(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2001/0000535A1
`Lapsley et al.
`(43) Pub. Date:
`Apr. 26, 2001
`
`US 2001 0000535A1
`
`(54)
`
`(76)
`
`(21)
`(22)
`
`(63)
`
`TOKENLESS BIOMETRIC ELECTRONIC
`FINANCIAL TRANSACTIONS VIAATHIRD
`PARTY DENTICATOR
`
`Inventors: Philip D. Lapsley, Oakland, CA (US);
`Jonathan Alexander Lee, Oakland, CA
`(US); David Ferrin Pare JR.,
`Berkeley, CA (US); Ned Hoffman,
`Sebastopol, CA (US)
`Correspondence Address:
`Alexander C. Johnson, Jr.
`Marger Johnson & McCollom, P.C.
`1030 S.W. Morrison Street
`Portland, OR 97205 (US)
`Appl. No.:
`09/731,536
`
`Filed:
`
`Dec. 6, 2000
`
`Related U.S. Application Data
`Continuation-in-part of application No. 09/239,570,
`filed on Jan. 29, 1999, which is a continuation of
`application No. 08/705,399, filed on Aug. 29, 1996,
`now Pat. No. 5,870,723, which is a continuation-in
`part of application No. 08/442,895, filed on May 17,
`1995, now Pat. No. 5,613,012, which is a continua
`tion-in-part of application No. 08/345,523, filed on
`Nov. 28, 1994, now Pat. No. 5,615,277.
`
`Publication Classification
`
`(51) Int. Cl." ..................................................... G06F 17/60
`(52) U.S. Cl. ................................................. 705/64; 705/40
`(57)
`ABSTRACT
`The invention provides a method and device for tokenless
`authorization of an electronic payment between a payor and
`a payee using an electronic third party identicator and at
`least one payor bid biometric Sample. In a payor registration
`Step, the payor registers with an electronic third party
`identicator at least one registration biometric Sample, and at
`least one payor financial account identifier. The payee reg
`isters a payee identification data with the electronic third
`party identicator. A payee bid identification data and a payor
`bid biometric Sample collected from the payor's perSon are
`electronically forwarded to the third party electronic iden
`ticator. A comparator engine compares the bid biometric
`Sample with at least one registered biometric Sample for
`producing either a Successful or failed identification of the
`payor. The comparator engine also compares the payee's bid
`identification data with a payee's registered identification
`data for producing either a Successful or failed identification
`of the payee. Once the electronic third-party identicator
`Successfully identifies the payor and payee, the identicator
`electronically forwards at least one payor financial account
`identifier to the payee. An electronic financial transaction is
`then formed between the payor and payee, comprising a
`transaction amount and a payor financial account identifier.
`This transaction is then electronically forwarded to a finan
`cial transaction processor for authorization.
`
`NUTPAYORBOMETRIC 702
`
`INPUT PAYOR PLN 704
`
`RANSMPAYORBO-PIN AND
`PAYEEHARDWARE DO DPC 720
`
`F.
`DPC DENTIFES PAYOR AND
`RETRIEVESFINANCA-ACCOUNT DENTIFIERS
`
`706
`
`DPCEDENTIFIES PAYEE
`WAHARDWARE D
`
`712
`
`a
`DPCRANSMSFINANCIALACCOUNT
`708
`IDENTIFIERS OPAYEE
`
`y
`ENRRANSACON AMOUNT 710
`
`y
`SELECT FINANCIAL ACCOUN 714
`
`PATRANSMTSSELECTDFINANCIALACCOUNT DENIFIER
`O STORE PAYMENTSYSTEM
`
`724
`
`STORPAYMENTSYSTEM FORWARDSSELECED
`FINANCIALACCOUNTIENTIFIERO
`FINANCIAL TRANSACTION PROCESSOR
`--
`RANSACTION SEXECUTED 808
`
`806
`
`Petitioner's Exhibit 1007, Page 1
`
`

`

`Patent Application Publication
`
`Apr. 26, 2001 Sheet 1 of 8 US 2001/0000535 A1
`
`&
`
`
`
`3
`
`S.
`
`S
`
`O
`N
`was
`
`Petitioner's Exhibit 1007, Page 2
`
`

`

`Patent Application Publication
`
`Apr. 26, 2001 Sheet 2 of 8 US 2001/0000535A1
`
`
`
`O1
`
`FIG. 2
`
`Petitioner's Exhibit 1007, Page 3
`
`

`

`Patent Application Publication
`
`Apr. 26, 2001 Sheet 3 of 8 US 2001/0000535 A1
`
`101
`
`
`
`"..)
`
`302
`
`CDPD Provider
`
`Petitioner's Exhibit 1007, Page 4
`
`

`

`Patent Application Publication
`
`Apr. 26, 2001 Sheet 4 of 8 US 2001/0000535 A1
`
`O
`(Y)
`V
`
`O
`
`S
`
`N S
`
`
`
`S.
`V
`
`S
`V
`
`&
`V
`Z
`h
`O Lu
`22 || |
`CSX
`> ?h
`a 5
`O
`O
`S.
`>
`>
`O?)
`
`V
`CD
`LL
`
`s
`
`S.
`
`Petitioner's Exhibit 1007, Page 5
`
`

`

`Patent Application Publication
`
`Apr. 26, 2001 Sheet 5 of 8 US 2001/0000535 A1
`
`
`
`O
`w
`2.
`Z
`
`wn
`
`O
`O
`
`S.
`
`Petitioner's Exhibit 1007, Page 6
`
`

`

`Patent Application Publication
`
`Apr. 26, 2001 Sheet 6 of 8 US 2001/0000535 A1
`
`INPUT PAYOR BIOMETRIC 702
`
`INPUT PAYOR PIN 704
`
`
`
`
`
`TRANSMIT PAYORBIO-PIN AND
`PAYEE HARDWARE ID TO DPC 720
`
`
`
`DPC IDENTIFIES PAYOR AND
`RETRIEVES FINANCIAL ACCOUNT DENTIFIERS
`
`
`
`DPC IDENTIFIES PAYEE
`VAHARDWARE ID
`
`712
`
`
`
`DPC TRANSMITS FINANCIAL ACCOUNT 708
`IDENTIFIERS TO PAYEE
`
`
`
`ENTER TRANSACTION AMOUNT 710
`
`
`
`SELECT FINANCIAL ACCOUNT 714
`
`PIA TRANSMITS SELECTED FINANCIAL ACCOUNT DENTIFER
`724
`TO STORE PAYMENT SYSTEM
`
`STORE PAYMENT SYSTEM FORWARDS SELECTED
`FINANCIAL ACCOUNT IDENTIFIERTO
`FINANCIAL TRANSACTION PROCESSOR
`
`806
`
`
`
`
`
`TRANSACTION IS EXECUTED 808
`
`FIG. 6
`
`Petitioner's Exhibit 1007, Page 7
`
`

`

`Patent Application Publication
`
`US 2001/0000535 A1
`
`
`
`
`
`
`
`
`
`
`
`Petitioner's Exhibit 1007, Page 8
`
`

`

`Patent Application Publication
`
`Apr. 26, 2001
`
`Sheet 8 of 8
`
`US 2001/0000535 A1
`
`906
`
`>HOSSE OORHCH
`
`ERHO_LS-N {
`
`
`
`>HOSSE OORHd
`
`
`
`
`
`
`
`8 "SDH
`
`Petitioner's Exhibit 1007, Page 9
`
`

`

`US 2001/0000535 A1
`
`Apr. 26, 2001
`
`TOKENLESS BIOMETRIC ELECTRONIC
`FINANCIAL TRANSACTIONS VIAATHIRD
`PARTY DENTICATOR
`
`CROSS REFERENCE
`0001. This application is a continuation-in-part of appli
`cation Ser. No. 09/239,570, filed on Jan. 29, 1999, which is
`a continuation of application Ser. No. 08/705,399, filed on
`Aug. 29, 1996 now U.S. Pat. No. 5,870,723, which is a
`continuation-in-part of U.S. application Ser. No. 08/442.895
`filed on May 17, 1995 now U.S. Pat. No. 5,613,012 which
`is a continuation-in-part of U.S. application Ser. No. 08/345,
`523, filed on Nov. 28, 1994, now U.S. Pat. No. 5,615,277,
`all commonly assigned.
`
`FIELD OF THE INVENTION
`0002 This invention relates to the field of tokenless
`biometric financial transactions. Specifically, this invention
`is directed towards a System and method of using biometrics
`for processing electronic financial transactions Such as on
`line debit, off-line debit and credit transactions without
`requiring the user to directly use or possess any man-made
`tokens Such as debit or credit cards or checks. For any
`transaction designated to be processed as an electronic credit
`or debit, this invention provides a user, whether an indi
`vidual or a business, with the ability to pay for goods and
`services either at the retail point-of-sale (“POS”), at an
`automated teller machine ("ATM") or over the internet using
`only a biometric.
`
`BACKGROUND
`0003. The use of a token, an inanimate object that confers
`a capability to the buyer presenting it, is pervasive in today's
`electronic financial World. Whether a consumer is buying
`groceries with a debit card or Shopping in a department Store
`with a credit card, at the heart of that transaction is a money
`transfer enabled by a token, which acts to identify both the
`consumer as well as the financial account being accessed.
`0004 Traditionally, a person must directly possess a
`man-made personalized token whenever attempting autho
`rization for an electronic financial transaction. Tokens Such
`as magnetic ink encoded paper checks, Smart cards, mag
`netic Swipe cards, identification cards or even a personal
`computer programmed with resident user-specific account
`data, are “personalized” because they are each programmed
`or encoded with data that is unique and personalized to the
`authorized user. For examples: at a retail point-of-Sale, the
`user directly possesses and physically presents personalized
`credit or debit cards encoded with his unique account data to
`the merchant; or, Over the internet, the user directly poS
`SeSSes and electronically presents his personal computer's
`resident user-unique account data to the remote merchant.
`By contrast, as the disclosed invention is completely token
`less, it does not require the user to directly possess, carry or
`remember any personalized token that can be lost, Stolen or
`damaged.
`0005 The sole functions of such tokens are to attempt to
`identify both the user and the financial account being
`accessed to pay for the transaction. However, these tokens
`can be easily exchanged, either knowingly or unknowingly,
`between users, thereby de-coupling them from the original
`intended user. Because these encoded credit or debit cards,
`
`identification cards or personal computerS Storing resident
`user data are ubiquitous in today's consumer and busineSS
`transactions as Verification of the Submitter's check writing
`authority, and the attendant inconveniences and Security
`Vulnerabilities of Such tokens are widespread.
`0006 Credit cards can easily be turned into cash if the
`card falls into the wrong hands. While theft of a token
`constitutes the majority of fraud in the System, fraud from
`counterfeit credit cards is rising rapidly. Counterfeit credit
`cards are manufactured by a more technically Sophisticated
`criminal who acquires a cardholder's valid account number,
`produces a valid-looking counterfeit card, encodes the mag
`netic Strip, and embosses the counterfeit plastic card with the
`account number. The card is then repeatedly presented to
`merchants until the account's credit limit is reached.
`Another form of loSS is caused by a criminal Seller or his
`employees who Surreptitiously obtains the cardholder's
`account number and enter fictitious transactions against the
`card and then take cash out of the till. It is estimated that
`losses due to all types of fraud exceed one billion dollars
`annually.
`0007 Generally, debit cards are used in conjunction with
`a personal identification number (PIN). However, various
`strategies have been used to obtain PINs from unwary
`cardholders. These techniques range from Trojan horse
`automated teller machines in Shopping malls that dispense
`cash but record the PIN, to fraudulent seller point-of-sale
`devices that also record the PIN, to criminals with binoculars
`that watch cardholders enter PINs at ATMs. The Subse
`quently manufactured counterfeit debit cards are then used
`in various ATM machines until the unlucky account is
`emptied.
`0008 Customer fraud, for both credit and debit cards, is
`also on the rise. Customers intent on this Sort of fraud can
`claim that they lost their card, say that their PIN was written
`on the card, and then withdraw money from their account
`using card, and then refuse to be responsible for the loSS.
`0009. The financial industry is well aware of the trends in
`fraud, and is constantly taking Steps to improve the Security
`of the card. However, the linkage between the buyer and his
`token is tenuous, and that is the fundamental reason behind
`card fraud today.
`0010. One possible solution to stolen-card fraud involves
`placing PIN protection for magnetic Stripe credit cards,
`much as debit cards have PINs today. This will raise the
`administrative costs for each card, Since cardholders will
`undoubtedly wish to select their own PIN for each of their
`3.4 cards (the national average). In addition, this Solution
`still doesn't address the problem of counterfeit cards.
`0011) Another solution that solves both stolen-card fraud
`and greatly reduces counterfeit-card fraud involves using a
`Smartcard that includes either a biometric or a PIN. In this
`approach, authenticated biometricS are recorded from a user
`of known identity and Stored for future reference on a token.
`In every Subsequent acceSS attempt, the user is required to
`physically enter the requested biometric, which is then
`compared to the authenticated biometric on the token to
`determine if the two match in order to verify user identity.
`0012 Various token-based biometric technologies have
`been Suggested in the prior art, using Smart cards, magnetic
`Swipe cards, or paper checks in conjunction with finger
`
`Petitioner's Exhibit 1007, Page 10
`
`

`

`US 2001/0000535 A1
`
`Apr. 26, 2001
`
`prints, hand prints, voice prints, retinal images, facial Scans
`or handwriting Samples. However, because the biometrics
`are generally either: a) stored in electronic and reproducible
`form on the token itself, whereby a significant risk of fraud
`Still exists because the comparison and Verification proceSS
`is not isolated from the hardware and Software directly used
`by the payor attempting access, or; b) used in tandem with
`the user directly using magnetic Swipe cards, paper checks
`or a PC with the user's financial data stored resident therein.
`Examples of this approach to System Security are described
`in U.S. Pat. No. 4,821,118 (Lafreniere); U.S. Pat. No.
`4,993,068 (Piosenka et al.); U.S. Pat. No. 4,995,086 (Lilley
`et al.); U.S. Pat. No. 5,054,089 (Uchida et al.); U.S. Pat. No.
`5,095,194 (Barbanell); U.S. Pat. No. 5,109,427 (Yang); U.S.
`Pat. No. 5,109,428 (Igaki et al.); U.S. Pat. No. 5,144,680
`(Kobayashi et al.); U.S. Pat. No. 5,146,102 (Higuchi et al.);
`U.S. Pat. No. 5,180,901 (Hiramatsu); U.S. Pat. No. 5,210,
`588 (Lee); U.S. Pat. No. 5,210,797 (Usui et al.); U.S. Pat.
`No. 5.222,152 (Fishbine et al.); U.S. Pat. No. 5,230,025
`(Fishbine et al.); U.S. Pat. No. 5,241,606 (Horie); U.S. Pat.
`No. 5,265,162 (Bush et al.); U.S. Pat. No. 5,321,242 (Heath,
`Jr.); U.S. Pat. No. 5,325,442 (Knapp); and U.S. Pat. No.
`5,351,303 (Willmore).
`0013 Uniformly, the above patents disclose financial
`Systems that require the user's presentation of personalized
`tokens to authorize each transaction, thereby teaching away
`from tokenleSS biometric financial transactions. To date, the
`consumer financial transaction industry has had a simple
`equation to balance: in order to reduce fraud, the cost and
`complexity of the personalized token directly possessed by
`the user must increase.
`0.014.
`Also, the above patents that disclose commercial
`transaction Systems teach away from biometric recognition
`without the use of tokens or PINs. Reasons cited for Such
`teachings range from Storage requirements for biometric
`recognition Systems to Significant time lapses in identifica
`tion of a large number of individuals, even for the most
`powerful computers.
`0.015
`Unfortunately, any Smartcard-based system will
`cost significantly more than the current magnetic Stripe card
`Systems currently in place. A PIN Smartcard costs perhaps
`S3, and a biometric Smartcard will cost S5. In addition, each
`point-of-Sale Station would need a Smartcard reader, and if
`biometrics are required, a biometric Scanner will also have
`to be attached to the reader. With 120 million cardholders
`and 5 million Stations, the initial conversion cost is from two
`to five times greater than the current annual fraud losses.
`0016. This large price tag has forced the industry to look
`for new ways of using the power in the Smartcard in addition
`to Simple commercial transaction. It is envisioned that in
`addition to Storing credit and debit account numbers and
`biometric or PIN authentication information, Smart cards
`may also store phone numbers, frequent flyer miles, coupons
`obtained from Stores, a transaction history, electronic cash
`uSable at tollbooths and on public transit Systems, as well as
`the buyer's name, Vital Statistics, and perhaps even medical
`records.
`0.017. The net result of “smartening” the token is cen
`tralization of function. This looks good during design, but in
`actual use results in increased Vulnerability for the con
`Sumer. Given the number of functions that the Smartcard will
`be performing, the loSS or damage of this monster card will
`
`be excruciatingly inconvenient for the cardholder. Being
`without Such a card will financially incapacitate the card
`holder until it is replaced. Additionally, losing a card full of
`electronic cash will also result in a real financial loSS as well.
`0018 Thus, after spending vast sums of money, the
`resulting system will definitely be more secure, but will
`result in heavier and heavier penalties on the consumer for
`destruction or loSS of the card.
`0019. To date, the consumer financial transaction indus
`try has had a simple equation to balance: in order to reduce
`fraud, the cost of the card must increase. As a result, there
`has long been a need for an electronic financial transaction
`System that is highly fraud-resistant, practical, convenient
`for the consumer, and yet cost-effective to deploy.
`0020. As a result, there is a need for a new electronic
`financial transactions System that is highly fraud-resistant,
`practical, convenient for the consumer, and yet cost-effective
`to deploy. More specifically, there is a need for an electronic
`financial transaction System that relies Solely on a payor's
`biometric for transaction authorization, and does not require
`the payor to directly possess any personalized man-made
`memory tokens Such as Smart cards, magnetic Swipe cards,
`encoded paper checks or personal computers for identifica
`tion.
`Lastly, such a system must be affordable and flex
`0021
`ible enough to be operatively compatible with existing
`networks having a variety of electronic transaction devices
`and System configurations. Accordingly, it is the objective of
`the present invention to provide a new system and method
`of tokenleSS biometric financial transactions.
`0022. There is also a need for an electronic financial
`transaction System that uses a strong link to the perSon being
`identified, as opposed to merely verifying a buyer's posses
`Sion of any physical objects that can be freely transferred.
`This will result in a dramatic decrease in fraud, as only the
`buyer can authorize a transaction.
`0023. Accordingly, it is an objective of the present inven
`tion to provide a new System and method of tokenleSS
`biometric financial transactions for electronic credit and
`debit.
`0024. Another objective of the invention is to provide an
`electronic credit and debit financial transaction System and
`method that eliminates the need for a payor to directly
`possess any personalized man-made token which is encoded
`or programmed with data personal to or customized for a
`Single authorized user. Further, it is an objective of the
`invention to provide an electronic financial transaction Sys
`tem that is capable of Verifying a user's identity based on
`one or more unique characteristics physically personal to the
`user, as opposed to verifying mere possession of personal
`ized objectives and information.
`0025. Another objective of the invention is to provide an
`electronic financial transaction System that is practical, con
`Venient, and easy to use, where payors no longer need to
`remember personal identification numbers to access their
`financial accounts.
`0026. Another objective of the invention is to provide
`increased Security in a very cost-effective manner, by com
`pletely eliminating the need for the payor to directly use ever
`more complicated and expensive personalized tokens.
`
`Petitioner's Exhibit 1007, Page 11
`
`

`

`US 2001/0000535 A1
`
`Apr. 26, 2001
`
`0027. Another objective of the invention is to provide an
`electronic financial transaction System that is highly resistant
`to fraudulent acceSS attempts by unauthorized users.
`0028. Another objective of the invention is to authenti
`cate the System to the payor once the electronic financial
`transaction is complete, So the payor can detect any attempt
`by criminals to Steal their authentication information.
`0029. Another objective of the invention is that the payee
`be identified by an electronic third party identicator (ETPI),
`wherein the payee’s identification is verified. Therefore, the
`payee would register with the ETPI payee identification
`data, which optionally comprises, a payee hardware ID code,
`a payee phone number, a payee email address, a payee
`digital certificate code, a payee financial account number, a
`payee biometric, or a payee biometric and PIN combination.
`0030 Still, another objective of the invention is to be
`added in a simple and cost-effective manner to existing
`terminals currently installed at points of Sale and used over
`the Internet around the world.
`0.031
`Yet another objective of the invention is to be
`efficiently and effectively operative with existing financial
`transactions Systems and protocols, specifically as these
`Systems and protocols pertain to processing of electronic
`credit and debits.
`0032. A final objective of the invention is to make use of
`existing credit and debit authorization Systems already
`present at points of Sale.
`
`SUMMARY
`0033. The invention satisfies these needs by providing a
`method and device for tokenleSS authorization of an elec
`tronic payment between a payor and a payee using an ETPI
`and at least one payor bid biometric Sample. The method
`comprises a payor registration Step, wherein the payor
`registers with an ETPI at least one registration biometric
`Sample, and at least one payor financial account identifier. In
`a payee registration Step, the payee registers a payee iden
`tification data with the ETPI. At least one bid biometric
`Sample is then obtained from the payor's perSon in a
`collection Step. Preferably in one transmission Step the
`payee bid identification data and payor bid biometric Sample
`are electronically forwarded to the third party electronic
`identicator. A comparator engine or the identification mod
`ule of the third party identicator compares the bid biometric
`Sample with at least one registered biometric Sample for
`producing either a Successful or failed identification of the
`payor. The comparator engine also compares the payee's bid
`identification data with registered payee identification data
`for producing either a Successfull or failed identification of
`the payee. Once the third party identicator Successfully
`identifies the payor and payee, at least one payor financial
`account identifier is electronically forwarded to the payee.
`An electronic financial transaction is then formed between
`the payor and the payee, comprising a transaction amount
`and a payor financial account identifier. The transaction
`amount may comprise a "cash back’ amount in addition to
`the purchase amount. This financial transaction is electroni
`cally forwarded to a financial transaction processor for
`authorization. Thus, upon Successful identification of the
`payor and payee, and upon Successful authorization of the
`financial transaction by the financial transaction processor, a
`
`biometric-based authorization of an electronic payment is
`made without requiring the payor to present any personal
`ized man-made tokens Such as magnetic Swipe cards or
`Smartcards to transfer funds from the payor's financial
`credit/debit account to the payee's financial account.
`0034. The payee identification data comprises any one of
`the following: a payee hardware ID code, a payee telephone
`number, a payee email address, a payee digital certificate
`code, a payee account indeX, a payee financial account
`number, a payee biometric, and a payee biometric and PIN
`combination.
`0035. Optionally, in a payor account selection step, after
`the payor has been Successfully identified in the payor
`identification step, the ETPI presents at least one identifier
`for a financial account which was registered by the payor
`with the ETPI for selection by the payor of one of the
`financial accounts for debiting.
`0036) The present invention is significantly advantageous
`over the prior art in a number of ways. First, it is extremely
`easy and efficient for people to use because it eliminates the
`need to directly possess any personalized tokens in order to
`access their authorized electronic financial accounts.
`0037. The present invention eliminates all the inconve
`niences associated with carrying, Safeguarding, and locating
`Such tokens. It thereby significantly reduces the amount of
`memorization and diligence traditionally and increasingly
`required of people by providing protection and access to all
`financial accounts using only a biometric. The buyer is now
`uniquely empowered, by means of this invention, to conduct
`his personal and/or professional electronic transactions at
`any time without dependence upon tokens, which may be
`Stolen, lost or damaged.
`0038. The invention is convenient to sellers and financial
`institutions by making electronic credit and debit purchases
`and other financial transactions less cumberSome and more
`Spontaneous. The paperwork of financial transactions is
`Significantly reduced as compared to Standard credit and
`debit transactions wherein the copies of the signed receipt
`must often be retained by the Seller, financial institutions and
`the buyer.
`0039. Overall, because the method and system of this
`invention are designed to provide a person with Simulta
`neous direct access to all or any number of his financial
`accounts, the need for transactions involving credit cards,
`debit cards, paper money, credit drafts and the like can be
`greatly reduced, thereby reducing the cost of equipment and
`Staff required to collect, account, and process Such transac
`tions.
`0040. Further, the present invention will mitigate the
`Substantial manufacturing and distributing costs of issuing
`and reissuing personalized tokens Such as magnetic Swipe
`cards and Smart cards, thereby providing further economic
`Savings to issuing banks, businesses, and ultimately to
`COSUCS.
`0041 Moreover, the invention is markedly advantageous
`and Superior to existing Systems in being highly fraud
`resistant. AS discussed above, present authorization Systems
`are inherently unreliable because they base determination of
`a user's identity on the physical presentation of a manufac
`tured personalized token along with, in Some cases, infor
`
`Petitioner's Exhibit 1007, Page 12
`
`

`

`US 2001/0000535 A1
`
`Apr. 26, 2001
`
`mation that the user knows. Unfortunately, both the token
`and information can be transferred to another person through
`loSS, theft or by Voluntary action of the authorized user.
`0042. Thus, unless the loss or unintended transfer of
`these items is realized and reported by the authorized user,
`anyone possessing Such items can be recognized by existing
`authorization Systems as the buyer to whom that token and
`its corresponding financial accounts are assigned. Even
`appending the need for presentation of a biometric in
`conjunction with Such personalized tokens is Severely
`flawed, Since if the authorized buyer is unable to present the
`requisite token at the time of transaction, he will be unable
`to access his financial accounts. AS Such, these complex
`arrangements are ineffective, Since the Security they intend
`to provide can easily block an authorized user from using his
`own rightful financial resources by virtue of his personalized
`token having been lost, Stolen or damaged.
`0043. By contrast, the present invention virtually elimi
`nates the risk of denying access to rightful users while
`Simultaneously protecting against granting access to unau
`thorized users. By determining identity and transaction
`authorization Solely from an analysis of a user's unique
`biometric characteristics, this invention creates a highly
`Secure System that maintains optimal convenience for both
`buyers and Sellers to transaction their electronic busineSS
`anytime, anywhere.
`0044) Additionally, the invention leverages the existing
`financial transaction processing networks and busineSS rela
`tionships already existing at point-of-sale for many mer
`chants. In this way, the invention is easy to integrate with a
`merchant's existing operations.
`004.5 These and other advantages of the invention will
`become more fully apparent when the following detailed
`description of the invention is read in conjunction with the
`accompanying drawings.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`0.046
`FIG. 1 is a schematic diagram of the preferred
`embodiment of a Party Identification Device (PIA) with a
`biometric Sensor and key pad.
`0047 FIG. 2 is a block diagram that shows the connec
`tion between the PIAS to a local router and a network
`operations center according to the invention.
`0048 FIG.3 shows an alternative embodiment where the
`PIAS are connected to the DPC using a cellular digital packet
`data.
`0049 FIG. 4 is a block diagram of a preferred embodi
`ment of the Data Processing Center (DPC) according to the
`present invention, showing the connections between its
`components.
`0050 FIG. 5 is a block diagram which shows a method
`by which the transaction processor determines a Biometric
`PIN from the Biometric-PIN Identification subsystem is
`responsible for a given Subdivision of the biometric data
`base.
`0051 FIG. 6 is a flowchart which shows the overall
`preferred proceSS according to the invention where a bio
`metric sample and PIN are used by the tokenless system to
`authorize an automated clearing house (ACH) transaction.
`
`0052 FIG. 7 is a diagram of the preferred transaction
`flow according to the invention in a retail point-of-Sale
`transaction.
`0053 FIG. 8 is a block diagram that shows the compo
`nents that comprise the System according to the invention in
`a retail point-of-Sale transaction at a typical Supermarket or
`other multi-lane retailer.
`
`DETAILED DESCRIPTION
`0054 The invention provides a cardless biometric
`method for authorizing electronic payments using credit and
`debit accounts either at the retail point-of-Sale or over the
`Internet. It is the essence of this invention that the payor not
`be required to directly use any man-made personalized token
`in order to effect the transaction. A computer System is used
`to accomplish these goals.
`0055. A credit account is defined as an account that
`allows authorization and Settlement of electronic payments
`as issued by such entities as VISA, MasterCard, Discover,
`American Express, or an in-house credit account issued by
`a retailer Such as Macy's. ISSuers of credit accounts lend
`money to payors, often charge interchange fees to payees,
`and are responsible for approving or denying transactions.
`Off-line debit accounts are also defined as credit accounts
`even though the funds are deposited by a payor instead of a
`line of credit from an issuer.
`0056. A debit account is defined as an account that holds
`money deposited by a payor available for immediate debit in
`real time, also known in the industry as on-line debit. These
`are often checking accounts. On-line debit transactions
`require a PIN for identification of the payor.
`0057. A stored value account is an account in which a
`consumer can deposit money for later withdrawal, often via
`an electronic payment System of Some Sort.
`0058 A financial account is a credit account, debit
`account, Stored value account, or any other type of financial
`account from which funds may be drawn. A financial
`account identifier is any mechanism that can be used to
`uniquely identify a financial account. Typical examples of
`financial account identifiers include checking account num
`bers, Savings account numbers, credit card numbers, debit
`card numbers and Stored value card or account numbers.
`0059 A financial account identifier can also be the data
`Stored on track 1 or 2 of a Standard magnetic Stripe credit
`card or the American BankerS ASSociation routing code and
`account number Stored in magnetic ink at the bottom of a
`paper check.
`0060 A financial transaction processor is an entity that
`authorizes and/or Settles electronic financial transactions.
`FTPs are often called “acquirers' or “processors” in the
`industry. Examples include First Data(F), efunds(R), Vital
`Processing Services(E) and many others.
`0061 The tokenless authorization system or the third
`party identicator comprises the following components:
`0062 Party Identification Apparatus (PIA)
`0063 Communication lines
`0.064
`Data Processing Center (DPC)
`
`Petitioner's Exhibit 1007, Page 13
`
`

`

`US 2001/0000535 A1
`
`Apr. 26, 2001
`
`0065. These components together allow a payor to origi
`nate an electronic payment without requiring the payor to
`carry driver's licenses, credit cards, check guarantee cards,
`or other forms of identity.
`0.066
`Party Identification Apparatus (PIA)
`0067. The PIA 101 is a device that gathers identity
`information for use in authorizing electronic payments. Each
`PIA conducts one or more of the following operations:
`0068 gather biometric input from a payor or payee
`0069 gather a PIN code or password from a payor
`or payee
`0070 secure communication between PIA and DPC
`using encryption
`Secure Storage of Secret encryption keys
`0.071)
`0072 store and retrieve a unique payee PIA hard
`ware identification code
`0073 secure e