, the on-line goods
`provider 62, or the on-line services provider 64.
`At action 100, the customer 52 connects to the on-line
`provider of goods and/or services 60, 62 or 64 by way of the
`network in a manner well known to those skilled in the art.
`
`For example, the customer 52 may utilize a personal com-
`puter (PC) 54 (FIG. 2)
`to execute a browser program
`operable to electronically connect to a website of the pro-
`vider of goods and/or services. Using the browser program,
`the customer 52 may view the goods and/or services avail-
`able from the provider 60, 62 or 64 and select particular
`goods or services for one or more transactions (action 102).
`At action 104,
`the provider of goods and/or services
`prompts the customer 52 to authenticate himself or herself as
`being authorized to use a particular mode for making
`remittance, for example, debiting a demand deposit account
`(DDA), debiting a credit card account, etc. In particular, the
`provider of goods and/or services prompts the customer 52
`to authenticate himself by activating the fingerprint identi-
`fication device 50.
`
`At action 106, the customer 52 activates the fingerprint
`identification device 50 in a manner consistent with known
`
`techniques such that the fingerprint identification device
`compares the customer’s fingerprint with a stored fingerprint
`(action 108) and produces an authorization code indicating
`that a match exists between the customer’s fingerprint and
`the stored fingerprint. At action 110, the customer 52 inserts
`the fingerprint
`identification device 50 into an interface
`device 56 (FIG. 2). The customer 52 may alternatively
`authenticate himself by activating fingerprint identification
`circuitry in the interface 56 or in the computer 54. Which-
`ever technique is employed, the customer 52 preferably uses
`the personal computer 54 to access the Internet. Data trans-
`fer is then conducted between the fingerprint identification
`device 50 (or other fingerprint
`identification circuitry if
`employed) and the provider of goods and/or services 60, 62
`or 64 (action 112). The data transfer preferably includes at
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`least one of the authentication code, payor bank identifica-
`tion number, customer account number, and delivery
`address. Most preferably, the data of this transfer are in
`encrypted form.
`At action 114, if the customer 52 fails to transfer the
`authentication code to the provider of goods and/or services
`60, 62 or 64, then it is preferred that the provider of goods
`and/or services rejects the transaction and again requests that
`the customer authenticate himself (action 104). When at
`least the authentication code is received by the provider of
`goods and/or services 60, 62 or 64, then the processing of the
`transaction is permitted to continue.
`At action 116, the provider of good and/or services 60, 62
`or 64 preferably transfers data to the payor bank 10, which
`data preferably includes at least one of the authentication
`code, payor bank identification number, customer account
`number, and purchase amount. It is most preferred that at
`least the authentication code be provided to the payor bank
`10. The payor bank 10 then analyzes at least one of the payor
`bank identification number
`(action 118),
`the customer
`account number (action 120), the purchase amount (action
`122) and the authorization code (124) to determine whether
`one or all of the data are valid. Most preferably, the payor
`bank 10 analyzes the authentication code (action 124) to
`verify its validity prior to authorizing the transaction. As
`illustrated, the queries at actions 118, 120, 122, and 124 are
`linked serially through the affirmative (“Y”) branch of each.
`It is noted, however, that the queries of actions 118, 120,
`122, and 124 may be linked in parallel without departing
`from the scope of the invention. It
`is intended that an
`affirmative determination at one or more of the queries of
`actions 118, 120, 122 and 124 tends to advance the process
`flow toward action 128. If, however, any one or more of the
`data are not valid and the queries at one or more of actions
`118, 120, 122 and 124 are negative (“N”), then the payor
`bank 10 preferably establishes a negative authorization
`condition (action 126).
`At action 128, the payor bank 10 preferably transmits the
`authorization condition to the provider of goods and/or
`services and the provider of goods and/or services deter-
`mines whether the authorization condition is positive or
`negative (action 130). When the authorization condition is
`negative, the provider of goods and/or services refuses to
`complete the transaction (action 132). Conversely, when the
`authorization condition is positive, the provider of goods
`and/or services completes the transaction (action 134).
`Those skilled in the art will appreciate that commercial
`transactions conducted at the point of sale, for example, at
`brick and mortar stores, 70, 72, may be carried out
`in
`accordance with the invention using the steps illustrated in
`FIG. 3 with the exception of those concerning the transmis-
`sion of data from the customer 52 to the provider 60, 62 or
`64 over the network. Instead, the data (e.g., at least one of
`the authentication code, payor bank identification number,
`customer account number, delivery address, etc.) would be
`provided to, for example, the merchant 70 and/or service
`provider 72 at the point of sale (action 112).
`With reference to FIG. 4, once the commercial transaction
`has been completed (FIG. 3),
`the transaction is settled
`(action 150). Initially, a determination is made as to whether
`the provider of goods and/or services 70, 72 utilizes the
`payor bank 10 in settling its transactions (action 152). If it
`does, a transaction receipt is transmitted from the provider
`of goods and/or services 70, 72 to the payor bank 10. If not,
`then the provider of goods and/or services 70, 72 may settle
`the transaction through its own bank (e.g., a merchant bank
`
`

`

`US 6,453,301 B1
`
`7
`
`to that bank
`74) by transmitting the transaction receipt
`(action 156). The provider’s bank would then transmit the
`transaction receipt to the payor bank 10 (action 154).
`At action 158, the payor bank 10 debits the customer’s
`account and at action 160, a determination is again made as
`to whether the provider of goods and/or services 70, 72
`utilizes the same payor bank 10 as the customer 52. If it
`does, the payor bank 10 directly credits the bank account of
`the provider of goods and/or services (action 162). If not, the
`payor bank 10 transmits a credit to the bank of the provider
`of goods and/or services (action 164) and that bank credits
`the provider’s bank account (action 166).
`Reference is now made to FIG. 5 which is a flow diagram
`illustrating process steps in accordance with another aspect
`of the present invention. In particular,
`the process steps
`represent actions to be taken to facilitate an investment
`transaction between a customer 52 and an on-line invest-
`
`ment service provider 66 (FIG. 1). In accordance with the
`invention, the on-line investment provider 66 may be an
`investment bank, a brokerage, etc., and may be located
`domestically or off-shore. Preferably, the investment trans-
`action is conducted through the settlement bank 10 (the term
`settlement being used to indicate that the customer’s bank
`account within the settlement bank 10 may be debited or
`credited depending on the investment transaction).
`At action 200, the customer 52 preferably accesses the
`settlement bank 10 via a network, such as the Internet, using
`any of the known techniques. After the customer 52 has
`indicated that he or she is interested in conducting an
`investment transaction, the settlement bank 10 prompts the
`customer 52 to authenticate himself or herself (action 202).
`In response, the customer 52 preferably activates the fin-
`gerprint identification device 50 (action 204) which causes
`the device to compare the customer’s fingerprint with a
`stored fingerprint (action 206) and produce an authentication
`code if a match is obtained.
`
`At action 208, the customer preferably inserts the finger-
`print identification device 50 into an interface 56 (FIG. 2)
`suitable for transmitting data between the fingerprint iden-
`tification device 50 and the settlement bank 10, for example,
`via the universal serial bus of the computer 54. Alternatively,
`the customer 52 may authenticate himself or herself by
`activating fingerprint identification circuitry in the interface
`56 or in the computer 54. Whichever technique is employed,
`the customer 52 preferably uses the computer 54 to access
`the Internet. At action 210, data is preferably transmitted
`from the fingerprint identification device 50 (or other fin-
`gerprint identification circuit if employed) to the settlement
`bank 10, the data including at least one of the authentication
`code and the customer investment account number (in
`encrypted form).
`if the settlement bank 10 receives the
`At action 212,
`authentication code (and, if required, the investment account
`number), then the investment transaction is permitted to
`continue. If not, then the process flows back to action 202
`where the customer 52 is again prompted to authenticate
`himself or herself.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`At action 214, the customer 52 preferably provides invest-
`ment
`instructions to the settlement bank 10 over the
`
`60
`
`network, such as “buy 100 shares