[go: up one dir, main page]

AU2000240683B2 - Apparatus and method for assuring the integrity of a multi-user personal information database - Google Patents

Apparatus and method for assuring the integrity of a multi-user personal information database Download PDF

Info

Publication number
AU2000240683B2
AU2000240683B2 AU2000240683A AU2000240683A AU2000240683B2 AU 2000240683 B2 AU2000240683 B2 AU 2000240683B2 AU 2000240683 A AU2000240683 A AU 2000240683A AU 2000240683 A AU2000240683 A AU 2000240683A AU 2000240683 B2 AU2000240683 B2 AU 2000240683B2
Authority
AU
Australia
Prior art keywords
user
physiological
data set
subject
identifiers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU2000240683A
Other versions
AU2000240683A1 (en
AU2000240683A2 (en
Inventor
Eileen C. Shapiro
Bruce D. Sunstein
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GOLD STANDARD Tech LLC
Original Assignee
GOLD STANDARD Tech LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GOLD STANDARD Tech LLC filed Critical GOLD STANDARD Tech LLC
Publication of AU2000240683A1 publication Critical patent/AU2000240683A1/en
Publication of AU2000240683A2 publication Critical patent/AU2000240683A2/en
Assigned to SUNCREST LLC reassignment SUNCREST LLC Request for Assignment Assignors: SHAPIRO, EILEEN, SUNSTEIN, Bruce
Application granted granted Critical
Publication of AU2000240683B2 publication Critical patent/AU2000240683B2/en
Assigned to GOLD STANDARD TECHNOLOGY LLC reassignment GOLD STANDARD TECHNOLOGY LLC Request to Amend Deed and Register Assignors: SUNCREST LLC
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)

Description

WO 01/75561 PCT/U S00/08876 APPARATUS AND METHOD FOR ASSURING THE INTEGRITY OF A MULTI-USER PERSONAL INFORM ATION DATABASE Technical Field The present invention relates to personal information and medical databases, and particularly to databases used in connection with financial transactions and medical emergencies.
Background Art With the rise of digital communications for a wide range of applications, it is now a commonplace for important financial transactions, and even everyday transactions, to occur over networks of all kinds, including local area networks (LANs and intranets), wide area networks (WANs and extranets), and the Internet. Formerly these transactions were in many cases conducted in person or over the telephone under circumstances where it was often relatively easy for each person to be assured that the other party is actually the person who the party purports to be namely, to be assured that the party is authentic.
Moreover, such transactions commonly occurred under conditions where the universe of potential partes was relatively limited. Authenticity could under those circumstances often be determined by visual inspection (when the transaction is in person) or by personal recognition of a voice (when the transaction is over the telephone).
When the transactions are conducted over a network, identifying information associated with in-person or telephone-based transactions is far more difficult to obtain. Moreover, the universe of potential parties to such transactions is significantly expanded. These circumstances provide an opportunity for individuals to misappropriate in whole or in part the identity of another person for personal gain or other improper purposes. A partial misappropriation of identity occurs in the case of credit card fraud. In addition there are increasing instances of wholesale identity theft, where the perpetrator assumes the identity of another for a continuing series of fraudulent transactions.
Indeed, even in-person and telephone-based transactions provide opportunities IND- 2 Sfor identity theft.
SIn addition, the ubiquitous nature of the Internet
O
O has had an effect on information, essentially personal in Snature, which has formerly inhabited the domain of private individuals and their immediate communities, and made that information available to the public; the Internet allows 00 much private information to be transformed into public
\O
Iinformation. Associated with this loss of privacy is in Sgeneral a greater risk of identity theft.
Central credit card registries exist to provide Scredit card owners with a single point of reference for registering credit card numbers and, optionally, providing selected other services for dealing with lost or stolen credit cards notifying credit card issuers of the theft). However, a credit card registry may itself be used by an unscrupulous individual to perpetrate an identity theft, whereby, for example, a fraudulent change of address may be given to multiple credit card issuers via a credit card registry.
Smart cards typically include data pertaining to the card holder, but in many instances, smart cards will not protect against identity theft; indeed, even with enhanced security, it may be assumed that smart thieves will or could find ways to steal smart cards and that the information stored on these cards may also be stolen.
In another context, authentication-related issues may be important when a person may have critical information to impart but is unexpectedly impaired (for example by reason of an accident or a stroke while travelling alone, etc). The impaired person, for example, may have certain strictures governing medical treatment (for example, allergy to penicillin) or important preferences as to the scope of medical treatment to be rendered under lifethreatening conditions and as to persons to be involved in deciding about such treatment.
Summary of the Invention H:\melindaf\keep\speci 's\2000240683.doc 5/10/06 ID 3 O The invention provides a method of administering Sregistration of personal information in a data base in a O manner tending to assure integrity of the personal information therein, the method comprising: a. obtaining, from each user with respect to whom Sdata is to be placed in the data base, personal 00 IND information of such user, the content of such personal information initially established by such user in an enrollment phase.
b. also obtaining, from each such user, a first set of physiological identifiers associated with such user, the first set of physiological identifiers initially provided by such user in the enrollment phase; c. storing, in a digital storage medium, a data set pertinent to such user, the data set including such user's personal information and a representation of the physiological identifiers associated with such user; and d. permitting a subject claiming to be a specified user to modify the specified user's personal information in the stored data set pertinent to such user only if (i) the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specified user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification.
What this aspect of the invention may achieve in some aspects is a circumstance wherein individual identity may be established by a user in a proprietary database and wherein that identity is safeguarded. In this manner the H:\melindaf\keep\Speci a\2000240683.doc 5/10/06 D 3a user is put in control of the content relating to his Sidentity, but parameters relevant to that identity may be O changed only under conditions wherein the risk of identity Stheft is reduced.
In a further embodiment, the method includes obtaining a user's medical information from the user, and 00 the data set includes the user's medical information.
\O
Definitions: As used in this description and the Saccompanying claims, the following terms shall have the meanings indicated, unless the context otherwise requires: S(i) A user's "personal information" includes any alphanumeric identifier of a particular natural person used or issued by a governmental authority or a merchant in connection with the user, such as a credit card number of the user, the user's passport number, the user's social security number, the user's tax identification number, driver's licence number, checking account numbers, etc., together with the identity of the governmental authority, banking or financial institution in each case; the user's name; and contact information pertinent to the user. Optionally, "personal information" may include any or all of the following: any variant of the user's name used by H:\melindaf\keep\Specil\2000240683.doc 5/10/06 WO 01/75561 PCT/US00/08876 such governmental authority or merchant and (ii) the particular contact information used by such governmental authority or merchant for communicating with the user.
(ii) A "merchant" includes any banking or financial institution or any person or entity (including a retail establishment, hospital, or educational institution) providing services or goods for monetary consideration.
(iii) "Contact information" pertinent to a natural person includes information pertinent to communicating with the person, such as the person's home or business address or telephone number or E-Mail address.
(iv) A user's "medical information" includes the name of a natural person, in a caring relation to the user, whom the user wishes to be notified in the event of the user's illness, injury, or death and contact information pertinent to the caring natural person. Optionally, "medical information" may include any or all of the following: medical treatment information, including medical conditions (such as allergy to penicillin) and religious requirements (for example barring blood transfusions), important to treating the user under emergency circumstances; (ii) information concerning participation by the user in any organ donor program; (iii) health proxy and living will information, concerning scope of medical treatment desired by the user under severe medical circumstances; (iv) the name of any person holding a health proxy of the user and contact information pertinent to such person; and health provider and health insurance information pertinent to the user.
A "physiological identifier associated with a user" is physiological feature of the user, capable of uniquely identifying the user, such as, for example, the appearance of the user's face, a fingerprint of the user, the configuration of an iris in an eye of the user, the user's voice or speech (that is, characteristics of utterances of the user), a sample of the user's DNA, or the sequence of a relevant portion of such a DNA sample.
(vi) A "representation" of a physiological identifier is an abstraction, capable of being stored in a digital storage medium, of the physiological identifier, that retains characteristics of the identifier to a degree sufficient to WO 01/75561 PCT/USOO/08876 permit reasonably reliable discrimination between the user and another natural person. The abstraction may, for example, be a digitized photograph of the user's face, and the photograph may be manually or automatically compared with the face of a subject purporting to be the user.
(vii) The term "set" is used in the mathematical sense, and a "set" is not empty; that is, a "set" has at least one member.
(viii) A "multiplicity" of terminals means at least three terminals.
(ix) A "physiological identifier transducer" includes any device (such as a fingerprint reader or a voice terminal/analyzer) that transforms physical information, derived from a physiological feature of a human subject that is capable of uniquely identifying the subject, into computer-readable data useful for identifying the subject.
An account that "authorizes the transfer of funds" is one such as a checking account, a debit card account, or a credit card account.
(xi) An account that is "based on the extension of credit to the account holder" includes a wide variety of account relationships, including those based on the furnishing of goods or services wherein the cost of the goods or services is billed to the recipient or to a third party after the account is opened. Examples include health care services billed to an insurer, stock brokerage margin accounts, etc.
In a series of further and important embodiments, the first set of physiological identifiers may include a plurality of members. In this way, the level of reliability in determination of authenticity may be selected in accordance with requirements of existing circumstances. For example, embodiments of the invention include methods and systems wherein the first set of identifiers includes at least one member selected from the group consisting of a fingerprint of the user and the configuration of an iris in an eye of the user and at least one member selected from the group consisting of characteristics of utterances of the user and the appearance of the user's face. These two groups offer differing levels of reliability- fingerprints and iris configuration offering potentially greater reliability than characteristics of utterances of the user and the WO 01/75561 PCT/US00/08876 appearance of the user's face, since both utterances and facial appearance can be disguised. On the other hand, it may be more convenient to utilize characteristics of utterances or facial appearance for authentication. In circumstances where such convenience outweighs the risks associated with the reduced level of reliability, these forms of authentication may be used, even though more reliable forms of authentication might be required, for example, for user modification of data in the user's data set.
A related embodiment of a system in accordance with the present invention provides a multiplicity of remotely distributed terminals in communication with the data base, and each terminal includes a physiological identifier transducer and a communication link to a merchant. (The communication link may be as simple as a telephone connection, or it may be a data network directly to the merchant or indirectly over a path that includes the data base, or it may be over the Internet.) In this fashion, a user may, for example, enter into a transaction with the merchant over the Internet or over the telephone, and then physically go to a location near the user where a terminal is located, and use the terminal to authenticate the transaction. Or the transaction may be entered into at the terminal at substantially the same time as it is authenticated. Transactions wherein this system may be used include, for example, those over a desired threshold amount. This system therefore includes a multi-user personal information data base, a multiplicity of remotely distributed terminals in communication with the data base and having a communication link with a merchant, and an authenticity checker which determines whether there is a sufficient match between the output of a physiological identifier transducer attributable to a subject purporting to be a user and a physiological identifier in the first. The data base includes, for each user, a data set pertinent to such user, and the data set including such user's personal information obtained from the user and a representation of a first set of physiological identifiers associated with the user.
In a further embodiment of methods and systems in accordance with the present invention, a subject is permitted to modify information in the stored 7data set only if the subject provides the new set of physiotogical identifiers under a condition permitting verification, independent of the physiological identifiers.
that the new set is being provided by the person purporting to provide them.
Such a condition may include the physical presence of the subject when providing the new set. Alternatively, or in addition, the condition may include having the subject provide the new set when prompted to do so or having the subject provide a non-physiological identifier. The non-physiological identifier may be selected from the group consisting of a password and a pass card.
Alternatively, the non-physiological identifier is provided in the course of a session, over a computer network, employing a user's public and private keys.
Another aspect of the invention provides a method for authenticating a user transaction, the method comprising: obtaining a test set of physiological identifiers from a subject purporting to be a specific user; accessing information in a first data set pertinent to the specific user stored in a database, the database containing information provided by multiple users in a separate data set for each -user, each data set of a specific user including personal information, of the specific user, that has been established by the specific user, and (ii) a representation of a first set of physiological identifiers, associated with the specific user, that has been provided by the specific user, the database being maintained under conditions wherein modification by a subject of information in a stored data set pertinent to the specific user is permitted only if the subject provides a net set of physiological identifiers, and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is .authenticated as the specific user; and determining if there is a sufficient match between at least one member in the test set and a H:\mbourke\Kllp\Speci\2000240683 SPECI.dc 7/11/02 7a corresponding physiological identifer represented in the data set.
1n a further related embodiment, the database is accessible via a server at a first location; obtaining the test of physiological identifiers is performed at a second location remote from the first location; and determining if there is a sufficient match includes communicating with the server from the second location over a network. The network may, for example, be a global communication network, such as the Internet. Optionally, obtaining the test set of physiological identifiers is performed under supervision of a merchant. As an additional option, determining if there is a sufficient match may be performed without revealing content of the first data set to the merchant. Indeed, the entire data base may be maintained in a manner that it is confidential to the merchant.
In further related embodiments, the transaction is a change of address for an account. In another embodiment, the transaction is an application to open an account. In either of these embodiments, the account may be one that authorizes the transfer of funds. Alternatively, or in addition, the account may be based on H;\nbbourke\Kee\Sp ei\2000240683 SPECI.doc 7/11/02 8 the extension of credit to the account holder.
In another further related embodiment, the transaction is an application to a government agency for one of a license and a renewal of a license. The license may be, for example, a driver's license or a passport, or a professional license. Alternatively, the transaction is an application to a government agency for one of an identification token and a renewal of an identification token. The identification token, for example, may be an identification card or a social security number.
The invention provides a digital storage medium on which has been recorded a multi-user personal information database, the database comprising, for each specific user, a data set pertinent to the specific user, the data set including: the specific user's personal information obtained from the specific user; a representation of a first set of physiological identifiers associated with the specific user; and the specific user's emergency information obtained from the specific user; the storage medium being maintained under conditions wherein modification by a subject of information in a stored data set pertinent to the specific user is permitted only if the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specific user.
The invention still further provides a system for updating a personal information database containing a data set for each one of multiple users, each data set including a user's personal information and a representation of a first set of physiological identifiers associated with the user, the system comprising: H:\mbourkeNKeep\Speci\2000240683 SPECI.doc 7/11/02 9 a physiological identifier transducer having an output representing a physiological identifier associated with a subject; a user access authorisation module, coupled to the physiological identifier transducer, the database, for determining whether the output of the physiological identifier transducer sufficiently matches the representation of the first set of physiological identifiers, so that the subject is authenticated as the user; a user data set access module, coupled to the user access authorisation module and to the database, for accessing the user data set, in the event that the user access authorisation module has authenticated the subject as the user; and a user data set update module, coupled to the database and to a user input, permitting the user to update such user's corresponding data set in the database.
The invention still further provides a system for authenticating transactions, the system comprising: a multi-user personal information database, the database comprising, for each specific user, a data set pertinent to the specific user, the data set including: personal information, of the specific user, that has been established by the specific user; (ii) a representation of a first set of physiological identifiers, associated with the specific user, that has been provided by the specific user; the database being maintained under conditions wherein H:\mbourke\Keep\Speci\2000240683 SPECI.doc 7/11/02 9a modification by a subject of information in a stored data set pertinent to the specific user is permitted only if the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specific user; a multiplicity of remotely distributed terminals in communication with the database, each terminal including a physiological indentifier transducer and a communication link with a merchant; and an authenticity checker, which determines whether there is a sufficient match between the output of a physiological identifier transducer attributable to a subject purporting to be a user and a physiological identifier in the first set.
The invention still further provides a method of administering registration of personal information in a database in a manner tending to assure integrity of data therein, the database being of a type wherein a stored data set is established for each user and there has been obtained from each user with respect to such data a first set of physiological identifiers associated with such user and included in the data set, the method comprising: obtaining from a subject seeking to modify information in the stored data set pertinent to such user a new set of physiological identifiers; and permitting the subject to modify information in the stored data set only if it is determined by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as such user.
H;\nbourka\Keep\Speci\200O240683 SPECIdoc 7111102 9b The invention still further provides a method for authenticating a user transaction using a database of a type wherein a stored data set is established for each potential user and there has been obtained from each personal user with respect to such data a first set of physiological identifiers associated with such potential user and included in the data set, the method comprising: administering the database in a manner such that personal information in a stored data set pertinent to an individual may not be modified by a person purporting t be the individual unless there has been obtained a sufficient match between at least one physiological identifier in the stored data set and a new physiological identifier obtained from the person; obtaining a test set of physiological identifiers from a subject purporting to be a specific user; accessing information in the'data set pertinent to the specific user in the database; and determining if there is a sufficient match between at least one member in the test set and a corresponding physiological identifier represented in the data set.
Brief Descrition of the Drawings The foregoing features of the invention will be more readily understood by reference to the following detailed description, taken with reference to the accompanying drawings, in which: Fig. 1 is a block diagram of a preferred embodiment of a method in accordance with the present invention; Fig. 2 is a block diagram of an embodiment of the invention employed for authentication of a transaction; Fig. 3 is illustrates in schematic form a structure for a database in accordance with an embodiment of the present invention; H:\mbourke\Keep\Speci\2000240683 SPECI.doc 7/11/02 9C Fig. 4 is a block diagram of an embodiment of the present invention providing a system for updating a personal information database containing a data set for each one of multiple users; Fig. 5 is a block diagram illustratizng operation of the user access authorization module 43 of Fig. 4; Fig. 6 is'a block diagram of an embodiment of a system in accordance with the present invention providing a multiplicity of remotely distributed terminals in communication with a multi-usaz personal information data base.
i0 Detailed Description of Specific Embodiments In an important embodiment, the present invention provides for multiple users a central registration of information that is of critical importance to the user, and such information includes what we have defined above as "personal information" and "medical information" of the user. In this embodiment, the information content is established and modifiable only by the user (or, optionally, by a parent or guardian). Furthermore, the information is subject to authentication on the basis of one or more physiological identifiers of the user.
Also, in this embodiment, information pertinent to the user is made available only on a selected basis to authorized parties and in accordance the appropriate H1ULbourke\KeepNSpci\2000240683 SPEC .doc 7/11102 WO 01/75561 PCT/USOO/08876 context. Finally, the registration system in accordance with this embodiment may be managed in cooperation with law enforcement agencies to deter fraudulent use by providing physiological identifiers in the form, for example, of photographs and fingerprints, when probable cause has been established for disclosure to law enforcement agencies, as evidenced by the issuance of a search warrant.
An information registry that is consistently managed in accordance with the embodiment described in the previous paragraph may be expected to become a trusted source of the information which it stores. updated contact information.
We have referred above to a "physiological identifier associated with a user" as a physiological characteristic of the user, capable of uniquely identifying the user. We gave as examples, the appearance of the user's face, a fingerprint of the user, the configuration of an iris in an eye of the user, characteristics of the user's voice or speech characteristics of utterances of the user), a sample of the user's DNA, or the sequence of a relevant portion of such a DNA sample.
Further information about the technology associated with the use of physiological identifiers of this nature in a computing environment appears in an article by G. Gunnerson, "Are you ready for Biometrics?", 18 PC Magazine, No.
4, 160-178 (February 23, 1999). This article, which is incorporated herein by reference in its entirety, discloses commercially available products to protect against unauthorized computer system access by utilization of a physiological identifier such as fingerprint, facial appearance, and characteristics of one's voice and speech, sometimes in tandem with a non-physiological identifier such as a smart card or a password. See also the content, which is hereby incorporated herein by reference in its entirety, of the following web sites: www.biometrics.org (The Biometric Consortium), www.emory.edu/BUSINESS/et/biometric/ (biometric technology explained at Emory University site), http:/ /webusers.anet-sl.com/~-wrogers /biometrics/ (The Biometric Digest).
In Fig. 1 is shown a block diagram of a preferred embodiment of a WO 01/75561 PCT/US00/08876 method in accordance with the present invention. This embodiment includes two phases, an enrollment phase 111 and a modification phase 112. In the enrollment phase, personal information is obtained from the user in box 11.
Optionally medical information is also obtained from the user. Next in box 12 there is obtained a first set of physiological identifiers associated with the user.
In box 13 the user data set, which includes the user's personal information (and optionally medical information obtained from the user) and a representation of the physiological identifiers associated with the user, is stored in the database.
In the modification phase 112, a subject is permitted to modify data in the user's data set if it is determined that the subject is the user. In box 14, there is received a new set of physiological identifiers from the subject. In box 15, there is conducted a test to determine whether there is a sufficient match between the new set of physiological identifiers and the first set of physiological identifiers obtained in box 12. If the match is not sufficient, then in box 17 it is prohibited to modify the data set. Alternatively, if the match is sufficient, then, in box 16, the subject (who is authenticated as the user) is permitted to modify the data set.
Once the enrollment phase 111 is complete, so that a first set of physiological identifiers has been obtained from the user, it is possible to use the enrolled information to authenticate a transaction in a manner generally analogous to the modification phase 112 discussed above in connection with Fig.
1. Fig. 2 thus presents a block diagram of an embodiment of the invention employed for authentication of a transaction in a manner analogous to the modification phase 112 of Fig. 1. Thus in box 24 there is received a test set of physiological identifiers from the subject. In box 25, there is conducted a test to determine whether there is a sufficient match between the test set of physiological identifiers and the first set of physiological identifiers obtained in box 12. It the match is not sufficient, then in box 27 it is prohibited to modify the data set. Alternatively, if the match is sufficient, then, in box 26, the subject (who is authenticated as the user) is permitted to modify the data set.
In Fig. 3 is illustrated in schematic form a structure for a database in accordance with an embodiment of the present invention. Row 311 illustrates a WO 01/75561 PCT/US00/08876 record for user I. A first portion 31 of the record is used to store user 1 personal information. Another portion 32 of the record is used to store a set of physiological identifiers associated with user 1. Another portion 33 of the record is used to store emergency information pertinent to user 1. A similar structure is employed for each other user, illustrated in row 341 for user n, so that a first portion 34 of the record stores user n personal information, a second portion stores user n set of physiological identifiers, and a third portion 36 stores user n emergency information. Although the structure of the database illustrated here provides a contiguous record for each user, it is within the scope of the present invention to provide a database where the information associated with a given user is stored in a manner that the information associated with a given user is not contiguous. For example, the information for a given user may be stored in various elements in various locations and accessed by an index that is common to all elements for any given user. A wide range of data structures may be implemented in accordance with procedures known in the art.
In Fig. 4 is shown a block diagram of an embodiment of the present invention providing a system for updating a personal information database 41 containing a data set for each one of multiple users. Each data set, as described in connection with Fig. 3, includes a user's personal information and a representation of a first set of physiological identifiers associated with the user.
The system of this embodiment includes a physiological identifier transducer 42 having an output representing a physiological identifier associated with a subject. A user access authorization module 43, triggered by user input 46, is coupled to the physiological identifier transducer 42 and also to the database 41.
This module obtains from the database 41 the representation of the first set of physiological identifiers associated with the user who the subject purports to be.
The representation data is compared with the output of the physiological identifier transducer 42 to determine whether there is a sufficient match between the first set of physiological identifiers and the physiological identifier data produced by the transducer 42. When the match is sufficient, the subject is authenticated as the user.
WO 01/75561 PCT/US00/08876 The output of the user access authorization module 43 is provided to the user data set access module 44. The user data set access module 44 is coupled to the user access authorization module 43 and to the database 41. In the event that the user access authorization module 43 has authenticated the subject as the user, the user data set access module 44 accesses the user data set in the database 41.
The user data set update module 45 is coupled to the user data set access module 44, as well as to the database 41 and to the user input 46; the user data set update module 45 then permits the user to update such user's corresponding data set in the database.
Fig. 5 illustrates operation of the user access authorization module 43 of Fig. 4. This module in fact includes three components. The first component is the physiological identifier data set fetch 51. This component obtains representation data from the database 41 pertaining to the first set of physiological identifiers associated with in the user who the subject purports to be. The component 51 passes the data fetched to the physiological identifier data set comparator 52, which compares the fetched data with the data from the physiological identifier transducer 42. The authorization processor 53 takes the output of the comparator 52 and provides an authorization signal to the user data set access module 44 in the event of a sufficient match found by the comparator 52.
Fig. 6 is a block diagram of an embodiment of a system in accordance with the present invention providing a multiplicity of remotely distributed terminals in communication with a multi-user personal information data base.
The multi-user database, item 61, is a database of the general type described above in connection with Figs. 1 through 4. The database includes a data set pertinent to each user. Each data set includes a first set of physiological identifiers associated with the user. Each data set also includes such user's personal information obtained from the user, and optionally such user's medical information. A multiplicity of remotely distributed terminals, shown here as items 66, 67, and 68, are in conmmLunication withl the database 61 over one or more networks. For example, the terminals 66-68 may be in communication with the database 61 over the Internet. Each of these terminals may include similar WO 01/75561 PCT/US00/08876 components, and for convenience we discuss the components of terminal 66. The terminal of this embodiment includes a fingerprint reader 62 and a voice terminal/analyzer 63. Each of the items 62 and 63 is, more broadly stated, a physiological identifier transducer, namely a device that transforms physical information, derived from a physiological feature of a human subject that is capable of uniquely identifying the subject, into computer-readable data useful for identifying the subject. (Alternatively or additionally, the physiological identifer transducer may be employed). Thus a user may utilize the fingerprint reader 62 and the voice terminal/analyzer 63 to provide a set of physiological identifiers that are represented and stored as part of such user's data set in the general manner described above in connection with Fig. 1.
Alternatively, or in addition, the user may wish to authenticate a transaction being made with a merchant. In this connection, the user may utilize either the fingerprint reader 62 or the voice terminal/analyzer 63, or both of them, from which may be derived a test set of physiological identifiers in a manner described previously in connection with Fig. 2. The authenticity checker is then used to retrieve physiological identifier data stored as part of the user's data set in the database 61 and then to determine whether data from the test set of physiological identifiers sufficiently matches the corresponding retrieved data. The results of the match determination are then communicated with the merchant using the communication link 64.
Although the authenticity checker 65 is shown in Fig. 6 as part of the terminal 66, it may in fact be located remotely from the terminal over a suitable network, and may be conveniently located at the same network node, for example, as the database 61. In such a case, the physiological identifier transducer data from the fingerprint reader 62 and the voice terminal/analyzer 63 may be transmitted over the network to the remotely located authenticity checker for determination of the sufficiency of the match with the corresponding retrieved data. Similarly, the conmunication link 64 may optionally run from a location other than the terminal to the merchant; for example, where the checker is physically adjacent to the database 61, the link 64 may run from the checker to WO 01/75561 PCT/US00/08876 the merchant. In a simple embodiment, the authenticity checker 65 is part of the terminal 66 and includes a display for readout by a human operator; and the link 64 is a manually operable telephone providing a dial-up telephone connection to the merchant. In this manner, a human operator may supervise operation of the physiological identifier transducers, and may telephone the merchant with the results of the authenticity checker. Alternatively, or in addition, the communication link 64 may be over a network, including over the Internet, and the results of the authenticity checker 65 may be automatically sent to the merchant.
It is within the scope of embodiments of the present invention to provide in the manner described in connection with Fig. 6 a very large number of terminals dispersed over a geographically large region embracing one or more political subdivisions, countries, and even continents. The terminals may be located in pre-existing facilities of existing enterprises, such as banks, travel agencies, or insurance agencies. In this manner an individual may effectuate enrollment in accordance with Fig. 1 and later authenticate a transaction in the manner of Fig. 2 merely by going to a local terminal, with the result of the later authentication session being transmitted to the merchant via the communication link. As an alternative to using a terminal for authentication alone, it is equally possible to use a terminal to enter into the transaction simultaneously with the authentication process.
In Fig. 6, we have shown use, in connection with a single database 61, of two different types of physiological identifiers, fingerprint and utterance characteristics, one type of which (fingerprint) is more reliable than the other (utterance characteristics). On the other hand, the use of utterance for authentication may be accomplished over a telephone without the need for the user to go to a different physical location. It is within the scope of an embodiment of the present invention to store data pertaining to a plurality of physiological identifiers, and, with respect to a given transaction or circumstance, to select an identifier for authentication purposes that offers a desired trade-off between convenience and reliability. In other words, the use of WO 01/75561 PCT/US00/08876 a plurality of physiological identifiers permits adjustment of the reliability of the physiological identifier (by selecting the appropriate type of identifier) to suit a desired level of reliability and therefore, for example, pricing. While Fig. 6 has illustrated fingerprint and utterance characteristics as the physiological identifiers utilized, other combinations may be utilized, for example, iris configuration and facial appearance.
The telephone may be used for providing an utterance for authentication in a manner previously described. In this context, although in Fig. 6 we have shown the physiological identifier transducer for utterances as a voice terminal/analyzer, in fact in related embodiments, the analyzer may be located remotely from the voice terminal. For example, the voice terminal may be as simple as a telephone in communication over a telephone line with a remotely located analyzer, and the analyzer may, for example, be physically adjacent to the database 61. In this manner may institute a telephone call to a central facility that includes the database 61, and the user's utterance may be analyzed with the resulting data run through an authenticity checker and the results provided to the merchant. In lieu of a telephone call to the central facility, the communication of the utterance may be over the Internet. Such an approach, while not as reliable as one that utilizes a human-monitored fingerprint reader, nevertheless provides a physiological identifier that lowers the risk of a fraudulent transaction. In other words, telephone authentication is well suited to circumstances where remote authentication is desired but physically distributed terminals of the type shown in Fig. 6 are not convenient.
An authentication system of the type described in various embodiments may be employed in a wide range of circumstances, including not only Ecommerce but also, for example, distance learning and examination taking. In distance learning, the authentication system can be used to confirm actual attendance by persons purporting to be enrolled, and in examination taking, to confirm the authenticity of persons taking examinations. Thus, a system of the present type may be employed in any situation where a person is not physically present or is incapacitated, so normal in-person authentication is not possible or WO 01/75561 PCT/US00/08876 is difficult, and another party needs information about the person for the conduct of some transaction or matter.
The use of the various embodiments described above can reduce the risk of identity theft, because a merchant, intending to rely on the implicit representation that a subject is the one who the subject purports to be, now has the benefit of a physiological identifier (as opposed to merely a password, etc., which may be stolen) confirming the subject's authenticity. Moreover, in a case where identity has already be stolen and a fraud perpetrated, a victim who has previously established a user data record in a multi-user personal information data base of the type described above may utilize the information in the user data record to reestablish identity with one or more merchants. Indeed, an imposter who seeks to steal the identity of a user having a data record that is registered in the multi-user database, under circumstances where a reliable physiological identifier is employed to authenticate a transaction, must risk giving a fingerprint, for example, to the organization managing the multi-user database. Because the imposter's fingerprint may then be accessed by law enforcement officials, for example, using normal warrant procedures, the chances of successful fraud are significantly reduced and a significant deterrent to fraud is also provided.
Another context in which systems of the present type are applicable in various embodiments is in connection with access to a user's medical information. Although access to a user's personal information (as defined above) is desirably restricted to merchants under controlled circumstances, access to at least some of a user's medical information (as defined above) (even when in the same database as the user's personal information) may be made more broadly available to health care providers when a user is physically incapacitated. In this context it is convenient for the user to carry a card or other token to indicate that the user has provided medical information to the applicable multi-user database and even to identify in some manner (for example, by record number or a suitable alphanumeric identifier) the particular data record applicable to the user's medical information. (Similarly, such an identifier may confirm to WO 01/75561 PCT/US00/08876 merchants that the user's personal information has been stored in the database, as well as to facilitate look up of data in the data base.) A health care provider may then use information about the user to access pertinent medical information of the user. In this fashion, for example, the health care provider can have information permitting persons in a caring relationship to the user to be notified, and health care providers may be informed of information affecting treatment of the user. Current information about the status of the user's regular health care provider and health insurance may also be provided in this manner.
In implementing various embodiments described above, it is desirable for the manager of the database to prompt the user on a periodic basis, for example yearly, for an update of the user's personal information and medical information. When updated information is received, the data set of the user can be modified when appropriate authentication, as described, for example, in connection with Fig. 1, has been obtained from the user. It is a feature of embodiments of the present invention that the user's data set cannot be modified, for example, by a credit reporting agency, but only by the user on proper authentication. Given the inherent reliability of a database administered in this manner, it is within the scope of embodiments of the present invention to permit the database administrator on appropriate user authorization to provide change of address information, for example, to merchants.
Pursuant to a further embodiment of the present invention, the sponsor of a personal information data base of the type disclosed herein may provide a guarantee to a credit card issuer or other merchant that if the merchant first utilizes the sponsor's data base to authenticate the contact information or a change of address (offered by a purported user) before the merchant extends credit or effectuates a change of address, for example, then the liability of the merchant for a fraudulent transaction may be reduced or eliminated. In this way, the sponsor may provide a financial incentive to the merchant and justify charging the merchant for the opportunity to utilize the database.
It should be noted that various embodiments of the present invention do not require providing the merchant directly with personal data in the data base.
18-- W0 01175561 WO 0175561PCT U SOIIE74 Instead, for example, when a transaction is being authenticated, the merchant need provide the data base sponsor only with a user's physiological identiiier(s) (or a representation thereof) and a user's purported identity; the sponsor, upon checking the data base, can thereupon inform the merchant that, for the purported individual, there is a match between the physiological identifier(s) in the data base and the physiologgical identifier(s) obtained by the merchant. The match determination may be carried out Lnder control of the data base sponsor, or, alternatively, under control of the merchant.
An institution such as a bank, in cooperation with the sponsor of a data base admidnistered in accordance with various embodiments described above, may offer a service, to protect a user, in which a user requires authentication, via use of the data base, of any check written over a certain amount. Indeed, such an approach may be utilized in connection not only with respect to a check but also with respect to any mechanism (credit or debit card transaction, electronic wallet transaction, digital money transaction, etc.) by which funds may be transferred.
The user may require authercauon (via utilization of the data base) for any instance in which the funds to be transferred exceed a specified amount. In a related embodiment, the user may establish a list of exceptions to the authentication requirement, so that checks can be convenienty written to a spouse, etc.
For the purposes of this specification it will be clearly understood that the word "comprising" means "including but not limited to", and that the word "comprises" has a corresponding meaning.
19

Claims (38)

  1. 3. A method according to claim 1, wherein the first set includes a plurality of members.
  2. 4. A method according to claim 1, wherein the first set of physiological identifiers includes the appearance of such user's face. A method according to claim i, wherein the first set of physiological identifiers includes characteristics of utterances of such user.
  3. 6. A method according to claim 1, wherein the first set of physiological identifiers includes a fingerprint of such user. H:\melindaf\keep\Speci '\2000240683.doc 5/10/06 ND 22
  4. 7. A method according to claim i, wherein the first set of physiological identifiers includes the configuration of O O an iris in an eye of such user.
  5. 8. A method according to claim 1, wherein the first set Sincludes at least one member selected from the group 00 IND consisting of a fingerprint of such user and the configuration of an iris in an eye of such user and at least one member selected from the group consisting of characteristics of utterances of such user and the appearance of such user's face.
  6. 9. A method according to any of claims 1 or 2, wherein, pursuant to step the subject is permitted to modify the user's information in the stored data set only if the subject provides the new set of physiological identifiers under a condition permitting verification, independent of the physiological identifiers, that the new set is being provided by the person purporting to provide them. A method according tb claim 9, wherein the condition includes the physical presence of the subject when providing the new set.
  7. 11. A method according to claim 9, wherein the condition includes having the subject provide the new set when prompted to do so.
  8. 12. A method according to claim 9, wherein the condition includes having the subject provide a non-physiological identifier. H:\melindaf\keep\Speci' s\2000240683 .doc 5/10/06 ID -23-
  9. 13. A method according to claim 12, wherein the non- Sphysiological identifier is selected from the group O O consisting of a password and a pass card.
  10. 14. A method according to claim 12, wherein the non- Sphysiological identifier is provided in the course of a O0 session, over a computer network, employing a user's public and private keys.
  11. 15. A method according to claim i, further comprising: prompting each user, on a periodic basis, to update the user's personal information in the data set pertinent to such user.
  12. 16. A method according to claim 1, further comprising: obtaining a test set of physiological identifiers from a subject purporting to be a specific user; accessing information in the data set pertinent to the specific user; and determining if there is a sufficient match between at least one member in the test set and a corresponding physiological identifier represented in the data set.
  13. 17. A method for authenticating a user transaction, the method comprising: obtaining a test set of physiological identifiers from a subject purporting to be a specific user; accessing information in a first data set pertinent to the specific user stored in a registration data base, the data base containing information provided by multiple users in a separate data set for each user, each data set H:\melindaf\keep\Speci 's\2000240683.doc 5/10/06 D 24 of a specific user including personal information, of Sthe specific user, that has been established by the O O specific user, and (ii) a representation of a first set of V)physiological identifiers, associated with the specific user, that has been provided by the specific user, the Sdata base being maintained under conditions wherein 00 ND modification by a subject claiming to be a specific user of the specific user's personal information in a stored Sdata set pertinent to the specific user is permitted only if the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specific user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification; and determining if there is a sufficient match between at least one member in the test set and a corresponding physiological identifier represented in the data set.
  14. 18. A method according to claim 17, wherein: the database is accessible via a server at a first location; obtaining the test set of physiological identifiers is performed at a second location remote from the first location; determining if there is a sufficient match includes communicating with the server from the second location over a network.
  15. 19. A method according to claim 18, wherein: H:\melindaf\keep\speci s\2000240683.doc 5/10/06 ND 25 O obtaining the test set of physiological identifiers is performed under supervision of a merchant. O n 20. A method according to claim 19, wherein: determining if there is a sufficient match is M performed without revealing content of the first data set 00 O to the merchant.
  16. 21. A method according to any of claims 18, 19, or wherein the transaction is a change of address for an account.
  17. 22. A method according to any of claims 18, 19, or wherein the transaction is an application to open an account.
  18. 23. A method according to claim 21, wherein the account authorizes the transfer of funds.
  19. 24. A method according to claim 22, wherein the account authorizes the transfer of funds. A method according to claim 21, wherein the account is based on the extension of credit to the account holder.
  20. 26. A method according to claim 22, wherein the account is based on the extension of credit to the account holder.
  21. 27. A method according to claim 18, wherein the transaction is an application to a government agency for one of a license and a renewal of a license. H:\melindaf\keep\speci'\2000240683.doc 5110/06 ID 26-
  22. 28. A method according to claim 18, wherein the Stransaction is an application to a government agency for O O one of an identification token and a renewal of an Sidentification token. S29. A computer system comprising: 00 ND a digital storage medium on which has been recorded a multi-user personal information data base, the data base comprising, for each specific user, a data set pertinent to the specific user, the data set including: the specific user's personal information obtained from the specific user; a representation of a first set of physiological identifiers associated with the specific user; and the specific user's emergency information obtained from the specific user; and a computer process running in association with the storage medium to cause the storage medium to be maintained under conditions wherein modification by a subject claiming to be a specific user of such specific user's personal and emergency information in a stored data set pertinent to the specific user is permitted only if the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specific user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification. A system for updating a personal information database containing a data set for each one of multiple users, each H eindaf\keep\Speciae\2000240683.doc 5/10/06 ND 27 data set including a user's personal information and a Srepresentation of a first set of physiological identifiers O O associated with the user, the system comprising: f a. a physiological identifier transducer having an output representing a physiological identifier associated Swith a subject claiming to be a specified user; 00 ND b. a user access authorization module, coupled to the physiological identifier transducer and to the Sdatabase, for determining whether the output of the physiological identifier transducer sufficiently matches the representation of the first set of physiological identifiers, so that the subject is authenticated as the specified user; c. a user data set access module, coupled to the user access authorization module and to the database, for accessing the user data set pertinent to the specified user, in the event that the user access authorization module has authenticated the subject as the specified user; and d. a user data set update module, coupled to the database, to the user data set access module, and to a user input, permitting the subject to update the specified user's personal information in the corresponding data set in the database in the event that the user data set access module has provided access to the user data set, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification.
  23. 31. A system for authenticating transactions, the system comprising: H:\meJ indaf\keep\Speci's\2000240683.doc 5/10/06 ID 28- O a. a multi-user personal information data base, the Sdata base comprising, for each specific user, a data set O O pertinent to the specific user, the data set including: personal information, of the specific user, that has been established by the specific user; M (ii) a representation of a first set of physiological 00 IND identifiers, associated with the specific user, that has been provided by the specific user; the data base being maintained under conditions wherein modification by a subject claiming to be a specific user of the specific user's personal information in a stored data set pertinent to the specificuser is permitted only if the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specific user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification; b. a multiplicity of remotely distributed terminals in communication with the data base, each terminal including a physiological identifier transducer and a communication link with a merchant; and c. an authenticity checker, which determines whether there is a sufficient match between the output of a physiological identifier transducer attributable to a subject purporting to be a user and a physiological identifier in the first set.
  24. 32. A system according to claim 28, wherein the first set includes a plurality of members. H :\melindaf\keep\speci' \200240683 .doc 5/10/06 D 29
  25. 33. A system according to claim 28, wherein the first set O O includes at least one member selected from the group V) consisting of a fingerprint of the user and the configuration of an iris in an eye of the user and at Sleast one member selected from the group consisting of 00 ND characteristics of utterances of the user and the appearance of the user's face. O 10 34. A method according to claim i, wherein obtaining personal information of such user includes obtaining data pertaining to one or more merchants. A method according to claim i, wherein any financial information that may be in the data set is not limited to that of a particular banking or financial institution.
  26. 36. A method of administering personal information in a data base in a manner tending to assure integrity of data therein, the data base being of a type wherein a stored data set is established for each user and there has been obtained from each user with respect to such data a first set of physiological identifiers associated with such user and included in the data set, the method comprising: a. obtaining from a subject seeking to modify information in the stored data set pertinent to such user a new set of physiological identifiers, and b. permitting the subject to modify such user's personal information in the stored data set only if it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as such user, so that H:\melindaf \keep\Speci' s\2000240683.doc 5/10/06 ND 30 O there is established a repository of personal information Susing physiological identifiers to protect against O O unauthorized modification.
  27. 37. A method according to claim 36, wherein any financial Sinformation that may be in the stored data set is not 00 ND limited to that of a particular banking or financial institution.
  28. 38. A method according to claim 36, wherein obtaining the new set of physiological identifiers and permitting the subject to modify the information in the stored data set are performed in a facility established for that purpose.
  29. 39. A method for authenticating a user transaction using a data base of a type wherein a stored data set is established for each potential user and there has been obtained from each potential user with respect to such data a first set of physiological identifiers associated with such potential user and included in the data set, the method comprising: administering the data base in a manner such that personal information in a stored data set pertinent to an individual may not be modified by a person purporting to be the individual unless there has been obtained a sufficient match between at least one physiological identifier in the stored data set and a new physiological identifier obtained from the person, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification; obtaining a test set of physiological identifiers from a subject purporting to be a specific user; H:\melindaf\keep\speci'8\2000240683doc 5/10/06 ID -31 accessing information in the data set pertinent to Sthe specific user in the data base; and O O determining if there is a sufficient match between at Sleast one member in the test set and a corresponding physiological identifier represented in the data set. 00 00
  30. 40. A method according to claim 39, wherein any financial IND information that may be in the stored data set is not limited to that of a particular banking or financial institution.
  31. 41. A method according to any of claims 1, 17, 36 or 39, further comprising: retaining a representation of at least one of the new set of physiological identifiers, if there is an insufficient match.
  32. 42. A method according to claim 41, further comprising: providing access to the retained representation of the at least one of the new set of physiological identifiers by a law enforcement official.
  33. 43. A method according to any of claims 1 or 36, further comprising: permitting a third party of a specified kind to view but not modify the user's personal information in the stored data set without requiring such third party to provide a physiological identifier that sufficiently matches a corresponding member of the first set of physiological identifiers stored in the data set.
  34. 44. A method according to claim 43, wherein the specified kind is a merchant. H:\nle indaf\keep\gpeci' \200024o683.doc 5/10/06 ID -32 A method according to claim 2, further comprising: 0 O permitting a third party of a specified kind to view Sbut not modify the user's medical information in the stored data set without requiring such third party to M provide a physiological identifier that sufficiently 00 00 matches a corresponding member of the first set of IND physiological identifiers stored in the data set.
  35. 46. A method according to claim 45, wherein the specified kind is a health care provider.
  36. 47. A method according to any of claims 1 or 2, further comprising: providing, to each user, a token indicating that the user has provided information to the data base.
  37. 48. A method according to claim 47, wherein the token comprises a card.
  38. 49. A method according to claim 47, wherein the token includes an identifier that, when presented to the data base by a third party, enables such third party to access but not modify the user's information in the data base. A method according to claim 49, wherein the identifier comprises: a record number identifying the data set pertinent to such user. H:\n indaf\keep\speci'g\200024683.doc 5/10/06
AU2000240683A 2000-04-04 2000-04-04 Apparatus and method for assuring the integrity of a multi-user personal information database Ceased AU2000240683B2 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2000/008876 WO2001075561A1 (en) 2000-04-04 2000-04-04 Apparatus and method for assuring the integrity of a multi-user personal information database

Publications (3)

Publication Number Publication Date
AU2000240683A1 AU2000240683A1 (en) 2002-01-03
AU2000240683A2 AU2000240683A2 (en) 2003-03-13
AU2000240683B2 true AU2000240683B2 (en) 2006-10-26

Family

ID=21741234

Family Applications (2)

Application Number Title Priority Date Filing Date
AU4068300A Pending AU4068300A (en) 2000-04-04 2000-04-04 Apparatus and method for assuring the integrity of a multi-user personal information database
AU2000240683A Ceased AU2000240683B2 (en) 2000-04-04 2000-04-04 Apparatus and method for assuring the integrity of a multi-user personal information database

Family Applications Before (1)

Application Number Title Priority Date Filing Date
AU4068300A Pending AU4068300A (en) 2000-04-04 2000-04-04 Apparatus and method for assuring the integrity of a multi-user personal information database

Country Status (5)

Country Link
EP (1) EP1410127A1 (en)
AU (2) AU4068300A (en)
CA (1) CA2408181C (en)
GB (1) GB0225646D0 (en)
WO (1) WO2001075561A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109658562A (en) * 2018-12-10 2019-04-19 东浓智能科技(上海)有限公司 A kind of entrance guard controlling method and system responded rapidly to

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB8525161D0 (en) * 1985-10-11 1985-11-13 Blackwell V C Personalised identification device
US4993068A (en) * 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system
US5613012A (en) * 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions
US5953419A (en) * 1996-05-06 1999-09-14 Symantec Corporation Cryptographic file labeling system for supporting secured access by multiple users
AU5206499A (en) * 1998-06-27 2000-01-17 Lci/Smartpen, N.V. Apparatus and method for end-to-end authentication using biometric data

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system

Also Published As

Publication number Publication date
EP1410127A1 (en) 2004-04-21
CA2408181C (en) 2010-06-29
CA2408181A1 (en) 2001-10-11
WO2001075561A1 (en) 2001-10-11
GB0225646D0 (en) 2002-12-11
AU4068300A (en) 2001-10-15

Similar Documents

Publication Publication Date Title
US6985887B1 (en) Apparatus and method for authenticated multi-user personal information database
US20120131657A1 (en) Apparatus and Method for Authenticated Multi-User Personal Information Database
Alterman ``A piece of yourself'': Ethical issues in biometric identification
US7240363B1 (en) System and method for thwarting identity theft and other identity misrepresentations
US8738921B2 (en) System and method for authenticating a person's identity using a trusted entity
US10375065B1 (en) System and method for tokenless biometric authorization of electronic communications
US5457747A (en) Anti-fraud verification system using a data card
US5988497A (en) Method for authenticating credit transactions to prevent fraudulent charges
US6044349A (en) Secure and convenient information storage and retrieval method and apparatus
US7761384B2 (en) Strategy-driven methodology for reducing identity theft
US9262876B2 (en) Method for controlling fraud and enhancing security and privacy by using personal hybrid card
US20120109829A1 (en) Method and system for processing transactions using a token
US20020095389A1 (en) Method, apparatus and system for identity authentication
MXPA01007717A (en) Tokenless biometric electronic debit and credit transactions.
JP6703724B2 (en) Financial transactions, security and management methods with biometric characteristic combination identification system
US20110145147A1 (en) System and method for authorizing transactions
US20140244510A1 (en) Privacy protection system and method
AU2000240683B2 (en) Apparatus and method for assuring the integrity of a multi-user personal information database
US20160048839A1 (en) System and method for exclusion-based imposter screening
JPH11167553A (en) Personal confirmation system for on-line system
Clarke Authentication: A sufficiently rich model to enable e-business
AU2000240683A1 (en) Apparatus and method for assuring the integrity of a multi-user personal information database
AU2000240683A2 (en) Apparatus and method for assuring the integrity of a multi-user personal information database
US20070271221A1 (en) Securing social security numbers with pins
Coats The practitioner's guide to biometrics

Legal Events

Date Code Title Description
DA3 Amendments made section 104

Free format text: THE NATURE OF THE AMENDMENT IS AS SHOWN IN THE STATEMENT(S) FILED 12 NOV 2002

PC1 Assignment before grant (sect. 113)

Owner name: SUNCREST LLC

Free format text: FORMER APPLICANT(S): SUNSTEIN, BRUCE; SHAPIRO, EILEEN

FGA Letters patent sealed or granted (standard patent)
MK14 Patent ceased section 143(a) (annual fees not paid) or expired