Registers – Systems controlled by data bearing records – Banking systems
Reexamination Certificate
1999-05-28
2001-08-07
Frech, Karl D. (Department: 2876)
Registers
Systems controlled by data bearing records
Banking systems
C235S380000, C380S029000, C705S035000
Reexamination Certificate
active
06270011
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to credit card purchase authorization systems, and more particularly, to a secure system for authorizing credit card purchasing transactions at the point-of-sale or over the Internet, utilizing fingerprint information to significantly enhance the level of security by authenticating the identity of the card user, to insure that this is also the card owner.
BACKGROUND OF THE INVENTION
Remote banking operations, product purchasing transactions and other electronic authentication procedures performed through the telephone network, Internet data network, or other communication media require a high level of security that is not fully achieved with existing equipment and techniques.
Credit card purchasing in point-of-sale systems is not completely safe and the system is exposed to computer hackers and other fraudulent activities. Credit card identification fraud is very common and very costly. Credit card companies report spending hundreds of millions of dollars every year because of this problem.
In existing credit card security systems, heavy reliance is placed on the possession of the card itself and identification numbers that the user must protect and remember. These identification techniques lead to problems if the card is stolen and the identification number is copied or forgotten. Those numbers are sent through the communcation media with limited security or certainty that the purchase is being made by the right person, who legally posseses the card and is authorized to use it.
Futhermore, at regular point-of-sale locations in stores where credit card are routinely used for purchasing transactions, the authentication techniques are very limited and there are many instances of card forgery costing credit card companies millions of dollars. Typically in these systems, the credit card is read at the point-of-sale and the purchase information is communicated by a modem using a standard V.32 protocol over the telephone lines to a Credit Card Center, which has a database. The database analyzes the transaction and send a reply which allows for the transaction to be completed by acknowledging the credit card and authorizing the transaction.
As mentioned above, the telephone line authorization procedure may be interfered with, and this would leave the point-of-sale vulnerable to fraudulent activities.
In U.S. Pat. No. 5,513,272 to Bogosian, there is disclosed a system for verifying the authorized user of a credit card having a fingerprint of the card owner stored on the information strip of the card. The card user provides his fingerprint via a scanning device, and the information is compared with the owner's stored fingerprint on the card and with a database-stored owner fingerprint, by communications employing an encryption technique-between the fingerprint scanner and the database. In addition and prior to this, as part of a required procedure, the card's information strip is read, and the card itself is scanned to obtain a digital numeric sequence representing the surface of the card, and this is also compared with a database-stored card image surface. An additional comparison is made of a photograph of the card owner and a database-stored photograph. Voice recognition and retinal scanning may also be used to increase the level of verification.
The system described in the Bogosian patent is overly complicated, time consuming and costly, requiring several layers of verification for cross-checking beginning with reading the card, scanning of the card image and the fingerprint, with optional voice recognition, retinal scanning and photographic scanning. The encryption techniques are described at the level used for automatic bank teller machines, which are simplified protocols not involving the use of token keys. The patent does not describe the use of existing communications for credit card authorization via a modem.
In addition, use of the card information strip for storage of the card owner's fingerprint data presents the risk of a breach in security, if the card is lost or stolen, since the fingerprint data is available right on the card. The fingerprint scanning technology available when the Bogosian patent was filed in 1994 used an optical reader with complex optics, which is not very accurate and requires a very long time to process fingerprint data.
The current practice used for purchases over the Internet is also subject to fraudulent activities, since it depends on a similar approach to that of the point-of-sale purchase, beginning with the user PC sending credit card information to the website offering the sale. The information is then sent to the credit card company database for authorization, and the reply allows completion of the transaction by acknowledging the credit card and authorizing the transaction, or refusing authorization.
The entire purchase transaction can be encrypted or not according to the country or company, using a private or public encryption key. The user may also provide a password or user ID, but if the key or password is discovered by another, it can be used for non-legitimate purchases, and fraudulent activities.
Therefore, it would be desirable to provide a method of enhancing the security of credit card transactions conducted via point-of-sale or Internet purchase authorization systems, to eliminate the potential for fraudulent activities by verifying the identity of user of the card, and to avoid use of stolen credit cards by others.
It would also be desirable to protect the communications between the point-of-sale system and the credit card database, or between the user and the credit card database in the case of Internet purchases, so that no interference is possible.
SUMMARY OF THE INVENTION
Accordingly, it is a principal object of the present invention to overcome the disadvantages associated with existing credit card authentication systems and provide a an ultimate remote authentication system (URAS) which is a method for providing secure transactions with credit cards by adding a fingerprint scanner at the point-of-sale to obtain fingerprint data, so that the credit card company database can verify the fingerprint data against stored fingerprint information and verify the transaction accordingly. The URAS is integrated into the existing negotiation protocol between a point-of-sale system and a credit card company database.
In accordance with a preferred embodiment of the present invention, there is provided a method for remote credit card authentication comprising the steps of:
initiating a purchase transaction in which a purchaser provides credit card information from a purchaser location;
communicating said credit card information to a credit card database;
requesting provision of personal information associated with said purchaser;
obtaining said personal information, including at least one fingerprint, from the purchaser at said purchaser location;
communicating said personal information to said credit card database;
processing said personal information in said credit card database to match it with said credit card information; and
providing an authorization message to said purchaser location for completion of said purchase transaction.
The URAS operation is based on use of a human fingerprint and a secure algorithm for identifying the operation through the transmission media. The credit card company will have on the existing database, the customer fingerprint and at the point-of-sale a fingerprint scanner will be used. The existing credit card operation will be as usual and the fingerprint data will thus be added to it. The URAS uses the customer fingerprint data and the secure algorithm to authenticate and secure the operation via the communication media while making a point-of-sale purchase.
In the case of an Internet purchase, the inventive URAS incorporates an authorization adaptor connected to the user PC, and once the user has made the purchase request, the credit card company is contacted for an authorization. An encrypted communication is then commenced in wh
Cyr Daniel St.
Edward Langer, Pat. Atty.
Frech Karl D.
Tal Benenson
LandOfFree
Remote credit card authentication system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Remote credit card authentication system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Remote credit card authentication system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2481573