[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

GB2545739A - Biometric smartcard with multiple modes of operation - Google Patents

Biometric smartcard with multiple modes of operation Download PDF

Info

Publication number
GB2545739A
GB2545739A GB1522873.7A GB201522873A GB2545739A GB 2545739 A GB2545739 A GB 2545739A GB 201522873 A GB201522873 A GB 201522873A GB 2545739 A GB2545739 A GB 2545739A
Authority
GB
United Kingdom
Prior art keywords
bearer
actions
confidence score
action
smartcard
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1522873.7A
Other versions
GB201522873D0 (en
Inventor
Larsen Steffen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zwipe AS
Original Assignee
Zwipe AS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zwipe AS filed Critical Zwipe AS
Priority to GB1522873.7A priority Critical patent/GB2545739A/en
Publication of GB201522873D0 publication Critical patent/GB201522873D0/en
Priority to PCT/EP2016/082561 priority patent/WO2017109173A1/en
Publication of GB2545739A publication Critical patent/GB2545739A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0716Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising a sensor or an interface to a sensor
    • G06K19/0718Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips at least one of the integrated circuit chips comprising a sensor or an interface to a sensor the sensor being of the biometric kind, e.g. fingerprint sensors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Automation & Control Theory (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method of using a smartcard 102 comprises authenticating the identity of a bearer of the smartcard 102 using a biometric sensor 130 (e.g. fingerprint sensor) embedded within the smartcard 102 and determining a confidence score of the authentication. The bearer is permitting to perform a first set of actions if they are authenticated with a confidence score below a predetermined threshold, and permitting to perform a second, larger set of actions if they are authenticated with a score above the threshold. The first actions could comprise actions less potentially harmful than the second actions. For example, the first action could be a balance enquiry and the second a cash withdrawal. The card could also be used to permit access to secure areas. An independent claim is also included for transmitting a message indicative of the authentication and the confidence score.

Description

BIOMETRIC SMARTCARD WITH MULTIPLE MOOES OF OPERATION
The present invention relates to a smartcard including an embedded biometric sensor, and to a method of using such a card to authenticate its bearer.
The increasing use of electronic cards, such as credit or debit cards, to make payments and cash withdrawals brings With it also an increased risk of fraud. For example, where the user’s card is stolen, an unauthorised person may be able to make unauthorised electronic payments or cash withdrawals from the user’s bank account or credit provider·
The use of chip-and-PIN protection has decreased the risk of this type of fraud through the use of two-factor authentication, i.e. the possession of the physical card as weil as the knowledge of the user’s PIN. However, this type of authentication can be inconvenient at times. Furthermore, contactless payment technology is becoming increasing prevalent and often does not require entry of a PiN, meaning that an unauthorised user may still be able to make fraudulent transactions using a stolen card Via contactless payment.
One solution that has been proposed is the use of a smartcard that includes a biometric sensor, such as a fingerprint sensor, which is embedded into the card, the authorised user initially enrols their fingerprint onto the actual card, and is then required tb place their finger or thumb Oh the Ingerprint sensor in order to authorise any payment or withdrawal, if the fingerprint matching algorithm in tie card detects a match then the card allows the smartcard secure element to communicate with the POS or ATM terminal and allow a financial· transaction to take place. If there is no match then there is no transaction
There is a desire to improve the utility Of such biometric smartcardS without compromising the improvement to security flat; they bring.
Thus, in a first aspect, the present: invention provides a method comprising: authenticating the identity of a bearer of a smartcard using a biometric sensor embedded within the smartcard and determining a confidence score of the authentication; permitting a first action if the bearer is authenticated and the confidence score is below a predetermined threshold; and permitting a second action if the hearer is authenticated and the confidence score is above the predetermined threshold.
This method altos for use of the card even when the fingerprint, thumbprint, or other biometric scan is not a perfect match. This can occur, for example in the case of a fingerprint, when the bearer cuts or burns their finger, leading to damage that changes in the fingerprint compared to the fingerprint previously recorded on the card.
It will be appreciated that most biometric verification algorithms do not simply provide a yes/no output when authenticating a biometric scan, but will aisc provide a “confidence score” of some form, though not always known by this name, that indicates the degree of confidence in accuracy of the match.
Typically a confidence score will Indicate the confidence of a match only after authentication, i.e. there may not be a confidence score if the print is not a deemed to be match. Often a confidence score will range from 0 or 0%, for barely a match, to 1 or 100% for a perfect match for vice versa). However, depending on the algorithm, the Confidence score may itself be used for determining the match, e.g. above a threshold confidence score; a match is determined,
Preferably, a second set of actions is permitted if the bearer is authenticated and the confidence score is above the threshold. The second set of actions preferably includes the first action and at least one action not permitted if the bearer is authenticated and the confidence score is beiGw the predetermined threshold.
In some embodiments, a first set of actions may be permitted if the hearer is authenticated and the confidence score is below the threshold. The second set of actions preferably includes one or more actions not in the first set of actions, and preferably includes all of the first set of actions.
The first action or set of actions preferably results in less harm than the second action or set of actions, were if or they to be earned out fraudulently. That IS to say, toer-security actions may be permitted to a bearer in the event of damage or the like to their body affecting biometric scans, so that the user’s card is not entirely disabled, whilst restricting access to higher-security functions in order to minimise possible fraudulent use of the card by an unauthorised person having a similar biometric scan.
In some embodiments, one or more Of the actions may be transactions. For example one or more of the actions may be a financial transaction, such including a payment, a cash withdrawal, such as from an automatic teller machine or the like, a bank transfer, or any other financial transaction.
In one embodiment, the first action may be a non-financial action, such as viewing a balance of an account or requesting re-issue of the card, and the second action may be a financial action, such as a payment; a cash withdrawal, or a bank transfer. As above, this reduces the risk that fraudulent financial transactions are earned out; whilst still permitting some use of the card.
In one embodiment, the first financial trensesfion may be a financial transaction that does not exceed a predetermined first financial cap. The second financial transaction may then be a financial transaction that either does not exceed a predetermined second, higher financial cap or is not subject to a financial cap.
The first financiiai trahsactieih may include a first set of financial actions and the second financial transaction may include a second set of financial actions including financial actions not in the first set of financial actions.
In an alternative embodiment, the actions may include accessing one or more secure areas. In the present context, secure area referrers to an area not readily accessible by the general public, such as an area that requires an access card or other authorisation to access.
Preferably the first action includes accessing one or more low-security secure areas and the second action includes accessing the one or more low-security secure areas and one or more high-security secure areas.
For example, the low-security areas secure might include communal areas within a secure site, such as permitting access to one or more of a parking area, a lobby, a break room and the like, whereas the high-security areas may include areas with more restricted access, e.g. where only a subset of users of the site can access, fpr example areas with confidential information or storing high value goods or the like.
In some embodiment, the method may comprise sending an alert when the bearer is authenticated and the confidence score is below a predetermined threshold, and optionally when one or more Other criteria are met. Such criteria may, far example, include a number of days since a high-level authentication was made, or after a predetermined number of first actions have been made. The alert may be sent to the card issuer and/or the bearer of the card. This may be desirable so that the card issuer is aware that the card is being used in this mode, e.g. to monitor if the use is suspicious. It may also permit the bearer to be informed. If they are not aware, that they are using the card in a degraded mode. This may prompt them to resolve the situation, for example by enrolling a new fingerprint.
In some embodiment, multiple thresholds may be used, with additional actions being permitted as the confidence score passes higher thresholds.
In preferred embodiments, the biometric sensor is a fingerprint sensor.
The method may comprise detect repeated, unsuccessful authorisation attempts. This may be detected either by the card itself or by a separate computer system. The unsuccessful authorization attempts may be unsuccessful because the bearers fingerprint does not match a reference fingerprint stored on the card, although other means of detection may also be employed.
The method may further comprise sending an alert indicating possible fraud responsive to detecting the repeated, unsuccessful authorization attempts. This alert may be sent after a predetermined number of attempts, and/or responsive to certain other criteria being satisfied. For example, fewer attempts may be required before sending an alert where the card is being used to permit a second action than when it is being used to permit a first action.
The method may further comprise restricting the first and/or second actions of the bearer responsive to detection of repeated, unsuccessful authorisation attempts and/or detecting possible fraudulent use. For example, the bearer may not be permitted to make second actions, even if a high confidence score is defected. Alternatively, or additionally, the bearer may not be permitted to take actions with a low confidence score.
In some embodiment, the bearer may be required;to meet additional criteria in order to perform the first and/or second actions, such as passing a secondary authorisation step. The secondary authorisation step may include, for example^ entering a PIN
The restriction may remain in place until it is removed by an authorised person or entity. This could be, for example, any person authorised by the bearer or the card issuer.
In some embodiments, bearer may be authorised to remove the restriction only after passing a secondary authorisation. For example, the bearer may be sent a re-activation code, e.g. by mail, email, text or the like, which may be entered into a terminal (e.g. a bank terminal) to remove the restriction. In an alternative, the bearer may be able to remove the restriction using a password, for example by logging onto a digital control pane! (e.g. online banking or a secure computer interfacep. In yet another embodiment, the bearer may be required to present identification to the card issuer, for example by presenting a photographic identification document to a bank teller, who can then remove the restriction.
Whilst this restricted mode of operation may be combined with tie degraded mode of operation due to a low confidence score, it may also be used separately. Viewed from another aspect, the present invention may therefore provide a method comprising: detecting possible fraudulent use of a smartcard including a biometric sensor embedded therein; and restricting, but not preventing, subsequent use of the smartcard aier the possible fraudulent use has stopped, The method may optionally include any one OF more or ail of the optional features described in relation to the method above.
In accon^ance with tbis method, some of the risk associated with biometric sensors can be negated by restricting later use of the card when a possible fraudulent use is detected, but not entirely disabling the card. Thus, the system may automatically detect possibly fraudulent use, but once this use stops, then the card remains active but with reduced functionality, The availability of this degraded mode does not, of course, prevent completely disabling the card in a Conventional manner, e.g. if actual fraud is identified, such as when the card is stolen or otherwise compromised.
As above, deteetin| possible fraudulent use may comprise detecting repeated, unsuccessful authorisation attempts to obtain authorisation using the biometric sensor, This may be detected either by the card Itself or by a separate computer system. The unsuccessful authorization attempts may be unsuccessful because the bearers fingerprint does not match a reference fingerprint stored on the card, although other means of detection may also be employed.
The method may further comprise sending: an alert indicating possible fraud responsive to detecting the possible fraud, e.g. by detecting repeated, unsuccessful authorization attempts. This alert may be sent after a predetermined number of attempts, and/or responsive to certain other criteria being satisfied. For example, fewer attempts may be required before sending an alert -where the bearer attempts to perform one action than for another action.
The restriction may include that the bearer is permitted to make a first action, but is not permitted to make a second action they would normally be permitted to make. Alternatively, or additionally, authentication may require a higher confidence score for one or more actions than would normally be required,
The restriction may indude that the bearer is required to meet additional criteria in order to perform one or more actions, such as passing a secondary authorisation step. The secondary authorisation step may include, for example, entering a PIN.
The restriction may remain in place until if is removed by an authorised person or entity. This could be, for example, by an authorised person of the card issuer. Alternatively, the beater may be sent a re-activation code, e.g. by mail, email, text or the like, which may be entered into a terminal (e.g. a bank terminal to remove the restriction. In yet another alternative, the bearer may be able to remove fh® restriction themself, if they are so authorised, for example using a diiital control panel (e.g. online banking or a secure computer interface).
The restriction may include disabling the biometric sensor, or otherwise preventing authorisation of the bearer using the biometric sensor. Thus, the card can only be used by other means, such as signature or chip-and-PIN.
The present invention may also provide a smartcard for use with this method. Thus, a smartcard may comprise a biometric sensor embedded therein; wherein the smartcard is configured to detecting possible fraudulent use of the biometric sensor and enter into a restricted mode of operation; The smartcard may impiementari aspofs offcsmeihci described tabssMar·”””^^
In one embodiment, when the bearer is authenticated and when operating in the restricted mode of operation, the smartcard may transmit a message indicating authentication Of the bearer including an indication that the smartcard is operating in a restrilted mode of operation.
In other embodiments, when the bearer is authenticated and when operating in the restricted mode of operation, the smalcard may transmit a message that only permits a subset of the actions normally permitted to an authenticated bearer.
Returning to the first method, in various embodiments, the authentication may be performed (locally) on the card:; ¢,0. such that the scanned fingerprint does not leave the card. For example, after authenticating the identity of a bearer, the smartcard may transmit a message indicating the bearer has been authenticated, which may include the confidence score, or may be indicative of the confidence score (e.g. transmitting a first message if the confidence score is below the predetermined threshold and a second, different message if the confidence score is above the predetermined threshold).
In a further aspect, the present invention may also provide a smartcard for use with the method above. Thus, a smartcard may comprise a biometric sensor embedded therein, wherein the smartcard is configured to authenticate the identity of a bearer of a smartcard using the biometric sensor, determine a confidence score of the authentication, an# transmit a message indicating Aether the bearer has been authenticated, wherein the message is indicative of a confidence score of the authentication,
The smartcard is preferably capable of wireless communication, such as using RFID or NFC communication. However, the smartcard may comprise a contact connection, for example via a contact pad Of tip like. In various embodiments, the smaftcafd may permit both wireless communication and contact communication.
The smartcard preferably has a width of between 85.47 ram and 85.72 mm, and a height of between 53:92 mm and 54.03 mm. The smartcard may have a thickness less than 0.84 mm, and preferably of about 0.76 mm (e.g. ± 0.08 ram), which are the thickness of a normal smartcard. More generally, the smartcard may comply with ISO 7816, which Is the specification for a smartcard. it will be appreciated that the method described above may use a smartcard employing any one or more of all of the optional features of this smartcard.
In yet a further aspect, the present invention may also provide a computer system comprising a smartcard reader for communicating with an electronic smartcard having an embedded biometric sensor, wherein the computer system is configured to receive an indication of a confidence score of an authentication of the bearer of the smartcard, and wherein the computer system is configured tp permit a first action if the bearer is authenticated and the confidence score is below a predetermined threshold and to permit a S|cpnd action if the bearer ip authenticated and the confidence SCdfe is above the predetermined threshold.
The computer system may be configured to carry but any one or more or all of the optional and preferred features described above.
Certain preferred embodiments on the present invention will now be described in greater detail, by way of example only and with reference to the accompanying drawings, in which:
Figure 1 illustrates a circuit: for a prior art passive smartcard,
Figure 2 illustrates a circuit for a passive smartcard incorporating a fingerprint scanner; and
Figure 3 illustrates an external housing for the passive smartcard incorporating the fingerprint scanner.
Figure 1 shows the architecture of a typical passive smartcard 2. A powered card reader 4 transmits a signal via an antenna 6. The signal is typically 13.56 MHz for MIFARE® and DESFire® systems, manufactured by NXP Semiconductors, but may be 125 kHz for lower frequency PROX® products, manufactured by HID Global Dorp. This signal is received by an antenna 8 of the smartcard 2, comprising a tuned coil and capacitor, and then passed to a communication chip 10. The received signal is rectified by a bridge rectifier 12, and the DC output of the rectifier 12 is provided to processing unit 14 that controls the messaging from the communication chip 10 A control signal output from the processing unit 14 controls a field effect transistor 16 that is connected across the antenna 8. By switching on and off the transistor 18, a signal can be transmitted by the smartcard 2 and decoded by suitable control circuits 18 in the reader 4. This type of signalling is known as backscatter modulation and is characterised by the fact that the reader 4 is used to power the return message to itseif.
Figure 2 shows the architecture of a card reader 104 and a passive smartcard 102, which is a variation of the prior art passive smartcard 2 shown in Figure 1. The smartcard 102 shown in Figure 2 has been adapted to include a fingerprint authentication engine 120.
The smartcard 102 again comprises an antenna 108 for receiving an RF (radio-frequency) signal, a passive communication chip 110 powered by the antenna 108, and a passive fingerprint authentication engine 120, also powered by the antenna 108.
As used herein, the term "passive smartcard.....should be understood to mean a smartcard 102 in which the communication chip 110 is powered Oily by energy harvested from an excitation field, for example generated by the card reader 118. That is to say, a passive smartcard 102 relies on the reader 118 to supply its power for broadcasting. A passive smartcard 102 would not normally include a battery, although a battery may be included to power auxiliary components of the circuit (but not to broadcast); such devices are often referred to as ''semi-passive devices".
Similarly, the terra "passive fingerprint/biometric authentication engine" should be understood to mean a fingerprint/biometric authentication engine that is powered only by energy iarvested from an excitation field, for example the RF excitation field generated by the card reader 118
The antenna til comprises a tuned circuit including an induction coil and a capacitor, which are tuned to receive an RF signal from the card reader 104. When exposed to the excitation field generated by the reader 104, a voltage is induced across the antenna 108.
The antenna 108 has first and second end output lines 122, 124, one at each end of the antenna 108. The output lines of the antenna 108 are connected to the fingerprint authentication engine 120 to provide power to the fingerprint authentication engine 120. In this arrangement, a rectifier 126 is provided to rectify the AG voltage received by the antenna 108. The rectified DC voltage is smoothed using a smoothing capacitor and supplied to the fingerprint authentication engine 120.
The fingerprint authentication engine 120 includes a processing unit 128 and a fingerprint reader 130, which is preferably an area fingerprint reader 130 as shown in Figure 3. The fingerprint authentication engine 120 is passive, and hence is powered only by the voltage output from the antenna 108. The processing unit 128 comprises a microprocessor that is chosen to be of very low power and very high speed, so as to be able to perform biometric matching in a reasonable time>
The fingerprint authentication engine 120 is arranged to scan a finger or thumb presented to the fingerprint reader 130 and to: compare the scanned fingerprint of the finger or thumb to pre-stored fingerprint data using the processing unit 128. A determination is then made as to whether the scanned fingerprint matches the pre-stored fingerprint data, in a preferred embodiment, the time required for capturing a fingerprint image and authenticating the bearer of the card 102 is less than one second.
If a match is determined, then the communication chip 110 is authorised to transmit a signal to the card reader 104 via a communication line connecting the fingerprint authentication engine 120 to the processing unit 114 of the communication Chip 110. The communication chip 110 transmits the signal by backseatter modulation, in the same manner as the conventional communication chip 10,
In some circumstances, the owner of the card 102 may suffer an injury resulting In damage to the finger that has been enrolled on the card 102. This damage might, for example, be a soar on the part of the finger that is being evaluated. In a conventional system, the threshold for determining a match may be set very high, in order to ensure good security, however, as a result, such damage can mean that the owner will not be authorised by the card 102,
The following method permits a degraded mode of operation of the biometric card 102, which may permit Imited use of the card 102 by the bearer in tie event of such injury or the like. This means that the user can still carry out basic functions, until sue! a time as the injury has healed, a new card 102 can be issued or it is possible to enrol a neW fingerprint onto the existing card 102, e g. of a different finger or including the injury/scar.
The fingerprint authentication unit 120 is configured to use a relatively low threshold for determining a match. Then, when carrying out the authentication, the fingerprint authentication unit 120 also determines a confidence score. The transmitted signal contains both an indication that the bearer of the card has been authenticated, as well as the confidence score of the authentication. This permits the card reader 118 (ora computer system to which it is connected) to determine What level of access to grant to the bearer Of the card 102.
In one embodiment, the smartcard 102 is a financial card, such as a credit, debit of other payment card. The card reader 118 may be a point-of-sale terminal or the terminal of an automatic teller machine. The card reader 118 is configured so as to recognize three levels confidence, and permit corresponding levels of performance.
Level 1| A leM 1 score permits a full functionality mode of opration. This level requires there to be a full match With a very low false rejection rate (FRR), i.e. a very high biometric matching confidence score. This is the level that would typically be required in a conventional system in order to authenticate the bearer of the card. When the match satisfies these criteria, the card operates at full functionality. For example, in the case of a payment or a cash withdrawal, transactions may be authorised using the carcl up fp the maximum card authorization amount, for example, up to a $400 limit.
Level 2) A level 2 score permits a reduced functionality mode of operation. This level might require either a partial match with a low matching score and/or an intermediate FRR. This level of match would typically be rejected in a conventional system. However, there is still a reasonable likelihood that the bearer is the authorised person. When the match satisfies these criteria, the card will still operate, but with reduced functionality, |0r example, in the ease of a payment or a cash withdrawal, transactions may be authorised using the card up to the reduced authorization amount; for example, up to a $50 limit·
Level 3) A level 3 score does not permit operation. This level would typically occur when there is a very high FRR. At this level of score, the card will not operate. For example, in the case of a payment or a cash withdrawal, transactions will not be authorised.
It should be noted that most biometric matching algorithms provide a matching or confidence score of Some sort. Often, the determination of Whether or not to authenticate the bearer is made based on whether or not this score exceeds some threshold. As such, many existing biometric matching algorithms can be used to implement this method.
Should the card 102 detect repeated attempts at authorization with no success, i.e. multiple level 3 scans, then the card may send a signal to the reader 118 indicating possible fraud. For example, the card may send such a message after three failed attempts.
In various embodiments, each time the card detects a level 3 scan, it may send a message to the reader 118 informing it that a non-authenticated bearer has attempted to use the card, and the number of successive attempts made.
The card may be configured so as to then be inoperable, or put into a further reduced mode of operation, after a certain number of failed authorisation attempts, The card may be put into this mode until the card is re-enabled:, for example by entering a PIN at a bank terminal or by presenting photographic identification to a human bank tellers
If a reduced mode of operation is enabled, then the card 102 may only be usabie with a PIN or other verification means. The card may also or alternatively have a reduced transaction limit imposed, for example $25, even when used with PIN or with a subsequently correctly authorised fingerprint,
Whilst the above embodiments relate primarily to financial smartcards, it will be appreciated that this mode of operation may be applied to any other type of smartcard 102 incorporating a biometric authentication module 120. For example, the method could be applied to an access control system, where a level 1 scan permits access to all areas that the bearer is permitted to access, and a level 2 scan, which still permits degraded mode of operation, might allow access to low security areas, such as into a building or car park so that the bearer can still, for example, get to the security desk to request a replacement card, or the like.

Claims (22)

  1. Ct^liS:
    1. A method comprising: authenticating the identity of a bearer of a smartcard using a biometric sensor embedded within the smartcard and determining a confidence score of the authentication; permitting a first action if the bearer is authenticated and the confidence score is below a predetermined threshold; and permitting a second action if the bearer is authenticated and the confidence SCOfe is above the predetermined threshold.
  2. 2. A method according to claim 1, wherein a second set of actions is permitted if the bearer is authenticated and the confidence score is above the threshold, wherein the second set Of actions includes the first action and at least one action not permitted if the bearer is authenticated and the confidence score is below the predetermined threshold,
  3. 3. A method according to claim 2, wherein a first set of actions is permitted if the bearer is authenticated and the confidence score is below the threshold, wherein the second set of actions includes all of the first set of actions and one or more actions not in the first set of actions. 4; A method according to any preceding claim, wherein the first action or set of actions results in less harm than the second action or set of actions, were it or they to be carried out fraudulently.
  4. 5. A method according to any preceding claim, wherein one or more of the actions is a financial transaction, such including a payment, a cash withdrawal, or a bank transfer. S. A method according to claim 5, wherein the first action is a non-financia! action and the second action is a financial transaction.
  5. 7. A method according to claim 5, wherein the first action is a financial transaction that does not exceed a first predetermined financial cap, and the second action is a financial transaction that either does not exceed a second, higher predetermined financial cap or is not subject to a financial cap.
  6. 8. A method according to any of claims 1 to 4, wherein the first and second actions include accessing one or more securesareas.
  7. 9. A method according to claim 8, wherein the first action includes accessing:: one or more low-security secure areas and the second action includes accessing: the one or more iow-security secure areas and: one or more high-seourity secure areas.
  8. 10. A method according to any preceding claim, further Comprising sending ah alert when the bearer is authenticated and the confidence score is below a predetermined threshold and optionally when one or more other criteria are met.
  9. 11. A method according to any preceding claim, wherein the biometric sensor is a fingerprint sensor.
  10. 12. A method according to any preceding claim, further comprising detecting repeated, unsuccessfut authorisation attempts.
  11. 13. A method according to claim 12, further comprising sending an alert indicating possible fraud responsive to detecting the repeated, unsuccessful authonzation attempts.
  12. 14. A method according tp claim 13, wherein the alert is sent after a predetermined number of attempts, and/or after one or more further criteria are satisfied.
  13. 15. A method according to claim 12, 13 to 14, further comprising restricting the first and/or second actions of the bearer responsive to detection of repeated, unsuccessful authorisation attempts and/or sending the alert indicating possible fraud.
    11, A method according to claim 15, wherein the restriction includes not permitting the bearer to make second actions, even if the confidence score is above the predetermined threshold.
  14. 17. A method according to claim 15 or 16, wherein the restriction includes not permitted the bearer to take any actions if the confidence score is below the predetermined threshold.
  15. 18. A method according to claim 15, 16 or 17, wherein the restriction includes requiring the bearer to meet one or more additional criteria before permitting the first and/or second actions, such as passing a secondary authentication step.
  16. 19. A method according to any preceding claim, wherein the authentication is performed locally on the card.
  17. 20. A smarteard comprising a biometric sensor embedded therein, wherein the smartcard is configured to authenticate the identity of a bearer of a smarteard using the biometric sensor, determine a confidence score of the authentication, and transmit a message indicating whether the bearer has been authenticated, Wherein the message is indicative of a confidence score of the authentication.
  18. 21. A smarteard according to claim 20, wherein the message indicates that the bearer has been authenticated and includes the confidence score 2|; A smarteard according to claim 20, wherein the smartcard is configured to transmit a first message if the confidence score is below a predetermined threshold and a Second, different message if the confidence score is above the predetermined threshold.
  19. 23. A Computer system comprising a smartcard reader for Communicating with an electronic smartcard having an embedded biometric sensori wherein the computer system is configured to receive an indication of a confidence score of an authentication Of the bearer of the smartcard, and wherein the computer system Is configured to permit a first action if the bearer is authenticated and the confidence score is below a: predetermined threshold and to permit a second action if the bearer is authenticated and the confidence score is above the predetermined threshold.
  20. 24. A computer system according to claim 23, wherein the computer system is configured to carry out the method of any of claims 1 to 19.
  21. 25. A method substantially as hereinbefore described with reference to Figures 2 and 3.
  22. 26. A smartcard substantially as hereinbefore described with reference to Figures 2 and 3.
GB1522873.7A 2015-12-24 2015-12-24 Biometric smartcard with multiple modes of operation Withdrawn GB2545739A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1522873.7A GB2545739A (en) 2015-12-24 2015-12-24 Biometric smartcard with multiple modes of operation
PCT/EP2016/082561 WO2017109173A1 (en) 2015-12-24 2016-12-23 Biometric device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1522873.7A GB2545739A (en) 2015-12-24 2015-12-24 Biometric smartcard with multiple modes of operation

Publications (2)

Publication Number Publication Date
GB201522873D0 GB201522873D0 (en) 2016-02-10
GB2545739A true GB2545739A (en) 2017-06-28

Family

ID=55359017

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1522873.7A Withdrawn GB2545739A (en) 2015-12-24 2015-12-24 Biometric smartcard with multiple modes of operation

Country Status (2)

Country Link
GB (1) GB2545739A (en)
WO (1) WO2017109173A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2547905B (en) * 2016-03-02 2021-09-22 Zwipe As Fingerprint authorisable device
US20240062206A1 (en) * 2022-08-16 2024-02-22 Capital One Services, Llc Authentication of contactless transactions

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5280527A (en) * 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
US20070096870A1 (en) * 2005-10-26 2007-05-03 Sentrilock, Inc. Electronic lock box using a biometric identification device
US9177133B1 (en) * 2014-07-14 2015-11-03 The United States Of America, As Represented By The Secretary Of The Army Multi-function smart communication card

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020194003A1 (en) * 2001-06-05 2002-12-19 Mozer Todd F. Client-server security system and method
US8392965B2 (en) * 2008-09-15 2013-03-05 Oracle International Corporation Multiple biometric smart card authentication
US9116645B1 (en) * 2014-10-28 2015-08-25 Rovi Guides, Inc. Methods and systems for granting partial or full access to an application based on level of confidence that print corresponds to user profile

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5280527A (en) * 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
US20070096870A1 (en) * 2005-10-26 2007-05-03 Sentrilock, Inc. Electronic lock box using a biometric identification device
US9177133B1 (en) * 2014-07-14 2015-11-03 The United States Of America, As Represented By The Secretary Of The Army Multi-function smart communication card

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2547905B (en) * 2016-03-02 2021-09-22 Zwipe As Fingerprint authorisable device
US20240062206A1 (en) * 2022-08-16 2024-02-22 Capital One Services, Llc Authentication of contactless transactions
US12067568B2 (en) * 2022-08-16 2024-08-20 Capital One Services, Llc Authentication of contactless transactions

Also Published As

Publication number Publication date
WO2017109173A1 (en) 2017-06-29
GB201522873D0 (en) 2016-02-10

Similar Documents

Publication Publication Date Title
US10726115B2 (en) Biometric device
US20210042759A1 (en) Incremental enrolment algorithm
US10474802B2 (en) Biometric enrolment authorisation
US7819329B2 (en) Method of activating a fingerprint identification process of a smart card according to a given condition and a device thereof
US20180253634A1 (en) Security protected passive rfid device
US20140210589A1 (en) Smart card and smart system with enhanced security features
US20190065716A1 (en) Attack resistant biometric authorised device
US20190220582A1 (en) Biometrically authorisable device
GB2545739A (en) Biometric smartcard with multiple modes of operation
US20230137390A1 (en) Method for managing a biometric smart card
US11568410B1 (en) Systems and methods for preventing fraudulent credit card and debit card transactions
KR101274086B1 (en) Smart card and storage media storing the same

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)