`
`I hereby certify that this correspondence is being electronically transmitted to the U.S.
`Patent and Trademark Office, Commissioner for Patents, via the EFS on February 12,
`2008.
`
`Robert D. Summer, Jr., Reg. No. 57,844
`
`TRANSMITTAL LETTER TO THE UNITED STATES
`DESIGNATED/ELECTED OFFICE (DO/EO/US)
`CONCERNING A SUBMISSION UNDER 35 U.S.C. 371
`INTERNATIONAL FILING DATE
`INTERNATIONAL APPLICATION NO.
`August 10, 2006
`PCT/AU2006/001130
`TITLE OF INVENTION
`
`ATTORNEY'S DOCKET NO.
`12838/5 (729727US)
`U.S. APPLICATION NO. (If known, see 37 CFfi 1.5)
`
`PRIORITY DATE CLAIMED
`August 12, 2005
`
`IMPROVING CARD DEVICE SECURITY USING BIOMETRICS
`
`APPLICANT(S) FOR DO/EQ/US
`
`BURKE, Christopher John
`Applicant herewith submits to the United States Designated/Elected Office (DO/E0/US) the following items and other information:
`12:1 This is a FIRST submission of items concerning a filing under 35 U.S.C. 371.
`1.
`q This Is a SECOND or SUBSEQUENT submission of Items concerning a filing under 35 U.S.C. 371.
`
`2.
`
`•
`
`3.
`
`ID This is an express request to begin national examination procedures (35 U.S.C. 371(f)).
`The submission must include items (5), (6), (9), and (21) Indicated below.
`
`4.
`121 The US has been elected (Article 31).
`5. 21 A copy of the International Application as filed (35 U.S.C. 371(c)(2)):
`a. C. is transmitted herewith (required only if not transmitted by the International Bureau).
`b. q has been transmitted by the International Bureau.
`c. q is not required, as the application was filed in the United States Receiving Office (RO/US).
`q An English language translation of the International Application into English (35 U.S.C. 371(c)(2)):
`
`6.
`
`a. q is attached hereto.
`
`b. q has been previously submitted under 35 U.S.C. 154(d)(4).
`7. 0 Amendments to the claims of the International Application under PCT Article 19 (35 U.S.C. 371(c)(3)):
`a. ED are transmitted herewith (required only if not transmitted by the International Bureau).
`b. q have been transmitted by the International Bureau.
`
`c. q have not been made; however, the time limit for making such amendments has NOT expired.
`
`d. q have not been made and will not be made.
`q An English language translation of the amendments to the claims under PCT Article 19 (35 U.S.C. 371(c)(3)).
`
`8.
`
`9. CE An [unexecuted] Declaration for Patent.
`10. II An English language translation of the annexes to the International Preliminary Examination Report under
`PCT Article 36 (35 U.S.C. 371(c)(5)) and/or amendments under Article 34.
`Items 11 to 20 Below concern other document(s) or information included:
`
`11.
`
`12.
`
`C.11 An Information Disclosure Statement under 37 CFR 1.97 and 1.98, PTO Form 1449; copies of cited references A3-A6.
`q An assignment document for recording. A separate cover sheet in compliance with 37 CFR 3.28 and 3.31 is included.
`
`13.
`
`,ili A preliminary amendment.
`
`14. q An Application Data Sheet under 37 CFR 1.76.
`
`15. q A substitute specification,
`16. q A power of attorney and/or change of address letter.
`17. q A computer-readable form of the sequence listing in accordance with PCT Rule 13ter.2 and 37 CFR 1.821-1.825.
`18. q A second copy of the published International Application under 35 U.S.C. 154(d)(4).
`19. q A second copy of the English language translation of the international application under 35 U.S.C. 154(d)(4).
`.
`
`q Other items or information: Return Postcard,
`
`20.
`
`SEND COMPLETED FORM TO: Mail Stop PCT, Commissioner for Patents, PO Box 1450, Alexandria, VA 22313-1450.
`
`ASSA ABLOY Ex. 1002 - Page 1
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8,620,039
`
`
`
`U.S. APPLICATION NO. (If known, see 37 CFR 1.50)
`.
`....
`....
`....... ...
`The following fees are submitted:
`21. El Basic National Fee (37 CFR 1.492(a))
`
`INTERNATIONAL APPLICATION NO.
`PCT/AU2006/001136
`
`ATTORNEY'S DOCKET NO.
`1283815
`PTO USE ONLY
`CALCULATIONS
`
`$310
`
`22. C.' Examination Fee (37 CFR 1.492(c))
`If the written opinion prepared by ISA/US or the international preliminary examination report prepared by
`•
`IPENUS indicates all claims satisfy provisions of PCT Article 33(1)-(4)
`$ 0
`$210
`• All other situations
`23. El Search Fee (37 CFR 1.492(b))
`•
`If the written opinion of the ISA/US or the International preliminary examination report prepared by
`IFE.A/US indicates all claims satisfy provisions of PCT Article 33(1)-(4)
`• Search fee (37 CFR 1.445(0)(2)) has been paid on the International application to the USPTO
`as an international Searching Authority
`• International Search Report prepared by an ISA other than the US and provided to the Office or
`previously communicated to the US by the lB
`• All other situations
`
`$410
`$510
`
`$ 0
`
`$100
`
`TOTAL OF 21, 22 and 23 •
`q Fee of $250 for each additional 50 sheets for specification and drawings that exceed 100 sheets (excluding
`sequence listing or computer program listing filed in an electronic medium) (37 CFR 1.4920)).
`• Surcharge of $130 for furnishing oath or declaration after 30 months from earliest claimed priority date
`(37 CFR 1.492(h)).
`Claims
`Total Claims
`Independent Claims
`Multiple dependent daim(s) if Applicable)
`
`Number Extra
`
`3
`
`$930
`
`$
`$
`
`$
`$ 630
`$
`$ 1560
`$780
`
`$
`
`$
`$
`
`Number Filed
`20 - 20 =,
`6. 3 -...-
`
`Rate
`x $ 50.00
`x $210.00
`4- $370.00
`TOTAL OF ABOVE CALCUATIONS =
`EI Applicant claims small entity status. See 37 CFR 1.27. The fees indicated above are reduced by one-half.
`SUBTOTAL=
`Fee of $130 for furnishing the English language translation after 30 months from earliest claimed priority date
`(37 CFR 1.492(i)).
`
`TOTAL NATIONAL FEE r.
`
`Recordal Fee of $40 (per property) for recording the attached assignment (37 CFR 1.21(h)).
`The assignment must be accompanied by an appropriate cover sheet (37 CFR 3.28, 3.31).
`TOTAL FEES ENCLOSED =
`
`a. q A check in the amount of $
`to cover the above fees is enclosed.
`b. el Please charge Deposit Account No. 23-1925 in the amount of $780.00 to cover the above fees.
`
`$
`
`$780
`Amount to be refunded
`Amount to be charged
`
`$
`$
`
`c. — The Commissioner is hereby authorized to charge any additional fees which play be required, or credit any overpayment to
`Deposit Account No. 23-1925.
`
`d. q Fees are to be charged to a credit card. WARNING: Information on this form may become public.
`Credit card information should not be included on this form. Provide credit card information and authorization on PTO-2038.
`The PTO.2038 should only be mailed or faxed to the USPTO. However, when paying the basic national fee, the PTO-2038 may
`NOT he faxed to the USPTO.
`
`Advisory: If filing by EFS-Web, do NOT attach the PTO-2038 form as a PDF along with your EFS-Web submission. Please be
`advised that this is NOT recommended and by doing so your credit card information may be displayed via PAIR. To protect
`your information, it is recommended paying fees online by using the electronic payment method.
`
`NOTE: Where an appropriate time limit under 37 CFR 1.495 has not been met, a petition to revive (37 CFR 1.137(a) or (b))
`must be filed and granted to restore the International Application to pending status.
`
`Send all correspondence to the address associated with
`Customer No. No. 00757 - Brinks Hofer Gilson Lione
`
`Signature
`
`Name
`Robert D. Summers, Jr.
`Re stration No. 57 844
`
`ASSA ABLOY Ex. 1002 - Page 2
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`Certificate Under 37 CFR 1.8
`
`I hereby certify that this correspondence is being electronically transmitted to the U.S.
`Patent and Trademark Office, Commissioner for Patents, via the EFS on February 12,
`2008.
`
`Robert D. Summer, Jr., Reg. No. 57,844
`
`TRANSMITTAL LETTER TO THE UNITED STATES
`DESIGNATED/ELECTED OFFICE (DO/EO/US)
`CONCERNING A SUBMISSION UNDER 35 U.S.C. 371
`INTERNATIONAL FILING DATE
`INTERNATIONAL APPLICATION NO.
`August 10, 2006
`PCT/AU2006/001130
`TITLE OF INVENTION
`
`ATTORNEY'S DOCKET NO.
`12838/5 (729727US)
`U.S. APPLICATION NO. (If known, see 37 CFfi 1.5)
`
`PRIORITY DATE CLAIMED
`August 12, 2005
`
`IMPROVING CARD DEVICE SECURITY USING BIOMETRICS
`
`APPLICANT(S) FOR DO/EQ/US
`
`BURKE, Christopher John
`Applicant herewith submits to the United States Designated/Elected Office (DO/E0/US) the following items and other information:
`12:1 This is a FIRST submission of items concerning a filing under 35 U.S.C. 371.
`1.
`q This Is a SECOND or SUBSEQUENT submission of Items concerning a filing under 35 U.S.C. 371.
`
`2.
`
`•
`
`3.
`
`ID This is an express request to begin national examination procedures (35 U.S.C. 371(f)).
`The submission must include items (5), (6), (9), and (21) Indicated below.
`
`4.
`121 The US has been elected (Article 31).
`5. 21 A copy of the International Application as filed (35 U.S.C. 371(c)(2)):
`a. C. is transmitted herewith (required only if not transmitted by the International Bureau).
`b. q has been transmitted by the International Bureau.
`c. q is not required, as the application was filed in the United States Receiving Office (RO/US).
`q An English language translation of the International Application into English (35 U.S.C. 371(c)(2)):
`
`6.
`
`a. q is attached hereto.
`
`b. q has been previously submitted under 35 U.S.C. 154(d)(4).
`7. 0 Amendments to the claims of the International Application under PCT Article 19 (35 U.S.C. 371(c)(3)):
`a. ED are transmitted herewith (required only if not transmitted by the International Bureau).
`b. q have been transmitted by the International Bureau.
`
`c. q have not been made; however, the time limit for making such amendments has NOT expired.
`
`d. q have not been made and will not be made.
`q An English language translation of the amendments to the claims under PCT Article 19 (35 U.S.C. 371(c)(3)).
`
`8.
`
`9. CE An [unexecuted] Declaration for Patent.
`10. II An English language translation of the annexes to the International Preliminary Examination Report under
`PCT Article 36 (35 U.S.C. 371(c)(5)) and/or amendments under Article 34.
`Items 11 to 20 Below concern other document(s) or information included:
`
`11.
`
`12.
`
`C.11 An Information Disclosure Statement under 37 CFR 1.97 and 1.98, PTO Form 1449; copies of cited references A3-A6.
`q An assignment document for recording. A separate cover sheet in compliance with 37 CFR 3.28 and 3.31 is included.
`
`13.
`
`,ili A preliminary amendment.
`
`14. q An Application Data Sheet under 37 CFR 1.76.
`
`15. q A substitute specification,
`16. q A power of attorney and/or change of address letter.
`17. q A computer-readable form of the sequence listing in accordance with PCT Rule 13ter.2 and 37 CFR 1.821-1.825.
`18. q A second copy of the published International Application under 35 U.S.C. 154(d)(4).
`19. q A second copy of the English language translation of the international application under 35 U.S.C. 154(d)(4).
`.
`
`q Other items or information: Return Postcard,
`
`20.
`
`SEND COMPLETED FORM TO: Mail Stop PCT, Commissioner for Patents, PO Box 1450, Alexandria, VA 22313-1450.
`
`ASSA ABLOY Ex. 1002 - Page 3
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`U.S. APPLICATION NO. (If known, see 37 CFR 1.50)
`.
`....
`....
`....... ...
`The following fees are submitted:
`21. El Basic National Fee (37 CFR 1.492(a))
`
`INTERNATIONAL APPLICATION NO.
`PCT/AU2006/001136
`
`ATTORNEY'S DOCKET NO.
`1283815
`PTO USE ONLY
`CALCULATIONS
`
`$310
`
`22. C.' Examination Fee (37 CFR 1.492(c))
`If the written opinion prepared by ISA/US or the international preliminary examination report prepared by
`•
`IPENUS indicates all claims satisfy provisions of PCT Article 33(1)-(4)
`$ 0
`$210
`• All other situations
`23. El Search Fee (37 CFR 1.492(b))
`•
`If the written opinion of the ISA/US or the International preliminary examination report prepared by
`IFE.A/US indicates all claims satisfy provisions of PCT Article 33(1)-(4)
`• Search fee (37 CFR 1.445(0)(2)) has been paid on the International application to the USPTO
`as an international Searching Authority
`• International Search Report prepared by an ISA other than the US and provided to the Office or
`previously communicated to the US by the lB
`• All other situations
`
`$410
`$510
`
`$ 0
`
`$100
`
`TOTAL OF 21, 22 and 23 •
`q Fee of $250 for each additional 50 sheets for specification and drawings that exceed 100 sheets (excluding
`sequence listing or computer program listing filed in an electronic medium) (37 CFR 1.4920)).
`• Surcharge of $130 for furnishing oath or declaration after 30 months from earliest claimed priority date
`(37 CFR 1.492(h)).
`Claims
`Total Claims
`Independent Claims
`Multiple dependent daim(s) if Applicable)
`
`Number Extra
`
`3
`
`$930
`
`$
`$
`
`$
`$ 630
`$
`$ 1560
`$780
`
`$
`
`$
`$
`
`Number Filed
`20 - 20 =,
`6. 3 -...-
`
`Rate
`x $ 50.00
`x $210.00
`4- $370.00
`TOTAL OF ABOVE CALCUATIONS =
`EI Applicant claims small entity status. See 37 CFR 1.27. The fees indicated above are reduced by one-half.
`SUBTOTAL=
`Fee of $130 for furnishing the English language translation after 30 months from earliest claimed priority date
`(37 CFR 1.492(i)).
`
`TOTAL NATIONAL FEE r.
`
`Recordal Fee of $40 (per property) for recording the attached assignment (37 CFR 1.21(h)).
`The assignment must be accompanied by an appropriate cover sheet (37 CFR 3.28, 3.31).
`TOTAL FEES ENCLOSED =
`
`a. q A check in the amount of $
`to cover the above fees is enclosed.
`b. el Please charge Deposit Account No. 23-1925 in the amount of $780.00 to cover the above fees.
`
`$
`
`$780
`Amount to be refunded
`Amount to be charged
`
`$
`$
`
`c. — The Commissioner is hereby authorized to charge any additional fees which play be required, or credit any overpayment to
`Deposit Account No. 23-1925.
`
`d. q Fees are to be charged to a credit card. WARNING: Information on this form may become public.
`Credit card information should not be included on this form. Provide credit card information and authorization on PTO-2038.
`The PTO.2038 should only be mailed or faxed to the USPTO. However, when paying the basic national fee, the PTO-2038 may
`NOT he faxed to the USPTO.
`
`Advisory: If filing by EFS-Web, do NOT attach the PTO-2038 form as a PDF along with your EFS-Web submission. Please be
`advised that this is NOT recommended and by doing so your credit card information may be displayed via PAIR. To protect
`your information, it is recommended paying fees online by using the electronic payment method.
`
`NOTE: Where an appropriate time limit under 37 CFR 1.495 has not been met, a petition to revive (37 CFR 1.137(a) or (b))
`must be filed and granted to restore the International Application to pending status.
`
`Send all correspondence to the address associated with
`Customer No. No. 00757 - Brinks Hofer Gilson Lione
`
`Signature
`
`Name
`Robert D. Summers, Jr.
`Re stration No. 57 844
`
`ASSA ABLOY Ex. 1002 - Page 4
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`e A
`Ilia.] I it
`.,.T4]
`
`(19) World Intellectual Property Organization
`International Bureau
`
`1 X111111111111111111111111111111111111111111111111111111111111111111
`
`(43) International Publication Date
`22 February 2007 (22.02.2007)
`
`PCT
`
`(51) International Patent Classification:
`007F MO (2006.01)
`GOOK 9/00 (2006.01)
`GO7F 19/00 (2006.01)
`GO7F 7/12 (2006.01)
`(21) International Application Number:
`PCl/AU2006/001136
`(22) International Filing Date: 10 August 2006 (10.08.2006)
`(25) Filing Language:
`English
`(26) Publication Language:
`English
`(30) Priority Data:
`12 August 2005 (12.08.2005) AU
`2005904375
`(71) Applicant (for all designated States except US): SECURI-
`cOM (NSW) PTV LTI) [AU/AU]; 48 Margate Street,
`Ramgate, NSW 2217 (AU).
`Inventor; and
`Inventor/Applicant (for US only): BURKE, Christo-
`pher, John [AU/AU]; 48 Margate Street, Ramsgate, NSW
`2217 (AU).
`(74) Agent: SPRUSON & FERGUSON; GPO Box 3898, Syd-
`ney, NSW 2001 (AU).
`
`(72)
`(75)
`
`11
`
`1
`
`(10) International Publication Number
`WO 2009/019605 Al
`(Si) Designated Stater; (unless otherwise indicated for every
`kind of national protection available): AB, AG, AL, AM,
`AT, AU, AZ, BA, BB, BO, BR, BW, BY, BZ, CA, CH, CN,
`CO, CR, CU, CZ, DE, DK, DM, DZ, EC, BE, EG, ES, FI,
`GB, GD, GE, GH, GM, HN, HR, HU, ID, IL, IN, IS, JP,
`KE, KG, KM, KN, KP, KR, KZ, LA, LC, LK, LR, LS, LT,
`LU, LV, LY, MA, MD, MG, MK, MN, MW, MX, MZ, NA,
`NG, NI, NO, NZ, OM, PC, PH, PL, PT, RO, RS, RU, SC,
`SD, SE, SO, SK, SL, SM, SY, TJ, TM, TN, TR, 'IT, TZ,
`UA, UG, US, UZ, VC, VN, ZA, ZM, ZW.
`
`(84) Designated States (unless otherwise indicatec4 for every
`kind of regional protection available): ARIPO (BW, GH,
`OM, KF, LS, MW, MZ, NA, SD, SL, SZ, TZ, UG, ZM,
`ZW), Eurasian (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM),
`European (AT, BE, BO, CH, CY, CZ, DE, DK, RE, ES, FL,
`FR, GB, OR, HU, 1E, IS, IT, LT, LU, LV, MC, 1+11„ PL, PT,
`RO, SE, SI, SK, 'I'R), OAPI (BF, BJ, CF, CO, CI, CM, GA,
`ON, GQ, GW, ML, MR, NE, SN, TD, TG).
`
`Published:
`— with international search report
`
`[Continued on next page]
`
`=
`
`(54) Title: IMPROVING CARD DEVICE SECURITY USING BIOMETRICS
`
`200
`biometric
`card
`pointer
`used for
`3rd party
`reader
`application
`
`(57) Abstract: The disclosed Biometric Card Pointer
`arrangements store (207) a card user's biometric signa-
`ture in a local memory (124) in a verification station
`(127) the first time the card user uses the verification sta-
`tion (127) in question. The biometric signature is stored
`at a memory address (607) defined by the card infor-
`mation (605) on the user's card (601). All future uses
`of the particular verification station (127) by someone
`submitting the aforementioned card (601) requires the
`card Laser to submit both the card and a biometric signa-
`ture, which is verified against the signature stored at the
`memory address defined by the card information (605)
`thereby determining if the person submitting the card is
`authorised to do so.
`
`7, •
`
`NO Card device
`engaged?
`
`201
`
`YES
`
`209
`
`Process card
`information
`
`202
`see Fig. 8
`
`Request &
`receive biometric
`signature
`
`203
`
`295 see Fig. 6
`
`YES
`
`1
`Verification
`pracess
`
`Memory (card data)
`signature?
`
`204
`
`NO
`
`Memory (card data) -
`empty?
`
`YES Enrolment
`process
`
`206
`
`NO
`
`Alert process
`
`208
`
`2117
`see Fig. 7
`
`MOO
`
`WO 2007/019605 Al
`
`ASSA ABLOY Ex. 1002 - Page 5
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`WO 2007/019605 Al 1111 11111111111111111111111111111111111111111111111
`11111I1111111IIIIIIIIII
`
`For two-letter codes and other abbreviations, refer to the "Guid-
`ance Notes on Codes and Abbreviations" appearing at the begin-
`ning of each regular issue of the PCT Gazette.
`
`ASSA ABLOY Ex. 1002 - Page 6
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`WO 2007/019605
`
`PCT/AU2006/001136
`
`-
`
`IMPROVING CARD DEVICE SECURITY USING BIOMETRICS
`
`Field of the Invention
`
`The present invention relates generally to security issues and, in particular, to
`
`security issues associated with use of card devices such as credit cards, smart cards, and
`
`5 wireless card-equivalents such as wireless transmitting fobs.
`
`Background
`
`This description makes reference to various types of "card device" and their
`
`associated "reader devices" (respectively referred to merely as cards and readers). The
`
`card devices all. contain card information that is accessed by "coupling" the card device to
`
`10
`
`an. associated reader device. The card information is used for various secure access
`
`purposes including drawing cash from an Automatic Teller Machine (ATM), making a
`
`purchase on credit, updating a loyalty point account and so on. The card information is
`
`typically accessed from the card by a corresponding card reader which then sends the card
`
`information to a "back-end" system that completes the appropriate transaction or process.
`
`15
`
`One type of card is the "standard credit card" which in this description refers to a
`
`traditional plastic card 701 as depicted in. Fig. I. The standard credit card is typically
`
`"swiped" through a slot in a standard credit card reader in order to access card
`
`information 702 on the card 701. The card information 702 can alternately be encoded
`
`using an optical code such as a bar code, in which case the reader is suitably adapted.
`
`20
`
`The standard credit card 701 also typically has the signature 703 of the card-owner
`
`written onto a paper strip on the card 701. This is used for verification of the identity of
`
`the person submitting the card when conducting a transaction using the card 701.
`
`Another type of card device is the smart card (not shown) that typically has an
`
`on-board processor and a memory. The smart card typically has electrical contacts that
`
`25 mate with corresponding contacts on a smart card reader (not shown) when accessing data
`
`in the memory of the smart card.
`
`ASSA ABLOY Ex. 1002 - Page 7
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`WO 2007/019605
`
`PCT/AU2006/001136
`
`- 2 -
`
`Another type of card device is the wireless "key-fob" which is a small radio
`
`transmitter that emits a radio frequency (RF) signal when a button on the fob is pressed.
`
`The RF signal can be encoded using the Wiegand protocol, or any other suitable protocol,
`
`such as rolling code or BluetoothTM and can include encryption if desired. The key-fob
`
`5
`
`typically has a processor and memory storing data that is sent via the transmitted signal to
`
`a corresponding receiver, which is the "reader device" for this type of card device.
`
`The description also refers to "card user" and "card owner". The card user is the
`
`person who submits the card for a particular transaction. The card user can thus be the
`
`(authorised) card owner or an (unauthorised) person who has found or stolen the card.
`
`10
`
`Clearly the signature 703 on the standard credit card 701 in Fig. 1 can be forged.
`
`Thus, if the standard card 701 is stolen or lost, an unauthorised user can use the card
`
`provided that they can supply a sufficiently accurate version of the signature 703. The
`
`only recourse available to the card owner is to notify the card issuing company to
`
`"cancel" the card.
`
`15
`
`Current card devices such as the standard credit card, the smart card and the key-
`
`fob can have their security enhanced by requiring the card user to provide PIN (Personal
`
`Identification Number) information through a keypad to verify their identity prior to
`
`completing a transaction. However, PIN information can also be "stolen" by surveillance
`
`of the card owner's hands as the card owner operates the keypad.
`
`20
`
`Biometric verification can also be incorporated into current card systems to
`
`enhance security.
`
`In Fig, 2 the card user swipes the standard card 701 through an
`
`associated card reader (not shown) that accesses the card information 702 on the card 701.
`
`The card user also provides a biometric input 801, for example by pressing their thumb
`
`against a biometric (eg fingerprint) reader 802. The card information 702 that is read by
`
`25
`
`the card reader (not shown), together with the biometric signature that is read by the
`
`biometric (fingerprint) reader 802, are sent, as depicted by a. dashed arrow 803, a
`
`ASSA ABLOY Ex. 1002 - Page 8
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`WO 2007/019605
`
`PCT/AU2006/001136
`
`- 3 -
`
`computer network 804, and a further dashed arrow 805, to a back-end system including a
`
`database 806 and associated processor (not shown).
`
`In this arrangement, the card owner needs to have previously registered their
`
`biometric signature 801 and the card information 702 for pre-loading onto the back-end
`
`5
`
`database 806. Having done so, the back-end processor (not shown) compares the pre-
`
`loaded information on the database 806 with the information received at 805, in order to
`
`check that the card holder of the card 701 is the (authorised) card owner and that the card
`
`itself is valid, in which case the transaction in question can proceed. Clearly this
`
`arrangement requires a central repository (806) of card information 702 and biometric
`
`10
`
`information 801. This is cumbersome and potentially compromises the privacy of the
`
`holder of the card 701. This arrangement also requires complex back-end database
`
`management and the communications network 804. Furthermore, the front-end biometric
`
`signature reader 802 requires storage and/or processing capabilities for the biometric
`
`signatures. This results in a complex and expensive solution.
`
`15
`
`Privacy concerns have also been raised against the arrangement of Fig. 2 which
`
`involves centralised storage and processing of personal information including biometric
`
`information. These concerns have slowed widespread use of biometrics to enhance user
`
`verification.
`
`Summary
`
`20
`
`It is an object of the present invention to substantially overcome, or at least
`
`ameliorate, one or more disadvantages of existing arrangements.
`
`Disclosed are arrangements, referred to as Biometric Card Pointer (BCP)
`
`arrangements or systems, which seek to address the above problems relating to secure
`
`access and/or secure processes, by automatically storing a card user's biometric signature
`
`25
`
`in a local memory in a verification station comprising a card reader, a biometric signature
`
`reader, the local biometric signature memory (preferably in a mechanically and
`
`ASSA ABLOY Ex. 1002 - Page 9
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`WO 2007/019605
`
`PCT/AU2006/001136
`
`- 4 -
`
`electronically
`
`tamper-proof form), an alphanumeric keypad (optional), and a
`
`communication module for communicating with back-end system that may be remotely
`
`accessible over a network.
`
`The card user's biometric signature is automatically stored the first time the card
`
`5
`
`user uses the verification station in question (this being referred to as the enrolment
`
`phase). The biometric signature is stored at a memory address defined by the ("unique")
`
`card information on the user's card as read by the card reader of the verification station.
`
`Clearly the term "unique" means unique in the context of a permitted set of cards
`
`associated with the verification station. This is described in more detail in regard to
`
`10
`
`Fig. 8.
`
`All future uses (referred to as uses in the verification phase) of the particular
`
`verification station by someone submitting the aforementioned card requires the card user
`
`to submit both the card to the card reader and a biometric signature to the biometric
`
`reader, which is verified against the signature stored at the memory address defined by the
`
`15
`
`card information thereby determining if the person submitting the card is authorised to do
`
`so.
`
`Each use of the verification station is identical from the card user's perspective,
`
`requiring merely input of the card to the card reader, and provision of the biometric
`
`signature (eg thumb print or retinal scan etc.) to the biometric reader.
`
`20
`
`An authorised card user will be automatically verified by the BCP arrangement
`
`in the verification station, and the corresponding transaction, be it an ATM cash
`
`withdrawal, a credit purchase, a loyalty point update etc. will simply proceed as normal.
`
`An unauthorised card user (ie a card user who misappropriated the card after the initial
`
`enrolment) will not receive authorisation, and the intended transaction will not proceed.
`
`25
`
`Furthermore, the biometric signature of the unauthorised user will be captured in the
`
`ASSA ABLOY Ex. 1002 - Page 10
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`WO 2007/019605
`
`PCT/A112006/001136
`
`- 5 -
`
`verification station, and can be used by the authorities to track the unauthorised user and
`
`prove misappropriation of the card.
`
`The disclosed BCP arrangements require little if any modification of the back-
`
`end systems or the (front-end) card. The additional administrative overheads associated
`
`5 with the BCP arrangements, above those already required for systems using (standard)
`
`cards and back-end systems, are minimal. The BCP arrangements also potentially have a
`
`reduced impact on privacy of card users. The biometric signatures stored in the local
`
`database of the verification station can be made off limits to anyone, or limited to law
`
`enforcement agencies, depending on the administrative environment in which the BCP
`
`10
`
`arrangements are implemented. Users of current card systems can learn to use BCP
`
`arrangements without much effort, needing only to provide a biometric signature when
`
`asked to do so at the verification station. The difference between the enrohneht and
`
`verification phases are transparent to users, further reducing the effort in learning how to
`
`use the BCP arrangements.
`
`15
`
`According to a first aspect of the present invention, there is provided a method of
`
`enrolling in a biometric card pointer system, the method comprising the steps of:
`
`receiving card information;
`
`receiving the biometric signature; and
`
`storing, if a memory location defined by the card information is unoccupied, the
`
`20
`
`biometric signature at the defined memory location.
`
`According to another aspect of the present invention, there is provided a method
`
`of obtaining verified access to a process, the method comprising the steps of:
`
`storing a biometric signature according to the noted enrolment method;
`
`subsequently presenting card information and a biornetric signature; and
`
`25
`
`verifying the subsequently presented presentation of the card information and the
`
`biometric signature if the subsequently presented biometric signature matches the
`
`ASSA ABLOY Ex. 1002 - Page 11
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`WO 2007/019605
`
`PCT/AU2006/001136
`
`- 6 -
`
`biornetric signature at the memory location defined by the subsequently presented card
`
`information.
`
`According to another aspect of the present invention, there is provided a method
`
`of securing a process at a verification station, the method comprising the steps of:
`
`5
`
`(a) providing card information from a card device to a card reader in the
`
`verification station;
`
`(b) inputting a biometric signature of a user of the card device to a biometric
`
`reader in the verification station;
`
`(c) determining if the provided card information has been previously provided to
`
`10
`
`the verification station;
`
`(d) if the provided card information has not been previously provided to the
`
`verification station;
`
`(da) storing the inputted biometric signature in a memory at a memory
`
`location defined by the provided card information; and
`
`15
`
`(db) performing the process dependent upon the received card
`
`information;
`
`(e) if the provided card information has been previously provided to the
`
`verification station;
`
`(ea) comparing the inputted biometric signature to the biometric
`
`20
`
`signature stored in the memory at the memory location defined by the provided Gard
`
`information;
`
`(eb) if the inputted biometric signature matches the stored biometric
`
`signature, performing the process dependent upon the received card information; and
`
`(ec) if the inputted biometric signature does not match the stored
`
`25
`
`biometric signature, not performing the process dependent upon the received card
`
`information.
`
`ASSA ABLOY Ex. 1002 - Page 12
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01093 - U.S. Patent No. 8.620,039
`
`
`
`WO 2007/019605
`
`PCT/AU2006/001136
`
`- 7 -
`
`According to another aspect of the present invention, there is provided a
`
`verification station for securing a process, the verification station comprising:
`
`a card device reader for receiving card information from a card device coupled to
`
`the verification station;
`
`5
`
`a biometric signature reader for receiving a biometric signature provided to the
`
`verification station;
`
`means for determining if the provided card information has been previously
`
`provided to the verification station;
`
`means, if the provided card information has not been previously provided to the
`
`10
`
`verification station, for;
`
`storing the inputted biometric signature in a memory at a memory
`
`location defined by the provided card information; and
`
`performing the process dependent upon the received card information;
`
`means, if the provided card information has been previously pr