WO2007003939A2 - A method of and a system for authentication - Google Patents

A method of and a system for authentication Download PDF

Info

Publication number
WO2007003939A2
WO2007003939A2 PCT/GB2006/002476 GB2006002476W WO2007003939A2 WO 2007003939 A2 WO2007003939 A2 WO 2007003939A2 GB 2006002476 W GB2006002476 W GB 2006002476W WO 2007003939 A2 WO2007003939 A2 WO 2007003939A2
Authority
WO
WIPO (PCT)
Prior art keywords
data set
authentication device
user authentication
user
transaction
Prior art date
Application number
PCT/GB2006/002476
Other languages
French (fr)
Other versions
WO2007003939A3 (en
Inventor
Christopher Knowles
John Murphy
Brian O'connor
Edward John Butters
Original Assignee
Christopher Knowles
John Murphy
Brian O'connor
Edward John Butters
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Christopher Knowles, John Murphy, Brian O'connor, Edward John Butters filed Critical Christopher Knowles
Publication of WO2007003939A2 publication Critical patent/WO2007003939A2/en
Publication of WO2007003939A3 publication Critical patent/WO2007003939A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code

Definitions

  • the invention relates to a method of and a system for authentication, and especially (but not solely) for authentication of a transaction, such as a bank card or credit card transaction.
  • PIN personal identification number
  • a method of authentication comprising providing a first data set stored on a user authentication device and a second data set stored on a central database, selecting a portion of the first data set and reading the portion of the first data set from the user authentication device, comparing the portion of the first data set with the second data set, and authenticating the user authentication device if the selected portion of the first data set matches a portion of the second data set.
  • a system for authentication comprising a number of user authentication devices, a central processor and a number of user authentication device readers coupled to the central processor, each user authentication device having a first data set stored thereon and the central processor having a number of second data sets stored thereon, wherein each first data set stored on a user authentication device corresponds to a second data set stored on the central computer, and when a user authentication device is read by an authentication device reader, a portion of the first data set is selected and compared with a second data set, and the computer authenticating the user authentication device if the portion of the first data set matches a portion of the second data set corresponding to the read user authentication device.
  • the method further comprises tagging the matched portion of the second data set.
  • the user authentication device is only authenticated if the selected portion of the first data set matches a non-tagged portion of the second data set.
  • the first and second data sets are a digitised image, and preferably, a watermarked digitised image.
  • the digitised image may be an image of a user associated with the user authentication device.
  • the digitized image may be, for example, a digitised photograph of any subject matter or a digitized image of any subject matter such as a printed page of text.
  • the portion of the first data set is selected pseudo randomly.
  • the selected portion of the first data set may be transferred from the user authentication device to a transaction device and the device reader reads the selected portion of the first data set from the transaction device and transmits the read selected portion of the first data set to the central computer for comparison with the second data set.
  • the method of and system for authentication may be for authentication of a transaction.
  • the method of and system of authentication may be used to authenticate a user and this could be used for any security identification purposes, for example, for access to a secure area, for passport identification or cheque validation.
  • Figure 1 is a schematic view of a portion of a system for authenticating a
  • Figure 2 is a perspective view of an electronic wallet for use with the system shown in Figure 1 with a transaction card inserted into the electronic wallet.
  • FIG 1 shows an authentication system I which includes a retailer card reader 1 , an automatic teller machine (ATM) 2, transaction card 3, a users mobile phone 4 and a user's electronic wallet 5.
  • ATM automatic teller machine
  • FIG 2 shows the electronic wallet 5 in more detail. As can be seen from Figure 2, it is in the form of a calculator type device with an alphanumeric keypad 11 , an LCD screen 12 and a solar panel 13.
  • the solar panel 13 is used to provide power to the wallet 5 and the wallet 5 can partially powered by the solar panel 13 or wholly powered by the solar panel 13. If the wallet is only partially powered by the solar panel 13, the remaining power could be supplied by batteries of by a mains electricity supply, typically through an adapter.
  • the wallet 5 is provided with an infrared port 14 and in addition, or alternatively, may include other wireless communication devices, such as Bluetooth.
  • the wallet also includes a card port 15 to permit a transaction card 3 or other data card to be inserted into the wallet 5 and to communicate with the wallet 5.
  • the wallet also includes a processor and memory device (not shown).
  • a data set is stored in the user's mobile phone 4 or electronic wallet 5.
  • An identical data set is stored with a transaction authentication organisation that operates a central computer 6.
  • the data set is a watermarked digitised photograph.
  • the photograph may be supplied by a user to a bank or credit card authority with an application for an account or an application to have a wallet 5.
  • the photograph is then digitised and one copy of the digitised photograph forms the data set stored in the central computer 6 and an other copy of the digitised photograph forms the data set stored in the electronic wallet before it is issued to a user.
  • the user may already have an electronic wallet 5 or obtain an electronic wallet independently from the bank or credit card authority.
  • the account details and data set may be sent to a user loaded onto a smart card, magnetic strip card or any other suitable data card.
  • the smart card, magnetic strip card or other suitable data card can be inserted into the port 15 to transfer the account details and data set to the electronic wallet 15. Transfer of the data from the card to the wallet 5 may require a PIN, which would typically, be sent to a user separately from the card.
  • the central computer 6 is coupled, typically by land lines 7, to a number of ATMs 2 (only one shown).
  • the central computer 6 is also coupled, typically by land lines 7, to a network of retailers' transaction equipment 1 (only one shown) via a card issuer's computer server 8 and a transaction server 9 that obtains authentication for the transaction for the transaction equipment 1.
  • a card issuer's computer server 8 and a transaction server 9 that obtains authentication for the transaction for the transaction equipment 1.
  • the transaction server and card issuer's server may be the same server.
  • the user When a user wishes to perform a transaction, such as withdrawing cash from the ATM 2 or buying goods at a retailer, the user first accesses the mobile phone 4 or wallet 5. Typically, the access would be controlled by a PIN known only to the user. After selecting the relevant account (if there is more than one account stored in the phone 4 or wallet 5) the user may then download a portion of the data from the data set on his mobile phone 4 or electronic wallet 5 to a transaction card 3. Therefore, the transaction card 3 only stores the selected portion of the data set. Typically, the selected portion of the data set is selected pseudo-randomly by the electronic wallet 5 or mobile phone 4 in response to a request entered by the user.
  • the transaction card 3 can be used to perform a transaction by being inserted and read by the ATM 2 or the retailer's transaction equipment 1.
  • the selected portion of the data set on the transaction card 3 is transmitted by the ATM 2 or the transaction equipment I via the land line 7 to the central computer 6.
  • a portion of the data set may be manually transferred 10 to the retailer's transaction equipment 1 or the ATM 2.
  • the central computer 6 compares the selected portion of the data set with the corresponding data set for that user on the central computer 6 and if the selected portion of the data set from the user matches a portion of the data set stored on the computer 6 the computer 6 authenticates the transaction and sends an appropriate message back to the ATM 2 or the retailer's transaction equipment 1 to enable the transaction to proceed.
  • the portion of the data set stored on the computer that matched with the data set sent from the transaction card 3, is tagged by the computer to show that it has been used to authenticate a transaction.
  • the central computer 6 will detect that the portion of the user's data set transmitted to it has already been used to perform a transaction, by virtue of the tagging of the corresponding portion of the data set on the central computer 6, and the central computer 6 will reject the second transaction request.
  • the transaction card 3 If the user wishes to perform a further transaction, it is necessary for the transaction card 3 to be wiped or another transaction card 3 to be used to receive a second selected portion of the user's data set from the mobile phone 4 or the wallet 5. Alternatively, the second data set may be transmitted manually. This second selected data set can then be used to perform a second transaction, provided that it has not already been used to authenticate a previous transaction.
  • the electronic wallet 5 may be used to wipe the data on the transaction card 3.
  • the user may select the number of transactions permitted using the transaction card 3 over a predetermined time period, such as one day. This may be achieved by inserting the transaction card 3 into the port 15 and activating the wallet 5 to wipe the previously stored transaction data on the card 3.
  • a PIN may then be entered by the user using the alphanumeric keypad 11 on the electronic wallet 5, to initiate the transfer of new data to the card 3 through the wallet 5.
  • a request for the user to enter the number of desired transactions to be permitted either before the card needs to be reactivated and/or over the selected time period may be displayed on the LCD screen 12.
  • a code for the time period may then be requested by the wallet 5 through a message displayed on the LCD screen 12.
  • the user may then enter a selected code for use over the predetermined time period using the keypad 11.
  • the code may be, for example, a number of letters, numerals or a mixture of both and may be used in the predetermined time period when authentication of/for the card is required, for example in transactions.
  • the wallet 5 is then ready for use as described above.
  • the invention minimises the risk of data being skimmed from a transaction card and being used to perform transactions not authorised by the user, as the information sent to the central computer 6 to authenticate a transaction is only used once.
  • the invention also helps to protect retailers and card issuers from liability arising from unauthorised use.

Abstract

A system for authentication comprises a number of user authentication devices, a central processor and a number of user authentication device readers coupled to the central processor. Each user authentication device has a first data set stored thereon and the central processor has a number of second data sets stored thereon. Each first data set stored on a user authentication device corresponds to a second data set stored on the central computer, and, when a user authentication device is read by an authentication device reader, a portion of the first data set is selected and compared with a second data set. The computer authenticates the user authentication device if the portion of the first data set matches a portion of the second data set corresponding to the read user authentication device. There is also disclosed a method of authentication.

Description

A Method of and a System for Authentication
The invention relates to a method of and a system for authentication, and especially (but not solely) for authentication of a transaction, such as a bank card or credit card transaction.
Conventionally, authentication of a transaction, such as a bank card or credit card normally requires the card to be inserted into a card reader and a personal identification number (PIN) to be entered via a keypad by the user. The PIN entered by the user is then verified as the PIN corresponding to the card by either a central computer or by a semiconductor chip inside the card.
However, one of the problems with this conventional system is that the data that is compared (that is the PIN) is always the same, and this can result in an unauthorised transaction if a third party manages to obtain the PIN by an unauthorised means, such as by skimming the card. Unauthorised transactions can also occur when bank or credit cards are used to perform a transaction using a telephone or the Internet.
In accordance with a first aspect of the present invention, there is provided a method of authentication, the method comprising providing a first data set stored on a user authentication device and a second data set stored on a central database, selecting a portion of the first data set and reading the portion of the first data set from the user authentication device, comparing the portion of the first data set with the second data set, and authenticating the user authentication device if the selected portion of the first data set matches a portion of the second data set.
In accordance with a second aspect of the present invention, there is provided a system for authentication, the system comprising a number of user authentication devices, a central processor and a number of user authentication device readers coupled to the central processor, each user authentication device having a first data set stored thereon and the central processor having a number of second data sets stored thereon, wherein each first data set stored on a user authentication device corresponds to a second data set stored on the central computer, and when a user authentication device is read by an authentication device reader, a portion of the first data set is selected and compared with a second data set, and the computer authenticating the user authentication device if the portion of the first data set matches a portion of the second data set corresponding to the read user authentication device.
Preferably, the method further comprises tagging the matched portion of the second data set. Typically, the user authentication device is only authenticated if the selected portion of the first data set matches a non-tagged portion of the second data set.
Typically, the first and second data sets are a digitised image, and preferably, a watermarked digitised image. In one example of the invention, the digitised image may be an image of a user associated with the user authentication device. In other preferred embodiments, the digitized image may be, for example, a digitised photograph of any subject matter or a digitized image of any subject matter such as a printed page of text.
Preferably, the portion of the first data set is selected pseudo randomly.
In one example of the invention, the selected portion of the first data set may be transferred from the user authentication device to a transaction device and the device reader reads the selected portion of the first data set from the transaction device and transmits the read selected portion of the first data set to the central computer for comparison with the second data set.
Typically, the method of and system for authentication may be for authentication of a transaction. However, it is possible that the method of and system of authentication may be used to authenticate a user and this could be used for any security identification purposes, for example, for access to a secure area, for passport identification or cheque validation.
An example of a method of and a system for authentication will now be described with reference to the accompanying drawings in which:
Figure 1 is a schematic view of a portion of a system for authenticating a
transaction; and
Figure 2 is a perspective view of an electronic wallet for use with the system shown in Figure 1 with a transaction card inserted into the electronic wallet.
Figure 1 shows an authentication system I which includes a retailer card reader 1 , an automatic teller machine (ATM) 2, transaction card 3, a users mobile phone 4 and a user's electronic wallet 5.
Figure 2 shows the electronic wallet 5 in more detail. As can be seen from Figure 2, it is in the form of a calculator type device with an alphanumeric keypad 11 , an LCD screen 12 and a solar panel 13. The solar panel 13 is used to provide power to the wallet 5 and the wallet 5 can partially powered by the solar panel 13 or wholly powered by the solar panel 13. If the wallet is only partially powered by the solar panel 13, the remaining power could be supplied by batteries of by a mains electricity supply, typically through an adapter.
For communication with other devices, the wallet 5 is provided with an infrared port 14 and in addition, or alternatively, may include other wireless communication devices, such as Bluetooth. The wallet also includes a card port 15 to permit a transaction card 3 or other data card to be inserted into the wallet 5 and to communicate with the wallet 5. The wallet also includes a processor and memory device (not shown).
In use, a data set is stored in the user's mobile phone 4 or electronic wallet 5. An identical data set is stored with a transaction authentication organisation that operates a central computer 6. Typically, the data set is a watermarked digitised photograph. The photograph may be supplied by a user to a bank or credit card authority with an application for an account or an application to have a wallet 5. The photograph is then digitised and one copy of the digitised photograph forms the data set stored in the central computer 6 and an other copy of the digitised photograph forms the data set stored in the electronic wallet before it is issued to a user.
Alternatively, the user may already have an electronic wallet 5 or obtain an electronic wallet independently from the bank or credit card authority. In this case the account details and data set may be sent to a user loaded onto a smart card, magnetic strip card or any other suitable data card. The smart card, magnetic strip card or other suitable data card can be inserted into the port 15 to transfer the account details and data set to the electronic wallet 15. Transfer of the data from the card to the wallet 5 may require a PIN, which would typically, be sent to a user separately from the card.
By providing account details and the data set on a card so that they can be transferred to the wallet 5 enables more than one account to be stored on the electronic wallet 5.
The central computer 6 is coupled, typically by land lines 7, to a number of ATMs 2 (only one shown).
In addition, the central computer 6 is also coupled, typically by land lines 7, to a network of retailers' transaction equipment 1 (only one shown) via a card issuer's computer server 8 and a transaction server 9 that obtains authentication for the transaction for the transaction equipment 1. In certain instances, it is possible that the transaction server and card issuer's server may be the same server.
When a user wishes to perform a transaction, such as withdrawing cash from the ATM 2 or buying goods at a retailer, the user first accesses the mobile phone 4 or wallet 5. Typically, the access would be controlled by a PIN known only to the user. After selecting the relevant account (if there is more than one account stored in the phone 4 or wallet 5) the user may then download a portion of the data from the data set on his mobile phone 4 or electronic wallet 5 to a transaction card 3. Therefore, the transaction card 3 only stores the selected portion of the data set. Typically, the selected portion of the data set is selected pseudo-randomly by the electronic wallet 5 or mobile phone 4 in response to a request entered by the user.
After the selected portion of the data set is transferred to the transaction card 3, the transaction card 3 can be used to perform a transaction by being inserted and read by the ATM 2 or the retailer's transaction equipment 1. When the transaction card 3 is read, the selected portion of the data set on the transaction card 3 is transmitted by the ATM 2 or the transaction equipment I via the land line 7 to the central computer 6. Alternatively, a portion of the data set may be manually transferred 10 to the retailer's transaction equipment 1 or the ATM 2. The central computer 6 then compares the selected portion of the data set with the corresponding data set for that user on the central computer 6 and if the selected portion of the data set from the user matches a portion of the data set stored on the computer 6 the computer 6 authenticates the transaction and sends an appropriate message back to the ATM 2 or the retailer's transaction equipment 1 to enable the transaction to proceed.
In addition, the portion of the data set stored on the computer that matched with the data set sent from the transaction card 3, is tagged by the computer to show that it has been used to authenticate a transaction.
If subsequently, the transaction card 3 is used to perform a second transaction, the central computer 6 will detect that the portion of the user's data set transmitted to it has already been used to perform a transaction, by virtue of the tagging of the corresponding portion of the data set on the central computer 6, and the central computer 6 will reject the second transaction request.
If the user wishes to perform a further transaction, it is necessary for the transaction card 3 to be wiped or another transaction card 3 to be used to receive a second selected portion of the user's data set from the mobile phone 4 or the wallet 5. Alternatively, the second data set may be transmitted manually. This second selected data set can then be used to perform a second transaction, provided that it has not already been used to authenticate a previous transaction.
In a preferred embodiment, the electronic wallet 5 may be used to wipe the data on the transaction card 3. Also, in a further preferred embodiment, the user may select the number of transactions permitted using the transaction card 3 over a predetermined time period, such as one day. This may be achieved by inserting the transaction card 3 into the port 15 and activating the wallet 5 to wipe the previously stored transaction data on the card 3. A PIN may then be entered by the user using the alphanumeric keypad 11 on the electronic wallet 5, to initiate the transfer of new data to the card 3 through the wallet 5. A request for the user to enter the number of desired transactions to be permitted either before the card needs to be reactivated and/or over the selected time period may be displayed on the LCD screen 12. Once the user enters the desired number of transactions, a code for the time period may then be requested by the wallet 5 through a message displayed on the LCD screen 12. The user may then enter a selected code for use over the predetermined time period using the keypad 11. The code may be, for example, a number of letters, numerals or a mixture of both and may be used in the predetermined time period when authentication of/for the card is required, for example in transactions. The wallet 5 is then ready for use as described above.
Hence, the invention minimises the risk of data being skimmed from a transaction card and being used to perform transactions not authorised by the user, as the information sent to the central computer 6 to authenticate a transaction is only used once.
The invention also helps to protect retailers and card issuers from liability arising from unauthorised use.

Claims

Claims:
1. A method of authentication, the method comprising providing a first data set stored on a user authentication device and a second data set stored on a central database, selecting a portion of the first data set and reading the portion of the first data set from the user authentication device, comparing the portion of the first data set with the second data set, and authenticating the user authentication device if the selected portion of the first data set matches a portion of the second data set.
2. A method according to claim 1 , further comprising tagging the matched portion of the second data set.
3. A method according to any one of the preceding claims, wherein the step of authenticating comprises authenticating the user authentication device if the selected portion of the first data set matches a non-tagged portion of the second data set.
4. A method according to any one of the preceding claims, wherein the step of providing first and second data sets comprises providing one or more of a digitised image, a watermarked digitised image, a digitised image of a user associated with the user authentication device, a digitised photograph, and/or a digitized image of a printed page of text.
5. A method according to any one of the preceding claims, wherein the step of selecting a portion of the first data set is pseudo random.
6. A method according to any one of the preceding claims, further comprising transferring the selected portion of the first data set from the user authentication device to a transaction device, reading the selected portion of the first data set from the transaction device, and transmitting the read selected portion of the first data set to a central computer for comparison with the second data set.
7. A method according to any one of the preceding claims, further activating the user authentication device for operation in processing a predetermined number of authentications.
8. A method according to claim 7, wherein the step of activating the user authentication device further comprises activating the device for a predetermined number of authentications over a predetermined time period.
9. A method according to any one of the preceding claims, further comprising receiving a user code entered by a user through a user interface for use over a predetermined time period to permit authentication during said predetermined time period.
10. A method according to claim 9, wherein the user code comprises a number of letters and/or a number of numerals.
11. A system for authentication, the system comprising a number of user authentication devices, a central processor and a number of user authentication device readers coupled to the central processor, each user authentication device having a first data set stored thereon and the central processor having a number of second data sets stored thereon, wherein each first data set stored on a user authentication device corresponds to a second data set stored on the central computer, and when a user authentication device is read by an authentication device reader, a portion of the first data set is selected and compared with a second data set, and the computer being arranged to authenticate the user authentication device if the portion of the first data set matches a portion of the second data set corresponding to the read user authentication device.
12. A system according to claim 11 wherein the matched portion of the second data set is tagged.
13. A system according to any one of claims 11 or 12, wherein the computer is arranged to authenticate the user authentication device if the selected portion of the first data set matches a non-tagged portion of the second data
set.
14. A system according to any one of claims 11 to 13, wherein the first and second data sets comprise one or more of a digitised image, a watermarked > digitised image, a digitised image of a user associated with the user authentication device, a digitised photograph, and/or a digitized image of a printed page of text.
15. A system according to any one of claims 11 to 14, wherein the portion of the first data set is selected pseudo randomly.
16. A system according to any one of claims 11 to 15, wherein the user authentication device is further arranged to transfer the selected portion of the first data set to a transaction device, wherein the device reader is arranged to read the selected portion of the first data set received from the transaction device and is arranged to transmit the read selected portion of the first data set to the central processor for comparison with the second data set.
17. A system according to any one of claims 11 to 16, further comprising means for activating the user authentication device for operation in processing a predetermined number of authentications.
18. A system according to claim 17, wherein the means for activating the user authentication device is further arranged to activate the device for a predetermined number of authentications over a predetermined time period.
19. A system according to any one of claims 11 to 18, further comprising a user interface arranged to receive a user code for use over a predetermined time period to permit authentication during said predetermined time period.
20. A system according to claim 19, wherein the user code comprises a number of letters and/or a number of numerals.
21. A method of authentication substantially as hereinbefore described with reference to any one embodiment as that embodiment is illustrated in the drawings.
22. A system of authentication substantially as hereinbefore described with reference to any one embodiment as that embodiment is illustrated in the drawings.
PCT/GB2006/002476 2005-07-05 2006-07-04 A method of and a system for authentication WO2007003939A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB0513767.4A GB0513767D0 (en) 2005-07-05 2005-07-05 A method of and a system for authentication
GB0513767.4 2005-07-05

Publications (2)

Publication Number Publication Date
WO2007003939A2 true WO2007003939A2 (en) 2007-01-11
WO2007003939A3 WO2007003939A3 (en) 2007-05-31

Family

ID=34856698

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2006/002476 WO2007003939A2 (en) 2005-07-05 2006-07-04 A method of and a system for authentication

Country Status (2)

Country Link
GB (1) GB0513767D0 (en)
WO (1) WO2007003939A2 (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0329166A2 (en) * 1988-02-17 1989-08-23 Nippondenso Co., Ltd. Fingerprint verification method employing plural correlation judgement levels and sequential judgement stages
WO1999008238A1 (en) * 1997-08-11 1999-02-18 International Business Machines Corporation A portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
WO1999063475A1 (en) * 1998-05-29 1999-12-09 E-Micro Corporation Wallet consolidator
EP1018712A1 (en) * 1998-12-22 2000-07-12 Eastman Kodak Company Method and apparatus for transaction card security utilizing embedded image data
EP1020811A2 (en) * 1999-01-15 2000-07-19 Citicorp Development Center, Inc. Fast matching systems and methods for personal identification
WO2001071462A2 (en) * 2000-03-21 2001-09-27 Widcomm, Inc. System and method for secure biometric identification
US20020060243A1 (en) * 2000-11-13 2002-05-23 Janiak Martin J. Biometric authentication device for use in mobile telecommunications
US20020158747A1 (en) * 2001-04-26 2002-10-31 Mcgregor Christopher M. Bio-metric smart card, bio-metric smart card reader and method of use
US20030004827A1 (en) * 1998-04-27 2003-01-02 Wang Ynjiun P. Payment system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0329166A2 (en) * 1988-02-17 1989-08-23 Nippondenso Co., Ltd. Fingerprint verification method employing plural correlation judgement levels and sequential judgement stages
WO1999008238A1 (en) * 1997-08-11 1999-02-18 International Business Machines Corporation A portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US20030004827A1 (en) * 1998-04-27 2003-01-02 Wang Ynjiun P. Payment system
WO1999063475A1 (en) * 1998-05-29 1999-12-09 E-Micro Corporation Wallet consolidator
EP1018712A1 (en) * 1998-12-22 2000-07-12 Eastman Kodak Company Method and apparatus for transaction card security utilizing embedded image data
EP1020811A2 (en) * 1999-01-15 2000-07-19 Citicorp Development Center, Inc. Fast matching systems and methods for personal identification
WO2001071462A2 (en) * 2000-03-21 2001-09-27 Widcomm, Inc. System and method for secure biometric identification
US20020060243A1 (en) * 2000-11-13 2002-05-23 Janiak Martin J. Biometric authentication device for use in mobile telecommunications
US20020158747A1 (en) * 2001-04-26 2002-10-31 Mcgregor Christopher M. Bio-metric smart card, bio-metric smart card reader and method of use

Also Published As

Publication number Publication date
GB0513767D0 (en) 2005-08-10
WO2007003939A3 (en) 2007-05-31

Similar Documents

Publication Publication Date Title
US6817521B1 (en) Credit card application automation system
US20070131759A1 (en) Smartcard and magnetic stripe emulator with biometric authentication
CN101095162B (en) System and method for a secure transaction module
CN1936972B (en) Biometrics authentication method and biometrics authentication system
US8678294B2 (en) Federated ID secure virtual terminal emulation smartcard
US6726100B2 (en) Method for spreading parameters in offline chip-card terminals as well as corresponding chip-card terminals and user chip-cards
US20080126260A1 (en) Point Of Sale Transaction Device With Magnetic Stripe Emulator And Biometric Authentication
US20090050689A1 (en) Electronic wallet device and method of using electronic value
EP2287783A1 (en) Electronic credit card - ECC
US20070214093A1 (en) System for secure payment and authentication
AU2007354267A1 (en) Point0f sale transaction device with magnetic stripe emulator and biometric authentication
AU2003285786B2 (en) System and method for automatic verification of the holder of an authorisation document
CN102713920A (en) A personalized multifunctional access device possessing an individualized form of authenticating and controlling data exchange
JPH0514298B2 (en)
JP5480817B2 (en) Method for permitting communication such as access to memory zone of portable electronic device, corresponding electronic device and system
US20060174134A1 (en) Secure steganographic biometric identification
US20170011402A1 (en) Method and system for authentication and payment by using portable terminal
JP2001344544A (en) Portable terminal and electronic clearing system using the same
WO2012151486A2 (en) System and method of using mobile devices to personalize and issue personalized identification documents
US6829597B1 (en) Method, apparatus and computer program product for processing cashless payments
US20120271764A1 (en) Financial trade method and trade system using mobile device for the same
EP3399490B1 (en) User terminal and method executed by a settlement system, settlement device and method executed by same, and program
WO2007003939A2 (en) A method of and a system for authentication
CN1321389C (en) System and method of paying transaction
JP6845888B2 (en) Authentication method for electronic wallet media

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06764898

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 06764898

Country of ref document: EP

Kind code of ref document: A2