`
`(12)
`
`United States Patent
`Cass0ne
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,983,882 B2
`Jan. 10, 2006
`
`(54) PERSONAL BIOMETRICAUTHENTICATION
`AND AUTHORIZATION DEVICE
`
`(75) Inventor: Jean Cassone, Bangkok (TH)
`
`(73) Assignee: Kepler, Ltd., Hong Kong (CN)
`(*) Notice:
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 21 days.
`(21) Appl. No.: 10/403,934
`
`(22) Filed:
`
`Mar. 31, 2003
`
`DE
`
`5,796,832 A 8/1998 Kawan
`5,907,149 A 5/1999 Marckiini
`5.987,155 A * 11/1999 Dunn et al. ................. 382/116
`6,012,039 A *
`1/2000 Hoffman et al. .............. 705/14
`6,012,636 A 1/2000 Smith
`6,182,892 B1
`2/2001 Angelo et al.
`6,193,152 B1
`2/2001 Fernando et al.
`CE R
`2001 Lewis
`21-a---
`/2001 Burger
`6,270.011 B1
`8/2001 Gottfried
`
`(Continued)
`FOREIGN PATENT DOCUMENTS
`4231913 A1
`1/1994
`
`(Continued)
`OTHER PUBLICATIONS
`SAGEM MorphokitTM, 2 pages, (Apr. 2001).
`
`- - - - - - - - - - - - - - - -
`
`s
`
`74YAff
`
`A i
`
`Firm-Akin G St
`
`H &
`
`Prior Publication Data
`US 2004/0188519 A1
`Sep. 30, 2004
`(51) Int. Cl.
`(2006.01)
`G06K 5700
`(Continued)
`(52) U.S. Cl. ...................... 235/382; 235/375; 235/379;
`Primary Examiner-Jared J. Fureman
`235/380; 705/5; 705/26; 705/39; 705/44;
`nary
`705/64; 705/79; 340/382.31; 439/65
`(58) Field of Classification Search
`... Assistant Examiner Allyson NTrail
`235/380, 462.09, 379,375; 705/5, 79,39, ER ge agent or rim-Ainuumpstrusilauer
`705/44, 26, 64; 382/124, 115; 340/825.31,
`s
`340/38231; 439/65
`(57)
`ABSTRACT
`See application file for complete Search history.
`References Cited
`
`(65)
`
`(56)
`
`U.S. PATENT DOCUMENTS
`3,868,057 A 2/1975 Chavez
`4,529,870 A
`7/1985 Chaum
`4,879,645 A 11/1989 Tamada et al.
`5,239,166 A 8/1993 Graves
`5,484.997 A
`1/1996 Haynes
`5,530.232 A 6/1996 Taylor
`5,559.885. A * 9/1996 Drexler et al. .............. 235/380
`5,578,808 A 11/1996 Taylor
`5,623,552 A * 4/1997 Lane .......................... 382/124
`5,657,389 A * 8/1997 Houvener ................... 713/186
`5,680205 A 10/1997 Borza
`5,770,849 A 6/1998 Novis et al.
`5,787,186 A 7/1998 Schroeder
`
`A personal biometric authentication and authorization
`device (PAD) provides protection for portable tokens such as
`magnetic Stripe cards and Smart cards. The PAD enables
`portable tokens upon engagement with the PAD and com
`parison of a biometric input on the PAD with a stored
`biometric data. The PAD can be used for biometrically
`authenticated transactions with or without a portable token.
`Multiple user account data can be stored in the PAD. The
`PAD can write the magnetic Stripe of a magnetic Stripe
`portable token. The PAD can be enrolled with an enrollment
`System to associate the PAD, an individual, and the portable
`tokens to be used with the PAD. The PAD can be used for
`e-commerce transactions.
`
`70 Claims, 14 Drawing Sheets
`
`Now this cracit
`carc is corpia tely
`S. Cure.
`
`
`
`Server using a USB
`connector at the oak.
`
`startings care
`arc erro the
`fingerprint.
`
`Samsung Ex. 1018, Page 1 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`US 6,983,882 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`6,293.462 B1* 9/2001 Gangi ........................ 235/380
`6,325,285 B1 12/2001 Baratelli ..................... 235/380
`6,334,575 B1
`1/2002 Su-Hui
`6,335,688 B1
`1/2002 Sweatte
`6,422,462 B1
`7/2002 Cohen
`6,424,249 B1
`7/2002 Houvener .................. 340/5.82
`6,454,173 B2
`9/2002 Graves
`6,457,640 B2 10/2002 Ramachandran et al.
`6,464,146 B2 10/2002 Ito et al.
`6,505,772 B1
`1/2003 Mollett
`6,631.201 B1 * 10/2003 Dickinson et al. .......... 382/124
`6,698,654 B1* 3/2004 Zuppicich ................... 235/380
`2001/0000405 A1
`4/2001 Gray et al.
`2001/0045458 A1* 11/2001 Polansky .................... 235/382
`2001/0053239 A1
`12/2001 Takhar
`2002/OO17558 A1
`2/2002 Graves
`2002/0O25062 A1*
`2/2002 Black ......................... 382/116
`5/2002 Janiak et al.
`2002/0060243 A1
`6/2002 Candelore
`2002/0073315 A1
`7/2002 Gaines
`2002/0095389 A1
`9/2002 Hodgson et al.
`2002/O123972 A1
`9/2002 Ludtke et al.
`2002/O128980 A1
`9/2002 Berg et al.
`2002/0130187 A1
`2002/0138438 A1
`9/2002 Bardwell ..................... 705/51
`2002/O148892 A1 10/2002 Bardwell
`2002/0150282 A1 10/2002 Kinsella ..................... 382/124
`2002/0153424 A1 10/2002 Li .............................. 235/492
`2002/0158747 A1 10/2002 McGregor et al.
`2002/016.4057 A1 11/2002 Kramer
`2002/0166891 A1* 11/2002 Stoutenburg et al. ....... 235/379
`2002/0178124 A1 11/2002 Lewis
`2002/0180584 A1 12/2002 McGregor et al.
`2003/00284.81 A1
`2/2003 Flitcroft et al. ............... 705/39
`2003/0031321 A1
`2/2003 Mages
`2003/0046249 A1
`3/2003 Wu ............................. 705/79
`2003/0O83954 A1* 5/2003 Namba ........
`... 705/26
`2003/0093385 A1 * 5/2003 Vallee et al. .
`... 705/64
`2003/0116621 A1
`6/2003 Duncan ...................... 235/379
`2003/0116630 A1* 6/2003 Carey et al. ...
`235/462.09
`2003/0218065 A1 11/2003 Viswanathan ............... 235/449
`2004/OO29409 A1
`2/2004 Moon et al. ....
`... 439/65
`2004/O199469 A1 10/2004 Barillova et al. ............. 705/44
`
`
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`EP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`WO
`
`O945821 A2 9/1999
`1085424 A1
`3/2001
`112O755 A1
`8/2001
`63.053687. A 3/1988
`O1152590 A 6/1989
`O1236388 A 9/1989
`O2118790 A 5/1990
`O2259891 A 10/1990
`O2271466 A 11/1990
`O6076127 A 3/1994
`WO94/17498
`* 8/1994
`
`OTHER PUBLICATIONS
`SAGEM Morphomodule"M, 2 pages, (Apr. 2001).
`SAGEM MorphoaccessTM, 2 pages, (Apr. 2001).
`SAGEM MorphotouchTM, 2 pages, (Apr. 2001).
`SAGEM Morphop(ackTM, 2 pages, (Apr. 2001).
`STMicroelectronics, “Securing the Information Age, 2
`pages, (Oct. 2002).
`Stefan Brands, “Off-Line Cash Transfer by Smart Cards,”
`Centrum voor Wiskunde en Informatica Report CS-R9455,
`17 pages, (Sep. 26, 1994).
`VASCO Data Security, Inc., “VASCO DIGIPASS(R) Family
`of Tokens Concepts Technical Whitepaper,” 9 pages,
`undated.
`
`VASCO Data Security, Inc., “DIGIPASS(R) PRO 800," 2
`pages (Jan. 4, 2002).
`VASCO Data Security, Inc., “DIGIPASS(R) GO 2,” 2 pages
`(Oct. 25, 2002).
`VASCO Data Security, Inc., “DIGIPASS(R DESK 300.” 2
`pages, (Jan. 4, 2002).
`(OVASCO, “Product Range,” 4 pages, (2003).
`XIRING(R), XSign, 2 pages, undated.
`XIRING(R), XIRING Security Offer, 4 pages, (Feb. 2001).
`XIRING(R), XPad, 2 pages, (May 2001).
`RSA Security, Inc., RSA SecurD(R Authenticators, 2 pages,
`undated.
`Brian Fonseca, “Smart Cards Poised for Wider
`Adoption-Vendors Are Pushing Network-Access and
`Multifunction Features to Broaden Appeal.” InfoWorld, v22
`i43, 3 pages, (Oct. 23, 2000).
`“SchlumbergerSema and Precise Biometrics Integrate Smart
`Card Authentication Technology; SchlumbergerSema Meets
`Customer Demand and Takes Lead in Biometric-enabled
`Smart Cards Through Integration of Prcise Biometrics
`Fingeprint Technology,” PrimeZone Media Network, 4
`pages, (Feb. 19, 2002).
`KEYWARE, Keyware SMART-Shopper, 4 pages, (2001).
`KEYWARE Keyware CASTM Server, 6 pages, (2001).
`KEYWARE, Keyware CAS SignOnTM, 6 pages, (2001), no
`month available.
`KEYWARE, Keyware -Identifying The World, http://
`www.keyware.com/products/default.asp?id=7,
`1
`page,
`(2002), no month available.
`“bCheck(SM) Delivers Convenient Biometric Payments to
`Consumers; Merchants Get Low-Cost, Secure Payments;
`Santoni’s Supermarket to Install First bOheck(SM) Applica
`tion.” PR Newswire, 3pages, (Feb. 18, 2003).
`“Credit Card Limits Extended to 5GB,” Medialine, 2 pages,
`(Feb. 1, 2003).
`Jeffrey Kutler, “Smart Cards Getting More Than Token
`Support,” American Banker, v162-n20, 4 pages, (Jan. 30,
`1997).
`“Datacard Brings Security and Productivity to the Forefront
`With New Version of Industry-leading Identification
`Software, Canadian Corporate News, 2 pages, (Jan. 14,
`2003).
`Chris Jones, “Dealing Out Smart Cards,” InfoWorld, v 19
`n10, 4 pages, (Mar. 10, 1997).
`Stephen Cobb, “Smartcard Invasion Continues.” Byte, v23
`n4, 4 pages, (Apr. 1998).
`Dan Balaban, “Should Smart Cards Carry Their Own
`Biometric Sensors?,” Card Technology, V2-i11, 6 pages,
`(Nov. 2001).
`“Business Talk Radio Features Hunno Technologies Inc.”
`PrimeZone Media Network, 2 pages, (Jan. 16, 2003).
`“Fingerprint Cards Portable, Power-Efficient Embedded
`Biometric Solutions Now Available for TI DSP's;
`Fingerprint Cards Joins TI's Third Party Network,” PR
`Newswire, 2 pages, (Feb. 24, 2003).
`“LISCR Unveils World's First Biometic Seafarer's Identity
`Card; Uses Datastrap's 2D Bar Code Technology to Prevent
`Identity Fraud; Will Affect 500,000 Seafarers Around the
`Globe,” PR Newswire, 3 pages, (Feb. 26, 2003).
`. , ss
`.
`“National Semiconductor Backs Validity Biometri .
`Australian Business Intelligence, 2 pages, (Mar. 4, 2003)
`“SAFLIK CORP-SAFaccessTM Biometric Security Solu
`tion Certified ca SmartTM-With Computer Associates
`eTrustTM Single Sign-On,” Market News Publishing, 3
`pages, (Jun. 6, 2002).
`
`Samsung Ex. 1018, Page 2 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`US 6,983,882 B2
`Page 3
`
`“Beijing: Biometrics Fingerprint Card Coming.” Alestron, 2
`pages, (Mar. 6, 2003).
`Ziff Davis Media, Inc., “HP Touts PC Group’s Innovation.”
`eWeek, 2 pages, (Feb. 28, 2003).
`Alan Leibert, “Smart Cards-A20" Century Product for the
`21 Century Player." Customer Relationship Management,
`4 pages, (Mar/Apr. 2000).
`“At New York Retailer Expo, High Tech Moves Onto Store
`Shelf.” Tribune Business News, 4 pages, (Jan. 20, 2003).
`K. M. Martin, et al., “Secure Billing for Mobile Information
`Services in UTMS. 13 pages, undated.
`J. F. Dhem, et al., “SCALPS: Smart Card Applied to Little
`Payment Systems,” UCL Crypto Group Technical Report
`Series, IEEE Micro Magazine, 20 pages, (Jun. 1996).
`Oliver Delos, et al., “An Identity-Based Signature Scheme
`with Bounded Life-Span, 12 pages, undated, no date avail
`able.
`Luca Bechelli, et al., "Biometrics Authentication with
`Smartcard.” Istituto di Informamatica e Teleomatica (ITT),
`http:///www.iat.cnr.it/attivita/progetti/parametri biomedici.
`html, 12 pages, (Aug. 2002).
`
`“Thinkpulse to Showcase Smartx Smart Card Solution
`One,” ScreamingMedia, Business Wire, 2 pages, (Jun. 6,
`2000).
`GEMPLUS, “The world’s leading provider of Smart card
`Solutions,' website www.gemplus.com, 1 page, printed Mar.
`11, 2003, undated.
`“Firms Cooperate on Smart Card-Biometric Partnership,”
`SDM Insider, 1 page, (Jul. 2002).
`“Biometric, Smart Card Combo,” SDM Insider, 1 page,
`(Sep. 2002).
`“It’s Biometric Hat-Trick,” Design Engineering, 1 page,
`(Jan. 2003).
`“Schlumberger Announces Biometric Smart Card Applica
`tion,” Cardine, 1 page, (Feb. 22, 2002).
`“Sagem and Gemplus Work Together to Produce Biometric
`and Smart Card Technology,” Telecom worldwire, 1 page,
`(Feb. 5, 2003).
`“Card Technology Calendar, Card Technology, 2 pages,
`(Aug. 2001).
`* cited by examiner
`
`Samsung Ex. 1018, Page 3 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`Jan. 10, 2006
`
`Sheet 1 of 14
`
`US 6,983,882 B2
`
`
`
`3
`
`8
`
`O
`v
`v
`
`s
`
`Samsung Ex. 1018, Page 4 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`US 6,983,882 B2
`
`
`
`
`
`
`
`Samsung Ex. 1018, Page 5 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`Jan. 10, 2006
`
`Sheet 3 of 14
`
`983,882 B2
`US 6
`9
`
`
`
`
`
`xapeau pueo que uus
`
`Samsung Ex. 1018, Page 6 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`Jan. 10, 2006
`
`Sheet 4 of 14
`
`983,882 B2
`US 6
`9
`
`
`
`
`
`Samsung Ex. 1018, Page 7 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`Samsung Ex. 1018, Page 8 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`Jan. 10, 2006
`
`Sheet 6 of 14
`
`US 6,983,882 B2
`
`se
`
`G
`Y
`-
`
`
`
`s
`
`Samsung Ex. 1018, Page 9 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`Jan. 10, 2006
`
`Sheet 7 of 14
`
`983,882 B2
`US 6,
`
`0 || Z.
`
`o?se|d go ?oeld
`
`<!------------
`
`
`
`
`Spueo |en?u?A
`JO 6u?SIXE
`
`Samsung Ex. 1018, Page 10 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`Jan. 10, 2006
`
`Sheet 8 of 14
`
`US 6,983,882 B2
`
`OWN
`
`JequunN
`
`8 (61-)
`
`
`
`
`
`
`
`
`
`Samsung Ex. 1018, Page 11 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`US 6,983,882 B2
`
`
`
`
`
`6 (61-)
`
`Samsung Ex. 1018, Page 12 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`US 6,983,882 B2
`
`
`
`
`
`006
`
`0 | -61
`
`Samsung Ex. 1018, Page 13 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`Jan. 10, 2006
`
`Sheet 11 of 14
`
`US 6,983,882 B2
`
`00 || ||
`
`0 | | |
`
`09 || ||
`
`02 || ||
`
`| || 'fil
`
`
`
`
`
`
`
`Samsung Ex. 1018, Page 14 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`Jan. 10, 2006
`
`Sheet 12 of 14
`
`US 6,983,882 B2
`
`
`
`90Z |
`
`0 || Z |
`
`Jea|ON
`
`NN |
`
`Samsung Ex. 1018, Page 15 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`U.S. Patent
`
`Jan. 10, 2006
`
`Sheet 13 of 14
`
`US 6,983,882 B2
`
`9 | -61
`
`9 | 9 ||
`
`099 ||
`
`
`
`
`
`
`
`
`
`Samsung Ex. 1018, Page 16 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`Samsung Ex. 1018, Page 17 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`1
`PERSONAL BIOMETRIC AUTHENTICATION
`AND AUTHORIZATION DEVICE
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`The present invention relates to a System for biometrically
`authenticating the user of a portable token.
`2. Description of the Related Art
`Banking cards with a magnetic Stripe are presently only
`protected by a four digit Personal Identification Number
`(PIN) code known to the bearer of the banking card. The
`fraud associated with theft, deception and forgery Substan
`tially increases every year and current estimates exceed 2%,
`although official figures are not made available. The Wall
`Street Journal reported a study by Gartner Inc. that claims
`that the fraud rate reached 1.8% for e-commerce alone in the
`United States in the last three years, totaling S1.6 billion.
`Card issuers typically protect card holders against fraud,
`although in Some cases card holders must pay a Small
`premium for the protection. Card issuers typically insure
`against their own losses. In France, the use of Smart cards
`has significantly reduced (by a factor larger than 10) the
`potential for fraud. Usage of Smart cards is extending
`throughout Europe; however, the United States has not yet
`decided to adopt the French Smart card technology due to the
`cost (estimated at S12 billion) associated with the required
`changes in the infrastructure of the various Automatic Teller
`Machine (ATM), Point Of Sale (POS) networks, and other
`card-processing networks. Further, Smart cards can have
`their own Security weaknesses.
`
`BRIEF SUMMARY OF THE INVENTION
`
`Various embodiments implementing aspects of the inven
`tion are disclosed, generally directed to an authorization
`device employing biometric input. One embodiment is a
`personal authorization device for authorizing portable
`tokens for transactions, comprising a biometric Sensor
`adapted to receive a biometric input, a biometric data Storage
`adapted to hold stored biometric data to be compared with
`the biometric input, and a magnetic Stripe writer, adapted to
`write valid magnetic Stripe data to a magnetic Stripe of a
`portable token responsive to the biometric input correspond
`ing to the Stored biometric data. The personal authorization
`device may store a plurality of account data which may be
`Selectively written to the magnetic Stripe. The personal
`authorization device may be enrolled with an enrollment
`System, which may transmit account data to the personal
`authorization device.
`In another embodiment, an integrated personal authori
`Zation device comprises a biometric Sensor adapted to
`receive a biometric input, a biometric data Storage adapted
`to hold stored biometric data to be compared with the
`biometric input, and an account information Storage adapted
`to hold user account information for a user account that
`corresponds to the Stored biometric data, and an interface for
`authorizing transactions with an external System responsive
`to the biometric input corresponding to the Stored biometric
`data. The integrated personal authorization device may be
`enrolled with an enrollment System via the interface, receiv
`ing account information from the enrollment System. The
`integrated personal authorization device may comprise an
`internal Server, which may interact with a transaction autho
`rization System to validate the transaction with the external
`System.
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,983,882 B2
`
`2
`In another embodiment, a technique for enrolling a per
`Sonal authorization device comprises opening communica
`tions between the personal authorization device and an
`enrollment System, authenticating the personal authorization
`device to the enrollment System, obtaining biometric data on
`the personal authorization device from a user, Storing the
`biometric data on the personal authorization device, and
`closing communications with the enrollment System. The
`technique may send a plurality of user account data to the
`personal authorization device, Storing the plurality of user
`account data in the personal authorization device.
`In yet another embodiment, a biometric protection System
`comprises a Smart card and a personal authorization device.
`The Smart card Stores a master account data and an appli
`cation for providing an additional account data to the
`personal authorization device if a biometric input received
`by a biometric Sensor of the personal authorization device
`corresponds to a stored biometric data on the personal
`authorization device. The personal authorization device has
`an interface for communication with the Smart Card. The
`biometric protection System may further include an enroll
`ment System for enrolling the personal authorization device
`upon validation of the personal authorization device by the
`enrollment System, where the enrollment System may pro
`vide an additional user account data for Storing on the Smart
`card by the personal authorization device.
`In yet another embodiment, a technique uses a personal
`authorization device for e-commerce transactions. After
`authenticating a user by comparing a Stored biometric data
`on the personal authorization device to a biometric input
`Sensed by the personal authorization device, user account
`data from a portable token engaged with the personal
`authorization device may be provided via the personal
`authorization device to a transaction System. The personal
`authorization device may also communicate with a transac
`tion authorization System to validate the personal authori
`Zation device and the user account data with the transaction
`authorization System, transmitting validation information to
`the transaction System via the personal authorization device.
`Various other aspects of the invention are described and
`claimed below.
`
`BRIEF DESCRIPTION OF THE SEVERAL
`VIEWS OF THE DRAWINGS
`
`A better understanding can be obtained when the follow
`ing detailed description of Several disclosed embodiments is
`considered in conjunction with the following drawings in
`which
`FIG. 1 is a view of an illustrative embodiment of a
`personal authorization device (PAD);
`FIG. 2 illustrates three views of another illustrative
`embodiment of a PAD, showing certain internal components
`of the PAD;
`FIG. 3 is a view of another illustrative embodiment of a
`PAD showing engagement by a magnetic Stripe card and a
`Smart card;
`FIG. 4 is an illustration of one embodiment of an enroll
`ment technique for a PAD;
`FIG. 5 is a chart illustrating usage of a PAD for authen
`tication of a transaction;
`FIG. 6 is an illustration of a PAD used for an access
`control application;
`FIG. 7 is a graph illustrating a PAD used for storing
`multiple portable tokens and creating a universal portable
`token;
`
`Samsung Ex. 1018, Page 18 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`US 6,983,882 B2
`
`3
`FIG. 8 is a drawing of a typical magnetic Stripe credit
`card;
`FIG. 9 is a drawing illustrating the effective removal of
`the portable token from a PAD according to one embodi
`ment,
`FIG. 10 is a drawing illustrating another embodiment of
`a magnetic Stripe layer for a portable token;
`FIG. 11 is a flowchart illustrating a disclosed e-commerce
`use of one embodiment of a PAD;
`FIG. 12 is a flowchart illustrating an enrollment technique
`for enrolling a PAD with an enrollment system;
`FIG. 13 is a flowchart illustrating a technique for using a
`PAD with a magStripe card; and
`FIG. 14 is a flowchart illustrating a technique for using a
`PAD with a Smart card.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`4
`The structure of the account number varies by system. For
`example, American Express card numbers typically start
`with 37; Carte Blanche and Diners Club with 38. For
`American Express cards, digits three and four are typically
`type and currency, digits five through 11 the internal account
`number, digits 12 through 14 the card number within the
`account, and digit 15 is typically a check digit. For VISAOR)
`account numbers, digits two through six are typically an
`issuer bank number, digits Seven through 12 or Seven
`through 15 the internal account number, and digit 13 or 16
`is typically a check digit.
`For MasterCard account numbers, digits two and three,
`two through four, two through five, or two through six are
`typically the bank number (depending on whether digit two
`is a 1, 2, 3 or other). The digits after the bank number up
`through digit 15 are typically the internal account number,
`and digit 16 is typically a check digit. However, other
`account number types and formats may be used.
`The magnetic Stripe, often referred to as a magStripe, is
`typically made up of tiny iron-based magnetic particles in a
`plastic-like film. Each particle is really a tiny bar magnet,
`typically about 20-millionths of an inch long.
`The magstripe can be “written” because the tiny bar
`magnets can be magnetized in either a north or South pole
`direction. There are three tracks on the typical magStripe.
`Each track is typically about one-tenth of an inch wide.
`The ISO/IEC standard 7811, which is used by many
`banks, specifies that track one is 210 bits per inch (bpi), and
`holds 79 6-bit plus parity bit read-only characters. Track two
`is 75 bpi, and holds 40 4-bit plus parity bit characters. Track
`three is 210 bpi, and holds 107 4-bit plus parity bit charac
`ters. Credit card typically uses only tracks one and two.
`Track three is a read/write track which typically includes an
`encrypted personal identification number (PIN) code, typi
`cally four digits, a country code, currency units and the
`amount authorized. Usage is not standardized among banks.
`Other numbers and arrangements of tracks may be used.
`Although any convenient format for the magStripe can be
`used, the information on track one is typically contained in
`two formats: A, which is reserved for proprietary use of the
`card issuer, and B, which includes the following:
`
`Start sentinel
`Format code = “B”
`Primary account number
`Separator
`Country code
`Name
`Separator
`Expiration date or separator
`Discretionary data
`
`End sentinel
`
`one character
`one character (alpha only)
`up to 19 characters
`one character
`three characters
`two to 26 characters
`one character
`four characters or one character
`enough characters to fill out maximum
`record length (79 characters total)
`one character Longitudinal redundancy check
`(LRC) - one character
`
`The format for track two, developed by the banking
`industry, is typically as follows:
`
`Start sentinel
`Primary account number
`Separator
`Country code
`Expiration date or separator
`Discretionary data
`
`one character
`up to 19 characters
`one character
`three characters
`four characters or one character
`enough characters to fill out maximum
`record length (40 characters total)
`one character
`
`15
`
`25
`
`A personal authorization device can provide protection for
`portable tokens like magnetic Stripe cards, Such as credit or
`debit cards, with a biometric authentication technique, while
`preserving the privacy of the biometric data, without pro
`viding the biometric data to remote systems. FIG. 1 illus
`trates a personal authorization device PADP for use with a
`magnetic Stripe card MC according to one embodiment. The
`magnetic Stripe card MC is typically generally rectangular
`with rounded corners, although other shapes are used, Such
`as the DISCOVER(R) 20O abstract rounded shape card.
`The card MC typically has a thickness of roughly 0.76
`mm (0.030 inches), but other thicknesses may be used. On
`one of its major Sides, an area is reserved for a magnetic
`stripe, as is best shown in FIG. 8, where magnetic stripe 820
`is shown on the backside of card MC. Many cards MC
`include embossed information on the front Side of the card,
`35
`such as the account number 810, validity dates 830, and
`cardholder name 840, as illustrated in FIG.8. The arrange
`ment of these optional elements is illustrative and exemplary
`only and other arrangements and embossed information can
`be used. Further, magnetic Stripe cards can be used without
`any embossed information. A signature area is frequently
`found on the backside of the card, Such as the area 850
`shown in FIG. 8, for additional security. However, cardhold
`erS routinely forget to sign the cards and Signatures are
`infrequently checked in common transactions where the card
`is physically presented, and cannot be checked in e-com
`merce transactions. Some cards are produced with a picture
`of the cardholder. Again, the picture may not be checked in
`common transactions where the card is physically presented,
`and the picture cannot be checked in e-commerce transac
`tions.
`Multiple Standards exist for magnetic Stripe cards and the
`account numbers associated with those cards. Although
`magStripe cards originally were only credit cards, today
`debit cards, telephone calling cards, access control cards,
`and other kinds of cards may use magStripes. References to
`“credit cards” in the following should be taken as including
`all types of magStripe cards unless otherwise noted.
`ANSI Standard X4.13-1983 is the system used by most
`national credit-card Systems. The first digit in a credit-card
`account number under that Standard Signifies the issuing
`System:
`3-travel/entertainment cards (Such as American Express
`and Diners Club)
`4-Visa
`5-MasterCard
`6-Discover Card
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Samsung Ex. 1018, Page 19 of 28
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00980
`
`
`
`US 6,983,882 B2
`
`15
`
`S
`For authentication, there are three common basic methods
`for determining whether a credit card will be accepted for a
`given transaction. Merchants with few transactions each
`month may do voice authentication using a telephone.
`Electronic data capture (EDC) magStripe card Swipe termi
`nals may be used. E-commerce transactions on the Internet
`or elsewhere may use on-line authentication.
`In a typical authorization Scenario, after the bearer or the
`cashier Swipes the credit card through a reader, the EDC
`software at the point-of-sale (POS) terminal dials a stored
`telephone number via a modem to call an acquirer. An
`acquirer is typically an organization that collects credit
`authentication requests from merchants and provides the
`merchants with a payment guarantee. When the acquirer
`company gets the credit-card authentication request, it typi
`cally checks the transaction for validity and the recorded
`data on the magstripe for: Merchant ID, Valid card number,
`Expiration date, and Credit limit. Single dial-up transactions
`are typically processed at 1,200 to 2,400 bits per second
`(bps), while direct Internet attachment may use much higher
`Speeds via this protocol. In this System, the cardholder may
`enter a personal identification number (PIN), typically four
`digits, using a keypad or other similar input device, although
`many transactions are done without use of the PIN. For
`example, before getting cash from an ATM, the ATM
`25
`typically encrypts the PIN entered and sends it to a remote
`database to See if there is a match.
`The PIN may be stored either in the bank's computers in
`an encrypted form or encrypted on the card itself. A one-way
`encryption technique is typically used. This means that
`computing a cipher given the bank's key and the customer's
`PIN is easy, but obtaining the plain-text PIN from the cipher,
`even if the key is known, is not computationally feasible.
`This feature was designed to protect the cardholder from
`being imperSonated by Someone who has access to the
`bank's computer files.
`Likewise, the communications between the ATM and the
`bank's central computer are typically encrypted to prevent
`would-be thieves from tapping into the phone lines, record
`ing the Signals Sent to the ATM to authorize the dispensing
`of cash, and then feeding the same Signals to the ATM to
`trick it into unauthorized dispensing of cash.
`The PAD P typically has the dimensions and appearance
`of a pocket calculator. However, the illustrated size and
`shape is exemplary only, and other dimensions and appear
`ances may be used. As shown in FIG. 1, the PAD Pincludes
`a slit or slot 100 for the insertion of the card MC, presented
`here on one of the PADP's sides. Alternately, the cards may
`be at least partially inserted into an opening on one side of
`the PADP, as shown in FIG. 3, where a card SC is partially
`inserted into the PAD P. Other techniques for engaging the
`card MC with the PADP may be used. In one embodiment,
`the PAD can be used both with magnetic stripe cards MC as
`well as Smart cards, as illustrated by FIG. 3. On an upper
`Side, PADP may display data for a user on a display Screen
`110, which is preferably a liquid crystal type display,
`although other display types can be used. In one embodi
`ment, the display 110 may be a 1-line display. Other sizes of
`displayS may be used. A data entry feature 120 may also be
`provided. As shown in FIG. 1, the data entry feature is a
`keypad area, Similar to those of a basic calculator including
`the 10 digits from 0 to 9. The PAD P may also include a
`keypad 130 with the period, the four basic operators for
`addition, Subtraction, multiplication and division, and the
`equal sign, as well as enabling the calculation of percent
`ages, memory keypads and operators for addition and Sub
`traction within the memory. Other keys or types of data entry
`
`35
`
`6
`features or arrangements of features may be used. The PAD
`P may be switched on with the authentication of the bearer,
`with the removal of the card MC Switching off the PAD P.
`An on Switch and/or an off Switch may also be used.
`The PADP may also include a biometric sensor 140, such
`as a fingerprint Sensor. Although the following will be
`described in terms of fingerprint biometric Sensors and data,
`other forms of biometric Sensors and data may be used, and
`references to fingerprints and fingerprint Sensors should be
`understood to apply to other kinds of biometric Sensors and
`data, Such as a microphone fitted to record the Voice of the
`bearer in order to perform a voice recognition, a retina Scan,
`or other kinds of biometric sensors. The features and
`arrangement of features of the PAD Pas shown in FIG. 1 is
`illustrative and exemplary only, and other features and
`arrangements may be used. In one embodiment, the biomet
`ric sensor 140 may be a CMOS dactyloscopic scanner
`designed for 1:1 fingerprint authentication. The TCEBA
`TOUCHCHIP(R) Fingerprint Biometric Subsystem from the
`STMicroelectronics Group and the MORPHOMODULETM
`from Groupe SAGEM are examples of such biometric
`Sensors 140, although other biometric Sensors may be used.
`The fingerprint Scanner may also be designed for 1:n fin
`gerprint identification. Optical, capacitive, and other types
`of fingerprint Scanners may be used.
`The biometric sensor 140 when coupled with logic to
`compare the Sensed fingerprint to the Stored fingerprint
`should preferably Successfully match fingerprints regardless
`of how the finger is placed on the Sensor 140, including
`Smudged prints.
`Within PAD Pan electronic circuit comprises a processor
`as well as