CN101730907A - Point-of-sale transaction device with magnetic stripe emulator and biometric authentication - Google Patents

Abstract

A handheld unit capable of emulating multiple smart cards or magnetic stripe cards; the unit is capable of storing a plurality of data sets representing different accounts; the unit is provided with a radio frequency interface which can imitate a smart card interface and is communicated with a smart card reader on a POS machine, an ATM terminal or any place where a smart card can be used; the unit also houses a programmable magnetic strip which can be used wherever magnetic strip cards can be used; the unit is also equipped with a biosensor which can flexibly identify the identity of the user.

Description

Point of Sale Transaction Device with Magnetic Stripe Simulator and Biometric Authentication

related application

This application is a continuation-in-part of co-pending U.S. Application No. 11/456,906, filed July 12, 2006; also, claiming rights to the following U.S. provisional applications: (1) Application No.: 60 /866,909; Filing date: November 22, 2006; Title: "Point-of-Sale Transaction Device with Biometric Protection", (2) Application No.: 60,866,922; Filing date: November 22, 2006; Biometric Protected Identity Card", (3) Application No.: 60/942,729; Filing Date: July 8, 2007; Title: . "Magnetic Stripe Simulator and Smart Card with Enhanced Biometric Authentication" .

Background technique

Every year, issuers of plastic credit cards around the world suffer billions of dollars in losses due to credit card fraud. These losses are usually compensated to some extent by increasing transaction fees and interest rates for consumers and merchants. However, these losses are still huge for credit card issuers.

Credit card information can be obtained and used fraudulently through a number of different means. In recent cases, employees or hackers have gained unauthorized access to merchant or card information processing databases that contain millions of credit and debit card accounts. The credit cards themselves are often lost or stolen, allowing the thief to make unauthorized payments from the account before it is cancelled. Thieves will impersonate individuals and use high-tech methods to obtain private information or account information from the magnetic stripe of credit cards, such as the well-known "skimming" or "cloning" methods, and use identity theft to illegally obtain accounts information.

Because account information is static, once compromised, it can be used to carry out fraudulent transactions in various commercial establishments, either through online transactions or other "card-not-present" transactions, such as order confirmation by mail or order confirmation by phone scam. Therefore, making the information that completes the credit card transaction dynamically changes with each transaction is a good way to prevent it from being stolen and reused. In the UK, a 'chip and PIN' approach is a good attempt in this direction. The project uses a smart credit card that requires users to enter a PIN instead of a signature when making a transaction. This PIN code will match the chip in the smart card. It’s important to note, though, that this setup, while a step in the right direction, doesn’t solve fraud when it comes to “card-not-present” transactions.

Radio Frequency Identification (RFID, Radio frequency identification, commonly known as electronic tags) is a known technology. A standard RFID device consists of an antenna and a chip that is activated by radiation of radio frequency waves from the reading device. The antenna on the reading device will transmit the signal to the chip of the electronic tag very close to the reader. RFID tags are similar to barcodes.

Electronic tags have many applications, including inventory control and tracking, as a replacement for traditional magnetic stripe cards at POS machines for electronic payments, as a device for automatically recording tolls on highways, and in passports and personal identification cards. Electronic tags are even used as embedded devices in living bodies, such as embedded in pets and children.

A "smart card" is a card that has embedded a microprocessor and memory chip or just a non-programmable logic chip. The microprocessor can add, delete and do other processing to the information on the card, but the memory chip card can only carry out predetermined operation. Although smart cards use wireless radios to transmit and receive data, they are different from those traditional electronic tags or magnetic stripe cards, and all the functions and data needed to complete the transaction are recorded on the smart card. Therefore, they do not need to enter the remote database at the same time as the transaction. There are many standards for smart cards, notably ISO/IEC 7816 and 14443. This is the card used by the UK's "Chip and PIN" program mentioned earlier.

Smart cards are rapidly replacing "swipe" credit cards that use the traditional method of storing data on a magnetic strip. At the point of sale (POS), the smart card can be activated by a contactless reader attached to external equipment matching the transaction request, for example, an electronic tag reader attached to a cash register. The RF antenna on the card reader activates the smart card by sending a signal to the RF antenna on the card. The service request connects the smart card through the card reader unit, and then transmits the cardholder account data back to the service request point of sale, and the instructions used are in accordance with the ISO7816 standard.

While smart cards allow transactions to be processed faster than traditional magnetic stripe cards, they offer only modest improvements in the ability to secure account data compared to those they replace. A recent test revealed that smart cards have weaknesses that could be exploited by data thieves. First of all, after the card owner places an order, he no longer needs to enter a PIN code or sign a credit card transaction form. Therefore, if the smart card is lost or stolen, it can be used for unauthorized purchase transactions. At the same time, technically, there are new security threats in contactless smart cards. A lost or stolen smart card still contains all the required information, including account number, CCV and other information needed to complete the transaction, which can be easily read and copied. Thieves can use differential power analysis (DPA) and simple power analysis (SPA) to decipher the encryption and decoding keys used in communications. Moreover, smart cards are also subject to other types of attacks, such as the well-known "relay (relay)" attack, that is, for a smart card that is not close to a POS-based card reader, it can be "relayed" by other paired smart cards and readers. (relaying)” to obtain the information it contains.

The existence of these defects is a huge financial risk for the issuer and the owner of the card. While credit card companies and insurance companies often pay fraud deposits to mitigate losses related to fraudulent activity, the long-term impact on victims and their credit ratings can be severe. In addition, it is obvious that any risks that can be detected related to smart card security technology will become an obstacle to market promotion. Therefore, it would be very beneficial to provide a secure data storage method in the smart card to avoid being obtained secretly and illegally.

Contents of the invention

The present invention is a cost-effective device that can store information from multiple smart cards and data from multiple conventional magnetic stripe cards and use it either through a magnetic stripe emulator or through a "virtual" contactless smart card. At the same time, use biometrics, such as fingerprint verification, or voice recognition, to prevent unauthorized use of devices and blatant theft of information on devices. With this capability, data theft through relay attacks and crimes related to lost and stolen smart cards would be virtually eliminated.

In the preferred embodiment, the invention consists of two parts, an application program running on a personal computer, a handheld portable data storage and transaction device, and optionally, an associated base unit.

The present invention also discloses a hand-held device, in a preferred embodiment, having the size of a credit card, ie having a thickness of 0.76 mm according to the ISO7813 standard. It includes a display and a keypad, as well as several navigation keys for making appropriate selections of accounts and applications. Optionally, part of the device includes a programmable magnetic strip. The device houses a main processor that can execute simple requests, as well as a smart card chipset and corresponding antenna.

The device can also incorporate a Near Field Communication (NFC) module that complies with the ISO14443 standard. NFC is a point-to-point connection that allows for much larger data transfers than smart cards that simply query and reply to smart cards. Thus, NFC modules can compete with smart cards. The NFC module can also be used to download various data, such as electronic receipts, coupons, advertisements, electronic bills, etc. In addition, the device can be connected to a POS terminal that can communicate over a short distance, and can be used to transmit account information, coupon information, and other types of information to the POS terminal. It is also possible to receive information from POS terminals, such as electronic receipt information. In addition, the device can also be connected to other short-range communication (NFC) devices, such as self-service kiosks that can use coupons, and ticket agents that can purchase and electronically store event tickets before use.

Most importantly, the device incorporates a biometric sensor for fingerprint or other biometric authentication to determine that the user is the owner of the device. This provides a way to ensure that only authorized card owners are performing transactions. In a preferred embodiment, fingerprint authentication is used to biometrically identify and authenticate authorized users, however, other means of authenticating users, both biometric and non-biometric, may be used. Every transaction needs to be authenticated, and the identity of the authorized user must be activated on the device's programmable magnetic stripe card, smart card circuit or short-range communication circuit, and its signal is transmitted to an electronic tag reader or short-range communication POS terminal was verified before. Not all device functions require authentication. For example, downloading coupons does not require authentication.

Even better, an instance of the device will have standard smart card contacts. An optional base unit will include matching connectors that will allow data to be transferred between the device and applications running on a standard PC. It also allows charging of the rechargeable battery of the device via the contactor. Additionally, the base unit can optionally include an NFC or smart card reader so that the base unit can act as a POS terminal for online purchases.

The handheld device can communicate with applications running on a PC. Preferably, it can be connected to a personal computer through the base unit. Or, optionally, directly via a wireless connection such as Bluetooth. The PC application allows account information to be downloaded from multiple credit cards or other types of cards into the device, which when connected can be synchronized with the handheld so that the PC's data can be mirrored in the handheld's data. The PC application may also provide other functions, as will be discussed in detail below. The device should also include sufficient memory means to store account information from multiple conventional magnetic stripe cards and smart cards.

The handheld can also emulate a magnetic stripe card with a programmable magnetic stripe. The programmable magnetic strip can be reprogrammed on the fly and, for safety, can be erased after a preset time or number of uses has passed. If there is an RF card reader on the POS terminal, the account information from the magnetic stripe on the card can also be transmitted through the RF signal. In this way, owners of traditional magnetic stripe cards will be able to use the more desirable contactless RF technology to execute transactions where they occur.

Handhelds must be initialized prior to downloading account information. Initialization proceeds with a user registration step in which the user is prompted to place one or more fingertips on the biometric sensor. Fingerprints are scanned and converted into digital samples that are stored in a memory device. Fingerprint samples can be used for authentication or activation procedures prior to magnetic strip programming or RF signal transmission. Optionally, multiple users can be registered as multiple accounts on the card.

Use of the account stored on the device relies on confirming its identity with biometrics and then selecting its dedicated account, at which point the account becomes an "activated" account. To verify identity, the user places a finger on the biometric sensor, and the fingerprint is scanned and matched against one of the fingerprint samples stored on the device. Optionally, unlocking the device may also require multiple fingerprint features of different fingers. With this feature, any unauthorized use of the card is prohibited. Thus, the security of traditional card or smart card transactions has reached a new level.

One disadvantage of fingerprinting is that a small portion of the population lacks available fingerprints for authentication, and in some cases users may choose to enter a personal identification number (PIN) as an alternative to authentication. During initialization, the user will be prompted to select a fingerprint or PIN number for authentication. Once the PIN is entered into the device, it is stored in memory in a database of selected applications.

For security and to prevent certain types of attacks on the device, the RF antenna on the device will be disabled after a single use. If no antenna is available, the interrogating RF signal will not be received. At the same time, the device cannot return a reply signal. When the authentication step of the subsequent transaction has been completed, there is sufficient time for the antenna to be enabled again in order to complete the transaction, after which it is automatically disabled again. Optionally, the device can also be used for a single transfer of account data. For transactions via magnetic stripe, the programmable magnetic stripe on the device is erased after a preset period of time in order to prevent reuse. The device also includes a circuit that records and time-stamps all requests to restore data, both when authenticated and when the device is used without authentication.

The camera head that is often used on mobile phones can also be installed on the device. The camera head can capture coupon information by taking a photo of the coupon barcode. In some cases, some devices are also equipped with barcode reading software that can be used to read barcodes from captured photos and display plain text information to customers.

The present invention can also use other types of authentication devices for biometric identification methods, including but not limited to, voice recognition, skin resistance and skin capacitance, and other types of known and future biometric verification methods.

Description of drawings

1A-1D are the front view, rear view, side view and bottom view of the first embodiment of the device.

Fig. 2 is an optional basic unit in Embodiment 1 of the present invention.

Figure 3 is a front view of a preferred embodiment incorporating a credit card and a smart card in a device form factor.

Figure 4 is a rear view of the preferred embodiment of the device, shown including a magnetic stripe emulator.

Fig. 5 is an internal block diagram of the preferred embodiment of the device, showing the schematic outlines of the constituent parts.

Fig. 6 is a system diagram of the preferred embodiment of the device, showing the connections of different parts.

Fig. 7 is a schematic diagram of a standard configuration of the hardware structure of the preferred embodiment of the device.

Fig. 8 is a standard configuration diagram of the high-level software structure of the device.

Figure 9 is a flow diagram for registering a user on a device.

FIG. 10 is a flow chart of user biometric authentication.

Figure 11 is a flowchart of the device configuration process for downloading electronic account records from an account issuer.

Figure 12A is a flowchart of Embodiment 1 of selecting and activating an account.

Figure 12B is a flowchart of another embodiment of selecting an account and activating an account.

Figure 13 is a functional block diagram of a menu of software applications that can be selected for display on the handheld device.

Fig. 14 is a functional structure diagram of a supporting application program on a personal computer.

Fig. 15 is a first embodiment of the application program and device of the card reader using a magnetic swipe or a contactless smart card model as the transmission medium.

Fig. 16 is a second embodiment of the application program and device of the card reader using NFC as the transmission medium.

Figure 17 is a flow chart of transactions performed with the device of the present invention based on the dynamic security code generated for each transaction.

Fig. 18 is a general structural block diagram of a data record (structured data file) downloaded into a device by an account.

Detailed ways

The device of the invention provides two embodiments. In a first embodiment, see Figures 1A to 1D, the device consists of two parts of different thicknesses, the first part of the device has the thickness of a standard credit card, and the second part is thicker to allow more room for physical components . In the preferred embodiment of the second part (thick part) (see Figures 3 and 4), the entire device has the thickness of a standard credit card and can be used anywhere a credit card can be used, including ATM machines and gas refills Station and other places where cards need to be inserted.

1A-1C is a front view, rear view and side view of the appearance of the first embodiment of the device 100, including two parts, a thin part 100a and a thick part 100b, the thick part 100b is preferably 10mm or thinner, by Made of any material commonly used in the construction of electronic equipment enclosures, but this material does not interfere with the transmission and reception of RF signals. The front of device 100 includes a display 101, which may be an LCD display. At the same time, there is also a menu selection key 102 and number keys 103 . Menu selection keys 102 aid in navigating through the series of displayed menus on display screen 101 . Menu selection key 102 is made up of direction key, and it is used for controlling cursor up, down, left or right, and the ENTER key of center is used for selecting menu content, and direction key and ENTER key can form any shape.

The thinner part 100a of the device 100 includes a programmable magnetic strip 107 at the rear, and is preferably made to a thickness of about 0.76 mm according to ISO7813 standards. The thin portion 100a of the device 100 is thus thick enough to pass through a standard magnetic stripe card reader. Between the thin part 100a and the thick part 100b of the device is a beveled region 104, which is the transition between the thin part and the thick part of the device 100. Both the thin portion 100a and the magnetic strip 107 of the device 100 are optional, and future versions of the device may not have the programmable magnetic strip 107, as magnetic stripe credit cards and swipe readers are phased out by contactless transaction devices. In some cases, the thin portion 100a of the device 100 can be eliminated.

The front of device 100 also includes a biometric input sensor 105, which in the preferred embodiment consists of a fingerprint scanner. In other embodiments of the present invention, other biometric authentication devices can also be used, such as a voice recognition device, a skin pH value analysis device, or other current and future devices capable of identifying users. In addition, the biometric authentication method can also be replaced by an alphanumeric password or a method in which the user inputs the PIN code of the device 100 through the numeric keyboard 103 .

The rear of the device includes a programmable magnetic strip 107 located on the thin portion 100a of the device 100 . The back also includes an optional camera head 106, preferably mainly used to take pictures of barcodes that can be read by barcode recognition software. However, any image can be photographed and stored on the device for display or transmission. In addition, an NFC chip 108 and a Bluetooth chip 109 are shown on the back of the device 100, however, these chips are actually inside the device. Also on the back of device 100 is a system reset button 110 .

In side view 1C of device 100 can be seen soft keys 109 of the device for the user to connect software applications to the device.

Figure 1d shows the bottom end of the device 100, showing a thin portion 100a of a magnetic strip 107, a thick portion 100b and a beveled area 104 between them. There is also a connector 201 at the bottom of the device 100, directly connected via a cable or connected via a base unit 200 (see FIG. 3), for data transmission with the PC application 1002 (see FIG. 15).

The optional base unit 200 includes a connector 202 matching with the connector 201 at the bottom of the device 100 to provide the aforementioned functions. The base unit 200 also includes an NFC chip 205, or other means of wireless communication, which would allow the base unit 200 to act as a contactless point-of-sale (POS) terminal for online purchases. The base unit 200 also presents a PC interface 204 capable of interfacing with the device 100 and the PC application 1400 . The connection mode between the device 100 and the PC application program 1400 may also be any known wireless transmission protocol in the technical field, such as Bluetooth; or a wired connection such as a serial line or a USB interface.

Connector 201 may also charge rechargeable battery 405 on device 100 . It is connected to the base unit 200 or directly connected to the PC through a cable. An AC adapter (AC power adapter) 203 on the base unit 200 can now provide power for the rechargeable battery. Alternative charging methods also include charging the battery through induction after the RF antenna of the device generates a voltage through electromagnetic induction.

3 to 5 are physical configurations of the preferred embodiment of the present invention. In this embodiment, device 150 is the size and thickness of a standard credit card. Referring to FIG. 3 , the display screen area 152 on the front of the device 150 can display an activated account information, which can be selected by buttons 153 and 154 . Although there are two buttons in the standard preferred embodiment, it will be apparent that any number of buttons may be present on the user interface of the device.

Note that the display screen area 152 is not limited by the size and shape shown in the figure, it can be any size and shape. Preferably, display 152 is an LCD display, but may be any type of display known in the art, including in particular electrophoretic displays that retain an image after device 150 is turned off. In uses other than financial transactions, it is contemplated that device 150 could display color and video. In the preferred embodiment, the display screen 152 is mainly used to display the currently active account to prompt the customer. The account information displayed therein may include graphics. Preferably, a LOGO or trademark of the account issuer and any other information necessary to complete the transaction, such as a CCV code or a dynamically generated PIN code.

The account information displayed on the display screen may be an "activated" account. Referring to Figure 4, after the user has authenticated himself with the biometric sensor 151, the information required to activate account transactions will be programmed into the programmable magnetic stripe card 161 or transmitted by the RF module. Preferably, biometric sensor 151 is a fingerprint scanning device capable of scanning one or more standard user's fingers to match stored fingerprint samples. However, any current or future biometric sensor can be used. Alternatively, a PIN code may also be employed.

Area 156 on the front of device 150 is a printable area that allows for a logo or other information to be printed on the card. Preferably, the card is not embossed, and for added security, there should be no account-related information on the card, which should only be displayed on the display 152 .

The contactor 155 is a standard device in smart cards, and is designed according to the smart card ISO standard. These contacts allow data transfer between the device and applications running on the PC via the base unit 700 (see Figure 6); also allow the rechargeable battery on the card to be charged through the smart card contacts.

FIG. 4 shows the configuration of the back of the device 150 . Field 160 is an optional field that allows printing of information that can be displayed on the card. Area 162 is an optional signature area, manufactured in accordance with the standard signature area of a typical credit card. The programmable magnetic stripe 161 is located at the standard location of the magnetic stripe on a conventional credit card, ie the top of the card.

Figure 5 shows a block diagram of the components inside the card. The battery 171 is a rechargeable battery. Preferably, it is composed of thin film lithium polymer, and when the device 150 is placed in the base unit 700 (see FIG. 3 ), it can be charged through the smart card contact 155, as shown in FIG. 3 . We are also considering that the battery can be inductively charged by contacting the induced current generated in the RF antenna 173 by an electromagnetic field or a radio frequency wave.

Component 172 is the system motherboard of the device, including a central processing unit and associated memory, as well as other components that we will describe in detail later. Component 173 is an RF antenna that enables the device to process contactless transactions at POS terminals. When a standard smart card reader interrogates the device via antenna 173, the device allows the transfer of account information. The standard smart card reader body can also provide power and transmit information to a smart card through the induction of the antenna. Devices that are self-powered, however, don't need those features. Although we envision having the device recharged via electromagnetic induction from an RF antenna in an emergency to complete at least one transaction. Preferably, however, the antenna is used only for the device to communicate with the contactless smart card reader.

Component 176 is a smart card circuit, which can support modules such as smart card contactor, contactless smart card interface and communication, and also includes a memory device, which stores activation account information that must be transmitted to the POS device in order to end a transaction.

Component 174 is the magnetic stripe emulated controller, a custom chip used to control the storage and transmission of Track 1 and Track 2 data required to complete a transaction at the POS terminal. Component 175 is the track 1 and track 2 transmitter of the programmable magnetic strip. We can imagine that the .POS device can write data on any magnetic stripe track. The magnetic stripe emulation controller 174 can read some information in an area of the flash memory 403 of the device 150 related to the currently active account information and then store it.

FIG. 6 is a system diagram of the preferred embodiment of the present invention. The base unit 700 provides a connection point between the device 150 and a standard personal computer 704. As shown in FIG. The connection between the base unit 700 and the PC 704 may be any common method known in the art, such as a serial cable, a USB cable, or a wireless connection such as Bluetooth. Any present or future known communication protocol can be used. The base unit 700 includes a removable battery 701 that can charge the internal battery 171 of the device 150 . The removable battery 701 can be any kind of consumer grade battery, such as a 9v battery or a plurality of "AA", "AAA" batteries. Optionally, an AC adapter 702 can also be used for the same purpose. The device 150 is plugged into the base unit 700 while data is being transferred between the PC 704 and the device 150 while the internal battery 171 on the device is being charged. Both data transfer and battery charging take place through the smart card contact 155 . When the device 150 is placed in the base unit 700 , the contacts 705 on the base unit 700 are electrically connected to the smart card contacts 155 on the front of the device 150 . This allows data to be transferred between the base unit 150 and the application 1400 running on the PC 704 . The personal computer 704 will be discussed in further detail below. Additionally, the rechargeable battery 171 can be charged through the smart card contact 155 .

It is also contemplated that the rechargeable battery 171 could be charged with a portable charger, which could be in the shape of a clip or soft envelope, so that it could be attached to the device 150 . This charger (not shown) can be powered by a single battery, which can be a thin sheet battery. The charger can thus be embedded in a wallet, providing a convenient place to store the device 150 to facilitate charging the battery 171 on the device 150 .

In another example, the device 150 can be connected to a mobile phone for charging, and the mobile phone has a slot for receiving the device 150 . When the device 150 is inserted into the slot, the smart card contacts 155 make electrical contact with contacts on the mobile phone that charge the battery 171 . We can also imagine that there is a data transmission module between the device 150 and the mobile phone, and the data transmission is performed through the mobile phone network. For example, data transactions can be encrypted, sent over the mobile phone network to credit card processing centers and other processing programs.

We also envision device 150 being able to be incorporated into a cell phone at some point. In some cases, transactions can be done through RF or NFC modules and POS terminals with the same function. Because of the thickness, no programmable magnetic strip 161 is used in some cases. Or there is a retractable magnetic strip 161, when not being used, the magnetic strip is accommodated in the socket of the phone; when in use, the magnetic strip is stretched out of the slot.

In yet another embodiment of the above, an optional solar module can be used to charge the battery 171, where a photovoltaic cell (not shown) will convert enough power from ambient light to keep the battery 171 fully charged or slow down the battery. discharge. In addition, the backlight of the liquid crystal display 152 on the device 150 can also convert current to slow down the discharge of the battery 171 .

In the preferred embodiment represented by Figures 3-5, the device 150 is structurally flexible, preferably based on known technology for credit cards. Accordingly, device 150 may be made waterproof.

FIG. 7 is a schematic block diagram showing the structure of the system board 401 on the device 150 . The system board 401 includes most of the components that control and use the device. CPU 408 is the main processor of device 150, providing overall control of device 150, and running the main operating system software and application programs. The storage device 402 is a memory required to operate the device and to control software, application programs, and the like. Flash memory 403 is used in devices for secure long-term storage of application data and electronic account records.

The smart card controller 404 includes software and hardware that control the central processor 408 and the smart card circuitry 176 that the central processor interacts with. The smart card reader contactor 405 controls the input and output of data and the delivery of power, which is carried out through the standard smart card contactor 155 located on the front of the device 150 .

The power management component 406 controls the status of the rechargeable battery 171 ; it also controls the delivery and regulation of power to the rechargeable battery 171 when the device is connected to the base unit 700 .

Magnetic stripe controller 407 is the interface to magnetic stripe control circuitry 174 and provides account data to be encoded into programmable magnetic stripe 161 . At the same time, the magnetic stripe control 407 also determines when to delete or disable the programmable magnetic stripe 161 .

The display controller 409 is responsible for controlling the images and information displayed on the display 152 located on the front of the card.

The biometric sensor controller 410 captures input information from the biometric sensor 151 on the front of the device 150, which is then passed to the biometric enrollment and authentication software. This software is part of the main system software. Alternatively, this function may also be provided by the biometric sensor controller component 410 .

Programmable soft key controller 411 controls the scroll key 153 and 154 inputs, as well as other inputs on the card.

In addition to the components shown in the preferred embodiment, other circuitry may be included on the main system board 401 or as a separate component within the device. These components include the camera head on the motherboard, the Bluetooth interface, and the short-range communication module. It should be noted that the configuration shown in FIG. 7 is only a sample, and those skilled in the art may provide many available alternative solutions, which are still considered to be within the protection scope of the present invention.

Figure 16 shows the software structure of the device. Includes all software components. The device application 501 is the most important software application running on the CPU 408 to control the device 150. It provides a basic flow of input and output, and the main functions and controls on the device 150 . The device application program 501 runs on the device operating system 503, and the device operating system can be any system running on a portable device now or in the future, for example, LINUX or JAVA card open platform system (JCOP), but any A suitable operating system. The device operating system 503 will perform all basic tasks to control the internal components of the device, and at the same time provide a software platform on which the device application 501 can run.

The biometric registration and authentication component 502 is a software component that collects biometric samples for the first time and stores the necessary samples for later authentication. Additionally, the biometric enrollment and authentication component 502 is responsible for reading the scan from the biometric sensor 151 and comparing it with stored samples to verify the user's identity. If the authentication process is unsuccessful, the device is not activated.

Software component 504 is the smart card operating system for managing the smart card command and reply system. Smart card operating system 504 may be part of device operating system 503 .

As a hardware component, the structure of Fig. 8 is just a common case. Any alternative design is also possible, which is also within the scope of the present invention.

FIG. 9 is a flowchart showing the process of user registration on device 150. Referring to FIG. At step 900, the "device initialization" process begins. In step 902, a portion of the memory including stored account information or other user data (e.g., pre-stored biometric samples) is deleted in order to prevent unauthorized persons in physical possession from adding An authorized user with an account. Step 904 is to determine how many scans are required for authentication. Preferably, this is determined by asking the client. In a preferred embodiment, a user may require multiple scans to authenticate their identity. For example, the user gives a specific command to complete the authentication process: scan multiple fingerprints of different fingers. Once the appropriate number of scans is determined, the counter reset step 906 is entered. The process of biometric collection, which includes collecting, encoding and storing biological templates, is performed at step 908 . Preferably, these functions will be part of an off-the-shelf package that includes the biometric scanner. At step 910, the counter is incremented. In step 912, it is determined whether all required biometric samples have been collected. If additional biological samples are needed, that is, not all samples have been collected, step 912 returns to step 908, at which point another sample will be collected, coded and stored. In addition, it is determined in step 912 whether the required number of biological samples has been collected, and if so, the next step goes directly to step 914, at which point it is determined whether another user will be registered. If yes, return to step 904 to start another user's registration process. If no additional registration is required, the registration process is completed at step 916.

In further device embodiments, a different type of biometric scanner may be provided, such as voice recognition, or a PIN code instead of a biometric scanner. In these embodiments, another controller needs to be set in the device to input the PIN code. These embodiments are still within the scope of the present invention.

Figure 10 Flowchart for activating the device when used on a POS terminal. The activation process for the device works like this: the customer is authenticated, and then various associated user accounts are opened. The flow begins at step 1000, when the biometric sensor 151 or the scroll keys 153, 154 are touched. In another device embodiment, any user input component may initiate the authentication process. If one of the scroll keys 153 or 154 is touched, thereby starting to scroll through the account information, the current account shown on the display screen 152 is the account to be activated. If the biometric sensor 151 is touched, the currently displayed, or last displayed account will be activated. At step 1002, a message will be displayed prompting the user to complete the authentication process. In this example, the fingerprint scanner is activated when the user places the appropriate finger (or several fingers in sequence) on the scanner. Step 1003 is to collect biometric information, and then encode and match with the stored valid biometric scanning samples. In step 1004, the collected biometric information is compared and analyzed with the biometric samples collected and stored in the user registration process in FIG. 9 .

If a match is confirmed, flow goes to step 1006 and a counter is updated to show how many correct matches have been made. In step 1008, it is determined whether other biometric information is to be collected, and if so, the flow returns to step 1003. If the correct amount of biometric information has been collected and a match is confirmed, the process goes to step 1010, at which point the information is cleared, and then to step 1012, at which point the "TRUE" command has passed back to the biometric on the main system board 401 on the sensor controller.

In step 1003, when any biometric scan fails in matching, the flow goes to step 1014, at this time, the display screen 152 displays an "error" message. In step 1016, it is determined whether the number of failed attempts reaches a predefined limit, and if so, the process proceeds to step 1018, at this time, a FALSE value is returned to the biometric sensor controller 410, indicating that the device is not activated. If the number of repetitions has not been reached, the flow transfers from step 1016 to step 1003 to collect the next biometric information.

Figure 11 illustrates the process of configuring account data 800 in spreadsheet form downloaded from an account issuer to a device to complete a transaction. This information is shown in detail in Figure 18. Includes account attributes 802, account issuer's LOGO or other indicia 804, track 1 and track 2 respective data 806 and 808 (need to programmatically encode the programmable magnetic stripe 161), smart card file system 810 (which may be executable code ), and any other data 812 that may or may not be required to complete the transaction, such as advertising content and/or coupons. Smart card file system 810 may include executable code that supports anti-theft measures, such as rotating account calculations, dynamically generated passwords, or authentication codes.

The issuer of the account, which is a standard bank or other credit card issuer, will provide a structured data file 800, including the information just discussed, and associated with the particular account. Preferably, the available structured data file 800 can be downloaded from the publisher's website 1104 through the secure channel 1103, or the electronic data file can be transmitted through other technical means known in the art.

Fig. 11 shows the flow of providing structured data files to users. At step 1100, the user plugs the device 150 into the base unit 700, which is preferably connected to a standard personal computer via any known means of communication, such as those described above. It is contemplated that future instances of device 150 may communicate directly with a PC via wireless means, thus eliminating the need for base unit 700 .

In step 1102 , the user needs to go through an authentication process to log in to the account issuer's website 1104 , so the account issuer needs to establish a secure channel 1103 . Preferably, the secure channel is an HTTPS connection, which uses an SSL-encrypted HTTP protocol or a TSL transport protocol to ensure secure communication with the web server. However, any encrypted secure channel can be used. Based on the user's needs, the account issuer generates a structured data file 800 (step 1106), which is specific to the user. The structured data file 800 can be downloaded from the PC 704 through the secure channel 1103 and it will be stored (step 1108). Preferably, it is also permanently stored on PC 704 in some form. At step 1110 , the user uses the PC application 1400 to facilitate the transfer of the structured data file to the device 150 . Preferably, structured data file 800 is encrypted so that only device 150 or PC application 1400 can read it.

Figure 12a shows the upper level of flow control of the preferred embodiment of the device 150 after the user has been authenticated. In step 1200, the device activation process shown in FIG. 10 is executed. If successful (eg, a "TRUE" result returned in the flow shown in Figure 10), the flow goes to step 1202, at which point the currently active account is displayed. The current activated account can be the first account in the account list, or the last activated account. Note that if the activation process shown in Figure 10 has returned a "FLASE" result, the device will remain locked and wait for another device activation request to be performed. The number of failed device activation requests can be limited, but requires the device 150 to be connected to the PC application 1400 prior to the authentication attempt process.

At step 1204, the current active account can be used. This means that the account information is programmed (encoded) into the programmable magnetic stripe card 161 and/or loaded into the memory device (if the transaction is wireless, the memory device contains the information transmitted via the RF antenna 173). In addition, any auxiliary information required to complete the transaction can be displayed on the display screen 151 . For example, dynamically generate passwords, security codes, or CCV codes.

In step 1206, it is determined whether the current activated account has timed out. If yes, the device will be activated again (step 1208), and the authentication flow shown in Figure 10 will be forced to repeat to reactivate the account. If not overtime, in step 1210, it will be determined whether one of the buttons 153 or 154 is pressed, which indicates that the user wishes to scroll the previous or next account in the account list, and then make this account active. Page scrolling occurs in step 1212, and after the flow turns to step 1202, new account information will be displayed. If no key is pressed at step 1210, then the current activation account information will be used while device 150 waits until a timeout (step 1208). Alternatively, it is determined at this point whether the account information is transmitted, either by wireless transmission, or by physical swiping of the programmable magnetic stripe card 161 . If yes, the device will be shut down before reaching the final timeout.

Figure 12b shows the flow of another embodiment. In step 1210, if a key press is detected, it needs to be determined (step 1211) whether the pressed key is a soft key. If yes, go to step 1213 and the top level on-board application menu 1300 (see FIG. 13 ) will be displayed. Keys 153 and 154 can also be used to navigate this menu. On-board application menu 1300 provides access to different device accessibility menus. Note that the flowchart shown in FIG. 12b is: the improved function of the device 150 can be added to the soft key, and then the improved function is used. Optionally, device 150 may use another method to detect whether a soft key is pressed, for example, detect whether keys 153 and 154 are pressed at the same time.

FIG. 13 shows the top level of the on-board applications menu 1300 . The top-level menu allows the user to select several functions. At block 1302, the user can activate the NFC circuit to download content into the device 150, or from the device 150 into the PC 704 or other short-range communication device. For example, NFC content download 1302 can be used to move relevant new account data from PC 704 to device 150 . In addition, data about account usage can be downloaded from device 150 to PC application 1400, such as the number of times an account is used, the amount of money for different accounts, and the like. The NFC function of the device can be used to communicate with appropriately equipped POS terminals or self-service kiosks for other purposes, such as downloading coupons from advertising kiosks, uploading coupons to POS terminals, downloading electronic receipts from POS terminals, downloading products ( Such as electronic tickets) and content and so on.

At block 1304, the camera head 106 is used to capture a picture, including a barcode of a coupon or other advertising material (eg, a poster). The user obtains the barcode by taking a photo of the barcode. The barcode is interpreted at block 1305, specifically through a computer program that acts like optical character recognition software to interpret the content of the barcode and convert it into a plain text format. The details of the coupon can then be displayed on the display screen 151 . In block 1306, the coupon data can be stored in the on-board memory 402 and can be uploaded to the application 1400 when the device is connected to the PC.

The user may choose to double check stored coupons, products and downloads (block 1310) to determine if they are used or deleted. Similarly, at block 1312, the user can review receipts stored in the memory device 402 downloaded to the device 150 via the NFC circuit. These receipts can eventually be downloaded to the PC application 1400 and then permanently stored and/or rechecked and printed on the PC. Block 1014 is a preparation for future function expansion of device 150 . Future function expansion can be done through software upgrades, and software upgrades will be applied for through PC applications.

Fig. 14 is a functional structure diagram of the PC application program. PC application 1400 preferably runs on PC 704 to which device 150 is connected via the base unit. Preferably, the computer on which the PC application 1400 runs will be connected to the network for downloading account information from the account issuer and downloading other content. Therefore, as long as all or a subset of the functionality shown in FIG. 14 is provided, the PC application 1400 should be capable of a conventional design for applications of this type of functionality.

The PC application 1400 allows maintenance of account records (block 1404). This includes defining a new account record (block 1405), amending existing account records (block 1406) and deleting existing account records (block 1407). Defining a new account record includes account information in the structured data file 800 downloaded from the account issuer, as previously discussed with respect to FIG. 11 . The account information downloaded from the account issuer to the PC application 1400 includes advertising material or graphics that are displayed on the display screen 152 when the account is activated.

Account data and other content in PC application 1400 may be synchronized with content in device 150 at block 1408 . The PC application program 1400 and the permanent storage device on the PC704 can be used as a backup of the storage information of the device 150, and also can keep historical records to be restored on the device 150, and can also synchronize all account record data between the device 150 and the PC1400 .

An additional level of account data protection is achieved by personalizing the account data to a dedicated device 150 during the synchronization process. During this process, all new account records are moved to device 150 preferably through a unique encryption process and then to device 150. The encryption process is directed by software on device 150, and the new encrypted account data is moved back to PC 704 for storage, thereby overwriting the unencrypted version of the account data. This will ensure that the account data generated will only run on device 150 and not on other devices. To accomplish these functions, each device 150 is coded with a unique serial number, or the encryption keys used to encrypt data can only be used on the device 150 .

PC application software 1400 is also capable of payment brokerage for online purchases. At this time, the base unit 700 acts as a POS machine, which can complete the transaction from the device 150 by transmitting account data via Near Field Communication (NFC) or wireless smart card. Alternatively, the transmission of account information may also be performed through a smart card contactor on the device 150 . Further, if there is no base unit 700, payment can be made directly from the device 150 through a personal computer with a wireless connection module.

In order to make payments over the Internet, the device 150 is activated and an appropriate account is selected. When the device 150 is inserted into the base unit 700, the account information on the device 150 is read through the smart card contactor 155, and the relevant fields on the home page are filled in with the content to be paid for online purchases.

Similarly, device 150 may also serve as an authentication device for users who frequently log into online sites and require a username/password combination for entry. When a user logs into a website, the device 150 will detect the website and automatically provide the appropriate username/password combination to authorize the user to enter the website. Other uses of the invention are also conceivable, including as a student ID card, as an electronic driver's license, passport, and as a card for controlling access to restricted areas of buildings. In general, any situation that requires a number or account to be associated with a specific person can be helped by using the more secure means of authentication provided by device 150, which reduces theft and fraud.

The PC application 1400 can also manage receipt records by selecting the menu 1412 . In sync process flow 1409 , receipt records can be downloaded from the device, and receipt records are persisted by PC application 1402 to local storage by persistent storage on PC 704 . At block 1413, the receipt record can be output in any one of the known image file formats, such as JPEG, TIFF, PDF or text file format. In addition, the records of multiple receipts can be output in a data table format suitable for reading, for example, by EXCEL. At block 1414, when the record is no longer needed, it may be cleared from the local storage,

The menu 1416 can perform the coupon management function of the PC application 1400 . At block 1418, coupons that the user no longer wants to keep can be purged, or expired coupons can be purged automatically. In addition, coupons can be downloaded from the Internet through the PC application 1400 and then sent to the device 150 during the synchronization process 1409 .

Menu 1420 can perform various configuration options for PC application 1400 . For example, the method of connecting the base unit 700 to a personal computer, the format of the user interface of the application program 1400 , and the format of other menus that may affect the operation of the device 150 .

In operation, as shown in Figure 15, the device 150 conducts transactions through a POS terminal using either magnetic stripe or RF transmission. After the user successfully activates the device, the account's recorded data is encoded into the magnetic stripe emulator on the device. The magstripe emulator can then be swiped by a magstripe reader commonly found on POS terminals. This provides the information needed to complete the transaction with an existing working device. The existing contactless POS terminal interface also supports the device by using the RF module to transmit the required transaction data.

Figure 16 shows a transaction between device 150 and an NFC-enabled POS device. Here, an interactive session is developed, wherein the NFC circuit of the device 150 and the NFC-enabled POS terminal establish a two-way communication to exchange key information about the transaction, such as selected account information, any available coupons or special offer information. Additionally, information can be downloaded from the POS terminal to the device 150, including electronic receipt data, information about loyalty points, highlights of future purchases, advertising content, products (such as electronic tickets), and direct-to-user information. These functions are not shown in FIG. 15 because there is no channel through which data can be transmitted from the POS terminal back to the device 150 through the magnetic strip or smart card interface. In an embodiment of the device 150 there are NFC circuits which can be used to simulate smart card RF transactions.

It is conceivable that the device should comply with the ISO 7810, 7811, 7812 and 7813 standards for magnetic stripe cards. It is also conceivable that there may be no magnetic stripe card part in an optional embodiment, and the communication with other devices only uses smart card technology or NFC technology.

Figure 17 provides a solution by requiring transactions in the credit card process to include a dynamically generated one-time password so that fraud can be ruled out. This function does not exist in traditional credit cards, because traditional credit cards do not have a calculation unit that can calculate dynamic passwords.

It is conceivable that different account issuers may have different solutions and algorithms for generating dynamic passwords. Thus, an encryption algorithm that generates a dynamic password can be downloaded as part of the electronic account record 800 (shown in FIG. 18 ) and as part of the smart card file system 810 .

The dynamic password generated by the device 150 can be electronically transmitted to the POS device together with the remaining account information, and finally transferred to the financial institution for payment authorization, or displayed on the display screen 152, so that the user of the device can see the password, And inform the merchant orally or input with the keys on the POS device. Alternatively, a static alphanumeric password that does not require calculation, such as a CCV code, can also be displayed and used by the user in the same manner.

In operation, a password is generated when a user activates an account or asks a POS device. The password is displayed on the display screen 152, or the password is jointly submitted as part of the electronic transmission of the account number through the programmable magnetic strip 161 or wireless RF transaction through the antenna 173.

The process is shown in Figure 17. Block 1701, during the normal process of processing a transaction on the POS terminal, the user provides the account number and dynamic password to the merchant. In block 1702, the merchant's existing information, together with the dynamic password included in this transfer, is uploaded to the payment processing point 1703 as part of the normal payment authorization transfer process, and then the information is sent to the acquiring bank (block 1704) . Alternatively, the merchant can communicate directly with the acquiring bank 1704, so that there is no provision of payment processing point services in the setup. The acquisition bank then transmits the account number and dynamic password to the payment card association 1705 . The payment card association 1705 sends a message to the payment processing service (block 1706) to verify that the one-time password for that particular account is authentic, and then authorizes the payment. In block 1707, the issuer of the financial card will also verify the dynamic password, and then authorize the payment. Authorization is then returned 1704 to the acquiring bank. The payment processing point or gateway service 1703 then transmits authorization to the merchant and the transaction is complete. Note that one or more of the units in Figure 17 may be the same unit.

If the user is using a dynamically generated password based on the unique authentication of the device 150, this eliminates the following type of fraud: when the credit card number is stolen, by embossing the number on another card, using a counterfeit card in person One is that the card number is stolen, and the transaction can be carried out through the Internet only by providing the card number and through simple guidance to purchase goods. This method also eliminates the need to print the security code or CCV code on the signature side of the card. As such, theft of dynamically generated security codes is virtually impossible.

Note that the examples provided in the present invention are only samples, and are not meant to limit the present invention. For example, the actual physical configuration of device 150 may vary according to the requirements of the applications running thereon. For example, certain applications require larger or smaller display screens, or some embodiments may include speakers or microphones. Similarly, the layout of the buttons 153 and 154 and the quantity and positions of the additional buttons can adopt any configuration scheme that is convenient for the user. The biometric sensor 151 can also be arranged at any convenient location, which can be on or inside the casing of the device 150 . Likewise, the system structure shown in FIG. 7 is only one possible embodiment. The system structure can be configured in any way according to the functions required by the simulation of the magnetic stripe described in the present invention, the smart card and/or NFC, etc.

Claims (83)

1. An apparatus for performing point-of-sale transactions, comprising: a. A casing, the size of which is close to the size of a credit card; b. A biometric sensor; c. memory device used to store information related to one or more accounts; d. a user interface for selecting one of the one or more accounts stored in the memory device; e. a display component for displaying said selected account information; and f. A radio frequency interface including a radio frequency antenna for providing said selected account information to the point of sale device in electronic form. 2. The device of claim 1, wherein the biometric sensor verifies the identity of the user of the device by comparing one or more biometric information previously provided by the user and stored in the device . 3. The device of claim 2, wherein said user interface comprises one or more buttons. 4. The device of claim 3, wherein information of said one or more accounts is arranged in a list, further wherein said one or more buttons are scrolled back and forth on said list Choose one of the one or more accounts described. 5. The device of claim 2, wherein information related to said selected account is displayed on said display component. 6. The device of claim 5, wherein said display assembly is an LCD display. 7. The device of claim 5, wherein said selected account-related information includes all information necessary to complete a transaction at said point-of-sale device but not transmitted electronically through said device. 8. The device of claim 2, wherein said radio frequency interface is disabled when said user information is authenticated. 9. The device of claim 5, wherein said radio frequency interface is a smart card interface. 10. The device of claim 8, wherein said radio frequency interface is operable to transmit information related to said selected account when an inquiry request is made via said point-of-sale device therein. 11. The device according to claim 10, wherein the radio frequency interface is disabled when the information of the selected account is transmitted or exceeds a preset time. 12. The device of claim 2, further comprising a magnetic strip that can be programmed with said selected account information and subsequently erased. 13. The device of claim 12, wherein said programmable magnetic strip can only be programmed with said selected account information by an authorized user after being authenticated by said biometric sensor. 14. The device of claim 10, wherein said programmable magnetic strip is erased or provided in an unreadable form after being read once by swiping the card on the point-of-sale transaction device or after a predetermined time period has elapsed . 15. The device of claim 2, wherein said biometric identification is a fingerprint, further said biometric sensor is a fingerprint scanner. 16. The device of claim 7, wherein said information necessary to complete a transaction at said point-of-sale device but not transmitted electronically through said device is a calculated by said device Dynamically generate passwords. 17. The apparatus of claim 16, wherein said dynamically generated code is unique for each transaction. 18. The device of claim 16, wherein the dynamic password is calculated based on an algorithm stored in a memory device in the device. 19. The device of claim 17, wherein said algorithm is provided by an issuer of said selected account and downloaded to said device. 20. The device of claim 1, wherein said information transmitted to the point-of-sale device in electronic form includes a dynamic password calculated by the device. 21. The device of claim 20, wherein the dynamic password is calculated based on an algorithm stored in a memory device in the device. 22. The device of claim 21, wherein said algorithm is provided by a user of a selected account and downloaded to said device. 23. The device of claim 7, wherein said information necessary to complete a transaction at said point-of-sale device without being electronically transmitted through said device is an alphanumeric code. 24. The device of claim 1, further comprising a plurality of electrical contacts on the housing of the device. 25. The device of claim 24, wherein said plurality of electrical contacts conforms to features of a smart card. 26. The device of claim 24, further comprising a rechargeable battery. 27. The device of claim 26, wherein said charging means that charging can be performed through said electrical contacts. 28. The device of claim 26, wherein said rechargeable battery is rechargeable by inductive coupling when said radio frequency antenna is exposed to said radio frequency energy source. 29. The device of claim 24, wherein said device can exchange data with a computer through said plurality of electrical contacts. 30. The device of claim 29, wherein said account information can be downloaded to said device via said plurality of electrical contacts. 31. The device of claim 29, wherein said executable code can be downloaded into said device via said plurality of electrical contacts. 32. The device of claim 14, wherein said programmable magnetic strip is capable of programming data on at least one of Track 1 or Track 2. 33. The device of claim 14, wherein said programmable magnetic strip is writable by a point-of-sale device, further wherein said information written on said magnetic strip is readable and stored by said device in memory in the device. 34. The device of claim 26, further comprising a photovoltaic cell for recharging said battery when exposed to ambient light. 35. The device of claim 1, further comprising a short-range communication interface. 36. The device of claim 35, wherein said NFC interface is operable to upload said user information to said point-of-sale device. 37. The device of claim 35, wherein said NFC interface is operable to upload promotional information to a point-of-sale device. 38. The device of claim 35, wherein said NFC interface is used to download content from a point-of-sale device or other NFC-enabled terminal to said point-of-sale device. 39. The apparatus of claim 38, wherein said content is selected from the group consisting of advertisements, electronic receipts, electronic coupons, and electronic tickets. 40. The device of claim 1, wherein said device is operable to verify identity. 41. The device of claim 40, wherein said device is operable to verify an identity selected from one or a combination of student ID, employee ID, driver's license or passport. 42. The device of claim 1, wherein said device can be used for access control. 43. A device for performing a point-of-sale transaction, comprising: a, a housing, the size of the housing is close to the size of a credit card; b. A fingerprint scanner; c. A memory device used to store information about one or more accounts; d. One or more buttons for selecting one or more accounts; e. A display screen for displaying information of one of the accounts, and the displayed account is the currently selected account; f. A radio frequency interface for providing the point-of-sale device with information about the currently selected account in electronic form; g. A programmable magnetic strip, which can be programmed with the information of the currently selected account and can be erased afterwards; 44. The device according to claim 43, wherein said device can calculate and generate a dynamic password for each account or each transaction of each account. 45. The device of claim 44, wherein said dynamic code is electronically transmittable via said radio frequency interface or a programmable magnetic strip. 46. The device of claim 44, wherein said dynamic code is displayed on said display screen. 47. The apparatus of claim 43, wherein said information required to complete a transaction but not electronically communicated to said point-of-sale terminal is displayed on said display screen. 48. The apparatus of claim 47, wherein said information required to complete a transaction but not transmitted electronically to said point-of-sale terminal is a CCV or security code. 49. A system for performing point-of-sale transactions, comprising: a. A computer on which the Application is executed; and b. A handheld component includes: memory means for storing one or more information about the account; a user interface for selecting one of the one or more accounts stored in said memory means; a biometric sensor for verifying the identity of the user of said device; a radio frequency interface for electronically transmitting said selected account information to a point-of-sale terminal; and A data port for communicating with the application. 50. The system of claim 49, wherein said application is capable of downloading account information from an account issuer from the Internet and storing said account information on said computer. 51. The system of claim 50, wherein said account information is downloadable to said handheld unit and stored in said memory device. 52. The system of claim 50, wherein said account information is downloaded to said handheld unit, where said account information is encrypted and transmitted back to said application for Save it on said computer. 53. The system of claim 49, wherein said application is capable of downloading content to said handheld component. 54. The system of claim 53, wherein said content includes advertisements and coupons. 55. The system of claim 48, wherein said radio frequency interface is a near field communication (NFC) interface. 56. The system as claimed in claim 55, wherein said NFC interface can simulate a smart card, and the smart card can implement a POS function terminal for non-contact transactions. 57. The system of claim 55, wherein said handheld device is capable of communicatively linking with POS devices and other NFC-enabled devices. 58. The system of claim 57, wherein said handheld component is capable of accepting downloaded content from an NFC enabled device. 59. The system of claim 58, wherein said content is selected from a group consisting of advertisements, electronic receipts, electronic coupons, and electronic tickets. 60. The system of claim 59, wherein said downloaded content can be copied to said PC through an application program for printing and permanent storage. 61. The system of claim 49, wherein said handheld component can be electronically paired with said computer to allow synchronization between the application and the handheld component. 62. The system of claim 49, further comprising a base unit connected to said computer via a cable or wireless connection, said base unit including a interface. 63. The system of claim 62, wherein said data port is comprised of a plurality of electrical contacts. 64. The system of claim 63, wherein said handheld assembly further includes a rechargeable battery rechargeable through said data port or inductively by exposure to radio frequency waves. 65. The system of claim 49, wherein said handheld assembly further includes a magnetic strip that is programmable with said selected account information and then erased. 66. The device of claim 65, wherein said programmable magnetic strip can only be used by a selected account if the identity of an authorized user of said device is verified by said biometric sensor. information programming. 67. The device of claim 65, wherein the programmed information on the programmable magnetic strip is erased or changed when read by swiping on the point-of-sale device or after a preset time. unreadable. 68. The device of claim 65, wherein said radio frequency interface is unavailable until a user's identity is verified by said biometric sensor. 69. The device of claim 65, wherein said radio frequency interface is a smart card interface. 70. The device of claim 65, wherein said radio frequency interface is operable to transmit information about said selected account when requested by said point-of-sale device. 71. The device of claim 65, wherein said radio frequency interface is disabled after a selected account information has been transmitted, or after a preset period of time. 72. The device of claim 49, wherein information about said selected account is displayed on said display screen. 73. The device of claim 72, wherein the information about said selected account includes all information required to complete a transaction at a point of sale device but not electronically transmitted through said device. 74. The device of claim 73, wherein information about said selected account includes all information required to complete a transaction at a point-of-sale facility but not electronically transmitted through said device is a The device calculates the generated dynamic password. 75. The apparatus of claim 74, wherein said dynamic code is unique for each transaction. 76. The device of claim 74, wherein said dynamic code is calculated based on an algorithm stored in a memory of said device. 77. The device of claim 76, wherein said algorithm is provided by an issuer of said selected account and is downloaded and stored in said device. 78. The device of claim 49, wherein said information transmitted to said point-of-sale device account in electronic form includes a dynamic password computed by said device. 79. The device of claim 78, wherein said dynamic code is calculated based on an algorithm stored in said device's memory. 80. The device of claim 79, wherein said algorithm is provided by an issuer of said selected account and is downloaded and stored in said device. 81. The device of claim 73, wherein said information required to complete a transaction at a point of sale device but not transmitted electronically through said device is an alphanumeric code. 82. The device of claim 27, wherein said rechargeable battery is rechargeable by a cell phone having an associated contact therewith. 83. A device for performing a point-of-sale transaction, comprising: a. A mobile phone, including a casing; b. a biosensor placed on said housing; c. memory device for storing information about one or more accounts; d. A user interface for the user to select one or more accounts stored in said memory device; e. a display component for displaying information about said selected account; and f. A radio frequency interface comprising a radio frequency antenna for providing said selected account information to the point of sale device in electronic form.

Images