WO2002054341A1 - Commersign: systems and methods for secure electronic business transactions - Google Patents

Commersign: systems and methods for secure electronic business transactions Download PDF

Info

Publication number
WO2002054341A1
WO2002054341A1 PCT/US2002/000637 US0200637W WO02054341A1 WO 2002054341 A1 WO2002054341 A1 WO 2002054341A1 US 0200637 W US0200637 W US 0200637W WO 02054341 A1 WO02054341 A1 WO 02054341A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
biometric
electronic
transactions
key
Prior art date
Application number
PCT/US2002/000637
Other languages
French (fr)
Inventor
Michelle A. Lent
Original Assignee
Stefaan De Schrijver, Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Stefaan De Schrijver, Incorporated filed Critical Stefaan De Schrijver, Incorporated
Publication of WO2002054341A1 publication Critical patent/WO2002054341A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Definitions

  • the invention relates to systems and methods for allowing consumers, businesses and other entities to place orders, deliver goods and perform payments or authorize credits employing a biometric device as identifier.
  • the present invention relates generally to systems that secure privacy and confidentiality of the above transactions and, more particularly, concerns a method and apparatus for authenticating documents, records and objects as well as individuals who are involved with or responsible for said transactions.
  • Security is founded on the combination of authentication, entitlement, integrity, non-repudiation and confidentiality of transactions and of the associated documents and objects. Authentication verifies the identity of entities; entitlement verifies the right of an entity to execute a transaction; confidentiality protects the transaction and all its linkage from publicity; integrity ensures that any information or documentation regarding the transaction remains constant and unchanged; non-repudiation provides legal proof that the transaction occurred.
  • Pin-codes, passwords, encrypting and hashing of such records are used in the art to thwart unauthorized access and tampering, ecently it has come to light that fraud with promotional coupons is widespread, and was used to finance terrorist networks.
  • Computers and computer networks used to conduct transactions and document processing allow early detection of certain types of fraud.
  • eliminating the human connection makes verification of the identity of transacting entities essential, since the trust factor that exists between humans who know each other has been eliminated. Therefore the need remains for business transaction, document processing, and access systems which can secure a transaction.
  • access systems mean systems which access networks or media which contain, store, process, transmit, transport or carry physical, or electronic analog or digital data, messages, text, FAX, audio, video, drawings, images, photo, electronic and physical mail, safe boxes, biometric information and the like.
  • transaction system means all such transaction, payment, document processing, access systems, and trusted third party systems, including ones not related to business use, such as passport authentication systems.
  • Today applications that allow order placement, fulfillment and payment by means of credit cards are common, whether at point of sales, or over the Internet for so- called electronic-commerce. These applications are well known in the art. They require the users to identify themselves by means of a pin code and a name, with additional information such as date of birth, mother's maiden name, (part of) social security number, expiration date, last transaction amounts etc...
  • the present invention is directed to a centralized transaction system, which avoids the shortcomings of such systems currently used in the art.
  • the invention includes the following apparatus:
  • a plurality of client devices including a computer and a means of network communication (1000: cash register or other point of sales terminal, a PDA, a home computer, a television with a set-top box , or a (wireless) telephone).
  • a plurality of biometric means (1100: smartpen, fingerprint device, camera, microphone for voice recognition, etc.) that can be used alone or conjointly for biometric measurements.
  • a plurality of electronic commerce application servers 5000 (for credit evaluation, for order transaction, for payment transaction, for order fulfillment, etc).
  • a plurality of security servers 4000 for biometric authentication modules including registration and verification, for secure key management and encryption, for validation of biometric devices, for template databases, etc..) providing security of data, confidentiality of protocols, privacy of profiles and non- repudiation of transactions.
  • a network infrastructure 2000 including LAN/ WAN/ MAN/ PAN/ VPN/ Intranet Internet wired or wireless networks for digital data transfers.
  • a plurality of software agents 3000 including user interfaces, secure socket layers, network management, content management, "middle ware", database management, error recovery and exception handling, all known in the art.
  • the present invention provides processes that vary only slightly whether the parties are present to the transaction (for instance a buyer visiting a merchant's store), or absent (such as when purchasing through electronic catalogs, whether from computers, televisions, automatic teller machines, or telephones, wireless or wired).
  • the business process for merchants in stores is described hereafter as an example. Alternative implementations are easily derived.
  • the business process can be used for the sale of hard or soft goods, as well as for services.
  • the invention provides a transaction system wherein, when an entity (person, company, computer program), transaction, document or thing needs to be authenticated, information regarding one or more of the parties or items (such as electronic records) involved is associated with biometric data of at least one of the parties.
  • the electronic records are hashed with a session key.
  • the hash is time stamped.
  • Biometric data regarding at least one of the parties authorizing the transaction are measured with biometric means (such as signature dynamics).
  • the biometric means 1100 have a unique identification key (ID).
  • ID and the session key are used to create a transaction key.
  • the transaction key is used to encrypt the HASH and the dynamic biometric data of the authorizing individual or individuals.
  • the biometric data of the individuals are used to authenticate the identity of the individual. This results in a proof of signature verification (PSV).
  • PSV proof of signature verification
  • the HASH, the PSV, the transaction key, and the time stamp are used to maintain the integrity and confidentiality of the transaction and the items and entities related to it
  • a merchant opens a CommerSign merchant account 5010 or a plurality of such accounts, with a bank or other financial institution.
  • the bank creates a merchant profile.
  • Such a profile may contain a plurality of suspense accounts automatic billing and payment links to the suppliers of the merchant. It also may contain automatic insurance against credit risks, fraud, and other such payment exceptions.
  • the profile may contain credentialing and entitlement information regarding officers of the merchant. In anyway such a profile maintains a record of the commercial behavior of the merchant.
  • the bank may use known credentialing systems to authorize certain credits to the merchant and or the supplier.
  • the bank may aggregate the payments and billings and clear the balances of the accounts on a periodic (daily, weekly) basis, thus providing payment facilities to the merchants and the suppliers, through the CommerSign system.
  • the Bank uses the CommerSign system in a recursive way.
  • the bank may aggregate the CommerSign transaction system with other services it provides the merchant, such as insurance, employee benefits, investment, mortgage, savings accounts.
  • the bank provides the entire infrastructure for the CommerSign business system, or links the merchant's system to the CommerSign business system, in either case the bank provides a Virtual Private Network 2000 and all the necessary apparatus to be used during the transaction.
  • the merchant through known means (such as coupons, loyalty schemes, gifts) in cooperation with the bank convinces the customer (consumer or corporate buyer) to open a CommerSign customer 5020 (personal, family or corporate) account.
  • CommerSign customer 5020 personal, family or corporate
  • customers register certain personal, family or corporate information as the case may be, including entitlements to the usage of the CommerSign account and including personal biometric information such as facial, finger, voice, or signature dynamics.
  • the bank creates a customer profile including all the biometrics it registered.
  • the bank can use known shared secret services to decide on the amount of credit to authorize for each account. Or the bank can link the CommerSign account to existing accounts, such as checking accounts, thus creating a debit facility. Either way the bank creates a payment facility from the customer to the merchant.
  • the bank may aggregate the CommerSign account with other accounts of the customer, such as savings, mortgage, investments, insurance. In this way the bank may use the CommerSign account in other circumstances than the retail purchases.
  • An assumed identity including: name, address, telephone number, fax number, e-mail address, relation to the account holder, employer identification, date of birth, social security number, and the like,
  • Static Biometric Data including one or a plurality of static biometric reference templates of fingerprint minutia, iris pictures, face patterns, pen signature image (from static reconstruction with tablets or form reconstruction through force dynamics) and the like
  • Dynamic Biometric Data including one or a plurality of biometric reference templates: Pen signature dynamics, seal/stamp dynamics (such as three dimensional forces on the pen tip, three dimensional angles of the pen with a magnetic field, two dimensional angles of the pen with a gravitational field, forces on the body of the pen, accelerations of the pen body, pen strokes, motion in the air, pen-up/pen-down status, time dependencies of the foregoing leading to frequency measurements, as well as amplitude measurements), voice fenones including time dependencies of frequencies and amplitudes,
  • Links for Aggregation what accounts provide, receive, or share information with the CommerSign accounts, and how to securely transfer the information. Further, for the case where customers visit a store and are present when the transaction occurs, the following embodiment of the business process and transaction system can be envisioned.
  • a customer enters a store and collects the goods to be purchased from the shelves.
  • the goods are either property of the merchant or of the supplier, in case the merchant rents shelf space to the supplier and sells the goods on a consignment basis.
  • the goods are identified by means of a scanning device connected to the cash register.
  • the customer is identified by providing his/her name through biometric means, such as voice or face recognition, or through an identification document such as a driver's license, social security card, photo ID or any other means known in the art.
  • the Biometric Stylus is activated by the pay station.
  • the Biometric Stylus sets up a transaction session with the BiSS.
  • An unique Session Key is created by the Biometric Security System (BiSS).
  • An electronic transaction record is created, then displayed on the pay station and printed on the payment slip together with its time stamp as originated in the BiSS.
  • the session key is used to hash the electronic transaction record (ETR).
  • ETR electronic transaction record
  • the HASH is also printed on the associated payment slip.
  • BSD biometric signature dynamics
  • the biometric stylus uses its unique stylusID together with the unique session key to create a unique transaction key.
  • the BiSS which created the session key and knows the stylus ID, uses the unique transaction key to encrypt the hash together with the BSD into a secure record while it is transmitted from the pay station to the biometric authentication module (BAM).
  • BAM biometric authentication module
  • the customer's ID was transmitted in clear and used to retrieve the customer's biometric template from the shared secrets database.
  • the BAM now produces an OK or a NOK message.
  • This message is encrypted together with a proof of signature verification (PSV) with the same transaction key and returned to the biometric stylus and subsequently to the pay-station.
  • PSV proof of signature verification
  • the shared secrets database is now updated with the Hash, the time stamp of the PSV issued, the PSV, NOK or OK result, and the transaction key.
  • the session key is a unique random number generated by the BiSS, independent of any transacting party. That code is used to hash the information regarding the electronic transaction or ETR. No information regarding the transacting parties is used to code information regarding the transaction.
  • the Stylus ID is unique to the device used to produce the biometric signature dynamics. In itself it does not contain any information regarding the transacting parties.
  • the Stylus ID is combined together with the session key to create a unique transaction key.
  • the transaction key is used to encrypt the combination of the hash and the BSD. As a consequence, the confidentiality of the customer is maintained vis-a-vis the merchant, since only the trusted third party, in this case the bank, has access to the shared secrets database.
  • the hash is not used to authenticate the transaction, merely to maintain its integrity.
  • the PSV is used to authenticate the transaction.
  • the result of the authentication is either an OK or a NOK.
  • the bank verifies the level of entitlement of the individual. This results in an OK or a NOK.
  • the shared secret database is updated with the result and with the timestamp of the result.
  • the payment is charged to the customer account.
  • the merchant's suspense account is credited.
  • the entitlement OK together with the authentication OK and the proof of signature verification are encrypted with the transaction key and returned to the biometric device at the pay station.
  • the biometric device instructs the pay station to update the merchant's information system and the ETR and to this end transmits in clear the timestamp of the creation of the PSV to the pay-station.
  • EHE Entitlement Exception Handling
  • an Authentication Exception Handling (AHE) message is transmitted to the pay station.
  • the merchant handles this according to known procedures.
  • a record is made in the merchant's information system as well as in the shared secret database.
  • the customer now receives the goods and leaves the premises, or leaves the premises without the goods, as the case may be.
  • the bank clears all the payments in the merchant's suspense account and credits the merchants current account. If the embodiment includes the recursive capability the payments from and to the merchant's suppliers are automatically balanced out.
  • the merchant's information system receives a report and can be updated according to established protocols. Again the merchant's profile is updated by the bank.
  • the ID of the customer, the HASH and the timestamp of the transaction are submitted to the BiSS that recreates the ETR from the information in the shared secrets database.
  • the ETR, the printed pay slip and the reconstructed ETR will contain the same information.
  • the customer In order to allow the reconstruction of the ETR from the HASH, the customer must sign an authorization transaction, which has a protocol similar to the purchase transaction. Thus reconstruction of the HASH can only occur if the original customer comes and signs for the reconstruction request, thus guaranteeing the confidentiality of the transaction.
  • the bank has the ETR only in HASH form, it cannot use the information of the ETR without the explicit authorization of the customer. The bank can only use its shared secrets file for statistical and credentialing information.
  • customers are not required to remember PIN codes, since their biometrics are used to the purpose of identifying them.

Abstract

The invention provides a transaction system (1000, 1100, 1500, 2000, 3000, 4000, 5000, 5010, 5020, 6000) wherein, when an entity (person, company, computer program), transaction, document or thing needs to be authenticated, information regarding one or more of the parties or items (such as electronic records) involved is associated with biometric data of at least one of the parties. The electronic records are hashed with a session key. Biometric data regarding at least one of the parties authorizing the transaction are measured with biometric means (such as signature dynamics). The biometric means I 100 have a unique identification key (ID). The ID and the session key are used to create a transaction key. The transaction key is used to encrypt the HASH and the dynamic biometric data of the authorizing individual or individuals. The biometric data of the individuals are used to authenticate the identity of the individual.

Description

CommerSign: SYSTEMS AND METHODS FOR SECURE ELECTRONIC
BUSINESS TRANSACTIONS
BACKGROUND OF THE INVENTION
1. Field of The Invention
The invention relates to systems and methods for allowing consumers, businesses and other entities to place orders, deliver goods and perform payments or authorize credits employing a biometric device as identifier.
The present invention relates generally to systems that secure privacy and confidentiality of the above transactions and, more particularly, concerns a method and apparatus for authenticating documents, records and objects as well as individuals who are involved with or responsible for said transactions.
Background of The Invention
There are situations that require secure transactions. Security is founded on the combination of authentication, entitlement, integrity, non-repudiation and confidentiality of transactions and of the associated documents and objects. Authentication verifies the identity of entities; entitlement verifies the right of an entity to execute a transaction; confidentiality protects the transaction and all its linkage from publicity; integrity ensures that any information or documentation regarding the transaction remains constant and unchanged; non-repudiation provides legal proof that the transaction occurred.
For example checks, stock certificates, and bonds are subject to theft. Electronic payment transfers are subject to fraud. From the time a document is issued, the information contained on it, or the name of the recipient could be changed. False documents can be issued with forged images of signatures. Similarly, passports, pay checks, motor vehicle registrations, diplomas, food stamps, wager receipts, medical prescriptions, or birth certificates and other official documents are subject to forgery, fraudulent modification or use by an unintended recipient. To counter this, special forms, official stamps and seals, and special authentication procedures have been utilized to assure the authenticity of such documents. Medical, legal and personnel records, and all types of information in storage media are also subject to unauthorized access. Pin-codes, passwords, encrypting and hashing of such records are used in the art to thwart unauthorized access and tampering, ecently it has come to light that fraud with promotional coupons is widespread, and was used to finance terrorist networks.
Computers and computer networks used to conduct transactions and document processing, allow early detection of certain types of fraud. However, eliminating the human connection makes verification of the identity of transacting entities essential, since the trust factor that exists between humans who know each other has been eliminated. Therefore the need remains for business transaction, document processing, and access systems which can secure a transaction.
In the context of the present document, "access systems" mean systems which access networks or media which contain, store, process, transmit, transport or carry physical, or electronic analog or digital data, messages, text, FAX, audio, video, drawings, images, photo, electronic and physical mail, safe boxes, biometric information and the like. In the context of the present document, "transaction system" means all such transaction, payment, document processing, access systems, and trusted third party systems, including ones not related to business use, such as passport authentication systems. Today applications that allow order placement, fulfillment and payment by means of credit cards are common, whether at point of sales, or over the Internet for so- called electronic-commerce. These applications are well known in the art. They require the users to identify themselves by means of a pin code and a name, with additional information such as date of birth, mother's maiden name, (part of) social security number, expiration date, last transaction amounts etc...
Service providers keep this information together with the pre-registered templates, which include address and other personal data, and with the history of the transactions. These "secrets" often are shared by the service providers, such as banks, by depositing them with third parties such as credit bureaus like Equifax. These measures, while widely used with private networks, are not very adequate for use with open networks such as Internet, where identity easily can be stolen. The security problems described above have been acerbated by the advent of electronic business conducted over the Internet. To some extent, systems involving Public Key Infrastructures have been able to solve some of the security issues. However they require the deployment of novel transactions systems, and, above all, they use methods and apparatus that do not permit the linkage of individuals to the transactions that they execute. Therefore these PKI systems do not provide proof positive of an individual's participation in a transaction. The overwhelming majority of currently deployed computer networks are private closed networks. PKI works well with open networks. For closed networks other facilities are required. Therefore there is a need in the art for a transaction system that secures the interests of all parties to multi-party transactions whether the parties are present or absent to a transaction, whether the transaction occurs over public or private, open or closed systems. There is a need in the art for systems that undeniably link individuals with the transactions that they are involved with. There is also a need in the art to do this at as low a possible cost. Therefore there is a need in the art to provide authentication of individuals without the usage of credit cards or smartcards or magnetic stripe cards. The means to do so require biometrics.
SUMMARY OF THE INVENTION
It is the object of the present invention to provide apparatus and methods that allow electronic commerce fulfillment and payment, through credit, debit or electronic cash transactions, without the usage of cards or other such tokens used in the identification of individuals. The present invention is directed to a centralized transaction system, which avoids the shortcomings of such systems currently used in the art.
The invention includes the following apparatus:
A plurality of client devices including a computer and a means of network communication (1000: cash register or other point of sales terminal, a PDA, a home computer, a television with a set-top box , or a (wireless) telephone). A plurality of biometric means (1100: smartpen, fingerprint device, camera, microphone for voice recognition, etc.) that can be used alone or conjointly for biometric measurements.
A plurality of electronic commerce application servers 5000(for credit evaluation, for order transaction, for payment transaction, for order fulfillment, etc...).
A plurality of security servers 4000 (for biometric authentication modules including registration and verification, for secure key management and encryption, for validation of biometric devices, for template databases, etc..) providing security of data, confidentiality of protocols, privacy of profiles and non- repudiation of transactions.
A network infrastructure 2000 including LAN/ WAN/ MAN/ PAN/ VPN/ Intranet Internet wired or wireless networks for digital data transfers.
A plurality of software agents 3000 including user interfaces, secure socket layers, network management, content management, "middle ware", database management, error recovery and exception handling, all known in the art.
A plurality of profiles that constitute databases 6000 regarding the buying, credit, and payment habits of buyers, whether consumers or professional purchasers for companies. Such profiles are treated in the art as shared secrets.
The present invention provides processes that vary only slightly whether the parties are present to the transaction (for instance a buyer visiting a merchant's store), or absent (such as when purchasing through electronic catalogs, whether from computers, televisions, automatic teller machines, or telephones, wireless or wired). The business process for merchants in stores is described hereafter as an example. Alternative implementations are easily derived. The business process can be used for the sale of hard or soft goods, as well as for services.
The invention provides a transaction system wherein, when an entity (person, company, computer program), transaction, document or thing needs to be authenticated, information regarding one or more of the parties or items (such as electronic records) involved is associated with biometric data of at least one of the parties. The electronic records are hashed with a session key. The hash is time stamped. Biometric data regarding at least one of the parties authorizing the transaction are measured with biometric means (such as signature dynamics). The biometric means 1100 have a unique identification key (ID). The ID and the session key are used to create a transaction key. The transaction key is used to encrypt the HASH and the dynamic biometric data of the authorizing individual or individuals. The biometric data of the individuals are used to authenticate the identity of the individual. This results in a proof of signature verification (PSV). The HASH, the PSV, the transaction key, and the time stamp are used to maintain the integrity and confidentiality of the transaction and the items and entities related to it.
They are stored in a shared secrets database 6000 and can be used to decrypt and decode the HASH to restore the original electronic record of the transaction. The electronic information must then match the record printed on or otherwise attached to any physical items.
DRAWING: An illustration of the CommerSign Transaction System The following drawing illustrates some of the components that constitute a possible embodiment of the CommerSign transaction system.
DESCRIPTION OF AN ILLUSTRATIVE EMBODIMENT
The foregoing brief description as well as further objects, features, and advantages of the present invention will be understood more completely from the following detailed description of the illustrative embodiments of the invention, with reference to the accompanying drawing.
In accordance with an embodiment of the present invention, a merchant opens a CommerSign merchant account 5010 or a plurality of such accounts, with a bank or other financial institution. The bank creates a merchant profile. Such a profile may contain a plurality of suspense accounts automatic billing and payment links to the suppliers of the merchant. It also may contain automatic insurance against credit risks, fraud, and other such payment exceptions. The profile may contain credentialing and entitlement information regarding officers of the merchant. In anyway such a profile maintains a record of the commercial behavior of the merchant. The bank may use known credentialing systems to authorize certain credits to the merchant and or the supplier. The bank may aggregate the payments and billings and clear the balances of the accounts on a periodic (daily, weekly) basis, thus providing payment facilities to the merchants and the suppliers, through the CommerSign system. In such a case the Bank uses the CommerSign system in a recursive way. The bank may aggregate the CommerSign transaction system with other services it provides the merchant, such as insurance, employee benefits, investment, mortgage, savings accounts.
The bank provides the entire infrastructure for the CommerSign business system, or links the merchant's system to the CommerSign business system, in either case the bank provides a Virtual Private Network 2000 and all the necessary apparatus to be used during the transaction. The merchant through known means (such as coupons, loyalty schemes, gifts) in cooperation with the bank convinces the customer (consumer or corporate buyer) to open a CommerSign customer 5020 (personal, family or corporate) account. To that purpose customers register certain personal, family or corporate information as the case may be, including entitlements to the usage of the CommerSign account and including personal biometric information such as facial, finger, voice, or signature dynamics. The bank creates a customer profile including all the biometrics it registered. The bank can use known shared secret services to decide on the amount of credit to authorize for each account. Or the bank can link the CommerSign account to existing accounts, such as checking accounts, thus creating a debit facility. Either way the bank creates a payment facility from the customer to the merchant. The bank may aggregate the CommerSign account with other accounts of the customer, such as savings, mortgage, investments, insurance. In this way the bank may use the CommerSign account in other circumstances than the retail purchases.
All profiles regarding people, whether officers of the merchant or customers or their family members must contain a record of information such as follows:
An assumed identity including: name, address, telephone number, fax number, e-mail address, relation to the account holder, employer identification, date of birth, social security number, and the like,
Static Biometric Data including one or a plurality of static biometric reference templates of fingerprint minutia, iris pictures, face patterns, pen signature image (from static reconstruction with tablets or form reconstruction through force dynamics) and the like, Dynamic Biometric Data including one or a plurality of biometric reference templates: Pen signature dynamics, seal/stamp dynamics (such as three dimensional forces on the pen tip, three dimensional angles of the pen with a magnetic field, two dimensional angles of the pen with a gravitational field, forces on the body of the pen, accelerations of the pen body, pen strokes, motion in the air, pen-up/pen-down status, time dependencies of the foregoing leading to frequency measurements, as well as amplitude measurements), voice fenones including time dependencies of frequencies and amplitudes,
Historic Behavior Data: of the biometric device as well as of the persons: where do they usually operate, what do they usually perform or purchase and the like Entitlements: determine the kind of transactions, the kind of goods, the level of credits, the kind of accesses a person in the CommerSign system can have
Links for Aggregation: what accounts provide, receive, or share information with the CommerSign accounts, and how to securely transfer the information. Further, for the case where customers visit a store and are present when the transaction occurs, the following embodiment of the business process and transaction system can be envisioned.
A customer enters a store and collects the goods to be purchased from the shelves. The goods are either property of the merchant or of the supplier, in case the merchant rents shelf space to the supplier and sells the goods on a consignment basis.
When the customer presents the goods at the payment counter the goods, the customer, the transaction, and a payment slip must be identified. The goods are identified by means of a scanning device connected to the cash register. The customer is identified by providing his/her name through biometric means, such as voice or face recognition, or through an identification document such as a driver's license, social security card, photo ID or any other means known in the art. The Biometric Stylus is activated by the pay station. The Biometric Stylus sets up a transaction session with the BiSS. An unique Session Key is created by the Biometric Security System (BiSS). An electronic transaction record is created, then displayed on the pay station and printed on the payment slip together with its time stamp as originated in the BiSS. The session key is used to hash the electronic transaction record (ETR). The HASH is also printed on the associated payment slip. When the customer signs the payment slip with a biometric stylus the latter produces biometric signature dynamics (BSD) and preferably a timestamp for the BSD. The biometric stylus uses its unique stylusID together with the unique session key to create a unique transaction key. The BiSS, which created the session key and knows the stylus ID, uses the unique transaction key to encrypt the hash together with the BSD into a secure record while it is transmitted from the pay station to the biometric authentication module (BAM). The customer's ID was transmitted in clear and used to retrieve the customer's biometric template from the shared secrets database. The BAM now produces an OK or a NOK message. This message is encrypted together with a proof of signature verification (PSV) with the same transaction key and returned to the biometric stylus and subsequently to the pay-station. The shared secrets database is now updated with the Hash, the time stamp of the PSV issued, the PSV, NOK or OK result, and the transaction key.
The session key is a unique random number generated by the BiSS, independent of any transacting party. That code is used to hash the information regarding the electronic transaction or ETR. No information regarding the transacting parties is used to code information regarding the transaction. The Stylus ID is unique to the device used to produce the biometric signature dynamics. In itself it does not contain any information regarding the transacting parties. The Stylus ID is combined together with the session key to create a unique transaction key. The transaction key is used to encrypt the combination of the hash and the BSD. As a consequence, the confidentiality of the customer is maintained vis-a-vis the merchant, since only the trusted third party, in this case the bank, has access to the shared secrets database. Only the BSD of the customer is used for authentication purposes since the entire transaction system operates as a private or as a virtual private network, whereby the second transacting party is always the merchant, and does not need authentication, since the merchant is the operator or virtual operator of the transaction system. The hash is not used to authenticate the transaction, merely to maintain its integrity. The PSV is used to authenticate the transaction. The result of the authentication is either an OK or a NOK.
If the result of the authentication is an OK, the bank verifies the level of entitlement of the individual. This results in an OK or a NOK. The shared secret database is updated with the result and with the timestamp of the result. The payment is charged to the customer account. The merchant's suspense account is credited. The entitlement OK together with the authentication OK and the proof of signature verification are encrypted with the transaction key and returned to the biometric device at the pay station. The biometric device instructs the pay station to update the merchant's information system and the ETR and to this end transmits in clear the timestamp of the creation of the PSV to the pay-station.
If the result of the entitlement verification is NOK, an Entitlement Exception Handling (EHE) message is transmitted to the pay station. The merchant handles this according to known procedures. A record is made in the merchant's information system as well as in the shared secret database.
If the result of the authentication is a NOK, an Authentication Exception Handling (AHE) message is transmitted to the pay station. The merchant handles this according to known procedures. A record is made in the merchant's information system as well as in the shared secret database.
The customer now receives the goods and leaves the premises, or leaves the premises without the goods, as the case may be.
At the end of the agreed period the bank clears all the payments in the merchant's suspense account and credits the merchants current account. If the embodiment includes the recursive capability the payments from and to the merchant's suppliers are automatically balanced out. The merchant's information system receives a report and can be updated according to established protocols. Anyway the merchant's profile is updated by the bank.
In case of dispute, for instance when the customer returns the goods, the ID of the customer, the HASH and the timestamp of the transaction are submitted to the BiSS that recreates the ETR from the information in the shared secrets database. To the extent that nobody tampered with the records, the ETR, the printed pay slip and the reconstructed ETR will contain the same information. In order to allow the reconstruction of the ETR from the HASH, the customer must sign an authorization transaction, which has a protocol similar to the purchase transaction. Thus reconstruction of the HASH can only occur if the original customer comes and signs for the reconstruction request, thus guaranteeing the confidentiality of the transaction. Since the bank has the ETR only in HASH form, it cannot use the information of the ETR without the explicit authorization of the customer. The bank can only use its shared secrets file for statistical and credentialing information. As opposed to other known secure transaction systems, customers are not required to remember PIN codes, since their biometrics are used to the purpose of identifying them.
Although preferred embodiments of the invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that many additions, modifications, and substitutions are possible without departing from the scope or spirit of the invention as described above.

Claims

What is claimed is:
1. A centralized system for electronic commerce.
2. A method, using centralized electronic commerce systems according to claim 1.
3. A method, according to claim 2, whereby the system of claim 1 provides secure electronic commerce.
4. A method, according to claim 2, whereby the system of claim 1 provides privacy in the conduct of the conduct of electronic commerce.
5. A method, according to claim 2, providing proof positive of an individual's participation in the commercial transactions.
6. A method, according to claim 5, using electronic signatures.
7. A method, according to claim 6, providing electronic signatures without depending on Public Key Infrastructure.
8. A method, according to claim 5, providing proof positive of an individual's participation without the use of magnetic cards, smart cards, pin codes, etc. to provide an identity for the individual.
9. A method, according to claim 6, generating and securely storing electronic documents.
10. A method, according to claim 6, recursive use of the method for chain stores.
1 1. A method, according to claim 10, may involve aggregation of services such as insurance, and other operational financing needs.
12. A method, according to claim 2, enforcing trace-ability of all transactions.
13. A method, according to claim 2, enforcing trace-ability of all documents used in transactions, such as coupons.
PCT/US2002/000637 2001-01-08 2002-01-08 Commersign: systems and methods for secure electronic business transactions WO2002054341A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US26019501P 2001-01-08 2001-01-08
US60/260,195 2001-01-08

Publications (1)

Publication Number Publication Date
WO2002054341A1 true WO2002054341A1 (en) 2002-07-11

Family

ID=22988164

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/000637 WO2002054341A1 (en) 2001-01-08 2002-01-08 Commersign: systems and methods for secure electronic business transactions

Country Status (1)

Country Link
WO (1) WO2002054341A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2402791A (en) * 2003-06-09 2004-12-15 Seiko Epson Corp User identification using two or more sources of biometric data in combination with a user entered code
WO2007087194A2 (en) * 2006-01-20 2007-08-02 Glenbrook Associates, Inc. System and method for the automated processing of physical objects
US7287159B2 (en) * 2004-04-01 2007-10-23 Shieldip, Inc. Detection and identification methods for software
US7406593B2 (en) 2002-05-02 2008-07-29 Shieldip, Inc. Method and apparatus for protecting information and privacy
US7747873B2 (en) 2000-11-03 2010-06-29 Shieldip, Inc. Method and apparatus for protecting information and privacy
US7861092B2 (en) 2004-05-10 2010-12-28 Koninklijke Philips Electronics N.V. Personal communication apparatus capable of recording transactions secured with biometric data
US8842887B2 (en) 2004-06-14 2014-09-23 Rodney Beatson Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
CN104899519A (en) * 2015-05-13 2015-09-09 上海凭安企业信用征信有限公司 Privacy protection credit method based on virtual ID
WO2016011053A1 (en) * 2014-07-14 2016-01-21 Mpath, Inc. Method and apparatus to improve submissin-based security for transactions using facial recognition
US9665704B2 (en) 2004-06-14 2017-05-30 Rodney Beatson Method and system for providing password-free, hardware-rooted, ASIC-based, authentication of human to a stand-alone computing device using biometrics with a protected local template to release trusted credentials to relying parties

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5838812A (en) * 1994-11-28 1998-11-17 Smarttouch, Llc Tokenless biometric transaction authorization system
US6035280A (en) * 1995-06-16 2000-03-07 Christensen; Scott N. Electronic discount couponing method and apparatus for generating an electronic list of coupons

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5838812A (en) * 1994-11-28 1998-11-17 Smarttouch, Llc Tokenless biometric transaction authorization system
US6035280A (en) * 1995-06-16 2000-03-07 Christensen; Scott N. Electronic discount couponing method and apparatus for generating an electronic list of coupons

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NORTON, IBIA (INTERNATIONAL BIOMETRIC INDUSTRY ASS.), June 2000 (2000-06-01), pages 1 - 6, XP002951316 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7747873B2 (en) 2000-11-03 2010-06-29 Shieldip, Inc. Method and apparatus for protecting information and privacy
US8327453B2 (en) 2002-05-02 2012-12-04 Shieldip, Inc. Method and apparatus for protecting information and privacy
US7991995B2 (en) 2002-05-02 2011-08-02 Shieldip, Inc. Method and apparatus for protecting information and privacy
US7406593B2 (en) 2002-05-02 2008-07-29 Shieldip, Inc. Method and apparatus for protecting information and privacy
GB2402791B (en) * 2003-06-09 2006-07-12 Seiko Epson Corp A method of providing security identification of a user and a semiconductor chip for effecting the method
GB2402791A (en) * 2003-06-09 2004-12-15 Seiko Epson Corp User identification using two or more sources of biometric data in combination with a user entered code
US7287159B2 (en) * 2004-04-01 2007-10-23 Shieldip, Inc. Detection and identification methods for software
US7861092B2 (en) 2004-05-10 2010-12-28 Koninklijke Philips Electronics N.V. Personal communication apparatus capable of recording transactions secured with biometric data
US8842887B2 (en) 2004-06-14 2014-09-23 Rodney Beatson Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
US9665704B2 (en) 2004-06-14 2017-05-30 Rodney Beatson Method and system for providing password-free, hardware-rooted, ASIC-based, authentication of human to a stand-alone computing device using biometrics with a protected local template to release trusted credentials to relying parties
US9940453B2 (en) 2004-06-14 2018-04-10 Biocrypt Access, Llc Method and system for securing user access, data at rest and sensitive transactions using biometrics for mobile devices with protected, local templates
US11803633B1 (en) 2004-06-14 2023-10-31 Biocrypt Access Llc Method and system for securing user access, data at rest and sensitive transactions using biometrics for mobile devices with protected, local templates
WO2007087194A3 (en) * 2006-01-20 2007-09-20 Glenbrook Associates Inc System and method for the automated processing of physical objects
WO2007087194A2 (en) * 2006-01-20 2007-08-02 Glenbrook Associates, Inc. System and method for the automated processing of physical objects
US9569907B2 (en) 2006-01-20 2017-02-14 1997 Irrevocable Trust For Gregory P. Benson System and method for the automated processing of physical objects
US9959542B2 (en) 2006-01-20 2018-05-01 1997 Irrevocable Trust For Gregory P. Benon System and method for the automated processing of physical objects
WO2016011053A1 (en) * 2014-07-14 2016-01-21 Mpath, Inc. Method and apparatus to improve submissin-based security for transactions using facial recognition
CN104899519A (en) * 2015-05-13 2015-09-09 上海凭安企业信用征信有限公司 Privacy protection credit method based on virtual ID

Similar Documents

Publication Publication Date Title
US11908030B2 (en) Secure transaction system
USRE40444E1 (en) Four-party credit/debit payment protocol
US5850442A (en) Secure world wide electronic commerce over an open network
US7292999B2 (en) Online card present transaction
US6269348B1 (en) Tokenless biometric electronic debit and credit transactions
US6317729B1 (en) Method for certifying delivery of secure electronic transactions
US6816058B2 (en) Bio-metric smart card, bio-metric smart card reader and method of use
US20070198410A1 (en) Credit fraud prevention systems and methods
US20070170247A1 (en) Payment card authentication system and method
WO2001043084A2 (en) Method of masking the identity of a purchaser during a credit transaction
JP2005063077A (en) Method and device for personal authentication and connector
WO2002054341A1 (en) Commersign: systems and methods for secure electronic business transactions
US20020073315A1 (en) Placing a cryptogram on the magnetic stripe of a personal transaction card
Pilioura Electronic payment systems on open computer networks: a survey
Doggett Electronic checks-a detailed preview
Stirland Smartcards in secure electronic commerce

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP