WO2002095589A1 - Mobile identity verification - Google Patents
Mobile identity verification Download PDFInfo
- Publication number
- WO2002095589A1 WO2002095589A1 PCT/US2002/015843 US0215843W WO02095589A1 WO 2002095589 A1 WO2002095589 A1 WO 2002095589A1 US 0215843 W US0215843 W US 0215843W WO 02095589 A1 WO02095589 A1 WO 02095589A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- verification
- user
- portable device
- server
- transaction
- Prior art date
Links
- 238000012795 verification Methods 0.000 title claims abstract description 158
- 238000000034 method Methods 0.000 claims abstract description 35
- 238000010200 validation analysis Methods 0.000 claims abstract description 5
- 238000004891 communication Methods 0.000 claims description 30
- 230000001413 cellular effect Effects 0.000 claims description 24
- 230000006870 function Effects 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 12
- 239000000463 material Substances 0.000 claims description 7
- 230000009471 action Effects 0.000 claims description 2
- 230000004044 response Effects 0.000 claims description 2
- 230000004048 modification Effects 0.000 description 8
- 238000012986 modification Methods 0.000 description 8
- 230000000977 initiatory effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000003384 imaging method Methods 0.000 description 3
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000001746 injection moulding Methods 0.000 description 2
- 230000037361 pathway Effects 0.000 description 2
- 239000004676 acrylonitrile butadiene styrene Substances 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000011248 coating agent Substances 0.000 description 1
- 238000000576 coating method Methods 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 210000004087 cornea Anatomy 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- VJYFKVYYMZPMAB-UHFFFAOYSA-N ethoprophos Chemical compound CCCSP(=O)(OCC)SCCC VJYFKVYYMZPMAB-UHFFFAOYSA-N 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 239000012811 non-conductive material Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000010363 phase shift Effects 0.000 description 1
- 239000000088 plastic resin Substances 0.000 description 1
- 229920000642 polymer Polymers 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 229920001169 thermoplastic Polymers 0.000 description 1
- 239000004416 thermosoftening plastic Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W74/00—Wireless channel access
Definitions
- This invention relates to identity verification, and more particularly to universal mobile identity verification.
- Biometric identity verification is a useful tool for validating a user's identity without the annoyance of remembering a password and with the convenience and safety of biometric identification.
- Fingerprint identity verification is one example of a biometric identity verification system.
- Fingerprint identity verification includes, among other steps, acquiring fingerprint data using a fingerprint reader. Typically, fingerprint data are obtained by reflecting or scattering an image of a finger surface onto an image sensor, such as a charge coupled device. Fingerprint readers are described in, for example, U.S. Pat. No. 4,924,085 to Kato et al., U.S. Pat. No. 5,088,817 to Igaki et al., and U.S. Pat. No.
- a method is performed at a verification server for verifying an identity of a user attempting to access a transaction hosted by a server.
- the method includes receiving a biometric signal from a verification system that is housed in a portable device and that is separate from the transaction server and the verification server.
- the method further includes validating the received biometric signal, and sending acknowledgement of validation to the transaction server.
- the received biometric signal includes information relating to the user's identity that was obtained using biometric verification.
- the method may include receiving a user identifier from the transaction server and generating an access identifier in response to the received user identifier.
- the method may also include sending the access identifier to the transaction server for presentation to the user and prompting a user to enter the access identifier.
- the access identifier may be received from the user and validated, and the user may be prompted to produce the biometric signal by performing a verification action.
- Validating the received access identifier may include determining if the received access identifier corresponds to the generated access identifier.
- the received biometric signal maybe validated by determining if the received biometric signal corresponds to a predetermined biometric template for the user.
- a biometric signal may be transmitted through a wireless channel.
- a biometric signal may include information relating to a physical feature of the user.
- the portable device may be a cellular telephone.
- the portable device may be a personal digital assistant.
- a system for verifying an identity of a user attempting to access a transaction hosted by a server includes a device and a verification server.
- the device is separate from the transaction server and carried by the user, and the device includes a verification system.
- the verification server is separate from the transaction server and the device.
- the verification server includes a processor having a communication link that transmits content to and from the user device and to and from the transaction server, and memory.
- the memory stores instructions performed by the processor (i) to receive a biometric signal from the verification system; (ii) to validate the received biometric signal; and (iii) to send acknowledgement of validation to the transaction server.
- the received biometric signal includes information relating to the user's identity that was obtained using biometric verification.
- the verification system may include an imager, a processor, and memory.
- the memory stores instructions performed by the verification system processor (i) to image a finger; (ii) to convert the finger image into a biometric template; and (iii) to prepare the biometric template for subsequent transmission.
- the transaction server may include a processor having a communication link that transmits content to and from the user device and to and from the verification server, and memory.
- the memory stores instructions performed by the transaction server processor (i) to receive a user request to access the transaction; (ii) to receive a user identifier; (iii) to send the user identifier to the verification server; (iv) to receive an access identifier from the verification server; (v) to present the access identifier to the portable device; (vi) to receive acknowledgement verifying the user identity from the verification server; and (vii) to grant the user access to the transaction.
- a system for converting a portable device into a portable verification device includes a body that houses components needed to perform a first function of the portable device, a compartment in the body of the portable device, and an adapted compartment.
- the compartment stores an energy source to power the housed components of the portable device.
- the adapted compartment is designed to encapsulate a fingerprint reader.
- the adapted compartment fits in the compartment of the portable device to convert the portable device into a portable verification device that performs the first function and a second verification function. Implementations may include one or more of the following features.
- the portable device may be a cellular telephone.
- the compartment may include a battery pack.
- the adapted compartment may include a battery pack.
- the fingerprint reader may include an imager, a processor, and memory.
- the memory stores instructions performed by the processor (i) to image a finger, (ii) to convert the finger image into a biometric template, and (iii) to prepare the biometric template for transmission.
- a method of converting a portable device into a portable verification device includes forming a mold cavity shaped like a compartment in a body of the portable device to to store an energy source to power elements needed to perform a first function of of the portable device. The method also includes inserting a fingerprint reader into the mold cavity and injecting a material into the mold cavity to encapsulate the fingerprint reader. The injected material is permitted to solidify to form an adapted compartment. The adapted compartment is attached to the portable device to convert the portable device into a portable verification device that performs the first function and a verification function.
- the portable device may be a cellular telephone and the compartment may include a battery pack.
- biometric identity verification has several advantages.
- the biometric identity verification system and method exploits the ubiquity of wireless telephony and Internet access, thus enabling biometric identity verification with minimal modification to existing infrastructure. Accordingly, such a biometric identity verification system and method increases or promotes use of biometric verification to add security to many transactions.
- Fig. 1 is a block diagram of a mobile identity verification system.
- Fig. 2 is a block diagram of a portable device that may be used in the mobile identity verification system of Fig. 1.
- Fig. 3 and 4 are front and back schematic views, respectively, of a portable device used in the mobile identity verification system of Fig. 1.
- Fig. 5 is a flow chart of a procedure for forming a battery pack in the portable device of Figs. 3 and 4.
- Figs. 6 and 7 are flow charts of procedures performed by the mobile identity verification system.
- fingerprint identity verification is inhibited because of a lack of installed infrastructure of fingerprint readers into various form factors such as, for example, personal computers, personal digital assistants (PDAs), and public data terminals.
- PDAs personal digital assistants
- fingerprint reader technology is now available in small and moderately priced form factors, the technical complexity of installation into a wide variety and number form factors has had a negative effect on deployment of applications that may benefit from biometric verification of identity.
- portable personal identification devices may be used to provide secure access to a host facility such as a home security system, an automated teller machine, an automobil alarm system, or a garage door opener.
- the PID may include a biometric sensor system capable of sensing a biometric trait (such as a fingerprint) of a user that is unique to the user. The PID then provides a biometric signal indicative of the user's identity to the host facility.
- biometric trait such as a fingerprint
- a mobile identity verification system 100 exploits the ubiquity of wireless communications to enable biometric identity verification with minimal modifications to existing infrastructure, thus increasing the possibility of using biometric identity verification in every day transactions.
- a user enters biometric information into a portable device (such as a cellular telephone) when trying to enter a transaction at a transaction device (such as an Internet web page, a personal computer, or an automated teller machine).
- a transaction device such as an Internet web page, a personal computer, or an automated teller machine.
- the portable device uses wireless communication, the portable device sends a biometric signal to an independent verification server (that may be separate from the portable device), which performs verification services and indicates such user verification to a transaction server in communication with the transaction device.
- an independent verification server that may be separate from the portable device
- electromagnetic waves (rather than some form of wire or cable) carry the propagation signal over part or all of the communication path.
- the mobile identity verification system 100 includes a transaction device 105, a portable device 110, a transaction server 115 coupled to the transaction device 105 through a network 120, and a verification server 125 coupled to the portable device 110 using any signal carrier 130 such as a radio tower, microwave antenna, or infrared transmitter/receiver.
- the transaction device 105 may be any device at which the user wishes to access a transaction.
- Examples of transaction devices 105 include personal computers, credit card terminals, and automatic teller machines.
- the user may wish to access a web site that is enabled for fingerprint identity verification.
- the user may wish to use a credit card at a credit card terminal that requires biometric verification of the authorized card holder.
- the transaction device 105 controls operations of the transaction and is enabled for biometric verification.
- the transaction device 105 may include various input/output (I/O) devices (for example, a mouse, a keyboard, a display, or a microphone) and a general purpose computer having a central processor unit (CPU), an I O unit, and a memory that stores data and various programs such as an operating system, and one or more application programs.
- the memory stores a program that controls transactions enabled for biometric verification.
- the computer system may also include some sort of communications card or device (for example, a modem or network adapter) for exchanging data with a network via a communications link (for example, a telephone line or cable).
- the transaction server 115 communicates with the transaction device 105 through the network 120 and with the verification server 125 either through a direct connection or through a wireless connection.
- the transaction server 115 may include one or more general-purpose computers (for example, personal computers), one or more special- purpose computers (for example, devices specifically programmed to communicate with each other), or a combination of one or more general-purpose computers and one or more special-purpose computers.
- the transaction server 115 may be arranged to operate within or in concert with one or more other systems, such as for example, one or more Local Area Networks (LANs) and/or one or more Wide Area Networks (WANs).
- LANs Local Area Networks
- WANs Wide Area Networks
- the transaction server 115 is generally capable of executing instructions under the command of a transaction controller (not shown).
- the transaction server 115 is connected to the transaction controller by a wired or wireless data pathway capable of delivering data.
- the portable device 110 may be any wireless device that a user is likely to carry such as a cellular telephone, a PDA, or a pen computer.
- the portable device 110 includes wireless communication equipment such as, for example, a transceiver (receiver/transmitter), audio circuitry (such as microphone or speaker), and various controller circuits for controlling communications.
- the portable device 110 may include various input/output (I/O) devices (for example, a pointing device, a keyboard, or a display), a central processor unit (CPU), an I/O unit, and a memory that stores data and various programs such as an operating system, and one or more application programs.
- the portable device 110 may include an externally-accessible (analog or digital) data connector for accessory devices such as, for example, headsets.
- a predetermined event for example, an initiation of a call on a cellular telephone
- the accessory device may override operation of internal devices of the portable device 110.
- the accessory device may cause some internal devices of the portable device 110 to bypass a microphone.
- the portable device 110 is equipped with a verification system 200 that includes all the necessary components for fingerprint identification, signal conversion, compression, encryption, and communication.
- the verification system 200 includes all the necessary components for fingerprint identification, signal conversion, compression, encryption, and communication.
- the 200 includes a fingerprint reader 205 that images the finger, image capture electronics 210 for receiving the output from the fingerprint reader 205 and for converting the output into a format readable by a controller 215.
- the fingerprint reader 205 includes the necessary optics and illuminating sources for illuminating the finger. Fingerprint readers are described in U.S. Application No.
- the controller 215 may include a processor 220 and memory 225 storing software for converting image data from the image capture electronics 210 into a biometric template, and for compressing and encrypting the template to avoid interception during data communication.
- the memory 225 may store software 230 for capturing and imaging, software 235 for biometric template extraction, software 240 for data encryption and packaging, and software 245 for call control and protocol.
- the memory 225 may be used to store finger images and other suitable data that may be accessed by the processor 220.
- the verification system 200 may also include a modulator/demodulator (or a high speed touch tone generator) 250 for preparing data from the controller 215 for transmission.
- Any suitable data communications system 255 may be implemented within the device 110 to transmit the template to a central verification server.
- a suitable data communication system 255 may include analog and digital radio systems such as are used in cellular telephones.
- the communication system 255 may include a data or voice connector 260 for communicating with the modulator/demodulator 250 and standard wireless communication electronics 265 for use in portable devices and telephony applications.
- the device 110 includes other various components 270 that control standard operation of the device 110.
- the various electronic components of the verification system 200 may be configured on a PC card or any suitable device.
- the verification server 125 may include one or more general-purpose computers (for example, personal computers), one or more special-purpose computers (for example, . devices specifically programmed to communicate with each other), or a combination of one or more general-purpose computers and one or more special-purpose computers.
- the verification server 125 may be arranged to operate within or in concert with one or more other systems, such as for example, one or more Local Area Networks (LANs) and/or one or more Wide Area Networks (WANs).
- LANs Local Area Networks
- WANs Wide Area Networks
- the verification server 125 is generally capable of executing instructions under the command of a verification controller (not shown), which may be connected to the verification server by a wired or wireless data pathway capable of delivering data.
- the verification server 125 performs the user identity verification that will be used by the transaction device 105 to grant access of a transaction to the user.
- the portable device 110 may be a cellular telephone 300 that includes a telephone body 302 and a battery compartment 304.
- the battery compartment 304 contains the batteries used to power the cellular telephone.
- the fingerprint reader 205 may be molded into an adapted battery component 410 that attaches to the telephone body 302 and fits within the battery compartment 304.
- An externally- accessible data connector 306 may protrude into the battery compartment 304.
- the adapted battery component 410 may interface with the data connector 306 through a matching connector.
- the adapted battery component 410 may include a cable lead and a mating connector that connects into the data connector 306.
- a battery is also molded into the adapted battery component 410.
- a battery is secured by the adapted battery component 410 into the battery compartment 304 of the telephone body 302.
- no modifications to the body 302 are required using the adapted battery component 410.
- no approval for example, FCC
- Users may purchase the adapted battery component 410 to upgrade their existing cellular telephone to provide mobile identity verification at any time.
- the adapted battery component 410 may be formed of any material suitable for use in the cellular telephone.
- the adapted battery component 410 may be made from a non-conductive material using a variety of known techniques, such as a strong thermoplastic (for example, acrylonitrile-butadiene-styrene (ABS)) that may be injection molded or compression molded. Accordingly, the fingerprint reader 205 may be integrally formed with the battery component 410, during injection molding.
- the battery component 410 may also be formed, for example, from a lightweight metal having an electrically non-conductive coating. Specific dimensions of the battery component 410 depend on the size of the cellular telephone 300.
- the adapted battery component 410 is formed using a production procedure 500 such as injection molding.
- the fingerprint reader is inserted and appropriately positioned into a mold cavity shaped like the battery component (step 505).
- Other components such as a battery and wires are inserted and positioned into the mold cavity (step 510).
- a prepared material such as a plastic resin or a polymer is injected under pressure into the mold cavity to encapsulate the fingerprint reader and the other positioned components (step 515).
- the prepared and injected material is permitted to solidify to form the adapted battery component (step 520) and the mold cavity is subsequently removed (step 525).
- the adapted battery component may then be integrated into the battery compartment of, for example, a cellular telephone-
- the user programs a personal identification number (PIN) into the portable device 110 immediately after purchase of the portable device 110.
- PIN personal identification number
- This PIN is also stored, for example, into the memory of the fingerprint reader of the portable device 110 for future transmission and reference.
- the system 100 performs a procedure 600 for mobile identity verification.
- the transaction server 115 receives from a user at the transaction device 105 a request to access a verification-enabled transaction (step 605).
- the user may access a web site that is enabled for biometric verification.
- the transaction server 115 receives a user identifier (step 610).
- the user may enter a user ID and then press a "verify" button at a web site instead of entering a password.
- the transaction server 115 sends the user identifier to the verification server 125 (step 615).
- the verification server 125 Upon receipt of the user identifier (step 620), the verification server 125 generates and sends an access identifier (for example, a randomly-generated multi-digit token) to the transaction server 115 (step 625).
- the transaction server 115 Upon receipt of the access identifier, the transaction server 115 presents the access identifier to the user at the transaction device 105 and requests that the user enter this access identifier when subsequently verifying her identity (step 630).
- the portable device 110 receives a user initiation to access the verification server 125 (step 635).
- a user initiation may include the user pressing a speed dial button on her cellular telephone to access the verification server.
- the verification server 125 receives the initiation, initiates a connection by establishing a communication channel with the portable device 110 (step 637).
- the verification server prompts the user to enter her access identifier into the portable device 110 (step 640). For example, if the portable device 110 is a cellular telephone, the verification server 125 may prompt the user by playing a recorded message.
- transmitted information through an analog data connector 306 may include audible frequency shift or phase shift keyed analog modem signals.
- the user of the portable device 110 may be required to initiate a connection to an analog modem at the verification server.
- Transmitted information through a digital data connector 306 is binary in form and presented in serial data packets. Once the connection is established, the verification system takes over operation of the portable device 110.
- the verification system of the portable device 110 may be able to initiate the call directly at step 635 using cellular digital packet data (CDPD) protocol over an analog or digital cellular network (or using GSM digital protocol outside the United States).
- CDPD cellular digital packet data
- the amount of information that will be carried through the established communication channel is about 1 kilobyte (kB).
- the 1 kB payload may be uploaded in about less than 10 seconds of data transmission time.
- the portable device 110 receives the access identifier from the user (who has entered the access identifier) and forwards this access identifier to the verification server 125 over the established communication channel (step 645).
- the verification server 125 Upon receipt of the access identifier (step 650), the verification server 125 determines if the received access identifier is valid (step 655). If the access identifier is not valid (step 655), the verification server 125 may continue to prompt the user to enter a co ⁇ ect access identifier for a predetermined number of times (step 640). If the access identifier is valid (step 655), the verification server 125 forwards a signal through the established communication channel to the portable device 110 to prompt the user to verify her identity (step 660). Next, the portable device 110 receives user verification input (step 662) and subsequently performs a verification procedure (step 665). As shown in Fig.
- the portable device 110 may perform a procedure 665 for verification. Initially, the portable device fingerprint reader images the finger (step 700). The portable device may then emit an acknowledgement tone to indicate a satisfactory image grab and extraction. Next, the fingerprint reader of the portable device converts the finger image into a verification signal such as a biometric template (step 705). The fingerprint reader then prepares the verification signal for subsequent transmission by, for example, compressing and encrypting the verification signal to reduce the likelihood of interception during transmission (step 710).
- a verification signal such as a biometric template
- the portable device 110 transmits the verification signal to the verification server 125 over the established communication channel (step 670).
- the verification server 125 receives and processes the verification signal (step 675). For example, if the verification signal has been compressed and/or encrypted by the portable device 110, the verification server 125 decompresses and/or decrypts the verification signal at step 675.
- the verification server 125 determines if the verification signal is a valid signal by comparing the verification signal against a pre-established enrollment template for that particular user (step 680). If the verification signal is valid (step 680), then the user's identity has been successfully verified and the verification server 125 may notify the user as such (step 685). For example, notification may include the verification server 125 disconnecting its direct connection with the portable device 110. Otherwise, if the verification signal is not valid (step 680), the verification server 125 prompts the user to try again (step 660) until a predetermined retry limit is exhausted.
- the verification server 125 sends an acknowledgement of positive verification of the user's identity for that access identifier to the transaction server 115 (step 690).
- the transaction server 115 receives the positive verification acknowledgement, the transaction server 115 grants to the user access of the transaction (step 695). For example, if the transaction server is a host server of a web site, the user would be able to login to and access that web site.
- the identity verification may include other forms of biometric verification such as, for example, speech recognition, which would require no modification to the portable device. In this case, all of the modifications would be programmed at the verification server of the system 100.
- Another form of biometric identification that may be implemented is a cornea or iris scan.
- Fingerprint identity verification may be used to surreptitiously indicate duress.
- the verification server may include several templates for a user, each template indicating a user's intentions. One of those templates may co ⁇ espond to an alternate finger that a user would only use when faced with an emergency. In this way, the verification server may record the duress transaction and/or place an emergency call to proper authorities. This feature would provide added security, safety, and peace of mind for the user.
- a duress indicator may not be as easy to implement using speech recognition. However, a duress indicator may be implemented through a user modification of the user's PIN or a user modification of an access identifier. For example, the user may add an extra digit (that may be predefined) to one of these identifiers to indicate duress.
- the transaction server may be implemented as an operator associated with the transaction device 105, which may be a telephone.
- the operator performs many of the operations of the transaction server 115, including requesting an access identifier from the verification server 125.
- the operator communicates with the user who is requesting a transaction from the portable device 110.
- the operator at the transaction device may open up an extra line using a conference mode of the telephone to dial in to the verification server 125 simultaneously with communication with the user.
- the verification server 125 answers as if the user had initiated the call and performs an audio dialogue.
- the verification server requests the identity verification to be performed, the user presses their finger against the finger print reader, activating the mobile identity verification function.
- the portable device captures the fingerprint image, extracts the template, encodes the data (using an encryption scheme), establishes a modem link to the verification server (which is awaiting the modem's communication), and transmits the template.
- the verification server reports sucessful verification or requests a retry. If successful, the verification server forwards verification to the transaction server.
- the operator breaks the connection to the conference, hanging up on the verification server line, while remaining connected to the user. In this way, the user performs a verification transaction while still online with the assisting operator.
- the adapted battery component 410 maybe designed to provide space for marketing information so that the user of a mobile identity verification device 110 is simultaneously promoting the product to others.
- the adapted battery component 410 may be migrated to other cellular telephones of the same style and type as the original cellular telephone that was upgraded. Therefore, the user need not purchase a new adapted battery component every time she buys a new cellular telephone. Accordingly, other embodiments are within the scope of the following claims.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Collating Specific Patterns (AREA)
- Telephone Function (AREA)
Abstract
A method performed at a verification server of verifying an identity of a user attempting to access a transaction hosted by a server includes a receiving a biometric signal from a verification system that is housed within a portable device and that is separate from the transaction server and the verification server. The received biometric signal is validated, and acknowledgement of validation is sent to the transaction server. The received biometric signal includes information relating to the user's identity that was obtained using biometric verification.
Description
MOBILE IDENTITY VERIFICATION
TECHNICAL FIELD
This invention relates to identity verification, and more particularly to universal mobile identity verification.
BACKGROUND
Biometric identity verification is a useful tool for validating a user's identity without the annoyance of remembering a password and with the convenience and safety of biometric identification. Fingerprint identity verification is one example of a biometric identity verification system. Fingerprint identity verification includes, among other steps, acquiring fingerprint data using a fingerprint reader. Typically, fingerprint data are obtained by reflecting or scattering an image of a finger surface onto an image sensor, such as a charge coupled device. Fingerprint readers are described in, for example, U.S. Pat. No. 4,924,085 to Kato et al., U.S. Pat. No. 5,088,817 to Igaki et al., and U.S. Pat. No.
5,067,162 to Driscoll, Jr., et al. In each of these fingerprint readers, a light source is irradiated at an angle onto the ridge and valley portions of a fingerprint that has been pressed against a light conducting plate. Depending upon the particular orientation of the light source with respect to the light conducting plate, and the location of the image sensing device, either the reflected or the scattered light from the fingerprint is transferred. The image sensor captures the transferred light so that the captured fingerprint data can be stored.
SUMMARY
In one general aspect, a method is performed at a verification server for verifying an identity of a user attempting to access a transaction hosted by a server. The method includes receiving a biometric signal from a verification system that is housed in a portable device and that is separate from the transaction server and the verification server. The method further includes validating the received biometric signal, and sending acknowledgement of validation to the transaction server. The received biometric signal
includes information relating to the user's identity that was obtained using biometric verification.
Implementations may include one or more of the following features. The method may include receiving a user identifier from the transaction server and generating an access identifier in response to the received user identifier. The method may also include sending the access identifier to the transaction server for presentation to the user and prompting a user to enter the access identifier. The access identifier may be received from the user and validated, and the user may be prompted to produce the biometric signal by performing a verification action. Validating the received access identifier may include determining if the received access identifier corresponds to the generated access identifier.
The received biometric signal maybe validated by determining if the received biometric signal corresponds to a predetermined biometric template for the user. A biometric signal may be transmitted through a wireless channel. A biometric signal may include information relating to a physical feature of the user.
The portable device may be a cellular telephone. The portable device may be a personal digital assistant.
In another general aspect, a system for verifying an identity of a user attempting to access a transaction hosted by a server includes a device and a verification server. The device is separate from the transaction server and carried by the user, and the device includes a verification system. The verification server is separate from the transaction server and the device. The verification server includes a processor having a communication link that transmits content to and from the user device and to and from the transaction server, and memory. The memory stores instructions performed by the processor (i) to receive a biometric signal from the verification system; (ii) to validate the received biometric signal; and (iii) to send acknowledgement of validation to the transaction server. The received biometric signal includes information relating to the user's identity that was obtained using biometric verification. Implementations may include one or more of the following features. The verification system may include an imager, a processor, and memory. The memory stores instructions performed by the verification system processor (i) to image a finger; (ii) to
convert the finger image into a biometric template; and (iii) to prepare the biometric template for subsequent transmission.
The transaction server may include a processor having a communication link that transmits content to and from the user device and to and from the verification server, and memory. The memory stores instructions performed by the transaction server processor (i) to receive a user request to access the transaction; (ii) to receive a user identifier; (iii) to send the user identifier to the verification server; (iv) to receive an access identifier from the verification server; (v) to present the access identifier to the portable device; (vi) to receive acknowledgement verifying the user identity from the verification server; and (vii) to grant the user access to the transaction.
In another general aspect, a system for converting a portable device into a portable verification device includes a body that houses components needed to perform a first function of the portable device, a compartment in the body of the portable device, and an adapted compartment. The compartment stores an energy source to power the housed components of the portable device. The adapted compartment is designed to encapsulate a fingerprint reader. The adapted compartment fits in the compartment of the portable device to convert the portable device into a portable verification device that performs the first function and a second verification function. Implementations may include one or more of the following features. The portable device may be a cellular telephone. The compartment may include a battery pack. The adapted compartment may include a battery pack.
The fingerprint reader may include an imager, a processor, and memory. The memory stores instructions performed by the processor (i) to image a finger, (ii) to convert the finger image into a biometric template, and (iii) to prepare the biometric template for transmission.
In another general aspect, a method of converting a portable device into a portable verification device includes forming a mold cavity shaped like a compartment in a body of the portable device to to store an energy source to power elements needed to perform a first function of of the portable device. The method also includes inserting a fingerprint reader into the mold cavity and injecting a material into the mold cavity to encapsulate the fingerprint reader. The injected material is permitted to solidify to form an adapted compartment. The adapted compartment is attached to the portable device to convert the
portable device into a portable verification device that performs the first function and a verification function.
Implementations may include one or more of the following features. The portable device may be a cellular telephone and the compartment may include a battery pack.
The systems and methods of biometric identity verification have several advantages. The biometric identity verification system and method exploits the ubiquity of wireless telephony and Internet access, thus enabling biometric identity verification with minimal modification to existing infrastructure. Accordingly, such a biometric identity verification system and method increases or promotes use of biometric verification to add security to many transactions.
Other features and advantages will be apparent from the following detailed description, the accompanying drawings, and the claims.
DESCRIPTION OF DRAWINGS The invention is described by way of examples with reference to the accompanying drawings wherein:
Fig. 1 is a block diagram of a mobile identity verification system. Fig. 2 is a block diagram of a portable device that may be used in the mobile identity verification system of Fig. 1. Fig. 3 and 4 are front and back schematic views, respectively, of a portable device used in the mobile identity verification system of Fig. 1.
Fig. 5 is a flow chart of a procedure for forming a battery pack in the portable device of Figs. 3 and 4.
Figs. 6 and 7 are flow charts of procedures performed by the mobile identity verification system.
Like reference symbols in the various drawings indicate like elements.
DETAILED DESCRIPTION
Widespread adoption of fingerprint identity verification is inhibited because of a lack of installed infrastructure of fingerprint readers into various form factors such as, for example, personal computers, personal digital assistants (PDAs), and public data terminals. Although fingerprint reader technology is now available in small and moderately priced form factors, the technical complexity of installation into a wide
variety and number form factors has had a negative effect on deployment of applications that may benefit from biometric verification of identity.
For example, portable personal identification devices (PIDs) may be used to provide secure access to a host facility such as a home security system, an automated teller machine, an automobil alarm system, or a garage door opener. The PID may include a biometric sensor system capable of sensing a biometric trait (such as a fingerprint) of a user that is unique to the user. The PID then provides a biometric signal indicative of the user's identity to the host facility. Such systems are described in U.S. Application No. 09/066,643, titled "PERSONAL IDENTIFICATION SYSTEM," and filed on April 24, 1998, and U.S. Application No. 09/298,326, titled "PERSONAL
IDENTIFICATION SYSTEM AND METHOD," and filed on April 23, 1999, assigned to the assignee of the subject application and both of which are incorporated herein by reference.
Referring to Fig. 1, a mobile identity verification system 100 exploits the ubiquity of wireless communications to enable biometric identity verification with minimal modifications to existing infrastructure, thus increasing the possibility of using biometric identity verification in every day transactions. In general, a user enters biometric information into a portable device (such as a cellular telephone) when trying to enter a transaction at a transaction device (such as an Internet web page, a personal computer, or an automated teller machine). Using wireless communication, the portable device sends a biometric signal to an independent verification server (that may be separate from the portable device), which performs verification services and indicates such user verification to a transaction server in communication with the transaction device.
In wireless communications, electromagnetic waves (rather than some form of wire or cable) carry the propagation signal over part or all of the communication path.
Some devices, such as intrusion alarms, employ acoustic waves at frequencies above the range of human hearing; these devices are also sometimes classified as wireless. Standard wireless communications systems include radio wave systems, microwave systems, and infrared systems. Standard applications using wireless communications include cellular telephones and pagers, global positioning systems, cordless computer peripherals, cordless telephone sets, home entertainment system control boxes, satellite television, and wireless local area networks.
The mobile identity verification system 100 includes a transaction device 105, a portable device 110, a transaction server 115 coupled to the transaction device 105 through a network 120, and a verification server 125 coupled to the portable device 110 using any signal carrier 130 such as a radio tower, microwave antenna, or infrared transmitter/receiver.
The transaction device 105 may be any device at which the user wishes to access a transaction. Examples of transaction devices 105 include personal computers, credit card terminals, and automatic teller machines. For example, the user may wish to access a web site that is enabled for fingerprint identity verification. As another example, the user may wish to use a credit card at a credit card terminal that requires biometric verification of the authorized card holder.
In any case, the transaction device 105 controls operations of the transaction and is enabled for biometric verification. To achieve these functions, the transaction device 105 may include various input/output (I/O) devices (for example, a mouse, a keyboard, a display, or a microphone) and a general purpose computer having a central processor unit (CPU), an I O unit, and a memory that stores data and various programs such as an operating system, and one or more application programs. The memory stores a program that controls transactions enabled for biometric verification. The computer system may also include some sort of communications card or device (for example, a modem or network adapter) for exchanging data with a network via a communications link (for example, a telephone line or cable).
The transaction server 115 communicates with the transaction device 105 through the network 120 and with the verification server 125 either through a direct connection or through a wireless connection. The transaction server 115 may include one or more general-purpose computers (for example, personal computers), one or more special- purpose computers (for example, devices specifically programmed to communicate with each other), or a combination of one or more general-purpose computers and one or more special-purpose computers. The transaction server 115 may be arranged to operate within or in concert with one or more other systems, such as for example, one or more Local Area Networks (LANs) and/or one or more Wide Area Networks (WANs). The transaction server 115 is generally capable of executing instructions under the command of a transaction controller (not shown). The transaction server 115 is connected to the transaction controller by a wired or wireless data pathway capable of delivering data.
The portable device 110 may be any wireless device that a user is likely to carry such as a cellular telephone, a PDA, or a pen computer. The portable device 110 includes wireless communication equipment such as, for example, a transceiver (receiver/transmitter), audio circuitry (such as microphone or speaker), and various controller circuits for controlling communications. In addition to including necessary wireless communication equipment, the portable device 110 may include various input/output (I/O) devices (for example, a pointing device, a keyboard, or a display), a central processor unit (CPU), an I/O unit, and a memory that stores data and various programs such as an operating system, and one or more application programs. The portable device 110 may include an externally-accessible (analog or digital) data connector for accessory devices such as, for example, headsets. When an accessory device is attached to the data connector, and once a predetermined event (for example, an initiation of a call on a cellular telephone) occurs, that accessory device operates as an input/output device for the portable device 110. In this case, the accessory device may override operation of internal devices of the portable device 110. For example, the accessory device may cause some internal devices of the portable device 110 to bypass a microphone.
Referring also to Fig. 2, the portable device 110 is equipped with a verification system 200 that includes all the necessary components for fingerprint identification, signal conversion, compression, encryption, and communication. The verification system
200 includes a fingerprint reader 205 that images the finger, image capture electronics 210 for receiving the output from the fingerprint reader 205 and for converting the output into a format readable by a controller 215.
The fingerprint reader 205 includes the necessary optics and illuminating sources for illuminating the finger. Fingerprint readers are described in U.S. Application No.
09/571,741, titled "FINGERPRINT IMAGING DEVICE" and filed on May 15, 2000, and U.S. Application No. 09/637,063, titled "FINGERPRINT IMAGING DEVICE" and filed on August 11, 2000, assigned to the assignee of the subject application and both of which are incorporated herein by reference. The controller 215 may include a processor 220 and memory 225 storing software for converting image data from the image capture electronics 210 into a biometric template, and for compressing and encrypting the template to avoid interception during data communication. Thus, the memory 225 may store software 230 for capturing and
imaging, software 235 for biometric template extraction, software 240 for data encryption and packaging, and software 245 for call control and protocol. The memory 225 may be used to store finger images and other suitable data that may be accessed by the processor 220. The verification system 200 may also include a modulator/demodulator (or a high speed touch tone generator) 250 for preparing data from the controller 215 for transmission.
Any suitable data communications system 255 may be implemented within the device 110 to transmit the template to a central verification server. For example, as discussed above, a suitable data communication system 255 may include analog and digital radio systems such as are used in cellular telephones. The communication system 255 may include a data or voice connector 260 for communicating with the modulator/demodulator 250 and standard wireless communication electronics 265 for use in portable devices and telephony applications. Additionally, the device 110 includes other various components 270 that control standard operation of the device 110. The various electronic components of the verification system 200 may be configured on a PC card or any suitable device.
The verification server 125 may include one or more general-purpose computers (for example, personal computers), one or more special-purpose computers (for example, . devices specifically programmed to communicate with each other), or a combination of one or more general-purpose computers and one or more special-purpose computers. The verification server 125 may be arranged to operate within or in concert with one or more other systems, such as for example, one or more Local Area Networks (LANs) and/or one or more Wide Area Networks (WANs). The verification server 125 is generally capable of executing instructions under the command of a verification controller (not shown), which may be connected to the verification server by a wired or wireless data pathway capable of delivering data. In general, the verification server 125 performs the user identity verification that will be used by the transaction device 105 to grant access of a transaction to the user.
Referring also to Figs. 3 and 4, in one implementation, the portable device 110 may be a cellular telephone 300 that includes a telephone body 302 and a battery compartment 304. The battery compartment 304 contains the batteries used to power the cellular telephone. To facilitate fingerprint identity verification, the fingerprint reader
205 may be molded into an adapted battery component 410 that attaches to the telephone body 302 and fits within the battery compartment 304.
An externally- accessible data connector 306 may protrude into the battery compartment 304. In this case, the adapted battery component 410 may interface with the data connector 306 through a matching connector. In another design, the adapted battery component 410 may include a cable lead and a mating connector that connects into the data connector 306.
In some designs, a battery is also molded into the adapted battery component 410. In other designs, a battery is secured by the adapted battery component 410 into the battery compartment 304 of the telephone body 302. In any case, no modifications to the body 302 are required using the adapted battery component 410. Moreover, no approval (for example, FCC) is required to gain regulatory acceptance. Users may purchase the adapted battery component 410 to upgrade their existing cellular telephone to provide mobile identity verification at any time. The adapted battery component 410 may be formed of any material suitable for use in the cellular telephone. For example, the adapted battery component 410 may be made from a non-conductive material using a variety of known techniques, such as a strong thermoplastic (for example, acrylonitrile-butadiene-styrene (ABS)) that may be injection molded or compression molded. Accordingly, the fingerprint reader 205 may be integrally formed with the battery component 410, during injection molding. The battery component 410 may also be formed, for example, from a lightweight metal having an electrically non-conductive coating. Specific dimensions of the battery component 410 depend on the size of the cellular telephone 300.
Referring also to Fig. 5, in one implementation, the adapted battery component 410 is formed using a production procedure 500 such as injection molding. The fingerprint reader is inserted and appropriately positioned into a mold cavity shaped like the battery component (step 505). Other components such as a battery and wires are inserted and positioned into the mold cavity (step 510). A prepared material such as a plastic resin or a polymer is injected under pressure into the mold cavity to encapsulate the fingerprint reader and the other positioned components (step 515). The prepared and injected material is permitted to solidify to form the adapted battery component (step 520) and the mold cavity is subsequently removed (step 525). The adapted battery component
may then be integrated into the battery compartment of, for example, a cellular telephone- Typically, the user programs a personal identification number (PIN) into the portable device 110 immediately after purchase of the portable device 110. This PIN is also stored, for example, into the memory of the fingerprint reader of the portable device 110 for future transmission and reference.
Referring to Figs. 6 and 7, the system 100 performs a procedure 600 for mobile identity verification. Initially, the transaction server 115 receives from a user at the transaction device 105 a request to access a verification-enabled transaction (step 605). For example, the user may access a web site that is enabled for biometric verification. Next, the transaction server 115 receives a user identifier (step 610). For example, the user may enter a user ID and then press a "verify" button at a web site instead of entering a password.
The transaction server 115 sends the user identifier to the verification server 125 (step 615). Upon receipt of the user identifier (step 620), the verification server 125 generates and sends an access identifier (for example, a randomly-generated multi-digit token) to the transaction server 115 (step 625). Upon receipt of the access identifier, the transaction server 115 presents the access identifier to the user at the transaction device 105 and requests that the user enter this access identifier when subsequently verifying her identity (step 630).
Next, the portable device 110 receives a user initiation to access the verification server 125 (step 635). For example, a user initiation may include the user pressing a speed dial button on her cellular telephone to access the verification server. The verification server 125 receives the initiation, initiates a connection by establishing a communication channel with the portable device 110 (step 637). The verification server prompts the user to enter her access identifier into the portable device 110 (step 640). For example, if the portable device 110 is a cellular telephone, the verification server 125 may prompt the user by playing a recorded message. Once the connection is established, then subsequent transmission to and from the portable device 110 will rely on transmission through the data connector 306. For example, transmitted information through an analog data connector 306 may include audible frequency shift or phase shift keyed analog modem signals. In this case, the user of the portable device 110 may be required to initiate a connection to an analog modem at the verification server. Transmitted
information through a digital data connector 306 is binary in form and presented in serial data packets. Once the connection is established, the verification system takes over operation of the portable device 110.
In another implementation in which the portable device 110 transmits digital information, the verification system of the portable device 110 may be able to initiate the call directly at step 635 using cellular digital packet data (CDPD) protocol over an analog or digital cellular network (or using GSM digital protocol outside the United States). In any case, the amount of information that will be carried through the established communication channel is about 1 kilobyte (kB). Even at moderate data transmission speeds (for example, 9600 bps) that typically characterize wireless communication, the 1 kB payload may be uploaded in about less than 10 seconds of data transmission time. The portable device 110 receives the access identifier from the user (who has entered the access identifier) and forwards this access identifier to the verification server 125 over the established communication channel (step 645). Upon receipt of the access identifier (step 650), the verification server 125 determines if the received access identifier is valid (step 655). If the access identifier is not valid (step 655), the verification server 125 may continue to prompt the user to enter a coπect access identifier for a predetermined number of times (step 640). If the access identifier is valid (step 655), the verification server 125 forwards a signal through the established communication channel to the portable device 110 to prompt the user to verify her identity (step 660). Next, the portable device 110 receives user verification input (step 662) and subsequently performs a verification procedure (step 665). As shown in Fig. 7, if the identity verification is fingerprint verification, the portable device 110 may perform a procedure 665 for verification. Initially, the portable device fingerprint reader images the finger (step 700). The portable device may then emit an acknowledgement tone to indicate a satisfactory image grab and extraction. Next, the fingerprint reader of the portable device converts the finger image into a verification signal such as a biometric template (step 705). The fingerprint reader then prepares the verification signal for subsequent transmission by, for example, compressing and encrypting the verification signal to reduce the likelihood of interception during transmission (step 710).
After the verification procedure is complete (step 665), the portable device 110 transmits the verification signal to the verification server 125 over the established communication channel (step 670). The verification server 125 receives and processes
the verification signal (step 675). For example, if the verification signal has been compressed and/or encrypted by the portable device 110, the verification server 125 decompresses and/or decrypts the verification signal at step 675.
The verification server 125 determines if the verification signal is a valid signal by comparing the verification signal against a pre-established enrollment template for that particular user (step 680). If the verification signal is valid (step 680), then the user's identity has been successfully verified and the verification server 125 may notify the user as such (step 685). For example, notification may include the verification server 125 disconnecting its direct connection with the portable device 110. Otherwise, if the verification signal is not valid (step 680), the verification server 125 prompts the user to try again (step 660) until a predetermined retry limit is exhausted.
The verification server 125 sends an acknowledgement of positive verification of the user's identity for that access identifier to the transaction server 115 (step 690). When the transaction server 115 receives the positive verification acknowledgement, the transaction server 115 grants to the user access of the transaction (step 695). For example, if the transaction server is a host server of a web site, the user would be able to login to and access that web site.
A number of embodiments of the invention have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention.
The identity verification may include other forms of biometric verification such as, for example, speech recognition, which would require no modification to the portable device. In this case, all of the modifications would be programmed at the verification server of the system 100. Another form of biometric identification that may be implemented is a cornea or iris scan.
Fingerprint identity verification may be used to surreptitiously indicate duress. For example, the verification server may include several templates for a user, each template indicating a user's intentions. One of those templates may coπespond to an alternate finger that a user would only use when faced with an emergency. In this way, the verification server may record the duress transaction and/or place an emergency call to proper authorities. This feature would provide added security, safety, and peace of mind for the user.
A duress indicator may not be as easy to implement using speech recognition. However, a duress indicator may be implemented through a user modification of the user's PIN or a user modification of an access identifier. For example, the user may add an extra digit (that may be predefined) to one of these identifiers to indicate duress. In some transactions, such as credit card or telephone transactions, the transaction server may be implemented as an operator associated with the transaction device 105, which may be a telephone. The operator performs many of the operations of the transaction server 115, including requesting an access identifier from the verification server 125. The operator communicates with the user who is requesting a transaction from the portable device 110. The operator at the transaction device may open up an extra line using a conference mode of the telephone to dial in to the verification server 125 simultaneously with communication with the user. The verification server 125 answers as if the user had initiated the call and performs an audio dialogue. When the verification server requests the identity verification to be performed, the user presses their finger against the finger print reader, activating the mobile identity verification function. The portable device captures the fingerprint image, extracts the template, encodes the data (using an encryption scheme), establishes a modem link to the verification server (which is awaiting the modem's communication), and transmits the template. The verification server reports sucessful verification or requests a retry. If successful, the verification server forwards verification to the transaction server. The operator breaks the connection to the conference, hanging up on the verification server line, while remaining connected to the user. In this way, the user performs a verification transaction while still online with the assisting operator.
The adapted battery component 410 maybe designed to provide space for marketing information so that the user of a mobile identity verification device 110 is simultaneously promoting the product to others. The adapted battery component 410 may be migrated to other cellular telephones of the same style and type as the original cellular telephone that was upgraded. Therefore, the user need not purchase a new adapted battery component every time she buys a new cellular telephone. Accordingly, other embodiments are within the scope of the following claims.
Claims
What is claimed is:
L A method performed at a verification server of verifying an identity of a user attempting to access a transaction hosted by a transaction server, the method comprising: receiving a biometric signal from a verification system that is housed in a portable device and that is separate from the transaction server and the verification server; validating the received biometric signal; and sending acknowledgement of validation to the transaction server; wherein the received biometric signal includes information relating to the user's identity that was obtained using biometric verification.
2. The method of claim 1 further comprising receiving a user identifier from the transaction server and generating an access identifier in response to the received user identifier.
3. The method of claim 2 further comprising sending the access identifier to the transaction server for presentation to the user and prompting a user to enter the access identifier.
4. The method of claim 3 further comprising: receiving the access identifier from the user; validating the received access identifier; and prompting the user to produce the biometric signal by performing a verification action.
5. The method of claim 4 wherein validating the received access identifier includes determining if the received access identifier corresponds to the generated access identifier.
6. The method of claim 1 wherein validating the received biometric signal includes determining if the received biometric signal corresponds to a predetermined biometric template for the user.
7. The method of claim 1 wherein receiving a biometric signal includes receiving a biometric signal transmitted through a wireless channel.
8. The method of claim 1 wherein receiving a biometric signal includes receiving information relating to a physical feature of the user.
9. The method of claim 1 wherein the portable device is a cellular telephone.
10. The method of claim 1 wherein the portable device is a personal digital assistant.
11. A system for verifying an identity of a user attempting to access a transaction hosted by a transaction server, the system comprising: a device separate from the transaction server and carried by the user, the device including a verification system; a verification server separate from the transaction server and the device, the verification server comprising: a processor having a communication link that transmits content to and from the user device and to and from the transaction server; and memory storing instructions performed by the processor (i) to receive a biometric signal from the verification system; (ii) to validate the received biometric signal; and (iii) to send acknowledgement of validation to the fransaction server; wherein the received biometric signal includes information relating to the user's identity that was obtained using biometric verification.
12. The system of claim 11 wherein the verification system comprises: an imager, a processor, and memory that stores instructions performed by the verification system processor (i) to image a finger; (ii) to convert the finger image into a biometric template; and (iii) to prepare the biometric template for subsequent transmission.
13. The system of claim 11 wherein the transaction server comprises: a processor having a communication link that transmits content to and from the user device and to and from the verification server; memory storing instructions performed by the transaction server processor (i) to receive a user request to access the transaction; (ii) to receive a user identifier; (iii) to send the user identifier to the verification server; (iv) to receive an access identifier from the verification server; (v) to present the access identifier to the portable device; (vi) to receive acknowledgement verifying the user identity from the verification server; and (vii) to grant the user access to the transaction.
14. A system for converting a portable device into a portable verification device, the system comprising: a body that houses components needed to perform a first function of the portable device; a compartment in the body of the portable device to store an energy source to power the housed components of the portable device; and an adapted compartment into which a fingerprint reader is encapsulated; wherein the adapted compartment fits in the compartment of the portable device to convert the portable device into a portable verification device that performs the first function and a second verification function.
15. The system of claim 14 wherein the portable device is a cellular telephone.
16. The system of claim 14 wherein the compartment includes a battery pack.
17. The system of claim 14 wherein the adapted compartment includes a battery pack.
18. The system of claim 14 wherein the fingerprint reader includes: an imager, a processor, and memory that stores instructions performed by the processor (i) to image a finger, (ii) to convert the finger image into a biometric template, and (iii) to prepare the biometric template for transmission.
19. A method of converting a portable device into a portable verification device, the method comprising: forming a mold cavity shaped like a compartment in a body of the portable device to store an energy source to power elements needed to perform a first function of of the portable device; inserting a fingerprint reader into the mold cavity; injecting a material into the mold cavity to encapsulate the fingerprint reader; permitting the injected material to solidify to form an adapted compartment; and attaching the adapted compartment to the portable device to convert the portable device into a portable verification device that performs the first function and a verification function.
20. The method of claim 19 wherein the portable device is a cellular telephone and the compartment includes a battery pack.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US85888701A | 2001-05-17 | 2001-05-17 | |
US09/858,887 | 2001-05-17 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002095589A1 true WO2002095589A1 (en) | 2002-11-28 |
Family
ID=25329432
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2002/015843 WO2002095589A1 (en) | 2001-05-17 | 2002-05-17 | Mobile identity verification |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2002095589A1 (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005055026A1 (en) * | 2003-11-26 | 2005-06-16 | Citrix Systems, Inc. | Methods and apparatus for remote authentication in a server-based computing system |
EP1661298A1 (en) * | 2003-08-13 | 2006-05-31 | Securicom (Nsw) Pty Ltd | Remote entry system |
EP1592194B1 (en) * | 2004-04-30 | 2008-02-20 | Research In Motion Limited | Wireless communication device with duress password protection and related method |
US7512567B2 (en) | 2006-06-29 | 2009-03-31 | Yt Acquisition Corporation | Method and system for providing biometric authentication at a point-of-sale via a mobile device |
US8503974B2 (en) | 2004-04-30 | 2013-08-06 | Research In Motion Limited | Wireless communication device with password protection and related method |
US8517254B1 (en) | 2002-05-17 | 2013-08-27 | Joseph J. Cipriano | Identification verification system and method |
US20150012435A1 (en) * | 2013-07-08 | 2015-01-08 | Bharathi Ramavarjula | Bank account number validation |
EP2875477A4 (en) * | 2012-07-20 | 2015-12-09 | Intel Corp | Techniques for out-of-band transaction verification |
WO2018151822A1 (en) * | 2017-02-17 | 2018-08-23 | Richard Huffman | Universal digital identity authentication service |
US10127443B2 (en) | 2004-11-09 | 2018-11-13 | Intellicheck Mobilisa, Inc. | System and method for comparing documents |
US10373409B2 (en) | 2014-10-31 | 2019-08-06 | Intellicheck, Inc. | Identification scan in compliance with jurisdictional or other rules |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5915973A (en) * | 1997-03-11 | 1999-06-29 | Sylvan Learning Systems, Inc. | System for administration of remotely-proctored, secure examinations and methods therefor |
US6040783A (en) * | 1995-05-08 | 2000-03-21 | Image Data, Llc | System and method for remote, wireless positive identity verification |
-
2002
- 2002-05-17 WO PCT/US2002/015843 patent/WO2002095589A1/en not_active Application Discontinuation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6040783A (en) * | 1995-05-08 | 2000-03-21 | Image Data, Llc | System and method for remote, wireless positive identity verification |
US5915973A (en) * | 1997-03-11 | 1999-06-29 | Sylvan Learning Systems, Inc. | System for administration of remotely-proctored, secure examinations and methods therefor |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8517254B1 (en) | 2002-05-17 | 2013-08-27 | Joseph J. Cipriano | Identification verification system and method |
US11232670B2 (en) | 2002-05-17 | 2022-01-25 | Intellicheck, Inc. | Identification verification system |
US10726656B2 (en) | 2002-05-17 | 2020-07-28 | Intellicheck, Inc. | Identification verification system |
US10297100B1 (en) | 2002-05-17 | 2019-05-21 | Intellicheck Mobilisa, Inc. | Identification verification system |
US9245157B1 (en) | 2002-05-17 | 2016-01-26 | Intellicheck Mobilisa, Inc. | Identification verification system |
AU2009201293B2 (en) * | 2003-08-13 | 2012-09-27 | Cpc Patent Technologies Pty Ltd | Remote entry system |
EP1661298A4 (en) * | 2003-08-13 | 2009-11-04 | Securicom Nsw Pty Ltd | Remote entry system |
EP2903203A1 (en) * | 2003-08-13 | 2015-08-05 | Microlatch Limited | Remote entry system |
US9269208B2 (en) | 2003-08-13 | 2016-02-23 | Securicom (Nsw) Pty Ltd | Remote entry system |
EP1661298A1 (en) * | 2003-08-13 | 2006-05-31 | Securicom (Nsw) Pty Ltd | Remote entry system |
WO2005055026A1 (en) * | 2003-11-26 | 2005-06-16 | Citrix Systems, Inc. | Methods and apparatus for remote authentication in a server-based computing system |
WO2005055025A1 (en) * | 2003-11-26 | 2005-06-16 | Citrix Systems, Inc. | Methods and apparatus for remote authentication in a server-based |
US8503974B2 (en) | 2004-04-30 | 2013-08-06 | Research In Motion Limited | Wireless communication device with password protection and related method |
EP1592194B1 (en) * | 2004-04-30 | 2008-02-20 | Research In Motion Limited | Wireless communication device with duress password protection and related method |
US10643068B2 (en) | 2004-11-09 | 2020-05-05 | Intellicheck, Inc. | Systems and methods for comparing documents |
US11531810B2 (en) | 2004-11-09 | 2022-12-20 | Intellicheck, Inc. | Systems and methods for comparing documents |
US10127443B2 (en) | 2004-11-09 | 2018-11-13 | Intellicheck Mobilisa, Inc. | System and method for comparing documents |
US7512567B2 (en) | 2006-06-29 | 2009-03-31 | Yt Acquisition Corporation | Method and system for providing biometric authentication at a point-of-sale via a mobile device |
EP2875477A4 (en) * | 2012-07-20 | 2015-12-09 | Intel Corp | Techniques for out-of-band transaction verification |
US10769638B2 (en) | 2013-07-08 | 2020-09-08 | Visa International Service Association | Bank account number validation |
US9846879B2 (en) * | 2013-07-08 | 2017-12-19 | Visa International Service Association | Bank account number validation |
US20150012435A1 (en) * | 2013-07-08 | 2015-01-08 | Bharathi Ramavarjula | Bank account number validation |
US10373409B2 (en) | 2014-10-31 | 2019-08-06 | Intellicheck, Inc. | Identification scan in compliance with jurisdictional or other rules |
WO2018151822A1 (en) * | 2017-02-17 | 2018-08-23 | Richard Huffman | Universal digital identity authentication service |
US11095643B2 (en) | 2017-02-17 | 2021-08-17 | Fidelity Information Services, Llc | Universal digital identity authentication service |
US11652820B2 (en) | 2017-02-17 | 2023-05-16 | Fidelity Information Services, Llc | Universal digital identity authentication service |
US12074872B2 (en) | 2017-02-17 | 2024-08-27 | Fidelity Information Services, Llc | Universal digital identity authentication service |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2102778B1 (en) | Method and arrangement for secure user authentication based on a biometric data detection device | |
EP2397972B1 (en) | Smart card with microphone | |
US6615171B1 (en) | Portable acoustic interface for remote access to automatic speech/speaker recognition server | |
WO2015070799A1 (en) | Instruction information transmission and reception methods and devices thereof | |
EP4333554A2 (en) | Authentication method | |
KR101436760B1 (en) | Communication Terminal of Pairing a Bluetooth and Method of the Same | |
WO2002095589A1 (en) | Mobile identity verification | |
WO2007109989A1 (en) | A nasal bone conduction living body voiceprint identifying device | |
CN105407070A (en) | Logging-in authorization method and device | |
US20060149971A1 (en) | Apparatus, method, and system to determine identity and location of a user with an acoustic signal generator coupled into a user-authenticating fingerprint sensor | |
EP2774401B1 (en) | Device for mobile communication | |
CN111586074B (en) | Communication method, server, Internet of things system and readable storage medium | |
WO2015070800A1 (en) | Method and device for transmitting and receiving instruction information | |
KR100971443B1 (en) | Recognition system and method using mobile communication terminal | |
CN101443722A (en) | Wireless telecommunication device with output control function and transaction authentication system using the same | |
CN109960910B (en) | Voice processing method, device, storage medium and terminal equipment | |
KR20180130940A (en) | Vehicle control through voice identification | |
CN112333178B (en) | Vehicle sharing method, device, terminal equipment and storage medium | |
KR20170142983A (en) | Method for Providing Appointed Service by using Biometric Information | |
KR20050014052A (en) | Mobile Devices and Method for Certificating Biometric Information by Using It | |
KR102243016B1 (en) | Automatic service provision method using biometric information | |
CN111506887A (en) | Wireless earphone and task right-limiting starting method implemented by communication terminal | |
CN212749936U (en) | Multifunctional watch and multifunctional wearable equipment | |
CN215910895U (en) | Encryption security authentication device and system | |
KR20040037449A (en) | A Mobile Fingerprint Key And A Verification System using thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU CA JP KR |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |