(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`
`(19) World Intellectual Property Organization
`International Bureau
`
`( 43) International Publication Date
`25 September 2008 (25.09.2008)
`
`PCT
`
`(51) International Patent Classification:
`G06K 9100 (2006.01)
`H04K 1/00 (2006.01)
`
`(21) International Application Number:
`PCT I A U2008/0003 66
`
`(22) International Filing Date: 14 March 2008 (14.03.2008)
`
`(25) Filing Language:
`
`(26) Publication Language:
`
`English
`
`English
`
`(30) Priority Data:
`2007901361
`2007901683
`
`16 March 2007 (16.03.2007) AU
`29 March 2007 (29.03.2007) AU
`
`(71) Applicant (for all designated States except US): MICRO(cid:173)
`LATCH PTY LTD [AU/AU]; Unit 13, 145-147 Forest
`Road, Hurstville, NSW 2220 (AU).
`
`(72) Inventor; and
`(75) Inventor/Applicant (for US only): BURKE, Christo(cid:173)
`pher, John [AU/AU]; 48 Margate Street, Ramsgate, NSW
`2217 (AU).
`
`1111111111111111 IIIIII IIIII 11111 IIIII IIII I 111111111111111 lllll lllll lllll 11111111111111111111111
`
`(10) International Publication Number
`WO 2008/113110 Al
`(74) Agent: SPRUSON & FERGUSON; GPO Box 3898, Syn(cid:173)
`dey, NSW 2001 (AU).
`(81) Designated States (unless otherwise indicated, for every
`kind of national protection available): AE, AG, AL, AM,
`AO, AT, AU, AZ, BA, BB, BG, BH, BR, BW, BY, BZ, CA,
`CH, CN, CO, CR, CU, CZ, DE, DK, DM, DO, DZ, EC, EE,
`EG, ES, Fl, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID,
`IL, IN, IS, JP, KE, KG, KM, KN, KP, KR, KZ, LA, LC,
`LK, LR, LS, LT, LU, LY, MA, MD, ME, MG, MK, MN,
`MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PG, PH,
`PL, PT, RO, RS, RU, SC, SD, SE, SG, SK, SL, SM, SV,
`SY, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN,
`ZA, ZM,ZW.
`(84) Designated States (unless otherwise indicated, for every
`kind of regional protection available): ARIPO (BW, GH,
`GM, KE, LS, MW, MZ, NA, SD, SL, SZ, TZ, UG, ZM,
`ZW), Eurasian (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM),
`European (AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, Fl,
`FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MT, NL,
`NO, PL, PT, RO, SE, SI, SK, TR), OAPI (BF, BJ, CF, CG,
`CI, CM, GA, GN, GQ, GW, ML, MR, NE, SN, TD, TG).
`Published:
`with international search report
`
`(54) Title: METHOD AND APPARATUS FOR PERFORMING A TRANSACTION USING VERIFICATION STATION
`
`(57) Abstract: A method of performing a transaction
`process using a verification station ( 127) is disclosed.
`The method compares a first biometric signature,
`inputted to a biometric reader (102) incorporated
`into the verification station (127), to one or more
`further biometric signatures stored in a memory (124)
`incorporated into the verification station (127). The
`method performs the transaction process using card
`information stored in the memory (124), if the inputted
`biometric signature matches one of the stored biometric
`signatures, otherwise, the transaction is not performed.
`The stored card information was read from a card
`device (112) and stored in the memory (124) during a
`previous transaction process using a card device reader
`(112) incorporated into the verification station (127).
`
`---iiiiiiii
`iiiiiiii -
`--
`-----
`--iiiiiiii
`
`iiiiiiii
`
`600
`
`j biometric
`
`card pointer
`concept
`
`601 swipe or smart card
`
`605 card information
`
`603
`card
`
`602
`card
`type
`
`range 7 606
`
`header~
`used to
`determine
`permitted
`card set
`
`Q
`,-...I
`,-...I
`~
`,-...I
`
`,-...I ---QO
`
`Q
`Q
`M
`0
`~
`
`608
`
`604
`""' data~
`
`pointsto
`address
`of biometric
`signature
`
`124
`local
`database
`
`607
`memory address
`defined by card data
`
`Fig. 4
`
`ASSA ABLOY Ex. 1019 - Page 1
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`- 1 -
`
`METHOD AND APPARATUS FOR PERFORMING A TRANSACTION USING A
`
`VERIFICATION STATION
`
`Field of the Invention
`
`The present invention relates generally to security issues and, in particular, to
`
`5
`
`security issues associated with use of card devices such as credit cards, smart cards, and
`
`wireless card-equivalents such as wireless transmitting fobs.
`
`Background
`
`This description makes reference to various types of "card device" and their
`
`associated "reader devices" (respectively referred to merely as cards and readers). The
`
`1 O
`
`card devices all contain card information that is accessed by "coupling" the card device to
`
`an associated reader device. The card information is used for various purposes including
`
`drawing cash from an Automatic Teller Machine (ATM), making a purchase on credit,
`
`updating a loyalty point account, gaining access to a restricted area or controlled device
`
`and so on. The card information is typically accessed from the card by a corresponding
`
`15
`
`card reader which then sends the card information to a "back-end" system that completes
`
`the appropriate transaction or process.
`
`One type of card device is the "standard credit card" which in this description
`
`refers to a traditional plastic card 701 as depicted in Fig. 1. The standard credit card is
`
`typically "swiped" through a slot in a standard credit card reader in order to access card
`
`20
`
`information 702 on the card 701. The card information 702 can alternately be encoded
`
`using an optical code such as a bar code, in which case the reader is suitably adapted.
`
`The standard credit card 701 also typically has the signature 703 of the card-owner
`
`written onto a paper strip on the card 701. This is used for verification of the identity of
`
`the person submitting the card when conducting a transaction using the card 701.
`
`25
`
`Another type of card device is the smart card (not shown) that typically has an
`
`on-board processor and a memory. The smart card typically has electrical contacts that
`
`ASSA ABLOY Ex. 1019 - Page 2
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`-2 -
`
`mate with corresponding contacts on a smart card reader (not shown) when accessing data
`
`in the memory of the smart card.
`
`Still another type of card device is a proximity card (not shown) that typically
`
`has an on-board microchip. A proximity card reader sends out a low-level radio
`
`5
`
`:frequency (RF) signal, which energizes the microchip embedded in the card when the
`
`card is placed in close proximity to the reader. The proximity card then transmits data in
`
`the form of a unique code to the reader.
`
`Still another type of card device is the wireless "key-fob" which is a small radio
`
`transmitter that emits an RF signal when a button on the fob is pressed. The RF signal
`
`10
`
`can be encoded using the Wiegand protocol, or any other suitable protocol, such as rolling
`
`code or Bluetooth™ and can include encryption if desired. The key-fob typically has a
`
`processor and memory storing data that is sent via the transmitted signal to a
`
`corresponding receiver, which is the "reader device" for this type of card device.
`
`The description also refers to "card user" and "card owner". The card user is the
`
`15
`
`person who submits the card for a particular transaction. The card user can thus be the
`
`(authorised) card owner or an (unauthorised) person who has found or stolen the card.
`
`Currently, the above described cards are heavily relied on both for financial
`
`transactions, as described above, and also for secure access. However, the cards are often
`
`used fraudulently. For example, a card may be used without the consent of the card
`
`20
`
`owner to gain access to a bank account. Further, data stored on a card may be copied and
`
`used to gain access to a building or the like.
`
`Clearly the signature 703 on the standard credit card 701 in Fig. 1 can be forged.
`
`Thus, if the standard card 701 is stolen or lost, an unauthorised user can use the card
`
`provided that they can supply a sufficiently accurate version of the signature 703. The
`
`25
`
`only recourse available to the card owner is to notify the card issuing company to
`
`"cancel" the card.
`
`ASSA ABLOY Ex. 1019 - Page 3
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`- 3 -
`
`Current card devices such as the standard credit card, the smart card and the key-
`
`fob can have their security enhanced by requiring the card user to provide PIN (Personal
`
`Identification Number) information through a keypad to verify their identity prior to
`
`completing a transaction. However, PIN information can also be "stolen" by surveillance
`
`5
`
`of the card owner's hands as the card owner operates the keypad.
`
`Biometric verification can also be incorporated into current card systems to
`
`enhance security.
`
`In Fig. 2 the card user swipes the standard card 701 through an
`
`associated card reader (not shown) that accesses the card information 702 on the card 701.
`
`The card user also provides a biometric signature 801, for example by pressing their
`
`10
`
`thumb against a biometric (e.g., fingerprint) reader 802. The card information 702 that is
`
`read by the card reader (not shown), together with the biometric signature that is read by
`
`the biometric (fingerprint) reader 802, are sent, as depicted by a dashed arrow 803, a
`
`computer network 804, and a further dashed arrow 805, to a back-end system including a
`
`database 806 and associated processor (not shown).
`
`15
`
`In this arrangement, the card owner needs to have previously registered their
`
`biometric signature 801 and the card information 702 for pre-loading onto the back-end
`
`database 806. Having done so, the back-end processor (not shown) compares the pre(cid:173)
`
`loaded information on the database 806 with the information received at 805, in order to
`
`check that the card holder of the card 701 is the (authorised) card owner and that the card
`
`20
`
`itself is valid, in which case the transaction in question can proceed. Clearly this
`
`arrangement requires a central repository (806) of card information 702 and biometric
`
`signatures 801. This is cumbersome and potentially compromises the privacy and
`
`security of the holder of the card 701. This arrangement also requires complex back-end
`
`database management and the communications network 804. Furthermore, the front-end
`
`25
`
`biometric signature reader 802 requires storage and/or processing capabilities for the
`
`biometric signatures. This results in a complex and expensive solution.
`
`ASSA ABLOY Ex. 1019 - Page 4
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`-4-
`
`Privacy concerns have also been raised against the arrangement of Fig. 2 which
`
`involves centralised storage and processing of personal information including biometric
`
`information. These concerns have slowed widespread use of biometrics to enhance user
`
`verification.
`
`5
`
`Another disadvantage of the arrangement of Fig. 2 is that even once the card
`
`owner's biometric signature 801 and card information 702 has be pre-loaded onto the
`
`back-end database 806, the card owner is still required to carry the card and to validate
`
`the card for each transaction. This is inconvenient as the card is often lost or damaged.
`
`Summary
`
`It is an object of the present invention to substantially overcome, or at least
`
`ameliorate, one or more disadvantages of existing arrangements.
`
`Disclosed are arrangements which seek to address the above problems by
`
`automatically storing a card user's biometric signature in a local memory in a verification
`
`15
`
`station comprising a card reader, a biometric signature reader, the local biometric
`
`signature memory (preferably in a mechanically and electronically tamper-proof form), an
`
`alphanumeric keypad ( optional), and a communication module for communicating with
`
`back-end system that may be remotely accessible over a network.
`
`As described herein, when the description refers to "the storing of a biometric
`
`20
`
`signature" in a memory, a person skilled in the art would understand that rather than.the
`
`actual biometric signature it is a representation of the biometric signature that is actually
`
`stored in the memory. This representation may be referred to as a "biometric template" or
`
`"template".
`
`The card user's biometric signature is automatically stored the first time the card
`
`25
`
`user uses the verification station in question (this being referred to as the enrolment
`
`phase). The biometric signature is stored at a memory address together with a copy of the
`
`ASSA ABLOY Ex. 1019 - Page 5
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`-5-
`
`card information on the user's card as read by the card reader of the verification station.
`
`The memory address may be defined by the ("unique") card information on the user's
`
`card. The term "unique" means unique in the context of a permitted set of cards
`
`associated with the verification station. This is described in more detail in regard to
`
`5
`
`Fig. 8.
`
`All future uses (referred to as uses in the verification phase) of the particular
`
`verification station by the user of the aforementioned card requires the user to merely
`
`submit a biometric signature (e.g., thumb print or retinal scan etc.), which is compared to
`
`the signatures stored in the memory associated with the verification station. Once the
`
`10
`
`submitted biometric signature has been matched to one of the biometric signatures stored
`
`in the memory, the card information stored with the stored biometric signature is sent to
`
`the back-end system.
`
`An authorised user will be automatically verified by the arrangement in the
`
`verification station, and the corresponding transaction, be it an ATM cash withdrawal, a
`
`15
`
`credit purchase, a loyalty point update, allowing entry to a restricted area etc. will simply
`
`proceed as normal. The biometric signature of an unauthorised user will be captured in
`
`the verification station, and can be used by the authorities to track the unauthorised user.
`
`The described arrangements require virtually no modification at all of the back(cid:173)
`
`end systems or the (front-end) card. The additional administrative overheads associated
`
`20 with the described arrangements, above those already required for systems using
`
`(standard) cards and back-end systems, are minimal. The described arrangements also
`
`potentially have a reduced impact on privacy of card users. The biometric signatures
`
`stored in the local database of the verification station can be made off limits to anyone, or
`
`limited to law enforcement agencies, depending on the administrative environment in
`
`25 which the arrangements are implemented. Users of current card systems can learn to use
`
`ASSA ABLOY Ex. 1019 - Page 6
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`-6-
`the described arrangements without much effort, needing only to provide a biometric
`
`signature.
`
`According to one aspect of the present invention there is provided a method of
`performing a transaction process using a verification station, the method comprising the
`
`5
`
`steps of:
`
`comparing a first biometric signature, inputted to a biometric reader incorporated
`
`into the verification station, to one or more further biometric signatures stored in a
`
`memory incorporated into the verification station; and
`performing the transaction process using card information stored in said
`
`10 memory, if the inputted biometric signature matches one of said stored biometric
`signatures, otherwise, not performing the transaction, wherein the stored card information
`was read from a card device and stored in said memory during a previous transaction
`
`process using a card device reader incorporated into the verification station.
`According to another aspect of the present invention there is provided a
`
`15
`
`verification station for performing a transaction process, the verification station
`
`comprising:
`means for comparing a first biometric signature, inputted to a biometric reader
`
`incorporated into the verification station, to one or more further biometric signatures
`
`stored in a memory incorporated into the verification station; and
`means for performing the transaction process using card information stored in
`
`20
`
`said memory, if the inputted biometric signature matches one of said stored biometric
`signatures, otherwise, not performing the transaction, wherein the stored card information
`was read from a card device and stored in said memory during a previous transaction
`
`process using a card device reader incorporated into the verification station.
`
`25
`
`ASSA ABLOY Ex. 1019 - Page 7
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`-7-
`
`According to still another aspect of the present invention a computer program
`
`product including a computer readable medium having recorded thereon a computer
`
`program for directing a processor to execute a method for performing a transaction
`
`process using a verification station, said program comprising:
`
`5
`
`code for comparing a first biometric signature, inputted to a biometric reader
`
`incorporated into the verification station, to one or more further biometric signatures
`
`stored in a memory incorporated into the verification station; and
`
`code for performing the transaction process using card information stored in said
`
`memory, if the inputted biometric signature matches one of said stored biometric
`
`1 o
`
`signatures, otherwise, not performing the transaction, wherein the stored card information
`
`was read from a card device and stored in said memory during a previous transaction
`
`process using a card device reader incorporated into the verification station.
`
`According to still another aspect of the present invention there is provided a
`
`method of performing a transaction process using a verification station, the method
`
`15
`
`comprising the steps of:
`
`comparing a first biometric signature, inputted to a biometric reader incorporated
`
`into the verification station, to a biometric signature stored at a memory location in a
`
`memory incorporated into the verification station, said memory location being defined by
`
`a personal identification number (PIN) inputted into a keypad; and
`
`20
`
`performing the transaction process using card information stored in said
`
`memory, if the inputted biometric signature matches the biometric signature stored at the
`
`memory location, otherwise, not performing the transaction, wherein the stored card
`
`information was read from a card device and stored in said memory together with said
`
`PIN during a previous transaction process using a card device reader incorporated into the
`
`25
`
`verification station.
`
`ASSA ABLOY Ex. 1019 - Page 8
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`- 8 -
`
`According to still another aspect of the present invention there is provided a
`
`verification station for performing a transaction process, the verification station
`
`comprising:
`
`means for comparing a first biometric signature, inputted to a biometric reader
`
`5
`
`incorporated into the verification station, to a biometric signature stored at a memory
`
`location in a memory incorporated into the verification station, said memory location
`
`being defined by a personal identification number (PIN) inputted into a keypad; and
`
`means for performing the transaction process using card information stored in
`
`said memory, if the inputted biometric signature matches the biometric signature stored at
`
`Io
`
`the memory location, otherwise, not performing the transaction, wherein the stored card
`
`information was read from a card device and stored in said memory together with said
`
`PIN during a previous transaction process using a card device reader incorporated into the
`
`verification station.
`
`According to still another aspect of the present invention there is provided a
`
`15
`
`computer program product including a computer readable medium having recorded
`
`thereon a computer program for directing a processor to execute a method for performing
`
`a transaction process using a verification station, said program comprising:
`
`code for comparing a first biometric signature, inputted to a biometric reader
`
`incorporated into the verification station, to a biometric signature stored at a memory
`
`20
`
`location in a memory incorporated into the verification station, said memory location
`
`being defined by a personal identification number (PIN) inputted into a keypad; and
`
`code for performing the transaction process using card information stored in said
`
`memory, if the inputted biometric signature matches the biometric signature stored at the
`
`memory location, otherwise, not performing the transaction, wherein the stored card
`
`25
`
`information was read from a card device and stored in said memory together with said
`
`ASSA ABLOY Ex. 1019 - Page 9
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`-9-
`
`PIN during a previous transaction process using a card device reader incorporated into the
`
`verification station.
`
`Other aspects of the invention are also disclosed.
`
`Brief Description of the Drawings
`
`5
`
`Some aspects of the prior art and one or more embodiments of the present
`
`invention will now be described with reference to the drawings, in which:
`
`Fig. 1 depicts a standard credit card;
`
`Fig. 2 shows the card of Fig. 1 being used together with biometric verification;
`
`Fig. 3 is a functional block diagram of a special-purpose computer system upon
`
`Io which described methods for the described arrangements can be practiced;
`
`Fig. 4 illustrates the use of a standard card in the described arrangements;
`
`Fig. 5 is a flow chart of a process for using the verification station of Fig. 3;
`
`Fig. 6 shows the verification process of Fig. 5 in more detail;
`
`Fig. 7 shows the enrolment process of Fig. 5 in more detail;
`
`15
`
`Fig. 8 shows the card information process of Fig. 5 in more detail;
`
`Fig. 9 shows an alternate use for the described arrangements;
`
`Fig.10 is a flow chart of a process for using the verification station of Fig. 3; and
`
`Fig. 11 is another flow chart of a process for using the verification station of Fig.
`
`3.
`
`20
`
`Detailed Description including Best Mode
`
`Where reference is made in any one or more of the accompanying drawings to
`
`steps and/or features, which have the same reference numerals, those steps and/or features
`
`have for the purposes of this description the same function(s) or operation(s), unless the
`
`contrary intention appears.
`
`25
`
`Fig. 3 is a functional block diagram of a system 100 in which the described
`
`arrangements can be practiced.
`
`The methods described herein particularly lend
`
`ASSA ABLOY Ex. 1019 - Page 10
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`themselves to implementation on the special-purpose computer system 100 such as that
`
`shown in Fig. 3 wherein the processes of Figs. 5-8, 9 and 10 may be implemented as
`
`software, such as an application program executing within the computer system 100. In
`
`particular, the steps of the described methods are effected by instructions in the software
`
`5
`
`that are carried out by a verification station 127. The verification station 127 is typically
`
`constructed in a tamper-proof manner, both physically and electronically, to prevent
`
`unauthorised access to the inner mechanism of the verification station 127. The
`
`instructions may be formed as one or more code modules, each for performing one or
`
`more particular tasks. The software may also be divided into two separate parts, in which
`
`1 O
`
`a first part performs the described methods and a second part manages a user interface
`
`between the first part and the user.
`
`The software may be stored in a computer readable medium, including the
`
`storage devices described below, for example. The software is loaded into the
`
`verification station 127 from the computer readable medium, and is then executed by the
`
`15
`
`verification station 127. A computer readable medium having such software or computer
`
`program recorded on it is a computer program product. The use of the computer program
`
`product in the computer preferably effects an advantageous apparatus for effecting the
`
`described arrangements.
`
`The computer system 100 consists of a computer module 101, input devices such
`
`20
`
`as a biometric reader 102, a card reader 112, and a keypad 103, output devices including
`
`an LCD (Liquid Crystal Display) display device 126 and a loudspeaker 117. The
`
`computer module 101 uses a Modulator-Demodulator (Modem) transceiver device 116
`
`for communicating to and from a communications network 120, for example connectable
`
`via a telephone line 121 or other functional medium. The modem 116 can be used to
`
`25
`
`obtain access to a back end system including a processor 122 and back-end database 123
`
`ASSA ABLOY Ex. 1019 - Page 11
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`- 11 -
`
`over the Internet, and other network systems, such as a Local Area Network (LAN) or a
`
`Wide Area Network (WAN).
`
`The computer module 101 typically includes at least one processor unit 105, and
`
`a memory unit 106, for example formed from semiconductor random access memory
`
`5
`
`(RAM) and read only memory (ROM). The module 101 also includes a number of
`
`input/output (I/O) interfaces including an audio-video interface 107 that couples to the
`
`LCD display 126 and loudspeaker 117, an I/O interface 113 for the keypad 103, biometric
`
`reader 102 and card reader 112, and an interface 108 for the modem 116.
`
`In some
`
`implementations, the modem 116 may be incorporated within the computer module 101,
`
`IO
`
`for example within the interface 108.
`
`A storage device 109 is provided and typically includes a hard disk drive 110
`
`and a flash memory 111. The components 105 to 111 and 113 of the computer
`
`module 101, typically communicate via an interconnected bus 104 and in a manner that
`
`results in a conventional mode of operation of the computer system 100 known to those in
`
`15
`
`the relevant art.
`
`Typically, the application program is resident on the hard disk drive 110 and
`
`read and controlled in its execution by the processor 105. Intermediate storage of the
`
`program and any data fetched from the network 120 may be accomplished using the
`
`semiconductor memory 106, possibly in concert with the hard disk drive 110. In some
`
`20
`
`instances, the application program may be supplied to the user encoded on the flash
`
`memory device 111, or alternatively may be read by the computer module 101 from the
`
`network 120 via the modem device 116.
`
`Still further, the software can also be loaded into the computer system 100 from
`
`other computer readable media. The term "computer readable medium" as used herein
`
`25
`
`refers to any storage or transmission medium that participates in providing instructions
`
`and/or data to the computer system 100 for execution and/or processing. Examples of
`
`ASSA ABLOY Ex. 1019 - Page 12
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`- 12 -
`
`storage media include floppy disks, magnetic tape, CD-ROM, a hard disk drive, a ROM
`
`or integrated circuit, a magneto-optical disk, or a computer readable card such as a
`
`PCMCIA card and the like, whether or not such devices are internal or external of the
`
`computer module 101. Examples of transmission media include radio or infra-red
`
`5
`
`transmission channels as well as a network connection to another computer or networked
`
`device, and the Internet or Intranets including e-mail transmissions and information
`
`recorded on Websites and the like.
`
`As illustrated in Fig. 4, a standard card 601 has card information 605 typically
`
`comprising three fields, namely 602 which is the card type, 603 which is the card range,
`
`10
`
`and 604 which comprises card data specific to the particular card 601. In the described
`
`arrangements, the card data 604 may act as the memory reference which points, as
`
`depicted by an arrow 608, to a particular memory address 607 in a local database 124 in
`
`the verification station 127 of Fig. 3. In another arrangement, a personal identification
`
`number (PIN) may also act as the memory reference which points to the particular
`
`15 memory address 607 in the local database 124 in the verification system 127.
`
`The fields 602 and 603, which together form a header 606, can be used by the
`
`described system to determine if the card 601 is to be processed according to the
`
`described methods or not. This is described in more detail in regard to Fig. 8.
`
`In an initial enrolment phase, the card user couples their card 601 (or key-fob or
`
`20
`
`other card device) to the card reader 112. The card information 605 is read by the card
`
`reader 112 and is initially buffered in the memory 106 (e.g., within RAM). The card user
`
`is then required to input a biometric signature, such as fingerprint, face, iris, or other
`
`unique signature, into the biometric reader 102. The card data 604 defines the location
`
`607 in the local database 124 where their unique biometric signature is to be stored. In
`
`25
`
`the described arrangements, once the biometric signature has been stored in the local
`
`database 124 at the location 607, the card information 605 buffered in memory 106 is
`
`ASSA ABLOY Ex. 1019 - Page 13
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`- 13 -
`
`then also stored at the location 607 in the local database 124. For example, the card
`
`information 605 may be appended to the biometric signature stored at the location 607
`
`within the local database 124.
`
`Thereafter, in later verification phases, the card user is merely required to present
`
`5
`
`their unique biometric to the biometric reader 102 in order to perform a transaction. In
`
`this instance, the biometric signature provided by the user is compared to each of the
`
`signatures stored in the local database 124. Once verification is confirmed, through a
`
`match of the provided biometric signature to one of the stored signatures, the card
`
`information 605 is transferred from the local database 124 within the verification station
`
`10
`
`127 to the back-end processor 122 for completion of the transaction.
`
`Importantly, the back-end processor 122 does not see the difference between
`
`receiving the card information 605 from the verification station 127, and receiving it from
`
`a conventional card reader in the absence of the verification station implementing the
`
`described arrangements. This means that back-end processes (depicted by the back-end
`
`15
`
`processor 122 and the back-end database 123) need no modification when incorporating
`
`the described arrangements into current card systems. There are additional elements in
`
`the verification station 127 (see Fig. 3) compared to the normal card reader, however this
`
`is a relatively simple and inexpensive upgrade compared to the centralised arrangement
`
`depicted in Fig. 2.
`
`20
`
`Alternatively, rather than only providing their biometric signature in later
`
`verification phases, the user may choose to also couple their card 601 to the card reader
`
`112. In this instance, after coupling their card 601 to the card reader 112, the card user is
`
`required to again present their unique biometric to the biometric reader 102.
`
`In this
`
`instance, rather than the biometric signature provided by the user being compared to all of
`
`25
`
`the signatures stored in the local database 124 to determine a match, the biometric
`
`signature provided by the card user is only compared to the biometric signature stored at
`
`ASSA ABLOY Ex. 1019 - Page 14
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01045 - U.S. Patent No. 9,269,208
`
`

`

`WO 2008/113110
`
`PCT I AU2008/000366
`
`- 14 -
`
`the memory location 607 defined by the card data 604 read from their card 601 by the
`
`card reader 112. Again, once verification is confirmed, the card information 605 is
`
`transferred from the local database 124 of the verification station 127 to the back-end
`
`processor 122 for c